bludit/admin/controllers/edit-user.php

118 lines
2.8 KiB
PHP
Raw Normal View History

2015-05-05 03:00:01 +02:00
<?php defined('BLUDIT') or die('Bludit CMS.');
2015-05-15 00:07:45 +02:00
// ============================================================================
// Functions
// ============================================================================
2015-05-05 03:00:01 +02:00
function editUser($args)
{
global $dbUsers;
2015-07-20 05:14:12 +02:00
global $Language;
2015-08-03 02:49:12 +02:00
2015-07-22 05:15:02 +02:00
if( $dbUsers->set($args) ) {
Alert::set($Language->g('The changes have been saved'));
}
else {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to edit the user.');
}
}
function setPassword($args)
{
global $dbUsers;
global $Language;
if( ($args['password']===$args['confirm-password']) && !Text::isEmpty($args['password']) )
2015-05-05 03:00:01 +02:00
{
2015-07-22 05:15:02 +02:00
if( $dbUsers->setPassword($args) ) {
Alert::set($Language->g('The changes have been saved'));
2015-05-05 03:00:01 +02:00
}
else {
2015-07-22 05:15:02 +02:00
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
2015-05-05 03:00:01 +02:00
}
}
2015-07-22 05:15:02 +02:00
else {
Alert::set($Language->g('The password and confirmation password do not match'));
return false;
}
}
function deleteUser($args, $deleteContent=false)
{
global $dbUsers;
global $dbPosts;
global $Language;
2015-07-23 03:45:54 +02:00
// The user admin cannot be deleted.
if($args['username']=='admin') {
return false;
}
2015-09-30 03:59:02 +02:00
// The editors cannot delete users.
if($Login->role()!=='admin') {
return false;
}
2015-07-22 05:15:02 +02:00
if($deleteContent) {
$dbPosts->deletePostsByUser($args['username']);
}
else {
$dbPosts->linkPostsToUser($args['username'], 'admin');
}
if( $dbUsers->delete($args['username']) ) {
Alert::set($Language->g('User deleted'));
}
else {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to delete the user.');
2015-05-05 03:00:01 +02:00
}
}
2015-08-03 02:49:12 +02:00
// ============================================================================
// Main before POST
// ============================================================================
2015-05-15 00:07:45 +02:00
// ============================================================================
// POST Method
// ============================================================================
2015-05-05 03:00:01 +02:00
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
2015-07-22 05:15:02 +02:00
// Prevent editors users to administrate other users.
2015-05-15 00:07:45 +02:00
if($Login->role()!=='admin')
{
$_POST['username'] = $Login->username();
unset($_POST['role']);
}
2015-07-22 05:15:02 +02:00
if(isset($_POST['delete-user-all'])) {
deleteUser($_POST, true);
}
elseif(isset($_POST['delete-user-associate'])) {
deleteUser($_POST, false);
}
elseif(isset($_POST['change-password'])) {
setPassword($_POST);
}
elseif(isset($_POST['edit-user'])) {
editUser($_POST);
2015-05-05 03:00:01 +02:00
}
2015-05-15 00:07:45 +02:00
}
// ============================================================================
2015-08-03 02:49:12 +02:00
// Main after POST
2015-05-15 00:07:45 +02:00
// ============================================================================
if($Login->role()!=='admin') {
$layout['parameters'] = $Login->username();
2015-05-05 03:00:01 +02:00
}
2015-07-15 01:57:18 +02:00
$_user = $dbUsers->getDb($layout['parameters']);
2015-05-05 03:00:01 +02:00
// If the user doesn't exist, redirect to the users list.
2015-05-15 00:07:45 +02:00
if($_user===false) {
Redirect::page('admin', 'users');
}
2015-05-31 03:06:55 +02:00
$_user['username'] = $layout['parameters'];