1 <?php # vim:ts=2:sw=2:et:
2 /* For licensing and copyright terms, see the file named LICENSE */
4 include '../inc/common.php';
6 $user = mtrack_get_pathinfo();
7 if ($user === null && isset($_GET['user'])) {
10 if (!strlen(trim($user))) {
11 throw new Exception("No user name provided");
13 $user = mtrack_canon_username($user);
15 $me = mtrack_canon_username(MTrackAuth::whoami());
16 if (!empty($_REQUEST['edit'])) {
17 if (MTrackACL::hasAllRights('User', 'modify')) {
19 } else if ($me != 'anonymous' && $me === $user) {
20 // Can edit my own bits
21 MTrackACL::requireAllRights('User', 'read');
23 // already checked this above, but we want it to trigger the privilege
25 MTrackACL::requireAllRights('User', 'modify');
28 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
29 $http_auth = MTrackAuth::getMech('MTrackAuth_HTTP');
30 if ($http_auth && !isset($_SERVER['REMOTE_USER'])) {
31 if ($_POST['passwd1'] != $_POST['passwd2']) {
32 throw new Exception("passwords don't match!");
36 $data = MTrackDB::q('select * from userinfo where userid = ?', $user)
37 ->fetchAll(PDO::FETCH_ASSOC);
38 if (isset($data[0])) {
40 if (MTrackACL::hasAllRights('User', 'modify')) {
41 if (isset($_POST['active'])) {
42 $active = $_POST['active'] == 'on' ? '1' : '0';
46 MTrackDB::q('update userinfo set fullname = ?, email = ?, timezone = ?, active = ?, sshkeys = ? where userid = ?', $_POST['fullname'], $_POST['email'], $_POST['timezone'], $active, $_POST['keys'], $user);
48 MTrackDB::q('update userinfo set fullname = ?, email = ?, timezone = ?, sshkeys = ? where userid = ?', $_POST['fullname'], $_POST['email'], $_POST['timezone'], $_POST['keys'], $user);
51 MTrackDB::q('insert into userinfo (active, fullname, email, timezone, sshkeys, userid) values (1, ?, ?, ?, ?, ?)', $_POST['fullname'], $_POST['email'], $_POST['timezone'], $_POST['keys'], $user);
54 if (MTrackACL::hasAllRights('User', 'modify')) {
55 MTrackDB::q('delete from useraliases where userid = ?', $user);
56 foreach (preg_split("/\r?\n/", $_POST['aliases']) as $alias) {
57 if (!strlen(trim($alias))) {
60 MTrackDB::q('insert into useraliases (userid, alias) values (?, ?)',
64 $user_class = MTrackAuth::getUserClass($user);
65 if (isset($_POST['user_role']) && $_POST['user_role'] != $user_class) {
66 MTrackConfig::set('user_classes', $user, $_POST['user_role']);
70 $http_auth = MTrackAuth::getMech('MTrackAuth_HTTP');
71 if ($http_auth && !isset($_SERVER['REMOTE_USER'])) {
72 // Allow changing their password
73 $http_auth->setUserPassword($user, $_POST['passwd1']);
75 header("Location: {$ABSWEB}user.php?user=" . urlencode($user));
80 MTrackACL::requireAllRights('User', 'read');
83 mtrack_head("User $user");
85 $data = MTrackDB::q('select * from userinfo where userid = ?', $user)->fetchAll(PDO::FETCH_ASSOC);
86 if (isset($data[0])) {
94 if (strlen($data['fullname'])) {
95 $display .= " - " . $data['fullname'];
98 echo "<h1>", htmlentities($display, ENT_QUOTES, 'utf-8'), "</h1>";
99 echo "<div class='userinfo'>";
100 echo mtrack_username($user, array(
104 echo "<a href='mailto:$data[email]'>$data[email]</a><br>\n";
106 if (empty($_GET['edit'])) {
107 $aliases = MTrackDB::q('select alias from useraliases where userid = ? order by alias', $user)->fetchAll(PDO::FETCH_COLUMN, 0);
108 if (count($aliases)) {
109 echo "<h2>Aliases</h2><ul>\n";
110 foreach ($aliases as $alias) {
111 echo "<li>", htmlentities($alias, ENT_QUOTES, 'utf-8'), "</li>\n";
119 if (empty($_GET['edit'])) {
120 $me = mtrack_canon_username(MTrackAuth::whoami());
121 if ($me != 'anonymous' && $me === $user) {
122 $label = 'Edit my details';
123 } else if (MTrackACL::hasAnyRights('User', 'modify')) {
124 $label = 'Edit user details';
128 if ($label !== null) {
129 echo "<form method='get' action='{$ABSWEB}user.php'>" .
130 "<input type='hidden' name='user' value='" . $user . "'>" .
131 "<input type='hidden' name='edit' value='1'>" .
132 "<button type='submit'>$label</button></form>";
135 if (MTrackACL::hasAnyRights('Timeline', 'read')) {
136 echo "<h2>Recent Activity</h2>\n";
137 mtrack_render_timeline($user);
141 echo "<form method='post' action='{$ABSWEB}user.php?user=" .
142 urlencode($user) . "'>\n";
144 $fullname = htmlentities(
145 isset($data['fullname']) ? $data['fullname'] : '',
146 ENT_QUOTES, 'utf-8');
147 $email = htmlentities(
148 isset($data['email']) ? $data['email'] : '',
149 ENT_QUOTES, 'utf-8');
150 $timezone = htmlentities(
151 isset($data['timezone']) ? $data['timezone'] : '',
152 ENT_QUOTES, 'utf-8');
155 <input type='hidden' name='edit' value='1'>
157 <fieldset id='userinfo-container'>
158 <legend>User Information</legend>
162 <label for='fullname'>Full name</label>
165 <input type='text' name='fullname' size='64' value='$fullname'>
170 <label for='email'>Email</label>
173 <input type='text' name='email' size='64' value='$email'><br>
174 <em>We use this with <a href='http://gravatar.com'>Gravatar</a>
175 to obtain your avatar image throughout mtrack</em>
180 <label for='timezone'>Timezone</label>
183 <input type='text' name='timezone' size='24' value='$timezone'><br>
184 <em>We use this to show times in your preferred timezone</em>
188 if (MTrackACL::hasAllRights('User', 'modify')) {
189 if (isset($data['active'])) {
190 $active = (int)$data['active'];
195 $active = " checked='checked'";
200 <label for='active'>Active?</label>
203 <input type='checkbox' name='active' $active><br>
204 <em>Active users are shown in the Responsible users list when editing tickets</em>
209 $user_class = MTrackAuth::getUserClass($user);
210 $user_class_roles = array();
211 foreach (MTrackConfig::getSection('user_class_roles') as $role => $rights) {
212 $user_class_roles[$role] = $role;
214 $role_select = mtrack_select_box('user_role', $user_class_roles,
219 <label for='active'>Role</label>
223 <em>The role defines which actions this user can carry out in mtrack</em>
230 $http_auth = MTrackAuth::getMech('MTrackAuth_HTTP');
231 if ($http_auth && !isset($_SERVER['REMOTE_USER'])) {
236 $your = "this users";
242 <label for='passwd1'>New Password</label>
245 <input type="password" name="passwd1"><br>
246 <em>Enter $your new password</em>
251 <label for='passwd2'>Confirm Password</label>
254 <input type="password" name="passwd2"><br>
255 <em>Confirm $your new password</em>
267 $groups = MTrackAuth::getGroups($user);
269 <fieldset id='userinfo-groups'>
270 <legend>Groups</legend>
271 <em>This user is a member of the following groups</em>
274 foreach ($groups as $group) {
275 echo "<li>" . htmlentities($group, ENT_QUOTES, 'utf-8') . "</li>\n";
282 if (MTrackACL::hasAllRights('User', 'modify')) {
284 $aliases = MTrackDB::q('select alias from useraliases where userid = ? order by alias', $user)->fetchAll(PDO::FETCH_COLUMN, 0);
286 foreach ($aliases as $alias) {
287 $atext .= htmlentities($alias, ENT_QUOTES, 'utf-8') . "\n";
291 <fieldset id='userinfo-container'>
292 <legend>Aliases</legend>
293 <em>This user is also known by the following identities (one per line) when
294 assessing changes in the various repositories</em><br>
295 <textarea name='aliases' cols='64' rows='10'>$atext</textarea>
307 $keytext = htmlentities($data['sshkeys'], ENT_QUOTES, 'utf-8');
309 <fieldset id='sshkey-container'>
310 <legend>SSH Keys</legend>
311 <em>The repositories created and managed by mtrack are served over SSH.
312 Access is enabled only based on public SSH keys, not passwords.
313 In order to check code in or out, you must provide one or more
314 keys. Paste in the public key(s) you want to use below, one per line.
316 <textarea name='keys' cols='64' rows='10'>$keytext</textarea>
323 <button>Save Changes</button>
projects / web.mtrack / blob