diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-10-13 13:19:17 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-10-13 13:19:17 -0700 |
| commit | 2af48060117bdf30fb48929dd8c9d22800a70843 (patch) | |
| tree | eec28aec7139b517b6181569c00af576625c684a /modules/user/controllers | |
| parent | fcd1e79bac7980eae61de05de9949a7e18b0d557 (diff) | |
Refactor the ui component of the user module into the gallery core module.
Diffstat (limited to 'modules/user/controllers')
| -rw-r--r-- | modules/user/controllers/admin_users.php | 290 | ||||
| -rw-r--r-- | modules/user/controllers/login.php | 81 | ||||
| -rw-r--r-- | modules/user/controllers/logout.php | 38 | ||||
| -rw-r--r-- | modules/user/controllers/password.php | 133 | ||||
| -rw-r--r-- | modules/user/controllers/users.php | 68 |
5 files changed, 0 insertions, 610 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php deleted file mode 100644 index a8a8cd95..00000000 --- a/modules/user/controllers/admin_users.php +++ /dev/null @@ -1,290 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Admin_Users_Controller extends Admin_Controller { - public function index() { - $view = new Admin_View("admin.html"); - $view->content = new View("admin_users.html"); - $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC"))); - $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC"))); - print $view; - } - - public function add_user() { - access::verify_csrf(); - - $form = user::get_add_form_admin(); - $valid = $form->validate(); - $name = $form->add_user->inputs["name"]->value; - if ($user = user::lookup_by_name($name)) { - $form->add_user->inputs["name"]->add_error("in_use", 1); - $valid = false; - } - - if ($valid) { - $user = user::create( - $name, $form->add_user->full_name->value, $form->add_user->password->value); - $user->email = $form->add_user->email->value; - $user->admin = $form->add_user->admin->checked; - - if ($form->add_user->locale) { - $desired_locale = $form->add_user->locale->value; - $user->locale = $desired_locale == "none" ? null : $desired_locale; - } - $user->save(); - module::event("user_add_form_admin_completed", $user, $form); - - message::success(t("Created user %user_name", array("user_name" => $user->name))); - print json_encode(array("result" => "success")); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function add_user_form() { - print user::get_add_form_admin(); - } - - public function delete_user($id) { - access::verify_csrf(); - - if ($id == user::active()->id || $id == user::guest()->id) { - access::forbidden(); - } - - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - - $form = user::get_delete_form_admin($user); - if($form->validate()) { - $name = $user->name; - $user->delete(); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - - $message = t("Deleted user %user_name", array("user_name" => $name)); - log::success("user", $message); - message::success($message); - print json_encode(array("result" => "success")); - } - - public function delete_user_form($id) { - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - print user::get_delete_form_admin($user); - } - - public function edit_user($id) { - access::verify_csrf(); - - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - - $form = user::get_edit_form_admin($user); - $valid = $form->validate(); - if ($valid) { - $new_name = $form->edit_user->inputs["name"]->value; - $temp_user = user::lookup_by_name($new_name); - if ($new_name != $user->name && - ($temp_user && $temp_user->id != $user->id)) { - $form->edit_user->inputs["name"]->add_error("in_use", 1); - $valid = false; - } else { - $user->name = $new_name; - } - } - - if ($valid) { - $user->full_name = $form->edit_user->full_name->value; - if ($form->edit_user->password->value) { - $user->password = $form->edit_user->password->value; - } - $user->email = $form->edit_user->email->value; - $user->url = $form->edit_user->url->value; - if ($form->edit_user->locale) { - $desired_locale = $form->edit_user->locale->value; - $user->locale = $desired_locale == "none" ? null : $desired_locale; - } - - // An admin can change the admin status for any user but themselves - if ($user->id != user::active()->id) { - $user->admin = $form->edit_user->admin->checked; - } - $user->save(); - module::event("user_edit_form_admin_completed", $user, $form); - - message::success(t("Changed user %user_name", array("user_name" => $user->name))); - print json_encode(array("result" => "success")); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function edit_user_form($id) { - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - - $form = user::get_edit_form_admin($user); - // Don't allow the user to control their own admin bit, else you can lock yourself out - if ($user->id == user::active()->id) { - $form->edit_user->admin->disabled(1); - } - print $form; - } - - public function add_user_to_group($user_id, $group_id) { - access::verify_csrf(); - $group = group::lookup($group_id); - $user = user::lookup($user_id); - $group->add($user); - $group->save(); - } - - public function remove_user_from_group($user_id, $group_id) { - access::verify_csrf(); - $group = group::lookup($group_id); - $user = user::lookup($user_id); - $group->remove($user); - $group->save(); - } - - public function group($group_id) { - $view = new View("admin_users_group.html"); - $view->group = group::lookup($group_id); - print $view; - } - - public function add_group() { - access::verify_csrf(); - - $form = group::get_add_form_admin(); - $valid = $form->validate(); - if ($valid) { - $new_name = $form->add_group->inputs["name"]->value; - $group = group::lookup_by_name($new_name); - if (!empty($group)) { - $form->add_group->inputs["name"]->add_error("in_use", 1); - $valid = false; - } - } - - if ($valid) { - $group = group::create($new_name); - $group->save(); - message::success( - t("Created group %group_name", array("group_name" => $group->name))); - print json_encode(array("result" => "success")); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function add_group_form() { - print group::get_add_form_admin(); - } - - public function delete_group($id) { - access::verify_csrf(); - - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - $form = group::get_delete_form_admin($group); - if ($form->validate()) { - $name = $group->name; - $group->delete(); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - - $message = t("Deleted group %group_name", array("group_name" => $name)); - log::success("group", $message); - message::success($message); - print json_encode(array("result" => "success")); - } - - public function delete_group_form($id) { - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - print group::get_delete_form_admin($group); - } - - public function edit_group($id) { - access::verify_csrf(); - - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - $form = group::get_edit_form_admin($group); - $valid = $form->validate(); - - if ($valid) { - $new_name = $form->edit_group->inputs["name"]->value; - $group = group::lookup_by_name($name); - if ($group->loaded) { - $form->edit_group->inputs["name"]->add_error("in_use", 1); - $valid = false; - } - } - - if ($valid) { - $group->name = $form->edit_group->inputs["name"]->value; - $group->save(); - message::success( - t("Changed group %group_name", array("group_name" => $group->name))); - print json_encode(array("result" => "success")); - } else { - message::error( - t("Failed to change group %group_name", array("group_name" => $group->name))); - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function edit_group_form($id) { - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - print group::get_edit_form_admin($group); - } - -} diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php deleted file mode 100644 index 2c4bd557..00000000 --- a/modules/user/controllers/login.php +++ /dev/null @@ -1,81 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Login_Controller extends Controller { - - public function ajax() { - $view = new View("login_ajax.html"); - $view->form = user::get_login_form("login/auth_ajax"); - print $view; - } - - public function auth_ajax() { - access::verify_csrf(); - - list ($valid, $form) = $this->_auth("login/auth_ajax"); - if ($valid) { - print json_encode( - array("result" => "success")); - } else { - print json_encode( - array("result" => "error", - "form" => $form->__toString())); - } - } - - public function html() { - print user::get_login_form("login/auth_html"); - } - - public function auth_html() { - access::verify_csrf(); - - list ($valid, $form) = $this->_auth("login/auth_html"); - if ($valid) { - url::redirect(item::root()->abs_url()); - } else { - print $form; - } - } - private function _auth($url) { - $form = user::get_login_form($url); - $valid = $form->validate(); - if ($valid) { - $user = user::lookup_by_name($form->login->inputs["name"]->value); - if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) { - log::warning( - "user", - t("Failed login for %name", - array("name" => $form->login->inputs["name"]->value))); - $form->login->inputs["name"]->add_error("invalid_login", 1); - $valid = false; - } - } - - if ($valid) { - user::login($user); - log::info("user", t("User %name logged in", array("name" => $user->name))); - } - - // Either way, regenerate the session id to avoid session trapping - Session::instance()->regenerate(); - - return array($valid, $form); - } -}
\ No newline at end of file diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php deleted file mode 100644 index 45d397ad..00000000 --- a/modules/user/controllers/logout.php +++ /dev/null @@ -1,38 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Logout_Controller extends Controller { - public function index() { - //access::verify_csrf(); - - $user = user::active(); - user::logout(); - log::info("user", t("User %name logged out", array("name" => $user->name)), - html::anchor("user/$user->id", html::clean($user->name))); - if ($continue_url = $this->input->get("continue")) { - $item = url::get_item_from_uri($continue_url); - if (access::can("view", $item)) { - // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: $continue_url"); - } else { - url::redirect(item::root()->abs_url()); - } - } - } -}
\ No newline at end of file diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php deleted file mode 100644 index e8b08960..00000000 --- a/modules/user/controllers/password.php +++ /dev/null @@ -1,133 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Password_Controller extends Controller { - public function reset() { - if (request::method() == "post") { - // @todo separate the post from get parts of this function - access::verify_csrf(); - $this->_send_reset(); - } else { - print $this->_reset_form(); - } - } - - public function do_reset() { - if (request::method() == "post") { - $this->_change_password(); - } else { - $user = user::lookup_by_hash(Input::instance()->get("key")); - if (!empty($user)) { - print $this->_new_password_form($user->hash); - } else { - throw new Exception("@todo FORBIDDEN", 503); - } - } - } - - private function _send_reset() { - $form = $this->_reset_form(); - - $valid = $form->validate(); - if ($valid) { - $user = user::lockup_by_name($form->reset->inputs["name"]->value); - if (!$user->loaded || empty($user->email)) { - $form->reset->inputs["name"]->add_error("no_email", 1); - $valid = false; - } - } - - if ($valid) { - $user->hash = md5(rand()); - $user->save(); - $message = new View("reset_password.html"); - $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); - $message->user = $user; - - Sendmail::factory() - ->to($user->email) - ->subject(t("Password Reset Request")) - ->header("Mime-Version", "1.0") - ->header("Content-type", "text/html; charset=iso-8859-1") - ->message($message->render()) - ->send(); - - log::success( - "user", - t("Password reset email sent for user %name", array("name" => $user->name))); - } else { - // Don't include the username here until you're sure that it's XSS safe - log::warning( - "user", "Password reset email requested for bogus user"); - } - - message::success(t("Password reset email sent")); - print json_encode( - array("result" => "success")); - } - - private function _reset_form() { - $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form")); - $group = $form->group("reset")->label(t("Reset Password")); - $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required"); - $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password")); - $group->submit("")->value(t("Reset")); - - return $form; - } - - private function _new_password_form($hash=null) { - $template = new Theme_View("page.html", "reset"); - - $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form")); - $group = $form->group("reset")->label(t("Change Password")); - $hidden = $group->hidden("hash"); - if (!empty($hash)) { - $hidden->value($hash); - } - $group->password("password")->label(t("Password"))->id("g-password") - ->rules("required|length[1,40]"); - $group->password("password2")->label(t("Confirm Password"))->id("g-password2") - ->matches($group->password); - $group->inputs["password2"]->error_messages( - "mistyped", t("The password and the confirm password must match")); - $group->submit("")->value(t("Update")); - - $template->content = $form; - return $template; - } - - private function _change_password() { - $view = $this->_new_password_form(); - if ($view->content->validate()) { - $user = user::lookup_by_hash(Input::instance()->get("key")); - if (empty($user)) { - throw new Exception("@todo FORBIDDEN", 503); - } - - $user->password = $view->content->reset->password->value; - $user->hash = null; - $user->save(); - message::success(t("Password reset successfully")); - url::redirect(item::root()->abs_url()); - } else { - print $view; - } - } -}
\ No newline at end of file diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php deleted file mode 100644 index 07c5a457..00000000 --- a/modules/user/controllers/users.php +++ /dev/null @@ -1,68 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Users_Controller extends Controller { - public function update($id) { - $user = user::lookup($id); - - if ($user->guest || $user->id != user::active()->id) { - access::forbidden(); - } - - $form = user::get_edit_form($user); - $valid = $form->validate(); - if ($valid) { - $user->full_name = $form->edit_user->full_name->value; - if ($form->edit_user->password->value) { - $user->password = $form->edit_user->password->value; - } - $user->email = $form->edit_user->email->value; - $user->url = $form->edit_user->url->value; - if ($form->edit_user->locale) { - $desired_locale = $form->edit_user->locale->value; - $new_locale = $desired_locale == "none" ? null : $desired_locale; - if ($new_locale != $user->locale) { - // Delete the session based locale preference - setcookie("g_locale", "", time() - 24 * 3600, "/"); - } - $user->locale = $new_locale; - } - $user->save(); - module::event("user_edit_form_completed", $user, $form); - - message::success(t("User information updated.")); - print json_encode( - array("result" => "success", - "resource" => url::site("users/{$user->id}"))); - } else { - print json_encode( - array("result" => "error", - "form" => $form->__toString())); - } - } - - public function form_edit($id) { - $user = user::lookup($id); - if ($user->guest || $user->id != user::active()->id) { - access::forbidden(); - } - - print user::get_edit_form($user); - } -} |