From dbeb76f57aab441e5e93dcb1919b0b442c889965 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 4 Oct 2011 14:42:59 -0700 Subject: Add the ability to close user registration. --- src/controllers/Users.class.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'src/controllers') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index a5d23fc..27efbcd 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -22,7 +22,12 @@ class Users extends Controller { switch ($method) { case 'POST': // We're POSTing a new user. - $this->create_user(); + if ($this->registrationOpen()) { + $this->create_user(); + } else { + $this->showView('users/new-locked', array()); + exit(); + } break; case 'HEAD': // fall-through to GET case 'GET': @@ -61,6 +66,10 @@ class Users extends Controller { $this->showView('users/new-logged-in', array()); exit(); } + if (!$this->registrationOpen()) { + $this->showView('users/new-locked', array()); + exit(); + } if (!isset($vars['errors'])) $vars['errors'] = array(); global $mm; $pm = $mm->pluginManager(); $vars['antispam_html'] = $pm->callHook('antispam_html'); @@ -404,4 +413,14 @@ class Users extends Controller { $attribs[] = $this->attrib('auth_name', 'Username'); return $attribs; } + + private function registrationOpen() { + global $mm; $db = $mm->database(); + $val = $db->getSysConf('registration_open'); + switch ($val) { + case 'true': return true; + case 'false': return false; + default: return true; + } + } } -- cgit v1.2.3-54-g00ecf From 2a71bacfc5536279bbc5e238fb6a07c03e85d12d Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 5 Oct 2011 00:18:51 -0400 Subject: Edit individual.html to allow showing multiple users at once. Add a hack to the Users.class controller to show all users for the "all" username. Mark "all" as forbiddent in the Auth.class model. --- src/controllers/Users.class.php | 54 +++++++++++++++++++------------ src/models/Auth.class.php | 6 ++-- src/views/pages/users/individual.html.php | 12 +++++-- 3 files changed, 46 insertions(+), 26 deletions(-) (limited to 'src/controllers') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index 27efbcd..170d25f 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -77,26 +77,34 @@ class Users extends Controller { } public function individual($routed, $remainder) { - $username = implode('/', $remainder); - global $mm; // also used for pluginmanager $db = $mm->database(); - $uid = $db->getUID($username); - $user = Auth::getObj($uid); - - if ($user->isGroup()) $uid = false; // ignore groups. - - if ($uid===false) { - $this->http404($routed, $remainder); + $pm = $mm->pluginManager(); + + $username = implode('/', $remainder); + if ($username == 'all') { + $uids = $db->listUsers(); } else { + $uids = array($db->getUID($username)); + } + + $vars = array(); + + if (count($uids)<2) { + $user = Auth::getObj($uid); + + if ($user->isGroup()) $uid = false; // ignore groups. + + if ($uid===false) { + $this->http404($routed, $remainder); + exit(); + } if (!$user->canRead()) { $this->http401($routed, $remainder); exit(); } - $vars = array(); $method = $_SERVER['REQUEST_METHOD']; - switch ($method) { case 'PUT': $_POST = $_PUT; case 'POST': @@ -106,19 +114,23 @@ class Users extends Controller { } break; } - - $config_options = array(); - $mm->pluginManager()->callHook('userConfig', &$config_options); - - $vars['config_options'] = $config_options; - $vars['user'] = $user; - $vars['groups'] = $db->listGroupNames(); - require_once('ContactMethod.class.php'); - $this->showView('users/individual', $vars); } + + $config_options = array(); + $pm->callHook('userConfig', &$config_options); + + $vars['users'] = array(); + foreach ($uids as $uid) { + $vars['users'][] = Auth::getObj($uid); + } + $vars['username'] = $username; + $vars['config_options'] = $config_options; + $vars['groups'] = $db->listGroupNames(); + require_once('ContactMethod.class.php'); + $this->showView('users/individual', $vars); } - public function http404($routed, $rnemainder) { + public function http404($routed, $remainder) { $username = implode('/', $remainder); $this->showView('users/404', array('username'=>$username)); diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php index 25570bf..b51aef9 100644 --- a/src/models/Auth.class.php +++ b/src/models/Auth.class.php @@ -26,12 +26,12 @@ class Auth { // Current rules: // * Not in "$illegal_names" // * Does not contain '.' - // * Less <256 characters - $illegal_names = array('', 'new', 'index'); + // * Fewer than 256 characters + $illegal_names = array('', 'new', 'index', 'all'); return true && (!in_array($name, $illegal_names)) && (strpos($name,'.')===false) - && (strlen($name)<=256); + && (strlen($name)<256); } protected $db = null; diff --git a/src/views/pages/users/individual.html.php b/src/views/pages/users/individual.html.php index c630515..39360b7 100644 --- a/src/views/pages/users/individual.html.php +++ b/src/views/pages/users/individual.html.php @@ -1,6 +1,7 @@ 1) { + $t->header("Users: $username"); +} else { + $t->header("User: $username"); +} + +foreach($users as $user) { $username = $user->getName(); -$t->header("User: $username"); $t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User $username (UID: ".$user->getUID().")"); @@ -136,4 +143,5 @@ if ($user->canEdit()) { $t->tag('input', array('type'=>'submit', 'value'=>'Save')); } $t->closeTag('form'); +} $t->footer(); -- cgit v1.2.3-54-g00ecf From e99a2ea7e361fdc5bab219bea6d9b967b5df486c Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 00:51:28 -0400 Subject: Add auth_uid as a parameter for forms in the Users controller. --- src/controllers/Users.class.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/controllers') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index 170d25f..a4403e3 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -359,6 +359,10 @@ class Users extends Controller { $editable = $user->canEdit(); switch ($key) { + case 'auth_uid': + $value = $user->getUID(); + $editable = false; + break; case 'auth_name': $value = $user->getName(); break; @@ -390,6 +394,8 @@ class Users extends Controller { $user = Auth::getObj($uid); switch ($key) { + case 'auth_uid': + break; case 'auth_name': $user->setName($value); break; -- cgit v1.2.3-54-g00ecf From 0fd0403876aacecfde74fca0641530875f09200f Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 03:25:12 -0400 Subject: Move Users->[gs]etConf into a new DB.class.php, add in some wrappers for equivalent stuff with plugin and system config. --- src/controllers/Users.class.php | 73 ++-------------------- src/lib/DB.class.php | 131 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+), 68 deletions(-) create mode 100644 src/lib/DB.class.php (limited to 'src/controllers') diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index a4403e3..54e4675 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -1,6 +1,7 @@ showView('users/500'); } else { Login::login($username, $password); - $this->setConf($uid, 'email', $vars['email']); + DB::set('users', $uid, 'email', $vars['email']); $this->showView('users/created', array('username'=>$username)); } @@ -284,8 +285,7 @@ class Users extends Controller { @$value_base = $old[$uid]; $we_changed_it = $value_base != $value; if ($we_changed_it) { - $user = Auth::getObj($uid); - $value_fork = $this->getConf($user,$key); + $value_fork = DB::get('users', $uid, $key); $value_fork = $value_fork['value']; if ($value_fork===false) $value_fork = 'false'; if ($value_fork===true) $value_fork = 'true'; @@ -305,7 +305,7 @@ class Users extends Controller { } } if ($doit) { - $this->setConf($uid, $key, $value); + DB::set('users', $uid, $key, $value); } if ($forked) { echo "
\n";
@@ -340,79 +340,16 @@ class Users extends Controller {
 		$vars['users'] = array();
 		$uids = $db->listUsers();
 		foreach ($uids as $uid) {
-			$user = Auth::getObj($uid);
 			$vars['users'][$uid] = array();
 			foreach ($vars['attribs'] as $attrib) {
 				$key = $attrib['key'];
-				$props = $this->getConf($user, $key);
+				$props = DB::get('users', $uid, $key);
 				$vars['users'][$uid][$key] = $props;
 			}
 		}
 		$this->showView('users/index', $vars);
 	}
-	
-	private function getConf($user, $key) {
-		$logged_in_user = Auth::getObj(Login::isLoggedIn());
-		$uid = $user->getUID();
-		$post_key = $key."[$uid]";
-		@$value = $_POST[$post_key];
-		$editable = $user->canEdit();
-		
-		switch ($key) {
-		case 'auth_uid':
-			$value = $user->getUID();
-			$editable = false;
-			break;
-		case 'auth_name':
-			$value = $user->getName();
-			break;
-		case 'auth_user':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isUser();
-			break;
-		case 'auth_admin':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isAdmin();
-			break;
-		case 'auth_delete':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = false;
-			break;
-		default:
-			$value = $user->getConf($key);
-			if ($value===false) $value='';
-			break;
-		}
 		
-		return array('value'=>$value,
-		             'post_key'=>$post_key,
-		             'editable'=>$editable);
-	}
-	private function setConf($uid, $key, $value) {
-		// So, this rocks because we don't have to check permissions,
-		// the User object does that.
-		$user = Auth::getObj($uid);
-		
-		switch ($key) {
-		case 'auth_uid':
-			break;
-		case 'auth_name':
-			$user->setName($value);
-			break;
-		case 'auth_user':
-			$user->setUser($value=='true');
-			break;
-		case 'auth_admin':
-			$user->setAdmin($value=='true');
-			break;
-		case 'auth_delete':
-			if ($value=='true') $user->delete();
-		default: 
-			$user->setConf($key, $value);
-			break;
-		}
-	}
-	
 	function attrib($key, $name) {
 		return array('key'=>$key, 'name'=>$name);
 	}
diff --git a/src/lib/DB.class.php b/src/lib/DB.class.php
new file mode 100644
index 0000000..9f14161
--- /dev/null
+++ b/src/lib/DB.class.php
@@ -0,0 +1,131 @@
+canEdit();
+		
+		switch ($key) {
+		case 'auth_uid':
+			$value = $user->getUID();
+			$editable = false;
+			break;
+		case 'auth_name':
+			$value = $user->getName();
+			break;
+		case 'auth_user':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isUser();
+			break;
+		case 'auth_admin':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isAdmin();
+			break;
+		case 'auth_delete':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = false;
+			break;
+		default:
+			$value = $user->getConf($key);
+			if ($value===false) $value='';
+			break;
+		}
+		
+		return array('value'=>$value,
+		             'post_key'=>$post_key,
+		             'editable'=>$editable);
+	}
+	private static function user_set($uid, $key, $value) {
+		$user = Auth::getObj($uid);
+		
+		switch ($key) {
+		case 'auth_uid':
+			return false;
+			break;
+		case 'auth_name':
+			return $user->setName($value);
+			break;
+		case 'auth_user':
+			return $user->setUser($value=='true');
+			break;
+		case 'auth_admin':
+			return $user->setAdmin($value=='true');
+			break;
+		case 'auth_delete':
+			if ($value=='true') return $user->delete();
+		default: 
+			return $user->setConf($key, $value);
+			break;
+		}
+	}
+	
+	private static function admin_get($plugin, $key) {
+		global $mm; $db = $mm->database();
+		$user = Auth::getObj(Login::isLoggedIn());
+		if ($user->isAdmin()) {
+			$editable = true;
+			switch ($plugin) {
+			case 'system':
+				$value = $db->getSysConf($key);
+				break;
+			default:
+				$value =  $db->getPluginConf($plugin, $key);
+				break;
+			}
+		} else {
+			$editable = false;
+			$value = false;
+		}
+		
+		return array('value'=>$value,
+		             'post_key'=>'to be implemented',// FIXME
+		             'editable'=>$editable);
+	}
+	private static function admin_set($plugin, $key, $value) {
+		global $mm; $db = $mm->database();
+		$user = Auth::getObj(Login::isLoggedIn());
+		if (!$user->isAdmin()) {
+			return false;
+		}
+		switch ($plugin) {
+		case 'system':
+			return $db->setSysConf($key, $value);
+		default:
+			return $db->setPluginConf($plugin, $key, $value);
+		}
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf