/** * @param \NekoPHP\Modules\User\Models\User $user * @param string $permission * @param bool $redirect * @return bool */ public static function checkPermission($user, $permission = null, $redirect = false) { // check if the user is logged in if (!$user instanceof self) { if ($redirect) { Session::setOnce('login-redirect-to', NekoPHP::getCurrentUrl()); Session::setOnce('error', 'You must be logged in to view this page'); return NekoPHP::redirect(NekoPHP::getBaseUrl() . '/user/login'); } return false; } // if no permission is set, we only wanted the user to be logged in properly if ($permission === null) { return true; } $method = 'get' . $permission; // check wether the user has the requested permission if (!$user->getPermissions()->{$method}()) { if ($redirect) { Session::setOnce('error', 'You do not have permission to view this page'); return NekoPHP::redirect(NekoPHP::getBaseUrl()); } return false; } return true; }
/** * @param array[string] $parts * @param array[string => mixed] $mod * @return string */ public static function main($parts, $mod) { Models\User::checkPermissions($mod['cuser'], 'UserAdmin', true); $errors = []; if (empty($_POST['email'])) { $errors[] = 'No email address given'; } elseif (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) { $errors[] = 'Invalid email address'; } if (empty($_POST['password']) || empty($_POST['password_confirm'])) { $errors[] = 'Both password fields need to be filled out'; } elseif ($_POST['password'] !== $_POST['password_confirm']) { $errors[] = 'The passwords don\'t match'; } if (count($errors) > 0) { Session::setOnce('error', $errors); return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/create'); } try { $user = new Models\User(); $user->setEmail($_POST['email']); $user->setPassword($_POST['password']); if (!$user->create()) { throw new \Exception($user->exception()->getMessage()); } $user->getInfo()->setRealname($_POST['realname']); $user->getInfo()->update(); $user->getPermissions()->setUserAdmin(isset($_POST['permission_user_admin'])); $user->getPermissions()->update(); // @todo: send out an email to the newly created user } catch (\Exception $e) { Session::setOnce('error', $e->getMessage()); return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/create/'); } Session::setOnce('success', 'Account created'); return NekoPHP::redirect(NekoPHP::getModuleUrl() . '/profile/' . $user->getId()); }