2013-10-05 19:24:08 +02:00
|
|
|
<?php
|
2013-10-05 21:24:20 +02:00
|
|
|
class UserController
|
2013-10-05 19:24:08 +02:00
|
|
|
{
|
2013-10-16 19:56:02 +02:00
|
|
|
private static function sendEmailConfirmation(&$user)
|
2013-10-16 18:07:23 +02:00
|
|
|
{
|
|
|
|
$regConfig = \Chibi\Registry::getConfig()->registration;
|
2013-10-16 19:56:02 +02:00
|
|
|
|
|
|
|
if (!$regConfig->confirmationEmailEnabled)
|
|
|
|
{
|
|
|
|
$user->email_confirmed = $user->email_unconfirmed;
|
|
|
|
$user->email_unconfirmed = null;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
\Chibi\Registry::getContext()->mailSent = true;
|
2013-10-16 18:07:23 +02:00
|
|
|
$tokens = [];
|
|
|
|
$tokens['host'] = $_SERVER['HTTP_HOST'];
|
|
|
|
$tokens['link'] = \Chibi\UrlHelper::route('user', 'activation', ['token' => $user->email_token]);
|
|
|
|
|
2013-10-16 19:56:02 +02:00
|
|
|
$body = wordwrap(TextHelper::replaceTokens($regConfig->confirmationEmailBody, $tokens), 70);
|
|
|
|
$subject = TextHelper::replaceTokens($regConfig->confirmationEmailSubject, $tokens);
|
|
|
|
$senderName = TextHelper::replaceTokens($regConfig->confirmationEmailSenderName, $tokens);
|
2013-10-16 20:56:46 +02:00
|
|
|
$senderEmail = TextHelper::replaceTokens($regConfig->confirmationEmailSenderEmail, $tokens);
|
2013-10-16 18:07:23 +02:00
|
|
|
$recipientEmail = $user->email_unconfirmed;
|
|
|
|
|
|
|
|
$headers = [];
|
2013-10-16 20:56:46 +02:00
|
|
|
$headers []= sprintf('MIME-Version: 1.0');
|
|
|
|
$headers []= sprintf('Content-Transfer-Encoding: 7bit');
|
|
|
|
$headers []= sprintf('Date: %s', date('r', $_SERVER['REQUEST_TIME']));
|
|
|
|
$headers []= sprintf('Message-ID: <%s>', $_SERVER['REQUEST_TIME'] . md5($_SERVER['REQUEST_TIME']) . '@' . $_SERVER['HTTP_HOST']);
|
|
|
|
$headers []= sprintf('From: %s <%s>', $senderName, $senderEmail);
|
|
|
|
$headers []= sprintf('Reply-To: %s', $senderEmail);
|
|
|
|
$headers []= sprintf('Return-Path: %s', $senderEmail);
|
|
|
|
$headers []= sprintf('Subject: %s', $subject);
|
|
|
|
$headers []= sprintf('Content-Type: text/plain; charset=utf-8', $subject);
|
|
|
|
$headers []= sprintf('X-Mailer: PHP/%s', phpversion());
|
|
|
|
$headers []= sprintf('X-Originating-IP: %s', $_SERVER['SERVER_ADDR']);
|
|
|
|
$subject = '=?UTF-8?B?' . base64_encode($subject) . '?=';
|
|
|
|
mail($recipientEmail, $subject, $body, implode("\r\n", $headers), '-f' . $senderEmail);
|
2013-10-16 18:07:23 +02:00
|
|
|
}
|
|
|
|
|
2013-10-14 10:22:53 +02:00
|
|
|
|
|
|
|
|
2013-10-05 19:24:08 +02:00
|
|
|
/**
|
|
|
|
* @route /users
|
2013-10-16 13:07:01 +02:00
|
|
|
* @route /users/{page}
|
|
|
|
* @route /users/{sortStyle}
|
|
|
|
* @route /users/{sortStyle}/{page}
|
|
|
|
* @validate sortStyle alpha|alpha,asc|alpha,desc|date,asc|date,desc|pending
|
|
|
|
* @validate page [0-9]+
|
2013-10-05 19:24:08 +02:00
|
|
|
*/
|
2013-10-16 13:07:01 +02:00
|
|
|
public function listAction($sortStyle, $page)
|
2013-10-05 19:24:08 +02:00
|
|
|
{
|
2013-10-16 13:07:01 +02:00
|
|
|
$this->context->stylesheets []= 'user-list.css';
|
|
|
|
$this->context->stylesheets []= 'paginator.css';
|
|
|
|
if ($this->config->browsing->endlessScrolling)
|
|
|
|
$this->context->scripts []= 'paginator-endless.js';
|
|
|
|
|
|
|
|
$page = intval($page);
|
|
|
|
$usersPerPage = intval($this->config->browsing->usersPerPage);
|
|
|
|
$this->context->subTitle = 'browsing users';
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ListUsers);
|
2013-10-16 13:07:01 +02:00
|
|
|
|
|
|
|
if ($sortStyle == '' or $sortStyle == 'alpha')
|
|
|
|
$sortStyle = 'alpha,asc';
|
|
|
|
if ($sortStyle == 'date')
|
|
|
|
$sortStyle = 'date,asc';
|
|
|
|
|
|
|
|
$buildDbQuery = function($dbQuery, $sortStyle)
|
|
|
|
{
|
|
|
|
$dbQuery->from('user');
|
|
|
|
|
|
|
|
switch ($sortStyle)
|
|
|
|
{
|
|
|
|
case 'alpha,asc':
|
|
|
|
$dbQuery->orderBy('name')->asc();
|
|
|
|
break;
|
|
|
|
case 'alpha,desc':
|
|
|
|
$dbQuery->orderBy('name')->desc();
|
|
|
|
break;
|
|
|
|
case 'date,asc':
|
|
|
|
$dbQuery->orderBy('join_date')->asc();
|
|
|
|
break;
|
|
|
|
case 'date,desc':
|
|
|
|
$dbQuery->orderBy('join_date')->desc();
|
|
|
|
break;
|
|
|
|
case 'pending':
|
2013-10-16 18:07:23 +02:00
|
|
|
$dbQuery->where('staff_confirmed IS NULL');
|
|
|
|
$dbQuery->or('staff_confirmed = 0');
|
2013-10-16 13:07:01 +02:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
throw new SimpleException('Unknown sort style');
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
$countDbQuery = R::$f->begin();
|
|
|
|
$countDbQuery->select('COUNT(1)')->as('count');
|
|
|
|
$buildDbQuery($countDbQuery, $sortStyle);
|
|
|
|
$userCount = intval($countDbQuery->get('row')['count']);
|
|
|
|
$pageCount = ceil($userCount / $usersPerPage);
|
|
|
|
$page = max(1, min($pageCount, $page));
|
|
|
|
|
|
|
|
$searchDbQuery = R::$f->begin();
|
|
|
|
$searchDbQuery->select('user.*');
|
|
|
|
$buildDbQuery($searchDbQuery, $sortStyle);
|
|
|
|
$searchDbQuery->limit('?')->put($usersPerPage);
|
|
|
|
$searchDbQuery->offset('?')->put(($page - 1) * $usersPerPage);
|
|
|
|
|
|
|
|
$users = $searchDbQuery->get();
|
|
|
|
$users = R::convertToBeans('user', $users);
|
|
|
|
$this->context->sortStyle = $sortStyle;
|
|
|
|
$this->context->transport->paginator = new StdClass;
|
|
|
|
$this->context->transport->paginator->page = $page;
|
|
|
|
$this->context->transport->paginator->pageCount = $pageCount;
|
|
|
|
$this->context->transport->paginator->entityCount = $userCount;
|
|
|
|
$this->context->transport->paginator->entities = $users;
|
|
|
|
$this->context->transport->paginator->params = func_get_args();
|
|
|
|
$this->context->transport->users = $users;
|
2013-10-05 19:24:08 +02:00
|
|
|
}
|
|
|
|
|
2013-10-14 10:22:53 +02:00
|
|
|
|
|
|
|
|
2013-10-15 00:41:04 +02:00
|
|
|
/**
|
2013-10-15 13:14:48 +02:00
|
|
|
* @route /user/{name}/ban
|
2013-10-15 00:41:04 +02:00
|
|
|
* @validate name [^\/]+
|
|
|
|
*/
|
2013-10-15 13:14:48 +02:00
|
|
|
public function banAction($name)
|
|
|
|
{
|
2013-10-17 22:57:32 +02:00
|
|
|
$user = Model_User::locate($name);
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 13:14:48 +02:00
|
|
|
$user->banned = true;
|
|
|
|
R::store($user);
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @route /post/{name}/unban
|
|
|
|
* @validate name [^\/]+
|
|
|
|
*/
|
|
|
|
public function unbanAction($name)
|
|
|
|
{
|
2013-10-17 22:57:32 +02:00
|
|
|
$user = Model_User::locate($name);
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::BanUser, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 13:14:48 +02:00
|
|
|
$user->banned = false;
|
|
|
|
R::store($user);
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @route /post/{name}/accept-registration
|
|
|
|
* @validate name [^\/]+
|
|
|
|
*/
|
|
|
|
public function acceptRegistrationAction($name)
|
|
|
|
{
|
2013-10-17 22:57:32 +02:00
|
|
|
$user = Model_User::locate($name);
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::AcceptUserRegistration);
|
2013-10-15 13:14:48 +02:00
|
|
|
$user->staff_confirmed = true;
|
|
|
|
R::store($user);
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @route /user/{name}/delete
|
|
|
|
* @validate name [^\/]+
|
|
|
|
*/
|
|
|
|
public function deleteAction($name)
|
2013-10-15 00:41:04 +02:00
|
|
|
{
|
2013-10-17 22:57:32 +02:00
|
|
|
$user = Model_User::locate($name);
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
|
|
|
|
PrivilegesHelper::confirmWithException(Privilege::DeleteUser, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 13:14:48 +02:00
|
|
|
|
|
|
|
$this->context->handleExceptions = true;
|
|
|
|
$this->context->transport->user = $user;
|
|
|
|
$this->context->transport->tab = 'delete';
|
2013-10-15 00:41:04 +02:00
|
|
|
$this->context->viewName = 'user-view';
|
|
|
|
$this->context->stylesheets []= 'user-view.css';
|
|
|
|
$this->context->subTitle = $name;
|
|
|
|
|
2013-10-15 20:31:38 +02:00
|
|
|
$this->context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password');
|
2013-10-15 13:14:48 +02:00
|
|
|
|
|
|
|
if (InputHelper::get('remove'))
|
|
|
|
{
|
|
|
|
if ($this->context->user->id == $user->id)
|
|
|
|
{
|
2013-10-15 20:31:38 +02:00
|
|
|
$suppliedPasswordHash = Model_User::hashPassword($suppliedCurrentPassword, $user->pass_salt);
|
2013-10-15 13:14:48 +02:00
|
|
|
if ($suppliedPasswordHash != $user->pass_hash)
|
|
|
|
throw new SimpleException('Must supply valid password');
|
|
|
|
}
|
|
|
|
$user->ownFavoritee = [];
|
|
|
|
R::store($user);
|
|
|
|
R::trash($user);
|
|
|
|
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @route /user/{name}/edit
|
|
|
|
* @validate name [^\/]+
|
|
|
|
*/
|
|
|
|
public function editAction($name)
|
|
|
|
{
|
2013-10-15 20:33:53 +02:00
|
|
|
try
|
2013-10-15 13:14:48 +02:00
|
|
|
{
|
|
|
|
|
2013-10-17 22:57:32 +02:00
|
|
|
$user = Model_User::locate($name);
|
2013-10-15 20:33:53 +02:00
|
|
|
$edited = false;
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 20:33:53 +02:00
|
|
|
|
|
|
|
$this->context->handleExceptions = true;
|
|
|
|
$this->context->transport->user = $user;
|
|
|
|
$this->context->transport->tab = 'edit';
|
|
|
|
$this->context->viewName = 'user-view';
|
|
|
|
$this->context->stylesheets []= 'user-view.css';
|
|
|
|
$this->context->subTitle = $name;
|
|
|
|
|
|
|
|
$this->context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password');
|
|
|
|
$this->context->suppliedName = $suppliedName = InputHelper::get('name');
|
|
|
|
$this->context->suppliedPassword1 = $suppliedPassword1 = InputHelper::get('password1');
|
|
|
|
$this->context->suppliedPassword2 = $suppliedPassword2 = InputHelper::get('password2');
|
|
|
|
$this->context->suppliedEmail = $suppliedEmail = InputHelper::get('email');
|
|
|
|
$this->context->suppliedAccessRank = $suppliedAccessRank = InputHelper::get('access-rank');
|
|
|
|
$currentPasswordHash = $user->pass_hash;
|
|
|
|
|
|
|
|
if ($suppliedName != '' and $suppliedName != $user->name)
|
|
|
|
{
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 20:33:53 +02:00
|
|
|
$suppliedName = Model_User::validateUserName($suppliedName);
|
|
|
|
$user->name = $suppliedName;
|
|
|
|
$edited = true;
|
|
|
|
}
|
2013-10-15 13:14:48 +02:00
|
|
|
|
2013-10-15 20:33:53 +02:00
|
|
|
if ($suppliedPassword1 != '')
|
|
|
|
{
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 20:33:53 +02:00
|
|
|
if ($suppliedPassword1 != $suppliedPassword2)
|
|
|
|
throw new SimpleException('Specified passwords must be the same');
|
|
|
|
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
|
|
|
|
$user->pass_hash = Model_User::hashPassword($suppliedPassword, $user->pass_salt);
|
|
|
|
$edited = true;
|
|
|
|
}
|
2013-10-15 13:14:48 +02:00
|
|
|
|
2013-10-16 18:07:23 +02:00
|
|
|
if ($suppliedEmail != '' and $suppliedEmail != $user->email_confirmed)
|
2013-10-15 20:33:53 +02:00
|
|
|
{
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 20:33:53 +02:00
|
|
|
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
|
2013-10-16 18:07:23 +02:00
|
|
|
if ($this->context->user->id == $user->id)
|
|
|
|
{
|
|
|
|
$user->email_unconfirmed = $suppliedEmail;
|
|
|
|
if (!empty($user->email_unconfirmed))
|
|
|
|
self::sendEmailConfirmation($user);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$user->email_confirmed = $suppliedEmail;
|
|
|
|
}
|
2013-10-15 20:33:53 +02:00
|
|
|
$edited = true;
|
|
|
|
}
|
2013-10-15 13:14:48 +02:00
|
|
|
|
2013-10-15 20:33:53 +02:00
|
|
|
if ($suppliedAccessRank != '' and $suppliedAccessRank != $user->access_rank)
|
2013-10-15 13:14:48 +02:00
|
|
|
{
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ChangeUserAccessRank, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 20:33:53 +02:00
|
|
|
$suppliedAccessRank = Model_User::validateAccessRank($suppliedAccessRank);
|
|
|
|
$user->access_rank = $suppliedAccessRank;
|
|
|
|
$edited = true;
|
2013-10-15 13:14:48 +02:00
|
|
|
}
|
2013-10-15 20:33:53 +02:00
|
|
|
|
|
|
|
if ($edited)
|
|
|
|
{
|
|
|
|
if ($this->context->user->id == $user->id)
|
|
|
|
{
|
|
|
|
$suppliedPasswordHash = Model_User::hashPassword($suppliedCurrentPassword, $user->pass_salt);
|
|
|
|
if ($suppliedPasswordHash != $currentPasswordHash)
|
|
|
|
throw new SimpleException('Must supply valid current password');
|
|
|
|
}
|
|
|
|
R::store($user);
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
catch (Exception $e)
|
|
|
|
{
|
2013-10-17 22:57:32 +02:00
|
|
|
$this->context->transport->user = Model_User::locate($name);
|
2013-10-15 20:33:53 +02:00
|
|
|
throw $e;
|
2013-10-15 13:14:48 +02:00
|
|
|
}
|
2013-10-15 00:41:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-10-05 19:24:08 +02:00
|
|
|
/**
|
|
|
|
* @route /user/{name}
|
2013-10-14 10:22:53 +02:00
|
|
|
* @route /user/{name}/{tab}/{page}
|
2013-10-05 19:24:08 +02:00
|
|
|
* @validate name [^\/]+
|
2013-10-14 10:22:53 +02:00
|
|
|
* @validate tab favs|uploads
|
|
|
|
* @validate page \d*
|
2013-10-05 19:24:08 +02:00
|
|
|
*/
|
2013-10-14 10:22:53 +02:00
|
|
|
public function viewAction($name, $tab, $page)
|
2013-10-05 19:24:08 +02:00
|
|
|
{
|
2013-10-14 10:22:53 +02:00
|
|
|
$postsPerPage = intval($this->config->browsing->postsPerPage);
|
2013-10-17 22:57:32 +02:00
|
|
|
$user = Model_User::locate($name);
|
2013-10-14 10:22:53 +02:00
|
|
|
if ($tab === null)
|
|
|
|
$tab = 'favs';
|
|
|
|
if ($page === null)
|
|
|
|
$page = 1;
|
|
|
|
|
2013-10-18 00:09:50 +02:00
|
|
|
PrivilegesHelper::confirmWithException(Privilege::ViewUser, PrivilegesHelper::getIdentitySubPrivilege($user));
|
2013-10-15 13:14:48 +02:00
|
|
|
$this->context->stylesheets []= 'user-view.css';
|
|
|
|
$this->context->stylesheets []= 'post-list.css';
|
|
|
|
$this->context->stylesheets []= 'paginator.css';
|
|
|
|
if ($this->config->browsing->endlessScrolling)
|
|
|
|
$this->context->scripts []= 'paginator-endless.js';
|
|
|
|
$this->context->subTitle = $name;
|
|
|
|
|
2013-10-14 10:22:53 +02:00
|
|
|
$buildDbQuery = function($dbQuery, $user, $tab)
|
|
|
|
{
|
|
|
|
$dbQuery->from('post');
|
|
|
|
|
|
|
|
|
|
|
|
/* safety */
|
|
|
|
$allowedSafety = array_filter(PostSafety::getAll(), function($safety)
|
|
|
|
{
|
2013-10-18 00:09:50 +02:00
|
|
|
return PrivilegesHelper::confirm(Privilege::ListPosts, PostSafety::toString($safety)) and
|
2013-10-14 10:22:53 +02:00
|
|
|
$this->context->user->hasEnabledSafety($safety);
|
|
|
|
});
|
|
|
|
$dbQuery->where('safety IN (' . R::genSlots($allowedSafety) . ')');
|
|
|
|
foreach ($allowedSafety as $s)
|
|
|
|
$dbQuery->put($s);
|
|
|
|
|
|
|
|
|
|
|
|
/* hidden */
|
2013-10-18 00:09:50 +02:00
|
|
|
if (!PrivilegesHelper::confirm(Privilege::ListPosts, 'hidden'))
|
2013-10-14 10:22:53 +02:00
|
|
|
$dbQuery->andNot('hidden');
|
|
|
|
|
|
|
|
|
|
|
|
/* tab */
|
|
|
|
switch ($tab)
|
|
|
|
{
|
|
|
|
case 'uploads':
|
|
|
|
$dbQuery
|
|
|
|
->and('uploader_id = ?')
|
|
|
|
->put($user->id);
|
|
|
|
break;
|
|
|
|
case 'favs':
|
|
|
|
$dbQuery
|
|
|
|
->and()
|
|
|
|
->exists()
|
|
|
|
->open()
|
|
|
|
->select('1')
|
|
|
|
->from('favoritee')
|
|
|
|
->where('post_id = post.id')
|
|
|
|
->and('favoritee.user_id = ?')
|
|
|
|
->put($user->id)
|
|
|
|
->close();
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
$countDbQuery = R::$f->begin()->select('COUNT(*)')->as('count');
|
|
|
|
$buildDbQuery($countDbQuery, $user, $tab);
|
|
|
|
$postCount = intval($countDbQuery->get('row')['count']);
|
|
|
|
$pageCount = ceil($postCount / $postsPerPage);
|
|
|
|
$page = max(1, min($pageCount, $page));
|
|
|
|
|
|
|
|
$searchDbQuery = R::$f->begin()->select('*');
|
|
|
|
$buildDbQuery($searchDbQuery, $user, $tab);
|
|
|
|
$searchDbQuery->orderBy('id DESC')
|
|
|
|
->limit('?')
|
|
|
|
->put($postsPerPage)
|
|
|
|
->offset('?')
|
|
|
|
->put(($page - 1) * $postsPerPage);
|
|
|
|
|
|
|
|
$posts = $searchDbQuery->get();
|
|
|
|
$this->context->transport->user = $user;
|
|
|
|
$this->context->transport->tab = $tab;
|
2013-10-16 13:07:01 +02:00
|
|
|
$this->context->transport->paginator = new StdClass;
|
|
|
|
$this->context->transport->paginator->page = $page;
|
|
|
|
$this->context->transport->paginator->pageCount = $pageCount;
|
|
|
|
$this->context->transport->paginator->entityCount = $postCount;
|
|
|
|
$this->context->transport->paginator->entities = $posts;
|
2013-10-14 10:22:53 +02:00
|
|
|
$this->context->transport->posts = $posts;
|
2013-10-05 19:24:08 +02:00
|
|
|
}
|
2013-10-14 00:25:40 +02:00
|
|
|
|
2013-10-14 10:22:53 +02:00
|
|
|
|
|
|
|
|
2013-10-14 00:25:40 +02:00
|
|
|
/**
|
|
|
|
* @route /user/toggle-safety/{safety}
|
|
|
|
*/
|
|
|
|
public function toggleSafetyAction($safety)
|
|
|
|
{
|
|
|
|
if (!$this->context->loggedIn)
|
|
|
|
throw new SimpleException('Not logged in');
|
|
|
|
|
|
|
|
if (!in_array($safety, PostSafety::getAll()))
|
|
|
|
throw new SimpleExcetpion('Invalid safety');
|
|
|
|
|
|
|
|
$this->context->user->enableSafety($safety,
|
|
|
|
!$this->context->user->hasEnabledSafety($safety));
|
|
|
|
|
|
|
|
R::store($this->context->user);
|
|
|
|
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
}
|
2013-10-16 18:07:23 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @route /register
|
|
|
|
*/
|
|
|
|
public function registrationAction()
|
|
|
|
{
|
|
|
|
$this->context->handleExceptions = true;
|
|
|
|
$this->context->stylesheets []= 'auth.css';
|
|
|
|
$this->context->subTitle = 'registration form';
|
|
|
|
|
|
|
|
//check if already logged in
|
|
|
|
if ($this->context->loggedIn)
|
|
|
|
{
|
|
|
|
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$suppliedName = InputHelper::get('name');
|
|
|
|
$suppliedPassword1 = InputHelper::get('password1');
|
|
|
|
$suppliedPassword2 = InputHelper::get('password2');
|
|
|
|
$suppliedEmail = InputHelper::get('email');
|
|
|
|
$this->context->suppliedName = $suppliedName;
|
|
|
|
$this->context->suppliedPassword1 = $suppliedPassword1;
|
|
|
|
$this->context->suppliedPassword2 = $suppliedPassword2;
|
|
|
|
$this->context->suppliedEmail = $suppliedEmail;
|
|
|
|
|
|
|
|
if ($suppliedName !== null)
|
|
|
|
{
|
|
|
|
$suppliedName = Model_User::validateUserName($suppliedName);
|
|
|
|
|
|
|
|
if ($suppliedPassword1 != $suppliedPassword2)
|
|
|
|
throw new SimpleException('Specified passwords must be the same');
|
|
|
|
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
|
|
|
|
|
|
|
|
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
|
|
|
|
if (empty($suppliedEmail) and $this->config->registration->needEmailForRegistering)
|
|
|
|
throw new SimpleException('E-mail address is required - you will be sent confirmation e-mail.');
|
|
|
|
|
|
|
|
//register the user
|
|
|
|
$dbUser = R::dispense('user');
|
|
|
|
$dbUser->name = $suppliedName;
|
|
|
|
$dbUser->pass_salt = md5(mt_rand() . uniqid());
|
|
|
|
$dbUser->pass_hash = Model_User::hashPassword($suppliedPassword, $dbUser->pass_salt);
|
|
|
|
$dbUser->email_unconfirmed = $suppliedEmail;
|
|
|
|
|
|
|
|
//prepare unique registration token
|
|
|
|
do
|
|
|
|
{
|
|
|
|
$emailToken = md5(mt_rand() . uniqid());
|
|
|
|
}
|
|
|
|
while (R::findOne('user', 'email_token = ?', [$emailToken]) !== null);
|
|
|
|
$dbUser->email_token = $emailToken;
|
|
|
|
|
|
|
|
$dbUser->join_date = time();
|
|
|
|
if (R::findOne('user') === null)
|
|
|
|
{
|
|
|
|
$dbUser->access_rank = AccessRank::Admin;
|
|
|
|
$dbUser->staff_confirmed = true;
|
|
|
|
$dbUser->email_confirmed = $suppliedEmail;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$dbUser->access_rank = AccessRank::Registered;
|
|
|
|
$dbUser->staff_confirmed = false;
|
|
|
|
$dbUser->staff_confirmed = null;
|
|
|
|
if (!empty($dbUser->email_unconfirmed))
|
|
|
|
self::sendEmailConfirmation($dbUser);
|
|
|
|
}
|
|
|
|
|
|
|
|
//save the user to db if everything went okay
|
|
|
|
R::store($dbUser);
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
|
|
|
|
if (!$this->config->registration->needEmailForRegistering and !$this->config->registration->staffActivation)
|
|
|
|
{
|
|
|
|
$_SESSION['user-id'] = $dbUser->id;
|
|
|
|
\Chibi\Registry::getBootstrap()->attachUser();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @route /activation/{token}
|
|
|
|
*/
|
|
|
|
public function activationAction($token)
|
|
|
|
{
|
|
|
|
$this->context->subTitle = 'account activation';
|
|
|
|
|
|
|
|
if (empty($token))
|
|
|
|
throw new SimpleException('Invalid activation token');
|
|
|
|
|
|
|
|
$dbUser = R::findOne('user', 'email_token = ?', [$token]);
|
|
|
|
if ($dbUser === null)
|
|
|
|
throw new SimpleException('No user with such activation token');
|
|
|
|
|
|
|
|
if (!$dbUser->email_unconfirmed)
|
|
|
|
throw new SimpleException('This user was already activated');
|
|
|
|
|
|
|
|
$dbUser->email_confirmed = $dbUser->email_unconfirmed;
|
|
|
|
$dbUser->email_unconfirmed = null;
|
|
|
|
R::store($dbUser);
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
|
|
|
|
if (!$this->config->registration->staffActivation)
|
|
|
|
{
|
|
|
|
$_SESSION['user-id'] = $dbUser->id;
|
|
|
|
\Chibi\Registry::getBootstrap()->attachUser();
|
|
|
|
}
|
|
|
|
}
|
2013-10-05 19:24:08 +02:00
|
|
|
}
|