diff options
| author | Frédéric Guillot <fguillot@users.noreply.github.com> | 2014-03-25 21:25:54 -0400 |
|---|---|---|
| committer | Frédéric Guillot <fguillot@users.noreply.github.com> | 2014-03-25 21:25:54 -0400 |
| commit | 34711f584651205cb6738b49df285d93a35393b5 (patch) | |
| tree | f07a05279d36140b3b71313e0ed50e081709558b /controllers/user.php | |
| parent | 0d55f5aa35d21b79c5d79f7214c4c9e05b1d2684 (diff) | |
Ask the current password before changing a user password
Diffstat (limited to 'controllers/user.php')
| -rw-r--r-- | controllers/user.php | 78 |
1 files changed, 64 insertions, 14 deletions
diff --git a/controllers/user.php b/controllers/user.php index e5b2030b..bc5c48fe 100644 --- a/controllers/user.php +++ b/controllers/user.php @@ -4,9 +4,19 @@ namespace Controller; require_once __DIR__.'/base.php'; +/** + * User controller + * + * @package controller + * @author Frederic Guillot + */ class User extends Base { - // Display access forbidden page + /** + * Display access forbidden page + * + * @access public + */ public function forbidden() { $this->response->html($this->template->layout('user_forbidden', array( @@ -15,14 +25,22 @@ class User extends Base ))); } - // Logout and destroy session + /** + * Logout and destroy session + * + * @access public + */ public function logout() { $this->session->close(); $this->response->redirect('?controller=user&action=login'); } - // Display the form login + /** + * Display the form login + * + * @access public + */ public function login() { if (isset($_SESSION['user'])) $this->response->redirect('?controller=app'); @@ -35,7 +53,11 @@ class User extends Base ))); } - // Check credentials + /** + * Check credentials + * + * @access public + */ public function check() { $values = $this->request->getValues(); @@ -51,7 +73,11 @@ class User extends Base ))); } - // List all users + /** + * List all users + * + * @access public + */ public function index() { $users = $this->user->getAll(); @@ -67,7 +93,11 @@ class User extends Base ))); } - // Display a form to create a new user + /** + * Display a form to create a new user + * + * @access public + */ public function create() { $this->response->html($this->template->layout('user_new', array( @@ -79,7 +109,11 @@ class User extends Base ))); } - // Validate and save a new user + /** + * Validate and save a new user + * + * @access public + */ public function save() { $values = $this->request->getValues(); @@ -105,14 +139,18 @@ class User extends Base ))); } - // Display a form to edit a user + /** + * Display a form to edit a user + * + * @access public + */ public function edit() { $user = $this->user->getById($this->request->getIntegerParam('user_id')); if (! $user) $this->notfound(); - if (! $_SESSION['user']['is_admin'] && $_SESSION['user']['id'] != $user['id']) { + if ($this->acl->isRegularUser() && $this->acl->getUserId() != $user['id']) { $this->forbidden(); } @@ -127,17 +165,21 @@ class User extends Base ))); } - // Validate and update a user + /** + * Validate and update a user + * + * @access public + */ public function update() { $values = $this->request->getValues(); - if ($_SESSION['user']['is_admin'] == 1) { + if ($this->acl->isAdminUser()) { $values += array('is_admin' => 0); } else { - if ($_SESSION['user']['id'] != $values['id']) { + if ($this->acl->getUserId() != $values['id']) { $this->forbidden(); } @@ -168,7 +210,11 @@ class User extends Base ))); } - // Confirmation dialog before to remove a user + /** + * Confirmation dialog before to remove a user + * + * @access public + */ public function confirm() { $user = $this->user->getById($this->request->getIntegerParam('user_id')); @@ -182,7 +228,11 @@ class User extends Base ))); } - // Remove a user + /** + * Remove a user + * + * @access public + */ public function remove() { $user_id = $this->request->getIntegerParam('user_id'); |