1<?php 2/* 3 * vim:set softtabstop=4 shiftwidth=4 expandtab: 4 * 5 * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later) 6 * Copyright 2001 - 2020 Ampache.org 7 * 8 * This program is free software: you can redistribute it and/or modify 9 * it under the terms of the GNU Affero General Public License as published by 10 * the Free Software Foundation, either version 3 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU Affero General Public License for more details. 17 * 18 * You should have received a copy of the GNU Affero General Public License 19 * along with this program. If not, see <https://www.gnu.org/licenses/>. 20 * 21 */ 22 23declare(strict_types=0); 24 25namespace Ampache\Module\Application\Admin\User; 26 27use Ampache\Config\ConfigContainerInterface; 28use Ampache\Config\ConfigurationKeyEnum; 29use Ampache\Repository\Model\ModelFactoryInterface; 30use Ampache\Repository\Model\User; 31use Ampache\Module\Application\Exception\AccessDeniedException; 32use Ampache\Module\System\AmpError; 33use Ampache\Module\System\Core; 34use Ampache\Module\Util\Mailer; 35use Ampache\Module\Util\Ui; 36use Ampache\Module\Util\UiInterface; 37use Ampache\Repository\UserRepositoryInterface; 38use Psr\Http\Message\ResponseInterface; 39use Psr\Http\Message\ServerRequestInterface; 40 41final class UpdateUserAction extends AbstractUserAction 42{ 43 public const REQUEST_KEY = 'update_user'; 44 45 private UiInterface $ui; 46 47 private ModelFactoryInterface $modelFactory; 48 49 private ConfigContainerInterface $configContainer; 50 51 private UserRepositoryInterface $userRepository; 52 53 public function __construct( 54 UiInterface $ui, 55 ModelFactoryInterface $modelFactory, 56 ConfigContainerInterface $configContainer, 57 UserRepositoryInterface $userRepository 58 ) { 59 $this->ui = $ui; 60 $this->modelFactory = $modelFactory; 61 $this->configContainer = $configContainer; 62 $this->userRepository = $userRepository; 63 } 64 65 protected function handle(ServerRequestInterface $request): ?ResponseInterface 66 { 67 if ($this->configContainer->isFeatureEnabled(ConfigurationKeyEnum::DEMO_MODE) === true) { 68 return null; 69 } 70 71 if (!Core::form_verify('edit_user')) { 72 throw new AccessDeniedException(); 73 } 74 75 $this->ui->showHeader(); 76 77 /* Clean up the variables */ 78 $user_id = (int) filter_input(INPUT_POST, 'user_id', FILTER_SANITIZE_NUMBER_INT); 79 $username = (string) scrub_in(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 80 $fullname = (string) scrub_in(filter_input(INPUT_POST, 'fullname', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 81 $email = (string) scrub_in(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)); 82 $website = scrub_in(filter_input(INPUT_POST, 'website', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 83 $access = scrub_in(filter_input(INPUT_POST, 'access', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 84 $pass1 = filter_input(INPUT_POST, 'password_1', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); 85 $pass2 = filter_input(INPUT_POST, 'password_2', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); 86 $state = scrub_in(filter_input(INPUT_POST, 'state', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 87 $city = scrub_in(filter_input(INPUT_POST, 'city', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 88 $fullname_public = filter_has_var(INPUT_POST, 'fullname_public'); 89 90 /* Setup the temp user */ 91 $client = new User($user_id); 92 93 /* Verify Input */ 94 if (empty($username)) { 95 AmpError::add('username', T_("A Username is required")); 96 } else { 97 if ($username != $client->username) { 98 if ($this->userRepository->findByUsername($username) !== null) { 99 AmpError::add('username', T_("That Username already exists")); 100 } 101 } 102 } 103 if ($pass1 !== $pass2 && !empty($pass1)) { 104 AmpError::add('password', T_("Your Passwords don't match")); 105 } 106 107 // Check the mail for correct address formation. 108 if (!Mailer::validate_address($email)) { 109 AmpError::add('email', T_('You entered an invalid e-mail address')); 110 } 111 112 /* If we've got an error then show edit form! */ 113 if (AmpError::occurred()) { 114 require_once Ui::find_template('show_edit_user.inc.php'); 115 116 $this->ui->showQueryStats(); 117 $this->ui->showFooter(); 118 119 return null; 120 } 121 122 if ($access != $client->access) { 123 $client->update_access($access); 124 } 125 if ($email != $client->email) { 126 $client->update_email($email); 127 } 128 if ($website != $client->website) { 129 $client->update_website($website); 130 } 131 if ($username != $client->username) { 132 $client->update_username($username); 133 } 134 if ($fullname != $client->fullname) { 135 $client->update_fullname($fullname); 136 } 137 if ($fullname_public != $client->fullname_public) { 138 $client->update_fullname_public($fullname_public); 139 } 140 if ($pass1 == $pass2 && strlen($pass1)) { 141 $client->update_password($pass1); 142 } 143 if ($state != $client->state) { 144 $client->update_state($state); 145 } 146 if ($city != $client->city) { 147 $client->update_city($city); 148 } 149 if (!$client->upload_avatar()) { 150 $mindimension = sprintf( 151 '%dx%d', 152 (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MIN_WIDTH), 153 (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MIN_HEIGHT) 154 ); 155 $maxdimension = sprintf( 156 '%dx%d', 157 (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MAX_WIDTH), 158 (int) $this->configContainer->get(ConfigurationKeyEnum::ALBUM_ART_MAX_HEIGHT) 159 ); 160 $this->ui->showConfirmation( 161 T_('There Was a Problem'), 162 /* HINT: %1 Minimum are dimensions (200x300), %2 Maximum Art dimensions (2000x3000) */ 163 sprintf(T_('Please check your image is within the minimum %1$s and maximum %2$s dimensions'), 164 $mindimension, $maxdimension), 165 sprintf('%s/admin/users.php', $this->configContainer->getWebPath()) 166 ); 167 } else { 168 $this->ui->showConfirmation( 169 T_('No Problem'), 170 sprintf(T_('%s (%s) updated'), $client->username, $client->fullname), 171 sprintf('%s/admin/users.php', $this->configContainer->getWebPath()) 172 ); 173 } 174 175 $this->ui->showQueryStats(); 176 $this->ui->showFooter(); 177 178 return null; 179 } 180} 181