public function registerAction() { $exists = App_Model_User::getCount(['email' => $this->getParam('email')]); if ($exists) { throw new App_Exception_UserAlreadyExists(); } $user = new App_Model_User(['email' => $this->getParam('email'), 'password' => $this->getParam('password'), 'registered' => time()]); $user->addToken(); $user->save(); }
/** * Action called to post values of a new user. */ public function postnewAction() { // TODO prevent CSRF $this->secure('admin'); $user = new App_Model_User(); $user->setUsername($_POST['username']); $user->setPassword($_POST['password']); $user->setFirstname($_POST['firstname']); $user->setLastname($_POST['lastname']); $user->setIsAdmin($_POST['is_admin'] == 'on'); $user->setEmail($_POST['email']); if (0 === count($user->isValid())) { $user->save(); return redirect_to('/admin/users'); } else { $errors = ''; foreach ($user->isValid() as $error) { $errors .= $error . "<br />"; } flash_now('error', $errors); return $this->createAction(); } }
/** * @before _secured, _admin */ public function add() { $view = $this->getActionView(); $view->set('submstoken', $this->mutliSubmissionProtectionToken()); if (RequestMethods::post('submitAddUser')) { if ($this->checkCSRFToken() !== true && $this->checkMutliSubmissionProtectionToken(RequestMethods::post('submstoken')) !== true) { self::redirect('/admin/user/'); } $errors = array(); if (RequestMethods::post('password') !== RequestMethods::post('password2')) { $errors['password2'] = array('Hesla se neshodují'); } $email = App_Model_User::first(array('email = ?' => RequestMethods::post('email')), array('email')); if ($email) { $errors['email'] = array('Tento email se již používá'); } $salt = PasswordManager::createSalt(); $hash = PasswordManager::hashPassword(RequestMethods::post('password'), $salt); $cfg = Registry::get('configuration'); $fileManager = new FileManager(array('thumbWidth' => $cfg->thumb_width, 'thumbHeight' => $cfg->thumb_height, 'thumbResizeBy' => $cfg->thumb_resizeby, 'maxImageWidth' => $cfg->photo_maxwidth, 'maxImageHeight' => $cfg->photo_maxheight)); $photoNameRaw = RequestMethods::post('firstname') . '-' . RequestMethods::post('lastname'); $photoName = $this->_createUrlKey($photoNameRaw); $fileErrors = $fileManager->uploadBase64Image(RequestMethods::post('croppedimage'), $photoName, 'members', time() . '_')->getUploadErrors(); $files = $fileManager->getUploadedFiles(); if (!empty($fileErrors)) { $errors['croppedimage'] = $fileErrors; } if (!empty($files)) { foreach ($files as $i => $file) { if ($file instanceof \THCFrame\Filesystem\Image) { $user = new App_Model_User(array('firstname' => RequestMethods::post('firstname'), 'lastname' => RequestMethods::post('lastname'), 'email' => RequestMethods::post('email'), 'password' => $hash, 'salt' => $salt, 'role' => RequestMethods::post('role', 'role_member'), 'imgMain' => trim($file->getFilename(), '.'), 'imgThumb' => trim($file->getThumbname(), '.'))); break; } } } if (empty($errors) && $user->validate()) { $userId = $user->save(); Event::fire('admin.log', array('success', 'User id: ' . $userId)); $view->successMessage('Uživatel' . self::SUCCESS_MESSAGE_1); self::redirect('/admin/user/'); } else { Event::fire('admin.log', array('fail')); $view->set('errors', $errors + $user->getErrors())->set('submstoken', $this->revalidateMutliSubmissionProtectionToken())->set('user', $user); } } }