/**
* Execute the action
*/
public function execute()
{
// get parameters
$this->id = $this->getParameter('id', 'int');
// does the user exist
if ($this->id !== null && BackendUsersModel::exists($this->id) && BackendAuthentication::getUser()->getUserId() != $this->id) {
parent::execute();
// get data
$user = new BackendUser($this->id);
// God-users can't be deleted
if ($user->isGod()) {
$this->redirect(BackendModel::createURLForAction('index') . '&error=cant-delete-god');
}
// delete item
BackendUsersModel::delete($this->id);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_delete', array('id' => $this->id));
// item was deleted, so redirect
$this->redirect(BackendModel::createURLForAction('index') . '&report=deleted&var=' . $user->getSetting('nickname'));
} else {
$this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
}
}
/**
* Default authentication
*
* @return bool
*/
public static function authorize()
{
// grab data
$email = SpoonFilter::getGetValue('email', null, '');
$nonce = SpoonFilter::getGetValue('nonce', null, '');
$secret = SpoonFilter::getGetValue('secret', null, '');
// data can be available in the POST, so check it
if ($email == '') {
$email = SpoonFilter::getPostValue('email', null, '');
}
if ($nonce == '') {
$nonce = SpoonFilter::getPostValue('nonce', null, '');
}
if ($secret == '') {
$secret = SpoonFilter::getPostValue('secret', null, '');
}
// check if needed elements are available
if ($email == '') {
self::output(self::BAD_REQUEST, array('message' => 'No email-parameter provided.'));
}
if ($nonce == '') {
self::output(self::BAD_REQUEST, array('message' => 'No nonce-parameter provided.'));
}
if ($secret == '') {
self::output(self::BAD_REQUEST, array('message' => 'No secret-parameter provided.'));
}
// get the user
$user = new BackendUser(null, $email);
// user is god!
if ($user->isGod()) {
return true;
}
// get settings
$apiAccess = $user->getSetting('api_access', false);
$apiKey = $user->getSetting('api_key');
// no API-access
if (!$apiAccess) {
self::output(self::FORBIDDEN, array('message' => 'Your account isn\'t allowed to use the API. Contact an administrator.'));
}
// create hash
$hash = BackendAuthentication::getEncryptedString($email . $apiKey, $nonce);
// output
if ($secret != $hash) {
self::output(self::FORBIDDEN, array('message' => 'Invalid secret.'));
}
// return
return true;
}
/**
* Validate the form
*/
private function validateForm()
{
// is the form submitted?
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
$fields = $this->frm->getFields();
// email is present
if (!$this->user->isGod()) {
if ($fields['email']->isFilled(BL::err('EmailIsRequired'))) {
// is this an email-address
if ($fields['email']->isEmail(BL::err('EmailIsInvalid'))) {
// was this emailaddress deleted before
if (BackendUsersModel::emailDeletedBefore($fields['email']->getValue())) {
$fields['email']->addError(sprintf(BL::err('EmailWasDeletedBefore'), BackendModel::createURLForAction('undo_delete', null, null, array('email' => $fields['email']->getValue()))));
} elseif (BackendUsersModel::existsEmail($fields['email']->getValue(), $this->id)) {
$fields['email']->addError(BL::err('EmailAlreadyExists'));
}
}
}
}
// required fields
if ($this->user->isGod() && $fields['email']->getValue() != '' && $this->user->getEmail() != $fields['email']->getValue()) {
$fields['email']->addError(BL::err('CantChangeGodsEmail'));
}
if (!$this->user->isGod()) {
$fields['email']->isEmail(BL::err('EmailIsInvalid'));
}
$fields['nickname']->isFilled(BL::err('NicknameIsRequired'));
$fields['name']->isFilled(BL::err('NameIsRequired'));
$fields['surname']->isFilled(BL::err('SurnameIsRequired'));
$fields['interface_language']->isFilled(BL::err('FieldIsRequired'));
$fields['date_format']->isFilled(BL::err('FieldIsRequired'));
$fields['time_format']->isFilled(BL::err('FieldIsRequired'));
$fields['number_format']->isFilled(BL::err('FieldIsRequired'));
$fields['groups']->isFilled(BL::err('FieldIsRequired'));
if (isset($fields['new_password']) && $fields['new_password']->isFilled()) {
if ($fields['new_password']->getValue() !== $fields['confirm_password']->getValue()) {
$fields['confirm_password']->addError(BL::err('ValuesDontMatch'));
}
}
// validate avatar
if ($fields['avatar']->isFilled()) {
// correct extension
if ($fields['avatar']->isAllowedExtension(array('jpg', 'jpeg', 'gif', 'png'), BL::err('JPGGIFAndPNGOnly'))) {
// correct mimetype?
$fields['avatar']->isAllowedMimeType(array('image/gif', 'image/jpg', 'image/jpeg', 'image/png'), BL::err('JPGGIFAndPNGOnly'));
}
}
// no errors?
if ($this->frm->isCorrect()) {
// build user-array
$user['id'] = $this->id;
if (!$this->user->isGod()) {
$user['email'] = $fields['email']->getValue(true);
}
if (BackendAuthentication::getUser()->getUserId() != $this->record['id']) {
$user['active'] = $fields['active']->isChecked() ? 'Y' : 'N';
}
// update password (only if filled in)
if (isset($fields['new_password']) && $fields['new_password']->isFilled()) {
$user['password'] = BackendAuthentication::getEncryptedString($fields['new_password']->getValue(), $this->record['settings']['password_key']);
}
// build settings-array
$settings['nickname'] = $fields['nickname']->getValue();
$settings['name'] = $fields['name']->getValue();
$settings['surname'] = $fields['surname']->getValue();
$settings['interface_language'] = $fields['interface_language']->getValue();
$settings['date_format'] = $fields['date_format']->getValue();
$settings['time_format'] = $fields['time_format']->getValue();
$settings['datetime_format'] = $settings['date_format'] . ' ' . $settings['time_format'];
$settings['number_format'] = $fields['number_format']->getValue();
$settings['csv_split_character'] = $fields['csv_split_character']->getValue();
$settings['csv_line_ending'] = $fields['csv_line_ending']->getValue();
$settings['api_access'] = (bool) $fields['api_access']->getChecked();
// get selected groups
$groups = $fields['groups']->getChecked();
// init var
$newSequence = BackendGroupsModel::getSetting($groups[0], 'dashboard_sequence');
// loop through groups and collect all dashboard widget sequences
foreach ($groups as $group) {
$sequences[] = BackendGroupsModel::getSetting($group, 'dashboard_sequence');
}
// loop through sequences
foreach ($sequences as $sequence) {
// loop through modules inside a sequence
foreach ($sequence as $moduleKey => $module) {
// loop through widgets inside a module
foreach ($module as $widgetKey => $widget) {
// if widget present set true
if ($widget['present']) {
$newSequence[$moduleKey][$widgetKey]['present'] = true;
}
}
}
}
// add new sequence to settings
$settings['dashboard_sequence'] = $newSequence;
// has the user submitted an avatar?
if ($fields['avatar']->isFilled()) {
// delete old avatar if it isn't the default-image
if ($this->record['settings']['avatar'] != 'no-avatar.jpg') {
SpoonFile::delete(FRONTEND_FILES_PATH . '/backend_users/avatars/source/' . $this->record['settings']['avatar']);
SpoonFile::delete(FRONTEND_FILES_PATH . '/backend_users/avatars/128x128/' . $this->record['settings']['avatar']);
SpoonFile::delete(FRONTEND_FILES_PATH . '/backend_users/avatars/64x64/' . $this->record['settings']['avatar']);
SpoonFile::delete(FRONTEND_FILES_PATH . '/backend_users/avatars/32x32/' . $this->record['settings']['avatar']);
}
// create new filename
$filename = rand(0, 3) . '_' . $user['id'] . '.' . $fields['avatar']->getExtension();
// add into settings to update
$settings['avatar'] = $filename;
// resize (128x128)
$fields['avatar']->createThumbnail(FRONTEND_FILES_PATH . '/backend_users/avatars/128x128/' . $filename, 128, 128, true, false, 100);
// resize (64x64)
$fields['avatar']->createThumbnail(FRONTEND_FILES_PATH . '/backend_users/avatars/64x64/' . $filename, 64, 64, true, false, 100);
// resize (32x32)
$fields['avatar']->createThumbnail(FRONTEND_FILES_PATH . '/backend_users/avatars/32x32/' . $filename, 32, 32, true, false, 100);
}
// save changes
BackendUsersModel::update($user, $settings);
// save groups
BackendGroupsModel::insertMultipleGroups($this->id, $groups);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_edit', array('item' => $user));
// everything is saved, so redirect to the overview
$this->redirect(BackendModel::createURLForAction('index') . '&report=edited&var=' . $settings['nickname'] . '&highlight=row-' . $user['id']);
}
}
}
