public function login()
{
$this->load_model('users' . DS . 'users');
$db_options = array('api' => false);
$users = new cx\model\users($db_options);
$cc_name = $users->get_username_from_cookie();
$username = $this->request->is_not_empty($this->request->request_var('username')) ? $this->request->request_var('username') : $cc_name;
$password = $this->request->request_var('password');
if ($this->request->is_not_empty($username) && $this->request->is_not_empty($password)) {
$success = $users->is_user($username, $password);
if ($success == true) {
cx_redirect_url($this->get_url('/app/' . DEFAULT_PROJECT, 'main'));
} else {
cx_set_message('Invalid Username or Password!');
}
}
$model['pwd'] = !empty($cc_name) ? "**********" : '';
$model['username'] = $username;
$frm = $this->load_class('cx\\form\\form', array('name' => 'login', 'defaults' => array('readonly' => false)));
$frm->grab_form('app/user_login', $model);
$frm->end_form();
$this->do_view($frm->get_html());
}
public function edit_user()
{
$id = cx\app\static_request::init('get', 'id');
if ($id->is_not_set()) {
echo "Invalid id!";
exit;
}
if ($id->to_int() !== $this->session->get_int(CX_LOGIN . 'id')) {
$this->auth(array('user' => 'admin_check'));
$lock_rights_controls = false;
// Admin
} elseif ($this->auth(array('user' => 'is_admin')) === true) {
$lock_rights_controls = false;
// Admin can modify self, as they can create any user...
} else {
$lock_rights_controls = true;
// User must not be able to grant self more rights!
}
$this->load_model();
$db_options = array('table' => 'users', 'key' => 'id');
$edit_user = new cx\database\model($db_options);
if ($id->is_not_valid_id()) {
// no existing data
$model = array();
$model['new'] = true;
} else {
$edit_user->load($id->to_int());
$model = $edit_user->get_members();
if ($model == array()) {
echo "Invalid id!";
exit;
}
$s_pwd = $model['password'];
// Save Pwd
unset($model['password']);
// Remove scrambled DB password, so user does not see it!
$model['new'] = false;
}
$model['lock_rights_controls'] = $lock_rights_controls;
$model['rights_statuses'] = array('admin' => 'Administrator', 'staff' => 'Staff', 'cus' => 'Customer', 'api' => 'API client');
if (cx\app\static_request::init('post', 'save')->is_set()) {
$edit_user->auto_set_members();
// Set all post vars to DB
$confirm = $this->request->post_var('confirm');
$pwd = $this->request->post_var('password');
if (cx\app\static_request::init('post', 'username')->is_empty() || cx\app\static_request::init('post', 'fname')->is_empty() || cx\app\static_request::init('post', 'lname')->is_empty()) {
cx\app\main_functions::set_message('First/Last name or username is missing.');
$saveme = false;
} elseif ($model['new'] === false && $this->request->is_empty($confirm) && $this->request->is_empty($pwd)) {
$edit_user->set_member('password', $s_pwd);
// Keep current password!
$saveme = true;
} elseif ($this->request->is_not_empty($confirm) && $pwd === $confirm && strlen($pwd) > 6) {
$this->load_model('users' . DS . 'users');
$db_options = array('api' => false);
$users = new cx\model\users($db_options);
$edit_user->set_member('password', $users->get_pwd_hash($pwd));
// Assign new pwd
$saveme = true;
} else {
cx\app\main_functions::set_message('Password not strong/does not match.');
$saveme = false;
}
if ($saveme === true) {
$success = $edit_user->save();
$id = $edit_user->get_member('id');
if ($success === true && $id > 0) {
cx_redirect_url($this->get_url('/app/users', 'edit_user', 'id=' . $id));
}
}
}
$frm = $this->load_class('cx\\form\\form', array('name' => 'edit_user', 'defaults' => array('readonly' => false)));
$frm->grab_form('app' . DS . 'users' . DS . 'edit_user', $model);
$frm->end_form();
$this->add_js('./assets/pwd-meter.min.js');
$this->add_css('./assets/login.css');
$index = $this->get_url('app/users', 'index');
$this->breadcrumb = array($index => "List Users");
$this->active_crumb = "Edit User";
$this->do_view($frm->get_html());
}
