public function login() { $this->load_model('users' . DS . 'users'); $db_options = array('api' => false); $users = new cx\model\users($db_options); $cc_name = $users->get_username_from_cookie(); $username = $this->request->is_not_empty($this->request->request_var('username')) ? $this->request->request_var('username') : $cc_name; $password = $this->request->request_var('password'); if ($this->request->is_not_empty($username) && $this->request->is_not_empty($password)) { $success = $users->is_user($username, $password); if ($success == true) { cx_redirect_url($this->get_url('/app/' . DEFAULT_PROJECT, 'main')); } else { cx_set_message('Invalid Username or Password!'); } } $model['pwd'] = !empty($cc_name) ? "**********" : ''; $model['username'] = $username; $frm = $this->load_class('cx\\form\\form', array('name' => 'login', 'defaults' => array('readonly' => false))); $frm->grab_form('app/user_login', $model); $frm->end_form(); $this->do_view($frm->get_html()); }
public function edit_user() { $id = cx\app\static_request::init('get', 'id'); if ($id->is_not_set()) { echo "Invalid id!"; exit; } if ($id->to_int() !== $this->session->get_int(CX_LOGIN . 'id')) { $this->auth(array('user' => 'admin_check')); $lock_rights_controls = false; // Admin } elseif ($this->auth(array('user' => 'is_admin')) === true) { $lock_rights_controls = false; // Admin can modify self, as they can create any user... } else { $lock_rights_controls = true; // User must not be able to grant self more rights! } $this->load_model(); $db_options = array('table' => 'users', 'key' => 'id'); $edit_user = new cx\database\model($db_options); if ($id->is_not_valid_id()) { // no existing data $model = array(); $model['new'] = true; } else { $edit_user->load($id->to_int()); $model = $edit_user->get_members(); if ($model == array()) { echo "Invalid id!"; exit; } $s_pwd = $model['password']; // Save Pwd unset($model['password']); // Remove scrambled DB password, so user does not see it! $model['new'] = false; } $model['lock_rights_controls'] = $lock_rights_controls; $model['rights_statuses'] = array('admin' => 'Administrator', 'staff' => 'Staff', 'cus' => 'Customer', 'api' => 'API client'); if (cx\app\static_request::init('post', 'save')->is_set()) { $edit_user->auto_set_members(); // Set all post vars to DB $confirm = $this->request->post_var('confirm'); $pwd = $this->request->post_var('password'); if (cx\app\static_request::init('post', 'username')->is_empty() || cx\app\static_request::init('post', 'fname')->is_empty() || cx\app\static_request::init('post', 'lname')->is_empty()) { cx\app\main_functions::set_message('First/Last name or username is missing.'); $saveme = false; } elseif ($model['new'] === false && $this->request->is_empty($confirm) && $this->request->is_empty($pwd)) { $edit_user->set_member('password', $s_pwd); // Keep current password! $saveme = true; } elseif ($this->request->is_not_empty($confirm) && $pwd === $confirm && strlen($pwd) > 6) { $this->load_model('users' . DS . 'users'); $db_options = array('api' => false); $users = new cx\model\users($db_options); $edit_user->set_member('password', $users->get_pwd_hash($pwd)); // Assign new pwd $saveme = true; } else { cx\app\main_functions::set_message('Password not strong/does not match.'); $saveme = false; } if ($saveme === true) { $success = $edit_user->save(); $id = $edit_user->get_member('id'); if ($success === true && $id > 0) { cx_redirect_url($this->get_url('/app/users', 'edit_user', 'id=' . $id)); } } } $frm = $this->load_class('cx\\form\\form', array('name' => 'edit_user', 'defaults' => array('readonly' => false))); $frm->grab_form('app' . DS . 'users' . DS . 'edit_user', $model); $frm->end_form(); $this->add_js('./assets/pwd-meter.min.js'); $this->add_css('./assets/login.css'); $index = $this->get_url('app/users', 'index'); $this->breadcrumb = array($index => "List Users"); $this->active_crumb = "Edit User"; $this->do_view($frm->get_html()); }