function render() { $formMessages = array('errors' => array(), 'info' => array()); # Validate proper permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Make sure the editresult is set to 'not comitted' per default $editResult = array(); # Instantiat the user system as necessary for the management of user preferences $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # retrieve the to-edit user $spotUser = $this->_db->getUser($this->_userIdToEdit); if ($spotUser === false) { $formMessages['errors'][] = sprintf(_('User %d can not be found'), $this->_userIdToEdit); $editResult = array('result' => 'failure'); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserPrefsForm['action']; /* * We want the annymous' users account so we can use this users' preferences as a * template. This makes sure all properties are atleast set. */ $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Are we trying to submit this form, or only rendering it? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': /* * We have a few dummy preferenes -- these are submitted like a checkbox for example * but in reality do something completely different. * * Because we use cleanseUserPreferences() those dummies will not end up in the database */ if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'enablenotify' => false, 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Save the current' user preferences because we need them before cleansing $savePrefs = $spotUser['prefs']; $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs'], $this->_tplHelper->getTemplatePreferences()); # Validate all preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $savePrefs); # Make sure user has permission to select this template if ($spotUser['prefs']['normal_template'] != $savePrefs['normal_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['normal_template']); } # if if ($spotUser['prefs']['mobile_template'] != $savePrefs['mobile_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['mobile_template']); } # if if ($spotUser['prefs']['tablet_template'] != $savePrefs['tablet_template']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_select_template, $spotUser['prefs']['tablet_template']); } # if if (empty($formMessages['errors'])) { # Make sure an NZB file was provided if (isset($_FILES['edituserprefsform'])) { $uploadError = $_FILES['edituserprefsform']['error']['avatar']; /** * Give a proper error if the file is too large, because changeAvatar() wont see * these errors so they cannot provide the error */ if ($uploadError == UPLOAD_ERR_FORM_SIZE || $uploadError == UPLOAD_ERR_INI_SIZE) { $formMessages['errors'][] = _("Uploaded file is too large"); } # if if ($uploadError == UPLOAD_ERR_OK) { $formMessages['errors'] = $spotUserSystem->changeAvatar($spotUser['userid'], file_get_contents($_FILES['edituserprefsform']['tmp_name']['avatar'])); } # if } # if } # if if (empty($formMessages['errors'])) { # and actually update the user in the database $spotUserSystem->setUser($spotUser); # if we didnt get an exception, it automatically succeeded $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else /* * We have the register Spotweb with the notification providers (growl, prowl, etc) atleast once. * The safes option is to just do this wih each preferences submit. But first we create a fake * session for this user. */ $fakeSession = $spotUserSystem->createNewSession($spotUser['userid']); $fakeSession['security'] = new SpotSecurity($this->_db, $this->_settings, $fakeSession['user'], ''); $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $fakeSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); # edituserprefs resultaat is standaard niet geprobeerd $editResult = array(); # Instantieer het Spot user system $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings); # zet de page title $this->_pageTitle = "spot: edit user preferences"; # haal de te editten user op $spotUser = $this->_db->getUser($this->_currentSession['user']['userid']); if ($spotUser === false) { $formMessages['errors'][] = array('edituser_usernotfound', array($spotUser['username'])); $editResult = array('result' => 'failure'); } # if # Bepaal welke actie er gekozen was (welke knop ingedrukt was) $formAction = ''; if (isset($this->_editUserPrefsForm['submitedit'])) { $formAction = 'edit'; unset($this->_editUserPrefsForm['submitedit']); } elseif (isset($this->_editUserPrefsForm['submitcancel'])) { $formAction = 'cancel'; unset($this->_editUserPrefsForm['submitcancel']); } # if # We vragen de anonymous user account op, omdat die z'n preferences gebruikt worden # als basis. $anonUser = $this->_db->getUser(SPOTWEB_ANONYMOUS_USERID); # Is dit een submit van een form, of nog maar de aanroep? if (!empty($formAction) && empty($formMessages['errors'])) { switch ($formAction) { case 'edit': # We hebben een aantal dummy preferences welke een speciale actie heeft voor ons, we nemen er hier # actie over. In de functie cleanseUserPreferences() worden ze automatisch gestripped. if (isset($this->_editUserPrefsForm['_dummy_prevent_porn'])) { $spotUserSystem->setIndexFilter($spotUser['userid'], array('valuelist' => array(), 'title' => 'Index filter', 'torder' => 999, 'tparent' => 0, 'children' => array(), 'filtertype' => 'index_filter', 'sorton' => '', 'sortorder' => '', 'icon' => 'spotweb.png', 'tree' => '~cat0_z3')); } else { $spotUserSystem->removeIndexFilter($spotUser['userid']); } # if # Er mogen geen user preferences doorgegeven worden, welke niet in de anonuser preferences staan, # een merge met de anonuser preferences kan niet, omdat dat niet opgegeven checkboxes (die komen gewoon # niet door), op true of false zou zetten naar gelang de default parameter en dus het formulier zou # negeren. $spotUser['prefs'] = $spotUserSystem->cleanseUserPreferences($this->_editUserPrefsForm, $anonUser['prefs']); # controleer en repareer alle preferences list($formMessages['errors'], $spotUser['prefs']) = $spotUserSystem->validateUserPreferences($spotUser['prefs'], $this->_currentSession['user']['prefs']); if (empty($formMessages['errors'])) { # bewerkt de user $spotUserSystem->setUser($spotUser); # als het toevoegen van de user gelukt is, laat het weten $editResult = array('result' => 'success'); } else { $editResult = array('result' => 'failure'); } # else # Spotweb registreren bij de notificatie-providers. Dit moet mininmaal 1 keer, dus de veiligste optie is om dit # elke keer te doen als de voorkeuren worden opgeslagen $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); $spotsNotifications->register(); break; # case 'edit' # case 'edit' case 'cancel': $editResult = array('result' => 'success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'formmessages' => $formMessages, 'spotuser' => $spotUser, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'edituserprefsresult' => $editResult)); }