requireUser(WEB_ROOT . '/login.' . SITE_CONFIG_PAGE_EXTENSION); // load user $user = UserPeer::loadUserById($Auth->id); if(!$user) { coreFunctions::redirect(WEB_ROOT); } if(isset($_REQUEST['s'])) { notification::setSuccess(t("account_lock_activation_success_message", "Account successfully secured.")); } if(isset($_REQUEST['ss'])) { notification::setSuccess(t("account_updated_success_message", "Account details successfully updated")); } if(isset($_REQUEST['f'])) { notification::setSuccess(t("account_lock_activation_failure_message", "Account could not be secured at this time, please try again later.")); } if(isset($_REQUEST['us'])) { notification::setSuccess(t("account_lock_deactivation_success_message", "Account successfully unlocked.")); } if(isset($_REQUEST['uf'])) { notification::setSuccess(t("account_lock_deactivation_failure_message", "Account could not be unlocked at this time, please try again later.")); } if(isset($_REQUEST['uc'])) { notification::setError(t("account_lock_deactivation_code_mismatch", "Account could not be unlocked as the code is incorrect.")); } if(isset($_REQUEST['e'])) { notification::setSuccess(t("account_lock_resend_email_confirm_message", "The email containing the unlock code has been emailed to the registered email account.")); } // setup page define("PAGE_NAME", t("account_edit_page_name", "Account Details")); define("PAGE_DESCRIPTION", t("account_edit_meta_description", "Account details")); define("PAGE_KEYWORDS", t("account_edit_meta_keywords", "details, account, short, url, user")); define("SELECTED_NAVIGATION_LINK", "settings"); // get account stats $totalFreeSpace = UserPeer::getAvailableFileStorage($Auth->id); $totalActiveFiles = file::getTotalActiveFilesByUser($Auth->id); $totalDownloads = file::getTotalDownloadsByUserOwnedFiles($Auth->id); $lockStatus = coreFunctions::getUsersAccountLockStatus($Auth->id); // setup keys $key1 = ''; $key2 = ''; $accountAPIKeys = $db->getRow('SELECT key_public, key_secret FROM apiv2_api_key WHERE user_id = :user_id LIMIT 1', array('user_id' => $Auth->id)); if($accountAPIKeys) { $key1 = $accountAPIKeys['key_public']; $key2 = $accountAPIKeys['key_secret']; } // activate security lock if(isset($_REQUEST['secureAccount']) && (int) $_REQUEST['secureAccount']) { // Generate the locking Hash $lockHash = coreFunctions::generateSecurityLockHash(); // Update the database $db = Database::getDatabase(); $rs = $db->query("UPDATE users SET accountLockStatus = 1, accountLockHash = " . $db->quote($lockHash) . " WHERE id = " . (int) $Auth->id); if($rs && (!notification::isErrors())) { // Send email to the registered account $subject = t('lock_account_email_subject', 'Security lock details for [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME)); $replacements = array( 'FIRST_NAME' => $user->firstname, 'SITE_NAME' => SITE_CONFIG_SITE_NAME, 'UNLOCK_CODE' => $lockHash ); $defaultContent = "Dear [[[FIRST_NAME]]],

"; $defaultContent .= "Your account on [[[SITE_NAME]]] has been locked as per your request. Use the code below to unlock your account:

"; $defaultContent .= "Unlock code: [[[UNLOCK_CODE]]]

"; $defaultContent .= "Feel free to contact us if you need any support with your account.

"; $defaultContent .= "Regards,
"; $defaultContent .= "[[[SITE_NAME]]] Admin"; $htmlMsg = t('lock_account_email_content', $defaultContent, $replacements); coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg))); coreFunctions::redirect(WEB_ROOT . '/account_edit.html?s=1'); } else { coreFunctions::redirect(WEB_ROOT . '/account_edit.html?f=1'); } } if(isset($_REQUEST['unlockAccount']) && (int) $_REQUEST['unlockAccount']) { $accountCode = trim($_REQUEST['accountCode']); if(!$accountCode) { notification::setError(t("account_lock_deactivation_no_code_message", "Please enter the unlock code and try again.")); } if(!notification::isErrors()) { // get the unlock code from the DB $unlockCode = $db->getRow("SELECT accountLockHash FROM users WHERE id = " . (int) $Auth->id . " AND accountLockStatus = '1' LIMIT 1"); if($unlockCode) { // Codes match, continue to unlock account if($accountCode === $unlockCode['accountLockHash']) { $rs = $db->query("UPDATE users SET accountLockStatus = 0, accountLockHash = '' WHERE id = " . (int) $Auth->id . ' LIMIT 1'); if($rs) { coreFunctions::redirect(WEB_ROOT . '/account_edit.html?us=1'); } } else { coreFunctions::redirect(WEB_ROOT . '/account_edit.html?uc=1'); } } else { coreFunctions::redirect(WEB_ROOT . '/account_edit.html?uf=1'); } } } if(isset($_REQUEST['resendCode']) && (int) $_REQUEST['resendCode']) { // Send email to the registered account $details = $db->getRow("SELECT accountLockHash FROM users WHERE id = " . (int) $Auth->id . " LIMIT 1"); $subject = t('lock_account_email_subject', 'Security lock details for [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME)); $replacements = array( 'FIRST_NAME' => $user->firstname, 'SITE_NAME' => SITE_CONFIG_SITE_NAME, 'UNLOCK_CODE' => $details['accountLockHash'] ); $defaultContent = "Dear [[[FIRST_NAME]]],

"; $defaultContent .= "Your account on [[[SITE_NAME]]] has been locked as per your request. Use the code below to unlock your account:

"; $defaultContent .= "Unlock code: [[[UNLOCK_CODE]]]

"; $defaultContent .= "Feel free to contact us if you need any support with your account.

"; $defaultContent .= "Regards,
"; $defaultContent .= "[[[SITE_NAME]]] Admin"; $htmlMsg = t('lock_account_email_content', $defaultContent, $replacements); coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg))); coreFunctions::redirect(WEB_ROOT . '/account_edit.html?e=1'); } // update avatar if(isset($_REQUEST['submitav']) && (int) $_REQUEST['submitav']) { $uploadedAvatar = null; if((isset($_FILES['avatar']['tmp_name'])) && (strlen($_FILES['avatar']['tmp_name']))) { $uploadedAvatar = $_FILES['avatar']; } $removeAvatar = false; if((isset($_REQUEST['removeAvatar'])) && ((int) $_REQUEST['removeAvatar'] == 1)) { $removeAvatar = true; } if(!notification::isErrors()) { if($uploadedAvatar) { // check filesize $maxAvatarSize = 1024 * 1024 * 5; if($uploadedAvatar['size'] > ($maxAvatarSize)) { notification::setError(t("account_edit_avatar_is_too_large", "The uploaded image can not be more than [[[MAX_SIZE_FORMATTED]]]", array('MAX_SIZE_FORMATTED' => coreFunctions::formatSize($maxAvatarSize)))); } else { // make sure it's an image $imagesizedata = @getimagesize($uploadedAvatar['tmp_name']); if($imagesizedata === FALSE) { //not image notification::setError(t("account_edit_avatar_is_not_an_image", "Your avatar must be a jpg, png or gif image.")); } } } } // update the account if(!notification::isErrors()) { $db = Database::getDatabase(true); $rs = $db->query('UPDATE users SET title = :title, firstname = :firstname, lastname = :lastname, email = :email, languageId = :languageId, privateFileStatistics = :privateFileStatistics, isPublic = :isPublic WHERE id = :id', array('title' => $title, 'firstname' => $firstname, 'lastname' => $lastname, 'email' => $emailAddress, 'id' => $Auth->id, 'languageId' => $languageId, 'privateFileStatistics' => $privateFileStatistics, 'isPublic' => $filePrivacy)); if($rs) { // save avatar $src = null; if($uploadedAvatar) { // convert all images to jpg $imgInfo = getimagesize($uploadedAvatar['tmp_name']); switch($imgInfo[2]) { case IMAGETYPE_GIF: $src = imagecreatefromgif($uploadedAvatar['tmp_name']); break; case IMAGETYPE_JPEG: $src = imagecreatefromjpeg($uploadedAvatar['tmp_name']); break; case IMAGETYPE_PNG: $src = imagecreatefrompng($uploadedAvatar['tmp_name']); break; default: $src = null; } } // if we've loaded the image store it as jpg if(($src) || ($removeAvatar == true)) { ob_start(); imagejpeg($src, null, 100); $imageData = ob_get_contents(); ob_end_clean(); $avatarCachePath = 'user/' . (int) $Auth->id . '/profile'; // delete any existing avatar files including generate cache if(file_exists(CACHE_DIRECTORY_ROOT . '/' . $avatarCachePath)) { $files = coreFunctions::getDirectoryListing(CACHE_DIRECTORY_ROOT . '/' . $avatarCachePath); if(COUNT($files)) { foreach($files AS $file) { @unlink($file); } } } if($src) { // save new file cache::saveCacheToFile($avatarCachePath . '/avatar_original.jpg', $imageData); } } coreFunctions::redirect(WEB_ROOT . '/account_edit.html?ss=1'); //notification::setSuccess(t("account_updated_success_message", "Account details successfully updated")); } else { notification::setError(t("problem_updating_your_account_try_again_later", "There was a problem updating your account, please try again later")); } } } // update user if(isset($_REQUEST['submitme']) && (int) $_REQUEST['submitme']) { // validation $title = trim($_REQUEST['title']); $firstname = trim($_REQUEST['firstname']); $lastname = trim($_REQUEST['lastname']); $emailAddress = trim(strtolower($_REQUEST['emailAddress'])); $password = trim($_REQUEST['password']); $passwordConfirm = trim($_REQUEST['passwordConfirm']); $languageId = null; $filePrivacy = (int) $_REQUEST['isPublic']; if(isset($_REQUEST['languageId'])) { $languageId = (int) $_REQUEST['languageId']; } $privateFileStatistics = (int) $_REQUEST['privateFileStatistics']; // pickup api keys $key1 = trim($_REQUEST['key1']); $key2 = trim($_REQUEST['key2']); if(pluginHelper::pluginEnabled('newsletters')) { $marketingEmails = (int)isset($_REQUEST['marketingEmails'])?(int)$_REQUEST['marketingEmails']:0; } if(!strlen($title)) { notification::setError(t("please_enter_your_title", "Please enter your title")); } elseif(!strlen($firstname)) { notification::setError(t("please_enter_your_firstname", "Please enter your firstname")); } elseif(!strlen($lastname)) { notification::setError(t("please_enter_your_lastname", "Please enter your lastname")); } elseif(!strlen($emailAddress)) { notification::setError(t("please_enter_your_email_address", "Please enter your email address")); } elseif(!validation::validEmail($emailAddress)) { notification::setError(t("your_email_address_is_invalid", "Your email address is invalid")); } elseif(_CONFIG_DEMO_MODE == true) { notification::setError(t("no_changes_in_demo_mode")); } else { $checkEmail = UserPeer::loadUserByEmailAddress($emailAddress); if(($checkEmail) && ($checkEmail->id != $Auth->id)) { // username exists notification::setError(t("email_address_already_exists", "Email address already exists on another account")); } else { // check password if one set if(strlen($password)) { if($password != $passwordConfirm) { notification::setError(t("your_password_confirmation_does_not_match", "Your password confirmation does not match")); } else { $passValid = passwordPolicy::validatePassword($password); if(is_array($passValid)) { notification::setError(implode('
', $passValid)); } } } } } if(!notification::isErrors()) { if(strlen($key1) || strlen($key2)) { // make sure keys are 64 characters in length if((strlen($key1) != 64) || (strlen($key2) != 64)) { notification::setError(t("account_api_keys_not_correct_length", "API keys should be 64 characters in length.")); } } } // update the account if(!notification::isErrors()) { // if password changed send confirmation notice to user if(SITE_CONFIG_SECURITY_SEND_USER_EMAIL_ON_PASSWORD_CHANGE == 'yes') { if(strlen($password)) { $subject = t('password_change_email_subject', 'Password changed for account on [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME)); $replacements = array( 'FIRST_NAME' => $user->firstname, 'SITE_NAME' => SITE_CONFIG_SITE_NAME, 'WEB_ROOT' => WEB_ROOT, 'USERNAME' => $user->username, ); $defaultContent = "Dear [[[FIRST_NAME]]],

"; $defaultContent .= "This is a courtesy email notifying you that your account password on [[[SITE_NAME]]] has been changed.

"; $defaultContent .= "If you didn't change your password, please contact us immediately. Otherwise just ignore this email.

"; $defaultContent .= "Url: [[[WEB_ROOT]]]
"; $defaultContent .= "Username: [[[USERNAME]]]

"; $defaultContent .= "Feel free to contact us if you need any support with your account.

"; $defaultContent .= "Regards,
"; $defaultContent .= "[[[SITE_NAME]]] Admin"; $htmlMsg = t('password_change_email_content', $defaultContent, $replacements); coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg))); } } // if email changed send confirmation notice to user if(SITE_CONFIG_SECURITY_SEND_USER_EMAIL_ON_EMAIL_CHANGE == 'yes') { if($emailAddress != $user->email) { $subject = t('email_change_email_subject', 'Email changed for account on [[[SITE_NAME]]]', array('SITE_NAME' => SITE_CONFIG_SITE_NAME)); $replacements = array( 'FIRST_NAME' => $user->firstname, 'SITE_NAME' => SITE_CONFIG_SITE_NAME, 'WEB_ROOT' => WEB_ROOT, 'USERNAME' => $user->username, 'NEW_EMAIL' => $emailAddress, ); $defaultContent = "Dear [[[FIRST_NAME]]],

"; $defaultContent .= "This is a courtesy email notifying you that your account email address on [[[SITE_NAME]]] has been changed to [[[NEW_EMAIL]]].

"; $defaultContent .= "If you didn't change your email address, please contact us immediately. Otherwise just ignore this email.

"; $defaultContent .= "Url: [[[WEB_ROOT]]]
"; $defaultContent .= "Username: [[[USERNAME]]]
"; $defaultContent .= "New Email: [[[NEW_EMAIL]]]

"; $defaultContent .= "Feel free to contact us if you need any support with your account.

"; $defaultContent .= "Regards,
"; $defaultContent .= "[[[SITE_NAME]]] Admin"; $htmlMsg = t('email_change_email_content', $defaultContent, $replacements); coreFunctions::sendHtmlEmail($user->email, $subject, $htmlMsg, SITE_CONFIG_DEFAULT_EMAIL_ADDRESS_FROM, strip_tags(str_replace("
", "\n", $htmlMsg))); } } $db = Database::getDatabase(true); $rs = $db->query('UPDATE users SET title = :title, firstname = :firstname, lastname = :lastname, email = :email, languageId = :languageId, privateFileStatistics = :privateFileStatistics, isPublic = :isPublic WHERE id = :id', array('title' => $title, 'firstname' => $firstname, 'lastname' => $lastname, 'email' => $emailAddress, 'id' => $Auth->id, 'languageId' => $languageId, 'privateFileStatistics' => $privateFileStatistics, 'isPublic' => $filePrivacy)); if($rs) { // do password if(strlen($password)) { $rs = $db->query('UPDATE users SET password = :password WHERE id = :id', array('password' => Password::createHash($password), 'id' => $Auth->id)); } // reset site language if updated if($languageId != null) { $languageName = $db->getValue("SELECT languageName FROM language WHERE isActive = 1 AND id = " . (int) $languageId . " LIMIT 1"); if($languageName) { $_SESSION['_t'] = $languageName; } } // update api keys $keepSame = $db->getValue('SELECT COUNT(id) AS total FROM apiv2_api_key WHERE key_public = :key_public AND key_secret = :key_secret AND user_id = :user_id LIMIT 1', array( 'user_id' => (int)$Auth->id, 'key_public' => $key1, 'key_secret' => $key2, )); if(!$keepSame) { // delete any existing keys for the user $db->query('DELETE FROM apiv2_api_key WHERE user_id = :user_id LIMIT 1', array( 'user_id' => (int)$Auth->id, )); // add the new keys if(strlen($key1) && strlen($key2)) { $db->query('INSERT INTO apiv2_api_key (key_public, key_secret, user_id, date_created) VALUES (:key_public, :key_secret, :user_id, NOW())', array( 'user_id' => (int)$Auth->id, 'key_public' => $key1, 'key_secret' => $key2, )); } } // update newsletter state if(pluginHelper::pluginEnabled('newsletters')) { // clear existing setting $db->query('DELETE FROM plugin_newsletter_unsubscribe WHERE user_id = :user_id LIMIT 1', array( 'user_id' => (int)$Auth->id, )); // unsubscribe if($marketingEmails === 0) { $db->query('INSERT INTO plugin_newsletter_unsubscribe (user_id, date_unsubscribed) VALUES (:user_id, NOW())', array( 'user_id' => (int)$Auth->id, )); } } coreFunctions::redirect(WEB_ROOT . '/account_edit.html?ss=1'); //notification::setSuccess(t("account_updated_success_message", "Account details successfully updated")); } else { notification::setError(t("problem_updating_your_account_try_again_later", "There was a problem updating your account, please try again later")); } } } else { $title = $user->title; $firstname = $user->firstname; $lastname = $user->lastname; $emailAddress = $user->email; $languageId = $user->languageId; $isPublic = $user->isPublic; if($languageId == null) { $languageId = $db->getValue("SELECT id FROM language WHERE isActive = 1 AND languageName = '" . $db->escape(trim($_REQUEST['_t'])) . "' LIMIT 1"); } $privateFileStatistics = $user->privateFileStatistics; // get newsletter state if(pluginHelper::pluginEnabled('newsletters')) { $marketingEmails = (int)!$db->getValue("SELECT COUNT(*) AS total FROM plugin_newsletter_unsubscribe WHERE user_id = ".$user->id." LIMIT 1"); } } // check for existing avatar $hasAvatar = false; $avatarCachePath = 'user/' . (int) $Auth->id . '/profile/avatar_original.jpg'; if(cache::checkCacheFileExists($avatarCachePath)) { $hasAvatar = true; } // include header require_once(SITE_TEMPLATES_PATH . '/partial/_header_file_manager.inc.php'); // file manager javascript require_once(SITE_TEMPLATES_PATH . '/partial/_account_home_javascript.inc.php'); if(notification::isSuccess()) { echo templateFunctions::outputSuccess(); } elseif(notification::isErrors()) { echo templateFunctions::outputErrors(); } ?>

getAccountScreenName()); ?>

-
used storage")?>

-

-

null)); if(strlen($params['photoURL']) == 0) { ?>
id="firstname" name="firstname" disabled="disabled" type="text" tabindex="2" value="" class="form-control">
id="lastname" name="lastname" disabled="disabled" type="text" tabindex="3" value="" class="form-control">
id="emailAddress" name="emailAddress" disabled="disabled" type="text" tabindex="4" value="" class="form-control">
getRows("SELECT id, languageName FROM language WHERE isActive = 1 ORDER BY languageName ASC"); if(COUNT($activeLanguages)) { ?>


To unlock your account, you will need the password which is emailed to your registered email address when the lock is enabled.'); ?>

/>
id="password" name="password" disabled="disabled" type="password" tabindex="5" value="" class="form-control" />
id="passwordConfirm" name="passwordConfirm" disabled="disabled" type="password" tabindex="6" value="" class="form-control" />
id="key1" name="key1" disabled="disabled" type="text" tabindex="6" value="" class="form-control">

id="key2" name="key2" disabled="disabled" type="text" tabindex="6" value="" class="form-control">