CS: tab2spaces
This commit is contained in:
Christian Weiske
parent
da38761814
commit
8258c39e54
136
www/profile.php
136
www/profile.php
@ -45,24 +45,24 @@ isset($_SESSION['token_stamp']) ? define('SESSION_TOKENSTAMP', $_SESSION['token_
|
|||||||
@list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
@list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
||||||
|
|
||||||
if ($user) {
|
if ($user) {
|
||||||
|
|
||||||
if (is_int($user)) {
|
if (is_int($user)) {
|
||||||
$userid = intval($user);
|
$userid = intval($user);
|
||||||
} else {
|
} else {
|
||||||
$user = urldecode($user);
|
$user = urldecode($user);
|
||||||
$userinfo = $userservice->getObjectUserByUsername($user);
|
$userinfo = $userservice->getObjectUserByUsername($user);
|
||||||
if ($userinfo == NULL) {
|
if ($userinfo == NULL) {
|
||||||
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
|
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
|
||||||
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
||||||
exit();
|
exit();
|
||||||
} else {
|
} else {
|
||||||
$userid = $userinfo->getId();
|
$userid = $userinfo->getId();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$tplVars['error'] = T_('Username was not specified');
|
$tplVars['error'] = T_('Username was not specified');
|
||||||
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
$tplVars['privateKeyIsEnabled'] = '';
|
$tplVars['privateKeyIsEnabled'] = '';
|
||||||
@ -92,54 +92,54 @@ if (POST_SUBMITTEDPK!='' && $currentUser->getId() == $userid) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) {
|
if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) {
|
||||||
$error = false;
|
$error = false;
|
||||||
$detPass = trim(POST_PASS);
|
$detPass = trim(POST_PASS);
|
||||||
$detPassConf = trim(POST_PASSCONF);
|
$detPassConf = trim(POST_PASSCONF);
|
||||||
$detName = trim(POST_NAME);
|
$detName = trim(POST_NAME);
|
||||||
$detPrivateKey = trim(POST_PRIVATEKEY);
|
$detPrivateKey = trim(POST_PRIVATEKEY);
|
||||||
$detEnablePrivateKey = trim(POST_ENABLEPRIVATEKEY);
|
$detEnablePrivateKey = trim(POST_ENABLEPRIVATEKEY);
|
||||||
$detMail = trim(POST_MAIL);
|
$detMail = trim(POST_MAIL);
|
||||||
$detPage = trim(POST_PAGE);
|
$detPage = trim(POST_PAGE);
|
||||||
$detDesc = filter(POST_DESC);
|
$detDesc = filter(POST_DESC);
|
||||||
|
|
||||||
// manage token preventing from CSRF vulnaribilities
|
// manage token preventing from CSRF vulnaribilities
|
||||||
if ( SESSION_TOKEN == ''
|
if ( SESSION_TOKEN == ''
|
||||||
|| time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal
|
|| time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal
|
||||||
|| SESSION_TOKEN != POST_TOKEN) {
|
|| SESSION_TOKEN != POST_TOKEN) {
|
||||||
$error = true;
|
$error = true;
|
||||||
$tplVars['error'] = T_('Invalid Token');
|
$tplVars['error'] = T_('Invalid Token');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($detPass != $detPassConf) {
|
if ($detPass != $detPassConf) {
|
||||||
$error = true;
|
$error = true;
|
||||||
$tplVars['error'] = T_('Password and confirmation do not match.');
|
$tplVars['error'] = T_('Password and confirmation do not match.');
|
||||||
}
|
}
|
||||||
if ($detPass != "" && strlen($detPass) < 6) {
|
if ($detPass != "" && strlen($detPass) < 6) {
|
||||||
$error = true;
|
$error = true;
|
||||||
$tplVars['error'] = T_('Password must be at least 6 characters long.');
|
$tplVars['error'] = T_('Password must be at least 6 characters long.');
|
||||||
}
|
}
|
||||||
if (!$userservice->isValidEmail($detMail)) {
|
if (!$userservice->isValidEmail($detMail)) {
|
||||||
$error = true;
|
$error = true;
|
||||||
$tplVars['error'] = T_('E-mail address is not valid.');
|
$tplVars['error'] = T_('E-mail address is not valid.');
|
||||||
}
|
}
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc, $detPrivateKey, $detEnablePrivateKey)) {
|
if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc, $detPrivateKey, $detEnablePrivateKey)) {
|
||||||
$tplVars['error'] = T_('An error occurred while saving your changes.');
|
$tplVars['error'] = T_('An error occurred while saving your changes.');
|
||||||
} else {
|
} else {
|
||||||
$tplVars['msg'] = T_('Changes saved.');
|
$tplVars['msg'] = T_('Changes saved.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$userinfo = $userservice->getObjectUserByUsername($user);
|
$userinfo = $userservice->getObjectUserByUsername($user);
|
||||||
$tplVars['privateKey'] = $userinfo->getPrivateKey(true);
|
$tplVars['privateKey'] = $userinfo->getPrivateKey(true);
|
||||||
if ($userservice->isPrivateKeyValid($userinfo->getPrivateKey())) {
|
if ($userservice->isPrivateKeyValid($userinfo->getPrivateKey())) {
|
||||||
$tplVars['privateKeyIsEnabled'] = 'checked="checked"';
|
$tplVars['privateKeyIsEnabled'] = 'checked="checked"';
|
||||||
} else {
|
} else {
|
||||||
$tplVars['privateKeyIsEnabled'] = '';
|
$tplVars['privateKeyIsEnabled'] = '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
|
if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
|
||||||
$templatename = 'profile.tpl.php';
|
$templatename = 'profile.tpl.php';
|
||||||
} else {
|
} else {
|
||||||
$scert = SemanticScuttle_Service_Factory::get('User_SslClientCert');
|
$scert = SemanticScuttle_Service_Factory::get('User_SslClientCert');
|
||||||
|
|
||||||
@ -170,17 +170,17 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//Token Init
|
//Token Init
|
||||||
$_SESSION['token'] = md5(uniqid(rand(), true));
|
$_SESSION['token'] = md5(uniqid(rand(), true));
|
||||||
$_SESSION['token_stamp'] = time();
|
$_SESSION['token_stamp'] = time();
|
||||||
|
|
||||||
$templatename = 'editprofile.tpl.php';
|
$templatename = 'editprofile.tpl.php';
|
||||||
|
|
||||||
$tplVars['formaction'] = createURL('profile', $user);
|
$tplVars['formaction'] = createURL('profile', $user);
|
||||||
$tplVars['token'] = $_SESSION['token'];
|
$tplVars['token'] = $_SESSION['token'];
|
||||||
|
|
||||||
$tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId());
|
$tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId());
|
||||||
$tplVars['currentCert'] = null;
|
$tplVars['currentCert'] = null;
|
||||||
if ($scert->hasValidCert()) {
|
if ($scert->hasValidCert()) {
|
||||||
$tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert();
|
$tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert();
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user