2012-08-28 06:30:20 +00:00
|
|
|
<?php
|
|
|
|
|
// MyDMS. Document Management System
|
|
|
|
|
// Copyright (C) 2002-2005 Markus Westphal
|
|
|
|
|
// Copyright (C) 2006-2008 Malcolm Cowe
|
2016-08-09 05:34:30 +00:00
|
|
|
// Copyright (C) 2010-2016 Uwe Steinmann
|
2012-08-28 06:30:20 +00:00
|
|
|
//
|
|
|
|
|
// This program is free software; you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
|
// the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
|
// along with this program; if not, write to the Free Software
|
|
|
|
|
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
|
|
|
|
|
|
include("../inc/inc.Settings.php");
|
2022-11-09 05:40:50 +00:00
|
|
|
include("../inc/inc.Utils.php");
|
2012-08-28 06:30:20 +00:00
|
|
|
include("../inc/inc.LogInit.php");
|
|
|
|
|
include("../inc/inc.Language.php");
|
2014-12-08 13:47:32 +00:00
|
|
|
include("../inc/inc.Init.php");
|
|
|
|
|
include("../inc/inc.Extension.php");
|
|
|
|
|
include("../inc/inc.DBInit.php");
|
2012-08-28 06:30:20 +00:00
|
|
|
include("../inc/inc.ClassUI.php");
|
|
|
|
|
include("../inc/inc.Authentication.php");
|
|
|
|
|
include("../inc/inc.ClassPasswordStrength.php");
|
|
|
|
|
include("../inc/inc.ClassPasswordHistoryManager.php");
|
2010-11-05 21:44:05 +00:00
|
|
|
|
2010-12-03 07:22:56 +00:00
|
|
|
if ($user->isGuest()) {
|
2010-11-05 21:44:05 +00:00
|
|
|
UI::exitError(getMLText("edit_user_details"),getMLText("access_denied"));
|
|
|
|
|
}
|
|
|
|
|
|
2010-11-22 20:42:19 +00:00
|
|
|
if (!$user->isAdmin() && ($settings->_disableSelfEdit)) {
|
2010-11-05 21:44:05 +00:00
|
|
|
UI::exitError(getMLText("edit_user_details"),getMLText("access_denied"));
|
|
|
|
|
}
|
2012-08-28 06:30:20 +00:00
|
|
|
|
2021-01-25 08:08:40 +00:00
|
|
|
/* Check if the form data comes from a trusted request */
|
|
|
|
|
if(!checkFormKey('edituserdata')) {
|
|
|
|
|
UI::exitError(getMLText("edit_user_details"),getMLText("invalid_request_token"));
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-28 06:30:20 +00:00
|
|
|
$fullname = $_POST["fullname"];
|
|
|
|
|
$email = $_POST["email"];
|
|
|
|
|
$comment = $_POST["comment"];
|
2012-12-14 08:02:48 +00:00
|
|
|
$language = $_POST["language"];
|
2019-06-13 06:50:13 +00:00
|
|
|
/* 'theme' won't be set, if themeselector is turned off */
|
2014-07-15 12:21:12 +00:00
|
|
|
if(isset($_POST["theme"]))
|
|
|
|
|
$mytheme = $_POST["theme"];
|
2012-08-28 06:30:20 +00:00
|
|
|
$current_pwd = $_POST["currentpwd"];
|
|
|
|
|
|
2020-07-30 08:57:29 +00:00
|
|
|
if(!seed_pass_verify($current_pwd, $user->getPwd())) {
|
2012-08-28 06:30:20 +00:00
|
|
|
UI::exitError(getMLText("edit_user_details"),getMLText("password_wrong"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) {
|
|
|
|
|
if($settings->_passwordStrength) {
|
|
|
|
|
$ps = new Password_Strength();
|
|
|
|
|
$ps->set_password($_POST["pwd"]);
|
|
|
|
|
$ps->calculate();
|
|
|
|
|
$score = $ps->get_score();
|
|
|
|
|
if($score > $settings->_passwordStrength) {
|
|
|
|
|
if($settings->_passwordHistory > 0) {
|
2018-11-07 20:03:30 +00:00
|
|
|
if ($current_pwd == $_POST["pwd"]) // history doesn't have the initial pw stored yet
|
|
|
|
|
UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
|
2013-02-14 11:10:53 +00:00
|
|
|
$phm = new SeedDMS_PasswordHistoryManager($db);
|
2020-07-30 08:57:29 +00:00
|
|
|
$oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"]));
|
2012-08-28 06:30:20 +00:00
|
|
|
if($oldpwd) {
|
|
|
|
|
UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
|
|
|
|
|
} else {
|
2020-07-30 08:57:29 +00:00
|
|
|
$phm->add($user, seed_pass_hash($_POST["pwd"]));
|
2012-08-28 06:30:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-07-30 08:57:29 +00:00
|
|
|
$user->setPwd(seed_pass_hash($_POST["pwd"]));
|
2012-08-28 06:30:20 +00:00
|
|
|
$user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400));
|
|
|
|
|
} else {
|
|
|
|
|
UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if($settings->_passwordHistory > 0) {
|
2013-02-14 11:10:53 +00:00
|
|
|
$phm = new SeedDMS_PasswordHistoryManager($db);
|
2020-07-30 08:57:29 +00:00
|
|
|
$oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"]));
|
2012-08-28 06:30:20 +00:00
|
|
|
if($oldpwd) {
|
|
|
|
|
UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
|
|
|
|
|
} else {
|
2020-07-30 08:57:29 +00:00
|
|
|
$phm->add($user, seed_pass_hash($_POST["pwd"]));
|
2012-08-28 06:30:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-07-30 08:57:29 +00:00
|
|
|
$user->setPwd(seed_pass_hash($_POST["pwd"]));
|
2012-08-28 06:30:20 +00:00
|
|
|
$user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($user->getFullName() != $fullname)
|
|
|
|
|
$user->setFullName($fullname);
|
|
|
|
|
|
|
|
|
|
if ($user->getEmail() != $email)
|
|
|
|
|
$user->setEmail($email);
|
|
|
|
|
|
|
|
|
|
if ($user->getComment() != $comment)
|
|
|
|
|
$user->setComment($comment);
|
|
|
|
|
|
2012-12-14 08:02:48 +00:00
|
|
|
if ($user->getLanguage() != $language)
|
|
|
|
|
$user->setLanguage($language);
|
|
|
|
|
|
2014-07-15 12:21:12 +00:00
|
|
|
if (isset($mytheme) && $user->getTheme() != $mytheme)
|
2012-12-14 08:02:48 +00:00
|
|
|
$user->setTheme($mytheme);
|
|
|
|
|
|
2012-09-13 13:57:45 +00:00
|
|
|
if (isset($_FILES["userfile"]) && is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0)
|
2012-08-28 06:30:20 +00:00
|
|
|
{
|
2012-10-05 19:53:13 +00:00
|
|
|
$finfo = new finfo(FILEINFO_MIME);
|
2014-02-21 20:29:52 +00:00
|
|
|
// echo $finfo->file($_FILES["userfile"]["tmp_name"]);
|
2012-10-05 19:53:13 +00:00
|
|
|
if(substr($finfo->file($_FILES["userfile"]["tmp_name"]), 0, 10) != "image/jpeg") {;
|
2010-10-29 13:19:51 +00:00
|
|
|
UI::exitError(getMLText("user_info"),getMLText("only_jpg_user_images"));
|
2012-08-28 06:30:20 +00:00
|
|
|
}
|
2012-10-05 19:53:13 +00:00
|
|
|
// shrink the image to a max height of 150 px
|
|
|
|
|
// read original image
|
2012-08-28 06:30:20 +00:00
|
|
|
$origImg = imagecreatefromjpeg($_FILES["userfile"]["tmp_name"]);
|
|
|
|
|
$width = imagesx($origImg);
|
|
|
|
|
$height = imagesy($origImg);
|
2012-10-05 19:53:13 +00:00
|
|
|
// create thumbnail in memory
|
2012-08-28 06:30:20 +00:00
|
|
|
$newHeight = 150;
|
|
|
|
|
$newWidth = ($width/$height) * $newHeight;
|
|
|
|
|
$newImg = imagecreatetruecolor($newWidth, $newHeight);
|
2012-10-05 19:53:13 +00:00
|
|
|
// shrink image
|
2012-08-28 06:30:20 +00:00
|
|
|
imagecopyresized($newImg, $origImg, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height);
|
2012-10-05 19:53:13 +00:00
|
|
|
// save image to file
|
2012-08-28 06:30:20 +00:00
|
|
|
imagejpeg($newImg, $_FILES["userfile"]["tmp_name"]);
|
2012-10-05 19:53:13 +00:00
|
|
|
// clean up
|
2012-08-28 06:30:20 +00:00
|
|
|
imagedestroy($origImg);
|
|
|
|
|
imagedestroy($newImg);
|
|
|
|
|
$user->setImage($_FILES["userfile"]["tmp_name"], $_FILES["userfile"]["type"]);
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-13 06:49:50 +00:00
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_save_user_data')));
|
|
|
|
|
|
2012-08-28 06:30:20 +00:00
|
|
|
add_log_line("?user=".$user->getLogin());
|
|
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
header("Location:../out/out.MyAccount.php");
|
2012-08-28 06:30:20 +00:00
|
|
|
|
|
|
|
|
?>
|
