summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJesse Morgan <jesse@jesterpm.net>2011-06-02 16:17:25 -0700
committerJesse Morgan <jesse@jesterpm.net ; true>2011-06-02 16:17:25 -0700
commitf08eb1640388e1f067102a22ec40c30f263d92c6 (patch)
treea73f2d21cff6427b9619e7072fc90a228bd7dc78
parent91feef607687b1262a949835cffd850cdd819846 (diff)
Added user management
-rw-r--r--design/database.sql1
-rw-r--r--htdocs/moderate/account.php58
-rw-r--r--htdocs/moderate/admin.css35
-rw-r--r--htdocs/moderate/src/header.inc.php9
-rw-r--r--htdocs/moderate/users/delete.php43
-rw-r--r--htdocs/moderate/users/editor.php126
-rw-r--r--htdocs/moderate/users/index.php47
-rw-r--r--htdocs/src/Post.inc.php3
-rw-r--r--htdocs/src/Source.inc.php78
-rw-r--r--htdocs/src/User.inc.php80
-rw-r--r--htdocs/src/UserIterator.inc.php83
11 files changed, 558 insertions, 5 deletions
diff --git a/design/database.sql b/design/database.sql
index b79316c..412245d 100644
--- a/design/database.sql
+++ b/design/database.sql
@@ -73,6 +73,7 @@ CREATE TABLE user (
password VARCHAR(40) NOT NULL,
source_id INTEGER NOT NULL,
admin TINYINT(1) NOT NULL DEFAULT 0,
+ notify TINYINT(1) NOT NULL,
PRIMARY KEY(id),
UNIQUE KEY(email)
diff --git a/htdocs/moderate/account.php b/htdocs/moderate/account.php
index 5fc87db..ac28b4e 100644
--- a/htdocs/moderate/account.php
+++ b/htdocs/moderate/account.php
@@ -10,11 +10,69 @@
require_once('../src/base.inc.php');
+$error = '';
+
+// Handle form?
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $user = $_SESSION['currentUser'];
+
+ // Change password
+ if (isset($_POST['oldpassword']) and trim($_POST['oldpassword']) != ""
+ and isset($_POST['newpassword']) and trim($_POST['newpassword']) != ""
+ and isset($_POST['newpassword2']) and trim($_POST['newpassword2']) != "") {
+
+ if ($user->authenticate($_POST['oldpassword'])) {
+ if ($_POST['newpassword'] == $_POST['newpassword2']) {
+ $user->setPassword($_POST['newpassword']);
+
+ } else {
+ $error .= '<p>Passwords do not match.</p>';
+ }
+ } else {
+ $error .= '<p>"Old Password" does not match your current password.</p>';
+ }
+ }
+
+ // Set Notify
+ $notify = isset($_POST['notify']) and $_POST['notify'] == '1';
+ $user->setNotify($notify);
+
+ $user->save();
+}
+
+
require_once('src/header.inc.php');
echo "<h3>Your Account</h3>";
+if ($error != '') {
+ echo "<div class=\"errorbox\">$error</div>";
+}
+?>
+
+<form action="" method="post">
+<p>To change your password, enter your old and new passwords
+below.</p>
+<p><label>Old Password:
+ <input type="password" name="oldpassword" /></label></p>
+<p><label>New Password:
+ <input type="password" name="newpassword" /></label></p>
+<p><label>Confirm Password:
+ <input type="password" name="newpassword2" /></label></p>
+
+<div style="margin-top: 2em; margin-bottom: 2em;">
+<p><label><input type="checkbox" name="notify" value=\"1\" <?php
+echo $_SESSION['currentUser']->getNotify() ? 'checked="checked"' : '';
+?>/>
+ Notify when posts are created.</label></p>
+</div>
+
+<p><input type="submit" value="Update Account" /></p>
+
+</form>
+
+<?php
require_once('src/footer.inc.php');
diff --git a/htdocs/moderate/admin.css b/htdocs/moderate/admin.css
index a1e7ed0..65a5a7f 100644
--- a/htdocs/moderate/admin.css
+++ b/htdocs/moderate/admin.css
@@ -18,3 +18,38 @@ h1 {
display: inline-block;
margin-right: 1em;
}
+
+.userrow {
+ padding-left: 5px;
+ width: 50em;
+ margin-bottom: 0.25em;
+}
+
+.header {
+ border-bottom: solid 2px black;
+ margin-bottom: 1em;
+}
+
+.header span {
+ font-weight: bold;
+}
+
+.userrow span {
+ display: inline-block;
+}
+
+.userrow .name {
+ width: 12em;
+}
+
+.userrow .email {
+ width: 20em;
+}
+
+.userrow .admin {
+ width: 5em;
+}
+
+input[type=text] {
+ width: 20em;
+}
diff --git a/htdocs/moderate/src/header.inc.php b/htdocs/moderate/src/header.inc.php
index fc8a06f..30910ec 100644
--- a/htdocs/moderate/src/header.inc.php
+++ b/htdocs/moderate/src/header.inc.php
@@ -34,17 +34,18 @@ if (!isset($_SESSION['currentUser'])) {
<div id="modnav">
<ul>
- <li><a href="">Moderate Posts</a></li>
+ <li><a href="<?= buildUrl('moderate/') ?>">Moderate Posts</a></li>
<?php
// Admin Navigation
if ($_SESSION['currentUser']->isAdmin()) {
- echo "<li><a href=\"". $CONFIG['urlroot'] ."/\">Pages</a></li>";
- echo "<li><a href=\"". $CONFIG['urlroot'] ."/\">Users</a></li>";
+ echo "<li><a href=\"". buildUrl('moderate/pages/') ."\">Pages</a></li>";
+ echo "<li><a href=\"". buildUrl('moderate/users/') ."\">Users</a></li>";
}
?>
- <li><a href="">Account Settings</a></li>
+ <li><a href="<?= buildUrl('moderate/account.php') ?>">
+ Account Settings</a></li>
<li><a href="">Logout</a></li>
</ul>
</div>
diff --git a/htdocs/moderate/users/delete.php b/htdocs/moderate/users/delete.php
new file mode 100644
index 0000000..f721f30
--- /dev/null
+++ b/htdocs/moderate/users/delete.php
@@ -0,0 +1,43 @@
+<?php
+
+/* Foursquare Community Site
+ *
+ * Copyright (C) 2011 Foursquare Church.
+ *
+ * Developers: Jesse Morgan <jmorgan@foursquarestaff.com>
+ *
+ */
+
+require_once('../../src/base.inc.php');
+
+$error = '';
+
+$user = false;
+if (isset($_GET['id']) and is_numeric($_GET['id'])) {
+ $user = User::getById($_GET['id']);
+
+ if ($user !== false and isset($_GET['confirmed'])) {
+ $user->delete();
+
+ header('Location: index.php');
+ }
+
+}
+
+require_once('../src/header.inc.php');
+
+echo "<h3>Delete Users</h3>";
+
+if ($user !== false) {
+ echo "<p>Are you sure you want to delete " . $user->getName() ."?</p>"
+ . "<p><a href=\"delete.php?id=". $user->getId() ."&confirmed\">Yes</a>"
+ . " <a href=\"index.php\">No</a></p>";
+
+} else {
+ echo "<p>No user to delete.</p>";
+}
+
+require_once('../src/footer.inc.php');
+
+?>
+
diff --git a/htdocs/moderate/users/editor.php b/htdocs/moderate/users/editor.php
new file mode 100644
index 0000000..21be99e
--- /dev/null
+++ b/htdocs/moderate/users/editor.php
@@ -0,0 +1,126 @@
+<?php
+
+/* Foursquare Community Site
+ *
+ * Copyright (C) 2011 Foursquare Church.
+ *
+ * Developers: Jesse Morgan <jmorgan@foursquarestaff.com>
+ *
+ */
+
+require_once('../../src/base.inc.php');
+
+$error = '';
+
+// Get the current user object.
+$user = new User();
+if (isset($_GET['id']) and is_numeric($_GET['id'])) {
+ $user = User::getById($_GET['id']);
+}
+
+// Save changes?
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ // Name
+ if (isset($_POST['name']) and trim($_POST['name']) != '') {
+ $user->setName($_POST['name']);
+
+ } else {
+ $error .= '<p>Name is a required field.</p>';
+ }
+
+ // Email
+ if (isset($_POST['email']) and trim($_POST['email']) != '') {
+ $user->setEmail($_POST['email']);
+
+ } else {
+ $error .= '<p>Email is a required field.</p>';
+ }
+
+ // Source
+ if (isset($_POST['source']) and trim($_POST['source']) != '') {
+ $user->setSource($_POST['source']);
+
+ } else {
+ $error .= '<p>Source is a required field.</p>';
+ }
+
+ // Set Admin
+ $admin = isset($_POST['admin']) and $_POST['admin'] == '1';
+ $user->setAdmin($admin);
+
+ // Set Notify
+ $notify = isset($_POST['notify']) and $_POST['notify'] == '1';
+ $user->setNotify($notify);
+
+ // Save the user
+ if ($error == '') {
+ if ($user->save()) {
+ // Return to users list
+ header("Location: index.php");
+
+ } else {
+ $error .= '<p>An error has occured.</p>';
+ }
+ }
+}
+
+require_once('../src/header.inc.php');
+
+echo "<h3>Edit User</h3>";
+
+if ($error != '') {
+ echo "<div class=\"errorbox\">$error</div>";
+}
+
+$url = "editor.php";
+
+if (isset($_GET['id'])) {
+ $url .= '?id=' . $_GET['id'];
+}
+
+echo "<form action=\"$url\" method=\"post\">";
+
+?>
+
+<p><label>Name: <input type="text" name="name" value="<?= $user->getName() ?>" /></label></p>
+<p><label>Email: <input type="text" name="email" value="<?= $user->getEmail() ?>" /></label></p>
+<p><label>Source: <?php sourceDropdown('source', $user->getSource()) ?></label></p>
+<p><label>
+<input type="checkbox" name="admin" value="1" <?= $user->isAdmin() ? 'checked="checked"' : '' ?> />
+Administrator</label></p>
+<p><label>
+<input type="checkbox" name="notify" value="1" <?= $user->getNotify() ? 'checked="checked"' : '' ?> />
+Notify of posts</label></p>
+
+<p>
+<input type="submit" class="bigbutton" value="Save" />
+<a href="index.php" class="bigbutton">Cancel</a>
+</p>
+
+
+</form>
+
+<?php
+
+function sourceDropdown($name, $select) {
+ echo "<select name=\"$name\">";
+
+ foreach(Source::getSources() as $source) {
+ if ($source->getId() == $select) {
+ echo "<option value=\"". $source->getId()
+ ."\" selected=\"selected\">"
+ . $source->getName() ."</option>";
+
+ } else {
+ echo "<option value=\"". $source->getId() ."\">"
+ . $source->getName() ."</option>";
+ }
+ }
+
+ echo "</select>";
+}
+
+require_once('../src/footer.inc.php');
+
+?>
+
diff --git a/htdocs/moderate/users/index.php b/htdocs/moderate/users/index.php
new file mode 100644
index 0000000..cda6232
--- /dev/null
+++ b/htdocs/moderate/users/index.php
@@ -0,0 +1,47 @@
+<?php
+
+/* Foursquare Community Site
+ *
+ * Copyright (C) 2011 Foursquare Church.
+ *
+ * Developers: Jesse Morgan <jmorgan@foursquarestaff.com>
+ *
+ */
+
+require_once('../../src/base.inc.php');
+
+$error = '';
+
+require_once('../src/header.inc.php');
+
+echo "<h3>Users</h3>";
+
+echo "<p><a class=\"bigbutton\" href=\"editor.php\">Create User</a></p>";
+
+$ui = new UserIterator();
+$ui->query();
+
+echo "<div class=\"userrow header\">"
+ . "<span class=\"name\">Name</span>"
+ . " <span class=\"email\">Email</span>"
+ . " <span class=\"admin\">Admin</span>"
+ . " <span class=\"actions\">Actions</span></div>";
+
+foreach ($ui as $user) {
+ printf("<div class=\"userrow\">"
+ . "<span class=\"name\">%s</span>"
+ . " <span class=\"email\"><a href=\"mailto:%s\">%s</a></span>"
+ . " <span class=\"admin\">%s</span>"
+ . " <span class=\"actions\">"
+ . " <a class=\"smallbutton\" href=\"editor.php?id=%s\">edit</a>"
+ . " <a class=\"smallbutton\" href=\"delete.php?id=%s\">delete</a></span></div>",
+ $user->getName(),
+ $user->getEmail(), $user->getEmail(),
+ $user->isAdmin() ? 'Yes' : 'No',
+ $user->getId(), $user->getId()
+ );
+}
+
+require_once('../src/footer.inc.php');
+
+?>
diff --git a/htdocs/src/Post.inc.php b/htdocs/src/Post.inc.php
index 4a109d2..c29b5a9 100644
--- a/htdocs/src/Post.inc.php
+++ b/htdocs/src/Post.inc.php
@@ -98,6 +98,7 @@ class Post {
$this->info['id'] = $ret;
$this->info['stage'] = 'verification';
$this->info['secretid'] = $info['secretid'];
+ $this->indatabase = true;
}
return true;
@@ -116,6 +117,8 @@ class Post {
// Delete Post
$db->delete('post', 'id=' . $this->getId());
+
+ $this->indatabase = false;
}
public function getId() {
diff --git a/htdocs/src/Source.inc.php b/htdocs/src/Source.inc.php
new file mode 100644
index 0000000..e869d20
--- /dev/null
+++ b/htdocs/src/Source.inc.php
@@ -0,0 +1,78 @@
+<?php
+
+/* Foursquare Community Site
+ *
+ * Copyright (C) 2011 Foursquare Church.
+ *
+ * Developers: Jesse Morgan <jmorgan@foursquarestaff.com>
+ *
+ */
+
+require_once "base.inc.php";
+
+class Source {
+ private $info;
+
+
+ public function __construct($info=null) {
+ $this->info = $info;
+ }
+
+ public static function getSources() {
+ $db = getDatabase();
+
+ $query = "SELECT * FROM source ORDER BY name";
+
+ $rows = $db->fetchAssocRows($query);
+
+ $result = array();
+ foreach ($rows as $row) {
+ $source = new Source($row);
+ $result[] = $source;
+ }
+
+ return $result;
+ }
+
+ public static function getById($id) {
+ $where = "id='$id'";
+
+ return Source::getSource($where);
+ }
+
+ private static function getSource($where) {
+ $query = "SELECT * FROM source WHERE $where";
+
+ $db = getDatabase();
+
+ $row = $db->fetchAssocRow($query);
+
+ if ($row) {
+ $source = new Source();
+ $source->info = $row;
+
+ return $source;
+
+ } else {
+ return false;
+ }
+ }
+
+ public function save() {
+ $db = getDatabase();
+
+ // TODO: Implement Save
+ }
+
+ public function getId() {
+ return $this->info['id'];
+ }
+
+ public function getName() {
+ return htmlspecialchars($this->info['name']);
+ }
+}
+
+?>
+
+
diff --git a/htdocs/src/User.inc.php b/htdocs/src/User.inc.php
index 6ad5ebb..0333520 100644
--- a/htdocs/src/User.inc.php
+++ b/htdocs/src/User.inc.php
@@ -12,8 +12,19 @@ require_once "base.inc.php";
class User {
private $info;
+ private $indatabase;
+ public function __construct($info=null) {
+ $this->info = is_null($info) ? array() : $info;
+ if ($info !== null and isset($info['id'])) {
+ $this->indatabase = true;
+
+ } else {
+ $this->indatabase = false;
+ }
+ }
+
public static function getById($id) {
$where = "id='$id'";
@@ -36,6 +47,7 @@ class User {
if ($row) {
$user = new User();
$user->info = $row;
+ $user->indatabase = true;
return $user;
@@ -47,7 +59,45 @@ class User {
public function save() {
$db = getDatabase();
- // TODO: Implement save
+ // Cleanup Info
+ foreach ($this->info as $key=>$value)
+ $info[$key] = addslashes($value);
+
+ // Save or create?
+ if ($this->indatabase) {
+ try {
+ $db->update('user', $info, "WHERE `id`='"
+ . $this->getId() ."'");
+ return true;
+
+ } catch (Cif_Database_Exception $e) {
+ return false;
+ }
+
+ } else {
+ // Creating... set special fields.
+ try {
+ $ret = $db->insert('user', $info);
+
+ if ($ret) {
+ $this->info['id'] = $ret;
+ $this->indatabase = true;
+ }
+
+ return true;
+
+ } catch (Cif_Database_Exception $e) {
+ return false;
+ }
+ }
+ }
+
+ public function delete() {
+ $db = getDatabase();
+
+ $db->delete('user', 'id=' . $this->getId());
+
+ $this->indatabase = false;
}
public function getId() {
@@ -58,10 +108,34 @@ class User {
return $this->info['name'];
}
+ public function setName($value) {
+ $this->info['name'] = $value;
+ }
+
public function getEmail() {
return $this->info['email'];
}
+ public function setEmail($value) {
+ $this->info['email'] = $value;
+ }
+
+ public function getNotify() {
+ return $this->info['notify'];
+ }
+
+ public function setNotify($value) {
+ $this->info['notify'] = $value ? 1 : 0;
+ }
+
+ public function getSource() {
+ return $this->info['source_id'];
+ }
+
+ public function setSource($value) {
+ $this->info['source_id'] = $value;
+ }
+
public function setPassword($password) {
$this->info['password'] = sha1($password);
}
@@ -73,6 +147,10 @@ class User {
public function isAdmin() {
return $this->info['admin'] == 1;
}
+
+ public function setAdmin($value) {
+ $this->info['admin'] = $value ? 1 : 0;
+ }
}
?>
diff --git a/htdocs/src/UserIterator.inc.php b/htdocs/src/UserIterator.inc.php
new file mode 100644
index 0000000..2f8fef2
--- /dev/null
+++ b/htdocs/src/UserIterator.inc.php
@@ -0,0 +1,83 @@
+<?php
+
+/* Foursquare Community Site
+ *
+ * Copyright (C) 2011 Foursquare Church.
+ *
+ * Developers: Jesse Morgan <jmorgan@foursquarestaff.com>
+ *
+ */
+
+require_once "base.inc.php";
+
+class UserIterator implements Iterator {
+ private $where;
+ private $rows;
+ private $position;
+ private $order;
+ private $limit;
+
+ public function __construct() {
+ $this->where = array();
+ $this->rows = array();
+ $this->position = 0;
+ $this->order = "name asc";
+ $this->limit = 0;
+ }
+
+ public function filterNotify($notify) {
+ $sqlnotify = $notify ? '1' : '0';
+ $this->where[] = "notify='$sqlnotify'";
+ }
+
+ public function orderBy($order) {
+ $this->order = $order;
+ }
+
+ public function limit($limit) {
+ $this->limit = $limit;
+ }
+
+ public function rewind() {
+ $this->position = 0;
+ }
+
+ public function current() {
+ return new User($this->rows[$this->position]);
+ }
+
+ public function key() {
+ return $this->rows[$this->position]['id'];
+ }
+
+ public function next() {
+ ++$this->position;
+ }
+
+ public function valid() {
+ return isset($this->rows[$this->position]);
+ }
+
+ public function query() {
+ $query = "SELECT * FROM user";
+
+ if (count($this->where) > 0) {
+ $where = join(' AND ', $this->where);
+ $query .= " WHERE $where";
+ }
+
+ $query .= " ORDER BY ". $this->order;
+
+ if ($this->limit != 0) {
+ $query .= " LIMIT ". $this->limit;
+ }
+
+ $db = getDatabase();
+
+ $this->rows = $db->fetchAssocRows($query);
+ $this->position = 0;
+ }
+}
+
+?>
+