mod/settings.php

   1 <?php
   2
   3
   4 function settings_init(&$a) {
   5
   6         if(! local_user()) {
   7                 notice("Permission denied." . EOL);
   8                 $a->error = 404;
   9                 return;
  10         }
  11         require_once("mod/profile.php");
  12         profile_load($a,$a->user['nickname']);
  13 }
  14
  15
  16 function settings_post(&$a) {
  17
  18
  19         if(! local_user()) {
  20                 notice( t('Permission denied.') . EOL);
  21                 return;
  22         }
  23         if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) {
  24                 notice( t('Permission denied.') . EOL);
  25                 return;
  26         }
  27         if((x($_POST,'npassword')) || (x($_POST,'confirm'))) {
  28
  29                 $newpass = trim($_POST['npassword']);
  30                 $confirm = trim($_POST['confirm']);
  31
  32                 $err = false;
  33                 if($newpass != $confirm ) {
  34                         notice( t('Passwords do not match. Password unchanged.') . EOL);
  35                         $err = true;
  36                 }
  37
  38                 if((! x($newpass)) || (! x($confirm))) {
  39                         notice( t('Empty passwords are not allowed. Password unchanged.') . EOL);
  40                         $err = true;
  41                 }
  42
  43                 if(! $err) {
  44                         $password = hash('whirlpool',$newpass);
  45                         $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
  46                                 dbesc($password),
  47                                 intval($_SESSION['uid']));
  48                         if($r)
  49                                 notice( t('Password changed.') . EOL);
  50                         else
  51                                 notice( t('Password update failed. Please try again.') . EOL);
  52                 }
  53         }
  54
  55         $theme = notags(trim($_POST['theme']));
  56         $username = notags(trim($_POST['username']));
  57         $email = notags(trim($_POST['email']));
  58         $timezone = notags(trim($_POST['timezone']));
  59         $defloc = notags(trim($_POST['defloc']));
  60
  61         $publish = (($_POST['profile_in_directory'] == 1) ? 1: 0);
  62         $net_publish = (($_POST['profile_in_netdirectory'] == 1) ? 1: 0);
  63         $old_visibility = ((intval($_POST['visibility']) == 1) ? 1 : 0);
  64
  65         $notify = 0;
  66
  67         if($_POST['notify1'])
  68                 $notify += intval($_POST['notify1']);
  69         if($_POST['notify2'])
  70                 $notify += intval($_POST['notify2']);
  71         if($_POST['notify3'])
  72                 $notify += intval($_POST['notify3']);
  73         if($_POST['notify4'])
  74                 $notify += intval($_POST['notify4']);
  75         if($_POST['notify5'])
  76                 $notify += intval($_POST['notify5']);
  77
  78         $username_changed = false;
  79         $email_changed = false;
  80         $zone_changed = false;
  81         $err = '';
  82
  83         if($username != $a->user['username']) {
  84                 $username_changed = true;
  85                 if(strlen($username) > 40)
  86                         $err .= t(' Please use a shorter name.');
  87                 if(strlen($username) < 3)
  88                         $err .= t(' Name too short.');
  89         }
  90         if($email != $a->user['email']) {
  91                 $email_changed = true;
  92                 if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email))
  93                         $err .= t(' Not valid email.');
  94                 $r = q("SELECT `uid` FROM `user`
  95                         WHERE `email` = '%s' LIMIT 1",
  96                         dbesc($email)
  97                         );
  98                 if($r !== NULL && count($r))
  99                         $err .= t(' This email address is already registered.');
 100         }
 101
 102         if(strlen($err)) {
 103                 notice($err . EOL);
 104                 return;
 105         }
 106         if($timezone != $a->user['timezone']) {
 107                 $zone_changed = true;
 108                 if(strlen($timezone))
 109                         date_default_timezone_set($timezone);
 110         }
 111
 112         $str_group_allow = '';
 113         $group_allow = $_POST['group_allow'];
 114         if(is_array($group_allow)) {
 115                 array_walk($group_allow,'sanitise_acl');
 116                 $str_group_allow = implode('',$group_allow);
 117         }
 118
 119         $str_contact_allow = '';
 120         $contact_allow = $_POST['contact_allow'];
 121         if(is_array($contact_allow)) {
 122                 array_walk($contact_allow,'sanitise_acl');
 123                 $str_contact_allow = implode('',$contact_allow);
 124         }
 125
 126         $str_group_deny = '';
 127         $group_deny = $_POST['group_deny'];
 128         if(is_array($group_deny)) {
 129                 array_walk($group_deny,'sanitise_acl');
 130                 $str_group_deny = implode('',$group_deny);
 131         }
 132
 133         $str_contact_deny = '';
 134         $contact_deny = $_POST['contact_deny'];
 135         if(is_array($contact_deny)) {
 136                 array_walk($contact_deny,'sanitise_acl');
 137                 $str_contact_deny = implode('',$contact_deny);
 138         }
 139
 140         $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `default-location` = '%s', `theme` = '%s'  WHERE `uid` = %d LIMIT 1",
 141                         dbesc($username),
 142                         dbesc($email),
 143                         dbesc($timezone),
 144                         dbesc($str_contact_allow),
 145                         dbesc($str_group_allow),
 146                         dbesc($str_contact_deny),
 147                         dbesc($str_group_deny),
 148                         intval($notify),
 149                         dbesc($defloc),
 150                         dbesc($theme),
 151                         intval($_SESSION['uid'])
 152         );
 153         if($r)
 154                 notice( t('Settings updated.') . EOL);
 155
 156         $r = q("UPDATE `profile`
 157                 SET `publish` = %d, `net-publish` = %d
 158                 WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
 159                 intval($publish),
 160                 intval($net_publish),
 161                 intval($_SESSION['uid'])
 162         );
 163
 164         if($old_visibility != $net_publish) {
 165                 // Update global directory in background
 166                 $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
 167                 $url = $_SESSION['my_url'];
 168                 if($url && strlen(get_config('system','directory_submit_url')))
 169                         proc_close(proc_open("\"$php_path\" \"include/directory.php\" \"$url\" &",
 170                                 array(),$foo));
 171         }
 172
 173         $_SESSION['theme'] = $theme;
 174         if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) {
 175
 176                 // FIXME - set to un-verified, blocked and redirect to logout
 177
 178         }
 179
 180         goaway($a->get_baseurl() . '/settings' );
 181 }
 182
 183
 184 if(! function_exists('settings_content')) {
 185 function settings_content(&$a) {
 186
 187         if(! local_user()) {
 188                 notice( t('Permission denied.') . EOL );
 189                 return;
 190         }
 191
 192         require_once('view/acl_selectors.php');
 193
 194         $p = q("SELECT * FROM `profile` WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
 195                 intval($_SESSION['uid'])
 196         );
 197         if(count($p))
 198                 $profile = $p[0];
 199
 200         $username = $a->user['username'];
 201         $email    = $a->user['email'];
 202         $nickname = $a->user['nickname'];
 203         $timezone = $a->user['timezone'];
 204         $notify   = $a->user['notify-flags'];
 205         $defloc   = $a->user['default-location'];
 206
 207         if(! strlen($a->user['timezone']))
 208                 $timezone = date_default_timezone_get();
 209
 210
 211         $opt_tpl = file_get_contents("view/profile-in-directory.tpl");
 212         $profile_in_dir = replace_macros($opt_tpl,array(
 213                 '$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""),
 214                 '$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "")
 215         ));
 216
 217         if(strlen(get_config('system','directory_submit_url'))) {
 218                 $opt_tpl = file_get_contents("view/profile-in-netdir.tpl");
 219
 220                 $profile_in_net_dir = replace_macros($opt_tpl,array(
 221                         '$yes_selected' => (($profile['net-publish']) ? " checked=\"checked\" " : ""),
 222                         '$no_selected' => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "")
 223                 ));
 224         }
 225         else
 226                 $profile_in_net_dir = '';
 227
 228
 229
 230
 231
 232         $nickname_block = file_get_contents("view/settings_nick_set.tpl");
 233
 234
 235         $nickname_subdir = '';
 236         if(strlen($a->get_path())) {
 237                 $subdir_tpl = file_get_contents('view/settings_nick_subdir.tpl');
 238                 $nickname_subdir = replace_macros($subdir_tpl, array(
 239                         '$baseurl' => $a->get_baseurl(),
 240                         '$nickname' => $nickname,
 241                         '$hostname' => $a->get_hostname()
 242                 ));
 243         }
 244
 245         $theme_selector = '<select name="theme" id="theme-select" >';
 246         $files = glob('view/theme/*');
 247         if($files) {
 248                 foreach($files as $file) {
 249                         $f = basename($file);
 250                         $selected = (($f == $_SESSION['theme']) || ($f == 'default' && (! x($_SESSION,'theme')))
 251                                 ? ' selected="selected" ' : '' );
 252                         $theme_selector .= '<option val="' . basename($file) . '"' . $selected . '>' . basename($file) . '</option>';
 253                 }
 254         }
 255         $theme_selector .= '</select>';
 256
 257
 258         $nickname_block = replace_macros($nickname_block,array(
 259                 '$nickname' => $nickname,
 260                 '$uid' => $_SESSION['uid'],
 261                 '$subdir' => $nickname_subdir,
 262                 '$basepath' => $a->get_hostname(),
 263                 '$baseurl' => $a->get_baseurl()));
 264
 265         $o = file_get_contents('view/settings.tpl');
 266
 267         $o = replace_macros($o,array(
 268                 '$baseurl' => $a->get_baseurl(),
 269                 '$uid' => $_SESSION['uid'],
 270                 '$username' => $username,
 271                 '$email' => $email,
 272                 '$nickname_block' => $nickname_block,
 273                 '$timezone' => $timezone,
 274                 '$zoneselect' => select_timezone($timezone),
 275                 '$defloc' => $defloc,
 276                 '$profile_in_dir' => $profile_in_dir,
 277                 '$profile_in_net_dir' => $profile_in_net_dir,
 278                 '$permissions' => t('Default Post Permissions'),
 279                 '$visibility' => $profile['net-publish'],
 280                 '$aclselect' => populate_acl($a->user),
 281                 '$sel_notify1' => (($notify & NOTIFY_INTRO)   ? ' checked="checked" ' : ''),
 282                 '$sel_notify2' => (($notify & NOTIFY_CONFIRM) ? ' checked="checked" ' : ''),
 283                 '$sel_notify3' => (($notify & NOTIFY_WALL)    ? ' checked="checked" ' : ''),
 284                 '$sel_notify4' => (($notify & NOTIFY_COMMENT) ? ' checked="checked" ' : ''),
 285                 '$sel_notify5' => (($notify & NOTIFY_MAIL)    ? ' checked="checked" ' : ''),
 286                 '$theme' => $theme_selector
 287         ));
 288
 289         return $o;
 290
 291 }}