diff options
Diffstat (limited to 'modules/user/controllers')
| -rw-r--r-- | modules/user/controllers/admin_users.php | 19 | ||||
| -rw-r--r-- | modules/user/controllers/login.php | 6 | ||||
| -rw-r--r-- | modules/user/controllers/logout.php | 15 | ||||
| -rw-r--r-- | modules/user/controllers/password.php | 6 | ||||
| -rw-r--r-- | modules/user/controllers/users.php | 8 |
5 files changed, 31 insertions, 23 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index b5dc6cb5..521f82fa 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -48,9 +48,10 @@ class Admin_Users_Controller extends Controller { $desired_locale = $form->add_user->locale->value; $user->locale = $desired_locale == "none" ? null : $desired_locale; } - $user->save(); - message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); + module::event("user_add_form_admin_completed", $user, $form); + + message::success(t("Created user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -83,7 +84,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted user %user_name", array("user_name" => p::clean($name))); + $message = t("Deleted user %user_name", array("user_name" => $name)); log::success("user", $message); message::success($message); print json_encode(array("result" => "success")); @@ -128,6 +129,7 @@ class Admin_Users_Controller extends Controller { $user->password = $form->edit_user->password->value; } $user->email = $form->edit_user->email->value; + $user->url = $form->edit_user->url->value; if ($form->edit_user->locale) { $desired_locale = $form->edit_user->locale->value; $user->locale = $desired_locale == "none" ? null : $desired_locale; @@ -138,8 +140,9 @@ class Admin_Users_Controller extends Controller { $user->admin = $form->edit_user->admin->checked; } $user->save(); + module::event("user_edit_form_admin_completed", $user, $form); - message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -201,7 +204,7 @@ class Admin_Users_Controller extends Controller { $group = group::create($new_name); $group->save(); message::success( - t("Created group %group_name", array("group_name" => p::clean($group->name)))); + t("Created group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -230,7 +233,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted group %group_name", array("group_name" => p::clean($name))); + $message = t("Deleted group %group_name", array("group_name" => $name)); log::success("group", $message); message::success($message); print json_encode(array("result" => "success")); @@ -268,11 +271,11 @@ class Admin_Users_Controller extends Controller { $group->name = $form->edit_group->inputs["name"]->value; $group->save(); message::success( - t("Changed group %group_name", array("group_name" => p::clean($group->name)))); + t("Changed group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { message::error( - t("Failed to change group %group_name", array("group_name" => p::clean($group->name)))); + t("Failed to change group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "error", "form" => $form->__toString())); } diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 4d901051..8bee7db5 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -48,7 +48,7 @@ class Login_Controller extends Controller { list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { - url::redirect("albums/1"); + url::redirect(item::root()->abs_url()); } else { print $form; } @@ -63,7 +63,7 @@ class Login_Controller extends Controller { log::warning( "user", t("Failed login for %name", - array("name" => p::clean($form->login->inputs["name"]->value)))); + array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } @@ -71,7 +71,7 @@ class Login_Controller extends Controller { if ($valid) { user::login($user); - log::info("user", t("User %name logged in", array("name" => p::clean($user->name)))); + log::info("user", t("User %name logged in", array("name" => $user->name))); } // Either way, regenerate the session id to avoid session trapping diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 63971789..45d397ad 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -19,18 +19,19 @@ */ class Logout_Controller extends Controller { public function index() { - access::verify_csrf(); + //access::verify_csrf(); $user = user::active(); user::logout(); - log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), - html::anchor("user/$user->id", p::clean($user->name))); - if ($this->input->get("continue")) { - $item = url::get_item_from_uri($this->input->get("continue")); + log::info("user", t("User %name logged out", array("name" => $user->name)), + html::anchor("user/$user->id", html::clean($user->name))); + if ($continue_url = $this->input->get("continue")) { + $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { - url::redirect($this->input->get("continue")); + // Don't use url::redirect() because it'll call url::site() and munge the continue url. + header("Location: $continue_url"); } else { - url::redirect(""); + url::redirect(item::root()->abs_url()); } } } diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index ed3b9736..92608dcd 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -29,8 +29,6 @@ class Password_Controller extends Controller { } public function do_reset() { - access::verify_csrf(); - if (request::method() == "post") { $this->_change_password(); } else { @@ -74,7 +72,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name))); + t("Password reset email sent for user %name", array("name" => $user->name))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( @@ -132,7 +130,7 @@ class Password_Controller extends Controller { $user->hash = null; $user->save(); message::success(t("Password reset successfully")); - url::redirect("albums/1"); + url::redirect(item::root()->abs_url()); } else { print $view; } diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 46f799c5..4ad704f0 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -36,9 +36,15 @@ class Users_Controller extends REST_Controller { $user->url = $form->edit_user->url->value; if ($form->edit_user->locale) { $desired_locale = $form->edit_user->locale->value; - $user->locale = $desired_locale == "none" ? null : $desired_locale; + $new_locale = $desired_locale == "none" ? null : $desired_locale; + if ($new_locale != $user->locale) { + // Delete the session based locale preference + setcookie("g_locale", "", time() - 24 * 3600, "/"); + } + $user->locale = $new_locale; } $user->save(); + module::event("user_edit_form_completed", $user, $form); message::success(t("User information updated.")); print json_encode( |