<?php
include 'inc/init.php';
fRequest::overrideAction();
$action = fRequest::getValid('action', array('list', 'add', 'edit', 'settings', 'delete'));
if ($action != 'add') {
fAuthorization::requireLoggedIn();
}
$user_id = fRequest::get('user_id', 'integer');
if ('edit' == $action) {
try {
$user = new User($user_id);
if (fRequest::isPost()) {
$user->populate();
if ($GLOBALS['ALLOW_HTTP_AUTH'] && $user->getUserId() != 1) {
$password = '******';
} else {
$password = fCryptography::hashPassword($user->getPassword());
$user->setPassword($password);
}
fRequest::validateCSRFToken(fRequest::get('token'));
$user->store();
fMessaging::create('affected', User::makeUrl('list'), $user->getUsername());
fMessaging::create('success', User::makeUrl('list'), 'The user ' . $user->getUsername() . ' was successfully updated');
fURL::redirect(User::makeUrl('list'));
}
} catch (fNotFoundException $e) {
fMessaging::create('error', User::makeUrl('list'), 'The user requested, ' . fHTML::encode($user_id) . ', could not be found');
fURL::redirect(User::makeUrl('list'));
} catch (fExpectedException $e) {
fMessaging::create('error', fURL::get(), $e->getMessage());