| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: controller.php 15176 2010-03-04 21:49:55Z ian $ 4 * @package Joomla 5 * @subpackage Users 6 * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 15 // no direct access 16 defined( '_JEXEC' ) or die( 'Restricted access' ); 17 18 jimport('joomla.application.component.controller'); 19 20 /** 21 * Users Component Controller 22 * 23 * @package Joomla 24 * @subpackage Users 25 * @since 1.5 26 */ 27 class UsersController extends JController 28 { 29 /** 30 * Constructor 31 * 32 * @params array Controller configuration array 33 */ 34 function __construct($config = array()) 35 { 36 parent::__construct($config); 37 38 // Register Extra tasks 39 $this->registerTask( 'add' , 'display' ); 40 $this->registerTask( 'edit' , 'display' ); 41 $this->registerTask( 'apply', 'save' ); 42 $this->registerTask( 'flogout', 'logout'); 43 $this->registerTask( 'unblock', 'block' ); 44 } 45 46 /** 47 * Displays a view 48 */ 49 function display( ) 50 { 51 switch($this->getTask()) 52 { 53 case 'add' : 54 { JRequest::setVar( 'hidemainmenu', 1 ); 55 JRequest::setVar( 'layout', 'form' ); 56 JRequest::setVar( 'view', 'user' ); 57 JRequest::setVar( 'edit', false ); 58 } break; 59 case 'edit' : 60 { 61 JRequest::setVar( 'hidemainmenu', 1 ); 62 JRequest::setVar( 'layout', 'form' ); 63 JRequest::setVar( 'view', 'user' ); 64 JRequest::setVar( 'edit', true ); 65 } break; 66 } 67 68 parent::display(); 69 } 70 71 /** 72 * Saves the record 73 */ 74 function save() 75 { 76 global $mainframe; 77 78 // Check for request forgeries 79 JRequest::checkToken() or jexit( 'Invalid Token' ); 80 81 $option = JRequest::getCmd( 'option'); 82 83 // Initialize some variables 84 $db = & JFactory::getDBO(); 85 $me = & JFactory::getUser(); 86 $acl =& JFactory::getACL(); 87 $MailFrom = $mainframe->getCfg('mailfrom'); 88 $FromName = $mainframe->getCfg('fromname'); 89 $SiteName = $mainframe->getCfg('sitename'); 90 91 // Create a new JUser object 92 $user = new JUser(JRequest::getVar( 'id', 0, 'post', 'int')); 93 $original_gid = $user->get('gid'); 94 95 $post = JRequest::get('post'); 96 $post['username'] = JRequest::getVar('username', '', 'post', 'username'); 97 $post['password'] = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW); 98 $post['password2'] = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW); 99 100 if (!$user->bind($post)) 101 { 102 $mainframe->enqueueMessage(JText::_('CANNOT SAVE THE USER INFORMATION'), 'message'); 103 $mainframe->enqueueMessage($user->getError(), 'error'); 104 //$mainframe->redirect( 'index.php?option=com_users', $user->getError() ); 105 //return false; 106 return $this->execute('edit'); 107 } 108 109 $objectID = $acl->get_object_id( 'users', $user->get('id'), 'ARO' ); 110 $groups = $acl->get_object_groups( $objectID, 'ARO' ); 111 $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) ); 112 113 114 if ( $user->get('id') == $me->get( 'id' ) && $user->get('block') == 1 ) 115 { 116 $msg = JText::_( 'You cannot block Yourself!' ); 117 $mainframe->enqueueMessage($msg, 'message'); 118 return $this->execute('edit'); 119 } 120 else if ( ( $this_group == 'super administrator' ) && $user->get('block') == 1 ) { 121 $msg = JText::_( 'You cannot block a Super Administrator' ); 122 $mainframe->enqueueMessage($msg, 'message'); 123 return $this->execute('edit'); 124 } 125 else if ( ( $this_group == 'administrator' ) && ( $me->get( 'gid' ) == 24 ) && $user->get('block') == 1 ) 126 { 127 $msg = JText::_( 'WARNBLOCK' ); 128 $mainframe->enqueueMessage($msg, 'message'); 129 return $this->execute('edit'); 130 } 131 else if ( ( $this_group == 'super administrator' ) && ( $me->get( 'gid' ) != 25 ) ) 132 { 133 $msg = JText::_( 'You cannot edit a super administrator account' ); 134 $mainframe->enqueueMessage($msg, 'message'); 135 return $this->execute('edit'); 136 } 137 // Are we dealing with a new user which we need to create? 138 $isNew = ($user->get('id') < 1); 139 if (!$isNew) 140 { 141 // if group has been changed and where original group was a Super Admin 142 if ( $user->get('gid') != $original_gid && $original_gid == 25 ) 143 { 144 // count number of active super admins 145 $query = 'SELECT COUNT( id )' 146 . ' FROM #__users' 147 . ' WHERE gid = 25' 148 . ' AND block = 0' 149 ; 150 $db->setQuery( $query ); 151 $count = $db->loadResult(); 152 153 if ( $count <= 1 ) 154 { 155 // disallow change if only one Super Admin exists 156 $this->setRedirect( 'index.php?option=com_users', JText::_('WARN_ONLY_SUPER') ); 157 return false; 158 } 159 } 160 } 161 162 /* 163 * Lets save the JUser object 164 */ 165 if (!$user->save()) 166 { 167 168 $mainframe->enqueueMessage(JText::_('CANNOT SAVE THE USER INFORMATION'), 'message'); 169 $mainframe->enqueueMessage($user->getError(), 'error'); 170 return $this->execute('edit'); 171 } 172 173 /* 174 * Time for the email magic so get ready to sprinkle the magic dust... 175 */ 176 if ($isNew) 177 { 178 $adminEmail = $me->get('email'); 179 $adminName = $me->get('name'); 180 181 $subject = JText::_('NEW_USER_MESSAGE_SUBJECT'); 182 $message = sprintf ( JText::_('NEW_USER_MESSAGE'), $user->get('name'), $SiteName, JURI::root(), $user->get('username'), $user->password_clear ); 183 184 if ($MailFrom != '' && $FromName != '') 185 { 186 $adminName = $FromName; 187 $adminEmail = $MailFrom; 188 } 189 JUtility::sendMail( $adminEmail, $adminName, $user->get('email'), $subject, $message ); 190 } 191 192 // If updating self, load the new user object into the session 193 if ($user->get('id') == $me->get('id')) 194 { 195 // Get an ACL object 196 $acl = &JFactory::getACL(); 197 198 // Get the user group from the ACL 199 $grp = $acl->getAroGroup($user->get('id')); 200 201 // Mark the user as logged in 202 $user->set('guest', 0); 203 $user->set('aid', 1); 204 205 // Fudge Authors, Editors, Publishers and Super Administrators into the special access group 206 if ($acl->is_group_child_of($grp->name, 'Registered') || 207 $acl->is_group_child_of($grp->name, 'Public Backend')) { 208 $user->set('aid', 2); 209 } 210 211 // Set the usertype based on the ACL group name 212 $user->set('usertype', $grp->name); 213 214 $session = &JFactory::getSession(); 215 $session->set('user', $user); 216 } 217 218 switch ( $this->getTask() ) 219 { 220 case 'apply': 221 $msg = JText::sprintf( 'Successfully Saved changes to User', $user->get('name') ); 222 $this->setRedirect( 'index.php?option=com_users&view=user&task=edit&cid[]='. $user->get('id'), $msg ); 223 break; 224 225 case 'save': 226 default: 227 $msg = JText::sprintf( 'Successfully Saved User', $user->get('name') ); 228 $this->setRedirect( 'index.php?option=com_users', $msg ); 229 break; 230 } 231 } 232 233 /** 234 * Removes the record(s) from the database 235 */ 236 function remove() 237 { 238 // Check for request forgeries 239 JRequest::checkToken() or jexit( 'Invalid Token' ); 240 241 $db =& JFactory::getDBO(); 242 $currentUser =& JFactory::getUser(); 243 $acl =& JFactory::getACL(); 244 $cid = JRequest::getVar( 'cid', array(), '', 'array' ); 245 246 JArrayHelper::toInteger( $cid ); 247 248 if (count( $cid ) < 1) { 249 JError::raiseError(500, JText::_( 'Select a User to delete', true ) ); 250 } 251 252 foreach ($cid as $id) 253 { 254 // check for a super admin ... can't delete them 255 $objectID = $acl->get_object_id( 'users', $id, 'ARO' ); 256 $groups = $acl->get_object_groups( $objectID, 'ARO' ); 257 $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) ); 258 259 $success = false; 260 if ( $this_group == 'super administrator' ) 261 { 262 $msg = JText::_( 'You cannot delete a Super Administrator' ); 263 } 264 else if ( $id == $currentUser->get( 'id' ) ) 265 { 266 $msg = JText::_( 'You cannot delete Yourself!' ); 267 } 268 else if ( ( $this_group == 'administrator' ) && ( $currentUser->get( 'gid' ) == 24 ) ) 269 { 270 $msg = JText::_( 'WARNDELETE' ); 271 } 272 else 273 { 274 $user =& JUser::getInstance((int)$id); 275 $count = 2; 276 277 if ( $user->get( 'gid' ) == 25 ) 278 { 279 // count number of active super admins 280 $query = 'SELECT COUNT( id )' 281 . ' FROM #__users' 282 . ' WHERE gid = 25' 283 . ' AND block = 0' 284 ; 285 $db->setQuery( $query ); 286 $count = $db->loadResult(); 287 } 288 289 if ( $count <= 1 && $user->get( 'gid' ) == 25 ) 290 { 291 // cannot delete Super Admin where it is the only one that exists 292 $msg = "You cannot delete this Super Administrator as it is the only active Super Administrator for your site"; 293 } 294 else 295 { 296 // delete user 297 $user->delete(); 298 $msg = ''; 299 300 JRequest::setVar( 'task', 'remove' ); 301 JRequest::setVar( 'cid', $id ); 302 303 // delete user acounts active sessions 304 $this->logout(); 305 } 306 } 307 } 308 309 $this->setRedirect( 'index.php?option=com_users', $msg); 310 } 311 312 /** 313 * Cancels an edit operation 314 */ 315 function cancel( ) 316 { 317 $this->setRedirect( 'index.php?option=com_users' ); 318 } 319 320 /** 321 * Disables the user account 322 */ 323 function block( ) 324 { 325 // Check for request forgeries 326 JRequest::checkToken() or jexit( 'Invalid Token' ); 327 328 $db =& JFactory::getDBO(); 329 $acl =& JFactory::getACL(); 330 $currentUser =& JFactory::getUser(); 331 332 $cid = JRequest::getVar( 'cid', array(), '', 'array' ); 333 $block = $this->getTask() == 'block' ? 1 : 0; 334 335 JArrayHelper::toInteger( $cid ); 336 337 if (count( $cid ) < 1) { 338 JError::raiseError(500, JText::_( 'Select a User to '.$this->getTask(), true ) ); 339 } 340 foreach ($cid as $id) 341 { 342 // check for a super admin ... can't delete them 343 $objectID = $acl->get_object_id( 'users', $id, 'ARO' ); 344 $groups = $acl->get_object_groups( $objectID, 'ARO' ); 345 $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) ); 346 347 $msg = ''; 348 $success = false; 349 if ( $this_group == 'super administrator' ) 350 { 351 $msg = JText::_( 'You cannot block a Super Administrator' ); 352 } 353 else if ( $id == $currentUser->get( 'id' ) ) 354 { 355 $msg = JText::_( 'You cannot block Yourself!' ); 356 } 357 else if ( ( $this_group == 'administrator' ) && ( $currentUser->get( 'gid' ) == 24 ) ) 358 { 359 $msg = JText::_( 'WARNBLOCK' ); 360 } 361 else 362 { 363 $user =& JUser::getInstance((int)$id); 364 $count = 2; 365 366 if ( $user->get( 'gid' ) == 25 ) 367 { 368 // count number of active super admins 369 $query = 'SELECT COUNT( id )' 370 . ' FROM #__users' 371 . ' WHERE gid = 25' 372 . ' AND block = 0' 373 ; 374 $db->setQuery( $query ); 375 $count = $db->loadResult(); 376 } 377 378 if ( $count <= 1 && $user->get( 'gid' ) == 25 ) 379 { 380 // cannot delete Super Admin where it is the only one that exists 381 $msg = "You cannot block this Super Administrator as it is the only active Super Administrator for your site"; 382 } 383 else 384 { 385 $user =& JUser::getInstance((int)$id); 386 $user->block = $block; 387 $user->save(); 388 389 if($block) 390 { 391 JRequest::setVar( 'task', 'block' ); 392 JRequest::setVar( 'cid', array($id) ); 393 394 // delete user acounts active sessions 395 $this->logout(); 396 } 397 } 398 } 399 } 400 401 $this->setRedirect( 'index.php?option=com_users', $msg); 402 } 403 404 /** 405 * Force log out a user 406 */ 407 function logout( ) 408 { 409 // Check for request forgeries 410 JRequest::checkToken() or jexit( 'Invalid Token' ); 411 412 global $mainframe; 413 414 $db =& JFactory::getDBO(); 415 $task = $this->getTask(); 416 $cids = JRequest::getVar( 'cid', array(), '', 'array' ); 417 $client = JRequest::getVar( 'client', 0, '', 'int' ); 418 $id = JRequest::getVar( 'id', 0, '', 'int' ); 419 420 JArrayHelper::toInteger($cids); 421 422 if ( count( $cids ) < 1 ) { 423 $this->setRedirect( 'index.php?option=com_users', JText::_( 'User Deleted' ) ); 424 return false; 425 } 426 427 foreach($cids as $cid) 428 { 429 $options = array(); 430 431 if ($task == 'logout' || $task == 'block') { 432 $options['clientid'][] = 0; //site 433 $options['clientid'][] = 1; //administrator 434 } else if ($task == 'flogout') { 435 $options['clientid'][] = $client; 436 } 437 438 $mainframe->logout((int)$cid, $options); 439 } 440 441 442 $msg = JText::_( 'User Session Ended' ); 443 switch ( $task ) 444 { 445 case 'flogout': 446 $this->setRedirect( 'index.php', $msg ); 447 break; 448 449 case 'remove': 450 case 'block': 451 return; 452 break; 453 454 default: 455 $this->setRedirect( 'index.php?option=com_users', $msg ); 456 break; 457 } 458 } 459 460 function contact() 461 { 462 $contact_id = JRequest::getVar( 'contact_id', '', 'post', 'int' ); 463 $this->setRedirect( 'index.php?option=com_contact&task=edit&cid[]='. $contact_id ); 464 } 465 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |