diff options
Diffstat (limited to 'mod/settings.php')
-rw-r--r-- | mod/settings.php | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/mod/settings.php b/mod/settings.php new file mode 100644 index 000000000..de1133faf --- /dev/null +++ b/mod/settings.php @@ -0,0 +1,170 @@ +<?php + + +function settings_init(&$a) { + + if((! x($_SESSION,'authenticated')) && (x($_SESSION,'uid'))) { + $_SESSION['sysmsg'] .= "Permission denied." . EOL; + $a->error = 404; + return; + } + require_once("mod/profile.php"); + profile_load($a,$_SESSION['uid']); +} + + +function settings_post(&$a) { + + if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) { + $_SESSION['sysmsg'] .= "Permission denied." . EOL; + return; + } + if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) { + $_SESSION['sysmsg'] .= "Permission denied." . EOL; + return; + } + if((x($_POST,'password')) || (x($_POST,'confirm'))) { + + $newpass = trim($_POST['password']); + $confirm = trim($_POST['confirm']); + + $err = false; + if($newpass != $confirm ) { + $_SESSION['sysmsg'] .= "Passwords do not match. Password unchanged." . EOL; + $err = true; + } + + if((! x($newpass)) || (! x($confirm))) { + $_SESSION['sysmsg'] .= "Empty passwords are not allowed. Password unchanged." . EOL; + $err = true; + } + + if(! $err) { + $password = hash('whirlpool',$newpass); + $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1", + dbesc($password), + intval($_SESSION['uid'])); + if($r) + $_SESSION['sysmsg'] .= "Password changed." . EOL; + else + $_SESSION['sysmsg'] .= "Password update failed. Please try again." . EOL; + } + } + + $username = notags(trim($_POST['username'])); + $email = notags(trim($_POST['email'])); + if(x($_POST,'nick')) + $nick = notags(trim($_POST['nick'])); + $timezone = notags(trim($_POST['timezone'])); + + $username_changed = false; + $email_changed = false; + $nick_changed = false; + $zone_changed = false; + $err = ''; + + if($username != $a->user['username']) { + $username_changed = true; + if(strlen($username) > 40) + $err .= " Please use a shorter name."; + if(strlen($username) < 3) + $err .= " Name too short."; + } + if($email != $a->user['email']) { + $email_changed = true; + if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email)) + $err .= " Not valid email."; + $r = q("SELECT `uid` FROM `user` + WHERE `email` = '%s' LIMIT 1", + dbesc($email) + ); + if($r !== NULL && count($r)) + $err .= " This email address is already registered." . EOL; + } + if((x($nick)) && ($nick != $a->user['nickname'])) { + $nick_changed = true; + if(! preg_match("/^[a-zA-Z][a-zA-Z0-9\-\_]*$/",$nick)) + $err .= " Nickname must start with a letter and contain only contain letters, numbers, dashes, and underscore."; + $r = q("SELECT `uid` FROM `user` + WHERE `nickname` = '%s' LIMIT 1", + dbesc($nick) + ); + if($r !== NULL && count($r)) + $err .= " Nickname is already registered. Try another." . EOL; + } + else + $nick = $a->user['nickname']; + + if(strlen($err)) { + $_SESSION['sysmsg'] .= $err . EOL; + return; + } + if($timezone != $a->user['timezone']) { + $zone_changed = true; + if(strlen($timezone)) + date_default_timezone_set($timezone); + } + if($email_changed || $username_changed || $nick_changed || $zone_changed ) { + $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `nickname` = '%s', `timezone` = '%s' WHERE `uid` = %d LIMIT 1", + dbesc($username), + dbesc($email), + dbesc($nick), + dbesc($timezone), + intval($_SESSION['uid'])); + if($r) + $_SESSION['sysmsg'] .= "Settings updated." . EOL; + } + if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { + + // FIXME - set to un-verified, blocked and redirect to logout + + } + + // Refresh the content display with new data + + $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", + intval($_SESSION['uid'])); + if(count($r)) + $a->user = $r[0]; +} + + +if(! function_exists('settings_content')) { +function settings_content(&$a) { + + if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) { + $_SESSION['sysmsg'] .= "Permission denied." . EOL; + return; + } + + + $username = $a->user['username']; + $email = $a->user['email']; + $nickname = $a->user['nickname']; + $timezone = $a->user['timezone']; + + + if(x($nickname)) + $nickname_block = file_get_contents("view/settings_nick_set.tpl"); + else + $nickname_block = file_get_contents("view/settings_nick_unset.tpl"); + + $nickname_block = replace_macros($nickname_block,array( + '$nickname' => $nickname, + '$baseurl' => $a->get_baseurl())); + + $o = file_get_contents('view/settings.tpl'); + + $o = replace_macros($o,array( + '$baseurl' => $a->get_baseurl(), + '$uid' => $_SESSION['uid'], + '$username' => $username, + '$email' => $email, + '$nickname_block' => $nickname_block, + '$timezone' => $timezone, + '$zoneselect' => select_timezone($timezone) + )); + + return $o; + +}}
\ No newline at end of file |