summaryrefslogtreecommitdiff
path: root/www/profile.php
blob: 2d001014297ba0d50819d8dda790890de6cd9e1b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
/***************************************************************************
 Copyright (C) 2004 - 2006 Scuttle project
 http://sourceforge.net/projects/scuttle/
 http://scuttle.org/

 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 ***************************************************************************/

require_once('header.inc.php');

/* Service creation: only useful services are created */
// No specific services

/* Managing all possible inputs */
isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
isset($_POST['pPass']) ? define('POST_PASS', $_POST['pPass']): define('POST_PASS', '');
isset($_POST['pPassConf']) ? define('POST_PASSCONF', $_POST['pPassConf']): define('POST_PASSCONF', '');
isset($_POST['pName']) ? define('POST_NAME', $_POST['pName']): define('POST_NAME', '');
isset($_POST['pMail']) ? define('POST_MAIL', $_POST['pMail']): define('POST_MAIL', '');
isset($_POST['pPage']) ? define('POST_PAGE', $_POST['pPage']): define('POST_PAGE', '');
isset($_POST['pDesc']) ? define('POST_DESC', $_POST['pDesc']): define('POST_DESC', '');

isset($_POST['token']) ? define('POST_TOKEN', $_POST['token']): define('POST_TOKEN', '');
isset($_SESSION['token']) ? define('SESSION_TOKEN', $_SESSION['token']): define('SESSION_TOKEN', '');
isset($_SESSION['token_stamp']) ? define('SESSION_TOKENSTAMP', $_SESSION['token_stamp']): define('SESSION_TOKENSTAMP', '');


@list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;

if ($user) {
	
	if (is_int($user)) {
		$userid = intval($user);
	} else {
		$user = urldecode($user);
		$userinfo = $userservice->getObjectUserByUsername($user);
		if ($userinfo == NULL) {
			$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
			$templateservice->loadTemplate('error.404.tpl', $tplVars);
			exit();
		} else {
			$userid =& $userinfo->getId();
		}
	}
} else {
	$tplVars['error'] = T_('Username was not specified');
	$templateservice->loadTemplate('error.404.tpl', $tplVars);
	exit();
}

if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) {
	$title = T_('My Profile');
} else {
	$title = T_('Profile') .': '. $user;
}
$tplVars['pagetitle'] = $title;
$tplVars['subtitle'] = $title;

$tplVars['user'] = $user;
$tplVars['userid'] = $userid;

if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) {
	$error = false;
	$detPass = trim(POST_PASS);
	$detPassConf = trim(POST_PASSCONF);
	$detName = trim(POST_NAME);
	$detMail = trim(POST_MAIL);
	$detPage = trim(POST_PAGE);
	$detDesc = filter(POST_DESC);

	// manage token preventing from CSRF vulnaribilities
	if ( SESSION_TOKEN == ''
	|| time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal
	|| SESSION_TOKEN != POST_TOKEN) {
		$error = true;
		$tplVars['error'] = T_('Invalid Token');
	}

	if ($detPass != $detPassConf) {
		$error = true;
		$tplVars['error'] = T_('Password and confirmation do not match.');
	}
	if ($detPass != "" && strlen($detPass) < 6) {
		$error = true;
		$tplVars['error'] = T_('Password must be at least 6 characters long.');
	}
	if (!$userservice->isValidEmail($detMail)) {
		$error = true;
		$tplVars['error'] = T_('E-mail address is not valid.');
	}
	if (!$error) {
		if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) {
			$tplvars['error'] = T_('An error occurred while saving your changes.');
		} else {
			$tplVars['msg'] = T_('Changes saved.');
		}
	}
	$userinfo = $userservice->getObjectUserByUsername($user);
}

if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
	$templatename = 'profile.tpl.php';
} else {
	//Token Init
	$_SESSION['token'] = md5(uniqid(rand(), true));
	$_SESSION['token_stamp'] = time();

	$templatename = 'editprofile.tpl.php';
	$tplVars['formaction']  = createURL('profile', $user);
	$tplVars['token'] = $_SESSION['token'];

}

$tplVars['objectUser'] = $userinfo;
$templateservice->loadTemplate($templatename, $tplVars);
?>