misuzu/public-legacy/settings/account.php

126 lines
4.7 KiB
PHP
Raw Normal View History

2022-09-13 13:14:49 +00:00
<?php
namespace Misuzu;
use RuntimeException;
2022-09-13 13:14:49 +00:00
use Misuzu\Users\User;
use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions;
2024-12-02 02:28:08 +00:00
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->isLoggedIn)
Template::throwError(401);
2022-09-13 13:14:49 +00:00
$errors = [];
$userInfo = $msz->authInfo->userInfo;
$isRestricted = $msz->usersCtx->hasActiveBan($userInfo);
2022-09-13 13:14:49 +00:00
$isVerifiedRequest = CSRF::validateRequest();
if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) {
try {
$roleInfo = $msz->usersCtx->roles->getRole(($_POST['role']['id'] ?? 0));
} catch(RuntimeException $ex) {}
2022-09-13 13:14:49 +00:00
if(empty($roleInfo) || !$msz->usersCtx->users->hasRole($userInfo, $roleInfo))
2022-09-13 13:14:49 +00:00
$errors[] = "You're trying to modify a role that hasn't been assigned to you.";
else {
switch($_POST['role']['mode'] ?? '') {
case 'display':
$msz->usersCtx->users->updateUser(
$userInfo,
2023-07-27 23:26:05 +00:00
displayRoleInfo: $roleInfo
);
2022-09-13 13:14:49 +00:00
break;
case 'leave':
if($roleInfo->leavable) {
$msz->usersCtx->users->removeRoles($userInfo, $roleInfo);
$msz->perms->precalculatePermissions(
$msz->forumCtx->categories,
2024-11-30 04:20:20 +00:00
[$userInfo->id]
);
2023-08-30 22:37:21 +00:00
} else
2022-09-13 13:14:49 +00:00
$errors[] = "You're not allow to leave this role, an administrator has to remove it for you.";
break;
}
}
}
if($isVerifiedRequest && isset($_POST['tfa']['enable']) && $userInfo->hasTOTP !== (bool)$_POST['tfa']['enable']) {
$totpKey = '';
2022-09-13 13:14:49 +00:00
if((bool)$_POST['tfa']['enable']) {
$totpKey = TOTPGenerator::generateKey();
$totpIssuer = $msz->siteInfo->name;
$totpQrcode = (new QRCode(new QROptions([
2022-09-13 13:14:49 +00:00
'version' => 5,
'outputType' => QRCode::OUTPUT_IMAGE_JPG,
'eccLevel' => QRCode::ECC_L,
])))->render(sprintf('otpauth://totp/%s:%s?%s', $totpIssuer, $userInfo->name, http_build_query([
'secret' => $totpKey,
'issuer' => $totpIssuer,
2022-09-13 13:14:49 +00:00
])));
Template::set([
'settings_2fa_code' => $totpKey,
'settings_2fa_image' => $totpQrcode,
2022-09-13 13:14:49 +00:00
]);
}
$msz->usersCtx->users->updateUser(userInfo: $userInfo, totpKey: $totpKey);
2022-09-13 13:14:49 +00:00
}
if($isVerifiedRequest && !empty($_POST['current_password'])) {
if(!$userInfo->verifyPassword($_POST['current_password'] ?? '')) {
2022-09-13 13:14:49 +00:00
$errors[] = 'Your password was incorrect.';
} else {
// Changing e-mail
if(!empty($_POST['email']['new'])) {
if(empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
$errors[] = 'The addresses you entered did not match each other.';
} elseif($userInfo->emailAddress === mb_strtolower($_POST['email']['confirm'])) {
2022-09-13 13:14:49 +00:00
$errors[] = 'This is already your e-mail address!';
} else {
$checkMail = $msz->usersCtx->users->validateEMailAddress($_POST['email']['new']);
2022-09-13 13:14:49 +00:00
if($checkMail !== '') {
$errors[] = $msz->usersCtx->users->validateEMailAddressText($checkMail);
2022-09-13 13:14:49 +00:00
} else {
$msz->usersCtx->users->updateUser(userInfo: $userInfo, emailAddr: $_POST['email']['new']);
$msz->createAuditLog('PERSONAL_EMAIL_CHANGE', [$_POST['email']['new']]);
2022-09-13 13:14:49 +00:00
}
}
}
// Changing password
if(!empty($_POST['password']['new'])) {
if(empty($_POST['password']['confirm']) || $_POST['password']['new'] !== $_POST['password']['confirm']) {
$errors[] = 'The new passwords you entered did not match each other.';
} else {
$checkPassword = $msz->usersCtx->users->validatePassword($_POST['password']['new']);
2022-09-13 13:14:49 +00:00
if($checkPassword !== '') {
$errors[] = $msz->usersCtx->users->validatePasswordText($checkPassword);
2022-09-13 13:14:49 +00:00
} else {
$msz->usersCtx->users->updateUser(userInfo: $userInfo, password: $_POST['password']['new']);
$msz->createAuditLog('PERSONAL_PASSWORD_CHANGE');
2022-09-13 13:14:49 +00:00
}
}
}
}
}
// reload $userInfo object
if($_SERVER['REQUEST_METHOD'] === 'POST' && $isVerifiedRequest)
2024-11-30 04:20:20 +00:00
$userInfo = $msz->usersCtx->users->getUser($userInfo->id, 'id');
2023-07-27 23:26:05 +00:00
$userRoles = iterator_to_array($msz->usersCtx->roles->getRoles(userInfo: $userInfo));
2023-07-27 23:26:05 +00:00
2022-09-13 13:14:49 +00:00
Template::render('settings.account', [
'errors' => $errors,
'settings_user' => $userInfo,
2023-07-27 23:26:05 +00:00
'settings_roles' => $userRoles,
2022-09-13 13:14:49 +00:00
'is_restricted' => $isRestricted,
]);