From 78ee4193b70329c8e0929efd18c22324dd2ad8e0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 16 Oct 2009 10:06:58 -0700
Subject: Remove all non Identity API methods from Identity.php.  Created an
 MY_Session class to provide the user state changes in the session and a
 login.php helper that has the login form.

---
 modules/user/controllers/admin_users.php | 6 +++---
 modules/user/controllers/users.php       | 4 ++--
 modules/user/views/admin_users.html.php  | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'modules/user')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index fed872a5..258de843 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -69,7 +69,7 @@ class Admin_Users_Controller extends Admin_Controller {
   public function delete_user($id) {
     access::verify_csrf();
 
-    if ($id == Identity::active()->id || $id == user::guest()->id) {
+    if ($id == Session::active_user()->id || $id == user::guest()->id) {
       access::forbidden();
     }
 
@@ -136,7 +136,7 @@ class Admin_Users_Controller extends Admin_Controller {
       }
 
       // An admin can change the admin status for any user but themselves
-      if ($user->id != Identity::active()->id) {
+      if ($user->id != Session::active_user()->id) {
         $user->admin = $form->edit_user->admin->checked;
       }
       $user->save();
@@ -158,7 +158,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
     $form = $this->_get_user_edit_form_admin($user);
     // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == Identity::active()->id) {
+    if ($user->id == Session::active_user()->id) {
       $form->edit_user->admin->disabled(1);
     }
     print $form;
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index ebce1d8d..0ccf3e2a 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -21,7 +21,7 @@ class Users_Controller extends Controller {
   public function update($id) {
     $user = user::lookup($id);
 
-    if ($user->guest || $user->id != Identity::active()->id) {
+    if ($user->guest || $user->id != Session::active_user()->id) {
       access::forbidden();
     }
 
@@ -59,7 +59,7 @@ class Users_Controller extends Controller {
 
   public function form_edit($id) {
     $user = user::lookup($id);
-    if ($user->guest || $user->id != Identity::active()->id) {
+    if ($user->guest || $user->id != Session::active_user()->id) {
       access::forbidden();
     }
 
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 400686cc..899e0b68 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -90,7 +90,7 @@
             <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text">
               <?= t("edit") ?>
             </span></a>
-          <? if (Identity::active()->id != $user->id && !$user->guest): ?>
+          <? if (Session::active_user()->id != $user->id && !$user->guest): ?>
           <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
             <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-- 
cgit v1.2.3