public function pageAccountSettings()
{
// Access-controlled page
if (!$this->_app->user->checkAccess('uri_account_settings')) {
$this->_app->notFound();
}
$schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/account-settings.json");
$validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator);
$this->_app->render('account-settings.html', ['page' => ['author' => $this->_app->site->author, 'title' => "Account Settings", 'description' => "Update your account settings, including email, display name, and password.", 'alerts' => $this->_app->alerts->getAndClearMessages()], "locales" => $this->_app->site->getLocales(), "validators" => $validators->formValidationRulesJson()]);
}
public function pageSetupMasterAccount()
{
// Get the alert message stream
$ms = $this->_app->alerts;
// Do not allow registering a master account if one has already been created
if (UserLoader::exists($this->_app->config('user_id_master'))) {
$ms->addMessageTranslated("danger", "MASTER_ACCOUNT_EXISTS");
$this->_app->redirect($this->_app->urlFor('uri_home'));
}
$schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/register.json");
$validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator);
$this->_app->render('common/install/install-master.html', ['page' => ['author' => $this->_app->site->author, 'title' => "Installation | Register Master Account", 'description' => "Set up the master account for your installation of UserFrosting", 'alerts' => $this->_app->alerts->getAndClearMessages()], 'validators' => $validators->formValidationRulesJson(), 'table_config' => Database::getTableConfiguration()]);
}
print_r($ms->messages());
echo "</pre>";
$ms->resetMessageStream();
// Load the request schema
$schema = new Fortress\RequestSchema("fortress/schema/forms/register.json");
// POST request
$rf = new Fortress\HTTPRequestFortress($ms, $schema, $_GET);
// Remove csrf_token from the request data, if specified
$rf->removeFields(['csrf_token']);
// Sanitize, and print sanitized data for demo purposes
$rf->sanitize(true, "error");
echo "<h2>Sanitized data</h2>";
echo "<pre>";
print_r($rf->data());
echo "</pre>";
// Validate. Normally we'd want to halt on validation errors. But for this demo, we will simply print the message stream.
if (!$rf->validate()) {
$ms->addMessageTranslated("danger", "Validation failed for {{placeholder}}", ["placeholder" => "the form"]);
}
// Test client validators
$clientVal = new Fortress\ClientSideValidator($schema, $translator);
echo "<h2>Client-side validation schema (JSON)</h2>";
echo "<pre>";
print_r($clientVal->formValidationRulesJson());
echo "</pre>";
// Create a new group with the filtered data
$data = $rf->data();
if (!yourFunctionHere($data)) {
exit;
}
// If we've made it this far, success!
/**
* Renders the form for editing an existing user.
*
* This does NOT render a complete page. Instead, it renders the HTML for the form, which can be embedded in other pages.
* The form can be rendered in "modal" (for popup) or "panel" mode, depending on the value of the GET parameter `render`.
* For each field, we will first check if the currently logged-in user has permission to update the field. If so,
* the field will be rendered as editable. If not, we will check if they have permission to view the field. If so,
* it will be displayed but disabled. If they have neither permission, the field will be hidden.
* This page requires authentication.
* Request type: GET
* @param int $user_id the id of the user to edit.
*/
public function formUserEdit($user_id)
{
// Get the user to edit
$target_user = UserLoader::fetch($user_id);
// Access-controlled resource
if (!$this->_app->user->checkAccess('uri_users') && !$this->_app->user->checkAccess('uri_group_users', ['primary_group_id' => $target_user->primary_group_id])) {
$this->_app->notFound();
}
$get = $this->_app->request->get();
if (isset($get['render'])) {
$render = $get['render'];
} else {
$render = "modal";
}
// Get a list of all groups
$groups = GroupLoader::fetchAll();
// Get a list of all locales
$locale_list = $this->_app->site->getLocales();
// Determine which groups this user is a member of
$user_groups = $target_user->getGroups();
foreach ($groups as $group_id => $group) {
$group_list[$group_id] = $group->export();
if (isset($user_groups[$group_id])) {
$group_list[$group_id]['member'] = true;
} else {
$group_list[$group_id]['member'] = false;
}
}
if ($render == "modal") {
$template = "components/user-info-modal.html";
} else {
$template = "components/user-info-panel.html";
}
// Determine authorized fields
$fields = ['display_name', 'email', 'title', 'password', 'locale', 'groups', 'primary_group_id'];
$show_fields = [];
$disabled_fields = [];
$hidden_fields = [];
foreach ($fields as $field) {
if ($this->_app->user->checkAccess("update_account_setting", ["user" => $target_user, "property" => $field])) {
$show_fields[] = $field;
} else {
if ($this->_app->user->checkAccess("view_account_setting", ["user" => $target_user, "property" => $field])) {
$disabled_fields[] = $field;
} else {
$hidden_fields[] = $field;
}
}
}
// Always disallow editing username
$disabled_fields[] = "user_name";
// Hide password fields for editing user
$hidden_fields[] = "password";
// Load validator rules
$schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/user-update.json");
$validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator);
$this->_app->render($template, ["box_id" => $get['box_id'], "box_title" => "Edit User", "submit_button" => "Update user", "form_action" => $this->_app->site->uri['public'] . "/users/u/{$user_id}", "target_user" => $target_user, "groups" => $group_list, "locales" => $locale_list, "fields" => ["disabled" => $disabled_fields, "hidden" => $hidden_fields], "buttons" => ["hidden" => ["edit", "enable", "delete", "activate"]], "validators" => $validators->formValidationRulesJson()]);
}
public function formGroupEdit($group_id)
{
// Access-controlled resource
if (!$this->_app->user->checkAccess('uri_groups')) {
$this->_app->notFound();
}
$get = $this->_app->request->get();
if (isset($get['render'])) {
$render = $get['render'];
} else {
$render = "modal";
}
// Get the group to edit
$group = GroupLoader::fetch($group_id);
// Get a list of all themes
$theme_list = $this->_app->site->getThemes();
if ($render == "modal") {
$template = "components/group-info-modal.html";
} else {
$template = "components/group-info-panel.html";
}
// Determine authorized fields
$fields = ['name', 'new_user_title', 'landing_page', 'theme', 'is_default'];
$show_fields = [];
$disabled_fields = [];
$hidden_fields = [];
foreach ($fields as $field) {
if ($this->_app->user->checkAccess("update_group_setting", ["property" => $field])) {
$show_fields[] = $field;
} else {
if ($this->_app->user->checkAccess("view_group_setting", ["property" => $field])) {
$disabled_fields[] = $field;
} else {
$hidden_fields[] = $field;
}
}
}
// Load validator rules
$schema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/group-update.json");
$validators = new \Fortress\ClientSideValidator($schema, $this->_app->translator);
$this->_app->render($template, ["box_id" => $get['box_id'], "box_title" => "Edit Group", "submit_button" => "Update group", "form_action" => $this->_app->site->uri['public'] . "/groups/g/{$group_id}", "group" => $group, "themes" => $theme_list, "fields" => ["disabled" => $disabled_fields, "hidden" => $hidden_fields], "buttons" => ["hidden" => ["edit", "delete"]], "validators" => $validators->formValidationRulesJson()]);
}
