Пример #1
0
 /**
  * Execute the action
  */
 public function execute()
 {
     $email = $this->getParameter('email', 'string');
     // does the user exist
     if ($email !== null) {
         parent::execute();
         // delete item
         if (BackendUsersModel::undoDelete($email)) {
             // get user
             $user = new BackendUser(null, $email);
             // item was deleted, so redirect
             $this->redirect(BackendModel::createURLForAction('edit') . '&id=' . $user->getUserId() . '&report=restored&var=' . $user->getSetting('nickname') . '&highlight=row-' . $user->getUserId());
         } else {
             $this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
         }
     } else {
         $this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
     }
 }
Пример #2
0
 /**
  * Update the user password
  *
  * @param BackendUser $user An instance of BackendUser.
  * @param string $password The new password for the user.
  */
 public static function updatePassword(BackendUser $user, $password)
 {
     // fetch user info
     $userId = $user->getUserId();
     $key = $user->getSetting('password_key');
     // update user
     BackendModel::getDB(true)->update('users', array('password' => BackendAuthentication::getEncryptedString((string) $password, $key)), 'id = ?', $userId);
     // remove the user settings linked to the resetting of passwords
     self::deleteResetPasswordSettings($userId);
 }
Пример #3
0
 /**
  * Validate the form
  */
 private function validateForm()
 {
     // is the form submitted?
     if ($this->frm->isSubmitted()) {
         // cleanup the submitted fields, ignore fields that were added by hackers
         $this->frm->cleanupFields();
         $fields = $this->frm->getFields();
         // email is present
         if (!$this->user->isGod()) {
             if ($fields['email']->isFilled(BL::err('EmailIsRequired'))) {
                 // is this an email-address
                 if ($fields['email']->isEmail(BL::err('EmailIsInvalid'))) {
                     // was this emailaddress deleted before
                     if (BackendUsersModel::emailDeletedBefore($fields['email']->getValue())) {
                         $fields['email']->addError(sprintf(BL::err('EmailWasDeletedBefore'), BackendModel::createURLForAction('undo_delete', null, null, array('email' => $fields['email']->getValue()))));
                     } elseif (BackendUsersModel::existsEmail($fields['email']->getValue(), $this->id)) {
                         $fields['email']->addError(BL::err('EmailAlreadyExists'));
                     }
                 }
             }
         }
         // required fields
         if ($this->user->isGod() && $fields['email']->getValue() != '' && $this->user->getEmail() != $fields['email']->getValue()) {
             $fields['email']->addError(BL::err('CantChangeGodsEmail'));
         }
         if (!$this->user->isGod()) {
             $fields['email']->isEmail(BL::err('EmailIsInvalid'));
         }
         $fields['nickname']->isFilled(BL::err('NicknameIsRequired'));
         $fields['name']->isFilled(BL::err('NameIsRequired'));
         $fields['surname']->isFilled(BL::err('SurnameIsRequired'));
         $fields['interface_language']->isFilled(BL::err('FieldIsRequired'));
         $fields['date_format']->isFilled(BL::err('FieldIsRequired'));
         $fields['time_format']->isFilled(BL::err('FieldIsRequired'));
         $fields['number_format']->isFilled(BL::err('FieldIsRequired'));
         $fields['groups']->isFilled(BL::err('FieldIsRequired'));
         if (isset($fields['new_password']) && $fields['new_password']->isFilled()) {
             if ($fields['new_password']->getValue() !== $fields['confirm_password']->getValue()) {
                 $fields['confirm_password']->addError(BL::err('ValuesDontMatch'));
             }
         }
         // validate avatar
         if ($fields['avatar']->isFilled()) {
             // correct extension
             if ($fields['avatar']->isAllowedExtension(array('jpg', 'jpeg', 'gif', 'png'), BL::err('JPGGIFAndPNGOnly'))) {
                 // correct mimetype?
                 $fields['avatar']->isAllowedMimeType(array('image/gif', 'image/jpg', 'image/jpeg', 'image/png'), BL::err('JPGGIFAndPNGOnly'));
             }
         }
         // no errors?
         if ($this->frm->isCorrect()) {
             // build user-array
             $user['id'] = $this->id;
             if (!$this->user->isGod()) {
                 $user['email'] = $fields['email']->getValue(true);
             }
             if ($this->authenticatedUser->getUserId() != $this->record['id']) {
                 $user['active'] = $fields['active']->isChecked() ? 'Y' : 'N';
             }
             // build settings-array
             $settings['nickname'] = $fields['nickname']->getValue();
             $settings['name'] = $fields['name']->getValue();
             $settings['surname'] = $fields['surname']->getValue();
             $settings['interface_language'] = $fields['interface_language']->getValue();
             $settings['date_format'] = $fields['date_format']->getValue();
             $settings['time_format'] = $fields['time_format']->getValue();
             $settings['datetime_format'] = $settings['date_format'] . ' ' . $settings['time_format'];
             $settings['number_format'] = $fields['number_format']->getValue();
             $settings['csv_split_character'] = $fields['csv_split_character']->getValue();
             $settings['csv_line_ending'] = $fields['csv_line_ending']->getValue();
             $settings['api_access'] = (bool) $fields['api_access']->getChecked();
             // update password (only if filled in)
             if (isset($fields['new_password']) && $fields['new_password']->isFilled()) {
                 $user['password'] = BackendAuthentication::getEncryptedString($fields['new_password']->getValue(), $this->record['settings']['password_key']);
                 // the password has changed
                 if ($this->record['password'] != $user['password']) {
                     // save the login timestamp in the user's settings
                     $lastPasswordChange = BackendUsersModel::getSetting($user['id'], 'current_password_change');
                     $settings['current_password_change'] = time();
                     if ($lastPasswordChange) {
                         $settings['last_password_change'] = $lastPasswordChange;
                     }
                     // save the password strength
                     $passwordStrength = BackendAuthentication::checkPassword($fields['new_password']->getValue());
                     $settings['password_strength'] = $passwordStrength;
                 }
             }
             // get selected groups
             $groups = $fields['groups']->getChecked();
             // init var
             $newSequence = BackendGroupsModel::getSetting($groups[0], 'dashboard_sequence');
             // loop through groups and collect all dashboard widget sequences
             foreach ($groups as $group) {
                 $sequences[] = BackendGroupsModel::getSetting($group, 'dashboard_sequence');
             }
             // loop through sequences
             foreach ($sequences as $sequence) {
                 // loop through modules inside a sequence
                 foreach ($sequence as $moduleKey => $module) {
                     // loop through widgets inside a module
                     foreach ($module as $widgetKey => $widget) {
                         // if widget present set true
                         if ($widget['present']) {
                             $newSequence[$moduleKey][$widgetKey]['present'] = true;
                         }
                     }
                 }
             }
             // add new sequence to settings
             $settings['dashboard_sequence'] = $newSequence;
             // has the user submitted an avatar?
             if ($fields['avatar']->isFilled()) {
                 // init vars
                 $avatarsPath = FRONTEND_FILES_PATH . '/backend_users/avatars';
                 // delete old avatar if it isn't the default-image
                 if ($this->record['settings']['avatar'] != 'no-avatar.jpg') {
                     SpoonFile::delete($avatarsPath . '/source/' . $this->record['settings']['avatar']);
                     SpoonFile::delete($avatarsPath . '/128x128/' . $this->record['settings']['avatar']);
                     SpoonFile::delete($avatarsPath . '/64x64/' . $this->record['settings']['avatar']);
                     SpoonFile::delete($avatarsPath . '/32x32/' . $this->record['settings']['avatar']);
                 }
                 // create new filename
                 $filename = rand(0, 3) . '_' . $user['id'] . '.' . $fields['avatar']->getExtension();
                 // add into settings to update
                 $settings['avatar'] = $filename;
                 // resize (128x128)
                 $fields['avatar']->createThumbnail($avatarsPath . '/128x128/' . $filename, 128, 128, true, false, 100);
                 // resize (64x64)
                 $fields['avatar']->createThumbnail($avatarsPath . '/64x64/' . $filename, 64, 64, true, false, 100);
                 // resize (32x32)
                 $fields['avatar']->createThumbnail($avatarsPath . '/32x32/' . $filename, 32, 32, true, false, 100);
             }
             // save changes
             BackendUsersModel::update($user, $settings);
             // save groups
             BackendGroupsModel::insertMultipleGroups($this->id, $groups);
             // trigger event
             BackendModel::triggerEvent($this->getModule(), 'after_edit', array('item' => $user));
             // everything is saved, so redirect to the overview
             $this->redirect(BackendModel::createURLForAction('index') . '&report=edited&var=' . $settings['nickname'] . '&highlight=row-' . $user['id']);
         }
     }
 }