public function pageAccountSettings() { // Access-controlled page if (!$this->_app->user->checkAccess('uri_account_settings')) { $this->_app->notFound(); } $schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/account-settings.json"); $validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator); $this->_app->render('account-settings.html', ['page' => ['author' => $this->_app->site->author, 'title' => "Account Settings", 'description' => "Update your account settings, including email, display name, and password.", 'alerts' => $this->_app->alerts->getAndClearMessages()], "locales" => $this->_app->site->getLocales(), "validators" => $validators->formValidationRulesJson()]); }
public function pageSetupMasterAccount() { // Get the alert message stream $ms = $this->_app->alerts; // Do not allow registering a master account if one has already been created if (UserLoader::exists($this->_app->config('user_id_master'))) { $ms->addMessageTranslated("danger", "MASTER_ACCOUNT_EXISTS"); $this->_app->redirect($this->_app->urlFor('uri_home')); } $schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/register.json"); $validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator); $this->_app->render('common/install/install-master.html', ['page' => ['author' => $this->_app->site->author, 'title' => "Installation | Register Master Account", 'description' => "Set up the master account for your installation of UserFrosting", 'alerts' => $this->_app->alerts->getAndClearMessages()], 'validators' => $validators->formValidationRulesJson(), 'table_config' => Database::getTableConfiguration()]); }
print_r($ms->messages()); echo "</pre>"; $ms->resetMessageStream(); // Load the request schema $schema = new Fortress\RequestSchema("fortress/schema/forms/register.json"); // POST request $rf = new Fortress\HTTPRequestFortress($ms, $schema, $_GET); // Remove csrf_token from the request data, if specified $rf->removeFields(['csrf_token']); // Sanitize, and print sanitized data for demo purposes $rf->sanitize(true, "error"); echo "<h2>Sanitized data</h2>"; echo "<pre>"; print_r($rf->data()); echo "</pre>"; // Validate. Normally we'd want to halt on validation errors. But for this demo, we will simply print the message stream. if (!$rf->validate()) { $ms->addMessageTranslated("danger", "Validation failed for {{placeholder}}", ["placeholder" => "the form"]); } // Test client validators $clientVal = new Fortress\ClientSideValidator($schema, $translator); echo "<h2>Client-side validation schema (JSON)</h2>"; echo "<pre>"; print_r($clientVal->formValidationRulesJson()); echo "</pre>"; // Create a new group with the filtered data $data = $rf->data(); if (!yourFunctionHere($data)) { exit; } // If we've made it this far, success!
/** * Renders the form for editing an existing user. * * This does NOT render a complete page. Instead, it renders the HTML for the form, which can be embedded in other pages. * The form can be rendered in "modal" (for popup) or "panel" mode, depending on the value of the GET parameter `render`. * For each field, we will first check if the currently logged-in user has permission to update the field. If so, * the field will be rendered as editable. If not, we will check if they have permission to view the field. If so, * it will be displayed but disabled. If they have neither permission, the field will be hidden. * This page requires authentication. * Request type: GET * @param int $user_id the id of the user to edit. */ public function formUserEdit($user_id) { // Get the user to edit $target_user = UserLoader::fetch($user_id); // Access-controlled resource if (!$this->_app->user->checkAccess('uri_users') && !$this->_app->user->checkAccess('uri_group_users', ['primary_group_id' => $target_user->primary_group_id])) { $this->_app->notFound(); } $get = $this->_app->request->get(); if (isset($get['render'])) { $render = $get['render']; } else { $render = "modal"; } // Get a list of all groups $groups = GroupLoader::fetchAll(); // Get a list of all locales $locale_list = $this->_app->site->getLocales(); // Determine which groups this user is a member of $user_groups = $target_user->getGroups(); foreach ($groups as $group_id => $group) { $group_list[$group_id] = $group->export(); if (isset($user_groups[$group_id])) { $group_list[$group_id]['member'] = true; } else { $group_list[$group_id]['member'] = false; } } if ($render == "modal") { $template = "components/user-info-modal.html"; } else { $template = "components/user-info-panel.html"; } // Determine authorized fields $fields = ['display_name', 'email', 'title', 'password', 'locale', 'groups', 'primary_group_id']; $show_fields = []; $disabled_fields = []; $hidden_fields = []; foreach ($fields as $field) { if ($this->_app->user->checkAccess("update_account_setting", ["user" => $target_user, "property" => $field])) { $show_fields[] = $field; } else { if ($this->_app->user->checkAccess("view_account_setting", ["user" => $target_user, "property" => $field])) { $disabled_fields[] = $field; } else { $hidden_fields[] = $field; } } } // Always disallow editing username $disabled_fields[] = "user_name"; // Hide password fields for editing user $hidden_fields[] = "password"; // Load validator rules $schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/user-update.json"); $validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator); $this->_app->render($template, ["box_id" => $get['box_id'], "box_title" => "Edit User", "submit_button" => "Update user", "form_action" => $this->_app->site->uri['public'] . "/users/u/{$user_id}", "target_user" => $target_user, "groups" => $group_list, "locales" => $locale_list, "fields" => ["disabled" => $disabled_fields, "hidden" => $hidden_fields], "buttons" => ["hidden" => ["edit", "enable", "delete", "activate"]], "validators" => $validators->formValidationRulesJson()]); }
public function formGroupEdit($group_id) { // Access-controlled resource if (!$this->_app->user->checkAccess('uri_groups')) { $this->_app->notFound(); } $get = $this->_app->request->get(); if (isset($get['render'])) { $render = $get['render']; } else { $render = "modal"; } // Get the group to edit $group = GroupLoader::fetch($group_id); // Get a list of all themes $theme_list = $this->_app->site->getThemes(); if ($render == "modal") { $template = "components/group-info-modal.html"; } else { $template = "components/group-info-panel.html"; } // Determine authorized fields $fields = ['name', 'new_user_title', 'landing_page', 'theme', 'is_default']; $show_fields = []; $disabled_fields = []; $hidden_fields = []; foreach ($fields as $field) { if ($this->_app->user->checkAccess("update_group_setting", ["property" => $field])) { $show_fields[] = $field; } else { if ($this->_app->user->checkAccess("view_group_setting", ["property" => $field])) { $disabled_fields[] = $field; } else { $hidden_fields[] = $field; } } } // Load validator rules $schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/group-update.json"); $validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator); $this->_app->render($template, ["box_id" => $get['box_id'], "box_title" => "Edit Group", "submit_button" => "Update group", "form_action" => $this->_app->site->uri['public'] . "/groups/g/{$group_id}", "group" => $group, "themes" => $theme_list, "fields" => ["disabled" => $disabled_fields, "hidden" => $hidden_fields], "buttons" => ["hidden" => ["edit", "delete"]], "validators" => $validators->formValidationRulesJson()]); }