Implement auto-passwords mode

hashover/backend/classes/commentparser.php

@@ -146,9 +146,10 @@ public function parse (array $comment, $key, $key_parts, $popular = false)
 				$output['user-owned'] = true;
 
 				// Check if the comment is editable
-				if (!empty ($comment['password'])) {
-					$output['editable'] = true;
-				}
+				if ($this->setup->autoPasswords)
+					$output['editable'] = $output['user-owned'];
+				else
+					$output['editable'] = !empty ($comment['password']);
 			}
 		}
 

hashover/backend/classes/login.php

@@ -83,8 +83,16 @@ public function prepareCredentials ()
 			$password = $password ? $password : $random_password;
 		}
 
-		// Generate a RIPEMD-160 hash to indicate user login
-		$this->loginMethod->loginHash = hash ('ripemd160', $name . $password);
+		// Don't reset the login cookie in auto-passwords mode, as
+		// that will effectively log the user out
+		if ($this->setup->autoPasswords !== false
+			&& !empty($this->loginMethod->loginHash)
+			&& $this->cookies->getValue ('login') !== null) {
+			$this->loginMethod->loginHash = $this->cookies->getValue ('login');
+		} else {
+			// Generate a RIPEMD-160 hash to indicate user login
+			$this->loginMethod->loginHash = hash ('ripemd160', $name . $password);
+		}
 
 		// Set e-mail address
 		if (isset ($this->postData['email'])) {

hashover/backend/classes/settings.php

@@ -134,6 +134,7 @@ class Settings extends Secrets
 	public $httpImages;
 	public $cookieExpiration;
 	public $domain;
+	public $autoPasswords;
 
 	public function __construct ()
 	{
@@ -307,8 +308,20 @@ public function syncSettings ()
 			$this->allowsLogin = false;
 		}
 
+		// Automatic passwords are enabled iff:
+		// - The password field is disabled
+		// - Normal login is disabled
+		// - Automatic login is enabled
+		// As there is no way to log in "normally", a random
+		// password will be generated nd the user will be
+		// logged in, allowing them to redact their comments
+		// as long as the cookie lasts.
+		$this->autoPasswords = $this->fieldOptions['password'] === false
+				     && $this->allowsLogin === false
+				     && $this->usesAutoLogin === true;
+
 		// Disable autologin if login is disabled
-		if ($this->allowsLogin === false) {
+		if ($this->allowsLogin === false && $this->autoPasswords === false) {
 			$this->usesAutoLogin = false;
 		}
 

hashover/backend/classes/writecomments.php

@@ -277,7 +277,8 @@ public function login ($kickback = true)
 	{
 		try {
 			// Log the user in
-			if ($this->setup->allowsLogin !== false) {
+			if ($this->setup->allowsLogin !== false
+				|| $this->setup->autoPasswords !== false) {
 				$this->login->setLogin ();
 			}
 
@@ -333,18 +334,25 @@ protected function commentAuthentication ()
 			return $auth;
 		}
 
-		// Check if we have both required passwords
-		if (!empty ($this->postData['password'])
-		    and !empty ($auth['comment']['password']))
-		{
-			// If so, get the user input password
-			$user_password = $this->encodeHTML ($this->postData['password']);
+		// In auto-password mode, just verify the login-id
+		if ($this->setup->autoPasswords) {
+			$auth['user-owned'] = !empty($this->login->loginHash)
+					    && !empty($auth['comment']['login_id'])
+					    && $this->login->loginHash == $auth['comment']['login_id'];
+		} else {
+			// Check if we have both required passwords
+			if (!empty ($this->postData['password'])
+			    and !empty ($auth['comment']['password']))
+			{
+				// If so, get the user input password
+				$user_password = $this->encodeHTML ($this->postData['password']);
 
-			// Get the comment password
-			$comment_password = $auth['comment']['password'];
+				// Get the comment password
+				$comment_password = $auth['comment']['password'];
 
-			// Attempt to compare the two passwords
-			$auth['user-owned'] = $this->encryption->verifyHash ($user_password, $comment_password);
+				// Attempt to compare the two passwords
+				$auth['user-owned'] = $this->encryption->verifyHash ($user_password, $comment_password);
+			}
 		}
 
 		// Set general authorization state