/**
* Controller of user requests. Based on the command request variable
* defaults to my_page
*/
public static function userAction()
{
$auth = Current_User::getAuthorization();
$content = $title = null;
if (isset($_REQUEST['command'])) {
$command = $_REQUEST['command'];
} else {
$command = 'my_page';
}
switch ($command) {
case 'login':
if (!Current_User::isLogged() && isset($_POST['phpws_username']) && isset($_POST['phpws_password'])) {
$result = Current_User::loginUser($_POST['phpws_username'], $_POST['phpws_password']);
// here
if (!$result) {
$title = dgettext('users', 'Login page');
$message = dgettext('users', 'Username and password combination not found.');
$content = User_Form::loginPage();
} elseif (PHPWS_Error::isError($result)) {
if (preg_match('/L\\d/', $result->code)) {
$title = dgettext('users', 'Sorry');
$content = $result->getMessage();
$content .= ' ' . sprintf('<a href="mailto:%s">%s</a>', PHPWS_User::getUserSetting('site_contact'), dgettext('users', 'Contact the site administrator'));
} else {
PHPWS_Error::log($result);
$message = dgettext('users', 'A problem occurred when accessing user information. Please try again later.');
}
} else {
Current_User::getLogin();
PHPWS_Core::returnToBookmark();
}
} else {
PHPWS_Core::errorPage('403');
}
break;
// This is used by auth scripts if they need to return the user to
// where they left off after redirection to another site for SSO
// This is used by auth scripts if they need to return the user to
// where they left off after redirection to another site for SSO
case 'return_bookmark':
PHPWS_Core::popUrlHistory();
break;
// reset user password
// reset user password
case 'rp':
$user_id = User_Action::checkResetPassword();
if ($user_id) {
$title = dgettext('users', 'Reset my password');
$content = User_Form::resetPassword($user_id, $_GET['auth']);
} else {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'Your password request was not found or timed out. Please apply again.');
}
break;
case 'my_page':
if ($auth->local_user) {
PHPWS_Core::initModClass('users', 'My_Page.php');
$my_page = new My_Page();
$my_page->main();
} else {
Layout::add(PHPWS_ControlPanel::display(dgettext('users', 'My Page unavailable to remote users.'), 'my_page'));
}
break;
case 'signup_user':
$title = dgettext('users', 'New Account Sign-up');
if (Current_User::isLogged()) {
$content = dgettext('users', 'You already have an account.');
break;
}
$user = new PHPWS_User();
if (PHPWS_User::getUserSetting('new_user_method') == 0) {
$content = dgettext('users', 'Sorry, we are not accepting new users at this time.');
break;
}
$content = User_Form::signup_form($user);
break;
case 'submit_new_user':
$title = dgettext('users', 'New Account Sign-up');
$user_method = PHPWS_User::getUserSetting('new_user_method');
if ($user_method == 0) {
Current_User::disallow(dgettext('users', 'New user signup not allowed.'));
return;
}
$user = new PHPWS_User();
$result = User_Action::postNewUser($user);
if (is_array($result)) {
$content = User_Form::signup_form($user, $result);
} else {
$content = User_Action::successfulSignup($user);
}
break;
case 'logout':
$auth = Current_User::getAuthorization();
$auth->logout();
PHPWS_Core::killAllSessions();
PHPWS_Core::reroute('index.php?module=users&action=reset');
break;
case 'login_page':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
$title = dgettext('users', 'Login Page');
$content = User_Form::loginPage();
break;
case 'confirm_user':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
if (User_Action::confirmUser()) {
$title = dgettext('users', 'Welcome!');
$content = dgettext('users', 'Your account has been successfully activated. Please log in.');
} else {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'This authentication does not exist.<br />
If you did not log in within the time frame specified in your email, please apply for another account.');
}
User_Action::cleanUpConfirm();
break;
case 'forgot_password':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
$title = dgettext('users', 'Forgot Password');
$content = User_Form::forgotForm();
break;
case 'post_forgot':
$title = dgettext('users', 'Forgot Password');
if (ALLOW_CAPTCHA) {
PHPWS_Core::initCoreClass('Captcha.php');
if (!Captcha::verify()) {
$content = dgettext('users', 'Captcha information was incorrect.');
$content .= User_Form::forgotForm();
} else {
if (!User_Action::postForgot($content)) {
$content .= User_Form::forgotForm();
}
}
} elseif (!User_Action::postForgot($content)) {
$content .= User_Form::forgotForm();
}
break;
case 'reset_pw':
$pw_result = User_Action::finishResetPW();
switch ($pw_result) {
case PHPWS_Error::isError($pw_result):
$title = dgettext('users', 'Reset my password');
$content = dgettext('users', 'Passwords were not acceptable for the following reason:');
$content .= '<br />' . $pw_result->getmessage() . '<br />';
$content .= User_Form::resetPassword($_POST['user_id'], $_POST['authhash']);
break;
case 0:
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'A problem occurred when trying to update your password. Please try again later.');
break;
case 1:
PHPWS_Core::home();
break;
}
break;
default:
PHPWS_Core::errorPage('404');
break;
}
if (isset($message)) {
$tag['MESSAGE'] = $message;
}
if (isset($title)) {
$tag['TITLE'] = $title;
}
if (isset($content)) {
$tag['CONTENT'] = $content;
}
if (isset($tag)) {
$final = PHPWS_Template::process($tag, 'users', 'user_main.tpl');
Layout::add($final);
}
}