/** * Modificación perfil de usuario. * Metodo Obsoleto porque esto lo hacen en el dashboard */ public function edit() { $user = $_SESSION['user']; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); // E-mail if ($_POST['change_email']) { if (empty($_POST['user_nemail'])) { $errors['email'] = Text::get('error-user-email-empty'); } elseif (!\Goteo\Library\Check::mail($_POST['user_nemail'])) { $errors['email'] = Text::get('error-user-email-invalid'); } elseif (empty($_POST['user_remail'])) { $errors['email']['retry'] = Text::get('error-user-email-empty'); } elseif (strcmp($_POST['user_nemail'], $_POST['user_remail']) !== 0) { $errors['email']['retry'] = Text::get('error-user-email-confirm'); } else { $user->email = $_POST['user_nemail']; } } // Contraseña if ($_POST['change_password']) { /* * Quitamos esta verificacion porque los usuarios que acceden mediante servicio no tienen contraseña * if(empty($_POST['user_password'])) { $errors['password'] = Text::get('error-user-password-empty'); } else */ if (!Model\User::login($user->id, $_POST['user_password'])) { $errors['password'] = Text::get('error-user-wrong-password'); } elseif (empty($_POST['user_npassword'])) { $errors['password']['new'] = Text::get('error-user-password-empty'); } elseif (!\Goteo\Library\Check::password($_POST['user_npassword'])) { $errors['password']['new'] = Text::get('error-user-password-invalid'); } elseif (empty($_POST['user_rpassword'])) { $errors['password']['retry'] = Text::get('error-user-password-empty'); } elseif (strcmp($_POST['user_npassword'], $_POST['user_rpassword']) !== 0) { $errors['password']['retry'] = Text::get('error-user-password-confirm'); } else { $user->password = $_POST['user_npassword']; } } // Avatar if (!empty($_FILES['user_avatar']['name'])) { $user->avatar = $_FILES['user_avatar']; } // tratar si quitan la imagen if (!empty($_POST['avatar-' . $user->avatar->id . '-remove'])) { $user->avatar->remove('user'); $user->avatar = ''; } // Perfil público $user->name = $_POST['user_name']; $user->about = $_POST['user_about']; $user->keywords = $_POST['user_keywords']; $user->contribution = $_POST['user_contribution']; $user->twitter = $_POST['user_twitter']; $user->facebook = $_POST['user_facebook']; $user->linkedin = $_POST['user_linkedin']; // Intereses $user->interests = $_POST['user_interests']; // Páginas Web if (!empty($_POST['user_webs']['remove'])) { $user->webs = array('remove' => $_POST['user_webs']['remove']); } elseif (!empty($_POST['user_webs']['add']) && !empty($_POST['user_webs']['add'][0])) { $user->webs = array('add' => $_POST['user_webs']['add']); } else { $user->webs = array('edit', $_POST['user_webs']['edit']); } if ($user->save($errors)) { // Refresca la sesión. $user = Model\User::flush(); if (isset($_POST['save'])) { throw new Redirection('/dashboard'); } else { throw new Redirection('/user/edit'); } } } return new View('view/user/edit.html.php', array('user' => $user, 'errors' => $errors)); }
/** * Este método actualiza directamente los campos de email y contraseña de un usuario (para gestión de superadmin) */ public function update(&$errors = array()) { if (!empty($this->password)) { if (!Check::password($this->password)) { $errors['password'] = Text::get('error-user-password-invalid'); } } if (!empty($this->email)) { if (!Check::mail($this->email)) { $errors['email'] = Text::get('error-user-email-invalid'); } else { $query = self::query('SELECT id FROM user WHERE email = ?', array($this->email)); if ($found = $query->fetchColumn()) { if ($this->id !== $found) { $errors['email'] = Text::get('error-user-email-exists'); } } } } if (!empty($errors['email']) || !empty($errors['password'])) { return false; } $set = ''; $values = array(':id' => $this->id); if (!empty($this->email)) { if ($set != '') { $set .= ", "; } $set .= "`email` = :email "; $values[":email"] = $this->email; } if (!empty($this->password)) { if ($set != '') { $set .= ", "; } $set .= "`password` = :password "; $values[":password"] = version_compare(phpversion(), '5.5.0', '>=') ? password_hash($this->password, PASSWORD_BCRYPT) : crypt($this->password); } if ($set == '') { return false; } try { $sql = "UPDATE user SET " . $set . " WHERE id = :id"; self::query($sql, $values); return true; } catch (\PDOException $e) { $errors[] = Text::_("No se ha guardado correctamente. ") . $e->getMessage(); return false; } }
/** * Cambio de email / contraseña * * @param object $user instancia de Model\User (por referencia) * @param array $errors (por referencia) * @param string $log_action (por referencia) * @return boolean si se guarda bien */ public static function process_access(&$user, &$errors, &$log_action) { // E-mail if (!empty($_POST['user_nemail']) || !empty($_POST['user_remail'])) { if (empty($_POST['user_nemail'])) { $errors['email'] = Text::get('error-user-email-empty'); } elseif (!\Goteo\Library\Check::mail($_POST['user_nemail'])) { $errors['email'] = Text::get('error-user-email-invalid'); } elseif (empty($_POST['user_remail'])) { $errors['email_retry'] = Text::get('error-user-email-empty'); } elseif (strcmp($_POST['user_nemail'], $_POST['user_remail']) !== 0) { $errors['email_retry'] = Text::get('error-user-email-confirm'); } else { $user->email = $_POST['user_nemail']; unset($_POST['user_nemail']); unset($_POST['user_remail']); Message::Info(Text::get('user-email-change-sended')); $log_action = 'Cambiado su email'; //feed admin } } // Contraseña if (!empty($_POST['user_npassword']) || !empty($_POST['user_rpassword'])) { // No verificamos la contraseña actual (ni en recover ni en normal) porque los usuarios que acceden mediante servicio no tienen contraseña if (empty($_POST['user_npassword'])) { $errors['password_new'] = Text::get('error-user-password-empty'); } elseif (!\Goteo\Library\Check::password($_POST['user_npassword'])) { $errors['password_new'] = Text::get('error-user-password-invalid'); } elseif (empty($_POST['user_rpassword'])) { $errors['password_retry'] = Text::get('error-user-password-empty'); } elseif (strcmp($_POST['user_npassword'], $_POST['user_rpassword']) !== 0) { $errors['password_retry'] = Text::get('error-user-password-confirm'); } else { $user->password = $_POST['user_npassword']; unset($_POST['user_password']); unset($_POST['user_npassword']); unset($_POST['user_rpassword']); Message::Info(Text::get('user-password-changed')); $log_action = 'Cambiado su contraseña'; //feed admin } } if (empty($errors) && $user->save($errors)) { // Refresca la sesión. $user = Model\User::flush(); if (isset($_SESSION['recovering'])) { unset($_SESSION['recovering']); } return true; } else { Message::Error(Text::get('user-save-fail')); $log_action = '¡ERROR! al cambiar email/contraseña'; //feed admin return false; } }