/** * Update user profile * * @author Christopher Smith <*****@*****.**> */ function updateprofile() { global $conf; global $INFO; global $lang; global $auth; if (!$auth) { return false; } if (empty($_POST['save'])) { return false; } if (!checkSecurityToken()) { return false; } // should not be able to get here without Profile being possible... if (!$auth->canDo('Profile')) { msg($lang['profna'], -1); return false; } if ($_POST['newpass'] != $_POST['passchk']) { msg($lang['regbadpass'], -1); // complain about misspelled passwords return false; } //clean fullname and email $_POST['fullname'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['fullname'])); $_POST['email'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['email'])); if (empty($_POST['fullname']) && $auth->canDo('modName') || empty($_POST['email']) && $auth->canDo('modMail')) { msg($lang['profnoempty'], -1); return false; } if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')) { msg($lang['regbadmail'], -1); return false; } if ($_POST['fullname'] != $INFO['userinfo']['name'] && $auth->canDo('modName')) { $changes['name'] = $_POST['fullname']; } if ($_POST['email'] != $INFO['userinfo']['mail'] && $auth->canDo('modMail')) { $changes['mail'] = $_POST['email']; } if (!empty($_POST['newpass']) && $auth->canDo('modPass')) { $changes['pass'] = $_POST['newpass']; } if (!count($changes)) { msg($lang['profnochange'], -1); return false; } if ($conf['profileconfirm']) { if (!$auth->checkPass($_SERVER['REMOTE_USER'], $_POST['oldpass'])) { msg($lang['badlogin'], -1); return false; } } if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { // update cookie and session with the changed data $cookie = base64_decode($_COOKIE[DOKU_COOKIE]); list($user, $sticky, $pass) = explode('|', $cookie, 3); if ($changes['pass']) { $pass = PMA_blowfish_encrypt($changes['pass'], auth_cookiesalt()); } auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky); return true; } }
/** * Update user profile * * @author Christopher Smith <*****@*****.**> */ function updateprofile() { global $conf; global $lang; /* @var auth_basic $auth */ global $auth; /* @var Input $INPUT */ global $INPUT; if (!$INPUT->post->bool('save')) { return false; } if (!checkSecurityToken()) { return false; } if (!actionOK('profile')) { msg($lang['profna'], -1); return false; } $changes = array(); $changes['pass'] = $INPUT->post->str('newpass'); $changes['name'] = $INPUT->post->str('fullname'); $changes['mail'] = $INPUT->post->str('email'); // check misspelled passwords if ($changes['pass'] != $INPUT->post->str('passchk')) { msg($lang['regbadpass'], -1); return false; } // clean fullname and email $changes['name'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['name'])); $changes['mail'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['mail'])); // no empty name and email (except the backend doesn't support them) if (empty($changes['name']) && $auth->canDo('modName') || empty($changes['mail']) && $auth->canDo('modMail')) { msg($lang['profnoempty'], -1); return false; } if (!mail_isvalid($changes['mail']) && $auth->canDo('modMail')) { msg($lang['regbadmail'], -1); return false; } $changes = array_filter($changes); // check for unavailable capabilities if (!$auth->canDo('modName')) { unset($changes['name']); } if (!$auth->canDo('modMail')) { unset($changes['mail']); } if (!$auth->canDo('modPass')) { unset($changes['pass']); } // anything to do? if (!count($changes)) { msg($lang['profnochange'], -1); return false; } if ($conf['profileconfirm']) { if (!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { msg($lang['badlogin'], -1); return false; } } if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { // update cookie and session with the changed data if ($changes['pass']) { list(, $sticky, ) = auth_getCookie(); $pass = PMA_blowfish_encrypt($changes['pass'], auth_cookiesalt(!$sticky)); auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky); } return true; } return false; }
/** * Update user profile * * @author Christopher Smith <*****@*****.**> */ function updateprofile() { global $conf; global $lang; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; /* @var Input $INPUT */ global $INPUT; if (!$INPUT->post->bool('save')) { return false; } if (!checkSecurityToken()) { return false; } if (!actionOK('profile')) { msg($lang['profna'], -1); return false; } $changes = array(); $changes['pass'] = $INPUT->post->str('newpass'); $changes['name'] = $INPUT->post->str('fullname'); $changes['mail'] = $INPUT->post->str('email'); // check misspelled passwords if ($changes['pass'] != $INPUT->post->str('passchk')) { msg($lang['regbadpass'], -1); return false; } // clean fullname and email $changes['name'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['name'])); $changes['mail'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['mail'])); // no empty name and email (except the backend doesn't support them) if (empty($changes['name']) && $auth->canDo('modName') || empty($changes['mail']) && $auth->canDo('modMail')) { msg($lang['profnoempty'], -1); return false; } if (!mail_isvalid($changes['mail']) && $auth->canDo('modMail')) { msg($lang['regbadmail'], -1); return false; } $changes = array_filter($changes); // check for unavailable capabilities if (!$auth->canDo('modName')) { unset($changes['name']); } if (!$auth->canDo('modMail')) { unset($changes['mail']); } if (!$auth->canDo('modPass')) { unset($changes['pass']); } // anything to do? if (!count($changes)) { msg($lang['profnochange'], -1); return false; } if ($conf['profileconfirm']) { if (!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } if (!$auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes))) { msg($lang['proffail'], -1); return false; } if ($changes['pass']) { // update cookie and session with the changed data list(, $sticky, ) = auth_getCookie(); $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true)); auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky); } else { // make sure the session is writable @session_start(); // invalidate session cache $_SESSION[DOKU_COOKIE]['auth']['time'] = 0; session_write_close(); } return true; }