summaryrefslogtreecommitdiff
path: root/modules/user/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/controllers')
-rw-r--r--modules/user/controllers/admin_users.php290
-rw-r--r--modules/user/controllers/login.php81
-rw-r--r--modules/user/controllers/logout.php38
-rw-r--r--modules/user/controllers/password.php133
-rw-r--r--modules/user/controllers/users.php68
5 files changed, 0 insertions, 610 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
deleted file mode 100644
index a8a8cd95..00000000
--- a/modules/user/controllers/admin_users.php
+++ /dev/null
@@ -1,290 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Admin_Users_Controller extends Admin_Controller {
- public function index() {
- $view = new Admin_View("admin.html");
- $view->content = new View("admin_users.html");
- $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
- $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
- print $view;
- }
-
- public function add_user() {
- access::verify_csrf();
-
- $form = user::get_add_form_admin();
- $valid = $form->validate();
- $name = $form->add_user->inputs["name"]->value;
- if ($user = user::lookup_by_name($name)) {
- $form->add_user->inputs["name"]->add_error("in_use", 1);
- $valid = false;
- }
-
- if ($valid) {
- $user = user::create(
- $name, $form->add_user->full_name->value, $form->add_user->password->value);
- $user->email = $form->add_user->email->value;
- $user->admin = $form->add_user->admin->checked;
-
- if ($form->add_user->locale) {
- $desired_locale = $form->add_user->locale->value;
- $user->locale = $desired_locale == "none" ? null : $desired_locale;
- }
- $user->save();
- module::event("user_add_form_admin_completed", $user, $form);
-
- message::success(t("Created user %user_name", array("user_name" => $user->name)));
- print json_encode(array("result" => "success"));
- } else {
- print json_encode(array("result" => "error",
- "form" => $form->__toString()));
- }
- }
-
- public function add_user_form() {
- print user::get_add_form_admin();
- }
-
- public function delete_user($id) {
- access::verify_csrf();
-
- if ($id == user::active()->id || $id == user::guest()->id) {
- access::forbidden();
- }
-
- $user = user::lookup($id);
- if (empty($user)) {
- kohana::show_404();
- }
-
- $form = user::get_delete_form_admin($user);
- if($form->validate()) {
- $name = $user->name;
- $user->delete();
- } else {
- print json_encode(array("result" => "error",
- "form" => $form->__toString()));
- }
-
- $message = t("Deleted user %user_name", array("user_name" => $name));
- log::success("user", $message);
- message::success($message);
- print json_encode(array("result" => "success"));
- }
-
- public function delete_user_form($id) {
- $user = user::lookup($id);
- if (empty($user)) {
- kohana::show_404();
- }
- print user::get_delete_form_admin($user);
- }
-
- public function edit_user($id) {
- access::verify_csrf();
-
- $user = user::lookup($id);
- if (empty($user)) {
- kohana::show_404();
- }
-
- $form = user::get_edit_form_admin($user);
- $valid = $form->validate();
- if ($valid) {
- $new_name = $form->edit_user->inputs["name"]->value;
- $temp_user = user::lookup_by_name($new_name);
- if ($new_name != $user->name &&
- ($temp_user && $temp_user->id != $user->id)) {
- $form->edit_user->inputs["name"]->add_error("in_use", 1);
- $valid = false;
- } else {
- $user->name = $new_name;
- }
- }
-
- if ($valid) {
- $user->full_name = $form->edit_user->full_name->value;
- if ($form->edit_user->password->value) {
- $user->password = $form->edit_user->password->value;
- }
- $user->email = $form->edit_user->email->value;
- $user->url = $form->edit_user->url->value;
- if ($form->edit_user->locale) {
- $desired_locale = $form->edit_user->locale->value;
- $user->locale = $desired_locale == "none" ? null : $desired_locale;
- }
-
- // An admin can change the admin status for any user but themselves
- if ($user->id != user::active()->id) {
- $user->admin = $form->edit_user->admin->checked;
- }
- $user->save();
- module::event("user_edit_form_admin_completed", $user, $form);
-
- message::success(t("Changed user %user_name", array("user_name" => $user->name)));
- print json_encode(array("result" => "success"));
- } else {
- print json_encode(array("result" => "error",
- "form" => $form->__toString()));
- }
- }
-
- public function edit_user_form($id) {
- $user = user::lookup($id);
- if (empty($user)) {
- kohana::show_404();
- }
-
- $form = user::get_edit_form_admin($user);
- // Don't allow the user to control their own admin bit, else you can lock yourself out
- if ($user->id == user::active()->id) {
- $form->edit_user->admin->disabled(1);
- }
- print $form;
- }
-
- public function add_user_to_group($user_id, $group_id) {
- access::verify_csrf();
- $group = group::lookup($group_id);
- $user = user::lookup($user_id);
- $group->add($user);
- $group->save();
- }
-
- public function remove_user_from_group($user_id, $group_id) {
- access::verify_csrf();
- $group = group::lookup($group_id);
- $user = user::lookup($user_id);
- $group->remove($user);
- $group->save();
- }
-
- public function group($group_id) {
- $view = new View("admin_users_group.html");
- $view->group = group::lookup($group_id);
- print $view;
- }
-
- public function add_group() {
- access::verify_csrf();
-
- $form = group::get_add_form_admin();
- $valid = $form->validate();
- if ($valid) {
- $new_name = $form->add_group->inputs["name"]->value;
- $group = group::lookup_by_name($new_name);
- if (!empty($group)) {
- $form->add_group->inputs["name"]->add_error("in_use", 1);
- $valid = false;
- }
- }
-
- if ($valid) {
- $group = group::create($new_name);
- $group->save();
- message::success(
- t("Created group %group_name", array("group_name" => $group->name)));
- print json_encode(array("result" => "success"));
- } else {
- print json_encode(array("result" => "error",
- "form" => $form->__toString()));
- }
- }
-
- public function add_group_form() {
- print group::get_add_form_admin();
- }
-
- public function delete_group($id) {
- access::verify_csrf();
-
- $group = group::lookup($id);
- if (empty($group)) {
- kohana::show_404();
- }
-
- $form = group::get_delete_form_admin($group);
- if ($form->validate()) {
- $name = $group->name;
- $group->delete();
- } else {
- print json_encode(array("result" => "error",
- "form" => $form->__toString()));
- }
-
- $message = t("Deleted group %group_name", array("group_name" => $name));
- log::success("group", $message);
- message::success($message);
- print json_encode(array("result" => "success"));
- }
-
- public function delete_group_form($id) {
- $group = group::lookup($id);
- if (empty($group)) {
- kohana::show_404();
- }
-
- print group::get_delete_form_admin($group);
- }
-
- public function edit_group($id) {
- access::verify_csrf();
-
- $group = group::lookup($id);
- if (empty($group)) {
- kohana::show_404();
- }
-
- $form = group::get_edit_form_admin($group);
- $valid = $form->validate();
-
- if ($valid) {
- $new_name = $form->edit_group->inputs["name"]->value;
- $group = group::lookup_by_name($name);
- if ($group->loaded) {
- $form->edit_group->inputs["name"]->add_error("in_use", 1);
- $valid = false;
- }
- }
-
- if ($valid) {
- $group->name = $form->edit_group->inputs["name"]->value;
- $group->save();
- message::success(
- t("Changed group %group_name", array("group_name" => $group->name)));
- print json_encode(array("result" => "success"));
- } else {
- message::error(
- t("Failed to change group %group_name", array("group_name" => $group->name)));
- print json_encode(array("result" => "error",
- "form" => $form->__toString()));
- }
- }
-
- public function edit_group_form($id) {
- $group = group::lookup($id);
- if (empty($group)) {
- kohana::show_404();
- }
-
- print group::get_edit_form_admin($group);
- }
-
-}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
deleted file mode 100644
index 2c4bd557..00000000
--- a/modules/user/controllers/login.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Login_Controller extends Controller {
-
- public function ajax() {
- $view = new View("login_ajax.html");
- $view->form = user::get_login_form("login/auth_ajax");
- print $view;
- }
-
- public function auth_ajax() {
- access::verify_csrf();
-
- list ($valid, $form) = $this->_auth("login/auth_ajax");
- if ($valid) {
- print json_encode(
- array("result" => "success"));
- } else {
- print json_encode(
- array("result" => "error",
- "form" => $form->__toString()));
- }
- }
-
- public function html() {
- print user::get_login_form("login/auth_html");
- }
-
- public function auth_html() {
- access::verify_csrf();
-
- list ($valid, $form) = $this->_auth("login/auth_html");
- if ($valid) {
- url::redirect(item::root()->abs_url());
- } else {
- print $form;
- }
- }
- private function _auth($url) {
- $form = user::get_login_form($url);
- $valid = $form->validate();
- if ($valid) {
- $user = user::lookup_by_name($form->login->inputs["name"]->value);
- if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
- log::warning(
- "user",
- t("Failed login for %name",
- array("name" => $form->login->inputs["name"]->value)));
- $form->login->inputs["name"]->add_error("invalid_login", 1);
- $valid = false;
- }
- }
-
- if ($valid) {
- user::login($user);
- log::info("user", t("User %name logged in", array("name" => $user->name)));
- }
-
- // Either way, regenerate the session id to avoid session trapping
- Session::instance()->regenerate();
-
- return array($valid, $form);
- }
-} \ No newline at end of file
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
deleted file mode 100644
index 45d397ad..00000000
--- a/modules/user/controllers/logout.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Logout_Controller extends Controller {
- public function index() {
- //access::verify_csrf();
-
- $user = user::active();
- user::logout();
- log::info("user", t("User %name logged out", array("name" => $user->name)),
- html::anchor("user/$user->id", html::clean($user->name)));
- if ($continue_url = $this->input->get("continue")) {
- $item = url::get_item_from_uri($continue_url);
- if (access::can("view", $item)) {
- // Don't use url::redirect() because it'll call url::site() and munge the continue url.
- header("Location: $continue_url");
- } else {
- url::redirect(item::root()->abs_url());
- }
- }
- }
-} \ No newline at end of file
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
deleted file mode 100644
index e8b08960..00000000
--- a/modules/user/controllers/password.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Password_Controller extends Controller {
- public function reset() {
- if (request::method() == "post") {
- // @todo separate the post from get parts of this function
- access::verify_csrf();
- $this->_send_reset();
- } else {
- print $this->_reset_form();
- }
- }
-
- public function do_reset() {
- if (request::method() == "post") {
- $this->_change_password();
- } else {
- $user = user::lookup_by_hash(Input::instance()->get("key"));
- if (!empty($user)) {
- print $this->_new_password_form($user->hash);
- } else {
- throw new Exception("@todo FORBIDDEN", 503);
- }
- }
- }
-
- private function _send_reset() {
- $form = $this->_reset_form();
-
- $valid = $form->validate();
- if ($valid) {
- $user = user::lockup_by_name($form->reset->inputs["name"]->value);
- if (!$user->loaded || empty($user->email)) {
- $form->reset->inputs["name"]->add_error("no_email", 1);
- $valid = false;
- }
- }
-
- if ($valid) {
- $user->hash = md5(rand());
- $user->save();
- $message = new View("reset_password.html");
- $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
- $message->user = $user;
-
- Sendmail::factory()
- ->to($user->email)
- ->subject(t("Password Reset Request"))
- ->header("Mime-Version", "1.0")
- ->header("Content-type", "text/html; charset=iso-8859-1")
- ->message($message->render())
- ->send();
-
- log::success(
- "user",
- t("Password reset email sent for user %name", array("name" => $user->name)));
- } else {
- // Don't include the username here until you're sure that it's XSS safe
- log::warning(
- "user", "Password reset email requested for bogus user");
- }
-
- message::success(t("Password reset email sent"));
- print json_encode(
- array("result" => "success"));
- }
-
- private function _reset_form() {
- $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
- $group = $form->group("reset")->label(t("Reset Password"));
- $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
- $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
- $group->submit("")->value(t("Reset"));
-
- return $form;
- }
-
- private function _new_password_form($hash=null) {
- $template = new Theme_View("page.html", "reset");
-
- $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
- $group = $form->group("reset")->label(t("Change Password"));
- $hidden = $group->hidden("hash");
- if (!empty($hash)) {
- $hidden->value($hash);
- }
- $group->password("password")->label(t("Password"))->id("g-password")
- ->rules("required|length[1,40]");
- $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
- ->matches($group->password);
- $group->inputs["password2"]->error_messages(
- "mistyped", t("The password and the confirm password must match"));
- $group->submit("")->value(t("Update"));
-
- $template->content = $form;
- return $template;
- }
-
- private function _change_password() {
- $view = $this->_new_password_form();
- if ($view->content->validate()) {
- $user = user::lookup_by_hash(Input::instance()->get("key"));
- if (empty($user)) {
- throw new Exception("@todo FORBIDDEN", 503);
- }
-
- $user->password = $view->content->reset->password->value;
- $user->hash = null;
- $user->save();
- message::success(t("Password reset successfully"));
- url::redirect(item::root()->abs_url());
- } else {
- print $view;
- }
- }
-} \ No newline at end of file
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
deleted file mode 100644
index 07c5a457..00000000
--- a/modules/user/controllers/users.php
+++ /dev/null
@@ -1,68 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Users_Controller extends Controller {
- public function update($id) {
- $user = user::lookup($id);
-
- if ($user->guest || $user->id != user::active()->id) {
- access::forbidden();
- }
-
- $form = user::get_edit_form($user);
- $valid = $form->validate();
- if ($valid) {
- $user->full_name = $form->edit_user->full_name->value;
- if ($form->edit_user->password->value) {
- $user->password = $form->edit_user->password->value;
- }
- $user->email = $form->edit_user->email->value;
- $user->url = $form->edit_user->url->value;
- if ($form->edit_user->locale) {
- $desired_locale = $form->edit_user->locale->value;
- $new_locale = $desired_locale == "none" ? null : $desired_locale;
- if ($new_locale != $user->locale) {
- // Delete the session based locale preference
- setcookie("g_locale", "", time() - 24 * 3600, "/");
- }
- $user->locale = $new_locale;
- }
- $user->save();
- module::event("user_edit_form_completed", $user, $form);
-
- message::success(t("User information updated."));
- print json_encode(
- array("result" => "success",
- "resource" => url::site("users/{$user->id}")));
- } else {
- print json_encode(
- array("result" => "error",
- "form" => $form->__toString()));
- }
- }
-
- public function form_edit($id) {
- $user = user::lookup($id);
- if ($user->guest || $user->id != user::active()->id) {
- access::forbidden();
- }
-
- print user::get_edit_form($user);
- }
-}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 23:52:16 +0000