adding the pages to change the user profile
authorToby Elliott <telliott@mozilla.com>
Mon, 25 May 2009 16:15:56 -0700
changeset 959 10964a3e04516d48bd88684455a4f9f62ffc8e91
parent 958 824d4943ed7877fcc000575230bb710e8745570c
child 960 0a83a78396025eb95ea1c8f409959affa0eb4c2c
push id595
push usertelliott@mozilla.com
push dateMon, 25 May 2009 23:16:01 +0000
adding the pages to change the user profile
server/lib/user.php
server/profile.php
server/templates/change_user_details.php
--- a/server/lib/user.php
+++ b/server/lib/user.php
@@ -7,16 +7,18 @@ class PersonaUser
 {
 	var $_dbh;
 
 	var $_username = null;
 	var $_display_username = null;
 	var $_unauthed_username = null;
 	var $_cookie_value = null;
 	var $_email = null;
+	var $_news = 0;
+	var $_description = null;
 	var $_privs = 0;
 	var $_errors = array();
 	var $_no_signup = 0;
 	
 	function __construct($username = null, $password = null, $hostname = null, $dbname = null) 
 	{
 		try
 		{
@@ -146,16 +148,48 @@ class PersonaUser
 		$this->_username = $username;
 		$this->_email = $email;
 		$this->_cookie_value = $username . " " . md5($username . md5($password) . PERSONAS_LOGIN_SALT . $_SERVER['REMOTE_ADDR']);
 		setcookie('PERSONA_USER', $this->_cookie_value, time() + 60*60*24*365, '/');
 
 		return 1;
 	}
 
+	
+	function update_user($username, $display_username = null, $email = "", $description = "", $news = 0)
+	{ 
+		if (!$username)
+			throw new Exception("No username", 404);
+
+		if (!$display_username)
+			$display_username = $username;		
+		
+		try
+		{
+			$insert_stmt = 'update users set display_username = :display_username, email = :email, description = :description, news = :news where username = :username';
+			$sth = $this->_dbh->prepare($insert_stmt);
+			$sth->bindParam(':username', $username);
+			$sth->bindParam(':display_username', $display_username);
+			$sth->bindParam(':email', $email);
+			$sth->bindParam(':description', $description);
+			$sth->bindParam(':news', $news);
+			$sth->execute();
+		}
+		catch( PDOException $exception )
+		{
+			error_log("update_user: " . $exception->getMessage());
+			#need to add a subcatch here for user already existing
+			$this->_errors['create_username'] = "A database problem occured. Please try again later.";
+			return 0;
+		}
+
+		$this->_email = $email;
+
+		return 1;
+	}
 	function update_password($username, $password)
 	{
 		if (!$username)
 		{
 			throw new Exception("No username", 404);
 		}
 		if (!$password)
 		{
@@ -329,16 +363,18 @@ class PersonaUser
 		$result = $sth->fetch(PDO::FETCH_ASSOC);
 		if ($result && $result['privs'] > 0) #0 is disabled
 		{
 			$this->_username = $result['username'];
 			$this->_display_username = $result['display_username'];
 			$this->_privs = $result['privs'];
 			$this->_cookie_value = $result['username'] . " " . md5($result['username'] . $result['md5'] . PERSONAS_LOGIN_SALT . $_SERVER['REMOTE_ADDR']);
 			$this->_email = $result['email'];	
+			$this->_description = $result['description'];	
+			$this->_news = $result['news'];	
 			return 1;
 		}
 		return 0;
 	}
 	
 	function authenticate_user_from_cookie($auth_cookie) 
 	{
 		if (!$auth_cookie)
@@ -365,16 +401,18 @@ class PersonaUser
 		
 		if ($result['privs'] > 0 && md5($username . $result['md5'] . PERSONAS_LOGIN_SALT . $_SERVER['REMOTE_ADDR']) == $token)
 		{
 			$this->_username = $result['username'];
 			$this->_display_username = $result['display_username'];
 			$this->_privs = $result['privs'];
 			$this->_cookie_value = $auth_cookie;
 			$this->_email = $result['email'];	
+			$this->_description = $result['description'];	
+			$this->_news = $result['news'];	
 			return 1;
 		}
 		return 0;
 	}
 
 	function generate_password_change_code($username)
 	{
 		if (!$username)
new file mode 100644
--- /dev/null
+++ b/server/profile.php
@@ -0,0 +1,83 @@
+<?php
+	require_once 'lib/personas_constants.php';
+	require_once 'lib/user.php';	
+
+	$user = new PersonaUser();
+	$user->authenticate();
+	$user->force_signin(1);
+	
+	
+	$_errors = array();
+	$return_url = null;
+	
+	$updated = 0;
+	$create = array();
+	
+	if (array_key_exists('update', $_POST))
+	{
+		#trying to create an account
+		$create['email'] = array_key_exists('create_email', $_POST) ? (ini_get('magic_quotes_gpc') ? stripslashes($_POST['create_email']) : $_POST['create_email']) : null;
+		$create['display_username'] = array_key_exists('create_display_username', $_POST) ? (ini_get('magic_quotes_gpc') ? stripslashes($_POST['create_display_username']) : $_POST['create_display_username']) : null;
+		$create['description'] = array_key_exists('create_description', $_POST) ? (ini_get('magic_quotes_gpc') ? stripslashes($_POST['create_description']) : $_POST['create_description']) : null;
+		$create['news'] = array_key_exists('news', $_POST);
+		$create['display_username'] = trim($create['display_username']);
+
+		$create['display_username'] = htmlspecialchars($create['display_username']);
+		$create['description'] = htmlspecialchars($create['description']);
+
+		if (!preg_match('/^[A-Z0-9\._%+-]+@[A-Z0-9\.-]+\.[A-Z]{2,4}$/i', $create['email'])) 
+			$_errors['create_email'] = "Invalid email address";
+		
+		if (strlen($create['display_username']) > 32)
+			$_errors['create_display_username'] = "Please limit your display name to 32 characters or less";
+
+		if (strlen($create['description']) > 256)
+			$_errors['create_description'] = "Please limit your description to 256 characters or less";
+
+		if (count($_errors) == 0 && $user->update_user($user->get_username(), $create['display_username'], $create['email'], $create['description'], $create['news']))
+		{
+			$updated = 1;
+		}
+	}
+	else
+	{
+		$create['email'] = $user->_email;
+		$create['display_username'] = $user->_display_username;
+		$create['description'] = $user->_description;
+		$create['news'] = $user->_news;
+	}
+	
+	$title = "Login"; 
+	include 'templates/header.php'; 
+?>
+<body class="forgot-password">
+    <div id="outer-wrapper">
+        <div id="inner-wrapper">
+<?php include 'templates/nav.php'; ?>
+            <div id="header">
+                <h2>Change User Details</h2>
+            </div>
+            <div id="maincontent" class="login-signup">
+                <div id="breadcrumbs">
+                    Personas Home : User Details  
+                </div>
+<?php 
+		if ($updated)
+		{
+?>
+                <div id="signup">
+                    <h4>Change User Details</h3>
+                	You have successfully updated your user profile. Thanks for keeping us up to date!
+                </div>
+<?php
+		}
+		else
+			include 'templates/change_user_details.php'; 
+?>
+            </div>
+        </div>
+    </div>
+<?php include "templates/footer.php" ?>
+</body>
+</html>
+
new file mode 100644
--- /dev/null
+++ b/server/templates/change_user_details.php
@@ -0,0 +1,29 @@
+                <div id="signup">
+                    <h4>Change User Details</h3>
+                    <form action="profile" method="post">
+					<input type="hidden" name="update" value=1>
+                    <p><label for="username">Login Name: <?= $user->get_username() ?></label>
+                    
+                    </p>
+                    
+                    <p><label for="email">Email</label>
+                    <input type="text" name="create_email" value="<?= $create['email'] ?>" id="" <?php if (array_key_exists('create_email', $_errors)) echo 'class="error"' ?>/>
+					<?php if (array_key_exists('create_email', $_errors)) echo '<span class="error-message">' . $_errors['create_email'] . '</span>' ?>
+                    </p>
+                    
+                    <p><label for="username">Display Username (displayed in the Personas gallery)*</label>
+                    <input type="text" name="create_display_username" value="<?= $create['display_username'] ?>" id="" <?php if (array_key_exists('create_display_username', $_errors)) echo 'class="error"' ?>/>
+					<?php if (array_key_exists('create_display_username', $_errors)) echo '<span class="error-message">' . $_errors['create_display_username'] . '</span>' ?>
+                    </p>
+                    
+                     <p>
+                        <label for="description">Designer Description*</label>
+                        <textarea name="create_description" id="create_description" <?php if (array_key_exists('create_description', $_errors)) echo 'class="error"' ?> ><?= $create['description'] ?></textarea>
+                        <?php if (array_key_exists('create_description', $_errors)) echo '<span class="error-message">' . $_errors['create_description'] . '</span>' ?>
+                     </p>
+
+                   <p class="news"><label for="news"><input type="checkbox" name="news" id="news" value="" <?= $create['news'] ? "checked" : "" ?>/> I’d like to receive news and information about Personas</label></p>
+                    <button type="submit" class="button"><span>change</span><span class="arrow"></span></button>
+                    </form>
+                </div>
+			<p class="disclaimer">Mozilla values your privacy. We will not sell or rent your email address.</p>