From 8d8f625ea20e10cf6fb053fab73c2ef7a559dc87 Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Mon, 24 Dec 2018 11:43:06 +0100
Subject: user delete

---
 app/class/application.php                |  1 +
 app/class/controller.php                 | 10 ++++++++++
 app/class/controlleruser.php             | 19 ++++++++++++++++++-
 app/class/modeluser.php                  | 18 ++++++++++++++++++
 app/class/routes.php                     |  1 -
 app/class/user.php                       |  3 ++-
 app/view/templates/user.php              | 20 +++++++++-----------
 app/view/templates/userconfirmdelete.php | 17 +++++++++++++++++
 8 files changed, 75 insertions(+), 14 deletions(-)
 create mode 100644 app/view/templates/userconfirmdelete.php

(limited to 'app')

diff --git a/app/class/application.php b/app/class/application.php
index d75df51..39cdd8a 100644
--- a/app/class/application.php
+++ b/app/class/application.php
@@ -29,6 +29,7 @@ class Application
         } elseif(isset($_POST['userinit'])) {
             $userdata = $_POST['userinit'];
             $userdata['level'] = 10;
+            //$userdata['id'] = idclean($userdata['id']);
             $user = new User($userdata);
             $this->usermanager->add($user);
             header('Location: ./');
diff --git a/app/class/controller.php b/app/class/controller.php
index 956d3b5..5dfc09b 100644
--- a/app/class/controller.php
+++ b/app/class/controller.php
@@ -64,6 +64,16 @@ class Controller
         $this->redirect($this->router->generate($route, $vars));
     }
 
+    public function routedirectget(string $route, array $vars = [])
+    {
+        $get = '?';
+        foreach ($vars as $key => $value) {
+            $get .= $key .'='. $value. '&';
+        }
+        $get = rtrim($get, '&');
+        $this->redirect($this->router->generate($route, []) . $get);
+    }
+
 }
 
 
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php
index 78dd6c1..00b7246 100644
--- a/app/class/controlleruser.php
+++ b/app/class/controlleruser.php
@@ -21,11 +21,28 @@ class Controlleruser extends Controller
     {
         if(isset($_POST['id'])) {
             $user = new User($_POST);
-            if(!$this->usermanager->get($user)) {
+            if(empty($user->id()) || $this->usermanager->get($user)) {
+                $this->routedirectget('user', ['error' => 'wrong_id']);
+            } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password())) {
+                $this->routedirectget('user', ['error' => 'wrong_password']);
+            } else {
                 $this->usermanager->add($user);
+                $this->routedirect('user');
             }
         }
     }
+
+    public function update()
+    {
+        if($_POST['action'] === 'delete') {
+            $user = new User($_POST);
+            $this->showtemplate('userconfirmdelete', ['userdelete' => $user]);
+        } elseif ($_POST['action'] == 'confirmdelete') {
+            $user = new User($_POST);
+            $this->usermanager->delete($user);
+            $this->routedirect('user');
+        }
+    }
 }
 
 
diff --git a/app/class/modeluser.php b/app/class/modeluser.php
index 3a5e9f0..e4b7eee 100644
--- a/app/class/modeluser.php
+++ b/app/class/modeluser.php
@@ -109,6 +109,19 @@ class Modeluser extends Modeldb
             return true;
         }
     }
+
+    public function passwordexist(string $pass)
+    {
+        $userdatalist = $this->repo->query()
+		->where('password', '==', $pass)
+		->execute();
+
+        if($userdatalist->total() === 0) {
+            return false;
+        } else {
+            return true;
+        }
+    }
     
     public function add(User $user)
 	{
@@ -133,6 +146,11 @@ class Modeluser extends Modeldb
 		} else {
 			return false;
 		}
+    }
+    
+	public function delete(User $user)
+	{
+		$this->repo->delete($user->id());
 	}
 
 
diff --git a/app/class/routes.php b/app/class/routes.php
index 811422f..a72d2e9 100644
--- a/app/class/routes.php
+++ b/app/class/routes.php
@@ -27,7 +27,6 @@ class Routes
             ['GET', '/!user', 'Controlleruser#desktop', 'user'],
             ['POST', '/!user/add', 'Controlleruser#add', 'useradd'],
             ['POST', '/!user/update', 'Controlleruser#update', 'userupdate'],
-            ['POST', '/!user/delete', 'Controlleruser#delete', 'userdelete'],
             ['GET', '/!info', 'Controllerinfo#desktop', 'info'],
             ['GET', '/!font/render', 'Controllerfont#render', 'fontrender'],
             ['POST', '/!font/add', 'Controllerfont#add', 'fontadd'],
diff --git a/app/class/user.php b/app/class/user.php
index fa6589c..8fb152f 100644
--- a/app/class/user.php
+++ b/app/class/user.php
@@ -59,8 +59,9 @@ class User
 
     public function setid($id)
     {
+        $id = idclean($id);
         if (strlen($id) < Model::MAX_ID_LENGTH and is_string($id)) {
-			$this->id = idclean($id);
+			$this->id = $id;
 		}
     }
         
diff --git a/app/view/templates/user.php b/app/view/templates/user.php
index 8615f3d..f973fee 100644
--- a/app/view/templates/user.php
+++ b/app/view/templates/user.php
@@ -18,10 +18,10 @@
 <tr>
     <form action="<?= $this->url('useradd') ?>" method="post">
     <td>
-            <input type="text" name="id" required>
+            <input type="text" name="id" maxlength="128" required>
     </td>
     <td>
-        <input type="password" name="password" minlength="4" maxlenght="64" required>
+        <input type="password" name="password" minlength="4" maxlength="64" required>
     </td>
     <td>
         <select name="level" id="level">
@@ -29,6 +29,7 @@
             <option value="2">invite</option>
             <option value="3">editor</option>
             <option value="4">super editor</option>
+            <option value="10">admin</option>
         </select>
     </td>
     <td>
@@ -43,14 +44,14 @@ foreach ($userlist as $user ) {
     ?>
     
     <tr>
-    <form action="<?= $this->url('userupdate') ?>">
+    <form action="<?= $this->url('userupdate') ?>" method="post">
 
     <td>
     <?= $user->id() ?>
     </td>
 
     <td>
-    <input type="password" name="password" placeholder="<?= str_repeat('°', $user->password('int')) ?>" min="4" max="64" required>
+    <input type="password" name="password" placeholder="<?= str_repeat('°', $user->password('int')) ?>" minlength="4" maxlength="64" >
     </td>
 
     <td>
@@ -59,16 +60,16 @@ foreach ($userlist as $user ) {
             <option value="2" <?= $user->level() === 2 ? 'selected' : '' ?>>invite</option>
             <option value="3" <?= $user->level() === 3 ? 'selected' : '' ?>>editor</option>
             <option value="4" <?= $user->level() === 4 ? 'selected' : '' ?>>super editor</option>
+            <option value="10" <?= $user->level() === 10 ? 'selected' : '' ?>>admin</option>
     </select>
     </td>
 
     <td>
-    <input type="submit" value="update">
+    <input type="hidden" name="id" value="<?= $user->id() ?>">
+    <input type="submit" name="action" value="update">
+    <input type="submit" name="action" value="delete">
     </form>
 
-    <form action="<?= $this->url('userdelete') ?>" method="post">
-    <input type="submit" value="delete">
-    </form>
     </td>
 
     </tr>
@@ -79,9 +80,6 @@ foreach ($userlist as $user ) {
 
 </table>
 
-<?php var_dump($userlist); ?>
-    
-
 </main>
 </body>
 
diff --git a/app/view/templates/userconfirmdelete.php b/app/view/templates/userconfirmdelete.php
new file mode 100644
index 0000000..342775f
--- /dev/null
+++ b/app/view/templates/userconfirmdelete.php
@@ -0,0 +1,17 @@
+
+
+<h1>Delete User</h1>
+
+<h2>Id : <?= $userdelete->id() ?></h2>
+<h2>Level : <?= $userdelete->level() ?></h2>
+
+
+
+<form action="<?= $this->url('userupdate') ?>" method="post">
+
+<input type="hidden" name="id" value="<?= $userdelete->id() ?>">
+
+<input type="submit" name="action" value="confirmdelete">
+
+
+</form>
\ No newline at end of file
-- 
cgit v1.2.3