do not allow to change profile details, only show them

diff --git a/data/templates/base.htm b/data/templates/base.htm
index 6cfea7f676bcca48a0e6bc7a04eb6631065d8060..ed702528413572b529d7344c47658f90c3603cf4 100644 (file)
--- a/data/templates/base.htm
+++ b/data/templates/base.htm
@@ -36,7 +36,7 @@
      <ul class="nav pull-right">
       {% if identity %}
       <li>
-       <a href="/user">{{name}} ({{email}})</a>
+       <a href="/user">{{name}}</a>
       </li>
       <li>
        <a href="/login?logout">Logout</a>

diff --git a/data/templates/user.htm b/data/templates/user.htm
index 622e8d9a77a919337c2a1cc514a503f1ad4cdd67..bc02b01b8b48ee9da34111426973c420f1dd0fb1 100644 (file)
--- a/data/templates/user.htm
+++ b/data/templates/user.htm
@@ -7,14 +7,19 @@
 
 {% block content %}
 
-<form method="post" action="/user" id="user_form">
-<fieldset>
-  <legend>User Profile</legend>
-   <p>Please update your git preferences.</p>
-   <p><label>OpenID:</label><code>{{ identity }}</code></p>
-   <label for='name'>Name:</label><input class="" id="name" type="text" name="name" width="35" value="{{ name }}"><br/>
-   <label for='email'>Email:</label><input class="" id="email" type="text" name="email" width="35" value="{{ email }}"><br/>
-   <input class="btn" id="submit" type="submit" value="Update">
-</fieldset>
-</form>
+<h3>User Profile</h3>
+<dl>
+ <dt>OpenID</dt>
+ <dd><code>{{ identity }}</code>
+
+ <dt>Name</dt>
+ <dd><code>{{ name }}</code></dd>
+
+ <dt>Email</dt>
+ <dd><code>{{ email }}</code></dd>
+</dl>
+
+<p>
+ You may change this data with your OpenID provider.
+</p>
 {% endblock %}

diff --git a/www/user.php b/www/user.php
index 8b86a506ff7a1a63191729f72b5014b3e3b4468a..364981ca7491fdd8e6ebd29b637d705da28b1f2b 100644 (file)
--- a/www/user.php
+++ b/www/user.php
@@ -5,13 +5,8 @@
 namespace phorkie;
 $reqWritePermissions = true;
 require_once 'www-header.php';
-
-if (isset($_POST['name'])) {
-    $_SESSION['name'] = substr(filter_var($_POST['name'], FILTER_SANITIZE_STRING), 0, 35);
-}
-
-if (isset($_POST['email'])) {
-    $_SESSION['email'] = substr(filter_var($_POST['email'], FILTER_SANITIZE_EMAIL), 0, 35);
+if (!isset($_SESSION['identity'])) {
+    require 'forbidden.php';
 }
 
 render(