From bf0014a7d98913cc4a7d875302bfe47982d0f59a Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Fri, 30 Nov 2018 15:05:47 +0900 Subject: [PATCH] Add triggers before updateVotedCount/Cancel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 문서 및 댓글 추천 액션에 after 트리거만 있고 before 트리거가 없어서 서드파티 자료에서 추천을 미리 막거니 변조하기가 어려웠음. before 트리거를 추가하여 이 문제를 해결함. 추천 취소 액션에도 마찬가지로 before 트리거를 추가하고, 댓글 추천/취소시 document_srl 값도 받아올 수 있도록 개선함. --- modules/comment/comment.controller.php | 97 ++++++++++++++---------- modules/document/document.controller.php | 78 ++++++++++++------- 2 files changed, 108 insertions(+), 67 deletions(-) diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php index 681521ec6..9ff1538c6 100644 --- a/modules/comment/comment.controller.php +++ b/modules/comment/comment.controller.php @@ -164,6 +164,27 @@ class commentController extends comment { $logged_info = Context::get('logged_info'); + // Call a trigger (before) + $trigger_obj = new stdClass; + $trigger_obj->member_srl = $oComment->get('member_srl'); + $trigger_obj->module_srl = $oComment->get('module_srl'); + $trigger_obj->document_srl = $oComment->get('document_srl'); + $trigger_obj->comment_srl = $oComment->get('comment_srl'); + $trigger_obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; + $trigger_obj->point = $point; + $trigger_obj->before_point = ($point < 0) ? $oComment->get('blamed_count') : $oComment->get('voted_count'); + $trigger_obj->after_point = $trigger_obj->before_point - $point; + $trigger_obj->cancel = true; + $trigger_output = ModuleHandler::triggerCall('comment.updateVotedCountCancel', 'before', $trigger_obj); + if(!$trigger_output->toBool()) + { + return $trigger_output; + } + + // begin transaction + $oDB = DB::getInstance(); + $oDB->begin(); + $args = new stdClass(); $d_args = new stdClass(); $args->comment_srl = $d_args->comment_srl = $comment_srl; @@ -183,22 +204,10 @@ class commentController extends comment //session reset $_SESSION['voted_comment'][$comment_srl] = false; - - // begin transaction - $oDB = DB::getInstance(); - $oDB->begin(); - - $obj = new stdClass(); - $obj->member_srl = $oComment->get('member_srl'); - $obj->module_srl = $oComment->get('module_srl'); - $obj->comment_srl = $oComment->get('comment_srl'); - $obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; - $obj->point = $point; - $obj->before_point = ($point < 0) ? $oComment->get('blamed_count') : $oComment->get('voted_count'); - $obj->after_point = ($point < 0) ? $args->blamed_count : $args->voted_count; - $obj->cancel = 1; - ModuleHandler::triggerCall('comment.updateVotedCountCancel', 'after', $obj); + // Call a trigger (after) + ModuleHandler::triggerCall('comment.updateVotedCountCancel', 'after', $trigger_obj); + $oDB->commit(); return $output; } @@ -1357,12 +1366,10 @@ class commentController extends comment if($point > 0) { $failed_voted = 'failed_voted'; - $success_message = 'success_voted'; } else { $failed_voted = 'failed_blamed'; - $success_message = 'success_blamed'; } // invalid vote if vote info exists in the session info. @@ -1371,23 +1378,24 @@ class commentController extends comment return new BaseObject(-1, $failed_voted); } + // Get the original comment $oCommentModel = getModel('comment'); $oComment = $oCommentModel->getComment($comment_srl, FALSE, FALSE); - // invalid vote if both ip addresses between author's and the current user are same. + // Pass if the author's IP address is as same as visitor's. if($oComment->get('ipaddress') == $_SERVER['REMOTE_ADDR']) { $_SESSION['voted_comment'][$comment_srl] = false; return new BaseObject(-1, $failed_voted); } + // Create a member model object + $oMemberModel = getModel('member'); + $member_srl = $oMemberModel->getLoggedMemberSrl(); + // if the comment author is a member if($oComment->get('member_srl')) { - // create the member model object - $oMemberModel = getModel('member'); - $member_srl = $oMemberModel->getLoggedMemberSrl(); - // session registered if the author information matches to the current logged-in user's. if($member_srl && $member_srl == abs($oComment->get('member_srl'))) { @@ -1396,9 +1404,8 @@ class commentController extends comment } } - $args = new stdClass(); - // If logged-in, use the member_srl. otherwise use the ipaddress. + $args = new stdClass(); if($member_srl) { $args->member_srl = $member_srl; @@ -1407,22 +1414,38 @@ class commentController extends comment { $args->ipaddress = $_SERVER['REMOTE_ADDR']; } - $args->comment_srl = $comment_srl; $output = executeQuery('comment.getCommentVotedLogInfo', $args); - // session registered if log info contains recommendation vote log. + // Pass after registering a session if log information has vote-up logs if($output->data->count) { $_SESSION['voted_comment'][$comment_srl] = false; return new BaseObject(-1, $failed_voted); } + // Call a trigger (before) + $trigger_obj = new stdClass; + $trigger_obj->member_srl = $oComment->get('member_srl'); + $trigger_obj->module_srl = $oComment->get('module_srl'); + $trigger_obj->document_srl = $oComment->get('document_srl'); + $trigger_obj->comment_srl = $oComment->get('comment_srl'); + $trigger_obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; + $trigger_obj->point = $point; + $trigger_obj->before_point = ($point < 0) ? $oComment->get('blamed_count') : $oComment->get('voted_count'); + $trigger_obj->after_point = $trigger_obj->before_point + $point; + $trigger_obj->cancel = false; + $trigger_output = ModuleHandler::triggerCall('comment.updateVotedCount', 'before', $trigger_obj); + if(!$trigger_output->toBool()) + { + return $trigger_output; + } + // begin transaction $oDB = DB::getInstance(); $oDB->begin(); - // update the number of votes + // Update the voted count if($point < 0) { // leave into session information @@ -1441,27 +1464,21 @@ class commentController extends comment $args->point = $point; $output = executeQuery('comment.insertCommentVotedLog', $args); - $obj = new stdClass(); - $obj->member_srl = $oComment->get('member_srl'); - $obj->module_srl = $oComment->get('module_srl'); - $obj->comment_srl = $oComment->get('comment_srl'); - $obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; - $obj->point = $point; - $obj->before_point = ($point < 0) ? $oComment->get('blamed_count') : $oComment->get('voted_count'); - $obj->after_point = ($point < 0) ? $args->blamed_count : $args->voted_count; - - ModuleHandler::triggerCall('comment.updateVotedCount', 'after', $obj); + // Call a trigger (after) + ModuleHandler::triggerCall('comment.updateVotedCount', 'after', $trigger_obj); $oDB->commit(); // Return the result - $output = new BaseObject(0, $success_message); + $output = new BaseObject(); if($point > 0) { - $output->add('voted_count', $obj->after_point); + $output->setMessage('success_voted'); + $output->add('voted_count', $trigger_obj->after_point); } else { - $output->add('blamed_count', $obj->after_point); + $output->setMessage('success_blamed'); + $output->add('blamed_count', $trigger_obj->after_point); } return $output; diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index fcd16e3be..59d61d8b9 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -182,6 +182,26 @@ class documentController extends document { $logged_info = Context::get('logged_info'); + // Call a trigger (before) + $trigger_obj = new stdClass; + $trigger_obj->member_srl = $oDocument->get('member_srl'); + $trigger_obj->module_srl = $oDocument->get('module_srl'); + $trigger_obj->document_srl = $oDocument->get('document_srl'); + $trigger_obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; + $trigger_obj->point = $point; + $trigger_obj->before_point = ($point < 0) ? $oDocument->get('blamed_count') : $oDocument->get('voted_count'); + $trigger_obj->after_point = $trigger_obj->before_point - $point; + $trigger_obj->cancel = true; + $trigger_output = ModuleHandler::triggerCall('document.updateVotedCountCancel', 'before', $trigger_obj); + if(!$trigger_output->toBool()) + { + return $trigger_output; + } + + // begin transaction + $oDB = DB::getInstance(); + $oDB->begin(); + $args = new stdClass(); $d_args = new stdClass(); $args->document_srl = $d_args->document_srl = $document_srl; @@ -199,24 +219,12 @@ class documentController extends document $d_output = executeQuery('document.deleteDocumentVotedLog', $d_args); if(!$d_output->toBool()) return $d_output; - //session reset + // session reset $_SESSION['voted_document'][$document_srl] = false; - // begin transaction - $oDB = DB::getInstance(); - $oDB->begin(); + // Call a trigger (after) + ModuleHandler::triggerCall('document.updateVotedCountCancel', 'after', $trigger_obj); - $obj = new stdClass(); - $obj->member_srl = $oDocument->get('member_srl'); - $obj->module_srl = $oDocument->get('module_srl'); - $obj->document_srl = $oDocument->get('document_srl'); - $obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; - $obj->point = $point; - $obj->before_point = ($point < 0) ? $oDocument->get('blamed_count') : $oDocument->get('voted_count'); - $obj->after_point = ($point < 0) ? $args->blamed_count : $args->voted_count; - $obj->cancel = 1; - - ModuleHandler::triggerCall('document.updateVotedCountCancel', 'after', $obj); $oDB->commit(); return $output; } @@ -1391,20 +1399,24 @@ class documentController extends document { $failed_voted = 'failed_blamed'; } + // Return fail if session already has information about votes if($_SESSION['voted_document'][$document_srl]) { return new BaseObject(-1, $failed_voted); } + // Get the original document $oDocumentModel = getModel('document'); $oDocument = $oDocumentModel->getDocument($document_srl, false, false); + // Pass if the author's IP address is as same as visitor's. if($oDocument->get('ipaddress') == $_SERVER['REMOTE_ADDR']) { $_SESSION['voted_document'][$document_srl] = false; return new BaseObject(-1, $failed_voted); } + // Create a member model object $oMemberModel = getModel('member'); $member_srl = $oMemberModel->getLoggedMemberSrl(); @@ -1419,6 +1431,7 @@ class documentController extends document return new BaseObject(-1, $failed_voted); } } + // Use member_srl for logged-in members and IP address for non-members. $args = new stdClass(); if($member_srl) @@ -1431,12 +1444,30 @@ class documentController extends document } $args->document_srl = $document_srl; $output = executeQuery('document.getDocumentVotedLogInfo', $args); + // Pass after registering a session if log information has vote-up logs if($output->data->count) { $_SESSION['voted_document'][$document_srl] = false; return new BaseObject(-1, $failed_voted); } + + // Call a trigger (before) + $trigger_obj = new stdClass; + $trigger_obj->member_srl = $oDocument->get('member_srl'); + $trigger_obj->module_srl = $oDocument->get('module_srl'); + $trigger_obj->document_srl = $oDocument->get('document_srl'); + $trigger_obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; + $trigger_obj->point = $point; + $trigger_obj->before_point = ($point < 0) ? $oDocument->get('blamed_count') : $oDocument->get('voted_count'); + $trigger_obj->after_point = $trigger_obj->before_point + $point; + $trigger_obj->cancel = false; + $trigger_output = ModuleHandler::triggerCall('document.updateVotedCount', 'before', $trigger_obj); + if(!$trigger_output->toBool()) + { + return $trigger_output; + } + // begin transaction $oDB = DB::getInstance(); $oDB->begin(); @@ -1457,21 +1488,14 @@ class documentController extends document $output = executeQuery('document.updateVotedCount', $args); } if(!$output->toBool()) return $output; + // Leave logs $args->point = $point; $output = executeQuery('document.insertDocumentVotedLog', $args); if(!$output->toBool()) return $output; - - $obj = new stdClass; - $obj->member_srl = $oDocument->get('member_srl'); - $obj->module_srl = $oDocument->get('module_srl'); - $obj->document_srl = $oDocument->get('document_srl'); - $obj->update_target = ($point < 0) ? 'blamed_count' : 'voted_count'; - $obj->point = $point; - $obj->before_point = ($point < 0) ? $oDocument->get('blamed_count') : $oDocument->get('voted_count'); - $obj->after_point = ($point < 0) ? $args->blamed_count : $args->voted_count; - ModuleHandler::triggerCall('document.updateVotedCount', 'after', $obj); + // Call a trigger (after) + ModuleHandler::triggerCall('document.updateVotedCount', 'after', $trigger_obj); $oDB->commit(); @@ -1483,12 +1507,12 @@ class documentController extends document if($point > 0) { $output->setMessage('success_voted'); - $output->add('voted_count', $obj->after_point); + $output->add('voted_count', $trigger_obj->after_point); } else { $output->setMessage('success_blamed'); - $output->add('blamed_count', $obj->after_point); + $output->add('blamed_count', $trigger_obj->after_point); } return $output;