diff options
Diffstat (limited to 'mod/settings.php')
-rw-r--r-- | mod/settings.php | 74 |
1 files changed, 42 insertions, 32 deletions
diff --git a/mod/settings.php b/mod/settings.php index ea9c73435..a6655f46a 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -225,10 +225,44 @@ function settings_post(&$a) { $errs = array(); + $email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : ''); + $account = $a->get_account(); + if($email != $account['account_email']) { + if(! valid_email($email)) + $errs[] = t('Not valid email.'); + $adm = trim(get_config('system','admin_email')); + if(($adm) && (strcasecmp($email,$adm) == 0)) { + $errs[] = t('Protected email address. Cannot change to that email.'); + $email = $a->user['email']; + } + if(! $errs) { + $r = q("update account set account_email = '%s' where account_id = %d", + dbesc($email), + intval($account['account_id']) + ); + if(! $r) + $errs[] = t('System failure storing new email. Please try again.'); + } + } + + if($errs) { + foreach($errs as $err) + notice($err . EOL); + $errs = array(); + } + + if((x($_POST,'npassword')) || (x($_POST,'confirm'))) { - $newpass = $_POST['npassword']; - $confirm = $_POST['confirm']; + $origpass = trim($_POST['origpass']); + + require_once('include/auth.php'); + if(! account_verify_password($email,$origpass)) { + $errs[] = t('Password verification failed.'); + } + + $newpass = trim($_POST['npassword']); + $confirm = trim($_POST['confirm']); if($newpass != $confirm ) { $errs[] = t('Passwords do not match. Password unchanged.'); @@ -255,31 +289,6 @@ function settings_post(&$a) { } } - if($errs) { - foreach($errs as $err) - notice($err . EOL); - $errs = array(); - } - - $email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : ''); - $account = $a->get_account(); - if($email != $account['account_email']) { - if(! valid_email($email)) - $errs[] = t('Not valid email.'); - $adm = trim(get_config('system','admin_email')); - if(($adm) && (strcasecmp($email,$adm) == 0)) { - $errs[] = t('Protected email address. Cannot change to that email.'); - $email = $a->user['email']; - } - if(! $errs) { - $r = q("update account set account_email = '%s' where account_id = %d", - dbesc($email), - intval($account['account_id']) - ); - if(! $r) - $errs[] = t('System failure storing new email. Please try again.'); - } - } if($errs) { foreach($errs as $err) @@ -314,7 +323,7 @@ function settings_post(&$a) { foreach($global_perms as $k => $v) { $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; } - $acl = new AccessList($channel); + $acl = new Zotlabs\Access\AccessList($channel); $acl->set_from_array($_POST); $x = $acl->get(); @@ -695,8 +704,9 @@ function settings_content(&$a) { $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_account"), '$title' => t('Account Settings'), - '$password1'=> array('npassword', t('Enter New Password:'), '', ''), - '$password2'=> array('confirm', t('Confirm New Password:'), '', t('Leave password fields blank unless changing')), + '$origpass' => array('origpass', t('Current Password'), ' ',''), + '$password1'=> array('npassword', t('Enter New Password'), '', ''), + '$password2'=> array('confirm', t('Confirm New Password'), '', t('Leave password fields blank unless changing')), '$submit' => t('Submit'), '$email' => array('email', t('Email Address:'), $email, ''), '$removeme' => t('Remove Account'), @@ -992,7 +1002,7 @@ function settings_content(&$a) { $stpl = get_markup_template('settings.tpl'); - $acl = new AccessList($channel); + $acl = new Zotlabs\Access\AccessList($channel); $perm_defaults = $acl->get(); require_once('include/group.php'); @@ -1044,7 +1054,7 @@ function settings_content(&$a) { '$h_prv' => t('Security and Privacy Settings'), '$permissions_set' => $permissions_set, - '$server_role' => get_server_role(), + '$server_role' => Zotlabs\Project\System::get_server_role(), '$perms_set_msg' => t('Your permissions are already configured. Click to view/adjust'), '$hide_presence' => array('hide_presence', t('Hide my online presence'),$hide_presence, t('Prevents displaying in your profile that you are online'), $yes_no), |