| <?php |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); |
| require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); |
| $App = new App(); |
| $Nav = new Nav(); |
| $Menu = new Menu(); |
| include("_projectCommon.php"); |
| |
| $App->preventCaching(); |
| |
| /******************************************************************************* |
| * Copyright (c) 2012 Eclipse Foundation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * Denis Roy (Eclipse Foundation)- initial API and implementation |
| *******************************************************************************/ |
| |
| require_once '/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php'; |
| |
| $pageTitle = "My Eclipse account"; |
| $pageKeywords = "eclipse,friends,login,account,signon,sign-on"; |
| $pageAuthor = "Eclipse Foundation, Inc."; |
| header("Content-type: text/html; charset=utf-8"); |
| header("Cache-Control: no-cache, must-revalidate"); |
| |
| # require session for this page |
| $Session = $App->useSession(true); |
| $Friend = $Session->getFriend(); |
| |
| $stage = $App->getHTTPParameter("stage", "POST"); |
| $error = ""; |
| |
| $takemeback = ""; |
| |
| $includefile = "content/en_welcomeback2.php"; |
| |
| |
| |
| if($stage == "save") { |
| $username = $App->getHTTPParameter("username", "POST"); |
| $submit = $App->getHTTPParameter("submit", "POST"); |
| $fname = $App->getHTTPParameter("fname", "POST"); |
| $lname = $App->getHTTPParameter("lname", "POST"); |
| $oldpassword = $App->getHTTPParameter("oldpassword", "POST"); |
| $password1 = $App->getHTTPParameter("password1", "POST"); |
| $password2 = $App->getHTTPParameter("password2", "POST"); |
| $githubid = $App->getHTTPParameter("githubid", "POST"); |
| # Sanitize for XSS |
| $username = preg_replace($xss_patterns, '', $username); |
| $fname = preg_replace($name_regexp, '', $fname); |
| $lname = preg_replace($name_regexp, '', $lname); |
| $oldpassword = preg_replace($xss_patterns, '', $oldpassword); |
| $password1 = preg_replace($xss_patterns, '', $password1); |
| $password2 = preg_replace($xss_patterns, '', $password2); |
| $githubid = preg_replace($xss_patterns, '', $githubid); |
| |
| if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { |
| $oldpassword = stripslashes($oldpassword); |
| $password1 = stripslashes($password1); |
| $password2 = stripslashes($password2); |
| $fname = stripslashes($fname); |
| $lname = stripslashes($lname); |
| } |
| |
| if($username != "" && $fname != "" && $lname != "" && $password1 != "") { |
| # update account. |
| # we must first bind to ldap to be able to change attributes |
| $ldapconn = new LDAPConnection(); |
| $dn = $ldapconn->authenticate($Friend->getEmail(), $oldpassword); |
| if($dn) { |
| |
| $update_bz_name = false; |
| if($ldapconn->getLDAPAttribute($dn, "givenName") != $fname) { |
| $ldapconn->changeAttributeValue($dn, $oldpassword, "givenName", $fname); |
| $Friend->setFirstName($fname); |
| $update_bz_name = true; |
| } |
| if($ldapconn->getLDAPAttribute($dn, "sn") != $lname) { |
| $ldapconn->changeAttributeValue($dn, $oldpassword, "sn", $lname); |
| $Friend->setLastName($lname); |
| $update_bz_name = true; |
| } |
| if($ldapconn->getLDAPAttribute($dn, "cn") != $fname . " " . $lname) { |
| $ldapconn->changeAttributeValue($dn, $oldpassword, "cn", $fname . " " . $lname); |
| $update_bz_name = true; |
| } |
| if($update_bz_name) { |
| $App->bugzilla_sql("SET NAMES 'utf8'"); |
| $SQL = "UPDATE profiles SET realname='" . $App->sqlSanitize($fname . " " . $lname) . "' WHERE login_name = " . $App->returnQuotedString($App->sqlSanitize($username)) . " LIMIT 1"; |
| $App->bugzilla_sql($SQL); |
| } |
| |
| # Update GitHub ID? |
| if($githubid != "") { |
| $oldgithubid = $ldapconn->getGithubIDFromMail($Friend->getEmail()); |
| |
| # we can't change GH ID's automagically |
| if($oldgithubid != "") { |
| $error .= "- Your GitHub ID cannot be changed from this form. Please contact webmaster@eclipse.org to update your GitHub ID.<br />"; |
| } |
| else { |
| $ldapconn->setGithubID($dn, $oldpassword, $githubid); |
| } |
| } |
| |
| if(!preg_match("/(?=^.{6,}$)(?=.*[\d|\W])(?=.*[A-Za-z]).*$/", $password1)) { |
| $error .= "- Your password does not meet the complexity requirements. It must be at least 6 characters long, and contain one number or one symbol.<br />"; |
| } |
| else { |
| if($oldpassword != $password1) { |
| $ldapconn->changePassword($dn, $oldpassword, $password1); |
| $bzpass = &generateBugzillaSHA256Password($password1); |
| $SQL = "UPDATE profiles SET cryptpassword='" . $App->sqlSanitize($bzpass) . "' WHERE login_name = " . $App->returnQuotedString($App->sqlSanitize($username)) . " LIMIT 1"; |
| $App->bugzilla_sql($SQL); |
| $App->ipzilla_sql($SQL); |
| } |
| } |
| |
| # if email address has changed, we must update Bugzilla DB record too. |
| $oldmail = $ldapconn->getLDAPAttribute($dn, "mail"); |
| $mailmsg = ""; |
| if($username != $oldmail) { |
| if(!$ldapconn->checkEmailAvailable($username)) { |
| $error .= "- Unable to change your email address<br />"; |
| } |
| elseif(!preg_match($email_regexp, $username)) { |
| $error .= "- Your email address is not formatted correctly<br />"; |
| } |
| else { |
| # Check that someone isn't piling on a bunch of requests for mail changes just to piss everyone off |
| $SQL = "SELECT /* USE MASTER */ COUNT(1) AS RecordCount FROM account_requests WHERE ip = " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']); |
| $SQL .= "OR email = " . $App->returnQuotedString($oldmail); |
| $rs = $App->eclipse_sql($SQL); |
| $myrow = mysql_fetch_assoc($rs); |
| if($myrow['RecordCount'] > 0) { |
| $error = "<b>You have already submitted a request. Please check your email inbox and spam folders to respond to the previous request.</b>"; |
| } |
| else { |
| # Toss in a request to change the email address |
| $mailmsg = " Please check your Inbox for a confirmation email with instructions to complete the email address change. Your email address will not be updated until the process is complete."; |
| $token = $token = $App->getAlphaCode(64); |
| $sql = "INSERT INTO account_requests VALUES (" . $App->returnQuotedString($oldmail) . ", |
| " . $App->returnQuotedString($App->sqlSanitize($username)) . ", |
| " . $App->returnQuotedString("MAILCHANGE") . ", |
| " . $App->returnQuotedString("MAILCHANGE") . ", |
| '', |
| " . $App->returnQuotedString($_SERVER['REMOTE_ADDR']) . ", |
| NOW(), |
| " . $App->returnQuotedString($token) . ")"; |
| $App->eclipse_sql($sql); |
| |
| # Send mail to dest |
| $mail = "You (or someone pretending to be you) has changed their Eclipse.org account email address to this one (" . $App->sqlSanitize($username) . ") from this IP address:\n"; |
| $mail .= " " . $_SERVER['REMOTE_ADDR'] . "\n\n"; |
| $mail .= "To confirm this email change, please click the link below:\n"; |
| $mail .= " https://dev.eclipse.org/site_login/r.php?t=$token\n\n"; |
| $mail .= "If you have not issued this request, you can safely ignore it.\n\n"; |
| $mail .= " -- Eclipse webmaster\n"; |
| $headers = 'From: Eclipse Webmaster (automated) <webmaster@eclipse.org>'; |
| mail($username, "Eclipse Account Change", $mail, $headers); |
| } |
| } |
| } |
| |
| if($error != "") { |
| $error = "The following error(s) have occurred:<br />" . $error; |
| } |
| else { |
| $error = "<span style='color:green;'><b>Your account details have been updated successfully." . $mailmsg . "</b></span>"; |
| # Update was successful. Regenetate session info since the Friend object is stored within. |
| # If we don't regen Session, user could come back to myaccount.php only to see old info |
| $Session->destroy(); |
| $Session->setFriend($Friend); |
| $Session->create(); |
| } |
| } |
| else { |
| $error = "Your current password is incorrect."; |
| } |
| } |
| else { |
| $error = "An error occurred while processing your request. Please ensure that all the required fields are entered correctly and try again."; |
| } |
| } |
| else { |
| $username = $Friend->getEmail(); |
| $fname = $Friend->getFirstName(); |
| $lname = $Friend->getLastName(); |
| $oldpassword= ""; |
| $password1 = ""; |
| $password2 = ""; |
| |
| $ldapconn = new LDAPConnection(); |
| $githubid = $ldapconn->getGithubIDFromMail($Friend->getEmail()); |
| } |
| |
| include($includefile); |
| # Generate the web page |
| //$Nav->addCustomNav("Friends of Eclipse", "http://www.eclipse.org/donate/", "_self", 0); |
| $App->setGoogleAnalyticsTrackingCode(NULL); |
| $App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html); |
| ?> |