2022-09-13 13:14:49 +00:00
|
|
|
<?php
|
|
|
|
namespace Misuzu;
|
|
|
|
|
2023-07-22 15:02:41 +00:00
|
|
|
use RuntimeException;
|
2022-09-13 13:14:49 +00:00
|
|
|
use Misuzu\Users\User;
|
|
|
|
use chillerlan\QRCode\QRCode;
|
|
|
|
use chillerlan\QRCode\QROptions;
|
|
|
|
|
2023-09-06 20:06:07 +00:00
|
|
|
$authInfo = $msz->getAuthInfo();
|
|
|
|
if(!$authInfo->isLoggedIn())
|
2023-08-31 15:59:53 +00:00
|
|
|
Template::throwError(401);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
|
|
|
$errors = [];
|
2023-09-06 13:50:19 +00:00
|
|
|
$usersCtx = $msz->getUsersContext();
|
|
|
|
$users = $usersCtx->getUsers();
|
|
|
|
$roles = $usersCtx->getRoles();
|
2023-09-06 20:06:07 +00:00
|
|
|
$userInfo = $authInfo->getUserInfo();
|
|
|
|
$isRestricted = $usersCtx->hasActiveBan($userInfo);
|
2022-09-13 13:14:49 +00:00
|
|
|
$isVerifiedRequest = CSRF::validateRequest();
|
|
|
|
|
|
|
|
if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {
|
|
|
|
try {
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleInfo = $roles->getRole(($_POST['role']['id'] ?? 0));
|
2023-07-22 15:02:41 +00:00
|
|
|
} catch(RuntimeException $ex) {}
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
if(empty($roleInfo) || !$users->hasRole($userInfo, $roleInfo))
|
2022-09-13 13:14:49 +00:00
|
|
|
$errors[] = "You're trying to modify a role that hasn't been assigned to you.";
|
|
|
|
else {
|
|
|
|
switch($_POST['role']['mode'] ?? '') {
|
|
|
|
case 'display':
|
2023-07-27 23:26:05 +00:00
|
|
|
$users->updateUser(
|
2023-08-02 22:12:47 +00:00
|
|
|
$userInfo,
|
2023-07-27 23:26:05 +00:00
|
|
|
displayRoleInfo: $roleInfo
|
|
|
|
);
|
2022-09-13 13:14:49 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'leave':
|
2023-08-30 22:37:21 +00:00
|
|
|
if($roleInfo->isLeavable()) {
|
2023-08-02 22:12:47 +00:00
|
|
|
$users->removeRoles($userInfo, $roleInfo);
|
2023-09-08 13:22:46 +00:00
|
|
|
$msz->getPerms()->precalculatePermissions(
|
|
|
|
$msz->getForumContext()->getCategories(),
|
|
|
|
[$userInfo->getId()]
|
|
|
|
);
|
2023-08-30 22:37:21 +00:00
|
|
|
} else
|
2022-09-13 13:14:49 +00:00
|
|
|
$errors[] = "You're not allow to leave this role, an administrator has to remove it for you.";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-08-02 22:12:47 +00:00
|
|
|
if($isVerifiedRequest && isset($_POST['tfa']['enable']) && $userInfo->hasTOTPKey() !== (bool)$_POST['tfa']['enable']) {
|
|
|
|
$totpKey = '';
|
|
|
|
|
2022-09-13 13:14:49 +00:00
|
|
|
if((bool)$_POST['tfa']['enable']) {
|
2023-08-02 22:12:47 +00:00
|
|
|
$totpKey = TOTPGenerator::generateKey();
|
2023-09-08 20:40:48 +00:00
|
|
|
$totpIssuer = $msz->getSiteInfo()->getName();
|
2023-08-02 22:12:47 +00:00
|
|
|
$totpQrcode = (new QRCode(new QROptions([
|
2022-09-13 13:14:49 +00:00
|
|
|
'version' => 5,
|
|
|
|
'outputType' => QRCode::OUTPUT_IMAGE_JPG,
|
|
|
|
'eccLevel' => QRCode::ECC_L,
|
2023-08-02 22:12:47 +00:00
|
|
|
])))->render(sprintf('otpauth://totp/%s:%s?%s', $totpIssuer, $userInfo->getName(), http_build_query([
|
|
|
|
'secret' => $totpKey,
|
|
|
|
'issuer' => $totpIssuer,
|
2022-09-13 13:14:49 +00:00
|
|
|
])));
|
|
|
|
|
|
|
|
Template::set([
|
2023-08-02 22:12:47 +00:00
|
|
|
'settings_2fa_code' => $totpKey,
|
|
|
|
'settings_2fa_image' => $totpQrcode,
|
2022-09-13 13:14:49 +00:00
|
|
|
]);
|
|
|
|
}
|
2023-08-02 22:12:47 +00:00
|
|
|
|
|
|
|
$users->updateUser(userInfo: $userInfo, totpKey: $totpKey);
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if($isVerifiedRequest && !empty($_POST['current_password'])) {
|
2023-08-02 22:12:47 +00:00
|
|
|
if(!$userInfo->verifyPassword($_POST['current_password'] ?? '')) {
|
2022-09-13 13:14:49 +00:00
|
|
|
$errors[] = 'Your password was incorrect.';
|
|
|
|
} else {
|
|
|
|
// Changing e-mail
|
|
|
|
if(!empty($_POST['email']['new'])) {
|
|
|
|
if(empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
|
|
|
|
$errors[] = 'The addresses you entered did not match each other.';
|
2023-08-02 22:12:47 +00:00
|
|
|
} elseif($userInfo->getEMailAddress() === mb_strtolower($_POST['email']['confirm'])) {
|
2022-09-13 13:14:49 +00:00
|
|
|
$errors[] = 'This is already your e-mail address!';
|
|
|
|
} else {
|
2023-08-30 23:41:44 +00:00
|
|
|
$checkMail = $users->validateEMailAddress($_POST['email']['new']);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
|
|
|
if($checkMail !== '') {
|
2023-08-30 23:41:44 +00:00
|
|
|
$errors[] = $users->validateEMailAddressText($checkMail);
|
2022-09-13 13:14:49 +00:00
|
|
|
} else {
|
2023-08-02 22:12:47 +00:00
|
|
|
$users->updateUser(userInfo: $userInfo, emailAddr: $_POST['email']['new']);
|
|
|
|
$msz->createAuditLog('PERSONAL_EMAIL_CHANGE', [$_POST['email']['new']]);
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Changing password
|
|
|
|
if(!empty($_POST['password']['new'])) {
|
|
|
|
if(empty($_POST['password']['confirm']) || $_POST['password']['new'] !== $_POST['password']['confirm']) {
|
|
|
|
$errors[] = 'The new passwords you entered did not match each other.';
|
|
|
|
} else {
|
2023-08-30 23:41:44 +00:00
|
|
|
$checkPassword = $users->validatePassword($_POST['password']['new']);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
|
|
|
if($checkPassword !== '') {
|
2023-08-30 23:41:44 +00:00
|
|
|
$errors[] = $users->validatePasswordText($checkPassword);
|
2022-09-13 13:14:49 +00:00
|
|
|
} else {
|
2023-08-02 22:12:47 +00:00
|
|
|
$users->updateUser(userInfo: $userInfo, password: $_POST['password']['new']);
|
2023-07-17 17:43:17 +00:00
|
|
|
$msz->createAuditLog('PERSONAL_PASSWORD_CHANGE');
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-08-02 22:12:47 +00:00
|
|
|
// reload $userInfo object
|
|
|
|
if($_SERVER['REQUEST_METHOD'] === 'POST' && $isVerifiedRequest)
|
|
|
|
$userInfo = $users->getUser($userInfo->getId(), 'id');
|
2023-07-27 23:26:05 +00:00
|
|
|
|
2024-02-07 00:04:45 +00:00
|
|
|
$userRoles = iterator_to_array($roles->getRoles(userInfo: $userInfo));
|
2023-07-27 23:26:05 +00:00
|
|
|
|
2022-09-13 13:14:49 +00:00
|
|
|
Template::render('settings.account', [
|
|
|
|
'errors' => $errors,
|
2023-08-02 22:12:47 +00:00
|
|
|
'settings_user' => $userInfo,
|
2023-07-27 23:26:05 +00:00
|
|
|
'settings_roles' => $userRoles,
|
2022-09-13 13:14:49 +00:00
|
|
|
'is_restricted' => $isRestricted,
|
|
|
|
]);
|