function _edit($id)
{
$data = $_POST['user'];
// check if user want to change the password
if (strlen($data['password']) > 0) {
// check if pass and confirm are egal and >= 5 chars
if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) {
$data['password'] = sha1($data['password']);
unset($data['confirm']);
} else {
Flash::set('error', __('Password and Confirm are not the same or too small!'));
redirect(get_url('user/edit/' . $id));
}
} else {
unset($data['password'], $data['confirm']);
}
$user = User::findById($id);
$user->setFromData($data);
if ($user->save()) {
if (AuthUser::hasPermission('administrator')) {
// now we need to add permissions
$data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array();
UserPermission::setPermissionsFor($user->id, $data);
}
Flash::set('success', __('User has been saved!'));
} else {
Flash::set('error', __('User has not been saved!'));
}
if (AuthUser::getId() == $id) {
redirect(get_url('user/edit/' . $id));
} else {
redirect(get_url('user'));
}
}
private function _edit($id)
{
$data = $_POST['user'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user/add'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user/edit'));
}
// check if user want to change the password
if (strlen($data['password']) > 0) {
// check if pass and confirm are egal and >= 5 chars
if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) {
unset($data['confirm']);
} else {
Flash::set('error', __('Password and Confirm are not the same or too small!'));
redirect(get_url('user/edit/' . $id));
}
} else {
unset($data['password'], $data['confirm']);
}
$user = Record::findByIdFrom('User', $id);
if (isset($data['password'])) {
$data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt);
}
$user->setFromData($data);
if ($user->save()) {
if (AuthUser::hasPermission('administrator')) {
// now we need to add permissions
$data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array();
UserPermission::setPermissionsFor($user->id, $data);
}
Flash::set('success', __('User has been saved!'));
} else {
Flash::set('error', __('User has not been saved!'));
}
if (AuthUser::getId() == $id) {
redirect(get_url('user/edit/' . $id));
} else {
redirect(get_url('user'));
}
}
