function process_first_form()
{
    global $errors;
    $required_fields = array("firstname", "lastname", "email", "password", "passwordagain");
    validate_presences($required_fields);
    //  Limits provided should correspond to the limits set in the sql database
    $fields_with_max_lengths = array("firstname" => 20, "lastname" => 20, "email" => 50, "password" => 20);
    validate_max_lengths($fields_with_max_lengths);
    // Check that password == passwordagain
    matches($_POST['password'], $_POST['passwordagain']);
    // check that email has not already been used
    validate_email($_POST['email']);
    // check that role was checked and value is acceptable
    validate_role($_POST['role-check']);
    if (empty($errors)) {
        // Success outcome:
        // Store values entered and wait for user to submit current form
        //  This uses the current session, session should be
        //  destroyed once the registration process ends :NT
        $_SESSION['firstname'] = $_POST['firstname'];
        $_SESSION["lastname"] = $_POST['lastname'];
        $_SESSION["email"] = $_POST['email'];
        $_SESSION["password"] = $_POST['password'];
        $_SESSION["role"] = $_POST['role-check'];
        $_SESSION['user_details'] = 1;
        //confirm successful outcome in session
    } else {
        // Failure outcome: one or more elements in $errors
        //  Either display messages from $errors here in address.php or
        //  signup.php
        if (!isset($_POST['test'])) {
            //Store what is needed in the session
            $_SESSION['firstname'] = $_POST['firstname'];
            $_SESSION["lastname"] = $_POST['lastname'];
            $_SESSION["email"] = $_POST['email'];
            $_SESSION['errors'] = $errors;
            redirect_to("signup.php");
        }
    }
}
Example #2
0
function useredit($lang, $user_id)
{
    global $system_languages, $supported_roles;
    $is_admin = user_has_role('administrator');
    $is_owner = $user_id == user_profile('id');
    $with_name = true;
    $with_status = ($user_id != 1 and $is_admin);
    $with_delete = ($user_id != 1 and $is_admin and !$is_owner);
    $with_newpassword = false;
    // ($user_id != 1 and $is_owner);
    $with_locale = count($system_languages) > 1 ? true : false;
    $with_role = ($user_id != 1 and $is_admin);
    $with_timezone = ($user_id != 1 and $is_admin);
    $with_website = true;
    $with_info = false;
    $confirmed = false;
    $action = 'init';
    if (isset($_POST['useredit_modify'])) {
        $action = 'modify';
    }
    if ($with_newpassword) {
        if (isset($_POST['useredit_change'])) {
            $action = 'change';
        }
    }
    if ($with_delete) {
        if (isset($_POST['useredit_delete'])) {
            $action = 'delete';
        } else {
            if (isset($_POST['useredit_confirmdelete'])) {
                $action = 'delete';
                $confirmed = true;
            } else {
                if (isset($_POST['useredit_cancel'])) {
                    $action = 'cancel';
                }
            }
        }
    }
    $user_name = $user_mail = $user_locale = $user_timezone = false;
    $user_website = false;
    $user_active = $user_banned = false;
    $user_accessed = false;
    $user_role = false;
    $user_newpassword = false;
    $user_lastname = $user_firstname = false;
    $token = false;
    switch ($action) {
        case 'init':
        case 'reset':
            $r = user_get($user_id);
            if ($r) {
                extract($r);
                /* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
            }
            $user_newpassword = false;
            if ($with_info) {
                $r = user_get_info($user_id);
                if ($r) {
                    extract($r);
                    /* user_lastname, user_firstname */
                }
            }
            if ($with_role) {
                $user_role = user_get_role($user_id);
            }
            break;
        case 'modify':
        case 'change':
        case 'delete':
        case 'cancel':
            if ($with_info) {
                if (isset($_POST['useredit_lastname'])) {
                    $user_lastname = readarg($_POST['useredit_lastname']);
                }
                if (isset($_POST['useredit_firstname'])) {
                    $user_firstname = readarg($_POST['useredit_firstname']);
                }
            }
            if (isset($_POST['useredit_name'])) {
                $user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
            }
            if (isset($_POST['useredit_mail'])) {
                $user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
            }
            if (isset($_POST['useredit_website'])) {
                $user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
            }
            if (isset($_POST['useredit_timezone'])) {
                $user_timezone = readarg($_POST['useredit_timezone']);
            }
            if (isset($_POST['useredit_locale'])) {
                $user_locale = readarg($_POST['useredit_locale']);
            }
            if ($with_role) {
                if (isset($_POST['useredit_role'])) {
                    $user_role = readarg($_POST['useredit_role']);
                }
            }
            if ($with_status) {
                if (isset($_POST['useredit_active'])) {
                    $user_active = readarg($_POST['useredit_active']) == 'on';
                }
                if (isset($_POST['useredit_banned'])) {
                    $user_banned = readarg($_POST['useredit_banned']) == 'on';
                }
                if (isset($_POST['useredit_accessed'])) {
                    $user_accessed = (int) readarg($_POST['useredit_accessed']);
                }
            }
            if ($with_newpassword) {
                if (isset($_POST['useredit_newpassword'])) {
                    $user_newpassword = readarg($_POST['useredit_newpassword']);
                }
            }
            if (isset($_POST['useredit_token'])) {
                $token = readarg($_POST['useredit_token']);
            }
            break;
        default:
            break;
    }
    $bad_token = false;
    $missing_lastname = false;
    $missing_firstname = false;
    $missing_name = false;
    $bad_name = false;
    $duplicated_name = false;
    $missing_mail = false;
    $bad_mail = false;
    $duplicated_mail = false;
    $bad_role = false;
    $bad_website = false;
    $missing_locale = false;
    $bad_locale = false;
    $bad_timezone = false;
    $missing_newpassword = false;
    $bad_newpassword = false;
    $account_modified = false;
    $password_changed = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'modify':
            if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
                $bad_token = true;
            }
            if ($with_info) {
                if (!$user_lastname) {
                    $missing_lastname = true;
                }
                if (!$user_firstname) {
                    $missing_firstname = true;
                }
            }
            if ($with_name and !$user_name) {
                $missing_name = true;
            }
            if ($user_name) {
                if (!validate_user_name($user_name)) {
                    $bad_name = true;
                } else {
                    if (!user_check_name($user_name, $user_id)) {
                        $duplicated_name = true;
                    }
                }
            }
            if (!$user_mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($user_mail)) {
                    $bad_mail = true;
                } else {
                    if (!user_check_mail($user_mail, $user_id)) {
                        $duplicated_mail = true;
                    }
                }
            }
            if ($user_role) {
                foreach ($user_role as $role) {
                    if (!validate_role($role)) {
                        $bad_role = true;
                        break;
                    }
                }
            }
            if ($user_website) {
                if (!validate_website($user_website)) {
                    $bad_website = true;
                } else {
                    $user_website = normalize_website($user_website);
                }
            }
            if ($user_timezone) {
                if (!validate_timezone($user_timezone)) {
                    $bad_timezone = true;
                }
            }
            if ($with_locale and !$user_locale) {
                $missing_locale = true;
            }
            if ($user_locale) {
                if (!validate_locale($user_locale)) {
                    $bad_locale = true;
                }
            }
            break;
        case 'change':
            if (!$user_newpassword) {
                $missing_newpassword = true;
            } else {
                if (!validate_password($user_newpassword)) {
                    $bad_newpassword = true;
                }
            }
            break;
        default:
            break;
    }
    $confirm_delete = false;
    switch ($action) {
        case 'modify':
            if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
                break;
            }
            $r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
            if (!$r) {
                $internal_error = true;
                break;
            }
            if ($is_owner) {
                $_SESSION['user']['name'] = $user_name;
                $_SESSION['user']['mail'] = $user_mail;
                $_SESSION['user']['website'] = $user_website;
                $_SESSION['user']['locale'] = $user_locale;
                $_SESSION['user']['timezone'] = $user_timezone;
            }
            if ($with_info) {
                $r = user_set_info($user_id, $user_lastname, $user_firstname);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
                if ($is_owner) {
                    $_SESSION['user']['lastname'] = $user_lastname;
                    $_SESSION['user']['firstname'] = $user_firstname;
                }
            }
            if ($with_role) {
                $r = user_set_role($user_id, $user_role);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
            }
            if ($with_status) {
                $r = user_set_status($user_id, $user_active, $user_banned);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
            }
            $account_modified = true;
            break;
        case 'change':
            if ($missing_newpassword or $bad_newpassword) {
                break;
            }
            $r = user_set_newpassword($user_id, $user_newpassword);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $password_changed = true;
            break;
        case 'delete':
            if (!$confirmed) {
                $confirm_delete = true;
                break;
            }
            $r = user_delete($user_id);
            if (!$r) {
                $internal_error = true;
                break;
            }
            return false;
        default:
            break;
    }
    $user_newpassword = false;
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    }
    $_SESSION['useredit_token'] = $token = token_id();
    $errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
    $infos = compact('account_modified', 'password_changed');
    $output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
    return $output;
}