1<?php 2# MantisBT - A PHP based bugtracking system 3 4# MantisBT is free software: you can redistribute it and/or modify 5# it under the terms of the GNU General Public License as published by 6# the Free Software Foundation, either version 2 of the License, or 7# (at your option) any later version. 8# 9# MantisBT is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * CALLERS 19 * This page is called from: 20 * - print_menu() 21 * - print_account_menu() 22 * - header redirects from account_*.php 23 * - included by verify.php to allow user to change their password 24 * 25 * EXPECTED BEHAVIOUR 26 * - Display the user's current settings 27 * - Allow the user to edit their settings 28 * - Allow the user to save their changes 29 * - Allow the user to delete their account if account deletion is enabled 30 * 31 * CALLS 32 * This page calls the following pages: 33 * - account_update.php (to save changes) 34 * - account_delete.php (to delete the user's account) 35 * 36 * RESTRICTIONS & PERMISSIONS 37 * - User must be authenticated 38 * - The user's account must not be protected 39 * 40 * @package MantisBT 41 * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 42 * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net 43 * @link http://www.mantisbt.org 44 * 45 * @uses core.php 46 * @uses authentication_api.php 47 * @uses config_api.php 48 * @uses constant_inc.php 49 * @uses current_user_api.php 50 * @uses form_api.php 51 * @uses helper_api.php 52 * @uses html_api.php 53 * @uses lang_api.php 54 * @uses ldap_api.php 55 * @uses print_api.php 56 * @uses string_api.php 57 * @uses user_api.php 58 * @uses utility_api.php 59 */ 60 61require_once( 'core.php' ); 62require_api( 'api_token_api.php' ); 63require_api( 'authentication_api.php' ); 64require_api( 'config_api.php' ); 65require_api( 'constant_inc.php' ); 66require_api( 'current_user_api.php' ); 67require_api( 'form_api.php' ); 68require_api( 'helper_api.php' ); 69require_api( 'html_api.php' ); 70require_api( 'lang_api.php' ); 71require_api( 'ldap_api.php' ); 72require_api( 'print_api.php' ); 73require_api( 'string_api.php' ); 74require_api( 'user_api.php' ); 75require_api( 'utility_api.php' ); 76 77#============ Permissions ============ 78auth_ensure_user_authenticated(); 79 80auth_reauthenticate(); 81 82current_user_ensure_unprotected(); 83 84layout_page_header( lang_get( 'account_link' ) ); 85 86layout_page_begin(); 87 88# extracts the user information for the currently logged in user 89# and prefixes it with u_ 90$t_row = user_get_row( auth_get_current_user_id() ); 91 92extract( $t_row, EXTR_PREFIX_ALL, 'u' ); 93 94$t_ldap = ( LDAP == config_get_global( 'login_method' ) ); 95 96# In case we're using LDAP to get the email address... this will pull out 97# that version instead of the one in the DB 98$u_email = user_get_email( $u_id ); 99 100# If the password is the default password, then prompt user to change it. 101$t_reset_password = $u_username == 'administrator' && auth_does_password_match( $u_id, 'root' ); 102 103$t_can_change_password = auth_can_set_password(); 104$t_force_pw_reset = false; 105 106# Only show the update button if there is something to update. 107$t_show_update_button = false; 108 109if( $t_reset_password && $t_can_change_password ) { 110 ?> 111 <div class="alert alert-danger"> 112 <ul> 113 <li><?php echo lang_get( 'warning_default_administrator_account_present' ) ?></li> 114 </ul> 115 </div> 116 <?php 117 $t_force_pw_reset = true; 118} 119 120print_account_menu( 'account_page.php' ); 121 122?> 123 124<div class="col-md-12 col-xs-12"> 125 <div class="space-10"></div> 126 127<div id="account-update-div" class="form-container"> 128 <form id="account-update-form" method="post" action="account_update.php"> 129 130<div class="widget-box widget-color-blue2"> 131 <div class="widget-header widget-header-small"> 132 <h4 class="widget-title lighter"> 133 <?php print_icon( 'fa-user', 'ace-icon' ); ?> 134 <?php echo lang_get( 'edit_account_title' ) ?> 135 </h4> 136 </div> 137 <div class="widget-body"> 138 <div class="widget-main no-padding"> 139 <div class="table-responsive"> 140 <table class="table table-bordered table-condensed table-striped"> 141 142 <fieldset> 143 <?php echo form_security_field( 'account_update' ); 144 145 if( !$t_can_change_password ) { 146 # With LDAP --> 147 ?> 148 <tr> 149 <td class="category"> 150 <?php echo lang_get( 'username' ) ?> 151 </td> 152 <td> 153 <?php echo string_display_line( $u_username ) ?> 154 </td> 155 </tr> 156 <tr> 157 <td class="category"> 158 <?php echo lang_get( 'password' ) ?> 159 </td> 160 <td> 161 <?php echo auth_password_managed_elsewhere_message() ?> 162 </td> 163 </tr><?php 164 } else { 165 # Without LDAP 166 $t_show_update_button = true; 167 ?> 168 <tr> 169 <td class="category"> 170 <?php echo lang_get( 'username' ) ?> 171 </td> 172 <td> 173 <?php echo string_display_line( $u_username ) ?> 174 </td> 175 </tr> 176 <?php 177 $t_required = $t_force_pw_reset ? 'required' : ''; 178 $t_class = $t_force_pw_reset ? 'class="required"' : ''; 179 ?> 180 <tr> 181 <td class="category"> 182 <span <?php echo $t_class . $t_required ?>><?php if( $t_force_pw_reset ) { ?> * <?php } ?></span> <?php echo lang_get( 'current_password' ) ?> 183 </td> 184 <td> 185 <input class="input-sm" id="password-current" type="password" name="password_current" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" <?php echo $t_required ?> /> 186 </td> 187 </tr> 188 <tr> 189 <td class="category"> 190 <span <?php echo $t_class . $t_required ?>><?php if( $t_force_pw_reset ) { ?> * <?php } ?></span> <?php echo lang_get( 'new_password' ) ?> 191 </td> 192 <td> 193 <input class="input-sm" id="password" type="password" name="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" <?php echo $t_required ?> /> 194 </td> 195 </tr> 196 <tr> 197 <td class="category"> 198 <span <?php echo $t_class . $t_required ?>><?php if( $t_force_pw_reset ) { ?> * <?php } ?></span> <?php echo lang_get( 'confirm_password' ) ?> 199 </td> 200 <td> 201 <input class="input-sm" id="password-confirm" type="password" name="password_confirm" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" <?php echo $t_required ?> /> 202 </td> 203 </tr> 204 <?php 205 } ?> 206 <tr> 207 <td class="category"> 208 <?php echo lang_get( 'email' ) ?> 209 </td> 210 <td> 211 <?php 212 if( $t_ldap && ON == config_get_global( 'use_ldap_email' ) ) { 213 # With LDAP 214 echo string_display_line( $u_email ); 215 } else { 216 # Without LDAP 217 $t_show_update_button = true; 218 print_email_input( 'email', $u_email ); 219 } ?> 220 </td> 221 </tr> 222 <tr><?php 223 if( $t_ldap && ON == config_get_global( 'use_ldap_realname' ) ) { 224 # With LDAP 225 echo '<td class="category">' . lang_get( 'realname' ) . '</td>'; 226 echo '<td>'; 227 echo string_display_line( ldap_realname_from_username( $u_username ) ); 228 echo '</td>'; 229 } else { 230 # Without LDAP 231 $t_show_update_button = true; 232 echo '<td class="category">' . lang_get( 'realname' ) . '</td>'; 233 echo '<td>'; 234 echo '<input class="input-sm" id="realname" type="text" size="32" maxlength="' . DB_FIELD_SIZE_REALNAME . '" name="realname" value="' . string_attribute( $u_realname ) . '" />'; 235 echo '</td>'; 236 } ?> 237 </tr> 238 <tr> 239 <td class="category"> 240 <?php echo lang_get( 'access_level' ) ?> 241 </td> 242 <td> 243 <?php echo get_enum_element( 'access_levels', $u_access_level ); ?> 244 </td> 245 </tr> 246 <tr> 247 <td class="category"> 248 <?php echo lang_get( 'access_level_project' ) ?> 249 </td> 250 <td> 251 <?php echo get_enum_element( 'access_levels', current_user_get_access_level() ); ?> 252 </td> 253 </tr> 254 </fieldset> 255 </table> 256 </div> 257 </div> 258 <?php if( $t_show_update_button ) { ?> 259 <div class="widget-toolbox padding-8 clearfix"> 260 <?php if ($t_force_pw_reset) { ?> 261 <span class="required pull-right"> * <?php echo lang_get( 'required' ); ?></span> 262 <?php } ?> 263 <input type="submit" class="btn btn-primary btn-white btn-round" value="<?php echo lang_get( 'update_user_button' ) ?>" /> 264 </div> 265 <?php } ?> 266 </div> 267</div> 268 269<?php 270$t_projects = user_get_assigned_projects( auth_get_current_user_id() ); 271if( !empty( $t_projects ) ) { 272?> 273 <div class="space-10"></div> 274 275 <div class="widget-box widget-color-blue2"> 276 <div class="widget-header widget-header-small"> 277 <h4 class="widget-title lighter"> 278 <?php print_icon( 'fa-puzzle-piece', 'ace-icon' ); ?> 279 <?php echo lang_get( 'assigned_projects' ) ?> 280 </h4> 281 </div> 282 <div class="widget-body"> 283 <div class="widget-main no-padding"> 284 <div class="table-responsive"> 285 <table class="table table-striped table-bordered table-condensed table-hover"> 286 <thead> 287 <tr> 288 <th><?php echo lang_get( 'name' ) ?></th> 289 <th><?php echo lang_get( 'access_level' ) ?></th> 290 <th><?php echo lang_get( 'view_status' ) ?></th> 291 <th><?php echo lang_get( 'description' ) ?></th> 292 </tr> 293 </thead> 294 <?php 295 foreach( $t_projects as $t_project_id => $t_project ) { 296 $t_project_name = string_attribute( $t_project['name'] ); 297 $t_access_level = get_enum_element( 'access_levels', $t_project['access_level'] ); 298 $t_view_state = get_enum_element( 'project_view_state', $t_project['view_state'] ); 299 $t_description = string_display_links( project_get_field( $t_project_id, 'description' ) ); 300 echo '<tr>'; 301 echo '<td>' . $t_project_name . '</td>'; 302 echo '<td>' . $t_access_level . '</td>'; 303 echo '<td>' . $t_view_state . '</td>'; 304 echo '<td>' . $t_description . '</td>'; 305 echo '</tr>'; 306 } 307 ?> 308 </table> 309 </div> 310 </div> 311 </div> 312 </div> 313<?php } ?> 314 315 </form> 316</div> 317 318<?php # check if users can't delete their own accounts 319if( ON == config_get( 'allow_account_delete' ) ) { ?> 320 321<!-- Delete Button --> 322<div class="form-container"> 323 <form method="post" action="account_delete.php"> 324 <fieldset> 325 <?php echo form_security_field( 'account_delete' ) ?> 326 <input type="submit" class="btn btn-primary btn-white btn-round" value="<?php echo lang_get( 'delete_account_button' ) ?>" /> 327 </fieldset> 328 </form> 329</div> 330<?php 331} 332echo '</div>'; 333layout_page_end(); 334