212 lines
5.0 KiB
PHP
212 lines
5.0 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Description of UserController
|
|
*
|
|
* @author fronk
|
|
*/
|
|
class UserController extends mfBaseController {
|
|
private $me;
|
|
|
|
protected function init($request = null) {
|
|
$this->needlogin=true;
|
|
$me = new User();
|
|
$me->loadMe();
|
|
$this->me = $me;
|
|
$this->layout()->set("me",$me);
|
|
|
|
if(!$me->isAdmin()) {
|
|
// all users can call non-action methods
|
|
if($this->action != "" || $request != null) {
|
|
$this->redirect("Dashboard");
|
|
}
|
|
}
|
|
}
|
|
|
|
protected function indexAction($request) {
|
|
if(!$this->isAdmin()) {
|
|
throw new Exception("Forbidden", 403);
|
|
}
|
|
$this->layout()->setTemplate('User/Index');
|
|
|
|
if($this->request->filter) {
|
|
$users = UserModel::search($this->request->filter);
|
|
} else {
|
|
$users = UserModel::getAll();
|
|
}
|
|
$this->layout()->set('users',$users);
|
|
|
|
$addresses = AddressModel::getAll();
|
|
$this->layout()->set("addresses", $addresses);
|
|
$this->layout()->set("filter", $this->request->filter);
|
|
}
|
|
|
|
protected function addAction($request) {
|
|
if(!$this->isAdmin()) {
|
|
throw new Exception("Forbidden", 403);
|
|
}
|
|
$this->layout()->setTemplate('User/Form');
|
|
|
|
$addresses = AddressModel::getAll();
|
|
$this->layout()->set("addresses", $addresses);
|
|
|
|
if($this->request->address_id) {
|
|
$this->layout()->set("address_id", $this->request->address_id);
|
|
}
|
|
}
|
|
|
|
protected function editAction($request) {
|
|
if(!$this->isAdmin()) {
|
|
throw new Exception("Forbidden", 403);
|
|
}
|
|
$this->layout()->setTemplate('User/Form');
|
|
|
|
$id=$request['id'];
|
|
if(!is_numeric($id) || $id <= 0) {
|
|
throw new Exception("User $id not found",604);
|
|
}
|
|
|
|
$user=new User($id);
|
|
$this->layout()->set('user',$user);
|
|
|
|
$addresses = AddressModel::getAll();
|
|
$this->layout()->set("addresses", $addresses);
|
|
}
|
|
|
|
protected function profileAction($request) {
|
|
|
|
}
|
|
|
|
|
|
protected function saveAction() {
|
|
$r = $this->request;
|
|
$id = $r->id;
|
|
if(!$this->isAdmin()) {
|
|
$id = $this->me->id;
|
|
$request['username'] = $this->me->username;
|
|
unset($r->address_id);
|
|
}
|
|
|
|
if(!$id && !$r->username) {
|
|
self::redirect('User');
|
|
}
|
|
|
|
$user = new User($id);
|
|
if($r->username) {
|
|
$user->username = $r->username;
|
|
}
|
|
if($r->name) {
|
|
$user->name = $r->name;
|
|
}
|
|
if($r->email) {
|
|
$user->email = $r->email;
|
|
}
|
|
if($r->address_id) {
|
|
if($this->isAdmin()) {
|
|
$user->address_id = intval($r->address_id);
|
|
//var_dump($user);exit;
|
|
$address = new Address($user->address_id);
|
|
if(!$address->id) {
|
|
throw new Exception("Unbekannte Firma/Person");
|
|
}
|
|
}
|
|
}
|
|
|
|
if($r->password) {
|
|
if($r->password === $r->password2) {
|
|
$user->password=mfLoginController::generatePasswordHash($r->password);
|
|
} else {
|
|
$this->layout()->setFlash("Passwörter stimmen nicht überein!", "error");
|
|
}
|
|
}
|
|
|
|
$user->edit_by = $this->me->id;
|
|
if(!$id) {
|
|
$user->create_by = $this->me->id;
|
|
}
|
|
|
|
$id = $user->save();
|
|
|
|
if($this->isAdmin()) {
|
|
if($r->admin == "true" || $user->id == 1) {
|
|
$user->permissions->admin = "true";
|
|
} else {
|
|
$user->permissions->admin = "false";
|
|
}
|
|
|
|
if($r->technician == "true") {
|
|
$user->permissions->technician = "true";
|
|
} else {
|
|
$user->permissions->technician = "false";
|
|
}
|
|
|
|
$user->permissions->save();
|
|
}
|
|
|
|
$this->layout()->setFlash("Benutzer gespeichert.", "success");
|
|
self::redirect('User');
|
|
}
|
|
|
|
protected function deleteAction($request) {
|
|
if(!$this->isAdmin()) {
|
|
$this->redirect("Bridge");
|
|
}
|
|
$id = $request['id'];
|
|
|
|
if(!is_numeric($id) || $id <= 0) {
|
|
throw new Exception("User $id not found",604);
|
|
}
|
|
|
|
$user = new User($id);
|
|
if($user->id == $id) {
|
|
$user->delete();
|
|
}
|
|
|
|
self::redirect("User");
|
|
}
|
|
|
|
protected function pwchangeAction($request) {
|
|
$me = new User();
|
|
$me->loadMe();
|
|
|
|
$pw1 = $request['password'];
|
|
$pw2 = $request['password2'];
|
|
|
|
if(!$pw1 == $pw2) {
|
|
throw new Exception("Passwords don't match! Password change aborted.");
|
|
}
|
|
|
|
if(strlen($pw1) < 8) {
|
|
throw new Exception("Passwords must be 8 characters minimum!");
|
|
}
|
|
|
|
if($pw1 == "12345678" || $pw1 == "123456789" || $pw1 == "password" || $pw1 == "passwort") {
|
|
throw new Exception("Be a little more creative with your password please...");
|
|
}
|
|
|
|
$me->password = mfLoginController::generatePasswordHash($pw1);
|
|
$me->save();
|
|
$this->redirect("Dashboard");
|
|
}
|
|
|
|
|
|
public function getUsers() {
|
|
$users=array();
|
|
$res=$this->db()->select(MFUSERTABLE,'*','1=1 ORDER BY username');
|
|
if($this->db()->num_rows($res)) {
|
|
while($data=$this->db()->fetch_object($res)) {
|
|
$users[$data->id]=new User($data);
|
|
}
|
|
}
|
|
return $users;
|
|
}
|
|
|
|
private function isAdmin() {
|
|
$me = new User();
|
|
$this->layout->set("me", $me);
|
|
$me->loadMe();
|
|
|
|
return $me->isAdmin();
|
|
}
|
|
}
|