account_update.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * This page updates a user's information
  19  * If an account is protected then changes are forbidden
  20  * The page gets redirected back to account_page.php
  21  *
  22  * @package MantisBT
  23  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  24  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  25  * @link http://www.mantisbt.org
  26  *
  27  * @uses core.php
  28  * @uses authentication_api.php
  29  * @uses config_api.php
  30  * @uses constant_inc.php
  31  * @uses current_user_api.php
  32  * @uses email_api.php
  33  * @uses form_api.php
  34  * @uses gpc_api.php
  35  * @uses html_api.php
  36  * @uses lang_api.php
  37  * @uses print_api.php
  38  * @uses string_api.php
  39  * @uses user_api.php
  40  * @uses utility_api.php
  41  */
  42
  43 /**
  44  * MantisBT Core API's
  45  */
  46 require_once( 'core.php' );
  47 require_api( 'authentication_api.php' );
  48 require_api( 'config_api.php' );
  49 require_api( 'constant_inc.php' );
  50 require_api( 'current_user_api.php' );
  51 require_api( 'email_api.php' );
  52 require_api( 'form_api.php' );
  53 require_api( 'gpc_api.php' );
  54 require_api( 'html_api.php' );
  55 require_api( 'lang_api.php' );
  56 require_api( 'print_api.php' );
  57 require_api( 'string_api.php' );
  58 require_api( 'user_api.php' );
  59 require_api( 'utility_api.php' );
  60
  61 form_security_validate('account_update');
  62
  63 auth_ensure_user_authenticated();
  64
  65 current_user_ensure_unprotected();
  66
  67 $f_email                = gpc_get_string( 'email', '' );
  68 $f_realname             = gpc_get_string( 'realname', '' );
  69 $f_password             = gpc_get_string( 'password', '' );
  70 $f_password_confirm     = gpc_get_string( 'password_confirm', '' );
  71
  72 // get the user id once, so that if we decide in the future to enable this for
  73 // admins / managers to change details of other users.
  74 $t_user_id = auth_get_current_user_id();
  75
  76 $t_redirect = 'account_page.php';
  77
  78 /** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */
  79 $t_email_updated = false;
  80 $t_password_updated = false;
  81 $t_realname_updated = false;
  82
  83 $t_ldap = ( LDAP == config_get( 'login_method' ) );
  84
  85 # Update email (but only if LDAP isn't being used)
  86 if ( !( $t_ldap && config_get( 'use_ldap_email' ) ) ) {
  87         $f_email = email_append_domain( $f_email );
  88         email_ensure_valid( $f_email );
  89         email_ensure_not_disposable( $f_email );
  90
  91         if ( $f_email != user_get_email( $t_user_id ) ) {
  92                 user_set_email( $t_user_id, $f_email );
  93                 $t_email_updated = true;
  94         }
  95 }
  96
  97 # Update real name (but only if LDAP isn't being used)
  98 if ( !( $t_ldap && config_get( 'use_ldap_realname' ) ) ) {
  99         # strip extra spaces from real name
 100         $t_realname = string_normalize( $f_realname );
 101         if ( $t_realname != user_get_field( $t_user_id, 'realname' ) ) {
 102                 # checks for problems with realnames
 103                 $t_username = user_get_field( $t_user_id, 'username' );
 104                 user_ensure_realname_unique( $t_username, $t_realname );
 105                 user_set_realname( $t_user_id, $t_realname );
 106                 $t_realname_updated = true;
 107         }
 108 }
 109
 110 # Update password if the two match and are not empty
 111 if ( !is_blank( $f_password ) ) {
 112         if ( $f_password != $f_password_confirm ) {
 113                 trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
 114         } else {
 115                 if ( !auth_does_password_match( $t_user_id, $f_password ) ) {
 116                         user_set_password( $t_user_id, $f_password );
 117                         $t_password_updated = true;
 118                 }
 119         }
 120 }
 121
 122 form_security_purge('account_update');
 123
 124 html_page_top( null, $t_redirect );
 125
 126 echo '<br /><div>';
 127
 128 if ( $t_email_updated ) {
 129         echo lang_get( 'email_updated' ) . '<br />';
 130 }
 131
 132 if ( $t_password_updated ) {
 133         echo lang_get( 'password_updated' ) . '<br />';
 134 }
 135
 136 if ( $t_realname_updated ) {
 137         echo lang_get( 'realname_updated' ) . '<br />';
 138 }
 139
 140 echo lang_get( 'operation_successful' ) . '<br />';
 141 print_bracket_link( $t_redirect, lang_get( 'proceed' ) );
 142 echo '</div>';
 143 html_page_bottom();