require_once "always.php"; require_once "authorisation-page.php"; $session->LoginRequired(); require_once "maintenance-page.php"; require_once "User.class"; $user = new User($user_no); if ($user->user_no == 0) { $title = $user_no != "" ? "User Unavailable" : "New User"; } else { $title = "{$user->user_no} - {$user->fullname}"; } $show = 0; if (!$session->just_logged_in && isset($_POST['submit'])) { if ($session->AllowedTo("Admin") || $session->AllowedTo("Support") || $session->AllowedTo("OrgMgr") && ($user->user_no == 0 || $session->org_code == $user->org_code) || $user->user_no > 0 && $user->user_no == $session->user_no) { if ($user->Validate($userf)) { $user->Write($userf); $user = new User($user->user_no); if ($user->user_no == 0) { $title = $user_no != "" ? "User Unavailable" : "New User"; } else { $title = "{$user->user_no} - {$user->fullname}"; } } } } require_once "top-menu-bar.php"; require_once "page-header.php"; echo '<script language="JavaScript" src="/js/user.js"></script>' . "\n"; echo $user->Render(); include "page-footer.php";
public function post_newuser($action = null) { $date = DateTime::createFromFormat(Input::get('birthdate_format'), Input::get('birthdate')); Input::merge(array('birthdate' => $date->format(Localized_Date::STORED_DATE_FORMAT))); $rules = array('first_name' => 'required', 'last_name' => 'required', 'email' => 'required|email|unique:users', 'birthdate' => 'required|before:-10 years|after:01-01-1900', 'password' => 'required|between:8,30'); $validation = Validator::make(Input::all(), $rules); if ($validation->fails()) { Input::merge(array('birthdate' => $date->format(Input::get('birthdate_format')))); Input::flash(); return Redirect::to('login/newuser')->with_errors($validation)->with_input(); } $user = new User(); $user->email = Input::get('email'); $user->password = Input::get('password'); $user->name = Input::get('first_name') . ' ' . Input::get('last_name'); $user->language = Config::get('application.language'); $user->activation_hash = hash('md4', Str::random(32)); if ($user->save()) { $profile = array('first_name' => Input::get('first_name'), 'last_name' => Input::get('last_name'), 'birth_date' => $date->format(Localized_Date::STORED_DATE_FORMAT)); $user->profile()->insert($profile); $user->Validate(); } return Redirect::to('home'); }
/** * API Method inserts a new User record and render response as JSON */ public function Create() { try { $json = json_decode(RequestUtil::GetBody()); if (!$json) { throw new Exception('The request body does not contain valid JSON'); } $user = new User($this->Phreezer); // TODO: any fields that should not be inserted by the user should be commented out // this is an auto-increment. uncomment if updating is allowed // $user->Iduser = $this->SafeGetVal($json, 'iduser'); $user->Institution = $this->SafeGetVal($json, 'institution'); $user->Fullname = $this->SafeGetVal($json, 'fullname'); $user->Username = $this->SafeGetVal($json, 'username'); $user->Password = $this->SafeGetVal($json, 'password'); $user->Notes = $this->SafeGetVal($json, 'notes'); $user->Code = $this->SafeGetVal($json, 'code'); $user->Timezone = $this->SafeGetVal($json, 'timezone'); $user->Lastlogin = date('Y-m-d H:i:s', strtotime($this->SafeGetVal($json, 'lastlogin'))); $user->Status = $this->SafeGetVal($json, 'status'); $user->Admin = $this->SafeGetVal($json, 'admin'); $user->Validate(); $errors = $user->GetValidationErrors(); if (count($errors) > 0) { $this->RenderErrorJSON('Please check the form for errors', $errors); } else { $user->Save(); $this->RenderJSON($user, $this->JSONPCallback(), true, $this->SimpleObjectParams()); } } catch (Exception $ex) { $this->RenderExceptionJSON($ex); } }
/** * API Method inserts a new User record and render response as JSON */ public function Create() { try { $json = json_decode(RequestUtil::GetBody()); if (!$json) { throw new Exception('The request body does not contain valid JSON'); } $user = new User($this->Phreezer); // TODO: any fields that should not be inserted by the user should be commented out // this is an auto-increment. uncomment if updating is allowed // $user->Id = $this->SafeGetVal($json, 'id'); $user->RoleId = $this->SafeGetVal($json, 'roleId'); $user->Username = $this->SafeGetVal($json, 'username'); $user->Password = $this->SafeGetVal($json, 'password'); $user->FirstName = $this->SafeGetVal($json, 'firstName'); $user->LastName = $this->SafeGetVal($json, 'lastName'); $user->Validate(); $errors = $user->GetValidationErrors(); if (count($errors) > 0) { $this->RenderErrorJSON('Please check the form for errors', $errors); } else { $user->Save(); $this->RenderJSON($user, $this->JSONPCallback(), true, $this->SimpleObjectParams()); } } catch (Exception $ex) { $this->RenderExceptionJSON($ex); } }
<?php User::Validate("Admin"); if ($_POST['password']) { switch (User::Current()->changePassword($_POST['password']['old'], $_POST['password']['new'], $_POST['password']['confirm'])) { case ERR_PASSCHANGE_WRONGCURRENT: $ERROR['password'] = '******'; break; case ERR_PASSCHANGE_WRONGCONFIRM: $ERROR['password'] = '******'; break; case ERR_PASSCHANGE_TOOSHORT: $ERROR['password'] = '******'; break; case ERR_PASSCHANGE_OK: $passwordChanged = true; } } $page = new pSubPage(); $page->addStyle("flowform.css"); $page->start(); ?> <form method="post" accept-charset="utf-8" class="flow"> <?php if ($ERROR['password']) { ?> <div row id="error"> <h4>Your password could not be updated:</h4> <ul><?php foreach ($ERROR as $v) {
<?php include_once '../Models/User.php'; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null; $method = $_SERVER['REQUEST_METHOD']; $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'web'; $view = null; switch ($action . '_' . $method) { case 'create_GET': $model = User::Blank(); $view = "users/edit.php"; break; case 'save_POST': $sub_action = empty($_REQUEST['id']) ? 'created' : 'updated'; $errors = User::Validate($_REQUEST); if (!$errors) { $errors = User::Save($_REQUEST); // var_dump($errors); } if (!$errors) { if ($format == 'json') { header("Location: ?action=edit&format=json&id={$_REQUEST['id']}"); } else { header("Location: ?sub_action={$sub_action}&id={$_REQUEST['id']}"); } die; } else { //my_print($errors); $model = $_REQUEST; $view = "users/edit.php"; }