<?php
use \Tlf\User\Configurations as C;
error_log("Handling user login configuration submission with 'admin' role check, but not respecting configured access settings");
$user = $package->get_user();
if (!$user->has_role('admin')){
http_response_code(403);
echo "<h1>No</h1>";
return;
}
$config_file = $package->config_file;
if (!file_exists($config_file)){
error_log("Creating config file '$config_file' with empty json. File did not exist.");
file_put_contents($config_file,"{}");
}
$stored_configs = json_decode(file_get_contents($config_file),true);
$configurable_options = [
C::web_address,
C::email_from,
C::name_from,
C::mail_service,
C::smtp_password,
C::smtp_host,
];
foreach ($configurable_options as $conf_name){
// the form converts 'user.whatever' names to 'user_whatever' names. Idk if this is a standard or not
$post_name = str_replace("user.", "user_", $conf_name);
if (!isset($_POST[$post_name]) || $_POST[$post_name] == '')continue;
$value = $_POST[$post_name];
$value = trim($value);
if (strlen($value) > 80){
http_response_code(400);
echo "No values over 80 characters are allowed";
throw new \Exception("User Login setting is over 80 chars");
}
if (strip_tags($value) !== $value){
http_response_code(400);
echo "A submitted value appears to contain HTML. This is not allowed.";
throw new \Exception("strip_tags() output did not match originally submitted value");
}
$stored_configs[$conf_name] = $_POST[$post_name];
}
error_log("Write user config json file");
file_put_contents($config_file,
json_encode($stored_configs, JSON_PRETTY_PRINT),
);
if (json_decode(file_get_contents($config_file),true)==$stored_configs){
echo "<h1>Success!</h1>";
echo "<p>Your configurations were successfully saved.</p>";
echo "<p>Settings have not been tested, so you may want to try a password reset to ensure email sending works as intended.</p>";
} else {
echo "<h1>Failure :(</h1>";
echo "<p>Your configurations either failed to save or saved incorrectly. No debug info is available.</p>";
}