191 lines
7.4 KiB
PHP
191 lines
7.4 KiB
PHP
<?php
|
|
/***************************************************************************
|
|
Copyright (C) 2004 - 2006 Scuttle project
|
|
http://sourceforge.net/projects/scuttle/
|
|
http://scuttle.org/
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
***************************************************************************/
|
|
|
|
require_once 'www-header.php';
|
|
|
|
/* Service creation: only useful services are created */
|
|
// No specific services
|
|
$tplVars['loadjs'] = true;
|
|
|
|
/* Managing all possible inputs */
|
|
isset($_POST['submittedPK']) ? define('POST_SUBMITTEDPK', $_POST['submittedPK']): define('POST_SUBMITTEDPK', '');
|
|
isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
|
|
isset($_POST['pPass']) ? define('POST_PASS', $_POST['pPass']): define('POST_PASS', '');
|
|
isset($_POST['pPassConf']) ? define('POST_PASSCONF', $_POST['pPassConf']): define('POST_PASSCONF', '');
|
|
isset($_POST['pName']) ? define('POST_NAME', $_POST['pName']): define('POST_NAME', '');
|
|
isset($_POST['pPrivateKey']) ? define('POST_PRIVATEKEY', $_POST['pPrivateKey']): define('POST_PRIVATEKEY', '');
|
|
isset($_POST['pEnablePrivateKey']) ? define('POST_ENABLEPRIVATEKEY', $_POST['pEnablePrivateKey']): define('POST_ENABLEPRIVATEKEY', '');
|
|
isset($_POST['pMail']) ? define('POST_MAIL', $_POST['pMail']): define('POST_MAIL', '');
|
|
isset($_POST['pPage']) ? define('POST_PAGE', $_POST['pPage']): define('POST_PAGE', '');
|
|
isset($_POST['pDesc']) ? define('POST_DESC', $_POST['pDesc']): define('POST_DESC', '');
|
|
|
|
isset($_POST['token']) ? define('POST_TOKEN', $_POST['token']): define('POST_TOKEN', '');
|
|
isset($_SESSION['token']) ? define('SESSION_TOKEN', $_SESSION['token']): define('SESSION_TOKEN', '');
|
|
isset($_SESSION['token_stamp']) ? define('SESSION_TOKENSTAMP', $_SESSION['token_stamp']): define('SESSION_TOKENSTAMP', '');
|
|
|
|
|
|
@list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
|
|
|
if ($user) {
|
|
|
|
if (is_int($user)) {
|
|
$userid = intval($user);
|
|
} else {
|
|
$user = urldecode($user);
|
|
$userinfo = $userservice->getObjectUserByUsername($user);
|
|
if ($userinfo == NULL) {
|
|
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
|
|
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
|
exit();
|
|
} else {
|
|
$userid = $userinfo->getId();
|
|
}
|
|
}
|
|
} else {
|
|
$tplVars['error'] = T_('Username was not specified');
|
|
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
|
exit();
|
|
}
|
|
|
|
$tplVars['privateKeyIsEnabled'] = '';
|
|
if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) {
|
|
$title = T_('My Profile');
|
|
$tplVars['privateKey'] = $currentUser->getPrivateKey(true);
|
|
|
|
if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
|
|
$tplVars['privateKeyIsEnabled'] = 'checked="checked"';
|
|
} else {
|
|
$tplVars['privateKeyIsEnabled'] = '';
|
|
}
|
|
} else {
|
|
$title = T_('Profile') .': '. $user;
|
|
$tplVars['privateKey'] = '';
|
|
}
|
|
$tplVars['pagetitle'] = $title;
|
|
$tplVars['subtitle'] = $title;
|
|
|
|
$tplVars['user'] = $user;
|
|
$tplVars['userid'] = $userid;
|
|
|
|
/* Update Private Key */
|
|
if (POST_SUBMITTEDPK!='' && $currentUser->getId() == $userid) {
|
|
$userinfo = $userservice->getObjectUserByUsername($user);
|
|
$tplVars['privateKey'] = $userservice->getNewPrivateKey();
|
|
}
|
|
|
|
if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) {
|
|
$error = false;
|
|
$detPass = trim(POST_PASS);
|
|
$detPassConf = trim(POST_PASSCONF);
|
|
$detName = trim(POST_NAME);
|
|
$detPrivateKey = trim(POST_PRIVATEKEY);
|
|
$detEnablePrivateKey = trim(POST_ENABLEPRIVATEKEY);
|
|
$detMail = trim(POST_MAIL);
|
|
$detPage = trim(POST_PAGE);
|
|
$detDesc = filter(POST_DESC);
|
|
|
|
// manage token preventing from CSRF vulnaribilities
|
|
if ( SESSION_TOKEN == ''
|
|
|| time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal
|
|
|| SESSION_TOKEN != POST_TOKEN) {
|
|
$error = true;
|
|
$tplVars['error'] = T_('Invalid Token');
|
|
}
|
|
|
|
if ($detPass != $detPassConf) {
|
|
$error = true;
|
|
$tplVars['error'] = T_('Password and confirmation do not match.');
|
|
}
|
|
if ($detPass != "" && strlen($detPass) < 6) {
|
|
$error = true;
|
|
$tplVars['error'] = T_('Password must be at least 6 characters long.');
|
|
}
|
|
if (!$userservice->isValidEmail($detMail)) {
|
|
$error = true;
|
|
$tplVars['error'] = T_('E-mail address is not valid.');
|
|
}
|
|
if (!$error) {
|
|
if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc, $detPrivateKey, $detEnablePrivateKey)) {
|
|
$tplVars['error'] = T_('An error occurred while saving your changes.');
|
|
} else {
|
|
$tplVars['msg'] = T_('Changes saved.');
|
|
}
|
|
}
|
|
$userinfo = $userservice->getObjectUserByUsername($user);
|
|
$tplVars['privateKey'] = $userinfo->getPrivateKey(true);
|
|
if ($userservice->isPrivateKeyValid($userinfo->getPrivateKey())) {
|
|
$tplVars['privateKeyIsEnabled'] = 'checked="checked"';
|
|
} else {
|
|
$tplVars['privateKeyIsEnabled'] = '';
|
|
}
|
|
}
|
|
|
|
if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
|
|
$templatename = 'profile.tpl.php';
|
|
} else {
|
|
$scert = SemanticScuttle_Service_Factory::get('User_SslClientCert');
|
|
|
|
if (isset($_POST['action']) && $_POST['action'] == 'registerCurrentCert') {
|
|
if (!$scert->hasValidCert()) {
|
|
$tplVars['error'] = T_('You do not have a valid SSL client certificate');
|
|
} else if (false !== $scert->getUserIdFromCert()) {
|
|
$tplVars['error'] = T_('This certificate is already registered');
|
|
} else if (false === $scert->registerCurrentCertificate($currentUser->getId())) {
|
|
$tplVars['error'] = T_('Failed to register SSL client certificate.');
|
|
} else {
|
|
$tplVars['msg'] = T_('SSL client certificate registered.');
|
|
}
|
|
} else if (isset($_POST['action']) && $_POST['action'] == 'deleteClientCert'
|
|
&& isset($_POST['certId'])
|
|
) {
|
|
$certId = (int)$_POST['certId'];
|
|
$cert = $scert->getCert($certId);
|
|
|
|
if ($cert === null) {
|
|
$tplVars['error'] = T_('Certificate not found.');
|
|
} else if ($cert->uId != $currentUser->getId()) {
|
|
$tplVars['error'] = T_('The certificate does not belong to you.');
|
|
} else if (false === $scert->delete($certId)) {
|
|
$tplVars['error'] = T_('Failed to delete SSL client certificate.');
|
|
} else {
|
|
$tplVars['msg'] = T_('SSL client certificate deleted.');
|
|
}
|
|
}
|
|
|
|
//Token Init
|
|
$_SESSION['token'] = md5(uniqid(rand(), true));
|
|
$_SESSION['token_stamp'] = time();
|
|
|
|
$templatename = 'editprofile.tpl.php';
|
|
|
|
$tplVars['formaction'] = createURL('profile', $user);
|
|
$tplVars['token'] = $_SESSION['token'];
|
|
|
|
$tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId());
|
|
$tplVars['currentCert'] = null;
|
|
if ($scert->hasValidCert()) {
|
|
$tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert();
|
|
}
|
|
}
|
|
|
|
$tplVars['objectUser'] = $userinfo;
|
|
$templateservice->loadTemplate($templatename, $tplVars);
|
|
?>
|