do not allow to change profile details, only show them

3 files changed, 18 insertions, 18 deletions

diff --git a/data/templates/base.htm b/data/templates/base.htm
index 6cfea7f..ed70252 100644
--- a/data/templates/base.htm
+++ b/data/templates/base.htm
@@ -36,7 +36,7 @@
      <ul class="nav pull-right">
       {% if identity %}
       <li>
-       <a href="/user">{{name}} ({{email}})</a>
+       <a href="/user">{{name}}</a>
       </li>
       <li>
        <a href="/login?logout">Logout</a>
diff --git a/data/templates/user.htm b/data/templates/user.htm
index 622e8d9..bc02b01 100644
--- a/data/templates/user.htm
+++ b/data/templates/user.htm
@@ -7,14 +7,19 @@
 
 {% block content %}
 
-<form method="post" action="/user" id="user_form">
-<fieldset>
-  <legend>User Profile</legend>
-   <p>Please update your git preferences.</p>
-   <p><label>OpenID:</label><code>{{ identity }}</code></p>
-   <label for='name'>Name:</label><input class="" id="name" type="text" name="name" width="35" value="{{ name }}"><br/>
-   <label for='email'>Email:</label><input class="" id="email" type="text" name="email" width="35" value="{{ email }}"><br/>
-   <input class="btn" id="submit" type="submit" value="Update">
-</fieldset>
-</form>
+<h3>User Profile</h3>
+<dl>
+ <dt>OpenID</dt>
+ <dd><code>{{ identity }}</code>
+
+ <dt>Name</dt>
+ <dd><code>{{ name }}</code></dd>
+
+ <dt>Email</dt>
+ <dd><code>{{ email }}</code></dd>
+</dl>
+
+<p>
+ You may change this data with your OpenID provider.
+</p>
 {% endblock %}
diff --git a/www/user.php b/www/user.php
index 8b86a50..364981c 100644
--- a/www/user.php
+++ b/www/user.php
@@ -5,13 +5,8 @@
 namespace phorkie;
 $reqWritePermissions = true;
 require_once 'www-header.php';
-
-if (isset($_POST['name'])) {
-    $_SESSION['name'] = substr(filter_var($_POST['name'], FILTER_SANITIZE_STRING), 0, 35);
-}
-
-if (isset($_POST['email'])) {
-    $_SESSION['email'] = substr(filter_var($_POST['email'], FILTER_SANITIZE_EMAIL), 0, 35);
+if (!isset($_SESSION['identity'])) {
+    require 'forbidden.php';
 }
 
 render(