API tools faq
paste
Guest User

Untitled

a guest
Jul 28th, 2016
35
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.10 KB | None | 0 0
raw download clone embed print report
  1. <?php defined('BASEPATH') OR exit('No direct script access allowed');
  2.  
  3. //$this->ion_auth->is_admin()
  4.  
  5. /*
  6. If someone successfully login from a new country (and not on the same device as one you usually use), they show you a page where you verify that you really are who you say you are while sending a mail to let you know someone logged in from abroad
  7.  
  8. */
  9.  
  10. class Auth extends CI_Controller {
  11.  
  12. public function __construct()
  13. {
  14. parent::__construct();
  15.  
  16. // Establishes database connection
  17. $this->load->database();
  18.  
  19. // imports ion_auth and form_vaildation
  20. $this->load->library(array('ion_auth','form_validation'));
  21.  
  22. // loads the language helper (will also try to get rid of this)
  23. $this->load->helper(array('url','language'));
  24.  
  25. // loads ion_auth configs
  26. $this->form_validation->set_error_delimiters($this->config->item('error_start_delimiter', 'ion_auth'), $this->config->item('error_end_delimiter', 'ion_auth'));
  27.  
  28. // working on getting rid of this.. not needed
  29. $this->lang->load('auth');
  30. }
  31.  
  32. public function index()
  33. {
  34. if (!$this->ion_auth->logged_in()):
  35. // redirect them to the login page
  36. redirect('login', 'refresh');
  37. else:
  38. redirect('dashboard', 'refresh');
  39. endif;
  40. }
  41.  
  42. // log the user in
  43. public function login()
  44. {
  45. if($this->ion_auth->logged_in()):
  46. redirect('dashboard', 'refresh');
  47. exit;
  48. endif;
  49.  
  50. //validate form input
  51. $this->form_validation->set_rules('ss_username', 'Username', 'required');
  52. $this->form_validation->set_rules('ss_password', 'Password', 'required');
  53.  
  54. if ($this->form_validation->run() == true):
  55. // check to see if the user is logging in
  56. // check for "remember me"
  57. $remember = (bool) $this->input->post('remember');
  58.  
  59. if($this->ion_auth->is_max_login_attempts_exceeded($this->input->post('ss_username'))):
  60. $this->check_captcha_response();
  61. else:
  62. // Redirect to dashboard
  63. $this->dashboard_redirect($remember);
  64. endif;
  65. else:
  66. // the user is not logging in so display the login page
  67. $message = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  68.  
  69. $this->render_login($message);
  70. endif;
  71. }
  72.  
  73. // Redirect to dashboard
  74. public function dashboard_redirect($remember)
  75. {
  76. if ($this->ion_auth->login($this->input->post('ss_username'), $this->input->post('ss_password'), $remember)):
  77. //redirect them to the dashboard
  78. redirect('dashboard', 'refresh');
  79. else:
  80. // if the login was un-successful
  81. // redirect them back to the login page
  82. $message = $this->ion_auth->errors();
  83. $this->render_login($message);
  84. endif;
  85. }
  86.  
  87. // Check the CAPTCHA response
  88. public function check_captcha_response()
  89. {
  90. $url = 'https://www.google.com/recaptcha/api/siteverify';
  91. $data = array('secret' => '6LcrHiYTAAAAADB6VSoy8Mv7Pv5vSR5OETil6f3S', 'response' => $this->input->post('ss_response'));
  92.  
  93. $options = array(
  94. 'http' => array(
  95. 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
  96. 'method' => 'POST',
  97. 'content' => http_build_query($data)
  98. )
  99. );
  100. $context = stream_context_create($options);
  101. $result = file_get_contents($url, false, $context);
  102. if($result === FALSE):
  103. $this->render_login('The CAPTCHA was not correct');
  104. else:
  105. $decode = json_decode($result);
  106. // If it was correct..
  107. if($decode->success == true):
  108. //redirect them to the dashboard
  109. redirect('dashboard', 'refresh');
  110. else:
  111. $this->render_login('The CAPTCHA was not correct');
  112. endif;
  113. endif;
  114. }
  115.  
  116. // Redirects the user to the login page with a message (error message or whatever suits)
  117. public function render_login($message)
  118. {
  119. if(isset($message)):
  120. $this->data['message'] = $message;
  121. endif;
  122.  
  123. if($this->ion_auth->is_max_login_attempts_exceeded($this->input->post('ss_username'))):
  124. // send a post request to the google server and catch the response..
  125. $this->data['captcha'] = true;
  126. endif;
  127.  
  128. // This array of data will be used to generate the username input field
  129. $this->data['username'] = array(
  130. 'name' => 'ss_username',
  131. 'id' => 'inputUserName',
  132. 'class' => 'form-control form-white username',
  133. 'placeholder' => 'Username',
  134. 'value' => $this->form_validation->set_value('ss_username')
  135. );
  136. // This array of data will be used to generate the password input field
  137. $this->data['password'] = array(
  138. 'name' => 'ss_password',
  139. 'type' => 'password',
  140. 'class' => 'form-control form-white password',
  141. 'id' => 'inputPassword',
  142. 'placeholder' => 'Password'
  143. );
  144.  
  145. // This array of data will be used to generate the Button.
  146. $this->data['button'] = array(
  147. 'id' => 'submit-form',
  148. 'value' => 'Sign In',
  149. 'class' => 'btn btn-lg btn-dark btn-rounded ladda-button',
  150. 'data-style' => 'expand-left'
  151. );
  152.  
  153. // This array of data will be used to generate the hidden input field used for the google authentication.
  154. $this->data['ss_response'] = array(
  155. 'name' => 'ss_response',
  156. 'type' => 'hidden',
  157. 'id' => 'ss_response'
  158. );
  159.  
  160. $this->load->view('auth/login', $this->data);
  161. }
  162.  
  163. // log the user out
  164. public function logout()
  165. {
  166. // log the user out
  167. $logout = $this->ion_auth->logout();
  168.  
  169. // redirect them to the login page
  170. $this->session->set_flashdata('message', $this->ion_auth->messages());
  171. redirect('login', 'refresh');
  172. }
  173.  
  174. // change password
  175. public function change_password()
  176. {
  177. $this->form_validation->set_rules('old', $this->lang->line('change_password_validation_old_password_label'), 'required');
  178. $this->form_validation->set_rules('new', $this->lang->line('change_password_validation_new_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[new_confirm]');
  179. $this->form_validation->set_rules('new_confirm', $this->lang->line('change_password_validation_new_password_confirm_label'), 'required');
  180.  
  181. if (!$this->ion_auth->logged_in())
  182. {
  183. redirect('auth/login', 'refresh');
  184. }
  185.  
  186. $user = $this->ion_auth->user()->row();
  187.  
  188. if ($this->form_validation->run() == false)
  189. {
  190. // display the form
  191. // set the flash data error message if there is one
  192. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  193.  
  194. $this->data['min_password_length'] = $this->config->item('min_password_length', 'ion_auth');
  195. $this->data['old_password'] = array(
  196. 'name' => 'old',
  197. 'id' => 'old',
  198. 'type' => 'password',
  199. );
  200. $this->data['new_password'] = array(
  201. 'name' => 'new',
  202. 'id' => 'new',
  203. 'type' => 'password',
  204. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
  205. );
  206. $this->data['new_password_confirm'] = array(
  207. 'name' => 'new_confirm',
  208. 'id' => 'new_confirm',
  209. 'type' => 'password',
  210. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
  211. );
  212. $this->data['user_id'] = array(
  213. 'name' => 'user_id',
  214. 'id' => 'user_id',
  215. 'type' => 'hidden',
  216. 'value' => $user->id,
  217. );
  218.  
  219. // render
  220. $this->_render_page('auth/change_password', $this->data);
  221. }
  222. else
  223. {
  224. $identity = $this->session->userdata('identity');
  225.  
  226. $change = $this->ion_auth->change_password($identity, $this->input->post('old'), $this->input->post('new'));
  227.  
  228. if ($change)
  229. {
  230. //if the password was successfully changed
  231. $this->session->set_flashdata('message', $this->ion_auth->messages());
  232. $this->logout();
  233. }
  234. else
  235. {
  236. $this->session->set_flashdata('message', $this->ion_auth->errors());
  237. redirect('auth/change_password', 'refresh');
  238. }
  239. }
  240. }
  241.  
  242. // register
  243. public function register()
  244. {
  245. $user = $this->ion_auth->user($id)->row();
  246. $groups=$this->ion_auth->groups()->result_array();
  247. $currentGroups = $this->ion_auth->get_users_groups($id)->result();
  248.  
  249. // validate form input
  250. $this->form_validation->set_rules('first_name', 'First Name', 'required');
  251. $this->form_validation->set_rules('last_name', 'Last Name', 'required');
  252. $this->form_validation->set_rules('phone', 'Phone', 'required');
  253. $this->form_validation->set_rules('company', 'Company', 'required');
  254.  
  255. if (isset($_POST) && !empty($_POST))
  256. {
  257. // do we have a valid request?
  258. if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id'))
  259. {
  260. show_error($this->lang->line('error_csrf'));
  261. }
  262.  
  263. // update the password if it was posted
  264. if ($this->input->post('password'))
  265. {
  266. $this->form_validation->set_rules('password', 'Password', 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
  267. $this->form_validation->set_rules('password_confirm', 'Password Confirm', 'required');
  268. }
  269.  
  270. if ($this->form_validation->run() === TRUE)
  271. {
  272. $data = array(
  273. 'first_name' => $this->input->post('first_name'),
  274. 'last_name' => $this->input->post('last_name'),
  275. 'company' => $this->input->post('company'),
  276. 'phone' => $this->input->post('phone'),
  277. );
  278.  
  279. // update the password if it was posted
  280. if ($this->input->post('password'))
  281. {
  282. $data['password'] = $this->input->post('password');
  283. }
  284.  
  285.  
  286.  
  287. }
  288. }
  289.  
  290. // display the edit user form
  291. $this->data['csrf'] = $this->_get_csrf_nonce();
  292.  
  293. // set the flash data error message if there is one
  294. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
  295.  
  296. // pass the user to the view
  297. $this->data['user'] = $user;
  298. $this->data['groups'] = $groups;
  299. $this->data['currentGroups'] = $currentGroups;
  300.  
  301. $this->data['first_name'] = array(
  302. 'name' => 'first_name',
  303. 'id' => 'first_name',
  304. 'type' => 'text',
  305. 'value' => $this->form_validation->set_value('first_name', $user->first_name),
  306. );
  307. $this->data['last_name'] = array(
  308. 'name' => 'last_name',
  309. 'id' => 'last_name',
  310. 'type' => 'text',
  311. 'value' => $this->form_validation->set_value('last_name', $user->last_name),
  312. );
  313. $this->data['company'] = array(
  314. 'name' => 'company',
  315. 'id' => 'company',
  316. 'type' => 'text',
  317. 'value' => $this->form_validation->set_value('company', $user->company),
  318. );
  319. $this->data['phone'] = array(
  320. 'name' => 'phone',
  321. 'id' => 'phone',
  322. 'type' => 'text',
  323. 'value' => $this->form_validation->set_value('phone', $user->phone),
  324. );
  325. $this->data['password'] = array(
  326. 'name' => 'password',
  327. 'id' => 'password',
  328. 'type' => 'password'
  329. );
  330. $this->data['password_confirm'] = array(
  331. 'name' => 'password_confirm',
  332. 'id' => 'password_confirm',
  333. 'type' => 'password'
  334. );
  335.  
  336. $this->_render_page('auth/edit_user', $this->data);$this->data['title'] = $this->lang->line('edit_user_heading');
  337.  
  338. if (!$this->ion_auth->logged_in() || (!$this->ion_auth->is_admin() && !($this->ion_auth->user()->row()->id == $id)))
  339. {
  340. redirect('auth', 'refresh');
  341. }
  342.  
  343.  
  344. }
  345.  
  346. // forgot password
  347. public function forgot_password()
  348. {
  349. // setting validation rules by checking whether identity is username or email
  350. if($this->config->item('identity', 'ion_auth') != 'email' )
  351. {
  352. $this->form_validation->set_rules('identity', $this->lang->line('forgot_password_identity_label'), 'required');
  353. }
  354. else
  355. {
  356. $this->form_validation->set_rules('identity', $this->lang->line('forgot_password_validation_email_label'), 'required|valid_email');
  357. }
  358.  
  359.  
  360. if ($this->form_validation->run() == false)
  361. {
  362. $this->data['type'] = $this->config->item('identity','ion_auth');
  363. // setup the input
  364. $this->data['identity'] = array('name' => 'identity',
  365. 'id' => 'identity',
  366. );
  367.  
  368. if ( $this->config->item('identity', 'ion_auth') != 'email' ){
  369. $this->data['identity_label'] = $this->lang->line('forgot_password_identity_label');
  370. }
  371. else
  372. {
  373. $this->data['identity_label'] = $this->lang->line('forgot_password_email_identity_label');
  374. }
  375.  
  376. // set any errors and display the form
  377. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  378. $this->_render_page('auth/forgot_password', $this->data);
  379. }
  380. else
  381. {
  382. $identity_column = $this->config->item('identity','ion_auth');
  383. $identity = $this->ion_auth->where($identity_column, $this->input->post('identity'))->users()->row();
  384.  
  385. if(empty($identity)) {
  386.  
  387. if($this->config->item('identity', 'ion_auth') != 'email')
  388. {
  389. $this->ion_auth->set_error('forgot_password_identity_not_found');
  390. }
  391. else
  392. {
  393. $this->ion_auth->set_error('forgot_password_email_not_found');
  394. }
  395.  
  396. $this->session->set_flashdata('message', $this->ion_auth->errors());
  397. redirect("auth/forgot_password", 'refresh');
  398. }
  399.  
  400. // run the forgotten password method to email an activation code to the user
  401. $forgotten = $this->ion_auth->forgotten_password($identity->{$this->config->item('identity', 'ion_auth')});
  402.  
  403. if ($forgotten)
  404. {
  405. // if there were no errors
  406. redirect("auth/success", 'refresh');
  407. }
  408. else
  409. {
  410. $this->session->set_flashdata('message', $this->ion_auth->errors());
  411. redirect("auth/forgot_password", 'refresh');
  412. }
  413. }
  414. }
  415.  
  416. // reset password - final step for forgotten password
  417. public function reset_password($code = NULL)
  418. {
  419. if (!$code)
  420. {
  421. show_404();
  422. }
  423.  
  424. $user = $this->ion_auth->forgotten_password_check($code);
  425.  
  426. if ($user)
  427. {
  428. // if the code is valid then display the password reset form
  429.  
  430. $this->form_validation->set_rules('new', $this->lang->line('reset_password_validation_new_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[new_confirm]');
  431. $this->form_validation->set_rules('new_confirm', $this->lang->line('reset_password_validation_new_password_confirm_label'), 'required');
  432.  
  433. if ($this->form_validation->run() == false)
  434. {
  435. // display the form
  436.  
  437. // set the flash data error message if there is one
  438. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  439.  
  440. $this->data['min_password_length'] = $this->config->item('min_password_length', 'ion_auth');
  441. $this->data['new_password'] = array(
  442. 'name' => 'new',
  443. 'id' => 'new',
  444. 'type' => 'password',
  445. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
  446. );
  447. $this->data['new_password_confirm'] = array(
  448. 'name' => 'new_confirm',
  449. 'id' => 'new_confirm',
  450. 'type' => 'password',
  451. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
  452. );
  453. $this->data['user_id'] = array(
  454. 'name' => 'user_id',
  455. 'id' => 'user_id',
  456. 'type' => 'hidden',
  457. 'value' => $user->id,
  458. );
  459. $this->data['csrf'] = $this->_get_csrf_nonce();
  460. $this->data['code'] = $code;
  461.  
  462. // render
  463. $this->_render_page('auth/reset_password', $this->data);
  464. }
  465. else
  466. {
  467. // do we have a valid request?
  468. if ($this->_valid_csrf_nonce() === FALSE || $user->id != $this->input->post('user_id'))
  469. {
  470.  
  471. // something fishy might be up
  472. $this->ion_auth->clear_forgotten_password_code($code);
  473.  
  474. show_error($this->lang->line('error_csrf'));
  475.  
  476. }
  477. else
  478. {
  479. // finally change the password
  480. $identity = $user->{$this->config->item('identity', 'ion_auth')};
  481.  
  482. $change = $this->ion_auth->reset_password($identity, $this->input->post('new'));
  483.  
  484. if ($change)
  485. {
  486. // if the password was successfully changed
  487. $this->session->set_flashdata('message', $this->ion_auth->messages());
  488. redirect("auth/login", 'refresh');
  489. }
  490. else
  491. {
  492. $this->session->set_flashdata('message', $this->ion_auth->errors());
  493. redirect('auth/reset_password/' . $code, 'refresh');
  494. }
  495. }
  496. }
  497. }
  498. else
  499. {
  500. // if the code is invalid then send them back to the forgot password page
  501. $this->session->set_flashdata('message', $this->ion_auth->errors());
  502. redirect("auth/forgot_password", 'refresh');
  503. }
  504. }
  505.  
  506.  
  507. // activate the user
  508. public function activate($id, $code=false)
  509. {
  510. if ($code !== false)
  511. {
  512. $activation = $this->ion_auth->activate($id, $code);
  513. }
  514. else if ($this->ion_auth->is_admin())
  515. {
  516. $activation = $this->ion_auth->activate($id);
  517. }
  518.  
  519. if ($activation)
  520. {
  521. // redirect them to the auth page
  522. $this->session->set_flashdata('message', $this->ion_auth->messages());
  523. redirect("auth", 'refresh');
  524. }
  525. else
  526. {
  527. // redirect them to the forgot password page
  528. $this->session->set_flashdata('message', $this->ion_auth->errors());
  529. redirect("auth/forgot_password", 'refresh');
  530. }
  531. }
  532.  
  533. // deactivate the user
  534. public function deactivate($id = NULL)
  535. {
  536. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
  537. {
  538. // redirect them to the home page because they must be an administrator to view this
  539. return show_error('You must be an administrator to view this page.');
  540. }
  541.  
  542. $id = (int) $id;
  543.  
  544. $this->load->library('form_validation');
  545. $this->form_validation->set_rules('confirm', $this->lang->line('deactivate_validation_confirm_label'), 'required');
  546. $this->form_validation->set_rules('id', $this->lang->line('deactivate_validation_user_id_label'), 'required|alpha_numeric');
  547.  
  548. if ($this->form_validation->run() == FALSE)
  549. {
  550. // insert csrf check
  551. $this->data['csrf'] = $this->_get_csrf_nonce();
  552. $this->data['user'] = $this->ion_auth->user($id)->row();
  553.  
  554. $this->_render_page('auth/deactivate_user', $this->data);
  555. }
  556. else
  557. {
  558. // do we really want to deactivate?
  559. if ($this->input->post('confirm') == 'yes')
  560. {
  561. // do we have a valid request?
  562. if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id'))
  563. {
  564. show_error($this->lang->line('error_csrf'));
  565. }
  566.  
  567. // do we have the right userlevel?
  568. if ($this->ion_auth->logged_in() && $this->ion_auth->is_admin())
  569. {
  570. $this->ion_auth->deactivate($id);
  571. }
  572. }
  573.  
  574. // redirect them back to the auth page
  575. redirect('auth', 'refresh');
  576. }
  577. }
  578.  
  579. // create a new user
  580. public function create_user()
  581. {
  582. $this->data['title'] = $this->lang->line('create_user_heading');
  583.  
  584. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
  585. {
  586. redirect('auth', 'refresh');
  587. }
  588.  
  589. $tables = $this->config->item('tables','ion_auth');
  590. $identity_column = $this->config->item('identity','ion_auth');
  591. $this->data['identity_column'] = $identity_column;
  592.  
  593. // validate form input
  594. $this->form_validation->set_rules('first_name', $this->lang->line('create_user_validation_fname_label'), 'required');
  595. $this->form_validation->set_rules('last_name', $this->lang->line('create_user_validation_lname_label'), 'required');
  596. if($identity_column!=='email')
  597. {
  598. $this->form_validation->set_rules('identity',$this->lang->line('create_user_validation_identity_label'),'required|is_unique['.$tables['users'].'.'.$identity_column.']');
  599. $this->form_validation->set_rules('email', $this->lang->line('create_user_validation_email_label'), 'required|valid_email');
  600. }
  601. else
  602. {
  603. $this->form_validation->set_rules('email', $this->lang->line('create_user_validation_email_label'), 'required|valid_email|is_unique[' . $tables['users'] . '.email]');
  604. }
  605. $this->form_validation->set_rules('phone', $this->lang->line('create_user_validation_phone_label'), 'trim');
  606. $this->form_validation->set_rules('company', $this->lang->line('create_user_validation_company_label'), 'trim');
  607. $this->form_validation->set_rules('password', $this->lang->line('create_user_validation_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
  608. $this->form_validation->set_rules('password_confirm', $this->lang->line('create_user_validation_password_confirm_label'), 'required');
  609.  
  610. if ($this->form_validation->run() == true)
  611. {
  612. $email = strtolower($this->input->post('email'));
  613. $identity = ($identity_column==='email') ? $email : $this->input->post('identity');
  614. $password = $this->input->post('password');
  615.  
  616. $additional_data = array(
  617. 'first_name' => $this->input->post('first_name'),
  618. 'last_name' => $this->input->post('last_name'),
  619. 'company' => $this->input->post('company'),
  620. 'phone' => $this->input->post('phone'),
  621. );
  622. }
  623. if ($this->form_validation->run() == true && $this->ion_auth->register($identity, $password, $email, $additional_data))
  624. {
  625. // check to see if we are creating the user
  626. // redirect them back to the admin page
  627. $this->session->set_flashdata('message', $this->ion_auth->messages());
  628. redirect("auth", 'refresh');
  629. }
  630. else
  631. {
  632. // display the create user form
  633. // set the flash data error message if there is one
  634. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
  635.  
  636. $this->data['first_name'] = array(
  637. 'name' => 'first_name',
  638. 'id' => 'first_name',
  639. 'type' => 'text',
  640. 'value' => $this->form_validation->set_value('first_name'),
  641. );
  642. $this->data['last_name'] = array(
  643. 'name' => 'last_name',
  644. 'id' => 'last_name',
  645. 'type' => 'text',
  646. 'value' => $this->form_validation->set_value('last_name'),
  647. );
  648. $this->data['identity'] = array(
  649. 'name' => 'identity',
  650. 'id' => 'identity',
  651. 'type' => 'text',
  652. 'value' => $this->form_validation->set_value('identity'),
  653. );
  654. $this->data['email'] = array(
  655. 'name' => 'email',
  656. 'id' => 'email',
  657. 'type' => 'text',
  658. 'value' => $this->form_validation->set_value('email'),
  659. );
  660. $this->data['company'] = array(
  661. 'name' => 'company',
  662. 'id' => 'company',
  663. 'type' => 'text',
  664. 'value' => $this->form_validation->set_value('company'),
  665. );
  666. $this->data['phone'] = array(
  667. 'name' => 'phone',
  668. 'id' => 'phone',
  669. 'type' => 'text',
  670. 'value' => $this->form_validation->set_value('phone'),
  671. );
  672. $this->data['password'] = array(
  673. 'name' => 'password',
  674. 'id' => 'password',
  675. 'type' => 'password',
  676. 'value' => $this->form_validation->set_value('password'),
  677. );
  678. $this->data['password_confirm'] = array(
  679. 'name' => 'password_confirm',
  680. 'id' => 'password_confirm',
  681. 'type' => 'password',
  682. 'value' => $this->form_validation->set_value('password_confirm'),
  683. );
  684.  
  685. $this->_render_page('auth/create_user', $this->data);
  686. }
  687. }
  688.  
  689. // edit a user
  690. public function edit_user($id)
  691. {
  692. $this->data['title'] = $this->lang->line('edit_user_heading');
  693.  
  694. if (!$this->ion_auth->logged_in() || (!$this->ion_auth->is_admin() && !($this->ion_auth->user()->row()->id == $id)))
  695. {
  696. redirect('auth', 'refresh');
  697. }
  698.  
  699. $user = $this->ion_auth->user($id)->row();
  700. $groups=$this->ion_auth->groups()->result_array();
  701. $currentGroups = $this->ion_auth->get_users_groups($id)->result();
  702.  
  703. // validate form input
  704. $this->form_validation->set_rules('first_name', $this->lang->line('edit_user_validation_fname_label'), 'required');
  705. $this->form_validation->set_rules('last_name', $this->lang->line('edit_user_validation_lname_label'), 'required');
  706. $this->form_validation->set_rules('phone', $this->lang->line('edit_user_validation_phone_label'), 'required');
  707. $this->form_validation->set_rules('company', $this->lang->line('edit_user_validation_company_label'), 'required');
  708.  
  709. if (isset($_POST) && !empty($_POST))
  710. {
  711. // do we have a valid request?
  712. if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id'))
  713. {
  714. show_error($this->lang->line('error_csrf'));
  715. }
  716.  
  717. // update the password if it was posted
  718. if ($this->input->post('password'))
  719. {
  720. $this->form_validation->set_rules('password', $this->lang->line('edit_user_validation_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
  721. $this->form_validation->set_rules('password_confirm', $this->lang->line('edit_user_validation_password_confirm_label'), 'required');
  722. }
  723.  
  724. if ($this->form_validation->run() === TRUE)
  725. {
  726. $data = array(
  727. 'first_name' => $this->input->post('first_name'),
  728. 'last_name' => $this->input->post('last_name'),
  729. 'company' => $this->input->post('company'),
  730. 'phone' => $this->input->post('phone'),
  731. );
  732.  
  733. // update the password if it was posted
  734. if ($this->input->post('password'))
  735. {
  736. $data['password'] = $this->input->post('password');
  737. }
  738.  
  739.  
  740.  
  741. // Only allow updating groups if user is admin
  742. if ($this->ion_auth->is_admin())
  743. {
  744. //Update the groups user belongs to
  745. $groupData = $this->input->post('groups');
  746.  
  747. if (isset($groupData) && !empty($groupData)) {
  748.  
  749. $this->ion_auth->remove_from_group('', $id);
  750.  
  751. foreach ($groupData as $grp) {
  752. $this->ion_auth->add_to_group($grp, $id);
  753. }
  754.  
  755. }
  756. }
  757.  
  758. // check to see if we are updating the user
  759. if($this->ion_auth->update($user->id, $data))
  760. {
  761. // redirect them back to the admin page if admin, or to the base url if non admin
  762. $this->session->set_flashdata('message', $this->ion_auth->messages() );
  763. if ($this->ion_auth->is_admin())
  764. {
  765. redirect('auth', 'refresh');
  766. }
  767. else
  768. {
  769. redirect('/', 'refresh');
  770. }
  771.  
  772. }
  773. else
  774. {
  775. // redirect them back to the admin page if admin, or to the base url if non admin
  776. $this->session->set_flashdata('message', $this->ion_auth->errors() );
  777. if ($this->ion_auth->is_admin())
  778. {
  779. redirect('auth', 'refresh');
  780. }
  781. else
  782. {
  783. redirect('/', 'refresh');
  784. }
  785.  
  786. }
  787.  
  788. }
  789. }
  790.  
  791. // display the edit user form
  792. $this->data['csrf'] = $this->_get_csrf_nonce();
  793.  
  794. // set the flash data error message if there is one
  795. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
  796.  
  797. // pass the user to the view
  798. $this->data['user'] = $user;
  799. $this->data['groups'] = $groups;
  800. $this->data['currentGroups'] = $currentGroups;
  801.  
  802. $this->data['first_name'] = array(
  803. 'name' => 'first_name',
  804. 'id' => 'first_name',
  805. 'type' => 'text',
  806. 'value' => $this->form_validation->set_value('first_name', $user->first_name),
  807. );
  808. $this->data['last_name'] = array(
  809. 'name' => 'last_name',
  810. 'id' => 'last_name',
  811. 'type' => 'text',
  812. 'value' => $this->form_validation->set_value('last_name', $user->last_name),
  813. );
  814. $this->data['company'] = array(
  815. 'name' => 'company',
  816. 'id' => 'company',
  817. 'type' => 'text',
  818. 'value' => $this->form_validation->set_value('company', $user->company),
  819. );
  820. $this->data['phone'] = array(
  821. 'name' => 'phone',
  822. 'id' => 'phone',
  823. 'type' => 'text',
  824. 'value' => $this->form_validation->set_value('phone', $user->phone),
  825. );
  826. $this->data['password'] = array(
  827. 'name' => 'password',
  828. 'id' => 'password',
  829. 'type' => 'password'
  830. );
  831. $this->data['password_confirm'] = array(
  832. 'name' => 'password_confirm',
  833. 'id' => 'password_confirm',
  834. 'type' => 'password'
  835. );
  836.  
  837. $this->_render_page('auth/edit_user', $this->data);
  838. }
  839.  
  840. // create a new group
  841. public function create_group()
  842. {
  843. $this->data['title'] = $this->lang->line('create_group_title');
  844.  
  845. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
  846. {
  847. redirect('auth', 'refresh');
  848. }
  849.  
  850. // validate form input
  851. $this->form_validation->set_rules('group_name', $this->lang->line('create_group_validation_name_label'), 'required|alpha_dash');
  852.  
  853. if ($this->form_validation->run() == TRUE)
  854. {
  855. $new_group_id = $this->ion_auth->create_group($this->input->post('group_name'), $this->input->post('description'));
  856. if($new_group_id)
  857. {
  858. // check to see if we are creating the group
  859. // redirect them back to the admin page
  860. $this->session->set_flashdata('message', $this->ion_auth->messages());
  861. redirect("auth", 'refresh');
  862. }
  863. }
  864. else
  865. {
  866. // display the create group form
  867. // set the flash data error message if there is one
  868. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
  869.  
  870. $this->data['group_name'] = array(
  871. 'name' => 'group_name',
  872. 'id' => 'group_name',
  873. 'type' => 'text',
  874. 'value' => $this->form_validation->set_value('group_name'),
  875. );
  876. $this->data['description'] = array(
  877. 'name' => 'description',
  878. 'id' => 'description',
  879. 'type' => 'text',
  880. 'value' => $this->form_validation->set_value('description'),
  881. );
  882.  
  883. $this->_render_page('auth/create_group', $this->data);
  884. }
  885. }
  886.  
  887. // edit a group
  888. public function edit_group($id)
  889. {
  890. // bail if no group id given
  891. if(!$id || empty($id))
  892. {
  893. redirect('auth', 'refresh');
  894. }
  895.  
  896. $this->data['title'] = $this->lang->line('edit_group_title');
  897.  
  898. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
  899. {
  900. redirect('auth', 'refresh');
  901. }
  902.  
  903. $group = $this->ion_auth->group($id)->row();
  904.  
  905. // validate form input
  906. $this->form_validation->set_rules('group_name', $this->lang->line('edit_group_validation_name_label'), 'required|alpha_dash');
  907.  
  908. if (isset($_POST) && !empty($_POST))
  909. {
  910. if ($this->form_validation->run() === TRUE)
  911. {
  912. $group_update = $this->ion_auth->update_group($id, $_POST['group_name'], $_POST['group_description']);
  913.  
  914. if($group_update)
  915. {
  916. $this->session->set_flashdata('message', $this->lang->line('edit_group_saved'));
  917. }
  918. else
  919. {
  920. $this->session->set_flashdata('message', $this->ion_auth->errors());
  921. }
  922. redirect("auth", 'refresh');
  923. }
  924. }
  925.  
  926. // set the flash data error message if there is one
  927. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
  928.  
  929. // pass the user to the view
  930. $this->data['group'] = $group;
  931.  
  932. $readonly = $this->config->item('admin_group', 'ion_auth') === $group->name ? 'readonly' : '';
  933.  
  934. $this->data['group_name'] = array(
  935. 'name' => 'group_name',
  936. 'id' => 'group_name',
  937. 'type' => 'text',
  938. 'value' => $this->form_validation->set_value('group_name', $group->name),
  939. $readonly => $readonly,
  940. );
  941. $this->data['group_description'] = array(
  942. 'name' => 'group_description',
  943. 'id' => 'group_description',
  944. 'type' => 'text',
  945. 'value' => $this->form_validation->set_value('group_description', $group->description),
  946. );
  947.  
  948. $this->_render_page('auth/edit_group', $this->data);
  949. }
  950.  
  951.  
  952. public function _get_csrf_nonce()
  953. {
  954. $this->load->helper('string');
  955. $key = random_string('alnum', 8);
  956. $value = random_string('alnum', 20);
  957. $this->session->set_flashdata('csrfkey', $key);
  958. $this->session->set_flashdata('csrfvalue', $value);
  959.  
  960. return array($key => $value);
  961. }
  962.  
  963. public function _valid_csrf_nonce()
  964. {
  965. if ($this->input->post($this->session->flashdata('csrfkey')) !== FALSE &&
  966. $this->input->post($this->session->flashdata('csrfkey')) == $this->session->flashdata('csrfvalue'))
  967. {
  968. return TRUE;
  969. }
  970. else
  971. {
  972. return FALSE;
  973. }
  974. }
  975.  
  976. public function _render_page($view, $data=null, $returnhtml=false)//I think this makes more sense
  977. {
  978.  
  979. $this->viewdata = (empty($data)) ? $this->data: $data;
  980.  
  981. $view_html = $this->load->view($view, $this->viewdata, $returnhtml);
  982.  
  983. if ($returnhtml) return $view_html;//This will return html on 3rd argument being true
  984. }
  985.  
  986. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!