https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix DB_MySQL_PDO::escape_binary().
[bugdar.git] / userctrl.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar
5 || # Copyright (c)2002-2007 Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $fetchtemplates = array(
23 'userctrl',
24 'userctrl_column',
25 'userctrl_search'
26 );
27
28
29 $focus['user'] = 'focus';
30
31 require_once('./global.php');
32 require_once('./includes/class_api_error.php');
33 require_once('./includes/api_user.php');
34
35 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
36
37 if (!$bugsys->userinfo['userid'])
38 {
39 $message->errorPermission();
40 }
41
42 $userapi = new UserAPI($bugsys);
43 $userapi->set('userid', $bugsys->userinfo['userid']);
44 $userapi->set_condition();
45
46 $userinfo = $bugsys->userinfo;
47
48 // ###################################################################
49
50 if (empty($_REQUEST['do']))
51 {
52 $_REQUEST['do'] = 'modify';
53 }
54
55 // ###################################################################
56
57 if ($_POST['do'] == 'killsearch')
58 {
59 $search = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "search WHERE searchid = " . $bugsys->input_clean('searchid', TYPE_UINT) . " AND userid = " . $bugsys->userinfo['userid']);
60 if (!$search)
61 {
62 $message->errorPermission();
63 }
64
65 $db->query("DELETE FROM " . TABLE_PREFIX . "search WHERE searchid = " . $bugsys->in['searchid']);
66
67 $message->redirect(T('This saved search has been removed from your list.'), 'userctrl.php');
68 }
69
70 // ###################################################################
71
72 if ($_REQUEST['do'] == 'deletesearch')
73 {
74 $search = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "search WHERE searchid = " . $bugsys->input_clean('searchid', TYPE_UINT) . " AND userid = " . $bugsys->userinfo['userid']);
75 if (!$search)
76 {
77 $message->errorPermission();
78 }
79
80 $message->confirm(T('Are you sure you want to delete this saved search?'), 'userctrl.php', 'killsearch', T('Delete'), T('Cancel'), array('searchid' => $bugsys->in['searchid']));
81 }
82
83 // ###################################################################
84
85 if ($_POST['do'] == 'update')
86 {
87 // -------------------------------------------------------------------
88 // authentication
89 if (!empty($bugsys->in['password_change']) OR !empty($bugsys->in['email_change']))
90 {
91 if (empty($bugsys->in['validate']))
92 {
93 $message->addError(T('You need to enter your current password to change your email or password'));
94 }
95 else
96 {
97 if (md5(md5($bugsys->in['validate']) . md5($bugsys->userinfo['salt'])) != $bugsys->userinfo['password'])
98 {
99 $message->addError(T('Your authentication password does not match the one in our records'));
100 }
101 }
102 }
103
104 // -------------------------------------------------------------------
105 // email validation
106 if (!empty($bugsys->in['email_change']))
107 {
108 if (!empty($bugsys->in['email_change']) AND empty($bugsys->in['email_confirm']))
109 {
110 $message->addError(T('You need to enter both the email and confirm email fields to change your address'));
111 }
112
113 if ($bugsys->in['email_change'] != $bugsys->in['email_confirm'])
114 {
115 $message->addError(T('Your email and confirm email addresses do not match'));
116 }
117
118 $userapi->set('email', $bugsys->in['email_change']);
119 }
120
121 // -------------------------------------------------------------------
122 // password validation
123 if (!empty($bugsys->in['password_change']))
124 {
125 if (!empty($bugsys->in['password_change']) AND empty($bugsys->in['password_confirm']))
126 {
127 $message->addError(T('You need to enter both the password and confirm password fields to change your password'));
128 }
129 else
130 {
131 if ($bugsys->in['password_change'] != $bugsys->in['password_confirm'])
132 {
133 $message->addError(T('Your password and confirm password do not match'));
134 }
135 }
136
137 $userapi->set('password', $bugsys->in['password_change']);
138 }
139
140 $userapi->set('displayname', $bugsys->in['displayname']);
141 $userapi->set('showemail', $bugsys->in['showemail']);
142 $userapi->set('showcolors', $bugsys->in['showcolors']);
143 $userapi->set('languageid', $bugsys->in['languageid']);
144 $userapi->set('timezone', $bugsys->in['timezone']);
145 $userapi->set('usedst', $bugsys->in['usedst']);
146 $userapi->set('hidestatuses', $bugsys->in['hidestatuses']);
147 $userapi->set('defaultsortkey', $bugsys->in['defaultsortkey']);
148 $userapi->set('defaultsortas', $bugsys->in['defaultsortas']);
149 $userapi->set('columnoptions', $bugsys->input_clean('columnoptions', TYPE_UINT));
150
151 // -------------------------------------------------------------------
152 // copy fields
153 $userinfo['displayname'] = $bugsys->in['displayname'];
154 $userinfo['showemail'] = $bugsys->in['showemail'];
155 $userinfo['showcolors'] = $bugsys->in['showcolors'];
156 $userinfo['languageid'] = $bugsys->in['languageid'];
157 $userinfo['timezone'] = $bugsys->in['timezone'];
158 $userinfo['usedst'] = $bugsys->in['usedst'];
159 $userinfo['hidestatuses'] = $bugsys->in['hidestatuses'];
160 $userinfo['defaultsorkey'] = $bugsys->in['defaultsorkey'];
161 $userinfo['defaultsortas'] = $bugsys->in['defaultsortas'];
162 $userinfo['columnoptions'] = $bugsys->in['columnoptions'];
163
164 $email = $bugsys->in['email_change'];
165 $email_confirm = $bugsys->in['email_confirm'];
166
167 // -------------------------------------------------------------------
168 // error handling
169 if ($message->hasErrors())
170 {
171 $show['errors'] = true;
172 $_REQUEST['do'] = 'modify';
173 }
174 else
175 {
176 $userapi->update();
177
178 $db->query("DELETE FROM " . TABLE_PREFIX . "useremail WHERE userid = " . $bugsys->userinfo['userid']);
179 $bugsys->input_clean('emailopts', TYPE_INT);
180 if (is_array($bugsys->in['emailopts']))
181 {
182 foreach ($bugsys->in['emailopts'] AS $relation => $bitarr)
183 {
184 $bitmask = 0;
185 if (is_array($bitarr))
186 {
187 foreach ($bitarr AS $option => $yes)
188 {
189 $bitmask += $option * $yes;
190 }
191 }
192 $db->query("INSERT INTO " . TABLE_PREFIX . "useremail (userid, relation, mask) VALUES (" . $bugsys->userinfo['userid'] . ", $relation, $bitmask)");
193 }
194 }
195
196 $message->redirect(T('The changes to your account have been made.'), 'userctrl.php');
197 }
198 }
199
200 // ###################################################################
201
202 if ($_REQUEST['do'] == 'modify')
203 {
204 $langselect = construct_datastore_select('language', 'title', 'languageid', $userinfo['languageid']);
205
206 $hidestatuses = construct_datastore_select('status', 'status', 'statusid', (!is_array($userinfo['hidestatuses']) ? explode(',', $userinfo['hidestatuses']) : $userinfo['hidestatuses']), 0);
207 $hidestatusesnum = (sizeof(bugdar::$datastore['status']) < 8 ? sizeof(bugdar::$datastore['status']) + 1 : 8);
208
209 $defaultsortkey = construct_option_select('defaultsortkey', ListSorter::fetch_by_text(false), $userinfo['defaultsortkey']);
210 $defaultsortas = construct_option_select('defaultsortas', ListSorter::fetch_as_text(false), $userinfo['defaultsortas']);
211
212 foreach ($datef->fetch_timezone_list() AS $value => $label)
213 {
214 $selected = ($value == $userinfo['timezone']);
215 eval('$tzselect .= "' . $template->fetch('selectoption') . '";');
216 }
217
218 $checked = array();
219 if (!is_array($bugsys->in['emailopts']))
220 {
221 $options = $db->query("SELECT * FROM " . TABLE_PREFIX . "useremail WHERE userid = " . $bugsys->userinfo['userid']);
222 while ($opt = $db->fetch_array($options))
223 {
224 foreach ($bugsys->emailoptions['notifications'] AS $name => $notif)
225 {
226 foreach ($bugsys->emailoptions['relations'] AS $name => $relation)
227 {
228 if ($opt['mask'] & $notif AND $opt['relation'] == $relation)
229 {
230 $checked["$relation"]["$notif"] = HTML_CHECKED;
231 }
232 }
233 }
234 }
235 }
236 else
237 {
238 $checked = $bugsys->in['emailopts'];
239 foreach ($checked AS $key1 => $value1)
240 {
241 foreach ($value1 AS $key2 => $value2)
242 {
243 if ($value2)
244 {
245 $checked["$key1"]["$key2"] = HTML_CHECKED;
246 }
247 }
248 }
249 }
250
251 $columns = array();
252 $columnOptions = '';
253 if (!is_array($bugsys->in['columnoptions']))
254 {
255 foreach ($bugsys->columns AS $column => $mask)
256 {
257 if (is_array($bugsys->userinfo['columnoptions']))
258 {
259 $columns["$column"] = $bugsys->userinfo['columnoptions']["$column"];
260 }
261 else
262 {
263 $columns["$column"] = $bugsys->options['columnoptions']["$column"];
264 }
265 eval('$columnOptions .= "' . $template->fetch('userctrl_column') . '";');
266 }
267 }
268 else
269 {
270 $columns = $bugsys->in['columnoptions'];
271 foreach ($bugsys->columns AS $column => $mask)
272 {
273 eval('$columnOptions .= "' . $template->fetch('userctrl_column') . '";');
274 }
275 }
276
277 // searches
278 $searches = '';
279 $searchesFetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "search WHERE name IS NOT NULL AND userid = " . $bugsys->userinfo['userid']);
280 while ($search = $db->fetch_array($searchesFetch))
281 {
282 eval('$searches .= "' . $template->fetch('userctrl_search') . '";');
283 }
284
285 eval('$template->flush("' . $template->fetch('userctrl') . '");');
286 }
287
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.