/** * edit team profile via inline editable */ function __editableTeamProfile() { //profiling $this->data['controller_profiling'][] = __FUNCTION__; //flow control $next = true; //load models $this->load->model('teamprofile_model'); //collect data sent by editable.js $id = $this->input->post('pk'); $name = $this->input->post('name'); $value = $this->input->post('value'); //form validation - create array of required form fields //determin any required fields for optional fields and merge $required = array('team_profile_full_name', 'team_profile_job_position_title', 'team_profile_email', 'team_profile_password', 'team_profile_telephone', 'groups_id'); //form validate required fields if (in_array($name, $required) && $value == '') { $next = false; //frontend javascript is expecting http 200/400 echo $this->data['lang']['lang_item_is_required']; header('HTTP/1.0 400 Bad Request', true, 400); } //input validation - email field if ($next && $name == 'team_profile_email' && !is_email_address($value)) { $next = false; //frontend javascript is expecting http 200/400 echo $this->data['lang']['lang_invalid_email']; header('HTTP/1.0 400 Bad Request', true, 400); } //input validation - password field if ($next && $name == 'team_profile_password' && !is_strong_password($value)) { $next = false; //frontend javascript is expecting http 200/400 echo $this->data['lang']['lang_password_must_be_at_least_eight']; header('HTTP/1.0 400 Bad Request', true, 400); } //if updating email, check that it is unique if ($next && $name == 'team_profile_email') { if ($this->teamprofile_model->checkRecordExists('team_profile_email', $value) > 0) { $this->data['debug'][] = $this->teamprofile_model->debug_data; $next = false; //frontend javascript is expecting http 200/400 echo $this->data['lang']['lang_email_address_alread_in_use']; header('HTTP/1.0 400 Bad Request', true, 400); } } /* PERMISSION - ADMIN ONLY FOR CHANGE OF GROUP*/ if ($next) { if ($this->data['vars']['my_group'] != 1 && $name == 'team_profile_groups_id') { //show error echo $this->data['lang']['lang_permission_denied_info']; header('HTTP/1.0 400 Bad Request', true, 400); //halt $next = false; } } //update record & return http status if ($next) { //update record $update = $this->teamprofile_model->updateTeamMembersDetails($id, $name, $value); $this->data['debug'][] = $this->teamprofile_model->debug_data; //count number of admins //just in case last update left us with no admins (group_id = 1) if ($this->teamprofile_model->groupMembersCount(1) == 0) { //revert last user back to admin $update = $this->teamprofile_model->updateTeamMembersDetails($id, 'team_profile_groups_id', 1); $this->data['debug'][] = $this->teamprofile_model->debug_data; //frontend javascript is expecting http 200/400 header('HTTP/1.0 400 Bad Request', true, 400); die('Atleast 1 admin is required'); } //log debug data $this->__ajaxdebugging(); //frontend javascript is expecting http 200/400 if ($update) { header('HTTP/1.0 200 OK', true, 200); } else { echo 'Error saving data'; header('HTTP/1.0 400 Bad Request', true, 400); } } }
/** * edit user profile via inline editable */ function __editableUserProfile() { //profiling $this->data['controller_profiling'][] = __FUNCTION__; //flow control $next = true; //load models $this->load->model('users_model'); //collect data sent by editable.js $id = $this->input->post('pk'); //client_users_id $name = $this->input->post('name'); $value = $this->input->post('value'); /*CHECK PERMISSIONS **/ if ($this->data['vars']['my_user_type'] == 'client') { if (!$this->permissions->usersEdit($id)) { echo $this->data['lang']['lang_permission_denied']; header('HTTP/1.0 400 Bad Request', true, 400); //halt $next = false; //log this log_message('debug', 'AJAX-LOG:: [FILE: ' . __FILE__ . '] [FUNCTION: ' . __FUNCTION__ . '] [LINE: ' . __LINE__ . "] [MESSAGE: " . $this->permissions->debug_data . "]"); //exit return; } } /*CHECK PERMISSIONS **/ if ($this->data['vars']['my_user_type'] == 'team') { if (!$this->data['permissions']['edit_item_clients'] != 1) { echo $this->data['lang']['lang_permission_denied']; header('HTTP/1.0 400 Bad Request', true, 400); //halt $next = false; //log this log_message('debug', 'AJAX-LOG:: [FILE: ' . __FILE__ . '] [FUNCTION: ' . __FUNCTION__ . '] [LINE: ' . __LINE__ . "] [MESSAGE: " . $this->permissions->debug_data . "]"); //exit return; } } //form validation - create array of required form fields //determin any required fields for optional fields and merge $required = array('client_users_full_name', 'client_users_job_position_title', 'client_users_email', 'client_users_password', 'client_users_telephone', 'client_users_main_contact'); //form validate required fields if (in_array($name, $required) && $value == '') { $next = false; echo $this->data['lang']['lang_item_is_required']; header('HTTP/1.0 400 Bad Request', true, 400); } //input validation - email field if ($next && $name == 'client_users_email' && !is_email_address($value)) { $next = false; echo $this->data['lang']['lang_invalid_email']; header('HTTP/1.0 400 Bad Request', true, 400); } //input validation - password field if ($next && $name == 'client_users_password' && !is_strong_password($value)) { $next = false; echo $this->data['lang']['lang_password_must_be_at_least_eight']; header('HTTP/1.0 400 Bad Request', true, 400); } //if updating email, check that it is unique if ($next && $name == 'client_users_email') { if ($this->users_model->checkRecordExists('client_users_email', $value) > 0) { $this->data['debug'][] = $this->users_model->debug_data; $next = false; echo $this->data['lang']['lang_password_must_be_at_least_eight']; header('HTTP/1.0 400 Bad Request', true, 400); } } //update record & return http status if ($next) { //run update sql (for client primary user update) if ($name == 'client_users_main_contact') { //get the client_id for the user $result = $this->users_model->userDetails($id); $client_id = $result['client_users_clients_id']; //now update $update = $this->users_model->updatePrimaryContact($client_id, $id); $this->data['debug'][] = $this->users_model->debug_data; } else { //run any other update to the form $update = $this->users_model->updateUserDetails($id, $name, $value); $this->data['debug'][] = $this->users_model->debug_data; } //log debug data $this->__ajaxdebugging(); //check if update was successful if ($update) { header('HTTP/1.0 200 OK', true, 200); } else { echo 'Error saving data'; header('HTTP/1.0 400 Bad Request', true, 400); } } }