engelsystem/includes/controller/users_controller.php

324 lines
8.7 KiB
PHP
Raw Normal View History

2013-12-26 13:34:48 +01:00
<?php
/**
2014-08-22 22:34:13 +02:00
* Route user actions.
*/
function users_controller() {
2016-08-21 18:00:24 +02:00
global $user;
2014-12-22 20:18:34 +01:00
if (! isset($user)) {
2014-08-22 22:34:13 +02:00
redirect(page_link_to(''));
}
2014-12-22 20:18:34 +01:00
if (! isset($_REQUEST['action'])) {
2014-08-22 22:34:13 +02:00
$_REQUEST['action'] = 'list';
}
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
switch ($_REQUEST['action']) {
default:
case 'list':
return users_list_controller();
case 'view':
return user_controller();
case 'edit':
return user_edit_controller();
case 'delete':
return user_delete_controller();
2015-08-12 23:44:39 +02:00
case 'edit_vouchers':
return user_edit_vouchers_controller();
2014-08-22 22:34:13 +02:00
}
}
/**
* Delete a user, requires to enter own password for reasons.
*/
function user_delete_controller() {
global $privileges, $user;
if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']);
} else {
$user_source = $user;
}
if (! in_array('admin_user', $privileges)) {
redirect(page_link_to(''));
}
// You cannot delete yourself
if ($user['UID'] == $user_source['UID']) {
error(_("You cannot delete yourself."));
redirect(user_link($user));
}
if (isset($_REQUEST['submit'])) {
2016-09-29 12:08:12 +02:00
$valid = true;
if (! (isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))) {
2016-09-29 12:08:12 +02:00
$valid = false;
error(_("Your password is incorrect. Please try it again."));
}
2016-09-29 12:08:12 +02:00
if ($valid) {
$result = User_delete($user_source['UID']);
if ($result === false) {
engelsystem_error('Unable to delete user.');
}
mail_user_delete($user_source);
success(_("User deleted."));
engelsystem_log(sprintf("Deleted %s", User_Nick_render($user_source)));
redirect(users_link());
}
}
return [
sprintf(_("Delete %s"), $user_source['Nick']),
User_delete_view($user_source)
];
}
2014-12-27 21:55:24 +01:00
function users_link() {
return page_link_to('users');
}
function user_edit_link($user) {
return page_link_to('admin_user') . '&user_id=' . $user['UID'];
}
function user_delete_link($user) {
return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];
}
2014-12-26 01:49:59 +01:00
function user_link($user) {
return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
}
2015-08-12 23:44:39 +02:00
function user_edit_vouchers_controller() {
2014-08-22 22:34:13 +02:00
global $privileges, $user;
2014-12-22 20:18:34 +01:00
2014-08-22 22:34:13 +02:00
if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']);
} else {
2014-08-22 22:34:13 +02:00
$user_source = $user;
}
2014-12-22 20:18:34 +01:00
if (! in_array('admin_user', $privileges)) {
2014-12-26 01:49:59 +01:00
redirect(page_link_to(''));
}
2014-12-26 01:49:59 +01:00
2015-08-12 23:44:39 +02:00
if (isset($_REQUEST['submit'])) {
2016-09-29 12:08:12 +02:00
$valid = true;
2015-08-12 23:44:39 +02:00
if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) {
2015-08-12 23:44:39 +02:00
$vouchers = trim($_REQUEST['vouchers']);
} else {
2016-09-29 12:08:12 +02:00
$valid = false;
2015-08-12 23:44:39 +02:00
error(_("Please enter a valid number of vouchers."));
}
2016-09-29 12:08:12 +02:00
if ($valid) {
2015-08-12 23:44:39 +02:00
$user_source['got_voucher'] = $vouchers;
$result = User_update($user_source);
if ($result === false) {
2015-08-12 23:44:39 +02:00
engelsystem_error('Unable to update user.');
}
2015-08-12 23:44:39 +02:00
success(_("Saved the number of vouchers."));
engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher']));
redirect(user_link($user_source));
}
}
2014-12-26 01:49:59 +01:00
return [
2015-08-12 23:44:39 +02:00
sprintf(_("%s's vouchers"), $user_source['Nick']),
User_edit_vouchers_view($user_source)
];
2014-12-26 01:49:59 +01:00
}
function user_controller() {
global $privileges, $user;
if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']);
if ($user_source === false) {
engelsystem_error("Unable to load user.");
}
if ($user_source == null) {
error(_("User not found."));
redirect('?');
}
} else {
2014-12-26 01:49:59 +01:00
$user_source = $user;
}
2014-12-26 01:49:59 +01:00
2014-08-23 01:55:18 +02:00
$shifts = Shifts_by_user($user_source);
foreach ($shifts as &$shift) {
2014-12-22 20:18:34 +01:00
// TODO: Move queries to model
2014-12-28 13:44:56 +01:00
$shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "' ORDER BY `AngelTypes`.`name`");
2014-08-23 01:55:18 +02:00
foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
$needed_angeltype['users'] = sql_select("
SELECT `ShiftEntry`.`freeloaded`, `User`.*
FROM `ShiftEntry`
JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
2014-12-28 13:44:56 +01:00
WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'
AND `ShiftEntry`.`TID`='" . sql_escape($needed_angeltype['id']) . "'");
2014-08-23 01:55:18 +02:00
}
}
2014-12-22 20:18:34 +01:00
if ($user_source['api_key'] == "") {
User_reset_api_key($user_source, false);
}
2014-12-22 20:18:34 +01:00
return [
2014-08-22 22:34:13 +02:00
$user_source['Nick'],
2014-12-26 01:49:59 +01:00
User_view($user_source, in_array('admin_user', $privileges), User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID'])
];
2014-08-22 22:34:13 +02:00
}
2014-09-28 15:01:02 +02:00
/**
* List all users.
*/
2014-08-22 22:34:13 +02:00
function users_list_controller() {
2014-09-28 14:50:08 +02:00
global $privileges;
2014-12-22 20:18:34 +01:00
if (! in_array('admin_user', $privileges)) {
2014-09-28 14:50:08 +02:00
redirect(page_link_to(''));
}
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
$order_by = 'Nick';
if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) {
2014-09-28 14:50:08 +02:00
$order_by = $_REQUEST['OrderBy'];
}
2014-12-22 20:18:34 +01:00
2014-09-28 14:50:08 +02:00
$users = Users($order_by);
if ($users === false) {
2014-09-28 14:50:08 +02:00
engelsystem_error('Unable to load users.');
}
2014-12-22 20:18:34 +01:00
foreach ($users as &$user) {
2014-09-28 15:01:02 +02:00
$user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
}
2014-12-22 20:18:34 +01:00
return [
2014-09-28 14:50:08 +02:00
_('All users'),
2014-12-26 01:49:59 +01:00
Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count(), User_got_voucher_count())
];
2014-08-22 22:34:13 +02:00
}
/**
* User password recovery.
* (By email)
2013-12-26 13:34:48 +01:00
*/
function user_password_recovery_controller() {
if (isset($_REQUEST['token'])) {
$user_source = User_by_password_recovery_token($_REQUEST['token']);
if ($user_source === false) {
2013-12-26 13:34:48 +01:00
engelsystem_error("Unable to load user.");
}
2013-12-26 13:34:48 +01:00
if ($user_source == null) {
error(_("Token is not correct."));
redirect(page_link_to('login'));
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if (isset($_REQUEST['submit'])) {
2016-09-29 12:08:12 +02:00
$valid = true;
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
if ($_REQUEST['password'] != $_REQUEST['password2']) {
2016-09-29 12:08:12 +02:00
$valid = false;
2013-12-26 13:34:48 +01:00
error(_("Your passwords don't match."));
}
} else {
2016-09-29 12:08:12 +02:00
$valid = false;
2013-12-26 13:34:48 +01:00
error(_("Your password is to short (please use at least 6 characters)."));
}
2014-12-22 20:18:34 +01:00
2016-09-29 12:08:12 +02:00
if ($valid) {
2013-12-26 13:34:48 +01:00
$result = set_password($user_source['UID'], $_REQUEST['password']);
if ($result === false) {
2013-12-26 13:34:48 +01:00
engelsystem_error(_("Password could not be updated."));
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
success(_("Password saved."));
redirect(page_link_to('login'));
}
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
return User_password_set_view();
} else {
if (isset($_REQUEST['submit'])) {
2016-09-29 12:08:12 +02:00
$valid = true;
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
$email = strip_request_item('email');
if (check_email($email)) {
$user_source = User_by_email($email);
if ($user_source === false) {
2013-12-26 13:34:48 +01:00
engelsystem_error("Unable to load user.");
}
2013-12-26 13:34:48 +01:00
if ($user_source == null) {
2016-09-29 12:08:12 +02:00
$valid = false;
error(_("E-mail address is not correct."));
2013-12-26 13:34:48 +01:00
}
} else {
2016-09-29 12:08:12 +02:00
$valid = false;
error(_("E-mail address is not correct."));
2013-12-26 13:34:48 +01:00
}
} else {
2016-09-29 12:08:12 +02:00
$valid = false;
error(_("Please enter your e-mail."));
2013-12-26 13:34:48 +01:00
}
2014-12-22 20:18:34 +01:00
2016-09-29 12:08:12 +02:00
if ($valid) {
2013-12-26 13:34:48 +01:00
$token = User_generate_password_recovery_token($user_source);
if ($token === false) {
2013-12-26 13:34:48 +01:00
engelsystem_error("Unable to generate password recovery token.");
}
2013-12-26 13:34:48 +01:00
$result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
if ($result === false) {
2013-12-26 13:34:48 +01:00
engelsystem_error("Unable to send password recovery email.");
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
success(_("We sent an email containing your password recovery link."));
redirect(page_link_to('login'));
}
}
2014-12-22 20:18:34 +01:00
2013-12-26 13:34:48 +01:00
return User_password_recovery_view();
}
}
2014-01-07 16:19:35 +01:00
/**
* Menu title for password recovery.
*/
2013-12-26 13:34:48 +01:00
function user_password_recovery_title() {
return _("Password recovery");
}
2016-09-30 16:55:47 +02:00
/**
* Loads a user from param user_id.
*/
function load_user() {
if (! isset($_REQUEST['user_id'])) {
redirect(page_link_to());
}
$user = User($_REQUEST['user_id']);
if ($user === false) {
engelsystem_error("Unable to load user.");
}
if ($user == null) {
error(_("User doesn't exist."));
redirect(page_link_to());
}
return $user;
}
?>