1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * CALLERS
19 * This page is called from:
20 * - print_menu()
21 * - print_account_menu()
22 * - header redirects from account_*.php
23 * - included by verify.php to allow user to change their password
24 *
25 * EXPECTED BEHAVIOUR
26 * - Display the user's current settings
27 * - Allow the user to edit their settings
28 * - Allow the user to save their changes
29 * - Allow the user to delete their account if account deletion is enabled
30 *
31 * CALLS
32 * This page calls the following pages:
33 * - account_update.php  (to save changes)
34 * - account_delete.php  (to delete the user's account)
35 *
36 * RESTRICTIONS & PERMISSIONS
37 * - User must be authenticated
38 * - The user's account must not be protected
39 *
40 * @package MantisBT
41 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
42 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
43 * @link http://www.mantisbt.org
44 *
45 * @uses core.php
46 * @uses authentication_api.php
47 * @uses config_api.php
48 * @uses constant_inc.php
49 * @uses current_user_api.php
50 * @uses form_api.php
51 * @uses helper_api.php
52 * @uses html_api.php
53 * @uses lang_api.php
54 * @uses ldap_api.php
55 * @uses print_api.php
56 * @uses string_api.php
57 * @uses user_api.php
58 * @uses utility_api.php
59 */
60
61require_once( 'core.php' );
62require_api( 'api_token_api.php' );
63require_api( 'authentication_api.php' );
64require_api( 'config_api.php' );
65require_api( 'constant_inc.php' );
66require_api( 'current_user_api.php' );
67require_api( 'form_api.php' );
68require_api( 'helper_api.php' );
69require_api( 'html_api.php' );
70require_api( 'lang_api.php' );
71require_api( 'ldap_api.php' );
72require_api( 'print_api.php' );
73require_api( 'string_api.php' );
74require_api( 'user_api.php' );
75require_api( 'utility_api.php' );
76
77#============ Permissions ============
78auth_ensure_user_authenticated();
79
80auth_reauthenticate();
81
82current_user_ensure_unprotected();
83
84layout_page_header( lang_get( 'account_link' ) );
85
86layout_page_begin();
87
88# extracts the user information for the currently logged in user
89# and prefixes it with u_
90$t_row = user_get_row( auth_get_current_user_id() );
91
92extract( $t_row, EXTR_PREFIX_ALL, 'u' );
93
94$t_ldap = ( LDAP == config_get_global( 'login_method' ) );
95
96# In case we're using LDAP to get the email address... this will pull out
97#  that version instead of the one in the DB
98$u_email = user_get_email( $u_id );
99
100# If the password is the default password, then prompt user to change it.
101$t_reset_password = $u_username == 'administrator' && auth_does_password_match( $u_id, 'root' );
102
103$t_can_change_password = auth_can_set_password();
104$t_force_pw_reset = false;
105
106# Only show the update button if there is something to update.
107$t_show_update_button = false;
108
109if( $t_reset_password && $t_can_change_password ) {
110	?>
111	<div class="alert alert-danger">
112		<ul>
113			<li><?php echo lang_get( 'warning_default_administrator_account_present' ) ?></li>
114		</ul>
115	</div>
116	<?php
117	$t_force_pw_reset = true;
118}
119
120print_account_menu( 'account_page.php' );
121
122?>
123
124<div class="col-md-12 col-xs-12">
125	<div class="space-10"></div>
126
127<div id="account-update-div" class="form-container">
128	<form id="account-update-form" method="post" action="account_update.php">
129
130<div class="widget-box widget-color-blue2">
131	<div class="widget-header widget-header-small">
132		<h4 class="widget-title lighter">
133			<?php print_icon( 'fa-user', 'ace-icon' ); ?>
134			<?php echo lang_get( 'edit_account_title' ) ?>
135		</h4>
136	</div>
137	<div class="widget-body">
138		<div class="widget-main no-padding">
139			<div class="table-responsive">
140				<table class="table table-bordered table-condensed table-striped">
141
142		<fieldset>
143			<?php echo form_security_field( 'account_update' );
144
145			if( !$t_can_change_password ) {
146				# With LDAP -->
147			?>
148			<tr>
149				<td class="category">
150					<?php echo lang_get( 'username' ) ?>
151				</td>
152				<td>
153					<?php echo string_display_line( $u_username ) ?>
154				</td>
155			</tr>
156			<tr>
157				<td class="category">
158					<?php echo lang_get( 'password' ) ?>
159				</td>
160				<td>
161					<?php echo auth_password_managed_elsewhere_message() ?>
162				</td>
163			</tr><?php
164			} else {
165				# Without LDAP
166				$t_show_update_button = true;
167			?>
168			<tr>
169				<td class="category">
170					<?php echo lang_get( 'username' ) ?>
171				</td>
172				<td>
173					<?php echo string_display_line( $u_username ) ?>
174				</td>
175			</tr>
176			<?php
177			    $t_required = $t_force_pw_reset ? 'required' : '';
178			    $t_class = $t_force_pw_reset ? 'class="required"' : '';
179			?>
180			<tr>
181				<td class="category">
182					<span <?php echo $t_class . $t_required ?>><?php if( $t_force_pw_reset ) { ?> * <?php } ?></span> <?php echo lang_get( 'current_password' ) ?>
183				</td>
184				<td>
185					<input class="input-sm" id="password-current" type="password" name="password_current" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" <?php echo $t_required ?> />
186				</td>
187			</tr>
188			<tr>
189				<td class="category">
190					<span <?php echo $t_class . $t_required ?>><?php if( $t_force_pw_reset ) { ?> * <?php } ?></span> <?php echo lang_get( 'new_password' ) ?>
191				</td>
192				<td>
193					<input class="input-sm" id="password" type="password" name="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" <?php echo $t_required ?> />
194				</td>
195			</tr>
196			<tr>
197				<td class="category">
198					<span <?php echo $t_class . $t_required ?>><?php if( $t_force_pw_reset ) { ?> * <?php } ?></span> <?php echo lang_get( 'confirm_password' ) ?>
199				</td>
200				<td>
201					<input class="input-sm" id="password-confirm" type="password" name="password_confirm" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" <?php echo $t_required ?> />
202				</td>
203			</tr>
204			<?php
205			} ?>
206			<tr>
207				<td class="category">
208					<?php echo lang_get( 'email' ) ?>
209				</td>
210				<td>
211				<?php
212				if( $t_ldap && ON == config_get_global( 'use_ldap_email' ) ) {
213					# With LDAP
214					echo string_display_line( $u_email );
215				} else {
216					# Without LDAP
217					$t_show_update_button = true;
218					print_email_input( 'email', $u_email );
219				} ?>
220				</td>
221			</tr>
222			<tr><?php
223				if( $t_ldap && ON == config_get_global( 'use_ldap_realname' ) ) {
224					# With LDAP
225					echo '<td class="category">' . lang_get( 'realname' ) . '</td>';
226					echo '<td>';
227					echo string_display_line( ldap_realname_from_username( $u_username ) );
228					echo '</td>';
229				} else {
230					# Without LDAP
231					$t_show_update_button = true;
232					echo '<td class="category">' . lang_get( 'realname' ) . '</td>';
233					echo '<td>';
234					echo '<input class="input-sm" id="realname" type="text" size="32" maxlength="' . DB_FIELD_SIZE_REALNAME . '" name="realname" value="' . string_attribute( $u_realname ) . '" />';
235					echo '</td>';
236				} ?>
237			</tr>
238			<tr>
239				<td class="category">
240					<?php echo lang_get( 'access_level' ) ?>
241				</td>
242				<td>
243					<?php echo get_enum_element( 'access_levels', $u_access_level ); ?>
244				</td>
245			</tr>
246			<tr>
247				<td class="category">
248					<?php echo lang_get( 'access_level_project' ) ?>
249				</td>
250				<td>
251					<?php echo get_enum_element( 'access_levels', current_user_get_access_level() ); ?>
252				</td>
253			</tr>
254				</fieldset>
255			</table>
256		</div>
257	</div>
258	<?php if( $t_show_update_button ) { ?>
259		<div class="widget-toolbox padding-8 clearfix">
260			<?php if ($t_force_pw_reset) { ?>
261				<span class="required pull-right"> * <?php echo lang_get( 'required' ); ?></span>
262			<?php } ?>
263			<input type="submit" class="btn btn-primary btn-white btn-round" value="<?php echo lang_get( 'update_user_button' ) ?>" />
264		</div>
265	<?php } ?>
266	</div>
267</div>
268
269<?php
270$t_projects = user_get_assigned_projects( auth_get_current_user_id() );
271if( !empty( $t_projects ) ) {
272?>
273	<div class="space-10"></div>
274
275	<div class="widget-box widget-color-blue2">
276		<div class="widget-header widget-header-small">
277			<h4 class="widget-title lighter">
278				<?php print_icon( 'fa-puzzle-piece', 'ace-icon' ); ?>
279				<?php echo lang_get( 'assigned_projects' ) ?>
280			</h4>
281		</div>
282		<div class="widget-body">
283			<div class="widget-main no-padding">
284				<div class="table-responsive">
285					<table class="table table-striped table-bordered table-condensed table-hover">
286						<thead>
287							<tr>
288								<th><?php echo lang_get( 'name' ) ?></th>
289								<th><?php echo lang_get( 'access_level' ) ?></th>
290								<th><?php echo lang_get( 'view_status' ) ?></th>
291								<th><?php echo lang_get( 'description' ) ?></th>
292							</tr>
293						</thead>
294						<?php
295						foreach( $t_projects as $t_project_id => $t_project ) {
296							$t_project_name = string_attribute( $t_project['name'] );
297							$t_access_level = get_enum_element( 'access_levels', $t_project['access_level'] );
298							$t_view_state = get_enum_element( 'project_view_state', $t_project['view_state'] );
299							$t_description = string_display_links( project_get_field( $t_project_id, 'description' ) );
300							echo '<tr>';
301							echo '<td>' . $t_project_name . '</td>';
302							echo '<td>' . $t_access_level . '</td>';
303							echo '<td>' . $t_view_state . '</td>';
304							echo '<td>' . $t_description . '</td>';
305							echo '</tr>';
306						}
307						?>
308					</table>
309				</div>
310			</div>
311		</div>
312	</div>
313<?php } ?>
314
315	</form>
316</div>
317
318<?php # check if users can't delete their own accounts
319if( ON == config_get( 'allow_account_delete' ) ) { ?>
320
321<!-- Delete Button -->
322<div class="form-container">
323	<form method="post" action="account_delete.php">
324		<fieldset>
325			<?php echo form_security_field( 'account_delete' ) ?>
326			<input type="submit" class="btn btn-primary btn-white btn-round" value="<?php echo lang_get( 'delete_account_button' ) ?>" />
327		</fieldset>
328	</form>
329</div>
330<?php
331}
332echo '</div>';
333layout_page_end();
334