raspisms/controllers/publics/Account.php

231 lines
7.6 KiB
PHP
Raw Permalink Normal View History

2019-10-29 14:57:13 +01:00
<?php
/*
2019-11-10 17:48:54 +01:00
* This file is part of RaspiSMS.
*
2019-11-10 17:48:54 +01:00
* (c) Pierre-Lin Bonnemaison <plebwebsas@gmail.com>
*
2019-11-10 17:48:54 +01:00
* This source file is subject to the GPL-3.0 license that is bundled
* with this source code in the file LICENSE.
*/
namespace controllers\publics;
2019-10-29 14:57:13 +01:00
2019-10-29 18:36:25 +01:00
class Account extends \descartes\Controller
2019-10-29 14:57:13 +01:00
{
public $internal_user;
public $internal_quota;
2019-10-29 18:36:25 +01:00
public function __construct()
2019-10-29 14:57:13 +01:00
{
$bdd = \descartes\Model::_connect(DATABASE_HOST, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD);
2019-10-29 14:57:13 +01:00
$this->internal_user = new \controllers\internals\User($bdd);
$this->internal_quota = new \controllers\internals\Quota($bdd);
2019-10-29 14:57:13 +01:00
\controllers\internals\Tool::verifyconnect();
2019-10-29 14:57:13 +01:00
}
2019-10-29 18:36:25 +01:00
/**
* Show profile page.
2019-10-29 18:36:25 +01:00
*/
public function show()
2019-10-29 14:57:13 +01:00
{
$quota = $this->internal_quota->get_user_quota($_SESSION['user']['id']);
$quota_percent = $this->internal_quota->get_usage_percentage($_SESSION['user']['id']);
$this->render('account/show', ['quota' => $quota, 'quota_percent' => $quota_percent]);
2019-10-29 18:36:25 +01:00
}
2019-10-29 14:57:13 +01:00
2019-10-29 18:36:25 +01:00
/**
* Update connected user password.
*
2019-10-29 14:57:13 +01:00
* @param $csrf : Le jeton CSRF
* @param string $_POST['password'] : The new password
*
2019-10-29 14:57:13 +01:00
* @return void;
*/
2019-10-29 18:36:25 +01:00
public function update_password($csrf)
2019-10-29 14:57:13 +01:00
{
2019-10-29 18:36:25 +01:00
$password = $_POST['password'] ?? false;
if (!$this->verify_csrf($csrf))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
if (!$password)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Vous devez renseigner un mot de passe.');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
$update_password_result = $this->internal_user->update_password($_SESSION['user']['id'], $password);
if (!$update_password_result)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Impossible de mettre à jour le mot de passe.');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('success', 'Le mot de passe a bien été mis à jour.');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
/**
* Update user email.
*
2019-10-29 14:57:13 +01:00
* @param $csrf : Le jeton CSRF
* @param string $_POST['email'] : User new email
2019-10-29 14:57:13 +01:00
* @param string $_POST['verif_email'] : Verif email
*/
2019-10-29 18:36:25 +01:00
public function update_email($csrf)
2019-10-29 14:57:13 +01:00
{
if (!$this->verify_csrf($csrf))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
$email = $_POST['email'] ?? false;
if (!$email)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Vous devez fournir une adresse e-mail !');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'L\'adresse e-mail n\'est pas une adresse valide.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
$update_email_result = $this->internal_user->update_email($_SESSION['user']['id'], $email);
if (!$update_email_result)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Impossible de mettre à jour.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
2019-10-29 14:57:13 +01:00
$_SESSION['user']['email'] = $email;
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('success', 'L\'email a bien été mis à jour.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
2020-01-17 18:19:25 +01:00
/**
* Update user api key.
*
* @param $csrf : Le jeton CSRF
*/
public function update_api_key($csrf)
{
if (!$this->verify_csrf($csrf))
{
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
$new_api_key = $this->internal_user->update_api_key($_SESSION['user']['id']);
if (!$new_api_key)
{
\FlashMessage\FlashMessage::push('danger', 'Impossible de mettre à jour.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
$_SESSION['user']['api_key'] = $new_api_key;
\FlashMessage\FlashMessage::push('success', 'Votre ancienne clef API a été désactivée et une nouvelle clef générée.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
2019-10-29 18:36:25 +01:00
/**
* Delete a user.
*
2019-10-29 14:57:13 +01:00
* @param string $_POST['delete_account'] : Boolean to see if we want to delete
* @param mixed $csrf
*
2019-10-29 14:57:13 +01:00
* @return boolean;
*/
2019-10-29 18:36:25 +01:00
public function delete($csrf)
2019-10-29 14:57:13 +01:00
{
if (!ENABLE_ACCOUNT_DELETION)
{
\FlashMessage\FlashMessage::push('danger', 'Fonctionnalité désactivée.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
}
if (!$this->verify_csrf($csrf))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
$delete_account = $_POST['delete_account'] ?? false;
if (!$delete_account)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Pour supprimer le compte, vous devez cocher la case correspondante.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
2020-02-19 02:37:37 +01:00
$delete_account_result = $this->internal_user->delete($_SESSION['user']['id']);
if (!$delete_account_result)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Impossible de supprimer le compte.');
return $this->redirect(\descartes\Router::url('Account', 'show'));
2019-10-29 14:57:13 +01:00
}
return $this->logout();
}
/**
* Logout a user and redirect to login page.
2019-10-29 14:57:13 +01:00
*/
public function logout()
{
session_unset();
session_destroy();
return $this->redirect(\descartes\Router::url('Connect', 'login'));
2019-10-29 14:57:13 +01:00
}
2021-07-19 17:32:23 +02:00
2021-07-13 01:21:23 +02:00
/**
2021-07-19 17:32:23 +02:00
* Allow to stop impersonating a user.
*
* @param mixed $csrf
2021-07-13 01:21:23 +02:00
*/
public function stop_impersonate()
{
$old_session = $_SESSION['old_session'] ?? false;
if (!$old_session)
{
\FlashMessage\FlashMessage::push('danger', 'Impossible de récupérer l\'identité originale, vous avez été deconnecté à la place.');
return $this->redirect(\descartes\Router::url('Connect', 'logout'));
}
$user_email = $_SESSION['user']['email'];
$_SESSION = $old_session;
\FlashMessage\FlashMessage::push('success', 'Vous n\'incarnez plus l\'utilisateur ' . $user_email . '.');
2021-07-19 17:32:23 +02:00
2021-07-13 01:21:23 +02:00
return $this->redirect(\descartes\Router::url('Dashboard', 'show'));
}
2019-10-29 18:36:25 +01:00
}