function render()
{
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_send_notifications_services, 'twitter');
# Instantieer het Spot user system & notificatiesysteem
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
$requestArray = array_merge_recursive($this->_currentSession['user']['prefs']['notifications']['twitter'], array('consumer_key' => $this->_settings->get('twitter_consumer_key'), 'consumer_secret' => $this->_settings->get('twitter_consumer_secret')));
if ($this->_params['action'] == 'verify') {
$this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray);
# een foute PIN invoeren geeft een notice, terwijl we zonder notice al een prima foutafhandeling hebben
list($http_code, $access_token) = @$this->_notificationService->verifyPIN($this->_params['pin']);
if ($http_code == 200) {
# request_token hebben we niet meer nodig
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = '';
# access_token is wat we wel willen opslaan
$this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = $access_token['screen_name'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = $access_token['oauth_token'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = $access_token['oauth_token_secret'];
$spotUserSystem->setUser($this->_currentSession['user']);
echo "Account " . $access_token['screen_name'] . " geverifiëerd.";
} else {
echo "Code " . $http_code . ": " . $this->getError($http_code);
}
# if
} elseif ($this->_params['action'] == 'remove') {
$screen_name = $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = '';
$spotUserSystem->setUser($this->_currentSession['user']);
echo "Account " . $screen_name . " verwijderd.";
} else {
$this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray);
list($http_code, $request_token, $registerURL) = @$this->_notificationService->requestAuthorizeURL();
if ($http_code == 200) {
# request_token slaan we op in de preferences, deze hebben we
# weer nodig wanneer de PIN wordt ingevoerd
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = $request_token['oauth_token'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = $request_token['oauth_token_secret'];
$spotUserSystem->setUser($this->_currentSession['user']);
echo $registerURL;
} else {
echo "Code " . $http_code . ": " . $this->getError($http_code);
}
# if
}
# if
}
function render()
{
$groupMembership = array();
$formMessages = array('errors' => array(), 'info' => array());
# check the users' permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# per default the result is 'not tried'
$editResult = array();
# Instantiate the spotuser object
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# and create a nic and shiny page title
$this->_pageTitle = "spot: edit user";
# retrieve the to-edit user
$spotUser = $this->_db->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit);
$editResult = array('result' => 'failure');
}
# if
# request the users' groupmembership
if ($spotUser != false) {
$groupMembership = $this->_db->getGroupList($spotUser['userid']);
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserForm['action'];
# Only perform certain validations when the form is actually submitted
if (!empty($formAction) && empty($formMessages['errors'])) {
# sta niet toe, dat de admin user gewist wordt
if ($spotUser['userid'] <= SPOTWEB_ADMIN_USERID && $formAction == 'delete') {
$formMessages['errors'][] = _('Admin and Anonymous can not be deleted');
$editResult = array('result' => 'failure');
}
# if
}
# if
# Only perform certain validations when the form is actually submitted
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'delete':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
$spotUser = array_merge($spotUser, $this->_editUserForm);
$spotUserSystem->removeUser($spotUser['userid']);
$editResult = array('result' => 'success');
break;
# case delete
# case delete
case 'edit':
# Remove any non-valid fields from the array
$this->_editUserForm = $this->cleanseEditForm($this->_editUserForm);
# validate the user fields
$spotUser = array_merge($spotUser, $this->_editUserForm);
$formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true);
if (empty($formMessages['errors'])) {
# actually update the user record
$spotUserSystem->setUser($spotUser);
/*
* Update the users' password, but only when
* a new password is given
*/
if (!empty($spotUser['newpassword1'])) {
$spotUserSystem->setUserPassword($spotUser);
}
# if
/*
* Did we get an groupmembership list? If so,
* try to update it as well
*/
if (isset($this->_editUserForm['grouplist'])) {
# retrieve the list of user groups
$groupList = array();
foreach ($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val, 'prio' => count($groupList));
}
# if
}
# for
# make sure there is at least one group
if (count($groupList) < 1) {
$formMessages['errors'][] = _('A user must be member of at least one group');
$editResult = array('result' => 'failure');
} else {
# Mangle the current group membership to a common format
$currentGroupList = array();
foreach ($groupList as $value) {
$currentGroupList[] = $value['groupid'];
}
# foreach
# and mangle the new requested group membership
$tobeGroupList = array();
foreach ($groupMembership as $value) {
$tobeGroupList[] = $value['id'];
}
# foreach
/*
* Try to compare the grouplist with the current
* grouplist. If the grouplist changes, the user
* needs change group membership permissions
*/
sort($currentGroupList, SORT_NUMERIC);
sort($tobeGroupList, SORT_NUMERIC);
/*
* If the groupmembership list changes, lets make sure
* the user has the specific permission
*/
$groupDiff = count($currentGroupList) != count($tobeGroupList);
for ($i = 0; $i < count($currentGroupList) && !$groupDiff; $i++) {
$groupDiff = $currentGroupList[$i] != $tobeGroupList[$i];
}
# for
if ($groupDiff) {
if ($this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')) {
$spotUserSystem->setUserGroupList($spotUser, $groupList);
} else {
$formMessages['errors'][] = _('Changing group membership is not allowed');
$editResult = array('result' => 'failure');
}
# else
}
# if
}
# if
}
# if
# report success
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
}
# else
break;
# case 'edit'
# case 'edit'
case 'removeallsessions':
$spotUserSystem->removeAllUserSessions($spotUser['userid']);
$editResult = array('result' => 'success');
break;
# case 'removeallsessions'
# case 'removeallsessions'
case 'resetuserapi':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
$user = $spotUserSystem->resetUserApi($spotUser);
$editResult = array('result' => 'success', 'newapikey' => $user['apikey']);
break;
# case resetuserapi
}
# switch
}
# if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser, 'formmessages' => $formMessages, 'editresult' => $editResult, 'groupMembership' => $groupMembership));
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Validate proper permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Make sure the editresult is set to 'not comitted' per default
$editResult = array();
# Instantiat the user system as necessary for the management of user preferences
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit user preferences";
# retrieve the to-edit user
$spotUser = $this->_db->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit);
$editResult = array('result' => 'failure');
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserPrefsForm['action'];
/*
* We want the annymous' users account so we can use this users' preferences as a
* template. This makes sure all properties are atleast set.
*/
$anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID);
# Are we trying to submit this form, or only rendering it?
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'edit':
/*
* We have a few dummy preferenes -- these are submitted like a checkbox for example
* but in reality do something completely different.
*
* Because we use cleanseUserPreferences() those dummies will not end up in the database
*/
if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) {
$spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'enablenotify' => false, 'icon' => 'spotweb.png', 'tree' => '~cat0_z3'));
} else {
$spotUserSystem->removeIndexFilter($spotUser['userid']);
}
# if
# Save the current' user preferences because we need them before cleansing
$savePrefs = $spotUser['prefs'];
$spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs'], $this->_tplHelper->getTemplatePreferences());
# Validate all preferences
list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $savePrefs);
# Make sure user has permission to select this template
if ($spotUser['prefs']['normal_template'] != $savePrefs['normal_template']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['normal_template']);
}
# if
if ($spotUser['prefs']['mobile_template'] != $savePrefs['mobile_template']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['mobile_template']);
}
# if
if ($spotUser['prefs']['tablet_template'] != $savePrefs['tablet_template']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['tablet_template']);
}
# if
if (empty($formMessages['errors'])) {
# Make sure an NZB file was provided
if (isset($_FILES['edituserprefsform'])) {
$uploadError = $_FILES['edituserprefsform']['error']['avatar'];
/**
* Give a proper error if the file is too large, because changeAvatar() wont see
* these errors so they cannot provide the error
*/
if ($uploadError == UPLOAD_ERR_FORM_SIZE || $uploadError == UPLOAD_ERR_INI_SIZE) {
$formMessages['errors'][] = _("Uploaded file is too large");
}
# if
if ($uploadError == UPLOAD_ERR_OK) {
$formMessages['errors'] = $spotUserSystem->changeAvatar($spotUser['userid'], file_get_contents($_FILES['edituserprefsform']['tmp_name']['avatar']));
}
# if
}
# if
}
# if
if (empty($formMessages['errors'])) {
# and actually update the user in the database
$spotUserSystem->setUser($spotUser);
# if we didnt get an exception, it automatically succeeded
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
}
# else
/*
* We have the register Spotweb with the notification providers (growl, prowl, etc) atleast once.
* The safes option is to just do this wih each preferences submit. But first we create a fake
* session for this user.
*/
$fakeSession = $spotUserSystem->createNewSession($spotUser['userid']);
$fakeSession['security'] = new SpotSecurity($this->_db, $this->_settings, $fakeSession['user'], '');
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $fakeSession);
$spotsNotifications->register();
break;
# case 'edit'
# case 'edit'
case 'cancel':
$editResult = array('result' => 'success');
# case 'cancel'
}
# switch
}
# if
#- display stuff -#
$this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult));
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, '');
# edituserprefs resultaat is standaard niet geprobeerd
$editResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit user preferences";
# haal de te editten user op
$spotUser = $this->_db->getUser($this->_currentSession['user']['userid']);
if ($spotUser === false) {
$formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username']));
$editResult = array('result' => 'failure');
}
# if
# Bepaal welke actie er gekozen was (welke knop ingedrukt was)
$formAction = '';
if (isset($this->_editUserPrefsForm['submitedit'])) {
$formAction = 'edit';
unset($this->_editUserPrefsForm['submitedit']);
} elseif (isset($this->_editUserPrefsForm['submitcancel'])) {
$formAction = 'cancel';
unset($this->_editUserPrefsForm['submitcancel']);
}
# if
# We vragen de anonymous user account op, omdat die z'n preferences gebruikt worden
# als basis.
$anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID);
# Is dit een submit van een form, of nog maar de aanroep?
if (!empty($formAction) && empty($formMessages['errors'])) {
switch ($formAction) {
case 'edit':
# We hebben een aantal dummy preferences welke een speciale actie heeft voor ons, we nemen er hier
# actie over. In de functie cleanseUserPreferences() worden ze automatisch gestripped.
if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) {
$spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'icon' => 'spotweb.png', 'tree' => '~cat0_z3'));
} else {
$spotUserSystem->removeIndexFilter($spotUser['userid']);
}
# if
# Er mogen geen user preferences doorgegeven worden, welke niet in de anonuser preferences staan,
# een merge met de anonuser preferences kan niet, omdat dat niet opgegeven checkboxes (die komen gewoon
# niet door), op true of false zou zetten naar gelang de default parameter en dus het formulier zou
# negeren.
$spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs']);
# controleer en repareer alle preferences
list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $this->_currentSession['user']['prefs']);
if (empty($formMessages['errors'])) {
# bewerkt de user
$spotUserSystem->setUser($spotUser);
# als het toevoegen van de user gelukt is, laat het weten
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
}
# else
# Spotweb registreren bij de notificatie-providers. Dit moet mininmaal 1 keer, dus de veiligste optie is om dit
# elke keer te doen als de voorkeuren worden opgeslagen
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
$spotsNotifications->register();
break;
# case 'edit'
# case 'edit'
case 'cancel':
$editResult = array('result' => 'success');
# case 'cancel'
}
# switch
}
# if
#- display stuff -#
$this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult));
}
function render() {
$groupMembership = array();
$formMessages = array('errors' => array(),
'info' => array());
# Controleer de users' rechten
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
} # if
# edituser resultaat is standaard niet geprobeerd
$editResult = array();
# Instantieer het Spot user system
$spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
# zet de page title
$this->_pageTitle = "spot: edit user";
# haal de te editten user op
$spotUser = $this->_db->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username']));
$editResult = array('result' => 'failure');
} # if
# Vraag group membership van deze user op
if ($spotUser != false) {
$groupMembership = $this->_db->getGroupList($spotUser['userid']);
} # if
# Bepaal welke actie er gekozen was (welke knop ingedrukt was)
$formAction = '';
if (isset($this->_editUserForm['submitedit'])) {
$formAction = 'edit';
unset($this->_editUserForm['submitedit']);
} elseif (isset($this->_editUserForm['submitdelete'])) {
$formAction = 'delete';
unset($this->_editUserForm['submitdelete']);
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
} elseif (isset($this->_editUserForm['submitresetuserapi'])) {
$formAction = 'resetapi';
unset($this->_editUserForm['submitresetuserapi']);
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
} elseif (isset($this->_editUserForm['removeallsessions'])) {
$formAction = 'removeallsessions';
unset($this->_editUserForm['removeallsessions']);
} # else
# Is dit een submit van een form, of nog maar de aanroep?
if ((!empty($formAction)) && (empty($formMessages['errors']))) {
# sta niet toe, dat de anonymous user gewijzigd wordt
if ($spotUser['userid'] == SPOTWEB_ANONYMOUS_USERID) {
$formMessages['errors'][] = array('edituser_cannoteditanonymous', array());
$editResult = array('result' => 'failure');
} # if
# sta niet toe, dat de admin user gewist wordt
if (($spotUser['userid'] <= SPOTWEB_ADMIN_USERID) && ($formAction == 'delete')) {
$formMessages['errors'][] = array('edituser_cannotremovesystemuser', array());
$editResult = array('result' => 'failure');
} # if
} # if
# Is dit een submit van een form, of nog maar de aanroep?
if ((!empty($formAction)) && (empty($formMessages['errors']))) {
switch($formAction) {
case 'delete' : {
$spotUser = array_merge($spotUser, $this->_editUserForm);
$spotUserSystem->removeUser($spotUser['userid']);
$editResult = array('result' => 'success');
break;
} # case delete
case 'edit' : {
# Verwijder eventueel niet geldige velden uit het formulier
$this->_editUserForm = $this->cleanseEditForm($this->_editUserForm);
# valideer de user
$spotUser = array_merge($spotUser, $this->_editUserForm);
$formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, true);
if (empty($formMessages['errors'])) {
# bewerkt de user
$spotUserSystem->setUser($spotUser);
# als de gebruker een nieuw wachtwoord opgegeven heeft, update dan
# het wachtwoord ook
if (!empty($spotUser['newpassword1'])) {
$spotUserSystem->setUserPassword($spotUser);
} # if
# Zijn er ook groupmembership lijsten meegestuurd? Zo ja,
# en als de user het recht heeft, update die dan ook
if (isset($this->_editUserForm['grouplist'])) {
# vraag de lijst met usergroepen op
$groupList = array();
foreach($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val,
'prio' => count($groupList));
} # if
} # for
# zorg er voor dat er meer dan 1 groep overblijft
if (count($groupList) < 1) {
$formMessages['errors'][] = array('edituser_usermusthaveonegroup', array());
$editResult = array('result' => 'failure');
} else {
$spotUserSystem->setUserGroupList($spotUser, $groupList);
} # if
} # if
# als het toevoegen van de user gelukt is, laat het weten
$editResult = array('result' => 'success');
} else {
$editResult = array('result' => 'failure');
} # else
break;
} # case 'edit'
case 'removeallsessions' : {
$spotUserSystem->removeAllUserSessions($spotUser['userid']);
$editResult = array('result' => 'success');
break;
} # case 'removeallsessions'
case 'resetapi' : {
$user = $spotUserSystem->resetUserApi($spotUser);
$editResult = array('result' => 'success', 'newapikey' => $user['apikey']);
break;
} # case resetapi
} # switch
} # if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser,
'formmessages' => $formMessages,
'editresult' => $editResult,
'groupMembership' => $groupMembership));
} # render
