function render() { # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_send_notifications_services, 'twitter'); # Instantieer het Spot user system & notificatiesysteem $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $requestArray = array_merge_recursive($this->_currentSession['user']['prefs']['notifications']['twitter'], array('consumer_key' => $this->_settings->get('twitter_consumer_key'), 'consumer_secret' => $this->_settings->get('twitter_consumer_secret'))); if ($this->_params['action'] == 'verify') { $this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray); # een foute PIN invoeren geeft een notice, terwijl we zonder notice al een prima foutafhandeling hebben list($http_code, $access_token) = @$this->_notificationService->verifyPIN($this->_params['pin']); if ($http_code == 200) { # request_token hebben we niet meer nodig $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = ''; # access_token is wat we wel willen opslaan $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = $access_token['screen_name']; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = $access_token['oauth_token']; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = $access_token['oauth_token_secret']; $spotUserSystem->setUser($this->_currentSession['user']); echo "Account " . $access_token['screen_name'] . " geverifiëerd."; } else { echo "Code " . $http_code . ": " . $this->getError($http_code); } # if } elseif ($this->_params['action'] == 'remove') { $screen_name = $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name']; $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = ''; $this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = ''; $spotUserSystem->setUser($this->_currentSession['user']); echo "Account " . $screen_name . " verwijderd."; } else { $this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray); list($http_code, $request_token, $registerURL) = @$this->_notificationService->requestAuthorizeURL(); if ($http_code == 200) { # request_token slaan we op in de preferences, deze hebben we # weer nodig wanneer de PIN wordt ingevoerd $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = $request_token['oauth_token']; $this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = $request_token['oauth_token_secret']; $spotUserSystem->setUser($this->_currentSession['user']); echo $registerURL; } else { echo "Code " . $http_code . ": " . $this->getError($http_code); } # if } # if }
function render() { $groupMembership = array(); $formMessages = array('errors' => array(), 'info' => array()); # check the users' permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # per default the result is 'not tried' $editResult = array(); # Instantiate the spotuser object $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # and create a nic and shiny page title $this->_pageTitle = "spot: edit user"; # retrieve the to-edit user $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit); $editResult = array('result' => 'failure'); } # if # request the users' groupmembership if ($spotUser != false) { $groupMembership = $this->_db->getGroupList($spotUser['userid']); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserForm['action']; # Only perform certain validations when the form is actually submitted if (!empty($formAction) && empty($formMessages['errors'])) { # sta niet toe, dat de admin user gewist wordt if ($spotUser['userid'] <= SPOTWEB_ADMIN_USERID && $formAction == 'delete') { $formMessages['errors'][] = _('Admin and Anonymous can not be deleted'); $editResult = array('result' => 'failure'); } # if } # if # Only perform certain validations when the form is actually submitted if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'delete': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); $spotUser = array_merge($spotUser, $this->_editUserForm); $spotUserSystem->removeUser($spotUser['userid']); $editResult = array('result' => 'success'); break; # case delete # case delete case 'edit': # Remove any non-valid fields from the array $this->_editUserForm = $this->cleanseEditForm($this->_editUserForm); # validate the user fields $spotUser = array_merge($spotUser, $this->_editUserForm); $formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true); if (empty($formMessages['errors'])) { # actually update the user record $spotUserSystem->setUser($spotUser); /* * Update the users' password, but only when * a new password is given */ if (!empty($spotUser['newpassword1'])) { $spotUserSystem->setUserPassword($spotUser); } # if /* * Did we get an groupmembership list? If so, * try to update it as well */ if (isset($this->_editUserForm['grouplist'])) { # retrieve the list of user groups $groupList = array(); foreach ($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # for # make sure there is at least one group if (count($groupList) < 1) { $formMessages['errors'][] = _('A user must be member of at least one group'); $editResult = array('result' => 'failure'); } else { # Mangle the current group membership to a common format $currentGroupList = array(); foreach ($groupList as $value) { $currentGroupList[] = $value['groupid']; } # foreach # and mangle the new requested group membership $tobeGroupList = array(); foreach ($groupMembership as $value) { $tobeGroupList[] = $value['id']; } # foreach /* * Try to compare the grouplist with the current * grouplist. If the grouplist changes, the user * needs change group membership permissions */ sort($currentGroupList, SORT_NUMERIC); sort($tobeGroupList, SORT_NUMERIC); /* * If the groupmembership list changes, lets make sure * the user has the specific permission */ $groupDiff = count($currentGroupList) != count($tobeGroupList); for ($i = 0; $i < count($currentGroupList) && !$groupDiff; $i++) { $groupDiff = $currentGroupList[$i] != $tobeGroupList[$i]; } # for if ($groupDiff) { if ($this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')) { $spotUserSystem->setUserGroupList($spotUser, $groupList); } else { $formMessages['errors'][] = _('Changing group membership is not allowed'); $editResult = array('result' => 'failure'); } # else } # if } # if } # if # report success $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else break; # case 'edit' # case 'edit' case 'removeallsessions': $spotUserSystem->removeAllUserSessions($spotUser['userid']); $editResult = array('result' => 'success'); break; # case 'removeallsessions' # case 'removeallsessions' case 'resetuserapi': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); $user = $spotUserSystem->resetUserApi($spotUser); $editResult = array('result' => 'success', 'newapikey' => $user['apikey']); break; # case resetuserapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'formmessages' => $formMessages, 'editresult' => $editResult, 'groupMembership' => $groupMembership)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Validate proper permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Make sure the editresult is set to 'not comitted' per default $editResult = array(); # Instantiat the user system as necessary for the management of user preferences $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # retrieve the to-edit user $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit); $editResult = array('result' => 'failure'); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserPrefsForm['action']; /* * We want the annymous' users account so we can use this users' preferences as a * template. This makes sure all properties are atleast set. */ $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Are we trying to submit this form, or only rendering it? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': /* * We have a few dummy preferenes -- these are submitted like a checkbox for example * but in reality do something completely different. * * Because we use cleanseUserPreferences() those dummies will not end up in the database */ if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'enablenotify' => false, 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Save the current' user preferences because we need them before cleansing $savePrefs = $spotUser['prefs']; $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs'], $this->_tplHelper->getTemplatePreferences()); # Validate all preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $savePrefs); # Make sure user has permission to select this template if ($spotUser['prefs']['normal_template'] != $savePrefs['normal_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['normal_template']); } # if if ($spotUser['prefs']['mobile_template'] != $savePrefs['mobile_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['mobile_template']); } # if if ($spotUser['prefs']['tablet_template'] != $savePrefs['tablet_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['tablet_template']); } # if if (empty($formMessages['errors'])) { # Make sure an NZB file was provided if (isset($_FILES['edituserprefsform'])) { $uploadError = $_FILES['edituserprefsform']['error']['avatar']; /** * Give a proper error if the file is too large, because changeAvatar() wont see * these errors so they cannot provide the error */ if ($uploadError == UPLOAD_ERR_FORM_SIZE || $uploadError == UPLOAD_ERR_INI_SIZE) { $formMessages['errors'][] = _("Uploaded file is too large"); } # if if ($uploadError == UPLOAD_ERR_OK) { $formMessages['errors'] = $spotUserSystem->changeAvatar($spotUser['userid'], file_get_contents($_FILES['edituserprefsform']['tmp_name']['avatar'])); } # if } # if } # if if (empty($formMessages['errors'])) { # and actually update the user in the database $spotUserSystem->setUser($spotUser); # if we didnt get an exception, it automatically succeeded $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else /* * We have the register Spotweb with the notification providers (growl, prowl, etc) atleast once. * The safes option is to just do this wih each preferences submit. But first we create a fake * session for this user. */ $fakeSession = $spotUserSystem->createNewSession($spotUser['userid']); $fakeSession['security'] = new SpotSecurity($this->_db, $this->_settings, $fakeSession['user'], ''); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $fakeSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); # edituserprefs resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # haal de te editten user op $spotUser = $this->_db->getUser($this->_currentSession['user']['userid']); if ($spotUser === false) { $formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username'])); $editResult = array('result' => 'failure'); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editUserPrefsForm['submitedit'])) { $formAction = 'edit'; unset($this->_editUserPrefsForm['submitedit']); } elseif (isset($this->_editUserPrefsForm['submitcancel'])) { $formAction = 'cancel'; unset($this->_editUserPrefsForm['submitcancel']); } # if # We vragen de anonymous user account op, omdat die z'n preferences gebruikt worden # als basis. $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Is dit een submit van een form, of nog maar de aanroep? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': # We hebben een aantal dummy preferences welke een speciale actie heeft voor ons, we nemen er hier # actie over. In de functie cleanseUserPreferences() worden ze automatisch gestripped. if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Er mogen geen user preferences doorgegeven worden, welke niet in de anonuser preferences staan, # een merge met de anonuser preferences kan niet, omdat dat niet opgegeven checkboxes (die komen gewoon # niet door), op true of false zou zetten naar gelang de default parameter en dus het formulier zou # negeren. $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs']); # controleer en repareer alle preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $this->_currentSession['user']['prefs']); if (empty($formMessages['errors'])) { # bewerkt de user $spotUserSystem->setUser($spotUser); # als het toevoegen van de user gelukt is, laat het weten $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else # Spotweb registreren bij de notificatie-providers. Dit moet mininmaal 1 keer, dus de veiligste optie is om dit # elke keer te doen als de voorkeuren worden opgeslagen $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }
function render() { $groupMembership = array(); $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # edituser resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user"; # haal de te editten user op $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username'])); $editResult = array('result' => 'failure'); } # if # Vraag group membership van deze user op if ($spotUser != false) { $groupMembership = $this->_db->getGroupList($spotUser['userid']); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editUserForm['submitedit'])) { $formAction = 'edit'; unset($this->_editUserForm['submitedit']); } elseif (isset($this->_editUserForm['submitdelete'])) { $formAction = 'delete'; unset($this->_editUserForm['submitdelete']); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); } elseif (isset($this->_editUserForm['submitresetuserapi'])) { $formAction = 'resetapi'; unset($this->_editUserForm['submitresetuserapi']); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); } elseif (isset($this->_editUserForm['removeallsessions'])) { $formAction = 'removeallsessions'; unset($this->_editUserForm['removeallsessions']); } # else # Is dit een submit van een form, of nog maar de aanroep? if ((!empty($formAction)) && (empty($formMessages['errors']))) { # sta niet toe, dat de anonymous user gewijzigd wordt if ($spotUser['userid'] == SPOTWEB_ANONYMOUS_USERID) { $formMessages['errors'][] = array('edituser_cannoteditanonymous', array()); $editResult = array('result' => 'failure'); } # if # sta niet toe, dat de admin user gewist wordt if (($spotUser['userid'] <= SPOTWEB_ADMIN_USERID) && ($formAction == 'delete')) { $formMessages['errors'][] = array('edituser_cannotremovesystemuser', array()); $editResult = array('result' => 'failure'); } # if } # if # Is dit een submit van een form, of nog maar de aanroep? if ((!empty($formAction)) && (empty($formMessages['errors']))) { switch($formAction) { case 'delete' : { $spotUser = array_merge($spotUser, $this->_editUserForm); $spotUserSystem->removeUser($spotUser['userid']); $editResult = array('result' => 'success'); break; } # case delete case 'edit' : { # Verwijder eventueel niet geldige velden uit het formulier $this->_editUserForm = $this->cleanseEditForm($this->_editUserForm); # valideer de user $spotUser = array_merge($spotUser, $this->_editUserForm); $formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true); if (empty($formMessages['errors'])) { # bewerkt de user $spotUserSystem->setUser($spotUser); # als de gebruker een nieuw wachtwoord opgegeven heeft, update dan # het wachtwoord ook if (!empty($spotUser['newpassword1'])) { $spotUserSystem->setUserPassword($spotUser); } # if # Zijn er ook groupmembership lijsten meegestuurd? Zo ja, # en als de user het recht heeft, update die dan ook if (isset($this->_editUserForm['grouplist'])) { # vraag de lijst met usergroepen op $groupList = array(); foreach($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # for # zorg er voor dat er meer dan 1 groep overblijft if (count($groupList) < 1) { $formMessages['errors'][] = array('edituser_usermusthaveonegroup', array()); $editResult = array('result' => 'failure'); } else { $spotUserSystem->setUserGroupList($spotUser, $groupList); } # if } # if # als het toevoegen van de user gelukt is, laat het weten $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else break; } # case 'edit' case 'removeallsessions' : { $spotUserSystem->removeAllUserSessions($spotUser['userid']); $editResult = array('result' => 'success'); break; } # case 'removeallsessions' case 'resetapi' : { $user = $spotUserSystem->resetUserApi($spotUser); $editResult = array('result' => 'success', 'newapikey' => $user['apikey']); break; } # case resetapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'formmessages' => $formMessages, 'editresult' => $editResult, 'groupMembership' => $groupMembership)); } # render