2013-12-26 13:34:48 +01:00
< ? php
/**
2014-08-22 22:34:13 +02:00
* Route user actions .
*/
function users_controller () {
global $privileges , $user ;
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
if ( ! isset ( $user ))
redirect ( page_link_to ( '' ));
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
if ( ! isset ( $_REQUEST [ 'action' ]))
$_REQUEST [ 'action' ] = 'list' ;
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
switch ( $_REQUEST [ 'action' ]) {
default :
case 'list' :
return users_list_controller ();
case 'view' :
return user_controller ();
case 'edit' :
return user_edit_controller ();
case 'delete' :
return user_delete_controller ();
2015-08-12 23:44:39 +02:00
case 'edit_vouchers' :
return user_edit_vouchers_controller ();
2014-08-22 22:34:13 +02:00
}
}
2015-12-30 15:48:41 +01:00
/**
* Delete a user , requires to enter own password for reasons .
*/
function user_delete_controller () {
global $privileges , $user ;
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
} else
$user_source = $user ;
if ( ! in_array ( 'admin_user' , $privileges ))
redirect ( page_link_to ( '' ));
// You cannot delete yourself
if ( $user [ 'UID' ] == $user_source [ 'UID' ]) {
error ( _ ( " You cannot delete yourself. " ));
redirect ( user_link ( $user ));
}
if ( isset ( $_REQUEST [ 'submit' ])) {
$ok = true ;
if ( ! ( isset ( $_REQUEST [ 'password' ]) && verify_password ( $_REQUEST [ 'password' ], $user [ 'Passwort' ], $user [ 'UID' ]))) {
$ok = false ;
error ( _ ( " Your password is incorrect. Please try it again. " ));
}
if ( $ok ) {
$result = User_delete ( $user_source [ 'UID' ]);
if ( $result === false )
engelsystem_error ( 'Unable to delete user.' );
mail_user_delete ( $user_source );
success ( _ ( " User deleted. " ));
engelsystem_log ( sprintf ( " Deleted %s " , User_Nick_render ( $user_source )));
redirect ( users_link ());
}
}
return array (
sprintf ( _ ( " Delete %s " ), $user_source [ 'Nick' ]),
User_delete_view ( $user_source )
);
}
2014-12-27 21:55:24 +01:00
function users_link () {
return page_link_to ( 'users' );
}
2015-12-30 15:48:41 +01:00
function user_edit_link ( $user ) {
return page_link_to ( 'admin_user' ) . '&user_id=' . $user [ 'UID' ];
}
function user_delete_link ( $user ) {
return page_link_to ( 'users' ) . '&action=delete&user_id=' . $user [ 'UID' ];
}
2014-12-26 01:49:59 +01:00
function user_link ( $user ) {
return page_link_to ( 'users' ) . '&action=view&user_id=' . $user [ 'UID' ];
}
2015-08-12 23:44:39 +02:00
function user_edit_vouchers_controller () {
2014-08-22 22:34:13 +02:00
global $privileges , $user ;
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
} else
$user_source = $user ;
2014-12-22 20:18:34 +01:00
2014-12-26 01:49:59 +01:00
if ( ! in_array ( 'admin_user' , $privileges ))
redirect ( page_link_to ( '' ));
2015-08-12 23:44:39 +02:00
if ( isset ( $_REQUEST [ 'submit' ])) {
$ok = true ;
if ( isset ( $_REQUEST [ 'vouchers' ]) && test_request_int ( 'vouchers' ) && trim ( $_REQUEST [ 'vouchers' ]) >= 0 )
$vouchers = trim ( $_REQUEST [ 'vouchers' ]);
else {
$ok = false ;
error ( _ ( " Please enter a valid number of vouchers. " ));
}
if ( $ok ) {
$user_source [ 'got_voucher' ] = $vouchers ;
$result = User_update ( $user_source );
if ( $result === false )
engelsystem_error ( 'Unable to update user.' );
success ( _ ( " Saved the number of vouchers. " ));
engelsystem_log ( User_Nick_render ( $user_source ) . ': ' . sprintf ( " Got %s vouchers " , $user_source [ 'got_voucher' ]));
redirect ( user_link ( $user_source ));
}
}
2014-12-26 01:49:59 +01:00
2015-08-12 23:44:39 +02:00
return array (
sprintf ( _ ( " %s's vouchers " ), $user_source [ 'Nick' ]),
User_edit_vouchers_view ( $user_source )
);
2014-12-26 01:49:59 +01:00
}
function user_controller () {
global $privileges , $user ;
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
2015-12-05 11:55:35 +01:00
if ( $user_source === false )
engelsystem_error ( " Unable to load user. " );
if ( $user_source == null ) {
error ( _ ( " User not found. " ));
redirect ( '?' );
}
2014-12-26 01:49:59 +01:00
} else
$user_source = $user ;
2014-08-23 01:55:18 +02:00
$shifts = Shifts_by_user ( $user_source );
foreach ( $shifts as & $shift ) {
2014-12-22 20:18:34 +01:00
// TODO: Move queries to model
2014-12-28 13:44:56 +01:00
$shift [ 'needed_angeltypes' ] = sql_select ( " SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=' " . sql_escape ( $shift [ 'SID' ]) . " ' ORDER BY `AngelTypes`.`name` " );
2014-08-23 01:55:18 +02:00
foreach ( $shift [ 'needed_angeltypes' ] as & $needed_angeltype ) {
$needed_angeltype [ 'users' ] = sql_select ( "
2014-12-16 00:54:50 +01:00
SELECT `ShiftEntry` . `freeloaded` , `User` .*
FROM `ShiftEntry`
JOIN `User` ON `ShiftEntry` . `UID` = `User` . `UID`
2014-12-28 13:44:56 +01:00
WHERE `ShiftEntry` . `SID` = '" . sql_escape($shift[' SID ']) . "'
AND `ShiftEntry` . `TID` = '" . sql_escape($needed_angeltype[' id ']) . "' " );
2014-08-23 01:55:18 +02:00
}
}
2014-12-22 20:18:34 +01:00
2014-09-28 19:44:53 +02:00
if ( $user_source [ 'api_key' ] == " " )
2014-12-16 00:54:50 +01:00
User_reset_api_key ( $user_source , false );
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
return array (
$user_source [ 'Nick' ],
2014-12-26 01:49:59 +01:00
User_view ( $user_source , in_array ( 'admin_user' , $privileges ), User_is_freeloader ( $user_source ), User_angeltypes ( $user_source ), User_groups ( $user_source ), $shifts , $user [ 'UID' ] == $user_source [ 'UID' ])
2014-08-22 22:34:13 +02:00
);
}
2014-09-28 15:01:02 +02:00
/**
* List all users .
*/
2014-08-22 22:34:13 +02:00
function users_list_controller () {
2014-09-28 14:50:08 +02:00
global $privileges ;
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
if ( ! in_array ( 'admin_user' , $privileges ))
redirect ( page_link_to ( '' ));
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
$order_by = 'Nick' ;
2014-09-28 15:01:02 +02:00
if ( isset ( $_REQUEST [ 'OrderBy' ]) && in_array ( $_REQUEST [ 'OrderBy' ], User_sortable_columns ()))
2014-09-28 14:50:08 +02:00
$order_by = $_REQUEST [ 'OrderBy' ];
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
$users = Users ( $order_by );
if ( $users === false )
engelsystem_error ( 'Unable to load users.' );
2014-12-22 20:18:34 +01:00
2014-09-28 15:01:02 +02:00
foreach ( $users as & $user )
$user [ 'freeloads' ] = count ( ShiftEntries_freeloaded_by_user ( $user ));
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
return array (
_ ( 'All users' ),
2014-12-26 01:49:59 +01:00
Users_view ( $users , $order_by , User_arrived_count (), User_active_count (), User_force_active_count (), ShiftEntries_freeleaded_count (), User_tshirts_count (), User_got_voucher_count ())
2014-09-28 14:50:08 +02:00
);
2014-08-22 22:34:13 +02:00
}
/**
* User password recovery .
* ( By email )
2013-12-26 13:34:48 +01:00
*/
function user_password_recovery_controller () {
if ( isset ( $_REQUEST [ 'token' ])) {
$user_source = User_by_password_recovery_token ( $_REQUEST [ 'token' ]);
if ( $user_source === false )
engelsystem_error ( " Unable to load user. " );
if ( $user_source == null ) {
error ( _ ( " Token is not correct. " ));
redirect ( page_link_to ( 'login' ));
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if ( isset ( $_REQUEST [ 'submit' ])) {
$ok = true ;
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if ( isset ( $_REQUEST [ 'password' ]) && strlen ( $_REQUEST [ 'password' ]) >= MIN_PASSWORD_LENGTH ) {
if ( $_REQUEST [ 'password' ] != $_REQUEST [ 'password2' ]) {
$ok = false ;
error ( _ ( " Your passwords don't match. " ));
}
} else {
$ok = false ;
error ( _ ( " Your password is to short (please use at least 6 characters). " ));
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if ( $ok ) {
$result = set_password ( $user_source [ 'UID' ], $_REQUEST [ 'password' ]);
if ( $result === false )
engelsystem_error ( _ ( " Password could not be updated. " ));
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
success ( _ ( " Password saved. " ));
redirect ( page_link_to ( 'login' ));
}
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
return User_password_set_view ();
} else {
if ( isset ( $_REQUEST [ 'submit' ])) {
$ok = true ;
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if ( isset ( $_REQUEST [ 'email' ]) && strlen ( strip_request_item ( 'email' )) > 0 ) {
$email = strip_request_item ( 'email' );
if ( check_email ( $email )) {
$user_source = User_by_email ( $email );
if ( $user_source === false )
engelsystem_error ( " Unable to load user. " );
if ( $user_source == null ) {
$ok = false ;
2014-03-12 17:36:55 +01:00
error ( _ ( " E-mail address is not correct. " ));
2013-12-26 13:34:48 +01:00
}
} else {
$ok = false ;
2014-03-12 17:36:55 +01:00
error ( _ ( " E-mail address is not correct. " ));
2013-12-26 13:34:48 +01:00
}
} else {
$ok = false ;
2014-03-12 17:36:55 +01:00
error ( _ ( " Please enter your e-mail. " ));
2013-12-26 13:34:48 +01:00
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if ( $ok ) {
$token = User_generate_password_recovery_token ( $user_source );
if ( $token === false )
engelsystem_error ( " Unable to generate password recovery token. " );
$result = engelsystem_email_to_user ( $user_source , _ ( " Password recovery " ), sprintf ( _ ( " Please visit %s to recover your password. " ), page_link_to_absolute ( 'user_password_recovery' ) . '&token=' . $token ));
if ( $result === false )
engelsystem_error ( " Unable to send password recovery email. " );
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
success ( _ ( " We sent an email containing your password recovery link. " ));
redirect ( page_link_to ( 'login' ));
}
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
return User_password_recovery_view ();
}
}
2014-01-07 16:19:35 +01:00
/**
* Menu title for password recovery .
*/
2013-12-26 13:34:48 +01:00
function user_password_recovery_title () {
return _ ( " Password recovery " );
}
2014-12-16 00:54:50 +01:00
?>