1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<?php
namespace Zotlabs\Module\Admin;
use Zotlabs\Model\Account;
class Account_edit {
/**
* Process form submission from the admin/account_edit page.
*/
public function post(): void {
$this->validate_form();
if (isset($_POST['pass1'], $_POST['pass2'])) {
$this->update_account_password();
}
if (isset($_POST['service_class'])) {
$this->account->set_service_class(trim($_POST['service_class']));
}
$this->account->set_level(5);
if (isset($_POST['account_language'])) {
$this->account->set_language(trim($_POST['account_language']));
}
$this->account->save();
info( t('Account settings updated.') . EOL);
goaway(z_root() . '/admin/accounts');
}
/**
* Renders the Account_edit page.
*
* Expects a url of the form:
*
* /admin/account_edit/{{$account_id}}
*
* Where {{$account_id}} is the numeric id of the account to edit.
*
* @return string
* The rendered HTML for the page, or empty if an error
* occured.
*/
public function get(): string {
if (argc() < 3) {
notice( t('No account specified.') . EOL);
return '';
}
$account_id = argv(2);
if (! is_numeric($account_id)) {
notice( t('Invalid account specified.') . EOL);
return '';
}
$account = Account::get_by_id($account_id);
if(! $account) {
notice ( t('Account not found.') . EOL);
return '';
}
return replace_macros(get_markup_template('admin_account_edit.tpl'), [
'$security' => get_form_security_token('admin_account_edit'),
'$account' => $account,
'$title' => t('Account Edit'),
'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
'$pass2' => [ 'pass2', t('New Password again'), ' ','' ],
'$account_language' => [ 'account_language' , t('Account language (for emails)'), $account->language(), '', language_list() ],
'$service_class' => [ 'service_class', t('Service class'), $account->service_class(), '' ],
'$submit' => t('Submit'),
]
);
}
/**
* Validate that the form submission is valid.
*
* Checks the CSRF token, and rejects the request with a 403 Forbidden
* status if it fails.
*
* Will set a notice and redirect to the main accounts page
* if validation fails.
*/
private function validate_form(): void {
// Validate CSRF token
//
// We terminate with a 403 Forbidden status if the check fails.
check_form_security_token_ForbiddenOnErr('admin_account_edit', 'security');
if (! isset($_POST['aid'])) {
notice( t('No account specified.') . EOL );
goaway(z_root() . '/admin/accounts');
}
$this->account_id = $_POST['aid'];
if (! is_numeric($this->account_id)) {
notice( t('Invalid account specified.') . EOL );
goaway(z_root() . '/admin/accounts');
}
$this->account = Account::get_by_id($this->account_id);
if (! $this->account) {
notice( t('Account does not exist.') . EOL );
goaway(z_root() . '/admin/accounts');
}
}
private function update_account_password(): void {
$pass1 = trim($_POST['pass1']);
$pass2 = trim($_POST['pass2']);
if ($pass1 && $pass2 && ($pass1 === $pass2)) {
$this->account->set_password($pass1);
info( sprintf( t('Password changed for account %d.'), $this->account_id). EOL);
}
}
}
|
