mod/settings.php

   1 <?php
   2
   3
   4 function settings_init(&$a) {
   5
   6         if((! x($_SESSION,'authenticated')) && (x($_SESSION,'uid'))) {
   7                 $_SESSION['sysmsg'] .= "Permission denied." . EOL;
   8                 $a->error = 404;
   9                 return;
  10         }
  11         require_once("mod/profile.php");
  12         profile_load($a,$_SESSION['uid']);
  13 }
  14
  15
  16 function settings_post(&$a) {
  17
  18         if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
  19                 $_SESSION['sysmsg'] .= "Permission denied." . EOL;
  20                 return;
  21         }
  22         if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) {
  23                 $_SESSION['sysmsg'] .= "Permission denied." . EOL;
  24                 return;
  25         }
  26         if((x($_POST,'password')) || (x($_POST,'confirm'))) {
  27
  28                 $newpass = trim($_POST['password']);
  29                 $confirm = trim($_POST['confirm']);
  30
  31                 $err = false;
  32                 if($newpass != $confirm ) {
  33                         $_SESSION['sysmsg'] .= "Passwords do not match. Password unchanged." . EOL;
  34                         $err = true;
  35                 }
  36
  37                 if((! x($newpass)) || (! x($confirm))) {
  38                         $_SESSION['sysmsg'] .= "Empty passwords are not allowed. Password unchanged." . EOL;
  39                         $err = true;
  40                 }
  41
  42                 if(! $err) {
  43                         $password = hash('whirlpool',$newpass);
  44                         $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
  45                                 dbesc($password),
  46                                 intval($_SESSION['uid']));
  47                         if($r)
  48                                 $_SESSION['sysmsg'] .= "Password changed." . EOL;
  49                         else
  50                                 $_SESSION['sysmsg'] .= "Password update failed. Please try again." . EOL;
  51                 }
  52         }
  53
  54         $username = notags(trim($_POST['username']));
  55         $email = notags(trim($_POST['email']));
  56         if(x($_POST,'nick'))
  57                 $nick = notags(trim($_POST['nick']));
  58         $timezone = notags(trim($_POST['timezone']));
  59
  60         $username_changed = false;
  61         $email_changed = false;
  62         $nick_changed = false;
  63         $zone_changed = false;
  64         $err = '';
  65
  66         if($username != $a->user['username']) {
  67                 $username_changed = true;
  68                 if(strlen($username) > 40)
  69                         $err .= " Please use a shorter name.";
  70                 if(strlen($username) < 3)
  71                         $err .= " Name too short.";
  72         }
  73         if($email != $a->user['email']) {
  74                 $email_changed = true;
  75                 if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email))
  76                         $err .= " Not valid email.";
  77                 $r = q("SELECT `uid` FROM `user`
  78                         WHERE `email` = '%s' LIMIT 1",
  79                         dbesc($email)
  80                         );
  81                 if($r !== NULL && count($r))
  82                         $err .= " This email address is already registered." . EOL;
  83         }
  84         if((x($nick)) && ($nick != $a->user['nickname'])) {
  85                 $nick_changed = true;
  86                 if(! preg_match("/^[a-zA-Z][a-zA-Z0-9\-\_]*$/",$nick))
  87                         $err .= " Nickname must start with a letter and contain only contain letters, numbers, dashes, and underscore.";
  88                 $r = q("SELECT `uid` FROM `user`
  89                         WHERE `nickname` = '%s' LIMIT 1",
  90                         dbesc($nick)
  91                         );
  92                 if($r !== NULL && count($r))
  93                         $err .= " Nickname is already registered. Try another." . EOL;
  94         }
  95         else
  96                 $nick = $a->user['nickname'];
  97
  98         if(strlen($err)) {
  99                 $_SESSION['sysmsg'] .= $err . EOL;
 100                 return;
 101         }
 102         if($timezone != $a->user['timezone']) {
 103                 $zone_changed = true;
 104                 if(strlen($timezone))
 105                         date_default_timezone_set($timezone);
 106         }
 107         if($email_changed || $username_changed || $nick_changed || $zone_changed ) {
 108                 $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `nickname` = '%s', `timezone` = '%s'  WHERE `uid` = %d LIMIT 1",
 109                         dbesc($username),
 110                         dbesc($email),
 111                         dbesc($nick),
 112                         dbesc($timezone),
 113                         intval($_SESSION['uid']));
 114                 if($r)
 115                         $_SESSION['sysmsg'] .= "Settings updated." . EOL;
 116         }
 117         if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) {
 118
 119                 // FIXME - set to un-verified, blocked and redirect to logout
 120
 121         }
 122
 123         // Refresh the content display with new data
 124
 125         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
 126                 intval($_SESSION['uid']));
 127         if(count($r))
 128                 $a->user = $r[0];
 129 }
 130
 131
 132 if(! function_exists('settings_content')) {
 133 function settings_content(&$a) {
 134
 135         if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
 136                 $_SESSION['sysmsg'] .= "Permission denied." . EOL;
 137                 return;
 138         }
 139
 140
 141         $username = $a->user['username'];
 142         $email    = $a->user['email'];
 143         $nickname = $a->user['nickname'];
 144         $timezone = $a->user['timezone'];
 145
 146
 147         if(x($nickname))
 148                 $nickname_block = file_get_contents("view/settings_nick_set.tpl");
 149         else
 150                 $nickname_block = file_get_contents("view/settings_nick_unset.tpl");
 151
 152         $nickname_block = replace_macros($nickname_block,array(
 153                 '$nickname' => $nickname,
 154                 '$baseurl' => $a->get_baseurl()));
 155
 156         $o = file_get_contents('view/settings.tpl');
 157
 158         $o = replace_macros($o,array(
 159                 '$baseurl' => $a->get_baseurl(),
 160                 '$uid' => $_SESSION['uid'],
 161                 '$username' => $username,
 162                 '$email' => $email,
 163                 '$nickname_block' => $nickname_block,
 164                 '$timezone' => $timezone,
 165                 '$zoneselect' => select_timezone($timezone)
 166                 ));
 167
 168         return $o;
 169
 170 }}