|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Handles user accounts |
|
5
|
|
|
* |
|
6
|
|
|
* @author Sam Stenvall <[email protected]> |
|
7
|
|
|
* @author Geoffrey Bonneville <[email protected]> |
|
8
|
|
|
* @copyright Copyright © Sam Stenvall 2013- |
|
9
|
|
|
* @license https://www.gnu.org/licenses/gpl.html The GNU General Public License v3.0 |
|
10
|
|
|
*/ |
|
11
|
|
|
class UserController extends ModelController |
|
12
|
|
|
{ |
|
13
|
|
|
|
|
14
|
|
|
/** |
|
15
|
|
|
* @inheritdoc |
|
16
|
|
|
*/ |
|
17
|
|
|
public function filters() |
|
18
|
|
|
{ |
|
19
|
|
|
return array_merge(parent::filters(), array( |
|
20
|
|
|
'accessControl', |
|
21
|
|
|
)); |
|
22
|
|
|
} |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* @inheritdoc |
|
26
|
|
|
*/ |
|
27
|
|
|
public function accessRules() |
|
28
|
|
|
{ |
|
29
|
|
|
return array_merge( |
|
30
|
|
|
array( |
|
31
|
|
|
array('allow', |
|
32
|
|
|
'actions'=>array('changePassword'), |
|
33
|
|
|
), |
|
34
|
|
|
array('allow', |
|
35
|
|
|
// Allow logged in users to update their own information |
|
36
|
|
|
'actions'=>array('update'), |
|
37
|
|
|
'expression'=>function($webUser) { |
|
38
|
|
|
return isset($_GET['id']) && $_GET['id'] == $webUser->id; |
|
39
|
|
|
} |
|
40
|
|
|
), |
|
41
|
|
|
array('allow', |
|
42
|
|
|
// Administrators can do anything |
|
43
|
|
|
'expression'=>function() { |
|
44
|
|
|
return Yii::app()->user->role == User::ROLE_ADMIN; |
|
45
|
|
|
}, |
|
46
|
|
|
), |
|
47
|
|
|
array('deny'), |
|
48
|
|
|
), parent::accessRules() |
|
49
|
|
|
); |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
/** |
|
53
|
|
|
* Updates a password |
|
54
|
|
|
*/ |
|
55
|
|
|
public function actionChangePassword() |
|
56
|
|
|
{ |
|
57
|
|
|
$model = new ChangePasswordForm(); |
|
58
|
|
|
|
|
59
|
|
|
if (isset($_POST['ChangePasswordForm'])) |
|
60
|
|
|
{ |
|
61
|
|
|
$model->attributes = $_POST['ChangePasswordForm']; |
|
62
|
|
|
|
|
63
|
|
|
if ($model->validate()) |
|
64
|
|
|
{ |
|
65
|
|
|
// Change the password |
|
66
|
|
|
$user = $this->loadModel(Yii::app()->user->id); |
|
67
|
|
|
$user->password = $model->newPassword; |
|
68
|
|
|
$user->save(); |
|
69
|
|
|
|
|
70
|
|
|
// Log and inform |
|
71
|
|
|
$this->log('"%s" updated his/her password', Yii::app()->user->name); |
|
72
|
|
|
Yii::app()->user->setFlash('success', Yii::t('User', 'Password successfully changed')); |
|
73
|
|
|
|
|
74
|
|
|
$this->redirect(array('user/update', 'id'=>$user->id)); |
|
75
|
|
|
} |
|
76
|
|
|
} |
|
77
|
|
|
|
|
78
|
|
|
$this->render('changePassword', array( |
|
79
|
|
|
'model'=>$model, |
|
80
|
|
|
)); |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* Creates a new user |
|
85
|
|
|
*/ |
|
86
|
|
|
public function actionCreate() |
|
87
|
|
|
{ |
|
88
|
|
|
$model = new User(); |
|
89
|
|
|
|
|
90
|
|
View Code Duplication |
if ($this->saveFromPost($model)) |
|
91
|
|
|
{ |
|
92
|
|
|
$this->log('"%s" created user "%s"', Yii::app()->user->name, |
|
93
|
|
|
$model->username); |
|
94
|
|
|
|
|
95
|
|
|
Yii::app()->user->setFlash('success', Yii::t('User', 'Created user {username}', |
|
96
|
|
|
array('{username}'=>'<em>'.$model->username.'</em>'))); |
|
97
|
|
|
|
|
98
|
|
|
$this->redirect(array('admin')); |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
$this->render('create', array( |
|
102
|
|
|
'model'=>$model, |
|
103
|
|
|
)); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
/** |
|
107
|
|
|
* Updates a user |
|
108
|
|
|
* @param int $id the user ID |
|
109
|
|
|
*/ |
|
110
|
|
|
public function actionUpdate($id) |
|
111
|
|
|
{ |
|
112
|
|
|
/* @var User $model */ |
|
113
|
|
|
$model = $this->loadModel($id); |
|
114
|
|
|
|
|
115
|
|
|
// Clear the password |
|
116
|
|
|
$password = $model->password; |
|
117
|
|
|
$model->password = ''; |
|
118
|
|
|
|
|
119
|
|
|
if (isset($_POST['User'])) |
|
120
|
|
|
{ |
|
121
|
|
|
$model->attributes = $_POST['User']; |
|
122
|
|
|
|
|
123
|
|
|
// Don't touch the password, it should only be changed through the change password action |
|
124
|
|
|
if (empty($model->password)) |
|
125
|
|
|
{ |
|
126
|
|
|
$model->inhibitPasswordHash(); |
|
127
|
|
|
$model->password = $password; |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
View Code Duplication |
if ($model->save()) |
|
|
|
|
|
|
131
|
|
|
{ |
|
132
|
|
|
$this->log('"%s" updated user "%s"', Yii::app()->user->name, |
|
133
|
|
|
$model->username); |
|
134
|
|
|
|
|
135
|
|
|
Yii::app()->user->setFlash('success', Yii::t('User', 'Updated user {username}', |
|
136
|
|
|
['{username}' => '<em>' . $model->username . '</em>'])); |
|
137
|
|
|
|
|
138
|
|
|
$this->refresh(); |
|
139
|
|
|
} |
|
140
|
|
|
} |
|
141
|
|
|
|
|
142
|
|
|
$this->render('update', array( |
|
143
|
|
|
'model'=>$model, |
|
144
|
|
|
)); |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
|
|
/** |
|
148
|
|
|
* Deletes a user |
|
149
|
|
|
* @param int $id the user ID |
|
150
|
|
|
*/ |
|
151
|
|
|
public function actionDelete($id) |
|
152
|
|
|
{ |
|
153
|
|
|
$model = $this->loadModel($id); |
|
154
|
|
|
$model->delete(); |
|
155
|
|
|
|
|
156
|
|
|
$this->log('"%s" deleted user "%s"', Yii::app()->user->name, |
|
157
|
|
|
$model->username); |
|
158
|
|
|
|
|
159
|
|
|
$this->redirectOnDelete(); |
|
160
|
|
|
} |
|
161
|
|
|
|
|
162
|
|
|
} |
|
163
|
|
|
|
Jalle19 /
xbmc-video-server
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.