1 <?php
defined('IN_CMS') or die('No direct access allowed.');
5 public static function authed() {
6 return Session
::get('user');
9 public static function list_all($params = array()) {
10 $sql = "select * from users where 1 = 1";
13 if(isset($params['status'])) {
14 $sql .= " and status = ?";
15 $args[] = $params['status'];
18 if(isset($params['sortby'])) {
19 $sql .= " order by " . $params['sortby'];
21 if(isset($params['sortmode'])) {
22 $sql .= " " . $params['sortmode'];
26 return new Items(Db
::results($sql, $args));
29 public static function find($where = array()) {
30 $sql = "select * from users";
33 if(isset($where['hash'])) {
34 $sql .= " where md5(concat(`id`, `email`, `password`)) = " . $where['hash'] . " limit 1";
42 foreach($where as $key => $value) {
43 $clause[] = '`' . $key . '` = "' . $value . '"';
45 $sql .= " where " . implode(' and ', $clause);
49 return Db
::row($sql, $args);
53 public static function login() {
55 $post = Input
::post(array('user', 'pass', 'remember'));
59 $post = array_map('trim', $post);
61 if(empty($post['user'])) {
62 $errors[] = 'Please enter your username';
65 if(empty($post['pass'])) {
66 $errors[] = 'Please enter your password';
71 if($user = Users
::find(array('username' => $post['user']))) {
73 if(crypt($post['pass'], $user->password
) != $user->password
) {
74 $errors[] = 'Incorrect details';
77 $errors[] = 'Incorrect details';
82 Notifications
::set('error', $errors);
86 // if we made it this far that means we have a winner
87 Session
::set('user', $user);
92 public static function logout() {
93 Session
::forget('user');
96 public static function recover_password() {
97 $post = Input
::post(array('email'));
100 if(filter_var($post['email'], FILTER_VALIDATE_EMAIL
) === false) {
101 $errors[] = 'Please enter a valid email address';
103 if(($user = static::find(array('email' => $post['email']))) === false) {
104 $errors[] = 'Account not found';
109 Notifications
::set('error', $errors);
113 $hash = hash('md5', $user->id
. $user->email
. $user->password
);
114 $link = Url
::build(array(
115 'path' => Url
::make('admin/users/reset/' . $hash)
118 $subject = '[' . Config
::get('metadata.sitename') . '] Password Reset';
119 $plain = 'You have requested to reset your password. To continue follow the link below. ' . $link;
120 $headers = array('From' => 'no-reply@' . Input
::server('http_host'));
122 Email
::send($user->email
, $subject, $plain, $headers);
124 Notifications
::set('notice', 'We have sent you an email to confirm your password change.');
129 public static function reset_password($id) {
130 $post = Input
::post(array('password'));
133 if(empty($post['password'])) {
134 $errors[] = 'Please enter a password';
138 Notifications
::set('error', $errors);
142 $password = crypt($post['password']);
144 $sql = "update users set `password` = ? where id = ?";
145 Db
::query($sql, array($password, $id));
147 Notifications
::set('success', 'Your new password has been set');
152 public static function delete($id) {
153 Db
::delete('users', array('id' => $id));
155 Notifications
::set('success', 'User has been deleted');
160 public static function update($id) {
161 $post = Input
::post(array('username', 'password', 'email', 'real_name', 'bio', 'status', 'role', 'delete'));
165 if($post['delete'] !== false) {
166 return static::delete($id);
168 // remove it frm array
169 unset($post['delete']);
172 if(empty($post['username'])) {
173 $errors[] = 'Please enter a username';
175 if(($user = static::find(array('username' => $post['username']))) and $user->id
!= $id) {
176 $errors[] = 'Username is already being used';
180 if(filter_var($post['email'], FILTER_VALIDATE_EMAIL
) === false) {
181 $errors[] = 'Please enter a valid email address';
184 if(empty($post['real_name'])) {
185 $errors[] = 'Please enter a display name';
188 if(strlen($post['password'])) {
189 // encrypt new password
190 $post['password'] = crypt($post['password']);
192 // remove it and leave it unchanged
193 unset($post['password']);
197 Notifications
::set('error', $errors);
202 $post['email'] = strtolower(trim($post['email']));
205 Db
::update('users', $post, array('id' => $id));
207 // update user session?
208 if(Users
::authed()->id
== $id) {
209 Session
::set('user', static::find(array('id' => $id)));
212 Notifications
::set('success', 'User has been updated');
217 public static function add() {
218 $post = Input
::post(array('username', 'password', 'email', 'real_name', 'bio', 'status', 'role'));
221 if(empty($post['username'])) {
222 $errors[] = 'Please enter a username';
224 if(static::find(array('username' => $post['username']))) {
225 $errors[] = 'Username is already being used';
229 if(empty($post['password'])) {
230 $errors[] = 'Please enter a password';
233 if(filter_var($post['email'], FILTER_VALIDATE_EMAIL
) === false) {
234 $errors[] = 'Please enter a valid email address';
237 if(empty($post['real_name'])) {
238 $errors[] = 'Please enter a display name';
242 Notifications
::set('error', $errors);
247 $post['password'] = crypt($post['password']);
250 $post['email'] = strtolower(trim($post['email']));
253 Db
::insert('users', $post);
255 Notifications
::set('success', 'A new user has been added');