Файл: Space race/classes/profile.class.php
Строк: 242
<?php
/**
* User profile edit page.
*
*/
include_once(dirname(__FILE__) . '/check.class.php');
include_once(dirname(__FILE__) . '/integration.class.php');
$check = new Check(false);
class Profile extends Generic {
private $settings = array();
private $error;
public $guest;
function __construct() {
/* Prevent guests if the admin hasn't enabled public profiles. */
if ( !parent::getOption('profile-public-enable') )
protect('*');
/* If the admin requires users to update their password. */
if(!empty($_SESSION['starrace']['forcePwUpdate']))
$msg = "<div class='alert alert-warning'>" . _('<strong>ВНИМАНИЕ</strong>: Администратор просит всех пользователей сменить пароли.') . "</div>";
// Save the username
$this->username = !empty($_SESSION['starrace']['username']) ? $_SESSION['starrace']['username'] : _('Guest');
$this->use_emails = parent::getOption('email-as-username-enable');
$this->username_type = ( $this->use_emails ) ? 'email' : 'username';
/* Check if the user is a guest to this profile. */
$this->determineGuest();
// Upload avatar
if (!empty($_FILES['uploadAvatar'])) {
$k = getimagesize($_FILES['uploadAvatar']['tmp_name']);
if (empty($k)) {
$this->error = sprintf('<div class="alert alert-warning">%s</div>', _('Sorry, that file is not accepted.') );
} else {
$uploaddir = dirname(dirname(__FILE__)) . '/assets/uploads/avatar/';
$uploadfile = $uploaddir . md5($_SESSION['starrace']['user_id'] . $_SESSION['starrace']['email']) . '.' . pathinfo($_FILES['uploadAvatar']['name'], PATHINFO_EXTENSION);
if (move_uploaded_file($_FILES['uploadAvatar']['tmp_name'], $uploadfile)) {
$this->error = sprintf('<div class="alert alert-success">%s</div>', _('Аватар успешно изменен!') );
$_SESSION['starrace']['gravatar'] = parent::get_gravatar($_SESSION['starrace']['email'], true, 26);
} else {
$this->error = sprintf('<div class="alert alert-warning">%s</div>', _('Извините, что то не так с файлом аватара.') );
}
}
}
if (!$this->guest && !empty($_POST)) :
$this->retrieveFields();
foreach ($_POST as $field => $value)
$this->settings[$field] = parent::secure($value);
// Validate fields
$this->validate();
// Process form
if(empty($this->error)) $this->process();
endif;
$this->retrieveFields();
if(!$this->guest && isset($_GET['key']) && strlen($_GET['key']) == 32) {
$this->key = parent::secure($_GET['key']);
$this->updateEmailorPw();
$this->retrieveFields();
}
if ( !empty ( $this->error ) || !empty ( $msg ) )
parent::displayMessage( !empty($this->error) ? $this->error : (!empty($msg) ? $msg : ''), false);
}
private function determineGuest() {
if ( !empty($_SESSION['starrace']['user_id']) && empty($_GET['uid']) )
$this->user_id = $_SESSION['starrace']['user_id'];
else if ( !empty($_GET['uid']) )
$this->user_id = (int) $_GET['uid'];
else
$this->user_id = _('Guest');
$this->guest = !( !empty($_SESSION['starrace']['user_id']) && $_SESSION['starrace']['user_id'] == $this->user_id );
}
// Retrieve name, email, user_id
private function retrieveFields() {
$params = array( ':user_id' => $this->user_id );
$stmt = parent::query("SELECT `user_id`, `username`, `name`, `email` FROM `login_users` WHERE `user_id` = :user_id;", $params);
if ( $stmt->rowCount() < 1 ) {
$this->error = sprintf('<div class="alert alert-warning">%s</div>', _('Sorry, that user does not exist.') );
parent::displayMessage($this->error, true);
return false;
}
foreach ($stmt->fetch(PDO::FETCH_ASSOC) as $field => $value) :
$this->settings[$field] = parent::secure($value);
endforeach;
}
// Return a form field
public function getField($field) {
if (!empty($this->settings[$field]))
return $this->settings[$field];
}
// Validate form inputs
private function validate() {
//If demo, check that user being edited isn't any demo user accounts
if($this->is_demo()){
if($this->settings['username'] == 'admin' || $this->settings['username'] == 'special' || $this->settings['username'] == 'user'){
$this->error = '<div class="alert alert-danger">ЗАПРЕЩЕНО.</div>';
return false;
}
}
if(empty($this->settings['CurrentPass'])) {
$this->error = '<div class="alert alert-danger">'._('Вы должны указать текущий пароль.').'</div>';
return false;
}
$params = array( ':username' => $this->username );
$sql = "SELECT `password` FROM `login_users` WHERE $this->username_type = :username;";
$stmt = parent::query( $sql, $params );
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ( !parent::validatePassword($this->settings['CurrentPass'], $row['password']) ) {
$this->error = '<div class="alert alert-danger">'._('Неверно указан текущий пароль.').'</div>';
return false;
}
if (empty($this->settings['name']))
$this->error .= '<div class="alert alert-danger">'._('Нужно указать имя.').'</div>';
if (!parent::isEmail($this->settings['email']))
$this->error .= '<div class="alert alert-danger">'._('Неверно указан email.').'</div>';
if (!empty($this->settings['password'])) {
if ($this->settings['password'] != $this->settings['confirm'])
$this->error .= '<div class="alert alert-danger">'._('Пароли не совпадают.').'</div>';
if (strlen($this->settings['password']) < 5)
$this->error = '<div class="alert alert-danger">'._('Минимальная длина пароля - 5 символов.').'</div>';
}
// Checkbox handling
$sql = "SELECT * FROM `login_profile_fields`;";
$stmt = parent::query($sql);
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) :
$name = 'p-' . $row['id'];
if($row['type'] == 'checkbox')
$this->settings[$name] = !empty($this->settings[$name]) ? 1 :0;
endwhile;
}
/** @todo: This is extremely ugly, needs refractored. */
private function updateEmailorPw() {
$params = array( ':key' => $this->key );
$sql = "SELECT * FROM `login_confirm` WHERE `key` = :key AND `type` = 'update_emailPw';";
$stmt = parent::query($sql, $params);
if ($stmt->rowCount() < 1) {
$this->error = "<div class='alert alert-danger'>Неверная ссылка подтверждения</div>";
return false;
}
$row = $stmt->fetch();
if ( !empty($row['data']) ) :
$params = array(
':password' => $row['data'],
':email' => $row['email'],
':username' => $this->username
);
$sql = "UPDATE `login_users` SET `password` = :password, `email` = :email WHERE $this->username_type = :username;";
else :
$params = array(
':email' => $row['email'],
':username' => $this->username
);
$sql = "UPDATE `login_users` SET `email` = :email WHERE $this->username_type = :username;";
endif;
parent::query($sql, $params);
$params = array( ':key' => $this->key );
parent::query("DELETE FROM `login_confirm` WHERE `key` = :key AND `type` = 'update_emailPw'", $params);
if(!empty($_SESSION['starrace']['forcePwUpdate'])) unset($_SESSION['starrace']['forcePwUpdate']);
$this->error = "<div class='alert alert-success'>Данные успешно изменены.</div>";
$shortcodes = array (
'site_address' => SITE_PATH,
'full_name' => $this->settings['name'],
'username' => $this->username
);
$subj = parent::getOption('email-acct-update-success-subj');
$msg = parent::getOption('email-acct-update-success-msg');
// Send an email with key
if ( !parent::sendEmail($row['email'], $subj, $msg, $shortcodes) )
$this->error = '<div class="alert alert-danger">'._('ОШИБКА. Письмо не отправлено').'</div>';
}
private function process() {
$params = array (
':name' => $this->settings['name'],
':username' => $this->username
);
parent::query("UPDATE `login_users` SET `name` = :name WHERE $this->username_type = :username", $params);
$this->error = "<div class='alert alert-success'>"._('Информация обновлена - ')." <b>".$this->settings['name']."</b> ($this->username).</div>";
$params = array( ':username' => $this->username );
$stmt = parent::query("SELECT `email` FROM `login_users` WHERE $this->username_type = :username;", $params);
$email = $stmt->fetch();
$email = $email[0];
if ( !empty($this->settings['password']) || $this->settings['email'] != $email ) :
$key = md5(uniqid(mt_rand(),true));
$params = array(
':username' => $this->username,
':key' => $key,
':email' => $this->settings['email'],
':type' => 'update_emailPw',
':data' => empty($this->settings['password']) ? '' : parent::hashPassword($this->settings['password'])
);
$sql = "INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`, `data`)
VALUES (:username, :key, :email, :type, :data);";
parent::query($sql, $params);
$shortcodes = array(
'site_address' => SITE_PATH,
'full_name' => $this->settings['name'],
'username' => $this->username,
'confirm' => SITE_PATH . "profile.php?key=$key"
);
$subj = parent::getOption('email-acct-update-subj');
$msg = parent::getOption('email-acct-update-msg');
// Send an email with key
if(!parent::sendEmail($email, $subj, $msg, $shortcodes))
$this->error = '<div class="alert alert-danger">'._('ОШИБКА. Письмо не отправлено.').'</div>';
else
$this->error = "<div class='alert alert-warning'>" . _('Проверьте почту, что бы подтвердить изменения.') . '</div>';
endif;
// Update profile fields
foreach($this->settings as $field => $value) :
if(strstr($field,'p-')) {
$field = str_replace('p-', '', $field);
parent::updateOption($field, $value, true, $this->settings['user_id']);
}
endforeach;
}
}
$profile = new Profile();