function _edit($id) { $data = $_POST['user']; // check if user want to change the password if (strlen($data['password']) > 0) { // check if pass and confirm are egal and >= 5 chars if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) { $data['password'] = sha1($data['password']); unset($data['confirm']); } else { Flash::set('error', __('Password and Confirm are not the same or too small!')); redirect(get_url('user/edit/' . $id)); } } else { unset($data['password'], $data['confirm']); } $user = User::findById($id); $user->setFromData($data); if ($user->save()) { if (AuthUser::hasPermission('administrator')) { // now we need to add permissions $data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array(); UserPermission::setPermissionsFor($user->id, $data); } Flash::set('success', __('User has been saved!')); } else { Flash::set('error', __('User has not been saved!')); } if (AuthUser::getId() == $id) { redirect(get_url('user/edit/' . $id)); } else { redirect(get_url('user')); } }
private function _edit($id) { $data = $_POST['user']; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('user/add')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('user/edit')); } // check if user want to change the password if (strlen($data['password']) > 0) { // check if pass and confirm are egal and >= 5 chars if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) { unset($data['confirm']); } else { Flash::set('error', __('Password and Confirm are not the same or too small!')); redirect(get_url('user/edit/' . $id)); } } else { unset($data['password'], $data['confirm']); } $user = Record::findByIdFrom('User', $id); if (isset($data['password'])) { $data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt); } $user->setFromData($data); if ($user->save()) { if (AuthUser::hasPermission('administrator')) { // now we need to add permissions $data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array(); UserPermission::setPermissionsFor($user->id, $data); } Flash::set('success', __('User has been saved!')); } else { Flash::set('error', __('User has not been saved!')); } if (AuthUser::getId() == $id) { redirect(get_url('user/edit/' . $id)); } else { redirect(get_url('user')); } }