repositories / ssproject1617.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Daan is sweet to Kelley and delegates himself TestCMS code reflection
[ssproject1617.git] / testcms-final-anon / system / classes / users.php
1 <?php defined('IN_CMS') or die('No direct access allowed.');
2
3 class Users {
4
5 public static function authed() {
6 return Session::get('user');
7 }
8
9 public static function list_all($params = array()) {
10 $sql = "select * from users where 1 = 1";
11 $args = array();
12
13 if(isset($params['status'])) {
14 $sql .= " and status = ?";
15 $args[] = $params['status'];
16 }
17
18 if(isset($params['sortby'])) {
19 $sql .= " order by " . $params['sortby'];
20
21 if(isset($params['sortmode'])) {
22 $sql .= " " . $params['sortmode'];
23 }
24 }
25
26 return new Items(Db::results($sql, $args));
27 }
28
29 public static function find($where = array()) {
30 $sql = "select * from users";
31 $args = array();
32
33 if(isset($where['hash'])) {
34 $sql .= " where md5(concat(`id`, `email`, `password`)) = " . $where['hash'] . " limit 1";
35
36 // reset clause
37 $where = array();
38 }
39
40 if(count($where)) {
41 $clause = array();
42 foreach($where as $key => $value) {
43 $clause[] = '`' . $key . '` = "' . $value . '"';
44 }
45 $sql .= " where " . implode(' and ', $clause);
46
47 }
48
49 return Db::row($sql, $args);
50 }
51
52
53 public static function login() {
54 // get posted data
55 $post = Input::post(array('user', 'pass', 'remember'));
56 $errors = array();
57
58 // remove white space
59 $post = array_map('trim', $post);
60
61 if(empty($post['user'])) {
62 $errors[] = 'Please enter your username';
63 }
64
65 if(empty($post['pass'])) {
66 $errors[] = 'Please enter your password';
67 }
68
69 if(empty($errors)) {
70 // find user
71 if($user = Users::find(array('username' => $post['user']))) {
72 // check password
73 if(crypt($post['pass'], $user->password) != $user->password) {
74 $errors[] = 'Incorrect details';
75 }
76 } else {
77 $errors[] = 'Incorrect details';
78 }
79 }
80
81 if(count($errors)) {
82 Notifications::set('error', $errors);
83 return false;
84 }
85
86 // if we made it this far that means we have a winner
87 Session::set('user', $user);
88
89 return true;
90 }
91
92 public static function logout() {
93 Session::forget('user');
94 }
95
96 public static function recover_password() {
97 $post = Input::post(array('email'));
98 $errors = array();
99
100 if(filter_var($post['email'], FILTER_VALIDATE_EMAIL) === false) {
101 $errors[] = 'Please enter a valid email address';
102 } else {
103 if(($user = static::find(array('email' => $post['email']))) === false) {
104 $errors[] = 'Account not found';
105 }
106 }
107
108 if(count($errors)) {
109 Notifications::set('error', $errors);
110 return false;
111 }
112
113 $hash = hash('md5', $user->id . $user->email . $user->password);
114 $link = Url::build(array(
115 'path' => Url::make('admin/users/reset/' . $hash)
116 ));
117
118 $subject = '[' . Config::get('metadata.sitename') . '] Password Reset';
119 $plain = 'You have requested to reset your password. To continue follow the link below. ' . $link;
120 $headers = array('From' => 'no-reply@' . Input::server('http_host'));
121
122 Email::send($user->email, $subject, $plain, $headers);
123
124 Notifications::set('notice', 'We have sent you an email to confirm your password change.');
125
126 return true;
127 }
128
129 public static function reset_password($id) {
130 $post = Input::post(array('password'));
131 $errors = array();
132
133 if(empty($post['password'])) {
134 $errors[] = 'Please enter a password';
135 }
136
137 if(count($errors)) {
138 Notifications::set('error', $errors);
139 return false;
140 }
141
142 $password = crypt($post['password']);
143
144 $sql = "update users set `password` = ? where id = ?";
145 Db::query($sql, array($password, $id));
146
147 Notifications::set('success', 'Your new password has been set');
148
149 return true;
150 }
151
152 public static function delete($id) {
153 Db::delete('users', array('id' => $id));
154
155 Notifications::set('success', 'User has been deleted');
156
157 return true;
158 }
159
160 public static function update($id) {
161 $post = Input::post(array('username', 'password', 'email', 'real_name', 'bio', 'status', 'role', 'delete'));
162 $errors = array();
163
164 // delete
165 if($post['delete'] !== false) {
166 return static::delete($id);
167 } else {
168 // remove it frm array
169 unset($post['delete']);
170 }
171
172 if(empty($post['username'])) {
173 $errors[] = 'Please enter a username';
174 } else {
175 if(($user = static::find(array('username' => $post['username']))) and $user->id != $id) {
176 $errors[] = 'Username is already being used';
177 }
178 }
179
180 if(filter_var($post['email'], FILTER_VALIDATE_EMAIL) === false) {
181 $errors[] = 'Please enter a valid email address';
182 }
183
184 if(empty($post['real_name'])) {
185 $errors[] = 'Please enter a display name';
186 }
187
188 if(strlen($post['password'])) {
189 // encrypt new password
190 $post['password'] = crypt($post['password']);
191 } else {
192 // remove it and leave it unchanged
193 unset($post['password']);
194 }
195
196 if(count($errors)) {
197 Notifications::set('error', $errors);
198 return false;
199 }
200
201 // format email
202 $post['email'] = strtolower(trim($post['email']));
203
204 // update record
205 Db::update('users', $post, array('id' => $id));
206
207 // update user session?
208 if(Users::authed()->id == $id) {
209 Session::set('user', static::find(array('id' => $id)));
210 }
211
212 Notifications::set('success', 'User has been updated');
213
214 return true;
215 }
216
217 public static function add() {
218 $post = Input::post(array('username', 'password', 'email', 'real_name', 'bio', 'status', 'role'));
219 $errors = array();
220
221 if(empty($post['username'])) {
222 $errors[] = 'Please enter a username';
223 } else {
224 if(static::find(array('username' => $post['username']))) {
225 $errors[] = 'Username is already being used';
226 }
227 }
228
229 if(empty($post['password'])) {
230 $errors[] = 'Please enter a password';
231 }
232
233 if(filter_var($post['email'], FILTER_VALIDATE_EMAIL) === false) {
234 $errors[] = 'Please enter a valid email address';
235 }
236
237 if(empty($post['real_name'])) {
238 $errors[] = 'Please enter a display name';
239 }
240
241 if(count($errors)) {
242 Notifications::set('error', $errors);
243 return false;
244 }
245
246 // encrypt password
247 $post['password'] = crypt($post['password']);
248
249 // format email
250 $post['email'] = strtolower(trim($post['email']));
251
252 // add record
253 Db::insert('users', $post);
254
255 Notifications::set('success', 'A new user has been added');
256
257 return true;
258 }
259
260 }