isAdmin())
throw new NotAllowedException();
// Who are we, again?
$current_user = Registry::get('user');
$id_user = isset($_GET['id']) ? (int) $_GET['id'] : 0;
if (empty($id_user) && !isset($_GET['add']))
throw new UnexpectedValueException('Requested user not found or not requesting a new user.');
// Adding a user?
if (isset($_GET['add']))
{
parent::__construct('Add a new user');
$view = new DummyBox('Add a new user');
$this->page->adopt($view);
$this->page->addClass('edituser');
}
// Deleting one?
elseif (isset($_GET['delete']))
{
// Don't be stupid.
if ($current_user->getUserId() == $id_user)
trigger_error('Sorry, I cannot allow you to delete yourself.', E_USER_ERROR);
// So far so good?
$user = Member::fromId($id_user);
if (Session::validateSession('get') && $user->delete())
{
header('Location: ' . BASEURL . '/manageusers/');
exit;
}
else
trigger_error('Cannot delete user: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else
{
$user = Member::fromId($id_user);
parent::__construct('Edit user \'' . $user->getFullName() . '\'');
$view = new DummyBox('Edit user \'' . $user->getFullName() . '\'');
$this->page->adopt($view);
$this->page->addClass('edituser');
}
// Session checking!
if (empty($_POST))
Session::resetSessionToken();
else
Session::validateSession();
if ($id_user && !($current_user->isAdmin() && $current_user->getUserId() == $id_user))
$after_form = 'Delete user';
elseif (!$id_user)
$after_form = '';
else
$after_form = '';
$form = new Form([
'request_url' => BASEURL . '/edituser/?' . ($id_user ? 'id=' . $id_user : 'add'),
'content_below' => $after_form,
'fields' => [
'first_name' => [
'type' => 'text',
'label' => 'First name',
'size' => 50,
'maxlength' => 255,
],
'surname' => [
'type' => 'text',
'label' => 'Surname',
'size' => 50,
'maxlength' => 255,
],
'slug' => [
'type' => 'text',
'label' => 'URL slug',
'size' => 50,
'maxlength' => 255,
],
'emailaddress' => [
'type' => 'text',
'label' => 'Email address',
'size' => 50,
'maxlength' => 255,
],
'password1' => [
'type' => 'password',
'label' => 'Password',
'size' => 50,
'maxlength' => 255,
'is_optional' => true,
],
'password2' => [
'type' => 'password',
'label' => 'Password (repeat)',
'size' => 50,
'maxlength' => 255,
'is_optional' => true,
],
'is_admin' => [
'header' => 'Privileges',
'type' => 'checkbox',
'label' => 'This user ' . ($id_user ? 'has' : 'should have') . ' administrative privileges.',
'is_optional' => true,
],
],
]);
// Create the form, add in default values.
$form->setData($id_user ? $user->getProps() : $_POST);
$formview = new FormView($form);
$view->adopt($formview);
if (!empty($_POST))
{
$form->verify($_POST);
// Anything missing?
if (!empty($form->getMissing()))
return $formview->adopt(new DummyBox('Some data missing', 'Please fill out the following fields: ' . implode(', ', $form->getMissing())));
$data = $form->getData();
// Just to be on the safe side.
$data['first_name'] = htmlentities(trim($data['first_name']));
$data['surname'] = htmlentities(trim($data['surname']));
$data['emailaddress'] = trim($data['emailaddress']);
// Make sure there's a slug.
if (empty($data['slug']))
$data['slug'] = $data['first_name'];
// Quick stripping.
$data['slug'] = strtr(strtolower($data['slug']), [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '/' => '-', '\\' => '-']);
// Checkboxes, fun!
$data['is_admin'] = empty($data['is_admin']) ? 0 : 1;
// If it looks like an e-mail address...
if (!empty($data['emailaddress']) && !preg_match('~^[^ ]+@[^ ]+\.[a-z]+$~', $data['emailaddress']))
return $formview->adopt(new DummyBox('Email addresses invalid', 'The email address you entered is not a valid email address.'));
// Check whether email address is already linked to an account in the database -- just not to the account we happen to be editing, of course.
elseif (!empty($data['emailaddress']) && Member::exists($data['emailaddress']) && !($id_user && $user->getEmailAddress() == $data['emailaddress']))
return $formview->adopt(new DummyBox('Email address already in use', 'Another account is already using the e-mail address you entered.'));
// Setting passwords? We'll need two!
if (!$id_user || !empty($data['password1']) && !empty($data['password2']))
{
if (strlen($data['password1']) < 6 || !preg_match('~[^A-z]~', $data['password1']))
return $formview->adopt(new DummyBox('Password not acceptable', 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).'));
elseif ($data['password1'] !== $data['password2'])
return $formview->adopt(new DummyBox('Passwords do not match', 'The passwords you entered do not match. Please try again.'));
else
$data['password'] = $data['password1'];
unset($data['password1'], $data['password2']);
}
// Creating a new user?
if (!$id_user)
{
$return = Member::createNew($data);
if ($return === false)
return $formview->adopt(new DummyBox('Cannot create this user', 'Something went wrong while creating the user...'));
if (isset($_POST['submit_and_new']))
{
header('Location: ' . BASEURL . '/edituser/?add');
exit;
}
}
// Just updating?
else
$user->update($data);
// Redirect to the user management page.
header('Location: ' . BASEURL . '/manageusers/');
exit;
}
}
}