/system/cms/modules/users/controllers/admin.php

  1<?php defined('BASEPATH') OR exit('No direct script access allowed');
  2
  3/**
  4 * Admin controller for the users module
  5 *
  6 * @author		 PyroCMS Dev Team
  7 * @package	 PyroCMS\Core\Modules\Users\Controllers
  8 */
  9class Admin extends Admin_Controller
 10{
 11
 12	protected $section = 'users';
 13
 14	/**
 15	 * Validation for basic profile
 16	 * data. The rest of the validation is
 17	 * built by streams.
 18	 *
 19	 * @var array
 20	 */
 21	private $validation_rules = array(
 22		array(
 23			'field' => 'email',
 24			'label' => 'lang:user_email_label',
 25			'rules' => 'required|valid_email'
 26		),
 27		array(
 28			'field' => 'password',
 29			'label' => 'lang:user_password_label',
 30			'rules' => 'min_length[6]|max_length[20]'
 31		),
 32		array(
 33			'field' => 'username',
 34			'label' => 'lang:user_username',
 35			'rules' => 'required|alpha_dot_dash|min_length[3]|max_length[20]'
 36		),
 37		array(
 38			'field' => 'group_id',
 39			'label' => 'lang:user_group_label',
 40			'rules' => 'required|callback__group_check'
 41		),
 42		array(
 43			'field' => 'active',
 44			'label' => 'lang:user_active_label',
 45			'rules' => ''
 46		),
 47		array(
 48			'field' => 'display_name',
 49			'label' => 'lang:profile_display_name',
 50			'rules' => 'required'
 51		)
 52	);
 53
 54	/**
 55	 * Constructor method
 56	 */
 57	public function __construct()
 58	{
 59		parent::__construct();
 60
 61		// Load the required classes
 62		$this->load->model('user_m');
 63		$this->load->model('groups/group_m');
 64		$this->load->helper('user');
 65		$this->load->library('form_validation');
 66		$this->lang->load('user');
 67
 68		$this->template->groups = $this->group_m->get_all();
 69		$this->template->groups_select = array_for_select($this->template->groups, 'id', 'description');
 70	}
 71
 72	/**
 73	 * List all users
 74	 */
 75	public function index()
 76	{
 77		$base_where = array('active' => 0);
 78
 79		// ---------------------------
 80		// User Filters
 81		// ---------------------------
 82
 83		// Determine active param
 84		$base_where['active'] = $this->input->post('f_module') ? (int)$this->input->post('f_active') : $base_where['active'];
 85
 86		// Determine group param
 87		$base_where = $this->input->post('f_group') ? $base_where + array('group_id' => (int)$this->input->post('f_group')) : $base_where;
 88
 89		// Keyphrase param
 90		$base_where = $this->input->post('f_keywords') ? $base_where + array('name' => $this->input->post('f_keywords')) : $base_where;
 91
 92		// Create pagination links
 93		$pagination = create_pagination('admin/users/index', $this->user_m->count_by($base_where));
 94
 95		// Using this data, get the relevant results
 96		$users = $this->user_m
 97			->order_by('active', 'desc')
 98			->limit($pagination['limit'])
 99			->get_many_by($base_where);
100
101		// Unset the layout if we have an ajax request
102		if ($this->input->is_ajax_request())
103		{
104			$this->template->set_layout(FALSE);
105		}
106
107		// Render the view
108		$this->template
109			->title($this->module_details['name'])
110			->set('pagination', $pagination)
111			->set('users', $users)
112			->set_partial('filters', 'admin/partials/filters')
113			->append_js('admin/filter.js');
114
115		$this->input->is_ajax_request() ? $this->template->build('admin/tables/users') : $this->template->build('admin/index');
116	}
117
118	/**
119	 * Method for handling different form actions
120	 */
121	public function action()
122	{
123		// Pyro demo version restrction
124		if (PYRO_DEMO)
125		{
126			$this->session->set_flashdata('notice', lang('global:demo_restrictions'));
127			redirect('admin/users');
128		}
129
130		// Determine the type of action
131		switch ($this->input->post('btnAction'))
132		{
133			case 'activate':
134				$this->activate();
135				break;
136			case 'delete':
137				$this->delete();
138				break;
139			default:
140				redirect('admin/users');
141				break;
142		}
143	}
144
145	/**
146	 * Create a new user
147	 */
148	public function create()
149	{
150		// Extra validation for basic data
151		$this->validation_rules[1]['rules'] .= '|callback__email_check';
152		$this->validation_rules[2]['rules'] .= '|required';
153		$this->validation_rules[3]['rules'] .= '|callback__username_check';
154
155		// Get the profile fields validation array from streams
156		$this->load->driver('Streams');
157		$profile_validation = $this->streams->streams->validation_array('profiles', 'users');
158
159		// Set the validation rules
160		$this->form_validation->set_rules(array_merge($this->validation_rules, $profile_validation));
161
162		$email = $this->input->post('email');
163		$password = $this->input->post('password');
164		$username = $this->input->post('username');
165		$group_id = $this->input->post('group_id');
166
167		// Get user profile data. This will be passed to our
168		// streams insert_entry data in the model.
169		$assignments = $this->streams->streams->get_assignments('profiles', 'users');
170		$profile_data = array();
171
172		foreach ($assignments as $assign)
173		{
174			$profile_data[$assign->field_slug] = $this->input->post($assign->field_slug);
175		}
176
177		$profile_data['display_name'] = $this->input->post('display_name');
178
179		if ($this->form_validation->run() !== false)
180		{
181			// Hack to activate immediately
182			if ($this->input->post('active'))
183			{
184				$this->config->config['ion_auth']['email_activation'] = false;
185			}
186
187			$group = $this->group_m->get($this->input->post('group_id'));
188
189			// Try to register the user
190			if ($user_id = $this->ion_auth->register($username, $password, $email, $group_id, $profile_data, $group->name))
191			{
192				// Fire an event. A new user has been created. 
193				Events::trigger('user_created', $user_id);
194
195				// Set the flashdata message and redirect
196				$this->session->set_flashdata('success', $this->ion_auth->messages());
197				redirect('admin/users');
198			}
199			// Error
200			else
201			{
202				$this->template->error_string = $this->ion_auth->errors();
203			}
204		}
205		else
206		{
207			// Dirty hack that fixes the issue of having to
208			// re-add all data upon an error
209			if ($_POST)
210			{
211				$member = (object)$_POST;
212			}
213		}
214
215		// Loop through each validation rule
216		foreach ($this->validation_rules as $rule)
217		{
218			$member->{$rule['field']} = set_value($rule['field']);
219		}
220
221		$this->template
222			->title($this->module_details['name'], lang('user_add_title'))
223			->set('member', $member)
224			->set('display_name', set_value('display_name', $this->input->post('display_name')))
225			->set('profile_fields', $this->streams->fields->get_stream_fields('profiles', 'users', $profile_data))
226			->build('admin/form');
227	}
228
229	/**
230	 * Edit an existing user
231	 *
232	 * @param int $id The id of the user.
233	 */
234	public function edit($id = 0)
235	{
236		// Get the user's data
237		if ( ! ($member = $this->ion_auth->get_user($id)))
238		{
239			$this->session->set_flashdata('error', lang('user_edit_user_not_found_error'));
240			redirect('admin/users');
241		}
242
243		// Check to see if we are changing usernames
244		if ($member->username != $this->input->post('username'))
245		{
246			$this->validation_rules[3]['rules'] .= '|callback__username_check';
247		}
248
249		// Check to see if we are changing emails
250		if ($member->email != $this->input->post('email'))
251		{
252			$this->validation_rules[1]['rules'] .= '|callback__email_check';
253		}
254
255		// Get the profile fields validation array from streams
256		$this->load->driver('Streams');
257		$profile_validation = $this->streams->streams->validation_array('profiles', 'users');
258
259		// Set the validation rules
260		$this->form_validation->set_rules(array_merge($this->validation_rules, $profile_validation));
261
262		// Get user profile data. This will be passed to our
263		// streams insert_entry data in the model.
264		$assignments = $this->streams->streams->get_assignments('profiles', 'users');
265		$profile_data = array();
266
267		foreach ($assignments as $assign)
268		{
269			if (isset($_POST[$assign->field_slug]))
270			{
271				$profile_data[$assign->field_slug] = $this->input->post($assign->field_slug);
272			}
273			else
274			{
275				$profile_data[$assign->field_slug] = $member->{$assign->field_slug};
276			}
277		}
278
279		if ($this->form_validation->run() === true)
280		{
281			if (PYRO_DEMO)
282			{
283				$this->session->set_flashdata('notice', lang('global:demo_restrictions'));
284				redirect('admin/users');
285			}
286
287			// Get the POST data
288			$update_data['email'] = $this->input->post('email');
289			$update_data['active'] = $this->input->post('active');
290			$update_data['username'] = $this->input->post('username');
291			$update_data['group_id'] = $this->input->post('group_id');
292
293			$profile_data = array();
294
295			// Grab the profile data
296			foreach ($assignments as $assign)
297			{
298				$profile_data[$assign->field_slug] = $this->input->post($assign->field_slug);
299			}
300
301			// We need to manually do display_name
302			$profile_data['display_name'] = $this->input->post('display_name');
303
304			// Password provided, hash it for storage
305			if ($this->input->post('password'))
306			{
307				$update_data['password'] = $this->input->post('password');
308			}
309
310			if ($this->ion_auth->update_user($id, $update_data, $profile_data))
311			{
312				// Fire an event. A user has been updated. 
313				Events::trigger('user_updated', $id);
314
315				$this->session->set_flashdata('success', $this->ion_auth->messages());
316			}
317			else
318			{
319				$this->session->set_flashdata('error', $this->ion_auth->errors());
320			}
321
322			redirect('admin/users');
323		}
324		else
325		{
326			// Dirty hack that fixes the issue of having to re-add all data upon an error
327			if ($_POST)
328			{
329				$member = (object)$_POST;
330			}
331		}
332
333		// Loop through each validation rule
334		foreach ($this->validation_rules as $rule)
335		{
336			if ($this->input->post($rule['field']) !== false)
337			{
338				$member->{$rule['field']} = set_value($rule['field']);
339			}
340		}
341
342		$this->template
343			->title($this->module_details['name'], sprintf(lang('user_edit_title'), $member->username))
344			->set('display_name', $member->display_name)
345			->set('profile_fields', $this->streams->fields->get_stream_fields('profiles', 'users', $profile_data))
346			->set('member', $member)
347			->build('admin/form');
348	}
349
350	/**
351	 * Show a user preview
352	 *
353	 * @param	int $id The ID of the user.
354	 */
355	public function preview($id = 0)
356	{
357		$user = $this->ion_auth->get_user($id);
358
359		$this->template
360			->set_layout('modal', 'admin')
361			->set('user', $user)
362			->build('admin/preview');
363	}
364
365	/**
366	 * Activate users
367	 *
368	 * Grabs the ids from the POST data (key: action_to).
369	 */
370	public function activate()
371	{
372		// Activate multiple
373		if ( ! ($ids = $this->input->post('action_to')))
374		{
375			$this->session->set_flashdata('error', lang('user_activate_error'));
376			redirect('admin/users');
377		}
378
379		$activated = 0;
380		$to_activate = 0;
381		foreach ($ids as $id)
382		{
383			if ($this->ion_auth->activate($id))
384			{
385				$activated++;
386			}
387			$to_activate++;
388		}
389		$this->session->set_flashdata('success', sprintf(lang('user_activate_success'), $activated, $to_activate));
390
391		redirect('admin/users');
392	}
393
394	/**
395	 * Delete an existing user
396	 *
397	 * @param int $id The ID of the user to delete
398	 */
399	public function delete($id = 0)
400	{
401		if (PYRO_DEMO)
402		{
403			$this->session->set_flashdata('notice', lang('global:demo_restrictions'));
404			redirect('admin/users');
405		}
406
407		$ids = ($id > 0) ? array($id) : $this->input->post('action_to');
408
409		if ( ! empty($ids))
410		{
411			$deleted = 0;
412			$to_delete = 0;
413			$deleted_ids = array();
414			foreach ($ids as $id)
415			{
416				// Make sure the admin is not trying to delete themself
417				if ($this->ion_auth->get_user()->id == $id)
418				{
419					$this->session->set_flashdata('notice', lang('user_delete_self_error'));
420					continue;
421				}
422
423				if ($this->ion_auth->delete_user($id))
424				{
425					$deleted_ids[] = $id;
426					$deleted++;
427				}
428				$to_delete++;
429			}
430
431			if ($to_delete > 0)
432			{
433				// Fire an event. One or more users have been deleted. 
434				Events::trigger('user_deleted', $deleted_ids);
435
436				$this->session->set_flashdata('success', sprintf(lang('user_mass_delete_success'), $deleted, $to_delete));
437			}
438		}
439		// The array of id's to delete is empty
440		else
441		{
442			$this->session->set_flashdata('error', lang('user_mass_delete_error'));
443		}
444
445		redirect('admin/users');
446	}
447
448	/**
449	 * Username check
450	 *
451	 * @author Ben Edmunds
452	 *
453	 * @param string $username The username.
454	 *
455	 * @return bool
456	 */
457	public function _username_check($username)
458	{
459		if ($this->ion_auth->username_check($username))
460		{
461			$this->form_validation->set_message('_username_check', lang('user_error_username'));
462			return false;
463		}
464		return true;
465	}
466
467	/**
468	 * Email check
469	 *
470	 * @author Ben Edmunds
471	 *
472	 * @param string $email The email.
473	 *
474	 * @return bool
475	 */
476	public function _email_check($email)
477	{
478		if ($this->ion_auth->email_check($email))
479		{
480			$this->form_validation->set_message('_email_check', lang('user_error_email'));
481			return false;
482		}
483		return true;
484	}
485
486	/**
487	 * Check that a proper group has been selected
488	 *
489	 * @author Stephen Cozart
490	 *
491	 * @param int $group
492	 *
493	 * @return bool
494	 */
495	public function _group_check($group)
496	{
497		if ( ! $this->group_m->get($group))
498		{
499			$this->form_validation->set_message('_group_check', lang('regex_match'));
500			return false;
501		}
502		return true;
503	}
504
505}