| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | usersettings.php | 8 // | | 9 // | Geeklog user settings page. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 // $Id: usersettings.php,v 1.154 2006/12/09 08:33:06 dhaun Exp $ 36 37 require_once ('lib-common.php'); 38 require_once ($_CONF['path_system'] . 'lib-user.php'); 39 40 // Set this to true to have this script generate various debug messages in 41 // error.log 42 $_US_VERBOSE = false; 43 44 // Uncomment the line below if you need to debug the HTTP variables being passed 45 // to the script. This will sometimes cause errors but it will allow you to see 46 // the data being passed in a POST operation 47 // echo COM_debug($_POST); 48 49 /** 50 * Shows the user's current settings 51 * 52 */ 53 function edituser() 54 { 55 global $_CONF, $_TABLES, $_USER, $LANG04, $LANG_ADMIN; 56 57 $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}"); 58 $A = DB_fetchArray ($result); 59 60 $preferences = new Template ($_CONF['path_layout'] . 'preferences'); 61 $preferences->set_file (array ('profile' => 'profile.thtml', 62 'photo' => 'userphoto.thtml', 63 'username' => 'username.thtml', 64 'deleteaccount' => 'deleteaccount.thtml')); 65 66 include ($_CONF['path_system'] . 'classes/navbar.class.php'); 67 $navbar = new navbar; 68 $navbar->add_menuitem($LANG04[151],'showhideProfileEditorDiv("preview",0);return false;',true); 69 $navbar->add_menuitem($LANG04[152],'showhideProfileEditorDiv("namepass",1);return false;',true); 70 $navbar->add_menuitem($LANG04[130],'showhideProfileEditorDiv("userinfo",2);return false;',true); 71 $navbar->add_menuitem($LANG04[153],'showhideProfileEditorDiv("layout",3);return false;',true); 72 $navbar->add_menuitem($LANG04[154],'showhideProfileEditorDiv("content",4);return false;',true); 73 $navbar->add_menuitem($LANG04[155],'showhideProfileEditorDiv("privacy",5);return false;',true); 74 $navbar->set_selected($LANG04[152]); 75 $preferences->set_var ('navbar', $navbar->generate()); 76 77 $preferences->set_var ('site_url', $_CONF['site_url']); 78 $preferences->set_var ('layout_url', $_CONF['layout_url']); 79 $preferences->set_var ('no_javascript_warning',$LANG04[150]); 80 81 $preferences->set_var ('cssid1', 1); 82 $preferences->set_var ('cssid2', 2); 83 84 $preferences->set_var ('preview', userprofile($_USER['uid'])); 85 $preferences->set_var ('prefs', editpreferences()); 86 87 // some trickery to ensure alternating colors with the available options ... 88 if ($_CONF['allow_username_change'] == 1) { 89 $first = 1; 90 $second = 2; 91 } else { 92 $first = 2; 93 $second = 1; 94 } 95 $preferences->set_var ('cssid1u', $first); 96 $preferences->set_var ('cssid2u', $second); 97 98 if ($_CONF['allow_user_photo'] == 1) { 99 $tmp = $first; 100 $first = $second; 101 $second = $tmp; 102 } 103 $preferences->set_var ('cssid1p', $first); 104 $preferences->set_var ('cssid2p', $second); 105 106 $preferences->set_var ('lang_fullname', $LANG04[3]); 107 $preferences->set_var ('lang_fullname_text', $LANG04[34]); 108 $preferences->set_var ('lang_username', $LANG04[2]); 109 $preferences->set_var ('lang_username_text', $LANG04[87]); 110 $preferences->set_var ('lang_password_help_title', $LANG04[146]); 111 $preferences->set_var ('lang_password_help', $LANG04[147]); 112 $preferences->set_var ('lang_password', $LANG04[4]); 113 $preferences->set_var ('lang_password_text', $LANG04[35]); 114 $preferences->set_var ('lang_password_conf', $LANG04[108]); 115 $preferences->set_var ('lang_password_text_conf', $LANG04[109]); 116 $preferences->set_var ('lang_old_password', $LANG04[110]); 117 $preferences->set_var ('lang_old_password_text', $LANG04[111]); 118 $preferences->set_var ('lang_cooktime', $LANG04[68]); 119 $preferences->set_var ('lang_cooktime_text', $LANG04[69]); 120 $preferences->set_var ('lang_email', $LANG04[5]); 121 $preferences->set_var ('lang_email_text', $LANG04[33]); 122 $preferences->set_var ('lang_email_conf', $LANG04[124]); 123 $preferences->set_var ('lang_email_conf_text', $LANG04[126]); 124 $preferences->set_var ('lang_userinfo_help_title', $LANG04[148]); 125 $preferences->set_var ('lang_userinfo_help', $LANG04[149]); 126 $preferences->set_var ('lang_homepage', $LANG04[6]); 127 $preferences->set_var ('lang_homepage_text', $LANG04[36]); 128 $preferences->set_var ('lang_location', $LANG04[106]); 129 $preferences->set_var ('lang_location_text', $LANG04[107]); 130 $preferences->set_var ('lang_signature', $LANG04[32]); 131 $preferences->set_var ('lang_signature_text', $LANG04[37]); 132 $preferences->set_var ('lang_userphoto', $LANG04[77]); 133 $preferences->set_var ('lang_userphoto_text', $LANG04[78]); 134 $preferences->set_var ('lang_about', $LANG04[7]); 135 $preferences->set_var ('lang_about_text', $LANG04[38]); 136 $preferences->set_var ('lang_pgpkey', $LANG04[8]); 137 $preferences->set_var ('lang_pgpkey_text', $LANG04[39]); 138 $preferences->set_var ('lang_submit', $LANG04[9]); 139 $preferences->set_var ('lang_cancel',$LANG_ADMIN['cancel']); 140 $preferences->set_var ('lang_preview_title', $LANG04[145]); 141 $preferences->set_var ('lang_enter_current_password', $LANG04[127]); 142 $preferences->set_var ('lang_name_legend', $LANG04[128]); 143 $preferences->set_var ('lang_password_email_legend', $LANG04[129]); 144 $preferences->set_var ('lang_personal_info_legend', $LANG04[130]); 145 146 $display_name = COM_getDisplayName ($_USER['uid']); 147 148 //$preferences->set_var ('start_block_profile', 149 // COM_startBlock ($LANG04[1] . ' ' . $display_name)); 150 //$preferences->set_var ('end_block', COM_endBlock ()); 151 152 $preferences->set_var ('profile_headline', 153 $LANG04[1] . ' ' . $display_name); 154 155 if ($_CONF['allow_user_photo'] == 1) { 156 $preferences->set_var ('enctype', 'enctype="multipart/form-data"'); 157 } else { 158 $preferences->set_var ('enctype', ''); 159 } 160 $preferences->set_var ('fullname_value', htmlspecialchars ($A['fullname'])); 161 $preferences->set_var ('new_username_value', 162 htmlspecialchars ($_USER['username'])); 163 $preferences->set_var ('password_value', ''); 164 if ($_CONF['allow_username_change'] == 1) { 165 $preferences->parse ('username_option', 'username', true); 166 } else { 167 $preferences->set_var ('username_option', ''); 168 } 169 170 $selection = '<select name="cooktime">' . LB; 171 $selection .= COM_optionList ($_TABLES['cookiecodes'], 'cc_value,cc_descr', 172 $A['cookietimeout'], 0); 173 $selection .= '</select>'; 174 $preferences->set_var ('cooktime_selector', $selection); 175 176 $preferences->set_var ('email_value', htmlspecialchars ($A['email'])); 177 $preferences->set_var ('homepage_value', 178 htmlspecialchars (COM_killJS ($A['homepage']))); 179 $preferences->set_var ('location_value', 180 htmlspecialchars (strip_tags ($A['location']))); 181 $preferences->set_var ('signature_value', htmlspecialchars ($A['sig'])); 182 183 if ($_CONF['allow_user_photo'] == 1) { 184 $photo = USER_getPhoto ($_USER['uid'], $A['photo'], $A['email'], -1); 185 if (empty ($photo)) { 186 $preferences->set_var ('display_photo', ''); 187 } else { 188 if (empty ($A['photo'])) { // external avatar 189 $photo = '<br>' . $photo; 190 } else { // uploaded photo - add delete option 191 $photo = '<br>' . $photo . '<br>' . $LANG04[79] 192 . ' <input type="checkbox" name="delete_photo">' 193 . LB; 194 } 195 $preferences->set_var ('display_photo', $photo); 196 } 197 $preferences->parse ('userphoto_option', 'photo', true); 198 } else { 199 $preferences->set_var ('userphoto_option', ''); 200 } 201 202 $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}"); 203 $A = DB_fetchArray($result); 204 205 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); 206 DB_change ($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']); 207 208 $preferences->set_var ('about_value', htmlspecialchars ($A['about'])); 209 $preferences->set_var ('pgpkey_value', htmlspecialchars ($A['pgpkey'])); 210 $preferences->set_var ('uid_value', $reqid); 211 $preferences->set_var ('username_value', 212 htmlspecialchars ($_USER['username'])); 213 214 if ($_CONF['allow_account_delete'] == 1) { 215 $preferences->set_var ('lang_deleteaccount', $LANG04[156]); 216 $preferences->set_var ('delete_text', $LANG04[95]); 217 $preferences->set_var ('lang_button_delete', $LANG04[96]); 218 $preferences->set_var ('delete_mode', 'confirmdelete'); 219 $preferences->set_var ('account_id', $reqid); 220 if (isset ($LANG04[157])) { 221 $preferences->set_var ('lang_deleteoption', $LANG04[157]); 222 } else { 223 $preferences->set_var ('lang_deleteoption', $LANG04[156]); 224 } 225 $preferences->parse ('delete_account_option', 'deleteaccount', false); 226 } else { 227 $preferences->set_var ('delete_account_option', ''); 228 } 229 230 // Call custom account form and edit function if enabled and exists 231 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) { 232 $preferences->set_var ('customfields', CUSTOM_userEdit($_USER['uid']) ); 233 } 234 235 PLG_profileVariablesEdit ($_USER['uid'], $preferences); 236 237 $retval = $preferences->finish ($preferences->parse ('output', 'profile')); 238 $retval .= PLG_profileBlocksEdit ($_USER['uid']); 239 240 return $retval; 241 } 242 243 /** 244 * Ask user for confirmation to delete his/her account. 245 * 246 * @param string form_reqid request id 247 * @return string confirmation form 248 * 249 */ 250 function confirmAccountDelete ($form_reqid) 251 { 252 global $_CONF, $_TABLES, $_USER, $LANG04; 253 254 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) { 255 // not found - abort 256 return COM_refresh ($_CONF['site_url'] . '/index.php'); 257 } 258 259 // to change the password, email address, or cookie timeout, 260 // we need the user's current password 261 if (empty ($_POST['old_passwd']) || 262 (md5 ($_POST['old_passwd']) != $_USER['passwd'])) { 263 return COM_refresh ($_CONF['site_url'] 264 . '/usersettings.php?mode=edit&msg=84'); 265 } 266 267 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); 268 DB_change ($_TABLES['users'], 'pwrequestid', "$reqid", 269 'uid', $_USER['uid']); 270 271 $retval = ''; 272 273 $retval .= COM_siteHeader ('menu', $LANG04[97]); 274 $retval .= COM_startBlock ($LANG04[97], '', 275 COM_getBlockTemplate ('_msg_block', 'header')); 276 $retval .= '<p>' . $LANG04[98] . '</p>' . LB; 277 $retval .= '<form action="' . $_CONF['site_url'] 278 . '/usersettings.php" method="POST">' . LB; 279 $retval .= '<p align="center"><input type="submit" name="btnsubmit" value="' 280 . $LANG04[96] . '"></p>' . LB; 281 $retval .= '<input type="hidden" name="mode" value="deleteconfirmed">' . LB; 282 $retval .= '<input type="hidden" name="account_id" value="' . $reqid 283 . '">' . LB; 284 $retval .= '</form>' . LB; 285 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 286 $retval .= COM_siteFooter (); 287 288 return $retval; 289 } 290 291 /** 292 * Delete an account 293 * 294 * @param string form_reqid request id 295 * @return string redirection to main page (+ success msg) 296 * 297 */ 298 function deleteUserAccount ($form_reqid) 299 { 300 global $_CONF, $_TABLES, $_USER; 301 302 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), 303 array ($form_reqid, $_USER['uid'])) != 1) { 304 // not found - abort 305 return COM_refresh ($_CONF['site_url'] . '/index.php'); 306 } 307 308 if (!USER_deleteAccount ($_USER['uid'])) { 309 return COM_refresh ($_CONF['site_url'] . '/index.php'); 310 } 311 312 return COM_refresh ($_CONF['site_url'] . '/index.php?msg=57'); 313 } 314 315 /** 316 * Build a list of all topics the current user has access to 317 * 318 * @return string List of topic IDs, separated by spaces 319 * 320 */ 321 function buildTopicList () 322 { 323 global $_TABLES; 324 325 $topics = ''; 326 327 $result = DB_query ("SELECT tid FROM {$_TABLES['topics']}"); 328 $numrows = DB_numRows ($result); 329 for ($i = 1; $i <= $numrows; $i++) { 330 $A = DB_fetchArray ($result); 331 if (SEC_hasTopicAccess ($A['tid'])) { 332 if ($i > 1) { 333 $topics .= ' '; 334 } 335 $topics .= $A['tid']; 336 } 337 } 338 339 return $topics; 340 } 341 342 /** 343 * Displays user preferences 344 * 345 */ 346 function editpreferences() 347 { 348 global $_TABLES, $_CONF, $LANG04, $_USER, $_GROUPS; 349 350 $result = DB_query("SELECT noicons,willing,dfid,tzid,noboxes,maxstories,tids,aids,boxes,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userprefs']},{$_TABLES['userindex']} WHERE {$_TABLES['userindex']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']}"); 351 352 $A = DB_fetchArray($result); 353 354 // 'maxstories' may be 0, in which case it will pick up the default 355 // setting for the current topic or $_CONF['limitnews'] (see index.php) 356 if (empty ($A['maxstories'])) { 357 $A['maxstories'] = 0; 358 } else if ($A['maxstories'] > 0) { 359 if ($A['maxstories'] < $_CONF['minnews']) { 360 $A['maxstories'] = $_CONF['minnews']; 361 } 362 } 363 364 $preferences = new Template ($_CONF['path_layout'] . 'preferences'); 365 $preferences->set_file (array ('prefs' => 'displayprefs.thtml', 366 'display' => 'displayblock.thtml', 367 'exclude' => 'excludeblock.thtml', 368 'digest' => 'digestblock.thtml', 369 'boxes' => 'boxesblock.thtml', 370 'comment' => 'commentblock.thtml', 371 'language' => 'language.thtml', 372 'theme' => 'theme.thtml', 373 'privacy' => 'privacyblock.thtml' 374 )); 375 $preferences->set_var ('site_url', $_CONF['site_url']); 376 $preferences->set_var ('layout_url', $_CONF['layout_url']); 377 378 $preferences->set_var ('user_name', $_USER['username']); 379 380 $preferences->set_var ('lang_language', $LANG04[73]); 381 $preferences->set_var ('lang_theme', $LANG04[72]); 382 $preferences->set_var ('lang_theme_text', $LANG04[74]); 383 $preferences->set_var ('lang_misc_title', $LANG04[138]); 384 $preferences->set_var ('lang_misc_help_title', $LANG04[139]); 385 $preferences->set_var ('lang_misc_help', $LANG04[140]); 386 $preferences->set_var ('lang_noicons', $LANG04[40]); 387 $preferences->set_var ('lang_noicons_text', $LANG04[49]); 388 $preferences->set_var ('lang_noboxes', $LANG04[44]); 389 $preferences->set_var ('lang_noboxes_text', $LANG04[51]); 390 $preferences->set_var ('lang_maxstories', $LANG04[43]); 391 if (strpos ($LANG04[52], '%d') === false) { 392 $maxtext = $LANG04[52] . ' ' . $_CONF['limitnews']; 393 } else { 394 $maxtext = sprintf ($LANG04[52], $_CONF['limitnews']); 395 } 396 $preferences->set_var ('lang_maxstories_text', $maxtext); 397 $preferences->set_var ('lang_dateformat', $LANG04[42]); 398 $preferences->set_var ('lang_excluded_items_title', $LANG04[137]); 399 $preferences->set_var ('lang_excluded_items', $LANG04[54]); 400 $preferences->set_var ('lang_exclude_title', $LANG04[136]); 401 $preferences->set_var ('lang_topics', $LANG04[48]); 402 $preferences->set_var ('lang_emailedtopics', $LANG04[76]); 403 $preferences->set_var ('lang_digest_top_header', $LANG04[131]); 404 $preferences->set_var ('lang_digest_help_header', $LANG04[132]); 405 $preferences->set_var ('lang_boxes_title', $LANG04[144]); 406 $preferences->set_var ('lang_boxes_help_title', $LANG04[143]); 407 $preferences->set_var ('lang_boxes', $LANG04[55]); 408 $preferences->set_var ('lang_displaymode', $LANG04[57]); 409 $preferences->set_var ('lang_displaymode_text', $LANG04[60]); 410 $preferences->set_var ('lang_sortorder', $LANG04[58]); 411 $preferences->set_var ('lang_sortorder_text', $LANG04[61]); 412 $preferences->set_var ('lang_comment_title', $LANG04[133]); 413 $preferences->set_var ('lang_comment_help_title', $LANG04[134]); 414 $preferences->set_var ('lang_comment_help', $LANG04[135]); 415 $preferences->set_var ('lang_commentlimit', $LANG04[59]); 416 $preferences->set_var ('lang_commentlimit_text', $LANG04[62]); 417 $preferences->set_var ('lang_privacy_title', $LANG04[141]); 418 $preferences->set_var ('lang_privacy_help_title', $LANG04[141]); 419 $preferences->set_var ('lang_privacy_help', $LANG04[142]); 420 $preferences->set_var ('lang_emailfromadmin', $LANG04[100]); 421 $preferences->set_var ('lang_emailfromadmin_text', $LANG04[101]); 422 $preferences->set_var ('lang_emailfromuser', $LANG04[102]); 423 $preferences->set_var ('lang_emailfromuser_text', $LANG04[103]); 424 $preferences->set_var ('lang_showonline', $LANG04[104]); 425 $preferences->set_var ('lang_showonline_text', $LANG04[105]); 426 $preferences->set_var ('lang_submit', $LANG04[9]); 427 428 $display_name = COM_getDisplayName ($_USER['uid']); 429 430 $preferences->set_var ('lang_authors_exclude', $LANG04[46]); 431 $preferences->set_var ('lang_boxes_exclude', $LANG04[47]); 432 433 $preferences->set_var ('start_block_display', 434 COM_startBlock ($LANG04[45] . ' ' . $display_name)); 435 $preferences->set_var ('start_block_digest', 436 COM_startBlock ($LANG04[75] . ' ' . $display_name)); 437 $preferences->set_var ('start_block_comment', 438 COM_startBlock ($LANG04[64] . ' ' . $display_name)); 439 $preferences->set_var ('start_block_privacy', 440 COM_startBlock ($LANG04[99] . ' ' . $display_name)); 441 $preferences->set_var ('end_block', COM_endBlock ()); 442 443 $preferences->set_var ('display_headline', 444 $LANG04[45] . ' ' . $display_name); 445 $preferences->set_var ('exclude_headline', 446 $LANG04[46] . ' ' . $display_name); 447 $preferences->set_var ('digest_headline', 448 $LANG04[75] . ' ' . $display_name); 449 $preferences->set_var ('boxes_headline', 450 $LANG04[47] . ' ' . $display_name); 451 $preferences->set_var ('comment_headline', 452 $LANG04[64] . ' ' . $display_name); 453 $preferences->set_var ('privacy_headline', 454 $LANG04[99] . ' ' . $display_name); 455 456 // display preferences block 457 if ($_CONF['allow_user_language'] == 1) { 458 459 if (empty ($_USER['language'])) { 460 $userlang = $_CONF['language']; 461 } else { 462 $userlang = $_USER['language']; 463 } 464 465 // Get available languages 466 $language = MBYTE_languageList ($_CONF['default_charset']); 467 468 $has_valid_language = count (array_keys ($language, $userlang)); 469 if ($has_valid_language == 0) { 470 // The user's preferred language is no longer available. 471 // We have a problem now, since we've overwritten $_CONF['language'] 472 // with the user's preferred language ($_USER['language']) and 473 // therefore don't know what the system's default language is. 474 // So we'll try to find a similar language. If that doesn't help, 475 // the dropdown will default to the first language in the list ... 476 $tmp = explode ('_', $userlang); 477 $similarLang = $tmp[0]; 478 } 479 480 $selection = '<select name="language">' . LB; 481 foreach ($language as $langFile => $langName) { 482 $selection .= '<option value="' . $langFile . '"'; 483 if (($langFile == $userlang) || (($has_valid_language == 0) && 484 (strpos ($langFile, $similarLang) === 0))) { 485 $selection .= ' selected="selected"'; 486 $has_valid_language = 1; 487 } else if ($userlang == $langFile) { 488 $selection .= ' selected="selected"'; 489 } 490 491 $selection .= '>' . $langName . '</option>' . LB; 492 } 493 $selection .= '</select>'; 494 $preferences->set_var ('language_selector', $selection); 495 $preferences->parse ('language_selection', 'language', true); 496 } else { 497 $preferences->set_var ('language_selection', ''); 498 } 499 500 if ($_CONF['allow_user_themes'] == 1) { 501 $selection = '<select name="theme">' . LB; 502 503 if (empty ($_USER['theme'])) { 504 $usertheme = $_CONF['theme']; 505 } else { 506 $usertheme = $_USER['theme']; 507 } 508 509 $themeFiles = COM_getThemes (); 510 usort ($themeFiles, 511 create_function ('$a,$b', 'return strcasecmp($a,$b);')); 512 513 foreach ($themeFiles as $theme) { 514 $selection .= '<option value="' . $theme . '"'; 515 if ($usertheme == $theme) { 516 $selection .= ' selected="selected"'; 517 } 518 $words = explode ('_', $theme); 519 $bwords = array (); 520 foreach ($words as $th) { 521 if ((strtolower ($th{0}) == $th{0}) && 522 (strtolower ($th{1}) == $th{1})) { 523 $bwords[] = strtoupper ($th{0}) . substr ($th, 1); 524 } else { 525 $bwords[] = $th; 526 } 527 } 528 $selection .= '>' . implode (' ', $bwords) . '</option>' . LB; 529 } 530 $selection .= '</select>'; 531 $preferences->set_var ('theme_selector', $selection); 532 $preferences->parse ('theme_selection', 'theme', true); 533 } else { 534 $preferences->set_var ('theme_selection', ''); 535 } 536 537 if ($A['noicons'] == '1') { 538 $preferences->set_var ('noicons_checked', 'checked="checked"'); 539 } else { 540 $preferences->set_var ('noicons_checked', ''); 541 } 542 543 if ($A['noboxes'] == 1) { 544 $preferences->set_var ('noboxes_checked', 'checked="checked"'); 545 } else { 546 $preferences->set_var ('noboxes_checked', ''); 547 } 548 549 $preferences->set_var ('maxstories_value', $A['maxstories']); 550 $selection = '<select name="dfid">' . LB 551 . COM_optionList ($_TABLES['dateformats'], 'dfid,description', 552 $A['dfid']) . '</select>'; 553 $preferences->set_var ('dateformat_selector', $selection); 554 $preferences->parse ('display_block', 'display', true); 555 556 // privacy options block 557 if ($A['emailfromadmin'] == 1) { 558 $preferences->set_var ('emailfromadmin_checked', 'checked="checked"'); 559 } else { 560 $preferences->set_var ('emailfromadmin_checked', ''); 561 } 562 if ($A['emailfromuser'] == 1) { 563 $preferences->set_var ('emailfromuser_checked', 'checked="checked"'); 564 } else { 565 $preferences->set_var ('emailfromuser_checked', ''); 566 } 567 if ($A['showonline'] == 1) { 568 $preferences->set_var ('showonline_checked', 'checked="checked"'); 569 } else { 570 $preferences->set_var ('showonline_checked', ''); 571 } 572 $preferences->parse ('privacy_block', 'privacy', true); 573 574 // excluded items block 575 $permissions = COM_getPermSQL (''); 576 $preferences->set_var ('exclude_topic_checklist', 577 COM_checkList($_TABLES['topics'],'tid,topic',$permissions,$A['tids'])); 578 579 if (($_CONF['contributedbyline'] == 1) && 580 ($_CONF['hide_author_exclusion'] == 0)) { 581 $preferences->set_var ('lang_authors', $LANG04[56]); 582 $sql = "SELECT DISTINCT story.uid, users.username,users.fullname FROM {$_TABLES['stories']} story, {$_TABLES['users']} users WHERE story.uid = users.uid"; 583 if ($_CONF['show_fullname'] == 1) { 584 $sql .= ' ORDER BY users.fullname'; 585 } else { 586 $sql .= ' ORDER BY users.username'; 587 } 588 $query = DB_query ($sql); 589 $nrows = DB_numRows ($query ); 590 $authors = explode (' ', $A['aids']); 591 592 $selauthors = ''; 593 for( $i = 0; $i < $nrows; $i++ ) { 594 $B = DB_fetchArray ($query); 595 $selauthors .= '<option value="' . $B['uid'] . '"'; 596 if (in_array (sprintf ('%d', $B['uid']), $authors)) { 597 $selauthors .= ' selected'; 598 } 599 $selauthors .= '>' . COM_getDisplayName ($B['uid'], $B['username'], 600 $B['fullname']) 601 . '</option>' . LB; 602 } 603 604 if (DB_count($_TABLES['topics']) > 10) { 605 $Selboxsize = intval (DB_count ($_TABLES['topics']) * 1.5); 606 } else { 607 $Selboxsize = 15; 608 } 609 $preferences->set_var ('exclude_author_checklist', '<select name="selauthors[]" multiple size='. $Selboxsize. '>' . $selauthors . '</select>'); 610 } else { 611 $preferences->set_var ('lang_authors', ''); 612 $preferences->set_var ('exclude_author_checklist', ''); 613 } 614 $preferences->parse ('exclude_block', 'exclude', true); 615 616 // daily digest block 617 if ($_CONF['emailstories'] == 1) { 618 $user_etids = DB_getItem ($_TABLES['userindex'], 'etids', 619 "uid = {$_USER['uid']}"); 620 if (empty ($user_etids)) { // an empty string now means "all topics" 621 $user_etids = buildTopicList (); 622 } elseif ($user_etids == '-') { // this means "no topics" 623 $user_etids = ''; 624 } 625 $tmp = COM_checkList ($_TABLES['topics'], 'tid,topic', $permissions, 626 $user_etids); 627 $preferences->set_var ('email_topic_checklist', 628 str_replace ($_TABLES['topics'], 'etids', $tmp)); 629 $preferences->parse ('digest_block', 'digest', true); 630 } else { 631 $preferences->set_var ('digest_block', ''); 632 } 633 634 // boxes block 635 $selectedblocks = ''; 636 if (strlen($A['boxes']) > 0) { 637 $blockresult = DB_query("SELECT bid FROM {$_TABLES['blocks']} WHERE bid NOT IN (" . str_replace(' ',',',$A['boxes']) . ")"); 638 for ($x = 1; $x <= DB_numRows($blockresult); $x++) { 639 $row = DB_fetchArray($blockresult); 640 $selectedblocks .= $row['bid']; 641 if ($x <> DB_numRows($blockresult)) { 642 $selectedblocks .= ' '; 643 } 644 } 645 } 646 $whereblock = ''; 647 if (!empty ($permissions)) { 648 $whereblock .= $permissions . ' AND '; 649 } 650 $whereblock .= "((type != 'layout' AND type != 'gldefault' AND is_enabled = 1) OR " 651 . "(type = 'gldefault' AND is_enabled = 1 AND name IN ('whats_new_block','older_stories'))) " 652 . "ORDER BY onleft desc,blockorder,title"; 653 $preferences->set_var ('boxes_checklist', COM_checkList ($_TABLES['blocks'], 654 'bid,title,type', $whereblock, $selectedblocks)); 655 $preferences->parse ('boxes_block', 'boxes', true); 656 657 // comment preferences block 658 $result = DB_query("SELECT commentmode,commentorder,commentlimit FROM {$_TABLES['usercomment']} WHERE uid = {$_USER['uid']}"); 659 $A = DB_fetchArray ($result); 660 661 if (empty ($A['commentmode'])) { 662 $A['commentmode'] = $_CONF['comment_mode']; 663 } 664 if (empty ($A['commentorder'])) $A['commentorder'] = 0; 665 if (empty ($A['commentlimit'])) $A['commentlimit'] = 100; 666 667 $selection = '<select name="commentmode">'; 668 $selection .= COM_optionList ($_TABLES['commentmodes'], 'mode,name', 669 $A['commentmode']); 670 $selection .= '</select>'; 671 $preferences->set_var ('displaymode_selector', $selection); 672 673 $selection = '<select name="commentorder">'; 674 $selection .= COM_optionList ($_TABLES['sortcodes'], 'code,name', 675 $A['commentorder']); 676 $selection .= '</select>'; 677 $preferences->set_var ('sortorder_selector', $selection); 678 $preferences->set_var ('commentlimit_value', $A['commentlimit']); 679 $preferences->parse ('comment_block', 'comment', true); 680 681 return $preferences->finish ($preferences->parse ('output', 'prefs')); 682 } 683 684 /** 685 * Check if an email address already exists in the database 686 * 687 * @param email string email address to check 688 * @param uid int user id of current user 689 * @return bool true = exists, false = does not exist 690 * 691 */ 692 function emailAddressExists ($email, $uid) 693 { 694 global $_TABLES; 695 696 $result = DB_query ("SELECT uid FROM {$_TABLES['users']} WHERE email = '{$email}'"); 697 $numrows = DB_numRows ($result); 698 for ($i = 0; $i < $numrows; $i++) { 699 $A = DB_fetchArray ($result); 700 if ($A['uid'] != $uid) { 701 // email address is already in use for another account 702 return true; 703 } 704 } 705 706 return false; 707 } 708 709 /** 710 * Upload new photo, delete old photo 711 * 712 * @param string $delete_photo 'on': delete old photo 713 * @return string filename of new photo (empty = no new photo) 714 * 715 */ 716 function handlePhotoUpload ($delete_photo = '') 717 { 718 global $_CONF, $_TABLES, $_USER, $LANG24; 719 720 require_once ($_CONF['path_system'] . 'classes/upload.class.php'); 721 722 $upload = new upload(); 723 if (!empty ($_CONF['image_lib'])) { 724 if ($_CONF['image_lib'] == 'imagemagick') { 725 // Using imagemagick 726 $upload->setMogrifyPath ($_CONF['path_to_mogrify']); 727 } elseif ($_CONF['image_lib'] == 'netpbm') { 728 // using netPBM 729 $upload->setNetPBM ($_CONF['path_to_netpbm']); 730 } elseif ($_CONF['image_lib'] == 'gdlib') { 731 // using the GD library 732 $upload->setGDLib (); 733 } 734 $upload->setAutomaticResize (true); 735 if (isset ($_CONF['debug_image_upload']) && 736 $_CONF['debug_image_upload']) { 737 $upload->setLogFile ($_CONF['path'] . 'logs/error.log'); 738 $upload->setDebug (true); 739 } 740 } 741 $upload->setAllowedMimeTypes (array ('image/gif' => '.gif', 742 'image/jpeg' => '.jpg,.jpeg', 743 'image/pjpeg' => '.jpg,.jpeg', 744 'image/x-png' => '.png', 745 'image/png' => '.png' 746 ) ); 747 if (!$upload->setPath ($_CONF['path_images'] . 'userphotos')) { 748 $display = COM_siteHeader ('menu', $LANG24[30]); 749 $display .= COM_startBlock ($LANG24[30], '', 750 COM_getBlockTemplate ('_msg_block', 'header')); 751 $display .= $upload->printErrors (false); 752 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 753 'footer')); 754 $display .= COM_siteFooter (); 755 echo $display; 756 exit; // don't return 757 } 758 759 $filename = ''; 760 if (!empty ($delete_photo) && ($delete_photo == 'on')) { 761 $delete_photo = true; 762 } else { 763 $delete_photo = false; 764 } 765 766 $curphoto = DB_getItem ($_TABLES['users'], 'photo', 767 "uid = {$_USER['uid']}"); 768 if (empty ($curphoto)) { 769 $delete_photo = false; 770 } 771 772 // see if user wants to upload a (new) photo 773 $newphoto = $_FILES['photo']; 774 if (!empty ($newphoto['name'])) { 775 $pos = strrpos ($newphoto['name'], '.') + 1; 776 $fextension = substr ($newphoto['name'], $pos); 777 $filename = $_USER['username'] . '.' . $fextension; 778 779 if (!empty ($curphoto) && ($filename != $curphoto)) { 780 $delete_photo = true; 781 } else { 782 $delete_photo = false; 783 } 784 } 785 786 // delete old photo first 787 if ($delete_photo) { 788 USER_deletePhoto ($curphoto); 789 } 790 791 // now do the upload 792 if (!empty ($filename)) { 793 $upload->setFileNames ($filename); 794 $upload->setPerms ('0644'); 795 if (($_CONF['max_photo_width'] > 0) && 796 ($_CONF['max_photo_height'] > 0)) { 797 $upload->setMaxDimensions ($_CONF['max_photo_width'], 798 $_CONF['max_photo_height']); 799 } else { 800 $upload->setMaxDimensions ($_CONF['max_image_width'], 801 $_CONF['max_image_height']); 802 } 803 if ($_CONF['max_photo_size'] > 0) { 804 $upload->setMaxFileSize($_CONF['max_photo_size']); 805 } else { 806 $upload->setMaxFileSize($_CONF['max_image_size']); 807 } 808 $upload->uploadFiles (); 809 810 if ($upload->areErrors ()) { 811 $display = COM_siteHeader ('menu', $LANG24[30]); 812 $display .= COM_startBlock ($LANG24[30], '', 813 COM_getBlockTemplate ('_msg_block', 'header')); 814 $display .= $upload->printErrors (false); 815 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 816 'footer')); 817 $display .= COM_siteFooter (); 818 echo $display; 819 exit; // don't return 820 } 821 } else if (!$delete_photo && !empty ($curphoto)) { 822 $filename = $curphoto; 823 } 824 825 return $filename; 826 } 827 828 /** 829 * Saves the user's information back to the database 830 * 831 * @A array User's data 832 * 833 */ 834 function saveuser($A) 835 { 836 global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; 837 838 if ($_US_VERBOSE) { 839 COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); 840 } 841 842 $reqid = DB_getItem ($_TABLES['users'], 'pwrequestid', 843 "uid = {$_USER['uid']}"); 844 if ($reqid != $A['uid']) { 845 DB_change ($_TABLES['users'], 'pwrequestid', "NULL", 846 'uid', $_USER['uid']); 847 COM_accessLog ("An attempt was made to illegally change the account information of user {$_USER['uid']}."); 848 849 return COM_refresh ($_CONF['site_url'] . '/index.php'); 850 } 851 852 $A['cooktime'] = COM_applyFilter ($A['cooktime'], true); 853 if ($A['cooktime'] < 0) { 854 $A['cooktime'] = 0; 855 } 856 857 // to change the password, email address, or cookie timeout, 858 // we need the user's current password 859 if (!empty ($A['passwd']) || ($A['email'] != $_USER['email']) || 860 ($A['cooktime'] != $_USER['cookietimeout'])) { 861 if (empty ($A['old_passwd']) || 862 (md5 ($A['old_passwd']) != $_USER['passwd'])) { 863 864 return COM_refresh ($_CONF['site_url'] 865 . '/usersettings.php?mode=edit&msg=83'); 866 } 867 } 868 869 // no need to filter the password as it's md5 encoded anyway 870 if ($_CONF['allow_username_change'] == 1) { 871 $A['new_username'] = COM_applyFilter ($A['new_username']); 872 if (!empty ($A['new_username']) && 873 ($A['new_username'] != $_USER['username'])) { 874 $A['new_username'] = addslashes ($A['new_username']); 875 if (DB_count ($_TABLES['users'], 'username', $A['new_username']) == 0) { 876 if ($_CONF['allow_user_photo'] == 1) { 877 $photo = DB_getItem ($_TABLES['users'], 'photo', 878 "uid = {$_USER['uid']}"); 879 if (!empty ($photo)) { 880 $newphoto = preg_replace ('/' . $_USER['username'] . '/', 881 $A['new_username'], $photo, 1); 882 $imgpath = $_CONF['path_images'] . 'userphotos/'; 883 if (rename ($imgpath . $photo, 884 $imgpath . $newphoto) === false) { 885 $display = COM_siteHeader ('menu', $LANG04[21]); 886 $display .= COM_errorLog ('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); 887 $display .= COM_siteFooter (); 888 889 return $display; 890 } 891 DB_change ($_TABLES['users'], 'photo', 892 addslashes ($newphoto), "uid", $_USER['uid']); 893 } 894 } 895 896 DB_change ($_TABLES['users'], 'username', $A['new_username'], 897 "uid", $_USER['uid']); 898 } else { 899 return COM_refresh ($_CONF['site_url'] 900 . '/usersettings.php?mode=edit&msg=51'); 901 } 902 } 903 } 904 905 if (!empty ($A['passwd'])) { 906 if (($A['passwd'] == $A['passwd_conf']) 907 AND (md5 ($A['old_passwd']) == $_USER['passwd'])) { 908 $passwd = md5 ($A['passwd']); 909 DB_change($_TABLES['users'], 'passwd', 910 "$passwd", "uid", $_USER['uid']); 911 if ($A['cooktime'] > 0) { 912 $cooktime = $A['cooktime']; 913 } else { 914 $cooktime = -1000; 915 } 916 setcookie ($_CONF['cookie_password'], $passwd, time() + $cooktime, 917 $_CONF['cookie_path'], $_CONF['cookiedomain'], 918 $_CONF['cookiesecure']); 919 } 920 elseif (md5 ($A['old_passwd']) != $_USER['passwd']) { 921 return COM_refresh ($_CONF['site_url'] 922 . '/usersettings.php?mode=edit&msg=68'); 923 } 924 elseif ($A['passwd'] != $A['passwd_conf']) { 925 return COM_refresh ($_CONF['site_url'] 926 . '/usersettings.php?mode=edit&msg=67'); 927 } 928 } 929 930 // a quick spam check with the unfiltered field contents 931 $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' 932 . '<p><a href="' . $A['homepage'] . '">' . $A['homepage'] 933 . '</a><br>' . $A['location'] . '<br>' . $A['sig'] . '<br>' 934 . $A['about'] . '<br>' . $A['pgpkey'] . '</p>'; 935 $result = PLG_checkforSpam ($profile, $_CONF['spamx']); 936 if ($result > 0) { 937 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); 938 } 939 940 $A['email'] = COM_applyFilter ($A['email']); 941 $A['email_conf'] = COM_applyFilter ($A['email_conf']); 942 $A['homepage'] = COM_applyFilter ($A['homepage']); 943 944 // basic filtering only 945 $A['fullname'] = strip_tags (COM_stripslashes ($A['fullname'])); 946 $A['location'] = strip_tags (COM_stripslashes ($A['location'])); 947 $A['sig'] = strip_tags (COM_stripslashes ($A['sig'])); 948 $A['about'] = strip_tags (COM_stripslashes ($A['about'])); 949 $A['pgpkey'] = strip_tags (COM_stripslashes ($A['pgpkey'])); 950 951 if (!COM_isEmail ($A['email'])) { 952 return COM_refresh ($_CONF['site_url'] 953 . '/usersettings.php?mode=edit&msg=52'); 954 } else if ($A['email'] !== $A['email_conf']) { 955 return COM_refresh ($_CONF['site_url'] 956 . '/usersettings.php?mode=edit&msg=78'); 957 } else if (emailAddressExists ($A['email'], $_USER['uid'])) { 958 return COM_refresh ($_CONF['site_url'] 959 . '/usersettings.php?mode=edit&msg=56'); 960 } else { 961 if ($_US_VERBOSE) { 962 COM_errorLog('cooktime = ' . $A['cooktime'],1); 963 } 964 965 if ($A['cooktime'] <= 0) { 966 $cooktime = 1000; 967 setcookie ($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime, 968 $_CONF['cookie_path'], $_CONF['cookiedomain'], 969 $_CONF['cookiesecure']); 970 } else { 971 setcookie ($_CONF['cookie_name'], $_USER['uid'], 972 time() + $A['cooktime'], $_CONF['cookie_path'], 973 $_CONF['cookiedomain'], $_CONF['cookiesecure']); 974 } 975 976 if ($_CONF['allow_user_photo'] == 1) { 977 $delete_photo = ''; 978 if (isset ($A['delete_photo'])) { 979 $delete_photo = $A['delete_photo']; 980 } 981 $filename = handlePhotoUpload ($delete_photo); 982 } 983 984 if (!empty ($A['homepage'])) { 985 $pos = MBYTE_strpos ($A['homepage'], ':'); 986 if ($pos === false) { 987 $A['homepage'] = 'http://' . $A['homepage']; 988 } 989 else { 990 $prot = substr ($A['homepage'], 0, $pos + 1); 991 if (($prot != 'http:') && ($prot != 'https:')) { 992 $A['homepage'] = 'http:' . substr ($A['homepage'], $pos + 1); 993 } 994 } 995 $A['homepage'] = addslashes ($A['homepage']); 996 } 997 998 $A['fullname'] = addslashes ($A['fullname']); 999 $A['email'] = addslashes ($A['email']); 1000 $A['location'] = addslashes ($A['location']); 1001 $A['sig'] = addslashes ($A['sig']); 1002 $A['about'] = addslashes ($A['about']); 1003 $A['pgpkey'] = addslashes ($A['pgpkey']); 1004 1005 if (!empty ($filename)) { 1006 if (!file_exists ($_CONF['path_images'] . 'userphotos/' . $filename)) { 1007 $filename = ''; 1008 } 1009 } 1010 1011 DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='$filename' WHERE uid={$_USER['uid']}"); 1012 DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); 1013 1014 // Call custom registration save function if enabled and exists 1015 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) { 1016 CUSTOM_userSave($_USER['uid']); 1017 } 1018 1019 PLG_userInfoChanged ($_USER['uid']); 1020 1021 if ($_US_VERBOSE) { 1022 COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); 1023 } 1024 1025 return COM_refresh ($_CONF['site_url'] . '/users.php?mode=profile&uid=' 1026 . $_USER['uid'] . '&msg=5'); 1027 } 1028 } 1029 1030 /** 1031 * Shows a profile for a user 1032 * 1033 * This grabs the user profile for a given user and displays it 1034 * 1035 * @param int $user User ID of profile to get 1036 * @param int $msg Message to display (if != 0) 1037 * @return string HTML for user profile page 1038 * 1039 */ 1040 function userprofile ($user, $msg = 0) 1041 { 1042 global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN; 1043 1044 $retval = ''; 1045 1046 if (empty ($_USER['username']) && 1047 (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) { 1048 $retval .= COM_siteHeader ('menu'); 1049 $retval .= COM_startBlock ($LANG_LOGIN[1], '', 1050 COM_getBlockTemplate ('_msg_block', 'header')); 1051 $login = new Template($_CONF['path_layout'] . 'submit'); 1052 $login->set_file (array ('login'=>'submitloginrequired.thtml')); 1053 $login->set_var ('login_message', $LANG_LOGIN[2]); 1054 $login->set_var ('site_url', $_CONF['site_url']); 1055 $login->set_var ('lang_login', $LANG_LOGIN[3]); 1056 $login->set_var ('lang_newuser', $LANG_LOGIN[4]); 1057 $login->parse ('output', 'login'); 1058 $retval .= $login->finish ($login->get_var('output')); 1059 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 1060 $retval .= COM_siteFooter (); 1061 1062 return $retval; 1063 } 1064 1065 $result = DB_query ("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user"); 1066 $nrows = DB_numRows ($result); 1067 if ($nrows == 0) { // no such user 1068 return COM_refresh ($_CONF['site_url'] . '/index.php'); 1069 } 1070 $A = DB_fetchArray ($result); 1071 1072 $display_name = COM_getDisplayName ($user, $A['username'], $A['fullname']); 1073 1074 // format date/time to user preference 1075 $curtime = COM_getUserDateTimeFormat ($A['regdate']); 1076 $A['regdate'] = $curtime[0]; 1077 1078 $user_templates = new Template ($_CONF['path_layout'] . 'users'); 1079 $user_templates->set_file (array ('profile' => 'profile.thtml', 1080 'row' => 'commentrow.thtml', 1081 'strow' => 'storyrow.thtml')); 1082 $user_templates->set_var ('site_url', $_CONF['site_url']); 1083 $user_templates->set_var ('start_block_userprofile', 1084 COM_startBlock ($LANG04[1] . ' ' . $display_name)); 1085 $user_templates->set_var ('end_block', COM_endBlock ()); 1086 $user_templates->set_var ('lang_username', $LANG04[2]); 1087 if ($_CONF['show_fullname'] == 1) { 1088 $user_templates->set_var ('username', $A['fullname']); 1089 $user_templates->set_var ('user_fullname', $A['username']); 1090 } else { 1091 $user_templates->set_var ('username', $A['username']); 1092 $user_templates->set_var ('user_fullname', $A['fullname']); 1093 } 1094 1095 if (SEC_hasRights('user.edit')) { 1096 global $_IMAGE_TYPE, $LANG_ADMIN; 1097 $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' 1098 . $_IMAGE_TYPE . '" border="0" alt="' . $LANG_ADMIN['edit'] 1099 . '" title="' . $LANG_ADMIN['edit'] . '">'; 1100 $edit_link_url = "<a href=\"{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}\">$edit_icon</a>"; 1101 $user_templates->set_var ('edit_link', $edit_link_url); 1102 } 1103 1104 $photo = USER_getPhoto ($user, $A['photo'], $A['email'], -1); 1105 $user_templates->set_var ('user_photo', $photo); 1106 1107 $user_templates->set_var ('lang_membersince', $LANG04[67]); 1108 $user_templates->set_var ('user_regdate', $A['regdate']); 1109 $user_templates->set_var ('lang_email', $LANG04[5]); 1110 $user_templates->set_var ('user_id', $user); 1111 $user_templates->set_var ('lang_sendemail', $LANG04[81]); 1112 $user_templates->set_var ('lang_homepage', $LANG04[6]); 1113 $user_templates->set_var ('user_homepage', COM_killJS ($A['homepage'])); 1114 $user_templates->set_var ('lang_location', $LANG04[106]); 1115 $user_templates->set_var ('user_location', strip_tags ($A['location'])); 1116 $user_templates->set_var ('lang_bio', $LANG04[7]); 1117 $user_templates->set_var ('user_bio', nl2br (stripslashes ($A['about']))); 1118 $user_templates->set_var ('lang_pgpkey', $LANG04[8]); 1119 $user_templates->set_var ('user_pgp', nl2br ($A['pgpkey'])); 1120 $user_templates->set_var ('start_block_last10stories', 1121 COM_startBlock ($LANG04[82] . ' ' . $display_name)); 1122 $user_templates->set_var ('start_block_last10comments', 1123 COM_startBlock($LANG04[10] . ' ' . $display_name)); 1124 $user_templates->set_var ('start_block_postingstats', 1125 COM_startBlock ($LANG04[83] . ' ' . $display_name)); 1126 $user_templates->set_var ('lang_title', $LANG09[16]); 1127 $user_templates->set_var ('lang_date', $LANG09[17]); 1128 1129 // for alternative layouts: use these as headlines instead of block titles 1130 $user_templates->set_var ('headline_last10stories', $LANG04[82]); 1131 $user_templates->set_var ('headline_last10comments', $LANG04[10]); 1132 $user_templates->set_var ('headline_postingstats', $LANG04[83]); 1133 1134 $result = DB_query ("SELECT tid FROM {$_TABLES['topics']}" 1135 . COM_getPermSQL ()); 1136 $nrows = DB_numRows ($result); 1137 $tids = array (); 1138 for ($i = 0; $i < $nrows; $i++) { 1139 $T = DB_fetchArray ($result); 1140 $tids[] = $T['tid']; 1141 } 1142 $topics = "'" . implode ("','", $tids) . "'"; 1143 1144 // list of last 10 stories by this user 1145 if (sizeof ($tids) > 0) { 1146 $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND'); 1147 $sql .= " ORDER BY unixdate DESC LIMIT 10"; 1148 $result = DB_query ($sql); 1149 $nrows = DB_numRows ($result); 1150 } else { 1151 $nrows = 0; 1152 } 1153 if ($nrows > 0) { 1154 for ($i = 0; $i < $nrows; $i++) { 1155 $C = DB_fetchArray ($result); 1156 $user_templates->set_var ('cssid', ($i % 2) + 1); 1157 $user_templates->set_var ('row_number', ($i + 1) . '.'); 1158 $articleUrl = COM_buildUrl ($_CONF['site_url'] 1159 . '/article.php?story=' . $C['sid']); 1160 $user_templates->set_var ('article_url', $articleUrl); 1161 $user_templates->set_var ('story_begin_href', 1162 '<a href="' . $articleUrl . '">'); 1163 $C['title'] = str_replace ('$', '$', $C['title']); 1164 $user_templates->set_var ('story_title', 1165 stripslashes ($C['title'])); 1166 $user_templates->set_var ('story_end_href', '</a>'); 1167 $storytime = COM_getUserDateTimeFormat ($C['unixdate']); 1168 $user_templates->set_var ('story_date', $storytime[0]); 1169 $user_templates->parse ('story_row', 'strow', true); 1170 } 1171 } else { 1172 $user_templates->set_var ('story_row', 1173 '<tr><td>' . $LANG01[37] . '</td></tr>'); 1174 } 1175 1176 // list of last 10 comments by this user 1177 $sidArray = array(); 1178 if (sizeof ($tids) > 0) { 1179 // first, get a list of all stories the current visitor has access to 1180 $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND'); 1181 $result = DB_query($sql); 1182 $numsids = DB_numRows($result); 1183 for ($i = 1; $i <= $numsids; $i++) { 1184 $S = DB_fetchArray ($result); 1185 $sidArray[] = $S['sid']; 1186 } 1187 } 1188 1189 $sidList = implode("', '",$sidArray); 1190 $sidList = "'$sidList'"; 1191 1192 // then, find all comments by the user in those stories 1193 $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)"; 1194 1195 // SQL NOTE: Using a HAVING clause is usually faster than a where if the 1196 // field is part of the select 1197 // if (!empty ($sidList)) { 1198 // $sql .= " AND (sid in ($sidList))"; 1199 // } 1200 if (!empty ($sidList)) { 1201 $sql .= " HAVING sid in ($sidList)"; 1202 } 1203 $sql .= " ORDER BY unixdate DESC LIMIT 10"; 1204 1205 $result = DB_query($sql); 1206 $nrows = DB_numRows($result); 1207 if ($nrows > 0) { 1208 for ($i = 0; $i < $nrows; $i++) { 1209 $C = DB_fetchArray ($result); 1210 $user_templates->set_var ('cssid', ($i % 2) + 1); 1211 $user_templates->set_var ('row_number', ($i + 1) . '.'); 1212 $user_templates->set_var ('comment_begin_href', 1213 '<a href="' . $_CONF['site_url'] . 1214 '/comment.php?mode=view&cid=' . $C['cid']. '">'); 1215 $C['title'] = str_replace ('$', '$', $C['title']); 1216 $user_templates->set_var ('comment_title', 1217 stripslashes ($C['title'])); 1218 $user_templates->set_var ('comment_end_href', '</a>'); 1219 $commenttime = COM_getUserDateTimeFormat ($C['unixdate']); 1220 $user_templates->set_var ('comment_date', $commenttime[0]); 1221 $user_templates->parse ('comment_row', 'row', true); 1222 } 1223 } else { 1224 $user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>'); 1225 } 1226 1227 // posting stats for this user 1228 $user_templates->set_var ('lang_number_stories', $LANG04[84]); 1229 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND'); 1230 $result = DB_query($sql); 1231 $N = DB_fetchArray ($result); 1232 $user_templates->set_var ('number_stories', COM_numberFormat ($N['count'])); 1233 $user_templates->set_var ('lang_number_comments', $LANG04[85]); 1234 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user)"; 1235 if (!empty ($sidList)) { 1236 $sql .= " AND (sid in ($sidList))"; 1237 } 1238 $result = DB_query ($sql); 1239 $N = DB_fetchArray ($result); 1240 $user_templates->set_var ('number_comments', COM_numberFormat($N['count'])); 1241 $user_templates->set_var ('lang_all_postings_by', 1242 $LANG04[86] . ' ' . $display_name); 1243 1244 // Call custom registration function if enabled and exists 1245 if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userDisplay') ) { 1246 $user_templates->set_var ('customfields', CUSTOM_userDisplay ($user)); 1247 } 1248 PLG_profileVariablesDisplay ($user, $user_templates); 1249 1250 $user_templates->parse ('output', 'profile'); 1251 $retval .= $user_templates->finish ($user_templates->get_var ('output')); 1252 1253 $retval .= PLG_profileBlocksDisplay ($user); 1254 1255 return $retval; 1256 } 1257 1258 /** 1259 * Saves user's preferences back to the database 1260 * 1261 * @A array User's data to save 1262 * 1263 */ 1264 function savepreferences($A) 1265 { 1266 global $_CONF, $_TABLES, $_USER; 1267 1268 if (isset ($A['noicons']) && ($A['noicons'] == 'on')) { 1269 $A['noicons'] = 1; 1270 } else { 1271 $A['noicons'] = 0; 1272 } 1273 if (isset ($A['willing']) && ($A['willing'] == 'on')) { 1274 $A['willing'] = 1; 1275 } else { 1276 $A['willing'] = 0; 1277 } 1278 if (isset ($A['noboxes']) && ($A['noboxes'] == 'on')) { 1279 $A['noboxes'] = 1; 1280 } else { 1281 $A['noboxes'] = 0; 1282 } 1283 if (isset ($A['emailfromadmin']) && ($A['emailfromadmin'] == 'on')) { 1284 $A['emailfromadmin'] = 1; 1285 } else { 1286 $A['emailfromadmin'] = 0; 1287 } 1288 if (isset ($A['emailfromuser']) && ($A['emailfromuser'] == 'on')) { 1289 $A['emailfromuser'] = 1; 1290 } else { 1291 $A['emailfromuser'] = 0; 1292 } 1293 if (isset ($A['showonline']) && ($A['showonline'] == 'on')) { 1294 $A['showonline'] = 1; 1295 } else { 1296 $A['showonline'] = 0; 1297 } 1298 1299 $A['maxstories'] = COM_applyFilter ($A['maxstories'], true); 1300 if (empty ($A['maxstories'])) { 1301 $A['maxstories'] = 0; 1302 } else if ($A['maxstories'] > 0) { 1303 if ($A['maxstories'] < $_CONF['minnews']) { 1304 $A['maxstories'] = $_CONF['minnews']; 1305 } 1306 } 1307 1308 $TIDS = @array_values($A[$_TABLES['topics']]); 1309 $AIDS = @array_values($A['selauthors']); 1310 $BOXES = @array_values($A["{$_TABLES['blocks']}"]); 1311 $ETIDS = @array_values($A['etids']); 1312 1313 $tids = ''; 1314 if (sizeof ($TIDS) > 0) { 1315 $tids = addslashes (implode (' ', $TIDS)); 1316 } 1317 1318 $aids = ''; 1319 if (sizeof ($AIDS) > 0) { 1320 $aids = addslashes (implode (' ', $AIDS)); 1321 } 1322 1323 $selectedblocks = ''; 1324 if (count ($BOXES) > 0) { 1325 $boxes = addslashes (implode (',', $BOXES)); 1326 1327 $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)"); 1328 $numRows = DB_numRows($blockresult); 1329 for ($x = 1; $x <= $numRows; $x++) { 1330 $row = DB_fetchArray ($blockresult); 1331 if ($row['name'] <> 'user_block' AND $row['name'] <> 'admin_block' AND $row['name'] <> 'section_block') { 1332 $selectedblocks .= $row['bid']; 1333 if ($x <> $numRows) { 1334 $selectedblocks .= ' '; 1335 } 1336 } 1337 } 1338 } 1339 1340 $etids = ''; 1341 if (sizeof ($ETIDS) > 0) { 1342 $allowed_etids = buildTopicList (); 1343 $AETIDS = explode (' ', $allowed_etids); 1344 $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS))); 1345 } 1346 1347 if (!isset ($A['tzid'])) { 1348 $A['tzid'] = ''; 1349 } 1350 1351 $A['theme'] = COM_applyFilter ($A['theme']); 1352 if (empty ($A['theme'])) { 1353 $A['theme'] = $_CONF['theme']; 1354 } 1355 1356 $A['language'] = COM_applyFilter ($A['language']); 1357 if (empty ($A['language'])) { 1358 $A['language'] = $_CONF['language']; 1359 } 1360 1361 // Save theme, when doing so, put in cookie so we can set the user's theme 1362 // even when they aren't logged in 1363 $theme = addslashes ($A['theme']); 1364 $language = addslashes ($A['language']); 1365 DB_query("UPDATE {$_TABLES['users']} SET theme='$theme',language='$language' WHERE uid = '{$_USER['uid']}'"); 1366 setcookie ($_CONF['cookie_theme'], $A['theme'], time() + 31536000, 1367 $_CONF['cookie_path'], $_CONF['cookiedomain'], 1368 $_CONF['cookiesecure']); 1369 setcookie ($_CONF['cookie_language'], $A['language'], time() + 31536000, 1370 $_CONF['cookie_path'], $_CONF['cookiedomain'], 1371 $_CONF['cookiesecure']); 1372 1373 $A['dfid'] = COM_applyFilter ($A['dfid'], true); 1374 1375 DB_query("UPDATE {$_TABLES['userprefs']} SET noicons='{$A['noicons']}', willing='{$A['willing']}', dfid='{$A['dfid']}', tzid='{$A['tzid']}', emailfromadmin='{$A['emailfromadmin']}', emailfromuser='{$A['emailfromuser']}', showonline='{$A['showonline']}' WHERE uid='{$_USER['uid']}'"); 1376 1377 if (empty ($etids)) { 1378 $etids = '-'; 1379 } 1380 DB_save($_TABLES['userindex'],"uid,tids,aids,boxes,noboxes,maxstories,etids","'{$_USER['uid']}','$tids','$aids','$selectedblocks','{$A['noboxes']}',{$A['maxstories']},'$etids'"); 1381 1382 $A['commentmode'] = COM_applyFilter ($A['commentmode']); 1383 if (empty ($A['commentmode'])) { 1384 $A['commentmode'] = $_CONF['comment_mode']; 1385 } 1386 $A['commentmode'] = addslashes ($A['commentmode']); 1387 1388 $A['commentorder'] = COM_applyFilter ($A['commentorder']); 1389 if (empty ($A['commentorder'])) { 1390 $A['commentorder'] = 'ASC'; 1391 } 1392 $A['commentorder'] = addslashes ($A['commentorder']); 1393 1394 $A['commentlimit'] = COM_applyFilter ($A['commentlimit'], true); 1395 if ($A['commentlimit'] <= 0) { 1396 $A['commentlimit'] = $_CONF['comment_limit']; 1397 } 1398 1399 DB_save($_TABLES['usercomment'],'uid,commentmode,commentorder,commentlimit',"'{$_USER['uid']}','{$A['commentmode']}','{$A['commentorder']}','{$A['commentlimit']}'"); 1400 1401 PLG_userInfoChanged ($_USER['uid']); 1402 } 1403 1404 // MAIN 1405 $mode = ''; 1406 if (isset($_POST['btncancel']) AND $_POST['btncancel'] == $LANG_ADMIN['cancel']) { 1407 echo COM_refresh($_CONF['site_url']); 1408 exit; 1409 } else if (isset($_POST['btnsubmit']) AND ($_POST['btnsubmit'] == $LANG04[96]) && ($_POST['mode'] != 'deleteconfirmed')) { 1410 $mode = 'confirmdelete'; 1411 } else if (isset ($_POST['mode'])) { 1412 $mode = COM_applyFilter ($_POST['mode']); 1413 } else if (isset ($_GET['mode'])) { 1414 $mode = COM_applyFilter ($_GET['mode']); 1415 } 1416 1417 $display = ''; 1418 1419 if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) { 1420 switch ($mode) { 1421 case 'edit': 1422 $display .= COM_siteHeader ('menu', $LANG04[16]); 1423 $msg = 0; 1424 if (isset ($_GET['msg'])) { 1425 $msg = COM_applyFilter ($_GET['msg'], true); 1426 if ($msg > 0) { 1427 $display .= COM_showMessage ($msg); 1428 } 1429 } 1430 $display .= edituser(); 1431 $display .= COM_siteFooter(); 1432 break; 1433 1434 case 'saveuser': 1435 savepreferences ($_POST); 1436 $display .= saveuser($_POST); 1437 PLG_profileExtrasSave (); 1438 break; 1439 1440 case 'savepreferences': 1441 savepreferences ($_POST); 1442 $display .= COM_refresh ($_CONF['site_url'] 1443 . '/usersettings.php?mode=preferences&msg=6'); 1444 break; 1445 1446 case 'confirmdelete': 1447 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) { 1448 $accountId = COM_applyFilter ($_POST['account_id']); 1449 if (!empty ($accountId)) { 1450 $display .= confirmAccountDelete ($accountId); 1451 } else { 1452 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 1453 } 1454 } else { 1455 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 1456 } 1457 break; 1458 1459 case 'deleteconfirmed': 1460 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) { 1461 $accountId = COM_applyFilter ($_POST['account_id']); 1462 if (!empty ($accountId)) { 1463 $display .= deleteUserAccount ($accountId); 1464 } else { 1465 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 1466 } 1467 } else { 1468 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 1469 } 1470 break; 1471 1472 case 'plugin': 1473 PLG_profileExtrasSave ($_POST['plugin']); 1474 $display = COM_refresh ($_CONF['site_url'] 1475 . '/usersettings.php?mode=edit&msg=5'); 1476 break; 1477 1478 default: // also if $mode == 'preferences' or 'comments' 1479 $display .= COM_siteHeader ('menu', $LANG01[49]); 1480 $msg = 0; 1481 if (isset ($_GET['msg'])) { 1482 $msg = COM_applyFilter ($_GET['msg'], true); 1483 if ($msg > 0) { 1484 $display .= COM_showMessage ($msg); 1485 } 1486 } 1487 $display .= editpreferences(); 1488 $display .= COM_siteFooter(); 1489 break; 1490 } 1491 } else { 1492 $display .= COM_siteHeader ('menu'); 1493 $display .= COM_startBlock ($LANG04[70] . '!'); 1494 $display .= '<br>' . $LANG04[71] . '<br><br>'; 1495 $display .= COM_endBlock (); 1496 $display .= COM_siteFooter (); 1497 } 1498 1499 echo $display; 1500 1501 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|