/system/cms/modules/users/controllers/admin.php

https://github.com/rakeshtembhurne/pyrocms · PHP · 505 lines · 324 code · 65 blank · 116 comment · 30 complexity · a517f03afb71bfc4d4f4d77c895deb95 MD5 · raw file

  1. <?php defined('BASEPATH') OR exit('No direct script access allowed');
  2. /**
  3. * Admin controller for the users module
  4. *
  5. * @author PyroCMS Dev Team
  6. * @package PyroCMS\Core\Modules\Users\Controllers
  7. */
  8. class Admin extends Admin_Controller
  9. {
  10. protected $section = 'users';
  11. /**
  12. * Validation for basic profile
  13. * data. The rest of the validation is
  14. * built by streams.
  15. *
  16. * @var array
  17. */
  18. private $validation_rules = array(
  19. array(
  20. 'field' => 'email',
  21. 'label' => 'lang:user_email_label',
  22. 'rules' => 'required|valid_email'
  23. ),
  24. array(
  25. 'field' => 'password',
  26. 'label' => 'lang:user_password_label',
  27. 'rules' => 'min_length[6]|max_length[20]'
  28. ),
  29. array(
  30. 'field' => 'username',
  31. 'label' => 'lang:user_username',
  32. 'rules' => 'required|alpha_dot_dash|min_length[3]|max_length[20]'
  33. ),
  34. array(
  35. 'field' => 'group_id',
  36. 'label' => 'lang:user_group_label',
  37. 'rules' => 'required|callback__group_check'
  38. ),
  39. array(
  40. 'field' => 'active',
  41. 'label' => 'lang:user_active_label',
  42. 'rules' => ''
  43. ),
  44. array(
  45. 'field' => 'display_name',
  46. 'label' => 'lang:profile_display_name',
  47. 'rules' => 'required'
  48. )
  49. );
  50. /**
  51. * Constructor method
  52. */
  53. public function __construct()
  54. {
  55. parent::__construct();
  56. // Load the required classes
  57. $this->load->model('user_m');
  58. $this->load->model('groups/group_m');
  59. $this->load->helper('user');
  60. $this->load->library('form_validation');
  61. $this->lang->load('user');
  62. $this->template->groups = $this->group_m->get_all();
  63. $this->template->groups_select = array_for_select($this->template->groups, 'id', 'description');
  64. }
  65. /**
  66. * List all users
  67. */
  68. public function index()
  69. {
  70. $base_where = array('active' => 0);
  71. // ---------------------------
  72. // User Filters
  73. // ---------------------------
  74. // Determine active param
  75. $base_where['active'] = $this->input->post('f_module') ? (int)$this->input->post('f_active') : $base_where['active'];
  76. // Determine group param
  77. $base_where = $this->input->post('f_group') ? $base_where + array('group_id' => (int)$this->input->post('f_group')) : $base_where;
  78. // Keyphrase param
  79. $base_where = $this->input->post('f_keywords') ? $base_where + array('name' => $this->input->post('f_keywords')) : $base_where;
  80. // Create pagination links
  81. $pagination = create_pagination('admin/users/index', $this->user_m->count_by($base_where));
  82. // Using this data, get the relevant results
  83. $users = $this->user_m
  84. ->order_by('active', 'desc')
  85. ->limit($pagination['limit'])
  86. ->get_many_by($base_where);
  87. // Unset the layout if we have an ajax request
  88. if ($this->input->is_ajax_request())
  89. {
  90. $this->template->set_layout(FALSE);
  91. }
  92. // Render the view
  93. $this->template
  94. ->title($this->module_details['name'])
  95. ->set('pagination', $pagination)
  96. ->set('users', $users)
  97. ->set_partial('filters', 'admin/partials/filters')
  98. ->append_js('admin/filter.js');
  99. $this->input->is_ajax_request() ? $this->template->build('admin/tables/users') : $this->template->build('admin/index');
  100. }
  101. /**
  102. * Method for handling different form actions
  103. */
  104. public function action()
  105. {
  106. // Pyro demo version restrction
  107. if (PYRO_DEMO)
  108. {
  109. $this->session->set_flashdata('notice', lang('global:demo_restrictions'));
  110. redirect('admin/users');
  111. }
  112. // Determine the type of action
  113. switch ($this->input->post('btnAction'))
  114. {
  115. case 'activate':
  116. $this->activate();
  117. break;
  118. case 'delete':
  119. $this->delete();
  120. break;
  121. default:
  122. redirect('admin/users');
  123. break;
  124. }
  125. }
  126. /**
  127. * Create a new user
  128. */
  129. public function create()
  130. {
  131. // Extra validation for basic data
  132. $this->validation_rules[1]['rules'] .= '|callback__email_check';
  133. $this->validation_rules[2]['rules'] .= '|required';
  134. $this->validation_rules[3]['rules'] .= '|callback__username_check';
  135. // Get the profile fields validation array from streams
  136. $this->load->driver('Streams');
  137. $profile_validation = $this->streams->streams->validation_array('profiles', 'users');
  138. // Set the validation rules
  139. $this->form_validation->set_rules(array_merge($this->validation_rules, $profile_validation));
  140. $email = $this->input->post('email');
  141. $password = $this->input->post('password');
  142. $username = $this->input->post('username');
  143. $group_id = $this->input->post('group_id');
  144. // Get user profile data. This will be passed to our
  145. // streams insert_entry data in the model.
  146. $assignments = $this->streams->streams->get_assignments('profiles', 'users');
  147. $profile_data = array();
  148. foreach ($assignments as $assign)
  149. {
  150. $profile_data[$assign->field_slug] = $this->input->post($assign->field_slug);
  151. }
  152. $profile_data['display_name'] = $this->input->post('display_name');
  153. if ($this->form_validation->run() !== false)
  154. {
  155. // Hack to activate immediately
  156. if ($this->input->post('active'))
  157. {
  158. $this->config->config['ion_auth']['email_activation'] = false;
  159. }
  160. $group = $this->group_m->get($this->input->post('group_id'));
  161. // Try to register the user
  162. if ($user_id = $this->ion_auth->register($username, $password, $email, $group_id, $profile_data, $group->name))
  163. {
  164. // Fire an event. A new user has been created.
  165. Events::trigger('user_created', $user_id);
  166. // Set the flashdata message and redirect
  167. $this->session->set_flashdata('success', $this->ion_auth->messages());
  168. redirect('admin/users');
  169. }
  170. // Error
  171. else
  172. {
  173. $this->template->error_string = $this->ion_auth->errors();
  174. }
  175. }
  176. else
  177. {
  178. // Dirty hack that fixes the issue of having to
  179. // re-add all data upon an error
  180. if ($_POST)
  181. {
  182. $member = (object)$_POST;
  183. }
  184. }
  185. // Loop through each validation rule
  186. foreach ($this->validation_rules as $rule)
  187. {
  188. $member->{$rule['field']} = set_value($rule['field']);
  189. }
  190. $this->template
  191. ->title($this->module_details['name'], lang('user_add_title'))
  192. ->set('member', $member)
  193. ->set('display_name', set_value('display_name', $this->input->post('display_name')))
  194. ->set('profile_fields', $this->streams->fields->get_stream_fields('profiles', 'users', $profile_data))
  195. ->build('admin/form');
  196. }
  197. /**
  198. * Edit an existing user
  199. *
  200. * @param int $id The id of the user.
  201. */
  202. public function edit($id = 0)
  203. {
  204. // Get the user's data
  205. if ( ! ($member = $this->ion_auth->get_user($id)))
  206. {
  207. $this->session->set_flashdata('error', lang('user_edit_user_not_found_error'));
  208. redirect('admin/users');
  209. }
  210. // Check to see if we are changing usernames
  211. if ($member->username != $this->input->post('username'))
  212. {
  213. $this->validation_rules[3]['rules'] .= '|callback__username_check';
  214. }
  215. // Check to see if we are changing emails
  216. if ($member->email != $this->input->post('email'))
  217. {
  218. $this->validation_rules[1]['rules'] .= '|callback__email_check';
  219. }
  220. // Get the profile fields validation array from streams
  221. $this->load->driver('Streams');
  222. $profile_validation = $this->streams->streams->validation_array('profiles', 'users');
  223. // Set the validation rules
  224. $this->form_validation->set_rules(array_merge($this->validation_rules, $profile_validation));
  225. // Get user profile data. This will be passed to our
  226. // streams insert_entry data in the model.
  227. $assignments = $this->streams->streams->get_assignments('profiles', 'users');
  228. $profile_data = array();
  229. foreach ($assignments as $assign)
  230. {
  231. if (isset($_POST[$assign->field_slug]))
  232. {
  233. $profile_data[$assign->field_slug] = $this->input->post($assign->field_slug);
  234. }
  235. else
  236. {
  237. $profile_data[$assign->field_slug] = $member->{$assign->field_slug};
  238. }
  239. }
  240. if ($this->form_validation->run() === true)
  241. {
  242. if (PYRO_DEMO)
  243. {
  244. $this->session->set_flashdata('notice', lang('global:demo_restrictions'));
  245. redirect('admin/users');
  246. }
  247. // Get the POST data
  248. $update_data['email'] = $this->input->post('email');
  249. $update_data['active'] = $this->input->post('active');
  250. $update_data['username'] = $this->input->post('username');
  251. $update_data['group_id'] = $this->input->post('group_id');
  252. $profile_data = array();
  253. // Grab the profile data
  254. foreach ($assignments as $assign)
  255. {
  256. $profile_data[$assign->field_slug] = $this->input->post($assign->field_slug);
  257. }
  258. // We need to manually do display_name
  259. $profile_data['display_name'] = $this->input->post('display_name');
  260. // Password provided, hash it for storage
  261. if ($this->input->post('password'))
  262. {
  263. $update_data['password'] = $this->input->post('password');
  264. }
  265. if ($this->ion_auth->update_user($id, $update_data, $profile_data))
  266. {
  267. // Fire an event. A user has been updated.
  268. Events::trigger('user_updated', $id);
  269. $this->session->set_flashdata('success', $this->ion_auth->messages());
  270. }
  271. else
  272. {
  273. $this->session->set_flashdata('error', $this->ion_auth->errors());
  274. }
  275. redirect('admin/users');
  276. }
  277. else
  278. {
  279. // Dirty hack that fixes the issue of having to re-add all data upon an error
  280. if ($_POST)
  281. {
  282. $member = (object)$_POST;
  283. }
  284. }
  285. // Loop through each validation rule
  286. foreach ($this->validation_rules as $rule)
  287. {
  288. if ($this->input->post($rule['field']) !== false)
  289. {
  290. $member->{$rule['field']} = set_value($rule['field']);
  291. }
  292. }
  293. $this->template
  294. ->title($this->module_details['name'], sprintf(lang('user_edit_title'), $member->username))
  295. ->set('display_name', $member->display_name)
  296. ->set('profile_fields', $this->streams->fields->get_stream_fields('profiles', 'users', $profile_data))
  297. ->set('member', $member)
  298. ->build('admin/form');
  299. }
  300. /**
  301. * Show a user preview
  302. *
  303. * @param int $id The ID of the user.
  304. */
  305. public function preview($id = 0)
  306. {
  307. $user = $this->ion_auth->get_user($id);
  308. $this->template
  309. ->set_layout('modal', 'admin')
  310. ->set('user', $user)
  311. ->build('admin/preview');
  312. }
  313. /**
  314. * Activate users
  315. *
  316. * Grabs the ids from the POST data (key: action_to).
  317. */
  318. public function activate()
  319. {
  320. // Activate multiple
  321. if ( ! ($ids = $this->input->post('action_to')))
  322. {
  323. $this->session->set_flashdata('error', lang('user_activate_error'));
  324. redirect('admin/users');
  325. }
  326. $activated = 0;
  327. $to_activate = 0;
  328. foreach ($ids as $id)
  329. {
  330. if ($this->ion_auth->activate($id))
  331. {
  332. $activated++;
  333. }
  334. $to_activate++;
  335. }
  336. $this->session->set_flashdata('success', sprintf(lang('user_activate_success'), $activated, $to_activate));
  337. redirect('admin/users');
  338. }
  339. /**
  340. * Delete an existing user
  341. *
  342. * @param int $id The ID of the user to delete
  343. */
  344. public function delete($id = 0)
  345. {
  346. if (PYRO_DEMO)
  347. {
  348. $this->session->set_flashdata('notice', lang('global:demo_restrictions'));
  349. redirect('admin/users');
  350. }
  351. $ids = ($id > 0) ? array($id) : $this->input->post('action_to');
  352. if ( ! empty($ids))
  353. {
  354. $deleted = 0;
  355. $to_delete = 0;
  356. $deleted_ids = array();
  357. foreach ($ids as $id)
  358. {
  359. // Make sure the admin is not trying to delete themself
  360. if ($this->ion_auth->get_user()->id == $id)
  361. {
  362. $this->session->set_flashdata('notice', lang('user_delete_self_error'));
  363. continue;
  364. }
  365. if ($this->ion_auth->delete_user($id))
  366. {
  367. $deleted_ids[] = $id;
  368. $deleted++;
  369. }
  370. $to_delete++;
  371. }
  372. if ($to_delete > 0)
  373. {
  374. // Fire an event. One or more users have been deleted.
  375. Events::trigger('user_deleted', $deleted_ids);
  376. $this->session->set_flashdata('success', sprintf(lang('user_mass_delete_success'), $deleted, $to_delete));
  377. }
  378. }
  379. // The array of id's to delete is empty
  380. else
  381. {
  382. $this->session->set_flashdata('error', lang('user_mass_delete_error'));
  383. }
  384. redirect('admin/users');
  385. }
  386. /**
  387. * Username check
  388. *
  389. * @author Ben Edmunds
  390. *
  391. * @param string $username The username.
  392. *
  393. * @return bool
  394. */
  395. public function _username_check($username)
  396. {
  397. if ($this->ion_auth->username_check($username))
  398. {
  399. $this->form_validation->set_message('_username_check', lang('user_error_username'));
  400. return false;
  401. }
  402. return true;
  403. }
  404. /**
  405. * Email check
  406. *
  407. * @author Ben Edmunds
  408. *
  409. * @param string $email The email.
  410. *
  411. * @return bool
  412. */
  413. public function _email_check($email)
  414. {
  415. if ($this->ion_auth->email_check($email))
  416. {
  417. $this->form_validation->set_message('_email_check', lang('user_error_email'));
  418. return false;
  419. }
  420. return true;
  421. }
  422. /**
  423. * Check that a proper group has been selected
  424. *
  425. * @author Stephen Cozart
  426. *
  427. * @param int $group
  428. *
  429. * @return bool
  430. */
  431. public function _group_check($group)
  432. {
  433. if ( ! $this->group_m->get($group))
  434. {
  435. $this->form_validation->set_message('_group_check', lang('regex_match'));
  436. return false;
  437. }
  438. return true;
  439. }
  440. }