[Summary view] [Print] [Text view]

   1  <?php
   2  # MantisBT - A PHP based bugtracking system
   3  
   4  # MantisBT is free software: you can redistribute it and/or modify
   5  # it under the terms of the GNU General Public License as published by
   6  # the Free Software Foundation, either version 2 of the License, or
   7  # (at your option) any later version.
   8  #
   9  # MantisBT is distributed in the hope that it will be useful,
  10  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  # GNU General Public License for more details.
  13  #
  14  # You should have received a copy of the GNU General Public License
  15  # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * This page updates a user's information
  19   * If an account is protected then changes are forbidden
  20   * The page gets redirected back to account_page.php
  21   *
  22   * @package MantisBT
  23   * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  24   * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  25   * @link http://www.mantisbt.org
  26   *
  27   * @uses core.php
  28   * @uses authentication_api.php
  29   * @uses config_api.php
  30   * @uses constant_inc.php
  31   * @uses current_user_api.php
  32   * @uses email_api.php
  33   * @uses form_api.php
  34   * @uses gpc_api.php
  35   * @uses html_api.php
  36   * @uses lang_api.php
  37   * @uses print_api.php
  38   * @uses string_api.php
  39   * @uses user_api.php
  40   * @uses utility_api.php
  41   */
  42  
  43  /**
  44   * MantisBT Core API's
  45   */
  46  require_once ( 'core.php' );
  47  require_api( 'authentication_api.php' );
  48  require_api( 'config_api.php' );
  49  require_api( 'constant_inc.php' );
  50  require_api( 'current_user_api.php' );
  51  require_api( 'email_api.php' );
  52  require_api( 'form_api.php' );
  53  require_api( 'gpc_api.php' );
  54  require_api( 'html_api.php' );
  55  require_api( 'lang_api.php' );
  56  require_api( 'print_api.php' );
  57  require_api( 'string_api.php' );
  58  require_api( 'user_api.php' );
  59  require_api( 'utility_api.php' );
  60  
  61  form_security_validate('account_update');
  62  
  63  auth_ensure_user_authenticated();
  64  
  65  current_user_ensure_unprotected();
  66  
  67  $f_email               = gpc_get_string( 'email', '' );
  68  $f_realname            = gpc_get_string( 'realname', '' );
  69  $f_password            = gpc_get_string( 'password', '' );
  70  $f_password_confirm    = gpc_get_string( 'password_confirm', '' );
  71  
  72  // get the user id once, so that if we decide in the future to enable this for
  73  // admins / managers to change details of other users.
  74  $t_user_id = auth_get_current_user_id();
  75  
  76  $t_redirect = 'account_page.php';
  77  
  78  /** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */
  79  $t_email_updated = false;
  80  $t_password_updated = false;
  81  $t_realname_updated = false;
  82  
  83  $t_ldap = ( LDAP == config_get( 'login_method' ) );
  84  
  85  # Update email (but only if LDAP isn't being used)
  86  if ( !( $t_ldap && config_get( 'use_ldap_email' ) ) ) {
  87      $f_email = email_append_domain( $f_email );
  88      email_ensure_valid( $f_email );
  89      email_ensure_not_disposable( $f_email );
  90  
  91      if ( $f_email != user_get_email( $t_user_id ) ) {
  92          user_set_email( $t_user_id, $f_email );
  93          $t_email_updated = true;
  94      }
  95  }
  96  
  97  # Update real name (but only if LDAP isn't being used)
  98  if ( !( $t_ldap && config_get( 'use_ldap_realname' ) ) ) {
  99      # strip extra spaces from real name
 100      $t_realname = string_normalize( $f_realname );
 101      if ( $t_realname != user_get_field( $t_user_id, 'realname' ) ) {
 102          # checks for problems with realnames
 103          $t_username = user_get_field( $t_user_id, 'username' );
 104          user_ensure_realname_unique( $t_username, $t_realname );
 105          user_set_realname( $t_user_id, $t_realname );
 106          $t_realname_updated = true;
 107      }
 108  }
 109  
 110  # Update password if the two match and are not empty
 111  if ( !is_blank( $f_password ) ) {
 112      if ( $f_password != $f_password_confirm ) {
 113          trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
 114      } else {
 115          if ( !auth_does_password_match( $t_user_id, $f_password ) ) {
 116              user_set_password( $t_user_id, $f_password );
 117              $t_password_updated = true;
 118          }
 119      }
 120  }
 121  
 122  form_security_purge('account_update');
 123  
 124  html_page_top( null, $t_redirect );
 125  
 126  echo '<br /><div>';
 127  
 128  if ( $t_email_updated ) {
 129      echo lang_get( 'email_updated' ) . '<br />';
 130  }
 131  
 132  if ( $t_password_updated ) {
 133      echo lang_get( 'password_updated' ) . '<br />';
 134  }
 135  
 136  if ( $t_realname_updated ) {
 137      echo lang_get( 'realname_updated' ) . '<br />';
 138  }
 139  
 140  echo lang_get( 'operation_successful' ) . '<br />';
 141  print_bracket_link( $t_redirect, lang_get( 'proceed' ) );
 142  echo '</div>';
 143  html_page_bottom();