1<?php
2/*
3 * vim:set softtabstop=4 shiftwidth=4 expandtab:
4 *
5 * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
6 * Copyright 2001 - 2020 Ampache.org
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
20 *
21 */
22
23declare(strict_types=0);
24
25namespace Ampache\Module\Application\Admin\User;
26
27use Ampache\Config\ConfigContainerInterface;
28use Ampache\Config\ConfigurationKeyEnum;
29use Ampache\Repository\Model\ModelFactoryInterface;
30use Ampache\Repository\Model\User;
31use Ampache\Module\Application\Exception\AccessDeniedException;
32use Ampache\Module\System\AmpError;
33use Ampache\Module\System\Core;
34use Ampache\Module\Util\Mailer;
35use Ampache\Module\Util\Ui;
36use Ampache\Module\Util\UiInterface;
37use Ampache\Repository\UserRepositoryInterface;
38use Psr\Http\Message\ResponseInterface;
39use Psr\Http\Message\ServerRequestInterface;
40
41final class UpdateUserAction extends AbstractUserAction
42{
43    public const REQUEST_KEY = 'update_user';
44
45    private UiInterface $ui;
46
47    private ModelFactoryInterface $modelFactory;
48
49    private ConfigContainerInterface $configContainer;
50
51    private UserRepositoryInterface $userRepository;
52
53    public function __construct(
54        UiInterface $ui,
55        ModelFactoryInterface $modelFactory,
56        ConfigContainerInterface $configContainer,
57        UserRepositoryInterface $userRepository
58    ) {
59        $this->ui              = $ui;
60        $this->modelFactory    = $modelFactory;
61        $this->configContainer = $configContainer;
62        $this->userRepository  = $userRepository;
63    }
64
65    protected function handle(ServerRequestInterface $request): ?ResponseInterface
66    {
67        if ($this->configContainer->isFeatureEnabled(ConfigurationKeyEnum::DEMO_MODE) === true) {
68            return null;
69        }
70
71        if (!Core::form_verify('edit_user')) {
72            throw new AccessDeniedException();
73        }
74
75        $this->ui->showHeader();
76
77        /* Clean up the variables */
78        $user_id         = (int) filter_input(INPUT_POST, 'user_id', FILTER_SANITIZE_NUMBER_INT);
79        $username        = (string) scrub_in(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES));
80        $fullname        = (string) scrub_in(filter_input(INPUT_POST, 'fullname', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES));
81        $email           = (string) scrub_in(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL));
82        $website         = scrub_in(filter_input(INPUT_POST, 'website', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES));
83        $access          = scrub_in(filter_input(INPUT_POST, 'access', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES));
84        $pass1           = filter_input(INPUT_POST, 'password_1', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
85        $pass2           = filter_input(INPUT_POST, 'password_2', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
86        $state           = scrub_in(filter_input(INPUT_POST, 'state', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES));
87        $city            = scrub_in(filter_input(INPUT_POST, 'city', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES));
88        $fullname_public = filter_has_var(INPUT_POST, 'fullname_public');
89
90        /* Setup the temp user */
91        $client = new User($user_id);
92
93        /* Verify Input */
94        if (empty($username)) {
95            AmpError::add('username', T_("A Username is required"));
96        } else {
97            if ($username != $client->username) {
98                if ($this->userRepository->findByUsername($username) !== null) {
99                    AmpError::add('username', T_("That Username already exists"));
100                }
101            }
102        }
103        if ($pass1 !== $pass2 && !empty($pass1)) {
104            AmpError::add('password', T_("Your Passwords don't match"));
105        }
106
107        // Check the mail for correct address formation.
108        if (!Mailer::validate_address($email)) {
109            AmpError::add('email', T_('You entered an invalid e-mail address'));
110        }
111
112        /* If we've got an error then show edit form! */
113        if (AmpError::occurred()) {
114            require_once Ui::find_template('show_edit_user.inc.php');
115
116            $this->ui->showQueryStats();
117            $this->ui->showFooter();
118
119            return null;
120        }
121
122        if ($access != $client->access) {
123            $client->update_access($access);
124        }
125        if ($email != $client->email) {
126            $client->update_email($email);
127        }
128        if ($website != $client->website) {
129            $client->update_website($website);
130        }
131        if ($username != $client->username) {
132            $client->update_username($username);
133        }
134        if ($fullname != $client->fullname) {
135            $client->update_fullname($fullname);
136        }
137        if ($fullname_public != $client->fullname_public) {
138            $client->update_fullname_public($fullname_public);
139        }
140        if ($pass1 == $pass2 && strlen($pass1)) {
141            $client->update_password($pass1);
142        }
143        if ($state != $client->state) {
144            $client->update_state($state);
145        }
146        if ($city != $client->city) {
147            $client->update_city($city);
148        }
149        if (!$client->upload_avatar()) {
150            $mindimension = sprintf(
151                '%dx%d',
152                (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MIN_WIDTH),
153                (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MIN_HEIGHT)
154            );
155            $maxdimension = sprintf(
156                '%dx%d',
157                (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MAX_WIDTH),
158                (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MAX_HEIGHT)
159            );
160            $this->ui->showConfirmation(
161                T_('There Was a Problem'),
162                /* HINT: %1 Minimum are dimensions (200x300), %2 Maximum Art dimensions (2000x3000) */
163                sprintf(T_('Please check your image is within the minimum %1$s and maximum %2$s dimensions'),
164                    $mindimension, $maxdimension),
165                sprintf('%s/admin/users.php', $this->configContainer->getWebPath())
166            );
167        } else {
168            $this->ui->showConfirmation(
169                T_('No Problem'),
170                sprintf(T_('%s (%s) updated'), $client->username, $client->fullname),
171                sprintf('%s/admin/users.php', $this->configContainer->getWebPath())
172            );
173        }
174
175        $this->ui->showQueryStats();
176        $this->ui->showFooter();
177
178        return null;
179    }
180}
181