fisharebest / webtrees

edituser.php

<?php
/**
 * webtrees: online genealogy
 * Copyright (C) 2019 webtrees development team
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
namespace Fisharebest\Webtrees;

/**
 * Defined in session.php
 *
 * @global Tree $WT_TREE
 */
global $WT_TREE;

use Fisharebest\Webtrees\Controller\PageController;
use Fisharebest\Webtrees\Functions\FunctionsEdit;
use Fisharebest\Webtrees\Functions\FunctionsPrint;

define('WT_SCRIPT_NAME', 'edituser.php');
require './includes/session.php';

// Need to be logged in
if (!Auth::check()) {
    header('Location: ' . WT_BASE_URL);

    return;
}

// Extract form variables
$form_action         = Filter::post('form_action');
$form_username       = Filter::post('form_username');
$form_realname       = Filter::post('form_realname');
$form_pass1          = Filter::post('form_pass1', WT_REGEX_PASSWORD);
$form_pass2          = Filter::post('form_pass2', WT_REGEX_PASSWORD);
$form_email          = Filter::postEmail('form_email');
$form_rootid         = Filter::post('form_rootid', WT_REGEX_XREF);
$form_theme          = Filter::post('form_theme', implode('|', array_keys(Theme::themeNames())), '');;
$form_language       = Filter::post('form_language');
$form_timezone       = Filter::post('form_timezone');
$form_contact_method = Filter::post('form_contact_method');
$form_visible_online = Filter::postBool('form_visible_online');

// Respond to form action
if ($form_action && Filter::checkCsrf()) {
    switch ($form_action) {
        case 'update':
            if ($form_username !== Auth::user()->getUserName() && User::findByUserName($form_username)) {
                FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'));
            } elseif ($form_email !== Auth::user()->getEmail() && User::findByEmail($form_email)) {
                FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
            } else {
                // Change username
                if ($form_username !== Auth::user()->getUserName()) {
                    Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username);
                    Auth::user()->setUserName($form_username);
                }

                // Change password
                if ($form_pass1 && $form_pass1 === $form_pass2) {
                    Auth::user()->setPassword($form_pass1);
                }

                // Change other settings
                Auth::user()
                ->setRealName($form_realname)
                ->setEmail($form_email)
                ->setPreference('language', $form_language)
                ->setPreference('TIMEZONE', $form_timezone)
                ->setPreference('contactmethod', $form_contact_method)
                ->setPreference('visibleonline', $form_visible_online ? '1' : '0');

                if ($form_theme === null) {
                    Auth::user()->deletePreference('theme');
                } else {
                    Auth::user()->setPreference('theme', $form_theme);
                }

                $WT_TREE->setUserPreference(Auth::user(), 'rootid', $form_rootid);
            }
            break;

        case 'delete':
            // An administrator can only be deleted by another administrator
            if (!Auth::user()->getPreference('canadmin')) {
                // Keep a reference to the currently logged in user because after logging out this user,
                // a call to Auth::user() will not return this user anymore
                $currentUser = Auth::user();
                Auth::logout();
                $currentUser->delete();
            }
            break;
    }

    header('Location: ' . WT_BASE_URL . WT_SCRIPT_NAME);

    return;
}

$controller = new PageController;
$controller
    ->setPageTitle(I18N::translate('My account'))
    ->pageHeader()
    ->addExternalJavascript(WT_AUTOCOMPLETE_JS_URL)
    ->addInlineJavascript('autocomplete();');

$my_individual_record = Individual::getInstance($WT_TREE->getUserPreference(Auth::user(), 'gedcomid'), $WT_TREE);
$default_individual   = Individual::getInstance($WT_TREE->getUserPreference(Auth::user(), 'rootid'), $WT_TREE);

// Form validation
?>
<script>
function checkform(frm) {
    if (frm.form_username.value=="") {
        alert("<?php echo I18N::translate('You must enter a username.'); ?>");
        frm.form_username.focus();
        return false;
    }
    if (frm.form_realname.value=="") {
        alert("<?php echo I18N::translate('You must enter a real name.'); ?>");
        frm.form_realname.focus();
        return false;
    }
    if (frm.form_pass1.value!=frm.form_pass2.value) {
        alert("<?php echo I18N::translate('The passwords do not match.'); ?>");
        frm.form_pass1.focus();
        return false;
    }
    if (frm.form_pass1.value.length > 0 && frm.form_pass1.value.length < 6) {
        alert("<?php echo I18N::translate('Passwords must contain at least 6 characters.'); ?>");
        frm.form_pass1.focus();
        return false;
    }
    return true;
}
</script>

<div id="edituser-page">
    <h2><?php echo $controller->getPageTitle(); ?></h2>

    <form name="editform" method="post" action="?" onsubmit="return checkform(this);">

        <input type="hidden" id="form_action" name="form_action" value="update">
        <?php echo Filter::getCsrf(); ?>

        <div id="edituser-table">
            <div class="label">
                <label for="form_username">
                    <?php echo I18N::translate('Username'); ?>
                </label>
            </div>
            <div class="value">
                <input type="text" id="form_username" name="form_username" value="<?php echo Filter::escapeHtml(Auth::user()->getUserName()); ?>" dir="auto">
                <p class="small text-muted">
                    <?php echo I18N::translate('Usernames are case-insensitive and ignore accented letters, so that “chloe”, “chloë”, and “Chloe” are considered to be the same.'); ?>
                </p>
            </div>

            <div class="label">
                <label for="form_realname">
                    <?php echo I18N::translate('Real name'); ?>
                </label>
            </div>
            <div class="value">
                <input type="text" id="form_realname" name="form_realname" value="<?php echo Filter::escapeHtml(Auth::user()->getRealName()); ?>" dir="auto">
                <p class="small text-muted">
                    <?php echo I18N::translate('This is your real name, as you would like it displayed on screen.'); ?>
                </p>
            </div>

            <div class="label">
                <?php echo I18N::translate('Individual record'); ?>
            </div>
            <div class="value">
                <?php if ($my_individual_record): ?>
                    <?php echo $my_individual_record->formatList('span'); ?>
                <?php else: ?>
                    <?php echo I18N::translateContext('unknown people', 'Unknown'); ?>
                <?php endif; ?>
                <p class="small text-muted">
                    <?php echo I18N::translate('This is a link to your own record in the family tree. If this is the wrong individual, contact an administrator.'); ?>
                </p>
            </div>

            <div class="label">
                <label for="form_rootid">
                    <?php echo I18N::translate('Default individual'); ?>
                </label>
            </div>
            <div class="value">
                <input data-autocomplete-type="INDI" type="text" name="form_rootid" id="form_rootid" value="<?php echo $WT_TREE->getUserPreference(Auth::user(), 'rootid'); ?>">
                <?php echo FunctionsPrint::printFindIndividualLink('form_rootid'); ?>
                <br>
                <?php if ($default_individual): ?>
                    <?php echo $default_individual->formatList('span'); ?>
                <?php endif; ?>
                <p class="small text-muted">
                    <?php echo I18N::translate('This individual will be selected by default when viewing charts and reports.'); ?>
                </p>
            </div>

            <div class="label">
                <label for="form_pass1">
                    <?php echo I18N::translate('Password'); ?>
                </label>
            </div>
            <div class="value">
                <input type="password" id="form_pass1" name="form_pass1">
                <p class="small text-muted">
                    <?php echo I18N::translate('Passwords must be at least 6 characters long and are case-sensitive, so that “secret” is different from “SECRET”.'); ?>
                    <?php echo I18N::translate('Leave the password blank if you want to keep the current password.'); ?>
                </p>
            </div>

            <div class="label">
                <label for="form_pass2">
                    <?php echo I18N::translate('Confirm password'); ?>
                </label>
            </div>
            <div class="value">
                <input type="password" id="form_pass2" name="form_pass2">
                <p class="small text-muted">
                    <?php echo I18N::translate('Type your password again, to make sure you have typed it correctly.'); ?>
                </p>
            </div>

            <div class="label">
                <label for="form_language">
                    <?php echo I18N::translate('Language'); ?>
                </label>
            </div>
            <div class="value">
                <?php echo FunctionsEdit::editFieldLanguage('form_language', Auth::user()->getPreference('language')); ?>
            </div>

            <div class="label">
                <label for="form_timezone">
                    <?php echo I18N::translate('Time zone'); ?>
                </label>
            </div>
            <div class="value">
                <?php echo FunctionsEdit::selectEditControl('form_timezone', array_combine(\DateTimeZone::listIdentifiers(), \DateTimeZone::listIdentifiers()), null, Auth::user()->getPreference('TIMEZONE') ?: 'UTC', 'class="form-control"'); ?>
                <p class="small text-muted">
                    <?php echo I18N::translate('The time zone is required for date calculations, such as knowing today’s date.'); ?>
                </p>
            </div>

            <div class="label">
                <label for="form_email">
                    <?php echo I18N::translate('Email address'); ?>
                </label>
            </div>
            <div class="value">
                <input type="email" id="form_email" name="form_email" value="<?php echo Filter::escapeHtml(Auth::user()->getEmail()); ?>" size="50" pattern=".*@[^.]+\..*" maxlength="64">
                <p class="small text-muted">
                    <?php echo I18N::translate('This email address will be used to send password reminders, website notifications, and messages from other family members who are registered on the website.'); ?>
                </p>
            </div>
            <?php if (Site::getPreference('ALLOW_USER_THEMES')): ?>

            <div class="label">
                <label for="form_theme">
                    <?php echo I18N::translate('Theme'); ?>
                </label>
            </div>
            <div class="value">
                <select id="form_theme" name="form_theme">
                    <option value="">
                        <?php echo Filter::escapeHtml(/* I18N: default option in list of themes */ I18N::translate('<default theme>')); ?>
                    </option>
                    <?php foreach (Theme::themeNames() as $theme_id => $theme_name): ?>
                    <option value="<?php echo $theme_id; ?>" <?php echo $theme_id === Auth::user()->getPreference('theme') ? 'selected' : ''; ?>>
                        <?php echo $theme_name; ?>
                    </option>
                    <?php endforeach; ?>
                </select>
                <p class="small text-muted">
                    <?php echo /* I18N: Help text for the "Default theme" site configuration setting */ I18N::translate('You can change the appearance of webtrees using “themes”. Each theme has a different style, layout, color scheme, etc.'); ?>
                </p>
            </div>
            <?php endif; ?>

            <div class="label">
                <label for="form_contact_method">
                    <?php echo I18N::translate('Contact method'); ?>
                </label>
            </div>
            <div class="value">
                <?php echo FunctionsEdit::editFieldContact('form_contact_method', Auth::user()->getPreference('contactmethod')); ?>
                <p class="small text-muted">
                    <?php echo I18N::translate('Site members can send each other messages. You can choose to how these messages are sent to you, or choose not receive them at all.'); ?>
                </p>
            </div>

            <div class="label">
                <label for="form_visible_online">
                    <?php echo I18N::translate('Visible to other users when online'); ?>
                </label>
            </div>
            <div class="value">
                <?php echo FunctionsEdit::checkbox('form_visible_online', Auth::user()->getPreference('visibleonline')); ?>

It seems like Fisharebest\Webtrees\Auth::user()->getPreference('visibleonline') can also be of type string; however, parameter $is_checked of Fisharebest\Webtrees\Functions\FunctionsEdit::checkbox() does only seem to accept boolean, maybe add an additional type check?

                <p class="small text-muted">
                    <?php echo I18N::translate('You can choose whether to appear in the list of users who are currently signed-in.'); ?>
                </p>
            </div>
        </div>
        <div id="edituser_submit">
            <input type="submit" value="<?php echo I18N::translate('save'); ?>">
        </div>
        <?php if (!Auth::user()->getPreference('canadmin')): ?>
        <a href="#" onclick="if (confirm('<?php echo I18N::translate('Are you sure you want to delete “%s”?', Filter::escapeJs(Auth::user()->getUserName())); ?>')) {jQuery('#form_action').val('delete'); document.editform.submit(); }">
            <?php echo I18N::translate('Delete your account'); ?>
        </a>
        <?php endif; ?>
    </form>
</div>