From f72b9a7658cea71ee1edf4ae678a2c8043d9e5bf Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 4 Oct 2011 22:19:45 -0400 Subject: Begin work on safely allowing concurrent edits on data, giving better form interface. --- src/controllers/Users.class.php | 71 +++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 45 deletions(-) (limited to 'src/controllers/Users.class.php') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index a5d23fc..b8c9244 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -251,50 +251,31 @@ class Users extends Controller { */ private function update_users() { $attribs = $this->getIndexAttribs(); + $form = new Form(null, null); foreach ($attribs as $attrib) { $key = $attrib['key']; if (isset($_POST[$key]) && is_array($_POST[$key])) { $old = $_POST['_old'][$key]; foreach ($_POST[$key] as $uid => $value) { - $doit = true; - $forked = false; - $have_old = isset($old[$uid]); - if ($have_old) { - @$value_base = $old[$uid]; - $we_changed_it = $value_base != $value; - if ($we_changed_it) { - $user = Auth::getObj($uid); - $value_fork = $this->getConf($user,$key); - $value_fork = $value_fork['value']; - if ($value_fork===false) $value_fork = 'false'; - if ($value_fork===true) $value_fork = 'true'; - - $someone_else_changed_it = $value_fork != $value_base; - if ($someone_else_changed_it) { - if ($value == $value_fork) { - // we might as well not have - $we_changed_it = false; - } else { - $forked = true; - } - } - } - if (!$we_changed_it) { - $doit = false;// nothing to do - } - } - if ($doit) { - $this->setConf($uid, $key, $value); - } - if ($forked) { + // FIXME + $form->setter = create_function('$k,$v', "return Users::setConf($uid, \$k, \$v)"); + $form->getter = create_function('$k' , "return Users::getConf($uid, \$k)"); + @$value_old = $_POST[$key]; + $set = $form->updateValue($value, $value_old); + if (is_string($set)) { echo "
\n";
-						echo "Error: Value changed elsewhere, and I don't have real handling for this yet.\n";
+						echo "Error: Value changed elsewhere, ".
+							"and I don't have real handling ".
+							"for this yet.\n";
 						echo "UID: $uid\n";
 						echo "Name: ".$user->getName()."\n";
 						echo "Key: $key\n";
-						echo "Value: Original  : "; var_dump($value_base);
-						echo "Value: Other edit: "; var_dump($value_fork);
-						echo "Value: This edit : "; var_dump($value);
+						echo "Value: Original  : ";
+						var_dump($value_base);
+						echo "Value: Other edit: ";
+						var_dump($value_fork);
+						echo "Value: This edit : ";
+						var_dump($value);
 						echo "
"; } } @@ -319,20 +300,20 @@ class Users extends Controller { $vars['users'] = array(); $uids = $db->listUsers(); foreach ($uids as $uid) { - $user = Auth::getObj($uid); $vars['users'][$uid] = array(); foreach ($vars['attribs'] as $attrib) { $key = $attrib['key']; - $props = $this->getConf($user, $key); + $props = $this->getConf($uid, $key); $vars['users'][$uid][$key] = $props; } } $this->showView('users/index', $vars); } - private function getConf($user, $key) { + public static function getConf($uid, $key) { + $user = Auth::getObj($uid); $logged_in_user = Auth::getObj(Login::isLoggedIn()); - $uid = $user->getUID(); + $post_key = $key."[$uid]"; @$value = $_POST[$post_key]; $editable = $user->canEdit(); @@ -363,25 +344,25 @@ class Users extends Controller { 'post_key'=>$post_key, 'editable'=>$editable); } - private function setConf($uid, $key, $value) { + public static function setConf($uid, $key, $value) { // So, this rocks because we don't have to check permissions, // the User object does that. $user = Auth::getObj($uid); switch ($key) { case 'auth_name': - $user->setName($value); + return $user->setName($value); break; case 'auth_user': - $user->setUser($value=='true'); + return $user->setUser($value=='true'); break; case 'auth_admin': - $user->setAdmin($value=='true'); + return $user->setAdmin($value=='true'); break; case 'auth_delete': - if ($value=='true') $user->delete(); + if ($value=='true') return $user->delete(); default: - $user->setConf($key, $value); + return $user->setConf($key, $value); break; } } -- cgit v1.2.3-54-g00ecf From 89c35c47f375d5b45e1e219327600b5bba5569f1 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 03:15:03 -0400 Subject: Begin adding a userlist visable to non-authenticated users. --- src/controllers/Users.class.php | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'src/controllers/Users.class.php') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index a4403e3..f7dc604 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -417,18 +417,27 @@ class Users extends Controller { return array('key'=>$key, 'name'=>$name); } private function getIndexAttribs() { + $user = Auth::getObj(Login::isLoggedIn()); + $attribs = array(); - $attribs[] = $this->attrib('auth_user', 'Active'); - if (Auth::getObj(Login::isLoggedIn())->isAdmin()) { - $attribs[] = $this->attrib('auth_admin', 'Admin'); - $attribs[] = $this->attrib('auth_delete', 'Delete'); + if ($user->isUser()) { + $attribs[] = $this->attrib('auth_uid', 'UID'); + $attribs[] = $this->attrib('auth_user', 'Active'); + if ($user->isAdmin()) { + $attribs[] = $this->attrib('auth_admin', 'Admin'); + $attribs[] = $this->attrib('auth_delete', 'Delete'); + } + $attribs[] = $this->attrib('lastname','Last'); + $attribs[] = $this->attrib('firstname','First'); + $attribs[] = $this->attrib('hsclass','Class of'); + $attribs[] = $this->attrib('phone','Phone number'); + $attribs[] = $this->attrib('email','Email'); + } else { + $attribs[] = $this->attrib('auth_uid', 'UID'); + $attribs[] = $this->attrib('lastname','Last'); + $attribs[] = $this->attrib('firstname','First'); + $attribs[] = $this->attrib('auth_name', 'Username'); } - $attribs[] = $this->attrib('lastname','Last'); - $attribs[] = $this->attrib('firstname','First'); - $attribs[] = $this->attrib('hsclass','Class of'); - $attribs[] = $this->attrib('phone','Phone number'); - $attribs[] = $this->attrib('email','Email'); - $attribs[] = $this->attrib('auth_name', 'Username'); return $attribs; } -- cgit v1.2.3-54-g00ecf From 7e91c2872778407172fa42208be1aa7e466b97e3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 14:17:09 -0400 Subject: Don't show full name to anon users, comment out security check for index. --- src/controllers/Users.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/controllers/Users.class.php') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index f7dc604..c69701f 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -329,11 +329,13 @@ class Users extends Controller { private function show_index($routed, $remainder) { global $mm; $db = $mm->database(); + /* $logged_in_user = Auth::getObj(Login::isLoggedIn()); if (!$logged_in_user->isUser()) { $this->http401($routed, $remainder); exit(); } + */ $vars = array(); $vars['attribs'] = $this->getIndexAttribs(); @@ -434,8 +436,6 @@ class Users extends Controller { $attribs[] = $this->attrib('email','Email'); } else { $attribs[] = $this->attrib('auth_uid', 'UID'); - $attribs[] = $this->attrib('lastname','Last'); - $attribs[] = $this->attrib('firstname','First'); $attribs[] = $this->attrib('auth_name', 'Username'); } return $attribs; -- cgit v1.2.3-54-g00ecf From 01003f1761631394360697530d3418c1acaf1cd9 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 14:57:49 -0400 Subject: Add the system config option 'anon_userlist' to control if an anonymous userlist is visible or not. --- src/controllers/Users.class.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/controllers/Users.class.php') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index 24bb8aa..ac6b06a 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -308,13 +308,12 @@ class Users extends Controller { private function show_index($routed, $remainder) { global $mm; $db = $mm->database(); - /* $logged_in_user = Auth::getObj(Login::isLoggedIn()); - if (!$logged_in_user->isUser()) { + $anon_userlist = $db->getSysConf('anon_userlist')=='true'; + if (!$anon_userlist && !$logged_in_user->isUser()) { $this->http401($routed, $remainder); exit(); } - */ $vars = array(); $vars['attribs'] = $this->getIndexAttribs(); -- cgit v1.2.3-54-g00ecf From 2e769649abf4f9b3712287e24eb42c5a93a8035e Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 15:41:59 -0400 Subject: Link to the userlist from the user registration page, if anon_userlist is enabled. --- src/controllers/Users.class.php | 7 ++++++- src/views/pages/users/new.html.php | 10 ++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) (limited to 'src/controllers/Users.class.php') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index ac6b06a..dbd5120 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -72,8 +72,13 @@ class Users extends Controller { exit(); } if (!isset($vars['errors'])) $vars['errors'] = array(); - global $mm; $pm = $mm->pluginManager(); + + global $mm; + $pm = $mm->pluginManager(); + $db = $mm->database(); + $vars['antispam_html'] = $pm->callHook('antispam_html'); + $vars['userlist'] = $db->getSysConf('anon_userlist'); $this->showView('users/new', $vars); } diff --git a/src/views/pages/users/new.html.php b/src/views/pages/users/new.html.php index 8b6bdf8..9df376f 100644 --- a/src/views/pages/users/new.html.php +++ b/src/views/pages/users/new.html.php @@ -7,6 +7,16 @@ $t->openTag('form', array('method'=>'post', 'action'=>$t->url('users'))); $t->openFieldset("New User: Step 1"); + +if ($VARS['userlist']) { + $t->inputP("If you may have already created a username, please, ". + "please check the ". + $t->link($t->url('users/'), 'user-list', true). + " to find your old username, instead of creating a new ". + "user. If you don't like the name, you can log in and ". + "change it."); +} + if (in_array('illegal name', $VARS['errors'])) { $t->inputP("That is a forbidden username.", true); } -- cgit v1.2.3-54-g00ecf