summaryrefslogtreecommitdiff
path: root/modules/user/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/controllers')
-rw-r--r--modules/user/controllers/admin_users.php212
-rw-r--r--modules/user/controllers/login.php82
-rw-r--r--modules/user/controllers/logout.php38
-rw-r--r--modules/user/controllers/password.php35
-rw-r--r--modules/user/controllers/users.php57
5 files changed, 226 insertions, 198 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 0b748955..cc2d881e 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -21,19 +21,22 @@ class Admin_Users_Controller extends Admin_Controller {
public function index() {
$view = new Admin_View("admin.html");
$view->content = new View("admin_users.html");
- $view->content->users = ORM::factory("user")->orderby("name")->find_all();
- $view->content->groups = ORM::factory("group")->orderby("name")->find_all();
+ $view->content->users = ORM::factory("user")
+ ->orderby("name", "ASC")
+ ->find_all();
+ $view->content->groups = ORM::factory("group")
+ ->orderby("name", "ASC")
+ ->find_all();
print $view;
}
public function add_user() {
access::verify_csrf();
- $form = user::get_add_form_admin();
+ $form = $this->_get_user_add_form_admin();
$valid = $form->validate();
$name = $form->add_user->inputs["name"]->value;
- $user = ORM::factory("user")->where("name", $name)->find();
- if ($user->loaded) {
+ if ($user = user::lookup_by_name($name)) {
$form->add_user->inputs["name"]->add_error("in_use", 1);
$valid = false;
}
@@ -60,22 +63,24 @@ class Admin_Users_Controller extends Admin_Controller {
}
public function add_user_form() {
- print user::get_add_form_admin();
+ $v = new View("user_form.html");
+ $v->form = $this->_get_user_add_form_admin();
+ print $v;
}
public function delete_user($id) {
access::verify_csrf();
- if ($id == user::active()->id || $id == user::guest()->id) {
+ if ($id == identity::active_user()->id || $id == user::guest()->id) {
access::forbidden();
}
- $user = ORM::factory("user", $id);
- if (!$user->loaded) {
+ $user = user::lookup($id);
+ if (empty($user)) {
kohana::show_404();
}
- $form = user::get_delete_form_admin($user);
+ $form = $this->_get_user_delete_form_admin($user);
if($form->validate()) {
$name = $user->name;
$user->delete();
@@ -91,31 +96,28 @@ class Admin_Users_Controller extends Admin_Controller {
}
public function delete_user_form($id) {
- $user = ORM::factory("user", $id);
- if (!$user->loaded) {
+ $user = user::lookup($id);
+ if (empty($user)) {
kohana::show_404();
}
- print user::get_delete_form_admin($user);
+ print $this->_get_user_delete_form_admin($user);
}
public function edit_user($id) {
access::verify_csrf();
- $user = ORM::factory("user", $id);
- if (!$user->loaded) {
+ $user = user::lookup($id);
+ if (empty($user)) {
kohana::show_404();
}
- $form = user::get_edit_form_admin($user);
+ $form = $this->_get_user_edit_form_admin($user);
$valid = $form->validate();
if ($valid) {
$new_name = $form->edit_user->inputs["name"]->value;
+ $temp_user = user::lookup_by_name($new_name);
if ($new_name != $user->name &&
- ORM::factory("user")
- ->where("name", $new_name)
- ->where("id !=", $user->id)
- ->find()
- ->loaded) {
+ ($temp_user && $temp_user->id != $user->id)) {
$form->edit_user->inputs["name"]->add_error("in_use", 1);
$valid = false;
} else {
@@ -136,7 +138,7 @@ class Admin_Users_Controller extends Admin_Controller {
}
// An admin can change the admin status for any user but themselves
- if ($user->id != user::active()->id) {
+ if ($user->id != identity::active_user()->id) {
$user->admin = $form->edit_user->admin->checked;
}
$user->save();
@@ -151,50 +153,51 @@ class Admin_Users_Controller extends Admin_Controller {
}
public function edit_user_form($id) {
- $user = ORM::factory("user", $id);
- if (!$user->loaded) {
+ $user = user::lookup($id);
+ if (empty($user)) {
kohana::show_404();
}
- $form = user::get_edit_form_admin($user);
+ $v = new View("user_form.html");
+ $v->form = $this->_get_user_edit_form_admin($user);
// Don't allow the user to control their own admin bit, else you can lock yourself out
- if ($user->id == user::active()->id) {
- $form->edit_user->admin->disabled(1);
+ if ($user->id == identity::active_user()->id) {
+ $v->form->edit_user->admin->disabled(1);
}
- print $form;
+ print $v;
}
public function add_user_to_group($user_id, $group_id) {
access::verify_csrf();
- $group = ORM::factory("group", $group_id);
- $user = ORM::factory("user", $user_id);
+ $group = group::lookup($group_id);
+ $user = user::lookup($user_id);
$group->add($user);
$group->save();
}
public function remove_user_from_group($user_id, $group_id) {
access::verify_csrf();
- $group = ORM::factory("group", $group_id);
- $user = ORM::factory("user", $user_id);
+ $group = group::lookup($group_id);
+ $user = user::lookup($user_id);
$group->remove($user);
$group->save();
}
public function group($group_id) {
$view = new View("admin_users_group.html");
- $view->group = ORM::factory("group", $group_id);
+ $view->group = group::lookup($group_id);
print $view;
}
public function add_group() {
access::verify_csrf();
- $form = group::get_add_form_admin();
+ $form = $this->_get_group_add_form_admin();
$valid = $form->validate();
if ($valid) {
$new_name = $form->add_group->inputs["name"]->value;
- $group = ORM::factory("group")->where("name", $new_name)->find();
- if ($group->loaded) {
+ $group = group::lookup_by_name($new_name);
+ if (!empty($group)) {
$form->add_group->inputs["name"]->add_error("in_use", 1);
$valid = false;
}
@@ -213,18 +216,18 @@ class Admin_Users_Controller extends Admin_Controller {
}
public function add_group_form() {
- print group::get_add_form_admin();
+ print $this->_get_group_add_form_admin();
}
public function delete_group($id) {
access::verify_csrf();
- $group = ORM::factory("group", $id);
- if (!$group->loaded) {
+ $group = group::lookup($id);
+ if (empty($group)) {
kohana::show_404();
}
- $form = group::get_delete_form_admin($group);
+ $form = $this->_get_group_delete_form_admin($group);
if ($form->validate()) {
$name = $group->name;
$group->delete();
@@ -240,27 +243,28 @@ class Admin_Users_Controller extends Admin_Controller {
}
public function delete_group_form($id) {
- $group = ORM::factory("group", $id);
- if (!$group->loaded) {
+ $group = group::lookup($id);
+ if (empty($group)) {
kohana::show_404();
}
- print group::get_delete_form_admin($group);
+
+ print $this->_get_group_delete_form_admin($group);
}
public function edit_group($id) {
access::verify_csrf();
- $group = ORM::factory("group", $id);
- if (!$group->loaded) {
- kohana::show_404();
+ $group = group::lookup($id);
+ if (empty($group)) {
+ kohana::show_404();
}
- $form = group::get_edit_form_admin($group);
+ $form = $this->_get_group_edit_form_admin($group);
$valid = $form->validate();
if ($valid) {
$new_name = $form->edit_group->inputs["name"]->value;
- $group = ORM::factory("group")->where("name", $new_name)->find();
+ $group = group::lookup_by_name($name);
if ($group->loaded) {
$form->edit_group->inputs["name"]->add_error("in_use", 1);
$valid = false;
@@ -282,12 +286,118 @@ class Admin_Users_Controller extends Admin_Controller {
}
public function edit_group_form($id) {
- $group = ORM::factory("group", $id);
- if (!$group->loaded) {
+ $group = group::lookup($id);
+ if (empty($group)) {
kohana::show_404();
}
- print group::get_edit_form_admin($group);
+ print $this->_get_group_edit_form_admin($group);
+ }
+
+ /* User Form Definitions */
+ static function _get_user_edit_form_admin($user) {
+ $form = new Forge(
+ "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form"));
+ $group = $form->group("edit_user")->label(t("Edit user"));
+ $group->input("name")->label(t("Username"))->id("g-username")->value($user->name);
+ $group->inputs["name"]->error_messages(
+ "in_use", t("There is already a user with that username"));
+ $group->input("full_name")->label(t("Full name"))->id("g-fullname")->value($user->full_name);
+ self::_add_locale_dropdown($group, $user);
+ $group->password("password")->label(t("Password"))->id("g-password");
+ $group->password("password2")->label(t("Confirm password"))->id("g-password2")
+ ->matches($group->password);
+ $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
+ $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
+ $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
+ $form->add_rules_from($user);
+ $minimum_length = module::get_var("user", "mininum_password_length", 5);
+ $form->edit_user->password
+ ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
+
+ module::event("user_edit_form_admin", $user, $form);
+ $group->submit("")->value(t("Modify User"));
+ return $form;
+ }
+
+ static function _get_user_add_form_admin() {
+ $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form"));
+ $group = $form->group("add_user")->label(t("Add user"));
+ $group->input("name")->label(t("Username"))->id("g-username")
+ ->error_messages("in_use", t("There is already a user with that username"));
+ $group->input("full_name")->label(t("Full name"))->id("g-fullname");
+ $group->password("password")->label(t("Password"))->id("g-password");
+ $group->password("password2")->label(t("Confirm password"))->id("g-password2")
+ ->matches($group->password);
+ $group->input("email")->label(t("Email"))->id("g-email");
+ $group->input("url")->label(t("URL"))->id("g-url");
+ self::_add_locale_dropdown($group);
+ $group->checkbox("admin")->label(t("Admin"))->id("g-admin");
+ $form->add_rules_from(ORM::factory("user"));
+
+ $minimum_length = module::get_var("user", "mininum_password_length", 5);
+ $form->add_user->password
+ ->rules($minimum_length ? "required|length[$minimum_length, 40]" : "length[40]");
+
+ module::event("user_add_form_admin", $user, $form);
+ $group->submit("")->value(t("Add User"));
+ return $form;
+ }
+
+ private function _add_locale_dropdown(&$form, $user=null) {
+ $locales = locales::installed();
+ foreach ($locales as $locale => $display_name) {
+ $locales[$locale] = SafeString::of_safe_html($display_name);
+ }
+ if (count($locales) > 1) {
+ // Put "none" at the first position in the array
+ $locales = array_merge(array("" => t("« none »")), $locales);
+ $selected_locale = ($user && $user->locale) ? $user->locale : "";
+ $form->dropdown("locale")
+ ->label(t("Language Preference"))
+ ->options($locales)
+ ->selected($selected_locale);
+ }
+ }
+
+ private function _get_user_delete_form_admin($user) {
+ $form = new Forge("admin/users/delete_user/$user->id", "", "post",
+ array("id" => "g-delete-user-form"));
+ $group = $form->group("delete_user")->label(
+ t("Are you sure you want to delete user %name?", array("name" => $user->name)));
+ $group->submit("")->value(t("Delete user %name", array("name" => $user->name)));
+ return $form;
}
+ /* Group Form Definitions */
+ private function _get_group_edit_form_admin($group) {
+ $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form"));
+ $form_group = $form->group("edit_group")->label(t("Edit group"));
+ $form_group->input("name")->label(t("Name"))->id("g-name")->value($group->name);
+ $form_group->inputs["name"]->error_messages(
+ "in_use", t("There is already a group with that name"));
+ $form_group->submit("")->value(t("Save"));
+ $form->add_rules_from($group);
+ return $form;
+ }
+
+ private function _get_group_add_form_admin() {
+ $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form"));
+ $form_group = $form->group("add_group")->label(t("Add group"));
+ $form_group->input("name")->label(t("Name"))->id("g-name");
+ $form_group->inputs["name"]->error_messages(
+ "in_use", t("There is already a group with that name"));
+ $form_group->submit("")->value(t("Add group"));
+ $form->add_rules_from(ORM::factory("group"));
+ return $form;
+ }
+
+ private function _get_group_delete_form_admin($group) {
+ $form = new Forge("admin/users/delete_group/$group->id", "", "post",
+ array("id" => "g-delete-group-form"));
+ $form_group = $form->group("delete_group")->label(
+ t("Are you sure you want to delete group %group_name?", array("group_name" => $group->name)));
+ $form_group->submit("")->value(t("Delete"));
+ return $form;
+ }
}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
deleted file mode 100644
index 8bee7db5..00000000
--- a/modules/user/controllers/login.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Login_Controller extends Controller {
-
- public function ajax() {
- $view = new View("login_ajax.html");
- $view->form = user::get_login_form("login/auth_ajax");
- print $view;
- }
-
- public function auth_ajax() {
- access::verify_csrf();
-
- list ($valid, $form) = $this->_auth("login/auth_ajax");
- if ($valid) {
- print json_encode(
- array("result" => "success"));
- } else {
- print json_encode(
- array("result" => "error",
- "form" => $form->__toString()));
- }
- }
-
- public function html() {
- print user::get_login_form("login/auth_html");
- }
-
- public function auth_html() {
- access::verify_csrf();
-
- list ($valid, $form) = $this->_auth("login/auth_html");
- if ($valid) {
- url::redirect(item::root()->abs_url());
- } else {
- print $form;
- }
- }
-
- private function _auth($url) {
- $form = user::get_login_form($url);
- $valid = $form->validate();
- if ($valid) {
- $user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
- if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
- log::warning(
- "user",
- t("Failed login for %name",
- array("name" => $form->login->inputs["name"]->value)));
- $form->login->inputs["name"]->add_error("invalid_login", 1);
- $valid = false;
- }
- }
-
- if ($valid) {
- user::login($user);
- log::info("user", t("User %name logged in", array("name" => $user->name)));
- }
-
- // Either way, regenerate the session id to avoid session trapping
- Session::instance()->regenerate();
-
- return array($valid, $form);
- }
-} \ No newline at end of file
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
deleted file mode 100644
index 45d397ad..00000000
--- a/modules/user/controllers/logout.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Logout_Controller extends Controller {
- public function index() {
- //access::verify_csrf();
-
- $user = user::active();
- user::logout();
- log::info("user", t("User %name logged out", array("name" => $user->name)),
- html::anchor("user/$user->id", html::clean($user->name)));
- if ($continue_url = $this->input->get("continue")) {
- $item = url::get_item_from_uri($continue_url);
- if (access::can("view", $item)) {
- // Don't use url::redirect() because it'll call url::site() and munge the continue url.
- header("Location: $continue_url");
- } else {
- url::redirect(item::root()->abs_url());
- }
- }
- }
-} \ No newline at end of file
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 92608dcd..5f36b554 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -32,10 +32,8 @@ class Password_Controller extends Controller {
if (request::method() == "post") {
$this->_change_password();
} else {
- $user = ORM::factory("user")
- ->where("hash", Input::instance()->get("key"))
- ->find();
- if ($user->loaded) {
+ $user = user::lookup_by_hash(Input::instance()->get("key"));
+ if (!empty($user)) {
print $this->_new_password_form($user->hash);
} else {
throw new Exception("@todo FORBIDDEN", 503);
@@ -48,7 +46,7 @@ class Password_Controller extends Controller {
$valid = $form->validate();
if ($valid) {
- $user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find();
+ $user = user::lookup_by_name($form->reset->inputs["name"]->value);
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
@@ -85,9 +83,9 @@ class Password_Controller extends Controller {
}
private function _reset_form() {
- $form = new Forge(url::current(true), "", "post", array("id" => "gResetForm"));
+ $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
$group = $form->group("reset")->label(t("Reset Password"));
- $group->input("name")->label(t("Username"))->id("gName")->class(null)->rules("required");
+ $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
$group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
$group->submit("")->value(t("Reset"));
@@ -97,36 +95,35 @@ class Password_Controller extends Controller {
private function _new_password_form($hash=null) {
$template = new Theme_View("page.html", "reset");
- $form = new Forge("password/do_reset", "", "post", array("id" => "gChangePasswordForm"));
+ $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
$group = $form->group("reset")->label(t("Change Password"));
$hidden = $group->hidden("hash");
if (!empty($hash)) {
$hidden->value($hash);
}
- $group->password("password")->label(t("Password"))->id("gPassword")
- ->rules("required|length[1,40]");
- $group->password("password2")->label(t("Confirm Password"))->id("gPassword2")
+ $minimum_length = module::get_var("user", "mininum_password_length", 5);
+ $input_password = $group->password("password")->label(t("Password"))->id("g-password")
+ ->rules($minimum_length ? "required|length[$minimum_length, 40]" : "length[40]");
+ $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
->matches($group->password);
$group->inputs["password2"]->error_messages(
"mistyped", t("The password and the confirm password must match"));
$group->submit("")->value(t("Update"));
- $template->content = $form;
+ $template->content = new View("user_form.html");
+ $template->content->form = $form;
return $template;
}
private function _change_password() {
$view = $this->_new_password_form();
- if ($view->content->validate()) {
- $user = ORM::factory("user")
- ->where("hash", $view->content->reset->hash->value)
- ->find();
-
- if (!$user->loaded) {
+ if ($view->content->form->validate()) {
+ $user = user::lookup_by_hash(Input::instance()->post("hash"));
+ if (empty($user)) {
throw new Exception("@todo FORBIDDEN", 503);
}
- $user->password = $view->content->reset->password->value;
+ $user->password = $view->content->form->reset->password->value;
$user->hash = null;
$user->save();
message::success(t("Password reset successfully"));
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 4ad704f0..ca218393 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -17,15 +17,15 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
-class Users_Controller extends REST_Controller {
- protected $resource_type = "user";
+class Users_Controller extends Controller {
+ public function update($id) {
+ $user = user::lookup($id);
- public function _update($user) {
- if ($user->guest || $user->id != user::active()->id) {
+ if ($user->guest || $user->id != identity::active_user()->id) {
access::forbidden();
}
- $form = user::get_edit_form($user);
+ $form = $this->_get_edit_form($user);
$valid = $form->validate();
if ($valid) {
$user->full_name = $form->edit_user->full_name->value;
@@ -57,11 +57,52 @@ class Users_Controller extends REST_Controller {
}
}
- public function _form_edit($user) {
- if ($user->guest || $user->id != user::active()->id) {
+ public function form_edit($id) {
+ $user = user::lookup($id);
+ if ($user->guest || $user->id != identity::active_user()->id) {
access::forbidden();
}
- print user::get_edit_form($user);
+ $v = new View("user_form.html");
+ $v->form = $this->_get_edit_form($user);
+ print $v;
+ }
+
+ private function _get_edit_form($user) {
+ $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
+ $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
+ $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
+ self::_add_locale_dropdown($group, $user);
+ $group->password("password")->label(t("Password"))->id("g-password");
+ $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+ ->matches($group->password);
+ $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
+ $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
+ $form->add_rules_from($user);
+
+ $minimum_length = module::get_var("user", "mininum_password_length", 5);
+ $form->edit_user->password
+ ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
+
+ module::event("user_edit_form", $user, $form);
+ $group->submit("")->value(t("Save"));
+ return $form;
+ }
+
+ /** @todo combine with Admin_Users_Controller::_add_locale_dropdown */
+ private function _add_locale_dropdown(&$form, $user=null) {
+ $locales = locales::installed();
+ foreach ($locales as $locale => $display_name) {
+ $locales[$locale] = SafeString::of_safe_html($display_name);
+ }
+ if (count($locales) > 1) {
+ // Put "none" at the first position in the array
+ $locales = array_merge(array("" => t("« none »")), $locales);
+ $selected_locale = ($user && $user->locale) ? $user->locale : "";
+ $form->dropdown("locale")
+ ->label(t("Language Preference"))
+ ->options($locales)
+ ->selected($selected_locale);
+ }
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-18 08:21:33 +0000