authInfo->isLoggedIn) Template::throwError(401); $errors = []; $userInfo = $msz->authInfo->userInfo; $isRestricted = $msz->usersCtx->hasActiveBan($userInfo); $isVerifiedRequest = CSRF::validateRequest(); if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) { try { $roleInfo = $msz->usersCtx->roles->getRole(($_POST['role']['id'] ?? 0)); } catch(RuntimeException $ex) {} if(empty($roleInfo) || !$msz->usersCtx->users->hasRole($userInfo, $roleInfo)) $errors[] = "You're trying to modify a role that hasn't been assigned to you."; else { switch($_POST['role']['mode'] ?? '') { case 'display': $msz->usersCtx->users->updateUser( $userInfo, displayRoleInfo: $roleInfo ); break; case 'leave': if($roleInfo->leavable) { $msz->usersCtx->users->removeRoles($userInfo, $roleInfo); $msz->perms->precalculatePermissions( $msz->forumCtx->categories, [$userInfo->id] ); } else $errors[] = "You're not allow to leave this role, an administrator has to remove it for you."; break; } } } if($isVerifiedRequest && isset($_POST['tfa']['enable']) && $userInfo->hasTOTP !== (bool)$_POST['tfa']['enable']) { $totpKey = ''; if((bool)$_POST['tfa']['enable']) { $totpKey = TOTPGenerator::generateKey(); $totpIssuer = $msz->siteInfo->name; $totpQrcode = (new QRCode(new QROptions([ 'version' => 5, 'outputType' => QRCode::OUTPUT_IMAGE_JPG, 'eccLevel' => QRCode::ECC_L, ])))->render(sprintf('otpauth://totp/%s:%s?%s', $totpIssuer, $userInfo->name, http_build_query([ 'secret' => $totpKey, 'issuer' => $totpIssuer, ]))); Template::set([ 'settings_2fa_code' => $totpKey, 'settings_2fa_image' => $totpQrcode, ]); } $msz->usersCtx->users->updateUser(userInfo: $userInfo, totpKey: $totpKey); } if($isVerifiedRequest && !empty($_POST['current_password'])) { if(!$userInfo->verifyPassword($_POST['current_password'] ?? '')) { $errors[] = 'Your password was incorrect.'; } else { // Changing e-mail if(!empty($_POST['email']['new'])) { if(empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) { $errors[] = 'The addresses you entered did not match each other.'; } elseif($userInfo->emailAddress === mb_strtolower($_POST['email']['confirm'])) { $errors[] = 'This is already your e-mail address!'; } else { $checkMail = $msz->usersCtx->users->validateEMailAddress($_POST['email']['new']); if($checkMail !== '') { $errors[] = $msz->usersCtx->users->validateEMailAddressText($checkMail); } else { $msz->usersCtx->users->updateUser(userInfo: $userInfo, emailAddr: $_POST['email']['new']); $msz->createAuditLog('PERSONAL_EMAIL_CHANGE', [$_POST['email']['new']]); } } } // Changing password if(!empty($_POST['password']['new'])) { if(empty($_POST['password']['confirm']) || $_POST['password']['new'] !== $_POST['password']['confirm']) { $errors[] = 'The new passwords you entered did not match each other.'; } else { $checkPassword = $msz->usersCtx->users->validatePassword($_POST['password']['new']); if($checkPassword !== '') { $errors[] = $msz->usersCtx->users->validatePasswordText($checkPassword); } else { $msz->usersCtx->users->updateUser(userInfo: $userInfo, password: $_POST['password']['new']); $msz->createAuditLog('PERSONAL_PASSWORD_CHANGE'); } } } } } // reload $userInfo object if($_SERVER['REQUEST_METHOD'] === 'POST' && $isVerifiedRequest) $userInfo = $msz->usersCtx->users->getUser($userInfo->id, 'id'); $userRoles = iterator_to_array($msz->usersCtx->roles->getRoles(userInfo: $userInfo)); Template::render('settings.account', [ 'errors' => $errors, 'settings_user' => $userInfo, 'settings_roles' => $userRoles, 'is_restricted' => $isRestricted, ]);