Issues in user_settings.php (master) - Issues in master - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2473)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

engine/lib/user_settings.php (1 issue)

Labels

Compatibility 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Elgg user settings functions.
 * Functions for adding and manipulating options on the user settings panel.
 *
 * @package Elgg.Core
 * @subpackage Settings.User
 */

/**
 * Set a user's password
 * Returns null if no change is required
 * Returns true or false indicating success or failure if change was needed
 * 
 * @return bool|void
 * @since 1.8.0
 * @access private
 */
function _elgg_set_user_password() {
	$current_password = get_input('current_password', null, false);
	$password = get_input('password', null, false);
	$password2 = get_input('password2', null, false);
	$user_guid = get_input('guid');

	if ($user_guid) {
		$user = get_user($user_guid);
	} else {
		$user = elgg_get_logged_in_user_entity();
	}

	if ($user && $password) {
		// let admin user change anyone's password without knowing it except his own.
		if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
			$credentials = array(
				'username' => $user->username,
				'password' => $current_password
			);

			try {
				pam_auth_userpass($credentials);
			} catch (LoginException $e) {
				register_error(elgg_echo('LoginException:ChangePasswordFailure'));
				return false;
			}
		}

		try {
			$result = validate_password($password);
		} catch (RegistrationException $e) {
			register_error($e->getMessage());
			return false;
		}

		if ($result) {
			if ($password == $password2) {
				$user->setPassword($password);
				_elgg_services()->persistentLogin->handlePasswordChange($user, elgg_get_logged_in_user_entity());


				if ($user->save()) {
					system_message(elgg_echo('user:password:success'));
					return true;
				} else {
					register_error(elgg_echo('user:password:fail'));
				}
			} else {
				register_error(elgg_echo('user:password:fail:notsame'));
			}
		} else {
			register_error(elgg_echo('user:password:fail:tooshort'));
		}
	} else {
		// no change
		return;
	}

	return false;
}

/**
 * Set a user's display name
 * Returns null if no change is required or input is not present in the form
 * Returns true or false indicating success or failure if change was needed
 * 
 * @return bool|void
 * @since 1.8.0
 * @access private
 */
function _elgg_set_user_name() {
	$name = get_input('name');
	$user_guid = get_input('guid');

	if (!isset($name)) {
		return;
	}

	$name = strip_tags($name);
	if ($user_guid) {
		$user = get_user($user_guid);
	} else {
		$user = elgg_get_logged_in_user_entity();
	}

	if (elgg_strlen($name) > 50) {
		register_error(elgg_echo('user:name:fail'));
		return false;
	}

	if ($user && $user->canEdit() && $name) {
		if ($name != $user->name) {
			$user->name = $name;
			if ($user->save()) {
				system_message(elgg_echo('user:name:success'));
				return true;
			} else {
				register_error(elgg_echo('user:name:fail'));
			}
		} else {
			// no change
			return;
		}
	} else {
		register_error(elgg_echo('user:name:fail'));
	}
	return false;
}

/**
 * Set a user's language
 * Returns null if no change is required or input is not present in the form
 * Returns true or false indicating success or failure if change was needed
 * 
 * @return bool|void
 * @since 1.8.0
 * @access private
 */
function _elgg_set_user_language() {
	$language = get_input('language');
	$user_guid = get_input('guid');

	if (!isset($language)) {
		return;
	}
	
	if ($user_guid) {
		$user = get_user($user_guid);
	} else {
		$user = elgg_get_logged_in_user_entity();
	}

	if ($user && $language) {
		if (strcmp($language, $user->language) != 0) {
			$user->language = $language;
			if ($user->save()) {
				system_message(elgg_echo('user:language:success'));
				return true;
			} else {
				register_error(elgg_echo('user:language:fail'));
			}
		} else {
			// no change
			return;
		}
	} else {
		register_error(elgg_echo('user:language:fail'));
	}
	return false;
}


/* CYU - CHECKS IF THE EMAIL THE USER ENTERS IN THE SYSTEM IS VALID OR NOT */
function domainNotValid($dom) 
{
	//elgg_log('cyu - checkInvalidDomain invoked | domain:'.$dom, 'NOTICE');
	elgg_load_library('c_ext_lib');
	$isNotValid = true;

	$result = getExtension();
	if (count($result) > 0)
	{
		while ($row = mysqli_fetch_array($result))
		{
			if ($row['ext'] === $dom)
			{
				//elgg_log('cyu - domain found in database!', 'NOTICE');
				$isNotValid = false;
				break;
			}
		}
	}

	if ($isNotValid)
	{
		$domain_addr = explode('.', $dom);
		$domain_len = count($domain_addr) - 1;

		if ($domain_addr[$domain_len - 1].'.'.$domain_addr[$domain_len] === 'gc.ca')
		{
			//elgg_log('cyu - domain:'.$dom. ' this is a valid domain', 'NOTICE');
			$isNotValid = false;
		} else {
			//elgg_log('cyu - domain:'.$dom. ' this is an invalid domain', 'NOTICE');
			$isNotValid = true;
		}
	}

	return $isNotValid;
}

/**
 * Set a user's email address
 * Returns null if no change is required or input is not present in the form
 * Returns true or false indicating success or failure if change was needed
 * 
 * @return bool|void
 * @since 1.8.0
 * @access private
 */
function _elgg_set_user_email() {
	$email = get_input('email');
	$user_guid = get_input('guid');

	if (!isset($email)) {
		return;
	}
	
	if ($user_guid) {
		$user = get_user($user_guid);
	} else {
		$user = elgg_get_logged_in_user_entity();
	}

	if (!is_email_address($email)) {
		register_error(elgg_echo('email:save:fail'));
		return false;
	}

	
	$domain = explode('@', $email);

	// cyu - we want the 2nd half of the email
	//elgg_log('cyu - checking email...'.$domain[1], 'NOTICE');
	if (domainNotValid($domain[1]))
	{
		//elgg_log('cyu - this domain is not valid...', 'NOTICE');
		//throw new RegistrationException(elgg_echo('Not a Government Email Address'));
		register_error('Not a Government email address...');
		return false;
	}



	if ($user) {
		if (strcmp($email, $user->email) != 0) {
			if (!get_user_by_email($email)) {
				if ($user->email != $email) {

					$user->email = $email;
					if ($user->save()) {
						system_message(elgg_echo('email:save:success'));
						return true;
					} else {
						register_error(elgg_echo('email:save:fail'));
					}
				}
			} else {
				register_error(elgg_echo('registration:dupeemail'));
			}
		} else {
			// no change
			return;
		}
	} else {
		register_error(elgg_echo('email:save:fail'));
	}
	return false;
}

/**
 * Set a user's default access level
 * Returns null if no change is required or input is not present in the form
 * Returns true or false indicating success or failure if change was needed
 *
 * @return bool|void
 * @since 1.8.0
 * @access private
 */
function _elgg_set_user_default_access() {

	if (!elgg_get_config('allow_user_default_access')) {
		return;
	}

	$default_access = get_input('default_access');
	$user_guid = get_input('guid');

	if ($user_guid) {
		$user = get_user($user_guid);
	} else {
		$user = elgg_get_logged_in_user_entity();
	}

	if ($user) {
		$current_default_access = $user->getPrivateSetting('elgg_default_access');
		if ($default_access !== $current_default_access) {
			if ($user->setPrivateSetting('elgg_default_access', $default_access)) {
				system_message(elgg_echo('user:default_access:success'));
				return true;
			} else {
				register_error(elgg_echo('user:default_access:failure'));
			}
		} else {
			// no change
			return;
		}
	} else {
		register_error(elgg_echo('user:default_access:failure'));
	}

	return false;
}

/**
 * Set up the menu for user settings
 *
 * @return void
 * @access private
 */
function _elgg_user_settings_menu_setup() {
	$user = elgg_get_page_owner_entity();

	if (!$user) {
		return;
	}

	if (!elgg_in_context("settings")) {
		return;
	}
	
	$params = array(
		'name' => '1_account',
		'text' => elgg_echo('usersettings:user:opt:linktext'),
		'href' => "settings/user/{$user->username}",
		'section' => 'configure',
	);
	elgg_register_menu_item('page', $params);
	$params = array(
		'name' => '1_plugins',
		'text' => elgg_echo('usersettings:plugins:opt:linktext'),
		'href' => '#',
		'section' => 'configure',
	);
	elgg_register_menu_item('page', $params);
	$params = array(
		'name' => '1_statistics',
		'text' => elgg_echo('usersettings:statistics:opt:linktext'),
		'href' => "settings/statistics/{$user->username}",
		'section' => 'configure',
	);
	elgg_register_menu_item('page', $params);
	$params = array(
			'name' => '2_a_user_notify',
			'text' => elgg_echo('notifications:subscriptions:changesettings'),
			'href' => "notifications/personal/{$user->username}",
			'section' => "configure",
            );
    
		elgg_register_menu_item('page', $params);
		
		if (elgg_is_active_plugin('groups')) {
			$params = array(
            'name' => '2_group_notify',
			'text' => elgg_echo('notifications:subscriptions:changesettings:groups'),
			'href' => "notifications/group/{$user->username}",
			'section' => "configure",
			);
			elgg_register_menu_item('page', $params);
		}
	// register plugin user settings menu items
	$active_plugins = elgg_get_plugins();
	
	foreach ($active_plugins as $plugin) {
		$plugin_id = $plugin->getID();
		if (elgg_view_exists("usersettings/$plugin_id/edit") || elgg_view_exists("plugins/$plugin_id/usersettings")) {
			$params = array(
				'name' => $plugin_id,
				'text' => $plugin->getFriendlyName(),
				'href' => "settings/plugins/{$user->username}/$plugin_id",
				'parent_name' => '1_plugins',
				'section' => 'configure',
			);
			elgg_register_menu_item('page', $params);
		}
	}
	
	elgg_register_plugin_hook_handler("prepare", "menu:page", "_elgg_user_settings_menu_prepare");
}

/**
 * Prepares the page menu to strip out empty plugins menu item for user settings
 *
 * @param string $hook   prepare
 * @param string $type   menu:page
 * @param array  $value  array of menu items
 * @param array  $params menu related parameters
 *
 * @return array
 * @access private
 */
function _elgg_user_settings_menu_prepare($hook, $type, $value, $params) {
	if (empty($value)) {
		return $value;
	}
	
	if (!elgg_in_context("settings")) {
		return $value;
	}
	
	$configure = elgg_extract("configure", $value);
	if (empty($configure)) {
		return $value;
	}	
	
	foreach ($configure as $index => $menu_item) {
		if (!($menu_item instanceof ElggMenuItem)) {
			continue;	
		}
		
		if ($menu_item->getName() == "1_plugins") {
			if (!$menu_item->getChildren()) {
				// no need for this menu item if it has no children
				unset($value["configure"][$index]);	
			}
		}
	}
	
	return $value;
}

/**
 * Page handler for user settings
 *
 * @param array $page Pages array
 *
 * @return bool
 * @access private
 */
function _elgg_user_settings_page_handler($page) {
	global $CONFIG;

	if (!isset($page[0])) {
		$page[0] = 'user';
	}

	if (isset($page[1])) {
		$user = get_user_by_username($page[1]);
		elgg_set_page_owner_guid($user->guid);
	} else {
		$user = elgg_get_logged_in_user_entity();
		elgg_set_page_owner_guid($user->guid);
	}

	elgg_push_breadcrumb(elgg_echo('settings'), "settings/user/$user->username");

	switch ($page[0]) {
		case 'statistics':
			elgg_push_breadcrumb(elgg_echo('usersettings:statistics:opt:linktext'));
			$path = $CONFIG->path . "pages/settings/statistics.php";
			break;
		case 'plugins':
			if (isset($page[2])) {
				set_input("plugin_id", $page[2]);
				elgg_push_breadcrumb(elgg_echo('usersettings:plugins:opt:linktext'));
				$path = $CONFIG->path . "pages/settings/tools.php";
			}
			break;
		case 'user':
			$path = $CONFIG->path . "pages/settings/account.php";
			break;
	}

	if (isset($path)) {
		require $path;
		return true;
	}
	return false;
}

/**
 * Initialize the user settings library
 *
 * @return void
 * @access private
 */
function _elgg_user_settings_init() {
	elgg_register_page_handler('settings', '_elgg_user_settings_page_handler');

	elgg_register_event_handler('pagesetup', 'system', '_elgg_user_settings_menu_setup');

	elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_language');
	elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_password');
	elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_default_access');
	elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_name');
	elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_email');
	
	elgg_register_action("usersettings/save");

	// extend the account settings form
	elgg_extend_view('forms/account/settings', 'core/settings/account/name', 100);
	elgg_extend_view('forms/account/settings', 'core/settings/account/password', 100);
	elgg_extend_view('forms/account/settings', 'core/settings/account/email', 100);
	elgg_extend_view('forms/account/settings', 'core/settings/account/language', 100);
	elgg_extend_view('forms/account/settings', 'core/settings/account/default_access', 100);
}

return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
	$events->registerHandler('init', 'system', '_elgg_user_settings_init');
};


1		<?php
2		/**
3		* Elgg user settings functions.
4		* Functions for adding and manipulating options on the user settings panel.
5		*
6		* @package Elgg.Core
7		* @subpackage Settings.User
8		*/
9
10		/**
11		* Set a user's password
12		* Returns null if no change is required
13		* Returns true or false indicating success or failure if change was needed
14		*
15		* @return bool\|void
16		* @since 1.8.0
17		* @access private
18		*/
19	View Code Duplication	function _elgg_set_user_password() {
20		$current_password = get_input('current_password', null, false);
21		$password = get_input('password', null, false);
22		$password2 = get_input('password2', null, false);
23		$user_guid = get_input('guid');
24
25		if ($user_guid) {
26		$user = get_user($user_guid);
27		} else {
28		$user = elgg_get_logged_in_user_entity();
29		}
30
31		if ($user && $password) {
32		// let admin user change anyone's password without knowing it except his own.
33		if (!elgg_is_admin_logged_in() \|\| elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
34		$credentials = array(
35		'username' => $user->username,
36		'password' => $current_password
37		);
38
39		try {
40		pam_auth_userpass($credentials);
41		} catch (LoginException $e) {
42		register_error(elgg_echo('LoginException:ChangePasswordFailure'));
43		return false;
44		}
45		}
46
47		try {
48		$result = validate_password($password);
49		} catch (RegistrationException $e) {
50		register_error($e->getMessage());
51		return false;
52		}
53
54		if ($result) {
55		if ($password == $password2) {
56		$user->setPassword($password);
57		_elgg_services()->persistentLogin->handlePasswordChange($user, elgg_get_logged_in_user_entity());
		0 ignored issues – show Compatibility introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$user` of type `object<ElggEntity>` is not a sub-type of `object<ElggUser>`. It seems like you assume a child class of the class `ElggEntity` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
58
59		if ($user->save()) {
60		system_message(elgg_echo('user:password:success'));
61		return true;
62		} else {
63		register_error(elgg_echo('user:password:fail'));
64		}
65		} else {
66		register_error(elgg_echo('user:password:fail:notsame'));
67		}
68		} else {
69		register_error(elgg_echo('user:password:fail:tooshort'));
70		}
71		} else {
72		// no change
73		return;
74		}
75
76		return false;
77		}
78
79		/**
80		* Set a user's display name
81		* Returns null if no change is required or input is not present in the form
82		* Returns true or false indicating success or failure if change was needed
83		*
84		* @return bool\|void
85		* @since 1.8.0
86		* @access private
87		*/
88		function _elgg_set_user_name() {
89		$name = get_input('name');
90		$user_guid = get_input('guid');
91
92		if (!isset($name)) {
93		return;
94		}
95
96		$name = strip_tags($name);
97		if ($user_guid) {
98		$user = get_user($user_guid);
99		} else {
100		$user = elgg_get_logged_in_user_entity();
101		}
102
103		if (elgg_strlen($name) > 50) {
104		register_error(elgg_echo('user:name:fail'));
105		return false;
106		}
107
108		if ($user && $user->canEdit() && $name) {
109		if ($name != $user->name) {
110		$user->name = $name;
111		if ($user->save()) {
112		system_message(elgg_echo('user:name:success'));
113		return true;
114		} else {
115		register_error(elgg_echo('user:name:fail'));
116		}
117		} else {
118		// no change
119		return;
120		}
121		} else {
122		register_error(elgg_echo('user:name:fail'));
123		}
124		return false;
125		}
126
127		/**
128		* Set a user's language
129		* Returns null if no change is required or input is not present in the form
130		* Returns true or false indicating success or failure if change was needed
131		*
132		* @return bool\|void
133		* @since 1.8.0
134		* @access private
135		*/
136	View Code Duplication	function _elgg_set_user_language() {
137		$language = get_input('language');
138		$user_guid = get_input('guid');
139
140		if (!isset($language)) {
141		return;
142		}
143
144		if ($user_guid) {
145		$user = get_user($user_guid);
146		} else {
147		$user = elgg_get_logged_in_user_entity();
148		}
149
150		if ($user && $language) {
151		if (strcmp($language, $user->language) != 0) {
152		$user->language = $language;
153		if ($user->save()) {
154		system_message(elgg_echo('user:language:success'));
155		return true;
156		} else {
157		register_error(elgg_echo('user:language:fail'));
158		}
159		} else {
160		// no change
161		return;
162		}
163		} else {
164		register_error(elgg_echo('user:language:fail'));
165		}
166		return false;
167		}
168
169
170		/* CYU - CHECKS IF THE EMAIL THE USER ENTERS IN THE SYSTEM IS VALID OR NOT */
171	View Code Duplication	function domainNotValid($dom)
172		{
173		//elgg_log('cyu - checkInvalidDomain invoked \| domain:'.$dom, 'NOTICE');
174		elgg_load_library('c_ext_lib');
175		$isNotValid = true;
176
177		$result = getExtension();
178		if (count($result) > 0)
179		{
180		while ($row = mysqli_fetch_array($result))
181		{
182		if ($row['ext'] === $dom)
183		{
184		//elgg_log('cyu - domain found in database!', 'NOTICE');
185		$isNotValid = false;
186		break;
187		}
188		}
189		}
190
191		if ($isNotValid)
192		{
193		$domain_addr = explode('.', $dom);
194		$domain_len = count($domain_addr) - 1;
195
196		if ($domain_addr[$domain_len - 1].'.'.$domain_addr[$domain_len] === 'gc.ca')
197		{
198		//elgg_log('cyu - domain:'.$dom. ' this is a valid domain', 'NOTICE');
199		$isNotValid = false;
200		} else {
201		//elgg_log('cyu - domain:'.$dom. ' this is an invalid domain', 'NOTICE');
202		$isNotValid = true;
203		}
204		}
205
206		return $isNotValid;
207		}
208
209		/**
210		* Set a user's email address
211		* Returns null if no change is required or input is not present in the form
212		* Returns true or false indicating success or failure if change was needed
213		*
214		* @return bool\|void
215		* @since 1.8.0
216		* @access private
217		*/
218	View Code Duplication	function _elgg_set_user_email() {
219		$email = get_input('email');
220		$user_guid = get_input('guid');
221
222		if (!isset($email)) {
223		return;
224		}
225
226		if ($user_guid) {
227		$user = get_user($user_guid);
228		} else {
229		$user = elgg_get_logged_in_user_entity();
230		}
231
232		if (!is_email_address($email)) {
233		register_error(elgg_echo('email:save:fail'));
234		return false;
235		}
236
237
238		$domain = explode('@', $email);
239
240		// cyu - we want the 2nd half of the email
241		//elgg_log('cyu - checking email...'.$domain[1], 'NOTICE');
242		if (domainNotValid($domain[1]))
243		{
244		//elgg_log('cyu - this domain is not valid...', 'NOTICE');
245		//throw new RegistrationException(elgg_echo('Not a Government Email Address'));
246		register_error('Not a Government email address...');
247		return false;
248		}
249
250
251
252		if ($user) {
253		if (strcmp($email, $user->email) != 0) {
254		if (!get_user_by_email($email)) {
255		if ($user->email != $email) {
256
257		$user->email = $email;
258		if ($user->save()) {
259		system_message(elgg_echo('email:save:success'));
260		return true;
261		} else {
262		register_error(elgg_echo('email:save:fail'));
263		}
264		}
265		} else {
266		register_error(elgg_echo('registration:dupeemail'));
267		}
268		} else {
269		// no change
270		return;
271		}
272		} else {
273		register_error(elgg_echo('email:save:fail'));
274		}
275		return false;
276		}
277
278		/**
279		* Set a user's default access level
280		* Returns null if no change is required or input is not present in the form
281		* Returns true or false indicating success or failure if change was needed
282		*
283		* @return bool\|void
284		* @since 1.8.0
285		* @access private
286		*/
287	View Code Duplication	function _elgg_set_user_default_access() {
288
289		if (!elgg_get_config('allow_user_default_access')) {
290		return;
291		}
292
293		$default_access = get_input('default_access');
294		$user_guid = get_input('guid');
295
296		if ($user_guid) {
297		$user = get_user($user_guid);
298		} else {
299		$user = elgg_get_logged_in_user_entity();
300		}
301
302		if ($user) {
303		$current_default_access = $user->getPrivateSetting('elgg_default_access');
304		if ($default_access !== $current_default_access) {
305		if ($user->setPrivateSetting('elgg_default_access', $default_access)) {
306		system_message(elgg_echo('user:default_access:success'));
307		return true;
308		} else {
309		register_error(elgg_echo('user:default_access:failure'));
310		}
311		} else {
312		// no change
313		return;
314		}
315		} else {
316		register_error(elgg_echo('user:default_access:failure'));
317		}
318
319		return false;
320		}
321
322		/**
323		* Set up the menu for user settings
324		*
325		* @return void
326		* @access private
327		*/
328		function _elgg_user_settings_menu_setup() {
329		$user = elgg_get_page_owner_entity();
330
331		if (!$user) {
332		return;
333		}
334
335		if (!elgg_in_context("settings")) {
336		return;
337		}
338
339		$params = array(
340		'name' => '1_account',
341		'text' => elgg_echo('usersettings:user:opt:linktext'),
342		'href' => "settings/user/{$user->username}",
343		'section' => 'configure',
344		);
345		elgg_register_menu_item('page', $params);
346		$params = array(
347		'name' => '1_plugins',
348		'text' => elgg_echo('usersettings:plugins:opt:linktext'),
349		'href' => '#',
350		'section' => 'configure',
351		);
352		elgg_register_menu_item('page', $params);
353		$params = array(
354		'name' => '1_statistics',
355		'text' => elgg_echo('usersettings:statistics:opt:linktext'),
356		'href' => "settings/statistics/{$user->username}",
357		'section' => 'configure',
358		);
359		elgg_register_menu_item('page', $params);
360		$params = array(
361		'name' => '2_a_user_notify',
362		'text' => elgg_echo('notifications:subscriptions:changesettings'),
363		'href' => "notifications/personal/{$user->username}",
364		'section' => "configure",
365		);
366
367		elgg_register_menu_item('page', $params);
368
369	View Code Duplication	if (elgg_is_active_plugin('groups')) {
370		$params = array(
371		'name' => '2_group_notify',
372		'text' => elgg_echo('notifications:subscriptions:changesettings:groups'),
373		'href' => "notifications/group/{$user->username}",
374		'section' => "configure",
375		);
376		elgg_register_menu_item('page', $params);
377		}
378		// register plugin user settings menu items
379		$active_plugins = elgg_get_plugins();
380
381	View Code Duplication	foreach ($active_plugins as $plugin) {
382		$plugin_id = $plugin->getID();
383		if (elgg_view_exists("usersettings/$plugin_id/edit") \|\| elgg_view_exists("plugins/$plugin_id/usersettings")) {
384		$params = array(
385		'name' => $plugin_id,
386		'text' => $plugin->getFriendlyName(),
387		'href' => "settings/plugins/{$user->username}/$plugin_id",
388		'parent_name' => '1_plugins',
389		'section' => 'configure',
390		);
391		elgg_register_menu_item('page', $params);
392		}
393		}
394
395		elgg_register_plugin_hook_handler("prepare", "menu:page", "_elgg_user_settings_menu_prepare");
396		}
397
398		/**
399		* Prepares the page menu to strip out empty plugins menu item for user settings
400		*
401		* @param string $hook prepare
402		* @param string $type menu:page
403		* @param array $value array of menu items
404		* @param array $params menu related parameters
405		*
406		* @return array
407		* @access private
408		*/
409	View Code Duplication	function _elgg_user_settings_menu_prepare($hook, $type, $value, $params) {
410		if (empty($value)) {
411		return $value;
412		}
413
414		if (!elgg_in_context("settings")) {
415		return $value;
416		}
417
418		$configure = elgg_extract("configure", $value);
419		if (empty($configure)) {
420		return $value;
421		}
422
423		foreach ($configure as $index => $menu_item) {
424		if (!($menu_item instanceof ElggMenuItem)) {
425		continue;
426		}
427
428		if ($menu_item->getName() == "1_plugins") {
429		if (!$menu_item->getChildren()) {
430		// no need for this menu item if it has no children
431		unset($value["configure"][$index]);
432		}
433		}
434		}
435
436		return $value;
437		}
438
439		/**
440		* Page handler for user settings
441		*
442		* @param array $page Pages array
443		*
444		* @return bool
445		* @access private
446		*/
447		function _elgg_user_settings_page_handler($page) {
448		global $CONFIG;
449
450		if (!isset($page[0])) {
451		$page[0] = 'user';
452		}
453
454	View Code Duplication	if (isset($page[1])) {
455		$user = get_user_by_username($page[1]);
456		elgg_set_page_owner_guid($user->guid);
457		} else {
458		$user = elgg_get_logged_in_user_entity();
459		elgg_set_page_owner_guid($user->guid);
460		}
461
462		elgg_push_breadcrumb(elgg_echo('settings'), "settings/user/$user->username");
463
464		switch ($page[0]) {
465		case 'statistics':
466		elgg_push_breadcrumb(elgg_echo('usersettings:statistics:opt:linktext'));
467		$path = $CONFIG->path . "pages/settings/statistics.php";
468		break;
469		case 'plugins':
470		if (isset($page[2])) {
471		set_input("plugin_id", $page[2]);
472		elgg_push_breadcrumb(elgg_echo('usersettings:plugins:opt:linktext'));
473		$path = $CONFIG->path . "pages/settings/tools.php";
474		}
475		break;
476		case 'user':
477		$path = $CONFIG->path . "pages/settings/account.php";
478		break;
479		}
480
481		if (isset($path)) {
482		require $path;
483		return true;
484		}
485		return false;
486		}
487
488		/**
489		* Initialize the user settings library
490		*
491		* @return void
492		* @access private
493		*/
494	View Code Duplication	function _elgg_user_settings_init() {
495		elgg_register_page_handler('settings', '_elgg_user_settings_page_handler');
496
497		elgg_register_event_handler('pagesetup', 'system', '_elgg_user_settings_menu_setup');
498
499		elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_language');
500		elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_password');
501		elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_default_access');
502		elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_name');
503		elgg_register_plugin_hook_handler('usersettings:save', 'user', '_elgg_set_user_email');
504
505		elgg_register_action("usersettings/save");
506
507		// extend the account settings form
508		elgg_extend_view('forms/account/settings', 'core/settings/account/name', 100);
509		elgg_extend_view('forms/account/settings', 'core/settings/account/password', 100);
510		elgg_extend_view('forms/account/settings', 'core/settings/account/email', 100);
511		elgg_extend_view('forms/account/settings', 'core/settings/account/language', 100);
512		elgg_extend_view('forms/account/settings', 'core/settings/account/default_access', 100);
513		}
514
515		return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
516		$events->registerHandler('init', 'system', '_elgg_user_settings_init');
517		};
518

gctools-outilsgc / gcconnex

Issues (2473)

Security Analysis no vulnerabilities found

engine/lib/user_settings.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like