public function password($type, $id)
{
if ($type != "edit" and $type != "view") {
$_SESSION['flash'] = 'Unknown password type "' . htmlspecialchars($type) . '".';
uri::redirect('list/view/' . $id);
}
$list = Alist::constructByKey($id);
if (!is_object($list)) {
$this->view->content = new View('list/missing');
//! \todo Ban counter
return;
}
if ('edit' == $type) {
if ('' == $list->getEditPassword() or array_key_exists($id, $_SESSION['can_edit'])) {
uri::redirect('list/edit/' . $id);
}
if ($_POST) {
if ($_POST['password'] == $list->getEditPassword()) {
$_SESSION['can_edit'][$list->getId()] = true;
uri::redirect('list/edit/' . $id);
} else {
$this->view->flash = 'Sorry, that\'s not the password.';
//! \todo Ban counter
}
}
} else {
if ('' == $list->getViewPassword() or array_key_exists($id, $_SESSION['can_view'])) {
uri::redirect('list/view/' . $id);
}
if ($_POST) {
if ($_POST['password'] == $list->getViewPassword()) {
$_SESSION['can_view'][$list->getId()] = true;
uri::redirect('list/view/' . $id);
} else {
$this->view->flash = 'Sorry, that\'s not the password.';
//! \todo Ban counter
}
}
}
$this->view->content = new View('list/password');
$this->view->content->type = ucwords($type);
}
