public function execute()
{
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$user = DbUser::GetByUsername($username);
if (!$user->isNull()) {
if ($user->testPassword($password)) {
$_SESSION['user_id'] = $user->id;
$this->pushAlert(Alert::CreateSuccess('Success', 'You\'re now connected with success.'));
header('location: index.php');
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Username and/or password.'));
}
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Username and/or password.'));
}
}
}
public function execute()
{
$action = 'browse';
if (isset($_GET['action'])) {
$action = $_GET['action'];
}
if (strcmp($action, 'browse') == 0) {
$this->groups = DbGroup::GetAll();
$this->view = GroupsAdministrationAction::$BrowseGroups;
} else {
if (strcmp($action, 'new_group') == 0) {
$this->view = GroupsAdministrationAction::$NewGroupForm;
} else {
if (strcmp($action, 'add_group') == 0) {
if (isset($_POST['group_name'])) {
$group_name = $_POST['group_name'];
//only contains the ID of the permissions
$group_perms = array();
$permissions = $this->permissions->getPermissions();
foreach ($permissions as $perm) {
if (isset($_POST[$perm->name])) {
$value = $_POST[$perm->name];
if (strcmp($value, 'on') == 0) {
$group_perms[] = $perm->id;
}
}
}
$group = DbGroup::Add($group_name);
$g_id = $group->id;
foreach ($group_perms as $p_id) {
DbGroup::AddPermission($g_id, $p_id);
}
$this->addAlert(Alert::CreateSuccess('Success', 'Group added.'));
}
$this->reexecute(array('action' => 'browse'));
} else {
if (strcmp($action, 'permissions') == 0) {
$this->mustHavePermission('manage_permissions');
$this->view = GroupsAdministrationAction::$BrowsePermissions;
} else {
if (strcmp($action, 'edit_permission') == 0) {
$this->mustHavePermission('manage_permissions');
if (isset($_GET['perm_id'])) {
$this->permission = DbPermission::GetById($_GET['perm_id']);
$this->view = GroupsAdministrationAction::$EditPermissionForm;
if ($this->permission->isNull()) {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.'));
$this->reexecute(array('action' => 'permissions'));
}
} else {
$this->reexecute(array('action' => 'permissions'));
}
} else {
if (strcmp($action, 'save_permission') == 0) {
$this->mustHavePermission('manage_permissions');
if (isset($_POST['perm_id']) && isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) {
$perm_id = $_POST['perm_id'];
$perm = DbPermission::GetById($perm_id);
if (!$perm->isNull()) {
$perm->name = $_POST['perm_name'];
$perm->value = $_POST['perm_value'];
$perm->description = $_POST['perm_desc'];
DbPermission::Update($perm);
$this->addAlert(Alert::CreateSuccess('Success', 'Permission saved.'));
$this->reloadPermissions();
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.'));
}
}
$this->reexecute(array('action' => 'permissions'));
} else {
if (strcmp($action, 'new_permission') == 0) {
$this->mustHavePermission('manage_permissions');
$this->view = GroupsAdministrationAction::$NewPermissionForm;
} else {
if (strcmp($action, 'add_permission') == 0) {
$this->mustHavePermission('manage_permissions');
if (isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) {
$perm = new Permission();
$perm->name = $_POST['perm_name'];
$perm->value = $_POST['perm_value'];
$perm->description = $_POST['perm_desc'];
DbPermission::Add($perm);
$this->addAlert(Alert::CreateSuccess('Success', 'Permission added.'));
$this->reloadPermissions();
}
$this->reexecute(array('action' => 'permissions'));
} else {
if (strcmp($action, 'edit_group') == 0) {
if (isset($_GET['group_id'])) {
$this->group = DbGroup::GetById($_GET['group_id']);
$this->view = GroupsAdministrationAction::$EditGroupForm;
} else {
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'save_group') == 0) {
if (isset($_POST['group_id']) && isset($_POST['group_name'])) {
$group_id = $_POST['group_id'];
$group_name = $_POST['group_name'];
$perm_id = array();
$permissions = $this->permissions->getPermissions();
foreach ($permissions as $perm) {
if (isset($_POST[$perm->name])) {
$value = $_POST[$perm->name];
if (strcmp($value, 'on') == 0) {
$perm_id[] = $perm->id;
}
}
}
$group = DbGroup::GetById($group_id);
if (!$group->isNull()) {
$group->name = $group_name;
DbGroup::Update($group);
DbGroup::RemovePermissions($group->id);
foreach ($perm_id as $p_id) {
DbGroup::AddPermission($group->id, $p_id);
}
$this->addAlert(Alert::CreateSuccess('Success', 'Group modified.'));
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Group'));
}
}
$this->reexecute(array('action' => 'browse'));
} else {
if (strcmp($action, 'delete_group') == 0) {
if (isset($_GET['group_id'])) {
$group_id = $_GET['group_id'];
DbGroup::Delete($group_id);
$this->addAlert(Alert::CreateSuccess('Success', 'Group deleted.'));
}
$this->reexecute(array('action' => 'browse'));
} else {
if (strcmp($action, 'delete_permission') == 0) {
if (isset($_GET['permission_id'])) {
$perm_id = $_GET['permission_id'];
DbPermission::Delete($perm_id);
$this->reloadPermissions();
$this->addAlert(Alert::CreateSuccess('Success', 'Permission deleted.'));
}
$this->reexecute(array('action' => 'permissions'));
}
}
}
}
}
}
}
}
}
}
}
}
}
public function execute()
{
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = 'browse';
}
if (strcmp($action, 'browse') == 0) {
$this->view = UsersAdministrationAction::$BrowseUsers;
$this->title = "Users Administration - Browse Users";
//retrieve users
$page = 0;
$users_per_page = 50;
if (isset($_GET['page'])) {
$page = $_GET['page'];
}
$start = $page * $users_per_page;
$this->users = DbUser::Get($users_per_page, $start);
} else {
if (strcmp($action, 'new_user') == 0) {
$this->view = UsersAdministrationAction::$NewUserForm;
} else {
if (strcmp($action, 'edit_user') == 0) {
if (isset($_GET['user_id'])) {
$this->pageUser = DbUser::GetById($_GET['user_id']);
$this->groups = DbGroup::GetAll();
if (!$this->pageUser->isNull()) {
$this->userGroups = DbGroup::GetUserGroups($this->pageUser->id);
$this->view = UsersAdministrationAction::$EditUserForm;
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid User.'));
$this->view = UsersAdministrationAction::$BrowseUsers;
$this->reexecute(array('action' => 'browse'));
}
}
} else {
if (strcmp($action, 'save_user') == 0) {
if (isset($_POST['user_id']) && isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['email'])) {
$user_id = $_POST['user_id'];
$firstName = $_POST['first_name'];
$lastName = $_POST['last_name'];
$email = $_POST['email'];
$user = DbUser::GetById($user_id);
if (!$user->isNull()) {
$user->firstName = $firstName;
$user->lastName = $lastName;
$user->email = $email;
DbUser::Update($user);
$this->addAlert(Alert::CreateSuccess('Success', 'User updated.'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
} else {
//error user not found
$this->addAlert(Alert::CreateDanger('Error', 'This user doesn\'t exists.'));
$this->reexecute(array('action' => 'browse'));
}
} else {
//missing field, so edit form again
$this->view = UsersAdministrationAction::$EditUserForm;
}
} else {
if (strcmp($action, 'remove_group') == 0) {
if (isset($_GET['group_id']) && isset($_GET['user_id'])) {
DbGroup::RemoveUser($_GET['group_id'], $_GET['user_id']);
$this->addAlert(Alert::CreateSuccess('Success', 'Group removed.'));
$this->reexecute(array('action' => 'edit_user'));
}
} else {
if (strcmp($action, 'add_user') == 0) {
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['password2']) && isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['email'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$firstName = $_POST['first_name'];
$lastName = $_POST['last_name'];
$email = $_POST['email'];
if (strcmp($password, $password2) == 0) {
if (!DbUser::IsUsernameOrEmailExists($username, $email)) {
//username length check
$len_username = strlen($username);
if ($len_username >= $this->settings->getInt("username_min", 4) && $len_username <= $this->settings->getInt("username_max", 12)) {
//creating the user
$salt = User::GenerateSalt();
$hashType = $this->settings->getString('hash_type', 'sha256');
DbUser::Add($username, $salt, $hashType, $password, $firstName, $lastName, $email);
$default_group = $this->settings->getString('default_user_group', 'Users');
$group = DbGroup::GetByName($default_group);
if (!$group->isNull()) {
$user = DbUser::GetByUsername($username);
if (!$user->isNull()) {
DbGroup::AddUser($group->id, $user->id);
}
}
$this->addAlert(Alert::CreateSuccess('Success', 'User added !'));
$this->reexecute(array('action' => 'browse'));
} else {
$this->view = UsersAdministrationAction::$NewUserForm;
$this->addAlert(Alert::CreateWarning('Warning', 'Username must be between ' . $this->settings->getInt("username_min", 4) . ' and ' . $this->settings->getInt("username_max", 12) . ' characters.'));
}
} else {
$this->view = UsersAdministrationAction::$NewUserForm;
$this->addAlert(Alert::CreateWarning('Warning', 'Username and/or Email already exists in the database.'));
}
} else {
$this->view = UsersAdministrationAction::$NewUserForm;
$this->addAlert(Alert::CreateWarning('Warning', 'Password mismatches.'));
}
} else {
//need to revmap this with a method
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'change_password') == 0) {
if (isset($_POST['user_id']) && isset($_POST['password']) && isset($_POST['password2'])) {
$user_id = $_POST['user_id'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if (strcmp($password, $password2) == 0) {
$salt = User::GenerateSalt();
$hashType = $this->settings->getString('hash_type', 'sha256');
DbUser::UpdateUserPassword($user_id, $hashType, $salt, $password);
$this->addAlert(Alert::CreateSuccess('Success', 'Password changed !'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
} else {
$this->addAlert(Alert::CreateWarning('Warning', 'Password mismatches.'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
}
} else {
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'add_user_group') == 0) {
if (isset($_POST['user_id']) && isset($_POST['group_id'])) {
$u_id = $_POST['user_id'];
$g_id = $_POST['group_id'];
//for safety purpose
DbGroup::RemoveUser($g_id, $u_id);
DbGroup::AddUser($g_id, $u_id);
$this->addAlert(Alert::CreateSuccess('Success', 'User added to the group.'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $_POST['user_id']));
} else {
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'delete_user') == 0) {
if (isset($_GET['user_id'])) {
$user_id = $_GET['user_id'];
DbUser::Delete($user_id);
//maybe log this into a file..
//todo
$this->addAlert(Alert::CreateSuccess('Success', 'User deleted.'));
}
$this->reexecute(array('action' => 'browse'));
}
}
}
}
}
}
}
}
}
}
