API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 12th, 2017
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.32 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. class UserController extends AppController {
  4.  
  5. public $components = array('Session', 'Captcha', 'API');
  6.  
  7. function get_captcha() {
  8. $this->autoRender = false;
  9. App::import('Component','Captcha');
  10.  
  11. //generate random charcters for captcha
  12. $random = mt_rand(100, 99999);
  13.  
  14. //save characters in session
  15. $this->Session->write('captcha_code', $random);
  16.  
  17. $settings = array(
  18. 'characters' => $random,
  19. 'winHeight' => 50, // captcha image height
  20. 'winWidth' => 220, // captcha image width
  21. 'fontSize' => 25, // captcha image characters fontsize
  22. 'fontPath' => WWW_ROOT.'tahomabd.ttf', // captcha image font
  23. 'noiseColor' => '#ccc',
  24. 'bgColor' => '#fff',
  25. 'noiseLevel' => '100',
  26. 'textColor' => '#000'
  27. );
  28.  
  29. $img = $this->Captcha->ShowImage($settings);
  30. echo $img;
  31. }
  32.  
  33. function ajax_register() {
  34. $this->autoRender = false;
  35. $this->response->type('json');
  36. if($this->request->is('Post')) { // si la requête est bien un post
  37. if(!empty($this->request->data['pseudo']) && !empty($this->request->data['password']) && !empty($this->request->data['password_confirmation']) && !empty($this->request->data['email'])) { // si tout les champs sont bien remplis
  38.  
  39. // Captcha
  40. if($this->Configuration->getKey('captcha_type') == "2") { // ReCaptcha
  41.  
  42. $validCaptcha = $this->Util->isValidReCaptcha($this->request->data['recaptcha'], $this->Util->getIP(), $this->Configuration->getKey('captcha_google_secret'));
  43.  
  44. } else {
  45.  
  46. $captcha = $this->Session->read('captcha_code');
  47. $validCaptcha = (!empty($captcha) && $captcha == $this->request->data['captcha']);
  48.  
  49. }
  50. //
  51.  
  52. if($validCaptcha) { // on check le captcha déjà
  53. $this->loadModel('User');
  54. $isValid = $this->User->validRegister($this->request->data, $this->Util);
  55. if($isValid === true) { // on vérifie si y'a aucune erreur
  56.  
  57. $eventData = $this->request->data;
  58. $eventData['password'] = $this->Util->password($eventData['password'], $eventData['pseudo']);
  59. $event = new CakeEvent('beforeRegister', $this, array('data' => $eventData));
  60. $this->getEventManager()->dispatch($event);
  61. if($event->isStopped()) {
  62. return $event->result;
  63. }
  64.  
  65. // on enregistre
  66. $userSession = $this->User->register($this->request->data, $this->Util);
  67.  
  68. // On envoie le mail de confirmation si demandé
  69. if($this->Configuration->getKey('confirm_mail_signup')) {
  70.  
  71. $confirmCode = substr(md5(uniqid()), 0, 12);
  72.  
  73. $emailMsg = $this->Lang->get('EMAIL__CONTENT_CONFIRM_MAIL', array(
  74. '{LINK}' => Router::url('/user/confirm/', true).$confirmCode,
  75. '{IP}' => $this->Util->getIP(),
  76. '{USERNAME}' => $this->request->data['pseudo'],
  77. '{DATE}' => $this->Lang->date(date('Y-m-d H:i:s'))
  78. ));
  79.  
  80. $email = $this->Util->prepareMail(
  81. $this->request->data['email'],
  82. $this->Lang->get('EMAIL__TITLE_CONFIRM_MAIL'),
  83. $emailMsg
  84. )->sendMail();
  85.  
  86. if($email) {
  87.  
  88. $this->User->read(null, $this->User->getLastInsertID());
  89. $this->User->set(array('confirmed' => $confirmCode));
  90. $this->User->save();
  91.  
  92. }
  93.  
  94. }
  95.  
  96. if(!$this->Configuration->getKey('confirm_mail_signup_block')) { // si on doit pas bloquer le compte si non confirmé
  97. // on prépare la connexion
  98. $this->Session->write('user', $userSession);
  99.  
  100. $event = new CakeEvent('onLogin', $this, array('user' => $this->User->getAllFromCurrentUser(), 'register' => true));
  101. $this->getEventManager()->dispatch($event);
  102. if($event->isStopped()) {
  103. return $event->result;
  104. }
  105. }
  106.  
  107. // on dis que c'est bon
  108. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__REGISTER_SUCCESS'))));
  109.  
  110. } else { // si c'est pas bon, on envoie le message d'erreur retourné par l'étape de validation
  111. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get($isValid))));
  112. }
  113. } else {
  114. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('FORM__INVALID_CAPTCHA'))));
  115. }
  116. } else {
  117. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
  118. }
  119. } else {
  120. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
  121. }
  122. }
  123.  
  124. function ajax_login() {
  125. $this->autoRender = false;
  126. $this->response->type('json');
  127. if($this->request->is('Post')) {
  128. if(!empty($this->request->data['pseudo']) && !empty($this->request->data['password'])) {
  129.  
  130. $need_confirmed_email = ($this->Configuration->getKey('confirm_mail_signup') && $this->Configuration->getKey('confirm_mail_signup_block'));
  131.  
  132. $login = $this->User->login($this->request->data, $need_confirmed_email, $this->Util);
  133. if(isset($login['status']) && $login['status'] === true) {
  134.  
  135. $event = new CakeEvent('onLogin', $this, array('user' => $this->User->getAllFromUser($this->request->data['pseudo'])));
  136. $this->getEventManager()->dispatch($event);
  137. if($event->isStopped()) {
  138. return $event->result;
  139. }
  140.  
  141. if($this->request->data['remember_me']) {
  142. $this->Cookie->write('remember_me', array('pseudo' => $this->request->data['pseudo'], 'password' => $this->User->getFromUser('password', $this->request->data['pseudo'])), true, '1 week');
  143. }
  144.  
  145. $this->Session->write('user', $login['session']);
  146.  
  147. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__REGISTER_LOGIN'))));
  148.  
  149. } else {
  150. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get($login))));
  151. }
  152.  
  153. } else {
  154. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
  155. }
  156. } else {
  157. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
  158. }
  159. }
  160.  
  161. function confirm($code = false) {
  162. $this->autoRender = false;
  163. if(isset($code)) {
  164.  
  165. $find = $this->User->find('first', array('conditions' => array('confirmed' => $code)));
  166.  
  167. if(!empty($find)) {
  168.  
  169. $event = new CakeEvent('beforeConfirmAccount', $this, array('user_id' => $find['User']['id']));
  170. $this->getEventManager()->dispatch($event);
  171. if($event->isStopped()) {
  172. return $event->result;
  173. }
  174.  
  175. $this->User->read(null, $find['User']['id']);
  176. $this->User->set(array('confirmed' => date('Y-m-d H:i:s')));
  177. $this->User->save();
  178.  
  179. $userSession = $find['User']['id'];
  180.  
  181. $this->loadModel('Notification');
  182. $this->Notification->setToUser($this->Lang->get('USER__CONFIRM_NOTIFICATION'), $find['User']['id']);
  183.  
  184. $this->Session->write('user', $userSession);
  185.  
  186. $event = new CakeEvent('onLogin', $this, array('user' => $this->User->getAllFromCurrentUser(), 'confirmAccount' => true));
  187. $this->getEventManager()->dispatch($event);
  188. if($event->isStopped()) {
  189. return $event->result;
  190. }
  191.  
  192. $this->redirect(array('action' => 'profile'));
  193.  
  194. } else {
  195. throw new NotFoundException();
  196. }
  197.  
  198. } else {
  199. throw new NotFoundException();
  200. }
  201. }
  202.  
  203. function ajax_lostpasswd() {
  204. $this->layout = null;
  205. $this->autoRender = false;
  206. $this->response->type('json');
  207. if($this->request->is('ajax')) {
  208. if(!empty($this->request->data['email'])) {
  209. $this->loadModel('User');
  210. if(filter_var($this->request->data['email'], FILTER_VALIDATE_EMAIL)) {
  211. $search = $this->User->find('first', array('conditions' => array('email' => $this->request->data['email'])));
  212. if(!empty($search)) {
  213. $this->loadModel('Lostpassword');
  214. $key = substr(md5(rand().date('sihYdm')), 0, 10);
  215.  
  216. $to = $this->request->data['email'];
  217. $subject = $this->Lang->get('USER__PASSWORD_RESET_LINK');
  218. $message = $this->Lang->get('USER__PASSWORD_RESET_EMAIL_CONTENT', array(
  219. '{EMAIL}' => $this->request->data['email'],
  220. '{PSEUDO}' => $search['User']['pseudo'],
  221. '{LINK}' => Router::url('/?resetpasswd_'.$key, true)
  222. ));
  223.  
  224.  
  225. $event = new CakeEvent('beforeSendResetPassMail', $this, array('user_id' => $search['User']['id'], 'key' => $key));
  226. $this->getEventManager()->dispatch($event);
  227. if($event->isStopped()) {
  228. return $event->result;
  229. }
  230.  
  231.  
  232. if($this->Util->prepareMail($to, $subject, $message)->sendMail()) {
  233. $this->Lostpassword->create();
  234. $this->Lostpassword->set(array(
  235. 'email' => $this->request->data['email'],
  236. 'key' => $key
  237. ));
  238. $this->Lostpassword->save();
  239. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__PASSWORD_FORGOT_EMAIL_SUCCESS'))));
  240. } else {
  241. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__INTERNAL_ERROR'))));
  242. }
  243. } else {
  244. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_NOT_FOUND'))));
  245. }
  246. } else {
  247. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_VALID'))));
  248. }
  249. } else {
  250. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
  251. }
  252. } else {
  253. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
  254. }
  255. }
  256.  
  257. function ajax_resetpasswd() {
  258. $this->autoRender = false;
  259. $this->response->type('json');
  260. if($this->request->is('ajax')) {
  261. if(!empty($this->request->data['password']) AND !empty($this->request->data['password2']) AND !empty($this->request->data['email']) && !empty($this->request->data['key'])) {
  262.  
  263. $reset = $this->User->resetPass($this->request->data, $this);
  264. if(isset($reset['status']) && $reset['status'] === true) {
  265. $this->Session->write('user', $reset['session']);
  266.  
  267. $this->History->set('RESET_PASSWORD', 'user');
  268.  
  269. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__PASSWORD_RESET_SUCCESS'))));
  270. } else {
  271. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get($reset))));
  272. }
  273. } else {
  274. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
  275. }
  276. } else {
  277. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
  278. }
  279. }
  280.  
  281. function logout() {
  282. $this->autoRender = false;
  283.  
  284. $event = new CakeEvent('onLogout', $this, array('session' => $this->Session->read('user')));
  285. $this->getEventManager()->dispatch($event);
  286. if($event->isStopped()) {
  287. return $event->result;
  288. }
  289.  
  290. if($this->Cookie->read('remember_me')) {
  291. $this->Cookie->delete('remember_me');
  292. }
  293.  
  294. $this->Session->delete('user');
  295. $this->redirect($this->referer());
  296. }
  297.  
  298. function uploadSkin() {
  299. $this->autoRender = false;
  300. $this->response->type('json');
  301.  
  302. if($this->isConnected && $this->API->can_skin()) {
  303. if($this->request->is('post')) {
  304.  
  305. $skin_max_size = 10000000; // octet
  306.  
  307. $this->loadModel('ApiConfiguration');
  308. $ApiConfiguration = $this->ApiConfiguration->find('first');
  309. $target_config = $ApiConfiguration['ApiConfiguration']['skin_filename'];
  310.  
  311. $filename = substr($target_config, (strrpos($target_config, '/') + 1));
  312. $filename = str_replace('{PLAYER}', $this->User->getKey('pseudo'), $filename);
  313. $filename = str_replace('php', '', $filename);
  314. $filename = str_replace('.', '', $filename);
  315. $filename = $filename.'.png';
  316.  
  317. $target = substr($target_config, 0, (strrpos($target_config, '/') + 1));
  318. $target = WWW_ROOT.'/'.$target;
  319.  
  320. $width_max = $ApiConfiguration['ApiConfiguration']['skin_width']; // pixel
  321. $height_max = $ApiConfiguration['ApiConfiguration']['skin_height']; // pixel
  322.  
  323. $isValidImg = $this->Util->isValidImage($this->request, array('png'), $width_max, $height_max, $skin_max_size);
  324.  
  325. if(!$isValidImg['status']) {
  326. $this->response->body(json_encode(array('statut' => false, 'msg' => $isValidImg['msg'])));
  327. return;
  328. } else {
  329. $infos = $isValidImg['infos'];
  330. }
  331.  
  332. if(!$this->Util->uploadImage($this->request, $target.$filename)) {
  333. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('FORM__ERROR_WHEN_UPLOAD'))));
  334. return;
  335. }
  336.  
  337. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('API__UPLOAD_SKIN_SUCCESS'))));
  338.  
  339. }
  340.  
  341. } else {
  342. throw new ForbiddenException();
  343. }
  344. }
  345.  
  346. function uploadCape() {
  347. $this->autoRender = false;
  348. $this->response->type('json');
  349.  
  350. if($this->isConnected && $this->API->can_cape()) {
  351. if($this->request->is('post')) {
  352.  
  353. $cape_max_size = 10000000; // octet
  354.  
  355. $this->loadModel('ApiConfiguration');
  356. $ApiConfiguration = $this->ApiConfiguration->find('first');
  357. $target_config = $ApiConfiguration['ApiConfiguration']['cape_filename'];
  358.  
  359. $filename = substr($target_config, (strrpos($target_config, '/') + 1));
  360. $filename = str_replace('{PLAYER}', $this->User->getKey('pseudo'), $filename);
  361. $filename = str_replace('php', '', $filename);
  362. $filename = str_replace('.', '', $filename);
  363. $filename = $filename.'.png';
  364.  
  365. $target = substr($target_config, 0, (strrpos($target_config, '/') + 1));
  366. $target = WWW_ROOT.'/'.$target;
  367.  
  368. $width_max = $ApiConfiguration['ApiConfiguration']['cape_width']; // pixel
  369. $height_max = $ApiConfiguration['ApiConfiguration']['cape_height']; // pixel
  370.  
  371. $isValidImg = $this->Util->isValidImage($this->request, array('png'), $width_max, $height_max, $cape_max_size);
  372.  
  373. if(!$isValidImg['status']) {
  374. $this->response->body(json_encode(array('statut' => false, 'msg' => $isValidImg['msg'])));
  375. return;
  376. } else {
  377. $infos = $isValidImg['infos'];
  378. }
  379.  
  380. if(!$this->Util->uploadImage($this->request, $target.$filename)) {
  381. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('FORM__ERROR_WHEN_UPLOAD'))));
  382. return;
  383. }
  384.  
  385. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('API__UPLOAD_CAPE_SUCCESS'))));
  386.  
  387. }
  388.  
  389. } else {
  390. throw new ForbiddenException();
  391. }
  392. }
  393.  
  394. function profile() {
  395. if($this->isConnected) {
  396.  
  397. $this->loadModel('User');
  398.  
  399. $this->set('title_for_layout', $this->User->getKey('pseudo'));
  400. $this->layout= $this->Configuration->getKey('layout');
  401. if($this->EyPlugin->isInstalled('eywek.shop.1')) {
  402. $this->set('shop_active', true);
  403. } else {
  404. $this->set('shop_active', false);
  405. }
  406.  
  407. $available_ranks = array(0 => $this->Lang->get('USER__RANK_MEMBER'), 2 => $this->Lang->get('USER__RANK_MODERATOR'), 3 => $this->Lang->get('USER__RANK_ADMINISTRATOR'), 4 => $this->Lang->get('USER__RANK_ADMINISTRATOR'), 5 => $this->Lang->get('USER__RANK_BANNED'));
  408. $this->loadModel('Rank');
  409. $custom_ranks = $this->Rank->find('all');
  410. foreach ($custom_ranks as $key => $value) {
  411. $available_ranks[$value['Rank']['rank_id']] = $value['Rank']['name'];
  412. }
  413. $this->set(compact('available_ranks'));
  414.  
  415. $api = $this->API->getIp($this->User->getKey('pseudo'));
  416. $this->set(compact('api'));
  417.  
  418. $this->set('can_cape', $this->API->can_cape());
  419. $this->set('can_skin', $this->API->can_skin());
  420.  
  421. $this->loadModel('ApiConfiguration');
  422. $configAPI = $this->ApiConfiguration->find('first');
  423. $skin_width_max = $configAPI['ApiConfiguration']['skin_width'];
  424. $skin_height_max = $configAPI['ApiConfiguration']['skin_height'];
  425. $cape_width_max = $configAPI['ApiConfiguration']['cape_width'];
  426. $cape_height_max = $configAPI['ApiConfiguration']['cape_height'];
  427.  
  428. $this->set(compact('skin_width_max', 'skin_height_max', 'cape_width_max', 'cape_height_max'));
  429.  
  430. $confirmed = $this->User->getKey('confirmed');
  431. if($this->Configuration->getKey('confirm_mail_signup') && !empty($confirmed) && date('Y-m-d H:i:s', strtotime($confirmed)) != $confirmed) { // si ca ne correspond pas à une date -> compte non confirmé
  432. $this->Session->setFlash($this->Lang->get('USER__MSG_NOT_CONFIRMED_EMAIL', array('{URL_RESEND_EMAIL}' => Router::url(array('action' => 'resend_confirmation')))), 'default.warning');
  433. }
  434.  
  435. } else {
  436. $this->redirect('/');
  437. }
  438. }
  439.  
  440. function resend_confirmation() {
  441. if($this->isConnected) {
  442.  
  443. $confirmed = $this->User->getKey('confirmed');
  444. if($this->Configuration->getKey('confirm_mail_signup') && !empty($confirmed) && date('Y-m-d H:i:s', strtotime($confirmed)) != $confirmed) {
  445.  
  446. $emailMsg = $this->Lang->get('EMAIL__CONTENT_CONFIRM_MAIL', array(
  447. '{LINK}' => Router::url('/user/confirm/', true).$confirmed,
  448. '{IP}' => $this->Util->getIP(),
  449. '{USERNAME}' => $this->User->getKey('pseudo'),
  450. '{DATE}' => $this->Lang->date(date('Y-m-d H:i:s'))
  451. ));
  452.  
  453. $email = $this->Util->prepareMail(
  454. $this->User->getKey('email'),
  455. $this->Lang->get('EMAIL__TITLE_CONFIRM_MAIL'),
  456. $emailMsg
  457. )->sendMail();
  458.  
  459. if($email) {
  460. $this->Session->setFlash($this->Lang->get('USER__CONFIRM_EMAIL_RESEND_SUCCESS'), 'default.success');
  461. } else {
  462. $this->Session->setFlash($this->Lang->get('USER__CONFIRM_EMAIL_RESEND_FAIL'), 'default.error');
  463. }
  464.  
  465. $this->redirect(array('action' => 'profile'));
  466. }
  467.  
  468. }
  469.  
  470. throw new NotFoundException();
  471. }
  472.  
  473. function change_pw() {
  474. $this->autoRender = false;
  475. $this->response->type('json');
  476. if($this->isConnected) {
  477. if($this->request->is('ajax')) {
  478. if(!empty($this->request->data['password']) AND !empty($this->request->data['password_confirmation'])) {
  479. $password = $this->Util->password($this->request->data['password'], $this->User->getKey('pseudo'));
  480. $password_confirmation = $this->Util->password($this->request->data['password_confirmation'], $this->User->getKey('pseudo'));
  481. if($password == $password_confirmation) {
  482.  
  483. $event = new CakeEvent('beforeUpdatePassword', $this, array('user' => $this->User->getAllFromCurrentUser(), 'new_password' => $password));
  484. $this->getEventManager()->dispatch($event);
  485. if($event->isStopped()) {
  486. return $event->result;
  487. }
  488.  
  489. $this->User->setKey('password', $password);
  490. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__PASSWORD_UPDATE_SUCCESS'))));
  491. } else {
  492. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_PASSWORDS_NOT_SAME'))));
  493. }
  494. } else {
  495. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
  496. }
  497. } else {
  498. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
  499. }
  500. } else {
  501. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_MUST_BE_LOGGED'))));
  502. }
  503. }
  504.  
  505. function change_email() {
  506. $this->autoRender = false;
  507. $this->response->type('json');
  508. if($this->isConnected && $this->Permissions->can('EDIT_HIS_EMAIL')) {
  509. if($this->request->is('ajax')) {
  510. if(!empty($this->request->data['email']) AND !empty($this->request->data['email_confirmation'])) {
  511. if($this->request->data['email'] == $this->request->data['email_confirmation']) {
  512. if(filter_var($this->request->data['email'], FILTER_VALIDATE_EMAIL)) {
  513.  
  514. $event = new CakeEvent('beforeUpdateEmail', $this, array('user' => $this->User->getAllFromCurrentUser(), 'new_email' => $this->request->data['email']));
  515. $this->getEventManager()->dispatch($event);
  516. if($event->isStopped()) {
  517. return $event->result;
  518. }
  519.  
  520. $this->User->setKey('email', $this->request->data['email']);
  521. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__EMAIL_UPDATE_SUCCESS'))));
  522. } else {
  523. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_VALID'))));
  524. }
  525. } else {
  526. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_SAME'))));
  527. }
  528. } else {
  529. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
  530. }
  531. } else {
  532. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
  533. }
  534. } else {
  535. throw new ForbiddenException();
  536. }
  537. }
  538.  
  539. function admin_index() {
  540. if($this->isConnected AND $this->Permissions->can('MANAGE_USERS')) {
  541.  
  542. $this->set('title_for_layout',$this->Lang->get('USER__TITLE'));
  543. $this->layout = 'admin';
  544.  
  545. $this->set('type', $this->Configuration->getKey('member_page_type'));
  546.  
  547. } else {
  548. $this->redirect('/');
  549. }
  550. }
  551.  
  552. function admin_liveSearch($query = false) {
  553. $this->autoRender = false;
  554. $this->response->type('json');
  555. if($this->isConnected AND $this->Permissions->can('MANAGE_USERS')) {
  556. if($query != false) {
  557.  
  558. $result = $this->User->find('all', array('conditions' => array('pseudo LIKE' => $query.'%')));
  559.  
  560.  
  561. foreach ($result as $key => $value) {
  562.  
  563. $users[] = array('pseudo' => $value['User']['pseudo'], 'id' => $value['User']['id']);
  564.  
  565. }
  566.  
  567. $response = (empty($result)) ? array('status' => false) : array('status' => true, 'data' => $users);
  568. $this->response->body($response);
  569.  
  570. } else {
  571. $this->response->body(json_encode(array('status' => false)));
  572. }
  573. } else {
  574. $this->response->body(json_encode(array('status' => false)));
  575. }
  576. }
  577.  
  578. public function admin_get_users() {
  579. if($this->isConnected AND $this->Permissions->can('MANAGE_USERS')) {
  580. $this->autoRender = false;
  581. $this->response->type('json');
  582.  
  583. if($this->request->is('ajax')) {
  584.  
  585. $available_ranks = array(
  586. 0 => array('label' => 'success', 'name' => $this->Lang->get('USER__RANK_MEMBER')),
  587. 2 => array('label' => 'warning', 'name' => $this->Lang->get('USER__RANK_MODERATOR')),
  588. 3 => array('label' => 'danger', 'name' => $this->Lang->get('USER__RANK_ADMINISTRATOR')),
  589. 4 => array('label' => 'danger', 'name' => $this->Lang->get('USER__RANK_ADMINISTRATOR')),
  590. 5 => array('label' => 'primary', 'name' => $this->Lang->get('USER__RANK_BANNED'))
  591. );
  592. $this->loadModel('Rank');
  593. $custom_ranks = $this->Rank->find('all');
  594. foreach ($custom_ranks as $key => $value) {
  595. $available_ranks[$value['Rank']['rank_id']] = array('label' => 'info', 'name' => $value['Rank']['name']);
  596. }
  597.  
  598. $this->DataTable = $this->Components->load('DataTable');
  599. $this->modelClass = 'User';
  600. $this->DataTable->initialize($this);
  601. $this->paginate = array(
  602. 'fields' => array('User.id','User.pseudo','User.email','User.created','User.rank'),
  603. );
  604. $this->DataTable->mDataProp = true;
  605.  
  606. $response = $this->DataTable->getResponse();
  607.  
  608. $users = $response['aaData'];
  609. $data = array();
  610. foreach ($users as $key => $value) {
  611.  
  612. $username = $value['User']['pseudo'];
  613. $date = 'Le '.$this->Lang->date($value['User']['created']);
  614.  
  615. $rank_label = (isset($available_ranks[$value['User']['rank']])) ? $available_ranks[$value['User']['rank']]['label'] : $available_ranks[0]['label'];
  616. $rank_name = (isset($available_ranks[$value['User']['rank']])) ? $available_ranks[$value['User']['rank']]['name'] : $available_ranks[0]['name'];
  617. $rank = '<span class="label label-'.$rank_label.'">'.$rank_name.'</span>';
  618.  
  619. $btns = '<a href="'.Router::url(array('controller' => 'user', 'action' => 'edit/'.$value["User"]["id"], 'admin' => true)).'" class="btn btn-info">'.$this->Lang->get('GLOBAL__EDIT').'</a>';
  620. $btns .= '&nbsp;<a onClick="confirmDel(\''.Router::url(array('controller' => 'user', 'action' => 'delete/'.$value["User"]["id"], 'admin' => true)).'\')" class="btn btn-danger">'.$this->Lang->get('GLOBAL__DELETE').'</button>';
  621.  
  622. $data[] = array(
  623. 'User' => array(
  624. 'pseudo' => $username,
  625. 'email' => $value['User']['email'],
  626. 'created' => $date,
  627. 'rank' => $rank
  628. ),
  629. 'actions' => $btns
  630. );
  631.  
  632. }
  633.  
  634. $response['aaData'] = $data;
  635.  
  636. $this->response->body(json_encode($response));
  637.  
  638. }
  639. }
  640. }
  641.  
  642. function admin_edit($search = false) {
  643. if($this->isConnected AND $this->Permissions->can('MANAGE_USERS')) {
  644. if($search != false) {
  645.  
  646. $this->layout = 'admin';
  647. $this->set('title_for_layout',$this->Lang->get('USER__EDIT_TITLE'));
  648. $this->loadModel('User');
  649. $find = $this->User->find('all', array('conditions' => $this->User->__makeCondition($search)));
  650.  
  651. if(!empty($find)) {
  652. $search_user = $find[0]['User'];
  653. $this->loadModel('History');
  654. $findHistory = $this->History->getLastFromUser($search_user['id']);
  655. $search_user['History'] = $this->History->format($findHistory, $this->Lang);
  656.  
  657. $options_ranks = array(
  658. 0 => $this->Lang->get('USER__RANK_MEMBER'),
  659. 2 => $this->Lang->get('USER__RANK_MODERATOR'),
  660. 3 => $this->Lang->get('USER__RANK_ADMINISTRATOR'),
  661. 4 => $this->Lang->get('USER__RANK_SUPER_ADMINISTRATOR'),
  662. 5 => $this->Lang->get('USER__RANK_BANNED')
  663. );
  664. $this->loadModel('Rank');
  665. $custom_ranks = $this->Rank->find('all');
  666. foreach ($custom_ranks as $key => $value) {
  667. $options_ranks[$value['Rank']['rank_id']] = $value['Rank']['name'];
  668. }
  669.  
  670. if($this->Configuration->getKey('confirm_mail_signup') && !empty($search_user['confirmed']) && date('Y-m-d H:i:s', strtotime($search_user['confirmed'])) != $search_user['confirmed']) {
  671. $search_user['confirmed'] = false;
  672. } else {
  673. $search_user['confirmed'] = true;
  674. }
  675.  
  676. $this->set(compact('options_ranks'));
  677.  
  678. $this->set(compact('search_user'));
  679. } else {
  680. throw new NotFoundException();
  681. }
  682. } else {
  683. throw new NotFoundException();
  684. }
  685. } else {
  686. $this->redirect('/');
  687. }
  688. }
  689.  
  690. function admin_confirm($user_id = false) {
  691. $this->autoRender = false;
  692. if(isset($user_id) && $this->isConnected AND $this->Permissions->can('MANAGE_USERS')) {
  693.  
  694. $find = $this->User->find('first', array('conditions' => array('id' => $user_id)));
  695.  
  696. if(!empty($find)) {
  697.  
  698. $event = new CakeEvent('beforeConfirmAccount', $this, array('user_id' => $find['User']['id'], 'manual' => true));
  699. $this->getEventManager()->dispatch($event);
  700. if($event->isStopped()) {
  701. return $event->result;
  702. }
  703.  
  704. $this->User->read(null, $find['User']['id']);
  705. $this->User->set(array('confirmed' => date('Y-m-d H:i:s')));
  706. $this->User->save();
  707.  
  708. $userSession = $find['User']['id'];
  709.  
  710. $this->redirect(array('action' => 'edit', $user_id));
  711.  
  712. } else {
  713. throw new NotFoundException();
  714. }
  715.  
  716. } else {
  717. throw new NotFoundException();
  718. }
  719. }
  720.  
  721. function admin_edit_ajax() {
  722. $this->autoRender = false;
  723. $this->response->type('json');
  724. if($this->isConnected && $this->Permissions->can('MANAGE_USERS')) {
  725. if($this->request->is('post')) {
  726. $this->loadModel('User');
  727. if(!empty($this->request->data['id']) && !empty($this->request->data['email']) && (!empty($this->request->data['rank']) || $this->request->data['rank'] == 0)) {
  728.  
  729. $findUser = $this->User->find('first', array('conditions' => array('id' => intval($this->request->data['id']))));
  730.  
  731. if(empty($findUser)) {
  732. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__EDIT_ERROR_UNKNOWN'))));
  733. return;
  734. }
  735.  
  736. if($findUser['User']['id'] == $this->User->getKey('id') && $this->request->data['rank'] != $this->User->getKey('rank')) {
  737. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__EDIT_ERROR_YOURSELF'))));
  738. return;
  739. }
  740.  
  741. $data = array(
  742. 'email' => $this->request->data['email'],
  743. 'rank' => $this->request->data['rank']
  744. );
  745.  
  746. if(!empty($this->request->data['password'])) {
  747. $data['password'] = $this->Util->password($this->request->data['password'], $findUser['User']['pseudo']);
  748. $password_updated = true;
  749. } else {
  750. $password_updated = false;
  751. }
  752.  
  753. if($this->EyPlugin->isInstalled('eywek.shop.1')) {
  754. $data['money'] = $this->request->data['money'];
  755. }
  756.  
  757. if($this->EyPlugin->isInstalled('eywek.vote.3')) {
  758. $data['vote'] = $this->request->data['vote'];
  759. }
  760.  
  761. $event = new CakeEvent('beforeEditUser', $this, array('user_id' => $findUser['User']['id'], 'data' => $data, 'password_updated' => $password_updated));
  762. $this->getEventManager()->dispatch($event);
  763. if($event->isStopped()) {
  764. return $event->result;
  765. }
  766.  
  767. $this->User->read(null, $findUser['User']['id']);
  768. $this->User->set($data);
  769. $this->User->save();
  770.  
  771. $this->History->set('EDIT_USER', 'user');
  772. $this->Session->setFlash($this->Lang->get('USER__EDIT_SUCCESS'), 'default.success');
  773. $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__EDIT_SUCCESS'))));
  774. } else {
  775. $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
  776. }
  777. } else {
  778. throw new NotFoundException();
  779. }
  780. } else {
  781. throw new ForbiddenException();
  782. }
  783. }
  784.  
  785. function admin_delete($id = false) {
  786. $this->autoRender = false;
  787. if($this->isConnected AND $this->Permissions->can('MANAGE_USERS')) {
  788. if($id != false) {
  789. $this->loadModel('User');
  790. $find = $this->User->find('all', array('conditions' => array('id' => $id)));
  791. if(!empty($find)) {
  792.  
  793. $event = new CakeEvent('beforeDeleteUser', $this, array('user' => $find['User']));
  794. $this->getEventManager()->dispatch($event);
  795. if($event->isStopped()) {
  796. return $event->result;
  797. }
  798.  
  799. $this->User->delete($id);
  800. $this->History->set('DELETE_USER', 'user');
  801. $this->Session->setFlash($this->Lang->get('USER__DELETE_SUCCESS'), 'default.success');
  802. $this->redirect(array('controller' => 'user', 'action' => 'index', 'admin' => true));
  803. } else {
  804. $this->Session->setFlash($this->Lang->get('UNKNONW_ID'), 'default.error');
  805. $this->redirect(array('controller' => 'user', 'action' => 'index', 'admin' => true));
  806. }
  807. } else {
  808. $this->redirect(array('controller' => 'user', 'action' => 'index', 'admin' => true));
  809. }
  810. } else {
  811. $this->redirect('/');
  812. }
  813. }
  814.  
  815. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!