chie/public/settings.php

<?php
require_once '../startup.php';

include_once '_user.php';

if(!session_active()) {
    header('Location: /login?m=forbidden');
    return;
}

$options = [
    FMF_UF_SCROLLBEYOND => 'Scroll beyond end of the page.',
];

$timeZones = DateTimeZone::listIdentifiers();

if(isset($_POST['date_format_custom'], $_POST['timezone']) && CSRF::verify()) {
    $timeZone = is_string($_POST['timezone']) ? $_POST['timezone'] : '';
    $dateFormatCustom = is_string($_POST['date_format_custom']) ? $_POST['date_format_custom'] : '';
    $currentPass = isset($_POST['currpass']) && is_string($_POST['currpass']) ? $_POST['currpass'] : '';
    $newPass  = isset($_POST['newpwd'])  && is_string($_POST['newpwd'])  ? $_POST['newpwd']  : '';
    $confPass = isset($_POST['conpwd'])  && is_string($_POST['conpwd'])  ? $_POST['conpwd']  : '';
    $newMail  = isset($_POST['newmail']) && is_string($_POST['newmail']) ? $_POST['newmail'] : '';
    $confMail = isset($_POST['conmail']) && is_string($_POST['conmail']) ? $_POST['conmail'] : '';
    $setMail = !empty($newMail) && !empty($confMail);
    $setPass = !empty($newPass) && !empty($confPass);

    if($setMail || $setPass) {
        if(!verify_password($currentPass)) {
            $error = 'Current password was invalid.';
        } else {
            if(!isset($error) && $setPass) {
                $error = validate_password($newPass);

                if(!isset($error)) {
                    if($newPass !== $confPass) {
                        $email = 'Passwords don\'t match.';
                    } else {
                        user_set_password(current_user_id(), $newPass);
                    }
                }
            }

            if(!isset($error) && $setMail) {
                $error = validate_email($newMail);

                if(!isset($error)) {
                    if($newMail !== $confMail) {
                        $error = 'E-mail addresses don\'t match.';
                    } else {
                        $emailVerification = user_set_email(current_user_id(), $newMail);
                    }
                }
            }
        }
    }

    if(!isset($error)) {
        if(!in_array($timeZone, $timeZones)) {
            $error = 'Invalid time zone specified.';
        } elseif(strlen($dateFormatCustom) > 50) {
            $error = 'Invalid date/time format string.';
        } else {
            $userFlags = 0;

            foreach(array_keys($options) as $flag)
                if(!empty($_POST['flag_' . $flag]))
                    $userFlags |= $flag;

            $updateUser = $pdo->prepare('
                UPDATE `fmf_users`
                SET `user_date_format` = :dtf,
                    `user_time_zone` = :tz,
                    `user_flags` = :flags
                WHERE `user_id` = :user
            ');
            $updateUser->bindValue('dtf', htmlentities($dateFormatCustom));
            $updateUser->bindValue('tz', $timeZone);
            $updateUser->bindValue('flags', $userFlags);
            $updateUser->bindValue('user', current_user_id());
            $updateUser->execute();
        }
    }

    if(!empty($emailVerification)) {
        $userInfo = user_info(current_user_id(), true);
        $mailer->send(
            (new Swift_Message('flash.moe message board activation'))
                ->setFrom(['system@flash.moe' => 'flash.moe'])
                ->setTo([$userInfo['user_email'] => $userInfo['user_login']])
                ->setBody(
                    "Hey {$userInfo['user_login']},\r\n\r\n".
                    "You are required to reactivate your account after e-mail changes.\r\n\r\n".
                    "Click the following link to activate your account:\r\n\r\n".
                    "<https://{$_SERVER['HTTP_HOST']}/activate/{$emailVerification}>\r\n"
                )
        );
        destroy_session($_COOKIE['fmfauth'] ?? '');
        header('Location: /login?m=reactivate');
        return;
    }
}

$userInfo = user_info(current_user_id(), true);
$title = 'Settings';

foreach($timeZones as $key => $timeZone) {
    $timeZones[$key] = new DateTimeZone($timeZone);
    $timeZones[$key]->offset = $timeZones[$key]->getOffset(new DateTime('now', new DateTimeZone('UTC')));
}

uasort($timeZones, function($a, $b) {
    $diff = $a->offset <=> $b->offset;

    if($diff === 0)
        return strcmp($a->getName(), $b->getName());

    return $diff;
});

include FMF_LAYOUT . '/header.php';
?>
<form method="post" action="">
    <?=CSRF::html();?>

    <?php if(isset($error) || isset($message)) { ?>
    <div class="settings-message<?php if(isset($error)) { echo ' settings-message-error'; }?>"><?=($error ?? $message);?></div>
    <?php } ?>

    <div class="setting">
        <div class="setting-head"><h3>Avatar</h3></div>
        <div class="setting-value">
            <a href="https://en.gravatar.com/">Gravatar</a> is used for user profile images, go <a href="https://en.gravatar.com/emails/">here</a> to change it. Only images with G rating will be used.
        </div>
    </div>

    <div class="setting">
        <div class="setting-head"><h3>Options</h3></div>
        <div class="setting-value">
            <?php
            foreach($options as $oFlag => $oText) {
                ?>
                <div class="settings-option"><label>
                    <input type="checkbox" name="flag_<?=$oFlag;?>" <?php if(($userInfo['user_flags'] & $oFlag) > 0) { echo 'checked'; } ?>/>
                    <?=$oText;?>
                </label></div>
                <?php
            }
            ?>
        </div>
    </div>

    <div class="setting">
        <div class="setting-head"><h3>Date/time format</h3></div>
        <div class="setting-value">
            <input type="text" name="date_format_custom" value="<?=$userInfo['user_date_format'];?>"/><br/>
            <a href="https://www.php.net/manual/en/datetime.format.php#refsect1-datetime.format-parameters" style="font-size: .9em;" target="_blank" rel="noopener">Using PHP DateTimeInterface::format() format</a>
        </div>
    </div>

    <div class="setting">
        <div class="setting-head"><h3>Time zone</h3></div>
        <div class="setting-value">
            <select name="timezone">
            <?php
                foreach($timeZones as $timeZone) {
                ?>
                <option value="<?=$timeZone->getName();?>"<?=($timeZone->getName() === $userInfo['user_time_zone'] ? 'selected' : '');?>>(UTC<?=($timeZone->offset < 0 ? '-' : '+');?><?=gmdate('H:i', abs($timeZone->offset));?>) <?=$timeZone->getName();?></option>
                <?php
                }
            ?>
            </select>
        </div>
    </div>

    <div class="setting">
        <div class="setting-head"><h3>Password</h3></div>
        <div class="setting-value">
            <label>New Password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" name="newpwd"/></label><br/>
            <label>Confirm Password:&nbsp;<input type="password" name="conpwd"/></label>
        </div>
    </div>

    <div class="setting">
        <div class="setting-head"><h3>E-mail</h3></div>
        <div class="setting-value">
            <span style="font-size: .9em; font-weight: 700;">You will be forced to reactivate your account after changing your e-mail address, make sure to get it right!</span><br/>
            <label>New e-mail address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="email" name="newmail" value="<?=$userInfo['user_email'];?>"/></label><br/>
            <label>Confirm e-mail address:&nbsp;<input type="email" name="conmail"/></label>
        </div>
    </div>

    <div class="setting">
        <div class="setting-head"><h3>Current Password</h3></div>
        <div class="setting-value">
            Only required for changing e-mail or password.<br/>
            <input type="password" name="currpass"/>
        </div>
    </div>

    <div class="settings-buttons">
        <input type="submit" value="Save"/>
        <input type="reset" value="Reset"/>
    </div>
</form>
<?php
include FMF_LAYOUT . '/footer.php';