From 29422fa55379aa61a61019b832c83dab6d450264 Mon Sep 17 00:00:00 2001
From: cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
Date: Sat, 3 Oct 2009 14:00:33 +0000
Subject: move files to new locations

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@386 b3834d28-1941-0410-a4f8-b48e95affb8f
---
 www/profile.php | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 129 insertions(+)
 create mode 100644 www/profile.php

(limited to 'www/profile.php')

diff --git a/www/profile.php b/www/profile.php
new file mode 100644
index 0000000..2d00101
--- /dev/null
+++ b/www/profile.php
@@ -0,0 +1,129 @@
+<?php
+/***************************************************************************
+ Copyright (C) 2004 - 2006 Scuttle project
+ http://sourceforge.net/projects/scuttle/
+ http://scuttle.org/
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ ***************************************************************************/
+
+require_once('header.inc.php');
+
+/* Service creation: only useful services are created */
+// No specific services
+
+/* Managing all possible inputs */
+isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
+isset($_POST['pPass']) ? define('POST_PASS', $_POST['pPass']): define('POST_PASS', '');
+isset($_POST['pPassConf']) ? define('POST_PASSCONF', $_POST['pPassConf']): define('POST_PASSCONF', '');
+isset($_POST['pName']) ? define('POST_NAME', $_POST['pName']): define('POST_NAME', '');
+isset($_POST['pMail']) ? define('POST_MAIL', $_POST['pMail']): define('POST_MAIL', '');
+isset($_POST['pPage']) ? define('POST_PAGE', $_POST['pPage']): define('POST_PAGE', '');
+isset($_POST['pDesc']) ? define('POST_DESC', $_POST['pDesc']): define('POST_DESC', '');
+
+isset($_POST['token']) ? define('POST_TOKEN', $_POST['token']): define('POST_TOKEN', '');
+isset($_SESSION['token']) ? define('SESSION_TOKEN', $_SESSION['token']): define('SESSION_TOKEN', '');
+isset($_SESSION['token_stamp']) ? define('SESSION_TOKENSTAMP', $_SESSION['token_stamp']): define('SESSION_TOKENSTAMP', '');
+
+
+@list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
+
+if ($user) {
+	
+	if (is_int($user)) {
+		$userid = intval($user);
+	} else {
+		$user = urldecode($user);
+		$userinfo = $userservice->getObjectUserByUsername($user);
+		if ($userinfo == NULL) {
+			$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
+			$templateservice->loadTemplate('error.404.tpl', $tplVars);
+			exit();
+		} else {
+			$userid =& $userinfo->getId();
+		}
+	}
+} else {
+	$tplVars['error'] = T_('Username was not specified');
+	$templateservice->loadTemplate('error.404.tpl', $tplVars);
+	exit();
+}
+
+if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) {
+	$title = T_('My Profile');
+} else {
+	$title = T_('Profile') .': '. $user;
+}
+$tplVars['pagetitle'] = $title;
+$tplVars['subtitle'] = $title;
+
+$tplVars['user'] = $user;
+$tplVars['userid'] = $userid;
+
+if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) {
+	$error = false;
+	$detPass = trim(POST_PASS);
+	$detPassConf = trim(POST_PASSCONF);
+	$detName = trim(POST_NAME);
+	$detMail = trim(POST_MAIL);
+	$detPage = trim(POST_PAGE);
+	$detDesc = filter(POST_DESC);
+
+	// manage token preventing from CSRF vulnaribilities
+	if ( SESSION_TOKEN == ''
+	|| time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal
+	|| SESSION_TOKEN != POST_TOKEN) {
+		$error = true;
+		$tplVars['error'] = T_('Invalid Token');
+	}
+
+	if ($detPass != $detPassConf) {
+		$error = true;
+		$tplVars['error'] = T_('Password and confirmation do not match.');
+	}
+	if ($detPass != "" && strlen($detPass) < 6) {
+		$error = true;
+		$tplVars['error'] = T_('Password must be at least 6 characters long.');
+	}
+	if (!$userservice->isValidEmail($detMail)) {
+		$error = true;
+		$tplVars['error'] = T_('E-mail address is not valid.');
+	}
+	if (!$error) {
+		if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) {
+			$tplvars['error'] = T_('An error occurred while saving your changes.');
+		} else {
+			$tplVars['msg'] = T_('Changes saved.');
+		}
+	}
+	$userinfo = $userservice->getObjectUserByUsername($user);
+}
+
+if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
+	$templatename = 'profile.tpl.php';
+} else {
+	//Token Init
+	$_SESSION['token'] = md5(uniqid(rand(), true));
+	$_SESSION['token_stamp'] = time();
+
+	$templatename = 'editprofile.tpl.php';
+	$tplVars['formaction']  = createURL('profile', $user);
+	$tplVars['token'] = $_SESSION['token'];
+
+}
+
+$tplVars['objectUser'] = $userinfo;
+$templateservice->loadTemplate($templatename, $tplVars);
+?>
-- 
cgit v1.2.3