path: root/app/model/common.mod.php

<?php

require_once "model/master.mod.php";
require_once "class/form.class.php";
require_once "class/setting.class.php";
require_once "class/user.class.php";

class CommonModel extends MasterModel
{
    var $HEAD_IMG_MAX_SIZE = 1048576; // 1MB
    var $HEAD_IMG_MIME = array(
        "image/jpg",
        "image/jpeg"
    );

    /*
     * Default action
     */
    function common_deflt()
    {
        global $_SCROTT;

        /* Admin settings tab */
        if ($_SCROTT['settSSL'] != "neither")
        {
            $this->common_settingAdminSettSSLChecked[$_SCROTT['settSSL']] = "checked";
            $this->common_settingAdminSettSSLDisabled = "disabled";
        }
        else
            $this->common_settingAdminSettSSLChecked[Setting::settSSL()] = "checked";

        if (Setting::allowPublicSignup())
            $this->common_settingAdminAllowPublicSignupChecked = "checked";

        /* Admin all-users settings tab */
        $userTbl = new User();
        $this->common_settingAllUsers = $userTbl->getAllUsers_orderByAdminByName();
    }

    /*
     * Handle form submissions from common views
     */
    function common_handleFormSubmissions($input, $attachment)
    {
        switch ($input['action'])
        {
            case "common-setting-user":              $this->saveSettingUser($input, $attachment);             break;
            case "common-setting-admin":             $this->saveSettingAdmin($input);                         break;
            case "common-setting-allusers-adduser":  $this->saveSettingAllusersAdduser($input);               break;
            case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break;
        }
    }

    /*
     * Save changes to user account settings
     */
    function saveSettingUser($input, $attachment)
    {
        $form = new Form();
        $form->field_bool("setPasswd");
        $form->field_text("curPasswd", null, false);
        $form->field_text("newPasswd", null, false);
        $form->field_text("confPasswd", null, false);
        $form->field_text("alias", "", false);
        $form->field_text("email", "", false);
        $form->field_text("emailConfKey", null, false);

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user)
        {
            $this->logError("Not logged in");
            return;
        }

        if ($form->setPasswd)
        {
            if ($user->validatePassword($form->curPasswd))
            {
                if ($form->newPasswd == $form->confPasswd)
                {
                    $user->setPassword($form->newPasswd);
                    $this->logNotice("Password updated successfully");
                }
                else
                    $this->logWarning("Password not changed -- Passwords did not match");
            }

            else
                $this->logWarning("Password not changed -- Current password was incorrect");
        }

        $user->alias = $form->alias;

        if ($form->email != $user->email)
            $user->setEmail($form->email);

        else if ($form->emailConfKey != "")
        {
            if (!$user->confirmEmailKey($form->emailConfKey))
                $this->logWarning("Email not confirmed -- Key was incorrect");
        }

        $user->saveObj();

        if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid))
            $this->logNotice("Image uploaded");
        else
            $this->logFormErrors($form);
    }

    /*
     * Save changes to admin settings
     */
    function saveSettingAdmin($input)
    {
        $form = new Form();
        $form->field_enum("settSSL", array("force", "neither", "forbid"), Setting::settSSL());
        $form->field_bool("allowPublicSignup");

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user || $user->admin == 0)
        {
            $this->logError("Admin permissions required");
            return;
        }

        Setting::settSSL($form->settSSL);
        Setting::allowPublicSignup($form->allowPublicSignup);
    }

    /*
     * Allow an admin to create a new user account
     */
    function saveSettingAllusersAdduser($input)
    {
        $form = new Form();
        $form->field_text("username");
        $form->field_text("password", null, false);
        $form->field_text("cPassword", null, false);
        $form->field_bool("admin");
        $form->field_text("alias", "", false);
        $form->field_text("email", "", false);

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user || $user->admin == 0)
        {
            $this->logError("Admin permissions required");
            return;
        }

        if ($form->password != $form->cPassword)
        {
            $this->logError("Passwords do not match");
            return;
        }

        $user = new User();

        if (!$user->createNewUser($form->username, $form->password))
        {
            $this->logError("Username " . $form->username . " is not available");
            return;
        }

        if ($form->admin)
            $user->admin = 1;

        $user->alias = $form->alias;
        $user->setEmail($form->email);
        $user->saveObj();

        $this->logNotice("Created new user " . $form->username);
    }

    /*
     * Allow an admin to edit user accounts
     */
    function saveSettingAllusersEdituser($input, $attachment)
    {
        $form = new Form();
        $form->field_text("guid");
        $form->field_bool("setPasswd");
        $form->field_text("newPasswd", null, false);
        $form->field_text("confPasswd", null, false);
        $form->field_bool("admin");
        $form->field_text("alias", "", false);
        $form->field_text("email", "", false);

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user || $user->admin == 0)
        {
            $this->logError("Admin permissions required");
            return;
        }

        $user = new User($form->guid);

        if ($user->type != "user")
        {
            $this->logError("Invalid user GUID");
            return;
        }

        if ($form->setPasswd)
        {
            if ($form->newPasswd == $form->confPasswd)
            {
                $user->setPassword($form->newPasswd);
                $this->logNotice("Password for " . $user->name . " updated successfully");
            }
            else
                $this->logWarning("Password not changed -- Passwords did not match");
        }

        $user->admin = $form->admin;
        $user->alias = $form->alias;

        if ($form->email != $user->email)
            $user->setEmail($form->email);

        $user->saveObj();

        if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid))
            $this->logNotice("Image uploaded");
        else
            $this->logFormErrors($form);
    }
}

?>