1<?php
2
3/**
4 *
5 * User selfMod check end execute
6 *
7 */
8
9header('Content-Type: text/html; charset=utf-8');
10
11# include required scripts
12require_once( dirname(__FILE__) . '/../../../functions/functions.php' );
13
14# initialize required objects
15$Database       = new Database_PDO;
16$Result         = new Result;
17$User           = new User ($Database);
18$Password_check = new Password_check ();
19
20# verify that user is logged in
21$User->check_user_session();
22
23# validate csrf cookie
24$User->Crypto->csrf_cookie ("validate", "user-menu", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
25
26# verify email
27if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))							{ $Result->show("danger alert-absolute",  _('Email not valid!'), true); }
28
29# verify lang
30if(!is_numeric($_POST['lang']))                                                 { $Result->show("danger alert-absolute",  _('Invalid language!'), true); }
31
32# verify password if changed (not empty)
33if (strlen($_POST['password1']) != 0) {
34	if ($_POST['password1'] != $_POST['password2']) 							{ $Result->show("danger alert-absolute", _('Passwords do not match!'), true); }
35	# validate pass against policy
36	$policy = (json_decode($User->settings->passwordPolicy, true));
37	$Password_check->set_requirements  ($policy, explode(",",$policy['allowedSymbols']));
38	if (!$Password_check->validate ($_POST['password1'])) 						{ $Result->show("danger alert-danger ", _('Password validation errors').":<br> - ".implode("<br> - ", $Password_check->get_errors ()), true); }
39}
40
41# Verify Theme
42if (!empty($_POST['theme'])) {
43	if (!in_array($_POST['theme'], ['default', 'white', 'dark'])) 				{ $Result->show("danger alert-absolute", _('Invalid theme'), true); }
44}
45
46# set override
47$_POST['compressOverride'] = @$_POST['compressOverride']=="Uncompress" ? "Uncompress" : "default";
48
49# Update user
50if (!$User->self_update ($_POST)) 												{ $Result->show("danger alert-absolute",  _('Error updating user account!'), true); }
51else 																			{ $Result->show("success alert-absolute", _('Account updated successfully'), false); }
52
53# update language
54$User->update_session_language ();