misuzu/public/settings/account.php

<?php
namespace Misuzu;

use Misuzu\AuditLog;
use Misuzu\Config;
use Misuzu\Users\User;
use Misuzu\Users\UserRole;
use Misuzu\Users\UserRoleNotFoundException;
use Misuzu\Users\UserSession;
use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions;

require_once '../../misuzu.php';

if(!UserSession::hasCurrent()) {
    echo render_error(401);
    return;
}

$errors = [];
$currentUser = User::getCurrent();
$currentUserId = $currentUser->getId();
$isRestricted = $currentUser->hasActiveWarning();
$twoFactorInfo = user_totp_info($currentUserId);
$isVerifiedRequest = CSRF::validateRequest();

if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {
    try {
        $roleInfo = UserRole::byId((int)($_POST['role']['id'] ?? 0));
    } catch(UserRoleNotFoundException $ex) {}

    if(empty($roleInfo) || !$currentUser->hasRole($roleInfo))
        $errors[] = "You're trying to modify a role that hasn't been assigned to you.";
    else {
        switch($_POST['role']['mode'] ?? '') {
            case 'display':
                $currentUser->setDisplayRole($roleInfo);
                break;

            case 'leave':
                if($roleInfo->getCanLeave())
                    $currentUser->removeRole($roleInfo);
                else
                    $errors[] = "You're not allow to leave this role, an administrator has to remove it for you.";
                break;
        }
    }
}

if($isVerifiedRequest && isset($_POST['tfa']['enable']) && (bool)$twoFactorInfo['totp_enabled'] !== (bool)$_POST['tfa']['enable']) {
    if((bool)$_POST['tfa']['enable']) {
        $tfaKey = TOTP::generateKey();
        $tfaIssuer = Config::get('site.name', Config::TYPE_STR, 'Misuzu');
        $tfaQrcode = (new QRCode(new QROptions([
            'version'    => 5,
            'outputType' => QRCode::OUTPUT_IMAGE_JPG,
            'eccLevel'   => QRCode::ECC_L,
        ])))->render(sprintf('otpauth://totp/%s:%s?%s', $tfaIssuer, $twoFactorInfo['username'], http_build_query([
            'secret' => $tfaKey,
            'issuer' => $tfaIssuer,
        ])));

        Template::set([
            'settings_2fa_code' => $tfaKey,
            'settings_2fa_image' => $tfaQrcode,
        ]);

        user_totp_update($currentUserId, $tfaKey);
    } else {
        user_totp_update($currentUserId, null);
    }

    $twoFactorInfo['totp_enabled'] = !$twoFactorInfo['totp_enabled'];
}

if($isVerifiedRequest && !empty($_POST['current_password'])) {
    if(!$currentUser->checkPassword($_POST['current_password'] ?? '')) {
        $errors[] = 'Your password was incorrect.';
    } else {
        // Changing e-mail
        if(!empty($_POST['email']['new'])) {
            if(empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
                $errors[] = 'The addresses you entered did not match each other.';
            } elseif($currentUser->getEMailAddress() === mb_strtolower($_POST['email']['confirm'])) {
                $errors[] = 'This is already your e-mail address!';
            } else {
                $checkMail = User::validateEMailAddress($_POST['email']['new'], true);

                if($checkMail !== '') {
                    switch($checkMail) {
                        case 'dns':
                            $errors[] = 'No valid MX record exists for this domain.';
                            break;

                        case 'format':
                            $errors[] = 'The given e-mail address was incorrectly formatted.';
                            break;

                        case 'in-use':
                            $errors[] = 'This e-mail address is already in use.';
                            break;

                        default:
                            $errors[] = 'Unknown e-mail validation error.';
                    }
                } else {
                    user_email_set($currentUserId, $_POST['email']['new']);
                    AuditLog::create(AuditLog::PERSONAL_EMAIL_CHANGE, [
                        $_POST['email']['new'],
                    ]);
                }
            }
        }

        // Changing password
        if(!empty($_POST['password']['new'])) {
            if(empty($_POST['password']['confirm']) || $_POST['password']['new'] !== $_POST['password']['confirm']) {
                $errors[] = 'The new passwords you entered did not match each other.';
            } else {
                $checkPassword = User::validatePassword($_POST['password']['new']);

                if($checkPassword !== '') {
                    $errors[] = 'The given passwords was too weak.';
                } else {
                    $currentUser->setPassword($_POST['password']['new']);
                    AuditLog::create(AuditLog::PERSONAL_PASSWORD_CHANGE);
                }
            }
        }
    }
}

Template::render('settings.account', [
    'errors' => $errors,
    'settings_user' => $currentUser,
    'is_restricted' => $isRestricted,
    'settings_2fa_enabled' => $twoFactorInfo['totp_enabled'],
]);
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`<?php`
Added namespaces to all files in public. 2019-09-28 22:43:51 +00:00			`namespace Misuzu;`

Rewrote audit log to be OOP. 2020-05-21 15:05:30 +00:00			`use Misuzu\AuditLog;`
Made two factor auth session code OOP. 2020-05-28 17:52:31 +00:00			`use Misuzu\Config;`
Removed user_password_verify_db() and user_exists(). 2020-05-14 22:18:39 +00:00			`use Misuzu\Users\User;`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`use Misuzu\Users\UserRole;`
			`use Misuzu\Users\UserRoleNotFoundException;`
Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`use Misuzu\Users\UserSession;`
Added TOTP class from Hanyuu. 2019-12-09 03:24:10 +00:00			`use chillerlan\QRCode\QRCode;`
			`use chillerlan\QRCode\QROptions;`

Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`require_once '../../misuzu.php';`

Rewrote session code to be OOP. 2020-05-25 19:58:06 +00:00			`if(!UserSession::hasCurrent()) {`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`echo render_error(401);`
			`return;`
			`}`

			`$errors = [];`
Added sanity to changelog code. 2020-05-20 18:09:38 +00:00			`$currentUser = User::getCurrent();`
			`$currentUserId = $currentUser->getId();`
Rewrote warnings system to be OOP, also added permanent warnings. 2020-06-01 00:33:16 +00:00			`$isRestricted = $currentUser->hasActiveWarning();`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`$twoFactorInfo = user_totp_info($currentUserId);`
CSRF from Hanyuu. 2019-12-11 18:10:54 +00:00			`$isVerifiedRequest = CSRF::validateRequest();`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00
			`if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`try {`
			`$roleInfo = UserRole::byId((int)($_POST['role']['id'] ?? 0));`
			`} catch(UserRoleNotFoundException $ex) {}`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if(empty($roleInfo) \|\| !$currentUser->hasRole($roleInfo))`
			`$errors[] = "You're trying to modify a role that hasn't been assigned to you.";`
			`else {`
Code style updates. 2019-06-10 17:04:53 +00:00			`switch($_POST['role']['mode'] ?? '') {`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`case 'display':`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`$currentUser->setDisplayRole($roleInfo);`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`break;`

			`case 'leave':`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`if($roleInfo->getCanLeave())`
			`$currentUser->removeRole($roleInfo);`
			`else`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`$errors[] = "You're not allow to leave this role, an administrator has to remove it for you.";`
			`break;`
			`}`
			`}`
			`}`

			`if($isVerifiedRequest && isset($_POST['tfa']['enable']) && (bool)$twoFactorInfo['totp_enabled'] !== (bool)$_POST['tfa']['enable']) {`
			`if((bool)$_POST['tfa']['enable']) {`
Added TOTP class from Hanyuu. 2019-12-09 03:24:10 +00:00			`$tfaKey = TOTP::generateKey();`
Made two factor auth session code OOP. 2020-05-28 17:52:31 +00:00			`$tfaIssuer = Config::get('site.name', Config::TYPE_STR, 'Misuzu');`
Added TOTP class from Hanyuu. 2019-12-09 03:24:10 +00:00			`$tfaQrcode = (new QRCode(new QROptions([`
			`'version' => 5,`
			`'outputType' => QRCode::OUTPUT_IMAGE_JPG,`
			`'eccLevel' => QRCode::ECC_L,`
Made two factor auth session code OOP. 2020-05-28 17:52:31 +00:00			`])))->render(sprintf('otpauth://totp/%s:%s?%s', $tfaIssuer, $twoFactorInfo['username'], http_build_query([`
Added TOTP class from Hanyuu. 2019-12-09 03:24:10 +00:00			`'secret' => $tfaKey,`
Made two factor auth session code OOP. 2020-05-28 17:52:31 +00:00			`'issuer' => $tfaIssuer,`
Added TOTP class from Hanyuu. 2019-12-09 03:24:10 +00:00			`])));`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00
Ported Template class from Hanyuu project. 2019-12-04 18:16:22 +00:00			`Template::set([`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`'settings_2fa_code' => $tfaKey,`
Added TOTP class from Hanyuu. 2019-12-09 03:24:10 +00:00			`'settings_2fa_image' => $tfaQrcode,`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`]);`

			`user_totp_update($currentUserId, $tfaKey);`
			`} else {`
			`user_totp_update($currentUserId, null);`
			`}`

			`$twoFactorInfo['totp_enabled'] = !$twoFactorInfo['totp_enabled'];`
			`}`

			`if($isVerifiedRequest && !empty($_POST['current_password'])) {`
Removed user_password_verify_db() and user_exists(). 2020-05-14 22:18:39 +00:00			`if(!$currentUser->checkPassword($_POST['current_password'] ?? '')) {`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`$errors[] = 'Your password was incorrect.';`
			`} else {`
			`// Changing e-mail`
			`if(!empty($_POST['email']['new'])) {`
			`if(empty($_POST['email']['confirm']) \|\| $_POST['email']['new'] !== $_POST['email']['confirm']) {`
			`$errors[] = 'The addresses you entered did not match each other.';`
Moved user validation code into User object. 2020-05-27 17:05:23 +00:00			`} elseif($currentUser->getEMailAddress() === mb_strtolower($_POST['email']['confirm'])) {`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`$errors[] = 'This is already your e-mail address!';`
			`} else {`
Moved user validation code into User object. 2020-05-27 17:05:23 +00:00			`$checkMail = User::validateEMailAddress($_POST['email']['new'], true);`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00
Code style updates. 2019-06-10 17:04:53 +00:00			`if($checkMail !== '') {`
			`switch($checkMail) {`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`case 'dns':`
			`$errors[] = 'No valid MX record exists for this domain.';`
			`break;`

			`case 'format':`
			`$errors[] = 'The given e-mail address was incorrectly formatted.';`
			`break;`

			`case 'in-use':`
			`$errors[] = 'This e-mail address is already in use.';`
			`break;`

			`default:`
			`$errors[] = 'Unknown e-mail validation error.';`
			`}`
			`} else {`
			`user_email_set($currentUserId, $_POST['email']['new']);`
Rewrote audit log to be OOP. 2020-05-21 15:05:30 +00:00			`AuditLog::create(AuditLog::PERSONAL_EMAIL_CHANGE, [`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`$_POST['email']['new'],`
			`]);`
			`}`
			`}`
			`}`

			`// Changing password`
			`if(!empty($_POST['password']['new'])) {`
			`if(empty($_POST['password']['confirm']) \|\| $_POST['password']['new'] !== $_POST['password']['confirm']) {`
			`$errors[] = 'The new passwords you entered did not match each other.';`
			`} else {`
Moved user validation code into User object. 2020-05-27 17:05:23 +00:00			`$checkPassword = User::validatePassword($_POST['password']['new']);`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00
			`if($checkPassword !== '') {`
			`$errors[] = 'The given passwords was too weak.';`
			`} else {`
Moved user validation code into User object. 2020-05-27 17:05:23 +00:00			`$currentUser->setPassword($_POST['password']['new']);`
Rewrote audit log to be OOP. 2020-05-21 15:05:30 +00:00			`AuditLog::create(AuditLog::PERSONAL_PASSWORD_CHANGE);`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`}`
			`}`
			`}`
			`}`
			`}`

Ported Template class from Hanyuu project. 2019-12-04 18:16:22 +00:00			`Template::render('settings.account', [`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`'errors' => $errors,`
Rewrote roles code to be OOP. 2020-06-04 18:48:01 +00:00			`'settings_user' => $currentUser,`
Made settings multi-page again. 2019-06-06 20:09:27 +00:00			`'is_restricted' => $isRestricted,`
			`'settings_2fa_enabled' => $twoFactorInfo['totp_enabled'],`
			`]);`