friendica/mod/settings.php
2010-07-08 20:25:05 -07:00

184 lines
5.3 KiB
PHP

<?php
function settings_init(&$a) {
if((! x($_SESSION,'authenticated')) && (x($_SESSION,'uid'))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
$a->error = 404;
return;
}
require_once("mod/profile.php");
profile_load($a,$_SESSION['uid']);
}
function settings_post(&$a) {
if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if((x($_POST,'password')) || (x($_POST,'confirm'))) {
$newpass = trim($_POST['password']);
$confirm = trim($_POST['confirm']);
$err = false;
if($newpass != $confirm ) {
$_SESSION['sysmsg'] .= "Passwords do not match. Password unchanged." . EOL;
$err = true;
}
if((! x($newpass)) || (! x($confirm))) {
$_SESSION['sysmsg'] .= "Empty passwords are not allowed. Password unchanged." . EOL;
$err = true;
}
if(! $err) {
$password = hash('whirlpool',$newpass);
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($password),
intval($_SESSION['uid']));
if($r)
$_SESSION['sysmsg'] .= "Password changed." . EOL;
else
$_SESSION['sysmsg'] .= "Password update failed. Please try again." . EOL;
}
}
$username = notags(trim($_POST['username']));
$email = notags(trim($_POST['email']));
if(x($_POST,'nick'))
$nick = notags(trim($_POST['nick']));
$timezone = notags(trim($_POST['timezone']));
$username_changed = false;
$email_changed = false;
$nick_changed = false;
$zone_changed = false;
$err = '';
if($username != $a->user['username']) {
$username_changed = true;
if(strlen($username) > 40)
$err .= " Please use a shorter name.";
if(strlen($username) < 3)
$err .= " Name too short.";
}
if($email != $a->user['email']) {
$email_changed = true;
if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email))
$err .= " Not valid email.";
$r = q("SELECT `uid` FROM `user`
WHERE `email` = '%s' LIMIT 1",
dbesc($email)
);
if($r !== NULL && count($r))
$err .= " This email address is already registered." . EOL;
}
if((x($nick)) && ($nick != $a->user['nickname'])) {
$nick_changed = true;
if(! preg_match("/^[a-zA-Z][a-zA-Z0-9\-\_]*$/",$nick))
$err .= " Nickname must start with a letter and contain only contain letters, numbers, dashes, and underscore.";
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' LIMIT 1",
dbesc($nick)
);
if($r !== NULL && count($r))
$err .= " Nickname is already registered. Try another." . EOL;
}
else
$nick = $a->user['nickname'];
if(strlen($err)) {
$_SESSION['sysmsg'] .= $err . EOL;
return;
}
if($timezone != $a->user['timezone']) {
$zone_changed = true;
if(strlen($timezone))
date_default_timezone_set($timezone);
}
if($email_changed || $username_changed || $nick_changed || $zone_changed ) {
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `nickname` = '%s', `timezone` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($username),
dbesc($email),
dbesc($nick),
dbesc($timezone),
intval($_SESSION['uid']));
if($r)
$_SESSION['sysmsg'] .= "Settings updated." . EOL;
}
if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) {
// FIXME - set to un-verified, blocked and redirect to logout
}
if($nick_changed) {
$r = q ("UPDATE `profile` SET `url` = '%s', `request` = '%s', `notify` = '%s', `poll` = '%s', `confirm` = '%s'
WHERE `uid` = %d AND `self` = 1 LIMIT 1",
dbesc( $a->get_baseurl() . '/profile/' . $nick ),
dbesc( $a->get_baseurl() . '/dfrn_request/' . $nick ),
dbesc( $a->get_baseurl() . '/dfrn_notify/' . $nick ),
dbesc( $a->get_baseurl() . '/dfrn_poll/' . $nick ),
dbesc( $a->get_baseurl() . '/dfrn_confirm/' . $nick ),
intval($_SESSION['uid'])
);
}
// Refresh the content display with new data
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($_SESSION['uid']));
if(count($r))
$a->user = $r[0];
}
if(! function_exists('settings_content')) {
function settings_content(&$a) {
if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
$username = $a->user['username'];
$email = $a->user['email'];
$nickname = $a->user['nickname'];
$timezone = $a->user['timezone'];
if(x($nickname))
$nickname_block = file_get_contents("view/settings_nick_set.tpl");
else
$nickname_block = file_get_contents("view/settings_nick_unset.tpl");
$nickname_block = replace_macros($nickname_block,array(
'$nickname' => $nickname,
'$uid' => $_SESSION['uid'],
'$basepath' => substr($a->get_baseurl(),strpos($a->get_baseurl(),'://') + 3),
'$baseurl' => $a->get_baseurl()));
$o = file_get_contents('view/settings.tpl');
$o = replace_macros($o,array(
'$baseurl' => $a->get_baseurl(),
'$uid' => $_SESSION['uid'],
'$username' => $username,
'$email' => $email,
'$nickname_block' => $nickname_block,
'$timezone' => $timezone,
'$zoneselect' => select_timezone($timezone)
));
return $o;
}}