summaryrefslogtreecommitdiff
path: root/apps/um/controllers/Users.class.php
diff options
context:
space:
mode:
authorLuke Shumaker <LukeShu@sbcglobal.net>2012-01-07 08:21:00 -0800
committerLuke Shumaker <LukeShu@sbcglobal.net>2012-01-07 10:20:28 -0800
commit464f4d3497617fadb9d7752868f1175849cfa6d2 (patch)
tree0771bd935b30971bf2c244b6f158ed7496b644e5 /apps/um/controllers/Users.class.php
parent3d64793a1ee45857856be1cd71c3a0a040a3e869 (diff)
Refactor to separate the framework from the app; drop message stuff, this app is just user management. Add a json view for individual usersHEADmaster
Diffstat (limited to 'apps/um/controllers/Users.class.php')
-rw-r--r--apps/um/controllers/Users.class.php371
1 files changed, 371 insertions, 0 deletions
diff --git a/apps/um/controllers/Users.class.php b/apps/um/controllers/Users.class.php
new file mode 100644
index 0000000..9978ef8
--- /dev/null
+++ b/apps/um/controllers/Users.class.php
@@ -0,0 +1,371 @@
+<?php
+require_once('Login.class.php');
+require_once('Auth.class.php');
+require_once('DB.class.php');
+require_once('PluginManager.class.php');
+require_once('Database.class.php');
+
+Router::register('users/new' , 'Users', 'new_user');
+Router::register('users/index', 'Users', 'index_file');
+Router::register('users' , 'Users', 'index_dir');
+Router::register('users/*' , 'Users', 'individual');
+
+class Users extends Controller {
+ // Index Views ///////////////////////////////////////////////
+
+ public function index($routed, $remainder) {
+ return $this->index_dir($routed, $remainder);
+ }
+
+ /**
+ * Handle POSTing a new user, or GETing the index.
+ */
+ public function index_dir($routed, $remainder) {
+ $method = $_SERVER['REQUEST_METHOD'];
+ switch ($method) {
+ case 'POST':
+ // We're POSTing a new user.
+ if ($this->registrationOpen()) {
+ $this->create_user();
+ } else {
+ $this->showView('users/new-locked', array());
+ exit();
+ }
+ break;
+ case 'HEAD': // fall-through to GET
+ case 'GET':
+ // We're GETing the index.
+ $this->show_index($routed, $remainder);
+ break;
+ }
+ }
+
+ /**
+ * Handle PUTing an updated user index, or GETing the index.
+ */
+ public function index_file($routed, $remainder) {
+ $method = $_SERVER['REQUEST_METHOD'];
+ switch ($method) {
+ case 'PUT': $_POST = $_PUT;
+ case 'POST':
+ // We're PUTing an updated user index.
+ $this->update_users();
+ break;
+ }
+ $this->show_index($routed, $remainder);
+ }
+
+ // Other Views ///////////////////////////////////////////////
+
+ /**
+ * Handle GETing the new user form.
+ *
+ * I would have named this `new', but that's a keyword.
+ */
+ public function new_user($routed, $vars) {
+ // since there will never be a remainder to `users/new', we can
+ // use that parameter to pass in some data.
+ if (Login::isLoggedIn()) {
+ $this->showView('users/new-logged-in', array());
+ exit();
+ }
+ if (!$this->registrationOpen()) {
+ $this->showView('users/new-locked', array());
+ exit();
+ }
+ if (!isset($vars['errors'])) $vars['errors'] = array();
+
+ $db = Database::getInstance();
+ $pm = PluginManager::getInstance();
+
+ $vars['antispam_html'] = $pm->callHook('antispam_html');
+ $vars['userlist'] = $db->getSysConf('anon_userlist');
+ $this->showView('users/new', $vars);
+ }
+
+ public function individual($routed, $remainder) {
+ $db = Database::getInstance();
+ $pm = PluginManager::getInstance();
+
+ $username = implode('/', $remainder);
+ if ($username == 'all') {
+ $uids = $db->listUsers();
+ } else {
+ $uids = array($db->getUID($username));
+ }
+
+ $vars = array();
+
+ if (count($uids)<2) {
+ $user = Auth::getInstance($uid);
+
+ if ($user->isGroup()) $uid = false; // ignore groups.
+
+ if ($uid===false) {
+ $this->http404($routed, $remainder);
+ exit();
+ }
+ if (!$user->canRead()) {
+ $this->http401($routed, $remainder);
+ exit();
+ }
+
+ $method = $_SERVER['REQUEST_METHOD'];
+ switch ($method) {
+ case 'PUT': $_POST = $_PUT;
+ case 'POST':
+ // We're PUTing updated user info.
+ if ($user->canEdit()) {
+ $vars = $this->update_user($user);
+ }
+ break;
+ }
+ }
+
+ $config_options = array();
+ $pm->callHook('userConfig', &$config_options);
+
+ $vars['users'] = array();
+ foreach ($uids as $uid) {
+ $vars['users'][] = Auth::getInstance($uid);
+ }
+ $vars['username'] = $username;
+ $vars['config_options'] = $config_options;
+ $vars['groups'] = $db->listGroupNames();
+ require_once('ContactMethod.class.php');
+ $this->showView('users/individual', $vars);
+ }
+
+ public function http404($routed, $remainder) {
+ $username = implode('/', $remainder);
+ $this->showView('users/404',
+ array('username'=>$username));
+ }
+
+ public function http401($routed, $remainder) {
+ $this->showView('users/401', array('uid'=>Login::isLoggedIn()));
+ }
+
+ // Other Functions ///////////////////////////////////////////
+
+ /**
+ * This will parse POST data to create a new user.
+ * If successfull it will show a message saying so.
+ * If not successfull, it will re-show the new-user form with errors
+ * explained.
+ */
+ private function create_user() {
+ $db = Database::getInstance();
+ $pm = PluginManager::getInstance();
+
+ $vars = array();
+ @$vars['username' ] = $_POST['auth_name'];
+ @$vars['password1'] = $_POST['auth_password' ];
+ @$vars['password2'] = $_POST['auth_password_verify'];
+ @$vars['email'] = $_POST['user_email'];
+
+ $vars['errors'] = array();
+ if ($db->getUID($vars['username'])!==false)
+ $vars['errors'][] = 'user exists';
+ if (!Auth::isNameLegal($vars['username']))
+ $vars['errors'][] = 'illegal name';
+ $matches = ($vars['password1'] == $vars['password2']);
+ if (!$matches) {
+ $vars['errors'][] = 'pw mixmatch';
+ }
+ if ($matches && $vars['password2'] == '') {
+ $vars['errors'][] = 'no pw';
+ }
+ if ($vars['email'] == '') {
+ $vars['errors'][] = 'no email';
+ }
+ foreach ($pm->callHook('antispam_verify') as $plugin=>$valid) {
+ if (!$valid) $vars['errors'][] = 'plugin_'.$plugin;
+ }
+
+ if (count($vars['errors']) > 0) {
+ $this->new_user($routed, $vars);
+ } else {
+ $username = $vars['username'];
+ $password = $vars['password1'];
+ $uid = $db->addUser($username, $password);
+ if ($uid===false) {
+ $this->showView('users/500');
+ } else {
+ Login::login($username, $password);
+ DB::set('users', $uid, 'email', $vars['email']);
+ $this->showView('users/created',
+ array('username'=>$username));
+ }
+ }
+ }
+
+ /**
+ * This will parse POST (really, PUT) data to update a single user
+ */
+ private function update_user($user) {
+ $vars = array();
+
+ $username = $user->getName();
+ // Change the username /////////////////////////////////////////
+ if (isset($_POST['auth_name'])) {
+ $new_name = $_POST['auth_name'];
+ if ($new_name != $username) {
+ $changed_name = $user->setName($new_name);
+ $username = $user->getName();
+ $vars['changed name'] = $changed_name;
+ }
+ }
+
+ // Change the password /////////////////////////////////////////
+ @$password1 = $_POST['auth_password' ];
+ @$password2 = $_POST['auth_password'.'_verify'];
+
+ // Check the verify box, not main box, so that we don't get
+ // tripped by browsers annoyingly autocompleting the password.
+ $is_set = ($password2 != '');
+
+ if ($is_set) {
+ $matches = ( $password1 == $password2 );
+ if ($matches) {
+ $user->setPassword($password1);
+ $vars['pw updated'] = true;
+ } else {
+ $vars['pw mixmatch'] = true;
+ }
+ }
+
+ // Change information //////////////////////////////////////////
+ $config_options = array();
+ $pm = PluginManager::getInstance();
+ $pm->callHook('userConfig', &$config_options);
+
+ foreach ($config_options as $group=>$options) {
+ foreach ($options as $option) {
+ $this->confText($user, $option[0]);
+ }
+ }
+
+ // Change contact info /////////////////////////////////////////
+ global $CONTACT_METHODS;
+ foreach ($CONTACT_METHODS as $method) {
+ $this->confText($user, $method->addr_slug);
+ }
+ $this->confArray($user, 'use');
+
+ // Change groups ///////////////////////////////////////////////
+ $this->confArray($user, 'groups');
+
+ return $vars;
+ }
+
+ private function confArray($user, $key) {
+ if (isset($_POST[$key]) && is_array($_POST[$key])) {
+ $user->setConfArray($key, $_POST[$key]);
+ }
+ }
+
+ private function confText($user, $name) {
+ if (isset($_POST["user_$name"])) {
+ $user->setConf($name, $_POST["user_$name"]);
+ }
+ }
+
+
+ /**
+ * This will parse POST (really, PUT) data to update multiple users.
+ */
+ private function update_users() {
+ $attribs = $this->getIndexAttribs();
+ $form = new Form(null, null);
+ foreach ($attribs as $attrib) {
+ $key = $attrib['key'];
+ if (isset($_POST[$key]) && is_array($_POST[$key])) {
+ $old = $_POST['_old'][$key];
+ foreach ($_POST[$key] as $uid => $value) {
+ @$value_base = $old[$uid];
+ $set = DB::set('users', $uid, $key, $value, $value_base);
+ if (is_string($set)) {
+ echo "<pre>\n";
+ echo "Error: Value changed elsewhere, ".
+ "and I don't have real handling ".
+ "for this yet.\n";
+ echo "UID: $uid\n";
+ echo "Name: ".$user->getName()."\n";
+ echo "Key: $key\n";
+ echo "Value: Original : ";
+ var_dump($value_base);
+ echo "Value: Other edit: ";
+ var_dump($value_fork);
+ echo "Value: This edit : ";
+ var_dump($value);
+ echo "</pre>";
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * This will show the user index.
+ */
+ private function show_index($routed, $remainder) {
+ $db = Database::getInstance();
+
+ $logged_in_user = Auth::getInstance(Login::isLoggedIn());
+ $anon_userlist = $db->getSysConf('anon_userlist')=='true';
+ if (!$anon_userlist && !$logged_in_user->isUser()) {
+ $this->http401($routed, $remainder);
+ exit();
+ }
+
+ $vars = array();
+ $vars['attribs'] = $this->getIndexAttribs();
+ $vars['users'] = array();
+ $uids = $db->listUsers();
+ foreach ($uids as $uid) {
+ $vars['users'][$uid] = array();
+ foreach ($vars['attribs'] as $attrib) {
+ $key = $attrib['key'];
+ $props = DB::get('users', $uid, $key);
+ $vars['users'][$uid][$key] = $props;
+ }
+ }
+ $this->showView('users/index', $vars);
+ }
+
+ function attrib($key, $name, $type='string') {
+ return array('key'=>$key, 'name'=>$name, 'type'=>$type);
+ }
+ private function getIndexAttribs() {
+ $user = Auth::getInstance(Login::isLoggedIn());
+
+ $attribs = array();
+ $attribs[] = $this->attrib('auth_uid', 'UID');
+ if ($user->isUser()) {
+ $attribs[] = $this->attrib('auth_user', 'Active', 'bool');
+ if ($user->isAdmin()) {
+ $attribs[] = $this->attrib('auth_admin', 'Admin', 'bool');
+ $attribs[] = $this->attrib('auth_delete', 'Delete', 'bool');
+ }
+ $attribs[] = $this->attrib('lastname','Last');
+ $attribs[] = $this->attrib('firstname','First');
+ $attribs[] = $this->attrib('hsclass','Class of');
+ $attribs[] = $this->attrib('phone','Phone number');
+ $attribs[] = $this->attrib('email','Email');
+ }
+ $attribs[] = $this->attrib('auth_name', 'Username');
+
+ return $attribs;
+ }
+
+ private function registrationOpen() {
+ $db = Database::getInstance();
+ $val = $db->getSysConf('registration_open');
+ switch ($val) {
+ case 'true': return true;
+ case 'false': return false;
+ default: return true;
+ }
+ }
+}