1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<?php
namespace mcoop;
require_once("recaptcha/autoload.php");
require_once("vendor/autoload.php");
require_once("common/config.php");
// TODO urgent: I really need to ratelimit updating email addresses, otherwise there could be spam problems
/* TODO: the template uses | escape('html_attr') even though the output's
supposed to be xhtml (though I'm still sending as text/html because
application/xhtml+xml seems to break recaptcha in current browsers),
fix that and make an escape filter for xml attributes
*/
if (!isset($sess_info->login_member)) {
header("Location: " . urljoin($config->webapp_base_uri, "login.php"));
exit();
}
$danger_alerts = array();
$success_alerts = array();
function check_full_name($db, $sess_info, $fullname) {
$filt_fullname = $db->validate_fullname($fullname);
return ((bool)$filt_fullname && ($filt_fullname != $sess_info->login_member->full_name));
}
function update_full_name($db, $sess_info, $fullname, $twig_env) {
global $success_alerts;
global $danger_alerts;
$filt_fullname = $db->validate_fullname($fullname);
$userid = $sess_info->login_member->userid;
$conn = $db->conn;
$st = $conn->prepare("UPDATE members SET full_name = ? WHERE userid = ?");
$success = $st->execute(array($filt_fullname, $userid));
if ($success) {
$success_alerts[] = "Full name updated successfully";
} else {
$einfo = $st->errorInfo();
error_log("mcoop: profile.php failed updating full_name: " . var_export($einfo, true) . " ($userid, $filt_fullname)");
$danger_alerts[] = "Internal error, please contact the admin";
}
return $success;
}
function check_email($db, $sess_info, $email) {
return ((bool)$email && ($email != $sess_info->login_member->email));
}
function update_email($db, $sess_info, $email, $twig_env) {
global $success_alerts;
global $danger_alerts;
$success = false;
$conn = $db->conn;
try {
$filt_email = $db->validate_email($email);
$userid = $sess_info->login_member->userid;
$username = $sess_info->login_member->username;
$conn->beginTransaction();
$st = $conn->prepare("UPDATE members SET email = ? , validated=false WHERE userid = ?");
$success = $st->execute(array($filt_email, $userid));
if ($success) {
$db->send_validation_email($username, $filt_email, $twig_env);
$conn->commit();
$success_alerts[] = "email updated successfully, you should get a new validation email at the new email address";
} else {
$einfo = $st->errorInfo();
error_log("mcoop: profile.php failed updating email: " . var_export($einfo, true) . " ($userid, $filt_email)");
$danger_alerts[] = "Internal error, please contact the admin";
}
} catch (RegistrationError $re) {
$success = false;
$danger_alerts[] = $re->reason;
if ($conn->inTransaction())
$conn->rollBack();
}
return $success;
}
// TODO: add password updating as well
$update_vars = array();
$varname_mappings = array(
"email" => array("\mcoop\check_email", "\mcoop\update_email"),
"fullname" => array("\mcoop\check_full_name", "\mcoop\update_full_name")
);
$attempted = false;
foreach ($varname_mappings as $k => $a) {
if (isset($_POST[$k])) {
$v = $_POST[$k];
$check_func = $a[0];
$res = $check_func($db, $sess_info, $v);
if ($res) {
$attempted = true;
$update_func = $a[1];
$update_func($db, $sess_info, $v, $twig);
}
}
}
if ($attempted) {
$sess_info->re_init();
}
echo $twig->render("profile.tmpl", array(
"danger_alerts" => $danger_alerts,
"success_alerts" => $success_alerts,
"sess_info" => $sess_info
));
?>
|
