summaryrefslogtreecommitdiff
path: root/autoload/Todo/UserManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'autoload/Todo/UserManager.php')
-rw-r--r--autoload/Todo/UserManager.php203
1 files changed, 203 insertions, 0 deletions
diff --git a/autoload/Todo/UserManager.php b/autoload/Todo/UserManager.php
new file mode 100644
index 0000000..306eb02
--- /dev/null
+++ b/autoload/Todo/UserManager.php
@@ -0,0 +1,203 @@
+<?php
+
+namespace Todo;
+
+class UserManager extends \Todo\SessionHelper {
+ public function login($f3, $args) {
+ if($this->user !== NULL) {
+ $f3->set('info', 'You are already logged in');
+ $f3->set('content', 'blank.html');
+ return;
+ }
+ $f3->set('content', 'login.html');
+
+ if($f3->get('VERB') !== "POST") {
+ return;
+ }
+
+ $this->user = new \Todo\Model\User($f3->get('DB'));
+ if($this->user->byName($f3->get('POST.name')) && $this->user->verifyPass($f3->get('POST.password')) && $this->user->active) {
+ $f3->set('success', 'Login Successful!');
+ $f3->set('content', 'noListSelected.html');
+ } else {
+ $this->user = NULL;
+ $f3->set('error', 'Username or password is wrong or account is not active.');
+ }
+ }
+
+ public function logout($f3, $args) {
+ $this->user = NULL;
+ $f3->set('success', 'Logout Successful!');
+ $f3->set('content', 'login.html');
+ }
+
+ public function register($f3, $args) {
+ if($this->user !== NULL) {
+ $f3->set('error', 'You already have an account!');
+ $f3->set('content', 'blank.html');
+ return;
+ }
+ $f3->set('content', 'register.html');
+
+ if($f3->get('VERB') !== 'POST') {
+ return;
+ }
+
+ if(($f3->get('POST.password') === '') || ($f3->get('POST.name') === '') || ($f3->get('POST.email') === '')) {
+ $f3->set('error', 'All form inputs must be filled out');
+ return;
+ }
+
+ if($f3->get('POST.password') !== $f3->get('POST.repeatPassword')) {
+ $f3->set('error', 'Passwords do not match');
+ return;
+ }
+
+ $u = new \Todo\Model\User($f3->get('DB'));
+ if($u->register($f3->get('POST.name'), $f3->get('POST.email'), $f3->get('POST.password'))) {
+ $f3->set('username', $u->name);
+ $f3->set('activationurl', 'http://'.$f3->get('HOST').$f3->get('BASE').'/activate/'.$u->id.'/'.$u->code);
+ mail($u->email, 'Activation code for ' . $f3->get('appname'), \Template::instance()->render('mails/activationcode', 'text/plain'), 'From:'.$f3->get('mail_from'));
+
+ $f3->set('success', 'New account created. Check your mails for the activation link.');
+ $f3->set('content', 'blank.html');
+ } else {
+ $f3->set('error', 'Name or E-Mail already in use.');
+ }
+ }
+
+ public function delete($f3, $args) {
+ if($this->needLogin($f3)) {
+ return;
+ }
+
+ $f3->set('content', 'deleteAccount.html');
+
+ if(($f3->get('VERB') == 'POST') && ($f3->get('POST.confirm') == 'OK')) {
+ $this->user->deleteUser();
+ $this->user = NULL;
+ $f3->set('success', 'Account deleted!');
+ $f3->set('content', 'blank.html');
+ }
+ }
+
+ public function activate($f3, $args) {
+ $f3->set('content', 'blank.html');
+
+ $u = new \Todo\Model\User($f3->get('DB'));
+ if(!$u->byID($args['user'])) {
+ $f3->set('error', 'Unknown user.');
+ return;
+ }
+
+ if($u->active) {
+ $f3->set('info', 'Account already activated');
+ return;
+ }
+
+ if($u->code !== $args['code']) {
+ $f3->set('error', 'Wrong activation code!');
+ return;
+ }
+
+ $u->active = true;
+ $u->makeCode(); # set a new random code to prevent double usage
+ $u->save();
+
+ $f3->set('success', 'Account activated!');
+ }
+
+ public function initResetpw($f3, $args) {
+ $f3->set('content', 'pwresetRequest.html');
+
+ if($f3->get('VERB') !== 'POST') {
+ return;
+ }
+
+ $u = new \Todo\Model\User($f3->get('DB'));
+ if(!$u->byEmail($f3->get('POST.email'))) {
+ $f3->set('error', 'No account with this address registered.');
+ return;
+ }
+
+ $u->makeCode();
+ $u->save();
+
+ $f3->set('username', $u->name);
+ $f3->set('reseturl', 'http://'.$f3->get('HOST').$f3->get('BASE').'/pwreset/'.$u->id.'/'.$u->code);
+ mail($u->email, 'Password reset for ' . $f3->get('appname'), \Template::instance()->render('mails/pwreset', 'text/plain'), 'From:'.$f3->get('mail_from'));
+
+ $f3->set('success', 'Password reset link was sent to your E-Mail address.');
+ $f3->set('content', 'blank.html');
+ }
+
+ public function resetpw($f3, $args) {
+ $u = new \Todo\Model\User($f3->get('DB'));
+ if((!$u->byID($args['user'])) || ($u->code !== $args['code'])) {
+ $f3->set('error', 'Invalid password reset link.');
+ $f3->set('content', 'blank.html');
+ return;
+ }
+
+ $f3->set('content', 'pwreset.html');
+ if($f3->get('VERB') !== 'POST') {
+ return;
+ }
+
+ if($f3->get('POST.password') !== $f3->get('POST.repeatPassword')) {
+ $f3->set('error', 'Passwords do not match');
+ return;
+ }
+
+ $u->pwhash = \Bcrypt::instance()->hash($f3->get('POST.password'));
+ $u->makeCode();
+ $u->save();
+
+ $f3->set('success', 'Password changed');
+ $f3->set('content', 'blank.html');
+ }
+
+ public function settings($f3, $args) {
+ if($this->needLogin($f3)) {
+ return;
+ }
+
+ $f3->set('content', 'settings.html');
+ $f3->set('email', $this->user->email);
+
+ if($f3->get('VERB') !== 'POST') {
+ return;
+ }
+
+ $ok = array();
+ $error = array();
+
+ if(($this->user->email !== $f3->get('POST.email')) && ($f3->get('POST.email') !== '')) {
+ $this->user->email = $f3->get('POST.email');
+ $f3->set('email', $this->user->email);
+ $ok[] = 'E-Mail address changed.';
+ }
+
+ if($f3->get('POST.password') !== '') {
+ if($f3->get('POST.password') === $f3->get('POST.repeatPassword')) {
+ $this->user->pwhash = \Bcrypt::instance()->hash($f3->get('POST.password'));
+ $ok[] = 'Password changed.';
+ } else {
+ $error[] = 'Passwords do not match.';
+ }
+ }
+
+ if(!empty($ok)) {
+ $this->user->save();
+ }
+
+ $text = array_reduce(array_merge($ok, $error), function($a, $b) { return $a . ' ' . $b; });
+ if((!empty($ok)) && (!empty($error))) {
+ $f3->set('info', $text);
+ } else if(!empty($ok)) {
+ $f3->set('success', $text);
+ } else if(!empty($error)) {
+ $f3->set('error', $text);
+ }
+ }
+}