Initial commit

application/User/UserController.php

@@ -0,0 +1,199 @@
+<?php
+
+/**
+ * Description of UserController
+ *
+ * @author fronk
+ */
+class UserController extends mfBaseController {
+  private $me;
+  
+  protected function init($request = null) {
+    $this->needlogin=true;
+    $me = new User();
+    $me->loadMe();
+    $this->me = $me;
+    $this->layout()->set("me",$me);
+    
+    if(!$me->isAdmin()) {
+      // all users can call non-action methods
+      if($this->action != "" || $request != null) {
+        $this->redirect("Dashboard");
+      }
+    }
+  }
+  
+  protected function indexAction($request) {
+    if(!$this->isAdmin()) {
+      throw new Exception("Forbidden", 403);
+    }
+    $this->layout()->setTemplate('User/Index');
+    
+    $users=$this->getUsers();
+    $this->layout()->set('users',$users);
+    
+    $pc = new ProviderController();
+    $providers = $pc->getProvider();
+    $this->layout()->set("providers", $providers);
+  }
+  
+  protected function addAction($request) {
+    if(!$this->isAdmin()) {
+      throw new Exception("Forbidden", 403);
+    }
+    $this->layout()->setTemplate('User/Form');
+    
+    $pc = new ProviderController();
+    $providers = $pc->getProvider();
+    $this->layout()->set("providers", $providers);
+  }
+  
+  protected function editAction($request) {
+    if(!$this->isAdmin()) {
+      throw new Exception("Forbidden", 403);
+    }
+    $this->layout()->setTemplate('User/Form');
+    
+    $id=$request['id'];
+    if(!is_numeric($id) || $id <= 0) {
+      throw new Exception("User $id not found",604);
+    }
+    
+    $user=new User($id);
+    $this->layout()->set('user',$user);
+    
+    $pc = new ProviderController();
+    $providers = $pc->getProvider();
+    $this->layout()->set("providers", $providers);
+  }
+  
+  protected function profileAction($request) {
+    
+  }
+
+
+  protected function saveAction($request) {
+    //$this->log->debug("UserController::save");
+    $id = $request['id'];
+    if(!$this->isAdmin()) {
+      $id = $this->me->id;
+      $request['username'] = $this->me->username;
+      unset($request['provider_id']);
+    }
+    
+    if(!$id && !$request['username']) {
+      self::redirect('User');
+    }
+    
+    $user = new User($id);
+    if($request['username']) {
+      $user->username = $request['username'];
+    }
+    if($request['name']) {
+      $user->name = $request['name'];
+    }
+    if($request['email']) {
+      $user->email = $request['email'];
+    }
+    if($request['provider_id']) {
+      if($this->isAdmin()) {
+        $user->provider_id = intval($request['provider_id']);
+        //var_dump($user);exit;
+        $provider = new Provider($user->provider_id);
+        if(!$provider->id) {
+          throw new Exception("Unbekannter Provider");
+        }
+      }
+    }
+    
+    if($request['password']) {
+      if($request['password'] === $request['password2']) {
+        $user->password=mfLoginController::generatePasswordHash($request['password']);
+      } else {
+        $this->layout()->setFlash("Passwörter stimmen nicht überein!", "error");
+      }
+    }
+    
+    $id = $user->save();
+    
+    if($this->isAdmin()) {
+      if($request['admin'] == "true" || $user->id == 1) {
+        $user->permissions->admin = "true";
+      } else {
+        $user->permissions->admin = "false";
+      }
+      if($request['ticketadmin'] == "true") {
+        $user->permissions->ticketadmin = "true";
+      } else {
+        $user->permissions->ticketadmin = "false";
+      }
+      
+      $user->permissions->save();
+    }
+    
+    $this->layout()->setFlash("Benutzer gespeichert.", "success");
+    self::redirect('User');
+  }
+  
+  protected function deleteAction($request) {
+    if(!$this->isAdmin()) {
+      $this->redirect("Bridge");
+    }
+    $id = $request['id'];
+    
+    if(!is_numeric($id) || $id <= 0) {
+      throw new Exception("User $id not found",604);
+    }
+    
+    $user = new User($id);
+    if($user->id == $id) {
+        $user->delete();
+    }
+    
+    self::redirect("User");
+  }
+  
+  protected function pwchangeAction($request) {
+    $me = new User();
+    $me->loadMe();
+    
+    $pw1 = $request['password'];
+    $pw2 = $request['password2'];
+    
+    if(!$pw1 == $pw2) {
+      throw new Exception("Passwords don't match! Password change aborted.");
+    }
+    
+    if(strlen($pw1) < 8) {
+      throw new Exception("Passwords must be 8 characters minimum!");
+    }
+    
+    if($pw1 == "12345678" || $pw1 == "123456789" || $pw1 == "password" || $pw1 == "passwort") {
+      throw new Exception("Be a little more creative with your password please...");
+    }
+    
+    $me->password = mfLoginController::generatePasswordHash($pw1);
+    $me->save();
+    $this->redirect("Dashboard");
+  }
+
+
+  public function getUsers() {
+    $users=array();
+    $res=$this->db()->select(MFUSERTABLE,'*','1=1 ORDER BY username');
+    if($this->db()->num_rows($res)) {
+      while($data=$this->db()->fetch_object($res)) {
+        $users[$data->id]=new User($data);
+      }
+    }
+    return $users;
+  }
+  
+  private function isAdmin() {
+    $me = new User();
+    $this->layout->set("me", $me);
+    $me->loadMe();
+    
+    return $me->isAdmin();
+  }
+}