Example #1
0
 /**
  * @param \NekoPHP\Modules\User\Models\User $user
  * @param string $permission
  * @param bool $redirect
  * @return bool
  */
 public static function checkPermission($user, $permission = null, $redirect = false)
 {
     // check if the user is logged in
     if (!$user instanceof self) {
         if ($redirect) {
             Session::setOnce('login-redirect-to', NekoPHP::getCurrentUrl());
             Session::setOnce('error', 'You must be logged in to view this page');
             return NekoPHP::redirect(NekoPHP::getBaseUrl() . '/user/login');
         }
         return false;
     }
     // if no permission is set, we only wanted the user to be logged in properly
     if ($permission === null) {
         return true;
     }
     $method = 'get' . $permission;
     // check wether the user has the requested permission
     if (!$user->getPermissions()->{$method}()) {
         if ($redirect) {
             Session::setOnce('error', 'You do not have permission to view this page');
             return NekoPHP::redirect(NekoPHP::getBaseUrl());
         }
         return false;
     }
     return true;
 }
Example #2
0
 /**
  * @return array[string => mixed]
  */
 public static function before()
 {
     $user = null;
     // initialize session
     Session::init();
     // setup twig
     $twig = new \Twig_Environment(new \Twig_Loader_Filesystem());
     $twig->getLoader()->addPath(__DIR__ . '/Twig');
     $twig->addGlobal('asset', Settings::load('settings')->get('asset-url'));
     $twig->addGlobal('base_url', NekoPHP::getBaseUrl());
     // add the current user object to twig, if it exists
     $user_id = Session::get('user_id');
     // set the user if a user_id is set
     if ($user_id > 0) {
         $user = new \NekoPHP\Modules\User\Models\User($user_id);
         $twig->addGlobal('cuser', $user);
     }
     // add one-time alerts
     foreach (['success', 'info', 'warning', 'error'] as $alert) {
         if (Session::existsOnce($alert)) {
             $twig->addGlobal('alert_' . $alert, Session::getOnce($alert));
         }
     }
     return ['cuser' => $user, 'twig' => $twig];
 }
 /**
  * @param array[string] $parts
  * @param array[string] $mod
  * @return string
  */
 public static function main($parts, $mod)
 {
     if (Session::get('user_id') === null) {
         Session::setOnce('warning', "You aren't logged in");
         NekoPHP::redirect(NekoPHP::getModuleUrl() . '/login');
     }
     Session::set('user_id', null);
     Session::setOnce('success', 'You have been logged out');
     NekoPHP::redirect(NekoPHP::getBaseUrl());
 }
 /**
  * @param array[string] $parts
  * @param array[string] $mod
  * @return string
  */
 public static function main($parts, $mod)
 {
     $user = Models\User::getByEmail($_POST['email']);
     if ($user === null || !$user->checkPassword($_POST['password'])) {
         return $mod['twig']->render('login.twig', ['error' => 'Username or password incorrect', 'form_url' => \NekoPHP\NekoPHP::getModuleUrl() . '/login']);
     }
     Session::set('user_id', $user->getId());
     Session::setOnce('success', "You have been logged in as {$user->getEmail()}");
     if (Session::existsOnce('login-redirect-to')) {
         return NekoPHP::redirect(Session::getOnce('login-redirect-to'));
     }
     return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/profile');
 }
 /**
  * @param array[string] $parts
  * @param array[string] $mod
  * @return string
  */
 public static function main($parts, $mod)
 {
     if (Session::get('user_id') === null) {
         Session::setOnce('error', 'You must be logged in to see this page');
         NekoPHP::redirect(NekoPHP::getModuleUrl() . '/login');
     }
     try {
         $user = new Models\User($parts[1] ?: Session::get('user_id'));
     } catch (\Exception $e) {
         http_response_code(404);
         return $mod['twig']->render('error/404.twig');
     }
     return $mod['twig']->render('profile.twig', ['user' => $user]);
 }
 /**
  * @param array[string] $parts
  * @param array[string => mixed] $mod
  * @return string
  */
 public static function main($parts, $mod)
 {
     Models\User::checkPermissions($mod['cuser'], 'UserAdmin', true);
     $errors = [];
     if (empty($_POST['email'])) {
         $errors[] = 'No email address given';
     } elseif (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
         $errors[] = 'Invalid email address';
     }
     if (empty($_POST['password']) || empty($_POST['password_confirm'])) {
         $errors[] = 'Both password fields need to be filled out';
     } elseif ($_POST['password'] !== $_POST['password_confirm']) {
         $errors[] = 'The passwords don\'t match';
     }
     if (count($errors) > 0) {
         Session::setOnce('error', $errors);
         return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/create');
     }
     try {
         $user = new Models\User();
         $user->setEmail($_POST['email']);
         $user->setPassword($_POST['password']);
         if (!$user->create()) {
             throw new \Exception($user->exception()->getMessage());
         }
         $user->getInfo()->setRealname($_POST['realname']);
         $user->getInfo()->update();
         $user->getPermissions()->setUserAdmin(isset($_POST['permission_user_admin']));
         $user->getPermissions()->update();
         // @todo: send out an email to the newly created user
     } catch (\Exception $e) {
         Session::setOnce('error', $e->getMessage());
         return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/create/');
     }
     Session::setOnce('success', 'Account created');
     return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/profile/' . $user->getId());
 }