X-Git-Url: http://git.shiar.net/minimedit.git/blobdiff_plain/56252c8d2e764a9c6dacb35e61a730b54ac97723..d955f2d0837ca4c145546f56a8fe0d3a87f59052:/login/edit.php

diff --git a/login/edit.php b/login/edit.php
index f99c999..894264b 100644
--- a/login/edit.php
+++ b/login/edit.php
@@ -1,21 +1,41 @@
 <?php
 global $User;
-if (empty($User)) {
+if (empty($user = &$User)) {
 	return;
 }
 
-$userdir = $User['dir'];
+if (!empty($User['admin']) and $Page == 'login/edit' and $Args) {
+	$username = strtolower(ltrim($Args, '/'));
+	$user = [
+		'dir' => "profile/$username",
+		'name' => $username,
+	];
+}
 
 $cols = [
-	'email' => ['label' => 'e-mailadres', 'type' => 'email'],
+	'name'  => [
+		'label' => 'volledige naam',
+		'explain' => "Alleen zichtbaar voor andere leden.",
+	],
+	'email' => [
+		'label' => 'e-mailadres',
+		'type' => 'email',
+		'explain' => "Voor contact van of met deze site. Wij zullen dit nooit vrij- of doorgeven.",
+	],
+	'avatar' => [
+		'label' => 'portretfoto',
+		'type' => 'file',
+	],
 ];
 
 foreach ($cols as $col => &$colconf) {
-	$colpath = "$userdir/$col.txt";
+	$filetype = @$colconf['type'] == 'file' ? 'jpg' : 'txt';
+	$colpath = "{$user['dir']}/$col.$filetype";
 	if (file_exists($colpath)) {
-		$colconf['value'] = file_get_contents($colpath);
+		$colconf['value'] = $filetype != 'txt' ? '' :
+			file_get_contents($colpath);
 	}
-	if (!is_writable($userdir)) {
+	if (file_exists($user['dir']) and !is_writable($user['dir'])) {
 		continue;  # locked parent directory
 	}
 	if (isset($colconf['value']) and !is_writable($colpath)) {
@@ -24,8 +44,77 @@ foreach ($cols as $col => &$colconf) {
 	$colconf['target'] = $colpath;  # editing allowed
 }
 
+$cols = [
+	'login' => [
+		'label' => 'login',
+		'value' => $user['name'],
+		'target' => NULL,
+		'pattern' => "[a-z0-9-]+",
+	],
+] + $cols;
+
+$tagdir = 'profile/.tags';
+if (file_exists($tagdir)) {
+	$tags = [];
+	foreach (glob("$tagdir/*") as $tag) {
+		$tagname = pathinfo($tag, PATHINFO_BASENAME);
+		$target = "$tag/{$user['name']}";
+		$val = file_exists($target);
+		$tags[$tagname] = ['value' => $val];
+		if (empty($User['admin'])) {
+			continue;  # forbidden
+		}
+		if (!is_writable($tag)) {
+			continue;  # locked tag directory
+		}
+		if ($val and !is_writable($target)) {
+			continue;  # existing file locked
+		}
+		$tags[$tagname]['target'] = $target;
+	}
+
+	if ($tags) {
+		$options = '';
+		foreach ($tags as $tag => $val) {
+			$options .= sprintf(
+				"\n\t\t" .
+				'<input type="hidden" name="tags[%1$s]" value="" />' .
+				'<input type="checkbox" name="tags[%s]" value="1"%s%s /> %s',
+				$tag,
+				$val['value'] ? ' checked' : '',
+				isset($val['target']) ? '' : ' readonly',
+				ucfirst($tag)
+			);
+		}
+
+		$cols['tags'] = [
+			'label' => 'groepen',
+			'input' => $options,
+			'values' => $tags,
+		];
+	}
+}
+
+if (isset($user['pass'])) {
+	$cols['newpass'] = [
+		'label' => 'wachtwoord',
+		'input' => <<<'EOT'
+			<input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
+			<input type="password" id="newpass" name="newpass" value="" placeholder="Nieuw wachtwoord" />
+			<input type="password" name="passconf" value="" placeholder="Nogmaals" />
+EOT
+		,
+		'hide'  => 'pass',
+	];
+}
+
 $colwarn = [];
 if ($_POST) {
+	if (!file_exists($user['dir']) and !@mkdir($user['dir'])) {
+		print "<p class=warn>Fout bij het aanmaken van gebruikersprofiel voor <em>{$user['name']}</em>.</p>\n\n";
+		return;
+	}
+
 	foreach ($_POST as $col => $val) {
 		if (!isset($cols[$col])) {
 			continue; # unknown
@@ -38,11 +127,68 @@ if ($_POST) {
 			$colwarn[$col] = "Kan niet worden aangepast.";
 			continue;
 		}
-		if (!file_put_contents($cols[$col]['target'], $val)) {
+		if (file_put_contents($cols[$col]['target'], $val) === FALSE) {
 			$colwarn[$col] = "Fout bij opslaan.";
 		}
 	}
 
+	if (isset($cols['tags']) and !empty($_POST['tags'])) {
+		$tagok = [];
+		foreach ($_POST['tags'] as $col => $val) {
+			$tag = $cols['tags']['values'][$col];
+			if (!isset($tag['target'])) {
+				$tagok[$col] = 'forbidden';
+			}
+			if ($tag['value'] === !empty($val)) {
+				$tagok[$col] = NULL;  # unaltered
+			}
+			elseif (empty($val)) {
+				$tagok[$col] = !@unlink($tag['target']);
+			}
+			else {
+				$tagok[$col] = !@symlink("../../{$user['name']}", $tag['target']);
+			}
+		}
+		if ($tagok = array_filter($tagok)) {
+			$colwarn['tags'] = "Wijziging niet opgeslagen voor "
+				. implode(', ', array_keys($tagok));
+		}
+	}
+
+	foreach ($_FILES as $col => $val) {
+		if (!isset($cols[$col]) and @$cols[$col]['type'] == 'file') {
+			continue; # unknown
+		}
+		switch ($val['error']) {
+		case UPLOAD_ERR_OK:
+			break;
+		case UPLOAD_ERR_NO_FILE:
+			continue 2; # current
+		default:
+			$colwarn[$col] = "Afbeelding niet goed ontvangen.";
+			continue 2;
+		}
+		if (empty($cols[$col]['target'])) {
+			$colwarn[$col] = "Kan niet worden aangepast.";
+			continue;
+		}
+		if (!@move_uploaded_file($val['tmp_name'], $cols[$col]['target'])) {
+			$colwarn[$col] = "Fout bij opslaan.";
+		}
+		foreach (@glob('thumb/*/') as $thumbres) {
+			# attempt to remove old derivations
+			@unlink($thumbres.'/'.$cols[$col]['target']);
+		}
+		$cols[$col]['value'] = '';
+	}
+
+	if (!empty($_POST['newpass'])) {
+		require_once('login/pass.inc.php');
+		if ($error = passform($user, $_POST)) {
+			$colwarn['newpass'] = $error;
+		}
+	}
+
 	if ($colwarn) {
 		print "<p class=warn>Instellingen zijn niet (volledig) opgeslagen. Probeer het later nog eens.</p>\n\n";
 	}
@@ -52,29 +198,69 @@ if ($_POST) {
 }
 
 ?>
-<form method="post" class="inline">
-	<p>
-	Geef een e-mailadres op waarmee we u kunnen bereiken indien nodig.
-	Wij zullen dit adres nooit vrij- of doorgeven.
-	</p>
-	<p>
+<form method="post" enctype="multipart/form-data">
+	<ul class="grid">
 <?php
 foreach ($cols as $col => &$colconf) {
-	print "\t<input";
-	if (empty($colconf['target'])) print ' readonly';
-	printf(' type="%s" name="%s" id="%1$s" value="%s"',
-		@$colconf['type'] ?: 'text',
-		$col,
-		htmlspecialchars(@$colconf['value'])
-	);
-	print ' placeholder="Geen '.$colconf['label'].' ingesteld"';
-	print " />\n";
+	print "\t";
+	printf('<li><label for="%s">%s:</label>', $col, ucfirst($colconf['label']));
+	if (@$colconf['type'] == 'file' and isset($colconf['value'])) {
+		printf('<a href="/%s"><img src="/thumb/%s/%s?%s" /></a><br />',
+			$colconf['target'],
+			200, $colconf['target'], filemtime($colconf['target'])
+		);
+	}
+
+	if ($hide = @$colconf['hide'] and empty($_POST[$col])) {
+		printf('<a onclick="%s">Wijzigen</a><span id="%s" hidden>',
+			"document.getElementById('$hide').removeAttribute('hidden'); this.remove()",
+			$hide
+		);
+	}
+
+	if (isset($colconf['input'])) {
+		print $colconf['input'];
+	}
+	else {
+		$attrs = [
+			'type'        => @$colconf['type'] ?: 'text',
+			'name'        => $col,
+			'id'          => $col,
+			'value'       => htmlspecialchars(@$colconf['value']),
+			'placeholder' => "Niet ingesteld",
+			'readonly'    => empty($colconf['target']),
+			'pattern'     => @$colconf['pattern'] ?: FALSE,
+		];
+		if (@$colconf['type'] == 'file') {
+			$attrs['accept'] = "image/jpeg";
+		}
+
+		print '<input';
+		foreach ($attrs as $attr => $attrval) {
+			if ($attrval === FALSE) {
+				continue;
+			}
+			print ' ' . $attr;
+			if ($attrval !== TRUE) {
+				printf('="%s"', $attrval);
+			}
+		}
+		print ' />';
+	}
+	if (!empty($colconf['explain'])) {
+		printf(' <span>(%s)</span>', $colconf['explain']);
+	}
+
+	if ($hide) {
+		print '</span>';
+	}
 
 	if ($error = @$colwarn[$col]) {
-		print "<span class=warn>$error</span>\n";
+		print " <span class=warn>$error</span>\n";
 	}
+	print "</li>\n";
 }
 ?>
-	<input type="submit" value="Opslaan" />
-	</p>
+	</ul>
+	<p><input type="submit" value="Opslaan" /></p>
 </form>