public function action_edit($account_id = '') { // set redirect url $redirect = $this->getAndSetSubmitRedirection(); // check permission if (\Model_AccountLevelPermission::checkAdminPermission('account_perm', 'account_edit_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect($redirect); } // if editing guest. if ($account_id == '0') { \Response::redirect($redirect); } // if no account id, get current user's' account id if ($account_id == null) { $cookie = \Model_Accounts::forge()->getAccountCookie('admin'); if (isset($cookie['account_id'])) { $account_id = $cookie['account_id']; } else { unset($cookie); \Response::redirect($redirect); } unset($cookie); } // load language \Lang::load('account'); // load config from db. $cfg_values = array('allow_avatar', 'avatar_size', 'avatar_allowed_types', 'site_timezone'); $config = \Model_Config::getvalues($cfg_values); $output['config'] = $config; // set config data to display in view file. $output['allow_avatar'] = $config['allow_avatar']['value']; $output['avatar_size'] = $config['avatar_size']['value']; $output['avatar_allowed_types'] = $config['avatar_allowed_types']['value']; unset($cfg_values); // read flash message for display errors. $form_status = \Session::get_flash('form_status'); if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) { $output['form_status'] = $form_status['form_status']; $output['form_status_message'] = $form_status['form_status_message']; } unset($form_status); // get timezone list to display. \Config::load('timezone', 'timezone'); $output['timezone_list'] = \Config::get('timezone.timezone', array()); $output['default_timezone'] = $config['site_timezone']['value']; // get levels to select $output['account_levels'] = \Model_AccountLevelGroup::listLevels(array('no_guest' => true)); // get selected user data. ------------------------------------------------------------------------------------- $row = \Model_Accounts::find($account_id); $output['account_id'] = $account_id; if ($row == null) { // not found selected user. unset($config, $output, $row); \Response::redirect($redirect); } // loop set form field. foreach ($row as $key => $value) { $output[$key] = $value; } foreach ($row->account_level as $lvl) { $output['level_group_id'][] = $lvl->level_group_id; } // check if editing account that has higher level if (\Model_Accounts::forge()->canIAddEditAccount($output['level_group_id']) == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('account_you_cannot_edit_account_that_contain_role_higher_than_yours'))); \Response::redirect($redirect); } // if form submitted -------------------------------------------------------------------------------------------- if (\Input::method() == 'POST') { // store data for accounts table $data['account_id'] = $account_id; $data['account_username'] = $row->account_username; //trim(\Input::post('account_username'));//no, do not edit username. $data['account_old_email'] = $row->account_email; $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email'))); $data['account_password'] = trim(\Input::post('account_password')); $data['account_new_password'] = trim(\Input::post('account_new_password')); $data['account_display_name'] = \Security::htmlentities(\Input::post('account_display_name')); $data['account_firstname'] = \Security::htmlentities(trim(\Input::post('account_firstname', null))); if ($data['account_firstname'] == null) { $data['account_firstname'] = null; } $data['account_middlename'] = \Security::htmlentities(trim(\Input::post('account_middlename', null))); if ($data['account_middlename'] == null) { $data['account_middlename'] = null; } $data['account_lastname'] = \Security::htmlentities(trim(\Input::post('account_lastname', null))); if ($data['account_lastname'] == null) { $data['account_lastname'] = null; } $data['account_birthdate'] = \Security::strip_tags(trim(\Input::post('account_birthdate', null))); if ($data['account_birthdate'] == null) { $data['account_birthdate'] = null; } $data['account_signature'] = \Security::htmlentities(trim(\Input::post('account_signature', null))); if ($data['account_signature'] == null) { $data['account_signature'] = null; } $data['account_timezone'] = \Security::strip_tags(trim(\Input::post('account_timezone'))); $data['account_language'] = \Security::strip_tags(trim(\Input::post('account_language', null))); if ($data['account_language'] == null) { $data['account_language'] = null; } $data['account_status'] = (int) \Security::strip_tags(trim(\Input::post('account_status'))); $data['account_status_text'] = \Security::htmlentities(trim(\Input::post('account_status_text'))); if ($data['account_status'] == '1') { $data['account_status_text'] = null; } // store data for account_fields $data_field = array(); if (is_array(\Input::post('account_field'))) { foreach (\Input::post('account_field') as $field_name => $field_value) { if (is_string($field_name)) { if (is_array($field_value)) { $field_value = json_encode($field_value); } $data_field[$field_name] = $field_value; } } } unset($field_name, $field_value); // store data for account_level table $data_level['level_group_id'] = \Input::post('level_group_id'); // validate form. $validate = \Validation::forge(); $validate->add_callable(new \Extension\FsValidate()); $validate->add('account_username', \Lang::get('account_username'), array(), array('noSpaceBetweenText')); $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email')); $validate->add('account_display_name', \Lang::get('account_display_name'), array(), array('required')); $validate->add('account_birthdate', \Lang::get('account_birthdate'))->add_rule('valid_date', 'Y-m-d'); $validate->add('account_timezone', \Lang::get('account_timezone'), array(), array('required')); $validate->add('account_status', \Lang::get('account_status'), array(), array('required')); $validate->add('level_group_id', \Lang::get('account_role'), array(), array('required')); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { // save $result = \Model_Accounts::editAccount($data, $data_field, $data_level); if ($result === true) { if (\Session::get_flash('form_status', null, false) == null) { \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved'))); } \Response::redirect($redirect); } else { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } // re-populate form $output['account_username'] = trim(\Input::post('account_username')); $output['account_email'] = trim(\Input::post('account_email')); $output['account_display_name'] = trim(\Input::post('account_display_name')); $output['account_firstname'] = trim(\Input::post('account_firstname')); $output['account_middlename'] = trim(\Input::post('account_middlename')); $output['account_lastname'] = trim(\Input::post('account_lastname')); $output['account_birthdate'] = trim(\Input::post('account_birthdate')); $output['account_signature'] = trim(\Input::post('account_signature')); $output['account_timezone'] = trim(\Input::post('account_timezone')); $output['account_language'] = trim(\Input::post('account_language')); $output['account_status'] = trim(\Input::post('account_status')); $output['account_status_text'] = trim(\Input::post('account_status_text')); $output['level_group_id'] = \Input::post('level_group_id'); // re-populate form for account fields if (is_array(\Input::post('account_field'))) { foreach (\Input::post('account_field') as $field_name => $field_value) { if (is_string($field_name)) { $output['account_field'][$field_name] = $field_value; } } } unset($field_name, $field_value); } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('account_accounts')); $theme = \Theme::instance(); $theme->asset->css('datepicker.css', array(), 'fuelstart'); unset($theme); // <head> output ---------------------------------------------------------------------------------------------- // breadcrumb ------------------------------------------------------------------------------------------------- $page_breadcrumb = []; $page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')]; $page_breadcrumb[1] = ['name' => \Lang::get('account_accounts'), 'url' => \Uri::create('admin/account')]; $page_breadcrumb[2] = ['name' => \Lang::get('account_edit'), 'url' => \Uri::main()]; $output['page_breadcrumb'] = $page_breadcrumb; unset($page_breadcrumb); // breadcrumb ------------------------------------------------------------------------------------------------- return $this->generatePage('admin/templates/account/form_v', $output, false); }