requireUser(WEB_ROOT . '/login.' . SITE_CONFIG_PAGE_EXTENSION);
// load user
$user = UserPeer::loadUserById($Auth->id);
if(!$user)
{
coreFunctions::redirect(WEB_ROOT);
}
if(isset($_REQUEST['s']))
{
notification::setSuccess(t("account_lock_activation_success_message", "Account successfully secured."));
}
if(isset($_REQUEST['ss']))
{
notification::setSuccess(t("account_updated_success_message", "Account details successfully updated"));
}
if(isset($_REQUEST['f']))
{
notification::setSuccess(t("account_lock_activation_failure_message", "Account could not be secured at this time, please try again later."));
}
if(isset($_REQUEST['us']))
{
notification::setSuccess(t("account_lock_deactivation_success_message", "Account successfully unlocked."));
}
if(isset($_REQUEST['uf']))
{
notification::setSuccess(t("account_lock_deactivation_failure_message", "Account could not be unlocked at this time, please try again later."));
}
if(isset($_REQUEST['uc']))
{
notification::setError(t("account_lock_deactivation_code_mismatch", "Account could not be unlocked as the code is incorrect."));
}
if(isset($_REQUEST['e']))
{
notification::setSuccess(t("account_lock_resend_email_confirm_message", "The email containing the unlock code has been emailed to the registered email account."));
}
// setup page
define("PAGE_NAME", t("account_edit_page_name", "Account Details"));
define("PAGE_DESCRIPTION", t("account_edit_meta_description", "Account details"));
define("PAGE_KEYWORDS", t("account_edit_meta_keywords", "details, account, short, url, user"));
define("SELECTED_NAVIGATION_LINK", "settings");
// get account stats
$totalFreeSpace = UserPeer::getAvailableFileStorage($Auth->id);
$totalActiveFiles = file::getTotalActiveFilesByUser($Auth->id);
$totalDownloads = file::getTotalDownloadsByUserOwnedFiles($Auth->id);
$lockStatus = coreFunctions::getUsersAccountLockStatus($Auth->id);
// setup keys
$key1 = '';
$key2 = '';
$accountAPIKeys = $db->getRow('SELECT key_public, key_secret FROM apiv2_api_key WHERE user_id = :user_id LIMIT 1', array('user_id' => $Auth->id));
if($accountAPIKeys)
{
$key1 = $accountAPIKeys['key_public'];
$key2 = $accountAPIKeys['key_secret'];
}
// activate security lock
if(isset($_REQUEST['secureAccount']) && (int) $_REQUEST['secureAccount'])
{
// Generate the locking Hash
$lockHash = coreFunctions::generateSecurityLockHash();
// Update the database
$db = Database::getDatabase();
$rs = $db->query("UPDATE users SET accountLockStatus = 1, accountLockHash = " . $db->quote($lockHash) . " WHERE id = " . (int) $Auth->id);
if($rs && (!notification::isErrors()))
{
// Send email to the registered account
$subject = t('lock_account_email_subject', 'Security lock details for [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME));
$replacements = array(
'FIRST_NAME' => $user->firstname,
'SITE_NAME' => SITE_CONFIG_SITE_NAME,
'UNLOCK_CODE' => $lockHash
);
$defaultContent = "Dear [[[FIRST_NAME]]],
";
$defaultContent .= "Your account on [[[SITE_NAME]]] has been locked as per your request. Use the code below to unlock your account:
";
$defaultContent .= "Unlock code: [[[UNLOCK_CODE]]]
";
$defaultContent .= "Feel free to contact us if you need any support with your account.
";
$defaultContent .= "Regards,
";
$defaultContent .= "[[[SITE_NAME]]] Admin";
$htmlMsg = t('lock_account_email_content', $defaultContent, $replacements);
coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg)));
coreFunctions::redirect(WEB_ROOT . '/account_edit.html?s=1');
}
else
{
coreFunctions::redirect(WEB_ROOT . '/account_edit.html?f=1');
}
}
if(isset($_REQUEST['unlockAccount']) && (int) $_REQUEST['unlockAccount'])
{
$accountCode = trim($_REQUEST['accountCode']);
if(!$accountCode)
{
notification::setError(t("account_lock_deactivation_no_code_message", "Please enter the unlock code and try again."));
}
if(!notification::isErrors())
{
// get the unlock code from the DB
$unlockCode = $db->getRow("SELECT accountLockHash FROM users WHERE id = " . (int) $Auth->id . " AND accountLockStatus = '1' LIMIT 1");
if($unlockCode)
{
// Codes match, continue to unlock account
if($accountCode === $unlockCode['accountLockHash'])
{
$rs = $db->query("UPDATE users SET accountLockStatus = 0, accountLockHash = '' WHERE id = " . (int) $Auth->id . ' LIMIT 1');
if($rs)
{
coreFunctions::redirect(WEB_ROOT . '/account_edit.html?us=1');
}
}
else
{
coreFunctions::redirect(WEB_ROOT . '/account_edit.html?uc=1');
}
}
else
{
coreFunctions::redirect(WEB_ROOT . '/account_edit.html?uf=1');
}
}
}
if(isset($_REQUEST['resendCode']) && (int) $_REQUEST['resendCode'])
{
// Send email to the registered account
$details = $db->getRow("SELECT accountLockHash FROM users WHERE id = " . (int) $Auth->id . " LIMIT 1");
$subject = t('lock_account_email_subject', 'Security lock details for [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME));
$replacements = array(
'FIRST_NAME' => $user->firstname,
'SITE_NAME' => SITE_CONFIG_SITE_NAME,
'UNLOCK_CODE' => $details['accountLockHash']
);
$defaultContent = "Dear [[[FIRST_NAME]]],
";
$defaultContent .= "Your account on [[[SITE_NAME]]] has been locked as per your request. Use the code below to unlock your account:
";
$defaultContent .= "Unlock code: [[[UNLOCK_CODE]]]
";
$defaultContent .= "Feel free to contact us if you need any support with your account.
";
$defaultContent .= "Regards,
";
$defaultContent .= "[[[SITE_NAME]]] Admin";
$htmlMsg = t('lock_account_email_content', $defaultContent, $replacements);
coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg)));
coreFunctions::redirect(WEB_ROOT . '/account_edit.html?e=1');
}
// update user
if(isset($_REQUEST['submitme']) && (int) $_REQUEST['submitme'])
{
// validation
$title = trim($_REQUEST['title']);
$firstname = trim($_REQUEST['firstname']);
$lastname = trim($_REQUEST['lastname']);
$emailAddress = trim(strtolower($_REQUEST['emailAddress']));
$password = trim($_REQUEST['password']);
$passwordConfirm = trim($_REQUEST['passwordConfirm']);
$languageId = null;
$filePrivacy = (int) $_REQUEST['isPublic'];
if(isset($_REQUEST['languageId']))
{
$languageId = (int) $_REQUEST['languageId'];
}
$privateFileStatistics = (int) $_REQUEST['privateFileStatistics'];
$uploadedAvatar = null;
if((isset($_FILES['avatar']['tmp_name'])) && (strlen($_FILES['avatar']['tmp_name'])))
{
$uploadedAvatar = $_FILES['avatar'];
}
$removeAvatar = false;
if((isset($_REQUEST['removeAvatar'])) && ((int) $_REQUEST['removeAvatar'] == 1))
{
$removeAvatar = true;
}
// pickup api keys
$key1 = trim($_REQUEST['key1']);
$key2 = trim($_REQUEST['key2']);
if(!strlen($title))
{
notification::setError(t("please_enter_your_title", "Please enter your title"));
}
elseif(!strlen($firstname))
{
notification::setError(t("please_enter_your_firstname", "Please enter your firstname"));
}
elseif(!strlen($lastname))
{
notification::setError(t("please_enter_your_lastname", "Please enter your lastname"));
}
elseif(!strlen($emailAddress))
{
notification::setError(t("please_enter_your_email_address", "Please enter your email address"));
}
elseif(!validation::validEmail($emailAddress))
{
notification::setError(t("your_email_address_is_invalid", "Your email address is invalid"));
}
elseif(_CONFIG_DEMO_MODE == true)
{
notification::setError(t("no_changes_in_demo_mode"));
}
else
{
$checkEmail = UserPeer::loadUserByEmailAddress($emailAddress);
if(($checkEmail) && ($checkEmail->id != $Auth->id))
{
// username exists
notification::setError(t("email_address_already_exists", "Email address already exists on another account"));
}
else
{
// check password if one set
if(strlen($password))
{
if($password != $passwordConfirm)
{
notification::setError(t("your_password_confirmation_does_not_match", "Your password confirmation does not match"));
}
else
{
$passValid = passwordPolicy::validatePassword($password);
if(is_array($passValid))
{
notification::setError(implode('
', $passValid));
}
}
}
}
}
if(!notification::isErrors())
{
if($uploadedAvatar)
{
// check filesize
$maxAvatarSize = 1024 * 1024 * 5;
if($uploadedAvatar['size'] > ($maxAvatarSize))
{
notification::setError(t("account_edit_avatar_is_too_large", "The uploaded image can not be more than [[[MAX_SIZE_FORMATTED]]]", array('MAX_SIZE_FORMATTED' => coreFunctions::formatSize($maxAvatarSize))));
}
else
{
// make sure it's an image
$imagesizedata = @getimagesize($uploadedAvatar['tmp_name']);
if($imagesizedata === FALSE)
{
//not image
notification::setError(t("account_edit_avatar_is_not_an_image", "Your avatar must be a jpg, png or gif image."));
}
}
}
}
if(!notification::isErrors())
{
if(strlen($key1) || strlen($key2))
{
// make sure keys are 64 characters in length
if((strlen($key1) != 64) || (strlen($key2) != 64))
{
notification::setError(t("account_api_keys_not_correct_length", "API keys should be 64 characters in length."));
}
}
}
// update the account
if(!notification::isErrors())
{
// if password changed send confirmation notice to user
if(SITE_CONFIG_SECURITY_SEND_USER_EMAIL_ON_PASSWORD_CHANGE == 'yes')
{
if(strlen($password))
{
$subject = t('password_change_email_subject', 'Password changed for account on [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME));
$replacements = array(
'FIRST_NAME' => $user->firstname,
'SITE_NAME' => SITE_CONFIG_SITE_NAME,
'WEB_ROOT' => WEB_ROOT,
'USERNAME' => $user->username,
);
$defaultContent = "Dear [[[FIRST_NAME]]],
";
$defaultContent .= "This is a courtesy email notifying you that your account password on [[[SITE_NAME]]] has been changed.
";
$defaultContent .= "If you didn't change your password, please contact us immediately. Otherwise just ignore this email.
";
$defaultContent .= "Url: [[[WEB_ROOT]]]
";
$defaultContent .= "Username: [[[USERNAME]]]
";
$defaultContent .= "Feel free to contact us if you need any support with your account.
";
$defaultContent .= "Regards,
";
$defaultContent .= "[[[SITE_NAME]]] Admin";
$htmlMsg = t('password_change_email_content', $defaultContent, $replacements);
coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg)));
}
}
// if email changed send confirmation notice to user
if(SITE_CONFIG_SECURITY_SEND_USER_EMAIL_ON_EMAIL_CHANGE == 'yes')
{
if($emailAddress != $user->email)
{
$subject = t('email_change_email_subject', 'Email changed for account on [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME));
$replacements = array(
'FIRST_NAME' => $user->firstname,
'SITE_NAME' => SITE_CONFIG_SITE_NAME,
'WEB_ROOT' => WEB_ROOT,
'USERNAME' => $user->username,
'NEW_EMAIL' => $emailAddress,
);
$defaultContent = "Dear [[[FIRST_NAME]]],
";
$defaultContent .= "This is a courtesy email notifying you that your account email address on [[[SITE_NAME]]] has been changed to [[[NEW_EMAIL]]].
";
$defaultContent .= "If you didn't change your email address, please contact us immediately. Otherwise just ignore this email.
";
$defaultContent .= "Url: [[[WEB_ROOT]]]
";
$defaultContent .= "Username: [[[USERNAME]]]
";
$defaultContent .= "New Email: [[[NEW_EMAIL]]]
";
$defaultContent .= "Feel free to contact us if you need any support with your account.
";
$defaultContent .= "Regards,
";
$defaultContent .= "[[[SITE_NAME]]] Admin";
$htmlMsg = t('email_change_email_content', $defaultContent, $replacements);
coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg)));
}
}
$db = Database::getDatabase(true);
$rs = $db->query('UPDATE users SET title = :title, firstname = :firstname, lastname = :lastname, email = :email, languageId = :languageId, privateFileStatistics = :privateFileStatistics, isPublic = :isPublic WHERE id = :id', array('title' => $title, 'firstname' => $firstname, 'lastname' => $lastname, 'email' => $emailAddress, 'id' => $Auth->id, 'languageId' => $languageId, 'privateFileStatistics' => $privateFileStatistics, 'isPublic' => $filePrivacy));
if($rs)
{
// do password
if(strlen($password))
{
$rs = $db->query('UPDATE users SET password = :password WHERE id = :id', array('password' => Password::createHash($password), 'id' => $Auth->id));
}
// reset site language if updated
if($languageId != null)
{
$languageName = $db->getValue("SELECT languageName FROM language WHERE isActive = 1 AND id = " . (int) $languageId . " LIMIT 1");
if($languageName)
{
$_SESSION['_t'] = $languageName;
}
}
// save avatar
$src = null;
if($uploadedAvatar)
{
// convert all images to jpg
$imgInfo = getimagesize($uploadedAvatar['tmp_name']);
switch($imgInfo[2])
{
case IMAGETYPE_GIF: $src = imagecreatefromgif($uploadedAvatar['tmp_name']);
break;
case IMAGETYPE_JPEG: $src = imagecreatefromjpeg($uploadedAvatar['tmp_name']);
break;
case IMAGETYPE_PNG: $src = imagecreatefrompng($uploadedAvatar['tmp_name']);
break;
default: $src = null;
}
}
// if we've loaded the image store it as jpg
if(($src) || ($removeAvatar == true))
{
ob_start();
imagejpeg($src, null, 100);
$imageData = ob_get_contents();
ob_end_clean();
$avatarCachePath = 'user/' . (int) $Auth->id . '/profile';
// delete any existing avatar files including generate cache
if(file_exists(CACHE_DIRECTORY_ROOT . '/' . $avatarCachePath))
{
$files = coreFunctions::getDirectoryListing(CACHE_DIRECTORY_ROOT . '/' . $avatarCachePath);
if(COUNT($files))
{
foreach($files AS $file)
{
@unlink($file);
}
}
}
if($src)
{
// save new file
cache::saveCacheToFile($avatarCachePath . '/avatar_original.jpg', $imageData);
}
}
// update api keys
$keepSame = $db->getValue('SELECT COUNT(id) AS total FROM apiv2_api_key WHERE key_public = :key_public AND key_secret = :key_secret AND user_id = :user_id LIMIT 1', array(
'user_id' => (int)$Auth->id,
'key_public' => $key1,
'key_secret' => $key2,
));
if(!$keepSame)
{
// delete any existing keys for the user
$db->query('DELETE FROM apiv2_api_key WHERE user_id = :user_id LIMIT 1', array(
'user_id' => (int)$Auth->id,
));
// add the new keys
if(strlen($key1) && strlen($key2))
{
$db->query('INSERT INTO apiv2_api_key (key_public, key_secret, user_id, date_created) VALUES (:key_public, :key_secret, :user_id, NOW())', array(
'user_id' => (int)$Auth->id,
'key_public' => $key1,
'key_secret' => $key2,
));
}
}
coreFunctions::redirect(WEB_ROOT . '/account_edit.html?ss=1');
//notification::setSuccess(t("account_updated_success_message", "Account details successfully updated"));
}
else
{
notification::setError(t("problem_updating_your_account_try_again_later", "There was a problem updating your account, please try again later"));
}
}
}
else
{
$title = $user->title;
$firstname = $user->firstname;
$lastname = $user->lastname;
$emailAddress = $user->email;
$languageId = $user->languageId;
$isPublic = $user->isPublic;
if($languageId == null)
{
$languageId = $db->getValue("SELECT id FROM language WHERE isActive = 1 AND languageName = '" . $db->escape(trim($_REQUEST['_t'])) . "' LIMIT 1");
}
$privateFileStatistics = $user->privateFileStatistics;
}
// check for existing avatar
$hasAvatar = false;
$avatarCachePath = 'user/' . (int) $Auth->id . '/profile/avatar_original.jpg';
if(cache::checkCacheFileExists($avatarCachePath))
{
$hasAvatar = true;
}
// include header
require_once(SITE_TEMPLATES_PATH . '/partial/_header_file_manager.inc.php');
// file manager javascript
require_once(SITE_TEMPLATES_PATH . '/partial/_account_home_javascript.inc.php');
if(notification::isSuccess())
{
echo templateFunctions::outputSuccess();
}
elseif(notification::isErrors())
{
echo templateFunctions::outputErrors();
}
?>