mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-07-11 00:26:18 +02:00
221 lines
11 KiB
PHP
Executable File
221 lines
11 KiB
PHP
Executable File
<?php
|
|
|
|
// Check if is user is logged in then set variables for welcome button
|
|
if (Session::exists('user_id')) {
|
|
$user_id = Session::get('user_id');
|
|
$user_login = Session::get('user_login');
|
|
} else {
|
|
$user_id = '';
|
|
$user_login = '';
|
|
}
|
|
|
|
// Add plugin navigation link
|
|
Navigation::add(__('Users', 'users'), 'system', 'users', 2);
|
|
|
|
/**
|
|
* Users Admin Class
|
|
*/
|
|
class UsersAdmin extends Backend
|
|
{
|
|
/**
|
|
* Users admin
|
|
*/
|
|
public static function main()
|
|
{
|
|
// Users roles
|
|
$roles = array('admin' => __('Admin', 'users'),
|
|
'editor' => __('Editor', 'users'),
|
|
'user' => __('User', 'users'));
|
|
|
|
// Get uses table
|
|
$users = new Table('users');
|
|
|
|
if (Option::get('users_frontend_registration') == 'true') {
|
|
$users_frontend_registration = true;
|
|
} else {
|
|
$users_frontend_registration = false;
|
|
}
|
|
|
|
if (Request::post('users_frontend_submit')) {
|
|
|
|
if (Security::check(Request::post('csrf'))) {
|
|
|
|
if (Request::post('users_frontend_registration')) $users_frontend_registration = 'true'; else $users_frontend_registration = 'false';
|
|
Option::update('users_frontend_registration', $users_frontend_registration);
|
|
Request::redirect('index.php?id=users');
|
|
|
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
|
}
|
|
|
|
// Check for get actions
|
|
// ---------------------------------------------
|
|
if (Request::get('action')) {
|
|
|
|
// Switch actions
|
|
// -----------------------------------------
|
|
switch (Request::get('action')) {
|
|
|
|
// Add
|
|
// -------------------------------------
|
|
case "add":
|
|
|
|
if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) {
|
|
|
|
// Errors
|
|
$errors = array();
|
|
|
|
if (Request::post('register')) {
|
|
|
|
if (Security::check(Request::post('csrf'))) {
|
|
|
|
$user_login = trim(Request::post('login'));
|
|
$user_password = trim(Request::post('password'));
|
|
$user_email = trim(Request::post('email'));
|
|
|
|
if ($user_login == '') $errors['users_empty_login'] = __('Required field', 'users');
|
|
if ($user_password == '') $errors['users_empty_password'] = __('Required field', 'users');
|
|
if ($user_email == '') $errors['users_empty_email'] = __('Required field', 'users');
|
|
if ($users->select("[login='".$user_login."']")) $errors['users_this_user_already_exists'] = __('This user already exists', 'users');
|
|
if ($users->select("[email='".$user_email."']")) $errors['users_this_email_already_exists'] = __('This email already exists', 'users');
|
|
|
|
if (count($errors) == 0) {
|
|
$users->insert(array('login' => Security::safeName($user_login),
|
|
'password' => Security::encryptPassword(Request::post('password')),
|
|
'email' => Request::post('email'),
|
|
'hash' => Text::random('alnum', 12),
|
|
'date_registered' => time(),
|
|
'role' => Request::post('role')));
|
|
|
|
Notification::set('success', __('New user have been registered.', 'users'));
|
|
Request::redirect('index.php?id=users');
|
|
}
|
|
|
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
|
}
|
|
|
|
// Display view
|
|
View::factory('box/users/views/backend/add')
|
|
->assign('roles', $roles)
|
|
->assign('errors', $errors)
|
|
->display();
|
|
|
|
} else {
|
|
Request::redirect('index.php?id=users&action=edit&user_id='.Session::get('user_id'));
|
|
}
|
|
|
|
break;
|
|
|
|
// Edit
|
|
// -------------------------------------
|
|
case "edit":
|
|
|
|
// Get current user record
|
|
$user = $users->select("[id='".(int) Request::get('user_id')."']", null);
|
|
|
|
if (isset($user['firstname'])) $user_firstname = $user['firstname']; else $user_firstname = '';
|
|
if (isset($user['lastname'])) $user_lastname = $user['lastname']; else $user_lastname = '';
|
|
if (isset($user['email'])) $user_email = $user['email']; else $user_email = '';
|
|
if (isset($user['twitter'])) $user_twitter = $user['twitter']; else $user_twitter = '';
|
|
if (isset($user['skype'])) $user_skype = $user['skype']; else $user_skype = '';
|
|
if (isset($user['about_me'])) $user_about_me = $user['about_me']; else $user_about_me = '';
|
|
|
|
if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin', 'editor'))) {
|
|
|
|
if ((Request::post('edit_profile')) and
|
|
(((int) Session::get('user_id') == (int) Request::get('user_id')) or
|
|
(in_array(Session::get('user_role'), array('admin'))))){
|
|
|
|
if (Security::check(Request::post('csrf'))) {
|
|
|
|
if (Security::safeName(Request::post('login')) != '') {
|
|
if ($users->update(Request::post('user_id'), array('login' => Security::safeName(Request::post('login')),
|
|
'firstname' => Request::post('firstname'),
|
|
'lastname' => Request::post('lastname'),
|
|
'email' => Request::post('email'),
|
|
'skype' => Request::post('skype'),
|
|
'twitter' => Request::post('twitter'),
|
|
'about_me' => Request::post('about_me'),
|
|
'role' => Request::post('role')))) {
|
|
|
|
Notification::set('success', __('Your changes have been saved.', 'users'));
|
|
Request::redirect('index.php?id=users&action=edit&user_id='.Request::post('user_id'));
|
|
}
|
|
} else { }
|
|
|
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
|
|
|
}
|
|
|
|
if (Request::post('edit_profile_password')) {
|
|
|
|
if (Security::check(Request::post('csrf'))) {
|
|
|
|
if (trim(Request::post('new_password')) != '') {
|
|
$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password')))));
|
|
Notification::set('success', __('Your changes have been saved.', 'users'));
|
|
Request::redirect('index.php?id=users&action=edit&user_id='.Request::post('user_id'));
|
|
}
|
|
|
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
|
}
|
|
|
|
if ( ((int) Session::get('user_id') == (int) Request::get('user_id')) or (in_array(Session::get('user_role'), array('admin')) && count($user) != 0) ) {
|
|
|
|
// Display view
|
|
View::factory('box/users/views/backend/edit')
|
|
->assign('user', $user)
|
|
->assign('user_firstname', $user_firstname)
|
|
->assign('user_lastname', $user_lastname)
|
|
->assign('user_email', $user_email)
|
|
->assign('user_twitter', $user_twitter)
|
|
->assign('user_skype', $user_skype)
|
|
->assign('user_about_me', $user_about_me)
|
|
->assign('roles', $roles)
|
|
->display();
|
|
|
|
} else {
|
|
echo __('Monstra says: This is not your profile...', 'users');
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
// Delete
|
|
// -------------------------------------
|
|
case "delete":
|
|
|
|
if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) {
|
|
|
|
if (Security::check(Request::get('token'))) {
|
|
|
|
$user = $users->select('[id="'.Request::get('user_id').'"]', null);
|
|
$users->delete(Request::get('user_id'));
|
|
Notification::set('success', __('User <i>:user</i> have been deleted.', 'users', array(':user' => $user['login'])));
|
|
Request::redirect('index.php?id=users');
|
|
|
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
|
|
|
}
|
|
|
|
break;
|
|
}
|
|
} else {
|
|
|
|
if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) {
|
|
|
|
// Dislay view
|
|
View::factory('box/users/views/backend/index')
|
|
->assign('roles', $roles)
|
|
->assign('users_list', $users->select())
|
|
->assign('users_frontend_registration', $users_frontend_registration)
|
|
->display();
|
|
|
|
} else {
|
|
Request::redirect('index.php?id=users&action=edit&user_id='.Session::get('user_id'));
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|