Exemple #1
0
 public function execute()
 {
     if (isset($_POST['username']) && isset($_POST['password'])) {
         $username = $_POST['username'];
         $password = $_POST['password'];
         $user = DbUser::GetByUsername($username);
         if (!$user->isNull()) {
             if ($user->testPassword($password)) {
                 $_SESSION['user_id'] = $user->id;
                 $this->pushAlert(Alert::CreateSuccess('Success', 'You\'re now connected with success.'));
                 header('location: index.php');
             } else {
                 $this->addAlert(Alert::CreateDanger('Error', 'Invalid Username and/or password.'));
             }
         } else {
             $this->addAlert(Alert::CreateDanger('Error', 'Invalid Username and/or password.'));
         }
     }
 }
 public function execute()
 {
     $action = 'browse';
     if (isset($_GET['action'])) {
         $action = $_GET['action'];
     }
     if (strcmp($action, 'browse') == 0) {
         $this->groups = DbGroup::GetAll();
         $this->view = GroupsAdministrationAction::$BrowseGroups;
     } else {
         if (strcmp($action, 'new_group') == 0) {
             $this->view = GroupsAdministrationAction::$NewGroupForm;
         } else {
             if (strcmp($action, 'add_group') == 0) {
                 if (isset($_POST['group_name'])) {
                     $group_name = $_POST['group_name'];
                     //only contains the ID of the permissions
                     $group_perms = array();
                     $permissions = $this->permissions->getPermissions();
                     foreach ($permissions as $perm) {
                         if (isset($_POST[$perm->name])) {
                             $value = $_POST[$perm->name];
                             if (strcmp($value, 'on') == 0) {
                                 $group_perms[] = $perm->id;
                             }
                         }
                     }
                     $group = DbGroup::Add($group_name);
                     $g_id = $group->id;
                     foreach ($group_perms as $p_id) {
                         DbGroup::AddPermission($g_id, $p_id);
                     }
                     $this->addAlert(Alert::CreateSuccess('Success', 'Group added.'));
                 }
                 $this->reexecute(array('action' => 'browse'));
             } else {
                 if (strcmp($action, 'permissions') == 0) {
                     $this->mustHavePermission('manage_permissions');
                     $this->view = GroupsAdministrationAction::$BrowsePermissions;
                 } else {
                     if (strcmp($action, 'edit_permission') == 0) {
                         $this->mustHavePermission('manage_permissions');
                         if (isset($_GET['perm_id'])) {
                             $this->permission = DbPermission::GetById($_GET['perm_id']);
                             $this->view = GroupsAdministrationAction::$EditPermissionForm;
                             if ($this->permission->isNull()) {
                                 $this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.'));
                                 $this->reexecute(array('action' => 'permissions'));
                             }
                         } else {
                             $this->reexecute(array('action' => 'permissions'));
                         }
                     } else {
                         if (strcmp($action, 'save_permission') == 0) {
                             $this->mustHavePermission('manage_permissions');
                             if (isset($_POST['perm_id']) && isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) {
                                 $perm_id = $_POST['perm_id'];
                                 $perm = DbPermission::GetById($perm_id);
                                 if (!$perm->isNull()) {
                                     $perm->name = $_POST['perm_name'];
                                     $perm->value = $_POST['perm_value'];
                                     $perm->description = $_POST['perm_desc'];
                                     DbPermission::Update($perm);
                                     $this->addAlert(Alert::CreateSuccess('Success', 'Permission saved.'));
                                     $this->reloadPermissions();
                                 } else {
                                     $this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.'));
                                 }
                             }
                             $this->reexecute(array('action' => 'permissions'));
                         } else {
                             if (strcmp($action, 'new_permission') == 0) {
                                 $this->mustHavePermission('manage_permissions');
                                 $this->view = GroupsAdministrationAction::$NewPermissionForm;
                             } else {
                                 if (strcmp($action, 'add_permission') == 0) {
                                     $this->mustHavePermission('manage_permissions');
                                     if (isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) {
                                         $perm = new Permission();
                                         $perm->name = $_POST['perm_name'];
                                         $perm->value = $_POST['perm_value'];
                                         $perm->description = $_POST['perm_desc'];
                                         DbPermission::Add($perm);
                                         $this->addAlert(Alert::CreateSuccess('Success', 'Permission added.'));
                                         $this->reloadPermissions();
                                     }
                                     $this->reexecute(array('action' => 'permissions'));
                                 } else {
                                     if (strcmp($action, 'edit_group') == 0) {
                                         if (isset($_GET['group_id'])) {
                                             $this->group = DbGroup::GetById($_GET['group_id']);
                                             $this->view = GroupsAdministrationAction::$EditGroupForm;
                                         } else {
                                             $this->reexecute(array('action' => 'browse'));
                                         }
                                     } else {
                                         if (strcmp($action, 'save_group') == 0) {
                                             if (isset($_POST['group_id']) && isset($_POST['group_name'])) {
                                                 $group_id = $_POST['group_id'];
                                                 $group_name = $_POST['group_name'];
                                                 $perm_id = array();
                                                 $permissions = $this->permissions->getPermissions();
                                                 foreach ($permissions as $perm) {
                                                     if (isset($_POST[$perm->name])) {
                                                         $value = $_POST[$perm->name];
                                                         if (strcmp($value, 'on') == 0) {
                                                             $perm_id[] = $perm->id;
                                                         }
                                                     }
                                                 }
                                                 $group = DbGroup::GetById($group_id);
                                                 if (!$group->isNull()) {
                                                     $group->name = $group_name;
                                                     DbGroup::Update($group);
                                                     DbGroup::RemovePermissions($group->id);
                                                     foreach ($perm_id as $p_id) {
                                                         DbGroup::AddPermission($group->id, $p_id);
                                                     }
                                                     $this->addAlert(Alert::CreateSuccess('Success', 'Group modified.'));
                                                 } else {
                                                     $this->addAlert(Alert::CreateDanger('Error', 'Invalid Group'));
                                                 }
                                             }
                                             $this->reexecute(array('action' => 'browse'));
                                         } else {
                                             if (strcmp($action, 'delete_group') == 0) {
                                                 if (isset($_GET['group_id'])) {
                                                     $group_id = $_GET['group_id'];
                                                     DbGroup::Delete($group_id);
                                                     $this->addAlert(Alert::CreateSuccess('Success', 'Group deleted.'));
                                                 }
                                                 $this->reexecute(array('action' => 'browse'));
                                             } else {
                                                 if (strcmp($action, 'delete_permission') == 0) {
                                                     if (isset($_GET['permission_id'])) {
                                                         $perm_id = $_GET['permission_id'];
                                                         DbPermission::Delete($perm_id);
                                                         $this->reloadPermissions();
                                                         $this->addAlert(Alert::CreateSuccess('Success', 'Permission deleted.'));
                                                     }
                                                     $this->reexecute(array('action' => 'permissions'));
                                                 }
                                             }
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }
 public function execute()
 {
     if (isset($_GET['action'])) {
         $action = $_GET['action'];
     } else {
         $action = 'browse';
     }
     if (strcmp($action, 'browse') == 0) {
         $this->view = UsersAdministrationAction::$BrowseUsers;
         $this->title = "Users Administration - Browse Users";
         //retrieve users
         $page = 0;
         $users_per_page = 50;
         if (isset($_GET['page'])) {
             $page = $_GET['page'];
         }
         $start = $page * $users_per_page;
         $this->users = DbUser::Get($users_per_page, $start);
     } else {
         if (strcmp($action, 'new_user') == 0) {
             $this->view = UsersAdministrationAction::$NewUserForm;
         } else {
             if (strcmp($action, 'edit_user') == 0) {
                 if (isset($_GET['user_id'])) {
                     $this->pageUser = DbUser::GetById($_GET['user_id']);
                     $this->groups = DbGroup::GetAll();
                     if (!$this->pageUser->isNull()) {
                         $this->userGroups = DbGroup::GetUserGroups($this->pageUser->id);
                         $this->view = UsersAdministrationAction::$EditUserForm;
                     } else {
                         $this->addAlert(Alert::CreateDanger('Error', 'Invalid User.'));
                         $this->view = UsersAdministrationAction::$BrowseUsers;
                         $this->reexecute(array('action' => 'browse'));
                     }
                 }
             } else {
                 if (strcmp($action, 'save_user') == 0) {
                     if (isset($_POST['user_id']) && isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['email'])) {
                         $user_id = $_POST['user_id'];
                         $firstName = $_POST['first_name'];
                         $lastName = $_POST['last_name'];
                         $email = $_POST['email'];
                         $user = DbUser::GetById($user_id);
                         if (!$user->isNull()) {
                             $user->firstName = $firstName;
                             $user->lastName = $lastName;
                             $user->email = $email;
                             DbUser::Update($user);
                             $this->addAlert(Alert::CreateSuccess('Success', 'User updated.'));
                             $this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
                         } else {
                             //error user not found
                             $this->addAlert(Alert::CreateDanger('Error', 'This user doesn\'t exists.'));
                             $this->reexecute(array('action' => 'browse'));
                         }
                     } else {
                         //missing field, so edit form again
                         $this->view = UsersAdministrationAction::$EditUserForm;
                     }
                 } else {
                     if (strcmp($action, 'remove_group') == 0) {
                         if (isset($_GET['group_id']) && isset($_GET['user_id'])) {
                             DbGroup::RemoveUser($_GET['group_id'], $_GET['user_id']);
                             $this->addAlert(Alert::CreateSuccess('Success', 'Group removed.'));
                             $this->reexecute(array('action' => 'edit_user'));
                         }
                     } else {
                         if (strcmp($action, 'add_user') == 0) {
                             if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['password2']) && isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['email'])) {
                                 $username = $_POST['username'];
                                 $password = $_POST['password'];
                                 $password2 = $_POST['password2'];
                                 $firstName = $_POST['first_name'];
                                 $lastName = $_POST['last_name'];
                                 $email = $_POST['email'];
                                 if (strcmp($password, $password2) == 0) {
                                     if (!DbUser::IsUsernameOrEmailExists($username, $email)) {
                                         //username length check
                                         $len_username = strlen($username);
                                         if ($len_username >= $this->settings->getInt("username_min", 4) && $len_username <= $this->settings->getInt("username_max", 12)) {
                                             //creating the user
                                             $salt = User::GenerateSalt();
                                             $hashType = $this->settings->getString('hash_type', 'sha256');
                                             DbUser::Add($username, $salt, $hashType, $password, $firstName, $lastName, $email);
                                             $default_group = $this->settings->getString('default_user_group', 'Users');
                                             $group = DbGroup::GetByName($default_group);
                                             if (!$group->isNull()) {
                                                 $user = DbUser::GetByUsername($username);
                                                 if (!$user->isNull()) {
                                                     DbGroup::AddUser($group->id, $user->id);
                                                 }
                                             }
                                             $this->addAlert(Alert::CreateSuccess('Success', 'User added !'));
                                             $this->reexecute(array('action' => 'browse'));
                                         } else {
                                             $this->view = UsersAdministrationAction::$NewUserForm;
                                             $this->addAlert(Alert::CreateWarning('Warning', 'Username must be between ' . $this->settings->getInt("username_min", 4) . ' and ' . $this->settings->getInt("username_max", 12) . ' characters.'));
                                         }
                                     } else {
                                         $this->view = UsersAdministrationAction::$NewUserForm;
                                         $this->addAlert(Alert::CreateWarning('Warning', 'Username and/or Email already exists in the database.'));
                                     }
                                 } else {
                                     $this->view = UsersAdministrationAction::$NewUserForm;
                                     $this->addAlert(Alert::CreateWarning('Warning', 'Password mismatches.'));
                                 }
                             } else {
                                 //need to revmap this with a method
                                 $this->reexecute(array('action' => 'browse'));
                             }
                         } else {
                             if (strcmp($action, 'change_password') == 0) {
                                 if (isset($_POST['user_id']) && isset($_POST['password']) && isset($_POST['password2'])) {
                                     $user_id = $_POST['user_id'];
                                     $password = $_POST['password'];
                                     $password2 = $_POST['password2'];
                                     if (strcmp($password, $password2) == 0) {
                                         $salt = User::GenerateSalt();
                                         $hashType = $this->settings->getString('hash_type', 'sha256');
                                         DbUser::UpdateUserPassword($user_id, $hashType, $salt, $password);
                                         $this->addAlert(Alert::CreateSuccess('Success', 'Password changed !'));
                                         $this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
                                     } else {
                                         $this->addAlert(Alert::CreateWarning('Warning', 'Password mismatches.'));
                                         $this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
                                     }
                                 } else {
                                     $this->reexecute(array('action' => 'browse'));
                                 }
                             } else {
                                 if (strcmp($action, 'add_user_group') == 0) {
                                     if (isset($_POST['user_id']) && isset($_POST['group_id'])) {
                                         $u_id = $_POST['user_id'];
                                         $g_id = $_POST['group_id'];
                                         //for safety purpose
                                         DbGroup::RemoveUser($g_id, $u_id);
                                         DbGroup::AddUser($g_id, $u_id);
                                         $this->addAlert(Alert::CreateSuccess('Success', 'User added to the group.'));
                                         $this->reexecute(array('action' => 'edit_user', 'user_id' => $_POST['user_id']));
                                     } else {
                                         $this->reexecute(array('action' => 'browse'));
                                     }
                                 } else {
                                     if (strcmp($action, 'delete_user') == 0) {
                                         if (isset($_GET['user_id'])) {
                                             $user_id = $_GET['user_id'];
                                             DbUser::Delete($user_id);
                                             //maybe log this into a file..
                                             //todo
                                             $this->addAlert(Alert::CreateSuccess('Success', 'User deleted.'));
                                         }
                                         $this->reexecute(array('action' => 'browse'));
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }