ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
szurubooru/src/Controllers/UserController.php

678 lines
21 KiB
PHP
Raw Normal View History

Let there be placeholders
2013-10-05 19:24:08 +02:00
<?php
Moved AbstractController to Bootstrap
2013-10-05 21:24:20 +02:00
class UserController
Let there be placeholders
2013-10-05 19:24:08 +02:00
{
Fixed user view tabs
2013-11-18 10:30:43 +01:00
private function loadUserView($user)
{
$flagged = in_array(TextHelper::reprUser($user), SessionHelper::get('flagged', []));
$this->context->flagged = $flagged;
$this->context->transport->user = $user;
$this->context->handleExceptions = true;
$this->context->viewName = 'user-view';
$this->context->stylesheets []= 'tabs.css';
$this->context->stylesheets []= 'user-view.css';
$this->context->subTitle = $user->name;
}
Preparation for #62
2013-11-16 16:24:38 +01:00
private static function sendTokenizedEmail(
$user,
$body,
$subject,
$senderName,
$senderEmail,
$recipientEmail,
Removed TextHelper hacks
2013-11-18 15:41:16 +01:00
$linkActionName)
Closed #32
2013-10-16 18:07:23 +02:00
{
Preparation for #62
2013-11-16 16:24:38 +01:00
//prepare unique user token
do
Confirmation e-mail sending disableable in config
2013-10-16 19:56:02 +02:00
{
Preparation for #62
2013-11-16 16:24:38 +01:00
$tokenText = md5(mt_rand() . uniqid());
Confirmation e-mail sending disableable in config
2013-10-16 19:56:02 +02:00
}
Preparation for #62
2013-11-16 16:24:38 +01:00
while (R::findOne('usertoken', 'token = ?', [$tokenText]) !== null);
$token = R::dispense('usertoken');
$token->user = $user;
$token->token = $tokenText;
$token->used = false;
$token->expires = null;
R::store($token);
Confirmation e-mail sending disableable in config
2013-10-16 19:56:02 +02:00
\Chibi\Registry::getContext()->mailSent = true;
Removed TextHelper hacks
2013-11-18 15:41:16 +01:00
$tokens = [];
Closed #32
2013-10-16 18:07:23 +02:00
$tokens['host'] = $_SERVER['HTTP_HOST'];
Preparation for #62
2013-11-16 16:24:38 +01:00
$tokens['token'] = $tokenText;
Removed TextHelper hacks
2013-11-18 15:41:16 +01:00
if ($linkActionName !== null)
$tokens['link'] = \Chibi\UrlHelper::route('user', $linkActionName, ['token' => $tokenText]);
Closed #32
2013-10-16 18:07:23 +02:00
Preparation for #62
2013-11-16 16:24:38 +01:00
$body = wordwrap(TextHelper::replaceTokens($body, $tokens), 70);
$subject = TextHelper::replaceTokens($subject, $tokens);
$senderName = TextHelper::replaceTokens($senderName, $tokens);
$senderEmail = TextHelper::replaceTokens($senderEmail, $tokens);
Closed #32
2013-10-16 18:07:23 +02:00
Closed #62
2013-11-16 19:24:33 +01:00
if (empty($recipientEmail))
throw new SimpleException('Destination e-mail address was not found');
Closed #32
2013-10-16 18:07:23 +02:00
$headers = [];
Activation mails are trying hard not to be spam ...and fail miserably at that. I sneaked an important bugfix in, though.
2013-10-16 20:56:46 +02:00
$headers []= sprintf('MIME-Version: 1.0');
$headers []= sprintf('Content-Transfer-Encoding: 7bit');
$headers []= sprintf('Date: %s', date('r', $_SERVER['REQUEST_TIME']));
$headers []= sprintf('Message-ID: <%s>', $_SERVER['REQUEST_TIME'] . md5($_SERVER['REQUEST_TIME']) . '@' . $_SERVER['HTTP_HOST']);
$headers []= sprintf('From: %s <%s>', $senderName, $senderEmail);
$headers []= sprintf('Reply-To: %s', $senderEmail);
$headers []= sprintf('Return-Path: %s', $senderEmail);
$headers []= sprintf('Subject: %s', $subject);
$headers []= sprintf('Content-Type: text/plain; charset=utf-8', $subject);
$headers []= sprintf('X-Mailer: PHP/%s', phpversion());
$headers []= sprintf('X-Originating-IP: %s', $_SERVER['SERVER_ADDR']);
Small changes - Changed: rating posts - [up | down] --> [vote up, down] - Fixed: logging of e-mail subject - Improved: flagging posts/users provides visual feedback ("flagged") - Improved: grammar in login screen - Fixed: typo in password reset message - Added: SessionHelper for handy management of user session data
2013-11-17 20:30:04 +01:00
$encodedSubject = '=?UTF-8?B?' . base64_encode($subject) . '?=';
mail($recipientEmail, $encodedSubject, $body, implode("\r\n", $headers), '-f' . $senderEmail);
Added logging engine for #61
2013-11-16 21:21:43 +01:00
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('Sending e-mail with subject "{subject}" to {mail}', ['subject' => $subject, 'mail' => $recipientEmail]);
Closed #32
2013-10-16 18:07:23 +02:00
}
Preparation for #62
2013-11-16 16:24:38 +01:00
private static function sendEmailChangeConfirmation($user)
{
$regConfig = \Chibi\Registry::getConfig()->registration;
if (!$regConfig->confirmationEmailEnabled)
{
$user->email_confirmed = $user->email_unconfirmed;
$user->email_unconfirmed = null;
return;
}
return self::sendTokenizedEmail(
$user,
$regConfig->confirmationEmailBody,
$regConfig->confirmationEmailSubject,
$regConfig->confirmationEmailSenderName,
$regConfig->confirmationEmailSenderEmail,
$user->email_unconfirmed,
Removed TextHelper hacks
2013-11-18 15:41:16 +01:00
'activation');
Preparation for #62
2013-11-16 16:24:38 +01:00
}
Closed #62
2013-11-16 19:24:33 +01:00
private static function sendPasswordResetConfirmation($user)
{
$regConfig = \Chibi\Registry::getConfig()->registration;
return self::sendTokenizedEmail(
$user,
$regConfig->passwordResetEmailBody,
$regConfig->passwordResetEmailSubject,
$regConfig->passwordResetEmailSenderName,
$regConfig->passwordResetEmailSenderEmail,
$user->email_confirmed,
Removed TextHelper hacks
2013-11-18 15:41:16 +01:00
'password-reset');
Closed #62
2013-11-16 19:24:33 +01:00
}
Worked on #4
2013-10-14 10:22:53 +02:00
Let there be placeholders
2013-10-05 19:24:08 +02:00
/**
* @route /users
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
* @route /users/{page}
* @route /users/{sortStyle}
* @route /users/{sortStyle}/{page}
* @validate sortStyle alpha|alpha,asc|alpha,desc|date,asc|date,desc|pending
* @validate page [0-9]+
Let there be placeholders
2013-10-05 19:24:08 +02:00
*/
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
public function listAction($sortStyle, $page)
Let there be placeholders
2013-10-05 19:24:08 +02:00
{
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
$this->context->stylesheets []= 'user-list.css';
$this->context->stylesheets []= 'paginator.css';
Closed #39
2013-10-22 00:17:06 +02:00
if ($this->context->user->hasEnabledEndlessScrolling())
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
$this->context->scripts []= 'paginator-endless.js';
if ($sortStyle == '' or $sortStyle == 'alpha')
$sortStyle = 'alpha,asc';
if ($sortStyle == 'date')
$sortStyle = 'date,asc';
Models: enhanced entities filtering
2013-10-28 11:19:15 +01:00
$page = intval($page);
$usersPerPage = intval($this->config->browsing->usersPerPage);
$this->context->subTitle = 'users';
PrivilegesHelper::confirmWithException(Privilege::ListUsers);
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
Models: enhanced entities filtering
2013-10-28 11:19:15 +01:00
$userCount = Model_User::getEntityCount($sortStyle);
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
$pageCount = ceil($userCount / $usersPerPage);
$page = max(1, min($pageCount, $page));
Models: enhanced entities filtering
2013-10-28 11:19:15 +01:00
$users = Model_User::getEntities($sortStyle, $usersPerPage, $page);
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
$this->context->sortStyle = $sortStyle;
$this->context->transport->paginator = new StdClass;
$this->context->transport->paginator->page = $page;
$this->context->transport->paginator->pageCount = $pageCount;
$this->context->transport->paginator->entityCount = $userCount;
$this->context->transport->paginator->entities = $users;
$this->context->transport->paginator->params = func_get_args();
$this->context->transport->users = $users;
Let there be placeholders
2013-10-05 19:24:08 +02:00
}
Worked on #4
2013-10-14 10:22:53 +02:00
Closed #57
2013-11-17 14:52:46 +01:00
/**
* @route /user/{name}/flag
* @validate name [^\/]+
*/
public function flagAction($name)
{
$user = Model_User::locate($name);
PrivilegesHelper::confirmWithException(Privilege::FlagUser);
if (InputHelper::get('submit'))
{
Small changes - Changed: rating posts - [up | down] --> [vote up, down] - Fixed: logging of e-mail subject - Improved: flagging posts/users provides visual feedback ("flagged") - Improved: grammar in login screen - Fixed: typo in password reset message - Added: SessionHelper for handy management of user session data
2013-11-17 20:30:04 +01:00
$key = TextHelper::reprUser($user);
Closed #57
2013-11-17 14:52:46 +01:00
Small changes - Changed: rating posts - [up | down] --> [vote up, down] - Fixed: logging of e-mail subject - Improved: flagging posts/users provides visual feedback ("flagged") - Improved: grammar in login screen - Fixed: typo in password reset message - Added: SessionHelper for handy management of user session data
2013-11-17 20:30:04 +01:00
$flagged = SessionHelper::get('flagged', []);
if (in_array($key, $flagged))
Closed #57
2013-11-17 14:52:46 +01:00
throw new SimpleException('You already flagged this user');
Small changes - Changed: rating posts - [up | down] --> [vote up, down] - Fixed: logging of e-mail subject - Improved: flagging posts/users provides visual feedback ("flagged") - Improved: grammar in login screen - Fixed: typo in password reset message - Added: SessionHelper for handy management of user session data
2013-11-17 20:30:04 +01:00
$flagged []= $key;
SessionHelper::set('flagged', $flagged);
Closed #57
2013-11-17 14:52:46 +01:00
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{user} flagged {subject} for moderator attention', ['subject' => TextHelper::reprUser($user)]);
Closed #57
2013-11-17 14:52:46 +01:00
StatusHelper::success();
}
}
Worked on #4, #1 and #2 Also: - enhanced form stylesheets - W3C validation
2013-10-15 00:41:04 +02:00
/**
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
* @route /user/{name}/ban
Worked on #4, #1 and #2 Also: - enhanced form stylesheets - W3C validation
2013-10-15 00:41:04 +02:00
* @validate name [^\/]+
*/
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
public function banAction($name)
{
Worked on #8 Also: - changed URL schema for posts from /posts/action/id to /posts/id/action - moved XXXController::locateXXX methods to Model_XXX::locate
2013-10-17 22:57:32 +02:00
$user = Model_User::locate($name);
Closed #43
2013-10-18 00:09:50 +02:00
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
Closed #57
2013-11-17 14:52:46 +01:00
Universal check for form submission
2013-10-21 23:50:30 +02:00
if (InputHelper::get('submit'))
{
$user->banned = true;
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($user);
Closed #57
2013-11-17 14:52:46 +01:00
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{user} banned {subject}', ['subject' => TextHelper::reprUser($user)]);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success();
Universal check for form submission
2013-10-21 23:50:30 +02:00
}
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
}
Closed #57
2013-11-17 14:52:46 +01:00
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
/**
* @route /post/{name}/unban
* @validate name [^\/]+
*/
public function unbanAction($name)
{
Worked on #8 Also: - changed URL schema for posts from /posts/action/id to /posts/id/action - moved XXXController::locateXXX methods to Model_XXX::locate
2013-10-17 22:57:32 +02:00
$user = Model_User::locate($name);
Closed #43
2013-10-18 00:09:50 +02:00
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
Closed #57
2013-11-17 14:52:46 +01:00
Universal check for form submission
2013-10-21 23:50:30 +02:00
if (InputHelper::get('submit'))
{
$user->banned = false;
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($user);
Closed #57
2013-11-17 14:52:46 +01:00
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{user} unbanned {subject}', ['subject' => TextHelper::reprUser($user)]);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success();
Universal check for form submission
2013-10-21 23:50:30 +02:00
}
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
}
Closed #57
2013-11-17 14:52:46 +01:00
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
/**
* @route /post/{name}/accept-registration
* @validate name [^\/]+
*/
public function acceptRegistrationAction($name)
{
Worked on #8 Also: - changed URL schema for posts from /posts/action/id to /posts/id/action - moved XXXController::locateXXX methods to Model_XXX::locate
2013-10-17 22:57:32 +02:00
$user = Model_User::locate($name);
Closed #43
2013-10-18 00:09:50 +02:00
PrivilegesHelper::confirmWithException(Privilege::AcceptUserRegistration);
Universal check for form submission
2013-10-21 23:50:30 +02:00
if (InputHelper::get('submit'))
{
$user->staff_confirmed = true;
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($user);
Logging: improved grammar a little
2013-11-23 10:39:41 +01:00
LogHelper::log('{user} confirmed {subject}\'s account', ['subject' => TextHelper::reprUser($user)]);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success();
Universal check for form submission
2013-10-21 23:50:30 +02:00
}
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
}
/**
* @route /user/{name}/delete
* @validate name [^\/]+
*/
public function deleteAction($name)
Worked on #4, #1 and #2 Also: - enhanced form stylesheets - W3C validation
2013-10-15 00:41:04 +02:00
{
Worked on #8 Also: - changed URL schema for posts from /posts/action/id to /posts/id/action - moved XXXController::locateXXX methods to Model_XXX::locate
2013-10-17 22:57:32 +02:00
$user = Model_User::locate($name);
Closed #43
2013-10-18 00:09:50 +02:00
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
PrivilegesHelper::confirmWithException(Privilege::DeleteUser, PrivilegesHelper::getIdentitySubPrivilege($user));
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
Fixed user view tabs
2013-11-18 10:30:43 +01:00
$this->loadUserView($user);
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
$this->context->transport->tab = 'delete';
Worked on #4, #1 and #2 Also: - enhanced form stylesheets - W3C validation
2013-10-15 00:41:04 +02:00
Closed #28
2013-10-15 20:31:38 +02:00
$this->context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password');
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
Universal check for form submission
2013-10-21 23:50:30 +02:00
if (InputHelper::get('submit'))
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
{
Added logging engine for #61
2013-11-16 21:21:43 +01:00
$name = $user->name;
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
if ($this->context->user->id == $user->id)
{
Closed #28
2013-10-15 20:31:38 +02:00
$suppliedPasswordHash = Model_User::hashPassword($suppliedCurrentPassword, $user->pass_salt);
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
if ($suppliedPasswordHash != $user->pass_hash)
throw new SimpleException('Must supply valid password');
}
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
$oldId = $user->id;
Model_User::remove($user);
if ($oldId == $this->context->user->id)
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues
2013-10-27 20:39:32 +01:00
AuthController::doLogOut();
Added logging engine for #61
2013-11-16 21:21:43 +01:00
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
Logging: improved grammar a little
2013-11-23 10:39:41 +01:00
LogHelper::log('{user} removed {subject}\'s account', ['subject' => TextHelper::reprUser($name)]);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success();
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
}
}
Closed #39
2013-10-22 00:17:06 +02:00
/**
* @route /user/{name}/settings
* @validate name [^\/]+
*/
public function settingsAction($name)
{
$user = Model_User::locate($name);
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
Closed #50
2013-10-25 17:25:05 +02:00
PrivilegesHelper::confirmWithException(Privilege::ChangeUserSettings, PrivilegesHelper::getIdentitySubPrivilege($user));
Closed #39
2013-10-22 00:17:06 +02:00
Fixed user view tabs
2013-11-18 10:30:43 +01:00
$this->loadUserView($user);
Closed #39
2013-10-22 00:17:06 +02:00
$this->context->transport->tab = 'settings';
if (InputHelper::get('submit'))
{
$suppliedSafety = InputHelper::get('safety');
if (!is_array($suppliedSafety))
$suppliedSafety = [];
foreach (PostSafety::getAll() as $safety)
$user->enableSafety($safety, in_array($safety, $suppliedSafety));
$user->enableEndlessScrolling(InputHelper::get('endless-scrolling'));
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($user);
Fixed browsing settings
2013-10-28 12:58:18 +01:00
if ($user->id == $this->context->user->id)
$this->context->user = $user;
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues
2013-10-27 20:39:32 +01:00
AuthController::doReLog();
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success('Browsing settings updated!');
Closed #39
2013-10-22 00:17:06 +02:00
}
}
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
/**
* @route /user/{name}/edit
* @validate name [^\/]+
*/
public function editAction($name)
{
Fixed minor bug when changing user name fails
2013-10-15 20:33:53 +02:00
try
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
{
Worked on #8 Also: - changed URL schema for posts from /posts/action/id to /posts/id/action - moved XXXController::locateXXX methods to Model_XXX::locate
2013-10-17 22:57:32 +02:00
$user = Model_User::locate($name);
Closed #43
2013-10-18 00:09:50 +02:00
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
Fixed minor bug when changing user name fails
2013-10-15 20:33:53 +02:00
Fixed user view tabs
2013-11-18 10:30:43 +01:00
$this->loadUserView($user);
Fixed minor bug when changing user name fails
2013-10-15 20:33:53 +02:00
$this->context->transport->tab = 'edit';
$this->context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password');
$this->context->suppliedName = $suppliedName = InputHelper::get('name');
$this->context->suppliedPassword1 = $suppliedPassword1 = InputHelper::get('password1');
$this->context->suppliedPassword2 = $suppliedPassword2 = InputHelper::get('password2');
$this->context->suppliedEmail = $suppliedEmail = InputHelper::get('email');
$this->context->suppliedAccessRank = $suppliedAccessRank = InputHelper::get('access-rank');
$currentPasswordHash = $user->pass_hash;
Universal check for form submission
2013-10-21 23:50:30 +02:00
if (InputHelper::get('submit'))
Fixed minor bug when changing user name fails
2013-10-15 20:33:53 +02:00
{
Preparation for #62
2013-11-16 16:24:38 +01:00
$confirmMail = false;
Added logging engine for #61
2013-11-16 21:21:43 +01:00
LogHelper::bufferChanges();
Preparation for #62
2013-11-16 16:24:38 +01:00
Universal check for form submission
2013-10-21 23:50:30 +02:00
if ($suppliedName != '' and $suppliedName != $user->name)
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedName = Model_User::validateUserName($suppliedName);
Added logging engine for #61
2013-11-16 21:21:43 +01:00
$oldName = $user->name;
Universal check for form submission
2013-10-21 23:50:30 +02:00
$user->name = $suppliedName;
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{user} renamed {old} to {new}', ['old' => TextHelper::reprUser($oldName), 'new' => TextHelper::reprUser($suppliedName)]);
Universal check for form submission
2013-10-21 23:50:30 +02:00
}
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
Universal check for form submission
2013-10-21 23:50:30 +02:00
if ($suppliedPassword1 != '')
Closed #32
2013-10-16 18:07:23 +02:00
{
Universal check for form submission
2013-10-21 23:50:30 +02:00
PrivilegesHelper::confirmWithException(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($user));
if ($suppliedPassword1 != $suppliedPassword2)
throw new SimpleException('Specified passwords must be the same');
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
$user->pass_hash = Model_User::hashPassword($suppliedPassword, $user->pass_salt);
Logging: improved grammar a little
2013-11-23 10:39:41 +01:00
LogHelper::log('{user} changed {subject}\'s password', ['subject' => TextHelper::reprUser($user)]);
Closed #32
2013-10-16 18:07:23 +02:00
}
Universal check for form submission
2013-10-21 23:50:30 +02:00
if ($suppliedEmail != '' and $suppliedEmail != $user->email_confirmed)
Closed #32
2013-10-16 18:07:23 +02:00
{
Universal check for form submission
2013-10-21 23:50:30 +02:00
PrivilegesHelper::confirmWithException(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
if ($this->context->user->id == $user->id)
{
$user->email_unconfirmed = $suppliedEmail;
if (!empty($user->email_unconfirmed))
Preparation for #62
2013-11-16 16:24:38 +01:00
$confirmMail = true;
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{user} changed e-mail to {mail}', ['mail' => $suppliedEmail]);
Universal check for form submission
2013-10-21 23:50:30 +02:00
}
else
{
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
$user->email_unconfirmed = null;
Universal check for form submission
2013-10-21 23:50:30 +02:00
$user->email_confirmed = $suppliedEmail;
Logging: improved grammar a little
2013-11-23 10:39:41 +01:00
LogHelper::log('{user} changed {subject}\'s e-mail to {mail}', ['subject' => TextHelper::reprUser($user), 'mail' => $suppliedEmail]);
Universal check for form submission
2013-10-21 23:50:30 +02:00
}
Closed #32
2013-10-16 18:07:23 +02:00
}
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
Universal check for form submission
2013-10-21 23:50:30 +02:00
if ($suppliedAccessRank != '' and $suppliedAccessRank != $user->access_rank)
{
PrivilegesHelper::confirmWithException(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($user));
$suppliedAccessRank = Model_User::validateAccessRank($suppliedAccessRank);
$user->access_rank = $suppliedAccessRank;
Logging: improved grammar a little
2013-11-23 10:39:41 +01:00
LogHelper::log('{user} changed {subject}\'s access rank to {rank}', ['subject' => TextHelper::reprUser($user), 'rank' => AccessRank::toString($suppliedAccessRank)]);
Universal check for form submission
2013-10-21 23:50:30 +02:00
}
Fixed minor bug when changing user name fails
2013-10-15 20:33:53 +02:00
if ($this->context->user->id == $user->id)
{
$suppliedPasswordHash = Model_User::hashPassword($suppliedCurrentPassword, $user->pass_salt);
if ($suppliedPasswordHash != $currentPasswordHash)
throw new SimpleException('Must supply valid current password');
}
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($user);
Preparation for #62
2013-11-16 16:24:38 +01:00
if ($confirmMail)
self::sendEmailChangeConfirmation($user);
Added logging engine for #61
2013-11-16 21:21:43 +01:00
LogHelper::flush();
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
$message = 'Account settings updated!';
if ($confirmMail)
Added logging engine for #61
2013-11-16 21:21:43 +01:00
$message .= ' You will be sent an e-mail address confirmation message soon.';
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success($message);
Fixed minor bug when changing user name fails
2013-10-15 20:33:53 +02:00
}
}
catch (Exception $e)
{
Worked on #8 Also: - changed URL schema for posts from /posts/action/id to /posts/id/action - moved XXXController::locateXXX methods to Model_XXX::locate
2013-10-17 22:57:32 +02:00
$this->context->transport->user = Model_User::locate($name);
Fixed minor bug when changing user name fails
2013-10-15 20:33:53 +02:00
throw $e;
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
}
Worked on #4, #1 and #2 Also: - enhanced form stylesheets - W3C validation
2013-10-15 00:41:04 +02:00
}
Let there be placeholders
2013-10-05 19:24:08 +02:00
/**
* @route /user/{name}
Worked on #4
2013-10-14 10:22:53 +02:00
* @route /user/{name}/{tab}/{page}
Let there be placeholders
2013-10-05 19:24:08 +02:00
* @validate name [^\/]+
Worked on #4
2013-10-14 10:22:53 +02:00
* @validate tab favs|uploads
* @validate page \d*
Let there be placeholders
2013-10-05 19:24:08 +02:00
*/
Worked on #4
2013-10-14 10:22:53 +02:00
public function viewAction($name, $tab, $page)
Let there be placeholders
2013-10-05 19:24:08 +02:00
{
Worked on #4
2013-10-14 10:22:53 +02:00
$postsPerPage = intval($this->config->browsing->postsPerPage);
Worked on #8 Also: - changed URL schema for posts from /posts/action/id to /posts/id/action - moved XXXController::locateXXX methods to Model_XXX::locate
2013-10-17 22:57:32 +02:00
$user = Model_User::locate($name);
Worked on #4
2013-10-14 10:22:53 +02:00
if ($tab === null)
$tab = 'favs';
if ($page === null)
$page = 1;
Closed #43
2013-10-18 00:09:50 +02:00
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
Fixed user view tabs
2013-11-18 10:30:43 +01:00
$this->loadUserView($user);
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
$this->context->stylesheets []= 'post-list.css';
Small changes to users presentation - Fixed W3C validation in user list - Fixed post CSS were not included - Added link to delete account under "options" (for consistency sake)
2013-10-19 19:34:15 +02:00
$this->context->stylesheets []= 'post-small.css';
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
$this->context->stylesheets []= 'paginator.css';
Next/prev links are bound to latest search query
2013-11-24 21:50:46 +01:00
$this->context->scripts []= 'post-list.js';
Closed #39
2013-10-22 00:17:06 +02:00
if ($this->context->user->hasEnabledEndlessScrolling())
Closed #1; closed #2; closed #4; closed #27
2013-10-15 13:14:48 +02:00
$this->context->scripts []= 'paginator-endless.js';
Models: enhanced entities filtering
2013-10-28 11:19:15 +01:00
$query = '';
if ($tab == 'uploads')
$query = 'submit:' . $user->name;
elseif ($tab == 'favs')
$query = 'fav:' . $user->name;
else
throw new SimpleException('Wrong tab');
Worked on #4
2013-10-14 10:22:53 +02:00
Models: enhanced entities filtering
2013-10-28 11:19:15 +01:00
$postCount = Model_Post::getEntityCount($query);
Worked on #4
2013-10-14 10:22:53 +02:00
$pageCount = ceil($postCount / $postsPerPage);
$page = max(1, min($pageCount, $page));
Models: enhanced entities filtering
2013-10-28 11:19:15 +01:00
$posts = Model_Post::getEntities($query, $postsPerPage, $page);
Worked on #4
2013-10-14 10:22:53 +02:00
$this->context->transport->tab = $tab;
Next/prev links are bound to latest search query
2013-11-24 21:50:46 +01:00
$this->context->transport->lastSearchQuery = $query;
Universal pagination; closed #3
2013-10-16 13:07:01 +02:00
$this->context->transport->paginator = new StdClass;
$this->context->transport->paginator->page = $page;
$this->context->transport->paginator->pageCount = $pageCount;
$this->context->transport->paginator->entityCount = $postCount;
$this->context->transport->paginator->entities = $posts;
Worked on #4
2013-10-14 10:22:53 +02:00
$this->context->transport->posts = $posts;
Let there be placeholders
2013-10-05 19:24:08 +02:00
}
User safety settings
2013-10-14 00:25:40 +02:00
Worked on #4
2013-10-14 10:22:53 +02:00
User safety settings
2013-10-14 00:25:40 +02:00
/**
* @route /user/toggle-safety/{safety}
*/
public function toggleSafetyAction($safety)
{
Closed #50
2013-10-25 17:25:05 +02:00
PrivilegesHelper::confirmWithException(Privilege::ChangeUserSettings, PrivilegesHelper::getIdentitySubPrivilege($this->context->user));
User safety settings
2013-10-14 00:25:40 +02:00
if (!in_array($safety, PostSafety::getAll()))
throw new SimpleExcetpion('Invalid safety');
$this->context->user->enableSafety($safety,
!$this->context->user->hasEnabledSafety($safety));
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues
2013-10-27 20:39:32 +01:00
AuthController::doReLog();
if (!$this->context->user->anonymous)
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($this->context->user);
User safety settings
2013-10-14 00:25:40 +02:00
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success();
User safety settings
2013-10-14 00:25:40 +02:00
}
Closed #32
2013-10-16 18:07:23 +02:00
/**
* @route /register
*/
public function registrationAction()
{
$this->context->handleExceptions = true;
$this->context->stylesheets []= 'auth.css';
$this->context->subTitle = 'registration form';
//check if already logged in
if ($this->context->loggedIn)
{
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
return;
}
$suppliedName = InputHelper::get('name');
$suppliedPassword1 = InputHelper::get('password1');
$suppliedPassword2 = InputHelper::get('password2');
$suppliedEmail = InputHelper::get('email');
$this->context->suppliedName = $suppliedName;
$this->context->suppliedPassword1 = $suppliedPassword1;
$this->context->suppliedPassword2 = $suppliedPassword2;
$this->context->suppliedEmail = $suppliedEmail;
Closed #45
2013-10-22 11:40:10 +02:00
if (InputHelper::get('submit'))
Closed #32
2013-10-16 18:07:23 +02:00
{
$suppliedName = Model_User::validateUserName($suppliedName);
if ($suppliedPassword1 != $suppliedPassword2)
throw new SimpleException('Specified passwords must be the same');
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
if (empty($suppliedEmail) and $this->config->registration->needEmailForRegistering)
throw new SimpleException('E-mail address is required - you will be sent confirmation e-mail.');
//register the user
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
$dbUser = Model_User::create();
Closed #32
2013-10-16 18:07:23 +02:00
$dbUser->name = $suppliedName;
$dbUser->pass_hash = Model_User::hashPassword($suppliedPassword, $dbUser->pass_salt);
$dbUser->email_unconfirmed = $suppliedEmail;
$dbUser->join_date = time();
if (R::findOne('user') === null)
{
Preparation for #62
2013-11-16 16:24:38 +01:00
//very first user
Closed #32
2013-10-16 18:07:23 +02:00
$dbUser->access_rank = AccessRank::Admin;
$dbUser->staff_confirmed = true;
First user doesn't see (unconfirmed) anymore
2013-10-20 11:19:59 +02:00
$dbUser->email_unconfirmed = null;
Closed #32
2013-10-16 18:07:23 +02:00
$dbUser->email_confirmed = $suppliedEmail;
}
else
{
$dbUser->access_rank = AccessRank::Registered;
$dbUser->staff_confirmed = false;
$dbUser->staff_confirmed = null;
}
//save the user to db if everything went okay
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($dbUser);
Preparation for #62
2013-11-16 16:24:38 +01:00
if (!empty($dbUser->email_unconfirmed))
self::sendEmailChangeConfirmation($dbUser);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
$message = 'Congratulations, your account was created.';
if (!empty($this->context->mailSent))
{
$message .= ' Please wait for activation e-mail.';
if ($this->config->registration->staffActivation)
$message .= ' After this, your registration must be confirmed by staff.';
}
elseif ($this->config->registration->staffActivation)
$message .= ' Your registration must be now confirmed by staff.';
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{subject} just signed up', ['subject' => TextHelper::reprUser($dbUser)]);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
StatusHelper::success($message);
Closed #32
2013-10-16 18:07:23 +02:00
if (!$this->config->registration->needEmailForRegistering and !$this->config->registration->staffActivation)
{
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues
2013-10-27 20:39:32 +01:00
$this->context->user = $dbUser;
AuthController::doReLog();
Closed #32
2013-10-16 18:07:23 +02:00
}
}
}
/**
* @route /activation/{token}
*/
public function activationAction($token)
{
$this->context->subTitle = 'account activation';
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
$this->context->viewName = 'message';
Closed #32
2013-10-16 18:07:23 +02:00
Closed #62
2013-11-16 19:24:33 +01:00
$dbToken = Model_Token::locate($token);
Preparation for #62
2013-11-16 16:24:38 +01:00
$dbUser = $dbToken->user;
Closed #32
2013-10-16 18:07:23 +02:00
$dbUser->email_confirmed = $dbUser->email_unconfirmed;
$dbUser->email_unconfirmed = null;
Preparation for #62
2013-11-16 16:24:38 +01:00
$dbToken->used = true;
R::store($dbToken);
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($dbUser);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{subject} just activated account', ['subject' => TextHelper::reprUser($dbUser)]);
Refactoring of error/success messages
2013-11-16 18:40:26 +01:00
$message = 'Activation completed successfully.';
if ($this->config->registration->staffActivation)
$message .= ' However, your account still must be confirmed by staff.';
StatusHelper::success($message);
Closed #32
2013-10-16 18:07:23 +02:00
if (!$this->config->registration->staffActivation)
{
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues
2013-10-27 20:39:32 +01:00
$this->context->user = $dbUser;
AuthController::doReLog();
Closed #32
2013-10-16 18:07:23 +02:00
}
}
Further work on #62 Added ability to resend activation mail
2013-11-16 18:51:34 +01:00
/**
Closed #62
2013-11-16 19:24:33 +01:00
* @route /password-reset/{token}
Further work on #62 Added ability to resend activation mail
2013-11-16 18:51:34 +01:00
*/
Closed #62
2013-11-16 19:24:33 +01:00
public function passwordResetAction($token)
Further work on #62 Added ability to resend activation mail
2013-11-16 18:51:34 +01:00
{
Closed #62
2013-11-16 19:24:33 +01:00
$this->context->subTitle = 'password reset';
$this->context->viewName = 'message';
$dbToken = Model_Token::locate($token);
$alphabet = array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
$randomPassword = join('', array_map(function($x) use ($alphabet)
{
return $alphabet[$x];
}, array_rand($alphabet, 8)));
$dbUser = $dbToken->user;
$dbUser->pass_hash = Model_User::hashPassword($randomPassword, $dbUser->pass_salt);
$dbToken->used = true;
R::store($dbToken);
Refactor of controllers and models - Most of model-related code moved from controllers to model classes, much fewer calls to R::whatever() in controllers - Post editing and uploading shares the same code, thus making implementing stuff easier in the future - Added support for default bean wiring, no more calls to R::preload() all over the place - More robust concurrent post editing detection
2013-11-22 21:20:56 +01:00
Model_User::save($dbUser);
Closed #62
2013-11-16 19:24:33 +01:00
Logging: removed logEvent() and log prefixes This looked ugly.
2013-11-22 23:32:56 +01:00
LogHelper::log('{subject} just reset password', ['subject' => TextHelper::reprUser($dbUser)]);
Small changes - Changed: rating posts - [up | down] --> [vote up, down] - Fixed: logging of e-mail subject - Improved: flagging posts/users provides visual feedback ("flagged") - Improved: grammar in login screen - Fixed: typo in password reset message - Added: SessionHelper for handy management of user session data
2013-11-17 20:30:04 +01:00
$message = 'Password reset successful. Your new password is **' . $randomPassword . '**.';
Closed #62
2013-11-16 19:24:33 +01:00
StatusHelper::success($message);
Further work on #62 Added ability to resend activation mail
2013-11-16 18:51:34 +01:00
Closed #62
2013-11-16 19:24:33 +01:00
$this->context->user = $dbUser;
AuthController::doReLog();
}
/**
* @route /password-reset-proxy
*/
public function passwordResetProxyAction()
{
$this->context->subTtile = 'password reset';
$this->context->viewName = 'user-select';
Further work on #62 Added ability to resend activation mail
2013-11-16 18:51:34 +01:00
$this->context->stylesheets []= 'auth.css';
Closed #62
2013-11-16 19:24:33 +01:00
if (InputHelper::get('submit'))
{
$name = InputHelper::get('name');
$user = Model_User::locate($name);
if (empty($user->email_confirmed))
throw new SimpleException('This user has no e-mail confirmed; password reset cannot proceed');
self::sendPasswordResetConfirmation($user);
StatusHelper::success('E-mail sent. Follow instructions to reset password.');
}
}
/**
* @route /activation-proxy
*/
public function activationProxyAction()
{
$this->context->subTitle = 'account activation';
Further work on #62 Added ability to resend activation mail
2013-11-16 18:51:34 +01:00
$this->context->viewName = 'user-select';
Closed #62
2013-11-16 19:24:33 +01:00
$this->context->stylesheets []= 'auth.css';
Further work on #62 Added ability to resend activation mail
2013-11-16 18:51:34 +01:00
if (InputHelper::get('submit'))
{
$name = InputHelper::get('name');
$user = Model_User::locate($name);
if (empty($user->email_unconfirmed))
{
if (!empty($user->email_confirmed))
throw new SimpleException('E-mail was already confirmed; activation skipped');
else
throw new SimpleException('This user has no e-mail specified; activation cannot proceed');
}
self::sendEmailChangeConfirmation($user);
StatusHelper::success('Activation e-mail resent.');
}
}
Let there be placeholders
2013-10-05 19:24:08 +02:00
}
Reference in a new issue Copy permalink