Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/webtools/partytool/app/controllers/users_controller.php
rflint%ryanflint.com 81b5c917e9 Add first app/ bits 
git-svn-id: svn://10.0.0.236/trunk@239637 18797224-902f-48f8-a5cc-f745e15eee43
2007-11-19 10:03:52 +00:00

423 lines
17 KiB
PHP
Executable File
Raw Blame History

<?php
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Party Tool
*
* The Initial Developer of the Original Code is
* Ryan Flint <rflint@dslr.net>
* Portions created by the Initial Developer are Copyright (C) 2006
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
uses('sanitize');
class UsersController extends AppController {
var $name = 'Users';
var $uses = array('User', 'Party');
var $helpers = array('Html', 'Form');
var $components = array('Security', 'Hash', 'Mail');
function index() {
if (!isset($_SESSION['User'])) {
$this->redirect('/users/login');
}
$this->pageTitle = 'My Profile';
$user = $this->Session->read('User');
$this->set('parties', $this->User->memberOf($user['id']));
$this->set('hparties', $this->User->hostOf($user['id']));
$this->set('iparties', $this->User->invitedTo($user['id']));
}
function register() {
global $timezones;
$this->pageTitle = __('register', true);
$this->set('tzs', $timezones);
$this->set('utz', $this->data['User']['tz']);
if (!empty($this->data)) {
$this->Security->requirePost('register');
$v = new Validation();
if ($this->data['User']['email'] !== $this->data['User']['confemail'])
$this->User->invalidate('confemail');
if ($this->User->findByEmail($this->data['User']['email']) ||
!$v->email($this->data['User']['email']))
$this->User->invalidate('email');
if ($this->data['User']['password'] !== $this->data['User']['confpass'])
$this->User->invalidate('confpass');
if (!$v->url($this->data['User']['website']) &&
!empty($this->data['User']['website']))
$this->User->invalidate('website');
if ($this->User->validates()) {
$clean = new Sanitize();
// Generate and set the password, salt and activation key
$pass = $this->Hash->password($this->data['User']['password'],
$this->data['User']['email']);
$this->data['User']['active'] = $this->Hash->keygen(10, true);
$this->data['User']['password'] = $pass['pass'];
$this->data['User']['salt'] = $pass['salt'];
// Save a few fields from the wrath of cleanArray()
$temp = array('lat' => $this->data['User']['lat'],
'lng' => $this->data['User']['lng'],
'tz' => $this->data['User']['tz'],
'email' => $this->data['User']['email']);
// Scrub 'a dub
$clean->clean($this->data);
$this->data['User']['email'] = $clean->escape($temp['email']);
$this->data['User']['lng'] = floatval($temp['lng']);
$this->data['User']['lat'] = floatval($temp['lat']);
$this->data['User']['tz'] = intval($temp['tz']);
$this->data['User']['role'] = 0;
$this->User->begin();
if ($this->User->save($this->data)) {
$this->Email->to = $this->data['User']['email'];
$this->Email->replyTo = $this->data['User']['email'];
$this->Email->from = APP_NAME.' <'.APP_EMAIL.'>';
$this->Email->subject = sprintf(__('email_subject_welcome', true), APP_NAME);
$this->Email->template = 'register';
$this->Email->sendAs = 'both';
$this->set('actcode', $this->data['User']['active']);
if ($this->Email->send()) {
$this->User->commit();
$this->Session->setFlash('Account created!');
}
else {
$this->User->rollback();
$this->Session->setFlash('Error!');
}
}
else {
$this->User->rollback();
$this->Session->setFlash('Error\'d');
}
}
}
}
function edit() {
if (!isset($_SESSION['User'])) {
$this->redirect('/users/login');
}
$this->set('error', false);
$this->pageTitle = 'Edit My Account';
if (empty($this->data)) {
$this->User->id = $_SESSION['User']['id'];
$this->data = $this->User->read();
$this->data['User']['password'] = "";
$this->set('utz', $this->data['User']['tz']);
$this->data['User']['name'] = preg_replace("/&#(\d{2,5});/e",
'$this->Unicode->unicode2utf(${1})',
html_entity_decode($this->data['User']['name']));
$this->data['User']['website'] = preg_replace("/&#(\d{2,5});/e",
'$this->Unicode->unicode2utf(${1})',
html_entity_decode($this->data['User']['website']));
$this->data['User']['location'] = preg_replace("/&#(\d{2,5});/e",
'$this->Unicode->unicode2utf(${1})',
html_entity_decode($this->data['User']['location']));
if (GMAP_API_KEY != null) {
if ($this->data['User']['lat'])
$this->set('map', 'mapInit('.$this->data['User']['lat'].','.$this->data['User']['long'].','.$this->data['User']['zoom'].')');
else
$this->set('map', 'mapInit()');
}
}
else {
$user = $this->User->findById($_SESSION['User']['id']);
$this->User->id = $user['User']['id'];
$this->set('utz', $user['User']['tz']);
$clean = new Sanitize();
$temp = array('password' => $this->data['User']['password'],
'confpassword' => $this->data['User']['confpassword'],
'lat' => $clean->sql($this->data['User']['lat']),
'long' => $clean->sql($this->data['User']['long']),
'tz' => $clean->sql($this->data['User']['tz']));
//Nuke everything else
$clean->cleanArray($this->data);
$this->data['User']['email'] = $user['User']['email'];
$this->data['User']['password'] = $temp['password'];
$this->data['User']['confpassword'] = $temp['confpassword'];
$this->data['User']['lat'] = floatval($temp['lat']);
$this->data['User']['long'] = floatval($temp['long']);
$this->data['User']['tz'] = intval($temp['tz']);
$this->data['User']['role'] = $user['User']['role'];
if (!preg_match("/^(http|https)\:\/\//i", $this->data['User']['website']) &&
!empty($this->data['User']['website']))
$this->User->invalidate('website');
if ($this->data['User']['password'] === $this->data['User']['confpassword'] &&
!empty($this->data['User']['password'])) {
$pass = $this->Hash->password($this->data['User']['password'], $user['User']['email']);
$this->data['User']['password'] = $pass['pass'];
$this->data['User']['salt'] = $pass['salt'];
}
else if (empty($this->data['User']['password']) && empty($this->data['User']['confpassword'])) {
$this->data['User']['password'] = $user['User']['password'];
$this->data['User']['salt'] = $user['User']['salt'];
}
else {
$this->set('error', true);
$this->User->invalidate('password');
$this->User->invalidate('confpassword');
}
if ($this->User->validates($this->data)) {
if ($this->User->save($this->data)) {
$sess = $this->User->findById($user['User']['id']);
$this->redirect('/users/');
}
}
else {
$this->validateErrors($this->User);
$this->data['User']['password'] = null;
$this->data['User']['confpassword'] = null;
$this->render();
}
}
}
function login() {
if ($this->Session->Check('User'))
$this->redirect('/users');
$this->pageTitle = 'Login';
if (!empty($this->data)) {
if (empty($this->data['User']['email']) || empty($this->data['User']['password']))
$this->render();
$user = $this->User->findByEmail($this->data['User']['email']);
$pass = sha1($this->data['User']['password'].$user['User']['salt']);
if ($user['User']['password'] == $pass) {
if ($user['User']['active'] != 1) {
$this->Session->setFlash('Your account hasn\'t been activated yet. Please
check your email (including junk/spam folders)
for your activation link, or click <a href="'
.APP_BASE.'/users/recover/activate">here</a> to
resend your activation details.', 'infoFlash');
$this->render();
}
else {
if (isset($_SESSION['invite']))
$this->Party->addGuest($user['User']['id'], $_SESSION['invite']);
$this->Session->write('User', $user['User']);
$this->redirect('/users/');
}
}
else {
$this->Session->setFlash('The email address and password you supplied do
not match. Please try again.', 'errorFlash');
}
}
}
function view($id = null) {
if (!is_numeric($id))
$this->redirect('/');
else {
$user = $this->User->findById($id);
$this->pageTitle = $user['User']['name'];
$this->set('user', $user);
if (GMAP_API_KEY != null && !empty($user['User']['lat']))
$this->set('map', 'mapInit('.$user['User']['lat'].','.$user['User']['long'].','.$user['User']['zoom'].',\'stationary\');');
$this->Party->unbindModel(array('hasMany' => array('Comment')));
$this->set('hparties', $this->User->hostOf($id));
$att = $this->User->query('SELECT parties.id, parties.name
FROM parties
LEFT JOIN guests
ON parties.id = guests.pid
WHERE guests.uid = '.$id);
$this->set('parties', $att);
}
}
function logout() {
$this->Session->destroy();
$this->Session->delete('User');
$this->redirect('/');
}
function recover($aType = null, $aCode = null, $aId = null) {
switch ($aType) {
case "password":
$this->pageTitle = "Password Recovery";
$this->set('atitle', 'Password Recovery');
$this->set('hideInput', false);
$this->set('url', 'password');
if (!empty($this->data)) {
$user = $this->User->findByEmail($this->data['User']['email']);
if (!isset($user['User']['email'])) {
$this->Session->setFlash('Could not find a user with that email address. Please check it and try again.', 'errorFlash');
$this->render();
}
else {
$code = md5($user['User']['salt'].$user['User']['email'].$user['User']['password']);
$message = array('from' => APP_NAME.' <'.APP_EMAIL.'>',
'envelope' => APP_EMAIL,
'to' => $user['User']['email'],
'subject' => APP_NAME.' Password Request',
'link' => APP_BASE.'/users/recover/password/'.$code.'/'.$user['User']['id'],
'type' => 'prec');
$this->Mail->mail($message);
$this->Mail->send();
$this->Session->setFlash('An email has been sent to '.$user['User']['email'].' with reset instructions.', 'errorFlash');
$this->redirect('users/login');
}
}
if ($aCode !== null && $aId !== null) {
$this->set('hideInput', true);
$this->set('reset', false);
$user = $this->User->findById($aId);
if (!$user) {
$this->Session->setFlash('Invalid request. Please check the URL and try again.', 'errorFlash');
$this->render();
}
if ($aCode == md5($user['User']['salt'].$user['User']['email'].$user['User']['password'])) {
$this->set('reset', true);
$this->set('code', $aCode."/".$aId);
$this->render();
}
else {
$this->Session->setFlash('Invalid request. Please check the URL and try again.', 'errorFlash');
$this->render();
}
}
break;
case "activate":
$this->pageTitle = 'Resend Activation Code';
$this->set('atitle', 'Resend Activation Code');
$this->set('hideInput', false);
$this->set('url', 'activate');
if (!empty($this->data)) {
$user = $this->User->findByEmail($this->data['User']['email']);
if (!$user) {
$this->Session->setFlash('Could not find a user with that email address. Please check it and try again.', 'errorFlash');
$this->render();
}
if ($user['User']['active'] == 1)
$this->redirect('/users/login');
else {
$message = array('from' => APP_NAME.' <'.APP_EMAIL.'>',
'envelope' => APP_EMAIL,
'to' => $this->data['User']['email'],
'subject' => 'Your '.APP_NAME.' Registration',
'link' => APP_BASE.'/users/activate/'.$user['User']['active'],
'type' => 'act');
$this->Mail->mail($message);
$this->Mail->send();
$this->Session->setFlash('Your activation code has been resent.', 'infoFlash');
$this->redirect('users/login');
}
}
break;
case "reset":
if ($aCode !== null && $aId !== null) {
if (!empty($this->data)) {
$user = $this->User->findById($aId);
if (!$user) {
$this->Session->setFlash('Invalid request. Please check the URL and try again.', 'errorFlash');
$this->render();
}
if ($aCode == md5($user['User']['salt'].$user['User']['email'].$user['User']['password'])) {
$string = $user['User']['email'] . uniqid(rand(), true) . $this->data['User']['password'];
$this->data['User']['salt'] = substr(md5($string), 0, 9);
$this->data['User']['password'] = sha1($this->data['User']['password'] . $this->data['User']['salt']);
$this->data['User']['id'] = $aId;
if ($this->User->save($this->data)) {
$this->Session->setFlash('Your password has been reset.', 'infoFlash');
$this->redirect('/users/login');
}
}
}
}
break;
default:
$this->redirect('/');
break;
}
}
function activate($aKey = null) {
if ($aKey == null)
$this->redirect('/');
else {
$user = $this->User->findByActive($aKey);
if (empty($user['User']['id'])) {
$this->Session->setFlash('Your account could not be activated. Please make
sure the URL entered is correct and try again.', 'errorFlash');
$this->redirect('/users/login');
}
else {
$this->data = $user;
$this->data['User']['active'] = 1;
if ($this->User->save($this->data)) {
$this->Session->setFlash('Your account was successfully activated.', 'infoFlash');
$this->redirect('/users/login');
}
}
}
}
}
?>
Reference in New Issue View Git Blame Copy Permalink