search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / account_page.php
blob435e340cc222cccfe3925bfe1578ce0a1920a4d4
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * CALLERS
19 * This page is called from:
20 * - print_menu()
21 * - print_account_menu()
22 * - header redirects from account_*.php
23 * - included by verify.php to allow user to change their password
24 *
25 * EXPECTED BEHAVIOUR
26 * - Display the user's current settings
27 * - Allow the user to edit their settings
28 * - Allow the user to save their changes
29 * - Allow the user to delete their account if account deletion is enabled
30 *
31 * CALLS
32 * This page calls the following pages:
33 * - account_update.php (to save changes)
34 * - account_delete.php (to delete the user's account)
35 *
36 * RESTRICTIONS & PERMISSIONS
37 * - User must be authenticated
38 * - The user's account must not be protected
39 *
40 * @package MantisBT
41 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
42 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
43 * @link http://www.mantisbt.org
44 *
45 * @uses core.php
46 * @uses authentication_api.php
47 * @uses config_api.php
48 * @uses constant_inc.php
49 * @uses current_user_api.php
50 * @uses form_api.php
51 * @uses helper_api.php
52 * @uses html_api.php
53 * @uses lang_api.php
54 * @uses ldap_api.php
55 * @uses print_api.php
56 * @uses string_api.php
57 * @uses user_api.php
58 * @uses utility_api.php
59 */
60
61 /**
62 * MantisBT Core API's
63 */
64 require_once( 'core.php' );
65 require_api( 'authentication_api.php' );
66 require_api( 'config_api.php' );
67 require_api( 'constant_inc.php' );
68 require_api( 'current_user_api.php' );
69 require_api( 'form_api.php' );
70 require_api( 'helper_api.php' );
71 require_api( 'html_api.php' );
72 require_api( 'lang_api.php' );
73 require_api( 'ldap_api.php' );
74 require_api( 'print_api.php' );
75 require_api( 'string_api.php' );
76 require_api( 'user_api.php' );
77 require_api( 'utility_api.php' );
78
79 #============ Parameters ============
80 # (none)
81
82 #============ Permissions ============
83 auth_ensure_user_authenticated();
84
85 current_user_ensure_unprotected();
86
87 # extracts the user information for the currently logged in user
88 # and prefixes it with u_
89 $row = user_get_row( auth_get_current_user_id() );
90 extract( $row, EXTR_PREFIX_ALL, 'u' );
91
92 $t_ldap = ( LDAP == config_get( 'login_method' ) );
93
94 # In case we're using LDAP to get the email address... this will pull out
95 # that version instead of the one in the DB
96 $u_email = user_get_email( $u_id, $u_username );
97
98 # note if we are being included by a script of a different name, if so,
99 # this is a mandatory password change request
100 $t_force_pw_reset = is_page_name( 'verify.php' );
101
102 # Only show the update button if there is something to update.
103 $t_show_update_button = false;
104
105 html_page_top( lang_get( 'account_link' ) );
106
107 if ( $t_force_pw_reset ) {
108 echo '<div id="reset-passwd-msg" class="important-msg">';
109 echo '<ul>';
110 echo '<li>' . lang_get( 'verify_warning' ) . '</li>';
111 if ( helper_call_custom_function( 'auth_can_change_password', array() ) ) {
112 echo '<li>' . lang_get( 'verify_change_password' ) . '</li>';
113 }
114 echo '</ul>';
115 echo '</div>';
116 }
117 ?>
118
119 <div id="account-update-div" class="form-container">
120 <form id="account-update-form" method="post" action="account_update.php">
121 <fieldset <?php if ( $t_force_pw_reset ) { ?> class="has-required"<?php } ?>>
122 <legend><span><?php echo lang_get( 'edit_account_title' ); ?></span></legend>
123 <?php echo form_security_field( 'account_update' );
124 print_account_menu( 'account_page.php' );
125
126 if ( !helper_call_custom_function( 'auth_can_change_password', array() ) ) {
127 # With LDAP --> ?>
128 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
129 <span class="display-label"><span><?php echo lang_get( 'username' ) ?></span></span>
130 <span class="input"><span class="field-value"><?php echo string_display_line( $u_username ) ?></span></span>
131 <span class="label-style"></span>
132 </div>
133 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
134 <span class="display-label"><span><?php echo lang_get( 'password' ) ?></span></span>
135 <span class="input"><span class="field-value"><?php echo lang_get( 'no_password_change' ) ?></span></span>
136 <span class="label-style"></span>
137 </div><?php
138 } else {
139 # Without LDAP
140 $t_show_update_button = true;
141 ?>
142 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
143 <span class="display-label"><span><?php echo lang_get( 'username' ) ?></span></span>
144 <span class="input"><span class="field-value"><?php echo string_display_line( $u_username ) ?></span></span>
145 <span class="label-style"></span>
146 </div>
147 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
148 <label for="password" <?php if ( $t_force_pw_reset ) { ?> class="required" <?php } ?>><span><?php echo lang_get( 'password' ) ?></span></label>
149 <span class="input"><input id="password" type="password" name="password" size="32" maxlength="<?php echo PASSLEN; ?>" /></span>
150 <span class="label-style"></span>
151 </div>
152 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
153 <label for="password-confirm" <?php if ( $t_force_pw_reset ) { ?> class="required" <?php } ?>><span><?php echo lang_get( 'confirm_password' ) ?></span></label>
154 <span class="input"><input id="password-confirm" type="password" name="password_confirm" size="32" maxlength="<?php echo PASSLEN; ?>" /></span>
155 <span class="label-style"></span>
156 </div><?php
157 } ?>
158 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
159 <span class="display-label"><span><?php echo lang_get( 'email' ) ?></span></span>
160 <span class="input"><?php
161 if ( $t_ldap && ON == config_get( 'use_ldap_email' ) ) {
162 // With LDAP
163 echo '<span class="field-value">' . string_display_line( $u_email ) . '</span>';
164 } else {
165 // Without LDAP
166 $t_show_update_button = true;
167 print_email_input( 'email', $u_email );
168 } ?>
169 </span>
170 <span class="label-style"></span>
171 </div>
172 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"><?php
173 if ( $t_ldap && ON == config_get( 'use_ldap_realname' ) ) {
174 # With LDAP
175 echo '<span class="display-label"><span>' . lang_get( 'realname' ) . '</span></span>';
176 echo '<span class="input">';
177 echo '<span class="field-value">';
178 echo string_display_line( ldap_realname_from_username( $u_username ) );
179 echo '</span>';
180 echo '</span>';
181 } else {
182 # Without LDAP
183 $t_show_update_button = true;
184 echo '<label for="realname"><span>' . lang_get( 'realname' ) . '</span></label>';
185 echo '<span class="input">';
186 echo '<input id="realname" type="text" size="32" maxlength="' . REALLEN . '" name="realname" value="' . string_attribute( $u_realname ) . '" />';
187 echo '</span>';
188 } ?>
189 <span class="label-style"></span>
190 </div>
191 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
192 <span class="display-label"><span><?php echo lang_get( 'access_level' ) ?></span></span>
193 <span class="input"><span class="field-value"><?php echo get_enum_element( 'access_levels', $u_access_level ); ?></span></span>
194 <span class="label-style"></span>
195 </div>
196 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
197 <span class="display-label"><span><?php echo lang_get( 'access_level_project' ) ?></span></span>
198 <span class="input"><span class="field-value"><?php echo get_enum_element( 'access_levels', current_user_get_access_level() ); ?></span></span>
199 <span class="label-style"></span>
200 </div>
201 <?php
202 $t_projects = user_get_assigned_projects( auth_get_current_user_id() );
203 if( count( $t_projects ) > 0 ) {
204 echo '<div class="field-container ' . helper_alternate_class_no_attribute() . '">';
205 echo '<span class="display-label"><span>' . lang_get( 'assigned_projects' ) . '</span></span>';
206 echo '<div class="input">';
207 echo '<ul class="project-list">';
208 foreach( $t_projects AS $t_project_id=>$t_project ) {
209 $t_project_name = string_attribute( $t_project['name'] );
210 $t_view_state = $t_project['view_state'];
211 $t_access_level = $t_project['access_level'];
212 $t_access_level = get_enum_element( 'access_levels', $t_access_level );
213 $t_view_state = get_enum_element( 'project_view_state', $t_view_state );
214
215 echo '<li><span class="project-name">' . $t_project_name . '</span> <span class="access-level">' . $t_access_level . '</span> <span class="view-state">' . $t_view_state . '</span></li>';
216 }
217 echo '</ul>';
218 echo '</div>';
219 echo '<span class="label-style"></span>';
220 echo '</div>';
221 }
222 ?>
223 <?php if ( $t_show_update_button ) { ?>
224 <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get( 'update_user_button' ) ?>" /></span>
225 <?php } ?>
226 </fieldset>
227 </form>
228 </div>
229 <?php # check if users can't delete their own accounts
230 if ( ON == config_get( 'allow_account_delete' ) ) { ?>
231
232 <!-- Delete Button -->
233 <div class="form-container">
234 <form method="post" action="account_delete.php">
235 <fieldset>
236 <?php echo form_security_field( 'account_delete' ) ?>
237 <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get( 'delete_account_button' ) ?>" /></span>
238 </fieldset>
239 </form>
240 </div>
241 <?php
242 }
243 html_page_bottom();