diff options
Diffstat (limited to 'src/controllers')
-rw-r--r-- | src/controllers/Auth.class.php | 57 | ||||
-rw-r--r-- | src/controllers/Http404.class.php | 7 | ||||
-rw-r--r-- | src/controllers/Users.class.php | 291 |
3 files changed, 355 insertions, 0 deletions
diff --git a/src/controllers/Auth.class.php b/src/controllers/Auth.class.php new file mode 100644 index 0000000..86bd83f --- /dev/null +++ b/src/controllers/Auth.class.php @@ -0,0 +1,57 @@ +<?php + +Router::register('auth', 'Auth'); + +class Auth extends Controller { + public function index($routed, $remainder) { + // So if $_POST['action'] isn't set, it will trip on '', which + // is great, so we don't have to handle GET and PUT separately. + @$action = $_POST['action']; + switch ($action) { + case 'login' : $this->login(); break; + case 'logout': $this->logout(); break; + case '' : $this->maybe_login(); break; + default : $this->badrequest(); break; + } + } + private function login() { + $username = ''; + $password = ''; + + $login = -1; + if ( isset($_POST['username']) && isset($_POST['password'])) { + $username = $_POST['username']; + $password = $_POST['password']; + $login = $mm->login($username, $password); + } + + $vars = array(); + $vars['login_code'] = $login; + $vars['username'] = $username; + $vars['password'] = $password; + if (isset($_POST['url'])) { + $vars['url'] = $_POST['url']; + } + + $this->showView('auth/login', $vars); + } + private function logout() { + global $mm; + $mm->logout(); + $this->showView('auth/logout'); + } + private function maybe_login() { + global $mm; + $uid = $mm->isLoggedIn(); + if ($uid===false) { + $this->login(); + } else { + $username = $mm->getUsername($uid); + $this->showView('auth/index', + array('username'=>$username)); + } + } + private function badrequest() { + $this->showView('auth/badrequest'); + } +} diff --git a/src/controllers/Http404.class.php b/src/controllers/Http404.class.php new file mode 100644 index 0000000..322feaa --- /dev/null +++ b/src/controllers/Http404.class.php @@ -0,0 +1,7 @@ +<?php + +class Http404 extends Controller { + public function index($routed, $remainder) { + $this->http404($routed, $remainder); + } +} diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php new file mode 100644 index 0000000..617c57a --- /dev/null +++ b/src/controllers/Users.class.php @@ -0,0 +1,291 @@ +<?php + +Router::register('users/new' , 'Users', 'new_user'); +Router::register('users/index', 'Users', 'index_file'); +Router::register('users' , 'Users', 'index_dir'); +Router::register('users/*' , 'Users', 'individual'); + +class Users extends Controller { + public static $illegal_names = array('', 'new', 'index'); + + /** + * Handle GETing the new user form. + * + * I would have named this `new', but that's a keyword. + */ + public function new_user($routed, $vars) { + // since there will never be a remainder to `users/new', we can + // use that parameter to pass in some data. + $this->showView('users/new', $vars); + } + + public function index($routed, $remainder) { + return $this->index_dir($routed, $remainder); + } + + /** + * Handle POSTing a new user, or GETing the index. + */ + public function index_dir($routed, $remainder) { + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'POST': + // We're POSTing a new user. + $this->create_user(); + break; + case 'HEAD': // fall-through to GET + case 'GET': + // We're GETing the index. + $this->show_index($routed, $remainder); + break; + } + } + + /** + * Handle PUTing an updated user index, or GETing the index. + */ + public function index_file($routed, $remainder) { + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated user index. + $this->update_users(); + break; + } + $this->show_index($routed, $remainder); + } + + + public function individual($routed, $remainder) { + $username = implode('/', $remainder); + + global $mm; + $uid = $mm->getUID($username); + if ($mm->getStatus($uid)===3) $uid = false; // ignore groups. + + if ($uid===false) { + $this->http404($routed, $remainder); + } else { + $user = $mm->getAuthObj($uid); + if (!$user->canRead()) { + $this->http401($routed, $remainder); + exit(); + } + + $vars = array(); + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing updated user info. + if ($user->canEdit()) { + $vars = $this->update_user($user); + } + break; + } + $vars['user'] = $user; + $vars['groups'] = $mm->listGroupNames(); + $this->showView('users/individual', $vars); + } + } + + public function http404($routed, $remainder) { + $username = implode('/', $remainder); + $this->showView('users/404', + array('username'=>$username)); + } + + public function http401($routed, $remainder) { + global $mm; + $this->showView('users/401', array('uid'=>$mm->isLoggedIn())); + } + + /** + * This will parse POST data to create a new user. + * If successfull it will show a message saying so. + * If not successfull, it will re-show the new-user form with errors + * explained. + */ + private function create_user() { + $vars = array(); + @$vars['username' ] = $_POST['auth_name']; + @$vars['password1'] = $_POST['auth_password' ]; + @$vars['password2'] = $_POST['auth_password_verify']; + + global $mm; + $vars['errors'] = array(); + if ($mm->getUID($vars['username'])!==false) + $vars['errors'][] = 'user exists'; + if (in_array($vars['username'], $this->illegal_names)) + $vars['errors'] = 'illegal name'; + $matches = ($vars['password1'] == $vars['password2']); + if (!$matches) + $vars['errors'] = 'pw mixmatch'; + if ($matches && $password2 == '') + $vars['errors'] = 'no pw'; + + if (count($vars['errors']) > 0) { + $this->new_user($routed, $vars); + } else { + $username = $vars['username']; + $passowrd = $vars['password1']; + $uid = $mm->addUser($username, $password); + if ($uid===false) { + $this->showView('users/500'); + } else { + $mm->login($username, $password); + $this->showView('users/created', + array('username'=>$username)); + } + } + } + + /** + * This will parse POST (really, PUT) data to update a single user + */ + private function update_user($user) { + $vars = array(); + + $username = $user->getName(); + // Change the username ///////////////////////////////////////// + if (isset($_POST['auth_name'])) { + $new_name = $_POST['auth_name']; + if ($new_name != $username) { + if (!in_array($new_name, $this->illegal_names)) { + $changed_name = $user->setName($new_name); + $username = $user->getName(); + $vars['changed name'] = $changed_name; + } + } + } + + // Change the password ///////////////////////////////////////// + @$password1 = $_POST['auth_password' ]; + @$password2 = $_POST['auth_password'.'_verify']; + + // Check the verify box, not main box, so that we don't get + // tripped by browsers annoyingly autocompleting the password. + $is_set = ($password2 != ''); + + if ($is_set) { + $matches = ( $password1 == $password2 ); + if ($matches) { + $user->setPassword($password1); + $vars['pw updated'] = true; + } else { + $vars['pw mixmatch'] = true; + } + } + + // Change information ////////////////////////////////////////// + $this->confText($user, 'firstname'); + $this->confText($user, 'lastname'); + $this->confText($user, 'hsclass'); + + // Change contact info ///////////////////////////////////////// + global $CONTACT_METHODS; + foreach ($CONTACT_METHODS as $method) { + $this->confText($user, $method->addr_slug); + } + $this->confArray($user, 'use'); + + // Change groups /////////////////////////////////////////////// + $this->confArray($user, 'groups'); + + return $vars; + } + + private function confArray($user, $key) { + if (isset($_POST[$key]) && is_array($_POST[$key])) { + $user->setConfArray($key, $_POST[$key]); + } + } + + private function confText($user, $name) { + if (isset($_POST["user_$name"])) { + $user->setConf($name, $_POST["user_$name"]); + } + } + + + /** + * This will parse POST (really, PUT) data to update multiple users. + */ + private function update_users() { + // TODO + } + + /** + * This will show the user index. + */ + private function show_index($routed, $remainder) { + global $mm; + + $logged_in_user = $mm->getAuthObj($mm->isLoggedIn()); + if (!$logged_in_user->isUser()) { + $this->http401($routed, $remainder); + exit(); + } + + $vars = array(); + $vars['attribs'] = $this->getIndexAttribs(); + $vars['users'] = array(); + $uids = $mm->listUsers(); + foreach ($uids as $uid) { + $user = $mm->getAuthObj($uid); + $vars['users'][$uid] = array(); + foreach ($vars['attribs'] as $attrib) { + $key = $attrib['key']; + $props = $this->getConf($user, $key); + $vars['users'][$uid][$key] = $props; + } + } + $this->showView('users/index', $vars); + } + + private function getConf($user, $key) { + global $mm; + $logged_in_user = $mm->getAuthObj($mm->isLoggedIn()); + $uid = $user->getUID(); + $post_key = $key."[$uid]"; + @$value = $_POST[$post_key]; + $editable = $user->canEdit(); + + switch ($key) { + case 'auth_name': + $value = $user->getName(); + break; + case 'auth_user': + $editable = $editable && $logged_in_user->isAdmin(); + $value = $user->isUser(); + break; + case 'auth_admin': + $editable = $editable && $logged_in_user->isAdmin(); + $value = $user->isAdmin(); + break; + default: + $value = $user->getConf($key); + break; + } + + return array('value'=>$value, + 'post_key'=>$post_key, + 'editable'=>$editable); + } + + function attrib($key, $name) { + return array('key'=>$key, 'name'=>$name); + } + private function getIndexAttribs() { + $attribs = array($this->attrib('auth_user', 'Active'), + $this->attrib('lastname','Last'), + $this->attrib('firstname','First'), + $this->attrib('hsclass','Class of'), + $this->attrib('phone','Phone number'), + $this->attrib('email','Email'), + $this->attrib('auth_name', 'Username'), + ); + return $attrib; + } +} |