[Summary view] [Print] [Text view]

   1  <?php
   2  # MantisBT - A PHP based bugtracking system
   3  
   4  # MantisBT is free software: you can redistribute it and/or modify
   5  # it under the terms of the GNU General Public License as published by
   6  # the Free Software Foundation, either version 2 of the License, or
   7  # (at your option) any later version.
   8  #
   9  # MantisBT is distributed in the hope that it will be useful,
  10  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  # GNU General Public License for more details.
  13  #
  14  # You should have received a copy of the GNU General Public License
  15  # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * This page updates a user's information
  19   * If an account is protected then changes are forbidden
  20   * The page gets redirected back to account_page.php
  21   *
  22   * @package MantisBT
  23   * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  24   * @copyright Copyright (C) 2002 - 2010  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  25   * @link http://www.mantisbt.org
  26   *
  27   * @uses core.php
  28   * @uses authentication_api.php
  29   * @uses config_api.php
  30   * @uses constant_inc.php
  31   * @uses current_user_api.php
  32   * @uses email_api.php
  33   * @uses form_api.php
  34   * @uses gpc_api.php
  35   * @uses html_api.php
  36   * @uses lang_api.php
  37   * @uses print_api.php
  38   * @uses string_api.php
  39   * @uses user_api.php
  40   * @uses utility_api.php
  41   */
  42  
  43  require_once ( 'core.php' );
  44  require_api( 'authentication_api.php' );
  45  require_api( 'config_api.php' );
  46  require_api( 'constant_inc.php' );
  47  require_api( 'current_user_api.php' );
  48  require_api( 'email_api.php' );
  49  require_api( 'form_api.php' );
  50  require_api( 'gpc_api.php' );
  51  require_api( 'html_api.php' );
  52  require_api( 'lang_api.php' );
  53  require_api( 'print_api.php' );
  54  require_api( 'string_api.php' );
  55  require_api( 'user_api.php' );
  56  require_api( 'utility_api.php' );
  57  
  58  form_security_validate('account_update');
  59  
  60  auth_ensure_user_authenticated();
  61  
  62  current_user_ensure_unprotected();
  63  
  64  $f_email               = gpc_get_string( 'email', '' );
  65  $f_realname            = gpc_get_string( 'realname', '' );
  66  $f_password            = gpc_get_string( 'password', '' );
  67  $f_password_confirm    = gpc_get_string( 'password_confirm', '' );
  68  
  69  // get the user id once, so that if we decide in the future to enable this for
  70  // admins / managers to change details of other users.
  71  $t_user_id = auth_get_current_user_id();
  72  
  73  $t_redirect = 'account_page.php';
  74  
  75  $t_email_updated = false;
  76  $t_password_updated = false;
  77  $t_realname_updated = false;
  78  
  79  /** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */
  80  
  81  if ( OFF == config_get( 'use_ldap_email' ) ) {
  82      $f_email = email_append_domain( $f_email );
  83      email_ensure_valid( $f_email );
  84      email_ensure_not_disposable( $f_email );
  85  
  86      if ( $f_email != user_get_email( $t_user_id ) ) {
  87          user_set_email( $t_user_id, $f_email );
  88          $t_email_updated = true;
  89      }
  90  }
  91  
  92  # strip extra spaces from real name
  93  $t_realname = string_normalize( $f_realname );
  94  if ( $t_realname != user_get_field( $t_user_id, 'realname' ) ) {
  95      # checks for problems with realnames
  96      user_ensure_realname_valid( $t_realname );
  97      $t_username = user_get_field( $t_user_id, 'username' );
  98      user_ensure_realname_unique( $t_username, $t_realname );
  99      user_set_realname( $t_user_id, $t_realname );
 100      $t_realname_updated = true;
 101  }
 102  
 103  # Update password if the two match and are not empty
 104  if ( !is_blank( $f_password ) ) {
 105      if ( $f_password != $f_password_confirm ) {
 106          trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
 107      } else {
 108          if ( !auth_does_password_match( $t_user_id, $f_password ) ) {
 109              user_set_password( $t_user_id, $f_password );
 110              $t_password_updated = true;
 111          }
 112      }
 113  }
 114  
 115  form_security_purge('account_update');
 116  
 117  html_page_top( null, $t_redirect );
 118  
 119  echo '<br /><div align="center">';
 120  
 121  if ( $t_email_updated ) {
 122      echo lang_get( 'email_updated' ) . '<br />';
 123  }
 124  
 125  if ( $t_password_updated ) {
 126      echo lang_get( 'password_updated' ) . '<br />';
 127  }
 128  
 129  if ( $t_realname_updated ) {
 130      echo lang_get( 'realname_updated' ) . '<br />';
 131  }
 132  
 133  echo lang_get( 'operation_successful' ) . '<br />';
 134  print_bracket_link( $t_redirect, lang_get( 'proceed' ) );
 135  echo '</div>';
 136  html_page_bottom();