<?php/*UserSpice 4An Open Source PHP User Management Systemby the UserSp

1. <?php
2. /*
3. UserSpice 4
4. An Open Source PHP User Management System
5. by the UserSpice Team at http://UserSpice.com
6. This program is free software: you can redistribute it and/or modify
7. it under the terms of the GNU General Public License as published by
8. the Free Software Foundation, either version 3 of the License, or
9. (at your option) any later version.
10. This program is distributed in the hope that it will be useful,
11. but WITHOUT ANY WARRANTY; without even the implied warranty of
12. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13. GNU General Public License for more details.
14. You should have received a copy of the GNU General Public License
15. along with this program. If not, see <http://www.gnu.org/licenses/>.
16. */
17. ?>
18. <?php require_once 'init.php'; ?>
19. <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
20. <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
21.  
22. <?php
23. if (!securePage($_SERVER['PHP_SELF'])){die();}?>
24.  
25. <?php
26. $emailQ = $db->query("SELECT * FROM email");
27. $emailR = $emailQ->first();
28. // dump($emailR);
29. // dump($emailR->email_act);
30. //PHP Goes Here!
31. $errors=[];
32. $successes=[];
33. $userId = $user->data()->id;
34. $grav = get_gravatar(strtolower(trim($user->data()->email)));
35. $validation = new Validate();
36. $userdetails=$user->data();
37. //Temporary Success Message
38. $holdover = Input::get('success');
39. if($holdover == 'true'){
40. bold("Account Updated");
41. }
42. //Forms posted
43. if(!empty($_POST)) {
44. $token = $_POST['csrf'];
45. if(!Token::check($token)){
46. die('Token doesn\'t match!');
47. }else {
48. //Update display name
49. if ($userdetails->username != $_POST['username']){
50. $displayname = Input::get("username");
51. $fields=array(
52. 'username'=>$displayname,
53. 'un_changed' => 1,
54. );
55. $validation->check($_POST,array(
56. 'username' => array(
57. 'display' => 'Username',
58. 'required' => true,
59. 'unique_update' => 'users,'.$userId,
60. 'min' => 1,
61. 'max' => 25
62. )
63. ));
64. if($validation->passed()){
65. if(($settings->change_un == 2) && ($user->data()->un_changed == 1)){
66. Redirect::to('user_settings.php?err=Username+has+already+been+changed+once.');
67. }
68. $db->update('users',$userId,$fields);
69. $successes[]="Username updated.";
70. }else{
71. //validation did not pass
72. foreach ($validation->errors() as $error) {
73. $errors[] = $error;
74. }
75. }
76. }else{
77. $displayname=$userdetails->username;
78. }
79. //Update first name
80. if ($userdetails->fname != $_POST['fname']){
81. $fname = Input::get("fname");
82. $fields=array('fname'=>$fname);
83. $validation->check($_POST,array(
84. 'fname' => array(
85. 'display' => 'First Name',
86. 'required' => true,
87. 'min' => 1,
88. 'max' => 25
89. )
90. ));
91. if($validation->passed()){
92. $db->update('users',$userId,$fields);
93. $successes[]='First name updated.';
94. }else{
95. //validation did not pass
96. foreach ($validation->errors() as $error) {
97. $errors[] = $error;
98. }
99. }
100. }else{
101. $fname=$userdetails->fname;
102. }
103. //Update last name
104. if ($userdetails->lname != $_POST['lname']){
105. $lname = Input::get("lname");
106. $fields=array('lname'=>$lname);
107. $validation->check($_POST,array(
108. 'lname' => array(
109. 'display' => 'Last Name',
110. 'required' => true,
111. 'min' => 1,
112. 'max' => 25
113. )
114. ));
115. if($validation->passed()){
116. $db->update('users',$userId,$fields);
117. $successes[]='Last name updated.';
118. }else{
119. //validation did not pass
120. foreach ($validation->errors() as $error) {
121. $errors[] = $error;
122. }
123. }
124. }else{
125. $lname=$userdetails->lname;
126. }
127. //Update email
128. if ($userdetails->email != $_POST['email']){
129. $email = Input::get("email");
130. $fields=array('email'=>$email);
131. $validation->check($_POST,array(
132. 'email' => array(
133. 'display' => 'Email',
134. 'required' => true,
135. 'valid_email' => true,
136. 'unique_update' => 'users,'.$userId,
137. 'min' => 3,
138. 'max' => 75
139. )
140. ));
141. if($validation->passed()){
142. $db->update('users',$userId,$fields);
143. if($emailR->email_act==1){
144. $db->update('users',$userId,['email_verified'=>0]);
145. }
146. $successes[]='Email updated.';
147. }else{
148. //validation did not pass
149. foreach ($validation->errors() as $error) {
150. $errors[] = $error;
151. }
152. }
153. }else{
154. $email=$userdetails->email;
155. }
156. if(!empty($_POST['password'])) {
157. $validation->check($_POST,array(
158. 'old' => array(
159. 'display' => 'Old Password',
160. 'required' => true,
161. ),
162. 'password' => array(
163. 'display' => 'New Password',
164. 'required' => true,
165. 'min' => $settings->min_pw,
166. 'max' => $settings->max_pw,
167. ),
168. 'confirm' => array(
169. 'display' => 'Confirm New Password',
170. 'required' => true,
171. 'matches' => 'password',
172. ),
173. ));
174. foreach ($validation->errors() as $error) {
175. $errors[] = $error;
176. }
177. if (!password_verify(Input::get('old'),$user->data()->password)) {
178. foreach ($validation->errors() as $error) {
179. $errors[] = $error;
180. }
181. $errors[]='There is a problem with your password.';
182. }
183. if (empty($errors)) {
184. //process
185. $new_password_hash = password_hash(Input::get('password'),PASSWORD_BCRYPT,array('cost' => 12));
186. $user->update(array('password' => $new_password_hash,),$user->data()->id);
187. $successes[]='Password updated.';
188. }
189. }
190. }
191. }else{
192. $displayname=$userdetails->username;
193. $fname=$userdetails->fname;
194. $lname=$userdetails->lname;
195. $email=$userdetails->email;
196. }
197. ?>
198. <div id="page-wrapper">
199. <div class="container">
200. <div class="well">
201. <div class="row">
202. <div class="col-xs-12 col-md-2">
203. <p><img src="<?=$grav; ?>" class="img-thumbnail" alt="Generic placeholder thumbnail"></p>
204. </div>
205. <div class="col-xs-12 col-md-10">
206. <h1>Update your user settings</h1>
207. <strong>Want to change your profile picture? </strong><br> Visit <a href="https://en.gravatar.com/">https://en.gravatar.com/</a> and setup an account with the email address <?=$email?>. It works across millions of sites. It's fast and easy!<br>
208. <span class="bg-danger"><?=display_errors($errors);?></span>
209. <span><?=display_successes($successes);?></span>
210.  
211. <form name='updateAccount' action='user_settings.php' method='post'>
212.  
213. <div class="form-group">
214. <label>Username</label>
215. <?php if (($settings->change_un == 0) || (($settings->change_un == 2) && ($user->data()->un_changed == 1)) ) {
216. echo "<input class='form-control' type='text' name='username' value='$displayname' readonly/>";
217. }else{
218. echo "<input class='form-control' type='text' name='username' value='$displayname'>";
219. }
220. ?>
221. </div>
222.  
223. <div class="form-group">
224. <label>First Name</label>
225. <input class='form-control' type='text' name='fname' value='<?=$fname?>' />
226. </div>
227.  
228. <div class="form-group">
229. <label>Last Name</label>
230. <input class='form-control' type='text' name='lname' value='<?=$lname?>' />
231. </div>
232.  
233. <div class="form-group">
234. <label>Email</label>
235. <input class='form-control' type='text' name='email' value='<?=$email?>' />
236. </div>
237.  
238. <div class="form-group">
239. <label>Old Password (required to change password)</label>
240. <input class='form-control' type='password' name='old' />
241. </div>
242.  
243. <div class="form-group">
244. <label>New Password (<?=$settings->min_pw?> char min, <?=$settings->max_pw?> max.)</label>
245. <input class='form-control' type='password' name='password' />
246. </div>
247.  
248. <div class="form-group">
249. <label>Confirm Password</label>
250. <input class='form-control' type='password' name='confirm' />
251. </div>
252.  
253. <input type="hidden" name="csrf" value="<?=Token::generate();?>" />
254.  
255. <p><input class='btn btn-primary' type='submit' value='Update' class='submit' /></p>
256. <p><a class="btn btn-info" href="account.php">Cancel</a></p>
257.  
258. </form>
259. <?php
260. if(isset($user->data()->oauth_provider) && $user->data()->oauth_provider != null){
261. echo "<strong>NOTE:</strong> If you originally signed up with your Google/Facebook account, you will need to use the forgot password link to change your password...unless you're really good at guessing.";
262. }
263. ?>
264. </div>
265. </div>
266. </div>
267.  
268.  
269. </div> <!-- /container -->
270.  
271. </div> <!-- /#page-wrapper -->
272.  
273.  
274. <!-- footers -->
275. <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
276.  
277. <!-- Place any per-page javascript here -->
278.  
279. <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>