2018-03-23 00:01:42 +00:00
< ? php
2018-10-04 20:30:55 +00:00
require_once '../misuzu.php' ;
2018-03-23 00:01:42 +00:00
2018-10-02 22:34:05 +00:00
if ( ! user_session_active ()) {
2018-05-26 20:33:05 +00:00
echo render_error ( 403 );
2018-03-23 00:01:42 +00:00
return ;
}
2018-10-29 19:12:06 +00:00
$errors = [];
2018-03-23 00:01:42 +00:00
2018-10-28 02:02:00 +00:00
$disableAccountOptions = ! MSZ_DEBUG && (
boolval ( config_get_default ( false , 'Private' , 'enabled' ))
&& boolval ( config_get_default ( false , 'Private' , 'disable_account_settings' ))
);
2018-10-29 19:12:06 +00:00
$currentEmail = user_email_get ( user_session_current ( 'user_id' ));
2018-03-24 04:31:42 +00:00
2018-03-23 00:01:42 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'POST' ) {
2018-10-02 19:16:42 +00:00
if ( ! csrf_verify ( 'settings' , $_POST [ 'csrf' ] ? ? '' )) {
2018-10-29 19:12:06 +00:00
$errors [] = MSZ_TMP_USER_ERROR_STRINGS [ 'csrf' ];
2018-08-11 18:56:54 +00:00
} else {
2018-10-29 17:55:10 +00:00
if ( ! empty ( $_POST [ 'session' ])) {
$currentSessionKilled = false ;
if ( is_array ( $_POST [ 'session' ])) {
foreach ( $_POST [ 'session' ] as $sessionId ) {
$sessionId = intval ( $sessionId );
$session = user_session_find ( $sessionId );
2018-08-15 13:36:40 +00:00
2018-10-29 19:12:06 +00:00
if ( ! $session || ( int ) $session [ 'user_id' ] !== user_session_current ( 'user_id' )) {
$errors [] = " Session # { $sessionId } does not exist. " ;
2018-10-29 17:55:10 +00:00
break ;
} elseif (( int ) $session [ 'session_id' ] === user_session_current ( 'session_id' )) {
$currentSessionKilled = true ;
}
user_session_delete ( $session [ 'session_id' ]);
2018-10-29 19:12:06 +00:00
audit_log ( 'PERSONAL_SESSION_DESTROY' , user_session_current ( 'user_id' ), [
2018-10-29 17:55:10 +00:00
$session [ 'session_id' ],
]);
}
} elseif ( $_POST [ 'session' ] === 'all' ) {
$currentSessionKilled = true ;
2018-10-29 19:12:06 +00:00
user_session_purge_all ( user_session_current ( 'user_id' ));
audit_log ( 'PERSONAL_SESSION_DESTROY_ALL' , user_session_current ( 'user_id' ));
2018-10-29 17:55:10 +00:00
}
2018-03-26 02:08:35 +00:00
2018-10-29 17:55:10 +00:00
if ( $currentSessionKilled ) {
header ( 'Location: /' );
2018-09-27 22:03:43 +00:00
return ;
2018-03-26 02:08:35 +00:00
}
2018-08-11 18:56:54 +00:00
}
2018-03-26 02:08:35 +00:00
2018-11-17 20:37:18 +00:00
if ( ! empty ( $_POST [ 'role' ])) {
$roleId = ( int )( $_POST [ 'role' ][ 'id' ] ? ? 0 );
2018-10-29 19:12:06 +00:00
2018-11-17 20:37:18 +00:00
if ( $roleId > 0 && user_role_has ( user_session_current ( 'user_id' ), $roleId )) {
switch ( $_POST [ 'role' ][ 'mode' ] ? ? '' ) {
case 'display' :
user_role_set_display ( user_session_current ( 'user_id' ), $roleId );
break ;
case 'leave' :
if ( user_role_can_leave ( $roleId )) {
user_role_remove ( user_session_current ( 'user_id' ), $roleId );
} else {
$errors [] = " You're not allow to leave this role, an administrator has to remove it for you. " ;
}
break ;
}
} else {
$errors [] = " You're trying to modify a role that hasn't been assigned to you. " ;
}
}
if ( ! $disableAccountOptions && ! empty ( $_POST [ 'current_password' ])) {
2018-10-29 19:12:06 +00:00
if ( ! user_password_verify_db ( user_session_current ( 'user_id' ), $_POST [ 'current_password' ] ? ? '' )) {
$errors [] = 'Your password was incorrect.' ;
} else {
// Changing e-mail
if ( ! empty ( $_POST [ 'email' ][ 'new' ])) {
if ( empty ( $_POST [ 'email' ][ 'confirm' ]) || $_POST [ 'email' ][ 'new' ] !== $_POST [ 'email' ][ 'confirm' ]) {
$errors [] = 'The addresses you entered did not match each other.' ;
} elseif ( $currentEmail === mb_strtolower ( $_POST [ 'email' ][ 'confirm' ])) {
$errors [] = 'This is already your e-mail address!' ;
2018-08-11 18:56:54 +00:00
} else {
2018-10-29 19:12:06 +00:00
$checkMail = user_validate_email ( $_POST [ 'email' ][ 'new' ], true );
2018-08-11 18:56:54 +00:00
2018-10-29 19:12:06 +00:00
if ( $checkMail !== '' ) {
switch ( $checkMail ) {
case 'dns' :
$errors [] = 'No valid MX record exists for this domain.' ;
break ;
2018-08-11 18:56:54 +00:00
2018-10-29 19:12:06 +00:00
case 'format' :
$errors [] = 'The given e-mail address was incorrectly formatted.' ;
break ;
2018-08-11 18:56:54 +00:00
2018-10-29 19:12:06 +00:00
case 'in-use' :
$errors [] = 'This e-mail address is already in use.' ;
break ;
2018-08-11 18:56:54 +00:00
2018-10-29 19:12:06 +00:00
default :
$errors [] = 'Unknown e-mail validation error.' ;
2018-08-11 18:56:54 +00:00
}
2018-10-29 19:12:06 +00:00
} else {
user_email_set ( user_session_current ( 'user_id' ), $_POST [ 'email' ][ 'new' ]);
audit_log ( 'PERSONAL_EMAIL_CHANGE' , user_session_current ( 'user_id' ), [
$_POST [ 'email' ][ 'new' ],
]);
2018-08-11 18:56:54 +00:00
}
2018-10-29 19:12:06 +00:00
}
}
2018-03-26 02:08:35 +00:00
2018-10-29 19:12:06 +00:00
// Changing password
if ( ! empty ( $_POST [ 'password' ][ 'new' ])) {
if ( empty ( $_POST [ 'password' ][ 'confirm' ]) || $_POST [ 'password' ][ 'new' ] !== $_POST [ 'password' ][ 'confirm' ]) {
$errors [] = 'The new passwords you entered did not match each other.' ;
} else {
$checkPassword = user_validate_password ( $_POST [ 'password' ][ 'new' ]);
2018-03-26 02:08:35 +00:00
2018-10-29 19:12:06 +00:00
if ( $checkPassword !== '' ) {
$errors [] = 'The given passwords was too weak.' ;
} else {
user_password_set ( user_session_current ( 'user_id' ), $_POST [ 'password' ][ 'new' ]);
audit_log ( 'PERSONAL_PASSWORD_CHANGE' , user_session_current ( 'user_id' ));
2018-08-11 18:56:54 +00:00
}
}
}
}
}
2018-03-23 00:01:42 +00:00
}
}
2018-10-29 22:00:49 +00:00
tpl_add_filter ( 'log_format' , function ( string $text , string $json ) : string {
return vsprintf ( $text , json_decode ( $json ));
});
2018-10-29 19:12:06 +00:00
$sessions = [
'list' => [],
'active' => user_session_current ( 'session_id' ),
'amount' => user_session_count ( user_session_current ( 'user_id' )),
'offset' => max ( 0 , intval ( $_GET [ 'sessions' ][ 'offset' ] ? ? 0 )),
'take' => clamp ( $_GET [ 'sessions' ][ 'take' ] ? ? 15 , 5 , 30 ),
];
$logins = [
'list' => [],
'amount' => user_login_attempts_count ( user_session_current ( 'user_id' )),
'offset' => max ( 0 , intval ( $_GET [ 'logins' ][ 'offset' ] ? ? 0 )),
'take' => clamp ( $_GET [ 'logins' ][ 'take' ] ? ? 15 , 5 , 30 ),
];
$logs = [
'list' => [],
'amount' => audit_log_count ( user_session_current ( 'user_id' )),
'offset' => max ( 0 , intval ( $_GET [ 'logs' ][ 'offset' ] ? ? 0 )),
'take' => clamp ( $_GET [ 'logs' ][ 'take' ] ? ? 15 , 5 , 30 ),
'strings' => [
2018-10-27 22:01:01 +00:00
'PERSONAL_EMAIL_CHANGE' => 'Changed e-mail address to %s.' ,
'PERSONAL_PASSWORD_CHANGE' => 'Changed account password.' ,
'PERSONAL_SESSION_DESTROY' => 'Ended session #%d.' ,
'PERSONAL_SESSION_DESTROY_ALL' => 'Ended all personal sessions.' ,
'PASSWORD_RESET' => 'Successfully used the password reset form to change password.' ,
'CHANGELOG_ENTRY_CREATE' => 'Created a new changelog entry #%d.' ,
'CHANGELOG_ENTRY_EDIT' => 'Edited changelog entry #%d.' ,
'CHANGELOG_TAG_ADD' => 'Added tag #%2$d to changelog entry #%1$d.' ,
'CHANGELOG_TAG_REMOVE' => 'Removed tag #%2$d from changelog entry #%1$d.' ,
'CHANGELOG_TAG_CREATE' => 'Created new changelog tag #%d.' ,
'CHANGELOG_TAG_EDIT' => 'Edited changelog tag #%d.' ,
'CHANGELOG_ACTION_CREATE' => 'Created new changelog action #%d.' ,
'CHANGELOG_ACTION_EDIT' => 'Edited changelog action #%d.' ,
],
2018-10-29 19:12:06 +00:00
];
2018-03-23 00:01:42 +00:00
2018-10-29 19:12:06 +00:00
$sessions [ 'list' ] = user_session_list ( $sessions [ 'offset' ], $sessions [ 'take' ], user_session_current ( 'user_id' ));
$logins [ 'list' ] = user_login_attempts_list ( $sessions [ 'offset' ], $sessions [ 'take' ], user_session_current ( 'user_id' ));
$logs [ 'list' ] = audit_log_list ( $logs [ 'offset' ], $logs [ 'take' ], user_session_current ( 'user_id' ));
2018-11-16 17:54:56 +00:00
$getUserRoles = db_prepare ( '
2018-11-17 20:37:18 +00:00
SELECT r . `role_id` , r . `role_name` , r . `role_description` , r . `role_colour` , r . `role_can_leave`
2018-11-16 17:54:56 +00:00
FROM `msz_user_roles` as ur
LEFT JOIN `msz_roles` as r
ON r . `role_id` = ur . `role_id`
WHERE ur . `user_id` = : user_id
2018-11-17 20:37:18 +00:00
ORDER BY r . `role_hierarchy` DESC
2018-11-16 17:54:56 +00:00
' );
$getUserRoles -> bindValue ( 'user_id' , user_session_current ( 'user_id' ));
$userRoles = $getUserRoles -> execute () ? $getUserRoles -> fetchAll ( PDO :: FETCH_ASSOC ) : [];
if ( empty ( $errors )) { // delete this in 2019
2018-10-29 19:12:06 +00:00
$errors [] = 'A few of the elements on this page have been moved to the on-profile editor. To find them, go to your profile and hit the "Edit Profile" button below your avatar.' ;
}
echo tpl_render ( 'user.settings' , [
'errors' => $errors ,
'disable_account_options' => $disableAccountOptions ,
'current_email' => $currentEmail ,
'sessions' => $sessions ,
'logins' => $logins ,
'logs' => $logs ,
2018-11-17 20:37:18 +00:00
'user_roles' => $userRoles ,
'user_display_role' => user_role_get_display ( user_session_current ( 'user_id' )),
2018-10-29 19:12:06 +00:00
]);
