From 29422fa55379aa61a61019b832c83dab6d450264 Mon Sep 17 00:00:00 2001 From: cweiske Date: Sat, 3 Oct 2009 14:00:33 +0000 Subject: move files to new locations git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@386 b3834d28-1941-0410-a4f8-b48e95affb8f --- www/profile.php | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 www/profile.php (limited to 'www/profile.php') diff --git a/www/profile.php b/www/profile.php new file mode 100644 index 0000000..2d00101 --- /dev/null +++ b/www/profile.php @@ -0,0 +1,129 @@ +getObjectUserByUsername($user); + if ($userinfo == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); + } else { + $userid =& $userinfo->getId(); + } + } +} else { + $tplVars['error'] = T_('Username was not specified'); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); +} + +if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) { + $title = T_('My Profile'); +} else { + $title = T_('Profile') .': '. $user; +} +$tplVars['pagetitle'] = $title; +$tplVars['subtitle'] = $title; + +$tplVars['user'] = $user; +$tplVars['userid'] = $userid; + +if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) { + $error = false; + $detPass = trim(POST_PASS); + $detPassConf = trim(POST_PASSCONF); + $detName = trim(POST_NAME); + $detMail = trim(POST_MAIL); + $detPage = trim(POST_PAGE); + $detDesc = filter(POST_DESC); + + // manage token preventing from CSRF vulnaribilities + if ( SESSION_TOKEN == '' + || time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal + || SESSION_TOKEN != POST_TOKEN) { + $error = true; + $tplVars['error'] = T_('Invalid Token'); + } + + if ($detPass != $detPassConf) { + $error = true; + $tplVars['error'] = T_('Password and confirmation do not match.'); + } + if ($detPass != "" && strlen($detPass) < 6) { + $error = true; + $tplVars['error'] = T_('Password must be at least 6 characters long.'); + } + if (!$userservice->isValidEmail($detMail)) { + $error = true; + $tplVars['error'] = T_('E-mail address is not valid.'); + } + if (!$error) { + if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) { + $tplvars['error'] = T_('An error occurred while saving your changes.'); + } else { + $tplVars['msg'] = T_('Changes saved.'); + } + } + $userinfo = $userservice->getObjectUserByUsername($user); +} + +if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) { + $templatename = 'profile.tpl.php'; +} else { + //Token Init + $_SESSION['token'] = md5(uniqid(rand(), true)); + $_SESSION['token_stamp'] = time(); + + $templatename = 'editprofile.tpl.php'; + $tplVars['formaction'] = createURL('profile', $user); + $tplVars['token'] = $_SESSION['token']; + +} + +$tplVars['objectUser'] = $userinfo; +$templateservice->loadTemplate($templatename, $tplVars); +?> -- cgit v1.2.3