login/edit: set correct id for input fields

[minimedit.git] / login / edit.php

diff --git a/login/edit.php b/login/edit.php
index 563a3a567b6771c2962ea03a08589acce23676f5..fe70ef95144dc5e348584c4ed0f09d3eaae388d6 100644 (file)
--- a/login/edit.php
+++ b/login/edit.php
@@ -1,32 +1,34 @@
 <?php
 global $User;
-if (empty($user = $User)) {
+if (empty($user = &$User)) {
        return;
 }
 
 if (!empty($User['admin']) and $Page == 'login/edit' and $Args) {
-       $username = ltrim($Args, '/');
+       $username = strtolower(ltrim($Args, '/'));
        $user = [
                'dir' => "profile/$username",
                'name' => $username,
        ];
-       if (!is_writable($user['dir'])) {
-               print "<p class=warn>Het is niet mogelijk om de gebruiker <em>{$user['name']}</em> aan te passen.</p>\n\n";
-               return;
-       }
 }
 
 $cols = [
        'name'  => ['label' => 'volledige naam'],
        'email' => ['label' => 'e-mailadres', 'type' => 'email'],
+       'avatar' => [
+               'label' => 'portretfoto',
+               'type' => 'file',
+       ],
 ];
 
 foreach ($cols as $col => &$colconf) {
-       $colpath = "{$user['dir']}/$col.txt";
+       $filetype = @$colconf['type'] == 'file' ? 'jpg' : 'txt';
+       $colpath = "{$user['dir']}/$col.$filetype";
        if (file_exists($colpath)) {
-               $colconf['value'] = file_get_contents($colpath);
+               $colconf['value'] = $filetype != 'txt' ? '' :
+                       file_get_contents($colpath);
        }
-       if (!is_writable($user['dir'])) {
+       if (file_exists($user['dir']) and !is_writable($user['dir'])) {
                continue;  # locked parent directory
        }
        if (isset($colconf['value']) and !is_writable($colpath)) {
@@ -41,6 +43,11 @@ $cols = [
 
 $colwarn = [];
 if ($_POST) {
+       if (!file_exists($user['dir']) and !@mkdir($user['dir'])) {
+               print "<p class=warn>Fout bij het aanmaken van gebruikersprofiel voor <em>{$user['name']}</em>.</p>\n\n";
+               return;
+       }
+
        foreach ($_POST as $col => $val) {
                if (!isset($cols[$col])) {
                        continue; # unknown
@@ -53,11 +60,41 @@ if ($_POST) {
                        $colwarn[$col] = "Kan niet worden aangepast.";
                        continue;
                }
-               if (!file_put_contents($cols[$col]['target'], $val)) {
+               if (file_put_contents($cols[$col]['target'], $val) === FALSE) {
                        $colwarn[$col] = "Fout bij opslaan.";
                }
        }
 
+       foreach ($_FILES as $col => $val) {
+               if (!isset($cols[$col]) and @$cols[$col]['type'] == 'file') {
+                       continue; # unknown
+               }
+               switch ($val['error']) {
+               case UPLOAD_ERR_OK:
+                       break;
+               case UPLOAD_ERR_NO_FILE:
+                       continue 2; # current
+               default:
+                       $colwarn[$col] = "Afbeelding niet goed ontvangen.";
+                       continue 2;
+               }
+               if (empty($cols[$col]['target'])) {
+                       $colwarn[$col] = "Kan niet worden aangepast.";
+                       continue;
+               }
+               if (!@move_uploaded_file($val['tmp_name'], $cols[$col]['target'])) {
+                       $colwarn[$col] = "Fout bij opslaan.";
+               }
+               $cols[$col]['value'] = '';
+       }
+
+       if (!empty($_POST['newpass'])) {
+               require_once('login/pass.inc.php');
+               if ($error = passform($user, $_POST)) {
+                       $colwarn['pass'] = $error;
+               }
+       }
+
        if ($colwarn) {
                print "<p class=warn>Instellingen zijn niet (volledig) opgeslagen. Probeer het later nog eens.</p>\n\n";
        }
@@ -67,23 +104,31 @@ if ($_POST) {
 }
 
 ?>
-<form method="post">
+<form method="post" enctype="multipart/form-data">
        <p>
        Geef een e-mailadres op waarmee we u kunnen bereiken indien nodig.
        Wij zullen dit adres nooit vrij- of doorgeven.
        </p>
-       <p>
 <?php
 foreach ($cols as $col => &$colconf) {
        print "\t";
        printf('<label for="%s">%s:</label> ', $col, ucfirst($colconf['label']));
+       if (@$colconf['type'] == 'file' and isset($colconf['value'])) {
+               printf('<a href="/%s"><img src="/thumb/%s/%s" /></a><br />',
+                       $colconf['target'],
+                       200, $colconf['target']
+               );
+       }
        print "<input";
        if (empty($colconf['target'])) print ' readonly';
-       printf(' type="%s" name="%s" id="%1$s" value="%s"',
+       printf(' type="%s" name="%s" id="%2$s" value="%s"',
                @$colconf['type'] ?: 'text',
                $col,
                htmlspecialchars(@$colconf['value'])
        );
+       if (@$colconf['type'] == 'file') {
+               printf(' accept="%s"', 'image/jpeg');
+       }
        print ' placeholder="Niet ingesteld"';
        print " />";
 
@@ -92,7 +137,27 @@ foreach ($cols as $col => &$colconf) {
        }
        print "<br />\n";
 }
+
+if (isset($user['pass'])) {
+       if ($hide = empty($_POST['newpass'])) {
+?>
+       <p><a onclick="document.getElementById('pass').removeAttribute('hidden'); this.remove()">Wachtwoord wijzigen</a></p>
+<?php
+       }
+?>
+       <div id="pass"<?php if ($hide) print ' hidden'; ?>>
+               <label for="newpass">Wachtwoord:</label>
+               <input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
+               <input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
+               <input type="password" name="passconf" value="" placeholder="Nogmaals" />
+<?php
+       if ($error = @$colwarn['pass']) {
+               print " <span class=warn>$error</span>\n";
+       }
+?>
+       </div>
+<?php
+}
 ?>
        <input type="submit" value="Opslaan" />
-       </p>
 </form>