163 $new_email = $_POST['newemail']; |
163 $new_email = $_POST['newemail']; |
164 |
164 |
165 $result = $session->update_user($session->user_id, false, $old_pass, false, $new_email); |
165 $result = $session->update_user($session->user_id, false, $old_pass, false, $new_email); |
166 if ( $result != 'success' ) |
166 if ( $result != 'success' ) |
167 { |
167 { |
168 die_friendly('Error updating e-mail address', '<p>Session API returned error: ' . $result . '</p>'); |
168 $message = '<p>The following errors were encountered while saving your e-mail address:</p>'; |
|
169 $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>'; |
|
170 die_friendly('Error updating e-mail address', $message); |
169 } |
171 } |
170 $email_changed = true; |
172 $email_changed = true; |
171 } |
173 } |
172 // Obtain password |
174 // Obtain password |
173 if ( $_POST['use_crypt'] == 'yes' && !empty($_POST['crypt_data']) ) |
175 if ( $_POST['use_crypt'] == 'yes' && !empty($_POST['crypt_data']) ) |
190 { |
192 { |
191 // Perform checks |
193 // Perform checks |
192 if ( strlen($newpass) < 6 ) |
194 if ( strlen($newpass) < 6 ) |
193 $errors .= '<div class="error-box">Password must be at least 6 characters. You hacked my script, darn you!</div>'; |
195 $errors .= '<div class="error-box">Password must be at least 6 characters. You hacked my script, darn you!</div>'; |
194 // Encrypt new password |
196 // Encrypt new password |
195 $newpass_enc = $aes->encrypt($newpass, $session->private_key, ENC_HEX); |
197 if ( empty($errors) ) |
196 // Perform the swap |
|
197 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $newpass_enc . '\' WHERE user_id=' . $session->user_id . ';'); |
|
198 if ( !$q ) |
|
199 $db->_die(); |
|
200 // Log out and back in |
|
201 $username = $session->username; |
|
202 $session->logout(); |
|
203 if ( $email_changed ) |
|
204 { |
198 { |
205 if ( getConfig('account_activation') == 'user' ) |
199 $newpass_enc = $aes->encrypt($newpass, $session->private_key, ENC_HEX); |
|
200 // Perform the swap |
|
201 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $newpass_enc . '\' WHERE user_id=' . $session->user_id . ';'); |
|
202 if ( !$q ) |
|
203 $db->_die(); |
|
204 // Log out and back in |
|
205 $username = $session->username; |
|
206 $session->logout(); |
|
207 if ( $email_changed ) |
206 { |
208 { |
207 redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since e-mail activation is required on this site, you will need to re-activate your account to continue. An e-mail has been sent to the new e-mail address with an activation link. You must click that link in order to log in again.', 19); |
209 if ( getConfig('account_activation') == 'user' ) |
|
210 { |
|
211 redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since e-mail activation is required on this site, you will need to re-activate your account to continue. An e-mail has been sent to the new e-mail address with an activation link. You must click that link in order to log in again.', 19); |
|
212 } |
|
213 else if ( getConfig('account_activation') == 'admin' ) |
|
214 { |
|
215 redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since administrative activation is requires on this site, a request has been sent to the administrators to activate your account for you. You will not be able to use your account until it is activated by an administrator.', 19); |
|
216 } |
208 } |
217 } |
209 else if ( getConfig('account_activation') == 'admin' ) |
218 $session->login_without_crypto($session->username, $newpass); |
210 { |
219 redirect(makeUrlNS('Special', 'Preferences'), 'Password changed', 'Your password has been changed, and you will now be redirected back to the user control panel.', 4); |
211 redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since administrative activation is requires on this site, a request has been sent to the administrators to activate your account for you. You will not be able to use your account until it is activated by an administrator.', 19); |
|
212 } |
|
213 } |
220 } |
214 $session->login_without_crypto($session->username, $newpass); |
|
215 redirect(makeUrlNS('Special', 'Preferences'), 'Password changed', 'Your password has been changed, and you will now be redirected back to the user control panel.', 4); |
|
216 } |
221 } |
217 } |
222 } |
218 else |
223 else |
219 { |
224 { |
220 switch('foo') // allow breaking out of our section...i can't wait until PHP6 (goto support!) |
225 switch('foo') // allow breaking out of our section...i can't wait until PHP6 (goto support!) |
430 |
435 |
431 $email_public = ( isset($_POST['email_public']) ) ? '1' : '0'; |
436 $email_public = ( isset($_POST['email_public']) ) ? '1' : '0'; |
432 |
437 |
433 $session->real_name = $real_name; |
438 $session->real_name = $real_name; |
434 |
439 |
435 if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) ) |
440 if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) ) |
436 { |
441 { |
437 $imaddr_msn = "$imaddr_msn@hotmail.com"; |
442 $imaddr_msn = "$imaddr_msn@hotmail.com"; |
438 } |
443 } |
439 |
444 |
440 if ( substr($homepage, 0, 7) != 'http://' ) |
445 if ( substr($homepage, 0, 7) != 'http://' ) |