function gooleAuthenticate() { // Creating new instance $openid = new LightOpenID(); $openid->identity = 'https://www.google.com/accounts/o8/id'; //setting call back url $openid->returnUrl = CALLBACK_URL; //finding open id end point from google $endpoint = $openid->discover('https://www.google.com/accounts/o8/id'); $fields = '?openid.ns=' . urlencode('http://specs.openid.net/auth/2.0') . '&openid.return_to=' . urlencode($openid->returnUrl) . '&openid.claimed_id=' . urlencode('http://specs.openid.net/auth/2.0/identifier_select') . '&openid.identity=' . urlencode('http://specs.openid.net/auth/2.0/identifier_select') . '&openid.mode=' . urlencode('checkid_setup') . '&openid.ns.ax=' . urlencode('http://openid.net/srv/ax/1.0') . '&openid.ax.mode=' . urlencode('fetch_request') . '&openid.ax.required=' . urlencode('email,firstname,lastname') . '&openid.ax.type.firstname=' . urlencode('http://axschema.org/namePerson/first') . '&openid.ax.type.lastname=' . urlencode('http://axschema.org/namePerson/last') . '&openid.ax.type.email=' . urlencode('http://axschema.org/contact/email'); header('Location: ' . $endpoint . $fields); }
protected function doOpenId($identity) { require "vendor/lightopenid/openid.php"; $openid = new \LightOpenID(Ntentan::$config['application']['domain']); if (!$openid->mode) { $identity = $openid->discover($identity); $openid->identity = $identity; $openid->required = array('contact/email', 'namePerson/first', 'namePerson/last', 'namePerson/friendly'); header('Location: ' . $openid->authUrl()); } elseif ($openid->mode == 'cancel') { return "cancelled"; } else { if ($openid->validate()) { $oidStatus = $openid->getAttributes(); $status = array('email' => $oidStatus['contact/email'], 'firstname' => $oidStatus['namePerson/first'], 'lastname' => $oidStatus['namePerson/last'], 'nickname' => $oidStatus['namePerson/friendly'], 'key' => $oidStatus['contact/email']); return $status; } else { return "failed"; } } }
function settings_post(&$a) { if (!local_user()) { return; } if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { notice(t('Permission denied.') . EOL); return; } $old_page_flags = $a->user['page-flags']; if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; if ($name == "" || $key == "" || $secret == "") { notice(t("Missing some important data!")); } else { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 1 && $a->argv[1] == 'addon') { check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon'); call_hooks('plugin_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] == 'connectors') { check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors'); if (x($_POST, 'imap-submit')) { $mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : ''; $mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : ''; $mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : ''; $mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : ''; $mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : ''; $mail_action = x($_POST, 'mail_action') ? trim($_POST['mail_action']) : ''; $mail_movetofolder = x($_POST, 'mail_movetofolder') ? trim($_POST['mail_movetofolder']) : ''; $mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : ''; $mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : ''; $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (get_config('system', 'dfrn_only')) { $mail_disabled = 1; } if (!$mail_disabled) { $failed = false; $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (!count($r)) { q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user())); } if (strlen($mail_pass)) { $pass = ''; openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']); q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d", dbesc(bin2hex($pass)), intval(local_user())); } $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`action` = %d, `movetofolder` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), intval($mail_action), dbesc($mail_movetofolder), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user())); logger("mail: updating mailaccount. Response: " . print_r($r, true)); $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (count($r)) { $eacct = $r[0]; require_once 'include/email.php'; $mb = construct_mailbox_name($eacct); if (strlen($eacct['server'])) { $dcrpass = ''; openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']); $mbox = email_connect($mb, $mail_user, $dcrpass); unset($dcrpass); if (!$mbox) { $failed = true; notice(t('Failed to connect with email account using the settings provided.') . EOL); } } } if (!$failed) { info(t('Email settings updated.') . EOL); } } } call_hooks('connector_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] === 'features') { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); foreach ($_POST as $k => $v) { if (strpos($k, 'feature_') === 0) { set_pconfig(local_user(), 'feature', substr($k, 8), intval($v) ? 1 : 0); } } info(t('Features updated') . EOL); return; } if ($a->argc > 1 && $a->argv[1] === 'display') { check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->user['theme']; $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $noinfo = x($_POST, 'noinfo') ? intval($_POST['noinfo']) : 0; $infinite_scroll = x($_POST, 'infinite_scroll') ? intval($_POST['infinite_scroll']) : 0; $no_auto_update = x($_POST, 'no_auto_update') ? intval($_POST['no_auto_update']) : 0; $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0; $browser_update = $browser_update * 1000; if ($browser_update < 10000) { $browser_update = 10000; } $itemspage_network = x($_POST, 'itemspage_network') ? intval($_POST['itemspage_network']) : 40; if ($itemspage_network > 100) { $itemspage_network = 100; } $itemspage_mobile_network = x($_POST, 'itemspage_mobile_network') ? intval($_POST['itemspage_mobile_network']) : 20; if ($itemspage_mobile_network > 100) { $itemspage_mobile_network = 100; } if ($mobile_theme !== '') { set_pconfig(local_user(), 'system', 'mobile_theme', $mobile_theme); } set_pconfig(local_user(), 'system', 'update_interval', $browser_update); set_pconfig(local_user(), 'system', 'itemspage_network', $itemspage_network); set_pconfig(local_user(), 'system', 'itemspage_mobile_network', $itemspage_mobile_network); set_pconfig(local_user(), 'system', 'no_smilies', $nosmile); set_pconfig(local_user(), 'system', 'ignore_info', $noinfo); set_pconfig(local_user(), 'system', 'infinite_scroll', $infinite_scroll); set_pconfig(local_user(), 'system', 'no_auto_update', $no_auto_update); if ($theme == $a->user['theme']) { // call theme_post only if theme has not been changed if (($themeconfigfile = get_theme_config_file($theme)) != null) { require_once $themeconfigfile; theme_post($a); } } $r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d", dbesc($theme), intval(local_user())); call_hooks('display_settings_post', $_POST); goaway($a->get_baseurl(true) . '/settings/display'); return; // NOTREACHED } check_form_security_token_redirectOnErr('/settings', 'settings'); if (x($_POST, 'resend_relocate')) { proc_run('php', 'include/notifier.php', 'relocate', local_user()); info(t("Relocate message has been send to your contacts")); goaway($a->get_baseurl(true) . '/settings'); } call_hooks('settings_post', $_POST); if (x($_POST, 'password') || x($_POST, 'confirm')) { $newpass = $_POST['password']; $confirm = $_POST['confirm']; $oldpass = hash('whirlpool', $_POST['opassword']); $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } // check if the old password was supplied correctly before // changing it to the new value $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); if ($oldpass != $r[0]['password']) { notice(t('Wrong password.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d", dbesc($password), intval(local_user())); if ($r) { info(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $email = x($_POST, 'email') ? notags(trim($_POST['email'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $def_gid = x($_POST, 'group-selection') ? intval($_POST['group-selection']) : 0; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0; $old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0; $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0; $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0; $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0; $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0; $email_textonly = $_POST['email_textonly'] == 1 ? 1 : 0; $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } if (x($_POST, 'notify6')) { $notify += intval($_POST['notify6']); } if (x($_POST, 'notify7')) { $notify += intval($_POST['notify7']); } if (x($_POST, 'notify8')) { $notify += intval($_POST['notify8']); } $email_changed = false; $err = ''; $name_change = false; if ($username != $a->user['username']) { $name_change = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; // check for the correct password $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $password = hash('whirlpool', $_POST['mpassword']); if ($password != $r[0]['password']) { $err .= t('Wrong Password') . EOL; $email = $a->user['email']; } // check the email is valid if (!valid_email($email)) { $err .= t(' Not valid email.'); } // ensure new email is not the admin mail //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) { if (x($a->config, 'admin_email')) { $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); if (in_array(strtolower($email), $adminlist)) { $err .= t(' Cannot change to that email.'); $email = $a->user['email']; } } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; $openid = normalise_openid($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) { $tmp_str = $openid; if (strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once 'library/openid.php'; $open_id_obj = new LightOpenID(); $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); } else { $openidserver = ''; } } set_pconfig(local_user(), 'expire', 'items', $expire_items); set_pconfig(local_user(), 'expire', 'notes', $expire_notes); set_pconfig(local_user(), 'expire', 'starred', $expire_starred); set_pconfig(local_user(), 'expire', 'photos', $expire_photos); set_pconfig(local_user(), 'expire', 'network_only', $expire_network_only); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); set_pconfig(local_user(), 'system', 'post_newfriend', $post_newfriend); set_pconfig(local_user(), 'system', 'post_joingroup', $post_joingroup); set_pconfig(local_user(), 'system', 'post_profilechange', $post_profilechange); set_pconfig(local_user(), 'system', 'email_textonly', $email_textonly); if ($page_flags == PAGE_PRVGROUP) { $hidewall = 1; if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) { if ($def_gid) { info(t('Private forum has no privacy permissions. Using default privacy group.') . EOL); $str_group_allow = '<' . $def_gid . '>'; } else { notice(t('Private forum has no privacy permissions and no default privacy group.') . EOL); } } } $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), intval($maxreq), intval($expire), dbesc($openidserver), intval($def_gid), intval($blockwall), intval($hidewall), intval($blocktags), intval($unkmail), intval($cntunkmail), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile`\n\t\tSET `publish` = %d,\n\t\t`name` = '%s',\n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d", intval($publish), dbesc($username), intval($net_publish), intval($hide_friends), intval(local_user())); if ($name_change) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1", dbesc($username), dbesc(datetime_convert()), intval(local_user())); } if ($old_visibility != $net_publish || $page_flags != $old_page_flags) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } } require_once 'include/profile_update.php'; profile_change(); //$_SESSION['theme'] = $theme; if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout // Why? Are we verifying people or email addresses? } goaway($a->get_baseurl(true) . '/settings'); return; // NOTREACHED }
function settings_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { notice(t('Permission denied.') . EOL); return; } if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) { $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl() . "/settings/oauth/"); return; } if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) { $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; if ($name == "" || $key == "" || $secret == "") { notice(t("Missing some important data!")); } else { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl() . "/settings/oauth/"); return; } if ($a->argc > 1 && $a->argv[1] == 'addon') { call_hooks('plugin_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] == 'connectors') { if (x($_POST['imap-submit'])) { $mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : ''; $mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : ''; $mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : ''; $mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : ''; $mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : ''; $mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : ''; $mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : ''; $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (get_config('system', 'dfrn_only')) { $mail_disabled = 1; } if (!$mail_disabled) { $failed = false; $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (!count($r)) { q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user())); } if (strlen($mail_pass)) { $pass = ''; openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']); q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d LIMIT 1", dbesc(bin2hex($pass)), intval(local_user())); } $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d LIMIT 1", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user())); $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (count($r)) { $eacct = $r[0]; require_once 'include/email.php'; $mb = construct_mailbox_name($eacct); if (strlen($eacct['server'])) { $dcrpass = ''; openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']); $mbox = email_connect($mb, $mail_user, $dcrpass); unset($dcrpass); if (!$mbox) { $failed = true; notice(t('Failed to connect with email account using the settings provided.') . EOL); } } } if (!$failed) { info(t('Email settings updated.') . EOL); } } } call_hooks('connector_settings_post', $_POST); return; } call_hooks('settings_post', $_POST); if (x($_POST, 'npassword') || x($_POST, 'confirm')) { $newpass = $_POST['npassword']; $confirm = $_POST['confirm']; $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($password), intval(local_user())); if ($r) { info(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : ''; $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $email = x($_POST, 'email') ? notags(trim($_POST['email'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0; $old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } $email_changed = false; $err = ''; $name_change = false; if ($username != $a->user['username']) { $name_change = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; if (!valid_email($email)) { $err .= t(' Not valid email.'); } if (x($a->config, 'admin_email') && strcasecmp($email, $a->config['admin_email']) == 0) { $err .= t(' Cannot change to that email.'); $email = $a->user['email']; } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) { $tmp_str = $openid; if (strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once 'library/openid.php'; $open_id_obj = new LightOpenID(); $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); } else { $openidserver = ''; } } set_pconfig(local_user(), 'expire', 'items', $expire_items); set_pconfig(local_user(), 'expire', 'notes', $expire_notes); set_pconfig(local_user(), 'expire', 'starred', $expire_starred); set_pconfig(local_user(), 'expire', 'photos', $expire_photos); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), dbesc($theme), intval($maxreq), intval($expire), dbesc($openidserver), intval($blockwall), intval($hidewall), intval($blocktags), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile` \n\t\tSET `publish` = %d, \n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d LIMIT 1", intval($publish), intval($net_publish), intval($hide_friends), intval(local_user())); if ($name_change) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1 LIMIT 1", dbesc($username), dbesc(datetime_convert()), intval(local_user())); } if ($old_visibility != $net_publish) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } } require_once 'include/profile_update.php'; profile_change(); $_SESSION['theme'] = $theme; if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout } goaway($a->get_baseurl() . '/settings'); return; // NOTREACHED }