1 files changed, 115 insertions, 0 deletions

diff --git a/profile.php b/profile.php
new file mode 100644
index 0000000..9240441
--- /dev/null
+++ b/profile.php
@@ -0,0 +1,115 @@
+<?php
+namespace mcoop;
+require_once("recaptcha/autoload.php");
+require_once("vendor/autoload.php");
+require_once("common/config.php");
+
+// TODO urgent: I really need to ratelimit updating email addresses, otherwise there could be spam problems
+
+/* TODO: the template uses | escape('html_attr') even though the output's
+   supposed to be xhtml (though I'm still sending as text/html because
+   application/xhtml+xml seems to break recaptcha in current browsers),
+   fix that and make an escape filter for xml attributes
+*/
+
+if (!isset($sess_info->login_member)) {
+	header("Location: " . urljoin($config->webapp_base_uri, "login.php"));
+	exit();
+}
+
+$danger_alerts = array();
+$success_alerts = array();
+
+function check_full_name($db, $sess_info, $fullname) {
+	$filt_fullname = $db->validate_fullname($fullname);
+	return ((bool)$filt_fullname && ($filt_fullname != $sess_info->login_member->full_name));
+}
+
+function update_full_name($db, $sess_info, $fullname, $twig_env) {
+	global $success_alerts;
+	global $danger_alerts;
+	$filt_fullname = $db->validate_fullname($fullname);
+	$userid = $sess_info->login_member->userid;
+	$conn = $db->conn;
+	$st = $conn->prepare("UPDATE members SET full_name = ? WHERE userid = ?");
+	$success = $st->execute(array($filt_fullname, $userid));
+	if ($success) {
+		$success_alerts[] = "Full name updated successfully";
+	} else {
+		$einfo = $st->errorInfo();
+		error_log("mcoop: profile.php failed updating full_name: " . var_export($einfo, true) . " ($userid, $filt_fullname)");
+		$danger_alerts[] = "Internal error, please contact the admin";
+	}
+	return $success;
+}
+
+function check_email($db, $sess_info, $email) {
+	return ((bool)$email && ($email != $sess_info->login_member->email));
+}
+
+function update_email($db, $sess_info, $email, $twig_env) {
+	global $success_alerts;
+	global $danger_alerts;
+	$success = false;
+	$conn = $db->conn;
+	try {
+		$filt_email = $db->validate_email($email);
+		$userid = $sess_info->login_member->userid;
+		$username = $sess_info->login_member->username;
+		$conn->beginTransaction();
+		$st = $conn->prepare("UPDATE members SET email = ? , validated=false WHERE userid = ?");
+		$success = $st->execute(array($filt_email, $userid));
+		if ($success) {
+			$db->send_validation_email($username, $filt_email, $twig_env);
+			$conn->commit();
+			$success_alerts[] = "email updated successfully, you should get a new validation email at the new email address";
+		} else {
+			$einfo = $st->errorInfo();
+			error_log("mcoop: profile.php failed updating email: " . var_export($einfo, true) . " ($userid, $filt_email)");
+			$danger_alerts[] = "Internal error, please contact the admin";
+		}
+	} catch (RegistrationError $re) {
+		$success = false;
+		$danger_alerts[] = $re->reason;
+		if ($conn->inTransaction())
+			$conn->rollBack();
+	}
+	return $success;
+}
+
+
+// TODO: add password updating as well
+
+$update_vars = array();
+$varname_mappings = array(
+	"email" => array("\mcoop\check_email", "\mcoop\update_email"),
+	"fullname" => array("\mcoop\check_full_name", "\mcoop\update_full_name")
+);
+
+$attempted = false;
+
+foreach ($varname_mappings as $k => $a) {
+	if (isset($_POST[$k])) {
+		$v = $_POST[$k];
+		$check_func = $a[0];
+		$res = $check_func($db, $sess_info, $v);
+		if ($res) {
+			$attempted = true;
+			$update_func = $a[1];
+			$update_func($db, $sess_info, $v, $twig);
+		}
+	}
+}
+
+if ($attempted) {
+	$sess_info->re_init();
+}
+
+
+echo $twig->render("profile.tmpl", array(
+	"danger_alerts" => $danger_alerts,
+	"success_alerts" => $success_alerts,
+	"sess_info" => $sess_info
+));
+
+?>