/** * view a post * * @param integer|string $postId */ public function view($postId = 0) { $postId = Encryption::decryptId($postId); if (!$this->post->exists($postId)) { $this->error("notfound"); } $this->vars['globalPage'] = ["posts", "comments"]; $this->vars['globalPageId'] = $postId; echo $this->view->renderWithLayouts(VIEWS_PATH . "layout/", VIEWS_PATH . 'posts/viewPost.php', array("postId" => $postId)); }
/** * view a user * * @param integer|string $userId */ public function viewUser($userId = 0) { $userId = Encryption::decryptId($userId); if (!$this->user->exists($userId)) { $this->error("notfound"); } $this->vars['curPage'] = "users"; $this->vars['curPageId'] = $userId; echo $this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('ADMIN_VIEWS_PATH') . 'users/viewUser.php', array("userId" => $userId)); }
/** * view a user * * @param integer|string $userId */ public function viewUser($userId = 0) { $userId = Encryption::decryptId($userId); if (!$this->user->exists($userId)) { $this->error("notfound"); } $this->vars['globalPage'] = "users"; $this->vars['globalPageId'] = $userId; echo $this->view->renderWithLayouts(VIEWS_PATH . "layout/", ADMIN_VIEWS_PATH . 'users/viewUser.php', array("userId" => $userId)); }
public function create() { $postId = Encryption::decryptId($this->request->data("post_id")); $content = $this->request->data("content"); $comment = $this->comment->create(Session::getUserId(), $postId, $content); if (!$comment) { $this->view->renderErrors($this->comment->errors()); } else { $html = $this->view->render(Config::get('VIEWS_PATH') . 'posts/comments.php', array("comments" => $comment)); $this->view->renderJson(array("data" => $html)); } }
/** * confirm on email updates * * You must be logged in with your current email */ public function updateEmail() { $userId = $this->request->query("id"); $userId = empty($userId) ? null : Encryption::decryptId($this->request->query("id")); $token = $this->request->query("token"); $result = $this->user->updateEmail($userId, $token); $errors = $this->user->errors(); if (!$result && empty($errors)) { return $this->error(404); } else { if (!$result && !empty($errors)) { $this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('VIEWS_PATH') . 'user/profile.php', ["emailUpdates" => ["errors" => $this->user->errors()]]); } else { $this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('VIEWS_PATH') . 'user/profile.php', ["emailUpdates" => ["success" => "Your email updates has been updated successfully."]]); } } }
/** * If password token valid, then show update password form * */ public function resetPassword() { $userId = Encryption::decryptId($this->request->query("id")); $token = $this->request->query("token"); $result = $this->login->isForgottenPasswordTokenValid($userId, $token); if (!$result) { $this->error("notfound"); } else { //If there is a user already logged in, then log out. //It not necessary for the logged in user to be the same as user_id in the requested reset password URL. //But, this won't allow user to open more than one update password form, //because every time it loads, it generates a new CSRF Token //So, keep it commented //$this->login->logOut(Session::getUserId(), true); //don't store the user id in a hidden field in the update password form, //because user can easily open inspector and change it, //so you will ending up using updatePassword() on an invalid user id. Session::set("user_id_reset_password", $userId); echo $this->view->renderWithLayouts(Config::get('LOGIN_PATH'), Config::get('LOGIN_PATH') . 'updatePassword.php'); } }
public function isAuthorized() { $action = $this->request->param('action'); $role = Session::getUserRole(); $resource = "posts"; // only for admins Permission::allow('admin', $resource, ['*']); // only for normal users Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']); Permission::allow('user', $resource, ['update', 'delete'], 'owner'); $postId = $action === "delete" ? $this->request->param("args")[0] : $this->request->data("post_id"); if (!empty($postId)) { $postId = Encryption::decryptId($postId); } $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId]; return Permission::check($role, $resource, $action, $config); }
/** * update user profile info(name, password, role) * */ public function updateUserInfo() { $userId = Encryption::decryptId($this->request->data("user_id")); $name = $this->request->data("name"); $password = $this->request->data("password"); $role = $this->request->data("role"); if (!$this->user->exists($userId)) { return $this->error(404); } $result = $this->admin->updateUserInfo($userId, Session::getUserId(), $name, $password, $role); if (!$result) { $this->view->renderErrors($this->admin->errors()); } else { $this->view->renderSuccess("Profile has been updated."); } }