From 09dfe32eb6b538225686fd6ed0220240010bc574 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Mon, 1 Aug 2011 01:22:36 -0400
Subject: initial commit.

Partway through a rewrite. I have some old files I didn't want to entirely delete.
---
 src/controllers/Auth.class.php    |  57 ++++++++
 src/controllers/Http404.class.php |   7 +
 src/controllers/Users.class.php   | 291 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 355 insertions(+)
 create mode 100644 src/controllers/Auth.class.php
 create mode 100644 src/controllers/Http404.class.php
 create mode 100644 src/controllers/Users.class.php

(limited to 'src/controllers')

diff --git a/src/controllers/Auth.class.php b/src/controllers/Auth.class.php
new file mode 100644
index 0000000..86bd83f
--- /dev/null
+++ b/src/controllers/Auth.class.php
@@ -0,0 +1,57 @@
+<?php
+
+Router::register('auth', 'Auth');
+
+class Auth extends Controller {
+	public function index($routed, $remainder) {
+		// So if $_POST['action'] isn't set, it will trip on '', which
+		// is great, so we don't have to handle GET and PUT separately.
+		@$action = $_POST['action'];
+		switch ($action) {
+		case 'login' : $this->login(); break;
+		case 'logout': $this->logout(); break;
+		case ''      : $this->maybe_login(); break;
+		default      : $this->badrequest(); break;
+		}
+	}
+	private function login() {
+		$username = '';
+		$password = '';
+		
+		$login = -1;
+		if ( isset($_POST['username']) && isset($_POST['password'])) {
+			$username = $_POST['username'];
+			$password = $_POST['password'];
+			$login = $mm->login($username, $password);
+		}
+		
+		$vars = array();
+		$vars['login_code'] = $login;
+		$vars['username'] = $username;
+		$vars['password'] = $password;
+		if (isset($_POST['url'])) {
+			$vars['url'] = $_POST['url'];
+		}
+		
+		$this->showView('auth/login', $vars);
+	}
+	private function logout() {
+		global $mm;
+		$mm->logout();
+		$this->showView('auth/logout');
+	}
+	private function maybe_login() {
+		global $mm;
+		$uid = $mm->isLoggedIn();
+		if ($uid===false) {
+			$this->login();
+		} else {
+			$username = $mm->getUsername($uid);
+			$this->showView('auth/index',
+			                array('username'=>$username));
+		}
+	}
+	private function badrequest() {
+		$this->showView('auth/badrequest');
+	}
+}
diff --git a/src/controllers/Http404.class.php b/src/controllers/Http404.class.php
new file mode 100644
index 0000000..322feaa
--- /dev/null
+++ b/src/controllers/Http404.class.php
@@ -0,0 +1,7 @@
+<?php
+
+class Http404 extends Controller {
+	public function index($routed, $remainder) {
+		$this->http404($routed, $remainder);
+	}
+}
diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
new file mode 100644
index 0000000..617c57a
--- /dev/null
+++ b/src/controllers/Users.class.php
@@ -0,0 +1,291 @@
+<?php
+
+Router::register('users/new'  , 'Users', 'new_user');
+Router::register('users/index', 'Users', 'index_file');
+Router::register('users'      , 'Users', 'index_dir');
+Router::register('users/*'    , 'Users', 'individual');
+
+class Users extends Controller {
+	public static $illegal_names = array('', 'new', 'index');
+	
+	/**
+	 * Handle GETing the new user form.
+	 * 
+	 * I would have named this `new', but that's a keyword.
+	 */
+	public function new_user($routed, $vars) {
+		// since there will never be a remainder to `users/new', we can
+		// use that parameter to pass in some data.
+		$this->showView('users/new', $vars);
+	}
+	
+	public function index($routed, $remainder) {
+		return $this->index_dir($routed, $remainder);
+	}
+	
+	/**
+	 * Handle POSTing a new user, or GETing the index.
+	 */
+	public function index_dir($routed, $remainder) {
+		$method = $_SERVER['REQUEST_METHOD'];
+		switch ($method) {
+		case 'POST':
+			// We're POSTing a new user.
+			$this->create_user();
+			break;
+		case 'HEAD': // fall-through to GET
+		case 'GET':
+			// We're GETing the index.
+			$this->show_index($routed, $remainder);
+			break;
+		}
+	}
+	
+	/**
+	 * Handle PUTing an updated user index, or GETing the index.
+	 */
+	public function index_file($routed, $remainder) {
+		$method = $_SERVER['REQUEST_METHOD'];
+		switch ($method) {
+		case 'PUT': $_POST = $_PUT;
+		case 'POST':
+			// We're PUTing an updated user index.
+			$this->update_users();
+			break;
+		}
+		$this->show_index($routed, $remainder);
+	}
+
+
+	public function individual($routed, $remainder) {
+		$username = implode('/', $remainder);
+		
+		global $mm;
+		$uid = $mm->getUID($username);
+		if ($mm->getStatus($uid)===3) $uid = false; // ignore groups.
+		
+		if ($uid===false) {
+			$this->http404($routed, $remainder);
+		} else {
+			$user = $mm->getAuthObj($uid);
+			if (!$user->canRead()) {
+				$this->http401($routed, $remainder);
+				exit();
+			}
+			
+			$vars = array();
+			$method = $_SERVER['REQUEST_METHOD'];
+			switch ($method) {
+			case 'PUT': $_POST = $_PUT;
+			case 'POST':
+				// We're PUTing updated user info.
+				if ($user->canEdit()) {
+					$vars = $this->update_user($user);
+				}
+			break;
+			}
+			$vars['user'] = $user;
+			$vars['groups'] = $mm->listGroupNames();
+			$this->showView('users/individual', $vars);
+		}
+	}
+	
+	public function http404($routed, $remainder) {
+		$username = implode('/', $remainder);
+		$this->showView('users/404',
+		                array('username'=>$username));
+	}
+
+	public function http401($routed, $remainder) {
+		global $mm;
+		$this->showView('users/401', array('uid'=>$mm->isLoggedIn()));
+	}
+
+	/**
+	 * This will parse POST data to create a new user.
+	 * If successfull it will show a message saying so.
+	 * If not successfull, it will re-show the new-user form with errors
+	 * explained.
+	 */
+	private function create_user() {
+		$vars = array();
+		@$vars['username' ] = $_POST['auth_name'];			
+		@$vars['password1'] = $_POST['auth_password'       ];
+		@$vars['password2'] = $_POST['auth_password_verify'];
+		
+		global $mm;
+		$vars['errors'] = array();
+		if ($mm->getUID($vars['username'])!==false)
+			$vars['errors'][] = 'user exists';
+		if (in_array($vars['username'], $this->illegal_names))
+			$vars['errors'] = 'illegal name';
+		$matches = ($vars['password1'] == $vars['password2']);
+		if (!$matches)
+			$vars['errors'] = 'pw mixmatch';
+		if ($matches && $password2 == '')
+			$vars['errors'] = 'no pw';
+
+		if (count($vars['errors']) > 0) {
+			$this->new_user($routed, $vars);
+		} else {
+			$username = $vars['username'];
+			$passowrd = $vars['password1'];
+			$uid = $mm->addUser($username, $password);
+			if ($uid===false) {
+				$this->showView('users/500');
+			} else {
+				$mm->login($username, $password);
+				$this->showView('users/created',
+				                array('username'=>$username));
+			}
+		}
+	}	
+
+	/**
+	 * This will parse POST (really, PUT) data to update a single user
+	 */
+	private function update_user($user) {
+		$vars = array();
+		
+		$username = $user->getName();
+		// Change the username /////////////////////////////////////////
+		if (isset($_POST['auth_name'])) {
+			$new_name = $_POST['auth_name'];
+			if ($new_name != $username) {
+				if (!in_array($new_name, $this->illegal_names)) {
+					$changed_name = $user->setName($new_name);
+					$username = $user->getName();
+					$vars['changed name'] = $changed_name;
+				}
+			}
+		}
+		
+		// Change the password /////////////////////////////////////////
+		@$password1 = $_POST['auth_password'          ];
+		@$password2 = $_POST['auth_password'.'_verify'];
+		
+		// Check the verify box, not main box, so that we don't get
+		// tripped by browsers annoyingly autocompleting the password.
+		$is_set = ($password2 != '');
+		
+		if ($is_set) {
+			$matches = ( $password1 == $password2 );
+			if ($matches) {
+				$user->setPassword($password1);
+				$vars['pw updated'] = true;
+			} else {
+				$vars['pw mixmatch'] = true;
+			}
+		}
+		
+		// Change information //////////////////////////////////////////
+		$this->confText($user, 'firstname');
+		$this->confText($user, 'lastname');
+		$this->confText($user, 'hsclass');
+		
+		// Change contact info /////////////////////////////////////////
+		global $CONTACT_METHODS;
+		foreach ($CONTACT_METHODS as $method) {
+			$this->confText($user, $method->addr_slug);
+		}
+		$this->confArray($user, 'use');
+		
+		// Change groups ///////////////////////////////////////////////
+		$this->confArray($user, 'groups');
+
+		return $vars;
+	}
+
+	private function confArray($user, $key) {
+		if (isset($_POST[$key]) && is_array($_POST[$key])) {
+			$user->setConfArray($key, $_POST[$key]);
+		}
+	}
+
+	private function confText($user, $name) {
+		if (isset($_POST["user_$name"])) {
+			$user->setConf($name, $_POST["user_$name"]);
+		}
+	}
+
+
+	/**
+	 * This will parse POST (really, PUT) data to update multiple users.
+	 */
+	private function update_users() {
+		// TODO
+	}
+	
+	/**
+	 * This will show the user index.
+	 */
+	private function show_index($routed, $remainder) {
+		global $mm;
+		
+		$logged_in_user = $mm->getAuthObj($mm->isLoggedIn());
+		if (!$logged_in_user->isUser()) {
+			$this->http401($routed, $remainder);
+			exit();
+		}
+		
+		$vars = array();
+		$vars['attribs'] = $this->getIndexAttribs();
+		$vars['users'] = array();
+		$uids = $mm->listUsers();
+		foreach ($uids as $uid) {
+			$user = $mm->getAuthObj($uid);
+			$vars['users'][$uid] = array();
+			foreach ($vars['attribs'] as $attrib) {
+				$key = $attrib['key'];
+				$props = $this->getConf($user, $key);
+				$vars['users'][$uid][$key] = $props;
+			}
+		}
+		$this->showView('users/index', $vars);
+	}
+	
+	private function getConf($user, $key) {
+		global $mm;
+		$logged_in_user = $mm->getAuthObj($mm->isLoggedIn());
+		$uid = $user->getUID();
+		$post_key = $key."[$uid]";
+		@$value = $_POST[$post_key];
+		$editable = $user->canEdit();
+		
+		switch ($key) {
+		case 'auth_name':
+			$value = $user->getName();
+			break;
+		case 'auth_user':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isUser();
+			break;
+		case 'auth_admin':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isAdmin();
+			break;
+		default: 
+			$value = $user->getConf($key);
+			break;
+		}
+		
+		return array('value'=>$value,
+		             'post_key'=>$post_key,
+		             'editable'=>$editable);
+	}
+
+	function attrib($key, $name) {
+		return array('key'=>$key, 'name'=>$name);
+	}
+	private function getIndexAttribs() {
+		$attribs = array($this->attrib('auth_user', 'Active'),
+		                 $this->attrib('lastname','Last'),
+		                 $this->attrib('firstname','First'),
+		                 $this->attrib('hsclass','Class of'),
+		                 $this->attrib('phone','Phone number'),
+		                 $this->attrib('email','Email'),
+		                 $this->attrib('auth_name', 'Username'),
+		                 );
+		return $attrib;
+	}
+}
-- 
cgit v1.2.3