示例#1
0
文件: auth.php 项目: halfbyte/rugtool
/**
 * Update user profile
 *
 * @author    Christopher Smith <*****@*****.**>
 */
function updateprofile()
{
    global $conf;
    global $INFO;
    global $lang;
    global $auth;
    if (!$auth) {
        return false;
    }
    if (empty($_POST['save'])) {
        return false;
    }
    if (!checkSecurityToken()) {
        return false;
    }
    // should not be able to get here without Profile being possible...
    if (!$auth->canDo('Profile')) {
        msg($lang['profna'], -1);
        return false;
    }
    if ($_POST['newpass'] != $_POST['passchk']) {
        msg($lang['regbadpass'], -1);
        // complain about misspelled passwords
        return false;
    }
    //clean fullname and email
    $_POST['fullname'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['fullname']));
    $_POST['email'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['email']));
    if (empty($_POST['fullname']) && $auth->canDo('modName') || empty($_POST['email']) && $auth->canDo('modMail')) {
        msg($lang['profnoempty'], -1);
        return false;
    }
    if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')) {
        msg($lang['regbadmail'], -1);
        return false;
    }
    if ($_POST['fullname'] != $INFO['userinfo']['name'] && $auth->canDo('modName')) {
        $changes['name'] = $_POST['fullname'];
    }
    if ($_POST['email'] != $INFO['userinfo']['mail'] && $auth->canDo('modMail')) {
        $changes['mail'] = $_POST['email'];
    }
    if (!empty($_POST['newpass']) && $auth->canDo('modPass')) {
        $changes['pass'] = $_POST['newpass'];
    }
    if (!count($changes)) {
        msg($lang['profnochange'], -1);
        return false;
    }
    if ($conf['profileconfirm']) {
        if (!$auth->checkPass($_SERVER['REMOTE_USER'], $_POST['oldpass'])) {
            msg($lang['badlogin'], -1);
            return false;
        }
    }
    if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
        // update cookie and session with the changed data
        $cookie = base64_decode($_COOKIE[DOKU_COOKIE]);
        list($user, $sticky, $pass) = explode('|', $cookie, 3);
        if ($changes['pass']) {
            $pass = PMA_blowfish_encrypt($changes['pass'], auth_cookiesalt());
        }
        auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky);
        return true;
    }
}
示例#2
0
/**
 * Update user profile
 *
 * @author    Christopher Smith <*****@*****.**>
 */
function updateprofile()
{
    global $conf;
    global $lang;
    /* @var auth_basic $auth */
    global $auth;
    /* @var Input $INPUT */
    global $INPUT;
    if (!$INPUT->post->bool('save')) {
        return false;
    }
    if (!checkSecurityToken()) {
        return false;
    }
    if (!actionOK('profile')) {
        msg($lang['profna'], -1);
        return false;
    }
    $changes = array();
    $changes['pass'] = $INPUT->post->str('newpass');
    $changes['name'] = $INPUT->post->str('fullname');
    $changes['mail'] = $INPUT->post->str('email');
    // check misspelled passwords
    if ($changes['pass'] != $INPUT->post->str('passchk')) {
        msg($lang['regbadpass'], -1);
        return false;
    }
    // clean fullname and email
    $changes['name'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['name']));
    $changes['mail'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['mail']));
    // no empty name and email (except the backend doesn't support them)
    if (empty($changes['name']) && $auth->canDo('modName') || empty($changes['mail']) && $auth->canDo('modMail')) {
        msg($lang['profnoempty'], -1);
        return false;
    }
    if (!mail_isvalid($changes['mail']) && $auth->canDo('modMail')) {
        msg($lang['regbadmail'], -1);
        return false;
    }
    $changes = array_filter($changes);
    // check for unavailable capabilities
    if (!$auth->canDo('modName')) {
        unset($changes['name']);
    }
    if (!$auth->canDo('modMail')) {
        unset($changes['mail']);
    }
    if (!$auth->canDo('modPass')) {
        unset($changes['pass']);
    }
    // anything to do?
    if (!count($changes)) {
        msg($lang['profnochange'], -1);
        return false;
    }
    if ($conf['profileconfirm']) {
        if (!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
            msg($lang['badlogin'], -1);
            return false;
        }
    }
    if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
        // update cookie and session with the changed data
        if ($changes['pass']) {
            list(, $sticky, ) = auth_getCookie();
            $pass = PMA_blowfish_encrypt($changes['pass'], auth_cookiesalt(!$sticky));
            auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky);
        }
        return true;
    }
    return false;
}
示例#3
0
/**
 * Update user profile
 *
 * @author    Christopher Smith <*****@*****.**>
 */
function updateprofile()
{
    global $conf;
    global $lang;
    /* @var DokuWiki_Auth_Plugin $auth */
    global $auth;
    /* @var Input $INPUT */
    global $INPUT;
    if (!$INPUT->post->bool('save')) {
        return false;
    }
    if (!checkSecurityToken()) {
        return false;
    }
    if (!actionOK('profile')) {
        msg($lang['profna'], -1);
        return false;
    }
    $changes = array();
    $changes['pass'] = $INPUT->post->str('newpass');
    $changes['name'] = $INPUT->post->str('fullname');
    $changes['mail'] = $INPUT->post->str('email');
    // check misspelled passwords
    if ($changes['pass'] != $INPUT->post->str('passchk')) {
        msg($lang['regbadpass'], -1);
        return false;
    }
    // clean fullname and email
    $changes['name'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['name']));
    $changes['mail'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['mail']));
    // no empty name and email (except the backend doesn't support them)
    if (empty($changes['name']) && $auth->canDo('modName') || empty($changes['mail']) && $auth->canDo('modMail')) {
        msg($lang['profnoempty'], -1);
        return false;
    }
    if (!mail_isvalid($changes['mail']) && $auth->canDo('modMail')) {
        msg($lang['regbadmail'], -1);
        return false;
    }
    $changes = array_filter($changes);
    // check for unavailable capabilities
    if (!$auth->canDo('modName')) {
        unset($changes['name']);
    }
    if (!$auth->canDo('modMail')) {
        unset($changes['mail']);
    }
    if (!$auth->canDo('modPass')) {
        unset($changes['pass']);
    }
    // anything to do?
    if (!count($changes)) {
        msg($lang['profnochange'], -1);
        return false;
    }
    if ($conf['profileconfirm']) {
        if (!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
            msg($lang['badpassconfirm'], -1);
            return false;
        }
    }
    if (!$auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes))) {
        msg($lang['proffail'], -1);
        return false;
    }
    if ($changes['pass']) {
        // update cookie and session with the changed data
        list(, $sticky, ) = auth_getCookie();
        $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true));
        auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky);
    } else {
        // make sure the session is writable
        @session_start();
        // invalidate session cache
        $_SESSION[DOKU_COOKIE]['auth']['time'] = 0;
        session_write_close();
    }
    return true;
}