From 90420a7500493a128041ecf00d12170887fb6559 Mon Sep 17 00:00:00 2001
From: trendschau <trendschau@gmail.com>
Date: Sun, 6 Dec 2020 22:13:40 +0100
Subject: [PATCH] Version 1.4.3: Unique user email and user error messages

---
 system/Controllers/SettingsController.php | 91 +++++++++++------------
 system/Models/User.php                    | 41 +++++++++-
 system/Models/Validation.php              | 23 ++++++
 system/author/settings/user.twig          |  6 +-
 4 files changed, 109 insertions(+), 52 deletions(-)

diff --git a/system/Controllers/SettingsController.php b/system/Controllers/SettingsController.php
index 2d20028..7352d77 100644
--- a/system/Controllers/SettingsController.php
+++ b/system/Controllers/SettingsController.php
@@ -19,7 +19,6 @@ class SettingsController extends Controller
 	{
 		$user				= new User();
 		$settings 			= $this->c->get('settings');
-#		$users				= $user->getUsers();
 		$route 				= $request->getAttribute('route');
 		$navigation 		= $this->getNavigation();
 
@@ -30,7 +29,6 @@ class SettingsController extends Controller
 			'acl' 			=> $this->c->acl, 
 			'navigation'	=> $navigation,
 			'content' 		=> $content,
-#			'users' 		=> $users, 
 			'route' 		=> $route->getName() 
 		));
 	}
@@ -587,52 +585,46 @@ class SettingsController extends Controller
 			return $response->withRedirect($this->c->router->pathFor('user.show', ['username' => $_SESSION['user']] ));
 		}
 		
-		$validate 	= new Validation();
-		
-		if($validate->username($args['username']))
+		# get settings
+		$settings 	= $this->c->get('settings');
+
+		# get user with userdata
+		$user 		= new User();
+		$userdata 	= $user->getSecureUser($args['username']);
+
+		if(!$userdata)
 		{
-			# get settings
-			$settings 	= $this->c->get('settings');
-
-			# get user with userdata
-			$user 		= new User();
-			$userdata 	= $user->getSecureUser($args['username']);
-
-			$username	= $userdata['username'];
-			
-			# instantiate field-builder
-			$fieldsModel	= new Fields();
-
-			# get the field-definitions
-			$fieldDefinitions = $this->getUserFields($userdata['userrole']);
-
-			# prepare userdata for field-builder
-			$userSettings['users']['user'] = $userdata;
-
-			# generate the input form
-			$userform = $fieldsModel->getFields($userSettings, 'users', 'user', $fieldDefinitions);
-
-			$route = $request->getAttribute('route');
-			$navigation = $this->getNavigation();
-
-			# set navigation active
-			$navigation['Users']['active'] = true;
-			
-			return $this->render($response, 'settings/user.twig', array(
-				'settings' 		=> $settings,
-				'acl' 			=> $this->c->acl, 
-				'navigation'	=> $navigation, 
-				'usersettings' 	=> $userSettings, 		// needed for image url in form, will overwrite settings for field-template
-				'userform' 		=> $userform, 			// field model, needed to generate frontend-field
-				'userdata' 		=> $userdata, 			// needed to fill form with data
-#				'userrole' 		=> false,				// not needed ? 
-#				'username' 		=> $args['username'], 	// not needed ?
-				'route' 		=> $route->getName()  	// needed to set link active
-			));
+			$this->c->flash->addMessage('error', 'User does not exists');
+			return $response->withRedirect($this->c->router->pathFor('user.account'));				
 		}
-		
-		$this->c->flash->addMessage('error', 'User does not exists');
-		return $response->withRedirect($this->c->router->pathFor('user.account'));
+			
+		# instantiate field-builder
+		$fieldsModel	= new Fields();
+
+		# get the field-definitions
+		$fieldDefinitions = $this->getUserFields($userdata['userrole']);
+
+		# prepare userdata for field-builder
+		$userSettings['users']['user'] = $userdata;
+
+		# generate the input form
+		$userform = $fieldsModel->getFields($userSettings, 'users', 'user', $fieldDefinitions);
+
+		$route = $request->getAttribute('route');
+		$navigation = $this->getNavigation();
+
+		# set navigation active
+		$navigation['Users']['active'] = true;
+			
+		return $this->render($response, 'settings/user.twig', array(
+			'settings' 		=> $settings,
+			'acl' 			=> $this->c->acl, 
+			'navigation'	=> $navigation, 
+			'usersettings' 	=> $userSettings, 		// needed for image url in form, will overwrite settings for field-template
+			'userform' 		=> $userform, 			// field model, needed to generate frontend-field
+			'userdata' 		=> $userdata, 			// needed to fill form with data
+			'route' 		=> $route->getName()  	// needed to set link active
+		));		
 	}
 
 	public function listUser($request, $response)
@@ -796,7 +788,12 @@ class SettingsController extends Controller
 					return $response->withRedirect($redirectRoute);
 				}
 			}
-			
+
+			# change error-array for formbuilder
+			$errors = $_SESSION['errors'];
+			unset($_SESSION['errors']);
+			$_SESSION['errors']['user'] = $errors;#
+
 			$this->c->flash->addMessage('error', 'Please correct your input');
 			return $response->withRedirect($redirectRoute);
 		}
diff --git a/system/Models/User.php b/system/Models/User.php
index ec2f6e9..c0ab3fe 100644
--- a/system/Models/User.php
+++ b/system/Models/User.php
@@ -8,10 +8,10 @@ class User extends WriteYaml
 	{
 		$userDir = __DIR__ . '/../../settings/users';
 				
-		/* check if plugins directory exists */
+		/* check if users directory exists */
 		if(!is_dir($userDir)){ return array(); }
 		
-		/* get all plugins folder */
+		/* get all user files */
 		$users = array_diff(scandir($userDir), array('..', '.'));
 				
 		$cleanUser	= array();
@@ -23,6 +23,43 @@ class User extends WriteYaml
 
 		return $cleanUser;
 	}
+
+	# returns array of emails of all users
+	public function getUserMails()
+	{
+		$userDir = __DIR__ . '/../../settings/users';
+				
+		/* check if users directory exists */
+		if(!is_dir($userDir)){ return array(); }
+		
+		/* get all user files */
+		$users = array_diff(scandir($userDir), array('..', '.'));
+		
+		$usermails	= array();
+
+		foreach($users as $key => $user)
+		{
+			if($user == '.logins'){ continue; }
+
+			$contents 	= file_get_contents($userDir . DIRECTORY_SEPARATOR . $user);
+
+			if($contents === false){ continue; }
+
+			$searchfor 	= 'email:';
+
+			# escape special characters in the query
+			$pattern 	= preg_quote($searchfor, '/');
+			
+			# finalise the regular expression, matching the whole line
+			$pattern 	= "/^.*$pattern.*\$/m";
+
+			# search, and store first occurence in $matches
+			if(preg_match($pattern, $contents, $match)){
+				$usermails[] = trim(str_replace("email:", "", $match[0]));
+			}
+		}
+		return $usermails;
+	}
 	
 	public function getUser($username)
 	{
diff --git a/system/Models/Validation.php b/system/Models/Validation.php
index 6b2c69d..33c51ab 100644
--- a/system/Models/Validation.php
+++ b/system/Models/Validation.php
@@ -36,6 +36,26 @@ class Validation
 			return false;
 		}, 'only jpg, jpeg, png, webp, allowed');
 
+		# checks if email is available if user is created
+		Validator::addRule('emailAvailable', function($field, $value, array $params, array $fields) use ($user)
+		{
+			$usermails = $user->getUserMails();
+			if(in_array(trim($value), $usermails)){ return false; }
+			return true;
+		}, 'taken');
+
+		# checks if email is available if userdata is updated
+		Validator::addRule('emailChanged', function($field, $value, array $params, array $fields) use ($user)
+		{
+			$userdata = $user->getSecureUser($fields['username']);
+			if($userdata['email'] == $value){ return true; } # user has not updated his email
+
+			$usermails = $user->getUserMails();
+			if(in_array(trim($value), $usermails)){ return false; }
+			return true;
+		}, 'taken');
+
+		# checks if username is free when create new user
 		Validator::addRule('userAvailable', function($field, $value, array $params, array $fields) use ($user)
 		{
 			$userdata = $user->getUser($value);
@@ -43,6 +63,7 @@ class Validation
 			return true;
 		}, 'taken');
 
+		# checks if user exists when userdata is updated
 		Validator::addRule('userExists', function($field, $value, array $params, array $fields) use ($user)
 		{
 			$userdata = $user->getUser($value);
@@ -189,6 +210,7 @@ class Validation
 		$v->rule('noHTML', 'lastname')->message(" contains HTML");
 		$v->rule('lengthBetween', 'lastname', 2, 40);
 		$v->rule('email', 'email')->message("e-mail is invalid");
+		$v->rule('emailAvailable', 'email')->message("Email already taken");
 		$v->rule('in', 'userrole', $userroles);
 		
 		return $this->validationResult($v);
@@ -206,6 +228,7 @@ class Validation
 		$v->rule('noHTML', 'lastname')->message(" contains HTML");
 		$v->rule('lengthBetween', 'lastname', 2, 40);		
 		$v->rule('email', 'email')->message("e-mail is invalid");
+		$v->rule('emailChanged', 'email')->message("Email already taken");
 		$v->rule('in', 'userrole', $userroles);
 
 		return $this->validationResult($v);
diff --git a/system/author/settings/user.twig b/system/author/settings/user.twig
index 269e0a8..dc9efa1 100644
--- a/system/author/settings/user.twig
+++ b/system/author/settings/user.twig
@@ -2,7 +2,7 @@
 {% block title %}{{ __('User') }}{% endblock %}
 
 {% block content %}
-	
+		
 	<div class="formWrapper">
 
 		<form id="userform" method="POST" action="{{ path_for('user.update') }}" enctype="multipart/form-data">
@@ -22,13 +22,13 @@
 							<fieldset class="subfield">
 								<legend>{{ field.legend }}</legend>
 								{% for field in field.fields %}
-									{% include '/partials/fields.twig' with { 'settings': usersettings, 'object' : 'users', 'itemName' : 'user', 'class' : 'large' } %}
+									{% include '/partials/fields.twig' with { 'settings': usersettings, 'object' : 'users', 'itemName' : 'user', 'class' : 'large', 'errors': errors } %}
 								{% endfor %}
 							</fieldset>
 						
 							{% else %}
 								
-								{% include '/partials/fields.twig' with { 'settings': usersettings, 'object' : 'users', 'itemName' : 'user', 'class' : 'large' } %}
+								{% include '/partials/fields.twig' with { 'settings': usersettings, 'object' : 'users', 'itemName' : 'user', 'class' : 'large', 'errors': errors } %}
 
 							{% endif %}