2018-03-23 00:01:42 +00:00
|
|
|
<?php
|
2018-05-16 02:58:21 +00:00
|
|
|
use Misuzu\Database;
|
2018-03-23 00:01:42 +00:00
|
|
|
|
|
|
|
|
require_once __DIR__ . '/../misuzu.php';
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$queryOffset = (int)($_GET['o'] ?? 0);
|
|
|
|
|
$queryTake = 15;
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-07-07 23:24:34 +00:00
|
|
|
$userPerms = perms_get_user(MSZ_PERMS_USER, $app->getUserId());
|
2018-08-11 18:56:54 +00:00
|
|
|
$perms = [
|
2018-08-18 02:31:46 +00:00
|
|
|
'edit_profile' => perms_check($userPerms, MSZ_PERM_USER_EDIT_PROFILE),
|
|
|
|
|
'edit_avatar' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_AVATAR),
|
2018-09-16 01:37:32 +00:00
|
|
|
'edit_background' => perms_check($userPerms, MSZ_PERM_USER_CHANGE_BACKGROUND),
|
2018-09-20 16:50:11 +00:00
|
|
|
'edit_about' => perms_check($userPerms, MSZ_PERM_USER_EDIT_ABOUT),
|
2018-07-07 23:24:34 +00:00
|
|
|
];
|
|
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if (!$app->hasActiveSession()) {
|
2018-05-26 20:33:05 +00:00
|
|
|
echo render_error(403);
|
2018-03-23 00:01:42 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-23 19:12:40 +00:00
|
|
|
$settingsUserId = !empty($_REQUEST['user']) && perms_check($userPerms, MSZ_PERM_USER_MANAGE_USERS)
|
|
|
|
|
? (int)$_REQUEST['user']
|
|
|
|
|
: $app->getUserId();
|
|
|
|
|
|
|
|
|
|
if ($settingsUserId !== $app->getUserId() && !user_exists($settingsUserId)) {
|
|
|
|
|
echo render_error(400);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
$settingsModes = [
|
|
|
|
|
'account' => 'Account',
|
|
|
|
|
'sessions' => 'Sessions',
|
2018-08-12 13:31:38 +00:00
|
|
|
'logs' => 'Logs',
|
2018-08-11 18:56:54 +00:00
|
|
|
];
|
|
|
|
|
$settingsMode = $_GET['m'] ?? key($settingsModes);
|
2018-07-07 23:24:34 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$csrfErrorString = "Couldn't verify you, please refresh the page and retry.";
|
2018-03-23 22:28:53 +00:00
|
|
|
|
2018-05-27 01:59:57 +00:00
|
|
|
$avatarErrorStrings = [
|
|
|
|
|
'upload' => [
|
|
|
|
|
'default' => 'Something happened? (UP:%1$d)',
|
|
|
|
|
UPLOAD_ERR_OK => '',
|
|
|
|
|
UPLOAD_ERR_NO_FILE => 'Select a file before hitting upload!',
|
|
|
|
|
UPLOAD_ERR_PARTIAL => 'The upload was interrupted, please try again!',
|
|
|
|
|
UPLOAD_ERR_INI_SIZE => 'Your avatar is not allowed to be larger in file size than %2$s!',
|
|
|
|
|
UPLOAD_ERR_FORM_SIZE => 'Your avatar is not allowed to be larger in file size than %2$s!',
|
|
|
|
|
UPLOAD_ERR_NO_TMP_DIR => 'Unable to save your avatar, contact an administator!',
|
|
|
|
|
UPLOAD_ERR_CANT_WRITE => 'Unable to save your avatar, contact an administator!',
|
|
|
|
|
],
|
|
|
|
|
'set' => [
|
|
|
|
|
'default' => 'Something happened? (SET:%1$d)',
|
|
|
|
|
MSZ_USER_AVATAR_NO_ERRORS => '',
|
|
|
|
|
MSZ_USER_AVATAR_ERROR_INVALID_IMAGE => 'The file you uploaded was not an image!',
|
|
|
|
|
MSZ_USER_AVATAR_ERROR_PROHIBITED_TYPE => 'This type of image is not supported, keep to PNG, JPG or GIF!',
|
|
|
|
|
MSZ_USER_AVATAR_ERROR_DIMENSIONS_TOO_LARGE => 'Your avatar can\'t be larger than %3$dx%4$d!',
|
|
|
|
|
MSZ_USER_AVATAR_ERROR_DATA_TOO_LARGE => 'Your avatar is not allowed to be larger in file size than %2$s!',
|
|
|
|
|
MSZ_USER_AVATAR_ERROR_TMP_FAILED => 'Unable to save your avatar, contact an administator!',
|
|
|
|
|
MSZ_USER_AVATAR_ERROR_STORE_FAILED => 'Unable to save your avatar, contact an administator!',
|
|
|
|
|
MSZ_USER_AVATAR_ERROR_FILE_NOT_FOUND => 'Unable to save your avatar, contact an administator!',
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
|
2018-08-15 01:12:58 +00:00
|
|
|
tpl_vars([
|
2018-09-23 19:12:40 +00:00
|
|
|
'settings_user_id' => $settingsUserId,
|
2018-08-11 18:56:54 +00:00
|
|
|
'settings_perms' => $perms,
|
2018-05-27 00:20:35 +00:00
|
|
|
'settings_mode' => $settingsMode,
|
|
|
|
|
'settings_modes' => $settingsModes,
|
|
|
|
|
]);
|
2018-03-23 00:01:42 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if (!array_key_exists($settingsMode, $settingsModes)) {
|
2018-03-25 22:00:42 +00:00
|
|
|
http_response_code(404);
|
2018-08-15 01:12:58 +00:00
|
|
|
tpl_var('settings_title', 'Not Found');
|
|
|
|
|
echo tpl_render('settings.notfound');
|
2018-03-23 00:01:42 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$settingsErrors = [];
|
2018-03-23 00:01:42 +00:00
|
|
|
|
2018-09-16 19:45:40 +00:00
|
|
|
$disableAccountOptions = !MSZ_DEBUG && $app->disableRegistration();
|
2018-09-23 19:12:40 +00:00
|
|
|
$avatarFileName = "{$settingsUserId}.msz";
|
2018-09-15 23:27:12 +00:00
|
|
|
$avatarProps = $app->getAvatarProps();
|
2018-09-16 18:45:49 +00:00
|
|
|
$backgroundProps = $app->getBackgroundProps();
|
2018-03-24 04:31:42 +00:00
|
|
|
|
2018-03-23 00:01:42 +00:00
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
2018-08-11 18:56:54 +00:00
|
|
|
if (!tmp_csrf_verify($_POST['csrf'] ?? '')) {
|
|
|
|
|
$settingsErrors[] = $csrfErrorString;
|
|
|
|
|
} else {
|
|
|
|
|
if (!empty($_POST['profile']) && is_array($_POST['profile'])) {
|
2018-09-17 08:13:57 +00:00
|
|
|
if (!$perms['edit_profile']) {
|
|
|
|
|
$settingsErrors[] = "You're not allowed to edit your profile.";
|
|
|
|
|
} else {
|
2018-09-23 19:12:40 +00:00
|
|
|
$setUserFieldErrors = user_profile_fields_set($settingsUserId, $_POST['profile']);
|
2018-09-17 08:13:57 +00:00
|
|
|
|
|
|
|
|
if (count($setUserFieldErrors) > 0) {
|
|
|
|
|
foreach ($setUserFieldErrors as $name => $error) {
|
|
|
|
|
switch ($error) {
|
|
|
|
|
case MSZ_USER_PROFILE_INVALID_FIELD:
|
|
|
|
|
$settingsErrors[] = sprintf("Field '%s' does not exist!", $name);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case MSZ_USER_PROFILE_FILTER_FAILED:
|
|
|
|
|
$settingsErrors[] = sprintf(
|
|
|
|
|
'%s field was invalid!',
|
|
|
|
|
user_profile_field_get_display_name($name)
|
|
|
|
|
);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case MSZ_USER_PROFILE_UPDATE_FAILED:
|
|
|
|
|
$settingsErrors[] = 'Failed to update values, contact an administator.';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
$settingsErrors[] = 'An unexpected error occurred, contact an administator.';
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-05-27 00:20:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-03-23 00:01:42 +00:00
|
|
|
}
|
2018-08-11 18:56:54 +00:00
|
|
|
}
|
2018-03-24 04:31:42 +00:00
|
|
|
|
2018-09-20 16:50:11 +00:00
|
|
|
if (!empty($_POST['about']) && is_array($_POST['about'])) {
|
|
|
|
|
if (!$perms['edit_about']) {
|
|
|
|
|
$settingsErrors[] = "You're not allowed to edit your about page.";
|
|
|
|
|
} else {
|
2018-09-21 08:56:52 +00:00
|
|
|
$aboutParser = (int)($_POST['about']['parser'] ?? MSZ_PARSER_PLAIN);
|
2018-09-20 16:50:11 +00:00
|
|
|
$aboutText = $_POST['about']['text'] ?? '';
|
|
|
|
|
|
|
|
|
|
// TODO: this is disgusting (move this into a user_set_about function or some shit)
|
|
|
|
|
while (true) {
|
|
|
|
|
// TODO: take parser shit out of forum_post
|
2018-09-21 08:56:52 +00:00
|
|
|
if (!parser_is_valid($aboutParser)) {
|
2018-09-20 16:50:11 +00:00
|
|
|
$settingsErrors[] = 'Invalid parser specified.';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strlen($aboutText) > 0xFFFF) {
|
|
|
|
|
$settingsErrors[] = 'Please keep the length of your about page to at most ' . 0xFFFF . '.';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$setAbout = Database::prepare('
|
|
|
|
|
UPDATE `msz_users`
|
|
|
|
|
SET `user_about_content` = :content,
|
|
|
|
|
`user_about_parser` = :parser
|
|
|
|
|
WHERE `user_id` = :user
|
|
|
|
|
');
|
2018-09-23 19:12:40 +00:00
|
|
|
$setAbout->bindValue('user', $settingsUserId);
|
2018-09-20 16:50:11 +00:00
|
|
|
$setAbout->bindValue('content', strlen($aboutText) < 1 ? null : $aboutText);
|
|
|
|
|
$setAbout->bindValue('parser', $aboutParser);
|
|
|
|
|
$setAbout->execute();
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-26 09:23:36 +00:00
|
|
|
if (!empty($_FILES['avatar'])) {
|
|
|
|
|
if (empty($_POST['avatar']['mode'])) {
|
|
|
|
|
// cool monkey patch
|
|
|
|
|
$_POST['avatar']['mode'] = empty($_POST['avatar']['delete']) ? 'upload' : 'delete';
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
switch ($_POST['avatar']['mode'] ?? '') {
|
|
|
|
|
case 'delete':
|
2018-09-23 19:12:40 +00:00
|
|
|
user_avatar_delete($settingsUserId);
|
2018-08-11 18:56:54 +00:00
|
|
|
break;
|
2018-03-24 04:31:42 +00:00
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
case 'upload':
|
2018-09-17 08:10:32 +00:00
|
|
|
if (!$perms['edit_avatar']) {
|
|
|
|
|
$settingsErrors[] = "You aren't allow to change your avatar.";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if (empty($_FILES['avatar'])
|
2018-09-16 18:45:49 +00:00
|
|
|
|| !is_array($_FILES['avatar'])
|
|
|
|
|
|| empty($_FILES['avatar']['name']['file'])) {
|
2018-07-09 23:50:12 +00:00
|
|
|
break;
|
2018-08-11 18:56:54 +00:00
|
|
|
}
|
2018-03-24 04:31:42 +00:00
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if ($_FILES['avatar']['error']['file'] !== UPLOAD_ERR_OK) {
|
|
|
|
|
$settingsErrors[] = sprintf(
|
|
|
|
|
$avatarErrorStrings['upload'][$_FILES['avatar']['error']['file']]
|
|
|
|
|
?? $avatarErrorStrings['upload']['default'],
|
|
|
|
|
$_FILES['avatar']['error']['file'],
|
2018-09-17 08:10:32 +00:00
|
|
|
byte_symbol($avatarProps['max_size'], true),
|
2018-09-15 23:27:12 +00:00
|
|
|
$avatarProps['max_width'],
|
|
|
|
|
$avatarProps['max_height']
|
2018-07-09 23:50:12 +00:00
|
|
|
);
|
|
|
|
|
break;
|
2018-08-11 18:56:54 +00:00
|
|
|
}
|
2018-03-26 02:08:35 +00:00
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
$setAvatar = user_avatar_set_from_path(
|
2018-09-23 19:12:40 +00:00
|
|
|
$settingsUserId,
|
2018-09-16 18:45:49 +00:00
|
|
|
$_FILES['avatar']['tmp_name']['file'],
|
|
|
|
|
$avatarProps
|
2018-08-11 18:56:54 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($setAvatar !== MSZ_USER_AVATAR_NO_ERRORS) {
|
|
|
|
|
$settingsErrors[] = sprintf(
|
|
|
|
|
$avatarErrorStrings['set'][$setAvatar]
|
|
|
|
|
?? $avatarErrorStrings['set']['default'],
|
|
|
|
|
$setAvatar,
|
2018-09-17 08:10:32 +00:00
|
|
|
byte_symbol($avatarProps['max_size'], true),
|
2018-09-15 23:27:12 +00:00
|
|
|
$avatarProps['max_width'],
|
|
|
|
|
$avatarProps['max_height']
|
2018-08-11 18:56:54 +00:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
break;
|
2018-03-26 02:08:35 +00:00
|
|
|
}
|
2018-08-11 18:56:54 +00:00
|
|
|
}
|
2018-03-26 02:08:35 +00:00
|
|
|
|
2018-09-26 09:23:36 +00:00
|
|
|
if (!empty($_FILES['background'])) {
|
2018-09-16 18:45:49 +00:00
|
|
|
switch ($_POST['background']['mode'] ?? '') {
|
|
|
|
|
case 'delete':
|
2018-09-23 19:12:40 +00:00
|
|
|
user_background_delete($settingsUserId);
|
2018-09-16 18:45:49 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'upload':
|
2018-09-17 08:10:32 +00:00
|
|
|
if (!$perms['edit_background']) {
|
|
|
|
|
$settingsErrors[] = "You aren't allow to change your background.";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-16 18:45:49 +00:00
|
|
|
if (empty($_FILES['background'])
|
|
|
|
|
|| !is_array($_FILES['background'])
|
|
|
|
|
|| empty($_FILES['background']['name']['file'])) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($_FILES['background']['error']['file'] !== UPLOAD_ERR_OK) {
|
|
|
|
|
$settingsErrors[] = sprintf(
|
|
|
|
|
$avatarErrorStrings['upload'][$_FILES['background']['error']['file']]
|
|
|
|
|
?? $avatarErrorStrings['upload']['default'],
|
|
|
|
|
$_FILES['background']['error']['file'],
|
2018-09-17 08:10:32 +00:00
|
|
|
byte_symbol($backgroundProps['max_size'], true),
|
2018-09-16 18:45:49 +00:00
|
|
|
$backgroundProps['max_width'],
|
|
|
|
|
$backgroundProps['max_height']
|
|
|
|
|
);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$setBackground = user_background_set_from_path(
|
2018-09-23 19:12:40 +00:00
|
|
|
$settingsUserId,
|
2018-09-16 18:45:49 +00:00
|
|
|
$_FILES['background']['tmp_name']['file'],
|
|
|
|
|
$backgroundProps
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($setBackground !== MSZ_USER_BACKGROUND_NO_ERRORS) {
|
|
|
|
|
$settingsErrors[] = sprintf(
|
|
|
|
|
$avatarErrorStrings['set'][$setBackground]
|
|
|
|
|
?? $avatarErrorStrings['set']['default'],
|
|
|
|
|
$setBackground,
|
2018-09-17 08:10:32 +00:00
|
|
|
byte_symbol($backgroundProps['max_size'], true),
|
2018-09-16 18:45:49 +00:00
|
|
|
$backgroundProps['max_width'],
|
|
|
|
|
$backgroundProps['max_height']
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-15 13:36:40 +00:00
|
|
|
if (!empty($_POST['session_action'])) {
|
|
|
|
|
switch ($_POST['session_action']) {
|
|
|
|
|
case 'kill-all':
|
|
|
|
|
Database::prepare('
|
|
|
|
|
DELETE FROM `msz_sessions`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
')->execute([
|
2018-09-23 19:12:40 +00:00
|
|
|
'user_id' => $settingsUserId,
|
2018-08-15 13:36:40 +00:00
|
|
|
]);
|
2018-09-23 19:12:40 +00:00
|
|
|
audit_log('PERSONAL_SESSION_DESTROY_ALL', $settingsUserId);
|
2018-08-15 13:36:40 +00:00
|
|
|
header('Location: /');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if (!empty($_POST['session']) && is_numeric($_POST['session'])) {
|
2018-03-26 02:08:35 +00:00
|
|
|
$session_id = (int)($_POST['session'] ?? 0);
|
|
|
|
|
|
|
|
|
|
if ($session_id < 1) {
|
2018-05-27 00:20:35 +00:00
|
|
|
$settingsErrors[] = 'Invalid session.';
|
2018-08-11 18:56:54 +00:00
|
|
|
} else {
|
|
|
|
|
$findSession = Database::prepare('
|
|
|
|
|
SELECT `session_id`, `user_id`
|
|
|
|
|
FROM `msz_sessions`
|
|
|
|
|
WHERE `session_id` = :session_id
|
|
|
|
|
');
|
|
|
|
|
$findSession->bindValue('session_id', $session_id);
|
|
|
|
|
$session = $findSession->execute() ? $findSession->fetch() : null;
|
|
|
|
|
|
2018-09-23 19:12:40 +00:00
|
|
|
if (!$session || (int)$session['user_id'] !== $settingsUserId) {
|
2018-08-11 18:56:54 +00:00
|
|
|
$settingsErrors[] = 'You may only end your own sessions.';
|
|
|
|
|
} else {
|
|
|
|
|
if ((int)$session['session_id'] === $app->getSessionId()) {
|
|
|
|
|
header('Location: /auth.php?m=logout&s=' . tmp_csrf_token());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user_session_delete($session['session_id']);
|
2018-09-23 19:12:40 +00:00
|
|
|
audit_log('PERSONAL_SESSION_DESTROY', $settingsUserId, [
|
2018-08-11 18:56:54 +00:00
|
|
|
$session['session_id'],
|
|
|
|
|
]);
|
|
|
|
|
}
|
2018-03-26 02:08:35 +00:00
|
|
|
}
|
2018-08-11 18:56:54 +00:00
|
|
|
}
|
2018-03-26 02:08:35 +00:00
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if (!$disableAccountOptions) {
|
|
|
|
|
if (!empty($_POST['current_password'])
|
|
|
|
|
|| (
|
|
|
|
|
(isset($_POST['password']) || isset($_POST['email']))
|
|
|
|
|
&& (!empty($_POST['password']['new']) || !empty($_POST['email']['new']))
|
|
|
|
|
)
|
|
|
|
|
) {
|
|
|
|
|
$updateAccountFields = [];
|
|
|
|
|
|
|
|
|
|
$fetchPassword = Database::prepare('
|
|
|
|
|
SELECT `password`
|
|
|
|
|
FROM `msz_users`
|
|
|
|
|
WHERE `user_id` = :user_id
|
2018-05-16 02:58:21 +00:00
|
|
|
');
|
2018-09-23 19:12:40 +00:00
|
|
|
$fetchPassword->bindValue('user_id', $settingsUserId);
|
2018-08-11 18:56:54 +00:00
|
|
|
$currentPassword = $fetchPassword->execute() ? $fetchPassword->fetchColumn() : null;
|
2018-03-26 02:08:35 +00:00
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if (empty($currentPassword)) {
|
|
|
|
|
$settingsErrors[] = 'Something went horribly wrong.';
|
|
|
|
|
} else {
|
|
|
|
|
if (!password_verify($_POST['current_password'], $currentPassword)) {
|
|
|
|
|
$settingsErrors[] = 'Your current password was incorrect.';
|
|
|
|
|
} else {
|
|
|
|
|
if (!empty($_POST['email']['new'])) {
|
|
|
|
|
if (empty($_POST['email']['confirm'])
|
|
|
|
|
|| $_POST['email']['new'] !== $_POST['email']['confirm']) {
|
|
|
|
|
$settingsErrors[] = 'The given e-mail addresses did not match.';
|
|
|
|
|
} else {
|
|
|
|
|
$email_validate = user_validate_email($_POST['email']['new'], true);
|
|
|
|
|
|
|
|
|
|
if ($email_validate !== '') {
|
|
|
|
|
switch ($email_validate) {
|
|
|
|
|
case 'dns':
|
|
|
|
|
$settingsErrors[] = 'No valid MX record exists for this domain.';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'format':
|
|
|
|
|
$settingsErrors[] = 'The given e-mail address was incorrectly formatted.';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'in-use':
|
|
|
|
|
$settingsErrors[] = 'This e-mail address is already in use.';
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
$settingsErrors[] = 'Unknown e-mail validation error.';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2018-09-15 21:55:26 +00:00
|
|
|
$updateAccountFields['email'] = mb_strtolower($_POST['email']['new']);
|
2018-09-23 19:12:40 +00:00
|
|
|
audit_log('PERSONAL_EMAIL_CHANGE', $settingsUserId, [
|
2018-08-11 18:56:54 +00:00
|
|
|
$updateAccountFields['email'],
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-26 02:08:35 +00:00
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if (!empty($_POST['password']['new'])) {
|
|
|
|
|
if (empty($_POST['password']['confirm'])
|
|
|
|
|
|| $_POST['password']['new'] !== $_POST['password']['confirm']) {
|
|
|
|
|
$settingsErrors[] = "The given passwords did not match.";
|
|
|
|
|
} else {
|
|
|
|
|
$password_validate = user_validate_password($_POST['password']['new']);
|
|
|
|
|
|
|
|
|
|
if ($password_validate !== '') {
|
|
|
|
|
$settingsErrors[] = "The given passwords was too weak.";
|
|
|
|
|
} else {
|
|
|
|
|
$updateAccountFields['password'] = user_password_hash($_POST['password']['new']);
|
2018-09-23 19:12:40 +00:00
|
|
|
audit_log('PERSONAL_PASSWORD_CHANGE', $settingsUserId);
|
2018-08-11 18:56:54 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-26 02:08:35 +00:00
|
|
|
|
2018-08-11 18:56:54 +00:00
|
|
|
if (count($updateAccountFields) > 0) {
|
|
|
|
|
$updateUser = Database::prepare('
|
|
|
|
|
UPDATE `msz_users`
|
|
|
|
|
SET ' . pdo_prepare_array_update($updateAccountFields, true) . '
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
');
|
2018-09-23 19:12:40 +00:00
|
|
|
$updateAccountFields['user_id'] = $settingsUserId;
|
2018-08-11 18:56:54 +00:00
|
|
|
$updateUser->execute($updateAccountFields);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-23 00:01:42 +00:00
|
|
|
}
|
2018-09-23 19:12:40 +00:00
|
|
|
|
2018-09-27 06:42:43 +00:00
|
|
|
if (empty($settingsErrors) && !empty($_POST['user']) && !empty($_SERVER['HTTP_REFERER'])) {
|
2018-09-23 19:12:40 +00:00
|
|
|
header('Location: /profile.php?u=' . ((int)($_POST['user'] ?? 0)));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2018-03-23 00:01:42 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-15 01:12:58 +00:00
|
|
|
tpl_vars([
|
|
|
|
|
'settings_title' => $settingsModes[$settingsMode],
|
|
|
|
|
'settings_errors' => $settingsErrors,
|
|
|
|
|
]);
|
2018-03-23 00:01:42 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
switch ($settingsMode) {
|
2018-09-23 19:12:40 +00:00
|
|
|
case 'account':
|
2018-05-27 00:20:35 +00:00
|
|
|
$profileFields = user_profile_fields_get();
|
2018-09-21 09:28:22 +00:00
|
|
|
|
|
|
|
|
$getAccountInfo = Database::prepare(sprintf(
|
|
|
|
|
'
|
|
|
|
|
SELECT %s, `email`, `user_about_content`, `user_about_parser`
|
|
|
|
|
FROM `msz_users`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
',
|
|
|
|
|
pdo_prepare_array($profileFields, true, '`user_%s`')
|
|
|
|
|
));
|
2018-09-23 19:12:40 +00:00
|
|
|
$getAccountInfo->bindValue('user_id', $settingsUserId);
|
2018-09-21 09:28:22 +00:00
|
|
|
$accountInfo = $getAccountInfo->execute() ? $getAccountInfo->fetch(PDO::FETCH_ASSOC) : [];
|
|
|
|
|
|
2018-09-16 00:21:13 +00:00
|
|
|
$userHasAvatar = is_file(build_path($app->getStoragePath(), 'avatars/original', $avatarFileName));
|
2018-09-16 18:45:49 +00:00
|
|
|
$userHasBackground = is_file(build_path($app->getStoragePath(), 'backgrounds/original', $avatarFileName));
|
2018-08-11 18:56:54 +00:00
|
|
|
|
2018-08-15 01:12:58 +00:00
|
|
|
tpl_vars([
|
2018-09-16 18:45:49 +00:00
|
|
|
'avatar' => $avatarProps,
|
|
|
|
|
'background' => $backgroundProps,
|
2018-05-27 00:20:35 +00:00
|
|
|
'user_has_avatar' => $userHasAvatar,
|
2018-09-16 18:45:49 +00:00
|
|
|
'user_has_background' => $userHasBackground,
|
2018-08-11 18:56:54 +00:00
|
|
|
'settings_profile_fields' => $profileFields,
|
|
|
|
|
'settings_disable_account_options' => $disableAccountOptions,
|
2018-09-21 09:28:22 +00:00
|
|
|
'account_info' => $accountInfo,
|
2018-05-27 00:20:35 +00:00
|
|
|
]);
|
2018-03-24 04:31:42 +00:00
|
|
|
break;
|
|
|
|
|
|
2018-03-23 00:01:42 +00:00
|
|
|
case 'sessions':
|
2018-07-18 01:55:44 +00:00
|
|
|
$getSessionCount = Database::prepare('
|
2018-05-16 20:48:33 +00:00
|
|
|
SELECT COUNT(`session_id`)
|
|
|
|
|
FROM `msz_sessions`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
');
|
2018-09-23 19:12:40 +00:00
|
|
|
$getSessionCount->bindValue('user_id', $settingsUserId);
|
2018-05-16 20:48:33 +00:00
|
|
|
$sessionCount = $getSessionCount->execute() ? $getSessionCount->fetchColumn() : 0;
|
2018-05-16 02:58:21 +00:00
|
|
|
|
2018-07-18 01:55:44 +00:00
|
|
|
$getSessions = Database::prepare('
|
2018-05-16 02:58:21 +00:00
|
|
|
SELECT
|
|
|
|
|
`session_id`, `session_country`, `user_agent`, `created_at`, `expires_on`,
|
|
|
|
|
INET6_NTOA(`session_ip`) as `session_ip_decoded`
|
|
|
|
|
FROM `msz_sessions`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
ORDER BY `session_id` DESC
|
2018-05-16 20:48:33 +00:00
|
|
|
LIMIT :offset, :take
|
2018-05-16 02:58:21 +00:00
|
|
|
');
|
2018-05-27 00:20:35 +00:00
|
|
|
$getSessions->bindValue('offset', $queryOffset);
|
|
|
|
|
$getSessions->bindValue('take', $queryTake);
|
2018-09-23 19:12:40 +00:00
|
|
|
$getSessions->bindValue('user_id', $settingsUserId);
|
2018-05-16 02:58:21 +00:00
|
|
|
$sessions = $getSessions->execute() ? $getSessions->fetchAll() : [];
|
|
|
|
|
|
2018-08-15 01:12:58 +00:00
|
|
|
tpl_vars([
|
2018-05-16 20:48:33 +00:00
|
|
|
'active_session_id' => $app->getSessionId(),
|
|
|
|
|
'user_sessions' => $sessions,
|
2018-05-27 00:20:35 +00:00
|
|
|
'sessions_offset' => $queryOffset,
|
|
|
|
|
'sessions_take' => $queryTake,
|
2018-05-16 20:48:33 +00:00
|
|
|
'sessions_count' => $sessionCount,
|
|
|
|
|
]);
|
2018-03-23 00:01:42 +00:00
|
|
|
break;
|
|
|
|
|
|
2018-08-12 13:31:38 +00:00
|
|
|
case 'logs':
|
|
|
|
|
$loginAttemptsOffset = max(0, $_GET['lo'] ?? 0);
|
|
|
|
|
$auditLogOffset = max(0, $_GET['ao'] ?? 0);
|
|
|
|
|
|
2018-07-18 01:55:44 +00:00
|
|
|
$getLoginAttemptsCount = Database::prepare('
|
2018-05-16 20:48:33 +00:00
|
|
|
SELECT COUNT(`attempt_id`)
|
|
|
|
|
FROM `msz_login_attempts`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
');
|
2018-09-23 19:12:40 +00:00
|
|
|
$getLoginAttemptsCount->bindValue('user_id', $settingsUserId);
|
2018-05-16 20:48:33 +00:00
|
|
|
$loginAttemptsCount = $getLoginAttemptsCount->execute() ? $getLoginAttemptsCount->fetchColumn() : 0;
|
2018-05-16 02:58:21 +00:00
|
|
|
|
2018-07-18 01:55:44 +00:00
|
|
|
$getLoginAttempts = Database::prepare('
|
2018-05-16 02:58:21 +00:00
|
|
|
SELECT
|
|
|
|
|
`attempt_id`, `attempt_country`, `was_successful`, `user_agent`, `created_at`,
|
|
|
|
|
INET6_NTOA(`attempt_ip`) as `attempt_ip_decoded`
|
|
|
|
|
FROM `msz_login_attempts`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
ORDER BY `attempt_id` DESC
|
2018-05-16 20:48:33 +00:00
|
|
|
LIMIT :offset, :take
|
2018-05-16 02:58:21 +00:00
|
|
|
');
|
2018-08-12 13:31:38 +00:00
|
|
|
$getLoginAttempts->bindValue('offset', $loginAttemptsOffset);
|
|
|
|
|
$getLoginAttempts->bindValue('take', min(20, max(5, $queryTake)));
|
2018-09-23 19:12:40 +00:00
|
|
|
$getLoginAttempts->bindValue('user_id', $settingsUserId);
|
2018-05-16 02:58:21 +00:00
|
|
|
$loginAttempts = $getLoginAttempts->execute() ? $getLoginAttempts->fetchAll() : [];
|
|
|
|
|
|
2018-09-23 19:12:40 +00:00
|
|
|
$auditLogCount = audit_log_count($settingsUserId);
|
2018-07-23 13:29:57 +00:00
|
|
|
$auditLog = audit_log_list(
|
2018-08-12 13:31:38 +00:00
|
|
|
$auditLogOffset,
|
|
|
|
|
min(20, max(5, $queryTake)),
|
2018-09-23 19:12:40 +00:00
|
|
|
$settingsUserId
|
2018-07-23 13:29:57 +00:00
|
|
|
);
|
|
|
|
|
|
2018-08-15 01:12:58 +00:00
|
|
|
tpl_vars([
|
2018-07-23 13:29:57 +00:00
|
|
|
'audit_logs' => $auditLog,
|
|
|
|
|
'audit_log_count' => $auditLogCount,
|
|
|
|
|
'audit_log_take' => $queryTake,
|
2018-08-12 13:31:38 +00:00
|
|
|
'audit_log_offset' => $auditLogOffset,
|
2018-07-23 13:29:57 +00:00
|
|
|
'log_strings' => [
|
|
|
|
|
'PERSONAL_EMAIL_CHANGE' => 'Changed e-mail address to %s.',
|
|
|
|
|
'PERSONAL_PASSWORD_CHANGE' => 'Changed account password.',
|
|
|
|
|
'PERSONAL_SESSION_DESTROY' => 'Ended session #%d.',
|
2018-08-15 13:36:40 +00:00
|
|
|
'PERSONAL_SESSION_DESTROY_ALL' => 'Ended all personal sessions.',
|
2018-07-23 13:29:57 +00:00
|
|
|
'PASSWORD_RESET' => 'Successfully used the password reset form to change password.',
|
|
|
|
|
'CHANGELOG_ENTRY_CREATE' => 'Created a new changelog entry #%d.',
|
|
|
|
|
'CHANGELOG_ENTRY_EDIT' => 'Edited changelog entry #%d.',
|
|
|
|
|
'CHANGELOG_TAG_ADD' => 'Added tag #%2$d to changelog entry #%1$d.',
|
|
|
|
|
'CHANGELOG_TAG_REMOVE' => 'Removed tag #%2$d from changelog entry #%1$d.',
|
|
|
|
|
'CHANGELOG_TAG_CREATE' => 'Created new changelog tag #%d.',
|
|
|
|
|
'CHANGELOG_TAG_EDIT' => 'Edited changelog tag #%d.',
|
|
|
|
|
'CHANGELOG_ACTION_CREATE' => 'Created new changelog action #%d.',
|
2018-08-15 13:36:40 +00:00
|
|
|
'CHANGELOG_ACTION_EDIT' => 'Edited changelog action #%d.',
|
2018-07-23 13:29:57 +00:00
|
|
|
],
|
2018-08-12 13:31:38 +00:00
|
|
|
'user_login_attempts' => $loginAttempts,
|
|
|
|
|
'login_attempts_offset' => $loginAttemptsOffset,
|
|
|
|
|
'login_attempts_take' => $queryTake,
|
|
|
|
|
'login_attempts_count' => $loginAttemptsCount,
|
2018-07-23 13:29:57 +00:00
|
|
|
]);
|
|
|
|
|
break;
|
2018-03-23 00:01:42 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-15 01:12:58 +00:00
|
|
|
echo tpl_render("settings.{$settingsMode}");
|
