needlogin=true; $me = new User(); $me->loadMe(); $this->me = $me; $this->layout()->set("me",$me); if(!$me->isAdmin()) { // all users can call non-action methods if($this->action != "" || $request != null) { $this->redirect("Dashboard"); } } } protected function indexAction($request) { if(!$this->isAdmin()) { throw new Exception("Forbidden", 403); } $this->layout()->setTemplate('User/Index'); $users=$this->getUsers(); $this->layout()->set('users',$users); $pc = new ProviderController(); $providers = $pc->getProvider(); $this->layout()->set("providers", $providers); } protected function addAction($request) { if(!$this->isAdmin()) { throw new Exception("Forbidden", 403); } $this->layout()->setTemplate('User/Form'); $pc = new ProviderController(); $providers = $pc->getProvider(); $this->layout()->set("providers", $providers); } protected function editAction($request) { if(!$this->isAdmin()) { throw new Exception("Forbidden", 403); } $this->layout()->setTemplate('User/Form'); $id=$request['id']; if(!is_numeric($id) || $id <= 0) { throw new Exception("User $id not found",604); } $user=new User($id); $this->layout()->set('user',$user); $pc = new ProviderController(); $providers = $pc->getProvider(); $this->layout()->set("providers", $providers); } protected function profileAction($request) { } protected function saveAction($request) { //$this->log->debug("UserController::save"); $id = $request['id']; if(!$this->isAdmin()) { $id = $this->me->id; $request['username'] = $this->me->username; unset($request['provider_id']); } if(!$id && !$request['username']) { self::redirect('User'); } $user = new User($id); if($request['username']) { $user->username = $request['username']; } if($request['name']) { $user->name = $request['name']; } if($request['email']) { $user->email = $request['email']; } if($request['provider_id']) { if($this->isAdmin()) { $user->provider_id = intval($request['provider_id']); //var_dump($user);exit; $provider = new Provider($user->provider_id); if(!$provider->id) { throw new Exception("Unbekannter Provider"); } } } if($request['password']) { if($request['password'] === $request['password2']) { $user->password=mfLoginController::generatePasswordHash($request['password']); } else { $this->layout()->setFlash("Passwörter stimmen nicht überein!", "error"); } } $id = $user->save(); if($this->isAdmin()) { if($request['admin'] == "true" || $user->id == 1) { $user->permissions->admin = "true"; } else { $user->permissions->admin = "false"; } if($request['ticketadmin'] == "true") { $user->permissions->ticketadmin = "true"; } else { $user->permissions->ticketadmin = "false"; } $user->permissions->save(); } $this->layout()->setFlash("Benutzer gespeichert.", "success"); self::redirect('User'); } protected function deleteAction($request) { if(!$this->isAdmin()) { $this->redirect("Bridge"); } $id = $request['id']; if(!is_numeric($id) || $id <= 0) { throw new Exception("User $id not found",604); } $user = new User($id); if($user->id == $id) { $user->delete(); } self::redirect("User"); } protected function pwchangeAction($request) { $me = new User(); $me->loadMe(); $pw1 = $request['password']; $pw2 = $request['password2']; if(!$pw1 == $pw2) { throw new Exception("Passwords don't match! Password change aborted."); } if(strlen($pw1) < 8) { throw new Exception("Passwords must be 8 characters minimum!"); } if($pw1 == "12345678" || $pw1 == "123456789" || $pw1 == "password" || $pw1 == "passwort") { throw new Exception("Be a little more creative with your password please..."); } $me->password = mfLoginController::generatePasswordHash($pw1); $me->save(); $this->redirect("Dashboard"); } public function getUsers() { $users=array(); $res=$this->db()->select(MFUSERTABLE,'*','1=1 ORDER BY username'); if($this->db()->num_rows($res)) { while($data=$this->db()->fetch_object($res)) { $users[$data->id]=new User($data); } } return $users; } private function isAdmin() { $me = new User(); $this->layout->set("me", $me); $me->loadMe(); return $me->isAdmin(); } }