mod/settings.php

   1 <?php
   2
   3
   4 function settings_init(&$a) {
   5         if(local_user()) {
   6                 profile_load($a,$a->user['nickname']);
   7         }
   8 }
   9
  10
  11 function settings_post(&$a) {
  12
  13         if(! local_user()) {
  14                 notice( t('Permission denied.') . EOL);
  15                 return;
  16         }
  17
  18         if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) {
  19                 notice( t('Permission denied.') . EOL);
  20                 return;
  21         }
  22
  23         if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
  24                 call_hooks('plugin_settings_post', $_POST);
  25                 return;
  26         }
  27
  28         call_hooks('settings_post', $_POST);
  29
  30         if((x($_POST,'npassword')) || (x($_POST,'confirm'))) {
  31
  32                 $newpass = $_POST['npassword'];
  33                 $confirm = $_POST['confirm'];
  34
  35                 $err = false;
  36                 if($newpass != $confirm ) {
  37                         notice( t('Passwords do not match. Password unchanged.') . EOL);
  38                         $err = true;
  39                 }
  40
  41                 if((! x($newpass)) || (! x($confirm))) {
  42                         notice( t('Empty passwords are not allowed. Password unchanged.') . EOL);
  43                         $err = true;
  44                 }
  45
  46                 if(! $err) {
  47                         $password = hash('whirlpool',$newpass);
  48                         $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
  49                                 dbesc($password),
  50                                 intval(local_user())
  51                         );
  52                         if($r)
  53                                 notice( t('Password changed.') . EOL);
  54                         else
  55                                 notice( t('Password update failed. Please try again.') . EOL);
  56                 }
  57         }
  58
  59         $theme            = ((x($_POST,'theme'))      ? notags(trim($_POST['theme']))        : '');
  60         $username         = ((x($_POST,'username'))   ? notags(trim($_POST['username']))     : '');
  61         $email            = ((x($_POST,'email'))      ? notags(trim($_POST['email']))        : '');
  62         $timezone         = ((x($_POST,'timezone'))   ? notags(trim($_POST['timezone']))     : '');
  63         $defloc           = ((x($_POST,'defloc'))     ? notags(trim($_POST['defloc']))       : '');
  64         $openid           = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url']))   : '');
  65         $maxreq           = ((x($_POST,'maxreq'))     ? intval($_POST['maxreq'])             : 0);
  66
  67         $allow_location   = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
  68         $publish          = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
  69         $net_publish      = (((x($_POST,'profile_in_netdirectory')) && (intval($_POST['profile_in_netdirectory']) == 1)) ? 1: 0);
  70         $old_visibility   = (((x($_POST,'visibility')) && (intval($_POST['visibility']) == 1)) ? 1 : 0);
  71         $page_flags       = (((x($_POST,'page-flags')) && (intval($_POST['page-flags']))) ? intval($_POST['page-flags']) : 0);
  72
  73         $notify = 0;
  74
  75         if(x($_POST,'notify1'))
  76                 $notify += intval($_POST['notify1']);
  77         if(x($_POST,'notify2'))
  78                 $notify += intval($_POST['notify2']);
  79         if(x($_POST,'notify3'))
  80                 $notify += intval($_POST['notify3']);
  81         if(x($_POST,'notify4'))
  82                 $notify += intval($_POST['notify4']);
  83         if(x($_POST,'notify5'))
  84                 $notify += intval($_POST['notify5']);
  85
  86         $email_changed = false;
  87
  88         $err = '';
  89
  90         $name_change = false;
  91
  92         if($username != $a->user['username']) {
  93                 $name_change = true;
  94                 if(strlen($username) > 40)
  95                         $err .= t(' Please use a shorter name.');
  96                 if(strlen($username) < 3)
  97                         $err .= t(' Name too short.');
  98         }
  99
 100         if($email != $a->user['email']) {
 101                 $email_changed = true;
 102         if(! valid_email($email))
 103                         $err .= t(' Not valid email.');
 104                 if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
 105                         $err .= t(' Cannot change to that email.');
 106                         $email = $a->user['email'];
 107                 }
 108         }
 109
 110         if(strlen($err)) {
 111                 notice($err . EOL);
 112                 return;
 113         }
 114
 115         if($timezone != $a->user['timezone']) {
 116                 if(strlen($timezone))
 117                         date_default_timezone_set($timezone);
 118         }
 119
 120         $str_group_allow   = perms2str($_POST['group_allow']);
 121         $str_contact_allow = perms2str($_POST['contact_allow']);
 122         $str_group_deny    = perms2str($_POST['group_deny']);
 123         $str_contact_deny  = perms2str($_POST['contact_deny']);
 124
 125         $openidserver = $a->user['openidserver'];
 126
 127         // If openid has changed or if there's an openid but no openidserver, try and discover it.
 128
 129         if($openid != $a->user['openid'] || (strlen($openid) && (! strlen($openidserver)))) {
 130                 $tmp_str = $openid;
 131                 if(strlen($tmp_str) && validate_url($tmp_str)) {
 132                         logger('updating openidserver');
 133                         require_once('library/openid.php');
 134                         $open_id_obj = new LightOpenID;
 135                         $open_id_obj->identity = $openid;
 136                         $openidserver = $open_id_obj->discover($open_id_obj->identity);
 137                 }
 138                 else
 139                         $openidserver = '';
 140         }
 141
 142         $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d, `openidserver` = '%s'  WHERE `uid` = %d LIMIT 1",
 143                         dbesc($username),
 144                         dbesc($email),
 145                         dbesc($openid),
 146                         dbesc($timezone),
 147                         dbesc($str_contact_allow),
 148                         dbesc($str_group_allow),
 149                         dbesc($str_contact_deny),
 150                         dbesc($str_group_deny),
 151                         intval($notify),
 152                         intval($page_flags),
 153                         dbesc($defloc),
 154                         intval($allow_location),
 155                         dbesc($theme),
 156                         intval($maxreq),
 157                         dbesc($openidserver),
 158                         intval(local_user())
 159         );
 160         if($r)
 161                 notice( t('Settings updated.') . EOL);
 162
 163         $r = q("UPDATE `profile`
 164                 SET `publish` = %d, `net-publish` = %d
 165                 WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
 166                 intval($publish),
 167                 intval($net_publish),
 168                 intval(local_user())
 169         );
 170
 171
 172         if($name_change) {
 173                 q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1 LIMIT 1",
 174                         dbesc($username),
 175                         dbesc(datetime_convert()),
 176                         intval(local_user())
 177                 );
 178         }
 179
 180         if($old_visibility != $net_publish) {
 181                 // Update global directory in background
 182                 $url = $_SESSION['my_url'];
 183                 if($url && strlen(get_config('system','directory_submit_url')))
 184                         proc_run('php',"include/directory.php","$url");
 185         }
 186
 187         $_SESSION['theme'] = $theme;
 188         if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) {
 189
 190                 // FIXME - set to un-verified, blocked and redirect to logout
 191
 192         }
 193
 194         goaway($a->get_baseurl() . '/settings' );
 195         return; // NOTREACHED
 196 }
 197
 198
 199 if(! function_exists('settings_content')) {
 200 function settings_content(&$a) {
 201
 202         $o = '';
 203         $o .= '<script> $(document).ready(function() { $(\'#nav-settings-link\').addClass(\'nav-selected\'); });</script>';
 204
 205         if(! local_user()) {
 206                 notice( t('Permission denied.') . EOL );
 207                 return;
 208         }
 209
 210         if(($a->argc > 1) && ($a->argv[1] === 'addon')) {
 211                 $o .= '<h1>' . t('Plugin Settings') . '</h1>';
 212                 $o .= '<div id="account-settings-link"><a href="settings">' . t('Account Settings') . '</a></div>';
 213
 214                 $o .= '<form action="settings/addon" method="post" >';
 215
 216                 $r = q("SELECT * FROM `hook` WHERE `hook` = 'plugin_settings' ");
 217                 if(! count($r))
 218                         notice( t('No Plugin settings configured') . EOL);
 219
 220                 call_hooks('plugin_settings', $o);
 221                 $o .= '</form>';
 222                 return $o;
 223         }
 224
 225         require_once('include/acl_selectors.php');
 226
 227         $p = q("SELECT * FROM `profile` WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
 228                 intval(local_user())
 229         );
 230         if(count($p))
 231                 $profile = $p[0];
 232
 233         $username = $a->user['username'];
 234         $email    = $a->user['email'];
 235         $nickname = $a->user['nickname'];
 236         $timezone = $a->user['timezone'];
 237         $notify   = $a->user['notify-flags'];
 238         $defloc   = $a->user['default-location'];
 239         $openid   = $a->user['openid'];
 240         $maxreq   = $a->user['maxreq'];
 241
 242         if(! strlen($a->user['timezone']))
 243                 $timezone = date_default_timezone_get();
 244
 245         $pageset_tpl = load_view_file('view/pagetypes.tpl');
 246         $pagetype = replace_macros($pageset_tpl,array(
 247                 '$normal'         => (($a->user['page-flags'] == PAGE_NORMAL)      ? " checked=\"checked\" " : ""),
 248                 '$soapbox'        => (($a->user['page-flags'] == PAGE_SOAPBOX)     ? " checked=\"checked\" " : ""),
 249                 '$community'      => (($a->user['page-flags'] == PAGE_COMMUNITY)   ? " checked=\"checked\" " : ""),
 250                 '$freelove'       => (($a->user['page-flags'] == PAGE_FREELOVE)    ? " checked=\"checked\" " : ""),
 251                 '$page_normal'    => PAGE_NORMAL,
 252                 '$page_soapbox'   => PAGE_SOAPBOX,
 253                 '$page_community' => PAGE_COMMUNITY,
 254                 '$page_freelove'  => PAGE_FREELOVE
 255         ));
 256
 257         $noid = get_config('system','no_openid');
 258
 259         if($noid) {
 260                 $oidhtml = '';
 261         }
 262         else {
 263                 $oidhtml = '<label id="settings-openid-label" for="settings-openid" >' . t('OpenID: ') . '</label><input type="text" id="settings-openid" class="openid" name="openid_url" value="$openid" />' . t("&nbsp;\x28Optional\x29 Allow this OpenID to login to this account.");
 264         }
 265
 266
 267         if(get_config('system','publish_all')) {
 268                 $profile_in_dir = '<input type="hidden" name="profile_in_directory" value="1" />';
 269         }
 270         else {
 271                 $opt_tpl = load_view_file("view/profile-in-directory.tpl");
 272                 $profile_in_dir = replace_macros($opt_tpl,array(
 273                         '$yes_selected' => (($profile['publish'])      ? " checked=\"checked\" " : ""),
 274                         '$no_selected'  => (($profile['publish'] == 0) ? " checked=\"checked\" " : "")
 275                 ));
 276         }
 277
 278         if(strlen(get_config('system','directory_submit_url'))) {
 279                 $opt_tpl = load_view_file("view/profile-in-netdir.tpl");
 280
 281                 $profile_in_net_dir = replace_macros($opt_tpl,array(
 282                         '$yes_selected' => (($profile['net-publish'])      ? " checked=\"checked\" " : ""),
 283                         '$no_selected'  => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "")
 284                 ));
 285         }
 286         else
 287                 $profile_in_net_dir = '';
 288
 289         $loc_checked = (($a->user['allow_location'] == 1)      ? " checked=\"checked\" " : "");
 290
 291         $invisible = (((! $profile['publish']) && (! $profile['net-publish']))
 292                 ? true : false);
 293
 294         if($invisible)
 295                 notice( t('Profile is <strong>not published</strong>.') . EOL );
 296
 297         $nickname_block = load_view_file("view/settings_nick_set.tpl");
 298
 299         $nickname_subdir = '';
 300         if(strlen($a->get_path())) {
 301                 $subdir_tpl = load_view_file('view/settings_nick_subdir.tpl');
 302                 $nickname_subdir = replace_macros($subdir_tpl, array(
 303                         '$baseurl' => $a->get_baseurl(),
 304                         '$nickname' => $nickname,
 305                         '$hostname' => $a->get_hostname()
 306                 ));
 307         }
 308
 309         $theme_selector = '<select name="theme" id="theme-select" >';
 310         $files = glob('view/theme/*');
 311
 312         $default_theme = get_config('system','theme');
 313         if(! $default_theme)
 314                 $default_theme = 'default';
 315
 316         if($files) {
 317                 foreach($files as $file) {
 318                         $f = basename($file);
 319                         $selected = (($f == $_SESSION['theme']) || ($f === $default_theme && (! x($_SESSION,'theme')))
 320                                 ? ' selected="selected" ' : '' );
 321                         $theme_selector .= '<option val="' . basename($file) . '"' . $selected . '>' . basename($file) . '</option>';
 322                 }
 323         }
 324         $theme_selector .= '</select>';
 325
 326
 327         $nickname_block = replace_macros($nickname_block,array(
 328                 '$nickname' => $nickname,
 329                 '$uid' => local_user(),
 330                 '$subdir' => $nickname_subdir,
 331                 '$basepath' => $a->get_hostname(),
 332                 '$baseurl' => $a->get_baseurl()));
 333
 334         $stpl = load_view_file('view/settings.tpl');
 335
 336         $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
 337
 338         $o .= replace_macros($stpl,array(
 339                 '$baseurl' => $a->get_baseurl(),
 340                 '$oidhtml' => $oidhtml,
 341                 '$uid' => local_user(),
 342                 '$username' => $username,
 343                 '$openid' => $openid,
 344                 '$email' => $email,
 345                 '$nickname_block' => $nickname_block,
 346                 '$timezone' => $timezone,
 347                 '$zoneselect' => select_timezone($timezone),
 348                 '$defloc' => $defloc,
 349                 '$loc_checked' => $loc_checked,
 350                 '$profile_in_dir' => $profile_in_dir,
 351                 '$profile_in_net_dir' => $profile_in_net_dir,
 352                 '$permissions' => t('Default Post Permissions'),
 353                 '$visibility' => $profile['net-publish'],
 354                 '$aclselect' => populate_acl($a->user,$celeb),
 355                 '$sel_notify1' => (($notify & NOTIFY_INTRO)   ? ' checked="checked" ' : ''),
 356                 '$sel_notify2' => (($notify & NOTIFY_CONFIRM) ? ' checked="checked" ' : ''),
 357                 '$sel_notify3' => (($notify & NOTIFY_WALL)    ? ' checked="checked" ' : ''),
 358                 '$sel_notify4' => (($notify & NOTIFY_COMMENT) ? ' checked="checked" ' : ''),
 359                 '$sel_notify5' => (($notify & NOTIFY_MAIL)    ? ' checked="checked" ' : ''),
 360                 '$maxreq' => $maxreq,
 361                 '$theme' => $theme_selector,
 362                 '$pagetype' => $pagetype
 363         ));
 364
 365         call_hooks('settings_form',$o);
 366
 367         $o .= '</form>' . "\r\n";
 368
 369         return $o;
 370
 371 }}
 372