public function admin()
{
switch ($_REQUEST['dop']) {
case 'delete_document':
if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->document->delete();
PHPWS_Core::returnToBookmark();
break;
case 'post_document_upload':
if (!$this->folder->id || !Current_User::authorized('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->postDocumentUpload();
javascript('close_refresh');
Layout::nakedDisplay();
//\PHPWS_Core::goBack();
break;
case 'upload_document_form':
if (!$this->folder->id || !Current_User::secured('filecabinet', 'edit_folders', $this->folder->id, 'folder')) {
Current_User::disallow();
}
$this->loadDocument(filter_input(INPUT_GET, 'file_id', FILTER_VALIDATE_INT));
$this->edit();
echo Layout::wrap($this->content, 'Document Upload', true);
exit;
case 'add_access':
if (!Current_User::authorized('filecabinet')) {
Current_User::disallow();
}
$keyword = null;
$this->loadDocument();
// document exists, try making a shortcut
if ($this->document->id) {
PHPWS_Core::initModClass('access', 'Shortcut.php');
$shortcut = new Access_Shortcut();
if (isset($_GET['keyword'])) {
$keyword = $_GET['keyword'];
}
if (empty($keyword)) {
$keyword = $this->document->title;
}
$result = $shortcut->setKeyword($keyword);
$new_keyword = $shortcut->keyword;
// if setKeyword returns a false or error, we have them pick a different name
if (!$result || PHPWS_Error::isError($result)) {
$message = dgettext('filecabinet', 'Access shortcut name already in use. Please enter another.');
$success = false;
} else {
$shortcut->setUrl('filecabinet', $this->document->getViewLink());
$shortcut->save();
$success = true;
$message = '<p>' . dgettext('filecabinet', 'Access shortcut successful!') . '</p>';
$message .= '<a href="' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '">' . PHPWS_Core::getHomeHttp() . $shortcut->keyword . '</a>';
}
} else {
$message = dgettext('filecabinet', 'File not found');
// not really a success but prevents a repost prompt
$success = true;
}
echo json_encode(array('success' => $success, 'message' => $message, 'keyword' => $new_keyword));
exit;
}
}
/**
* Controller of user requests. Based on the command request variable
* defaults to my_page
*/
public static function userAction()
{
$auth = Current_User::getAuthorization();
$content = $title = null;
if (isset($_REQUEST['command'])) {
$command = $_REQUEST['command'];
} else {
$command = 'my_page';
}
switch ($command) {
case 'login':
if (!Current_User::isLogged() && isset($_POST['phpws_username']) && isset($_POST['phpws_password'])) {
$result = Current_User::loginUser($_POST['phpws_username'], $_POST['phpws_password']);
// here
if (!$result) {
$title = dgettext('users', 'Login page');
$message = dgettext('users', 'Username and password combination not found.');
$content = User_Form::loginPage();
} elseif (PHPWS_Error::isError($result)) {
if (preg_match('/L\\d/', $result->code)) {
$title = dgettext('users', 'Sorry');
$content = $result->getMessage();
$content .= ' ' . sprintf('<a href="mailto:%s">%s</a>', PHPWS_User::getUserSetting('site_contact'), dgettext('users', 'Contact the site administrator'));
} else {
PHPWS_Error::log($result);
$message = dgettext('users', 'A problem occurred when accessing user information. Please try again later.');
}
} else {
Current_User::getLogin();
PHPWS_Core::returnToBookmark();
}
} else {
PHPWS_Core::errorPage('403');
}
break;
// This is used by auth scripts if they need to return the user to
// where they left off after redirection to another site for SSO
// This is used by auth scripts if they need to return the user to
// where they left off after redirection to another site for SSO
case 'return_bookmark':
PHPWS_Core::popUrlHistory();
break;
// reset user password
// reset user password
case 'rp':
$user_id = User_Action::checkResetPassword();
if ($user_id) {
$title = dgettext('users', 'Reset my password');
$content = User_Form::resetPassword($user_id, $_GET['auth']);
} else {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'Your password request was not found or timed out. Please apply again.');
}
break;
case 'my_page':
if ($auth->local_user) {
PHPWS_Core::initModClass('users', 'My_Page.php');
$my_page = new My_Page();
$my_page->main();
} else {
Layout::add(PHPWS_ControlPanel::display(dgettext('users', 'My Page unavailable to remote users.'), 'my_page'));
}
break;
case 'signup_user':
$title = dgettext('users', 'New Account Sign-up');
if (Current_User::isLogged()) {
$content = dgettext('users', 'You already have an account.');
break;
}
$user = new PHPWS_User();
if (PHPWS_User::getUserSetting('new_user_method') == 0) {
$content = dgettext('users', 'Sorry, we are not accepting new users at this time.');
break;
}
$content = User_Form::signup_form($user);
break;
case 'submit_new_user':
$title = dgettext('users', 'New Account Sign-up');
$user_method = PHPWS_User::getUserSetting('new_user_method');
if ($user_method == 0) {
Current_User::disallow(dgettext('users', 'New user signup not allowed.'));
return;
}
$user = new PHPWS_User();
$result = User_Action::postNewUser($user);
if (is_array($result)) {
$content = User_Form::signup_form($user, $result);
} else {
$content = User_Action::successfulSignup($user);
}
break;
case 'logout':
$auth = Current_User::getAuthorization();
$auth->logout();
PHPWS_Core::killAllSessions();
PHPWS_Core::reroute('index.php?module=users&action=reset');
break;
case 'login_page':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
$title = dgettext('users', 'Login Page');
$content = User_Form::loginPage();
break;
case 'confirm_user':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
if (User_Action::confirmUser()) {
$title = dgettext('users', 'Welcome!');
$content = dgettext('users', 'Your account has been successfully activated. Please log in.');
} else {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'This authentication does not exist.<br />
If you did not log in within the time frame specified in your email, please apply for another account.');
}
User_Action::cleanUpConfirm();
break;
case 'forgot_password':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
$title = dgettext('users', 'Forgot Password');
$content = User_Form::forgotForm();
break;
case 'post_forgot':
$title = dgettext('users', 'Forgot Password');
if (ALLOW_CAPTCHA) {
PHPWS_Core::initCoreClass('Captcha.php');
if (!Captcha::verify()) {
$content = dgettext('users', 'Captcha information was incorrect.');
$content .= User_Form::forgotForm();
} else {
if (!User_Action::postForgot($content)) {
$content .= User_Form::forgotForm();
}
}
} elseif (!User_Action::postForgot($content)) {
$content .= User_Form::forgotForm();
}
break;
case 'reset_pw':
$pw_result = User_Action::finishResetPW();
switch ($pw_result) {
case PHPWS_Error::isError($pw_result):
$title = dgettext('users', 'Reset my password');
$content = dgettext('users', 'Passwords were not acceptable for the following reason:');
$content .= '<br />' . $pw_result->getmessage() . '<br />';
$content .= User_Form::resetPassword($_POST['user_id'], $_POST['authhash']);
break;
case 0:
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'A problem occurred when trying to update your password. Please try again later.');
break;
case 1:
PHPWS_Core::home();
break;
}
break;
default:
PHPWS_Core::errorPage('404');
break;
}
if (isset($message)) {
$tag['MESSAGE'] = $message;
}
if (isset($title)) {
$tag['TITLE'] = $title;
}
if (isset($content)) {
$tag['CONTENT'] = $content;
}
if (isset($tag)) {
$final = PHPWS_Template::process($tag, 'users', 'user_main.tpl');
Layout::add($final);
}
}
