From 7acf1af340b9d11b72bca70731ed6dbcd7c95132 Mon Sep 17 00:00:00 2001 From: M Date: Sun, 22 Nov 2015 02:45:31 -0500 Subject: + Adding model for sysconf mvc --- app/model/sysconf.mod.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 app/model/sysconf.mod.php (limited to 'app/model') diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php new file mode 100644 index 0000000..11b8f4f --- /dev/null +++ b/app/model/sysconf.mod.php @@ -0,0 +1,15 @@ + -- cgit v1.2.3 From 2710f0de8d8d900a0997fd72f315c8a6f07329cf Mon Sep 17 00:00:00 2001 From: M Date: Sun, 22 Nov 2015 03:04:06 -0500 Subject: * Derp, default is a reserved word, calling the function 'deflt' instead * Removed explicit call to parent constructor in model class, since that function is not explicitly defined --- app/model/sysconf.mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php index 11b8f4f..cc29294 100644 --- a/app/model/sysconf.mod.php +++ b/app/model/sysconf.mod.php @@ -7,7 +7,7 @@ class SysconfModel extends Model /* * Default action */ - function default() + function deflt() { } } -- cgit v1.2.3 From b1f4cf9b23acbcb80f937ef7f0b9f18fdb167f5a Mon Sep 17 00:00:00 2001 From: M Date: Sun, 22 Nov 2015 12:40:37 -0500 Subject: + Start of Master MVC ( will define generic layout of pages but will not define logic for header ui. since this depends on an established database ). + Added Master model ! As far as I am planning right now, the only MVC that will inherit Master directly will be sysconf since it cannot rely on an existing database connection. --- app/model/master.mod.php | 9 +++++++++ app/model/sysconf.mod.php | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 app/model/master.mod.php (limited to 'app/model') diff --git a/app/model/master.mod.php b/app/model/master.mod.php new file mode 100644 index 0000000..2570a8b --- /dev/null +++ b/app/model/master.mod.php @@ -0,0 +1,9 @@ + diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php index cc29294..754d1a6 100644 --- a/app/model/sysconf.mod.php +++ b/app/model/sysconf.mod.php @@ -1,8 +1,8 @@ Date: Sun, 6 Dec 2015 02:16:46 -0500 Subject: * Implemented the "save" action for MVC sysconf --- app/model/sysconf.mod.php | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'app/model') diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php index 754d1a6..d86f589 100644 --- a/app/model/sysconf.mod.php +++ b/app/model/sysconf.mod.php @@ -1,15 +1,58 @@ field_text("dbAddress"); + $form->field_text("dbName"); + $form->field_text("dbUser"); + $form->field_text("dbPass", null, false); + $form->field_enum("settSSL", array("force", "neither", "forbid")); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $f = fopen($this->CONF_FILE, "w"); + + if (!$f) + { + $this->logError("Can not create configuration file"); + return; + } + + fwrite($f, "dbAddress . "';\n"); + fwrite($f, "\$_SCROTT['dbName'] = '" . $form->dbName . "';\n"); + fwrite($f, "\$_SCROTT['dbUser'] = '" . $form->dbUser . "';\n"); + fwrite($f, "\$_SCROTT['dbPass'] = '" . $form->dbPass . "';\n"); + fwrite($f, "\$_SCROTT['settSSL'] = '" . $form->settSSL . "';\n"); + fwrite($f, "?>\n"); + + fclose($f); + $this->redirectTo($this->ar()); + } } ?> -- cgit v1.2.3 From b7dfa1cbde0eb56a3251e48692e5757559bf604a Mon Sep 17 00:00:00 2001 From: M Date: Sun, 6 Dec 2015 03:27:39 -0500 Subject: + Adding a TODO note for later --- app/model/sysconf.mod.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/model') diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php index d86f589..30ebd58 100644 --- a/app/model/sysconf.mod.php +++ b/app/model/sysconf.mod.php @@ -32,6 +32,8 @@ class SysconfModel extends MasterModel return; } + /* TODO -- test database connection before proceeding */ + $f = fopen($this->CONF_FILE, "w"); if (!$f) -- cgit v1.2.3 From f1c8aca230a0fc982f98f3dfc9b630b82dbb7dc4 Mon Sep 17 00:00:00 2001 From: M Date: Sun, 6 Dec 2015 17:38:02 -0500 Subject: + Added functions to Master model for getting merged strings for all error/warning/or notice messages --- app/model/master.mod.php | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'app/model') diff --git a/app/model/master.mod.php b/app/model/master.mod.php index 2570a8b..1ce9b9a 100644 --- a/app/model/master.mod.php +++ b/app/model/master.mod.php @@ -4,6 +4,38 @@ require_once "class/model.class.php"; class MasterModel extends Model { + /* + * Get string of all logged error messages + */ + function getErrorStr() + { + if (!$this->isError()) + return ""; + + return implode("
", $this->errorlist); + } + + /* + * Get string of all logged warning messages + */ + function getWarningStr() + { + if (!$this->isWarning()) + return ""; + + return implode("
", $this->warninglist); + } + + /* + * Get string of all logged notice messages + */ + function getNoticeStr() + { + if (!$this->isNotice()) + return ""; + + return implode("
", $this->noticelist); + } } ?> -- cgit v1.2.3 From 5f8d24d62e1474958685fee21e7e442aa3ce9d9c Mon Sep 17 00:00:00 2001 From: M Date: Sun, 6 Dec 2015 20:11:28 -0500 Subject: Revert "+ Added functions to Master model for getting merged strings for all error/warning/or notice messages" - Rm'ing functions I just added. I decided to go about this in a different way This reverts commit f1c8aca230a0fc982f98f3dfc9b630b82dbb7dc4. --- app/model/master.mod.php | 32 -------------------------------- 1 file changed, 32 deletions(-) (limited to 'app/model') diff --git a/app/model/master.mod.php b/app/model/master.mod.php index 1ce9b9a..2570a8b 100644 --- a/app/model/master.mod.php +++ b/app/model/master.mod.php @@ -4,38 +4,6 @@ require_once "class/model.class.php"; class MasterModel extends Model { - /* - * Get string of all logged error messages - */ - function getErrorStr() - { - if (!$this->isError()) - return ""; - - return implode("
", $this->errorlist); - } - - /* - * Get string of all logged warning messages - */ - function getWarningStr() - { - if (!$this->isWarning()) - return ""; - - return implode("
", $this->warninglist); - } - - /* - * Get string of all logged notice messages - */ - function getNoticeStr() - { - if (!$this->isNotice()) - return ""; - - return implode("
", $this->noticelist); - } } ?> -- cgit v1.2.3 From f83a90323bb359f995e7359a917eb9470a5e40e0 Mon Sep 17 00:00:00 2001 From: M Date: Sun, 6 Dec 2015 20:51:30 -0500 Subject: + Implemented the "noticeModal" -- an object in the master MVC topp view for displaying error / warning / and notice messages + Added two helper functions to Master MVC model for retruning values to the noticeModal --- app/model/master.mod.php | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'app/model') diff --git a/app/model/master.mod.php b/app/model/master.mod.php index 2570a8b..aebcaaa 100644 --- a/app/model/master.mod.php +++ b/app/model/master.mod.php @@ -4,6 +4,39 @@ require_once "class/model.class.php"; class MasterModel extends Model { + /* + * Get the appropriate alert class to use when showing the notice modal + */ + function getNoticeModalAlertClass() + { + if ($this->isError()) + return "alert-danger"; + + if ($this->isWarning()) + return "alert-warning"; + + if ($this->isNotice()) + return "alert-info"; + + return ""; + } + + /* + * Get the appropriate glyphicon to use when showing the notice modal + */ + function getNoticeModalGlyphicon() + { + if ($this->isError()) + return "glyphicon glyphicon-remove-sign"; + + if ($this->isWarning()) + return "glyphicon glyphicon-exclamation-sign"; + + if ($this->isNotice()) + return "glyphicon glyphicon-info-sign"; + + return ""; + } } ?> -- cgit v1.2.3 From aae92b703d57d95d27cce359420f9f0d626f7843 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 24 Dec 2015 17:15:09 -0500 Subject: * Now performing a database connection test before allowing the sytsconf page submission to succeed --- app/model/sysconf.mod.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php index 30ebd58..49e3b4d 100644 --- a/app/model/sysconf.mod.php +++ b/app/model/sysconf.mod.php @@ -19,6 +19,8 @@ class SysconfModel extends MasterModel */ function save($input) { + global $_SCROTT; + $form = new Form(); $form->field_text("dbAddress"); $form->field_text("dbName"); @@ -32,8 +34,25 @@ class SysconfModel extends MasterModel return; } - /* TODO -- test database connection before proceeding */ + /* test database connection (set global vars and try to get a db object) */ + $_SCROTT['conf'] = 'conf'; + $_SCROTT['dbEngine'] = 'mysql'; + $_SCROTT['dbAddress'] = $form->dbAddress; + $_SCROTT['dbName'] = $form->dbName; + $_SCROTT['dbUser'] = $form->dbUser; + $_SCROTT['dbPass'] = $form->dbPass; + + try + { + $db = $this->getDbConnection(); + } + catch (Exception $e) + { + $this->logError($e->getMessage()); + return; + } + /* write file */ $f = fopen($this->CONF_FILE, "w"); if (!$f) -- cgit v1.2.3 From a21e20b7a8db343129aa8713853358bdb77de939 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 2 Jan 2016 13:30:46 -0500 Subject: + Added model for new page master layer ("Common" MVC) --- app/model/common.mod.php | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 app/model/common.mod.php (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php new file mode 100644 index 0000000..d4270d8 --- /dev/null +++ b/app/model/common.mod.php @@ -0,0 +1,9 @@ + -- cgit v1.2.3 From 735230c9125314e5a185e82c57cac0ad2e11b996 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 3 Jan 2016 12:47:30 -0500 Subject: + Added model for Auth MVC --- app/model/auth.mod.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 app/model/auth.mod.php (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php new file mode 100644 index 0000000..9c356e2 --- /dev/null +++ b/app/model/auth.mod.php @@ -0,0 +1,15 @@ + -- cgit v1.2.3 From 43ca317ea7d49396eb2958a38aed8b737ef4186b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 3 Jan 2016 18:34:17 -0500 Subject: * Bug fix in sysconf model - save action: problem with how the code is redirecting to the app root on success (needed to add a trailing shash character) --- app/model/sysconf.mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php index 49e3b4d..fafc4d7 100644 --- a/app/model/sysconf.mod.php +++ b/app/model/sysconf.mod.php @@ -72,7 +72,7 @@ class SysconfModel extends MasterModel fwrite($f, "?>\n"); fclose($f); - $this->redirectTo($this->ar()); + $this->redirectTo($this->ar() . "/"); } } -- cgit v1.2.3 From 9ce26b55017a24f3cae5c20958f2d612273c2f60 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 26 Jan 2016 21:55:43 -0500 Subject: + Added function to User class to fetch all users from DB * Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account --- app/model/auth.mod.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 9c356e2..9cd6b7c 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -1,6 +1,7 @@ getAllUsers_orderByName()) == 0) + return false; + + return true; } } -- cgit v1.2.3 From 3a111ed74e89e9634e5baf4375625acc6ad262e6 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 28 Jan 2016 20:39:47 -0500 Subject: Finish signup and initialSignup actions on Auth MVC If no accounts exist no login page will be shown. Instead, the app presents the signup page to allow the administrator to create his account. This is the only case where a new account should be an admin by default. --- app/model/auth.mod.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 9cd6b7c..5b655d6 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -20,6 +20,21 @@ class AuthModel extends CommonModel return true; } + + /* + * Initial signup action + */ + function initialSignup() + { + $this->noaccounts = true; + } + + /* + * Signup action + */ + function signup() + { + } } ?> -- cgit v1.2.3 From ed1b89d4aa07393d7a9f75c689c4877acfa38826 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Jan 2016 21:49:42 -0500 Subject: Implement signup_submit action on Auth MVC Submissions to the Auth signup page are now fully handled by either creating a new account (User object in the system) or posting an error message to the page (Auth model) --- app/model/auth.mod.php | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 5b655d6..aa0adf3 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -2,6 +2,7 @@ require_once "model/common.mod.php"; require_once "class/user.class.php"; +require_once "class/form.class.php"; class AuthModel extends CommonModel { @@ -35,6 +36,39 @@ class AuthModel extends CommonModel function signup() { } + + /* + * Attempt to register a new account + */ + function signupSubmit($input) + { + $form = new Form(); + $form->field_text("username"); + $form->field_text("password", null, false); + $form->field_text("cPassword", null, false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + if ($form->password != $form->cPassword) + { + $this->logError("Passwords do not match"); + return; + } + + $user = new User(); + + if (!$user->createNewUser($form->username, $form->password)) + { + $this->logError("Your requested username is already in use"); + return; + } + + $this->redirectTo($this->ap() . "/"); + } } ?> -- cgit v1.2.3 From 1a2cf00b5e1a9c00be823eb655a76f8625bf32b5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 31 Jan 2016 12:47:04 -0500 Subject: Merge Auth MVC, initial_signup action into signup There was a mistake that caused the page notice about no accounts existing to sometimes not showup in error. This merge resolves that issue as well as tidys up the code a bit. --- app/model/auth.mod.php | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index aa0adf3..cdf416b 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -22,19 +22,15 @@ class AuthModel extends CommonModel return true; } - /* - * Initial signup action - */ - function initialSignup() - { - $this->noaccounts = true; - } - /* * Signup action */ function signup() { + $userTbl = new User(); + + if (count($userTbl->getAllUsers_orderByName()) == 0) + $this->noaccounts = true; } /* -- cgit v1.2.3 From 8640c13c934ff3e6d907b1e335edb83da088a2ca Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 31 Jan 2016 20:33:38 -0500 Subject: Log in on signup success Now, on a successful submission of the signup view form (Auth MVC), the app automatically logs in the newly-created user and redirects to Framework::ap() . "/". Placeholder code has been added to the root controller to simply var_dump() the current logged in user if one exists, otherwise the login view (Auth MVC) is shown --- app/model/auth.mod.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index cdf416b..9fa67e4 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -63,6 +63,7 @@ class AuthModel extends CommonModel return; } + $this->setCurrentUser($user); $this->redirectTo($this->ap() . "/"); } } -- cgit v1.2.3 From faa6ca0b2e9430d2f9d689aab583a7f881ed03bf Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 1 Feb 2016 19:33:57 -0500 Subject: Implement 'login' action on Auth MVC Finished initial functionality for Auth MVC by implementing the login feature --- app/model/auth.mod.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 9fa67e4..2b61b91 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -66,6 +66,33 @@ class AuthModel extends CommonModel $this->setCurrentUser($user); $this->redirectTo($this->ap() . "/"); } + + /* + * Attempt to login + */ + function login($input) + { + $form = new Form(); + $form->field_text("username"); + $form->field_text("password", null, false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = new User(); + + if (!($user->initByUsername($form->username) && $user->validatePassword($form->password))) + { + $this->logError("Username or password is incorrect"); + return; + } + + $this->setCurrentUser($user); + $this->redirectTo($this->ap() . "/"); + } } ?> -- cgit v1.2.3 From b3a31ffef3a6203ec61e745821945b371fff7c22 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 6 Feb 2016 18:18:11 -0500 Subject: Update Auth model to reflect changes in previous commit --- app/model/auth.mod.php | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 2b61b91..23b8288 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -3,6 +3,7 @@ require_once "model/common.mod.php"; require_once "class/user.class.php"; require_once "class/form.class.php"; +require_once "class/setting.class.php"; class AuthModel extends CommonModel { @@ -11,33 +12,35 @@ class AuthModel extends CommonModel */ function deflt() { - /* Make sure user accounts exist since this is preping the page to login. If there are no accounts in the DB, - * return false to signal controller to display the admin account creation */ - $userTbl = new User(); if (count($userTbl->getAllUsers_orderByName()) == 0) - return false; + { + $this->noaccounts = true; + $this->activeTab['signup'] = "in active"; + $this->tabSwap = false; + } - return true; + else + { + $this->activeTab['login'] = "in active"; + $this->tabSwap = Setting::allowPublicSignup(); + } } /* - * Signup action + * Attempt to register a new account */ - function signup() + function signup($input) { $userTbl = new User(); - if (count($userTbl->getAllUsers_orderByName()) == 0) - $this->noaccounts = true; - } + if (!Setting::allowPublicSignup() && count($userTbl->getAllUsers_orderByName()) > 0) + { + $this->logError("You may not signup at this time"); + return; + } - /* - * Attempt to register a new account - */ - function signupSubmit($input) - { $form = new Form(); $form->field_text("username"); $form->field_text("password", null, false); -- cgit v1.2.3 From c003600effc33db5eef3bb41d8715a3c9daf04b2 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 17 Feb 2016 20:29:11 -0500 Subject: Add 'Except' MVC -- Used to show application exception messages to user This MVC should be triggered by the root controller if normal routines throw an exception and should pass the exception message to the Except controller. --- app/model/except.mod.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 app/model/except.mod.php (limited to 'app/model') diff --git a/app/model/except.mod.php b/app/model/except.mod.php new file mode 100644 index 0000000..f456227 --- /dev/null +++ b/app/model/except.mod.php @@ -0,0 +1,15 @@ + -- cgit v1.2.3 From 6ab4290083da1762be7dbcad3c6f3c7a754ccef0 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 17 Feb 2016 20:56:14 -0500 Subject: Update Except model, deflt action to consume $message for display on page --- app/model/except.mod.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/except.mod.php b/app/model/except.mod.php index f456227..13a67be 100644 --- a/app/model/except.mod.php +++ b/app/model/except.mod.php @@ -7,8 +7,9 @@ class ExceptModel extends MasterModel /* * Default action */ - function deflt() + function deflt($message) { + $this->message = $message; } } -- cgit v1.2.3 From 645bfafc1221b9266076d674f9515eef059471b4 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 5 Mar 2016 17:40:43 -0500 Subject: Add Deauth model Deauth is the MVC used to de-authenticate a session -- logout. This MVC will have no views. --- app/model/deauth.mod.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 app/model/deauth.mod.php (limited to 'app/model') diff --git a/app/model/deauth.mod.php b/app/model/deauth.mod.php new file mode 100644 index 0000000..d3eb7c1 --- /dev/null +++ b/app/model/deauth.mod.php @@ -0,0 +1,17 @@ +setCurrentUser(); + $this->redirectTo($this->ar() . "/"); + } +} + +?> -- cgit v1.2.3 From 3b2b46aaefc3c98969173debfb3ee8e59ab6e5fd Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 5 Mar 2016 22:40:57 -0500 Subject: Add Dashboard model --- app/model/dashboard.mod.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 app/model/dashboard.mod.php (limited to 'app/model') diff --git a/app/model/dashboard.mod.php b/app/model/dashboard.mod.php new file mode 100644 index 0000000..845a56a --- /dev/null +++ b/app/model/dashboard.mod.php @@ -0,0 +1,15 @@ + -- cgit v1.2.3 From 3168dceb5434ac8a6f0bd397712019597ea2dd4c Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 6 Mar 2016 14:30:01 -0500 Subject: Add function getCurrentUserGlyphicon() to Common model This helps render data for the common topp view (navbar). This function will return the glyphicon to use next to the current user's name. --- app/model/common.mod.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index d4270d8..e52230d 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -4,6 +4,19 @@ require_once "model/master.mod.php"; class CommonModel extends MasterModel { + /* + * Get the glyphicon to use for the logged in user (user or admin) + */ + function getCurrentUserGlyphicon() + { + if (!$this->getCurrentUser()) + return ""; + + if ($this->getCurrentUser()->admin == 1) + return "glyphicon glyphicon-sunglasses"; + else + return "glyphicon glyphicon-user"; + } } ?> -- cgit v1.2.3 From a543d599d211d897e1ed22dcde8794b9cf8072fd Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 10 Mar 2016 19:37:31 -0500 Subject: Add function CommonModel::saveSettingUser() This is a webform handler for the setting modal, user setting tab. --- app/model/common.mod.php | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index e52230d..a3e9258 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -1,6 +1,7 @@ field_bool("setPasswd"); + $form->field_text("curPasswd", null, false); + $form->field_text("newPasswd", null, false); + $form->field_text("confPasswd", null, false); + $form->field_text("alias", null, false); + $form->field_text("email", null, false); + $form->field_text("emailConfKey", null, false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user) + { + $this->logError("Not logged in"); + return; + } + + if ($form->setPasswd == "true") + { + if ($user->validatePassword($form->curPassword)) + { + if ($form->newPasswd == $form->confPassword) + $user->setPassword($form->newPasswd); + else + $this->logWarning("Password not changed -- Passwords did not match"); + } + + else + $this->logWarning("Password not changed -- Current password was incorrect"); + } + + $user->alias = $form->alias; + + if ($form->email != $user->email) + $user->setEmail($form->email); + + else if ($form->emailConfKey != "") + { + if (!$user->confirmEmailKey($form->emailConfKey)) + $this->logWarning("Email not confirmed -- Key was incorrect"); + } + + $user->saveObj(); + } } ?> -- cgit v1.2.3 From c93ae572abf32262137cce69f1c020e9a5b46d9f Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 10 Mar 2016 20:35:32 -0500 Subject: Add function CommonModel::common_handleFormSubmissions() This helper func to all implementing MVC controllers is used to check for submission of any web-form defined within a common MVC view file. If detected, the appropriate handler function is called. --- app/model/common.mod.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index a3e9258..9289c21 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -19,6 +19,17 @@ class CommonModel extends MasterModel return "glyphicon glyphicon-user"; } + /* + * Handle form submissions from common views + */ + function common_handleFormSubmissions($input) + { + switch ($input['action']) + { + case "common-setting-user": $this->saveSettingUser($input); break; + } + } + /* * Save changes to user account settings */ -- cgit v1.2.3 From e14bce5a9de98df6d19ea4ce7243bc7b19c7904b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 10 Mar 2016 20:41:23 -0500 Subject: Fix function CommonModel::saveSettingUser() Farious fixes for this form submission handler * missspelled variable names (*Password => *Passwd) * Added a notice message for password change success --- app/model/common.mod.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 9289c21..cbcbd4b 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -40,8 +40,8 @@ class CommonModel extends MasterModel $form->field_text("curPasswd", null, false); $form->field_text("newPasswd", null, false); $form->field_text("confPasswd", null, false); - $form->field_text("alias", null, false); - $form->field_text("email", null, false); + $form->field_text("alias", "", false); + $form->field_text("email", "", false); $form->field_text("emailConfKey", null, false); if (!$form->populate($input)) @@ -60,10 +60,13 @@ class CommonModel extends MasterModel if ($form->setPasswd == "true") { - if ($user->validatePassword($form->curPassword)) + if ($user->validatePassword($form->curPasswd)) { - if ($form->newPasswd == $form->confPassword) + if ($form->newPasswd == $form->confPasswd) + { $user->setPassword($form->newPasswd); + $this->logNotice("Password updated successfully"); + } else $this->logWarning("Password not changed -- Passwords did not match"); } -- cgit v1.2.3 From 3bd0d2779534221af0db22e5b5bc86faaa3b2957 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 11 Mar 2016 22:25:00 -0500 Subject: Populate admin setting fields on page load Added logic to set initial state of fields on the setting modal's admin tab --- app/model/common.mod.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index cbcbd4b..a0bf6ae 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -2,6 +2,7 @@ require_once "model/master.mod.php"; require_once "class/form.class.php"; +require_once "class/setting.class.php"; class CommonModel extends MasterModel { @@ -19,6 +20,26 @@ class CommonModel extends MasterModel return "glyphicon glyphicon-user"; } + /* + * Default action + */ + function common_deflt() + { + global $_SCROTT; + + /* Admin settings tab */ + if ($_SCROTT['settSSL'] != "neither") + { + $this->common_settingAdminSettSSLChecked[$_SCROTT['settSSL']] = "checked"; + $this->common_settingAdminSettSSLDisabled = "disabled"; + } + else + $this->common_settingAdminSettSSLChecked[Setting::settSSL()] = "checked"; + + if (Setting::allowPublicSignup()) + $this->common_settingAdminAllowPublicSignupChecked = "checked"; + } + /* * Handle form submissions from common views */ -- cgit v1.2.3 From cc755e3756e43109d0db0de963b3a132039456b1 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Mar 2016 15:05:12 -0500 Subject: Alter representation of form boolean values Changed how Form() objects model true and false for boolean fields. Was "true" and "false", is now "1" and "0", respectivly. This is to address how Mysql handles these values as they are pushed to the db. --- app/model/common.mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index a0bf6ae..33acb1b 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -79,7 +79,7 @@ class CommonModel extends MasterModel return; } - if ($form->setPasswd == "true") + if ($form->setPasswd) { if ($user->validatePassword($form->curPasswd)) { -- cgit v1.2.3 From 587bdef47abbf4545508cac95a0495be0d5ddaa5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Mar 2016 16:21:41 -0500 Subject: Handle submissions to setting modal, admin tab --- app/model/common.mod.php | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 33acb1b..34ac17d 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -47,7 +47,8 @@ class CommonModel extends MasterModel { switch ($input['action']) { - case "common-setting-user": $this->saveSettingUser($input); break; + case "common-setting-user": $this->saveSettingUser($input); break; + case "common-setting-admin": $this->saveSettingAdmin($input); break; } } @@ -109,6 +110,33 @@ class CommonModel extends MasterModel $user->saveObj(); } + + /* + * Save changes to admin settings + */ + function saveSettingAdmin($input) + { + $form = new Form(); + $form->field_enum("settSSL", array("force", "neither", "forbid")); + $form->field_bool("allowPublicSignup"); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user || $user->admin == 0) + { + $this->logError("Admin permissions required"); + return; + } + + Setting::settSSL($form->settSSL); + Setting::allowPublicSignup($form->allowPublicSignup); + } } ?> -- cgit v1.2.3 From 2936f0d151fb52bd2649edc37abd2e1d559d1f0f Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Mar 2016 23:38:18 -0500 Subject: Move getUserGlyphicon function from common model into user class --- app/model/common.mod.php | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 34ac17d..7f0302f 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -6,20 +6,6 @@ require_once "class/setting.class.php"; class CommonModel extends MasterModel { - /* - * Get the glyphicon to use for the logged in user (user or admin) - */ - function getCurrentUserGlyphicon() - { - if (!$this->getCurrentUser()) - return ""; - - if ($this->getCurrentUser()->admin == 1) - return "glyphicon glyphicon-sunglasses"; - else - return "glyphicon glyphicon-user"; - } - /* * Default action */ -- cgit v1.2.3 From 92e255cf02de8dc34f1221c952b3dd3bec9cc62b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 13 Mar 2016 17:59:37 -0400 Subject: Alter admin setting form handler Set a default value for field 'settSSL'. If this value is locked in the system-level configuration, then the disabled radio buttons don't assume a value during POST submission to the page and the field appears to the $form object as being unset. I use the currently set value for this option as the default. --- app/model/common.mod.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 7f0302f..8d1ea7e 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -103,7 +103,7 @@ class CommonModel extends MasterModel function saveSettingAdmin($input) { $form = new Form(); - $form->field_enum("settSSL", array("force", "neither", "forbid")); + $form->field_enum("settSSL", array("force", "neither", "forbid"), Setting::settSSL()); $form->field_bool("allowPublicSignup"); if (!$form->populate($input)) -- cgit v1.2.3 From 99ec6644fc93ee4d6bd8569148de6a03d64f69cb Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 26 Mar 2016 17:18:08 -0400 Subject: Add collapsable panel for editing each user's settings to admin setting tab Also, added relevant initialization code to common model --- app/model/common.mod.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 8d1ea7e..1398598 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -3,6 +3,7 @@ require_once "model/master.mod.php"; require_once "class/form.class.php"; require_once "class/setting.class.php"; +require_once "class/user.class.php"; class CommonModel extends MasterModel { @@ -24,6 +25,10 @@ class CommonModel extends MasterModel if (Setting::allowPublicSignup()) $this->common_settingAdminAllowPublicSignupChecked = "checked"; + + /* Admin all-users settings tab */ + $userTbl = new User(); + $this->common_settingAllUsers = $userTbl->getAllUsers_orderByAdminByName(); } /* -- cgit v1.2.3 From 4fef70c3afd276c8509efdf06d41cedb467ababe Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 26 Mar 2016 23:23:39 -0400 Subject: Add form handler for setting modal, all users, create new user pane This handler is requires admin status and allows you to create a new application user --- app/model/common.mod.php | 56 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 2 deletions(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 1398598..1d5f036 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -38,8 +38,9 @@ class CommonModel extends MasterModel { switch ($input['action']) { - case "common-setting-user": $this->saveSettingUser($input); break; - case "common-setting-admin": $this->saveSettingAdmin($input); break; + case "common-setting-user": $this->saveSettingUser($input); break; + case "common-setting-admin": $this->saveSettingAdmin($input); break; + case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; } } @@ -128,6 +129,57 @@ class CommonModel extends MasterModel Setting::settSSL($form->settSSL); Setting::allowPublicSignup($form->allowPublicSignup); } + + /* + * Allow an admin to create a new user account + */ + function saveSettingAllusersAdduser($input) + { + $form = new Form(); + $form->field_text("username"); + $form->field_text("password", null, false); + $form->field_text("cPassword", null, false); + $form->field_bool("admin"); + $form->field_text("alias", "", false); + $form->field_text("email", "", false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user || $user->admin == 0) + { + $this->logError("Admin permissions required"); + return; + } + + if ($form->password != $form->cPassword) + { + $this->logError("Passwords do not match"); + return; + } + + $user = new User(); + + if (!$user->createNewUser($form->username, $form->password)) + { + $this->logError("Username " . $form->username . " is not available"); + return; + } + + if ($form->admin) + $user->admin = 1; + + $user->alias = $form->alias; + $user->setEmail($form->email); + $user->saveObj(); + + $this->logNotice("Created new user " . $form->username); + } } ?> -- cgit v1.2.3 From e55a32c647cab450c2a6c6a3156c798dc0f70256 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 27 Mar 2016 17:28:44 -0400 Subject: Add form handler for setting modal, admin/all users tab, for edit user action --- app/model/common.mod.php | 63 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 3 deletions(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 1d5f036..b1aa0a0 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -38,9 +38,10 @@ class CommonModel extends MasterModel { switch ($input['action']) { - case "common-setting-user": $this->saveSettingUser($input); break; - case "common-setting-admin": $this->saveSettingAdmin($input); break; - case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; + case "common-setting-user": $this->saveSettingUser($input); break; + case "common-setting-admin": $this->saveSettingAdmin($input); break; + case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; + case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input); break; } } @@ -180,6 +181,62 @@ class CommonModel extends MasterModel $this->logNotice("Created new user " . $form->username); } + + /* + * Allow an admin to edit user accounts + */ + function saveSettingAllusersEdituser($input) + { + $form = new Form(); + $form->field_text("guid"); + $form->field_bool("setPasswd"); + $form->field_text("newPasswd", null, false); + $form->field_text("confPasswd", null, false); + $form->field_bool("admin"); + $form->field_text("alias", "", false); + $form->field_text("email", "", false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user || $user->admin == 0) + { + $this->logError("Admin permissions required"); + return; + } + + $user = new User($form->guid); + + if ($user->type != "user") + { + $this->logError("Invalid user GUID"); + return; + } + + if ($form->setPasswd) + { + if ($form->newPasswd == $form->confPasswd) + { + $user->setPassword($form->newPasswd); + $this->logNotice("Password for " . $user->name . " updated successfully"); + } + else + $this->logWarning("Password not changed -- Passwords did not match"); + } + + $user->admin = $form->admin; + $user->alias = $form->alias; + + if ($form->email != $user->email) + $user->setEmail($form->email); + + $user->saveObj(); + } } ?> -- cgit v1.2.3 From 423fa09e3f524c8139d18c3e8652f542bcf2cd44 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 27 Apr 2016 23:38:49 -0400 Subject: Update form handler for common/setting-modal, user tab Now supports file upload to replace the user's head image --- app/model/common.mod.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index b1aa0a0..96326dc 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -34,21 +34,21 @@ class CommonModel extends MasterModel /* * Handle form submissions from common views */ - function common_handleFormSubmissions($input) + function common_handleFormSubmissions($input, $attachment) { switch ($input['action']) { - case "common-setting-user": $this->saveSettingUser($input); break; - case "common-setting-admin": $this->saveSettingAdmin($input); break; - case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; - case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input); break; + case "common-setting-user": $this->saveSettingUser($input, $attachment); break; + case "common-setting-admin": $this->saveSettingAdmin($input); break; + case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; + case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input); break; } } /* * Save changes to user account settings */ - function saveSettingUser($input) + function saveSettingUser($input, $attachment) { $form = new Form(); $form->field_bool("setPasswd"); @@ -102,6 +102,11 @@ class CommonModel extends MasterModel } $user->saveObj(); + + if ($form->saveFile($attachment, 5242880, array("image/jpg", "image/jpeg"), "assets/img/heads/" . $user->guid)) + $this->logNotice("Image uploaded"); + else + $this->logFormErrors($form); } /* -- cgit v1.2.3 From ae7ab126733f1d2c59e327f6120a2bbe792b3476 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Apr 2016 16:04:00 -0400 Subject: Define constants for head-image upload parameters Created class-scope vars to define allowable sizes and types for uploaded user images --- app/model/common.mod.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 96326dc..a177c13 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -7,6 +7,12 @@ require_once "class/user.class.php"; class CommonModel extends MasterModel { + var $HEAD_IMG_MAX_SIZE = 1048576; // 1MB + var $HEAD_IMG_MIME = array( + "image/jpg", + "image/jpeg" + ); + /* * Default action */ @@ -103,7 +109,7 @@ class CommonModel extends MasterModel $user->saveObj(); - if ($form->saveFile($attachment, 5242880, array("image/jpg", "image/jpeg"), "assets/img/heads/" . $user->guid)) + if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid)) $this->logNotice("Image uploaded"); else $this->logFormErrors($form); -- cgit v1.2.3 From be1a82affdaa1e87015a0a49979e9230cdc61b4d Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Apr 2016 16:18:24 -0400 Subject: Update form handler for common/setting-modal, all users tab Now supports file upload to replace the user's head image --- app/model/common.mod.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index a177c13..080c78e 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -44,10 +44,10 @@ class CommonModel extends MasterModel { switch ($input['action']) { - case "common-setting-user": $this->saveSettingUser($input, $attachment); break; - case "common-setting-admin": $this->saveSettingAdmin($input); break; - case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; - case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input); break; + case "common-setting-user": $this->saveSettingUser($input, $attachment); break; + case "common-setting-admin": $this->saveSettingAdmin($input); break; + case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; + case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break; } } @@ -196,7 +196,7 @@ class CommonModel extends MasterModel /* * Allow an admin to edit user accounts */ - function saveSettingAllusersEdituser($input) + function saveSettingAllusersEdituser($input, $attachment) { $form = new Form(); $form->field_text("guid"); @@ -247,6 +247,11 @@ class CommonModel extends MasterModel $user->setEmail($form->email); $user->saveObj(); + + if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid)) + $this->logNotice("Image uploaded"); + else + $this->logFormErrors($form); } } -- cgit v1.2.3 From e9189928e1108d0c1330eb47cc5de20d67f5de51 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Apr 2016 22:34:01 -0400 Subject: Update setting modal to allow user to remove their own head image --- app/model/common.mod.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 080c78e..32bdb44 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -79,6 +79,16 @@ class CommonModel extends MasterModel return; } + if (isset($input['rmImage'])) + { + if ($user->rmHeadImage()) + $this->logNotice("Image removed"); + else + $this->logError("Error removing user image"); + + return; + } + if ($form->setPasswd) { if ($user->validatePassword($form->curPasswd)) -- cgit v1.2.3 From 190a7d81155bc08fd9533f53f1f2154e2cca2c7a Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 1 May 2016 00:45:37 -0400 Subject: Update setting modal to allow admins to remove other users' head images --- app/model/common.mod.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 32bdb44..7630dfa 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -239,6 +239,16 @@ class CommonModel extends MasterModel return; } + if (isset($input['rmImage'])) + { + if ($user->rmHeadImage()) + $this->logNotice("Image removed"); + else + $this->logError("Error removing user image"); + + return; + } + if ($form->setPasswd) { if ($form->newPasswd == $form->confPasswd) -- cgit v1.2.3 From 32e4e9606fb2ac95b236913fcc0a98a7ee23bccd Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 21 May 2016 21:44:53 -0400 Subject: Add MVC Deleteacct This will prompt the user for their password if they opt to delete their own account. This is to prevent malicious attempt by others to trick users into having there accounts deleted by way of a XSS attack. --- app/model/deleteacct.mod.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 app/model/deleteacct.mod.php (limited to 'app/model') diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php new file mode 100644 index 0000000..ca01a0d --- /dev/null +++ b/app/model/deleteacct.mod.php @@ -0,0 +1,15 @@ + -- cgit v1.2.3 From f8f8cd372ca2bb6498d96318c159405db13a9fab Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 22 May 2016 00:24:57 -0400 Subject: Add class constructor to Common model There are two functions that need called in the common model whenever a page is rendered. Rather than requiring all of the base MVC controllers to call them, I am placing them in a constructor for this model class. This constructor should fire automatically (since base mvc models inherit this class), unless base classes define their own constructors. I don't antisipate this happening, however in that case, they would just need to call parent::__construct(). --- app/model/common.mod.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 7630dfa..03ed54f 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -13,6 +13,16 @@ class CommonModel extends MasterModel "image/jpeg" ); + /* + * Constructor + */ + function __construct() + { + parent::__construct(); + $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']); + $this->common_deflt(); + } + /* * Default action */ -- cgit v1.2.3 From c2137095e8b176affa3e97af579a70d394eeb7c1 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 22 May 2016 03:02:33 -0400 Subject: Add action 'delete' to Deleteacct MVC This action will validate the user's password, and make sure you're not removing the last admin, then proceed to delete the current user's account from the database and log them out, for good. --- app/model/deleteacct.mod.php | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'app/model') diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php index ca01a0d..89aca14 100644 --- a/app/model/deleteacct.mod.php +++ b/app/model/deleteacct.mod.php @@ -1,6 +1,8 @@ field_text("password", null, false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user->validatePassword($form->password)) + { + $this->logError("Account not deleted - Password was incorrect"); + return; + } + + if ($user->admin && $user->getNumAdmins() == 1) + { + $this->logError("Account not deleted - Cannot remove the last admin account"); + return; + } + + $user->delObj(); + $this->redirectTo($this->ar() . "/"); + } } ?> -- cgit v1.2.3 From 2d1e4242a87b54578e24546dabe1525a014da24e Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 22 May 2016 16:34:39 -0400 Subject: Add form submission handler for user removal Added handler for the button added in the previous commit. --- app/model/common.mod.php | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 03ed54f..5e6373c 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -58,6 +58,7 @@ class CommonModel extends MasterModel case "common-setting-admin": $this->saveSettingAdmin($input); break; case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break; + case "common-setting-allusers-deluser": $this->saveSettingAllusersDeluser($input); break; } } @@ -283,6 +284,51 @@ class CommonModel extends MasterModel else $this->logFormErrors($form); } + + /* + * Allow admin to remove user accounts + */ + function saveSettingAllusersDeluser($input) + { + $form = new Form(); + $form->field_text("guid"); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user || $user->admin == 0) + { + $this->logError("Admin permissions required"); + return; + } + + $user = new User($form->guid); + + if ($user->type != "user") + { + $this->logError("Invalid user GUID"); + return; + } + + if ($user->admin && $user->getNumAdmins() == 1) + { + $this->logError("Account not deleted - Cannot remove the last admin account"); + return; + } + + $user->delObj(); + + if (!$this->getCurrentUser()) + { + /* did user delete their own account? */ + $this->redirectTo($this->ar() . "/"); + } + } } ?> -- cgit v1.2.3 From 3960b9d244980ccae804525e0a5d7c55cfe75158 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 27 May 2016 00:08:20 -0400 Subject: Add copyright notice to Scrott model files --- app/model/auth.mod.php | 14 ++++++++++++++ app/model/common.mod.php | 14 ++++++++++++++ app/model/dashboard.mod.php | 14 ++++++++++++++ app/model/deauth.mod.php | 14 ++++++++++++++ app/model/deleteacct.mod.php | 14 ++++++++++++++ app/model/except.mod.php | 14 ++++++++++++++ app/model/master.mod.php | 14 ++++++++++++++ app/model/sysconf.mod.php | 14 ++++++++++++++ 8 files changed, 112 insertions(+) (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 23b8288..000db95 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -1,5 +1,19 @@ Date: Wed, 1 Jun 2016 22:08:17 -0400 Subject: Implement add group form handler Added handler function to common model to create new use groups from the modal view. --- app/model/common.mod.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 3d8c200..07b86df 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -18,6 +18,7 @@ require_once "model/master.mod.php"; require_once "class/form.class.php"; require_once "class/setting.class.php"; require_once "class/user.class.php"; +require_once "class/group.class.php"; class CommonModel extends MasterModel { @@ -68,6 +69,7 @@ class CommonModel extends MasterModel { switch ($input['action']) { + case "common-group-add": $this->addNewGroup($input); break; case "common-setting-user": $this->saveSettingUser($input, $attachment); break; case "common-setting-admin": $this->saveSettingAdmin($input); break; case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; @@ -76,6 +78,24 @@ class CommonModel extends MasterModel } } + /* + * Create a new user group + */ + function addNewGroup($input) + { + $form = new Form(); + $form->field_text("name"); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $group = new Group(); + $group->createNewGroup($form->name, $this->getCurrentUser()); + } + /* * Save changes to user account settings */ -- cgit v1.2.3 From 1b24ddb6b12bd85d15beed45476d72678b758128 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 20:21:12 -0400 Subject: Add new MVC, 'Obj' This MVC will be used to browse scrott datastructures. --- app/model/obj.mod.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 app/model/obj.mod.php (limited to 'app/model') diff --git a/app/model/obj.mod.php b/app/model/obj.mod.php new file mode 100644 index 0000000..bccef93 --- /dev/null +++ b/app/model/obj.mod.php @@ -0,0 +1,23 @@ + -- cgit v1.2.3 From d8f7264898d59a261c0e65e525502143259415ad Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 21:29:32 -0400 Subject: Create blank view for groups Finish initializing the Obj MVC by writing an empty view/action for groups. --- app/model/obj.mod.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/model') diff --git a/app/model/obj.mod.php b/app/model/obj.mod.php index bccef93..07be4b4 100644 --- a/app/model/obj.mod.php +++ b/app/model/obj.mod.php @@ -15,9 +15,17 @@ */ require_once "model/common.mod.php"; +require_once "class/group.class.php"; class ObjModel extends CommonModel { + /* + * Initialize a group view + */ + function initGroup($guid) + { + $this->group = new Group($guid); + } } ?> -- cgit v1.2.3 From 6c9c352c91814775c6b56c43dd4837a8f3718e86 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 8 Jun 2016 23:50:42 -0400 Subject: Start design for group view --- app/model/obj.mod.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/model') diff --git a/app/model/obj.mod.php b/app/model/obj.mod.php index 07be4b4..f412e3c 100644 --- a/app/model/obj.mod.php +++ b/app/model/obj.mod.php @@ -25,6 +25,8 @@ class ObjModel extends CommonModel function initGroup($guid) { $this->group = new Group($guid); + $this->owner = $this->group->getOwner(); + $this->members = $this->group->getMembers(); } } -- cgit v1.2.3 From 112a510bb7ba358fd4195b5b2f3c8203ab4fb91d Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 11 Jun 2016 00:51:46 -0400 Subject: Rename variable In the Obj MVC, rename group in the model to obj. This will help with referencing the active object from template views without knowing what type of object it is. --- app/model/obj.mod.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'app/model') diff --git a/app/model/obj.mod.php b/app/model/obj.mod.php index f412e3c..426e1ac 100644 --- a/app/model/obj.mod.php +++ b/app/model/obj.mod.php @@ -24,9 +24,9 @@ class ObjModel extends CommonModel */ function initGroup($guid) { - $this->group = new Group($guid); - $this->owner = $this->group->getOwner(); - $this->members = $this->group->getMembers(); + $this->obj = new Group($guid); + $this->owner = $this->obj->getOwner(); + $this->members = $this->obj->getMembers(); } } -- cgit v1.2.3 From f8126b70cf8e4c9a744a99a3eb41de158a26a517 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 12 Jun 2016 19:11:04 -0400 Subject: Add functions to Common model for assigning CSS to setting tabs The setting modal window will need to support showing unknown tabs at the beginning of the tab list. These functions handle assigning specific CSS classes to tab-panes ONLY if that tab will appear in the left-most position in the modal's tab list. --- app/model/common.mod.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 07b86df..e478e9d 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -34,6 +34,8 @@ class CommonModel extends MasterModel function __construct() { parent::__construct(); + $this->first_setting_tab_active = 0; + $this->first_setting_tab_disp = 0; $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']); $this->common_deflt(); } @@ -363,6 +365,34 @@ class CommonModel extends MasterModel $this->redirectTo($this->ar() . "/"); } } + + /* + * Set CSS class for the first tab title in the setting modal only + */ + function getSettingModalTabActiveClass() + { + if (!$this->first_setting_tab_active) + { + $this->first_setting_tab_active = 1; + return "active"; + } + + return ""; + } + + /* + * Set CSS classes for the first tab in the setting modal only + */ + function getSettingModalTabDispClasses() + { + if (!$this->first_setting_tab_disp) + { + $this->first_setting_tab_disp = 1; + return "in active"; + } + + return ""; + } } ?> -- cgit v1.2.3 From 2adba6a387ac93f750cb795bb39a36077aa7b0de Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 12 Jun 2016 20:27:57 -0400 Subject: Move initialization logic from Obj model into Common model Some logic to initialize the current system object, its owner, and members has been moved into the Common model since this code will be relevant to other views and to support a new feature being added to display additional tabs in the setting modal box. --- app/model/common.mod.php | 11 ++++++++++- app/model/obj.mod.php | 9 +++------ 2 files changed, 13 insertions(+), 7 deletions(-) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index e478e9d..232f0c2 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -17,6 +17,7 @@ require_once "model/master.mod.php"; require_once "class/form.class.php"; require_once "class/setting.class.php"; +require_once "class/object.class.php"; require_once "class/user.class.php"; require_once "class/group.class.php"; @@ -31,12 +32,20 @@ class CommonModel extends MasterModel /* * Constructor */ - function __construct() + function __construct($guid = null) { parent::__construct(); $this->first_setting_tab_active = 0; $this->first_setting_tab_disp = 0; $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']); + + if (!is_null($guid)) + { + $this->obj = new DBObject($guid); + $this->owner = $this->obj->getOwner(); + $this->members = $this->obj->getMembers(); + } + $this->common_deflt(); } diff --git a/app/model/obj.mod.php b/app/model/obj.mod.php index 426e1ac..159c962 100644 --- a/app/model/obj.mod.php +++ b/app/model/obj.mod.php @@ -15,18 +15,15 @@ */ require_once "model/common.mod.php"; -require_once "class/group.class.php"; class ObjModel extends CommonModel { /* - * Initialize a group view + * Constructor */ - function initGroup($guid) + function __construct($guid) { - $this->obj = new Group($guid); - $this->owner = $this->obj->getOwner(); - $this->members = $this->obj->getMembers(); + parent::__construct($guid); } } -- cgit v1.2.3 From 076a86c663870be3c4cf6da8059f0f978a7eb3ce Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 12 Jun 2016 21:33:50 -0400 Subject: Add group tab to setting modal Created empty
for the group setting tab. Also added code to the common model for initializing the $mod->group variable and setting a flag marking what tabs to include in the setting modal (group tab in this case). Added logic to the main setting modal view file for picking up these flags and including appropriate additional content. --- app/model/common.mod.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 232f0c2..459c53a 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -71,6 +71,16 @@ class CommonModel extends MasterModel /* Admin all-users settings tab */ $userTbl = new User(); $this->common_settingAllUsers = $userTbl->getAllUsers_orderByAdminByName(); + + /* Setting modal - what tabs to display? */ + if (isset($this->obj)) + { + if ($this->obj->type == "group") + { + $this->group = new Group($this->obj->guid); + $this->common_settingShowTab['group'] = true; + } + } } /* -- cgit v1.2.3 From 63ca3ee23edd66cae4a2cc621cfc1352ea958a27 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 18 Sep 2016 02:56:31 -0400 Subject: Add form submission handler for group settings tab --- app/model/common.mod.php | 80 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) (limited to 'app/model') diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 459c53a..6cba871 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -91,6 +91,7 @@ class CommonModel extends MasterModel switch ($input['action']) { case "common-group-add": $this->addNewGroup($input); break; + case "common-setting-group": $this->saveSettingGroup($input, $attachment); break; case "common-setting-user": $this->saveSettingUser($input, $attachment); break; case "common-setting-admin": $this->saveSettingAdmin($input); break; case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; @@ -117,6 +118,85 @@ class CommonModel extends MasterModel $group->createNewGroup($form->name, $this->getCurrentUser()); } + /* + * Save changes to user group settings + */ + function saveSettingGroup($input, $attachment) + { + $form = new Form(); + $form->field_text("guid"); + $form->field_text("name"); + $form->field_bool("perm0"); + $form->field_bool("perm1"); + $form->field_bool("perm2"); + $form->field_bool("perm3"); + $form->field_bool("perm4"); + $form->field_bool("perm5"); + $form->field_bool("perm6"); + $form->field_bool("perm7"); + $form->field_bool("perm8"); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + $group = new Group($form->guid); + + if (!$user || $group->type != "group" || !$group->canModify($user)) + { + $this->logError("You do not have permission to modify this group"); + return; + } + + if (isset($input['rmImage'])) + { + if ($group->rmHeadImage()) + $this->logNotice("Image removed"); + else + $this->logError("Error removing group image"); + + return; + } + + $group->name = $form->name; + + if ($group->canModifyPermissions($user)) + { + $perms = 0; + + if ($form->perm0) + $perms |= 0x100; + if ($form->perm1) + $perms |= 0x080; + if ($form->perm2) + $perms |= 0x040; + if ($form->perm3) + $perms |= 0x020; + if ($form->perm4) + $perms |= 0x010; + if ($form->perm5) + $perms |= 0x008; + if ($form->perm6) + $perms |= 0x004; + if ($form->perm7) + $perms |= 0x002; + if ($form->perm8) + $perms |= 0x001; + + $group->perms = $perms; + } + + $group->saveObj(); + + if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $group->guid)) + $this->logNotice("Image uploaded"); + else + $this->logFormErrors($form); + } + /* * Save changes to user account settings */ -- cgit v1.2.3 From ed99654d2e139a847a63e9295bf976d17462ee34 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 22 Oct 2016 00:29:30 -0400 Subject: Deprecate application code Setup to perform an iteration of development focused on a simpler implementation and eliminating redundancy in design. --- app/model/auth.mod.php | 115 ---------- app/model/common.mod.php | 497 ------------------------------------------- app/model/dashboard.mod.php | 29 --- app/model/deauth.mod.php | 31 --- app/model/deleteacct.mod.php | 63 ------ app/model/except.mod.php | 30 --- app/model/master.mod.php | 56 ----- app/model/obj.mod.php | 30 --- app/model/sysconf.mod.php | 93 -------- 9 files changed, 944 deletions(-) delete mode 100644 app/model/auth.mod.php delete mode 100644 app/model/common.mod.php delete mode 100644 app/model/dashboard.mod.php delete mode 100644 app/model/deauth.mod.php delete mode 100644 app/model/deleteacct.mod.php delete mode 100644 app/model/except.mod.php delete mode 100644 app/model/master.mod.php delete mode 100644 app/model/obj.mod.php delete mode 100644 app/model/sysconf.mod.php (limited to 'app/model') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php deleted file mode 100644 index 000db95..0000000 --- a/app/model/auth.mod.php +++ /dev/null @@ -1,115 +0,0 @@ -getAllUsers_orderByName()) == 0) - { - $this->noaccounts = true; - $this->activeTab['signup'] = "in active"; - $this->tabSwap = false; - } - - else - { - $this->activeTab['login'] = "in active"; - $this->tabSwap = Setting::allowPublicSignup(); - } - } - - /* - * Attempt to register a new account - */ - function signup($input) - { - $userTbl = new User(); - - if (!Setting::allowPublicSignup() && count($userTbl->getAllUsers_orderByName()) > 0) - { - $this->logError("You may not signup at this time"); - return; - } - - $form = new Form(); - $form->field_text("username"); - $form->field_text("password", null, false); - $form->field_text("cPassword", null, false); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - if ($form->password != $form->cPassword) - { - $this->logError("Passwords do not match"); - return; - } - - $user = new User(); - - if (!$user->createNewUser($form->username, $form->password)) - { - $this->logError("Your requested username is already in use"); - return; - } - - $this->setCurrentUser($user); - $this->redirectTo($this->ap() . "/"); - } - - /* - * Attempt to login - */ - function login($input) - { - $form = new Form(); - $form->field_text("username"); - $form->field_text("password", null, false); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = new User(); - - if (!($user->initByUsername($form->username) && $user->validatePassword($form->password))) - { - $this->logError("Username or password is incorrect"); - return; - } - - $this->setCurrentUser($user); - $this->redirectTo($this->ap() . "/"); - } -} - -?> diff --git a/app/model/common.mod.php b/app/model/common.mod.php deleted file mode 100644 index 6cba871..0000000 --- a/app/model/common.mod.php +++ /dev/null @@ -1,497 +0,0 @@ -first_setting_tab_active = 0; - $this->first_setting_tab_disp = 0; - $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']); - - if (!is_null($guid)) - { - $this->obj = new DBObject($guid); - $this->owner = $this->obj->getOwner(); - $this->members = $this->obj->getMembers(); - } - - $this->common_deflt(); - } - - /* - * Default action - */ - function common_deflt() - { - global $_SCROTT; - - /* Admin settings tab */ - if ($_SCROTT['settSSL'] != "neither") - { - $this->common_settingAdminSettSSLChecked[$_SCROTT['settSSL']] = "checked"; - $this->common_settingAdminSettSSLDisabled = "disabled"; - } - else - $this->common_settingAdminSettSSLChecked[Setting::settSSL()] = "checked"; - - if (Setting::allowPublicSignup()) - $this->common_settingAdminAllowPublicSignupChecked = "checked"; - - /* Admin all-users settings tab */ - $userTbl = new User(); - $this->common_settingAllUsers = $userTbl->getAllUsers_orderByAdminByName(); - - /* Setting modal - what tabs to display? */ - if (isset($this->obj)) - { - if ($this->obj->type == "group") - { - $this->group = new Group($this->obj->guid); - $this->common_settingShowTab['group'] = true; - } - } - } - - /* - * Handle form submissions from common views - */ - function common_handleFormSubmissions($input, $attachment) - { - switch ($input['action']) - { - case "common-group-add": $this->addNewGroup($input); break; - case "common-setting-group": $this->saveSettingGroup($input, $attachment); break; - case "common-setting-user": $this->saveSettingUser($input, $attachment); break; - case "common-setting-admin": $this->saveSettingAdmin($input); break; - case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; - case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break; - case "common-setting-allusers-deluser": $this->saveSettingAllusersDeluser($input); break; - } - } - - /* - * Create a new user group - */ - function addNewGroup($input) - { - $form = new Form(); - $form->field_text("name"); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $group = new Group(); - $group->createNewGroup($form->name, $this->getCurrentUser()); - } - - /* - * Save changes to user group settings - */ - function saveSettingGroup($input, $attachment) - { - $form = new Form(); - $form->field_text("guid"); - $form->field_text("name"); - $form->field_bool("perm0"); - $form->field_bool("perm1"); - $form->field_bool("perm2"); - $form->field_bool("perm3"); - $form->field_bool("perm4"); - $form->field_bool("perm5"); - $form->field_bool("perm6"); - $form->field_bool("perm7"); - $form->field_bool("perm8"); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = $this->getCurrentUser(); - $group = new Group($form->guid); - - if (!$user || $group->type != "group" || !$group->canModify($user)) - { - $this->logError("You do not have permission to modify this group"); - return; - } - - if (isset($input['rmImage'])) - { - if ($group->rmHeadImage()) - $this->logNotice("Image removed"); - else - $this->logError("Error removing group image"); - - return; - } - - $group->name = $form->name; - - if ($group->canModifyPermissions($user)) - { - $perms = 0; - - if ($form->perm0) - $perms |= 0x100; - if ($form->perm1) - $perms |= 0x080; - if ($form->perm2) - $perms |= 0x040; - if ($form->perm3) - $perms |= 0x020; - if ($form->perm4) - $perms |= 0x010; - if ($form->perm5) - $perms |= 0x008; - if ($form->perm6) - $perms |= 0x004; - if ($form->perm7) - $perms |= 0x002; - if ($form->perm8) - $perms |= 0x001; - - $group->perms = $perms; - } - - $group->saveObj(); - - if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $group->guid)) - $this->logNotice("Image uploaded"); - else - $this->logFormErrors($form); - } - - /* - * Save changes to user account settings - */ - function saveSettingUser($input, $attachment) - { - $form = new Form(); - $form->field_bool("setPasswd"); - $form->field_text("curPasswd", null, false); - $form->field_text("newPasswd", null, false); - $form->field_text("confPasswd", null, false); - $form->field_text("alias", "", false); - $form->field_text("email", "", false); - $form->field_text("emailConfKey", null, false); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = $this->getCurrentUser(); - - if (!$user) - { - $this->logError("Not logged in"); - return; - } - - if (isset($input['rmImage'])) - { - if ($user->rmHeadImage()) - $this->logNotice("Image removed"); - else - $this->logError("Error removing user image"); - - return; - } - - if ($form->setPasswd) - { - if ($user->validatePassword($form->curPasswd)) - { - if ($form->newPasswd == $form->confPasswd) - { - $user->setPassword($form->newPasswd); - $this->logNotice("Password updated successfully"); - } - else - $this->logWarning("Password not changed -- Passwords did not match"); - } - - else - $this->logWarning("Password not changed -- Current password was incorrect"); - } - - $user->alias = $form->alias; - - if ($form->email != $user->email) - $user->setEmail($form->email); - - else if ($form->emailConfKey != "") - { - if (!$user->confirmEmailKey($form->emailConfKey)) - $this->logWarning("Email not confirmed -- Key was incorrect"); - } - - $user->saveObj(); - - if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid)) - $this->logNotice("Image uploaded"); - else - $this->logFormErrors($form); - } - - /* - * Save changes to admin settings - */ - function saveSettingAdmin($input) - { - $form = new Form(); - $form->field_enum("settSSL", array("force", "neither", "forbid"), Setting::settSSL()); - $form->field_bool("allowPublicSignup"); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = $this->getCurrentUser(); - - if (!$user || $user->admin == 0) - { - $this->logError("Admin permissions required"); - return; - } - - Setting::settSSL($form->settSSL); - Setting::allowPublicSignup($form->allowPublicSignup); - } - - /* - * Allow an admin to create a new user account - */ - function saveSettingAllusersAdduser($input) - { - $form = new Form(); - $form->field_text("username"); - $form->field_text("password", null, false); - $form->field_text("cPassword", null, false); - $form->field_bool("admin"); - $form->field_text("alias", "", false); - $form->field_text("email", "", false); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = $this->getCurrentUser(); - - if (!$user || $user->admin == 0) - { - $this->logError("Admin permissions required"); - return; - } - - if ($form->password != $form->cPassword) - { - $this->logError("Passwords do not match"); - return; - } - - $user = new User(); - - if (!$user->createNewUser($form->username, $form->password)) - { - $this->logError("Username " . $form->username . " is not available"); - return; - } - - if ($form->admin) - $user->admin = 1; - - $user->alias = $form->alias; - $user->setEmail($form->email); - $user->saveObj(); - - $this->logNotice("Created new user " . $form->username); - } - - /* - * Allow an admin to edit user accounts - */ - function saveSettingAllusersEdituser($input, $attachment) - { - $form = new Form(); - $form->field_text("guid"); - $form->field_bool("setPasswd"); - $form->field_text("newPasswd", null, false); - $form->field_text("confPasswd", null, false); - $form->field_bool("admin"); - $form->field_text("alias", "", false); - $form->field_text("email", "", false); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = $this->getCurrentUser(); - - if (!$user || $user->admin == 0) - { - $this->logError("Admin permissions required"); - return; - } - - $user = new User($form->guid); - - if ($user->type != "user") - { - $this->logError("Invalid user GUID"); - return; - } - - if (isset($input['rmImage'])) - { - if ($user->rmHeadImage()) - $this->logNotice("Image removed"); - else - $this->logError("Error removing user image"); - - return; - } - - if ($form->setPasswd) - { - if ($form->newPasswd == $form->confPasswd) - { - $user->setPassword($form->newPasswd); - $this->logNotice("Password for " . $user->name . " updated successfully"); - } - else - $this->logWarning("Password not changed -- Passwords did not match"); - } - - $user->admin = $form->admin; - $user->alias = $form->alias; - - if ($form->email != $user->email) - $user->setEmail($form->email); - - $user->saveObj(); - - if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid)) - $this->logNotice("Image uploaded"); - else - $this->logFormErrors($form); - } - - /* - * Allow admin to remove user accounts - */ - function saveSettingAllusersDeluser($input) - { - $form = new Form(); - $form->field_text("guid"); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = $this->getCurrentUser(); - - if (!$user || $user->admin == 0) - { - $this->logError("Admin permissions required"); - return; - } - - $user = new User($form->guid); - - if ($user->type != "user") - { - $this->logError("Invalid user GUID"); - return; - } - - if ($user->admin && $user->getNumAdmins() == 1) - { - $this->logError("Account not deleted - Cannot remove the last admin account"); - return; - } - - $user->delObj(); - - if (!$this->getCurrentUser()) - { - /* did user delete their own account? */ - $this->redirectTo($this->ar() . "/"); - } - } - - /* - * Set CSS class for the first tab title in the setting modal only - */ - function getSettingModalTabActiveClass() - { - if (!$this->first_setting_tab_active) - { - $this->first_setting_tab_active = 1; - return "active"; - } - - return ""; - } - - /* - * Set CSS classes for the first tab in the setting modal only - */ - function getSettingModalTabDispClasses() - { - if (!$this->first_setting_tab_disp) - { - $this->first_setting_tab_disp = 1; - return "in active"; - } - - return ""; - } -} - -?> diff --git a/app/model/dashboard.mod.php b/app/model/dashboard.mod.php deleted file mode 100644 index 00fb759..0000000 --- a/app/model/dashboard.mod.php +++ /dev/null @@ -1,29 +0,0 @@ - diff --git a/app/model/deauth.mod.php b/app/model/deauth.mod.php deleted file mode 100644 index 8991606..0000000 --- a/app/model/deauth.mod.php +++ /dev/null @@ -1,31 +0,0 @@ -setCurrentUser(); - $this->redirectTo($this->ar() . "/"); - } -} - -?> diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php deleted file mode 100644 index 0178c95..0000000 --- a/app/model/deleteacct.mod.php +++ /dev/null @@ -1,63 +0,0 @@ -field_text("password", null, false); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - $user = $this->getCurrentUser(); - - if (!$user->validatePassword($form->password)) - { - $this->logError("Account not deleted - Password was incorrect"); - return; - } - - if ($user->admin && $user->getNumAdmins() == 1) - { - $this->logError("Account not deleted - Cannot remove the last admin account"); - return; - } - - $user->delObj(); - $this->redirectTo($this->ar() . "/"); - } -} - -?> diff --git a/app/model/except.mod.php b/app/model/except.mod.php deleted file mode 100644 index fb81315..0000000 --- a/app/model/except.mod.php +++ /dev/null @@ -1,30 +0,0 @@ -message = $message; - } -} - -?> diff --git a/app/model/master.mod.php b/app/model/master.mod.php deleted file mode 100644 index 5aaafa8..0000000 --- a/app/model/master.mod.php +++ /dev/null @@ -1,56 +0,0 @@ -isError()) - return "alert-danger"; - - if ($this->isWarning()) - return "alert-warning"; - - if ($this->isNotice()) - return "alert-info"; - - return ""; - } - - /* - * Get the appropriate glyphicon to use when showing the notice modal - */ - function getNoticeModalGlyphicon() - { - if ($this->isError()) - return "glyphicon glyphicon-remove-sign"; - - if ($this->isWarning()) - return "glyphicon glyphicon-exclamation-sign"; - - if ($this->isNotice()) - return "glyphicon glyphicon-info-sign"; - - return ""; - } -} - -?> diff --git a/app/model/obj.mod.php b/app/model/obj.mod.php deleted file mode 100644 index 159c962..0000000 --- a/app/model/obj.mod.php +++ /dev/null @@ -1,30 +0,0 @@ - diff --git a/app/model/sysconf.mod.php b/app/model/sysconf.mod.php deleted file mode 100644 index cfbed42..0000000 --- a/app/model/sysconf.mod.php +++ /dev/null @@ -1,93 +0,0 @@ -field_text("dbAddress"); - $form->field_text("dbName"); - $form->field_text("dbUser"); - $form->field_text("dbPass", null, false); - $form->field_enum("settSSL", array("force", "neither", "forbid")); - - if (!$form->populate($input)) - { - $this->logFormErrors($form); - return; - } - - /* test database connection (set global vars and try to get a db object) */ - $_SCROTT['conf'] = 'conf'; - $_SCROTT['dbEngine'] = 'mysql'; - $_SCROTT['dbAddress'] = $form->dbAddress; - $_SCROTT['dbName'] = $form->dbName; - $_SCROTT['dbUser'] = $form->dbUser; - $_SCROTT['dbPass'] = $form->dbPass; - - try - { - $db = $this->getDbConnection(); - } - catch (Exception $e) - { - $this->logError($e->getMessage()); - return; - } - - /* write file */ - $f = fopen($this->CONF_FILE, "w"); - - if (!$f) - { - $this->logError("Can not create configuration file"); - return; - } - - fwrite($f, "dbAddress . "';\n"); - fwrite($f, "\$_SCROTT['dbName'] = '" . $form->dbName . "';\n"); - fwrite($f, "\$_SCROTT['dbUser'] = '" . $form->dbUser . "';\n"); - fwrite($f, "\$_SCROTT['dbPass'] = '" . $form->dbPass . "';\n"); - fwrite($f, "\$_SCROTT['settSSL'] = '" . $form->settSSL . "';\n"); - fwrite($f, "?>\n"); - - fclose($f); - $this->redirectTo($this->ar() . "/"); - } -} - -?> -- cgit v1.2.3 From 479aca0db88f0b1af52f399f19a0a8267bd10744 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 27 Jun 2017 01:49:35 -0400 Subject: Add dbconfig model code --- app/model/dbconfig.php | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 app/model/dbconfig.php (limited to 'app/model') diff --git a/app/model/dbconfig.php b/app/model/dbconfig.php new file mode 100644 index 0000000..822fd88 --- /dev/null +++ b/app/model/dbconfig.php @@ -0,0 +1,44 @@ +text("dbHost"); + $form->text("dbUname"); + $form->text("dbPasswd", false); + $form->text("dbName"); + + if (!$form->populate(input())) + return; + + $stat = database::setConfig("mysql", $form->dbHost, $form->dbUname, + $form->dbPasswd, $form->dbName); + + if (!$stat) + return; + + location("/"); +} + +?> -- cgit v1.2.3 From 75dd0e67ca684f779b712b313f188d23f903609f Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 6 Jul 2017 23:45:09 -0400 Subject: Remove unused global declaration --- app/model/dbconfig.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'app/model') diff --git a/app/model/dbconfig.php b/app/model/dbconfig.php index 822fd88..c66b052 100644 --- a/app/model/dbconfig.php +++ b/app/model/dbconfig.php @@ -21,8 +21,6 @@ require_once "class/form.class.php"; */ if (isAction("save")) { - global $_SCROTT; - $form = new form(); $form->text("dbHost"); $form->text("dbUname"); -- cgit v1.2.3 From 3561ed3caec4754758a0b90e631dfed746b0c4fb Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 9 Feb 2018 00:56:45 -0500 Subject: Add login model --- app/model/login.php | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 app/model/login.php (limited to 'app/model') diff --git a/app/model/login.php b/app/model/login.php new file mode 100644 index 0000000..af4a5b3 --- /dev/null +++ b/app/model/login.php @@ -0,0 +1,92 @@ +text("uname"); + $form->text("passwd", false); + + if (!$form->populate(input())) + goto prep; + + if (!(($user = user::getByUname($form->uname)) && + $user->validatePasswd($form->passwd))) + { + logError(ERROR, "Username or password is incorrect"); + goto prep; + } + + user::setCurrent($user); + location("/"); +} + +/* + * Action: signup - Attempt to register a new account + */ +if (isAction("signup")) +{ + if (!settings::allowPublicSignup() && + count(user::getAll_ordByUname()) > 0) + { + logError(ERROR, "You may not signup at this time"); + goto prep; + } + + $form = new form(); + $form->text("uname"); + $form->text("passwd", false); + $form->text("cpasswd", false); + + if (!$form->populate(input())) + goto prep; + + if ($form->passwd != $form->cpasswd) + { + logError(ERROR, "Passwords do not match"); + goto prep; + } + + if (!($user = user::initNew($form->uname, $form->passwd))) + { + logError(ERROR, "Your requested username is already in use"); + goto prep; + } + + user::setCurrent($user); + location("/"); +} + +prep: + + if (count(user::getAll_ordByUname()) == 0) + { + $noaccounts = true; + $activeTab['signup'] = "in active"; + $tabSwap = false; + } + else + { + $activeTab['login'] = "in active"; + $tabSwap = settings::allowPublicSignup(); + } + +?> -- cgit v1.2.3 From 7349f221c65b4f52c58efff444399b7d0cf368f6 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 20 Jul 2018 04:37:05 -0400 Subject: Add the notice modal --- app/model/noticemodal.php | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 app/model/noticemodal.php (limited to 'app/model') diff --git a/app/model/noticemodal.php b/app/model/noticemodal.php new file mode 100644 index 0000000..c1e99c3 --- /dev/null +++ b/app/model/noticemodal.php @@ -0,0 +1,40 @@ + -- cgit v1.2.3 From 70bcac2648a51989e1184d9eeead766def999f8b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 21 Jul 2018 21:43:20 -0400 Subject: Add new group modal view/model code --- app/model/datamods.php | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 app/model/datamods.php (limited to 'app/model') diff --git a/app/model/datamods.php b/app/model/datamods.php new file mode 100644 index 0000000..01311a8 --- /dev/null +++ b/app/model/datamods.php @@ -0,0 +1,32 @@ +text("name"); + + if (!$form->populate(input())) + return; + + $group = group::initNew($form->name, user::getCurrent()); +} + +?> -- cgit v1.2.3 From d75ede4175eac843994a93a913d445c029a44631 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 22 Jul 2018 03:51:30 -0400 Subject: Fix bug with login handler Now reloading current path after successful login, instead of redirecting to app-root. --- app/model/login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/model') diff --git a/app/model/login.php b/app/model/login.php index af4a5b3..6358e12 100644 --- a/app/model/login.php +++ b/app/model/login.php @@ -36,7 +36,7 @@ if (isAction("login")) } user::setCurrent($user); - location("/"); + location(); } /* -- cgit v1.2.3 From 0dc6d736c254fc38b2e923069827e47a2494b256 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 26 Jul 2018 04:23:25 -0400 Subject: Add group/pad list item UI module to use when listing out groups and pads. These will link to the group/pad page and display information about the object. --- app/model/gpListItem.php | 42 ++++++++++++++++++++++++++++++++++++++++++ app/model/objHeadCircle.php | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 app/model/gpListItem.php create mode 100644 app/model/objHeadCircle.php (limited to 'app/model') diff --git a/app/model/gpListItem.php b/app/model/gpListItem.php new file mode 100644 index 0000000..809a7cf --- /dev/null +++ b/app/model/gpListItem.php @@ -0,0 +1,42 @@ +guid; +$owner = $obj->getOwner(); +$own_name = $owner->getDisplayName(); +$obj_name = $obj->name; +$numb_membs = count($obj->getMembers()); + +/* TODO - tweak lengths (check view file as well) */ +$membs_lg = $obj->getMembers(18); +$membs_md = $obj->getMembers(18); +$membs_sm = $obj->getMembers(18); +$membs_xs = $obj->getMembers(18); + +if ($obj->objtype == "group") + $glyph = "glyphicon-th"; +else if ($obj->objtype == "pad") + $glyph = "glyphicon-edit"; +else + throw new Exception("Group/pad list item was given something besides a group or pad"); + +?> diff --git a/app/model/objHeadCircle.php b/app/model/objHeadCircle.php new file mode 100644 index 0000000..eef56b7 --- /dev/null +++ b/app/model/objHeadCircle.php @@ -0,0 +1,37 @@ +getHeadImg(); + +switch ($obj->objtype) +{ + case "user": + case "group": + $alt = $obj->getDisplayName(); + break; + + default: + $alt = $obj->name; + break; +} + +?> -- cgit v1.2.3 From 19bf1194556bcc1ba4be4704a297c67d03e58ef5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 15 Sep 2018 09:55:44 -0400 Subject: Implement dm-pad-add form handler --- app/model/datamods.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'app/model') diff --git a/app/model/datamods.php b/app/model/datamods.php index 01311a8..b658314 100644 --- a/app/model/datamods.php +++ b/app/model/datamods.php @@ -13,7 +13,10 @@ */ require_once "class/form.class.php"; +require_once "class/agent.class.php"; +require_once "class/user.class.php"; require_once "class/group.class.php"; +require_once "class/pad.class.php"; /* * Action: dm-group-add - New group modal @@ -29,4 +32,28 @@ if (isAction("dm-group-add")) $group = group::initNew($form->name, user::getCurrent()); } +/* + * Action: dm-pad-add - New pad modal + */ +if (isAction("dm-pad-add")) +{ + $form = new form(); + $form->text("owner"); + $form->text("name"); + + if (!$form->populate(input())) + return; + + $owner = agent::getAgentObj($form->owner); + $user = user::getCurrent(); + + if (!$user->canCreateSub($owner)) + { + logError(ERROR, "You do not have permission to create a pad for '" . $owner->getDisplayName() . "'"); + return; + } + + $pad = pad::initNew($form->name, $owner); +} + ?> -- cgit v1.2.3 From 4e8b886e21a893d83ffcf8c2924e318bea5b6e2c Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 16 Sep 2018 16:34:19 -0400 Subject: Add object background preview widget Similar to objHeadCircle() but for displaying a bg img on page, rather than as the actual background. --- app/model/objBgPrev.php | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 app/model/objBgPrev.php (limited to 'app/model') diff --git a/app/model/objBgPrev.php b/app/model/objBgPrev.php new file mode 100644 index 0000000..f8d024a --- /dev/null +++ b/app/model/objBgPrev.php @@ -0,0 +1,40 @@ +getBgImg(); + +if ($src == NULL) + $src = ar() . "/static/img/null.jpg"; + +switch ($obj->objtype) +{ + case "user": + case "group": + $alt = $obj->getDisplayName() . " background"; + break; + + default: + $alt = $obj->name . " background"; + break; +} + +?> -- cgit v1.2.3 From 5a086d1592c43b8259f988e9e7f6f167318252ef Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 19 Sep 2018 16:12:15 -0400 Subject: settings: Implement user tab form submission --- app/model/settings.php | 102 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 app/model/settings.php (limited to 'app/model') diff --git a/app/model/settings.php b/app/model/settings.php new file mode 100644 index 0000000..3262dec --- /dev/null +++ b/app/model/settings.php @@ -0,0 +1,102 @@ +text("guid"); + $form->flag("setpasswd"); + $form->text("curpasswd", false); + $form->text("passwd", false); + $form->text("cpasswd", false); + $form->text("alias", false); + $form->text("email", false); + $form->text("emailVer", false); + + if (!$form->populate(input())) + return; + + $user = new user($form->guid); + + /* permissions */ + if (!($cu = user::getCurrent()) || !$cu->canModify($user)) + { + logError(ERROR, "You do not have permission to modify the selected user"); + return; + } + + /* image file removal */ + if (isset(input()['rmImg-head'])) + { + if ($user->rmHeadImg()) + logError(NOTICE, "User image removed"); + else + logError(ERROR, "Error removing user image"); + return; + } + + if (isset(input()['rmImg-bg'])) + { + if ($user->rmBgImg()) + logError(NOTICE, "Background image removed"); + else + logError(ERROR, "Error removing background image"); + return; + } + + /* image file set */ + if ($user->setHeadImg("img-head")) + logError(NOTICE, "User image updated"); + + if ($user->setBgImg("img-bg")) + logError(NOTICE, "Background image updated"); + + /* modify object */ + if ($form->setpasswd) + { + if ($user->validatePasswd($form->curpasswd)) + { + if ($form->passwd == $form->cpasswd) + { + $user->setPasswd($form->passwd); + logError(NOTICE, "Password updated successfully"); + } + else + logError(WARNING, "Password not changed, passwords did not match"); + } + else + logError(WARNING, "Password not changed, current password was incorrect"); + } + + $user->alias = $form->alias; + + if ($form->email != $user->email) + $user->setEmail($form->email); + + else if ($form->emailVer != "" && $user->emailConf == 0) + { + if (!$user->verifyEmail($form->emailVer)) + logError(WARNING, "Email not verified, key was incorrect"); + } + + $user->saveObj(); +} + +?> -- cgit v1.2.3 From defac79722307d68191e9d28346a9fd8502319da Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 19 Sep 2018 18:06:24 -0400 Subject: datamods: Add default stages to new pads As a convenience, I'm adding a basic set of stages to new pads. These stages are "To Do", "In Progress" ('Done' being closed issues). This implements a very simple workflow for new pads. --- app/model/datamods.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'app/model') diff --git a/app/model/datamods.php b/app/model/datamods.php index b658314..8eaff23 100644 --- a/app/model/datamods.php +++ b/app/model/datamods.php @@ -17,6 +17,7 @@ require_once "class/agent.class.php"; require_once "class/user.class.php"; require_once "class/group.class.php"; require_once "class/pad.class.php"; +require_once "class/stage.class.php"; /* * Action: dm-group-add - New group modal @@ -54,6 +55,11 @@ if (isAction("dm-pad-add")) } $pad = pad::initNew($form->name, $owner); + $td = stage::initNew("To Do", $pad); + $ip = stage::initNew("In Progress", $pad); + + $pad->insertStage($td); + $td->insertStage($ip); } ?> -- cgit v1.2.3 From 694f876bc8655bc00f3a4ae3d650e54d947ea42a Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 20 Sep 2018 01:07:35 -0400 Subject: Add start of single-pad view --- app/model/pad.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 app/model/pad.php (limited to 'app/model') diff --git a/app/model/pad.php b/app/model/pad.php new file mode 100644 index 0000000..d29b1f6 --- /dev/null +++ b/app/model/pad.php @@ -0,0 +1,21 @@ +getStages(); +$stages = array_reverse($stages); + +?> -- cgit v1.2.3 From a6f8c82fa4ea831e8a87cf5860f44f84ae68950d Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 21 Sep 2018 22:42:41 -0400 Subject: deleteaccount: Implement form handler --- app/model/deleteaccount.php | 47 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 app/model/deleteaccount.php (limited to 'app/model') diff --git a/app/model/deleteaccount.php b/app/model/deleteaccount.php new file mode 100644 index 0000000..8153f0f --- /dev/null +++ b/app/model/deleteaccount.php @@ -0,0 +1,47 @@ +text("passwd", false); + + if (!$form->populate(input())) + return; + + $user = user::getCurrent(); + + if (!$user->validatePasswd($form->passwd)) + { + logError(WARNING, "Account not deleted, password was incorrect"); + return; + } + + if ($user->admin == 1 && count(user::getAllAdmin_ordByUname()) == 1) + { + logError(ERROR, "Account not deleted, can not remove the last administrator"); + return; + } + + $user->delObj(); + location("/"); +} + +?> -- cgit v1.2.3 From d9b75f4f38bb258893896443bdfb3a3e43773d47 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 23 Sep 2018 22:02:27 -0400 Subject: settings: Implement admin tab form handler --- app/model/settings.php | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'app/model') diff --git a/app/model/settings.php b/app/model/settings.php index 3262dec..a3afa0f 100644 --- a/app/model/settings.php +++ b/app/model/settings.php @@ -13,6 +13,7 @@ */ require_once "class/form.class.php"; +require_once "class/settings.class.php"; require_once "class/user.class.php"; /* @@ -99,4 +100,43 @@ if (isAction("settings-user")) $user->saveObj(); } +/* + * Action: settings-admin - Modify global settings + */ +if (isAction("settings-admin")) +{ + $form = new form(); + $form->flag("sslOnly"); + $form->flag("allowPublicSignup"); + $form->text("smtpEmailAddress", false); + $form->text("smtpFrom", false); + $form->text("smtpServer", false); + $form->numeric("smtpPort", 0, 65535); + $form->enum("smtpSecurity", array("", "ssl", "tls")); + $form->text("smtpUname", false); + $form->text("smtpPasswd", false); + + if (!$form->populate(input())) + return; + + /* permissions */ + if (!($cu = user::getCurrent()) || $cu->admin == 0) + { + logError(ERROR, "You do not have permission to modify global settings"); + return; + } + + settings::sslOnly($form->sslOnly); + settings::allowPublicSignup($form->allowPublicSignup); + settings::smtpEmailAddress($form->smtpEmailAddress); + settings::smtpFrom($form->smtpFrom); + settings::smtpServer($form->smtpServer); + settings::smtpPort($form->smtpPort); + settings::smtpSecurity($form->smtpSecurity); + settings::smtpUname($form->smtpUname); + + if ($form->smtpPasswd != "") + settings::smtpPasswd($form->smtpPasswd); +} + ?> -- cgit v1.2.3 From 83be80e89dbbf22a18023fa8443fcab975358c3f Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 25 Sep 2018 17:58:58 -0400 Subject: group: Add group page view --- app/model/group.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 app/model/group.php (limited to 'app/model') diff --git a/app/model/group.php b/app/model/group.php new file mode 100644 index 0000000..7f3b2bc --- /dev/null +++ b/app/model/group.php @@ -0,0 +1,20 @@ +getPads_ordByOwnByName(); + +?> -- cgit v1.2.3 From 325b697fed92cb56eaa05841e03462b7b2f0c385 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 22 Oct 2018 05:08:37 -0400 Subject: pad: Render issue modals on pad view This logic instanciates an issue modal view for each issue to be accessable from a pad view. --- app/model/pad.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/model') diff --git a/app/model/pad.php b/app/model/pad.php index d29b1f6..d7cfb23 100644 --- a/app/model/pad.php +++ b/app/model/pad.php @@ -18,4 +18,12 @@ $pad = getPageObj(); $stages = $pad->getStages(); $stages = array_reverse($stages); +$issues = array(); + +foreach ($stages as $s) +{ + $i = $s->getIssues_ordByDueByNumb(); + $issues = array_merge($issues, $i); +} + ?> -- cgit v1.2.3 From 9733a06af32e6b409558795f69f89b7c59487a55 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 23 Oct 2018 01:31:19 -0400 Subject: datamods: Implement new issue modal form handler POSTs to the dm-issue-add form are handled by this new handler. Pad data is passed via the form, we create the new issue in the pad's first stage, crediting the current logged in user. New issue is unassigned. I call `location()` at the bottom, since not doing so leaves the page in a weird state. The reason being that most of the page rendering logic operates off of the 'pageObj', which is instanciated and assigned prior to the invocation of this handler. This is to be fleshed-out during the v0.2-v0.3 development iteration. Signed-off-by: Malf Furious --- app/model/datamods.php | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'app/model') diff --git a/app/model/datamods.php b/app/model/datamods.php index 8eaff23..c7c7da1 100644 --- a/app/model/datamods.php +++ b/app/model/datamods.php @@ -18,6 +18,8 @@ require_once "class/user.class.php"; require_once "class/group.class.php"; require_once "class/pad.class.php"; require_once "class/stage.class.php"; +require_once "class/issue.class.php"; +require_once "class/mesg.class.php"; /* * Action: dm-group-add - New group modal @@ -62,4 +64,40 @@ if (isAction("dm-pad-add")) $td->insertStage($ip); } +/* + * Action: dm-issue-add - New issue modal + */ +if (isAction("dm-issue-add")) +{ + $form = new form(); + $form->text("pad"); + $form->text("name"); + $form->text("mesg", false); + + if (!$form->populate(input())) + return; + + $pad = new pad($form->pad); + $user = user::getCurrent(); + + if (!$user->canCreateSub($pad)) + { + logError(ERROR, "You do not have permission to open an issue for '" . $pad->name . "'"); + return; + } + + $stages = $pad->getStages(); + + if (count($stages) == 0) + { + logError(ERROR, "Cannot create new issue, '" . $pad->name . "' doesn't have any stages"); + return; + } + + $mesg = mesg::initNewDiscussion($form->name, $form->mesg, $user, $pad); + $issue = issue::initNew($mesg, $user, $stages[0]); + + location(); // bug mitigation +} + ?> -- cgit v1.2.3 From 1449564793347f4e34f433f4620834e9c6db290f Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 23 Oct 2018 20:40:49 -0400 Subject: Fix bug in various form handlers Some form handlers use the current logged in user (user::getCurrent()), however do so without asserting that we are _actually_ logged in. This is probably due to that fact that index.php (usually) catches all page requests that are logged out and diverts control before any other handler can be invoked. But a few handlers sneak through the cracks. In the future, the app will be better about supportting logged out browsing, the alpha was not written with this in the forground. Signed-off-by: Malf Furious --- app/model/datamods.php | 22 +++++++++++++++++++--- app/model/deleteaccount.php | 6 +++++- 2 files changed, 24 insertions(+), 4 deletions(-) (limited to 'app/model') diff --git a/app/model/datamods.php b/app/model/datamods.php index c7c7da1..e2051f3 100644 --- a/app/model/datamods.php +++ b/app/model/datamods.php @@ -32,7 +32,13 @@ if (isAction("dm-group-add")) if (!$form->populate(input())) return; - $group = group::initNew($form->name, user::getCurrent()); + if (!($user = user::getCurrent())) + { + logError(ERROR, "You must be logged in to create a group"); + return; + } + + $group = group::initNew($form->name, $user); } /* @@ -48,7 +54,12 @@ if (isAction("dm-pad-add")) return; $owner = agent::getAgentObj($form->owner); - $user = user::getCurrent(); + + if (!($user = user::getCurrent())) + { + logError(ERROR, "You must be logged in to create a pad"); + return; + } if (!$user->canCreateSub($owner)) { @@ -78,7 +89,12 @@ if (isAction("dm-issue-add")) return; $pad = new pad($form->pad); - $user = user::getCurrent(); + + if (!($user = user::getCurrent())) + { + logError(ERROR, "You must be logged in to open an issue"); + return; + } if (!$user->canCreateSub($pad)) { diff --git a/app/model/deleteaccount.php b/app/model/deleteaccount.php index 8153f0f..d83537e 100644 --- a/app/model/deleteaccount.php +++ b/app/model/deleteaccount.php @@ -26,7 +26,11 @@ if (isAction("deleteaccount")) if (!$form->populate(input())) return; - $user = user::getCurrent(); + if (!($user = user::getCurrent())) + { + logError(ERROR, "You must be logged in to close your account"); + return; + } if (!$user->validatePasswd($form->passwd)) { -- cgit v1.2.3 From b50b994af2df3453dbc2a1015a297c2b28e4b209 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 25 Oct 2018 21:37:41 -0400 Subject: issue: Implement form handler iss-mesg-add Submissions to the iss-mesg-add form are now handled by this function. User must be logged in and permitted to post to the issue in question. Signed-off-by: Malf Furious --- app/model/issue.php | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 app/model/issue.php (limited to 'app/model') diff --git a/app/model/issue.php b/app/model/issue.php new file mode 100644 index 0000000..2120256 --- /dev/null +++ b/app/model/issue.php @@ -0,0 +1,57 @@ +text("issue"); + $form->text("mesg"); + + if (!$form->populate(input())) + return; + + $issue = new issue($form->issue); + + if (!($user = user::getCurrent())) + { + logError(ERROR, "You must be logged in to post a message"); + return; + } + + if (!$user->canCreateSub($issue)) + { + logError(ERROR, "You do not have permission to post to this issue"); + return; + } + + $mesg = mesg::initNew($form->mesg, $user, $issue); + + if ($mesg->setAttachment("attachment")) + logError(NOTICE, "Saved attachment " . $mesg->attachment); + + if (isset(input()['closeIssue'])) + { + $issue->close($user); + logError(NOTICE, "Issue #" . $issue->numb . " closed"); + } +} + +?> -- cgit v1.2.3 From bcc3ef4a22a17cf888e71078f2881715c466b6dc Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 26 Oct 2018 21:17:41 -0400 Subject: issue: Add logging events for issue open and close Signed-off-by: Malf Furious --- app/model/datamods.php | 1 + app/model/issue.php | 1 + 2 files changed, 2 insertions(+) (limited to 'app/model') diff --git a/app/model/datamods.php b/app/model/datamods.php index e2051f3..0b7f3da 100644 --- a/app/model/datamods.php +++ b/app/model/datamods.php @@ -112,6 +112,7 @@ if (isAction("dm-issue-add")) $mesg = mesg::initNewDiscussion($form->name, $form->mesg, $user, $pad); $issue = issue::initNew($mesg, $user, $stages[0]); + $log = mesg::initNewLog("%s opened issue", $user, $issue); location(); // bug mitigation } diff --git a/app/model/issue.php b/app/model/issue.php index 2120256..4300bbb 100644 --- a/app/model/issue.php +++ b/app/model/issue.php @@ -51,6 +51,7 @@ if (isAction("iss-mesg-add")) { $issue->close($user); logError(NOTICE, "Issue #" . $issue->numb . " closed"); + $log = mesg::initNewLog("% closed issue", $user, $issue); } } -- cgit v1.2.3 From f041e8a5fed0a1bc9be9aa9665f58e6f5a55879b Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 26 Oct 2018 21:27:06 -0400 Subject: user: Add log events for some basic user mgmt Signed-off-by: Malf Furious --- app/model/login.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'app/model') diff --git a/app/model/login.php b/app/model/login.php index 6358e12..3393281 100644 --- a/app/model/login.php +++ b/app/model/login.php @@ -32,6 +32,10 @@ if (isAction("login")) $user->validatePasswd($form->passwd))) { logError(ERROR, "Username or password is incorrect"); + + if ($user) + $log = mesg::initNewAdminLog("Failed login for username '%s'", $user); + goto prep; } @@ -72,6 +76,7 @@ if (isAction("signup")) } user::setCurrent($user); + $log = mesg::initNewAdminLog("%s account registered", $user); location("/"); } -- cgit v1.2.3 From 3e0aa02f2051300fbe255c578ed2717a71b65954 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Fri, 26 Oct 2018 21:30:01 -0400 Subject: settings: Add log event when admin alters global settings Signed-off-by: Malf Furious --- app/model/settings.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/model') diff --git a/app/model/settings.php b/app/model/settings.php index a3afa0f..3293122 100644 --- a/app/model/settings.php +++ b/app/model/settings.php @@ -137,6 +137,8 @@ if (isAction("settings-admin")) if ($form->smtpPasswd != "") settings::smtpPasswd($form->smtpPasswd); + + $log = mesg::initNewAdminLog("%s changed global settings", $cu); } ?> -- cgit v1.2.3