Nephthys - /nephthys_profile.php - Annotate - oss.netshadow.at

root / nephthys_profile.php

View | Annotate | Download (6.6 KB)

1	d8166861	Andreas	<?php
2	d8166861	Andreas
3	d8166861	Andreas	/***************************************************************************
4	d8166861	Andreas	*
5	9a37d81c	Andreas	* Nephthys - file sharing management
6	d8166861	Andreas	* Copyright (c) by Andreas Unterkircher, unki@netshadow.at
7	d8166861	Andreas	*
8	9a37d81c	Andreas	* This file is part of Nephthys.
9	9a37d81c	Andreas	*
10	9a37d81c	Andreas	* Nephthys is free software: you can redistribute it and/or modify
11	d8166861	Andreas	* it under the terms of the GNU General Public License as published by
12	9a37d81c	Andreas	* the Free Software Foundation, either version 3 of the License, or
13	d8166861	Andreas	* (at your option) any later version.
14	d8166861	Andreas	*
15	9a37d81c	Andreas	* Nephthys is distributed in the hope that it will be useful,
16	d8166861	Andreas	* but WITHOUT ANY WARRANTY; without even the implied warranty of
17	d8166861	Andreas	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	d8166861	Andreas	* GNU General Public License for more details.
19	d8166861	Andreas	*
20	d8166861	Andreas	* You should have received a copy of the GNU General Public License
21	9a37d81c	Andreas	* along with Nephthys. If not, see <http://www.gnu.org/licenses/>.
22	d8166861	Andreas	*
23	d8166861	Andreas	***************************************************************************/
24	d8166861	Andreas
25	d8166861	Andreas	class NEPHTHYS_PROFILE {
26	d8166861	Andreas
27	d8166861	Andreas	private $db;
28	d8166861	Andreas	private $parent;
29	d8166861	Andreas	private $tmpl;
30	d8166861	Andreas
31	d8166861	Andreas	/**
32	d8166861	Andreas	* NEPHTHYS_PROFILE constructor
33	d8166861	Andreas	*
34	d8166861	Andreas	* Initialize the NEPHTHYS_PROFILE class
35	d8166861	Andreas	*/
36	d8166861	Andreas	public function __construct()
37	d8166861	Andreas	{
38	d8166861	Andreas	global $nephthys;
39	d8166861	Andreas	$this->parent =& $nephthys;
40	d8166861	Andreas	$this->db =& $nephthys->db;
41	d8166861	Andreas	$this->tmpl =& $nephthys->tmpl;
42	d8166861	Andreas
43	d8166861	Andreas	} // __construct()
44	d8166861	Andreas
45	d8166861	Andreas	/* interface output */
46	d8166861	Andreas	public function show()
47	d8166861	Andreas	{
48	d8166861	Andreas	if(!$this->parent->is_logged_in()) {
49	b340940a	Andreas	$this->parent->_error($this->parent->_("##MANAGE_USERS##") ." - ". $this->parent->_("##NOT_ALLOWED##"));
50	d8166861	Andreas	return 0;
51	d8166861	Andreas	}
52	d8166861	Andreas
53	d8166861	Andreas	if(!isset($_GET['mode']))
54	d8166861	Andreas	$_GET['mode'] = "show";
55	d8166861	Andreas
56	d8166861	Andreas	switch($_GET['mode']) {
57	71d037fc	Andreas	default:
58	d8166861	Andreas	case 'edit':
59	bc003de0	Andreas	return $this->showEdit();
60	d8166861	Andreas	break;
61	d8166861	Andreas	}
62	d8166861	Andreas
63	d8166861	Andreas	} // show()
64	d8166861	Andreas
65	d8166861	Andreas	/**
66	d8166861	Andreas	* display interface to edit profile settings
67	d8166861	Andreas	*/
68	69f0963f	Andreas	private function showEdit()
69	d8166861	Andreas	{
70	d8166861	Andreas	/* If authentication is enabled, check permissions */
71	d8166861	Andreas	if(!$this->parent->is_logged_in()) {
72	b340940a	Andreas	$this->parent->_error($this->parent->_("##MANAGE_USERS##") ." - ". $this->parent->_("##NOT_ALLOWED##"));
73	d8166861	Andreas	return 0;
74	d8166861	Andreas	}
75	d8166861	Andreas
76	d8166861	Andreas	$user = $this->db->db_fetchSingleRow("
77	d8166861	Andreas	SELECT *
78	d8166861	Andreas	FROM nephthys_users
79	d8166861	Andreas	WHERE
80	b77ba60d	Andreas	user_idx='". $_SESSION['login_idx'] ."'
81	d8166861	Andreas	");
82	d8166861	Andreas
83	b77ba60d	Andreas	$this->tmpl->assign('user_idx', $_SESSION['login_idx']);
84	ccc35b9d	Andreas	$this->tmpl->assign('user_name', $this->parent->unescape($user->user_name));
85	ccc35b9d	Andreas	$this->tmpl->assign('user_full_name', $this->parent->unescape($user->user_full_name));
86	ccc35b9d	Andreas	$this->tmpl->assign('user_email', $this->parent->unescape($user->user_email));
87	017c4db4	Andreas	$this->tmpl->assign('user_default_expire', $user->user_default_expire);
88	a7e2fd8c	Andreas	$this->tmpl->assign('user_auto_created', $user->user_auto_created);
89	ec4319a4	Andreas	$this->tmpl->assign('user_deny_chpwd', $user->user_deny_chpwd);
90	c70b4618	Andreas	$this->tmpl->assign('user_language', $user->user_language);
91	d8166861	Andreas
92	bc003de0	Andreas	return $this->tmpl->fetch("profile.tpl");
93	d8166861	Andreas
94	d8166861	Andreas	} // showEdit()
95	d8166861	Andreas
96	d8166861	Andreas	/**
97	d8166861	Andreas	* store user values
98	d8166861	Andreas	*/
99	d8166861	Andreas	public function store()
100	d8166861	Andreas	{
101	3a36047f	Andreas	if($this->parent->check_privileges('user') && isset($_POST['user_name'])) {
102	4a23938d	Andreas	return $this->parent->_("##FAILURE_CHANGE_LOGIN##");
103	d8166861	Andreas	}
104	a7e2fd8c	Andreas	if($this->parent->check_privileges('user') &&
105	a7e2fd8c	Andreas	!$this->parent->is_auto_created($_SESSION['login_idx'])
106	a7e2fd8c	Andreas	&& isset($_POST['user_email'])) {
107	4a23938d	Andreas	return $this->parent->_("##FAILURE_CHANGE_EMAIL##");
108	d8166861	Andreas	}
109	d8166861	Andreas
110	3a36047f	Andreas	if(!$this->parent->check_privileges('user') && (!isset($_POST['user_name']) \|\|
111	d8166861	Andreas	empty($_POST['user_name']))) {
112	4a23938d	Andreas	return $this->parent->_("##FAILURE_ENTER_USERNAME##");
113	d8166861	Andreas	}
114	1ee643b7	Andreas	if(!$this->parent->is_deny_chpwd($_SESSION['login_idx']) && empty($_POST['user_pass1'])) {
115	4a23938d	Andreas	return $this->parent->_("##FAILURE_EMPTY_PASSWORD##");
116	d8166861	Andreas	}
117	0c545690	Andreas	/* it's not a must that the password needs to be available, as
118	0c545690	Andreas	the user may not have the right to change its Nephthys password.
119	0c545690	Andreas	*/
120	0c545690	Andreas	if(isset($_POST['user_pass1']) && isset($_POST['user_pass2']) &&
121	0c545690	Andreas	$_POST['user_pass1'] != $_POST['user_pass2']) {
122	4a23938d	Andreas	return $this->parent->_("##FAILURE_PASSWORD_NOT_MATCH##");
123	0c545690	Andreas	}
124	d8166861	Andreas
125	a7e2fd8c	Andreas	/* user-privileged are not allowed to change their user-names */
126	3a36047f	Andreas	if(!$this->parent->check_privileges('user')) {
127	84741d30	Andreas
128	b1fa0a38	Andreas	$sth = $this->db->db_prepare("
129	d8166861	Andreas	UPDATE nephthys_users
130	af5a4c47	Andreas	SET
131	b1fa0a38	Andreas	user_name=?
132	a7e2fd8c	Andreas	WHERE
133	b1fa0a38	Andreas	user_idx=?
134	a7e2fd8c	Andreas	");
135	b1fa0a38	Andreas
136	b1fa0a38	Andreas	$this->db->db_execute($sth, array(
137	b1fa0a38	Andreas	$_POST['user_name'],
138	b1fa0a38	Andreas	$_POST['user_idx'],
139	b1fa0a38	Andreas	));
140	a7e2fd8c	Andreas	}
141	a7e2fd8c	Andreas
142	31710e0c	Andreas	/* handling email-address update. only privileged- or auto-created users
143	31710e0c	Andreas	are allowed to change their email address. Manually created users are
144	31710e0c	Andreas	not permitted to change their email address.
145	31710e0c	Andreas	*/
146	a7e2fd8c	Andreas	if(!$this->parent->check_privileges('user') \|\|
147	a7e2fd8c	Andreas	$this->parent->is_auto_created($_SESSION['login_idx'])) {
148	31710e0c	Andreas
149	31710e0c	Andreas	if(!isset($_POST['user_email']) \|\| empty($_POST['user_email'])) {
150	4a23938d	Andreas	return $this->parent->_("##FAILURE_ENTER_EMAIL##");
151	31710e0c	Andreas	}
152	31710e0c	Andreas	if(!$this->parent->validate_email($_POST['user_email'])) {
153	4a23938d	Andreas	return $this->parent->_("##FAILURE_ENTER_VALID_EMAIL##");
154	31710e0c	Andreas	}
155	31710e0c	Andreas
156	b1fa0a38	Andreas	$sth = $this->db->db_prepare("
157	a7e2fd8c	Andreas	UPDATE nephthys_users
158	a7e2fd8c	Andreas	SET
159	b1fa0a38	Andreas	user_email=?
160	d8166861	Andreas	WHERE
161	b1fa0a38	Andreas	user_idx=?
162	d8166861	Andreas	");
163	b1fa0a38	Andreas
164	b1fa0a38	Andreas	$this->db->db_execute($sth, array(
165	b1fa0a38	Andreas	$_POST['user_email'],
166	b1fa0a38	Andreas	$_POST['user_idx'],
167	b1fa0a38	Andreas	));
168	d8166861	Andreas	}
169	d8166861	Andreas
170	c70b4618	Andreas	/* update user's full name, default-expiry and langugage time */
171	b1fa0a38	Andreas	$sth = $this->db->db_prepare("
172	d8166861	Andreas	UPDATE nephthys_users
173	d8166861	Andreas	SET
174	b1fa0a38	Andreas	user_full_name=?,
175	c70b4618	Andreas	user_default_expire=?,
176	c70b4618	Andreas	user_language=?
177	d8166861	Andreas	WHERE
178	b1fa0a38	Andreas	user_idx=?
179	d8166861	Andreas	");
180	d8166861	Andreas
181	b1fa0a38	Andreas	$this->db->db_execute($sth, array(
182	b1fa0a38	Andreas	$_POST['user_full_name'],
183	b1fa0a38	Andreas	$_POST['user_default_expire'],
184	c70b4618	Andreas	$_POST['user_language'],
185	b1fa0a38	Andreas	$_POST['user_idx'],
186	b1fa0a38	Andreas	));
187	b1fa0a38	Andreas
188	0c545690	Andreas	if(isset($_POST['user_pass1'])) {
189	ccc35b9d	Andreas
190	0c545690	Andreas	/* if a password change was requested, change it here. */
191	0c545690	Andreas	if($_POST['user_pass1'] != " nochangeMS " &&
192	0c545690	Andreas	!$this->parent->is_deny_chpwd($_SESSION['login_idx'])) {
193	b1fa0a38	Andreas
194	0c545690	Andreas	$sth = $this->db->db_prepare("
195	0c545690	Andreas	UPDATE nephthys_users
196	0c545690	Andreas	SET
197	0c545690	Andreas	user_pass=?
198	0c545690	Andreas	WHERE
199	0c545690	Andreas	user_idx=?
200	0c545690	Andreas	");
201	0c545690	Andreas
202	0c545690	Andreas	$this->db->db_execute($sth, array(
203	0c545690	Andreas	sha1($_POST['user_pass1']),
204	0c545690	Andreas	$_POST['user_idx'],
205	0c545690	Andreas	));
206	0c545690	Andreas	}
207	d8166861	Andreas	}
208	d8166861	Andreas
209	d8166861	Andreas	return "ok";
210	d8166861	Andreas
211	d8166861	Andreas	} // store()
212	d8166861	Andreas
213	d8166861	Andreas	} // class NEPHTHYS_PROFILE
214	d8166861	Andreas
215	b392cb9b	Andreas	// vim: set filetype=php expandtab softtabstop=3 tabstop=3 shiftwidth=3 autoindent smartindent:
216	d8166861	Andreas	?>