diff options
author | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-01-15 18:05:08 +0000 |
---|---|---|
committer | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-01-15 18:05:08 +0000 |
commit | 24ab0f6487d7a3883af126cc22f5d9d08acf3a80 (patch) | |
tree | 33e842341ca277da4ba757cacf716c796d36c5c9 /profile.php | |
parent | eac302f2255460c6d7e35f1d29c26d488089d6ea (diff) | |
download | semanticscuttle-24ab0f6487d7a3883af126cc22f5d9d08acf3a80.tar.gz semanticscuttle-24ab0f6487d7a3883af126cc22f5d9d08acf3a80.tar.bz2 |
Minor Refactoring: add getIdFromUser()
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@238 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'profile.php')
-rw-r--r-- | profile.php | 151 |
1 files changed, 76 insertions, 75 deletions
diff --git a/profile.php b/profile.php index 56d6515..2d00101 100644 --- a/profile.php +++ b/profile.php @@ -1,23 +1,23 @@ <?php /*************************************************************************** -Copyright (C) 2004 - 2006 Scuttle project -http://sourceforge.net/projects/scuttle/ -http://scuttle.org/ + Copyright (C) 2004 - 2006 Scuttle project + http://sourceforge.net/projects/scuttle/ + http://scuttle.org/ -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -***************************************************************************/ + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + ***************************************************************************/ require_once('header.inc.php'); @@ -41,29 +41,30 @@ isset($_SESSION['token_stamp']) ? define('SESSION_TOKENSTAMP', $_SESSION['token_ @list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL; if ($user) { - if (is_int($user)) { - $userid = intval($user); - } else { - $user = urldecode($user); - $userinfo = $userservice->getObjectUserByUsername($user); - if ($userinfo == '') { - $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - exit(); - } else { - $userid =& $userinfo->getId(); - } - } + + if (is_int($user)) { + $userid = intval($user); + } else { + $user = urldecode($user); + $userinfo = $userservice->getObjectUserByUsername($user); + if ($userinfo == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); + } else { + $userid =& $userinfo->getId(); + } + } } else { - $tplVars['error'] = T_('Username was not specified'); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - exit(); + $tplVars['error'] = T_('Username was not specified'); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); } if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) { - $title = T_('My Profile'); + $title = T_('My Profile'); } else { - $title = T_('Profile') .': '. $user; + $title = T_('Profile') .': '. $user; } $tplVars['pagetitle'] = $title; $tplVars['subtitle'] = $title; @@ -72,55 +73,55 @@ $tplVars['user'] = $user; $tplVars['userid'] = $userid; if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) { - $error = false; - $detPass = trim(POST_PASS); - $detPassConf = trim(POST_PASSCONF); - $detName = trim(POST_NAME); - $detMail = trim(POST_MAIL); - $detPage = trim(POST_PAGE); - $detDesc = filter(POST_DESC); - - // manage token preventing from CSRF vulnaribilities - if ( SESSION_TOKEN == '' - || time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal - || SESSION_TOKEN != POST_TOKEN) { - $error = true; - $tplVars['error'] = T_('Invalid Token'); - } - - if ($detPass != $detPassConf) { - $error = true; - $tplVars['error'] = T_('Password and confirmation do not match.'); - } - if ($detPass != "" && strlen($detPass) < 6) { - $error = true; - $tplVars['error'] = T_('Password must be at least 6 characters long.'); - } - if (!$userservice->isValidEmail($detMail)) { - $error = true; - $tplVars['error'] = T_('E-mail address is not valid.'); - } - if (!$error) { - if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) { - $tplvars['error'] = T_('An error occurred while saving your changes.'); - } else { - $tplVars['msg'] = T_('Changes saved.'); - } - } - $userinfo = $userservice->getObjectUserByUsername($user); + $error = false; + $detPass = trim(POST_PASS); + $detPassConf = trim(POST_PASSCONF); + $detName = trim(POST_NAME); + $detMail = trim(POST_MAIL); + $detPage = trim(POST_PAGE); + $detDesc = filter(POST_DESC); + + // manage token preventing from CSRF vulnaribilities + if ( SESSION_TOKEN == '' + || time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal + || SESSION_TOKEN != POST_TOKEN) { + $error = true; + $tplVars['error'] = T_('Invalid Token'); + } + + if ($detPass != $detPassConf) { + $error = true; + $tplVars['error'] = T_('Password and confirmation do not match.'); + } + if ($detPass != "" && strlen($detPass) < 6) { + $error = true; + $tplVars['error'] = T_('Password must be at least 6 characters long.'); + } + if (!$userservice->isValidEmail($detMail)) { + $error = true; + $tplVars['error'] = T_('E-mail address is not valid.'); + } + if (!$error) { + if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) { + $tplvars['error'] = T_('An error occurred while saving your changes.'); + } else { + $tplVars['msg'] = T_('Changes saved.'); + } + } + $userinfo = $userservice->getObjectUserByUsername($user); } if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) { - $templatename = 'profile.tpl.php'; + $templatename = 'profile.tpl.php'; } else { //Token Init $_SESSION['token'] = md5(uniqid(rand(), true)); $_SESSION['token_stamp'] = time(); - - $templatename = 'editprofile.tpl.php'; - $tplVars['formaction'] = createURL('profile', $user); - $tplVars['token'] = $_SESSION['token']; - + + $templatename = 'editprofile.tpl.php'; + $tplVars['formaction'] = createURL('profile', $user); + $tplVars['token'] = $_SESSION['token']; + } $tplVars['objectUser'] = $userinfo; |