function dldc_update_profile(DLDC_User $user, $password)
{
$data = array('email' => trim(Common::getPostString('email')), 'firstname' => trim(Common::getPostString('firstname')), 'lastname' => trim(Common::getPostString('lastname')));
if (!empty($password)) {
if (!DLDC_User::login(dldc_username(), Common::getPostString('password_old'))) {
return dldc_error('You have to supply your current password to change it.');
}
if ($password !== Common::getPostString('password_retype')) {
return dldc_error('You have to retype your new password correctly.');
}
$data['password'] = DLDC_User::hashPassword($password);
dldc_message('Your password has been changed!');
}
$user->saveVars($data);
dldc_message('Information has been saved.');
}
}
if (isset($_GET['login'])) {
$username = trim(Common::getGetString('username'));
if (!strcasecmp($username, 'administrator')) {
# Prevent bruteforcing here, password has to be entered in challenge index.php
dldc_error("The administrator account got disabled for security reasons.");
} elseif (dldc_login($username, Common::getGetString('password'))) {
dldc_message("Welcome back {$username}, you are now authenticated with the service.");
} else {
dldc_error("Wrong username or password.");
}
}
if (dldc_is_logged_in()) {
?>
<h1>Hello <?php
echo dldc_username();
?>
!</h1>
<p>You edit your profile here: <a class="button" href="profile.php">edit profile</a></p>
<p>You can use this button to logout: <a class="button" href="login.php?logout=now">logout</a></p>
<?php
} else {
?>
<h1>Nice to meet you!</h1>
<div>
<form>
<table>
<tr><td>Username</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="password" /></td></tr>
<tr><td colspan="2"><input type="submit" name="login" value="login" /></td></tr>
</table>