summaryrefslogtreecommitdiff
path: root/profile.php
blob: 1ad92bad994fa418f4271214ee2866159839c7d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
/***************************************************************************
Copyright (C) 2004 - 2006 Scuttle project
http://sourceforge.net/projects/scuttle/
http://scuttle.org/

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
***************************************************************************/

require_once('header.inc.php');
$templateservice =& ServiceFactory::getServiceInstance('TemplateService');
$userservice =& ServiceFactory::getServiceInstance('UserService');

$tplVars = array();

@list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;

$loggedon = false;
if ($userservice->isLoggedOn()) {
    $loggedon = true;
    $currentUser = $userservice->getCurrentUser();
    $currentUserID = $userservice->getCurrentUserId();
    $currentUsername = $currentUser[$userservice->getFieldName('username')];
}

if ($user) {
    if (is_int($user)) {
        $userid = intval($user);
    } else {
        $user = urldecode($user);
        if (!($userinfo = $userservice->getUserByUsername($user))) {
            $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
            $templateservice->loadTemplate('error.404.tpl', $tplVars);
            exit();
        } else {
            $userid =& $userinfo['uId'];
        }
    }
} else {
    $tplVars['error'] = T_('Username was not specified');
    $templateservice->loadTemplate('error.404.tpl', $tplVars);
    exit();
}

if ($user == $currentUsername) {
    $title = T_('My Profile');
} else {
    $title = T_('Profile') .': '. $user;
}
$tplVars['pagetitle'] = $title;
$tplVars['subtitle'] = $title;

$tplVars['user'] = $user;
$tplVars['userid'] = $userid;

if (isset($_POST['submitted']) && $currentUserID == $userid) {
    $error = false;
    $detPass = trim($_POST['pPass']);
    $detPassConf = trim($_POST['pPassConf']);
    $detName = trim($_POST['pName']);
    $detMail = trim($_POST['pMail']);
    $detPage = trim($_POST['pPage']);
    $detDesc = filter($_POST['pDesc']);
    
    // manage token preventing from CSRF vulnaribilities
    if ( !isset($_SESSION['token'], $_SESSION['token_stamp']) 
        || time() - $_SESSION['token_stamp'] > 600 //limit token lifetime, optionnal
        || $_SESSION['token'] != $_POST['token']) {
        $error = true;
        $tplVars['error'] = T_('Invalid Token');
    }
    
    if ($detPass != $detPassConf) {
        $error = true;
        $tplVars['error'] = T_('Password and confirmation do not match.');
    }
    if ($detPass != "" && strlen($detPass) < 6) {
        $error = true;
        $tplVars['error'] = T_('Password must be at least 6 characters long.');
    }
    if (!$userservice->isValidEmail($detMail)) {
        $error = true;
        $tplVars['error'] = T_('E-mail address is not valid.');
    }
    if (!$error) {
        if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) {
            $tplvars['error'] = T_('An error occurred while saving your changes.');
        } else {
            $tplVars['msg'] = T_('Changes saved.');
        }
    }
    $userinfo = $userservice->getUserByUsername($user);
}

if ($currentUserID != $userid) {
    $templatename = 'profile.tpl.php';
} else {
	//Token Init
	$_SESSION['token'] = md5(uniqid(rand(), true));
	$_SESSION['token_stamp'] = time();
	
    $templatename = 'editprofile.tpl.php';
    $tplVars['formaction']  = createURL('profile', $user);
    $tplVars['token'] = $_SESSION['token'];
    
}

$tplVars['row'] = $userinfo;
$templateservice->loadTemplate($templatename, $tplVars);
?>