/**
* view a post
*
* @param integer|string $postId
*/
public function view($postId = 0)
{
$postId = Encryption::decryptId($postId);
if (!$this->post->exists($postId)) {
$this->error("notfound");
}
$this->vars['globalPage'] = ["posts", "comments"];
$this->vars['globalPageId'] = $postId;
echo $this->view->renderWithLayouts(VIEWS_PATH . "layout/", VIEWS_PATH . 'posts/viewPost.php', array("postId" => $postId));
}
/**
* view a user
*
* @param integer|string $userId
*/
public function viewUser($userId = 0)
{
$userId = Encryption::decryptId($userId);
if (!$this->user->exists($userId)) {
$this->error("notfound");
}
$this->vars['curPage'] = "users";
$this->vars['curPageId'] = $userId;
echo $this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('ADMIN_VIEWS_PATH') . 'users/viewUser.php', array("userId" => $userId));
}
/**
* view a user
*
* @param integer|string $userId
*/
public function viewUser($userId = 0)
{
$userId = Encryption::decryptId($userId);
if (!$this->user->exists($userId)) {
$this->error("notfound");
}
$this->vars['globalPage'] = "users";
$this->vars['globalPageId'] = $userId;
echo $this->view->renderWithLayouts(VIEWS_PATH . "layout/", ADMIN_VIEWS_PATH . 'users/viewUser.php', array("userId" => $userId));
}
public function create()
{
$postId = Encryption::decryptId($this->request->data("post_id"));
$content = $this->request->data("content");
$comment = $this->comment->create(Session::getUserId(), $postId, $content);
if (!$comment) {
$this->view->renderErrors($this->comment->errors());
} else {
$html = $this->view->render(Config::get('VIEWS_PATH') . 'posts/comments.php', array("comments" => $comment));
$this->view->renderJson(array("data" => $html));
}
}
/**
* confirm on email updates
*
* You must be logged in with your current email
*/
public function updateEmail()
{
$userId = $this->request->query("id");
$userId = empty($userId) ? null : Encryption::decryptId($this->request->query("id"));
$token = $this->request->query("token");
$result = $this->user->updateEmail($userId, $token);
$errors = $this->user->errors();
if (!$result && empty($errors)) {
return $this->error(404);
} else {
if (!$result && !empty($errors)) {
$this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('VIEWS_PATH') . 'user/profile.php', ["emailUpdates" => ["errors" => $this->user->errors()]]);
} else {
$this->view->renderWithLayouts(Config::get('VIEWS_PATH') . "layout/default/", Config::get('VIEWS_PATH') . 'user/profile.php', ["emailUpdates" => ["success" => "Your email updates has been updated successfully."]]);
}
}
}
/**
* If password token valid, then show update password form
*
*/
public function resetPassword()
{
$userId = Encryption::decryptId($this->request->query("id"));
$token = $this->request->query("token");
$result = $this->login->isForgottenPasswordTokenValid($userId, $token);
if (!$result) {
$this->error("notfound");
} else {
//If there is a user already logged in, then log out.
//It not necessary for the logged in user to be the same as user_id in the requested reset password URL.
//But, this won't allow user to open more than one update password form,
//because every time it loads, it generates a new CSRF Token
//So, keep it commented
//$this->login->logOut(Session::getUserId(), true);
//don't store the user id in a hidden field in the update password form,
//because user can easily open inspector and change it,
//so you will ending up using updatePassword() on an invalid user id.
Session::set("user_id_reset_password", $userId);
echo $this->view->renderWithLayouts(Config::get('LOGIN_PATH'), Config::get('LOGIN_PATH') . 'updatePassword.php');
}
}
public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "posts";
// only for admins
Permission::allow('admin', $resource, ['*']);
// only for normal users
Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']);
Permission::allow('user', $resource, ['update', 'delete'], 'owner');
$postId = $action === "delete" ? $this->request->param("args")[0] : $this->request->data("post_id");
if (!empty($postId)) {
$postId = Encryption::decryptId($postId);
}
$config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId];
return Permission::check($role, $resource, $action, $config);
}
/**
* update user profile info(name, password, role)
*
*/
public function updateUserInfo()
{
$userId = Encryption::decryptId($this->request->data("user_id"));
$name = $this->request->data("name");
$password = $this->request->data("password");
$role = $this->request->data("role");
if (!$this->user->exists($userId)) {
return $this->error(404);
}
$result = $this->admin->updateUserInfo($userId, Session::getUserId(), $name, $password, $role);
if (!$result) {
$this->view->renderErrors($this->admin->errors());
} else {
$this->view->renderSuccess("Profile has been updated.");
}
}
