login/edit: treat avatar as jpeg images

[minimedit.git] / login / edit.php

<?php
global $User;
if (empty($user = &$User)) {
        return;
}

if (!empty($User['admin']) and $Page == 'login/edit' and $Args) {
        $username = strtolower(ltrim($Args, '/'));
        $user = [
                'dir' => "profile/$username",
                'name' => $username,
        ];
}

$cols = [
        'name'  => ['label' => 'volledige naam'],
        'email' => ['label' => 'e-mailadres', 'type' => 'email'],
        'avatar' => [
                'label' => 'portretfoto',
                'type' => 'file',
        ],
];

foreach ($cols as $col => &$colconf) {
        $filetype = @$colconf['type'] == 'file' ? 'jpg' : 'txt';
        $colpath = "{$user['dir']}/$col.$filetype";
        if (file_exists($colpath)) {
                $colconf['value'] = $filetype != 'txt' ? '' :
                        file_get_contents($colpath);
        }
        if (file_exists($user['dir']) and !is_writable($user['dir'])) {
                continue;  # locked parent directory
        }
        if (isset($colconf['value']) and !is_writable($colpath)) {
                continue;  # locked column file
        }
        $colconf['target'] = $colpath;  # editing allowed
}

$cols = [
        'login' => ['label' => 'login', 'value' => $user['name'], 'target' => NULL],
] + $cols;

$colwarn = [];
if ($_POST) {
        if (!file_exists($user['dir']) and !@mkdir($user['dir'])) {
                print "<p class=warn>Fout bij het aanmaken van gebruikersprofiel voor <em>{$user['name']}</em>.</p>\n\n";
                return;
        }

        foreach ($_POST as $col => $val) {
                if (!isset($cols[$col])) {
                        continue; # unknown
                }
                if (isset($cols[$col]['value']) and $cols[$col]['value'] === $val) {
                        continue; # unaltered
                }
                $cols[$col]['value'] = $val;  # update form value
                if (empty($cols[$col]['target'])) {
                        $colwarn[$col] = "Kan niet worden aangepast.";
                        continue;
                }
                if (file_put_contents($cols[$col]['target'], $val) === FALSE) {
                        $colwarn[$col] = "Fout bij opslaan.";
                }
        }

        foreach ($_FILES as $col => $val) {
                if (!isset($cols[$col]) and @$cols[$col]['type'] == 'file') {
                        continue; # unknown
                }
                switch ($val['error']) {
                case UPLOAD_ERR_OK:
                        break;
                case UPLOAD_ERR_NO_FILE:
                        continue 2; # current
                default:
                        $colwarn[$col] = "Afbeelding niet goed ontvangen.";
                        continue 2;
                }
                if (empty($cols[$col]['target'])) {
                        $colwarn[$col] = "Kan niet worden aangepast.";
                        continue;
                }
                if (!@move_uploaded_file($val['tmp_name'], $cols[$col]['target'])) {
                        $colwarn[$col] = "Fout bij opslaan.";
                }
                $cols[$col]['value'] = '';
        }

        if (!empty($_POST['newpass'])) {
                require_once('login/pass.inc.php');
                if ($error = passform($user, $_POST)) {
                        $colwarn['pass'] = $error;
                }
        }

        if ($colwarn) {
                print "<p class=warn>Instellingen zijn niet (volledig) opgeslagen. Probeer het later nog eens.</p>\n\n";
        }
        else {
                print "<p>Alle instellingen zijn opgeslagen.</p>\n\n";
        }
}

?>
<form method="post" enctype="multipart/form-data">
        <p>
        Geef een e-mailadres op waarmee we u kunnen bereiken indien nodig.
        Wij zullen dit adres nooit vrij- of doorgeven.
        </p>
<?php
foreach ($cols as $col => &$colconf) {
        print "\t";
        printf('<label for="%s">%s:</label> ', $col, ucfirst($colconf['label']));
        if (@$colconf['type'] == 'file' and isset($colconf['value'])) {
                printf('<img src="/%s" /><br />', $colconf['target']);
        }
        print "<input";
        if (empty($colconf['target'])) print ' readonly';
        printf(' type="%s" name="%s" id="%1$s" value="%s"',
                @$colconf['type'] ?: 'text',
                $col,
                htmlspecialchars(@$colconf['value'])
        );
        if (@$colconf['type'] == 'file') {
                printf(' accept="%s"', 'image/jpeg');
        }
        print ' placeholder="Niet ingesteld"';
        print " />";

        if ($error = @$colwarn[$col]) {
                print " <span class=warn>$error</span>\n";
        }
        print "<br />\n";
}

if (isset($user['pass'])) {
        if ($hide = empty($_POST['newpass'])) {
?>
        <p><a onclick="document.getElementById('pass').removeAttribute('hidden'); this.remove()">Wachtwoord wijzigen</a></p>
<?php
        }
?>
        <div id="pass"<?php if ($hide) print ' hidden'; ?>>
                <label for="newpass">Wachtwoord:</label>
                <input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
                <input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
                <input type="password" name="passconf" value="" placeholder="Nogmaals" />
<?php
        if ($error = @$colwarn['pass']) {
                print " <span class=warn>$error</span>\n";
        }
?>
        </div>
<?php
}
?>
        <input type="submit" value="Opslaan" />
</form>