From 83e460cdc3fc09867a3adb48c3d0894579dd3050 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 7 Jan 2012 08:21:00 -0800 Subject: Refactor to separate the framework from the app; drop message stuff, this app is just user management. Add a json view for individual users --- apps/um/controllers/Authenticator.class.php | 57 +++++ apps/um/controllers/Config.class.php | 30 +++ apps/um/controllers/Groups.class.php | 11 + apps/um/controllers/Http404.class.php | 7 + apps/um/controllers/Main.class.php | 9 + apps/um/controllers/Plugins.class.php | 75 ++++++ apps/um/controllers/Users.class.php | 371 ++++++++++++++++++++++++++++ 7 files changed, 560 insertions(+) create mode 100644 apps/um/controllers/Authenticator.class.php create mode 100644 apps/um/controllers/Config.class.php create mode 100644 apps/um/controllers/Groups.class.php create mode 100644 apps/um/controllers/Http404.class.php create mode 100644 apps/um/controllers/Main.class.php create mode 100644 apps/um/controllers/Plugins.class.php create mode 100644 apps/um/controllers/Users.class.php (limited to 'apps/um/controllers') diff --git a/apps/um/controllers/Authenticator.class.php b/apps/um/controllers/Authenticator.class.php new file mode 100644 index 0000000..0c1bf0c --- /dev/null +++ b/apps/um/controllers/Authenticator.class.php @@ -0,0 +1,57 @@ +login(); break; + case 'logout': $this->logout(); break; + case '' : $this->maybe_login(); break; + default : $this->badrequest(); break; + } + } + private function login() { + $username = ''; + $password = ''; + + $login = -1; + if ( isset($_POST['username']) && isset($_POST['password'])) { + $username = $_POST['username']; + $password = $_POST['password']; + $login = Login::login($username, $password); + } + + $vars = array(); + $vars['login_code'] = $login; + $vars['username'] = $username; + $vars['password'] = $password; + if (isset($_POST['url'])) { + $vars['url'] = $_POST['url']; + } + + $this->showView('auth/login', $vars); + } + private function logout() { + Login::logout(); + $this->showView('auth/logout'); + } + private function maybe_login() { + $uid = Login::isLoggedIn(); + if ($uid===false) { + $this->login(); + } else { + $username = Auth::getInstance($uid)->getName(); + $this->showView('auth/index', + array('username'=>$username)); + } + } + private function badrequest() { + $this->showView('auth/badrequest'); + } +} diff --git a/apps/um/controllers/Config.class.php b/apps/um/controllers/Config.class.php new file mode 100644 index 0000000..dc6a884 --- /dev/null +++ b/apps/um/controllers/Config.class.php @@ -0,0 +1,30 @@ +isAdmin()) { + $this->http401($routed, $remainder); + return; + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated configuration. + $this->update(); + break; + } + $this->show_index(); + } + private function show_index() { + + } + private function update() { + + } +} diff --git a/apps/um/controllers/Groups.class.php b/apps/um/controllers/Groups.class.php new file mode 100644 index 0000000..9d99d99 --- /dev/null +++ b/apps/um/controllers/Groups.class.php @@ -0,0 +1,11 @@ +http404($routed, $remainder); + } +} diff --git a/apps/um/controllers/Main.class.php b/apps/um/controllers/Main.class.php new file mode 100644 index 0000000..7651b62 --- /dev/null +++ b/apps/um/controllers/Main.class.php @@ -0,0 +1,9 @@ +showView('index'); + } +} diff --git a/apps/um/controllers/Plugins.class.php b/apps/um/controllers/Plugins.class.php new file mode 100644 index 0000000..2ed6e7a --- /dev/null +++ b/apps/um/controllers/Plugins.class.php @@ -0,0 +1,75 @@ +isAdmin()) { + $this->http401($routed, $remainder); + return; + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated user index. + $this->update(); + break; + } + $this->show_index(); + } + + private function update() { + $db = Database::getInstance(); + + if (isset($_POST['plugins'])) { + $string = $db->arrayToValue($_POST['plugins']); + $db->setSysConf('plugins', $string); + } + + if (isset($_POST['config'])) { + foreach ($_POST['config'] as $plugin_name => $plugin) { + foreach ($plugin as $param => $value) { + $db->setPluginConf($plugin_name, + $param, + $value); + } + } + } + } + + private function show_index() { + $pm = PluginManager::getInstance(); + $all_plugins = $pm->listPlugins(); + $enabled_plugins = $pm->getActivePlugins(); + + $plugin_data = array(); + foreach ($all_plugins as $plugin_name) { + $plugin = array(); + $plugin['name'] = $plugin_name; + $plugin['key'] = 'config['.$plugin_name.']'; + $plugin['active'] = + in_array($plugin_name, $enabled_plugins); + $plugin['description'] = + $pm->staticHook($plugin_name, 'description'); + $plugin['config'] = + $pm->staticHook($plugin_name, 'configList'); + $plugin_data[] = $plugin; + } + + $vars = array(); + $vars['plugins'] = $plugin_data; + $this->showView('plugins/index', $vars); + } + + public function http401($routed, $remainder) { + $this->showView('plugins/401'); + } +} diff --git a/apps/um/controllers/Users.class.php b/apps/um/controllers/Users.class.php new file mode 100644 index 0000000..9978ef8 --- /dev/null +++ b/apps/um/controllers/Users.class.php @@ -0,0 +1,371 @@ +index_dir($routed, $remainder); + } + + /** + * Handle POSTing a new user, or GETing the index. + */ + public function index_dir($routed, $remainder) { + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'POST': + // We're POSTing a new user. + if ($this->registrationOpen()) { + $this->create_user(); + } else { + $this->showView('users/new-locked', array()); + exit(); + } + break; + case 'HEAD': // fall-through to GET + case 'GET': + // We're GETing the index. + $this->show_index($routed, $remainder); + break; + } + } + + /** + * Handle PUTing an updated user index, or GETing the index. + */ + public function index_file($routed, $remainder) { + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated user index. + $this->update_users(); + break; + } + $this->show_index($routed, $remainder); + } + + // Other Views /////////////////////////////////////////////// + + /** + * Handle GETing the new user form. + * + * I would have named this `new', but that's a keyword. + */ + public function new_user($routed, $vars) { + // since there will never be a remainder to `users/new', we can + // use that parameter to pass in some data. + if (Login::isLoggedIn()) { + $this->showView('users/new-logged-in', array()); + exit(); + } + if (!$this->registrationOpen()) { + $this->showView('users/new-locked', array()); + exit(); + } + if (!isset($vars['errors'])) $vars['errors'] = array(); + + $db = Database::getInstance(); + $pm = PluginManager::getInstance(); + + $vars['antispam_html'] = $pm->callHook('antispam_html'); + $vars['userlist'] = $db->getSysConf('anon_userlist'); + $this->showView('users/new', $vars); + } + + public function individual($routed, $remainder) { + $db = Database::getInstance(); + $pm = PluginManager::getInstance(); + + $username = implode('/', $remainder); + if ($username == 'all') { + $uids = $db->listUsers(); + } else { + $uids = array($db->getUID($username)); + } + + $vars = array(); + + if (count($uids)<2) { + $user = Auth::getInstance($uid); + + if ($user->isGroup()) $uid = false; // ignore groups. + + if ($uid===false) { + $this->http404($routed, $remainder); + exit(); + } + if (!$user->canRead()) { + $this->http401($routed, $remainder); + exit(); + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing updated user info. + if ($user->canEdit()) { + $vars = $this->update_user($user); + } + break; + } + } + + $config_options = array(); + $pm->callHook('userConfig', &$config_options); + + $vars['users'] = array(); + foreach ($uids as $uid) { + $vars['users'][] = Auth::getInstance($uid); + } + $vars['username'] = $username; + $vars['config_options'] = $config_options; + $vars['groups'] = $db->listGroupNames(); + require_once('ContactMethod.class.php'); + $this->showView('users/individual', $vars); + } + + public function http404($routed, $remainder) { + $username = implode('/', $remainder); + $this->showView('users/404', + array('username'=>$username)); + } + + public function http401($routed, $remainder) { + $this->showView('users/401', array('uid'=>Login::isLoggedIn())); + } + + // Other Functions /////////////////////////////////////////// + + /** + * This will parse POST data to create a new user. + * If successfull it will show a message saying so. + * If not successfull, it will re-show the new-user form with errors + * explained. + */ + private function create_user() { + $db = Database::getInstance(); + $pm = PluginManager::getInstance(); + + $vars = array(); + @$vars['username' ] = $_POST['auth_name']; + @$vars['password1'] = $_POST['auth_password' ]; + @$vars['password2'] = $_POST['auth_password_verify']; + @$vars['email'] = $_POST['user_email']; + + $vars['errors'] = array(); + if ($db->getUID($vars['username'])!==false) + $vars['errors'][] = 'user exists'; + if (!Auth::isNameLegal($vars['username'])) + $vars['errors'][] = 'illegal name'; + $matches = ($vars['password1'] == $vars['password2']); + if (!$matches) { + $vars['errors'][] = 'pw mixmatch'; + } + if ($matches && $vars['password2'] == '') { + $vars['errors'][] = 'no pw'; + } + if ($vars['email'] == '') { + $vars['errors'][] = 'no email'; + } + foreach ($pm->callHook('antispam_verify') as $plugin=>$valid) { + if (!$valid) $vars['errors'][] = 'plugin_'.$plugin; + } + + if (count($vars['errors']) > 0) { + $this->new_user($routed, $vars); + } else { + $username = $vars['username']; + $password = $vars['password1']; + $uid = $db->addUser($username, $password); + if ($uid===false) { + $this->showView('users/500'); + } else { + Login::login($username, $password); + DB::set('users', $uid, 'email', $vars['email']); + $this->showView('users/created', + array('username'=>$username)); + } + } + } + + /** + * This will parse POST (really, PUT) data to update a single user + */ + private function update_user($user) { + $vars = array(); + + $username = $user->getName(); + // Change the username ///////////////////////////////////////// + if (isset($_POST['auth_name'])) { + $new_name = $_POST['auth_name']; + if ($new_name != $username) { + $changed_name = $user->setName($new_name); + $username = $user->getName(); + $vars['changed name'] = $changed_name; + } + } + + // Change the password ///////////////////////////////////////// + @$password1 = $_POST['auth_password' ]; + @$password2 = $_POST['auth_password'.'_verify']; + + // Check the verify box, not main box, so that we don't get + // tripped by browsers annoyingly autocompleting the password. + $is_set = ($password2 != ''); + + if ($is_set) { + $matches = ( $password1 == $password2 ); + if ($matches) { + $user->setPassword($password1); + $vars['pw updated'] = true; + } else { + $vars['pw mixmatch'] = true; + } + } + + // Change information ////////////////////////////////////////// + $config_options = array(); + $pm = PluginManager::getInstance(); + $pm->callHook('userConfig', &$config_options); + + foreach ($config_options as $group=>$options) { + foreach ($options as $option) { + $this->confText($user, $option[0]); + } + } + + // Change contact info ///////////////////////////////////////// + global $CONTACT_METHODS; + foreach ($CONTACT_METHODS as $method) { + $this->confText($user, $method->addr_slug); + } + $this->confArray($user, 'use'); + + // Change groups /////////////////////////////////////////////// + $this->confArray($user, 'groups'); + + return $vars; + } + + private function confArray($user, $key) { + if (isset($_POST[$key]) && is_array($_POST[$key])) { + $user->setConfArray($key, $_POST[$key]); + } + } + + private function confText($user, $name) { + if (isset($_POST["user_$name"])) { + $user->setConf($name, $_POST["user_$name"]); + } + } + + + /** + * This will parse POST (really, PUT) data to update multiple users. + */ + private function update_users() { + $attribs = $this->getIndexAttribs(); + $form = new Form(null, null); + foreach ($attribs as $attrib) { + $key = $attrib['key']; + if (isset($_POST[$key]) && is_array($_POST[$key])) { + $old = $_POST['_old'][$key]; + foreach ($_POST[$key] as $uid => $value) { + @$value_base = $old[$uid]; + $set = DB::set('users', $uid, $key, $value, $value_base); + if (is_string($set)) { + echo "
\n";
+						echo "Error: Value changed elsewhere, ".
+							"and I don't have real handling ".
+							"for this yet.\n";
+						echo "UID: $uid\n";
+						echo "Name: ".$user->getName()."\n";
+						echo "Key: $key\n";
+						echo "Value: Original  : ";
+						var_dump($value_base);
+						echo "Value: Other edit: ";
+						var_dump($value_fork);
+						echo "Value: This edit : ";
+						var_dump($value);
+						echo "
"; + } + } + } + } + } + + /** + * This will show the user index. + */ + private function show_index($routed, $remainder) { + $db = Database::getInstance(); + + $logged_in_user = Auth::getInstance(Login::isLoggedIn()); + $anon_userlist = $db->getSysConf('anon_userlist')=='true'; + if (!$anon_userlist && !$logged_in_user->isUser()) { + $this->http401($routed, $remainder); + exit(); + } + + $vars = array(); + $vars['attribs'] = $this->getIndexAttribs(); + $vars['users'] = array(); + $uids = $db->listUsers(); + foreach ($uids as $uid) { + $vars['users'][$uid] = array(); + foreach ($vars['attribs'] as $attrib) { + $key = $attrib['key']; + $props = DB::get('users', $uid, $key); + $vars['users'][$uid][$key] = $props; + } + } + $this->showView('users/index', $vars); + } + + function attrib($key, $name, $type='string') { + return array('key'=>$key, 'name'=>$name, 'type'=>$type); + } + private function getIndexAttribs() { + $user = Auth::getInstance(Login::isLoggedIn()); + + $attribs = array(); + $attribs[] = $this->attrib('auth_uid', 'UID'); + if ($user->isUser()) { + $attribs[] = $this->attrib('auth_user', 'Active', 'bool'); + if ($user->isAdmin()) { + $attribs[] = $this->attrib('auth_admin', 'Admin', 'bool'); + $attribs[] = $this->attrib('auth_delete', 'Delete', 'bool'); + } + $attribs[] = $this->attrib('lastname','Last'); + $attribs[] = $this->attrib('firstname','First'); + $attribs[] = $this->attrib('hsclass','Class of'); + $attribs[] = $this->attrib('phone','Phone number'); + $attribs[] = $this->attrib('email','Email'); + } + $attribs[] = $this->attrib('auth_name', 'Username'); + + return $attribs; + } + + private function registrationOpen() { + $db = Database::getInstance(); + $val = $db->getSysConf('registration_open'); + switch ($val) { + case 'true': return true; + case 'false': return false; + default: return true; + } + } +} -- cgit v1.2.3