# Mantis - a php based bugtracking system

# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org

# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net

# Mantis is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 2 of the License, or

# (at your option) any later version.

#

# Mantis is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.

	# --------------------------------------------------------

	# $Id: account_page.php,v 1.52.2.1 2007-10-13 22:32:01 giallu Exp $

	# --------------------------------------------------------

	# CALLERS

	#	This page is called from:

	#	- print_menu()

	#	- print_account_menu()

	#	- header redirects from account_*.php

	#   - included by verify.php to allow user to change their password

	# EXPECTED BEHAVIOUR

	#	- Display the user's current settings

	#	- Allow the user to edit their settings

	#	- Allow the user to save their changes

	#	- Allow the user to delete their account if account deletion is enabled

	# CALLS

	#	This page calls the following pages:

	#	- account_update.php  (to save changes)

	#	- account_delete.php  (to delete the user's account)

	# RESTRICTIONS & PERMISSIONS

	#	- User must be authenticated

	#	- The user's account must not be protected

	require_once( 'core.php' );

	$t_core_path = config_get( 'core_path' );

	require_once( $t_core_path.'current_user_api.php' );

	#============ Parameters ============

	# (none)

	#============ Permissions ============

	auth_ensure_user_authenticated();

	current_user_ensure_unprotected();

?>

	# extracts the user information for the currently logged in user

	# and prefixes it with u_

	$row = user_get_row( auth_get_current_user_id() );

	extract( $row, EXTR_PREFIX_ALL, 'u' );

	$t_ldap = ( LDAP == config_get( 'login_method' ) );

	# In case we're using LDAP to get the email address... this will pull out

	#  that version instead of the one in the DB

	$u_email = user_get_email( $u_id, $u_username );

	# note if we are being included by a script of a different name, if so,

	#  this is a mandatory password change request

	$t_force_pw_reset = is_page_name( 'verify.php' );

	html_page_top1( lang_get( 'account_link' ) );

	html_page_top2();

?>

<center>

			echo lang_get( 'verify_warning' ); 

			if ( helper_call_custom_function( 'auth_can_change_password', array() ) ) {

				echo '
' . lang_get( 'verify_change_password' );

			}

		?>

</center>

<form method="post" action="account_update.php">

			*

			<input type="password" size="32" maxlength="32" name="password" />

			*

			<input type="password" size="32" maxlength="32" name="password_confirm" />

			<input type="text" size="32" maxlength="64" name="realname" value="<?php echo string_attribute( $u_realname ) ?>" />

			 * 

			<input type="submit" class="button" value="<?php echo lang_get( 'update_user_button' ) ?>" />

</form>

	# check if users can't delete their own accounts

	if ( ON == config_get( 'allow_account_delete' ) ) {

?>

	<form method="post" action="account_delete.php">

	<input type="submit" class="button" value="<?php echo lang_get( 'delete_account_button' ) ?>" />

	</form>