diff options
Diffstat (limited to 'modules/user/controllers')
| -rw-r--r-- | modules/user/controllers/admin_users.php | 442 | ||||
| -rw-r--r-- | modules/user/controllers/password.php | 141 | ||||
| -rw-r--r-- | modules/user/controllers/users.php | 239 |
3 files changed, 822 insertions, 0 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php new file mode 100644 index 0000000..ed589a3 --- /dev/null +++ b/modules/user/controllers/admin_users.php @@ -0,0 +1,442 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Admin_Users_Controller extends Admin_Controller { + public function index() { + $view = new Admin_View("admin.html"); + $view->page_title = t("Users and groups"); + $view->page_type = "collection"; + $view->page_subtype = "admin_users"; + $view->content = new View("admin_users.html"); + + // @todo: add this as a config option + $page_size = module::get_var("user", "page_size", 10); + $page = Input::instance()->get("page", "1"); + $builder = db::build(); + $user_count = $builder->from("users")->count_records(); + + // Pagination info + $view->page = $page; + $view->page_size = $page_size; + $view->children_count = $user_count; + $view->max_pages = ceil($view->children_count / $view->page_size); + + $view->content->pager = new Pagination(); + $view->content->pager->initialize( + array("query_string" => "page", + "total_items" => $user_count, + "items_per_page" => $page_size, + "style" => "classic")); + + // Make sure that the page references a valid offset + if ($page < 1) { + url::redirect(url::merge(array("page" => 1))); + } else if ($page > $view->content->pager->total_pages) { + url::redirect(url::merge(array("page" => $view->content->pager->total_pages))); + } + + // Join our users against the items table so that we can get a count of their items + // in the same query. + $view->content->users = ORM::factory("user") + ->order_by("users.name", "ASC") + ->find_all($page_size, $view->content->pager->sql_offset); + $view->content->groups = ORM::factory("group")->order_by("name", "ASC")->find_all(); + + print $view; + } + + public function add_user() { + access::verify_csrf(); + + $form = $this->_get_user_add_form_admin(); + try { + $user = ORM::factory("user"); + $valid = $form->validate(); + $user->name = $form->add_user->inputs["name"]->value; + $user->full_name = $form->add_user->full_name->value; + $user->password = $form->add_user->password->value; + $user->email = $form->add_user->email->value; + $user->url = $form->add_user->url->value; + $user->locale = $form->add_user->locale->value; + $user->admin = $form->add_user->admin->checked; + $user->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->add_user->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { + $user->save(); + module::event("user_add_form_admin_completed", $user, $form); + message::success(t("Created user %user_name", array("user_name" => $user->name))); + json::reply(array("result" => "success")); + } else { + print json::reply(array("result" => "error", "html" => (string)$form)); + } + } + + public function add_user_form() { + print $this->_get_user_add_form_admin(); + } + + public function delete_user($id) { + access::verify_csrf(); + + if ($id == identity::active_user()->id || $id == user::guest()->id) { + access::forbidden(); + } + + $user = user::lookup($id); + if (empty($user)) { + throw new Kohana_404_Exception(); + } + + $form = $this->_get_user_delete_form_admin($user); + if($form->validate()) { + $name = $user->name; + $user->delete(); + } else { + json::reply(array("result" => "error", "html" => (string)$form)); + } + + $message = t("Deleted user %user_name", array("user_name" => $name)); + log::success("user", $message); + message::success($message); + json::reply(array("result" => "success")); + } + + public function delete_user_form($id) { + $user = user::lookup($id); + if (empty($user)) { + throw new Kohana_404_Exception(); + } + $v = new View("admin_users_delete_user.html"); + $v->user = $user; + $v->form = $this->_get_user_delete_form_admin($user); + print $v; + } + + public function edit_user($id) { + access::verify_csrf(); + + $user = user::lookup($id); + if (empty($user)) { + throw new Kohana_404_Exception(); + } + + $form = $this->_get_user_edit_form_admin($user); + try { + $valid = $form->validate(); + $user->name = $form->edit_user->inputs["name"]->value; + $user->full_name = $form->edit_user->full_name->value; + if ($form->edit_user->password->value) { + $user->password = $form->edit_user->password->value; + } + $user->email = $form->edit_user->email->value; + $user->url = $form->edit_user->url->value; + $user->locale = $form->edit_user->locale->value; + if ($user->id != identity::active_user()->id) { + $user->admin = $form->edit_user->admin->checked; + } + + $user->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->edit_user->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { + $user->save(); + module::event("user_edit_form_admin_completed", $user, $form); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); + json::reply(array("result" => "success")); + } else { + json::reply(array("result" => "error", "html" => (string) $form)); + } + } + + public function edit_user_form($id) { + $user = user::lookup($id); + if (empty($user)) { + throw new Kohana_404_Exception(); + } + + print $this->_get_user_edit_form_admin($user); + } + + public function add_user_to_group($user_id, $group_id) { + access::verify_csrf(); + $group = group::lookup($group_id); + $user = user::lookup($user_id); + $group->add($user); + $group->save(); + } + + public function remove_user_from_group($user_id, $group_id) { + access::verify_csrf(); + $group = group::lookup($group_id); + $user = user::lookup($user_id); + $group->remove($user); + $group->save(); + } + + public function group($group_id) { + $view = new View("admin_users_group.html"); + $view->group = group::lookup($group_id); + print $view; + } + + public function add_group() { + access::verify_csrf(); + + $form = $this->_get_group_add_form_admin(); + try { + $valid = $form->validate(); + $group = ORM::factory("group"); + $group->name = $form->add_group->inputs["name"]->value; + $group->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->add_group->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { + $group->save(); + message::success( + t("Created group %group_name", array("group_name" => $group->name))); + json::reply(array("result" => "success")); + } else { + json::reply(array("result" => "error", "html" => (string)$form)); + } + } + + public function add_group_form() { + print $this->_get_group_add_form_admin(); + } + + public function delete_group($id) { + access::verify_csrf(); + + $group = group::lookup($id); + if (empty($group)) { + throw new Kohana_404_Exception(); + } + + $form = $this->_get_group_delete_form_admin($group); + if ($form->validate()) { + $name = $group->name; + $group->delete(); + } else { + json::reply(array("result" => "error", "html" => (string) $form)); + } + + $message = t("Deleted group %group_name", array("group_name" => $name)); + log::success("group", $message); + message::success($message); + json::reply(array("result" => "success")); + } + + public function delete_group_form($id) { + $group = group::lookup($id); + if (empty($group)) { + throw new Kohana_404_Exception(); + } + + print $this->_get_group_delete_form_admin($group); + } + + public function edit_group($id) { + access::verify_csrf(); + + $group = group::lookup($id); + if (empty($group)) { + throw new Kohana_404_Exception(); + } + + $form = $this->_get_group_edit_form_admin($group); + try { + $valid = $form->validate(); + $group->name = $form->edit_group->inputs["name"]->value; + $group->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->edit_group->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { + $group->save(); + message::success( + t("Changed group %group_name", array("group_name" => $group->name))); + json::reply(array("result" => "success")); + } else { + $group->reload(); + message::error( + t("Failed to change group %group_name", array("group_name" => $group->name))); + json::reply(array("result" => "error", "html" => (string) $form)); + } + } + + public function edit_group_form($id) { + $group = group::lookup($id); + if (empty($group)) { + throw new Kohana_404_Exception(); + } + + print $this->_get_group_edit_form_admin($group); + } + + /* User Form Definitions */ + static function _get_user_edit_form_admin($user) { + $form = new Forge( + "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form")); + $group = $form->group("edit_user")->label(t("Edit user")); + $group->input("name")->label(t("Username"))->id("g-username")->value($user->name) + ->error_messages("required", t("A name is required")) + ->error_messages("conflict", t("There is already a user with that username")) + ->error_messages("length", t("This name is too long")); + $group->input("full_name")->label(t("Full name"))->id("g-fullname")->value($user->full_name) + ->error_messages("length", t("This name is too long")); + $group->password("password")->label(t("Password"))->id("g-password") + ->error_messages("min_length", t("This password is too short")); + $group->script("") + ->text( + '$("form").ready(function(){$(\'input[name="password"]\').user_password_strength();});'); + $group->password("password2")->label(t("Confirm password"))->id("g-password2") + ->error_messages("matches", t("The passwords you entered do not match")) + ->matches($group->password); + $group->input("email")->label(t("Email"))->id("g-email")->value($user->email) + ->error_messages("required", t("You must enter a valid email address")) + ->error_messages("length", t("This email address is too long")) + ->error_messages("email", t("You must enter a valid email address")); + $group->input("url")->label(t("URL"))->id("g-url")->value($user->url) + ->error_messages("url", t("You must enter a valid URL")); + self::_add_locale_dropdown($group, $user); + $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); + + // Don't allow the user to control their own admin bit, else you can lock yourself out + if ($user->id == identity::active_user()->id) { + $group->admin->disabled(1); + } + + module::event("user_edit_form_admin", $user, $form); + $group->submit("")->value(t("Modify user")); + return $form; + } + + static function _get_user_add_form_admin() { + $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form")); + $group = $form->group("add_user")->label(t("Add user")); + $group->input("name")->label(t("Username"))->id("g-username") + ->error_messages("required", t("A name is required")) + ->error_messages("length", t("This name is too long")) + ->error_messages("conflict", t("There is already a user with that username")); + $group->input("full_name")->label(t("Full name"))->id("g-fullname") + ->error_messages("length", t("This name is too long")); + $group->password("password")->label(t("Password"))->id("g-password") + ->error_messages("min_length", t("This password is too short")); + $group->script("") + ->text( + '$("form").ready(function(){$(\'input[name="password"]\').user_password_strength();});'); + $group->password("password2")->label(t("Confirm password"))->id("g-password2") + ->error_messages("matches", t("The passwords you entered do not match")) + ->matches($group->password); + $group->input("email")->label(t("Email"))->id("g-email") + ->error_messages("required", t("You must enter a valid email address")) + ->error_messages("length", t("This email address is too long")) + ->error_messages("email", t("You must enter a valid email address")); + $group->input("url")->label(t("URL"))->id("g-url") + ->error_messages("url", t("You must enter a valid URL")); + self::_add_locale_dropdown($group); + $group->checkbox("admin")->label(t("Admin"))->id("g-admin"); + + module::event("user_add_form_admin", $user, $form); + $group->submit("")->value(t("Add user")); + return $form; + } + + private static function _add_locale_dropdown(&$form, $user=null) { + $locales = locales::installed(); + foreach ($locales as $locale => $display_name) { + $locales[$locale] = SafeString::of_safe_html($display_name); + } + + // Put "none" at the first position in the array + $locales = array_merge(array("" => t("« none »")), $locales); + $selected_locale = ($user && $user->locale) ? $user->locale : ""; + $form->dropdown("locale") + ->label(t("Language preference")) + ->options($locales) + ->selected($selected_locale); + } + + private function _get_user_delete_form_admin($user) { + $form = new Forge("admin/users/delete_user/$user->id", "", "post", + array("id" => "g-delete-user-form")); + $group = $form->group("delete_user")->label( + t("Delete user %name?", array("name" => $user->display_name()))); + $group->submit("")->value(t("Delete")); + return $form; + } + + /* Group Form Definitions */ + private function _get_group_edit_form_admin($group) { + $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form")); + $form_group = $form->group("edit_group")->label(t("Edit group")); + $form_group->input("name")->label(t("Name"))->id("g-name")->value($group->name) + ->error_messages("required", t("A name is required")); + $form_group->inputs["name"]->error_messages("conflict", t("There is already a group with that name")) + ->error_messages("required", t("You must enter a group name")) + ->error_messages("length", + t("The group name must be less than %max_length characters", + array("max_length" => 255))); + $form_group->submit("")->value(t("Save")); + return $form; + } + + private function _get_group_add_form_admin() { + $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form")); + $form_group = $form->group("add_group")->label(t("Add group")); + $form_group->input("name")->label(t("Name"))->id("g-name"); + $form_group->inputs["name"]->error_messages("conflict", t("There is already a group with that name")) + ->error_messages("required", t("You must enter a group name")); + $form_group->submit("")->value(t("Add group")); + return $form; + } + + private function _get_group_delete_form_admin($group) { + $form = new Forge("admin/users/delete_group/$group->id", "", "post", + array("id" => "g-delete-group-form")); + $form_group = $form->group("delete_group")->label( + t("Are you sure you want to delete group %group_name?", array("group_name" => $group->name))); + $form_group->submit("")->value(t("Delete")); + return $form; + } +} diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php new file mode 100644 index 0000000..ea14144 --- /dev/null +++ b/modules/user/controllers/password.php @@ -0,0 +1,141 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Password_Controller extends Controller { + const ALLOW_MAINTENANCE_MODE = true; + const ALLOW_PRIVATE_GALLERY = true; + + public function reset() { + $form = self::_reset_form(); + if (request::method() == "post") { + // @todo separate the post from get parts of this function + access::verify_csrf(); + // Basic validation (was some user name specified?) + if ($form->validate()) { + $this->_send_reset($form); + } else { + json::reply(array("result" => "error", "html" => (string)$form)); + } + } else { + print $form; + } + } + + public function do_reset() { + if (request::method() == "post") { + $this->_change_password(); + } else { + $user = user::lookup_by_hash(Input::instance()->get("key")); + if (!empty($user)) { + print $this->_new_password_form($user->hash); + } else { + throw new Exception("@todo FORBIDDEN", 503); + } + } + } + + private function _send_reset($form) { + $user_name = $form->reset->inputs["name"]->value; + $user = user::lookup_by_name($user_name); + if ($user && !empty($user->email)) { + $user->hash = random::hash(); + $user->save(); + $message = new View("reset_password.html"); + $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); + $message->user = $user; + + Sendmail::factory() + ->to($user->email) + ->subject(t("Password Reset Request")) + ->header("Mime-Version", "1.0") + ->header("Content-type", "text/html; charset=UTF-8") + ->message($message->render()) + ->send(); + + log::success( + "user", + t("Password reset email sent for user %name", array("name" => $user->name))); + } else if (!$user) { + // Don't include the username here until you're sure that it's XSS safe + log::warning( + "user", t("Password reset email requested for user %user_name, which does not exist.", + array("user_name" => $user_name))); + } else { + log::warning( + "user", t("Password reset failed for %user_name (has no email address on record).", + array("user_name" => $user->name))); + } + + // Always pretend that an email has been sent to avoid leaking + // information on what user names are actually real. + message::success(t("Password reset email sent")); + json::reply(array("result" => "success")); + } + + private static function _reset_form() { + $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form")); + $group = $form->group("reset")->label(t("Reset Password")); + $group->input("name")->label(t("Username"))->id("g-name")->class(null) + ->rules("required") + ->error_messages("required", t("You must enter a user name")); + $group->submit("")->value(t("Reset")); + + return $form; + } + + private function _new_password_form($hash=null) { + $template = new Theme_View("page.html", "other", "reset"); + + $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form")); + $group = $form->group("reset")->label(t("Change Password")); + $hidden = $group->hidden("hash"); + if (!empty($hash)) { + $hidden->value($hash); + } + $minimum_length = module::get_var("user", "minimum_password_length", 5); + $input_password = $group->password("password")->label(t("Password"))->id("g-password") + ->rules($minimum_length ? "required|length[$minimum_length, 40]" : "length[40]"); + $group->password("password2")->label(t("Confirm Password"))->id("g-password2") + ->matches($group->password); + $group->inputs["password2"]->error_messages( + "mistyped", t("The password and the confirm password must match")); + $group->submit("")->value(t("Update")); + + $template->content = $form; + return $template; + } + + private function _change_password() { + $view = $this->_new_password_form(); + if ($view->content->validate()) { + $user = user::lookup_by_hash(Input::instance()->post("hash")); + if (empty($user)) { + throw new Exception("@todo FORBIDDEN", 503); + } + + $user->password = $view->content->reset->password->value; + $user->hash = null; + $user->save(); + message::success(t("Password reset successfully")); + url::redirect(item::root()->abs_url()); + } else { + print $view; + } + } +}
\ No newline at end of file diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php new file mode 100644 index 0000000..ee81344 --- /dev/null +++ b/modules/user/controllers/users.php @@ -0,0 +1,239 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Users_Controller extends Controller { + public function update($id) { + $user = user::lookup($id); + if (!$user || $user->guest || $user->id != identity::active_user()->id) { + access::forbidden(); + } + + $form = $this->_get_edit_form($user); + try { + $valid = $form->validate(); + $user->full_name = $form->edit_user->full_name->value; + $user->url = $form->edit_user->url->value; + + if (count(locales::installed()) > 1 && + $user->locale != $form->edit_user->locale->value) { + $user->locale = $form->edit_user->locale->value; + $flush_locale_cookie = true; + } + + $user->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->edit_user->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { + if (isset($flush_locale_cookie)) { + // Delete the session based locale preference + setcookie("g_locale", "", time() - 24 * 3600, "/"); + } + + $user->save(); + module::event("user_edit_form_completed", $user, $form); + message::success(t("User information updated")); + json::reply(array("result" => "success", + "resource" => url::site("users/{$user->id}"))); + } else { + json::reply(array("result" => "error", "html" => (string)$form)); + } + } + + public function change_password($id) { + $user = user::lookup($id); + if (!$user || $user->guest || $user->id != identity::active_user()->id) { + access::forbidden(); + } + + $form = $this->_get_change_password_form($user); + try { + $valid = $form->validate(); + $user->password = $form->change_password->password->value; + $user->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->change_password->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { + $user->save(); + module::event("user_change_password_form_completed", $user, $form); + message::success(t("Password changed")); + module::event("user_auth", $user); + module::event("user_password_change", $user); + json::reply(array("result" => "success", + "resource" => url::site("users/{$user->id}"))); + } else { + log::warning("user", t("Failed password change for %name", array("name" => $user->name))); + $name = $user->name; + module::event("user_auth_failed", $name); + json::reply(array("result" => "error", "html" => (string)$form)); + } + } + + public function change_email($id) { + $user = user::lookup($id); + if (!$user || $user->guest || $user->id != identity::active_user()->id) { + access::forbidden(); + } + + $form = $this->_get_change_email_form($user); + try { + $valid = $form->validate(); + $user->email = $form->change_email->email->value; + $user->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->change_email->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { + $user->save(); + module::event("user_change_email_form_completed", $user, $form); + message::success(t("Email address changed")); + module::event("user_auth", $user); + json::reply(array("result" => "success", + "resource" => url::site("users/{$user->id}"))); + } else { + log::warning("user", t("Failed email change for %name", array("name" => $user->name))); + $name = $user->name; + module::event("user_auth_failed", $name); + json::reply(array("result" => "error", "html" => (string)$form)); + } + } + + public function form_edit($id) { + $user = user::lookup($id); + if (!$user || $user->guest || $user->id != identity::active_user()->id) { + access::forbidden(); + } + + print $this->_get_edit_form($user); + } + + public function form_change_password($id) { + $user = user::lookup($id); + if (!$user || $user->guest || $user->id != identity::active_user()->id) { + access::forbidden(); + } + + print $this->_get_change_password_form($user); + } + + public function form_change_email($id) { + $user = user::lookup($id); + if (!$user || $user->guest || $user->id != identity::active_user()->id) { + access::forbidden(); + } + + print $this->_get_change_email_form($user); + } + + private function _get_change_password_form($user) { + $form = new Forge( + "users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form")); + $group = $form->group("change_password")->label(t("Change your password")); + $group->password("old_password")->label(t("Old password"))->id("g-password") + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid_password", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->password("password")->label(t("New password"))->id("g-password") + ->error_messages("min_length", t("Your new password is too short")); + $group->script("") + ->text( + '$("form").ready(function(){$(\'input[name="password"]\').user_password_strength();});'); + $group->password("password2")->label(t("Confirm new password"))->id("g-password2") + ->matches($group->password) + ->error_messages("matches", t("The passwords you entered do not match")); + + module::event("user_change_password_form", $user, $form); + $group->submit("")->value(t("Save")); + return $form; + } + + private function _get_change_email_form($user) { + $form = new Forge( + "users/change_email/$user->id", "", "post", array("id" => "g-change-email-user-form")); + $group = $form->group("change_email")->label(t("Change your email address")); + $group->password("password")->label(t("Current password"))->id("g-password") + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid_password", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->input("email")->label(t("New email address"))->id("g-email")->value($user->email) + ->error_messages("email", t("You must enter a valid email address")) + ->error_messages("length", t("Your email address is too long")) + ->error_messages("required", t("You must enter a valid email address")); + + module::event("user_change_email_form", $user, $form); + $group->submit("")->value(t("Save")); + return $form; + } + + private function _get_edit_form($user) { + $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form")); + $group = $form->group("edit_user")->label(t("Edit your profile")); + $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name) + ->error_messages("length", t("Your name is too long")); + self::_add_locale_dropdown($group, $user); + $group->input("url")->label(t("URL"))->id("g-url")->value($user->url) + ->error_messages("url", t("You must enter a valid url")); + + module::event("user_edit_form", $user, $form); + $group->submit("")->value(t("Save")); + return $form; + } + + /** @todo combine with Admin_Users_Controller::_add_locale_dropdown */ + private function _add_locale_dropdown(&$form, $user=null) { + $locales = locales::installed(); + if (count($locales) <= 1) { + return; + } + + foreach ($locales as $locale => $display_name) { + $locales[$locale] = SafeString::of_safe_html($display_name); + } + + // Put "none" at the first position in the array + $locales = array_merge(array("" => t("« none »")), $locales); + $selected_locale = ($user && $user->locale) ? $user->locale : ""; + $form->dropdown("locale") + ->label(t("Language preference")) + ->options($locales) + ->selected($selected_locale); + } +} |