ion_auth controller

1. <?php defined('BASEPATH') OR exit('No direct script access allowed');
2.  
3. class Auth extends CI_Controller {
4.  
5. function __construct()
6. {
7. parent::__construct();
8. $this->load->database();
9. $this->load->library(array('ion_auth','form_validation'));
10. $this->load->helper(array('url','language'));
11.  
12. $this->form_validation->set_error_delimiters($this->config->item('error_start_delimiter', 'ion_auth'), $this->config->item('error_end_delimiter', 'ion_auth'));
13.  
14. $this->lang->load('auth');
15. }
16.  
17. // redirect if needed, otherwise display the user list
18. function index()
19. {
20.  
21. if (!$this->ion_auth->logged_in())
22. {
23. // redirect them to the login page
24. redirect('auth/login', 'refresh');
25. }
26. elseif (!$this->ion_auth->is_admin()) // remove this elseif if you want to enable this for non-admins
27. {
28. // redirect them to the home page because they must be an administrator to view this
29. return show_error('You must be an administrator to view this page.');
30. }
31. else
32. {
33. // set the flash data error message if there is one
34. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
35.  
36. //list the users
37. $this->data['users'] = $this->ion_auth->users()->result();
38. foreach ($this->data['users'] as $k => $user)
39. {
40. $this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id)->result();
41. }
42.  
43. $this->_render_page('administrator', $this->data);
44. }
45. }
46.  
47. // log the user in
48. function login()
49. {
50. $this->data['title'] = "Login";
51.  
52. //validate form input
53. $this->form_validation->set_rules('identity', 'Identity', 'required');
54. $this->form_validation->set_rules('password', 'Password', 'required');
55.  
56. if ($this->form_validation->run() == true)
57. {
58. // check to see if the user is logging in
59. // check for "remember me"
60. $remember = (bool) $this->input->post('remember');
61.  
62. if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember))
63. {
64. //if the login is successful
65. //redirect them back to the home page
66. $this->session->set_flashdata('message', $this->ion_auth->messages());
67. redirect('admin', 'refresh');
68. }
69. else
70. {
71. // if the login was un-successful
72. // redirect them back to the login page
73. $this->session->set_flashdata('message', $this->ion_auth->errors());
74. redirect('auth/login', 'refresh'); // use redirects instead of loading views for compatibility with MY_Controller libraries
75. }
76. }
77. else
78. {
79. // the user is not logging in so display the login page
80. // set the flash data error message if there is one
81. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
82.  
83. $this->data['identity'] = array('name' => 'identity',
84. 'id' => 'identity',
85. 'type' => 'text',
86. 'value' => $this->form_validation->set_value('identity'),
87. );
88. $this->data['password'] = array('name' => 'password',
89. 'id' => 'password',
90. 'type' => 'password',
91. );
92.  
93. $this->_render_page('auth/login', $this->data);
94. }
95. }
96.  
97. // log the user out
98. function logout()
99. {
100. $this->data['title'] = "Logout";
101.  
102. // log the user out
103. $logout = $this->ion_auth->logout();
104.  
105. // redirect them to the login page
106. $this->session->set_flashdata('message', $this->ion_auth->messages());
107. redirect('login', 'refresh');
108. }
109.  
110. // change password
111. function change_password()
112. {
113. $this->form_validation->set_rules('old', $this->lang->line('change_password_validation_old_password_label'), 'required');
114. $this->form_validation->set_rules('new', $this->lang->line('change_password_validation_new_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[new_confirm]');
115. $this->form_validation->set_rules('new_confirm', $this->lang->line('change_password_validation_new_password_confirm_label'), 'required');
116.  
117. if (!$this->ion_auth->logged_in())
118. {
119. redirect('login', 'refresh');
120. }
121.  
122. $user = $this->ion_auth->user()->row();
123.  
124. if ($this->form_validation->run() == false)
125. {
126. // display the form
127. // set the flash data error message if there is one
128. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
129.  
130. $this->data['min_password_length'] = $this->config->item('min_password_length', 'ion_auth');
131. $this->data['old_password'] = array(
132. 'name' => 'old',
133. 'id' => 'old',
134. 'type' => 'password',
135. );
136. $this->data['new_password'] = array(
137. 'name' => 'new',
138. 'id' => 'new',
139. 'type' => 'password',
140. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
141. );
142. $this->data['new_password_confirm'] = array(
143. 'name' => 'new_confirm',
144. 'id' => 'new_confirm',
145. 'type' => 'password',
146. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
147. );
148. $this->data['user_id'] = array(
149. 'name' => 'user_id',
150. 'id' => 'user_id',
151. 'type' => 'hidden',
152. 'value' => $user->id,
153. );
154.  
155. // render
156. $this->_render_page('auth/change_password', $this->data);
157. }
158. else
159. {
160. $identity = $this->session->userdata('identity');
161.  
162. $change = $this->ion_auth->change_password($identity, $this->input->post('old'), $this->input->post('new'));
163.  
164. if ($change)
165. {
166. //if the password was successfully changed
167. $this->session->set_flashdata('message', $this->ion_auth->messages());
168. $this->logout();
169. }
170. else
171. {
172. $this->session->set_flashdata('message', $this->ion_auth->errors());
173. redirect('auth/change_password', 'refresh');
174. }
175. }
176. }
177.  
178. // forgot password
179. function forgot_password()
180. {
181. // setting validation rules by checking wheather identity is username or email
182. if($this->config->item('identity', 'ion_auth') != 'email' )
183. {
184. $this->form_validation->set_rules('identity', $this->lang->line('forgot_password_identity_label'), 'required');
185. }
186. else
187. {
188. $this->form_validation->set_rules('identity', $this->lang->line('forgot_password_validation_email_label'), 'required|valid_email');
189. }
190.  
191.  
192. if ($this->form_validation->run() == false)
193. {
194. $this->data['type'] = $this->config->item('identity','ion_auth');
195. // setup the input
196. $this->data['identity'] = array('name' => 'identity',
197. 'id' => 'identity',
198. );
199.  
200. if ( $this->config->item('identity', 'ion_auth') != 'email' ){
201. $this->data['identity_label'] = $this->lang->line('forgot_password_identity_label');
202. }
203. else
204. {
205. $this->data['identity_label'] = $this->lang->line('forgot_password_email_identity_label');
206. }
207.  
208. // set any errors and display the form
209. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
210. $this->_render_page('auth/forgot_password', $this->data);
211. }
212. else
213. {
214. $identity_column = $this->config->item('identity','ion_auth');
215. $identity = $this->ion_auth->where($identity_column, $this->input->post('identity'))->users()->row();
216.  
217. if(empty($identity)) {
218.  
219. if($this->config->item('identity', 'ion_auth') != 'email')
220. {
221. $this->ion_auth->set_error('forgot_password_identity_not_found');
222. }
223. else
224. {
225. $this->ion_auth->set_error('forgot_password_email_not_found');
226. }
227.  
228. $this->session->set_flashdata('message', $this->ion_auth->errors());
229. redirect("auth/forgot_password", 'refresh');
230. }
231.  
232. // run the forgotten password method to email an activation code to the user
233. $forgotten = $this->ion_auth->forgotten_password($identity->{$this->config->item('identity', 'ion_auth')});
234.  
235. if ($forgotten)
236. {
237. // if there were no errors
238. $this->session->set_flashdata('message', $this->ion_auth->messages());
239. redirect("login", 'refresh'); //we should display a confirmation page here instead of the login page
240. }
241. else
242. {
243. $this->session->set_flashdata('message', $this->ion_auth->errors());
244. redirect("auth/forgot_password", 'refresh');
245. }
246. }
247. }
248.  
249. // reset password - final step for forgotten password
250. public function reset_password($code = NULL)
251. {
252. if (!$code)
253. {
254. show_404();
255. }
256.  
257. $user = $this->ion_auth->forgotten_password_check($code);
258.  
259. if ($user)
260. {
261. // if the code is valid then display the password reset form
262.  
263. $this->form_validation->set_rules('new', $this->lang->line('reset_password_validation_new_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[new_confirm]');
264. $this->form_validation->set_rules('new_confirm', $this->lang->line('reset_password_validation_new_password_confirm_label'), 'required');
265.  
266. if ($this->form_validation->run() == false)
267. {
268. // display the form
269.  
270. // set the flash data error message if there is one
271. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
272.  
273. $this->data['min_password_length'] = $this->config->item('min_password_length', 'ion_auth');
274. $this->data['new_password'] = array(
275. 'name' => 'new',
276. 'id' => 'new',
277. 'type' => 'password',
278. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
279. );
280. $this->data['new_password_confirm'] = array(
281. 'name' => 'new_confirm',
282. 'id' => 'new_confirm',
283. 'type' => 'password',
284. 'pattern' => '^.{'.$this->data['min_password_length'].'}.*$',
285. );
286. $this->data['user_id'] = array(
287. 'name' => 'user_id',
288. 'id' => 'user_id',
289. 'type' => 'hidden',
290. 'value' => $user->id,
291. );
292. $this->data['csrf'] = $this->_get_csrf_nonce();
293. $this->data['code'] = $code;
294.  
295. // render
296. $this->_render_page('auth/reset_password', $this->data);
297. }
298. else
299. {
300. // do we have a valid request?
301. if ($this->_valid_csrf_nonce() === FALSE || $user->id != $this->input->post('user_id'))
302. {
303.  
304. // something fishy might be up
305. $this->ion_auth->clear_forgotten_password_code($code);
306.  
307. show_error($this->lang->line('error_csrf'));
308.  
309. }
310. else
311. {
312. // finally change the password
313. $identity = $user->{$this->config->item('identity', 'ion_auth')};
314.  
315. $change = $this->ion_auth->reset_password($identity, $this->input->post('new'));
316.  
317. if ($change)
318. {
319. // if the password was successfully changed
320. $this->session->set_flashdata('message', $this->ion_auth->messages());
321. redirect("login", 'refresh');
322. }
323. else
324. {
325. $this->session->set_flashdata('message', $this->ion_auth->errors());
326. redirect('auth/reset_password/' . $code, 'refresh');
327. }
328. }
329. }
330. }
331. else
332. {
333. // if the code is invalid then send them back to the forgot password page
334. $this->session->set_flashdata('message', $this->ion_auth->errors());
335. redirect("auth/forgot_password", 'refresh');
336. }
337. }
338.  
339.  
340. // activate the user
341. function activate($id, $code=false)
342. {
343. if ($code !== false)
344. {
345. $activation = $this->ion_auth->activate($id, $code);
346. }
347. else if ($this->ion_auth->is_admin())
348. {
349. $activation = $this->ion_auth->activate($id);
350. }
351.  
352. if ($activation)
353. {
354. // redirect them to the auth page
355. $this->session->set_flashdata('message', $this->ion_auth->messages());
356. redirect("auth", 'refresh');
357. }
358. else
359. {
360. // redirect them to the forgot password page
361. $this->session->set_flashdata('message', $this->ion_auth->errors());
362. redirect("auth/forgot_password", 'refresh');
363. }
364. }
365.  
366. // deactivate the user
367. function deactivate($id = NULL)
368. {
369. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
370. {
371. // redirect them to the home page because they must be an administrator to view this
372. return show_error('You must be an administrator to view this page.');
373. }
374.  
375. $id = (int) $id;
376.  
377. $this->load->library('form_validation');
378. $this->form_validation->set_rules('confirm', $this->lang->line('deactivate_validation_confirm_label'), 'required');
379. $this->form_validation->set_rules('id', $this->lang->line('deactivate_validation_user_id_label'), 'required|alpha_numeric');
380.  
381. if ($this->form_validation->run() == FALSE)
382. {
383. // insert csrf check
384. $this->data['csrf'] = $this->_get_csrf_nonce();
385. $this->data['user'] = $this->ion_auth->user($id)->row();
386.  
387. $this->_render_page('auth/deactivate_user', $this->data);
388. }
389. else
390. {
391. // do we really want to deactivate?
392. if ($this->input->post('confirm') == 'yes')
393. {
394. // do we have a valid request?
395. if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id'))
396. {
397. show_error($this->lang->line('error_csrf'));
398. }
399.  
400. // do we have the right userlevel?
401. if ($this->ion_auth->logged_in() && $this->ion_auth->is_admin())
402. {
403. $this->ion_auth->deactivate($id);
404. }
405. }
406.  
407. // redirect them back to the auth page
408. redirect('auth', 'refresh');
409. }
410. }
411.  
412. // create a new user
413. function create_user()
414. {
415. $this->data['title'] = "Create User";
416.  
417. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
418. {
419. redirect('auth', 'refresh');
420. }
421.  
422. $tables = $this->config->item('tables','ion_auth');
423. $identity_column = $this->config->item('identity','ion_auth');
424. $this->data['identity_column'] = $identity_column;
425.  
426. // validate form input
427. $this->form_validation->set_rules('first_name', $this->lang->line('create_user_validation_fname_label'), 'required');
428. $this->form_validation->set_rules('last_name', $this->lang->line('create_user_validation_lname_label'), 'required');
429. if($identity_column!=='email')
430. {
431. $this->form_validation->set_rules('identity',$this->lang->line('create_user_validation_identity_label'),'required|is_unique['.$tables['users'].'.'.$identity_column.']');
432. $this->form_validation->set_rules('email', $this->lang->line('create_user_validation_email_label'), 'required|valid_email');
433. }
434. else
435. {
436. $this->form_validation->set_rules('email', $this->lang->line('create_user_validation_email_label'), 'required|valid_email|is_unique[' . $tables['users'] . '.email]');
437. }
438. $this->form_validation->set_rules('phone', $this->lang->line('create_user_validation_phone_label'), 'trim');
439. $this->form_validation->set_rules('company', $this->lang->line('create_user_validation_company_label'), 'trim');
440. $this->form_validation->set_rules('password', $this->lang->line('create_user_validation_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
441. $this->form_validation->set_rules('password_confirm', $this->lang->line('create_user_validation_password_confirm_label'), 'required');
442.  
443. if ($this->form_validation->run() == true)
444. {
445. $email = strtolower($this->input->post('email'));
446. $identity = ($identity_column==='email') ? $email : $this->input->post('identity');
447. $password = $this->input->post('password');
448.  
449. $additional_data = array(
450. 'first_name' => $this->input->post('first_name'),
451. 'last_name' => $this->input->post('last_name'),
452. 'company' => $this->input->post('company'),
453. 'phone' => $this->input->post('phone'),
454. );
455. }
456. if ($this->form_validation->run() == true && $this->ion_auth->register($identity, $password, $email, $additional_data))
457. {
458. // check to see if we are creating the user
459. // redirect them back to the admin page
460. $this->session->set_flashdata('message', $this->ion_auth->messages());
461. redirect("auth", 'refresh');
462. }
463. else
464. {
465. // display the create user form
466. // set the flash data error message if there is one
467. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
468.  
469. $this->data['first_name'] = array(
470. 'name' => 'first_name',
471. 'id' => 'first_name',
472. 'type' => 'text',
473. 'value' => $this->form_validation->set_value('first_name'),
474. );
475. $this->data['last_name'] = array(
476. 'name' => 'last_name',
477. 'id' => 'last_name',
478. 'type' => 'text',
479. 'value' => $this->form_validation->set_value('last_name'),
480. );
481. $this->data['identity'] = array(
482. 'name' => 'identity',
483. 'id' => 'identity',
484. 'type' => 'text',
485. 'value' => $this->form_validation->set_value('identity'),
486. );
487. $this->data['email'] = array(
488. 'name' => 'email',
489. 'id' => 'email',
490. 'type' => 'text',
491. 'value' => $this->form_validation->set_value('email'),
492. );
493. $this->data['company'] = array(
494. 'name' => 'company',
495. 'id' => 'company',
496. 'type' => 'text',
497. 'value' => $this->form_validation->set_value('company'),
498. );
499. $this->data['phone'] = array(
500. 'name' => 'phone',
501. 'id' => 'phone',
502. 'type' => 'text',
503. 'value' => $this->form_validation->set_value('phone'),
504. );
505. $this->data['password'] = array(
506. 'name' => 'password',
507. 'id' => 'password',
508. 'type' => 'password',
509. 'value' => $this->form_validation->set_value('password'),
510. );
511. $this->data['password_confirm'] = array(
512. 'name' => 'password_confirm',
513. 'id' => 'password_confirm',
514. 'type' => 'password',
515. 'value' => $this->form_validation->set_value('password_confirm'),
516. );
517.  
518. $this->_render_page('auth/create_user', $this->data);
519. }
520. }
521.  
522. // edit a user
523. function edit_user($id)
524. {
525. $this->data['title'] = "Edit User";
526.  
527. if (!$this->ion_auth->logged_in() || (!$this->ion_auth->is_admin() && !($this->ion_auth->user()->row()->id == $id)))
528. {
529. redirect('auth', 'refresh');
530. }
531.  
532. $user = $this->ion_auth->user($id)->row();
533. $groups=$this->ion_auth->groups()->result_array();
534. $currentGroups = $this->ion_auth->get_users_groups($id)->result();
535.  
536. // validate form input
537. $this->form_validation->set_rules('first_name', $this->lang->line('edit_user_validation_fname_label'), 'required');
538. $this->form_validation->set_rules('last_name', $this->lang->line('edit_user_validation_lname_label'), 'required');
539. $this->form_validation->set_rules('phone', $this->lang->line('edit_user_validation_phone_label'), 'required');
540. $this->form_validation->set_rules('company', $this->lang->line('edit_user_validation_company_label'), 'required');
541.  
542. if (isset($_POST) && !empty($_POST))
543. {
544. // do we have a valid request?
545. if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id'))
546. {
547. show_error($this->lang->line('error_csrf'));
548. }
549.  
550. // update the password if it was posted
551. if ($this->input->post('password'))
552. {
553. $this->form_validation->set_rules('password', $this->lang->line('edit_user_validation_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
554. $this->form_validation->set_rules('password_confirm', $this->lang->line('edit_user_validation_password_confirm_label'), 'required');
555. }
556.  
557. if ($this->form_validation->run() === TRUE)
558. {
559. $data = array(
560. 'first_name' => $this->input->post('first_name'),
561. 'last_name' => $this->input->post('last_name'),
562. 'company' => $this->input->post('company'),
563. 'phone' => $this->input->post('phone'),
564. );
565.  
566. // update the password if it was posted
567. if ($this->input->post('password'))
568. {
569. $data['password'] = $this->input->post('password');
570. }
571.  
572.  
573.  
574. // Only allow updating groups if user is admin
575. if ($this->ion_auth->is_admin())
576. {
577. //Update the groups user belongs to
578. $groupData = $this->input->post('groups');
579.  
580. if (isset($groupData) && !empty($groupData)) {
581.  
582. $this->ion_auth->remove_from_group('', $id);
583.  
584. foreach ($groupData as $grp) {
585. $this->ion_auth->add_to_group($grp, $id);
586. }
587.  
588. }
589. }
590.  
591. // check to see if we are updating the user
592. if($this->ion_auth->update($user->id, $data))
593. {
594. // redirect them back to the admin page if admin, or to the base url if non admin
595. $this->session->set_flashdata('message', $this->ion_auth->messages() );
596. if ($this->ion_auth->is_admin())
597. {
598. redirect('auth', 'refresh');
599. }
600. else
601. {
602. redirect('/', 'refresh');
603. }
604.  
605. }
606. else
607. {
608. // redirect them back to the admin page if admin, or to the base url if non admin
609. $this->session->set_flashdata('message', $this->ion_auth->errors() );
610. if ($this->ion_auth->is_admin())
611. {
612. redirect('auth', 'refresh');
613. }
614. else
615. {
616. redirect('/', 'refresh');
617. }
618.  
619. }
620.  
621. }
622. }
623.  
624. // display the edit user form
625. $this->data['csrf'] = $this->_get_csrf_nonce();
626.  
627. // set the flash data error message if there is one
628. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
629.  
630. // pass the user to the view
631. $this->data['user'] = $user;
632. $this->data['groups'] = $groups;
633. $this->data['currentGroups'] = $currentGroups;
634.  
635. $this->data['first_name'] = array(
636. 'name' => 'first_name',
637. 'id' => 'first_name',
638. 'type' => 'text',
639. 'value' => $this->form_validation->set_value('first_name', $user->first_name),
640. );
641. $this->data['last_name'] = array(
642. 'name' => 'last_name',
643. 'id' => 'last_name',
644. 'type' => 'text',
645. 'value' => $this->form_validation->set_value('last_name', $user->last_name),
646. );
647. $this->data['company'] = array(
648. 'name' => 'company',
649. 'id' => 'company',
650. 'type' => 'text',
651. 'value' => $this->form_validation->set_value('company', $user->company),
652. );
653. $this->data['phone'] = array(
654. 'name' => 'phone',
655. 'id' => 'phone',
656. 'type' => 'text',
657. 'value' => $this->form_validation->set_value('phone', $user->phone),
658. );
659. $this->data['password'] = array(
660. 'name' => 'password',
661. 'id' => 'password',
662. 'type' => 'password'
663. );
664. $this->data['password_confirm'] = array(
665. 'name' => 'password_confirm',
666. 'id' => 'password_confirm',
667. 'type' => 'password'
668. );
669.  
670. $this->_render_page('auth/edit_user', $this->data);
671. }
672.  
673. // create a new group
674. function create_group()
675. {
676. $this->data['title'] = $this->lang->line('create_group_title');
677.  
678. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
679. {
680. redirect('auth', 'refresh');
681. }
682.  
683. // validate form input
684. $this->form_validation->set_rules('group_name', $this->lang->line('create_group_validation_name_label'), 'required|alpha_dash');
685.  
686. if ($this->form_validation->run() == TRUE)
687. {
688. $new_group_id = $this->ion_auth->create_group($this->input->post('group_name'), $this->input->post('description'));
689. if($new_group_id)
690. {
691. // check to see if we are creating the group
692. // redirect them back to the admin page
693. $this->session->set_flashdata('message', $this->ion_auth->messages());
694. redirect("auth", 'refresh');
695. }
696. }
697. else
698. {
699. // display the create group form
700. // set the flash data error message if there is one
701. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
702.  
703. $this->data['group_name'] = array(
704. 'name' => 'group_name',
705. 'id' => 'group_name',
706. 'type' => 'text',
707. 'value' => $this->form_validation->set_value('group_name'),
708. );
709. $this->data['description'] = array(
710. 'name' => 'description',
711. 'id' => 'description',
712. 'type' => 'text',
713. 'value' => $this->form_validation->set_value('description'),
714. );
715.  
716. $this->_render_page('auth/create_group', $this->data);
717. }
718. }
719.  
720. // edit a group
721. function edit_group($id)
722. {
723. // bail if no group id given
724. if(!$id || empty($id))
725. {
726. redirect('auth', 'refresh');
727. }
728.  
729. $this->data['title'] = $this->lang->line('edit_group_title');
730.  
731. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
732. {
733. redirect('auth', 'refresh');
734. }
735.  
736. $group = $this->ion_auth->group($id)->row();
737.  
738. // validate form input
739. $this->form_validation->set_rules('group_name', $this->lang->line('edit_group_validation_name_label'), 'required|alpha_dash');
740.  
741. if (isset($_POST) && !empty($_POST))
742. {
743. if ($this->form_validation->run() === TRUE)
744. {
745. $group_update = $this->ion_auth->update_group($id, $_POST['group_name'], $_POST['group_description']);
746.  
747. if($group_update)
748. {
749. $this->session->set_flashdata('message', $this->lang->line('edit_group_saved'));
750. }
751. else
752. {
753. $this->session->set_flashdata('message', $this->ion_auth->errors());
754. }
755. redirect("auth", 'refresh');
756. }
757. }
758.  
759. // set the flash data error message if there is one
760. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
761.  
762. // pass the user to the view
763. $this->data['group'] = $group;
764.  
765. $readonly = $this->config->item('admin_group', 'ion_auth') === $group->name ? 'readonly' : '';
766.  
767. $this->data['group_name'] = array(
768. 'name' => 'group_name',
769. 'id' => 'group_name',
770. 'type' => 'text',
771. 'value' => $this->form_validation->set_value('group_name', $group->name),
772. $readonly => $readonly,
773. );
774. $this->data['group_description'] = array(
775. 'name' => 'group_description',
776. 'id' => 'group_description',
777. 'type' => 'text',
778. 'value' => $this->form_validation->set_value('group_description', $group->description),
779. );
780.  
781. $this->_render_page('auth/edit_group', $this->data);
782. }
783.  
784.  
785. function _get_csrf_nonce()
786. {
787. $this->load->helper('string');
788. $key = random_string('alnum', 8);
789. $value = random_string('alnum', 20);
790. $this->session->set_flashdata('csrfkey', $key);
791. $this->session->set_flashdata('csrfvalue', $value);
792.  
793. return array($key => $value);
794. }
795.  
796. function _valid_csrf_nonce()
797. {
798. if ($this->input->post($this->session->flashdata('csrfkey')) !== FALSE &&
799. $this->input->post($this->session->flashdata('csrfkey')) == $this->session->flashdata('csrfvalue'))
800. {
801. return TRUE;
802. }
803. else
804. {
805. return FALSE;
806. }
807. }
808.  
809. function _render_page($view, $data=null, $returnhtml=false)//I think this makes more sense
810. {
811.  
812. $this->viewdata = (empty($data)) ? $this->data: $data;
813.  
814. $view_html = $this->load->view($view, $this->viewdata, $returnhtml);
815.  
816. if ($returnhtml) return $view_html;//This will return html on 3rd argument being true
817. }
818.  
819. }