PageRenderTime 51ms CodeModel.GetById 20ms RepoModel.GetById 1ms app.codeStats 0ms

/banned/profile.php

http://esglobalban.googlecode.com/
PHP | 245 lines | 175 code | 18 blank | 52 comment | 56 complexity | 1ce232813cbc565af65b289a1584f178 MD5 | raw file
    

  1. <?php
    2. 

  2. /*

    3. 

  3.     This file is part of GlobalBan.

    4. 

  4. 

    5. 

  5.     Written by Stefan Jonasson <soynuts@unbuinc.net>
    6. 

  6.     Copyright 2008 Stefan Jonasson

    7. 

  7.     

    8. 

  8.     GlobalBan is free software: you can redistribute it and/or modify

    9. 

  9.     it under the terms of the GNU General Public License as published by

    10. 

  10.     the Free Software Foundation, either version 3 of the License, or

    11. 

  11.     (at your option) any later version.

    12. 

  12. 

    13. 

  13.     GlobalBan is distributed in the hope that it will be useful,

    14. 

  14.     but WITHOUT ANY WARRANTY; without even the implied warranty of

    15. 

  15.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

    16. 

  16.     GNU General Public License for more details.

    17. 

  17. 

    18. 

  18.     You should have received a copy of the GNU General Public License

    19. 

  19.     along with GlobalBan.  If not, see <http://www.gnu.org/licenses/>.

    20. 

  20. */
    21. 

  21. 

  22. require_once(ROOTDIR."/include/database/class.UserQueries.php");
    23. 

  23. require_once(ROOTDIR."/include/objects/class.User.php");
    24. 

  24. 

  25. $userQueries = new UserQueries();
    26. 

  26. 

  27. $user = $userQueries->getUserInfo($_SESSION['name']); // Get current logged in user's info
    28. 

  28. 

  29. // Boolean values of whether post values are valid
    30. 

  30. $valid = array("username"=>true,
    31. 

  31.         "steamId"=>true,
    32. 

  32. 				"email"=>true,
    33. 

  33. 				"curPassword"=>true,
    34. 

  34. 				"cpassword"=>true,
    35. 

  35. 				"npassword"=>true,
    36. 

  36. 				"vpassword"=>true);
    37. 

  37. 

  38. // *********************************************
    39. 

  39. // If the user is updating their general profile
    40. 

  40. // *********************************************
    41. 

  41. if(isset($_POST['generalProfile'])) {
    42. 

  42.   $generalChangesMade = false;
    43. 

  43.   $generalErrors = false;
    44. 

  44.   
    45. 

  45.   $username = $_POST['username'];
    46. 

  46.   // Check if user name was changed
    47. 

  47.   if($user->getName() != addslashes($username)) {
    48. 

  48.     // Determine if NEW username already exists    
    49. 

  49.   	if(!$userQueries->usernameExist($username) && !empty($username)) {
    50. 

  50.   		$valid['username'] = true;
    51. 

  51.   		$generalChangesMade = true; // A change has been made
    52. 

  52.   		// Update username
    53. 

  53.   		$user->setName($username);
    54. 

  54.   	} else {
    55. 

  55.       $valid['username'] = false;
    56. 

  56.       $generalErrors = true;
    57. 

  57.     }
    58. 

  58. 	}
    59. 

  59. 	
    60. 

  60. 	// Steam ID
    61. 

  61. 	$steamId = $_POST['steamId'];
    62. 

  62. 	if($user->getSteamId() != $steamId) {
    63. 

  63. 	 if(preg_match("/^STEAM_[01]:[01]:\d{0,10}$/", $steamId)) {
    64. 

  64. 		  $valid['steamId'] = true;
    65. 

  65. 		  $generalChangesMade = true; // A change has been made
    66. 

  66. 		  // Update Steam ID
    67. 

  67. 		  $user->setSteamId($steamId);
    68. 

  68. 		} else {
    69. 

  69.       $valid['steamId'] = false;
    70. 

  70.       $generalErrors = true;
    71. 

  71.     }
    72. 

  72. 	}
    73. 

  73.   
    74. 

  74.   // Email
    75. 

  75. 	$email = $_POST['email'];	
    76. 

  76.   // Email changed and password correct
    77. 

  77. 	if($user->getEmail() != $email && $user->getPassword() == md5($_POST['curPassword'])) {
    78. 

  78. 	  
    79. 

  79.   	// Simplified version that does not do dns validation
    80. 

  80. 		if(preg_match("/^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$/i", $email)) {
    81. 

  81. 			$valid['email'] = true;
    82. 

  82.       $valid['curPassword'] = true;
    83. 

  83.       $generalChangesMade = true;
    84. 

  84.       // Everything is valid for an email change, set the changes  
    85. 

  85.   		$user->setEmail($email);
    86. 

  86. 		} else {
    87. 

  87.         $valid['email'] = false;
    88. 

  88.         $generalErrors = true;
    89. 

  89.     }
    90. 

  90. 	} else if($user->getEmail() == $email) {
    91. 

  91.     // If email isn't being changed then this can be valid
    92. 

  92.     $valid['curPassword'] = true;
    93. 

  93.   } else if($user->getEmail() != $email && $user->getPassword() != md5($_POST['curPassword'])) {
    94. 

  94.     // Email changed but password incorrect
    95. 

  95.     $valid['curPassword'] = false;
    96. 

  96.     $generalErrors = true;
    97. 

  97.     // Email was correct but password still wrong
    98. 

  98.     if(preg_match("/^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$/i", $email)) {
    99. 

  99. 			$valid['email'] = true;
    100. 

  100. 		} else {
    101. 

  101.       $valid['email'] = false;
    102. 

  102.     }			
    103. 

  103.   }
    104. 

  104. 	
    105. 

  105. 	// Save changes to the database as long as everything is valid
    106. 

  106. 	if($generalChangesMade && $valid['username'] && $valid['steamId'] && $valid['email'] && $valid['curPassword']) {
    107. 

  107.     // DB save
    108. 

  108.     $userQueries->updateUser($user);
    109. 

  109.   	// Need to update cookie and session values if username is updated
    110. 

  110.   	$_SESSION['name'] = $user->getName();
    111. 

  111.   	setcookie("gbu", $user->getName(), time()+60*60*24*100, "/"); // 100 days  	
    112. 

  112.   }
    113. 

  113. }
    114. 

  114. 

  115. // *********************************************
    116. 

  116. // If the user is updating their password
    117. 

  117. // *********************************************
    118. 

  118. if(isset($_POST['updatePassword'])) {
    119. 

  119. 

  120.   // Current password check
    121. 

  121.   if($user->getPassword() == md5($_POST['cpassword'])) {
    122. 

  122.     $valid['cpassword'] = true;
    123. 

  123.   } else {
    124. 

  124.     $valid['cpassword'] = false;
    125. 

  125.   }
    126. 

  126.   
    127. 

  127.   // New Password check
    128. 

  128. 	$newpassword = $_POST['npassword'];	
    129. 

  129. 	// Must have atleast 1 alphanumeric and at least 1 number and be a length of at least 6
    130. 

  130. 	$regex = "/^\w*(?=\w*\d)(?=\w*[a-zA-Z])\w*$/";
    131. 

  131. 	
    132. 

  132. 	if(strlen($newpassword) > 5 && preg_match($regex,$newpassword)) {
    133. 

  133. 		$valid['npassword'] = true;
    134. 

  134. 	} else {
    135. 

  135.     $valid['npassword'] = false;
    136. 

  136.   }
    137. 

  137. 	
    138. 

  138. 	// New Password verification check
    139. 

  139. 	$vpassword = $_POST['vpassword'];
    140. 

  140. 	// Check if it matches the first password
    141. 

  141. 	if($vpassword == $newpassword) {
    142. 

  142. 		$valid['vpassword'] = true;
    143. 

  143. 	} else {
    144. 

  144.     $valid['vpassword'] = false;
    145. 

  145.   }
    146. 

  146. 

  147.   // Save changes to the database as long as everything is valid
    148. 

  148. 	if($valid['cpassword'] && $valid['npassword'] && $valid['vpassword']) {
    149. 

  149.     // DB save
    150. 

  150.     $passwordChangesMade = true;
    151. 

  151.     $user->setPassword(md5($newpassword)); // Need to md5 the new password
    152. 

  152.     $userQueries->updateUser($user);
    153. 

  153.   	// Need to update cookie and session values if username is updated
    154. 

  154.   	$_SESSION['password'] = $user->getPassword(); // password should already be md5 encrypted
    155. 

  155.   	setcookie("gbp", $user->getPassword(), time()+60*60*24*100, "/"); // 100 days
    156. 

  156.   }
    157. 

  157. }
    158. 

  158. ?>
    159. 

  159. <div class="tborder">
    160. 

  160.   <div id="tableHead">
    161. 

  161.     <div><b>User Profile - General Information</b></div>
    162. 

  162.   </div>
    163. 

  163.   <form action="index.php?page=profile" method="post" id="form">
    164. 

  164.   	<table class="bordercolor" width="100%" cellspacing="1" cellpadding="5" border="0" style="margin-top: 1px;">
    165. 

  165.   		<tr>
    166. 

  166.   			<td class="rowColor1" width="1%" nowrap>Username:</td>
    167. 

  167.   			<td class="rowColor1"><input type="text" name="username" value="<?=$user->getName()?>" size="40" maxlength="40" />
    168. 

  168.   			<?php if(!$valid['username']) { ?><span class="error">Enter a valid username</span><?php } ?></td>
    169. 

  169.   		</tr>
    170. 

  170.   		<tr>
    171. 

  171.   			<td class="rowColor2" width="1%" nowrap>Steam ID:</td>
    172. 

  172.   			<td class="rowColor2"><input name="steamId" id="steamdId" type="text" value="<?=$user->getSteamId()?>" size="25" maxlength="25"/> (must be in <b>STEAM_X:X:XXXXXX</b> format)
    173. 

  173.   			<?php if(!$valid['steamId']) { ?><span class="error">Steam ID not in vaild format</span><?php } ?></td>
    174. 

  174.   		<tr>
    175. 

  175.   			<td class="rowColor1" width="1%" nowrap>Email:</td>
    176. 

  176.   			<td class="rowColor1"><input type="text" name="email" size="60" maxlength="80" value="<?=$user->getEmail()?>" />
    177. 

  177.   			<?php if(!$valid['email']) { ?><span class="error">Enter a valid email</span><?php } ?></td>
    178. 

  178.   		</tr>
    179. 

  179.   		</tr>
    180. 

  180.   			<td class="rowColor2" width="1%" nowrap><img src="images/bullet_star.png"/> Current Password:</td>
    181. 

  181.   			<td class="rowColor2"><input type="password" name="curPassword" value="" size="25" maxlength="25"/>
    182. 

  182.   			<?php if(!$valid['curPassword']) { ?><span class="error">Enter a valid password</span><?php } ?></td>
    183. 

  183.   		</tr>
    184. 

  184.   		<tr>			
    185. 

  185.   			<td align="left" colspan="3" class="rowColor1">
    186. 

  186.   				<input type="submit" value="Update" name="generalProfile" class="button" /></td>
    187. 

  187.   		</tr>
    188. 

  188.   	</table>
    189. 

  189.   </form>
    190. 

  190. </div>
    191. 

  191. <?php
    192. 

  192. // Display that the changes were successful
    193. 

  193. if($generalChangesMade) {
    194. 

  194.   ?><h5 class="error">General Information Updated</h5><?php
    195. 

  195. }
    196. 

  196. ?>
    197. 

  197. <?php
    198. 

  198. // Display an error message if there was any bad input
    199. 

  199. if($generalErrors) {
    200. 

  200.   ?><h5 class="error">All changes made have been reset due to bad input</h5><?php
    201. 

  201. }
    202. 

  202. ?>
    203. 

  203. <h5><img src="images/bullet_star.png"/> Only required if changing email</h5>
    204. 

  204. <br/>
    205. 

  205. <div class="tborder">
    206. 

  206.   <div id="tableHead">
    207. 

  207.     <div><b>User Profile - Change Password</b></div>
    208. 

  208.   </div>
    209. 

  209.   <form action="index.php?page=profile" method="post" id="form">
    210. 

  210.   	<table class="bordercolor" width="100%" cellspacing="1" cellpadding="5" border="0" style="margin-top: 1px;">
    211. 

  211.       </tr>
    212. 

  212.   			<td class="rowColor1" width="1%" nowrap>Current Password:</td>
    213. 

  213.   			<td class="rowColor1"><input type="password" name="cpassword" value="" size="25" maxlength="25"/>
    214. 

  214.   			<?php if(!$valid['cpassword']) { ?><span class="error">Enter a valid password</span><?php } ?></td>
    215. 

  215.   		</tr>
    216. 

  216.   		</tr>
    217. 

  217.   			<td class="rowColor2" width="1%" nowrap>New Password:</td>
    218. 

  218.   			<td class="rowColor2"><input type="password" name="npassword" value="" size="25" maxlength="25"/>
    219. 

  219.   			<?php if(!$valid['npassword']) { ?><span class="error">Enter a valid password</span><?php } ?></td>
    220. 

  220.   		</tr>
    221. 

  221.   		<tr>
    222. 

  222.   			<td class="rowColor1" width="1%" nowrap>Verify New Password:</td>
    223. 

  223.   			<td class="rowColor1"><input type="password" name="vpassword" value="" size="25" maxlength="25"/>
    224. 

  224.   			<?php if(!$valid['vpassword']) { ?><span class="error">Password mis-match</span><?php } ?></td>
    225. 

  225.   		</tr>
    226. 

  226.   		<tr>			
    227. 

  227.   			<td align="left" colspan="3" class="rowColor2">
    228. 

  228.   				<input type="hidden" name="nopostpass" value="0" />
    229. 

  229.   				<input type="submit" value="Change Password" name="updatePassword" class="button" /></td>
    230. 

  230.   		</tr>
    231. 

  231.     </table>
    232. 

  232.   </form>
    233. 

  233. </div>
    234. 

  234. 

  235. <h5>
    236. 

  236. All password fields in the above section are required for changing a password.<br/>
    237. 

  237. Passwords must contain at least 1 digit and be at least 6 characters in length.
    238. 

  238. </h5>
    239. 

  239. 

  240. <?php
    241. 

  241. // Display that the changes were successful
    242. 

  242. if($passwordChangesMade) {
    243. 

  243.   ?><h5 class="error">Password Updated</h5><?php
    244. 

  244. }
    245. 

  245. ?>
    246. 

  246.