コード例 #1
0
ファイル: Action.php プロジェクト: HaldunA/phpwebsite
    /**
     * Controller of user requests. Based on the command request variable
     * defaults to my_page
     */
    public static function userAction()
    {
        $auth = Current_User::getAuthorization();
        $content = $title = null;
        if (isset($_REQUEST['command'])) {
            $command = $_REQUEST['command'];
        } else {
            $command = 'my_page';
        }
        switch ($command) {
            case 'login':
                if (!Current_User::isLogged() && isset($_POST['phpws_username']) && isset($_POST['phpws_password'])) {
                    $result = Current_User::loginUser($_POST['phpws_username'], $_POST['phpws_password']);
                    // here
                    if (!$result) {
                        $title = dgettext('users', 'Login page');
                        $message = dgettext('users', 'Username and password combination not found.');
                        $content = User_Form::loginPage();
                    } elseif (PHPWS_Error::isError($result)) {
                        if (preg_match('/L\\d/', $result->code)) {
                            $title = dgettext('users', 'Sorry');
                            $content = $result->getMessage();
                            $content .= ' ' . sprintf('<a href="mailto:%s">%s</a>', PHPWS_User::getUserSetting('site_contact'), dgettext('users', 'Contact the site administrator'));
                        } else {
                            PHPWS_Error::log($result);
                            $message = dgettext('users', 'A problem occurred when accessing user information. Please try again later.');
                        }
                    } else {
                        Current_User::getLogin();
                        PHPWS_Core::returnToBookmark();
                    }
                } else {
                    PHPWS_Core::errorPage('403');
                }
                break;
                // This is used by auth scripts if they need to return the user to
                // where they left off after redirection to another site for SSO
            // This is used by auth scripts if they need to return the user to
            // where they left off after redirection to another site for SSO
            case 'return_bookmark':
                PHPWS_Core::popUrlHistory();
                break;
                // reset user password
            // reset user password
            case 'rp':
                $user_id = User_Action::checkResetPassword();
                if ($user_id) {
                    $title = dgettext('users', 'Reset my password');
                    $content = User_Form::resetPassword($user_id, $_GET['auth']);
                } else {
                    $title = dgettext('users', 'Sorry');
                    $content = dgettext('users', 'Your password request was not found or timed out. Please apply again.');
                }
                break;
            case 'my_page':
                if ($auth->local_user) {
                    PHPWS_Core::initModClass('users', 'My_Page.php');
                    $my_page = new My_Page();
                    $my_page->main();
                } else {
                    Layout::add(PHPWS_ControlPanel::display(dgettext('users', 'My Page unavailable to remote users.'), 'my_page'));
                }
                break;
            case 'signup_user':
                $title = dgettext('users', 'New Account Sign-up');
                if (Current_User::isLogged()) {
                    $content = dgettext('users', 'You already have an account.');
                    break;
                }
                $user = new PHPWS_User();
                if (PHPWS_User::getUserSetting('new_user_method') == 0) {
                    $content = dgettext('users', 'Sorry, we are not accepting new users at this time.');
                    break;
                }
                $content = User_Form::signup_form($user);
                break;
            case 'submit_new_user':
                $title = dgettext('users', 'New Account Sign-up');
                $user_method = PHPWS_User::getUserSetting('new_user_method');
                if ($user_method == 0) {
                    Current_User::disallow(dgettext('users', 'New user signup not allowed.'));
                    return;
                }
                $user = new PHPWS_User();
                $result = User_Action::postNewUser($user);
                if (is_array($result)) {
                    $content = User_Form::signup_form($user, $result);
                } else {
                    $content = User_Action::successfulSignup($user);
                }
                break;
            case 'logout':
                $auth = Current_User::getAuthorization();
                $auth->logout();
                PHPWS_Core::killAllSessions();
                PHPWS_Core::reroute('index.php?module=users&action=reset');
                break;
            case 'login_page':
                if (Current_User::isLogged()) {
                    PHPWS_Core::home();
                }
                $title = dgettext('users', 'Login Page');
                $content = User_Form::loginPage();
                break;
            case 'confirm_user':
                if (Current_User::isLogged()) {
                    PHPWS_Core::home();
                }
                if (User_Action::confirmUser()) {
                    $title = dgettext('users', 'Welcome!');
                    $content = dgettext('users', 'Your account has been successfully activated. Please log in.');
                } else {
                    $title = dgettext('users', 'Sorry');
                    $content = dgettext('users', 'This authentication does not exist.<br />
 If you did not log in within the time frame specified in your email, please apply for another account.');
                }
                User_Action::cleanUpConfirm();
                break;
            case 'forgot_password':
                if (Current_User::isLogged()) {
                    PHPWS_Core::home();
                }
                $title = dgettext('users', 'Forgot Password');
                $content = User_Form::forgotForm();
                break;
            case 'post_forgot':
                $title = dgettext('users', 'Forgot Password');
                if (ALLOW_CAPTCHA) {
                    PHPWS_Core::initCoreClass('Captcha.php');
                    if (!Captcha::verify()) {
                        $content = dgettext('users', 'Captcha information was incorrect.');
                        $content .= User_Form::forgotForm();
                    } else {
                        if (!User_Action::postForgot($content)) {
                            $content .= User_Form::forgotForm();
                        }
                    }
                } elseif (!User_Action::postForgot($content)) {
                    $content .= User_Form::forgotForm();
                }
                break;
            case 'reset_pw':
                $pw_result = User_Action::finishResetPW();
                switch ($pw_result) {
                    case PHPWS_Error::isError($pw_result):
                        $title = dgettext('users', 'Reset my password');
                        $content = dgettext('users', 'Passwords were not acceptable for the following reason:');
                        $content .= '<br />' . $pw_result->getmessage() . '<br />';
                        $content .= User_Form::resetPassword($_POST['user_id'], $_POST['authhash']);
                        break;
                    case 0:
                        $title = dgettext('users', 'Sorry');
                        $content = dgettext('users', 'A problem occurred when trying to update your password. Please try again later.');
                        break;
                    case 1:
                        PHPWS_Core::home();
                        break;
                }
                break;
            default:
                PHPWS_Core::errorPage('404');
                break;
        }
        if (isset($message)) {
            $tag['MESSAGE'] = $message;
        }
        if (isset($title)) {
            $tag['TITLE'] = $title;
        }
        if (isset($content)) {
            $tag['CONTENT'] = $content;
        }
        if (isset($tag)) {
            $final = PHPWS_Template::process($tag, 'users', 'user_main.tpl');
            Layout::add($final);
        }
    }