Pepperminty-Wiki/modules/feature-user-preferences.php

<?php
register_module([
	"name" => "User Preferences",
	"version" => "0.1",
	"author" => "Starbeamrainbowlabs",
	"description" => "Adds a user preferences page, letting pople do things like change their email address and password.",
	"id" => "feature-user-preferences",
	"code" => function() {
		global $env, $settings;
		/**
		 * @api {get} ?action=user-preferences Get a user preferences configuration page.
		 * @apiName UserPreferences
		 * @apiGroup Settings
		 * @apiPermission User
		 */
		
		 /*
 		 * ██    ██ ███████ ███████ ██████
 		 * ██    ██ ██      ██      ██   ██
 		 * ██    ██ ███████ █████   ██████  █████
 		 * ██    ██      ██ ██      ██   ██
 		 *  ██████  ███████ ███████ ██   ██
 		 * 
 		 * ██████  ██████  ███████ ███████ ███████
 		 * ██   ██ ██   ██ ██      ██      ██
 		 * ██████  ██████  █████   █████   ███████
 		 * ██      ██   ██ ██      ██           ██
 		 * ██      ██   ██ ███████ ██      ███████
 		 */
		add_action("user-preferences", function() {
			global $env, $settings;
			
			if(!$env->is_logged_in)
			{
				exit(page_renderer::render_main("Error  - $settings->sitename", "<p>Since you aren't logged in, you can't change your preferences. This is because stored preferences are tied to each registered user account. You can login <a href='?action=login&returnto=" . rawurlencode("?action=user-preferences") . "'>here</a>.</p>"));
			}
			
			$statusMessages = [
				"change-password" => "Password changed successfully!"
			];
			
			$content = "<h2>User Preferences</h2>\n";
			if(isset($_GET["success"]) && $_GET["success"] === "yes")
			{
				$content .= "<p class='user-prefs-status-message'><em>" . $statusMessages[$_GET["operation"]] . "</em></p>\n";
			}
			$content .= "<label for='username'>Username:</label>\n";
			$content .= "<input type='text' name='username' value='$env->user' readonly />\n";
			$content .= "<h3>Change Password</h3\n>";
			$content .= "<form method='post' action='?action=change-password'>\n";
			$content .= "<label for='old-pass'>Current Password:</label>\n";
			$content .= "<input type='password' name='current-pass'  />\n";
			$content .= "<br />\n";
			$content .= "<label for='new-pass'>New Password:</label>\n";
			$content .= "<input type='password' name='new-pass' />\n";
			$content .= "<br />\n";
			$content .= "<label for='new-pass-confirm'>Confirm New Password:</label>\n";
			$content .= "<input type='password' name='new-pass-confirm' />\n";
			$content .= "<br />\n";
			$content .= "<input type='submit' value='Change Password' />\n";
			$content .= "</form>\n";
			
			exit(page_renderer::render_main("User Preferences - $settings->sitename", $content));
		});
		
		/**
		 * @api	{post}	?action=change-password	Change your password
		 * @apiName			ChangePassword
		 * @apiGroup		Settings
		 * @apiPermission	User
		 *
		 * @apiParam	{string}	current-pass		Your current password.
		 * @apiParam	{string}	new-pass			Your new password.
		 * @apiParam	{string}	new-pass-confirm	Your new password again, to make sure you've typed it correctly.
		 *
		 * @apiError	PasswordMismatchError	The new password fields don't match.
		 */
		add_action("change-password", function() {
		    global $env, $settings;
			
			// Make sure the new password was typed correctly
			// This comes before the current password check since that's more intensive
			if($_POST["new-pass"] !== $_POST["new-pass-confirm"]) {
				exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>The new password you typed twice didn't match! <a href='javascript:history.back();'>Go back</a>.</p>"));
			}
			// Check the current password
			if(hash_password($_POST["current-pass"]) !== $env->user_data->password) {
				exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>Error: You typed your current password incorrectly! <a href='javascript:history.back();'>Go back</a>.</p>"));
			}
			
			// All's good! Go ahead and change the password.
			$env->user_data->password = hash_password($_POST["new-pass"]);
			// Save the userdata back to disk
			save_userdata();
			
			http_response_code(307);
			header("location: ?action=user-preferences&success=yes&operation=change-password");
			exit(page_renderer::render_main("Password Changed Successfully", "<p>You password was changed successfully. <a href='?action=user-preferences'>Go back to the user preferences page</a>.</p>"));
		});
		
		// Display a help section on the user preferences, but only if the user
		// is logged in and so able to access them
		if($env->is_logged_in)
		{
			add_help_section("910-user-preferences", "User Preferences", "<p>As you are logged in, $settings->sitename lets you configure a selection of personal preferences. These can be viewed and tweaked to you liking over on the <a href='?action=user-preferences'>preferences page</a>, which can be accessed at any time by clicking the cog icon (it looks something like this: <a href='?action=user-preferences'>$settings->user_preferences_button_text</a>), though the administrator of $settings->sitename ($settings->admindetails_name) may have changed its appearance.</p>");
		}
	}
]);

?>
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`<?php`
			`register_module([`
			`"name" => "User Preferences",`
			`"version" => "0.1",`
			`"author" => "Starbeamrainbowlabs",`
			`"description" => "Adds a user preferences page, letting pople do things like change their email address and password.",`
			`"id" => "feature-user-preferences",`
			`"code" => function() {`
Add conditional user preferences section to help page. 2017-01-02 20:38:18 +00:00			`global $env, $settings;`
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`/**`
			`* @api {get} ?action=user-preferences Get a user preferences configuration page.`
			`* @apiName UserPreferences`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`* @apiGroup Settings`
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`* @apiPermission User`
			`*/`

			`/*`
			`* ██ ██ ███████ ███████ ██████`
			`* ██ ██ ██ ██ ██ ██`
			`* ██ ██ ███████ █████ ██████ █████`
			`* ██ ██ ██ ██ ██ ██`
			`* ██████ ███████ ███████ ██ ██`
			`*`
			`* ██████ ██████ ███████ ███████ ███████`
			`* ██ ██ ██ ██ ██ ██ ██`
			`* ██████ ██████ █████ █████ ███████`
			`* ██ ██ ██ ██ ██ ██`
			`* ██ ██ ██ ███████ ██ ███████`
			`*/`
			`add_action("user-preferences", function() {`
Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00			`global $env, $settings;`
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00
			`if(!$env->is_logged_in)`
			`{`
			`exit(page_renderer::render_main("Error - $settings->sitename", "<p>Since you aren't logged in, you can't change your preferences. This is because stored preferences are tied to each registered user account. You can login <a href='?action=login&returnto=" . rawurlencode("?action=user-preferences") . "'>here</a>.</p>"));`
			`}`

Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00			`$statusMessages = [`
			`"change-password" => "Password changed successfully!"`
			`];`

Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`$content = "<h2>User Preferences</h2>\n";`
Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00			`if(isset($_GET["success"]) && $_GET["success"] === "yes")`
			`{`
			`$content .= "<p class='user-prefs-status-message'><em>" . $statusMessages[$_GET["operation"]] . "</em></p>\n";`
			`}`
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`$content .= "<label for='username'>Username:</label>\n";`
			`$content .= "<input type='text' name='username' value='$env->user' readonly />\n";`
			`$content .= "<h3>Change Password</h3\n>";`
			`$content .= "<form method='post' action='?action=change-password'>\n";`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`$content .= "<label for='old-pass'>Current Password:</label>\n";`
			`$content .= "<input type='password' name='current-pass' />\n";`
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`$content .= "<br />\n";`
			`$content .= "<label for='new-pass'>New Password:</label>\n";`
			`$content .= "<input type='password' name='new-pass' />\n";`
			`$content .= "<br />\n";`
			`$content .= "<label for='new-pass-confirm'>Confirm New Password:</label>\n";`
			`$content .= "<input type='password' name='new-pass-confirm' />\n";`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`$content .= "<br />\n";`
			`$content .= "<input type='submit' value='Change Password' />\n";`
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`$content .= "</form>\n";`

			`exit(page_renderer::render_main("User Preferences - $settings->sitename", $content));`
			`});`

Move password changing apidoc comment 2017-01-02 20:25:46 +00:00			`/**`
			`* @api {post} ?action=change-password Change your password`
			`* @apiName ChangePassword`
			`* @apiGroup Settings`
			`* @apiPermission User`
			`*`
			`* @apiParam {string} current-pass Your current password.`
			`* @apiParam {string} new-pass Your new password.`
			`* @apiParam {string} new-pass-confirm Your new password again, to make sure you've typed it correctly.`
			`*`
			`* @apiError PasswordMismatchError The new password fields don't match.`
			`*/`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`add_action("change-password", function() {`
Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00			`global $env, $settings;`

Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`// Make sure the new password was typed correctly`
			`// This comes before the current password check since that's more intensive`
			`if($_POST["new-pass"] !== $_POST["new-pass-confirm"]) {`
Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00			`exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>The new password you typed twice didn't match! <a href='javascript:history.back();'>Go back</a>.</p>"));`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`}`
			`// Check the current password`
			`if(hash_password($_POST["current-pass"]) !== $env->user_data->password) {`
Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00			`exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>Error: You typed your current password incorrectly! <a href='javascript:history.back();'>Go back</a>.</p>"));`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`}`

			`// All's good! Go ahead and change the password.`
Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00			`$env->user_data->password = hash_password($_POST["new-pass"]);`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`// Save the userdata back to disk`
			`save_userdata();`
Bugfix: Make password chainging work. 2016-12-23 18:06:04 +00:00
			`http_response_code(307);`
			`header("location: ?action=user-preferences&success=yes&operation=change-password");`
			`exit(page_renderer::render_main("Password Changed Successfully", "<p>You password was changed successfully. <a href='?action=user-preferences'>Go back to the user preferences page</a>.</p>"));`
Implement (untested) backend for password changing 2016-12-21 22:03:38 +00:00			`});`

Add conditional user preferences section to help page. 2017-01-02 20:38:18 +00:00			`// Display a help section on the user preferences, but only if the user`
			`// is logged in and so able to access them`
			`if($env->is_logged_in)`
			`{`
			add_help_section("910-user-preferences", "User Preferences", "<p>As you are logged in, $settings->sitename lets you configure a selection of personal preferences. These can be viewed and tweaked to you liking over on the <a href='?action=user-preferences'>preferences page</a>, which can be accessed at any time by clicking the cog icon (it looks something like this: <a href='?action=user-preferences'>$settings->user_preferences_button_text</a>), though the administrator of $settings->sitename ($settings->admindetails_name) may have changed its appearance.</p>");
			`}`
Begin creating a user preferences page! :D 2016-12-16 21:29:55 +00:00			`}`
			`]);`

			`?>`