diff options
Diffstat (limited to 'src/controllers/Users.class.php')
| -rw-r--r-- | src/controllers/Users.class.php | 371 |
1 files changed, 0 insertions, 371 deletions
diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php deleted file mode 100644 index 9978ef8..0000000 --- a/src/controllers/Users.class.php +++ /dev/null @@ -1,371 +0,0 @@ -<?php -require_once('Login.class.php'); -require_once('Auth.class.php'); -require_once('DB.class.php'); -require_once('PluginManager.class.php'); -require_once('Database.class.php'); - -Router::register('users/new' , 'Users', 'new_user'); -Router::register('users/index', 'Users', 'index_file'); -Router::register('users' , 'Users', 'index_dir'); -Router::register('users/*' , 'Users', 'individual'); - -class Users extends Controller { - // Index Views /////////////////////////////////////////////// - - public function index($routed, $remainder) { - return $this->index_dir($routed, $remainder); - } - - /** - * Handle POSTing a new user, or GETing the index. - */ - public function index_dir($routed, $remainder) { - $method = $_SERVER['REQUEST_METHOD']; - switch ($method) { - case 'POST': - // We're POSTing a new user. - if ($this->registrationOpen()) { - $this->create_user(); - } else { - $this->showView('users/new-locked', array()); - exit(); - } - break; - case 'HEAD': // fall-through to GET - case 'GET': - // We're GETing the index. - $this->show_index($routed, $remainder); - break; - } - } - - /** - * Handle PUTing an updated user index, or GETing the index. - */ - public function index_file($routed, $remainder) { - $method = $_SERVER['REQUEST_METHOD']; - switch ($method) { - case 'PUT': $_POST = $_PUT; - case 'POST': - // We're PUTing an updated user index. - $this->update_users(); - break; - } - $this->show_index($routed, $remainder); - } - - // Other Views /////////////////////////////////////////////// - - /** - * Handle GETing the new user form. - * - * I would have named this `new', but that's a keyword. - */ - public function new_user($routed, $vars) { - // since there will never be a remainder to `users/new', we can - // use that parameter to pass in some data. - if (Login::isLoggedIn()) { - $this->showView('users/new-logged-in', array()); - exit(); - } - if (!$this->registrationOpen()) { - $this->showView('users/new-locked', array()); - exit(); - } - if (!isset($vars['errors'])) $vars['errors'] = array(); - - $db = Database::getInstance(); - $pm = PluginManager::getInstance(); - - $vars['antispam_html'] = $pm->callHook('antispam_html'); - $vars['userlist'] = $db->getSysConf('anon_userlist'); - $this->showView('users/new', $vars); - } - - public function individual($routed, $remainder) { - $db = Database::getInstance(); - $pm = PluginManager::getInstance(); - - $username = implode('/', $remainder); - if ($username == 'all') { - $uids = $db->listUsers(); - } else { - $uids = array($db->getUID($username)); - } - - $vars = array(); - - if (count($uids)<2) { - $user = Auth::getInstance($uid); - - if ($user->isGroup()) $uid = false; // ignore groups. - - if ($uid===false) { - $this->http404($routed, $remainder); - exit(); - } - if (!$user->canRead()) { - $this->http401($routed, $remainder); - exit(); - } - - $method = $_SERVER['REQUEST_METHOD']; - switch ($method) { - case 'PUT': $_POST = $_PUT; - case 'POST': - // We're PUTing updated user info. - if ($user->canEdit()) { - $vars = $this->update_user($user); - } - break; - } - } - - $config_options = array(); - $pm->callHook('userConfig', &$config_options); - - $vars['users'] = array(); - foreach ($uids as $uid) { - $vars['users'][] = Auth::getInstance($uid); - } - $vars['username'] = $username; - $vars['config_options'] = $config_options; - $vars['groups'] = $db->listGroupNames(); - require_once('ContactMethod.class.php'); - $this->showView('users/individual', $vars); - } - - public function http404($routed, $remainder) { - $username = implode('/', $remainder); - $this->showView('users/404', - array('username'=>$username)); - } - - public function http401($routed, $remainder) { - $this->showView('users/401', array('uid'=>Login::isLoggedIn())); - } - - // Other Functions /////////////////////////////////////////// - - /** - * This will parse POST data to create a new user. - * If successfull it will show a message saying so. - * If not successfull, it will re-show the new-user form with errors - * explained. - */ - private function create_user() { - $db = Database::getInstance(); - $pm = PluginManager::getInstance(); - - $vars = array(); - @$vars['username' ] = $_POST['auth_name']; - @$vars['password1'] = $_POST['auth_password' ]; - @$vars['password2'] = $_POST['auth_password_verify']; - @$vars['email'] = $_POST['user_email']; - - $vars['errors'] = array(); - if ($db->getUID($vars['username'])!==false) - $vars['errors'][] = 'user exists'; - if (!Auth::isNameLegal($vars['username'])) - $vars['errors'][] = 'illegal name'; - $matches = ($vars['password1'] == $vars['password2']); - if (!$matches) { - $vars['errors'][] = 'pw mixmatch'; - } - if ($matches && $vars['password2'] == '') { - $vars['errors'][] = 'no pw'; - } - if ($vars['email'] == '') { - $vars['errors'][] = 'no email'; - } - foreach ($pm->callHook('antispam_verify') as $plugin=>$valid) { - if (!$valid) $vars['errors'][] = 'plugin_'.$plugin; - } - - if (count($vars['errors']) > 0) { - $this->new_user($routed, $vars); - } else { - $username = $vars['username']; - $password = $vars['password1']; - $uid = $db->addUser($username, $password); - if ($uid===false) { - $this->showView('users/500'); - } else { - Login::login($username, $password); - DB::set('users', $uid, 'email', $vars['email']); - $this->showView('users/created', - array('username'=>$username)); - } - } - } - - /** - * This will parse POST (really, PUT) data to update a single user - */ - private function update_user($user) { - $vars = array(); - - $username = $user->getName(); - // Change the username ///////////////////////////////////////// - if (isset($_POST['auth_name'])) { - $new_name = $_POST['auth_name']; - if ($new_name != $username) { - $changed_name = $user->setName($new_name); - $username = $user->getName(); - $vars['changed name'] = $changed_name; - } - } - - // Change the password ///////////////////////////////////////// - @$password1 = $_POST['auth_password' ]; - @$password2 = $_POST['auth_password'.'_verify']; - - // Check the verify box, not main box, so that we don't get - // tripped by browsers annoyingly autocompleting the password. - $is_set = ($password2 != ''); - - if ($is_set) { - $matches = ( $password1 == $password2 ); - if ($matches) { - $user->setPassword($password1); - $vars['pw updated'] = true; - } else { - $vars['pw mixmatch'] = true; - } - } - - // Change information ////////////////////////////////////////// - $config_options = array(); - $pm = PluginManager::getInstance(); - $pm->callHook('userConfig', &$config_options); - - foreach ($config_options as $group=>$options) { - foreach ($options as $option) { - $this->confText($user, $option[0]); - } - } - - // Change contact info ///////////////////////////////////////// - global $CONTACT_METHODS; - foreach ($CONTACT_METHODS as $method) { - $this->confText($user, $method->addr_slug); - } - $this->confArray($user, 'use'); - - // Change groups /////////////////////////////////////////////// - $this->confArray($user, 'groups'); - - return $vars; - } - - private function confArray($user, $key) { - if (isset($_POST[$key]) && is_array($_POST[$key])) { - $user->setConfArray($key, $_POST[$key]); - } - } - - private function confText($user, $name) { - if (isset($_POST["user_$name"])) { - $user->setConf($name, $_POST["user_$name"]); - } - } - - - /** - * This will parse POST (really, PUT) data to update multiple users. - */ - private function update_users() { - $attribs = $this->getIndexAttribs(); - $form = new Form(null, null); - foreach ($attribs as $attrib) { - $key = $attrib['key']; - if (isset($_POST[$key]) && is_array($_POST[$key])) { - $old = $_POST['_old'][$key]; - foreach ($_POST[$key] as $uid => $value) { - @$value_base = $old[$uid]; - $set = DB::set('users', $uid, $key, $value, $value_base); - if (is_string($set)) { - echo "<pre>\n"; - echo "Error: Value changed elsewhere, ". - "and I don't have real handling ". - "for this yet.\n"; - echo "UID: $uid\n"; - echo "Name: ".$user->getName()."\n"; - echo "Key: $key\n"; - echo "Value: Original : "; - var_dump($value_base); - echo "Value: Other edit: "; - var_dump($value_fork); - echo "Value: This edit : "; - var_dump($value); - echo "</pre>"; - } - } - } - } - } - - /** - * This will show the user index. - */ - private function show_index($routed, $remainder) { - $db = Database::getInstance(); - - $logged_in_user = Auth::getInstance(Login::isLoggedIn()); - $anon_userlist = $db->getSysConf('anon_userlist')=='true'; - if (!$anon_userlist && !$logged_in_user->isUser()) { - $this->http401($routed, $remainder); - exit(); - } - - $vars = array(); - $vars['attribs'] = $this->getIndexAttribs(); - $vars['users'] = array(); - $uids = $db->listUsers(); - foreach ($uids as $uid) { - $vars['users'][$uid] = array(); - foreach ($vars['attribs'] as $attrib) { - $key = $attrib['key']; - $props = DB::get('users', $uid, $key); - $vars['users'][$uid][$key] = $props; - } - } - $this->showView('users/index', $vars); - } - - function attrib($key, $name, $type='string') { - return array('key'=>$key, 'name'=>$name, 'type'=>$type); - } - private function getIndexAttribs() { - $user = Auth::getInstance(Login::isLoggedIn()); - - $attribs = array(); - $attribs[] = $this->attrib('auth_uid', 'UID'); - if ($user->isUser()) { - $attribs[] = $this->attrib('auth_user', 'Active', 'bool'); - if ($user->isAdmin()) { - $attribs[] = $this->attrib('auth_admin', 'Admin', 'bool'); - $attribs[] = $this->attrib('auth_delete', 'Delete', 'bool'); - } - $attribs[] = $this->attrib('lastname','Last'); - $attribs[] = $this->attrib('firstname','First'); - $attribs[] = $this->attrib('hsclass','Class of'); - $attribs[] = $this->attrib('phone','Phone number'); - $attribs[] = $this->attrib('email','Email'); - } - $attribs[] = $this->attrib('auth_name', 'Username'); - - return $attribs; - } - - private function registrationOpen() { - $db = Database::getInstance(); - $val = $db->getSysConf('registration_open'); - switch ($val) { - case 'true': return true; - case 'false': return false; - default: return true; - } - } -} |