summaryrefslogtreecommitdiff
path: root/includes/controller/users_controller.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/controller/users_controller.php')
-rw-r--r--includes/controller/users_controller.php694
1 files changed, 398 insertions, 296 deletions
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index 3825af7c..e8cb1b27 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -1,371 +1,473 @@
<?php
-use Engelsystem\ShiftsFilter;
+
+use Engelsystem\Database\DB;
use Engelsystem\ShiftCalendarRenderer;
+use Engelsystem\ShiftsFilter;
/**
* Route user actions.
+ *
+ * @return array
*/
-function users_controller() {
- global $user;
-
- if (! isset($user)) {
- redirect(page_link_to(''));
- }
-
- if (! isset($_REQUEST['action'])) {
- $_REQUEST['action'] = 'list';
- }
-
- switch ($_REQUEST['action']) {
- default:
- case 'list':
- return users_list_controller();
- case 'view':
- return user_controller();
- case 'edit':
- return user_edit_controller();
- case 'delete':
- return user_delete_controller();
- case 'edit_vouchers':
- return user_edit_vouchers_controller();
- }
+function users_controller()
+{
+ global $user;
+ $request = request();
+
+ if (!isset($user)) {
+ redirect(page_link_to(''));
+ }
+
+ $action = 'list';
+ if ($request->has('action')) {
+ $action = $request->input('action');
+ }
+
+ switch ($action) {
+ case 'view':
+ return user_controller();
+ case 'delete':
+ return user_delete_controller();
+ case 'edit_vouchers':
+ return user_edit_vouchers_controller();
+ case 'list':
+ default:
+ return users_list_controller();
+ }
}
/**
* Delete a user, requires to enter own password for reasons.
+ *
+ * @return array
*/
-function user_delete_controller() {
- global $privileges, $user;
-
- if (isset($_REQUEST['user_id'])) {
- $user_source = User($_REQUEST['user_id']);
- } else {
- $user_source = $user;
- }
-
- if (! in_array('admin_user', $privileges)) {
- redirect(page_link_to(''));
- }
-
- // You cannot delete yourself
- if ($user['UID'] == $user_source['UID']) {
- error(_("You cannot delete yourself."));
- redirect(user_link($user));
- }
-
- if (isset($_REQUEST['submit'])) {
- $valid = true;
-
- if (! (isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))) {
- $valid = false;
- error(_("Your password is incorrect. Please try it again."));
+function user_delete_controller()
+{
+ global $privileges, $user;
+ $request = request();
+
+ if ($request->has('user_id')) {
+ $user_source = User($request->query->get('user_id'));
+ } else {
+ $user_source = $user;
}
-
- if ($valid) {
- $result = User_delete($user_source['UID']);
- if ($result === false) {
- engelsystem_error('Unable to delete user.');
- }
-
- mail_user_delete($user_source);
- success(_("User deleted."));
- engelsystem_log(sprintf("Deleted %s", User_Nick_render($user_source)));
-
- redirect(users_link());
+
+ if (!in_array('admin_user', $privileges)) {
+ redirect(page_link_to(''));
}
- }
-
- return [
- sprintf(_("Delete %s"), $user_source['Nick']),
- User_delete_view($user_source)
- ];
+
+ // You cannot delete yourself
+ if ($user['UID'] == $user_source['UID']) {
+ error(_('You cannot delete yourself.'));
+ redirect(user_link($user));
+ }
+
+ if ($request->has('submit')) {
+ $valid = true;
+
+ if (
+ !(
+ $request->has('password')
+ && verify_password($request->postData('password'), $user['Passwort'], $user['UID'])
+ )
+ ) {
+ $valid = false;
+ error(_('Your password is incorrect. Please try it again.'));
+ }
+
+ if ($valid) {
+ User_delete($user_source['UID']);
+
+ mail_user_delete($user_source);
+ success(_('User deleted.'));
+ engelsystem_log(sprintf('Deleted %s', User_Nick_render($user_source)));
+
+ redirect(users_link());
+ }
+ }
+
+ return [
+ sprintf(_('Delete %s'), $user_source['Nick']),
+ User_delete_view($user_source)
+ ];
}
-function users_link() {
- return page_link_to('users');
+/**
+ * @return string
+ */
+function users_link()
+{
+ return page_link_to('users');
}
-function user_edit_link($user) {
- return page_link_to('admin_user') . '&user_id=' . $user['UID'];
+/**
+ * @param array $user
+ * @return string
+ */
+function user_edit_link($user)
+{
+ return page_link_to('admin_user', ['user_id' => $user['UID']]);
}
-function user_delete_link($user) {
- return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];
+/**
+ * @param array $user
+ * @return string
+ */
+function user_delete_link($user)
+{
+ return page_link_to('users', ['action' => 'delete', 'user_id' => $user['UID']]);
}
-function user_link($user) {
- return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
+/**
+ * @param array $user
+ * @return string
+ */
+function user_link($user)
+{
+ return page_link_to('users', ['action' => 'view', 'user_id' => $user['UID']]);
}
-function user_edit_vouchers_controller() {
- global $privileges, $user;
-
- if (isset($_REQUEST['user_id'])) {
- $user_source = User($_REQUEST['user_id']);
- } else {
- $user_source = $user;
- }
-
- if (! in_array('admin_user', $privileges)) {
- redirect(page_link_to(''));
- }
-
- if (isset($_REQUEST['submit'])) {
- $valid = true;
-
- if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) {
- $vouchers = trim($_REQUEST['vouchers']);
+/**
+ * @return array
+ */
+function user_edit_vouchers_controller()
+{
+ global $privileges, $user;
+ $request = request();
+
+ if ($request->has('user_id')) {
+ $user_source = User($request->input('user_id'));
} else {
- $valid = false;
- error(_("Please enter a valid number of vouchers."));
+ $user_source = $user;
}
-
- if ($valid) {
- $user_source['got_voucher'] = $vouchers;
-
- $result = User_update($user_source);
- if ($result === false) {
- engelsystem_error('Unable to update user.');
- }
-
- success(_("Saved the number of vouchers."));
- engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher']));
-
- redirect(user_link($user_source));
+
+ if (!in_array('admin_user', $privileges)) {
+ redirect(page_link_to(''));
}
- }
-
- return [
- sprintf(_("%s's vouchers"), $user_source['Nick']),
- User_edit_vouchers_view($user_source)
- ];
+
+ if ($request->has('submit')) {
+ $valid = true;
+
+ $vouchers = '';
+ if (
+ $request->has('vouchers')
+ && test_request_int('vouchers')
+ && trim($request->input('vouchers')) >= 0
+ ) {
+ $vouchers = trim($request->input('vouchers'));
+ } else {
+ $valid = false;
+ error(_('Please enter a valid number of vouchers.'));
+ }
+
+ if ($valid) {
+ $user_source['got_voucher'] = $vouchers;
+
+ User_update($user_source);
+
+ success(_('Saved the number of vouchers.'));
+ engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf('Got %s vouchers',
+ $user_source['got_voucher']));
+
+ redirect(user_link($user_source));
+ }
+ }
+
+ return [
+ sprintf(_('%s\'s vouchers'), $user_source['Nick']),
+ User_edit_vouchers_view($user_source)
+ ];
}
-function user_controller() {
- global $privileges, $user;
-
- $user_source = $user;
- if (isset($_REQUEST['user_id'])) {
- $user_source = User($_REQUEST['user_id']);
- if ($user_source == null) {
- error(_("User not found."));
- redirect('?');
+/**
+ * @return array
+ */
+function user_controller()
+{
+ global $privileges, $user;
+ $request = request();
+
+ $user_source = $user;
+ if ($request->has('user_id')) {
+ $user_source = User($request->input('user_id'));
+ if ($user_source == null) {
+ error(_('User not found.'));
+ redirect('?');
+ }
}
- }
-
- $shifts = Shifts_by_user($user_source, in_array("user_shifts_admin", $privileges));
- foreach ($shifts as &$shift) {
- // TODO: Move queries to model
- $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "' ORDER BY `AngelTypes`.`name`");
- foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
- $needed_angeltype['users'] = sql_select("
- SELECT `ShiftEntry`.`freeloaded`, `User`.*
- FROM `ShiftEntry`
- JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
- WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'
- AND `ShiftEntry`.`TID`='" . sql_escape($needed_angeltype['id']) . "'");
+
+ $shifts = Shifts_by_user($user_source, in_array('user_shifts_admin', $privileges));
+ foreach ($shifts as &$shift) {
+ // TODO: Move queries to model
+ $shift['needed_angeltypes'] = DB::select('
+ SELECT DISTINCT `AngelTypes`.*
+ FROM `ShiftEntry`
+ JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id`
+ WHERE `ShiftEntry`.`SID` = ?
+ ORDER BY `AngelTypes`.`name`
+ ',
+ [$shift['SID']]
+ );
+ foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
+ $needed_angeltype['users'] = DB::select('
+ SELECT `ShiftEntry`.`freeloaded`, `User`.*
+ FROM `ShiftEntry`
+ JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
+ WHERE `ShiftEntry`.`SID` = ?
+ AND `ShiftEntry`.`TID` = ?
+ ',
+ [$shift['SID'], $needed_angeltype['id']]
+ );
+ }
}
- }
-
- if ($user_source['api_key'] == "") {
- User_reset_api_key($user_source, false);
- }
-
- return [
- $user_source['Nick'],
- User_view($user_source, in_array('admin_user', $privileges), User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID'])
- ];
+
+ if ($user_source['api_key'] == '') {
+ User_reset_api_key($user_source, false);
+ }
+
+ return [
+ $user_source['Nick'],
+ User_view(
+ $user_source,
+ in_array('admin_user', $privileges),
+ User_is_freeloader($user_source),
+ User_angeltypes($user_source),
+ User_groups($user_source),
+ $shifts,
+ $user['UID'] == $user_source['UID']
+ )
+ ];
}
/**
* List all users.
+ *
+ * @return array
*/
-function users_list_controller() {
- global $privileges;
-
- if (! in_array('admin_user', $privileges)) {
- redirect(page_link_to(''));
- }
-
- $order_by = 'Nick';
- if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) {
- $order_by = $_REQUEST['OrderBy'];
- }
-
- $users = Users($order_by);
- if ($users === false) {
- engelsystem_error('Unable to load users.');
- }
-
- foreach ($users as &$user) {
- $user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
- }
-
- return [
- _('All users'),
- Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count(), User_got_voucher_count())
- ];
+function users_list_controller()
+{
+ global $privileges;
+ $request = request();
+
+ if (!in_array('admin_user', $privileges)) {
+ redirect(page_link_to(''));
+ }
+
+ $order_by = 'Nick';
+ if ($request->has('OrderBy') && in_array($request->input('OrderBy'), User_sortable_columns())) {
+ $order_by = $request->input('OrderBy');
+ }
+
+ $users = Users($order_by);
+ foreach ($users as &$user) {
+ $user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
+ }
+
+ return [
+ _('All users'),
+ Users_view(
+ $users,
+ $order_by,
+ User_arrived_count(),
+ User_active_count(),
+ User_force_active_count(),
+ ShiftEntries_freeleaded_count(),
+ User_tshirts_count(),
+ User_got_voucher_count()
+ )
+ ];
}
/**
* Second step of password recovery: set a new password using the token link from email
+ *
+ * @return string
*/
-function user_password_recovery_set_new_controller() {
- global $min_password_length;
- $user_source = User_by_password_recovery_token($_REQUEST['token']);
- if ($user_source == null) {
- error(_("Token is not correct."));
- redirect(page_link_to('login'));
- }
-
- if (isset($_REQUEST['submit'])) {
- $valid = true;
-
- if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
- if ($_REQUEST['password'] != $_REQUEST['password2']) {
- $valid = false;
- error(_("Your passwords don't match."));
- }
- } else {
- $valid = false;
- error(_("Your password is to short (please use at least 6 characters)."));
+function user_password_recovery_set_new_controller()
+{
+ $request = request();
+ $user_source = User_by_password_recovery_token($request->input('token'));
+ if ($user_source == null) {
+ error(_('Token is not correct.'));
+ redirect(page_link_to('login'));
}
-
- if ($valid) {
- set_password($user_source['UID'], $_REQUEST['password']);
- success(_("Password saved."));
- redirect(page_link_to('login'));
+
+ if ($request->has('submit')) {
+ $valid = true;
+
+ if (
+ $request->has('password')
+ && strlen($request->postData('password')) >= config('min_password_length')
+ ) {
+ if ($request->postData('password') != $request->postData('password2')) {
+ $valid = false;
+ error(_('Your passwords don\'t match.'));
+ }
+ } else {
+ $valid = false;
+ error(_('Your password is to short (please use at least 6 characters).'));
+ }
+
+ if ($valid) {
+ set_password($user_source['UID'], $request->postData('password'));
+ success(_('Password saved.'));
+ redirect(page_link_to('login'));
+ }
}
- }
-
- return User_password_set_view();
+
+ return User_password_set_view();
}
/**
* First step of password recovery: display a form that asks for your email and send email with recovery link
+ *
+ * @return string
*/
-function user_password_recovery_start_controller() {
- if (isset($_REQUEST['submit'])) {
- $valid = true;
-
- if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
- $email = strip_request_item('email');
- if (check_email($email)) {
- $user_source = User_by_email($email);
- if ($user_source == null) {
- $valid = false;
- error(_("E-mail address is not correct."));
+function user_password_recovery_start_controller()
+{
+ $request = request();
+ if ($request->has('submit')) {
+ $valid = true;
+
+ if ($request->has('email') && strlen(strip_request_item('email')) > 0) {
+ $email = strip_request_item('email');
+ if (check_email($email)) {
+ $user_source = User_by_email($email);
+ if ($user_source == null) {
+ $valid = false;
+ error(_('E-mail address is not correct.'));
+ }
+ } else {
+ $valid = false;
+ error(_('E-mail address is not correct.'));
+ }
+ } else {
+ $valid = false;
+ error(_('Please enter your e-mail.'));
+ }
+
+ if ($valid) {
+ $token = User_generate_password_recovery_token($user_source);
+ engelsystem_email_to_user(
+ $user_source,
+ _('Password recovery'),
+ sprintf(
+ _('Please visit %s to recover your password.'),
+ page_link_to('user_password_recovery', ['token' => $token])
+ )
+ );
+ success(_('We sent an email containing your password recovery link.'));
+ redirect(page_link_to('login'));
}
- } else {
- $valid = false;
- error(_("E-mail address is not correct."));
- }
- } else {
- $valid = false;
- error(_("Please enter your e-mail."));
- }
-
- if ($valid) {
- $token = User_generate_password_recovery_token($user_source);
- engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
- success(_("We sent an email containing your password recovery link."));
- redirect(page_link_to('login'));
}
- }
-
- return User_password_recovery_view();
+
+ return User_password_recovery_view();
}
/**
* User password recovery in 2 steps.
* (By email)
+ *
+ * @return string
*/
-function user_password_recovery_controller() {
- if (isset($_REQUEST['token'])) {
- return user_password_recovery_set_new_controller();
- } else {
+function user_password_recovery_controller()
+{
+ if (request()->has('token')) {
+ return user_password_recovery_set_new_controller();
+ }
+
return user_password_recovery_start_controller();
- }
}
/**
* Menu title for password recovery.
+ *
+ * @return string
*/
-function user_password_recovery_title() {
- return _("Password recovery");
+function user_password_recovery_title()
+{
+ return _('Password recovery');
}
/**
* Loads a user from param user_id.
+ *
+ * return array
*/
-function load_user() {
- if (! isset($_REQUEST['user_id'])) {
- redirect(page_link_to());
- }
-
- $user = User($_REQUEST['user_id']);
- if ($user === false) {
- engelsystem_error("Unable to load user.");
- }
-
- if ($user == null) {
- error(_("User doesn't exist."));
- redirect(page_link_to());
- }
-
- return $user;
+function load_user()
+{
+ $request = request();
+ if (!$request->has('user_id')) {
+ redirect(page_link_to());
+ }
+
+ $user = User($request->input('user_id'));
+
+ if ($user == null) {
+ error(_('User doesn\'t exist.'));
+ redirect(page_link_to());
+ }
+
+ return $user;
}
-function shiftCalendarRendererByShiftFilter(ShiftsFilter $shiftsFilter) {
- $shifts = Shifts_by_ShiftsFilter($shiftsFilter);
- $needed_angeltypes_source = NeededAngeltypes_by_ShiftsFilter($shiftsFilter);
- $shift_entries_source = ShiftEntries_by_ShiftsFilter($shiftsFilter);
-
- $needed_angeltypes = [];
- $shift_entries = [];
- foreach ($shifts as $shift) {
- $needed_angeltypes[$shift['SID']] = [];
- $shift_entries[$shift['SID']] = [];
- }
- foreach ($shift_entries_source as $shift_entry) {
- if (isset($shift_entries[$shift_entry['SID']])) {
- $shift_entries[$shift_entry['SID']][] = $shift_entry;
+/**
+ * @param ShiftsFilter $shiftsFilter
+ * @return ShiftCalendarRenderer
+ */
+function shiftCalendarRendererByShiftFilter(ShiftsFilter $shiftsFilter)
+{
+ $shifts = Shifts_by_ShiftsFilter($shiftsFilter);
+ $needed_angeltypes_source = NeededAngeltypes_by_ShiftsFilter($shiftsFilter);
+ $shift_entries_source = ShiftEntries_by_ShiftsFilter($shiftsFilter);
+
+ $needed_angeltypes = [];
+ $shift_entries = [];
+ foreach ($shifts as $shift) {
+ $needed_angeltypes[$shift['SID']] = [];
+ $shift_entries[$shift['SID']] = [];
}
- }
- foreach ($needed_angeltypes_source as $needed_angeltype) {
- if (isset($needed_angeltypes[$needed_angeltype['SID']])) {
- $needed_angeltypes[$needed_angeltype['SID']][] = $needed_angeltype;
+ foreach ($shift_entries_source as $shift_entry) {
+ if (isset($shift_entries[$shift_entry['SID']])) {
+ $shift_entries[$shift_entry['SID']][] = $shift_entry;
+ }
}
- }
- unset($needed_angeltypes_source);
- unset($shift_entries_source);
-
- if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled())) {
- return new ShiftCalendarRenderer($shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
- }
-
- $filtered_shifts = [];
- foreach ($shifts as $shift) {
- $needed_angels_count = 0;
- foreach ($needed_angeltypes[$shift['SID']] as $needed_angeltype) {
- $taken = 0;
- foreach ($shift_entries[$shift['SID']] as $shift_entry) {
- if ($needed_angeltype['angel_type_id'] == $shift_entry['TID'] && $shift_entry['freeloaded'] == 0) {
- $taken ++;
+ foreach ($needed_angeltypes_source as $needed_angeltype) {
+ if (isset($needed_angeltypes[$needed_angeltype['SID']])) {
+ $needed_angeltypes[$needed_angeltype['SID']][] = $needed_angeltype;
}
- }
-
- $needed_angels_count += max(0, $needed_angeltype['count'] - $taken);
}
- if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && $taken < $needed_angels_count) {
- $filtered_shifts[] = $shift;
+ unset($needed_angeltypes_source);
+ unset($shift_entries_source);
+
+ if (
+ in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled())
+ && in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled())
+ ) {
+ return new ShiftCalendarRenderer($shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
}
- if (in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled()) && $taken >= $needed_angels_count) {
- $filtered_shifts[] = $shift;
+
+ $filtered_shifts = [];
+ foreach ($shifts as $shift) {
+ $needed_angels_count = 0;
+ $taken = 0;
+ foreach ($needed_angeltypes[$shift['SID']] as $needed_angeltype) {
+ $taken = 0;
+ foreach ($shift_entries[$shift['SID']] as $shift_entry) {
+ if ($needed_angeltype['angel_type_id'] == $shift_entry['TID'] && $shift_entry['freeloaded'] == 0) {
+ $taken++;
+ }
+ }
+
+ $needed_angels_count += max(0, $needed_angeltype['count'] - $taken);
+ }
+ if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && $taken < $needed_angels_count) {
+ $filtered_shifts[] = $shift;
+ }
+ if (in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled()) && $taken >= $needed_angels_count) {
+ $filtered_shifts[] = $shift;
+ }
}
- }
-
- return new ShiftCalendarRenderer($filtered_shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
-}
-?>
+ return new ShiftCalendarRenderer($filtered_shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
+}