added on local at 2026-07-01 22:09:44
| 1 | #!/usr/bin/perl | |
| 2 | #====================================================================== | |
| 3 | # ShopCart - Profile (account identity) | |
| 4 | # | |
| 5 | # Display name, email, currency, timezone, password, 2FA, sessions, | |
| 6 | # account close. Split out of the old tabbed settings.cgi so URL | |
| 7 | # conventions match PTMatrix (/profile.cgi = account identity, | |
| 8 | # /preferences.cgi = notifications + UI prefs). | |
| 9 | # | |
| 10 | # Body lives in TEMPLATES/shopcart_profile.html. | |
| 11 | #====================================================================== | |
| 12 | use strict; | |
| 13 | use warnings; | |
| 14 | ||
| 15 | use lib '/var/www/vhosts/3dshawn.com/shop.3dshawn.com'; | |
| 16 | use CGI; | |
| 17 | use MODS::Template; | |
| 18 | use MODS::DBConnect; | |
| 19 | use MODS::Login; | |
| 20 | use MODS::ShopCart::Config; | |
| 21 | use MODS::ShopCart::Wrapper; | |
| 22 | use MODS::ShopCart::Billing; | |
| 23 | ||
| 24 | my $q = CGI->new; | |
| 25 | my $form = $q->Vars; | |
| 26 | my $auth = MODS::Login->new; | |
| 27 | my $wrap = MODS::ShopCart::Wrapper->new; | |
| 28 | my $tfile = MODS::Template->new; | |
| 29 | my $db = MODS::DBConnect->new; | |
| 30 | my $cfg = MODS::ShopCart::Config->new; | |
| 31 | my $bill = MODS::ShopCart::Billing->new; | |
| 32 | my $DB = $cfg->settings('database_name'); | |
| 33 | ||
| 34 | $|=1; | |
| 35 | my $userinfo = $auth->login_verify(); | |
| 36 | if (!$userinfo) { | |
| 37 | print "Status: 302 Found\nLocation: /login.cgi\n\n"; | |
| 38 | exit; | |
| 39 | } | |
| 40 | my $uid = $userinfo->{user_id}; | |
| 41 | $uid =~ s/[^0-9]//g; | |
| 42 | ||
| 43 | my $dbh = $db->db_connect(); | |
| 44 | ||
| 45 | my $saved_msg = ''; | |
| 46 | ||
| 47 | sub _esc { | |
| 48 | my $s = shift; | |
| 49 | $s //= ''; | |
| 50 | $s =~ s/\\/\\\\/g; | |
| 51 | $s =~ s/'/''/g; | |
| 52 | return $s; | |
| 53 | } | |
| 54 | ||
| 55 | # ---- POST handlers -------------------------------------------------- | |
| 56 | if (($form->{action} || '') eq 'save_account') { | |
| 57 | my $name = $form->{display_name} // ''; | |
| 58 | my $email = $form->{email} // ''; | |
| 59 | my $cur = uc($form->{default_currency} // 'USD'); | |
| 60 | my $tz = $form->{timezone} // 'UTC'; | |
| 61 | ||
| 62 | $name =~ s/^\s+|\s+$//g; | |
| 63 | $email =~ s/^\s+|\s+$//g; | |
| 64 | $cur = substr($cur, 0, 3); | |
| 65 | $tz = substr($tz, 0, 64); | |
| 66 | ||
| 67 | if ($name eq '' || $email !~ /\@/) { | |
| 68 | $saved_msg = 'Please provide a display name and a valid email address.'; | |
| 69 | } else { | |
| 70 | $db->db_readwrite($dbh, qq~ | |
| 71 | UPDATE `${DB}`.users | |
| 72 | SET display_name='~ . _esc($name) . qq~', | |
| 73 | email='~ . _esc($email) . qq~', | |
| 74 | default_currency='~ . _esc($cur) . qq~', | |
| 75 | timezone='~ . _esc($tz) . qq~' | |
| 76 | WHERE id='$uid' | |
| 77 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 78 | $saved_msg = 'Profile saved.'; | |
| 79 | } | |
| 80 | } | |
| 81 | elsif (($form->{action} || '') eq 'resend_verification') { | |
| 82 | require MODS::ShopCart::EmailVerify; | |
| 83 | my $u_check = $db->db_readwrite($dbh, qq~ | |
| 84 | SELECT id, email, display_name, email_verified_at | |
| 85 | FROM `${DB}`.users WHERE id='$uid' LIMIT 1 | |
| 86 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 87 | if ($u_check && $u_check->{id} && !$u_check->{email_verified_at}) { | |
| 88 | my $r = MODS::ShopCart::EmailVerify->send_for_user( | |
| 89 | $db, $dbh, $DB, | |
| 90 | { id => $u_check->{id}, email => $u_check->{email}, display_name => $u_check->{display_name} }, | |
| 91 | ); | |
| 92 | $saved_msg = ($r && $r->{ok}) | |
| 93 | ? 'Verification email sent. Check your inbox (and spam folder).' | |
| 94 | : 'Could not send verification email: ' . ($r->{error} || 'unknown error'); | |
| 95 | } else { | |
| 96 | $saved_msg = 'Your email is already verified.'; | |
| 97 | } | |
| 98 | } | |
| 99 | ||
| 100 | # ---- Load current state -------------------------------------------- | |
| 101 | my $u = $db->db_readwrite($dbh, qq~ | |
| 102 | SELECT display_name, email, default_currency, timezone, | |
| 103 | two_factor_enabled, | |
| 104 | email_verified_at, | |
| 105 | DATE_FORMAT(email_verified_at, '%b %e, %Y') AS verified_on | |
| 106 | FROM `${DB}`.users | |
| 107 | WHERE id='$uid' | |
| 108 | ~, $ENV{SCRIPT_NAME}, __LINE__) || {}; | |
| 109 | ||
| 110 | # Build the dropdown lists with `selected` flags so the template can | |
| 111 | # render plain HTML without any client-side guessing. | |
| 112 | my @CURRENCIES = qw(USD EUR GBP CAD AUD JPY); | |
| 113 | my @TIMEZONES = ( | |
| 114 | 'UTC', | |
| 115 | 'America/Los_Angeles', | |
| 116 | 'America/Denver', | |
| 117 | 'America/Chicago', | |
| 118 | 'America/New_York', | |
| 119 | 'Europe/London', | |
| 120 | 'Europe/Berlin', | |
| 121 | 'Europe/Paris', | |
| 122 | 'Asia/Tokyo', | |
| 123 | 'Australia/Sydney', | |
| 124 | ); | |
| 125 | my (@cur_opts, @tz_opts); | |
| 126 | my $cur_now = $u->{default_currency} || 'USD'; | |
| 127 | my $tz_now = $u->{timezone} || 'UTC'; | |
| 128 | foreach my $c (@CURRENCIES) { | |
| 129 | push @cur_opts, { value => $c, selected_attr => ($c eq $cur_now ? ' selected' : '') }; | |
| 130 | } | |
| 131 | foreach my $t (@TIMEZONES) { | |
| 132 | push @tz_opts, { value => $t, selected_attr => ($t eq $tz_now ? ' selected' : '') }; | |
| 133 | } | |
| 134 | ||
| 135 | # Active sessions (creator side -- buyer sessions live in their own table). | |
| 136 | my $active_sessions = 0; | |
| 137 | my $r_sess = $db->db_readwrite($dbh, qq~ | |
| 138 | SELECT COUNT(*) AS n FROM `${DB}`.user_sessions | |
| 139 | WHERE user_id='$uid' | |
| 140 | AND revoked_at IS NULL | |
| 141 | AND expires_at > NOW() | |
| 142 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 143 | $active_sessions = $r_sess->{n} if $r_sess && defined $r_sess->{n}; | |
| 144 | ||
| 145 | # ---- Plan entitlement state for the "Available Features" panel ------ | |
| 146 | my @entitlements = $bill->user_feature_entitlements($db, $dbh, $DB, $uid); | |
| 147 | my $plan_label_for_features = (@entitlements && $entitlements[0]->{plan_label}) | |
| 148 | || 'Free'; | |
| 149 | my @feature_rows; | |
| 150 | my %ICON_SVG = ( | |
| 151 | send => '<path d="M22 2 11 13"/><path d="m22 2-7 20-4-9-9-4 20-7Z"/>', | |
| 152 | store => '<path d="m3 9 1-5h16l1 5"/><path d="M5 9v11a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V9"/>', | |
| 153 | activity => '<path d="M22 12h-4l-3 9L9 3l-3 9H2"/>', | |
| 154 | chart => '<path d="M3 3v18h18"/><path d="m7 14 4-4 4 4 5-5"/>', | |
| 155 | people => '<path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/>', | |
| 156 | ); | |
| 157 | foreach my $f (@entitlements) { | |
| 158 | push @feature_rows, { | |
| 159 | key => $f->{key}, | |
| 160 | name => $f->{name}, | |
| 161 | blurb => $f->{blurb}, | |
| 162 | icon_svg => $ICON_SVG{ $f->{icon} } || $ICON_SVG{chart}, | |
| 163 | included => $f->{included} ? 1 : 0, | |
| 164 | locked => $f->{locked} ? 1 : 0, | |
| 165 | module_href => '/' . ($f->{module} || 'dashboard') . '.cgi', | |
| 166 | }; | |
| 167 | } | |
| 168 | ||
| 169 | # Owner-only flag governs Team + Available Features panes (matches the | |
| 170 | # original settings.cgi tab gating). | |
| 171 | my $is_owner = !($userinfo->{owner_user_id}) ? 1 : 0; | |
| 172 | ||
| 173 | $db->db_disconnect($dbh); | |
| 174 | ||
| 175 | # Helper to HTML-escape values that go into <input value="...">. | |
| 176 | sub _h_attr { | |
| 177 | my $s = shift; | |
| 178 | $s //= ''; | |
| 179 | $s =~ s/&/&/g; | |
| 180 | $s =~ s/</</g; | |
| 181 | $s =~ s/>/>/g; | |
| 182 | $s =~ s/"/"/g; | |
| 183 | return $s; | |
| 184 | } | |
| 185 | ||
| 186 | my $tvars = { | |
| 187 | user_id => $uid, | |
| 188 | saved_msg => $saved_msg, | |
| 189 | has_saved_msg => $saved_msg ? 1 : 0, | |
| 190 | ||
| 191 | display_name => _h_attr($u->{display_name}), | |
| 192 | email => _h_attr($u->{email}), | |
| 193 | currency_options => \@cur_opts, | |
| 194 | timezone_options => \@tz_opts, | |
| 195 | ||
| 196 | email_verified => $u->{email_verified_at} ? 1 : 0, | |
| 197 | email_verified_label => $u->{email_verified_at} ? ('Verified ' . ($u->{verified_on} || '')) : 'Not verified yet', | |
| 198 | two_factor_enabled => $u->{two_factor_enabled} ? 1 : 0, | |
| 199 | active_session_count => $active_sessions, | |
| 200 | ||
| 201 | is_owner => $is_owner, | |
| 202 | plan_label_for_features => $plan_label_for_features, | |
| 203 | features => \@feature_rows, | |
| 204 | has_features => scalar(@feature_rows) ? 1 : 0, | |
| 205 | }; | |
| 206 | ||
| 207 | print "Content-Type: text/html; charset=utf-8\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\nPragma: no-cache\nExpires: 0\n\n"; | |
| 208 | ||
| 209 | my $body = join('', $tfile->template('shopcart_profile.html', $tvars, $userinfo)); | |
| 210 | ||
| 211 | $wrap->render({ | |
| 212 | userinfo => $userinfo, | |
| 213 | page_key => 'my_profile', | |
| 214 | title => 'My Profile', | |
| 215 | body => $body, | |
| 216 | }); |