2015-05-05 03:00:01 +02:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
|
2015-05-15 00:07:45 +02:00
|
|
|
// ============================================================================
|
|
|
|
// Functions
|
|
|
|
// ============================================================================
|
|
|
|
|
2015-05-05 03:00:01 +02:00
|
|
|
function editUser($args)
|
|
|
|
{
|
|
|
|
global $dbUsers;
|
2015-07-20 05:14:12 +02:00
|
|
|
global $Language;
|
2015-08-03 02:49:12 +02:00
|
|
|
|
2015-07-22 05:15:02 +02:00
|
|
|
if( $dbUsers->set($args) ) {
|
|
|
|
Alert::set($Language->g('The changes have been saved'));
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to edit the user.');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-10-19 00:45:58 +02:00
|
|
|
function setPassword($new, $confirm)
|
2015-07-22 05:15:02 +02:00
|
|
|
{
|
|
|
|
global $dbUsers;
|
|
|
|
global $Language;
|
|
|
|
|
2015-10-19 00:45:58 +02:00
|
|
|
if( ($new===$confirm) && !Text::isEmpty($new) )
|
2015-05-05 03:00:01 +02:00
|
|
|
{
|
2015-10-19 00:45:58 +02:00
|
|
|
if( $dbUsers->setPassword($new) ) {
|
2015-07-22 05:15:02 +02:00
|
|
|
Alert::set($Language->g('The changes have been saved'));
|
2015-05-05 03:00:01 +02:00
|
|
|
}
|
|
|
|
else {
|
2015-07-22 05:15:02 +02:00
|
|
|
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
|
2015-05-05 03:00:01 +02:00
|
|
|
}
|
|
|
|
}
|
2015-07-22 05:15:02 +02:00
|
|
|
else {
|
|
|
|
Alert::set($Language->g('The password and confirmation password do not match'));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function deleteUser($args, $deleteContent=false)
|
|
|
|
{
|
|
|
|
global $dbUsers;
|
|
|
|
global $dbPosts;
|
|
|
|
global $Language;
|
2015-10-19 00:45:58 +02:00
|
|
|
global $Login;
|
2015-07-22 05:15:02 +02:00
|
|
|
|
2015-07-23 03:45:54 +02:00
|
|
|
// The user admin cannot be deleted.
|
|
|
|
if($args['username']=='admin') {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-09-30 03:59:02 +02:00
|
|
|
// The editors cannot delete users.
|
|
|
|
if($Login->role()!=='admin') {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-07-22 05:15:02 +02:00
|
|
|
if($deleteContent) {
|
|
|
|
$dbPosts->deletePostsByUser($args['username']);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$dbPosts->linkPostsToUser($args['username'], 'admin');
|
|
|
|
}
|
|
|
|
|
|
|
|
if( $dbUsers->delete($args['username']) ) {
|
|
|
|
Alert::set($Language->g('User deleted'));
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to delete the user.');
|
2015-05-05 03:00:01 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-08-03 02:49:12 +02:00
|
|
|
// ============================================================================
|
|
|
|
// Main before POST
|
|
|
|
// ============================================================================
|
|
|
|
|
2015-05-15 00:07:45 +02:00
|
|
|
// ============================================================================
|
|
|
|
// POST Method
|
|
|
|
// ============================================================================
|
|
|
|
|
2015-05-05 03:00:01 +02:00
|
|
|
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
|
|
|
{
|
2015-10-19 00:45:58 +02:00
|
|
|
// Prevent editors to administrate other users.
|
2015-05-15 00:07:45 +02:00
|
|
|
if($Login->role()!=='admin')
|
|
|
|
{
|
|
|
|
$_POST['username'] = $Login->username();
|
|
|
|
unset($_POST['role']);
|
|
|
|
}
|
|
|
|
|
2015-07-22 05:15:02 +02:00
|
|
|
if(isset($_POST['delete-user-all'])) {
|
|
|
|
deleteUser($_POST, true);
|
|
|
|
}
|
|
|
|
elseif(isset($_POST['delete-user-associate'])) {
|
|
|
|
deleteUser($_POST, false);
|
|
|
|
}
|
2015-10-19 00:45:58 +02:00
|
|
|
elseif( !empty($_POST['new-password']) && !empty($_POST['confirm-password']) ) {
|
|
|
|
setPassword($_POST['new-password'], $_POST['confirm-password']);
|
2015-07-22 05:15:02 +02:00
|
|
|
}
|
2015-10-19 00:45:58 +02:00
|
|
|
else {
|
2015-07-22 05:15:02 +02:00
|
|
|
editUser($_POST);
|
2015-05-05 03:00:01 +02:00
|
|
|
}
|
2015-05-15 00:07:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// ============================================================================
|
2015-08-03 02:49:12 +02:00
|
|
|
// Main after POST
|
2015-05-15 00:07:45 +02:00
|
|
|
// ============================================================================
|
|
|
|
|
|
|
|
if($Login->role()!=='admin') {
|
|
|
|
$layout['parameters'] = $Login->username();
|
2015-05-05 03:00:01 +02:00
|
|
|
}
|
|
|
|
|
2015-07-15 01:57:18 +02:00
|
|
|
$_user = $dbUsers->getDb($layout['parameters']);
|
2015-05-05 03:00:01 +02:00
|
|
|
|
|
|
|
// If the user doesn't exist, redirect to the users list.
|
2015-05-15 00:07:45 +02:00
|
|
|
if($_user===false) {
|
|
|
|
Redirect::page('admin', 'users');
|
|
|
|
}
|
|
|
|
|
2015-05-31 03:06:55 +02:00
|
|
|
$_user['username'] = $layout['parameters'];
|