function _submit_user()
{
$this->_import_profile_controller();
$profile = new ProfileController($this->api);
$user = $this->get_current_user();
$group = $this->get_current_group();
$is_self = $_POST['user_id'] == $user->get_id();
// Check permissions.
if ($user->is_anonymous()) {
die('Not logged in');
} elseif ($group->may('administer')) {
$user = $this->_get_user_from_id_or_die($_POST['user_id']);
$user->set_name($_POST['username']);
$user->set_group_id($_POST['group_id']);
$user->set_status($_POST['status']);
init_user_from_post_data($user);
} elseif ($is_self) {
if ($_POST['status'] != USER_STATUS_DELETED && $_POST['status'] != USER_STATUS_ACTIVE) {
die('Invalid status');
}
init_user_from_post_data($user);
$user->set_status($_POST['status']);
} elseif ($group->may('moderate')) {
if ($_POST['status'] != USER_STATUS_ACTIVE && $_POST['status'] != USER_STATUS_BLOCKED) {
die('Invalid status');
}
$user = $this->_get_user_from_id_or_die($_POST['user_id']);
if (!$user->is_locked() && !$user->is_active()) {
die('No permission to change the user status.');
}
$group2 = $this->_get_group_from_id_or_die($user->get_group_id());
if ($user->is_anonymous() || $group2->may('administer')) {
die('No permission to change that user.');
}
$user->set_status($_POST['status']);
if ($user->is_active()) {
$this->_log_user_moderation('unlock_user', $user, '');
} else {
$this->_log_user_moderation('lock_user', $user, '');
}
} else {
die('Permission to edit user denied.');
}
$this->_add_profile_breadcrumbs($user);
// If the user status is now DELETED, remove any related attributes.
if ($user->get_status() == USER_STATUS_DELETED) {
$user->set_deleted();
} else {
// Else make sure that the data is complete and valid.
$err = $user->check_complete();
if ($err) {
$profile->add_hint(new \hint\Error($err));
return $profile->show_user_editor($user);
}
// Make sure that the passwords match.
if ($_POST['password'] !== $_POST['password2']) {
$profile->add_hint(new \hint\Hint(_('Error: Passwords do not match.')));
return $profile->show_user_editor($user);
}
if ($_POST['password'] != '') {
$user->set_password($_POST['password']);
}
}
// Save the user.
if (!$this->get_userdb()->save_user($user)) {
$profile->add_hint(new \hint\Error(_('Failed to save the user.')));
return $profile->show_user_editor($user);
}
// Done.
if ($user->is_deleted() && $is_self) {
return $this->_refer_to($this->get_url('logout')->get_string());
}
$profile->add_hint(new \hint\Ack(_('Your data has been saved.')));
$profile->show_user_editor($user);
}
