aboutsummaryrefslogtreecommitdiffstats
path: root/mod/settings.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/settings.php')
-rw-r--r--mod/settings.php170
1 files changed, 170 insertions, 0 deletions
diff --git a/mod/settings.php b/mod/settings.php
new file mode 100644
index 000000000..de1133faf
--- /dev/null
+++ b/mod/settings.php
@@ -0,0 +1,170 @@
+<?php
+
+
+function settings_init(&$a) {
+
+ if((! x($_SESSION,'authenticated')) && (x($_SESSION,'uid'))) {
+ $_SESSION['sysmsg'] .= "Permission denied." . EOL;
+ $a->error = 404;
+ return;
+ }
+ require_once("mod/profile.php");
+ profile_load($a,$_SESSION['uid']);
+}
+
+
+function settings_post(&$a) {
+
+ if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
+ $_SESSION['sysmsg'] .= "Permission denied." . EOL;
+ return;
+ }
+ if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) {
+ $_SESSION['sysmsg'] .= "Permission denied." . EOL;
+ return;
+ }
+ if((x($_POST,'password')) || (x($_POST,'confirm'))) {
+
+ $newpass = trim($_POST['password']);
+ $confirm = trim($_POST['confirm']);
+
+ $err = false;
+ if($newpass != $confirm ) {
+ $_SESSION['sysmsg'] .= "Passwords do not match. Password unchanged." . EOL;
+ $err = true;
+ }
+
+ if((! x($newpass)) || (! x($confirm))) {
+ $_SESSION['sysmsg'] .= "Empty passwords are not allowed. Password unchanged." . EOL;
+ $err = true;
+ }
+
+ if(! $err) {
+ $password = hash('whirlpool',$newpass);
+ $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
+ dbesc($password),
+ intval($_SESSION['uid']));
+ if($r)
+ $_SESSION['sysmsg'] .= "Password changed." . EOL;
+ else
+ $_SESSION['sysmsg'] .= "Password update failed. Please try again." . EOL;
+ }
+ }
+
+ $username = notags(trim($_POST['username']));
+ $email = notags(trim($_POST['email']));
+ if(x($_POST,'nick'))
+ $nick = notags(trim($_POST['nick']));
+ $timezone = notags(trim($_POST['timezone']));
+
+ $username_changed = false;
+ $email_changed = false;
+ $nick_changed = false;
+ $zone_changed = false;
+ $err = '';
+
+ if($username != $a->user['username']) {
+ $username_changed = true;
+ if(strlen($username) > 40)
+ $err .= " Please use a shorter name.";
+ if(strlen($username) < 3)
+ $err .= " Name too short.";
+ }
+ if($email != $a->user['email']) {
+ $email_changed = true;
+ if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email))
+ $err .= " Not valid email.";
+ $r = q("SELECT `uid` FROM `user`
+ WHERE `email` = '%s' LIMIT 1",
+ dbesc($email)
+ );
+ if($r !== NULL && count($r))
+ $err .= " This email address is already registered." . EOL;
+ }
+ if((x($nick)) && ($nick != $a->user['nickname'])) {
+ $nick_changed = true;
+ if(! preg_match("/^[a-zA-Z][a-zA-Z0-9\-\_]*$/",$nick))
+ $err .= " Nickname must start with a letter and contain only contain letters, numbers, dashes, and underscore.";
+ $r = q("SELECT `uid` FROM `user`
+ WHERE `nickname` = '%s' LIMIT 1",
+ dbesc($nick)
+ );
+ if($r !== NULL && count($r))
+ $err .= " Nickname is already registered. Try another." . EOL;
+ }
+ else
+ $nick = $a->user['nickname'];
+
+ if(strlen($err)) {
+ $_SESSION['sysmsg'] .= $err . EOL;
+ return;
+ }
+ if($timezone != $a->user['timezone']) {
+ $zone_changed = true;
+ if(strlen($timezone))
+ date_default_timezone_set($timezone);
+ }
+ if($email_changed || $username_changed || $nick_changed || $zone_changed ) {
+ $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `nickname` = '%s', `timezone` = '%s' WHERE `uid` = %d LIMIT 1",
+ dbesc($username),
+ dbesc($email),
+ dbesc($nick),
+ dbesc($timezone),
+ intval($_SESSION['uid']));
+ if($r)
+ $_SESSION['sysmsg'] .= "Settings updated." . EOL;
+ }
+ if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) {
+
+ // FIXME - set to un-verified, blocked and redirect to logout
+
+ }
+
+ // Refresh the content display with new data
+
+ $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+ intval($_SESSION['uid']));
+ if(count($r))
+ $a->user = $r[0];
+}
+
+
+if(! function_exists('settings_content')) {
+function settings_content(&$a) {
+
+ if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
+ $_SESSION['sysmsg'] .= "Permission denied." . EOL;
+ return;
+ }
+
+
+ $username = $a->user['username'];
+ $email = $a->user['email'];
+ $nickname = $a->user['nickname'];
+ $timezone = $a->user['timezone'];
+
+
+ if(x($nickname))
+ $nickname_block = file_get_contents("view/settings_nick_set.tpl");
+ else
+ $nickname_block = file_get_contents("view/settings_nick_unset.tpl");
+
+ $nickname_block = replace_macros($nickname_block,array(
+ '$nickname' => $nickname,
+ '$baseurl' => $a->get_baseurl()));
+
+ $o = file_get_contents('view/settings.tpl');
+
+ $o = replace_macros($o,array(
+ '$baseurl' => $a->get_baseurl(),
+ '$uid' => $_SESSION['uid'],
+ '$username' => $username,
+ '$email' => $email,
+ '$nickname_block' => $nickname_block,
+ '$timezone' => $timezone,
+ '$zoneselect' => select_timezone($timezone)
+ ));
+
+ return $o;
+
+}} \ No newline at end of file