diff options
Diffstat (limited to 'profile.php')
-rw-r--r-- | profile.php | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/profile.php b/profile.php new file mode 100644 index 0000000..9240441 --- /dev/null +++ b/profile.php @@ -0,0 +1,115 @@ +<?php +namespace mcoop; +require_once("recaptcha/autoload.php"); +require_once("vendor/autoload.php"); +require_once("common/config.php"); + +// TODO urgent: I really need to ratelimit updating email addresses, otherwise there could be spam problems + +/* TODO: the template uses | escape('html_attr') even though the output's + supposed to be xhtml (though I'm still sending as text/html because + application/xhtml+xml seems to break recaptcha in current browsers), + fix that and make an escape filter for xml attributes +*/ + +if (!isset($sess_info->login_member)) { + header("Location: " . urljoin($config->webapp_base_uri, "login.php")); + exit(); +} + +$danger_alerts = array(); +$success_alerts = array(); + +function check_full_name($db, $sess_info, $fullname) { + $filt_fullname = $db->validate_fullname($fullname); + return ((bool)$filt_fullname && ($filt_fullname != $sess_info->login_member->full_name)); +} + +function update_full_name($db, $sess_info, $fullname, $twig_env) { + global $success_alerts; + global $danger_alerts; + $filt_fullname = $db->validate_fullname($fullname); + $userid = $sess_info->login_member->userid; + $conn = $db->conn; + $st = $conn->prepare("UPDATE members SET full_name = ? WHERE userid = ?"); + $success = $st->execute(array($filt_fullname, $userid)); + if ($success) { + $success_alerts[] = "Full name updated successfully"; + } else { + $einfo = $st->errorInfo(); + error_log("mcoop: profile.php failed updating full_name: " . var_export($einfo, true) . " ($userid, $filt_fullname)"); + $danger_alerts[] = "Internal error, please contact the admin"; + } + return $success; +} + +function check_email($db, $sess_info, $email) { + return ((bool)$email && ($email != $sess_info->login_member->email)); +} + +function update_email($db, $sess_info, $email, $twig_env) { + global $success_alerts; + global $danger_alerts; + $success = false; + $conn = $db->conn; + try { + $filt_email = $db->validate_email($email); + $userid = $sess_info->login_member->userid; + $username = $sess_info->login_member->username; + $conn->beginTransaction(); + $st = $conn->prepare("UPDATE members SET email = ? , validated=false WHERE userid = ?"); + $success = $st->execute(array($filt_email, $userid)); + if ($success) { + $db->send_validation_email($username, $filt_email, $twig_env); + $conn->commit(); + $success_alerts[] = "email updated successfully, you should get a new validation email at the new email address"; + } else { + $einfo = $st->errorInfo(); + error_log("mcoop: profile.php failed updating email: " . var_export($einfo, true) . " ($userid, $filt_email)"); + $danger_alerts[] = "Internal error, please contact the admin"; + } + } catch (RegistrationError $re) { + $success = false; + $danger_alerts[] = $re->reason; + if ($conn->inTransaction()) + $conn->rollBack(); + } + return $success; +} + + +// TODO: add password updating as well + +$update_vars = array(); +$varname_mappings = array( + "email" => array("\mcoop\check_email", "\mcoop\update_email"), + "fullname" => array("\mcoop\check_full_name", "\mcoop\update_full_name") +); + +$attempted = false; + +foreach ($varname_mappings as $k => $a) { + if (isset($_POST[$k])) { + $v = $_POST[$k]; + $check_func = $a[0]; + $res = $check_func($db, $sess_info, $v); + if ($res) { + $attempted = true; + $update_func = $a[1]; + $update_func($db, $sess_info, $v, $twig); + } + } +} + +if ($attempted) { + $sess_info->re_init(); +} + + +echo $twig->render("profile.tmpl", array( + "danger_alerts" => $danger_alerts, + "success_alerts" => $success_alerts, + "sess_info" => $sess_info +)); + +?> |