summaryrefslogtreecommitdiff
path: root/modules/user/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/controllers')
-rw-r--r--modules/user/controllers/admin_users.php5
-rw-r--r--modules/user/controllers/logout.php11
-rw-r--r--modules/user/controllers/password.php4
-rw-r--r--modules/user/controllers/users.php1
4 files changed, 12 insertions, 9 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index b5dc6cb5..f87602b8 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -48,8 +48,9 @@ class Admin_Users_Controller extends Controller {
$desired_locale = $form->add_user->locale->value;
$user->locale = $desired_locale == "none" ? null : $desired_locale;
}
-
$user->save();
+ module::event("user_add_form_admin_completed", $user, $form);
+
message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
print json_encode(array("result" => "success"));
} else {
@@ -128,6 +129,7 @@ class Admin_Users_Controller extends Controller {
$user->password = $form->edit_user->password->value;
}
$user->email = $form->edit_user->email->value;
+ $user->url = $form->edit_user->url->value;
if ($form->edit_user->locale) {
$desired_locale = $form->edit_user->locale->value;
$user->locale = $desired_locale == "none" ? null : $desired_locale;
@@ -138,6 +140,7 @@ class Admin_Users_Controller extends Controller {
$user->admin = $form->edit_user->admin->checked;
}
$user->save();
+ module::event("user_edit_form_admin_completed", $user, $form);
message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name))));
print json_encode(array("result" => "success"));
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 63971789..099b1952 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -19,18 +19,19 @@
*/
class Logout_Controller extends Controller {
public function index() {
- access::verify_csrf();
+ //access::verify_csrf();
$user = user::active();
user::logout();
log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
html::anchor("user/$user->id", p::clean($user->name)));
- if ($this->input->get("continue")) {
- $item = url::get_item_from_uri($this->input->get("continue"));
+ if ($continue_url = $this->input->get("continue")) {
+ $item = url::get_item_from_uri($continue_url);
if (access::can("view", $item)) {
- url::redirect($this->input->get("continue"));
+ // Don't use url::redirect() because it'll call url::site() and munge the continue url.
+ header("Location: $continue_url");
} else {
- url::redirect("");
+ url::redirect("albums/1");
}
}
}
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index ed3b9736..7c432701 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -29,8 +29,6 @@ class Password_Controller extends Controller {
}
public function do_reset() {
- access::verify_csrf();
-
if (request::method() == "post") {
$this->_change_password();
} else {
@@ -74,7 +72,7 @@ class Password_Controller extends Controller {
log::success(
"user",
- t("Password reset email sent for user %name", array("name" => p::clean($user->name)));
+ t("Password reset email sent for user %name", array("name" => p::clean($user->name))));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning(
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 46f799c5..0bf2e81d 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -39,6 +39,7 @@ class Users_Controller extends REST_Controller {
$user->locale = $desired_locale == "none" ? null : $desired_locale;
}
$user->save();
+ module::event("user_edit_form_completed", $user, $form);
message::success(t("User information updated."));
print json_encode(
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-15 12:12:32 +0000