summaryrefslogtreecommitdiff
path: root/src/controllers
diff options
context:
space:
mode:
authorLuke Shumaker <LukeShu@sbcglobal.net>2011-08-01 01:22:36 -0400
committerLuke Shumaker <LukeShu@sbcglobal.net>2011-08-01 01:22:36 -0400
commit09dfe32eb6b538225686fd6ed0220240010bc574 (patch)
tree29c1afc5e79519ba8689a3d5d170c312d3cf5033 /src/controllers
initial commit.
Partway through a rewrite. I have some old files I didn't want to entirely delete.
Diffstat (limited to 'src/controllers')
-rw-r--r--src/controllers/Auth.class.php57
-rw-r--r--src/controllers/Http404.class.php7
-rw-r--r--src/controllers/Users.class.php291
3 files changed, 355 insertions, 0 deletions
diff --git a/src/controllers/Auth.class.php b/src/controllers/Auth.class.php
new file mode 100644
index 0000000..86bd83f
--- /dev/null
+++ b/src/controllers/Auth.class.php
@@ -0,0 +1,57 @@
+<?php
+
+Router::register('auth', 'Auth');
+
+class Auth extends Controller {
+ public function index($routed, $remainder) {
+ // So if $_POST['action'] isn't set, it will trip on '', which
+ // is great, so we don't have to handle GET and PUT separately.
+ @$action = $_POST['action'];
+ switch ($action) {
+ case 'login' : $this->login(); break;
+ case 'logout': $this->logout(); break;
+ case '' : $this->maybe_login(); break;
+ default : $this->badrequest(); break;
+ }
+ }
+ private function login() {
+ $username = '';
+ $password = '';
+
+ $login = -1;
+ if ( isset($_POST['username']) && isset($_POST['password'])) {
+ $username = $_POST['username'];
+ $password = $_POST['password'];
+ $login = $mm->login($username, $password);
+ }
+
+ $vars = array();
+ $vars['login_code'] = $login;
+ $vars['username'] = $username;
+ $vars['password'] = $password;
+ if (isset($_POST['url'])) {
+ $vars['url'] = $_POST['url'];
+ }
+
+ $this->showView('auth/login', $vars);
+ }
+ private function logout() {
+ global $mm;
+ $mm->logout();
+ $this->showView('auth/logout');
+ }
+ private function maybe_login() {
+ global $mm;
+ $uid = $mm->isLoggedIn();
+ if ($uid===false) {
+ $this->login();
+ } else {
+ $username = $mm->getUsername($uid);
+ $this->showView('auth/index',
+ array('username'=>$username));
+ }
+ }
+ private function badrequest() {
+ $this->showView('auth/badrequest');
+ }
+}
diff --git a/src/controllers/Http404.class.php b/src/controllers/Http404.class.php
new file mode 100644
index 0000000..322feaa
--- /dev/null
+++ b/src/controllers/Http404.class.php
@@ -0,0 +1,7 @@
+<?php
+
+class Http404 extends Controller {
+ public function index($routed, $remainder) {
+ $this->http404($routed, $remainder);
+ }
+}
diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
new file mode 100644
index 0000000..617c57a
--- /dev/null
+++ b/src/controllers/Users.class.php
@@ -0,0 +1,291 @@
+<?php
+
+Router::register('users/new' , 'Users', 'new_user');
+Router::register('users/index', 'Users', 'index_file');
+Router::register('users' , 'Users', 'index_dir');
+Router::register('users/*' , 'Users', 'individual');
+
+class Users extends Controller {
+ public static $illegal_names = array('', 'new', 'index');
+
+ /**
+ * Handle GETing the new user form.
+ *
+ * I would have named this `new', but that's a keyword.
+ */
+ public function new_user($routed, $vars) {
+ // since there will never be a remainder to `users/new', we can
+ // use that parameter to pass in some data.
+ $this->showView('users/new', $vars);
+ }
+
+ public function index($routed, $remainder) {
+ return $this->index_dir($routed, $remainder);
+ }
+
+ /**
+ * Handle POSTing a new user, or GETing the index.
+ */
+ public function index_dir($routed, $remainder) {
+ $method = $_SERVER['REQUEST_METHOD'];
+ switch ($method) {
+ case 'POST':
+ // We're POSTing a new user.
+ $this->create_user();
+ break;
+ case 'HEAD': // fall-through to GET
+ case 'GET':
+ // We're GETing the index.
+ $this->show_index($routed, $remainder);
+ break;
+ }
+ }
+
+ /**
+ * Handle PUTing an updated user index, or GETing the index.
+ */
+ public function index_file($routed, $remainder) {
+ $method = $_SERVER['REQUEST_METHOD'];
+ switch ($method) {
+ case 'PUT': $_POST = $_PUT;
+ case 'POST':
+ // We're PUTing an updated user index.
+ $this->update_users();
+ break;
+ }
+ $this->show_index($routed, $remainder);
+ }
+
+
+ public function individual($routed, $remainder) {
+ $username = implode('/', $remainder);
+
+ global $mm;
+ $uid = $mm->getUID($username);
+ if ($mm->getStatus($uid)===3) $uid = false; // ignore groups.
+
+ if ($uid===false) {
+ $this->http404($routed, $remainder);
+ } else {
+ $user = $mm->getAuthObj($uid);
+ if (!$user->canRead()) {
+ $this->http401($routed, $remainder);
+ exit();
+ }
+
+ $vars = array();
+ $method = $_SERVER['REQUEST_METHOD'];
+ switch ($method) {
+ case 'PUT': $_POST = $_PUT;
+ case 'POST':
+ // We're PUTing updated user info.
+ if ($user->canEdit()) {
+ $vars = $this->update_user($user);
+ }
+ break;
+ }
+ $vars['user'] = $user;
+ $vars['groups'] = $mm->listGroupNames();
+ $this->showView('users/individual', $vars);
+ }
+ }
+
+ public function http404($routed, $remainder) {
+ $username = implode('/', $remainder);
+ $this->showView('users/404',
+ array('username'=>$username));
+ }
+
+ public function http401($routed, $remainder) {
+ global $mm;
+ $this->showView('users/401', array('uid'=>$mm->isLoggedIn()));
+ }
+
+ /**
+ * This will parse POST data to create a new user.
+ * If successfull it will show a message saying so.
+ * If not successfull, it will re-show the new-user form with errors
+ * explained.
+ */
+ private function create_user() {
+ $vars = array();
+ @$vars['username' ] = $_POST['auth_name'];
+ @$vars['password1'] = $_POST['auth_password' ];
+ @$vars['password2'] = $_POST['auth_password_verify'];
+
+ global $mm;
+ $vars['errors'] = array();
+ if ($mm->getUID($vars['username'])!==false)
+ $vars['errors'][] = 'user exists';
+ if (in_array($vars['username'], $this->illegal_names))
+ $vars['errors'] = 'illegal name';
+ $matches = ($vars['password1'] == $vars['password2']);
+ if (!$matches)
+ $vars['errors'] = 'pw mixmatch';
+ if ($matches && $password2 == '')
+ $vars['errors'] = 'no pw';
+
+ if (count($vars['errors']) > 0) {
+ $this->new_user($routed, $vars);
+ } else {
+ $username = $vars['username'];
+ $passowrd = $vars['password1'];
+ $uid = $mm->addUser($username, $password);
+ if ($uid===false) {
+ $this->showView('users/500');
+ } else {
+ $mm->login($username, $password);
+ $this->showView('users/created',
+ array('username'=>$username));
+ }
+ }
+ }
+
+ /**
+ * This will parse POST (really, PUT) data to update a single user
+ */
+ private function update_user($user) {
+ $vars = array();
+
+ $username = $user->getName();
+ // Change the username /////////////////////////////////////////
+ if (isset($_POST['auth_name'])) {
+ $new_name = $_POST['auth_name'];
+ if ($new_name != $username) {
+ if (!in_array($new_name, $this->illegal_names)) {
+ $changed_name = $user->setName($new_name);
+ $username = $user->getName();
+ $vars['changed name'] = $changed_name;
+ }
+ }
+ }
+
+ // Change the password /////////////////////////////////////////
+ @$password1 = $_POST['auth_password' ];
+ @$password2 = $_POST['auth_password'.'_verify'];
+
+ // Check the verify box, not main box, so that we don't get
+ // tripped by browsers annoyingly autocompleting the password.
+ $is_set = ($password2 != '');
+
+ if ($is_set) {
+ $matches = ( $password1 == $password2 );
+ if ($matches) {
+ $user->setPassword($password1);
+ $vars['pw updated'] = true;
+ } else {
+ $vars['pw mixmatch'] = true;
+ }
+ }
+
+ // Change information //////////////////////////////////////////
+ $this->confText($user, 'firstname');
+ $this->confText($user, 'lastname');
+ $this->confText($user, 'hsclass');
+
+ // Change contact info /////////////////////////////////////////
+ global $CONTACT_METHODS;
+ foreach ($CONTACT_METHODS as $method) {
+ $this->confText($user, $method->addr_slug);
+ }
+ $this->confArray($user, 'use');
+
+ // Change groups ///////////////////////////////////////////////
+ $this->confArray($user, 'groups');
+
+ return $vars;
+ }
+
+ private function confArray($user, $key) {
+ if (isset($_POST[$key]) && is_array($_POST[$key])) {
+ $user->setConfArray($key, $_POST[$key]);
+ }
+ }
+
+ private function confText($user, $name) {
+ if (isset($_POST["user_$name"])) {
+ $user->setConf($name, $_POST["user_$name"]);
+ }
+ }
+
+
+ /**
+ * This will parse POST (really, PUT) data to update multiple users.
+ */
+ private function update_users() {
+ // TODO
+ }
+
+ /**
+ * This will show the user index.
+ */
+ private function show_index($routed, $remainder) {
+ global $mm;
+
+ $logged_in_user = $mm->getAuthObj($mm->isLoggedIn());
+ if (!$logged_in_user->isUser()) {
+ $this->http401($routed, $remainder);
+ exit();
+ }
+
+ $vars = array();
+ $vars['attribs'] = $this->getIndexAttribs();
+ $vars['users'] = array();
+ $uids = $mm->listUsers();
+ foreach ($uids as $uid) {
+ $user = $mm->getAuthObj($uid);
+ $vars['users'][$uid] = array();
+ foreach ($vars['attribs'] as $attrib) {
+ $key = $attrib['key'];
+ $props = $this->getConf($user, $key);
+ $vars['users'][$uid][$key] = $props;
+ }
+ }
+ $this->showView('users/index', $vars);
+ }
+
+ private function getConf($user, $key) {
+ global $mm;
+ $logged_in_user = $mm->getAuthObj($mm->isLoggedIn());
+ $uid = $user->getUID();
+ $post_key = $key."[$uid]";
+ @$value = $_POST[$post_key];
+ $editable = $user->canEdit();
+
+ switch ($key) {
+ case 'auth_name':
+ $value = $user->getName();
+ break;
+ case 'auth_user':
+ $editable = $editable && $logged_in_user->isAdmin();
+ $value = $user->isUser();
+ break;
+ case 'auth_admin':
+ $editable = $editable && $logged_in_user->isAdmin();
+ $value = $user->isAdmin();
+ break;
+ default:
+ $value = $user->getConf($key);
+ break;
+ }
+
+ return array('value'=>$value,
+ 'post_key'=>$post_key,
+ 'editable'=>$editable);
+ }
+
+ function attrib($key, $name) {
+ return array('key'=>$key, 'name'=>$name);
+ }
+ private function getIndexAttribs() {
+ $attribs = array($this->attrib('auth_user', 'Active'),
+ $this->attrib('lastname','Last'),
+ $this->attrib('firstname','First'),
+ $this->attrib('hsclass','Class of'),
+ $this->attrib('phone','Phone number'),
+ $this->attrib('email','Email'),
+ $this->attrib('auth_name', 'Username'),
+ );
+ return $attrib;
+ }
+}