summaryrefslogtreecommitdiff
path: root/profile.php
diff options
context:
space:
mode:
authorKyle McFarland <tfkyle@gmail.com>2018-01-31 00:51:07 -0600
committerKyle McFarland <tfkyle@gmail.com>2018-01-31 00:51:07 -0600
commit61d1aa04d8d44b17bfe6dace90088669fc6c3df8 (patch)
tree7ede15c880e4c41a18cded46fe6d03fb2dc4543b /profile.php
downloadmcoop-61d1aa04d8d44b17bfe6dace90088669fc6c3df8.zip
mcoop-61d1aa04d8d44b17bfe6dace90088669fc6c3df8.tar.gz
mcoop-61d1aa04d8d44b17bfe6dace90088669fc6c3df8.tar.bz2
Initial importHEADmaster
* Registration system's almost done * Just part way through implementing tasks So not much done yet, but it's a start.
Diffstat (limited to 'profile.php')
-rw-r--r--profile.php115
1 files changed, 115 insertions, 0 deletions
diff --git a/profile.php b/profile.php
new file mode 100644
index 0000000..9240441
--- /dev/null
+++ b/profile.php
@@ -0,0 +1,115 @@
+<?php
+namespace mcoop;
+require_once("recaptcha/autoload.php");
+require_once("vendor/autoload.php");
+require_once("common/config.php");
+
+// TODO urgent: I really need to ratelimit updating email addresses, otherwise there could be spam problems
+
+/* TODO: the template uses | escape('html_attr') even though the output's
+ supposed to be xhtml (though I'm still sending as text/html because
+ application/xhtml+xml seems to break recaptcha in current browsers),
+ fix that and make an escape filter for xml attributes
+*/
+
+if (!isset($sess_info->login_member)) {
+ header("Location: " . urljoin($config->webapp_base_uri, "login.php"));
+ exit();
+}
+
+$danger_alerts = array();
+$success_alerts = array();
+
+function check_full_name($db, $sess_info, $fullname) {
+ $filt_fullname = $db->validate_fullname($fullname);
+ return ((bool)$filt_fullname && ($filt_fullname != $sess_info->login_member->full_name));
+}
+
+function update_full_name($db, $sess_info, $fullname, $twig_env) {
+ global $success_alerts;
+ global $danger_alerts;
+ $filt_fullname = $db->validate_fullname($fullname);
+ $userid = $sess_info->login_member->userid;
+ $conn = $db->conn;
+ $st = $conn->prepare("UPDATE members SET full_name = ? WHERE userid = ?");
+ $success = $st->execute(array($filt_fullname, $userid));
+ if ($success) {
+ $success_alerts[] = "Full name updated successfully";
+ } else {
+ $einfo = $st->errorInfo();
+ error_log("mcoop: profile.php failed updating full_name: " . var_export($einfo, true) . " ($userid, $filt_fullname)");
+ $danger_alerts[] = "Internal error, please contact the admin";
+ }
+ return $success;
+}
+
+function check_email($db, $sess_info, $email) {
+ return ((bool)$email && ($email != $sess_info->login_member->email));
+}
+
+function update_email($db, $sess_info, $email, $twig_env) {
+ global $success_alerts;
+ global $danger_alerts;
+ $success = false;
+ $conn = $db->conn;
+ try {
+ $filt_email = $db->validate_email($email);
+ $userid = $sess_info->login_member->userid;
+ $username = $sess_info->login_member->username;
+ $conn->beginTransaction();
+ $st = $conn->prepare("UPDATE members SET email = ? , validated=false WHERE userid = ?");
+ $success = $st->execute(array($filt_email, $userid));
+ if ($success) {
+ $db->send_validation_email($username, $filt_email, $twig_env);
+ $conn->commit();
+ $success_alerts[] = "email updated successfully, you should get a new validation email at the new email address";
+ } else {
+ $einfo = $st->errorInfo();
+ error_log("mcoop: profile.php failed updating email: " . var_export($einfo, true) . " ($userid, $filt_email)");
+ $danger_alerts[] = "Internal error, please contact the admin";
+ }
+ } catch (RegistrationError $re) {
+ $success = false;
+ $danger_alerts[] = $re->reason;
+ if ($conn->inTransaction())
+ $conn->rollBack();
+ }
+ return $success;
+}
+
+
+// TODO: add password updating as well
+
+$update_vars = array();
+$varname_mappings = array(
+ "email" => array("\mcoop\check_email", "\mcoop\update_email"),
+ "fullname" => array("\mcoop\check_full_name", "\mcoop\update_full_name")
+);
+
+$attempted = false;
+
+foreach ($varname_mappings as $k => $a) {
+ if (isset($_POST[$k])) {
+ $v = $_POST[$k];
+ $check_func = $a[0];
+ $res = $check_func($db, $sess_info, $v);
+ if ($res) {
+ $attempted = true;
+ $update_func = $a[1];
+ $update_func($db, $sess_info, $v, $twig);
+ }
+ }
+}
+
+if ($attempted) {
+ $sess_info->re_init();
+}
+
+
+echo $twig->render("profile.tmpl", array(
+ "danger_alerts" => $danger_alerts,
+ "success_alerts" => $success_alerts,
+ "sess_info" => $sess_info
+));
+
+?>