This repository has been archived on 2021-07-02. You can view files and clone it, but cannot push or open issues or pull requests.
chie/public/settings.php

207 lines
7.9 KiB
PHP

<?php
require_once '../startup.php';
include_once '_user.php';
if(!session_active()) {
header('Location: /login?m=forbidden');
return;
}
$options = [
FMF_UF_SCROLLBEYOND => 'Scroll beyond end of the page.',
];
$timeZones = DateTimeZone::listIdentifiers();
if(isset($_POST['date_format_custom'], $_POST['timezone']) && CSRF::verify()) {
$timeZone = is_string($_POST['timezone']) ? $_POST['timezone'] : '';
$dateFormatCustom = is_string($_POST['date_format_custom']) ? $_POST['date_format_custom'] : '';
$currentPass = isset($_POST['currpass']) && is_string($_POST['currpass']) ? $_POST['currpass'] : '';
$newPass = isset($_POST['newpwd']) && is_string($_POST['newpwd']) ? $_POST['newpwd'] : '';
$confPass = isset($_POST['conpwd']) && is_string($_POST['conpwd']) ? $_POST['conpwd'] : '';
$newMail = isset($_POST['newmail']) && is_string($_POST['newmail']) ? $_POST['newmail'] : '';
$confMail = isset($_POST['conmail']) && is_string($_POST['conmail']) ? $_POST['conmail'] : '';
$setMail = !empty($newMail) && !empty($confMail);
$setPass = !empty($newPass) && !empty($confPass);
if($setMail || $setPass) {
if(!verify_password($currentPass)) {
$error = 'Current password was invalid.';
} else {
if(!isset($error) && $setPass) {
$error = validate_password($newPass);
if(!isset($error)) {
if($newPass !== $confPass) {
$email = 'Passwords don\'t match.';
} else {
user_set_password(current_user_id(), $newPass);
}
}
}
if(!isset($error) && $setMail) {
$error = validate_email($newMail);
if(!isset($error)) {
if($newMail !== $confMail) {
$error = 'E-mail addresses don\'t match.';
} else {
$emailVerification = user_set_email(current_user_id(), $newMail);
}
}
}
}
}
if(!isset($error)) {
if(!in_array($timeZone, $timeZones)) {
$error = 'Invalid time zone specified.';
} elseif(strlen($dateFormatCustom) > 50) {
$error = 'Invalid date/time format string.';
} else {
$userFlags = 0;
foreach(array_keys($options) as $flag)
if(!empty($_POST['flag_' . $flag]))
$userFlags |= $flag;
$updateUser = $pdo->prepare('
UPDATE `fmf_users`
SET `user_date_format` = :dtf,
`user_time_zone` = :tz,
`user_flags` = :flags
WHERE `user_id` = :user
');
$updateUser->bindValue('dtf', htmlentities($dateFormatCustom));
$updateUser->bindValue('tz', $timeZone);
$updateUser->bindValue('flags', $userFlags);
$updateUser->bindValue('user', current_user_id());
$updateUser->execute();
}
}
if(!empty($emailVerification)) {
$userInfo = user_info(current_user_id(), true);
$mailer->send(
(new Swift_Message('flash.moe message board activation'))
->setFrom(['system@flash.moe' => 'flash.moe'])
->setTo([$userInfo['user_email'] => $userInfo['user_login']])
->setBody(
"Hey {$userInfo['user_login']},\r\n\r\n".
"You are required to reactivate your account after e-mail changes.\r\n\r\n".
"Click the following link to activate your account:\r\n\r\n".
"<https://{$_SERVER['HTTP_HOST']}/activate/{$emailVerification}>\r\n"
)
);
destroy_session($_COOKIE['fmfauth'] ?? '');
header('Location: /login?m=reactivate');
return;
}
}
$userInfo = user_info(current_user_id(), true);
$title = 'Settings';
foreach($timeZones as $key => $timeZone) {
$timeZones[$key] = new DateTimeZone($timeZone);
$timeZones[$key]->offset = $timeZones[$key]->getOffset(new DateTime('now', new DateTimeZone('UTC')));
}
uasort($timeZones, function($a, $b) {
$diff = $a->offset <=> $b->offset;
if($diff === 0)
return strcmp($a->getName(), $b->getName());
return $diff;
});
include FMF_LAYOUT . '/header.php';
?>
<form method="post" action="">
<?=CSRF::html();?>
<?php if(isset($error) || isset($message)) { ?>
<div class="settings-message<?php if(isset($error)) { echo ' settings-message-error'; }?>"><?=($error ?? $message);?></div>
<?php } ?>
<div class="setting">
<div class="setting-head"><h3>Avatar</h3></div>
<div class="setting-value">
<a href="https://en.gravatar.com/">Gravatar</a> is used for user profile images, go <a href="https://en.gravatar.com/emails/">here</a> to change it. Only images with G rating will be used.
</div>
</div>
<div class="setting">
<div class="setting-head"><h3>Options</h3></div>
<div class="setting-value">
<?php
foreach($options as $oFlag => $oText) {
?>
<div class="settings-option"><label>
<input type="checkbox" name="flag_<?=$oFlag;?>" <?php if(($userInfo['user_flags'] & $oFlag) > 0) { echo 'checked'; } ?>/>
<?=$oText;?>
</label></div>
<?php
}
?>
</div>
</div>
<div class="setting">
<div class="setting-head"><h3>Date/time format</h3></div>
<div class="setting-value">
<input type="text" name="date_format_custom" value="<?=$userInfo['user_date_format'];?>"/><br/>
<a href="https://www.php.net/manual/en/datetime.format.php#refsect1-datetime.format-parameters" style="font-size: .9em;" target="_blank" rel="noopener">Using PHP DateTimeInterface::format() format</a>
</div>
</div>
<div class="setting">
<div class="setting-head"><h3>Time zone</h3></div>
<div class="setting-value">
<select name="timezone">
<?php
foreach($timeZones as $timeZone) {
?>
<option value="<?=$timeZone->getName();?>"<?=($timeZone->getName() === $userInfo['user_time_zone'] ? 'selected' : '');?>>(UTC<?=($timeZone->offset < 0 ? '-' : '+');?><?=gmdate('H:i', abs($timeZone->offset));?>) <?=$timeZone->getName();?></option>
<?php
}
?>
</select>
</div>
</div>
<div class="setting">
<div class="setting-head"><h3>Password</h3></div>
<div class="setting-value">
<label>New Password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" name="newpwd"/></label><br/>
<label>Confirm Password:&nbsp;<input type="password" name="conpwd"/></label>
</div>
</div>
<div class="setting">
<div class="setting-head"><h3>E-mail</h3></div>
<div class="setting-value">
<span style="font-size: .9em; font-weight: 700;">You will be forced to reactivate your account after changing your e-mail address, make sure to get it right!</span><br/>
<label>New e-mail address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="email" name="newmail" value="<?=$userInfo['user_email'];?>"/></label><br/>
<label>Confirm e-mail address:&nbsp;<input type="email" name="conmail"/></label>
</div>
</div>
<div class="setting">
<div class="setting-head"><h3>Current Password</h3></div>
<div class="setting-value">
Only required for changing e-mail or password.<br/>
<input type="password" name="currpass"/>
</div>
</div>
<div class="settings-buttons">
<input type="submit" value="Save"/>
<input type="reset" value="Reset"/>
</div>
</form>
<?php
include FMF_LAYOUT . '/footer.php';