1 files changed, 63 insertions, 91 deletions
diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index b8c9244..df00663 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -1,6 +1,7 @@
 <?php
 require_once('Login.class.php');
 require_once('Auth.class.php');
+require_once('DB.class.php');
 
 Router::register('users/new'  , 'Users', 'new_user');
 Router::register('users/index', 'Users', 'index_file');
@@ -22,7 +23,12 @@ class Users extends Controller {
 		switch ($method) {
 		case 'POST':
 			// We're POSTing a new user.
-			$this->create_user();
+			if ($this->registrationOpen()) {
+				$this->create_user();
+			} else {
+				$this->showView('users/new-locked', array());
+				exit();
+			}
 			break;
 		case 'HEAD': // fall-through to GET
 		case 'GET':
@@ -61,6 +67,10 @@ class Users extends Controller {
 			$this->showView('users/new-logged-in', array());
 			exit();
 		}
+		if (!$this->registrationOpen()) {
+			$this->showView('users/new-locked', array());
+			exit();
+		}
 		if (!isset($vars['errors'])) $vars['errors'] = array();
 		global $mm; $pm = $mm->pluginManager();
 		$vars['antispam_html'] = $pm->callHook('antispam_html');
@@ -68,26 +78,34 @@ class Users extends Controller {
 	}
 	
 	public function individual($routed, $remainder) {
-		$username = implode('/', $remainder);
-		
 		global $mm; // also used for pluginmanager
 		$db = $mm->database();
-		$uid = $db->getUID($username);
-		$user = Auth::getObj($uid);
-		
-		if ($user->isGroup()) $uid = false; // ignore groups.
-		
-		if ($uid===false) {
-			$this->http404($routed, $remainder);
+		$pm = $mm->pluginManager();
+
+		$username = implode('/', $remainder);
+		if ($username == 'all') {
+			$uids = $db->listUsers();
 		} else {
+			$uids = array($db->getUID($username));
+		}
+
+		$vars = array();
+		
+		if (count($uids)<2) {
+			$user = Auth::getObj($uid);
+			
+			if ($user->isGroup()) $uid = false; // ignore groups.
+			
+			if ($uid===false) {
+				$this->http404($routed, $remainder);
+				exit();
+			}
 			if (!$user->canRead()) {
 				$this->http401($routed, $remainder);
 				exit();
 			}
 			
-			$vars = array();
 			$method = $_SERVER['REQUEST_METHOD'];
-			
 			switch ($method) {
 			case 'PUT': $_POST = $_PUT;
 			case 'POST':
@@ -97,19 +115,23 @@ class Users extends Controller {
 				}
 				break;
 			}
-			
-			$config_options = array();
-			$mm->pluginManager()->callHook('userConfig', &$config_options);
-			
-			$vars['config_options'] = $config_options;
-			$vars['user'] = $user;
-			$vars['groups'] = $db->listGroupNames();
-			require_once('ContactMethod.class.php');
-			$this->showView('users/individual', $vars);
 		}
+		
+		$config_options = array();
+		$pm->callHook('userConfig', &$config_options);
+
+		$vars['users'] = array();
+		foreach ($uids as $uid) {
+			$vars['users'][] = Auth::getObj($uid);
+		}
+		$vars['username'] = $username;
+		$vars['config_options'] = $config_options;
+		$vars['groups'] = $db->listGroupNames();
+		require_once('ContactMethod.class.php');
+		$this->showView('users/individual', $vars);
 	}
 	
-	public function http404($routed, $rnemainder) {
+	public function http404($routed, $remainder) {
 		$username = implode('/', $remainder);
 		$this->showView('users/404',
 		                array('username'=>$username));
@@ -167,7 +189,7 @@ class Users extends Controller {
 				$this->showView('users/500');
 			} else {
 				Login::login($username, $password);
-				$this->setConf($uid, 'email', $vars['email']);
+				DB::set('users', $uid, 'email', $vars['email']);
 				$this->showView('users/created',
 				                array('username'=>$username));
 			}
@@ -257,11 +279,8 @@ class Users extends Controller {
 			if (isset($_POST[$key]) && is_array($_POST[$key])) {
 				$old = $_POST['_old'][$key];
 				foreach ($_POST[$key] as $uid => $value) {
-					// FIXME
-					$form->setter = create_function('$k,$v', "return Users::setConf($uid, \$k, \$v)");
-					$form->getter = create_function('$k'   , "return Users::getConf($uid, \$k)");
-					@$value_old = $_POST[$key];
-					$set = $form->updateValue($value, $value_old);
+					@$value_base = $old[$uid];
+					$set = DB::set('users', $uid, $key, $value, $value_base);
 					if (is_string($set)) {
 						echo "<pre>\n";
 						echo "Error: Value changed elsewhere, ".
@@ -303,79 +322,22 @@ class Users extends Controller {
 			$vars['users'][$uid] = array();
 			foreach ($vars['attribs'] as $attrib) {
 				$key = $attrib['key'];
-				$props = $this->getConf($uid, $key);
+				$props = DB::get('users', $uid, $key);
 				$vars['users'][$uid][$key] = $props;
 			}
 		}
 		$this->showView('users/index', $vars);
 	}
 	
-	public static function getConf($uid, $key) {
-		$user = Auth::getObj($uid);
-		$logged_in_user = Auth::getObj(Login::isLoggedIn());
-
-		$post_key = $key."[$uid]";
-		@$value = $_POST[$post_key];
-		$editable = $user->canEdit();
-		
-		switch ($key) {
-		case 'auth_name':
-			$value = $user->getName();
-			break;
-		case 'auth_user':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isUser();
-			break;
-		case 'auth_admin':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isAdmin();
-			break;
-		case 'auth_delete':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = false;
-			break;
-		default:
-			$value = $user->getConf($key);
-			if ($value===false) $value='';
-			break;
-		}
-		
-		return array('value'=>$value,
-		             'post_key'=>$post_key,
-		             'editable'=>$editable);
-	}
-	public static function setConf($uid, $key, $value) {
-		// So, this rocks because we don't have to check permissions,
-		// the User object does that.
-		$user = Auth::getObj($uid);
-		
-		switch ($key) {
-		case 'auth_name':
-			return $user->setName($value);
-			break;
-		case 'auth_user':
-			return $user->setUser($value=='true');
-			break;
-		case 'auth_admin':
-			return $user->setAdmin($value=='true');
-			break;
-		case 'auth_delete':
-			if ($value=='true') return $user->delete();
-		default: 
-			return $user->setConf($key, $value);
-			break;
-		}
-	}
-	
-	function attrib($key, $name) {
-		return array('key'=>$key, 'name'=>$name);
+	function attrib($key, $name, $type='string') {
+		return array('key'=>$key, 'name'=>$name, 'type'=>$type);
 	}
 	private function getIndexAttribs() {
 		$attribs = array();
-		$attribs[] = $this->attrib('auth_user', 'Active');
+		$attribs[] = $this->attrib('auth_user', 'Active', 'bool');
 		if (Auth::getObj(Login::isLoggedIn())->isAdmin()) {
-			$attribs[] = $this->attrib('auth_admin', 'Admin');
-			$attribs[] = $this->attrib('auth_delete', 'Delete');
+			$attribs[] = $this->attrib('auth_admin', 'Admin', 'bool');
+			$attribs[] = $this->attrib('auth_delete', 'Delete', 'bool');
 		}
 		$attribs[] = $this->attrib('lastname','Last');
 		$attribs[] = $this->attrib('firstname','First');
@@ -385,4 +347,14 @@ class Users extends Controller {
 		$attribs[] = $this->attrib('auth_name', 'Username');
 		return $attribs;
 	}
+	
+	private function registrationOpen() {
+		global $mm; $db = $mm->database();
+		$val = $db->getSysConf('registration_open');
+		switch ($val) {
+		case 'true': return true;
+		case 'false': return false;
+		default: return true;
+		}
+	}
 }