Initial commit

1 files changed, 203 insertions, 0 deletions

diff --git a/autoload/Todo/UserManager.php b/autoload/Todo/UserManager.php
new file mode 100644
index 0000000..306eb02
--- /dev/null
+++ b/autoload/Todo/UserManager.php
@@ -0,0 +1,203 @@
+<?php
+
+namespace Todo;
+
+class UserManager extends \Todo\SessionHelper {
+	public function login($f3, $args) {
+		if($this->user !== NULL) {
+			$f3->set('info', 'You are already logged in');
+			$f3->set('content', 'blank.html');
+			return;
+		}
+		$f3->set('content', 'login.html');
+		
+		if($f3->get('VERB') !== "POST") {
+			return;
+		}
+		
+		$this->user = new \Todo\Model\User($f3->get('DB'));
+		if($this->user->byName($f3->get('POST.name')) && $this->user->verifyPass($f3->get('POST.password')) && $this->user->active) {
+			$f3->set('success', 'Login Successful!');
+			$f3->set('content', 'noListSelected.html');
+		} else {
+			$this->user = NULL;
+			$f3->set('error', 'Username or password is wrong or account is not active.');
+		}
+	}
+
+	public function logout($f3, $args) {
+		$this->user = NULL;
+		$f3->set('success', 'Logout Successful!');
+		$f3->set('content', 'login.html');
+	}
+
+	public function register($f3, $args) {
+		if($this->user !== NULL) {
+			$f3->set('error', 'You already have an account!');
+			$f3->set('content', 'blank.html');
+			return;
+		}
+		$f3->set('content', 'register.html');
+		
+		if($f3->get('VERB') !== 'POST') {
+			return;
+		}
+		
+		if(($f3->get('POST.password') === '') || ($f3->get('POST.name') === '') || ($f3->get('POST.email') === '')) {
+			$f3->set('error', 'All form inputs must be filled out');
+			return;
+		}
+			
+		if($f3->get('POST.password') !== $f3->get('POST.repeatPassword')) {
+			$f3->set('error', 'Passwords do not match');
+			return;
+		}
+		
+		$u = new \Todo\Model\User($f3->get('DB'));
+		if($u->register($f3->get('POST.name'), $f3->get('POST.email'), $f3->get('POST.password'))) {
+			$f3->set('username', $u->name);
+			$f3->set('activationurl', 'http://'.$f3->get('HOST').$f3->get('BASE').'/activate/'.$u->id.'/'.$u->code);
+			mail($u->email, 'Activation code for ' . $f3->get('appname'), \Template::instance()->render('mails/activationcode', 'text/plain'), 'From:'.$f3->get('mail_from'));
+				
+			$f3->set('success', 'New account created. Check your mails for the activation link.');
+			$f3->set('content', 'blank.html');
+		} else {
+			$f3->set('error', 'Name or E-Mail already in use.');
+		}
+	}
+
+	public function delete($f3, $args) {
+		if($this->needLogin($f3)) {
+			return;
+		}
+		
+		$f3->set('content', 'deleteAccount.html');
+		
+		if(($f3->get('VERB') == 'POST') && ($f3->get('POST.confirm') == 'OK')) {
+			$this->user->deleteUser();
+			$this->user = NULL;
+			$f3->set('success', 'Account deleted!');
+			$f3->set('content', 'blank.html');
+		}
+	}
+
+	public function activate($f3, $args) {
+		$f3->set('content', 'blank.html');
+		
+		$u = new \Todo\Model\User($f3->get('DB'));
+		if(!$u->byID($args['user'])) {
+			$f3->set('error', 'Unknown user.');
+			return;
+		}
+		
+		if($u->active) {
+			$f3->set('info', 'Account already activated');
+			return;
+		}
+		
+		if($u->code !== $args['code'])  {
+			$f3->set('error', 'Wrong activation code!');
+			return;
+		}
+		
+		$u->active = true;
+		$u->makeCode(); # set a new random code to prevent double usage
+		$u->save();
+		
+		$f3->set('success', 'Account activated!');
+	}
+
+	public function initResetpw($f3, $args) {
+		$f3->set('content', 'pwresetRequest.html');
+		
+		if($f3->get('VERB') !== 'POST') {
+			return;
+		}
+		
+		$u = new \Todo\Model\User($f3->get('DB'));
+		if(!$u->byEmail($f3->get('POST.email'))) {
+			$f3->set('error', 'No account with this address registered.');
+			return;
+		}
+		
+		$u->makeCode();
+		$u->save();
+		
+		$f3->set('username', $u->name);
+		$f3->set('reseturl', 'http://'.$f3->get('HOST').$f3->get('BASE').'/pwreset/'.$u->id.'/'.$u->code);
+		mail($u->email, 'Password reset for ' . $f3->get('appname'), \Template::instance()->render('mails/pwreset', 'text/plain'), 'From:'.$f3->get('mail_from'));
+		
+		$f3->set('success', 'Password reset link was sent to your E-Mail address.');
+		$f3->set('content', 'blank.html');
+	}
+	
+	public function resetpw($f3, $args) {
+		$u = new \Todo\Model\User($f3->get('DB'));
+		if((!$u->byID($args['user'])) || ($u->code !== $args['code'])) {
+			$f3->set('error', 'Invalid password reset link.');
+			$f3->set('content', 'blank.html');
+			return;
+		}
+		
+		$f3->set('content', 'pwreset.html');
+		if($f3->get('VERB') !== 'POST') {
+			return;
+		}
+		
+		if($f3->get('POST.password') !== $f3->get('POST.repeatPassword')) {
+			$f3->set('error', 'Passwords do not match');
+			return;
+		}
+		
+		$u->pwhash = \Bcrypt::instance()->hash($f3->get('POST.password'));
+		$u->makeCode();
+		$u->save();
+		
+		$f3->set('success', 'Password changed');
+		$f3->set('content', 'blank.html');
+	}
+	
+	public function settings($f3, $args) {
+		if($this->needLogin($f3)) {
+			return;
+		}
+		
+		$f3->set('content', 'settings.html');
+		$f3->set('email', $this->user->email);
+		
+		if($f3->get('VERB') !== 'POST') {
+			return;
+		}
+		
+		$ok = array();
+		$error = array();
+		
+		if(($this->user->email !== $f3->get('POST.email')) && ($f3->get('POST.email') !== '')) {
+			$this->user->email = $f3->get('POST.email');
+			$f3->set('email', $this->user->email);
+			$ok[] = 'E-Mail address changed.';
+		}
+		
+		if($f3->get('POST.password') !== '') {
+			if($f3->get('POST.password') === $f3->get('POST.repeatPassword')) {
+				$this->user->pwhash = \Bcrypt::instance()->hash($f3->get('POST.password'));
+				$ok[] = 'Password changed.';
+			} else {
+				$error[] = 'Passwords do not match.';
+			}
+		}
+		
+		if(!empty($ok)) {
+			$this->user->save();
+		}
+		
+		$text = array_reduce(array_merge($ok, $error), function($a, $b) { return $a . ' ' . $b; });
+		if((!empty($ok)) && (!empty($error))) {
+			$f3->set('info', $text);
+		} else if(!empty($ok)) {
+			$f3->set('success', $text);
+		} else if(!empty($error)) {
+			$f3->set('error', $text);
+		}
+	}
+}