forked from Noxwizard/versioncheck
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprofile.php
More file actions
203 lines (181 loc) · 5.81 KB
/
profile.php
File metadata and controls
203 lines (181 loc) · 5.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
<?php
require_once 'vendor/autoload.php';
require __DIR__ . '/common.php';
require __DIR__ . '/user.php';
// Set up a user session
$user = new User();
$user->start_session();
if ($user->user_id == GUEST_USER)
{
header('Location: ' . $script_path);
exit;
}
function get_linked_providers($user_id)
{
global $db;
$linked_providers = array();
$sql = 'SELECT provider_id FROM ' . LINKS_TABLE . ' WHERE user_id = :user_id';
$sth = $db->prepare($sql);
$sth->execute(array(':user_id' => $user_id));
$result = $sth->fetchAll(PDO::FETCH_ASSOC);
if ($result !== false)
{
foreach($result as $row)
{
$linked_providers[] = (int) $row['provider_id'];
}
}
return $linked_providers;
}
// Is the user updating their email?
$error = '';
if (isset($_POST['submit']))
{
if (!isset($_POST['token']) || $_POST['token'] != $user->form_token)
{
$error = 'Invalid or missing form token';
}
else if (isset($_POST['subemail']))
{
// Does it look like an email address?
$atpos = strpos($_POST['subemail'], '@');
$dotpos = strpos($_POST['subemail'], '.');
if ($atpos !== false && $dotpos !== false && $dotpos > $atpos)
{
$sql = 'UPDATE ' . USER_TABLE . ' SET subscription_email = :subemail WHERE id = :user_id';
$sth = $db->prepare($sql);
$result = $sth->execute(array(':user_id' => $user->user_id, ':subemail' => $_POST['subemail']));
if ($result === false)
{
$error = 'Error while updating profile';
}
}
else
{
$error = 'Email address is not valid';
}
}
}
$linked_providers = get_linked_providers($user->user_id);
// Is the user trying to unlink a provider?
if (isset($_GET['mode']))
{
if ($_GET['mode'] == 'unlink')
{
if (!isset($_GET['token']) || $_GET['token'] != $user->form_token)
{
$error = 'Invalid or missing form token';
}
else if (isset($_GET['provider']))
{
$provider = $_GET['provider'];
if (array_key_exists($provider, $provider_maps))
{
if (count($linked_providers) > 1)
{
$sql = 'DELETE FROM ' . LINKS_TABLE . ' WHERE provider_id = :provider AND user_id = :user_id';
$sth = $db->prepare($sql);
$result = $sth->execute(array(':provider' => $provider_maps[$provider], ':user_id' => $user->user_id));
if ($result === false)
{
$error = 'Error while deleting login provider';
}
// Success. Refresh the linked provider list so the page is current
$linked_providers = get_linked_providers($user->user_id);
}
else
{
$error = 'Cannot unlink last social login provider, must have at least one';
}
}
else
{
$error = 'Invalid provider specified';
}
}
else
{
$error = 'No provider specified';
}
}
else
{
$error = 'Invalid mode';
}
}
$sql = 'SELECT username, email, subscription_email FROM ' . USER_TABLE . ' WHERE id = :user_id';
$sth = $db->prepare($sql);
$sth->execute(array(':user_id' => $user->user_id));
$result = $sth->fetch(PDO::FETCH_ASSOC);
if ($result === false)
{
header('Location: ' . $script_path);
exit;
}
// Is the user wanting their account deleted?
$delete = isset($_POST['delete']);
if ($delete)
{
if (!isset($_POST['token']) || $_POST['token'] != $user->form_token)
{
$error = 'Invalid or missing form token';
}
// Did they check the box that says "I understand"
else if (isset($_POST['understood']))
{
// Users
$sql = 'DELETE FROM ' . USER_TABLE . ' WHERE id = :user_id';
$sth = $db->prepare($sql);
$result = $sth->execute(array(':user_id' => $user->user_id));
if ($result === false)
{
echo 'Error while deleting user';
exit;
}
// Linked providers
$sql = 'DELETE FROM ' . LINKS_TABLE . ' WHERE user_id = :user_id';
$sth = $db->prepare($sql);
$result = $sth->execute(array(':user_id' => $user->user_id));
if ($result === false)
{
echo 'Error while deleting linked providers';
exit;
}
// Subscriptions
$sql = 'DELETE FROM ' . SUBSCRIPTION_TABLE . ' WHERE user_id = :user_id';
$sth = $db->prepare($sql);
$result = $sth->execute(array(':user_id' => $user->user_id));
if ($result === false)
{
echo 'Error while deleting subscriptions';
exit;
}
// Sessions
$sql = 'DELETE FROM ' . SESSION_TABLE . ' WHERE user_id = :user_id';
$sth = $db->prepare($sql);
$result = $sth->execute(array(':user_id' => $user->user_id));
if ($result === false)
{
echo 'Error while deleting user sessions';
exit;
}
$user->session_kill();
}
else
{
$error = 'To delete your account, you must also check the box';
}
}
$loader = new \Twig\Loader\FilesystemLoader('templates');
$twig = new \Twig\Environment($loader);
echo $twig->render('profile.html', [
'github' => in_array(PROVIDER_GITHUB, $linked_providers),
'gitlab' => in_array(PROVIDER_GITLAB, $linked_providers),
'google' => in_array(PROVIDER_GOOGLE, $linked_providers),
'username' => $result['username'],
'email' => $result['email'],
'subemail' => $result['subscription_email'],
'error' => $error,
'user' => $user,
'delete' => $delete,
]);