/**
* @param \NekoPHP\Modules\User\Models\User $user
* @param string $permission
* @param bool $redirect
* @return bool
*/
public static function checkPermission($user, $permission = null, $redirect = false)
{
// check if the user is logged in
if (!$user instanceof self) {
if ($redirect) {
Session::setOnce('login-redirect-to', NekoPHP::getCurrentUrl());
Session::setOnce('error', 'You must be logged in to view this page');
return NekoPHP::redirect(NekoPHP::getBaseUrl() . '/user/login');
}
return false;
}
// if no permission is set, we only wanted the user to be logged in properly
if ($permission === null) {
return true;
}
$method = 'get' . $permission;
// check wether the user has the requested permission
if (!$user->getPermissions()->{$method}()) {
if ($redirect) {
Session::setOnce('error', 'You do not have permission to view this page');
return NekoPHP::redirect(NekoPHP::getBaseUrl());
}
return false;
}
return true;
}
/**
* @return array[string => mixed]
*/
public static function before()
{
$user = null;
// initialize session
Session::init();
// setup twig
$twig = new \Twig_Environment(new \Twig_Loader_Filesystem());
$twig->getLoader()->addPath(__DIR__ . '/Twig');
$twig->addGlobal('asset', Settings::load('settings')->get('asset-url'));
$twig->addGlobal('base_url', NekoPHP::getBaseUrl());
// add the current user object to twig, if it exists
$user_id = Session::get('user_id');
// set the user if a user_id is set
if ($user_id > 0) {
$user = new \NekoPHP\Modules\User\Models\User($user_id);
$twig->addGlobal('cuser', $user);
}
// add one-time alerts
foreach (['success', 'info', 'warning', 'error'] as $alert) {
if (Session::existsOnce($alert)) {
$twig->addGlobal('alert_' . $alert, Session::getOnce($alert));
}
}
return ['cuser' => $user, 'twig' => $twig];
}
/**
* @param array[string] $parts
* @param array[string] $mod
* @return string
*/
public static function main($parts, $mod)
{
if (Session::get('user_id') === null) {
Session::setOnce('warning', "You aren't logged in");
NekoPHP::redirect(NekoPHP::getModuleUrl() . '/login');
}
Session::set('user_id', null);
Session::setOnce('success', 'You have been logged out');
NekoPHP::redirect(NekoPHP::getBaseUrl());
}
/**
* @param array[string] $parts
* @param array[string] $mod
* @return string
*/
public static function main($parts, $mod)
{
$user = Models\User::getByEmail($_POST['email']);
if ($user === null || !$user->checkPassword($_POST['password'])) {
return $mod['twig']->render('login.twig', ['error' => 'Username or password incorrect', 'form_url' => \NekoPHP\NekoPHP::getModuleUrl() . '/login']);
}
Session::set('user_id', $user->getId());
Session::setOnce('success', "You have been logged in as {$user->getEmail()}");
if (Session::existsOnce('login-redirect-to')) {
return NekoPHP::redirect(Session::getOnce('login-redirect-to'));
}
return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/profile');
}
/**
* @param array[string] $parts
* @param array[string] $mod
* @return string
*/
public static function main($parts, $mod)
{
if (Session::get('user_id') === null) {
Session::setOnce('error', 'You must be logged in to see this page');
NekoPHP::redirect(NekoPHP::getModuleUrl() . '/login');
}
try {
$user = new Models\User($parts[1] ?: Session::get('user_id'));
} catch (\Exception $e) {
http_response_code(404);
return $mod['twig']->render('error/404.twig');
}
return $mod['twig']->render('profile.twig', ['user' => $user]);
}
/**
* @param array[string] $parts
* @param array[string => mixed] $mod
* @return string
*/
public static function main($parts, $mod)
{
Models\User::checkPermissions($mod['cuser'], 'UserAdmin', true);
$errors = [];
if (empty($_POST['email'])) {
$errors[] = 'No email address given';
} elseif (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'Invalid email address';
}
if (empty($_POST['password']) || empty($_POST['password_confirm'])) {
$errors[] = 'Both password fields need to be filled out';
} elseif ($_POST['password'] !== $_POST['password_confirm']) {
$errors[] = 'The passwords don\'t match';
}
if (count($errors) > 0) {
Session::setOnce('error', $errors);
return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/create');
}
try {
$user = new Models\User();
$user->setEmail($_POST['email']);
$user->setPassword($_POST['password']);
if (!$user->create()) {
throw new \Exception($user->exception()->getMessage());
}
$user->getInfo()->setRealname($_POST['realname']);
$user->getInfo()->update();
$user->getPermissions()->setUserAdmin(isset($_POST['permission_user_admin']));
$user->getPermissions()->update();
// @todo: send out an email to the newly created user
} catch (\Exception $e) {
Session::setOnce('error', $e->getMessage());
return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/create/');
}
Session::setOnce('success', 'Account created');
return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/profile/' . $user->getId());
}