app/controllers/users_controller.php

   1 <?php
   2 class UsersController extends ModuleController {
   3
   4         var $name = 'Users';
   5         var $helpers = array(
   6                 'Time',
   7         );
   8
   9         /* ACL */
  10         // 追加アクション用 crudMap
  11         var $actionMapPlus = array(
  12                 'listview' => 'read',
  13                 'change_password' => 'update',
  14                 'edit_image' => 'update',
  15         );
  16
  17         var $disableTokenActions = array('add','mobile_add');
  18
  19         function beforeFilter() {
  20
  21                 parent::beforeFilter();
  22
  23                 // 認証なしアクセス可
  24                 $this->AuthPlus->allow('index');
  25                 $this->AuthPlus->allow('view');
  26                 $this->AuthPlus->allow('add'); //todo:メール認証etc
  27                 $this->AuthPlus->allow('logout');
  28                 $this->AuthPlus->allow('to_login');
  29                 $this->AuthPlus->allow('mobile_login');
  30                 $this->AuthPlus->allow('mobile_add'); //todo:メール認証etc
  31                 $this->AuthPlus->allow('mobile_logout');
  32                 $this->AuthPlus->allow('mobile_to_login');
  33
  34         }
  35
  36         /* PC */
  37         function login() {
  38                 // 現在のセッション削除
  39                 $this->AuthPlus->deleteAuth();
  40         }
  41
  42         function logout() {
  43                 self::_logout();
  44         }
  45
  46         function to_login($refresh = 3)
  47         {
  48                 // 現在のセッション削除
  49                 $this->AuthPlus->logout();
  50
  51                 $this->set('refresh', array('time' => $refresh, 'url' => Router::url(array('controller' => 'characters', 'action' => 'index'), false)));
  52         }
  53
  54         function index() {
  55                 // ユーザ情報表示
  56                 if ($this->AuthPlus->user()) {
  57                         $this->set('isOwner', true);
  58                         $this->pageTitle = $this->AuthPlus->user('name'). __("'s Home", true);
  59
  60                         self::_index();
  61                 } else {
  62                         $this->pageTitle = __('Guest', true). __("'s Home", true);
  63                 }
  64
  65                 self::_view($this->user_id);
  66         }
  67
  68         function view($id = null) {
  69                 if ($id && $id == $this->AuthPlus->user("id")) {
  70                         $this->redirect(array('action'=>'index'));
  71                 }
  72
  73                 $user = $this->getUser($id);
  74                 if (!$user) {
  75                         $this->redirect(array('action'=>'listview'));
  76                 }
  77                 $this->set('target_user', $user);
  78
  79                 if (!empty($this->user_id) && $this->user_id == $id) {
  80                         $this->set('isOwner', true);
  81                 } else {
  82                         $this->set('isOwner', false);
  83                 }
  84
  85                 self::_view($id);
  86         }
  87
  88         function listview() {
  89
  90                 self::_listview();
  91         }
  92
  93         function add() {
  94                 if (!empty($this->data)) {
  95                         self::_add();
  96                 }
  97
  98                 $this->set('idLength', Configure::read('User.UserId.Length'));
  99                 $this->set('passwordLength', Configure::read('User.Password.Length'));
 100         }
 101
 102         function edit() {
 103                 $id = $this->AuthPlus->user("id");
 104
 105                 self::_edit($id);
 106         }
 107
 108         function edit_image() {
 109                 $id = $this->AuthPlus->user("id");
 110                 $user = $this->getUser($id);
 111
 112                 if (!empty($this->data)) {
 113                         // 重複アップロードチェック
 114                         if (count($this->data['Attachment']) > 2) {
 115                                 $this->Session->setFlash(__('Invalid data.', true));
 116                                 $this->redirect(array('action'=>'edit_image'));
 117                         }
 118                         if (count($user['Attachment']) == 1) {
 119                                 if (!empty($this->data['Attachment'][0])) {
 120                                         $this->Session->setFlash(__('Invalid data.', true));
 121                                         $this->redirect(array('action'=>'edit_image'));
 122                                 }
 123                         }
 124
 125                         $this->data['User']['id'] = $id;
 126
 127                         $fieldList = array(
 128                                 'user_id',
 129                                 'model',
 130                                 'foreign_key',
 131                                 'dirname',
 132                                 'basename',
 133                                 'checksum',
 134                                 'size',
 135                                 'group',
 136                                 'alternative',
 137                                 'file',
 138                         );
 139
 140                         if ($this->User->saveAll($this->data, array(
 141                                 'validate' => 'first',
 142                                 'fieldList' => $fieldList
 143                         ))) {
 144                                 $this->Session->setFlash(__('The User image has been saved', true));
 145                                 $this->redirect(array('action'=>'edit_image'));
 146                         } else {
 147                                 $this->Session->setFlash(__('The User image could not be saved. Please, try again.', true));
 148                                 $this->data['User']['id'] = $id;
 149                         }
 150                 } else {
 151                         $this->data = $user;
 152                 }
 153
 154         }
 155
 156         function change_password() {
 157                 $id = $this->AuthPlus->user("id");
 158                 self::_change_password($id);
 159
 160                 $this->set('passwordLength', Configure::read('User.Password.Length'));
 161         }
 162
 163         function delete() {
 164                 $id = $this->AuthPlus->user("id");
 165
 166                 self::_delete($id);
 167         }
 168
 169         /* 携帯側 */
 170         function mobile_login() {
 171                 // 現在のセッション削除
 172                 $this->AuthPlus->deleteAuth();
 173         }
 174
 175         function mobile_logout() {
 176                 self::_logout();
 177         }
 178
 179         function mobile_index() {
 180                 // ユーザ情報表示
 181                 if ($this->AuthPlus->user()) {
 182                 $this->set('isOwner', true);
 183                         $this->pageTitle = $this->AuthPlus->user('name'). __("'s Home", true);
 184
 185                         self::_index();
 186                 } else {
 187                         $this->pageTitle = __('Guest', true). __("'s Home", true);
 188                 }
 189         }
 190         function mobile_view($id = null) {
 191                 $user = $this->getUser($id);
 192                 if (!$user) {
 193                         $this->redirect(array('action'=>'listview'));
 194                 }
 195                 $this->set('target_user', $user);
 196
 197                 self::_view($id);
 198         }
 199
 200         function mobile_listview() {
 201
 202                 self::_listview();
 203         }
 204
 205         function mobile_add() {
 206                 if (!empty($this->data)) {
 207                         self::_add();
 208                 }
 209
 210                 $this->set('idLength', Configure::read('User.UserId.Length'));
 211                 $this->set('passwordLength', Configure::read('User.Password.Length'));
 212         }
 213
 214         function mobile_edit() {
 215                 $id = $this->AuthPlus->user("id");
 216
 217                 self::_edit($id);
 218         }
 219
 220         function mobile_change_password() {
 221                 $id = $this->AuthPlus->user("id");
 222
 223                 self::_change_password($id);
 224
 225                 $this->set('passwordLength', Configure::read('User.Password.Length'));
 226         }
 227
 228         function mobile_delete() {
 229                 $id = $this->AuthPlus->user("id");
 230
 231                 self::_delete($id);
 232         }
 233
 234         /* 管理画面 */
 235         function admin_index() {
 236                 $this->redirect(array('controller' => 'users', 'action'=>'admin_listview'));
 237         }
 238
 239         function admin_listview() {
 240
 241                 // 検索処理
 242                 $this->User->contain();
 243                 $contain = array();
 244                 $searchword = array();
 245                 if (!empty($this->data)) {
 246                         if (isset($this->data['User']['name'])) {
 247                                 $name = $this->data['User']['name'];
 248                         }
 249                 } else {
 250                         if (isset($this->passedArgs['name'])) {
 251                                 $name = urldecode($this->passedArgs['name']);
 252                         }
 253                 }
 254
 255
 256                 if (isset($name)) {
 257                         $this->data['User']['name'] = $name;
 258                         $contain["User.name LIKE"] = "%".Sanitize::html($name)."%";
 259                         $searchword['name'] = urlencode($name);
 260                 }
 261                 $this->set('searchword', $searchword);
 262
 263                 $this->set('users', $this->paginate('User', $contain));
 264
 265         }
 266
 267         function admin_view($id = null) {
 268                 if (!$id) {
 269                         $this->Session->setFlash(__('Invalid User.', true));
 270                         $this->redirect(array('controller' => 'users', 'action'=>'index'));
 271                 }
 272
 273                 $user = $this->getUser($id);
 274                 if (!$user) {
 275                         $this->redirect(array('action'=>'listview'));
 276                 }
 277                 $this->set('target_user', $user);
 278
 279                 $this->set('target_user', $this->User->read(null, $id));
 280         }
 281
 282         function admin_add() {
 283                 if (!empty($this->data)) {
 284                         self::_add(true);
 285                 }
 286
 287                 $this->set('idLength', Configure::read('User.UserId.Length'));
 288                 $this->set('passwordLength', Configure::read('User.Password.Length'));
 289         }
 290
 291         function admin_change_password($id = null) {
 292
 293                 if (!$id && empty($this->data)) {
 294                         $this->Session->setFlash(__('No ID', true));
 295                         $this->redirect(array('controller' => 'users', 'action'=>'index'));
 296                 }
 297                 if (!empty($this->data)) {
 298                         $result = self::_exe_change_password($id);
 299                         if ($result) {
 300                                 $this->Session->setFlash(__('The password has been changed.', true));
 301                                 $this->redirect(array('controller' => 'users', 'action'=>'index'));
 302                         }
 303                 }
 304                 if (empty($this->data)) {
 305                         $this->data = $this->User->read(null, $id);
 306                 }
 307
 308                 $this->set('passwordLength', Configure::read('User.Password.Length'));
 309                 $this->set('target_user', $this->User->read(null, $id));
 310         }
 311
 312         function admin_delete($id = null) {
 313                 if (!$id) {
 314                         $this->Session->setFlash(__('No ID', true));
 315                         $this->redirect(array('controller' => 'users', 'action'=>'index'));
 316                 }
 317                 if ($this->data) {
 318                         $result = self::_exe_delete($id);
 319                         if ($result) {
 320                                 $this->redirect(array('controller' => 'users', 'action'=>'index'));
 321                         }
 322                 }
 323
 324                 $user = $this->getUser($id);
 325                 if (!$user) {
 326                         $this->Session->setFlash(__('No Member', true));
 327                         $this->redirect(array('controller' => 'users', 'action'=>'listview'));
 328                 }
 329                 $this->set('target_user', $user);
 330
 331                 $this->data['User']['id'] = $id;
 332         }
 333
 334         /* Users共通メソッド */
 335         function _logout() {
 336                 $this->Session->setFlash(__('Logout.', true));
 337                 $this->redirect($this->AuthPlus->logout());
 338         }
 339
 340         function _index() {
 341                 // アクセス更新
 342                 $this->User->id = $this->AuthPlus->user('id');
 343                 $this->User->save(array(
 344                         'useragent' => $_SERVER["HTTP_USER_AGENT"],
 345                         'host' => gethostbyaddr($_SERVER["REMOTE_ADDR"]),
 346                         )
 347                 );
 348
 349                 $user = $this->getUser($this->User->id);
 350                 $this->set('target_user', $user);
 351         }
 352
 353         function _view($id) {
 354                 // 全体の情報
 355                 // characters
 356                 $this->Character = CorePlus::set_model('Character');
 357                 $public_characters = $this->Character->find('all', array(
 358                         'conditions' => array(
 359                                 'Character.public_flag' => 'public',
 360                                 'Character.deleted' => 0,
 361                         ),
 362                         'recursive' => 1,
 363                         'contain' => array(
 364                                 'System',
 365                                 'User',
 366                         ),
 367                         'fields' => '',
 368                         'order' => array('Character.modified' => 'DESC'),
 369                         'limit' => 5,
 370                 ));
 371                 $this->set('public_characters', $public_characters);
 372         }
 373
 374         function _listview() {
 375                 $this->User->recursive = -1;
 376                 $this->set('users', $this->paginate());
 377         }
 378
 379         function _add() {
 380                 if (!$this->isAdmin) {
 381                         unset($this->data['User']['group_id']);
 382                 }
 383                 // バリデーション
 384                 $this->User->set($this->data);
 385                 if ($this->User->validates()) {
 386
 387                         // ACL設定（デフォルト：一般ユーザ）
 388                         if (!isset($this->data['User']['group_id'])) {
 389                                 $this->data['User']['group_id'] = Configure::read('Group.member');
 390                         }
 391
 392                         // passwordセット
 393                         $this->data['User']['password'] = $this->AuthPlus->password($this->data['User']['password1']);
 394
 395                         // 他データ
 396                         if (!$this->isAdmin) {
 397                                 $this->data['User']['useragent'] = $_SERVER["HTTP_USER_AGENT"];
 398                                 $this->data['User']['host'] = gethostbyaddr($_SERVER["REMOTE_ADDR"]);
 399                         }
 400
 401                         // save
 402                         $this->User->create();
 403                         if ($this->User->save($this->data, array('fieldList' => $this->User->fields['add']))) {
 404                                 $this->Session->setFlash(__('The User has been saved', true));
 405                                 if (!$this->isAdmin) {
 406                                         $this->redirect($this->AuthPlus->logoutRedirect);
 407                                 } else {
 408                                         $this->redirect(array('controller' => 'users', 'action'=>'listview'));
 409                                 }
 410                         } else {
 411                                 $this->Session->setFlash(__('The User cannot be saved.', true));
 412                         }
 413                 }
 414         }
 415
 416         function _edit($id) {
 417                 if (!empty($this->data)) {
 418                         $this->data['User']['id'] = $id;
 419                         if ($this->User->save($this->data)) {
 420                                 $this->Session->setFlash(__('The User has been saved', true));
 421                                 Cache::clear();
 422                                 $this->redirect(array('action'=>'index'));
 423                         } else {
 424                                 $this->Session->setFlash(__('The User could not be saved. Please, try again.', true));
 425                         }
 426                 }
 427                 if (empty($this->data)) {
 428                         $this->data = $this->User->read(null, $id);
 429
 430                         $this->data['User']['name'] = $this->User->restore_html($this->data['User']['name'], false);
 431                 }
 432         }
 433
 434         function _change_password($id) {
 435                 if (!empty($this->data)) {
 436                         $data = $this->User->read('password', $id);
 437                         if ($data['User']['password'] != $this->AuthPlus->password($this->data['User']['password'])) {
 438                                 $this->Session->setFlash(__('Old Password is wrong.', true));
 439                         } else {
 440                                 $result = self::_exe_change_password($id);
 441                                 if ($result) {
 442                                         $this->Session->setFlash(__('The password has been changed. Please login at new password.', true));
 443                                         $this->redirect($this->AuthPlus->logout());
 444                                 }
 445                         }
 446                 }
 447         }
 448         function _exe_change_password($id) {
 449                 // バリデーション
 450                 $this->User->set($this->data);
 451                 if ($this->User->validates()) {
 452                         $this->data['User']['id'] = $id;
 453
 454                         // passwordセット
 455                         $this->data[$this->AuthPlus->userModel]['password'] = $this->AuthPlus->password($this->data[$this->AuthPlus->userModel]['password1']);
 456
 457                         if ($this->User->save($this->data, array('fieldList' => array('password')))) {
 458                                 return true;
 459                         } else {
 460                                 $this->Session->setFlash(__('The User could not be saved. Please, try again.', true));
 461                                 return false;
 462                         }
 463                 }
 464         }
 465
 466         function _delete($id) {
 467                 if ($this->data) {
 468                         $data = $this->User->read('password', $id);
 469                         if ($data['User']['password'] != $this->AuthPlus->password($this->data['User']['password'])) {
 470                                 $this->Session->setFlash(__('Password is wrong.', true));
 471                         } else {
 472                                 $result = self::_exe_delete($id);
 473                                 if ($result) {
 474                                         $this->redirect($this->AuthPlus->logout());
 475                                 } else {
 476                                         $this->redirect(array('action'=>'index'));
 477                                 }
 478                         }
 479                 }
 480         }
 481         function _exe_delete($id) {
 482                 $user = $this->getUser($id);
 483                 if (!$user) {
 484                         return false;
 485                 }
 486                 if ($user['User']['group_id'] == 1) {
 487                         $this->Session->setFlash(__('Super Administrator can not be deleted.', true));
 488                         return false;
 489                 }
 490                 if ($this->User->del($id)) {
 491                         $this->Session->setFlash(sprintf(__('%s was deleted.', true), $user['User']['name']));
 492                         return true;
 493                 } else {
 494                         $this->Session->setFlash(__('The account could not be deleted.', true));
 495                         return false;
 496                 }
 497         }
 498
 499 }
 500