Enano CMS (1.1.x): comparison plugins/admin/UserManager.php

equal deleted inserted replaced

-:faef5e62e1e0
+:90225c988124
 <?php
 /*
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
-* Version 1.1.6 (Caoineag beta 1)
+* Copyright (C) 2006-2009 Dan Fuhry
-* Copyright (C) 2006-2008 Dan Fuhry
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 $db->_die();
 $q = $db->sql_query('DELETE FROM '.table_prefix."session_keys WHERE user_id=$user_id;");
 if ( !$q )
 $db->_die();
 echo '<div class="info-box">' . $lang->get('acpum_msg_delete_success') . '</div>';
+// deleting own account?
+if ( $user_id === $session->user_id )
+{
+// cute little hack to boot them out of the admin panel
+echo '<script type="text/javascript">
+addOnloadHook(function()
+{
+setTimeout(function()
+{
+eraseCookie("sid");
+ENANO_SID = false;
+auth_level = USER_LEVEL_MEMBER;
+window.location = makeUrlNS("Special", "Login");
+}, 3000);
+});
+</script>';
+}
 }
 else
 {
 if ( $session->user_id == $user_id )
 {
 $errors[] = $lang->get('acpum_err_illegal_email');
 $real_name = $_POST['real_name'];
 }
-$signature = RenderMan::preprocess_text($_POST['signature'], true, true);
+$signature = RenderMan::preprocess_text($_POST['signature'], true, false);
 $user_level = intval($_POST['user_level']);
 if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN )
 $errors[] = 'Invalid user level';
 if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
 {
 $homepage = '';
 }
-if ( count($errors) < 1 )
+// true for quiet operation
+list(, , $avatar_post_fail) = avatar_post($user_id, true);
+if ( count($errors) < 1 && !$avatar_post_fail )
 {
 $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
 if ( !$q )
 $db->_die();
 }
 else
 {
 $to_update_users['account_active'] = "0";
 $to_update_users['activation_key'] = sha1($session->dss_rand());
-}
-// Avatar validation
-$action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
-$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
-switch($action)
-{
-case 'keep':
-default:
-break;
-case 'remove':
-if ( $has_avi )
-{
-// First switch the avatar off
-$to_update_users['user_has_avatar'] = '0';
-@unlink($avi_path);
-}
-break;
-case 'set_http':
-case 'set_file':
-// Hackish way to preserve the UNIX philosophy of reusing as much code as possible
-if ( $action == 'set_http' )
-{
-// Check if this action is enabled
-if ( getConfig('avatar_upload_http', 1) !== 1 )
-{
-// non-localized, only appears on hack attempt
-$errors[] = 'Uploads over HTTP are disabled.';
-break;
-}
-// Download the file
-require_once( ENANO_ROOT . '/includes/http.php' );
-if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
-{
-$errors[] = $lang->get('usercp_avatar_invalid_url');
-break;
-}
-$hostname = $match[1];
-$uri = '/' . $match[4];
-$port = ( $match[3] ) ? intval($match[3]) : 80;
-$max_size = intval(getConfig('avatar_max_size'));
-// Get temporary file
-$tempfile = tempnam(false, "enanoavatar_{$user_id}");
-if ( !$tempfile )
-$errors[] = 'Error getting temp file.';
-@unlink($tempfile);
-$request = new Request_HTTP($hostname, $uri, 'GET', $port);
-$result = $request->write_response_to_file($tempfile, 50, $max_size);
-if ( !$result || $request->response_code != HTTP_OK )
-{
-@unlink($tempfile);
-$errors[] = $lang->get('usercp_avatar_bad_write');
-break;
-}
-// Response written. Proceed to validation...
-}
-else
-{
-// Check if this action is enabled
-if ( getConfig('avatar_upload_file', 1) !== 1 )
-{
-// non-localized, only appears on hack attempt
-$errors[] = 'Uploads from the browser are disabled.';
-break;
-}
-$max_size = intval(getConfig('avatar_max_size'));
-$file =& $_FILES['avatar_file'];
-$tempfile =& $file['tmp_name'];
-if ( filesize($tempfile) > $max_size )
-{
-@unlink($tempfile);
-$errors[] = $lang->get('usercp_avatar_file_too_large');
-break;
-}
-}
-$file_type = get_image_filetype($tempfile);
-if ( !$file_type )
-{
-unlink($tempfile);
-$errors[] = $lang->get('usercp_avatar_bad_filetype');
-break;
-}
-$avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
-// The file type is good - validate dimensions and animation
-switch($file_type)
-{
-case 'png':
-$is_animated = is_png_animated($tempfile);
-$dimensions = png_get_dimensions($tempfile);
-break;
-case 'gif':
-$is_animated = is_gif_animated($tempfile);
-$dimensions = gif_get_dimensions($tempfile);
-break;
-case 'jpg':
-$is_animated = false;
-$dimensions = jpg_get_dimensions($tempfile);
-break;
-default:
-$errors[] = 'API mismatch';
-break 2;
-}
-// Did we get invalid size data? If so the image is probably corrupt.
-if ( !$dimensions )
-{
-@unlink($tempfile);
-$errors[] = $lang->get('usercp_avatar_corrupt_image');
-break;
-}
-// Is the image animated?
-if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
-{
-@unlink($tempfile);
-$errors[] = $lang->get('usercp_avatar_disallowed_animation');
-break;
-}
-// Check image dimensions
-list($image_x, $image_y) = $dimensions;
-$max_x = intval(getConfig('avatar_max_width'));
-$max_y = intval(getConfig('avatar_max_height'));
-if ( $image_x > $max_x || $image_y > $max_y )
-{
-@unlink($tempfile);
-$errors[] = $lang->get('usercp_avatar_too_large');
-break;
-}
-// All good!
-@unlink($avi_path);
-if ( rename($tempfile, $avi_path_new) )
-{
-$to_update_users['user_has_avatar'] = '1';
-$to_update_users['avatar_type'] = $file_type;
-}
-else
-{
-// move failed - turn avatar off
-$to_update_users['user_has_avatar'] = '0';
-}
-break;
-case 'set_gravatar':
-// set avatar to use Gravatar
-// first, remove old image
-if ( $has_avi )
-{
-@unlink($avi_path);
-}
-// set to gravatar mode
-$to_update_users['user_has_avatar'] = '1';
-$to_update_users['avatar_type'] = 'grv';
-$has_avi = 1;
-break;
 }
 if ( count($errors) < 1 )
 {
 $to_update_users_extra = array();
 echo '<div class="info-box">' . $lang->get('acpum_msg_save_success') . '</div>';
 }
 }
 }
-if ( count($errors) > 0 )
+if ( count($errors) > 0 || @$avatar_post_fail )
 {
-echo '<div class="error-box">
+if ( count($errors) > 0 )
-<b>' . $lang->get('acpum_err_validation_fail') . '</b>
+{
-<ul>
+echo '<div class="error-box">
-<li>' . implode("</li>\n        <li>", $errors) . '</li>
+<b>' . $lang->get('acpum_err_validation_fail') . '</b>
-</ul>
+<ul>
-</div>';
+<li>' . implode("</li>\n        <li>", $errors) . '</li>
+</ul>
+</div>';
+}
 $form = new Admin_UserManager_SmartForm();
 $form->user_id = $user_id;
 $form->username = $username;
 $form->email = $email;
 $form->real_name = $real_name;
 #
 # END VALIDATION
 #
 }
-else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) )
+else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) || ($pathsuser = $paths->getParam(0)) )
 {
 if ( isset($_GET['user']) )
 {
 $username =& $_GET['user'];
 }
 $username =& $_GET['username'];
 }
 else if ( isset($_POST['username']) )
 {
 $username =& $_POST['username'];
+}
+else if ( $pathsuser )
+{
+$username = str_replace('_', ' ', dirtify_page_id($pathsuser));
 }
 else
 {
 echo 'No username provided';
 return false;
 {
 if($cls == 'row2') $cls = 'row1';
 else $cls = 'row2';
 $coppa = ( $row['user_coppa'] == '1' ) ? '<b>' . $lang->get('acpum_coppauser_yes') . '</b>' : $lang->get('acpum_coppauser_no');
 echo '<tr>
-<td class="'.$cls.'">'.enano_date('F d, Y h:i a', $row['time_id']).'</td>
+<td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $row['time_id']).'</td>
 <td class="'.$cls.'">'.$row['author'].'</td>
 <td class="'.$cls.'">'.$row['edit_summary'].'</td>
 <td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td>
 <td class="'.$cls.'" style="text-align: center;">
 <a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_activate_now') . '</a>
 <tr>
 <td class="row2">
 {lang:acpum_avatar_lbl_change}
 </td>
-<td class="row1">
+<td class="row1" id="avatar_upload_btns_{UUID}">
 <script type="text/javascript">
 function admincp_users_avatar_set_{UUID}(elParent)
 {
+$('td#avatar_upload_btns_{UUID} > div:visible').hide('blind');
 switch(elParent.value)
 {
-case 'keep':
-case 'remove':
-\$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-\$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
-\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
-break;
 case 'set_http':
-\$dynano('avatar_upload_http_{UUID}').object.style.display = 'block';
+$('#avatar_upload_http_{UUID}').show('blind');
-\$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
-\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
 break;
 case 'set_file':
-\$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
+$('#avatar_upload_file_{UUID}').show('blind');
-\$dynano('avatar_upload_file_{UUID}').object.style.display = 'block';
-\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
 break;
 case 'set_gravatar':
-\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'block';
+$('#avatar_upload_gravatar_{UUID}').show('blind');
-\$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-\$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
 break;
 }
 }
 </script>
 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />

changeset 1103	90225c988124
parent 1099	73abd46f5148
child 1141	5a858d6f3634