| [ Index ] |
PHP Cross Reference of e107 v1 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 + ----------------------------------------------------------------------------+ 4 | e107 website system 5 | 6 | Copyright (C) 2001-2002 Steve Dunstan (jalist@e107.org) 7 | Copyright (C) 2008-2010 e107 Inc (e107.org) 8 | 9 | Released under the terms and conditions of the 10 | GNU General Public License (http://gnu.org). 11 | 12 | $URL: https://e107.svn.sourceforge.net/svnroot/e107/trunk/e107_0.7/usersettings.php $ 13 | $Revision: 12188 $ 14 | $Id: usersettings.php 12188 2011-05-04 20:38:01Z e107steved $ 15 | $Author: e107steved $ 16 +----------------------------------------------------------------------------+ 17 */ 18 19 // Experimental e-token 20 if(!empty($_POST) && !isset($_POST['e-token'])) 21 { 22 // set e-token so it can be processed by class2 23 $_POST['e-token'] = ''; 24 } 25 define("e_NOCACHE",TRUE); 26 require_once ("class2.php"); 27 require_once(e_HANDLER."ren_help.php"); 28 require_once(e_HANDLER."user_extended_class.php"); 29 $ue = new e107_user_extended; 30 31 //define("US_DEBUG",TRUE); 32 define("US_DEBUG",FALSE); 33 34 35 if (!USER) { 36 header("location:".e_BASE."index.php"); 37 exit; 38 } 39 40 if ((!ADMIN || !getperms('4')) && e_QUERY && e_QUERY != 'update' ) 41 { 42 header("location:".e_BASE."usersettings.php"); 43 exit; 44 } 45 46 require_once(e_HANDLER."ren_help.php"); 47 48 if(is_readable(THEME."usersettings_template.php")) 49 { 50 include_once(THEME."usersettings_template.php"); 51 } 52 else 53 { 54 include_once(e_THEME."templates/usersettings_template.php"); 55 } 56 include_once(e_FILE."shortcode/batch/usersettings_shortcodes.php"); 57 58 require_once(e_HANDLER."calendar/calendar_class.php"); 59 $cal = new DHTML_Calendar(true); 60 $sesschange = ''; // Notice removal 61 $photo_to_delete = ''; 62 $avatar_to_delete = ''; 63 64 $inp = USERID; 65 $_uid = false; 66 if(is_numeric(e_QUERY)) 67 { 68 if(ADMIN) 69 { 70 $inp = (int)e_QUERY; 71 $_uid = $inp; 72 $info = get_user_data($inp); 73 //Only site admin is able to change setting for other admins 74 if(!is_array($info) || ($info['user_admin'] == 1 && (!defined('ADMINPERMS') || ADMINPERMS !== '0'))) 75 { 76 header('location:'.e_BASE.'index.php'); 77 exit; 78 } 79 } 80 else 81 { 82 //Non admin attempting to edit another user's ID 83 header('location:'.e_BASE.'index.php'); 84 exit; 85 } 86 } 87 88 require_once(HEADERF); 89 90 // Given an array of user data, return a comma separated string which includes public, admin, member classes etc as appropriate. 91 function addCommonClasses($udata) 92 { 93 $tmp = array(); 94 if ($udata['user_class'] != "") $tmp = explode(",", $udata['user_class']); 95 $tmp[] = e_UC_MEMBER; 96 $tmp[] = e_UC_READONLY; 97 $tmp[] = e_UC_PUBLIC; 98 if (($udata['user_admin'] == 1) || ADMIN) 99 { 100 $tmp[] = e_UC_ADMIN; 101 } 102 if ((strpos($udata['user_perms'],'0') === 0) || getperms('0')) 103 { 104 $tmp[] = e_UC_MAINADMIN; 105 } 106 return implode(",", $tmp); 107 } 108 109 110 111 /** 112 * Does some basic checks on a string claiming to represent an off-site image 113 * 114 * @param string $imageName 115 * 116 * @return boolean|string FALSE for unacceptable, potentially modified string if acceptable 117 */ 118 function checkRemoteImage($imageName) 119 { 120 $newImageName = trim(str_replace(array('\'', '"', '(', ')'), '', $imageName)); // Strip invalid characters 121 if ($imageName != $newImageName) 122 { 123 return FALSE; 124 } 125 if (!preg_match('#(?:localhost|\..{2,6})\/.+\.(?:jpg|jpeg|png|svg|gif)$#i', $newImageName)) 126 { 127 return FALSE; 128 } 129 return $newImageName; 130 } 131 132 133 134 // Save user settings (whether or not changed) 135 //--------------------------------------------- 136 $error = ""; 137 138 if (isset($_POST['updatesettings']) && varset($_POST['e-token'])) 139 { 140 if(!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107') 141 { 142 $pref['auth_method'] = 'e107'; 143 } 144 145 if($pref['auth_method'] != 'e107') 146 { 147 $_POST['password1'] = ''; 148 $_POST['password2'] = ''; 149 } 150 151 /* 152 if ($_uid && ADMIN) 153 { // Admin logged in and editing another user's settings - so editing a different ID 154 $inp = $_uid; 155 $remflag = TRUE; 156 } 157 else 158 { // Current user logged in - use their ID 159 $inp = USERID; 160 } 161 */ 162 163 // echo "inp = $inp <br />"; 164 $udata = get_user_data($inp); // Get all the user data, including any extended fields 165 $peer = ($inp == USERID ? false : true); 166 $udata['user_classlist'] = addCommonClasses($udata); 167 168 169 // Check external avatar 170 $avName = varset($_POST['image'], ''); 171 $avmsg = ''; 172 $_POST['image'] = ''; 173 if ($avName) 174 { 175 $avName = strip_if_magic($avName); 176 $avName = str_replace(array('\'', '"', '(', ')'), '', $avName); // these are invalid anyway, so why allow them? (XSS Fix) 177 if (strpos($avName, '/') !== FALSE) 178 { // Assume an off-site image 179 $avName = checkRemoteImage($avName); 180 if ($avName === FALSE) 181 { 182 $avmsg = LAN_USET_18; 183 } 184 $avFullName = $avName; 185 } 186 else 187 { // Its one of the standard choices 188 $avName = $tp -> toDB($avName); 189 if (strpos($avName, '-upload-') === 0) 190 { // Uploaded avatar 191 $avFullName = e_FILE.'public/avatars/'.str_replace('-upload-', '', $avName); 192 } 193 else 194 { // Site-provided avatar 195 $avFullName = e_IMAGE.'avatars/'.$avName; 196 } 197 if (!is_readable($avFullName)) 198 { 199 $avmsg = LAN_USET_19.': '.$avFullName; // Error accessing avatar 200 $avName = FALSE; 201 } 202 } 203 if ($avmsg) 204 { 205 $error = $avmsg; 206 } 207 elseif (FALSE !== ($size = getimagesize($avFullName))) 208 { 209 $avwidth = $size[0]; 210 $avheight = $size[1]; 211 $avmsg = ''; 212 213 $pref['im_width'] = ($pref['im_width']) ? $pref['im_width'] : 120; 214 $pref['im_height'] = ($pref['im_height']) ? $pref['im_height'] : 100; 215 if ($avwidth > $pref['im_width']) 216 { 217 $avmsg .= LAN_USET_1." ($avwidth)<br />".LAN_USET_2.": {$pref['im_width']}<br /><br />"; 218 } 219 if ($avheight > $pref['im_height']) 220 { 221 $avmsg .= LAN_USET_3." ($avheight)<br />".LAN_USET_4.": {$pref['im_height']}"; 222 } 223 if ($avmsg) 224 { 225 $error = $avmsg; 226 $avName = ''; 227 } 228 else 229 { 230 $_POST['image'] = $avName; 231 } 232 } 233 else 234 { 235 $error = LAN_USET_20.': '.$avFullName; 236 $avName = FALSE; 237 } 238 } 239 240 $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122, LAN_USET_6); 241 $signup_option_names = array("realname", "signature", "image", "timezone", "class"); 242 243 foreach($signup_option_names as $key => $value) 244 { // Check required signup fields 245 if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid) 246 { 247 $error .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n"; 248 } 249 } 250 251 252 // Login Name checks 253 if (isset($_POST['loginname'])) 254 { // Only check if its been edited %*|/| |\#|\=|\$% 255 // another option would be /[^\w\pL\.]/u (non latin words) 256 // $temp_name = trim(preg_replace('#[^a-z0-9_\.]#i', "", strip_tags($_POST['loginname']))); 257 // The above preg_replace will break any non-latin login and should not be used. 258 259 $temp_name = str_replace('--', '', trim(preg_replace("/[\^\*\|\/;:#=\$'\"!#`\s\(\)%\?<>\\{}]/", '', strip_tags($_POST['loginname'])))); 260 if ($temp_name != $_POST['loginname']) 261 { 262 $error .= LAN_USET_13."\\n"; 263 } 264 // Check if login name exceeds maximum allowed length 265 if (strlen($temp_name) > varset($pref['loginname_maxlength'],30)) 266 { 267 $error .= LAN_USET_14."\\n"; 268 } 269 if ((strcasecmp($_POST['loginname'],"Anonymous") == 0) || (strcasecmp($_POST['loginname'],LAN_ANONYMOUS) == 0)) 270 { 271 $error .= LAN_USET_11."\\n"; 272 } 273 $_POST['loginname'] = $temp_name; 274 } 275 276 277 // Password checks 278 $pwreset = ''; 279 if ($_POST['password1'] != $_POST['password2']) { 280 $error .= LAN_105."\\n"; 281 } 282 else 283 { 284 if(trim($_POST['password1']) != "") 285 { 286 $pwreset = "user_password = '".md5(trim($_POST['password1']))."', "; 287 } 288 } 289 290 if(isset($pref['signup_disallow_text'])) 291 { 292 $tmp = explode(",", $pref['signup_disallow_text']); 293 foreach($tmp as $disallow) 294 { 295 if (($disallow != '') && strstr($_POST['username'], $disallow)) 296 { 297 $error .= LAN_USET_11."\\n"; 298 } 299 } 300 } 301 302 if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len'] && trim($_POST['password1']) != "") { 303 $error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n"; 304 $password1 = ""; 305 $password2 = ""; 306 } 307 308 309 310 //-------------------------------------------- 311 // Email address checks 312 //-------------------------------------------- 313 // Split up an email address to check for banned domains. 314 // Return false if invalid address 315 function make_email_query($email, $fieldname = 'banlist_ip') 316 { 317 global $tp; 318 $tmp = strtolower($tp -> toDB(trim(substr($email, strrpos($email, "@")+1)))); 319 if ($tmp == '') return FALSE; 320 if (strpos($tmp,'.') === FALSE) return FALSE; 321 $em = array_reverse(explode('.',$tmp)); 322 $line = ''; 323 $out = array($fieldname."='*@{$tmp}'"); // First element looks for domain as email address 324 foreach ($em as $e) 325 { 326 $line = '.'.$e.$line; 327 $out[] = $fieldname."='*{$line}'"; 328 } 329 return implode(' OR ',$out); 330 } 331 332 333 // Always validate an email address if entered. If its blank, that's OK if checking disabled 334 $_POST['email'] = $tp->toDB(trim(varset($_POST['email'],''))); 335 $do_email_validate = (!varset($pref['disable_emailcheck'],FALSE)) || ($_POST['email'] !=''); 336 if ($do_email_validate) 337 { 338 if (!check_email($_POST['email'])) 339 { 340 $error .= LAN_106."\\n"; 341 } 342 343 // Check Email address against banlist. 344 $wc = make_email_query($_POST['email']); 345 if ($wc) $wc = ' OR '.$wc; 346 347 if (($wc === FALSE) || ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."'".$wc))) 348 { 349 $error .= LAN_106."\\n"; 350 } 351 352 353 // Check for duplicate of email address (always) 354 if ($sql->db_Select("user", "user_name, user_email", "user_email='".$_POST['email']."' AND user_id !='".intval($inp)."' ")) 355 { 356 $error .= LAN_408."\\n"; 357 } 358 } 359 360 361 362 363 // Display name checks 364 if (check_class($pref['displayname_class']) && isset($_POST['username'])) 365 { 366 // Impose a minimum length on display name 367 $username = trim(strip_tags($_POST['username'])); 368 if (strlen($username) < 2) 369 { 370 $error .= LAN_USET_12."\\n"; 371 } 372 if (strlen($username) > varset($pref['displayname_maxlength'],15)) 373 { 374 $error .= LAN_USET_15."\\n"; 375 } 376 377 // Display Name exists. 378 if ($sql->db_Count("user", "(*)", "WHERE `user_name`='".$username."' AND `user_id` != '".intval($inp)."' ")) 379 { 380 $error .= LAN_USET_17; 381 } 382 } 383 384 385 // Uploaded avatar and/or photo 386 $user_sess = ""; 387 if ($file_userfile['error'] != 4) 388 { 389 require_once(e_HANDLER."upload_handler.php"); 390 require_once(e_HANDLER."resize_handler.php"); 391 392 if ($uploaded = file_upload(e_FILE."public/avatars/", "avatar=".$udata['user_id'])) 393 { 394 foreach ($uploaded as $upload) 395 { // Needs the latest upload handler (with legacy and 'future' interfaces) to work 396 if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload']) 397 { 398 // avatar uploaded - give it a reference which identifies it as server-stored 399 $_POST['image'] = "-upload-".$upload['name']; 400 if ($_POST['image'] != $udata['user_image']) 401 { 402 $avatar_to_delete = str_replace("-upload-", "", $udata['user_image']); 403 // echo "Avatar change; deleting {$avatar_to_delete}<br />"; 404 } 405 if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], "avatar")) 406 { 407 unset($message); 408 $error .= RESIZE_NOT_SUPPORTED."\\n"; 409 @unlink(e_FILE."public/avatars/".$upload['name']); 410 $_POST['image'] = ''; 411 } 412 } 413 414 if ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload'] ) 415 { 416 // photograph uploaded 417 $user_sess = $upload['name']; 418 if (!resize_image(e_FILE."public/avatars/".$user_sess, e_FILE."public/avatars/".$user_sess, 180)) 419 { 420 unset($message); 421 $error .= RESIZE_NOT_SUPPORTED."\\n"; 422 @unlink(e_FILE."public/avatars/".$user_sess); 423 $user_sess = ''; 424 } 425 } 426 } 427 } 428 } 429 430 // See if user just wants to delete existing photo 431 if (isset($_POST['user_delete_photo'])) 432 { 433 $photo_to_delete = $udata['user_sess']; 434 $sesschange = "user_sess = '', "; 435 // echo "Just delete old photo: {$photo_to_delete}<br />"; 436 } 437 elseif ($user_sess != "") 438 { // Update DB with photo 439 $sesschange = "user_sess = '".$tp->toDB($user_sess)."', "; 440 if ($udata['user_sess'] == $tp->toDB($user_sess)) 441 { 442 $sesschange = ''; // Same photo - do nothing 443 // echo "Photo not changed<br />"; 444 } 445 else 446 { 447 $photo_to_delete = $udata['user_sess']; 448 // echo "New photo: {$user_sess} Delete old photo: {$photo_to_delete}<br />"; 449 } 450 } 451 452 453 // Validate Extended User Fields. 454 $ue_fields = ""; 455 if($_POST['ue']) 456 { 457 if ($sql->db_Select('user_extended_struct', '*', 'order by user_extended_struct_type', 'order')) // Get both field and category definitions 458 { 459 $skipCat = array(); 460 while($row = $sql->db_Fetch()) 461 { 462 if($row['user_extended_struct_type']) 463 { // Its a field 464 $extList["user_".$row['user_extended_struct_name']] = $row; 465 } 466 // else its a category 467 elseif(!check_class($row['user_extended_struct_applicable']) || !check_class($row['user_extended_struct_write'])) 468 { 469 $skipCat[] = $row['user_extended_struct_id']; 470 } 471 } 472 } 473 474 foreach ($extList as $key => $settings) 475 { // Only process field if its in a category relevant to this user, and this user should be able to change it 476 if (!in_array($settings['user_extended_struct_parent'],$skipCat) && check_class($settings['user_extended_struct_applicable']) && check_class($settings['user_extended_struct_write'])) 477 { 478 $val = ''; 479 if (isset($_POST['ue'][$key])) $val = $_POST['ue'][$key]; 480 $err = $ue->user_extended_validate_entry($val,$settings); 481 if($err === TRUE && !$_uid) 482 { // General error - usually empty field; could be unacceptable value, or regex fail and no error message defined 483 $error .= LAN_SIGNUP_6.($tp->toHtml($settings['user_extended_struct_text'],FALSE,'defs')).' '.LAN_SIGNUP_7."\\n"; 484 } 485 elseif ($err) 486 { // Specific error message returned - usually regex fail 487 $error .= $err."\\n"; 488 $err = TRUE; 489 } 490 if(!$err) 491 { 492 $val = $tp->toDB($val); 493 $ue_fields .= ($ue_fields) ? ", " : ""; 494 $ue_fields .= $key."='".$val."'"; 495 } 496 } 497 } 498 499 $ueHide = array(); 500 foreach (array_keys($_POST['hide']) as $key) 501 { 502 if (isset($extList[$key])) 503 { 504 $ueHide[] = $tp->toDB($key); 505 } 506 } 507 } 508 509 510 // All validated here 511 // ------------------ 512 513 // $inp - UID of user whose data is being changed (may not be the currently logged in user) 514 if (!$error) 515 { 516 unset($_POST['password1']); 517 unset($_POST['password2']); 518 519 520 $_POST['user_id'] = intval($inp); 521 522 523 $ret = $e_event->trigger("preuserset", $_POST); 524 525 if(trim($_POST['user_xup']) != "") 526 { 527 if($sql->db_Select('user', 'user_xup', "user_id = '".intval($inp)."'")) 528 { 529 $row = $sql->db_Fetch(); 530 $update_xup = ($row['user_xup'] != $_POST['user_xup']) ? TRUE : FALSE; 531 } 532 } 533 534 if ($ret == '') 535 { 536 $loginname = strip_tags($_POST['loginname']); 537 if (!$loginname) 538 { 539 $loginname = $udata['user_loginname']; 540 } 541 else 542 { 543 if(!check_class($pref['displayname_class'], $udata['user_classlist'], $peer)) 544 { 545 $new_username = "user_name = '{$loginname}', "; 546 $username = $loginname; 547 } 548 } 549 550 // if (isset($_POST['username']) && check_class($pref['displayname_class'])) 551 if (isset($_POST['username']) && check_class($pref['displayname_class'], $udata['user_classlist'], $peer)) 552 { // Allow change of display name if in right class 553 $username = trim(strip_tags($_POST['username'])); 554 $username = $tp->toDB(substr($username, 0, $pref['displayname_maxlength'])); 555 $new_username = "user_name = '{$username}', "; 556 } 557 558 559 $_POST['signature'] = $tp->toDB($_POST['signature']); 560 $_POST['realname'] = $tp->toDB($_POST['realname']); 561 562 $new_customtitle = ""; 563 if(isset($_POST['customtitle']) && ($pref['forum_user_customtitle'] || ADMIN)) 564 { 565 $new_customtitle = ", user_customtitle = '".$tp->toDB($_POST['customtitle'])."' "; 566 } 567 568 569 // Extended fields - handle any hidden fields 570 if($ue_fields) 571 { 572 $hiddenFields = implode("^", $ueHide); 573 if($hiddenFields != "") 574 { 575 $hiddenFields = "^".$hiddenFields."^"; 576 } 577 $ue_fields .= ", user_hidden_fields = '".$hiddenFields."'"; 578 } 579 580 581 // We can update the basic user record now 582 $sql->db_Update("user", "{$new_username} {$pwreset} {$sesschange} user_email='".$tp -> toDB($_POST['email'])."', user_signature='".$_POST['signature']."', user_image='".$tp -> toDB($_POST['image'])."', user_timezone='".$tp -> toDB($_POST['timezone'])."', user_hideemail='".intval($tp -> toDB($_POST['hideemail']))."', user_login='".$_POST['realname']."' {$new_customtitle}, user_xup='".$tp -> toDB($_POST['user_xup'])."' WHERE user_id='".intval($inp)."' "); 583 if ($photo_to_delete) 584 { // Photo may be a flat file, or in the database 585 delete_file($photo_to_delete); 586 } 587 if ($avatar_to_delete) 588 { // Avatar may be a flat file, or in the database 589 delete_file($avatar_to_delete); 590 } 591 592 593 // If user has changed display name, update the record in the online table 594 if(isset($username) && ($username != USERNAME) && !$_uid) 595 { 596 $sql->db_Update("online", "online_user_id = '".USERID.".".$username."' WHERE online_user_id = '".USERID.".".USERNAME."'"); 597 } 598 599 600 // Only admins can update login name 601 if(ADMIN && getperms("4")) 602 { 603 $sql -> db_Update("user", "user_loginname='".$tp -> toDB($loginname)."' WHERE user_id='".intval($inp)."' "); 604 } 605 606 607 // Save extended field values 608 if($ue_fields) 609 { 610 // ***** Next line creates a record which presumably should be there anyway, so could generate an error 611 $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')"); 612 $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'"); 613 } 614 615 616 // Update Userclass - only if its the user changing their own data (admins can do it another way) 617 if (!$_uid && $sql->db_Select("userclass_classes", "userclass_id", "userclass_editclass IN (".USERCLASS_LIST.")")) 618 { 619 $ucList = $sql->db_getList(); // List of classes which this user can edit 620 if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Read editable list. Current user classes: ".$udata['user_class'],FALSE,LOG_TO_ROLLING); 621 $cur_classes = explode(",", $udata['user_class']); // Current class membership 622 $newclist = array_flip($cur_classes); // Array keys are now the class IDs 623 624 // Update class list - we must take care to only change those classes a user can edit themselves 625 foreach ($ucList as $c) 626 { 627 $cid = $c['userclass_id']; 628 if(!in_array($cid, $_POST['class'])) 629 { 630 unset($newclist[$cid]); 631 } 632 else 633 { 634 $newclist[$cid] = 1; 635 } 636 } 637 $newclist = array_keys($newclist); 638 $nid = implode(',', array_diff($newclist, array(''))); 639 if ($nid != $udata['user_class']) 640 { 641 if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Write back classes; new list: ".$nid,FALSE,LOG_TO_ROLLING); 642 $sql->db_Update("user", "user_class='".$nid."' WHERE user_id=".intval($inp)); 643 } 644 } 645 646 647 if($update_xup == TRUE) 648 { 649 require_once(e_HANDLER."login.php"); 650 userlogin::update_xup($inp, $_POST['user_xup']); 651 } 652 653 $e_event->trigger("postuserset", $_POST); 654 655 656 if(e_QUERY == "update") 657 { 658 header("Location: index.php"); 659 } 660 $message = "<div style='text-align:center'>".LAN_150."</div>"; 661 $caption = LAN_151; 662 } 663 else 664 { // Invalid data 665 $message = "<div style='text-align:center'>".$ret."</div>"; 666 $caption = LAN_151; 667 } 668 unset($_POST); 669 } 670 } 671 672 if ($error) 673 { 674 require_once(e_HANDLER."message_handler.php"); 675 message_handler("P_ALERT", $error); 676 $adref = $_POST['adminreturn']; 677 } 678 679 // --- User data has been update here if appropriate --- 680 681 if(isset($message)) 682 { 683 $ns->tablerender($caption, $message); 684 } 685 686 // --------------------- 687 688 689 $uuid = ($_uid) ? $_uid : USERID; 690 691 $qry = " 692 SELECT u.*, ue.* FROM #user AS u 693 LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id 694 WHERE u.user_id='".intval($uuid)."' 695 "; 696 697 $sql->db_Select_gen($qry); 698 $curVal=$sql->db_Fetch(); 699 $curVal['userclass_list'] = addCommonClasses($curVal); 700 701 if($_POST && $error) 702 { // Fix for all the values being lost when an error occurred. 703 foreach($_POST as $key => $val) 704 { 705 $curVal["user_".$key] = $tp->post_toForm($val); 706 } 707 foreach($_POST['ue'] as $key => $val) 708 { 709 $curVal[$key] = $tp->post_toForm($val); 710 } 711 } 712 713 require_once(e_HANDLER."form_handler.php"); 714 $rs = new form; 715 716 $text = (e_QUERY ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " enctype='multipart/form-data'")); 717 718 if(e_QUERY == "update") 719 { 720 $text .= "<div class='fborder' style='text-align:center'><br />".str_replace("*","<span style='color:red'>*</span>",LAN_USET_9)."<br />".LAN_USET_10."<br /><br /></div>"; 721 } 722 723 $text .= $tp->parseTemplate($USERSETTINGS_EDIT, TRUE, $usersettings_shortcodes); 724 $text .= "<div>"; 725 726 $text .= " 727 <input type='hidden' name='_uid' value='{$uuid}' /> 728 <input type='hidden' name='e-token' value='".e_TOKEN."' style='width:100%' /> 729 </div> 730 </form> 731 "; 732 733 $ns->tablerender(LAN_155, $text); 734 735 deleteExpired(ADMIN); // This will clean up the user and user_extended databases 736 737 require_once(FOOTERF); 738 739 740 741 // Delete 'expired' user records, clean up user_extended DB 742 function deleteExpired($force = FALSE) 743 { 744 global $pref, $sql; 745 $temp1 = 0; 746 if (isset($pref['del_unv']) && $pref['del_unv'] && $pref['user_reg_veri'] != 2) 747 { 748 $threshold= intval(time() - ($pref['del_unv'] * 60)); 749 if (($temp1 = $sql->db_Delete('user', 'user_ban = 2 AND user_join < '.$threshold)) > 0) { $force = TRUE; } 750 } 751 if ($force) 752 { // Remove 'orphaned' extended user field records 753 $sql->db_Select_gen("DELETE `#user_extended` FROM `#user_extended` LEFT JOIN `#user` ON `#user_extended`.`user_extended_id` = `#user`.`user_id` 754 WHERE `#user`.`user_id` IS NULL"); 755 } 756 return $temp1; 757 } 758 759 760 //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// 761 762 function req($field) { 763 global $pref; 764 if ($field == 2) 765 { 766 $ret = "<span style='text-align:right;font-size:15px; color:red'> *</span>"; 767 } 768 else 769 { 770 $ret = ""; 771 } 772 return $ret; 773 } 774 //--------------------------------------------------------------------------------- 775 776 // Delete a file from the public directories. Return TRUE on success, FALSE on failure. 777 // Also deletes from database if appropriate. 778 function delete_file($fname, $dir = 'avatars/') 779 { 780 global $sql; 781 if (!$fname) return FALSE; 782 783 if (preg_match("#Binary (.*?)/#", $fname, $match)) 784 { 785 return $sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'"); 786 } 787 elseif (file_exists(e_FILE."public/".$dir.$fname)) 788 { 789 unlink(e_FILE."public/".$dir.$fname); 790 return TRUE; 791 } 792 return FALSE; 793 } 794 795 796 function headerjs() { 797 global $cal; 798 $script = "<script type=\"text/javascript\"> 799 function addtext_us(sc){ 800 document.getElementById('dataform').image.value = sc; 801 } 802 803 </script>\n"; 804 805 $script .= $cal->load_files(); 806 return $script; 807 } 808 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Mar 12 16:28:38 2012 | Cross Reference PHPXref |