Changeset 2365 for branches/release-38/lib/MT/App/Comments.pm

Timestamp:

05/16/08 19:51:05 (19 months ago)

Author:

bchoate

Message:

Revised commenter sessions to include user id (as we do with authors) so we can load by id rather than by name. BugId:79253

Files:

• branches/release-38/lib/MT/App/Comments.pm (modified) (8 diffs)

branches/release-38/lib/MT/App/Comments.pm

@@ -130 +130 @@
     my $cfg = $app->config;
     require MT::Session;
-    my $sess_obj = MT::Session->load( { id => $session_key } );
+    my $sess_obj = MT::Session->load( { id => $session_key, kind => 'SI' } );
     my $timeout = $cfg->CommentSessionTimeout;
-    my $user;
-    
-    if ( $sess_obj
-        && ( $user = MT::Author->load( { name => $sess_obj->name } ) ) )
-    {
-        return ( $session_key, $user ) if $user->type eq MT::Author::AUTHOR();
-    }
+    my $user_id = $sess_obj->get('author_id') if $sess_obj;
+    my $user = MT::Author->load( $user_id ) if $user_id;
+
     if (   !$sess_obj
         || ( $sess_obj->start() + $timeout < time )
+        || ( !$user_id )
+        || ( !$user )
       )
     {
+        $app->log("session is invalid; sess_obj = $sess_obj; key = $session_key; user_id = $user_id; user = $user");
         $app->_invalidate_commenter_session( \%cookies );
         return ( undef, undef );
     }
-    else {
-        # session is valid!
-        return ( $session_key, $user );
-    }
+
+    # session is valid!
+    return ( $session_key, $user );
 }
 
@@ -298 +296 @@
         MT::Auth->new_login( $app, $commenter );
         if ( $app->_check_commenter_author( $commenter, $blog_id ) ) {
-            $app->make_commenter_session( $app->make_magic_token,
-                $commenter->email, $commenter->name,
-                ($commenter->nickname || $app->translate('(Display Name not set)')),
-                $commenter->id, undef, $ctx->{permanent} ? '+10y' : 0, $blog_id );
+            $app->make_commenter_session( $commenter );
             return $app->redirect_to_target;
         }
@@ -706 +701 @@
         return 0;    # Put a collar on that puppy.
     }
+
+    return 1 unless $cfg->ShowIPInformation;
+
+    # If IP banning is enabled, check for lots of comments from
+    # the user's IP within the throttle period * 10; if they
+    # exceed 8 comments within that period, ban the IP.
+
     @ts = MT::Util::offset_time_list( time - $throttle_period * 10 - 1,
         $entry->blog_id );
@@ -1108 +1110 @@
     my $session_key = $cookies{$cookie_name}->value() || "";
     $session_key =~ y/+/ /;
-    my $sessobj = MT::Session->load($session_key);
+    my $sessobj = MT::Session->load({ id => $session_key, kind => 'SI' });
     return
       if
@@ -1344 +1346 @@
     );
     foreach (@old_sessions) {
-        $_->remove() || die "couldn't remove sessions because " . $_->errstr();
+        $_->remove();
     }
 }
@@ -1439 +1441 @@
     if ( $blog_id && $blog ) {
         my ( $session, $commenter ) = $app->_get_commenter_session();
+use Data::Dumper;
         if ( $session && $commenter ) {
             my $blog_perms = $commenter->blog_perm($blog_id);
@@ -1445 +1448 @@
             $banned ||= 1 if $commenter->status == MT::Author::BANNED();
 
-            my $sessobj = MT::Session->load($session);
+            my $sessobj = MT::Session->load({ id => $session, kind => 'SI' });
             if ($banned) {
                 $sessobj->remove;
             } else {
                 $sessobj->start( time +
-                    $app->config->CommentSessionTimeout); # extend by timeou
+                    $app->config->CommentSessionTimeout); # extend by timeout
                 $sessobj->save();
             }
@@ -1821 +1824 @@
     }
     if ($renew_session) {
-        $app->make_commenter_session( $app->make_magic_token, $cmntr->email,
-            $cmntr->name,
-            ($cmntr->nickname || $app->translate('(Display Name not set)')),
-            $cmntr->id );
+        $app->make_commenter_session( $cmntr );
     }