114 lines
6.1 KiB
PHP
114 lines
6.1 KiB
PHP
<?php
|
|
/**
|
|
* Project: astat - simple site engine
|
|
* File: usercp.php
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*
|
|
* @link http://www.astat.org SVN: $URL: http://svn.becast.at/astat/trunk/usercp.php $
|
|
* @copyright 2009 becast.at
|
|
* @author Bernhard Jaud <bernhard at becast dot at>
|
|
* @package astat core
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
|
* @version $Id: 1d95225f51779025d8fd4c4571c7ac76dfe8cd63 $
|
|
*/
|
|
|
|
/**
|
|
*Set error_reporting
|
|
*
|
|
*/
|
|
error_reporting(E_ALL ^E_NOTICE);
|
|
$basepath='';
|
|
require_once 'core/init_core.inc.php';
|
|
|
|
/**
|
|
* PLUGIN HOOK usercp_begin
|
|
*
|
|
*/
|
|
$plugin->run_hook('usercp_begin');
|
|
$session->page_begin('usercp', TRUE);
|
|
$emsg=false;
|
|
$cpwd=false;
|
|
If(isset($_POST['submit'])){
|
|
if($_POST['password']!=''){
|
|
$result = $db->query("SELECT `password`,`openid_identity` FROM `" . $config['prefix'] . "users` WHERE `uid`='".$session->userdata['uid']."' LIMIT 1");
|
|
$data=$db->fetch_array($result);
|
|
if((!isset($_POST['oldpassword']) || $_POST['oldpassword']=='') && $data['password']!=''){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('OLDPASSWORDMISSING').'</span><br />';
|
|
}elseif((hash('sha256',$db->escape($_POST['oldpassword']))!=$data['password']) && $data['password']!=''){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('OLDPASSWORDWRONG').'</span><br />';
|
|
}elseif($_POST['password']!=$_POST['cpassword']){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('PASSWORDSNOTMATCH').'</span><br />';
|
|
}elseif(strlen($_POST['password'])<6){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('PASSWORDTOOSHORT').'</span><br />';
|
|
}elseif(strlen($_POST['password'])>20){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('PASSWORDTOOLONG').'</span><br />';
|
|
}
|
|
$loginkey=$session->generate_Key(50);
|
|
$pass =hash('sha256',$db->escape($_POST['password']));
|
|
$pwd=",`password`='".$pass."', `loginkey`='".$loginkey."'";
|
|
}
|
|
if(!preg_match('/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD',$_POST['email'])){
|
|
$emsg.='<span style="color:red; font-weight:bold">'.$lang->_('EMAILINVALID').'</span><br />';
|
|
}
|
|
if(!$emsg){
|
|
$sql="UPDATE `" . $config['prefix'] . "users` SET `openid_identity`='".$db->escape($_POST['openid_identity'])."',`realname`='".$db->escape($_POST['realname'])."',`email`='".$db->escape($_POST['email'])."',`gender`='".$db->escape($_POST['gender'])."',`allow_grimdark`='".intval($_POST['allow_gd'])."',`lang`='".$db->escape($_POST['lang'])."',`from`='".$db->escape($_POST['from'])."',`birthday`='".strtotime($db->escape($_POST['birthday']))."'".$pwd." WHERE `uid`='".$session->userdata['uid']."'";
|
|
$result = $db->query($sql);
|
|
$sdata=array('uid'=>$session->userdata['uid'],'username'=>$session->userdata['username'],'pwd_md5'=>hash('md5',$_POST['password']),'pwd_sha2'=>$pass,'email'=>$db->escape($_POST['email']),'realname'=>$db->escape($_POST['realname']),'gender'=>$db->escape($_POST['gender']),'from'=>$db->escape($_POST['from']),'lang'=>$db->escape($_POST['lang']),'birthday'=>strtotime($db->escape($_POST['birthday'])));
|
|
|
|
|
|
/**
|
|
* PLUGIN HOOK usercp_end
|
|
* gets a array with some Userdata.
|
|
*
|
|
*/
|
|
|
|
$plugin->run_hook('usercp_end',array('sdata'=>$sdata));
|
|
$core->message($lang->_('SUCCESS'),$lang->_('DATASAVED'),TRUE,$config['path'].'/index.php',3);
|
|
|
|
}
|
|
}
|
|
|
|
$meta='<link type="text/css" rel="stylesheet" href="'.$config['path'].'js/calendar/dhtmlgoodies_calendar.css?random=20060118" media="screen"></link>
|
|
<script src="'.$config['path'].'js/calendar/dhtmlgoodies_calendar.js?random=20060118" type="text/javascript">
|
|
</script>';
|
|
$tpl->assign('emsg',$emsg);
|
|
$langs='';
|
|
$data[$session->userdata['gender']]='selected="selected"';
|
|
$ln=$lang->getlanguages();
|
|
|
|
foreach($ln as $d){
|
|
if($d['short']==$session->userdata['lang']){
|
|
|
|
$langs.='<option selected="selected" value="'.$d['short'].'">'.$d['name'].'</option>';
|
|
}else{
|
|
$langs.='<option value="'.$d['short'].'">'.$d['name'].'</option>';
|
|
}
|
|
}
|
|
if($config['use_openid']==1 && $session->userdata['password']==''){
|
|
$tpl->assign('oldpw','disabled="disabled"');
|
|
}
|
|
if($session->userdata['allow_grimdark']==1){
|
|
$tpl->assign('allow_gd','checked="checked"');
|
|
}
|
|
$tpl->assign('connect_openid',$config['use_openid']);
|
|
$tpl->assign('gender',$data);
|
|
$tpl->assign('langs',$langs);
|
|
$tpl->assign('birthday',date('d.m.Y',$session->userdata['birthday']));
|
|
$tpl->assign('data',$session->userdata);
|
|
$content=$tpl->fetch('usercp.tpl');
|
|
$core->make_page($content);
|
|
|
|
?>
|