function _submit_user() { $this->_import_profile_controller(); $profile = new ProfileController($this->api); $user = $this->get_current_user(); $group = $this->get_current_group(); $is_self = $_POST['user_id'] == $user->get_id(); // Check permissions. if ($user->is_anonymous()) { die('Not logged in'); } elseif ($group->may('administer')) { $user = $this->_get_user_from_id_or_die($_POST['user_id']); $user->set_name($_POST['username']); $user->set_group_id($_POST['group_id']); $user->set_status($_POST['status']); init_user_from_post_data($user); } elseif ($is_self) { if ($_POST['status'] != USER_STATUS_DELETED && $_POST['status'] != USER_STATUS_ACTIVE) { die('Invalid status'); } init_user_from_post_data($user); $user->set_status($_POST['status']); } elseif ($group->may('moderate')) { if ($_POST['status'] != USER_STATUS_ACTIVE && $_POST['status'] != USER_STATUS_BLOCKED) { die('Invalid status'); } $user = $this->_get_user_from_id_or_die($_POST['user_id']); if (!$user->is_locked() && !$user->is_active()) { die('No permission to change the user status.'); } $group2 = $this->_get_group_from_id_or_die($user->get_group_id()); if ($user->is_anonymous() || $group2->may('administer')) { die('No permission to change that user.'); } $user->set_status($_POST['status']); if ($user->is_active()) { $this->_log_user_moderation('unlock_user', $user, ''); } else { $this->_log_user_moderation('lock_user', $user, ''); } } else { die('Permission to edit user denied.'); } $this->_add_profile_breadcrumbs($user); // If the user status is now DELETED, remove any related attributes. if ($user->get_status() == USER_STATUS_DELETED) { $user->set_deleted(); } else { // Else make sure that the data is complete and valid. $err = $user->check_complete(); if ($err) { $profile->add_hint(new \hint\Error($err)); return $profile->show_user_editor($user); } // Make sure that the passwords match. if ($_POST['password'] !== $_POST['password2']) { $profile->add_hint(new \hint\Hint(_('Error: Passwords do not match.'))); return $profile->show_user_editor($user); } if ($_POST['password'] != '') { $user->set_password($_POST['password']); } } // Save the user. if (!$this->get_userdb()->save_user($user)) { $profile->add_hint(new \hint\Error(_('Failed to save the user.'))); return $profile->show_user_editor($user); } // Done. if ($user->is_deleted() && $is_self) { return $this->_refer_to($this->get_url('logout')->get_string()); } $profile->add_hint(new \hint\Ack(_('Your data has been saved.'))); $profile->show_user_editor($user); }