path: root/examples/model/common.mod.php

<?php

/*
 * SCROTT Copyright (C) 2016 Malf Furious
 *
 * Scrott is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published
 * by the Free Software Foundation, either version 3 of the License,
 * or (at your option) any later version.
 *
 * Scrott is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
 * License for more details.
 */

require_once "model/master.mod.php";
require_once "class/form.class.php";
require_once "class/setting.class.php";
require_once "class/object.class.php";
require_once "class/user.class.php";
require_once "class/group.class.php";

class CommonModel extends MasterModel
{
    var $HEAD_IMG_MAX_SIZE = 1048576; // 1MB
    var $HEAD_IMG_MIME = array(
        "image/jpg",
        "image/jpeg"
    );

    /*
     * Constructor
     */
    function __construct($guid = null)
    {
        parent::__construct();
        $this->first_setting_tab_active = 0;
        $this->first_setting_tab_disp = 0;
        $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']);

        if (!is_null($guid))
        {
            $this->obj = new DBObject($guid);
            $this->owner = $this->obj->getOwner();
            $this->members = $this->obj->getMembers();
        }

        $this->common_deflt();
    }

    /*
     * Default action
     */
    function common_deflt()
    {
        global $_SCROTT;

        /* Admin settings tab */
        if ($_SCROTT['settSSL'] != "neither")
        {
            $this->common_settingAdminSettSSLChecked[$_SCROTT['settSSL']] = "checked";
            $this->common_settingAdminSettSSLDisabled = "disabled";
        }
        else
            $this->common_settingAdminSettSSLChecked[Setting::settSSL()] = "checked";

        if (Setting::allowPublicSignup())
            $this->common_settingAdminAllowPublicSignupChecked = "checked";

        /* Admin all-users settings tab */
        $userTbl = new User();
        $this->common_settingAllUsers = $userTbl->getAllUsers_orderByAdminByName();

        /* Setting modal - what tabs to display? */
        if (isset($this->obj))
        {
            if ($this->obj->type == "group")
            {
                $this->group = new Group($this->obj->guid);
                $this->common_settingShowTab['group'] = true;
            }
        }
    }

    /*
     * Handle form submissions from common views
     */
    function common_handleFormSubmissions($input, $attachment)
    {
        switch ($input['action'])
        {
            case "common-group-add":                 $this->addNewGroup($input);                              break;
            case "common-setting-group":             $this->saveSettingGroup($input, $attachment);            break;
            case "common-setting-user":              $this->saveSettingUser($input, $attachment);             break;
            case "common-setting-admin":             $this->saveSettingAdmin($input);                         break;
            case "common-setting-allusers-adduser":  $this->saveSettingAllusersAdduser($input);               break;
            case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break;
            case "common-setting-allusers-deluser":  $this->saveSettingAllusersDeluser($input);               break;
        }
    }

    /*
     * Create a new user group
     */
    function addNewGroup($input)
    {
        $form = new Form();
        $form->field_text("name");

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $group = new Group();
        $group->createNewGroup($form->name, $this->getCurrentUser());
    }

    /*
     * Save changes to user group settings
     */
    function saveSettingGroup($input, $attachment)
    {
        $form = new Form();
        $form->field_text("guid");
        $form->field_text("name");
        $form->field_bool("perm0");
        $form->field_bool("perm1");
        $form->field_bool("perm2");
        $form->field_bool("perm3");
        $form->field_bool("perm4");
        $form->field_bool("perm5");
        $form->field_bool("perm6");
        $form->field_bool("perm7");
        $form->field_bool("perm8");

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();
        $group = new Group($form->guid);

        if (!$user || $group->type != "group" || !$group->canModify($user))
        {
            $this->logError("You do not have permission to modify this group");
            return;
        }

        if (isset($input['rmImage']))
        {
            if ($group->rmHeadImage())
                $this->logNotice("Image removed");
            else
                $this->logError("Error removing group image");

            return;
        }

        $group->name = $form->name;

        if ($group->canModifyPermissions($user))
        {
            $perms = 0;

            if ($form->perm0)
                $perms |= 0x100;
            if ($form->perm1)
                $perms |= 0x080;
            if ($form->perm2)
                $perms |= 0x040;
            if ($form->perm3)
                $perms |= 0x020;
            if ($form->perm4)
                $perms |= 0x010;
            if ($form->perm5)
                $perms |= 0x008;
            if ($form->perm6)
                $perms |= 0x004;
            if ($form->perm7)
                $perms |= 0x002;
            if ($form->perm8)
                $perms |= 0x001;

            $group->perms = $perms;
        }

        $group->saveObj();

        if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $group->guid))
            $this->logNotice("Image uploaded");
        else
            $this->logFormErrors($form);
    }

    /*
     * Save changes to user account settings
     */
    function saveSettingUser($input, $attachment)
    {
        $form = new Form();
        $form->field_bool("setPasswd");
        $form->field_text("curPasswd", null, false);
        $form->field_text("newPasswd", null, false);
        $form->field_text("confPasswd", null, false);
        $form->field_text("alias", "", false);
        $form->field_text("email", "", false);
        $form->field_text("emailConfKey", null, false);

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user)
        {
            $this->logError("Not logged in");
            return;
        }

        if (isset($input['rmImage']))
        {
            if ($user->rmHeadImage())
                $this->logNotice("Image removed");
            else
                $this->logError("Error removing user image");

            return;
        }

        if ($form->setPasswd)
        {
            if ($user->validatePassword($form->curPasswd))
            {
                if ($form->newPasswd == $form->confPasswd)
                {
                    $user->setPassword($form->newPasswd);
                    $this->logNotice("Password updated successfully");
                }
                else
                    $this->logWarning("Password not changed -- Passwords did not match");
            }

            else
                $this->logWarning("Password not changed -- Current password was incorrect");
        }

        $user->alias = $form->alias;

        if ($form->email != $user->email)
            $user->setEmail($form->email);

        else if ($form->emailConfKey != "")
        {
            if (!$user->confirmEmailKey($form->emailConfKey))
                $this->logWarning("Email not confirmed -- Key was incorrect");
        }

        $user->saveObj();

        if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid))
            $this->logNotice("Image uploaded");
        else
            $this->logFormErrors($form);
    }

    /*
     * Save changes to admin settings
     */
    function saveSettingAdmin($input)
    {
        $form = new Form();
        $form->field_enum("settSSL", array("force", "neither", "forbid"), Setting::settSSL());
        $form->field_bool("allowPublicSignup");

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user || $user->admin == 0)
        {
            $this->logError("Admin permissions required");
            return;
        }

        Setting::settSSL($form->settSSL);
        Setting::allowPublicSignup($form->allowPublicSignup);
    }

    /*
     * Allow an admin to create a new user account
     */
    function saveSettingAllusersAdduser($input)
    {
        $form = new Form();
        $form->field_text("username");
        $form->field_text("password", null, false);
        $form->field_text("cPassword", null, false);
        $form->field_bool("admin");
        $form->field_text("alias", "", false);
        $form->field_text("email", "", false);

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user || $user->admin == 0)
        {
            $this->logError("Admin permissions required");
            return;
        }

        if ($form->password != $form->cPassword)
        {
            $this->logError("Passwords do not match");
            return;
        }

        $user = new User();

        if (!$user->createNewUser($form->username, $form->password))
        {
            $this->logError("Username " . $form->username . " is not available");
            return;
        }

        if ($form->admin)
            $user->admin = 1;

        $user->alias = $form->alias;
        $user->setEmail($form->email);
        $user->saveObj();

        $this->logNotice("Created new user " . $form->username);
    }

    /*
     * Allow an admin to edit user accounts
     */
    function saveSettingAllusersEdituser($input, $attachment)
    {
        $form = new Form();
        $form->field_text("guid");
        $form->field_bool("setPasswd");
        $form->field_text("newPasswd", null, false);
        $form->field_text("confPasswd", null, false);
        $form->field_bool("admin");
        $form->field_text("alias", "", false);
        $form->field_text("email", "", false);

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user || $user->admin == 0)
        {
            $this->logError("Admin permissions required");
            return;
        }

        $user = new User($form->guid);

        if ($user->type != "user")
        {
            $this->logError("Invalid user GUID");
            return;
        }

        if (isset($input['rmImage']))
        {
            if ($user->rmHeadImage())
                $this->logNotice("Image removed");
            else
                $this->logError("Error removing user image");

            return;
        }

        if ($form->setPasswd)
        {
            if ($form->newPasswd == $form->confPasswd)
            {
                $user->setPassword($form->newPasswd);
                $this->logNotice("Password for " . $user->name . " updated successfully");
            }
            else
                $this->logWarning("Password not changed -- Passwords did not match");
        }

        $user->admin = $form->admin;
        $user->alias = $form->alias;

        if ($form->email != $user->email)
            $user->setEmail($form->email);

        $user->saveObj();

        if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid))
            $this->logNotice("Image uploaded");
        else
            $this->logFormErrors($form);
    }

    /*
     * Allow admin to remove user accounts
     */
    function saveSettingAllusersDeluser($input)
    {
        $form = new Form();
        $form->field_text("guid");

        if (!$form->populate($input))
        {
            $this->logFormErrors($form);
            return;
        }

        $user = $this->getCurrentUser();

        if (!$user || $user->admin == 0)
        {
            $this->logError("Admin permissions required");
            return;
        }

        $user = new User($form->guid);

        if ($user->type != "user")
        {
            $this->logError("Invalid user GUID");
            return;
        }

        if ($user->admin && $user->getNumAdmins() == 1)
        {
            $this->logError("Account not deleted - Cannot remove the last admin account");
            return;
        }

        $user->delObj();

        if (!$this->getCurrentUser())
        {
            /* did user delete their own account? */
            $this->redirectTo($this->ar() . "/");
        }
    }

    /*
     * Set CSS class for the first tab title in the setting modal only
     */
    function getSettingModalTabActiveClass()
    {
        if (!$this->first_setting_tab_active)
        {
            $this->first_setting_tab_active = 1;
            return "active";
        }

        return "";
    }

    /*
     * Set CSS classes for the first tab in the setting modal only
     */
    function getSettingModalTabDispClasses()
    {
        if (!$this->first_setting_tab_disp)
        {
            $this->first_setting_tab_disp = 1;
            return "in active";
        }

        return "";
    }
}

?>