/** * @todo merge _add() and _edit() into one _store() * * @param <type> $id */ private function _edit($id) { use_helper('Validate'); $data = $_POST['user']; Flash::set('post_data', (object) $data); // Add pre-save checks here $errors = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('user/edit/' . $id)); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('user/edit/' . $id)); } // check if user want to change the password if (strlen($data['password']) > 0) { // check if pass and confirm are egal and >= 5 chars if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) { unset($data['confirm']); } else { Flash::set('error', __('Password and Confirm are not the same or too small!')); redirect(get_url('user/edit/' . $id)); } } else { unset($data['password'], $data['confirm']); } // Check alphanumerical fields $fields = array('username'); foreach ($fields as $field) { if (!empty($data[$field]) && !Validate::alphanum_space($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } if (!empty($data['name']) && !Validate::alphanum_space($data['name'], true)) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'name')); } if (!empty($data['email']) && !Validate::email($data['email'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'email')); } if (!empty($data['language']) && !Validate::alpha($data['language'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'language')); } if ($errors !== false) { // Set the errors to be displayed. Flash::set('error', implode('<br/>', $errors)); redirect(get_url('user/edit/' . $id)); } $user = Record::findByIdFrom('User', $id); if (isset($data['password'])) { if (empty($user->salt)) { $user->salt = AuthUser::generateSalt(); } $data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt); } $user->setFromData($data); if ($user->save()) { if (AuthUser::hasPermission('user_edit')) { // now we need to add permissions $data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array(); UserRole::setPermissionsFor($user->id, $data); } Flash::set('success', __('User has been saved!')); Observer::notify('user_after_edit', $user->name); } else { Flash::set('error', __('User has not been saved!')); } if (AuthUser::getId() == $id) { redirect(get_url('user/edit/' . $id)); } else { redirect(get_url('user')); } }