/** * Returns links to edit the profile, based on the permissions of the user * that is viewing this page. */ public function get_edit_links_html(Website $website) { $viewing_user = $website->getAuth()->getCurrentUser(); $returnValue = ""; // Get privileges $is_viewing_themselves = false; $is_viewing_as_moderator = false; $is_viewing_as_admin = false; if ($viewing_user != null) { $is_viewing_themselves = $this->user->getId() == $viewing_user->getId(); if ($website->isLoggedInAsStaff(false)) { $is_viewing_as_moderator = true; } if ($website->isLoggedInAsStaff(true)) { $is_viewing_as_admin = true; } } // Gravatar link + help if ($is_viewing_themselves) { // No way that other admins can edit someone's avatar, so only display help text for owner $returnValue .= <<<EOT <p> {$website->tReplaced("users.gravatar.explained", '<a href="http://gravatar.com/">gravatar.com</a>')} </p> EOT; } // Add all account edit links $edit_links = []; if (!$is_viewing_themselves && $is_viewing_as_moderator) { // Accessed by a moderator that isn't viewing his/her own account // Add (un)ban link $edit_links[] = $this->get_edit_link($website, "edit_account_status", "users.status.edit"); } if ($is_viewing_themselves || $is_viewing_as_admin) { // Accessed by the user themselves or an admin // Display links to edit profile $edit_links[] = $this->get_edit_link($website, "edit_email", "users.email.edit"); $edit_links[] = $this->get_edit_link($website, "edit_password", "users.password.edit"); $edit_links[] = $this->get_edit_link($website, "edit_display_name", "users.display_name.edit"); } if (!$is_viewing_themselves && $is_viewing_as_admin) { // Accessed by an admin that isn't viewing his/her own account // Add rank edit link and login link $edit_links[] = $this->get_edit_link($website, "edit_rank", "users.rank.edit"); // Only display login link if account is not deleted/banned if ($this->user->canLogIn()) { $edit_links[] = $this->get_edit_link($website, "login_other", "main.log_in"); } } if (count($edit_links) > 0) { $returnValue .= "<p>\n" . implode($edit_links) . "</p>\n"; } return $returnValue; }
/** * Save that user object in the session. Doesn't modify the login cookie. * Null values are not permitted. Use log_out to log the current user out. * @param User $user The user to login * @return boolean Whether the user object was set. Returns false when the * account is banned or deleted. */ public function setCurrentUser(User $user) { if (!$user->canLogIn()) { // User is banned or something return false; } $_SESSION['user_id'] = $user->getId(); if ($user->hasRank(self::RANK_MODERATOR)) { // This session vars are purely used for CKEditor. // In rCMS there are much better, easier and safer ways to check this. $_SESSION['moderator'] = true; } else { $_SESSION['moderator'] = false; } $this->currentUser = $user; return true; }