/**
* Modificación perfil de usuario.
* Metodo Obsoleto porque esto lo hacen en el dashboard
*/
public function edit()
{
$user = $_SESSION['user'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();
// E-mail
if ($_POST['change_email']) {
if (empty($_POST['user_nemail'])) {
$errors['email'] = Text::get('error-user-email-empty');
} elseif (!\Goteo\Library\Check::mail($_POST['user_nemail'])) {
$errors['email'] = Text::get('error-user-email-invalid');
} elseif (empty($_POST['user_remail'])) {
$errors['email']['retry'] = Text::get('error-user-email-empty');
} elseif (strcmp($_POST['user_nemail'], $_POST['user_remail']) !== 0) {
$errors['email']['retry'] = Text::get('error-user-email-confirm');
} else {
$user->email = $_POST['user_nemail'];
}
}
// Contraseña
if ($_POST['change_password']) {
/*
* Quitamos esta verificacion porque los usuarios que acceden mediante servicio no tienen contraseña
*
if(empty($_POST['user_password'])) {
$errors['password'] = Text::get('error-user-password-empty');
}
else
*/
if (!Model\User::login($user->id, $_POST['user_password'])) {
$errors['password'] = Text::get('error-user-wrong-password');
} elseif (empty($_POST['user_npassword'])) {
$errors['password']['new'] = Text::get('error-user-password-empty');
} elseif (!\Goteo\Library\Check::password($_POST['user_npassword'])) {
$errors['password']['new'] = Text::get('error-user-password-invalid');
} elseif (empty($_POST['user_rpassword'])) {
$errors['password']['retry'] = Text::get('error-user-password-empty');
} elseif (strcmp($_POST['user_npassword'], $_POST['user_rpassword']) !== 0) {
$errors['password']['retry'] = Text::get('error-user-password-confirm');
} else {
$user->password = $_POST['user_npassword'];
}
}
// Avatar
if (!empty($_FILES['user_avatar']['name'])) {
$user->avatar = $_FILES['user_avatar'];
}
// tratar si quitan la imagen
if (!empty($_POST['avatar-' . $user->avatar->id . '-remove'])) {
$user->avatar->remove('user');
$user->avatar = '';
}
// Perfil público
$user->name = $_POST['user_name'];
$user->about = $_POST['user_about'];
$user->keywords = $_POST['user_keywords'];
$user->contribution = $_POST['user_contribution'];
$user->twitter = $_POST['user_twitter'];
$user->facebook = $_POST['user_facebook'];
$user->linkedin = $_POST['user_linkedin'];
// Intereses
$user->interests = $_POST['user_interests'];
// Páginas Web
if (!empty($_POST['user_webs']['remove'])) {
$user->webs = array('remove' => $_POST['user_webs']['remove']);
} elseif (!empty($_POST['user_webs']['add']) && !empty($_POST['user_webs']['add'][0])) {
$user->webs = array('add' => $_POST['user_webs']['add']);
} else {
$user->webs = array('edit', $_POST['user_webs']['edit']);
}
if ($user->save($errors)) {
// Refresca la sesión.
$user = Model\User::flush();
if (isset($_POST['save'])) {
throw new Redirection('/dashboard');
} else {
throw new Redirection('/user/edit');
}
}
}
return new View('view/user/edit.html.php', array('user' => $user, 'errors' => $errors));
}
/**
* Este método actualiza directamente los campos de email y contraseña de un usuario (para gestión de superadmin)
*/
public function update(&$errors = array())
{
if (!empty($this->password)) {
if (!Check::password($this->password)) {
$errors['password'] = Text::get('error-user-password-invalid');
}
}
if (!empty($this->email)) {
if (!Check::mail($this->email)) {
$errors['email'] = Text::get('error-user-email-invalid');
} else {
$query = self::query('SELECT id FROM user WHERE email = ?', array($this->email));
if ($found = $query->fetchColumn()) {
if ($this->id !== $found) {
$errors['email'] = Text::get('error-user-email-exists');
}
}
}
}
if (!empty($errors['email']) || !empty($errors['password'])) {
return false;
}
$set = '';
$values = array(':id' => $this->id);
if (!empty($this->email)) {
if ($set != '') {
$set .= ", ";
}
$set .= "`email` = :email ";
$values[":email"] = $this->email;
}
if (!empty($this->password)) {
if ($set != '') {
$set .= ", ";
}
$set .= "`password` = :password ";
$values[":password"] = version_compare(phpversion(), '5.5.0', '>=') ? password_hash($this->password, PASSWORD_BCRYPT) : crypt($this->password);
}
if ($set == '') {
return false;
}
try {
$sql = "UPDATE user SET " . $set . " WHERE id = :id";
self::query($sql, $values);
return true;
} catch (\PDOException $e) {
$errors[] = Text::_("No se ha guardado correctamente. ") . $e->getMessage();
return false;
}
}
/**
* Cambio de email / contraseña
*
* @param object $user instancia de Model\User (por referencia)
* @param array $errors (por referencia)
* @param string $log_action (por referencia)
* @return boolean si se guarda bien
*/
public static function process_access(&$user, &$errors, &$log_action)
{
// E-mail
if (!empty($_POST['user_nemail']) || !empty($_POST['user_remail'])) {
if (empty($_POST['user_nemail'])) {
$errors['email'] = Text::get('error-user-email-empty');
} elseif (!\Goteo\Library\Check::mail($_POST['user_nemail'])) {
$errors['email'] = Text::get('error-user-email-invalid');
} elseif (empty($_POST['user_remail'])) {
$errors['email_retry'] = Text::get('error-user-email-empty');
} elseif (strcmp($_POST['user_nemail'], $_POST['user_remail']) !== 0) {
$errors['email_retry'] = Text::get('error-user-email-confirm');
} else {
$user->email = $_POST['user_nemail'];
unset($_POST['user_nemail']);
unset($_POST['user_remail']);
Message::Info(Text::get('user-email-change-sended'));
$log_action = 'Cambiado su email';
//feed admin
}
}
// Contraseña
if (!empty($_POST['user_npassword']) || !empty($_POST['user_rpassword'])) {
// No verificamos la contraseña actual (ni en recover ni en normal) porque los usuarios que acceden mediante servicio no tienen contraseña
if (empty($_POST['user_npassword'])) {
$errors['password_new'] = Text::get('error-user-password-empty');
} elseif (!\Goteo\Library\Check::password($_POST['user_npassword'])) {
$errors['password_new'] = Text::get('error-user-password-invalid');
} elseif (empty($_POST['user_rpassword'])) {
$errors['password_retry'] = Text::get('error-user-password-empty');
} elseif (strcmp($_POST['user_npassword'], $_POST['user_rpassword']) !== 0) {
$errors['password_retry'] = Text::get('error-user-password-confirm');
} else {
$user->password = $_POST['user_npassword'];
unset($_POST['user_password']);
unset($_POST['user_npassword']);
unset($_POST['user_rpassword']);
Message::Info(Text::get('user-password-changed'));
$log_action = 'Cambiado su contraseña';
//feed admin
}
}
if (empty($errors) && $user->save($errors)) {
// Refresca la sesión.
$user = Model\User::flush();
if (isset($_SESSION['recovering'])) {
unset($_SESSION['recovering']);
}
return true;
} else {
Message::Error(Text::get('user-save-fail'));
$log_action = '¡ERROR! al cambiar email/contraseña';
//feed admin
return false;
}
}