}
?>
<h2>Edit Your Membership Account</h2>
<?php
if (isset($_POST['submit'])) {
try {
fRequest::validateCSRFToken($_POST['token']);
$validator = new fValidation();
$validator->addRequiredFields('fullname', 'email', 'address', 'length');
$validator->addEmailFields('email');
$validator->validate();
if ($_POST['newpassword'] != '') {
if ($_POST['newpassword'] != $_POST['newpasswordconfirm']) {
throw new fValidationException('Passwords do not match');
}
$user->setPassword(fCryptography::hashPassword($_POST['newpassword']));
}
$user->setEmail(strtolower(trim($_POST['email'])));
$user->setFullName(trim($_POST['fullname']));
$user->setAddress(trim($_POST['address']));
$user->setSubscriptionPeriod($_POST['length']);
$user->setEmergencyName(trim($_POST['emergency_name']));
$user->setEmergencyPhone(trim($_POST['emergency_phone']));
$user->store();
fURL::redirect('?saved');
exit;
} catch (fValidationException $e) {
echo "<p>" . $e->printMessage() . "</p>";
} catch (fSQLException $e) {
echo "<p>An unexpected error occurred, please try again later</p>";
trigger_error($e);
fMessaging::create('error', User::makeUrl('list'), 'The user requested, ' . fHTML::encode($user_id) . ', could not be found');
fURL::redirect(User::makeUrl('list'));
} catch (fExpectedException $e) {
fMessaging::create('error', fURL::get(), $e->getMessage());
}
include VIEW_PATH . '/add_edit_user.php';
// --------------------------------- //
} elseif ('add' == $action) {
$user = new User();
if (fRequest::isPost()) {
try {
$user->populate();
if ($GLOBALS['ALLOW_HTTP_AUTH']) {
$password = '******';
} else {
$password = fCryptography::hashPassword($user->getPassword());
}
$user->setPassword($password);
fRequest::validateCSRFToken(fRequest::get('token'));
$user->store();
if ($user->getUserId() == 1) {
$user->setRole('admin');
$user->store();
}
fMessaging::create('affected', User::makeURL('login'), $user->getUsername());
fMessaging::create('success', User::makeURL('login'), 'The user ' . $user->getUsername() . ' was successfully created');
fURL::redirect(User::makeURL('login'));
} catch (fExpectedException $e) {
fMessaging::create('error', fURL::get(), $e->getMessage());
}
}
$user->populate();
$has_error = false;
if ($GLOBALS['ALLOW_HTTP_AUTH']) {
$password = '******';
} else {
$new_password = fRequest::get('new_password');
$confirm_password = fRequest::get('confirm_password');
if ($new_password != $confirm_password) {
fMessaging::create('error', fURL::get(), "The two passwords don't match, the user was not created.");
$has_error = true;
} else {
if ($new_password == "") {
fMessaging::create('error', fURL::get(), "An empty password is forbidden, the user was not created.");
$has_error = true;
} else {
$password = fCryptography::hashPassword($new_password);
}
}
}
fRequest::validateCSRFToken(fRequest::get('token'));
if (!$has_error) {
$user->setPassword($password);
$user->store();
if ($user->getUserId() == 1) {
$user->setRole('admin');
$user->store();
}
fMessaging::create('affected', User::makeURL('login'), $user->getUsername());
fMessaging::create('success', User::makeURL('login'), 'The user ' . $user->getUsername() . ' was successfully created');
fURL::redirect(User::makeURL('login'));
}