engelsystem/includes/controller/users_controller.php

<?php
use Engelsystem\ShiftsFilter;
use Engelsystem\ShiftCalendarRenderer;

/**
 * Route user actions.
 */
function users_controller() {
  global $user;
  
  if (! isset($user)) {
    redirect(page_link_to(''));
  }
  
  if (! isset($_REQUEST['action'])) {
    $_REQUEST['action'] = 'list';
  }
  
  switch ($_REQUEST['action']) {
    default:
    case 'list':
      return users_list_controller();
    case 'view':
      return user_controller();
    case 'edit':
      return user_edit_controller();
    case 'delete':
      return user_delete_controller();
    case 'edit_vouchers':
      return user_edit_vouchers_controller();
  }
}

/**
 * Delete a user, requires to enter own password for reasons.
 */
function user_delete_controller() {
  global $privileges, $user;
  
  if (isset($_REQUEST['user_id'])) {
    $user_source = User($_REQUEST['user_id']);
  } else {
    $user_source = $user;
  }
  
  if (! in_array('admin_user', $privileges)) {
    redirect(page_link_to(''));
  }
  
  // You cannot delete yourself
  if ($user['UID'] == $user_source['UID']) {
    error(_("You cannot delete yourself."));
    redirect(user_link($user));
  }
  
  if (isset($_REQUEST['submit'])) {
    $valid = true;
    
    if (! (isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))) {
      $valid = false;
      error(_("Your password is incorrect.  Please try it again."));
    }
    
    if ($valid) {
      $result = User_delete($user_source['UID']);
      if ($result === false) {
        engelsystem_error('Unable to delete user.');
      }
      
      mail_user_delete($user_source);
      success(_("User deleted."));
      engelsystem_log(sprintf("Deleted %s", User_Nick_render($user_source)));
      
      redirect(users_link());
    }
  }
  
  return [
      sprintf(_("Delete %s"), $user_source['Nick']),
      User_delete_view($user_source) 
  ];
}

function users_link() {
  return page_link_to('users');
}

function user_edit_link($user) {
  return page_link_to('admin_user') . '&user_id=' . $user['UID'];
}

function user_delete_link($user) {
  return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];
}

function user_link($user) {
  return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
}

function user_edit_vouchers_controller() {
  global $privileges, $user;
  
  if (isset($_REQUEST['user_id'])) {
    $user_source = User($_REQUEST['user_id']);
  } else {
    $user_source = $user;
  }
  
  if (! in_array('admin_user', $privileges)) {
    redirect(page_link_to(''));
  }
  
  if (isset($_REQUEST['submit'])) {
    $valid = true;
    
    if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) {
      $vouchers = trim($_REQUEST['vouchers']);
    } else {
      $valid = false;
      error(_("Please enter a valid number of vouchers."));
    }
    
    if ($valid) {
      $user_source['got_voucher'] = $vouchers;
      
      $result = User_update($user_source);
      if ($result === false) {
        engelsystem_error('Unable to update user.');
      }
      
      success(_("Saved the number of vouchers."));
      engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher']));
      
      redirect(user_link($user_source));
    }
  }
  
  return [
      sprintf(_("%s's vouchers"), $user_source['Nick']),
      User_edit_vouchers_view($user_source) 
  ];
}

function user_controller() {
  global $privileges, $user;
  
  $user_source = $user;
  if (isset($_REQUEST['user_id'])) {
    $user_source = User($_REQUEST['user_id']);
    if ($user_source == null) {
      error(_("User not found."));
      redirect('?');
    }
  }
  
  $shifts = Shifts_by_user($user_source, in_array("user_shifts_admin", $privileges));
  foreach ($shifts as &$shift) {
    // TODO: Move queries to model
    $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'  ORDER BY `AngelTypes`.`name`");
    foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
      $needed_angeltype['users'] = sql_select("
          SELECT `ShiftEntry`.`freeloaded`, `User`.*
          FROM `ShiftEntry`
          JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
          WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'
          AND `ShiftEntry`.`TID`='" . sql_escape($needed_angeltype['id']) . "'");
    }
  }
  
  if ($user_source['api_key'] == "") {
    User_reset_api_key($user_source, false);
  }
  
  return [
      $user_source['Nick'],
      User_view($user_source, in_array('admin_user', $privileges), User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) 
  ];
}

/**
 * List all users.
 */
function users_list_controller() {
  global $privileges;
  
  if (! in_array('admin_user', $privileges)) {
    redirect(page_link_to(''));
  }
  
  $order_by = 'Nick';
  if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) {
    $order_by = $_REQUEST['OrderBy'];
  }
  
  $users = Users($order_by);
  if ($users === false) {
    engelsystem_error('Unable to load users.');
  }
  
  foreach ($users as &$user) {
    $user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
  }
  
  return [
      _('All users'),
      Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count(), User_got_voucher_count()) 
  ];
}

/**
 * Second step of password recovery: set a new password using the token link from email
 */
function user_password_recovery_set_new_controller() {
  global $min_password_length;
  $user_source = User_by_password_recovery_token($_REQUEST['token']);
  if ($user_source == null) {
    error(_("Token is not correct."));
    redirect(page_link_to('login'));
  }
  
  if (isset($_REQUEST['submit'])) {
    $valid = true;

    if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
      if ($_REQUEST['password'] != $_REQUEST['password2']) {
        $valid = false;
        error(_("Your passwords don't match."));
      }
    } else {
      $valid = false;
      error(_("Your password is to short (please use at least 6 characters)."));
    }
    
    if ($valid) {
      set_password($user_source['UID'], $_REQUEST['password']);
      success(_("Password saved."));
      redirect(page_link_to('login'));
    }
  }
  
  return User_password_set_view();
}

/**
 * First step of password recovery: display a form that asks for your email and send email with recovery link
 */
function user_password_recovery_start_controller() {
  if (isset($_REQUEST['submit'])) {
    $valid = true;
    
    if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
      $email = strip_request_item('email');
      if (check_email($email)) {
        $user_source = User_by_email($email);
        if ($user_source == null) {
          $valid = false;
          error(_("E-mail address is not correct."));
        }
      } else {
        $valid = false;
        error(_("E-mail address is not correct."));
      }
    } else {
      $valid = false;
      error(_("Please enter your e-mail."));
    }
    
    if ($valid) {
      $token = User_generate_password_recovery_token($user_source);
      engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
      success(_("We sent an email containing your password recovery link."));
      redirect(page_link_to('login'));
    }
  }
  
  return User_password_recovery_view();
}

/**
 * User password recovery in 2 steps.
 * (By email)
 */
function user_password_recovery_controller() {
  if (isset($_REQUEST['token'])) {
    return user_password_recovery_set_new_controller();
  } else {
    return user_password_recovery_start_controller();
  }
}

/**
 * Menu title for password recovery.
 */
function user_password_recovery_title() {
  return _("Password recovery");
}

/**
 * Loads a user from param user_id.
 */
function load_user() {
  if (! isset($_REQUEST['user_id'])) {
    redirect(page_link_to());
  }
  
  $user = User($_REQUEST['user_id']);
  if ($user === false) {
    engelsystem_error("Unable to load user.");
  }
  
  if ($user == null) {
    error(_("User doesn't exist."));
    redirect(page_link_to());
  }
  
  return $user;
}

function shiftCalendarRendererByShiftFilter(ShiftsFilter $shiftsFilter) {
  $shifts = Shifts_by_ShiftsFilter($shiftsFilter);
  $needed_angeltypes_source = NeededAngeltypes_by_ShiftsFilter($shiftsFilter);
  $shift_entries_source = ShiftEntries_by_ShiftsFilter($shiftsFilter);
  
  $needed_angeltypes = [];
  $shift_entries = [];
  foreach ($shifts as $shift) {
    $needed_angeltypes[$shift['SID']] = [];
    $shift_entries[$shift['SID']] = [];
  }
  foreach ($shift_entries_source as $shift_entry) {
    if (isset($shift_entries[$shift_entry['SID']])) {
      $shift_entries[$shift_entry['SID']][] = $shift_entry;
    }
  }
  foreach ($needed_angeltypes_source as $needed_angeltype) {
    if (isset($needed_angeltypes[$needed_angeltype['SID']])) {
      $needed_angeltypes[$needed_angeltype['SID']][] = $needed_angeltype;
    }
  }
  unset($needed_angeltypes_source);
  unset($shift_entries_source);
  
  if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled())) {
    return new ShiftCalendarRenderer($shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
  }
  
  $filtered_shifts = [];
  foreach ($shifts as $shift) {
    $needed_angels_count = 0;
    foreach ($needed_angeltypes[$shift['SID']] as $needed_angeltype) {
      $taken = 0;
      foreach ($shift_entries[$shift['SID']] as $shift_entry) {
        if ($needed_angeltype['angel_type_id'] == $shift_entry['TID'] && $shift_entry['freeloaded'] == 0) {
          $taken ++;
        }
      }
      
      $needed_angels_count += max(0, $needed_angeltype['count'] - $taken);
    }
    if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && $taken < $needed_angels_count) {
      $filtered_shifts[] = $shift;
    }
    if (in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled()) && $taken >= $needed_angels_count) {
      $filtered_shifts[] = $shift;
    }
  }
  
  return new ShiftCalendarRenderer($filtered_shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
}

?>
user password recovery 2013-12-26 13:34:48 +01:00			`<?php`
move data sorting to begin 2016-12-28 14:53:35 +01:00			`use Engelsystem\ShiftsFilter;`
			`use Engelsystem\ShiftCalendarRenderer;`
user password recovery 2013-12-26 13:34:48 +01:00
			`/**`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`* Route user actions.`
			`*/`
			`function users_controller() {`
fix codacy unused code 2016-08-21 18:00:24 +02:00			`global $user;`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if (! isset($user)) {`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`redirect(page_link_to(''));`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if (! isset($_REQUEST['action'])) {`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`$_REQUEST['action'] = 'list';`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`switch ($_REQUEST['action']) {`
			`default:`
			`case 'list':`
			`return users_list_controller();`
			`case 'view':`
			`return user_controller();`
			`case 'edit':`
			`return user_edit_controller();`
			`case 'delete':`
			`return user_delete_controller();`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`case 'edit_vouchers':`
			`return user_edit_vouchers_controller();`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`}`
			`}`

add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`/**`
			`* Delete a user, requires to enter own password for reasons.`
			`*/`
			`function user_delete_controller() {`
			`global $privileges, $user;`

			`if (isset($_REQUEST['user_id'])) {`
			`$user_source = User($_REQUEST['user_id']);`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`} else {`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`$user_source = $user;`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if (! in_array('admin_user', $privileges)) {`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`redirect(page_link_to(''));`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`

			`// You cannot delete yourself`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`if ($user['UID'] == $user_source['UID']) {`
			`error(_("You cannot delete yourself."));`
			`redirect(user_link($user));`
			`}`

			`if (isset($_REQUEST['submit'])) {`
rename to 2016-09-29 12:08:12 +02:00			`$valid = true;`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00
			`if (! (isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))) {`
rename to 2016-09-29 12:08:12 +02:00			`$valid = false;`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`error(_("Your password is incorrect. Please try it again."));`
			`}`

rename to 2016-09-29 12:08:12 +02:00			`if ($valid) {`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`$result = User_delete($user_source['UID']);`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if ($result === false) {`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`engelsystem_error('Unable to delete user.');`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00
			`mail_user_delete($user_source);`
			`success(_("User deleted."));`
			`engelsystem_log(sprintf("Deleted %s", User_Nick_render($user_source)));`

			`redirect(users_link());`
			`}`
			`}`

prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`return [`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`sprintf(_("Delete %s"), $user_source['Nick']),`
			`User_delete_view($user_source)`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`];`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`}`

begin cleanup of user edit 2014-12-27 21:55:24 +01:00			`function users_link() {`
			`return page_link_to('users');`
			`}`

add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`function user_edit_link($user) {`
			`return page_link_to('admin_user') . '&user_id=' . $user['UID'];`
			`}`

			`function user_delete_link($user) {`
			`return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];`
			`}`

user voucher feature 2014-12-26 01:49:59 +01:00			`function user_link($user) {`
			`return page_link_to('users') . '&action=view&user_id=' . $user['UID'];`
			`}`

make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`function user_edit_vouchers_controller() {`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`global $privileges, $user;`
more fixes 2014-12-22 20:18:34 +01:00
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`if (isset($_REQUEST['user_id'])) {`
			`$user_source = User($_REQUEST['user_id']);`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`} else {`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`$user_source = $user;`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if (! in_array('admin_user', $privileges)) {`
user voucher feature 2014-12-26 01:49:59 +01:00			`redirect(page_link_to(''));`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
user voucher feature 2014-12-26 01:49:59 +01:00
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`if (isset($_REQUEST['submit'])) {`
rename to 2016-09-29 12:08:12 +02:00			`$valid = true;`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) {`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`$vouchers = trim($_REQUEST['vouchers']);`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`} else {`
rename to 2016-09-29 12:08:12 +02:00			`$valid = false;`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`error(_("Please enter a valid number of vouchers."));`
			`}`

rename to 2016-09-29 12:08:12 +02:00			`if ($valid) {`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`$user_source['got_voucher'] = $vouchers;`

			`$result = User_update($user_source);`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if ($result === false) {`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`engelsystem_error('Unable to update user.');`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00
			`success(_("Saved the number of vouchers."));`
			`engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher']));`

			`redirect(user_link($user_source));`
			`}`
			`}`
user voucher feature 2014-12-26 01:49:59 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`return [`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`sprintf(_("%s's vouchers"), $user_source['Nick']),`
			`User_edit_vouchers_view($user_source)`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`];`
user voucher feature 2014-12-26 01:49:59 +01:00			`}`

			`function user_controller() {`
			`global $privileges, $user;`

reduce complexity of user angeltypes controller 2016-10-04 16:50:06 +02:00			`$user_source = $user;`
user voucher feature 2014-12-26 01:49:59 +01:00			`if (isset($_REQUEST['user_id'])) {`
			`$user_source = User($_REQUEST['user_id']);`
fix user result check on user controller 2015-12-05 11:55:35 +01:00			`if ($user_source == null) {`
			`error(_("User not found."));`
			`redirect('?');`
			`}`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
user voucher feature 2014-12-26 01:49:59 +01:00
show freeload comments to supporters (user shift admin) 2016-11-25 14:27:47 +01:00			`$shifts = Shifts_by_user($user_source, in_array("user_shifts_admin", $privileges));`
add user view, better bootstrap 2014-08-23 01:55:18 +02:00			`foreach ($shifts as &$shift) {`
more fixes 2014-12-22 20:18:34 +01:00			`// TODO: Move queries to model`
harden the sql queries 2014-12-28 13:44:56 +01:00			$shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "' ORDER BY `AngelTypes`.`name`");
add user view, better bootstrap 2014-08-23 01:55:18 +02:00			`foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {`
			`$needed_angeltype['users'] = sql_select("`
only log if api key was reset on purpose 2014-12-16 00:54:50 +01:00			SELECT `ShiftEntry`.`freeloaded`, `User`.*
			FROM `ShiftEntry`
			JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
harden the sql queries 2014-12-28 13:44:56 +01:00			WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'
			AND `ShiftEntry`.`TID`='" . sql_escape($needed_angeltype['id']) . "'");
add user view, better bootstrap 2014-08-23 01:55:18 +02:00			`}`
			`}`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if ($user_source['api_key'] == "") {`
only log if api key was reset on purpose 2014-12-16 00:54:50 +01:00			`User_reset_api_key($user_source, false);`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`return [`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`$user_source['Nick'],`
user voucher feature 2014-12-26 01:49:59 +01:00			`User_view($user_source, in_array('admin_user', $privileges), User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID'])`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`];`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`}`

clear up mvc for user list 2014-09-28 15:01:02 +02:00			`/**`
			`* List all users.`
			`*/`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`function users_list_controller() {`
user list rewritten 2014-09-28 14:50:08 +02:00			`global $privileges;`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if (! in_array('admin_user', $privileges)) {`
user list rewritten 2014-09-28 14:50:08 +02:00			`redirect(page_link_to(''));`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
user list rewritten 2014-09-28 14:50:08 +02:00			`$order_by = 'Nick';`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) {`
user list rewritten 2014-09-28 14:50:08 +02:00			`$order_by = $_REQUEST['OrderBy'];`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
user list rewritten 2014-09-28 14:50:08 +02:00			`$users = Users($order_by);`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`if ($users === false) {`
user list rewritten 2014-09-28 14:50:08 +02:00			`engelsystem_error('Unable to load users.');`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`foreach ($users as &$user) {`
clear up mvc for user list 2014-09-28 15:01:02 +02:00			`$user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`return [`
user list rewritten 2014-09-28 14:50:08 +02:00			`_('All users'),`
user voucher feature 2014-12-26 01:49:59 +01:00			`Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count(), User_got_voucher_count())`
prohibit inline control structures on controllers 2016-09-29 09:43:08 +02:00			`];`
add basic bootstrap theme 2014-08-22 22:34:13 +02:00			`}`

			`/**`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`* Second step of password recovery: set a new password using the token link from email`
user password recovery 2013-12-26 13:34:48 +01:00			`*/`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`function user_password_recovery_set_new_controller() {`
Fixed "Constant already defined" notice Added more ugly global variables 2017-01-01 18:49:43 +01:00			`global $min_password_length;`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`$user_source = User_by_password_recovery_token($_REQUEST['token']);`
			`if ($user_source == null) {`
			`error(_("Token is not correct."));`
			`redirect(page_link_to('login'));`
			`}`

			`if (isset($_REQUEST['submit'])) {`
			`$valid = true;`
Fixed "Constant already defined" notice Added more ugly global variables 2017-01-01 18:49:43 +01:00
			`if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`if ($_REQUEST['password'] != $_REQUEST['password2']) {`
rename to 2016-09-29 12:08:12 +02:00			`$valid = false;`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`error(_("Your passwords don't match."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`} else {`
			`$valid = false;`
			`error(_("Your password is to short (please use at least 6 characters)."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`if ($valid) {`
			`set_password($user_source['UID'], $_REQUEST['password']);`
			`success(_("Password saved."));`
			`redirect(page_link_to('login'));`
			`}`
			`}`

			`return User_password_set_view();`
			`}`

			`/**`
			`* First step of password recovery: display a form that asks for your email and send email with recovery link`
			`*/`
			`function user_password_recovery_start_controller() {`
			`if (isset($_REQUEST['submit'])) {`
			`$valid = true;`

			`if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {`
			`$email = strip_request_item('email');`
			`if (check_email($email)) {`
			`$user_source = User_by_email($email);`
			`if ($user_source == null) {`
rename to 2016-09-29 12:08:12 +02:00			`$valid = false;`
fix error messages on password recovery 2014-03-12 17:36:55 +01:00			`error(_("E-mail address is not correct."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
			`} else {`
rename to 2016-09-29 12:08:12 +02:00			`$valid = false;`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`error(_("E-mail address is not correct."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`} else {`
			`$valid = false;`
			`error(_("Please enter your e-mail."));`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
more fixes 2014-12-22 20:18:34 +01:00
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`if ($valid) {`
			`$token = User_generate_password_recovery_token($user_source);`
			`engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));`
			`success(_("We sent an email containing your password recovery link."));`
			`redirect(page_link_to('login'));`
			`}`
			`}`

			`return User_password_recovery_view();`
			`}`

			`/**`
			`* User password recovery in 2 steps.`
			`* (By email)`
			`*/`
			`function user_password_recovery_controller() {`
			`if (isset($_REQUEST['token'])) {`
			`return user_password_recovery_set_new_controller();`
			`} else {`
			`return user_password_recovery_start_controller();`
user password recovery 2013-12-26 13:34:48 +01:00			`}`
			`}`

controller comments 2014-01-07 16:19:35 +01:00			`/**`
			`* Menu title for password recovery.`
			`*/`
user password recovery 2013-12-26 13:34:48 +01:00			`function user_password_recovery_title() {`
			`return _("Password recovery");`
			`}`

simplify user_angeltype_add_controller 2016-09-30 16:55:47 +02:00			`/**`
			`* Loads a user from param user_id.`
			`*/`
			`function load_user() {`
			`if (! isset($_REQUEST['user_id'])) {`
			`redirect(page_link_to());`
			`}`

			`$user = User($_REQUEST['user_id']);`
			`if ($user === false) {`
			`engelsystem_error("Unable to load user.");`
			`}`

			`if ($user == null) {`
			`error(_("User doesn't exist."));`
			`redirect(page_link_to());`
			`}`

			`return $user;`
			`}`

move data sorting to begin 2016-12-28 14:53:35 +01:00			`function shiftCalendarRendererByShiftFilter(ShiftsFilter $shiftsFilter) {`
			`$shifts = Shifts_by_ShiftsFilter($shiftsFilter);`
			`$needed_angeltypes_source = NeededAngeltypes_by_ShiftsFilter($shiftsFilter);`
			`$shift_entries_source = ShiftEntries_by_ShiftsFilter($shiftsFilter);`

			`$needed_angeltypes = [];`
			`$shift_entries = [];`
			`foreach ($shifts as $shift) {`
			`$needed_angeltypes[$shift['SID']] = [];`
			`$shift_entries[$shift['SID']] = [];`
			`}`
			`foreach ($shift_entries_source as $shift_entry) {`
bring back filtering by occupancy 2016-12-29 14:51:43 +01:00			`if (isset($shift_entries[$shift_entry['SID']])) {`
			`$shift_entries[$shift_entry['SID']][] = $shift_entry;`
			`}`
			`}`
			`foreach ($needed_angeltypes_source as $needed_angeltype) {`
			`if (isset($needed_angeltypes[$needed_angeltype['SID']])) {`
			`$needed_angeltypes[$needed_angeltype['SID']][] = $needed_angeltype;`
			`}`
move data sorting to begin 2016-12-28 14:53:35 +01:00			`}`
			`unset($needed_angeltypes_source);`
			`unset($shift_entries_source);`

bring back filtering by occupancy 2016-12-29 14:51:43 +01:00			`if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled())) {`
			`return new ShiftCalendarRenderer($shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);`
			`}`

			`$filtered_shifts = [];`
			`foreach ($shifts as $shift) {`
			`$needed_angels_count = 0;`
			`foreach ($needed_angeltypes[$shift['SID']] as $needed_angeltype) {`
bring back filtering by occupancy 2016-12-29 15:33:21 +01:00			`$taken = 0;`
			`foreach ($shift_entries[$shift['SID']] as $shift_entry) {`
			`if ($needed_angeltype['angel_type_id'] == $shift_entry['TID'] && $shift_entry['freeloaded'] == 0) {`
			`$taken ++;`
			`}`
bring back filtering by occupancy 2016-12-29 14:51:43 +01:00			`}`
bring back filtering by occupancy 2016-12-29 15:33:21 +01:00
			`$needed_angels_count += max(0, $needed_angeltype['count'] - $taken);`
bring back filtering by occupancy 2016-12-29 14:51:43 +01:00			`}`
			`if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && $taken < $needed_angels_count) {`
			`$filtered_shifts[] = $shift;`
			`}`
			`if (in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled()) && $taken >= $needed_angels_count) {`
			`$filtered_shifts[] = $shift;`
			`}`
			`}`

			`return new ShiftCalendarRenderer($filtered_shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);`
move data sorting to begin 2016-12-28 14:53:35 +01:00			`}`

only log if api key was reset on purpose 2014-12-16 00:54:50 +01:00			`?>`