1 <?php # vim:ts=2:sw=2:et:
2 /* For licensing and copyright terms, see the file named LICENSE */
4 include '../inc/common.php';
6 $user = mtrack_get_pathinfo();
7 if ($user === null && isset($_GET['user'])) {
10 if (!strlen(trim($user))) {
11 throw new Exception("No user name provided");
13 $user = mtrack_canon_username($user);
15 $me = mtrack_canon_username(MTrackAuth::whoami());
19 if (!empty($_REQUEST['edit'])) {
20 if (MTrackACL::hasAllRights('User', 'modify')) {
22 } else if ($me != 'anonymous' && $me === $user) {
23 // Can edit my own bits
24 MTrackACL::requireAllRights('User', 'read');
26 // already checked this above, but we want it to trigger the privilege
28 MTrackACL::requireAllRights('User', 'modify');
31 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
32 $http_auth = MTrackAuth::getMech('MTrackAuth_HTTP');
33 if ($http_auth && !isset($_SERVER['REMOTE_USER'])) {
34 if ($_POST['passwd1'] != $_POST['passwd2']) {
35 throw new Exception("passwords don't match!");
39 $data = MTrackDB::q('select * from userinfo where userid = ?', $user)
40 ->fetchAll(PDO::FETCH_ASSOC);
41 if (isset($data[0])) {
43 if (MTrackACL::hasAllRights('User', 'modify')) {
44 if (isset($_POST['active'])) {
45 $active = $_POST['active'] == 'on' ? '1' : '0';
49 MTrackDB::q('update userinfo set fullname = ?, email = ?, timezone = ?, active = ?, sshkeys = ? where userid = ?', $_POST['fullname'], $_POST['email'], $_POST['timezone'], $active, $_POST['keys'], $user);
51 MTrackDB::q('update userinfo set fullname = ?, email = ?, timezone = ?, sshkeys = ? where userid = ?', $_POST['fullname'], $_POST['email'], $_POST['timezone'], $_POST['keys'], $user);
54 MTrackDB::q('insert into userinfo (active, fullname, email, timezone, sshkeys, userid) values (1, ?, ?, ?, ?, ?)', $_POST['fullname'], $_POST['email'], $_POST['timezone'], $_POST['keys'], $user);
57 if (MTrackACL::hasAllRights('User', 'modify')) {
58 MTrackDB::q('delete from useraliases where userid = ?', $user);
59 foreach (preg_split("/\r?\n/", $_POST['aliases']) as $alias) {
60 if (!strlen(trim($alias))) {
63 MTrackDB::q('insert into useraliases (userid, alias) values (?, ?)',
67 $user_class = MTrackAuth::getUserClass($user);
68 if (isset($_POST['user_role']) && $_POST['user_role'] != $user_class) {
69 MTrackConfig::set('user_classes', $user, $_POST['user_role']);
73 $http_auth = MTrackAuth::getMech('MTrackAuth_HTTP');
74 if ($http_auth && !isset($_SERVER['REMOTE_USER']) && !empty($_POST['passwd1'])) {
75 // Allow changing their password
76 $http_auth->setUserPassword($user, $_POST['passwd1']);
78 header("Location: {$ABSWEB}user.php?user=" . urlencode($user));
83 MTrackACL::requireAllRights('User', 'read');
86 mtrack_head("User $user");
88 $data = MTrackDB::q('select * from userinfo where userid = ?', $user)->fetchAll(PDO::FETCH_ASSOC);
89 if (isset($data[0])) {
97 if (strlen($data['fullname'])) {
98 $display .= " - " . $data['fullname'];
101 echo "<h1>", htmlentities($display, ENT_QUOTES, 'utf-8'), "</h1>";
102 echo "<div class='userinfo'>";
103 echo mtrack_username($user, array(
107 echo "<a href='mailto:$data[email]'>$data[email]</a><br>\n";
109 if (empty($_GET['edit'])) {
110 $aliases = MTrackDB::q('select alias from useraliases where userid = ? order by alias', $user)->fetchAll(PDO::FETCH_COLUMN, 0);
111 if (count($aliases)) {
112 echo "<h2>Aliases</h2><ul>\n";
113 foreach ($aliases as $alias) {
114 echo "<li>", htmlentities($alias, ENT_QUOTES, 'utf-8'), "</li>\n";
122 if (empty($_GET['edit'])) {
123 $me = mtrack_canon_username(MTrackAuth::whoami());
124 if ($me != 'anonymous' && $me === $user) {
125 $label = 'Edit my details';
126 } else if (MTrackACL::hasAnyRights('User', 'modify')) {
127 $label = 'Edit user details';
131 if ($label !== null) {
132 echo "<form method='get' action='{$ABSWEB}user.php'>" .
133 "<input type='hidden' name='user' value='" . $user . "'>" .
134 "<input type='hidden' name='edit' value='1'>" .
135 "<button type='submit'>$label</button></form>";
138 if (MTrackACL::hasAnyRights('Timeline', 'read')) {
139 echo "<h2>Recent Activity</h2>\n";
140 mtrack_render_timeline($user);
144 echo "<form method='post' action='{$ABSWEB}user.php?user=" .
145 urlencode($user) . "'>\n";
147 $fullname = htmlentities(
148 isset($data['fullname']) ? $data['fullname'] : '',
149 ENT_QUOTES, 'utf-8');
150 $email = htmlentities(
151 isset($data['email']) ? $data['email'] : '',
152 ENT_QUOTES, 'utf-8');
153 $timezone = htmlentities(
154 isset($data['timezone']) ? $data['timezone'] : '',
155 ENT_QUOTES, 'utf-8');
158 <input type='hidden' name='edit' value='1'>
160 <fieldset id='userinfo-container'>
161 <legend>User Information</legend>
165 <label for='fullname'>Full name</label>
168 <input type='text' name='fullname' size='64' value='$fullname'>
173 <label for='email'>Email</label>
176 <input type='text' name='email' size='64' value='$email'><br>
177 <em>We use this with <a href='http://gravatar.com'>Gravatar</a>
178 to obtain your avatar image throughout mtrack</em>
183 <label for='timezone'>Timezone</label>
186 <input type='text' name='timezone' size='24' value='$timezone'><br>
187 <em>We use this to show times in your preferred timezone</em>
191 if (MTrackACL::hasAllRights('User', 'modify')) {
192 if (isset($data['active'])) {
193 $active = (int)$data['active'];
198 $active = " checked='checked'";
203 <label for='active'>Active?</label>
206 <input type='checkbox' name='active' $active><br>
207 <em>Active users are shown in the Responsible users list when editing tickets</em>
212 $user_class = MTrackAuth::getUserClass($user);
213 $user_class_roles = array();
214 foreach (MTrackConfig::getSection('user_class_roles') as $role => $rights) {
215 $user_class_roles[$role] = $role;
217 $role_select = mtrack_select_box('user_role', $user_class_roles,
222 <label for='active'>Role</label>
226 <em>The role defines which actions this user can carry out in mtrack</em>
233 $http_auth = MTrackAuth::getMech('MTrackAuth_HTTP');
234 if ($http_auth && !isset($_SERVER['REMOTE_USER'])) {
239 $your = "this users";
245 <label for='passwd1'>New Password</label>
248 <input type="password" name="passwd1"><br>
249 <em>Enter $your new password</em>
254 <label for='passwd2'>Confirm Password</label>
257 <input type="password" name="passwd2"><br>
258 <em>Confirm $your new password</em>
270 $groups = MTrackAuth::getGroups($user);
272 <fieldset id='userinfo-groups'>
273 <legend>Groups</legend>
274 <em>This user is a member of the following groups</em>
277 foreach ($groups as $group) {
278 echo "<li>" . htmlentities($group, ENT_QUOTES, 'utf-8') . "</li>\n";
285 if (MTrackACL::hasAllRights('User', 'modify')) {
287 $aliases = MTrackDB::q('select alias from useraliases where userid = ? order by alias', $user)->fetchAll(PDO::FETCH_COLUMN, 0);
289 foreach ($aliases as $alias) {
290 $atext .= htmlentities($alias, ENT_QUOTES, 'utf-8') . "\n";
294 <fieldset id='userinfo-container'>
295 <legend>Aliases</legend>
296 <em>This user is also known by the following identities (one per line) when
297 assessing changes in the various repositories</em><br>
298 <textarea name='aliases' cols='64' rows='10'>$atext</textarea>
310 $keytext = htmlentities($data['sshkeys'], ENT_QUOTES, 'utf-8');
312 <fieldset id='sshkey-container'>
313 <legend>SSH Keys</legend>
314 <em>The repositories created and managed by mtrack are served over SSH.
315 Access is enabled only based on public SSH keys, not passwords.
316 In order to check code in or out, you must provide one or more
317 keys. Paste in the public key(s) you want to use below, one per line.
319 <textarea name='keys' cols='64' rows='10'>$keytext</textarea>
326 <button>Save Changes</button>