/**
* Gets the first user that is an admin
* @return User The admin user, if present
*/
private function FirstAdmin()
{
$sql = Access::SqlBuilder();
$tblUser = User::Schema()->Table();
$where = $sql->Equals($tblUser->Field('IsAdmin'), $sql->Value(true));
$orderBy = $sql->OrderList($sql->OrderAsc($tblUser->Field('ID')));
return User::Schema()->First($where, $orderBy);
}
/**
* Gets and checks the requested user
* @return boolean False if processing can continue
*/
protected function BeforeInit()
{
$this->user = User::Schema()->ByID(Request::GetData('user'));
if (!$this->user || !self::Guard()->Allow(BackendAction::AssignGroups(), $this->user)) {
//TODO: Error message
Response::Redirect(BackendRouter::ModuleUrl(new UserList()));
}
return parent::BeforeInit();
}
/**
*
* Verifies access data and saves current user if successful
* @param data Array containing 'Name' and 'Password' as keys with values
* @param $dontSave If true, user is not saved in session (logged in)
* @return bool
*/
function Verify($data, $dontSave = false)
{
if (!isset($data['Password']) || !isset($data['Name'])) {
return false;
}
$name = $data['Name'];
$user = User::Schema()->ByName($name);
if ($user) {
$password = $data['Password'];
$pwHash = hash('sha256', $password . $user->GetPasswordSalt());
if ($pwHash == $user->GetPassword()) {
if (!$dontSave) {
$this->user = $user;
$_SESSION[self::$sessionParam] = $this->user->GetID();
}
return true;
}
}
return false;
}
/**
* Gets the site for removal if delete id is posted
* @return User
*/
protected function RemovalObject()
{
$id = Request::PostData('delete');
return $id ? User::Schema()->ByID($id) : null;
}
