getAuthInfo(); if(!$authInfo->isLoggedIn()) Template::throwError(401); $errors = []; $usersCtx = $msz->getUsersContext(); $users = $usersCtx->getUsers(); $roles = $usersCtx->getRoles(); $userInfo = $authInfo->getUserInfo(); $isRestricted = $usersCtx->hasActiveBan($userInfo); $isVerifiedRequest = CSRF::validateRequest(); if(!$isRestricted && $isVerifiedRequest && !empty($_POST['role'])) { try { $roleInfo = $roles->getRole(($_POST['role']['id'] ?? 0)); } catch(RuntimeException $ex) {} if(empty($roleInfo) || !$users->hasRole($userInfo, $roleInfo)) $errors[] = "You're trying to modify a role that hasn't been assigned to you."; else { switch($_POST['role']['mode'] ?? '') { case 'display': $users->updateUser( $userInfo, displayRoleInfo: $roleInfo ); break; case 'leave': if($roleInfo->isLeavable()) { $users->removeRoles($userInfo, $roleInfo); $msz->getPerms()->precalculatePermissions( $msz->getForumContext()->getCategories(), [$userInfo->getId()] ); } else $errors[] = "You're not allow to leave this role, an administrator has to remove it for you."; break; } } } if($isVerifiedRequest && isset($_POST['tfa']['enable']) && $userInfo->hasTOTPKey() !== (bool)$_POST['tfa']['enable']) { $totpKey = ''; if((bool)$_POST['tfa']['enable']) { $totpKey = TOTPGenerator::generateKey(); $totpIssuer = $msz->getSiteInfo()->getName(); $totpQrcode = (new QRCode(new QROptions([ 'version' => 5, 'outputType' => QRCode::OUTPUT_IMAGE_JPG, 'eccLevel' => QRCode::ECC_L, ])))->render(sprintf('otpauth://totp/%s:%s?%s', $totpIssuer, $userInfo->getName(), http_build_query([ 'secret' => $totpKey, 'issuer' => $totpIssuer, ]))); Template::set([ 'settings_2fa_code' => $totpKey, 'settings_2fa_image' => $totpQrcode, ]); } $users->updateUser(userInfo: $userInfo, totpKey: $totpKey); } if($isVerifiedRequest && !empty($_POST['current_password'])) { if(!$userInfo->verifyPassword($_POST['current_password'] ?? '')) { $errors[] = 'Your password was incorrect.'; } else { // Changing e-mail if(!empty($_POST['email']['new'])) { if(empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) { $errors[] = 'The addresses you entered did not match each other.'; } elseif($userInfo->getEMailAddress() === mb_strtolower($_POST['email']['confirm'])) { $errors[] = 'This is already your e-mail address!'; } else { $checkMail = $users->validateEMailAddress($_POST['email']['new']); if($checkMail !== '') { $errors[] = $users->validateEMailAddressText($checkMail); } else { $users->updateUser(userInfo: $userInfo, emailAddr: $_POST['email']['new']); $msz->createAuditLog('PERSONAL_EMAIL_CHANGE', [$_POST['email']['new']]); } } } // Changing password if(!empty($_POST['password']['new'])) { if(empty($_POST['password']['confirm']) || $_POST['password']['new'] !== $_POST['password']['confirm']) { $errors[] = 'The new passwords you entered did not match each other.'; } else { $checkPassword = $users->validatePassword($_POST['password']['new']); if($checkPassword !== '') { $errors[] = $users->validatePasswordText($checkPassword); } else { $users->updateUser(userInfo: $userInfo, password: $_POST['password']['new']); $msz->createAuditLog('PERSONAL_PASSWORD_CHANGE'); } } } } } // reload $userInfo object if($_SERVER['REQUEST_METHOD'] === 'POST' && $isVerifiedRequest) $userInfo = $users->getUser($userInfo->getId(), 'id'); $userRoles = $roles->getRoles(userInfo: $userInfo); Template::render('settings.account', [ 'errors' => $errors, 'settings_user' => $userInfo, 'settings_roles' => $userRoles, 'is_restricted' => $isRestricted, ]);