diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2018-12-24 13:15:26 +0100 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2018-12-24 13:15:26 +0100 |
| commit | 1181795d8fa682571bd7e970eeefd43ed90aa30b (patch) | |
| tree | a90b5149b772103a7f0d1dcd7dc42242062e105d /app/class | |
| parent | 452f5801b62b191123f9ded6c02844275ab62259 (diff) | |
| download | wcms-1181795d8fa682571bd7e970eeefd43ed90aa30b.tar.gz wcms-1181795d8fa682571bd7e970eeefd43ed90aa30b.zip | |
user level
Diffstat (limited to 'app/class')
| -rw-r--r-- | app/class/controlleruser.php | 56 | ||||
| -rw-r--r-- | app/class/modeluser.php | 4 |
2 files changed, 40 insertions, 20 deletions
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php index ffbfecb..792877d 100644 --- a/app/class/controlleruser.php +++ b/app/class/controlleruser.php @@ -24,7 +24,7 @@ class Controlleruser extends Controller if(empty($user->id()) || $this->usermanager->get($user)) { $this->routedirectget('user', ['error' => 'wrong_id']); } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password())) { - $this->routedirectget('user', ['error' => 'wrong_password']); + $this->routedirectget('user', ['error' => 'change_password']); } else { $this->usermanager->add($user); $this->routedirect('user'); @@ -34,24 +34,44 @@ class Controlleruser extends Controller public function update() { - if($_POST['action'] === 'delete') { - $user = new User($_POST); - $user = $this->usermanager->get($user); - if($user !== false) { - var_dump($user); - var_dump($this->user); - if($user->id() === $this->user->id()) { - $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => false]); - } else { - $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => true]); - } - } else { - $this->routedirect('user'); + if($this->user->isadmin() && isset($_POST['action'])) { + switch ($_POST['action']) { + case 'delete': + $user = new User($_POST); + $user = $this->usermanager->get($user); + if($user !== false) { + if($user->id() === $this->user->id()) { + $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => false]); + } else { + $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => true]); + } + } else { + $this->routedirect('user'); + } + break; + + case 'confirmdelete': + $user = new User($_POST); + $this->usermanager->delete($user); + $this->routedirect('user'); + break; + + case 'update': + $user = $this->usermanager->get($_POST['id']); + $user->hydrate($_POST); + if(empty($user->id())) { + $this->routedirectget('user', ['error' => 'wrong_id']); + } elseif (empty($user->password()) | $this->usermanager->passwordexist($user->password())) { + $this->routedirectget('user', ['error' => 'change_password']); + } elseif (empty($user->level())) { + $this->routedirectget('user', ['error' => 'wrong_level']); + } else { + $this->usermanager->add($user); + $this->routedirect('user'); + } } - } elseif ($_POST['action'] == 'confirmdelete') { - $user = new User($_POST); - $this->usermanager->delete($user); - $this->routedirect('user'); + } else { + $this->routedirect('home'); } } } diff --git a/app/class/modeluser.php b/app/class/modeluser.php index 42c2f4c..ffe04ed 100644 --- a/app/class/modeluser.php +++ b/app/class/modeluser.php @@ -24,12 +24,12 @@ class Modeluser extends Modeldb public function readsession() { $userdatas = []; - if (array_key_exists('user' . Config::basepath(), $_SESSION)) { + if (array_key_exists('user' . Config::basepath(), $_SESSION) && isset($_SESSION['user' . Config::basepath()]['id'])) { $userdatas = $_SESSION['user' . Config::basepath()]; $user = new User($userdatas); return $user; } else { - return false; + return new User(['id' => '', 'level' => 0]); } } |