From 74116240dd82a8a3830d4686dc7dacdbe4a7cf30 Mon Sep 17 00:00:00 2001 From: Andy Smith Date: Fri, 19 Aug 2011 20:33:37 +0100 Subject: [PATCH] More user changes, including profile page --- application/config/constants.php | 1 + application/controllers/user.php | 75 +++++++++++++++++++++++++---- application/models/user_model.php | 73 ++++++++++++++++------------ application/views/layout/header.php | 2 +- application/views/user/edit.php | 59 ++++++++++++++++++----- application/views/user/profile.php | 45 +++++++++++++++++ 6 files changed, 203 insertions(+), 52 deletions(-) create mode 100644 application/views/user/profile.php diff --git a/application/config/constants.php b/application/config/constants.php index ac98132e..ee1fded6 100644 --- a/application/config/constants.php +++ b/application/config/constants.php @@ -41,6 +41,7 @@ define('EEMAILEXISTS', 'E-mail address already exists'); define('EUSERNAMEEXISTS', 'Username already exists'); define('EPASSWORDINVALID', 'Invalid password'); define('ENOSUCHUSER', 'No such user'); +define('EFORBIDDEN', 'Forbidden'); define('OK', 'OK'); diff --git a/application/controllers/user.php b/application/controllers/user.php index 9c0b1350..caf7826e 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -72,34 +72,81 @@ class User extends CI_Controller { function edit() { $this->load->model('user_model'); - if(!$this->user_model->authorize(99)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); } + if((!$this->user_model->authorize(99)) && ($this->session->userdata('user_id') != $this->uri->segment(3))) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); } $query = $this->user_model->get_by_id($this->uri->segment(3)); $this->load->library('form_validation'); $this->form_validation->set_rules('user_name', 'Username', 'required'); $this->form_validation->set_rules('user_email', 'E-mail', 'required'); - $this->form_validation->set_rules('user_type', 'Type', 'required'); + if($this->session->userdata('user_type') == 99) + { + $this->form_validation->set_rules('user_type', 'Type', 'required'); + } - $data = $query->row(); if ($this->form_validation->run() == FALSE) { $this->load->view('layout/header'); - if($this->input->post('user_name')) - { + $q = $query->row(); + + $data['id'] = $q->user_id; + + if($this->input->post('user_name')) { $data['user_name'] = $this->input->post('user_name'); - $data['user_email'] = $this->input->post('user_email'); - $data['user_password'] = $this->input->post('user_password'); - $data['user_type'] = $this->input->post('user_type'); + } else { + $data['user_name'] = $q->user_name; } + + if($this->input->post('user_email')) { + $data['user_email'] = $this->input->post('user_email'); + } else { + $data['user_email'] = $q->user_email; + } + + if($this->input->post('user_password')) { + $data['user_password'] = $this->input->post('user_password'); + } else { + $data['user_password'] = $q->user_password; + } + + if($this->input->post('user_type')) { + $data['user_type'] = $this->input->post('user_type'); + } else { + $data['user_type'] = $q->user_type; + } + + if($this->input->post('user_callsign')) { + $data['user_callsign'] = $this->input->post('user_callsign'); + } else { + $data['user_callsign'] = $q->user_callsign; + } + + if($this->input->post('user_locator')) { + $data['user_locator'] = $this->input->post('user_locator'); + } else { + $data['user_locator'] = $q->user_locator; + } + + if($this->input->post('user_firstname')) { + $data['user_firstname'] = $this->input->post('user_firstname'); + } else { + $data['user_firstname'] = $q->user_firstname; + } + + if($this->input->post('user_lastname')) { + $data['user_lastname'] = $this->input->post('user_lastname'); + } else { + $data['user_lastname'] = $q->user_lastname; + } + $this->load->view('user/edit', $data); $this->load->view('layout/footer'); } else { unset($data); - switch($this->user_model->edit($this->input->post('id'), $this->input->post('user_name'), $this->input->post('user_password'), $this->input->post('user_email'), $this->input->post('user_type'))) { + switch($this->user_model->edit($this->input->post())) { // Check for errors case EUSERNAMEEXISTS: $data['username_error'] = 'Username '.$this->input->post('user_name').' already in use!'; @@ -126,6 +173,16 @@ class User extends CI_Controller { } } + function profile() { + $this->load->model('user_model'); + $query = $this->user_model->get_by_id($this->session->userdata('user_id')); + + $this->load->view('layout/header'); + $data = $query->row(); + $this->load->view('user/profile', $data); + $this->load->view('layout/footer'); + } + function delete() { $this->load->model('user_model'); if(!$this->user_model->authorize(99)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); } diff --git a/application/models/user_model.php b/application/models/user_model.php index bb55f170..b0734ba1 100644 --- a/application/models/user_model.php +++ b/application/models/user_model.php @@ -104,40 +104,53 @@ class User_Model extends CI_Model { // FUNCTION: bool edit() // Edit a user - function edit($id, $username, $password, $email, $type) { + function edit($fields) { + + // Check user privileges + if(($this->session->userdata('user_type') == 99) || ($this->session->userdata('user_id') == $fields['id'])) { + if($this->exists_by_id($fields['id'])) { + $data = array( + 'user_name' => $fields['user_name'], + 'user_email' => $fields['user_email'], + 'user_callsign' => $fields['user_callsign'], + 'user_locator' => $fields['user_locator'], + 'user_firstname' => $fields['user_firstname'], + 'user_lastname' => $fields['user_lastname'] + ); - if($this->exists_by_id($id)) { - $data = array( - 'user_name' => $username, - 'user_email' => $email, - 'user_type' => $type - ); - - // Check to see if username is used already - if($this->exists($username) && $this->get($username)->row()->user_id != $id) { - return EUSERNAMEEXISTS; - } - // Check to see if email address is used already - if($this->exists_by_email($email) && $this->get_by_email($email)->row()->user_id != $id) { - return EEMAILEXISTS; - } - - // Hash password - if($password != NULL) - { - $data['user_password'] = $this->_hash($password); - if($data['user_password'] == EPASSWORDINVALID) { - return EPASSWORDINVALID; + // Check to see if the user is allowed to change user levels + if($this->session->userdata('user_type') == 99) { + $data['user_type'] = $fields['user_type']; + } + + // Check to see if username is used already + if($this->exists($fields['user_name']) && $this->get($fields['user_name'])->row()->user_id != $fields['id']) { + return EUSERNAMEEXISTS; + } + // Check to see if email address is used already + if($this->exists_by_email($fields['user_email']) && $this->get_by_email($fields['user_email'])->row()->user_id != $fields['id']) { + return EEMAILEXISTS; + } + + // Hash password + if($fields['user_password'] != NULL) + { + $data['user_password'] = $this->_hash($fields['user_password']); + if($data['user_password'] == EPASSWORDINVALID) { + return EPASSWORDINVALID; + } } - } - // Update the user - $this->db->where('user_id', $this->input->post('id')); - $this->db->update($this->config->item('auth_table'), $data); - return OK; + // Update the user + $this->db->where('user_id', $fields['id']); + $this->db->update($this->config->item('auth_table'), $data); + return OK; + } else { + return ENOSUCHUSER; + } } else { - return 0; - } + return EFORBIDDEN; + } } // FUNCTION: bool delete() diff --git a/application/views/layout/header.php b/application/views/layout/header.php index 304cd1dd..657204d0 100644 --- a/application/views/layout/header.php +++ b/application/views/layout/header.php @@ -150,7 +150,7 @@ margin: 10px 0; config->item('use_auth')) { ?>