2013-12-26 13:34:48 +01:00
< ? php
/**
2014-08-22 22:34:13 +02:00
* Route user actions .
*/
function users_controller () {
2016-08-21 18:00:24 +02:00
global $user ;
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
if ( ! isset ( $user )) {
2014-08-22 22:34:13 +02:00
redirect ( page_link_to ( '' ));
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
if ( ! isset ( $_REQUEST [ 'action' ])) {
2014-08-22 22:34:13 +02:00
$_REQUEST [ 'action' ] = 'list' ;
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
switch ( $_REQUEST [ 'action' ]) {
default :
case 'list' :
return users_list_controller ();
case 'view' :
return user_controller ();
case 'edit' :
return user_edit_controller ();
case 'delete' :
return user_delete_controller ();
2015-08-12 23:44:39 +02:00
case 'edit_vouchers' :
return user_edit_vouchers_controller ();
2014-08-22 22:34:13 +02:00
}
}
2015-12-30 15:48:41 +01:00
/**
* Delete a user , requires to enter own password for reasons .
*/
function user_delete_controller () {
global $privileges , $user ;
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
2016-09-29 09:43:08 +02:00
} else {
2015-12-30 15:48:41 +01:00
$user_source = $user ;
2016-09-29 09:43:08 +02:00
}
2015-12-30 15:48:41 +01:00
2016-09-29 09:43:08 +02:00
if ( ! in_array ( 'admin_user' , $privileges )) {
2015-12-30 15:48:41 +01:00
redirect ( page_link_to ( '' ));
2016-09-29 09:43:08 +02:00
}
// You cannot delete yourself
2015-12-30 15:48:41 +01:00
if ( $user [ 'UID' ] == $user_source [ 'UID' ]) {
error ( _ ( " You cannot delete yourself. " ));
redirect ( user_link ( $user ));
}
if ( isset ( $_REQUEST [ 'submit' ])) {
2016-09-29 12:08:12 +02:00
$valid = true ;
2015-12-30 15:48:41 +01:00
if ( ! ( isset ( $_REQUEST [ 'password' ]) && verify_password ( $_REQUEST [ 'password' ], $user [ 'Passwort' ], $user [ 'UID' ]))) {
2016-09-29 12:08:12 +02:00
$valid = false ;
2015-12-30 15:48:41 +01:00
error ( _ ( " Your password is incorrect. Please try it again. " ));
}
2016-09-29 12:08:12 +02:00
if ( $valid ) {
2015-12-30 15:48:41 +01:00
$result = User_delete ( $user_source [ 'UID' ]);
2016-09-29 09:43:08 +02:00
if ( $result === false ) {
2015-12-30 15:48:41 +01:00
engelsystem_error ( 'Unable to delete user.' );
2016-09-29 09:43:08 +02:00
}
2015-12-30 15:48:41 +01:00
mail_user_delete ( $user_source );
success ( _ ( " User deleted. " ));
engelsystem_log ( sprintf ( " Deleted %s " , User_Nick_render ( $user_source )));
redirect ( users_link ());
}
}
2016-09-29 09:43:08 +02:00
return [
2015-12-30 15:48:41 +01:00
sprintf ( _ ( " Delete %s " ), $user_source [ 'Nick' ]),
User_delete_view ( $user_source )
2016-09-29 09:43:08 +02:00
];
2015-12-30 15:48:41 +01:00
}
2014-12-27 21:55:24 +01:00
function users_link () {
return page_link_to ( 'users' );
}
2015-12-30 15:48:41 +01:00
function user_edit_link ( $user ) {
return page_link_to ( 'admin_user' ) . '&user_id=' . $user [ 'UID' ];
}
function user_delete_link ( $user ) {
return page_link_to ( 'users' ) . '&action=delete&user_id=' . $user [ 'UID' ];
}
2014-12-26 01:49:59 +01:00
function user_link ( $user ) {
return page_link_to ( 'users' ) . '&action=view&user_id=' . $user [ 'UID' ];
}
2015-08-12 23:44:39 +02:00
function user_edit_vouchers_controller () {
2014-08-22 22:34:13 +02:00
global $privileges , $user ;
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
2016-09-29 09:43:08 +02:00
} else {
2014-08-22 22:34:13 +02:00
$user_source = $user ;
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
if ( ! in_array ( 'admin_user' , $privileges )) {
2014-12-26 01:49:59 +01:00
redirect ( page_link_to ( '' ));
2016-09-29 09:43:08 +02:00
}
2014-12-26 01:49:59 +01:00
2015-08-12 23:44:39 +02:00
if ( isset ( $_REQUEST [ 'submit' ])) {
2016-09-29 12:08:12 +02:00
$valid = true ;
2015-08-12 23:44:39 +02:00
2016-09-29 09:43:08 +02:00
if ( isset ( $_REQUEST [ 'vouchers' ]) && test_request_int ( 'vouchers' ) && trim ( $_REQUEST [ 'vouchers' ]) >= 0 ) {
2015-08-12 23:44:39 +02:00
$vouchers = trim ( $_REQUEST [ 'vouchers' ]);
2016-09-29 09:43:08 +02:00
} else {
2016-09-29 12:08:12 +02:00
$valid = false ;
2015-08-12 23:44:39 +02:00
error ( _ ( " Please enter a valid number of vouchers. " ));
}
2016-09-29 12:08:12 +02:00
if ( $valid ) {
2015-08-12 23:44:39 +02:00
$user_source [ 'got_voucher' ] = $vouchers ;
$result = User_update ( $user_source );
2016-09-29 09:43:08 +02:00
if ( $result === false ) {
2015-08-12 23:44:39 +02:00
engelsystem_error ( 'Unable to update user.' );
2016-09-29 09:43:08 +02:00
}
2015-08-12 23:44:39 +02:00
success ( _ ( " Saved the number of vouchers. " ));
engelsystem_log ( User_Nick_render ( $user_source ) . ': ' . sprintf ( " Got %s vouchers " , $user_source [ 'got_voucher' ]));
redirect ( user_link ( $user_source ));
}
}
2014-12-26 01:49:59 +01:00
2016-09-29 09:43:08 +02:00
return [
2015-08-12 23:44:39 +02:00
sprintf ( _ ( " %s's vouchers " ), $user_source [ 'Nick' ]),
User_edit_vouchers_view ( $user_source )
2016-09-29 09:43:08 +02:00
];
2014-12-26 01:49:59 +01:00
}
function user_controller () {
global $privileges , $user ;
2016-10-04 16:50:06 +02:00
$user_source = $user ;
2014-12-26 01:49:59 +01:00
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
2015-12-05 11:55:35 +01:00
if ( $user_source == null ) {
error ( _ ( " User not found. " ));
redirect ( '?' );
}
2016-09-29 09:43:08 +02:00
}
2014-12-26 01:49:59 +01:00
2014-08-23 01:55:18 +02:00
$shifts = Shifts_by_user ( $user_source );
foreach ( $shifts as & $shift ) {
2014-12-22 20:18:34 +01:00
// TODO: Move queries to model
2014-12-28 13:44:56 +01:00
$shift [ 'needed_angeltypes' ] = sql_select ( " SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=' " . sql_escape ( $shift [ 'SID' ]) . " ' ORDER BY `AngelTypes`.`name` " );
2014-08-23 01:55:18 +02:00
foreach ( $shift [ 'needed_angeltypes' ] as & $needed_angeltype ) {
$needed_angeltype [ 'users' ] = sql_select ( "
2014-12-16 00:54:50 +01:00
SELECT `ShiftEntry` . `freeloaded` , `User` .*
FROM `ShiftEntry`
JOIN `User` ON `ShiftEntry` . `UID` = `User` . `UID`
2014-12-28 13:44:56 +01:00
WHERE `ShiftEntry` . `SID` = '" . sql_escape($shift[' SID ']) . "'
AND `ShiftEntry` . `TID` = '" . sql_escape($needed_angeltype[' id ']) . "' " );
2014-08-23 01:55:18 +02:00
}
}
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
if ( $user_source [ 'api_key' ] == " " ) {
2014-12-16 00:54:50 +01:00
User_reset_api_key ( $user_source , false );
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
return [
2014-08-22 22:34:13 +02:00
$user_source [ 'Nick' ],
2014-12-26 01:49:59 +01:00
User_view ( $user_source , in_array ( 'admin_user' , $privileges ), User_is_freeloader ( $user_source ), User_angeltypes ( $user_source ), User_groups ( $user_source ), $shifts , $user [ 'UID' ] == $user_source [ 'UID' ])
2016-09-29 09:43:08 +02:00
];
2014-08-22 22:34:13 +02:00
}
2014-09-28 15:01:02 +02:00
/**
* List all users .
*/
2014-08-22 22:34:13 +02:00
function users_list_controller () {
2014-09-28 14:50:08 +02:00
global $privileges ;
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
if ( ! in_array ( 'admin_user' , $privileges )) {
2014-09-28 14:50:08 +02:00
redirect ( page_link_to ( '' ));
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
$order_by = 'Nick' ;
2016-09-29 09:43:08 +02:00
if ( isset ( $_REQUEST [ 'OrderBy' ]) && in_array ( $_REQUEST [ 'OrderBy' ], User_sortable_columns ())) {
2014-09-28 14:50:08 +02:00
$order_by = $_REQUEST [ 'OrderBy' ];
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
$users = Users ( $order_by );
2016-09-29 09:43:08 +02:00
if ( $users === false ) {
2014-09-28 14:50:08 +02:00
engelsystem_error ( 'Unable to load users.' );
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
foreach ( $users as & $user ) {
2014-09-28 15:01:02 +02:00
$user [ 'freeloads' ] = count ( ShiftEntries_freeloaded_by_user ( $user ));
2016-09-29 09:43:08 +02:00
}
2014-12-22 20:18:34 +01:00
2016-09-29 09:43:08 +02:00
return [
2014-09-28 14:50:08 +02:00
_ ( 'All users' ),
2014-12-26 01:49:59 +01:00
Users_view ( $users , $order_by , User_arrived_count (), User_active_count (), User_force_active_count (), ShiftEntries_freeleaded_count (), User_tshirts_count (), User_got_voucher_count ())
2016-09-29 09:43:08 +02:00
];
2014-08-22 22:34:13 +02:00
}
/**
2016-11-15 22:08:41 +01:00
* Second step of password recovery : set a new password using the token link from email
2013-12-26 13:34:48 +01:00
*/
2016-11-15 22:08:41 +01:00
function user_password_recovery_set_new_controller () {
$user_source = User_by_password_recovery_token ( $_REQUEST [ 'token' ]);
if ( $user_source == null ) {
error ( _ ( " Token is not correct. " ));
redirect ( page_link_to ( 'login' ));
}
if ( isset ( $_REQUEST [ 'submit' ])) {
$valid = true ;
2014-12-22 20:18:34 +01:00
2016-11-15 22:08:41 +01:00
if ( isset ( $_REQUEST [ 'password' ]) && strlen ( $_REQUEST [ 'password' ]) >= MIN_PASSWORD_LENGTH ) {
if ( $_REQUEST [ 'password' ] != $_REQUEST [ 'password2' ]) {
2016-09-29 12:08:12 +02:00
$valid = false ;
2016-11-15 22:08:41 +01:00
error ( _ ( " Your passwords don't match. " ));
2013-12-26 13:34:48 +01:00
}
2016-11-15 22:08:41 +01:00
} else {
$valid = false ;
error ( _ ( " Your password is to short (please use at least 6 characters). " ));
2013-12-26 13:34:48 +01:00
}
2014-12-22 20:18:34 +01:00
2016-11-15 22:08:41 +01:00
if ( $valid ) {
set_password ( $user_source [ 'UID' ], $_REQUEST [ 'password' ]);
success ( _ ( " Password saved. " ));
redirect ( page_link_to ( 'login' ));
}
}
return User_password_set_view ();
}
/**
* First step of password recovery : display a form that asks for your email and send email with recovery link
*/
function user_password_recovery_start_controller () {
if ( isset ( $_REQUEST [ 'submit' ])) {
$valid = true ;
if ( isset ( $_REQUEST [ 'email' ]) && strlen ( strip_request_item ( 'email' )) > 0 ) {
$email = strip_request_item ( 'email' );
if ( check_email ( $email )) {
$user_source = User_by_email ( $email );
if ( $user_source == null ) {
2016-09-29 12:08:12 +02:00
$valid = false ;
2014-03-12 17:36:55 +01:00
error ( _ ( " E-mail address is not correct. " ));
2013-12-26 13:34:48 +01:00
}
} else {
2016-09-29 12:08:12 +02:00
$valid = false ;
2016-11-15 22:08:41 +01:00
error ( _ ( " E-mail address is not correct. " ));
2013-12-26 13:34:48 +01:00
}
2016-11-15 22:08:41 +01:00
} else {
$valid = false ;
error ( _ ( " Please enter your e-mail. " ));
2013-12-26 13:34:48 +01:00
}
2014-12-22 20:18:34 +01:00
2016-11-15 22:08:41 +01:00
if ( $valid ) {
$token = User_generate_password_recovery_token ( $user_source );
engelsystem_email_to_user ( $user_source , _ ( " Password recovery " ), sprintf ( _ ( " Please visit %s to recover your password. " ), page_link_to_absolute ( 'user_password_recovery' ) . '&token=' . $token ));
success ( _ ( " We sent an email containing your password recovery link. " ));
redirect ( page_link_to ( 'login' ));
}
}
return User_password_recovery_view ();
}
/**
* User password recovery in 2 steps .
* ( By email )
*/
function user_password_recovery_controller () {
if ( isset ( $_REQUEST [ 'token' ])) {
return user_password_recovery_set_new_controller ();
} else {
return user_password_recovery_start_controller ();
2013-12-26 13:34:48 +01:00
}
}
2014-01-07 16:19:35 +01:00
/**
* Menu title for password recovery .
*/
2013-12-26 13:34:48 +01:00
function user_password_recovery_title () {
return _ ( " Password recovery " );
}
2016-09-30 16:55:47 +02:00
/**
* Loads a user from param user_id .
*/
function load_user () {
if ( ! isset ( $_REQUEST [ 'user_id' ])) {
redirect ( page_link_to ());
}
$user = User ( $_REQUEST [ 'user_id' ]);
if ( $user === false ) {
engelsystem_error ( " Unable to load user. " );
}
if ( $user == null ) {
error ( _ ( " User doesn't exist. " ));
redirect ( page_link_to ());
}
return $user ;
}
2014-12-16 00:54:50 +01:00
?>