source: trunk/profile.php @ 1004

Last change on this file since 1004 was 1004, checked in by nikrou, 18 years ago

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 9.3 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-01-15 13:45:42 +0000 (Sun, 15 Jan 2006) $
10// | last modifier : $Author: nikrou $
11// | revision      : $Revision: 1004 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// customize appearance of the site for a user
29// +-----------------------------------------------------------------------+
30// |                           initialization                              |
31// +-----------------------------------------------------------------------+
32
33define('PHPWG_ROOT_PATH','./');
34include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
35check_login_authorization(false);
36$userdata = $user;
37
38//------------------------------------------------------ update & customization
39$errors = array();
40if (isset($_POST['validate']))
41{
42  $int_pattern = '/^\d+$/';
43 
44  if ($_POST['maxwidth'] != ''
45      and (!preg_match($int_pattern, $_POST['maxwidth'])
46           or $_POST['maxwidth'] < 50))
47  {
48    array_push($errors, $lang['maxwidth_error']);
49  }
50  if ($_POST['maxheight']
51       and (!preg_match($int_pattern, $_POST['maxheight'])
52             or $_POST['maxheight'] < 50))
53  {
54    array_push($errors, $lang['maxheight_error']);
55  }
56  // periods must be integer values, they represents number of days
57  if (!preg_match($int_pattern, $_POST['recent_period'])
58      or $_POST['recent_period'] <= 0)
59  {
60    array_push($errors, $lang['periods_error']);
61  }
62
63  $mail_error = validate_mail_address($_POST['mail_address']);
64  if (!empty($mail_error))
65  {
66    array_push($errors, $mail_error);
67  }
68   
69  if (!empty($_POST['use_new_pwd']))
70  {
71    // password must be the same as its confirmation
72    if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
73    {
74      array_push($errors,
75                 l10n('New password confirmation does not correspond'));
76    }
77   
78    // changing password requires old password
79    $query = '
80SELECT '.$conf['user_fields']['password'].' AS password
81  FROM '.USERS_TABLE.'
82  WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
83;';
84    list($current_password) = mysql_fetch_row(pwg_query($query));
85   
86    if ($conf['pass_convert']($_POST['password']) != $current_password)
87    {
88      array_push($errors, l10n('Current password is wrong'));
89    }
90  }
91 
92  if (count($errors) == 0)
93  {
94    // mass_updates function
95    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
96   
97    // update common user informations
98    $fields = array($conf['user_fields']['email']);
99
100    $data = array();
101    $data{$conf['user_fields']['id']} = $_POST['userid'];
102    $data{$conf['user_fields']['email']} = $_POST['mail_address'];
103
104    // password is updated only if filled
105    if (!empty($_POST['use_new_pwd']))
106    {
107      array_push($fields, $conf['user_fields']['password']);
108      // password is encrpyted with function $conf['pass_convert']
109      $data{$conf['user_fields']['password']} =
110        $conf['pass_convert']($_POST['use_new_pwd']);
111    }
112    mass_updates(USERS_TABLE,
113                 array('primary' => array($conf['user_fields']['id']),
114                       'update' => $fields),
115                 array($data));
116   
117    // update user "additional" informations (specific to PhpWebGallery)
118    $fields = array(
119      'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight',
120      'expand', 'show_nb_comments', 'recent_period', 'template'
121      );
122   
123    $data = array();
124    $data{'user_id'} = $_POST['userid'];
125   
126    foreach ($fields as $field)
127    {
128      if (isset($_POST[$field]))
129      {
130        $data{$field} = $_POST[$field];
131      }
132    }
133    mass_updates(USER_INFOS_TABLE,
134                 array('primary' => array('user_id'), 'update' => $fields),
135                 array($data));
136   
137    // redirection
138    $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];
139    redirect($url);
140  }
141}
142// +-----------------------------------------------------------------------+
143// |                       page header and options                         |
144// +-----------------------------------------------------------------------+
145
146$title= $lang['customize_page_title'];
147$page['body_id'] = 'theProfilePage';
148include(PHPWG_ROOT_PATH.'include/page_header.php');
149
150$url_action = PHPWG_ROOT_PATH.'profile.php';
151
152//----------------------------------------------------- template initialization
153$template->set_filenames(array('profile_body'=>'profile.tpl'));
154
155$expand = ($userdata['expand'] == 'true') ? 'EXPAND_TREE_YES':'EXPAND_TREE_NO';
156 
157$nb_comments =
158($userdata['show_nb_comments'] == 'true') ? 'NB_COMMENTS_YES':'NB_COMMENTS_NO';
159 
160$template->assign_vars(
161  array(
162    'USERNAME'=>$userdata['username'],
163    'USERID'=>$userdata['id'],
164    'EMAIL'=>@$userdata['email'],
165    'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
166    'NB_ROW_PAGE'=>$userdata['nb_line_page'],
167    'RECENT_PERIOD'=>$userdata['recent_period'],
168    'MAXWIDTH'=>@$userdata['maxwidth'],
169    'MAXHEIGHT'=>@$userdata['maxheight'],
170   
171    $expand=>'checked="checked"',
172    $nb_comments=>'checked="checked"',
173   
174    'L_TITLE' => $lang['customize_title'],
175    'L_REGISTRATION_INFO' => $lang['register_title'],
176    'L_PREFERENCES' => $lang['preferences'],
177    'L_USERNAME' => $lang['login'],
178    'L_EMAIL' => $lang['mail_address'],
179    'L_CURRENT_PASSWORD' => $lang['password'],
180    'L_CURRENT_PASSWORD_HINT' => $lang['password_hint'],
181    'L_NEW_PASSWORD' =>  $lang['new_password'],
182    'L_NEW_PASSWORD_HINT' => $lang['new_password_hint'],
183    'L_CONFIRM_PASSWORD' =>  $lang['reg_confirm'],
184    'L_CONFIRM_PASSWORD_HINT' => $lang['confirm_password_hint'],
185    'L_LANG_SELECT'=>$lang['language'],
186    'L_NB_IMAGE_LINE'=>$lang['nb_image_per_row'],
187    'L_NB_ROW_PAGE'=>$lang['nb_row_per_page'],
188    'L_STYLE_SELECT'=>$lang['theme'],
189    'L_RECENT_PERIOD'=>$lang['recent_period'],
190    'L_EXPAND_TREE'=>$lang['auto_expand'],
191    'L_NB_COMMENTS'=>$lang['show_nb_comments'],
192    'L_MAXWIDTH'=>$lang['maxwidth'],
193    'L_MAXHEIGHT'=>$lang['maxheight'],
194    'L_YES'=>$lang['yes'],
195    'L_NO'=>$lang['no'],
196    'L_SUBMIT'=>$lang['submit'],
197    'L_RESET'=>$lang['reset'],
198    'L_RETURN' =>  $lang['home'],
199    'L_RETURN_HINT' =>  $lang['home_hint'],
200
201    'U_RETURN' => PHPWG_ROOT_PATH.'category.php',
202   
203    'F_ACTION'=>$url_action,
204    ));
205
206$blockname = 'template_option';
207
208foreach (get_themes() as $pwg_template)
209{
210  if (isset($_POST['submit']))
211  {
212    $selected = $_POST['template']==$pwg_template ? 'selected="selected"' : '';
213  }
214  else if ($userdata['template'] == $pwg_template)
215  {
216    $selected = 'selected="selected"';
217  }
218  else
219  {
220    $selected = '';
221  }
222 
223  $template->assign_block_vars(
224    $blockname,
225    array(
226      'VALUE'=> $pwg_template,
227      'CONTENT' => $pwg_template,
228      'SELECTED' => $selected
229      ));
230}
231
232$blockname = 'language_option';
233
234foreach (get_languages() as $language_code => $language_name)
235{
236  if (isset($_POST['submit']))
237  {
238    $selected = $_POST['language']==$language_code ? 'selected="selected"':'';
239  }
240  else if ($userdata['language'] == $language_code)
241  {
242    $selected = 'selected="selected"';
243  }
244  else
245  {
246    $selected = '';
247  }
248 
249  $template->assign_block_vars(
250    $blockname,
251    array(
252      'VALUE'=> $language_code,
253      'CONTENT' => $language_name,
254      'SELECTED' => $selected
255      ));
256}
257
258// +-----------------------------------------------------------------------+
259// |                             errors display                            |
260// +-----------------------------------------------------------------------+
261if (count($errors) != 0)
262{
263  $template->assign_block_vars('errors',array());
264  foreach ($errors as $error)
265  {
266    $template->assign_block_vars('errors.error', array('ERROR'=>$error));
267  }
268}
269// +-----------------------------------------------------------------------+
270// |                           html code display                           |
271// +-----------------------------------------------------------------------+
272$template->assign_block_vars('profile',array());
273$template->parse('profile_body');
274include(PHPWG_ROOT_PATH.'include/page_tail.php');
275?>
Note: See TracBrowser for help on using the repository browser.