testing/MCTXWeb/public_html/users/user_settings.php

   1 <?php\r
   2 /*\r
   3 UserCake Version: 2.0.2\r
   4 http://usercake.com\r
   5 */\r
   6 \r
   7 require_once("models/config.php");\r
   8 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
   9 \r
  10 //Prevent the user visiting the logged in page if he is not logged in\r
  11 if(!isUserLoggedIn()) { header("Location: login.php"); die(); }\r
  12 \r
  13 if(!empty($_POST))\r
  14 {\r
  15         $errors = array();\r
  16         $successes = array();\r
  17         $password = $_POST["password"];\r
  18         $password_new = $_POST["passwordc"];\r
  19         $password_confirm = $_POST["passwordcheck"];\r
  20         \r
  21         $errors = array();\r
  22         $email = $_POST["email"];\r
  23         \r
  24         //Perform some validation\r
  25         //Feel free to edit / change as required\r
  26         \r
  27         //Confirm the hashes match before updating a users password\r
  28         $entered_pass = generateHash($password,$loggedInUser->hash_pw);\r
  29         \r
  30         if (trim($password) == ""){\r
  31                 $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
  32         }\r
  33         else if($entered_pass != $loggedInUser->hash_pw)\r
  34         {\r
  35                 //No match\r
  36                 $errors[] = lang("ACCOUNT_PASSWORD_INVALID");\r
  37         }       \r
  38         if($email != $loggedInUser->email)\r
  39         {\r
  40                 if(trim($email) == "")\r
  41                 {\r
  42                         $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
  43                 }\r
  44                 else if(!isValidEmail($email))\r
  45                 {\r
  46                         $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
  47                 }\r
  48                 else if(emailExists($email))\r
  49                 {\r
  50                         $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));        \r
  51                 }\r
  52                 \r
  53                 //End data validation\r
  54                 if(count($errors) == 0)\r
  55                 {\r
  56                         $loggedInUser->updateEmail($email);\r
  57                         $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
  58                 }\r
  59         }\r
  60         \r
  61         if ($password_new != "" OR $password_confirm != "")\r
  62         {\r
  63                 if(trim($password_new) == "")\r
  64                 {\r
  65                         $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
  66                 }\r
  67                 else if(trim($password_confirm) == "")\r
  68                 {\r
  69                         $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
  70                 }\r
  71                 else if(minMaxRange(8,50,$password_new))\r
  72                 {       \r
  73                         $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50));\r
  74                 }\r
  75                 else if($password_new != $password_confirm)\r
  76                 {\r
  77                         $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
  78                 }\r
  79                 \r
  80                 //End data validation\r
  81                 if(count($errors) == 0)\r
  82                 {\r
  83                         //Also prevent updating if someone attempts to update with the same password\r
  84                         $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
  85                         \r
  86                         if($entered_pass_new == $loggedInUser->hash_pw)\r
  87                         {\r
  88                                 //Don't update, this fool is trying to update with the same password Â¬Â¬\r
  89                                 $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
  90                         }\r
  91                         else\r
  92                         {\r
  93                                 //This function will create the new hash and update the hash_pw property.\r
  94                                 $loggedInUser->updatePassword($password_new);\r
  95                                 $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
  96                         }\r
  97                 }\r
  98         }\r
  99         if(count($errors) == 0 AND count($successes) == 0){\r
 100                 $errors[] = lang("NOTHING_TO_UPDATE");\r
 101         }\r
 102 }\r
 103 \r
 104 require_once("models/header.php");\r
 105 echo "\r
 106 <body>\r
 107 <div id='wrapper'>\r
 108 <div id='top'><div id='logo'></div></div>\r
 109 <div id='content'>\r
 110 <h1>UserCake</h1>\r
 111 <h2>User Settings</h2>\r
 112 <div id='left-nav'>";\r
 113 include("left-nav.php");\r
 114 \r
 115 echo "\r
 116 </div>\r
 117 <div id='main'>";\r
 118 \r
 119 echo resultBlock($errors,$successes);\r
 120 \r
 121 echo "\r
 122 <div id='regbox'>\r
 123 <form name='updateAccount' action='".$_SERVER['PHP_SELF']."' method='post'>\r
 124 <p>\r
 125 <label>Password:</label>\r
 126 <input type='password' name='password' />\r
 127 </p>\r
 128 <p>\r
 129 <label>Email:</label>\r
 130 <input type='text' name='email' value='".$loggedInUser->email."' />\r
 131 </p>\r
 132 <p>\r
 133 <label>New Pass:</label>\r
 134 <input type='password' name='passwordc' />\r
 135 </p>\r
 136 <p>\r
 137 <label>Confirm Pass:</label>\r
 138 <input type='password' name='passwordcheck' />\r
 139 </p>\r
 140 <p>\r
 141 <label>&nbsp;</label>\r
 142 <input type='submit' value='Update' class='submit' />\r
 143 </p>\r
 144 </form>\r
 145 </div>\r
 146 </div>\r
 147 <div id='bottom'></div>\r
 148 </div>\r
 149 </body>\r
 150 </html>";\r
 151 \r
 152 ?>\r