engelsystem/includes/controller/users_controller.php

<?php

/**
 * Route user actions.
 */
function users_controller() {
  global $privileges, $user;
  
  if (! isset($user))
    redirect(page_link_to(''));
  
  if (! isset($_REQUEST['action']))
    $_REQUEST['action'] = 'list';
  
  switch ($_REQUEST['action']) {
    default:
    case 'list':
      return users_list_controller();
    case 'view':
      return user_controller();
    case 'edit':
      return user_edit_controller();
    case 'delete':
      return user_delete_controller();
    case 'got_voucher':
      return user_got_voucher_controller();
  }
}

function user_link($user) {
  return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
}

function user_got_voucher_controller() {
  global $privileges, $user;
  
  if (isset($_REQUEST['user_id'])) {
    $user_source = User($_REQUEST['user_id']);
  } else
    $user_source = $user;
  
  $admin_user_privilege = in_array('admin_user', $privileges);
  
  if (! in_array('admin_user', $privileges))
    redirect(page_link_to(''));
  
  if (! isset($_REQUEST['got_voucher']))
    redirect(page_link_to(''));
  
  $user_source['got_voucher'] = $_REQUEST['got_voucher'] == 'true';
  
  $result = User_update($user_source);
  if ($result === false)
    engelsystem_error('Unable to update user.');
  
  success($user_source['got_voucher'] ? _('User got vouchers.') : _('User didnt got vouchers.'));
  engelsystem_log(User_Nick_render($user_source) . ($user_source['got_voucher'] ? ' got vouchers' : ' didnt got vouchers'));
  
  redirect(user_link($user_source));
}

function user_controller() {
  global $privileges, $user;
  
  if (isset($_REQUEST['user_id'])) {
    $user_source = User($_REQUEST['user_id']);
  } else
    $user_source = $user;
  
  $shifts = Shifts_by_user($user_source);
  foreach ($shifts as &$shift) {
    // TODO: Move queries to model
    $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . "  ORDER BY `AngelTypes`.`name`");
    foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
      $needed_angeltype['users'] = sql_select("
          SELECT `ShiftEntry`.`freeloaded`, `User`.*
          FROM `ShiftEntry`
          JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
          WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . "
          AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id']));
    }
  }
  
  if ($user_source['api_key'] == "")
    User_reset_api_key($user_source, false);
  
  return array(
      $user_source['Nick'],
      User_view($user_source, in_array('admin_user', $privileges), User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) 
  );
}

/**
 * List all users.
 */
function users_list_controller() {
  global $privileges;
  
  if (! in_array('admin_user', $privileges))
    redirect(page_link_to(''));
  
  $order_by = 'Nick';
  if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns()))
    $order_by = $_REQUEST['OrderBy'];
  
  $users = Users($order_by);
  if ($users === false)
    engelsystem_error('Unable to load users.');
  
  foreach ($users as &$user)
    $user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
  
  return array(
      _('All users'),
      Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count(), User_got_voucher_count()) 
  );
}

/**
 * User password recovery.
 * (By email)
 */
function user_password_recovery_controller() {
  if (isset($_REQUEST['token'])) {
    $user_source = User_by_password_recovery_token($_REQUEST['token']);
    if ($user_source === false)
      engelsystem_error("Unable to load user.");
    if ($user_source == null) {
      error(_("Token is not correct."));
      redirect(page_link_to('login'));
    }
    
    if (isset($_REQUEST['submit'])) {
      $ok = true;
      
      if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
        if ($_REQUEST['password'] != $_REQUEST['password2']) {
          $ok = false;
          error(_("Your passwords don't match."));
        }
      } else {
        $ok = false;
        error(_("Your password is to short (please use at least 6 characters)."));
      }
      
      if ($ok) {
        $result = set_password($user_source['UID'], $_REQUEST['password']);
        if ($result === false)
          engelsystem_error(_("Password could not be updated."));
        
        success(_("Password saved."));
        redirect(page_link_to('login'));
      }
    }
    
    return User_password_set_view();
  } else {
    if (isset($_REQUEST['submit'])) {
      $ok = true;
      
      if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
        $email = strip_request_item('email');
        if (check_email($email)) {
          $user_source = User_by_email($email);
          if ($user_source === false)
            engelsystem_error("Unable to load user.");
          if ($user_source == null) {
            $ok = false;
            error(_("E-mail address is not correct."));
          }
        } else {
          $ok = false;
          error(_("E-mail address is not correct."));
        }
      } else {
        $ok = false;
        error(_("Please enter your e-mail."));
      }
      
      if ($ok) {
        $token = User_generate_password_recovery_token($user_source);
        if ($token === false)
          engelsystem_error("Unable to generate password recovery token.");
        $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
        if ($result === false)
          engelsystem_error("Unable to send password recovery email.");
        
        success(_("We sent an email containing your password recovery link."));
        redirect(page_link_to('login'));
      }
    }
    
    return User_password_recovery_view();
  }
}

/**
 * Menu title for password recovery.
 */
function user_password_recovery_title() {
  return _("Password recovery");
}

?>
user password recovery 2013-12-26 13:34:48 +01:00			`<?php`

			`/**`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`* Route user actions.`
			`*/`
			`function users_controller() {`
			`global $privileges, $user;`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`if (! isset($user))`
			`redirect(page_link_to(''));`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`if (! isset($_REQUEST['action']))`
			`$_REQUEST['action'] = 'list';`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`switch ($_REQUEST['action']) {`
			`default:`
			`case 'list':`
			`return users_list_controller();`
			`case 'view':`
			`return user_controller();`
			`case 'edit':`
			`return user_edit_controller();`
			`case 'delete':`
			`return user_delete_controller();`
user voucher feature 2014-12-26 01:49:59 +01:00			`case 'got_voucher':`
			`return user_got_voucher_controller();`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`}`
			`}`

user voucher feature 2014-12-26 01:49:59 +01:00			`function user_link($user) {`
			`return page_link_to('users') . '&action=view&user_id=' . $user['UID'];`
			`}`

			`function user_got_voucher_controller() {`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`global $privileges, $user;`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`if (isset($_REQUEST['user_id'])) {`
			`$user_source = User($_REQUEST['user_id']);`
			`} else`
			`$user_source = $user;`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`$admin_user_privilege = in_array('admin_user', $privileges);`
more fixes 2014-12-22 20:18:34 +01:00
user voucher feature 2014-12-26 01:49:59 +01:00			`if (! in_array('admin_user', $privileges))`
			`redirect(page_link_to(''));`

			`if (! isset($_REQUEST['got_voucher']))`
			`redirect(page_link_to(''));`

			`$user_source['got_voucher'] = $_REQUEST['got_voucher'] == 'true';`

			`$result = User_update($user_source);`
			`if ($result === false)`
			`engelsystem_error('Unable to update user.');`

			`success($user_source['got_voucher'] ? _('User got vouchers.') : _('User didnt got vouchers.'));`
			`engelsystem_log(User_Nick_render($user_source) . ($user_source['got_voucher'] ? ' got vouchers' : ' didnt got vouchers'));`

			`redirect(user_link($user_source));`
			`}`

			`function user_controller() {`
			`global $privileges, $user;`

			`if (isset($_REQUEST['user_id'])) {`
			`$user_source = User($_REQUEST['user_id']);`
			`} else`
			`$user_source = $user;`

add user view, better bootstrap 2014-08-23 01:55:18 +02:00			`$shifts = Shifts_by_user($user_source);`
			`foreach ($shifts as &$shift) {`
more fixes 2014-12-22 20:18:34 +01:00			`// TODO: Move queries to model`
add user view, better bootstrap 2014-08-23 01:55:18 +02:00			$shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " ORDER BY `AngelTypes`.`name`");
			`foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {`
			`$needed_angeltype['users'] = sql_select("`
only log if api key was reset on purpose 2014-12-16 00:54:50 +01:00			SELECT `ShiftEntry`.`freeloaded`, `User`.*
			FROM `ShiftEntry`
			JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
			WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . "
add user view, better bootstrap 2014-08-23 01:55:18 +02:00			AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id']));
			`}`
			`}`
more fixes 2014-12-22 20:18:34 +01:00
replace icons with glyphicons 2014-09-28 19:44:53 +02:00			`if ($user_source['api_key'] == "")`
only log if api key was reset on purpose 2014-12-16 00:54:50 +01:00			`User_reset_api_key($user_source, false);`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`return array(`
			`$user_source['Nick'],`
user voucher feature 2014-12-26 01:49:59 +01:00			`User_view($user_source, in_array('admin_user', $privileges), User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID'])`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`);`
			`}`

clear up mvc for user list 2014-09-28 15:01:02 +02:00			`/**`
			`* List all users.`
			`*/`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`function users_list_controller() {`
user list rewritten 2014-09-28 14:50:08 +02:00			`global $privileges;`
more fixes 2014-12-22 20:18:34 +01:00
user list rewritten 2014-09-28 14:50:08 +02:00			`if (! in_array('admin_user', $privileges))`
			`redirect(page_link_to(''));`
more fixes 2014-12-22 20:18:34 +01:00
user list rewritten 2014-09-28 14:50:08 +02:00			`$order_by = 'Nick';`
clear up mvc for user list 2014-09-28 15:01:02 +02:00			`if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns()))`
user list rewritten 2014-09-28 14:50:08 +02:00			`$order_by = $_REQUEST['OrderBy'];`
more fixes 2014-12-22 20:18:34 +01:00
user list rewritten 2014-09-28 14:50:08 +02:00			`$users = Users($order_by);`
			`if ($users === false)`
			`engelsystem_error('Unable to load users.');`
more fixes 2014-12-22 20:18:34 +01:00
clear up mvc for user list 2014-09-28 15:01:02 +02:00			`foreach ($users as &$user)`
			`$user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));`
more fixes 2014-12-22 20:18:34 +01:00
user list rewritten 2014-09-28 14:50:08 +02:00			`return array(`
			`_('All users'),`
user voucher feature 2014-12-26 01:49:59 +01:00			`Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count(), User_got_voucher_count())`
user list rewritten 2014-09-28 14:50:08 +02:00			`);`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`}`

			`/**`
			`* User password recovery.`
			`* (By email)`
user password recovery 2013-12-26 13:34:48 +01:00			`*/`
			`function user_password_recovery_controller() {`
			`if (isset($_REQUEST['token'])) {`
			`$user_source = User_by_password_recovery_token($_REQUEST['token']);`
			`if ($user_source === false)`
			`engelsystem_error("Unable to load user.");`
			`if ($user_source == null) {`
			`error(_("Token is not correct."));`
			`redirect(page_link_to('login'));`
			`}`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`if (isset($_REQUEST['submit'])) {`
			`$ok = true;`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {`
			`if ($_REQUEST['password'] != $_REQUEST['password2']) {`
			`$ok = false;`
			`error(_("Your passwords don't match."));`
			`}`
			`} else {`
			`$ok = false;`
			`error(_("Your password is to short (please use at least 6 characters)."));`
			`}`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`if ($ok) {`
			`$result = set_password($user_source['UID'], $_REQUEST['password']);`
			`if ($result === false)`
			`engelsystem_error(_("Password could not be updated."));`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`success(_("Password saved."));`
			`redirect(page_link_to('login'));`
			`}`
			`}`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`return User_password_set_view();`
			`} else {`
			`if (isset($_REQUEST['submit'])) {`
			`$ok = true;`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {`
			`$email = strip_request_item('email');`
			`if (check_email($email)) {`
			`$user_source = User_by_email($email);`
			`if ($user_source === false)`
			`engelsystem_error("Unable to load user.");`
			`if ($user_source == null) {`
			`$ok = false;`
fix error messages on password recovery 2014-03-12 17:36:55 +01:00			`error(_("E-mail address is not correct."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
			`} else {`
			`$ok = false;`
fix error messages on password recovery 2014-03-12 17:36:55 +01:00			`error(_("E-mail address is not correct."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
			`} else {`
			`$ok = false;`
fix error messages on password recovery 2014-03-12 17:36:55 +01:00			`error(_("Please enter your e-mail."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`if ($ok) {`
			`$token = User_generate_password_recovery_token($user_source);`
			`if ($token === false)`
			`engelsystem_error("Unable to generate password recovery token.");`
			`$result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));`
			`if ($result === false)`
			`engelsystem_error("Unable to send password recovery email.");`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`success(_("We sent an email containing your password recovery link."));`
			`redirect(page_link_to('login'));`
			`}`
			`}`
more fixes 2014-12-22 20:18:34 +01:00
user password recovery 2013-12-26 13:34:48 +01:00			`return User_password_recovery_view();`
			`}`
			`}`

controller comments 2014-01-07 16:19:35 +01:00			`/**`
			`* Menu title for password recovery.`
			`*/`
user password recovery 2013-12-26 13:34:48 +01:00			`function user_password_recovery_title() {`
			`return _("Password recovery");`
			`}`

only log if api key was reset on purpose 2014-12-16 00:54:50 +01:00			`?>`