AccountSettings: allow users to change their personal details

controllers/AccountSettings.php

@@ -0,0 +1,130 @@
+<?php
+/*****************************************************************************
+ * AccountSettings.php
+ * Contains the account settings controller.
+ *
+ * Global Data Lab code (C) Radboud University Nijmegen
+ * Programming (C) Aaron van Geffen, 2015-2023
+ *****************************************************************************/
+
+class AccountSettings extends HTMLController
+{
+	public function __construct()
+	{
+		// Not logged in yet?
+		if (!Registry::get('user')->isLoggedIn())
+			throw new NotAllowedException('You need to be logged in to view this page.');
+
+		parent::__construct('Account settings');
+		$form_title = 'Account settings';
+
+		// Session checking!
+		if (empty($_POST))
+			Session::resetSessionToken();
+		else
+			Session::validateSession();
+
+		$fields = [
+			'first_name' => [
+				'type' => 'text',
+				'label' => 'First name',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'surname' => [
+				'type' => 'text',
+				'label' => 'Family name',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'emailaddress' => [
+				'type' => 'text',
+				'label' => 'Email address',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'password1' => [
+				'before_html' => '<div class="offset-sm-2 mt-4"><p>To change your password, please fill out the fields below.</p></div>',
+				'type' => 'password',
+				'label' => 'Password',
+				'size' => 50,
+				'maxlength' => 255,
+				'is_optional' => true,
+			],
+			'password2' => [
+				'type' => 'password',
+				'label' => 'Password (repeat)',
+				'size' => 50,
+				'maxlength' => 255,
+				'is_optional' => true,
+			],
+		];
+
+		$form = new Form([
+			'request_url' => BASEURL . '/' . $_GET['action'] . '/',
+			'fields' => $fields,
+			'submit_caption' => 'Save details',
+		]);
+
+		$user = Registry::get('user');
+
+		// Create the form, add in default values.
+		$form->setData(empty($_POST) ? $user->getProps() : $_POST);
+		$formview = new FormView($form, $form_title);
+		$this->page->adopt($formview);
+
+		// Left a message?
+		if (isset($_SESSION['account_msg']))
+		{
+			$alert = $_SESSION['account_msg'];
+			$formview->adopt(new Alert($alert[0], $alert[1], $alert[2]));
+			unset($_SESSION['account_msg']);
+		}
+
+		// Just updating account settings?
+		if (!empty($_POST))
+		{
+			$form->verify($_POST);
+
+			// Anything missing?
+			if (!empty($form->getMissing()))
+			{
+				$missingFields = array_intersect_key($fields, array_flip($form->getMissing()));
+				$missingFields = array_map(function($field) { return strtolower($field['label']); }, $missingFields);
+				return $formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $missingFields), 'danger'));
+			}
+
+			$data = $form->getData();
+
+			// Just to be on the safe side.
+			$data['first_name'] = htmlspecialchars(trim($data['first_name']));
+			$data['surname'] = htmlspecialchars(trim($data['surname']));
+			$data['emailaddress'] = trim($data['emailaddress']);
+
+			// If it looks like an e-mail address...
+			if (!empty($data['emailaddress']) && !preg_match('~^[^ ]+@[^ ]+\.[a-z]+$~', $data['emailaddress']))
+				return $formview->adopt(new Alert('Email addresses invalid', 'The email address you entered is not a valid email address.', 'danger'));
+			// Check whether email address is already linked to an account in the database -- just not to the account we happen to be editing, of course.
+			elseif (!empty($data['emailaddress']) && $user->getEmailAddress() !== $data['emailaddress'] && Member::exists($data['emailaddress']))
+				return $formview->adopt(new Alert('Email address already in use', 'Another account is already using this e-mail address.', 'danger'));
+
+			// Changing passwords?
+			if (!empty($data['password1']) && !empty($data['password2']))
+			{
+				if (strlen($data['password1']) < 6 || !preg_match('~[^A-z]~', $data['password1']))
+					return $formview->adopt(new Alert('Password not acceptable', 'Please use a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).', 'danger'));
+				elseif ($data['password1'] !== $data['password2'])
+					return $formview->adopt(new Alert('Passwords do not match', 'The passwords you entered do not match. Please try again.', 'danger'));
+
+				// Keep just the one.
+				$data['password'] = $data['password1'];
+				unset($data['password1'], $data['password2']);
+				$formview->adopt(new Alert('Your password has been changed', 'Next time you log in, you can use your new password to authenticate yourself.', 'success'));
+			}
+			else
+				$formview->adopt(new Alert('Your account settings have been saved', 'Thank you for keeping your information current.', 'success'));
+
+			$user->update($data);
+		}
+	}
+}

models/Member.php

@@ -110,6 +110,9 @@ class Member extends User
 				$this->is_admin = $value == 1 ? 1 : 0;
 		}
 
+		$params = get_object_vars($this);
+		$params['is_admin'] = $this->is_admin ? 1 : 0;
+
 		return Registry::get('db')->query('
 			UPDATE users
 			SET
@@ -120,7 +123,7 @@ class Member extends User
 				password_hash = {string:password_hash},
 				is_admin = {int:is_admin}
 			WHERE id_user = {int:id_user}',
-			get_object_vars($this));
+			$params);
 	}
 
 	/**

models/Router.php

@@ -11,6 +11,7 @@ class Router
 	public static function route()
 	{
 		$possibleActions = [
+			'accountsettings' => 'AccountSettings',
 			'addalbum' => 'EditAlbum',
 			'albums' => 'ViewPhotoAlbums',
 			'editalbum' => 'EditAlbum',