From 9d74c7792d421f218f01c7d91114f40d5a95caa3 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Fri, 9 Dec 2011 12:47:37 +0100
Subject: [PATCH] Allow Users To Change Email  with no password see BT#3312

---
 main/auth/profile.php | 75 +++++++++++++++++++++++++++++++------------
 1 file changed, 54 insertions(+), 21 deletions(-)

diff --git a/main/auth/profile.php b/main/auth/profile.php
index 6438c910d1..6f5b50c540 100644
--- a/main/auth/profile.php
+++ b/main/auth/profile.php
@@ -586,13 +586,28 @@ if ($form->validate()) {
 		$_SESSION['is_not_password'] = 'success';
 	}
 
-	if (!check_user_email($user_data['email']) && !empty($user_data['password0']) && !$wrong_current_password) {
-		$changeemail = $user_data['email'];
-	}
+    //$allow_users_to_change_email_with_no_password = api_get_setting('allow_users_to_change_email_with_no_password') == 'true' ? true :false;
+    $allow_users_to_change_email_with_no_password = true;
+    
+    $changeemail = '';
+    
+    if ($allow_users_to_change_email_with_no_password) {
+        $changeemail = '';
+        if (!check_user_email($user_data['email'])) {
+            $changeemail = $user_data['email'];
+            //$_SESSION['change_email'] = 'success';
+        }        
+    } else {
+        //Normal behaviour
+        if (!check_user_email($user_data['email']) && !empty($user_data['password0']) && !$wrong_current_password) {
+            $changeemail = $user_data['email'];
+        }
+        
+        if (!check_user_email($user_data['email']) && empty($user_data['password0'])){
+            $_SESSION['change_email'] = 'success';
+        }        
+    }
 
-	if (!check_user_email($user_data['email']) && empty($user_data['password0'])){
-		$_SESSION['change_email'] = 'success';
-	}
 
 	// Upload picture if a new one is provided
 	if ($_FILES['picture']['size']) {	 
@@ -695,22 +710,39 @@ if ($form->validate()) {
 		}
 	}
 
-	//changue email
-	if (isset($changeemail) && !isset($password) && in_array('email', $available_values_to_modify)) {
-		$sql .= " email = '".Database::escape_string($changeemail)."' ";
-	} elseif (isset($password) && isset($changeemail) && in_array('email', $available_values_to_modify) && in_array('password', $available_values_to_modify)) {
-		$sql .= " email = '".Database::escape_string($changeemail)."', ";
-		$password = api_get_encrypted_password($password);
-		$sql .= " password = '".Database::escape_string($password)."'";
-	} elseif (isset($password) && !isset($changeemail) && in_array('password', $available_values_to_modify)) {
-		$password = api_get_encrypted_password($password);
-		$sql .= " password = '".Database::escape_string($password)."'";
-	} else {
-		// remove trailing , from the query we have so far
-		$sql = rtrim($sql, ',');
-	}	
+	//change email
+	if ($allow_users_to_change_email_with_no_password) {	    
+        if (!empty($changeemail) && in_array('email', $available_values_to_modify)) {
+            $sql .= " email = '".Database::escape_string($changeemail)."',";
+        }
+        if (isset($password) && in_array('password', $available_values_to_modify)) {
+            $password = api_get_encrypted_password($password);
+            $sql .= " password = '".Database::escape_string($password)."'";
+        } else {            
+            // remove trailing , from the query we have so far
+            $sql = rtrim($sql, ',');
+        }	    
+    } else {
+        //normal behaviour
+        if (!empty($changeemail) && !isset($password) && in_array('email', $available_values_to_modify)) {
+            $sql .= " email = '".Database::escape_string($changeemail)."'";
+        } elseif (isset($password) && isset($changeemail) && in_array('email', $available_values_to_modify) && in_array('password', $available_values_to_modify)) {
+            $sql .= " email = '".Database::escape_string($changeemail)."',";
+            $password = api_get_encrypted_password($password);
+            $sql .= " password = '".Database::escape_string($password)."'";
+        } elseif (isset($password) && !isset($changeemail) && in_array('password', $available_values_to_modify)) {
+            $password = api_get_encrypted_password($password);
+            $sql .= " password = '".Database::escape_string($password)."'";
+        } else {
+            // remove trailing , from the query we have so far
+            $sql = rtrim($sql, ',');
+        }        
+    }
+	
+
 	$sql .= " WHERE user_id  = '".api_get_user_id()."'";
 	Database::query($sql);
+    
 
 	// User tag process
 	//1. Deleting all user tags
@@ -733,7 +765,8 @@ if ($form->validate()) {
 	$uidReset = true;
 	include api_get_path(INCLUDE_PATH).'local.inc.php';
 	$_SESSION['profile_update'] = 'success';
-	header("Location: ".api_get_self()."?{$_SERVER['QUERY_STRING']}".($filtered_extension && strpos($_SERVER['QUERY_STRING'], '&fe=1') === false ? '&fe=1' : ''));
+    $url = api_get_self()."?{$_SERVER['QUERY_STRING']}".($filtered_extension && strpos($_SERVER['QUERY_STRING'], '&fe=1') === false ? '&fe=1' : '');    
+	header("Location: ".$url);
 	exit;
 }