diff -r de56132c008d -r bdac73ed481e plugins/SpecialUserPrefs.php
--- a/plugins/SpecialUserPrefs.php Sun Mar 28 21:49:26 2010 -0400
+++ b/plugins/SpecialUserPrefs.php Sun Mar 28 23:10:46 2010 -0400
@@ -1,12 +1,12 @@
$text,
- 'link' => $link
- );
- }
- else
- {
- $userprefs_menu[$section] = Array(Array(
- 'text' => $text,
- 'link' => $link
- ));
- }
+ global $userprefs_menu;
+ if ( isset($userprefs_menu[$section]) && is_array($userprefs_menu[$section]) )
+ {
+ $userprefs_menu[$section][] = Array(
+ 'text' => $text,
+ 'link' => $link
+ );
+ }
+ else
+ {
+ $userprefs_menu[$section] = Array(Array(
+ 'text' => $text,
+ 'link' => $link
+ ));
+ }
}
$plugins->attachHook('tpl_compile_sidebar', 'userprefs_jbox_setup($button, $tb, $menubtn);');
function userprefs_jbox_setup(&$button, &$tb, &$menubtn)
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
-
- if ( $paths->namespace != 'Special' || $paths->page_id != 'Preferences' )
- return false;
-
- $tb .= "
";
- $template->toolbar_menu = '';
-
- $button->assign_vars(array(
- 'TEXT' => $lang->get('usercp_btn_memberlist'),
- 'FLAGS' => '',
- 'PARENTFLAGS' => '',
- 'HREF' => makeUrlNS('Special', 'Memberlist')
- ));
-
- $tb .= $button->run();
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
+ if ( $paths->namespace != 'Special' || $paths->page_id != 'Preferences' )
+ return false;
+
+ $tb .= "";
+ $template->toolbar_menu = '';
+
+ $button->assign_vars(array(
+ 'TEXT' => $lang->get('usercp_btn_memberlist'),
+ 'FLAGS' => '',
+ 'PARENTFLAGS' => '',
+ 'HREF' => makeUrlNS('Special', 'Memberlist')
+ ));
+
+ $tb .= $button->run();
}
function userprefs_menu_html()
{
- global $userprefs_menu;
- global $userprefs_menu_links;
- global $lang;
-
- $html = '';
- $quot = '"';
-
- foreach ( $userprefs_menu as $section => $buttons )
- {
- $section_name = $section;
- if ( preg_match('/^[a-z]+_[a-z_]+$/', $section) )
- {
- $section_name = $lang->get($section_name);
- }
- $html .= ( isset($userprefs_menu_links[$section]) ) ? "{$section_name} \n " : "{$section_name} \n ";
- $html .= "\n ";
- foreach ( $buttons as $button )
- {
- $buttontext = $button['text'];
- if ( preg_match('/^[a-z]+_[a-z_]+$/', $buttontext) )
- {
- $buttontext = $lang->get($buttontext);
- }
- $html .= " {$buttontext} \n ";
- }
- $html .= " \n ";
- }
-
- return $html;
+ global $userprefs_menu;
+ global $userprefs_menu_links;
+ global $lang;
+
+ $html = '';
+ $quot = '"';
+
+ foreach ( $userprefs_menu as $section => $buttons )
+ {
+ $section_name = $section;
+ if ( preg_match('/^[a-z]+_[a-z_]+$/', $section) )
+ {
+ $section_name = $lang->get($section_name);
+ }
+ $html .= ( isset($userprefs_menu_links[$section]) ) ? "{$section_name} \n " : "{$section_name} \n ";
+ $html .= "\n ";
+ foreach ( $buttons as $button )
+ {
+ $buttontext = $button['text'];
+ if ( preg_match('/^[a-z]+_[a-z_]+$/', $buttontext) )
+ {
+ $buttontext = $lang->get($buttontext);
+ }
+ $html .= " {$buttontext} \n ";
+ }
+ $html .= " \n ";
+ }
+
+ return $html;
}
function userprefs_show_menu()
{
- echo '
-
- ';
+ echo '
+
+ ';
}
function userprefs_menu_init()
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $userprefs_menu_links;
-
- userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_emailpassword', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');
- userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_signature', makeUrlNS('Special', 'Preferences/Signature'));
- // userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_publicinfo', makeUrlNS('Special', 'Preferences/Profile'));
- userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_usergroups', makeUrlNS('Special', 'Usergroups'));
- if ( getConfig('avatar_enable') == '1' )
- {
- userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_avatar', makeUrlNS('Special', 'Preferences/Avatar'));
- }
- userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
- userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));
- userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_sent', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));
- userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));
- userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));
-
- /*
- // Reserved for Enano's Next Big Innovation.(TM)
- userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special', 'Private_Messages#folder:inbox'));
- userprefs_menu_add('Private messages', 'Starred', makeUrlNS('Special', 'Private_Messages#folder:starred'));
- userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'Private_Messages#folder:sent'));
- userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special', 'Private_Messages#folder:drafts'));
- userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special', 'Private_Messages#folder:archive'));
- userprefs_menu_add('Private messages', 'Trash', makeUrlNS('Special', 'Private_Messages#folder:trash'));
- */
-
- $userprefs_menu_links['usercp_sec_profile'] = makeUrlNS('Special', 'Preferences');
- $userprefs_menu_links['usercp_sec_pm'] = makeUrlNS('Special', 'PrivateMessages');
-
- $code = $plugins->setHook('userprefs_jbox');
- foreach ( $code as $cmd )
- {
- eval($cmd);
- }
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $userprefs_menu_links;
+
+ userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_emailpassword', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');
+ userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_signature', makeUrlNS('Special', 'Preferences/Signature'));
+ // userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_publicinfo', makeUrlNS('Special', 'Preferences/Profile'));
+ userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_usergroups', makeUrlNS('Special', 'Usergroups'));
+ if ( getConfig('avatar_enable') == '1' )
+ {
+ userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_avatar', makeUrlNS('Special', 'Preferences/Avatar'));
+ }
+ userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
+ userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));
+ userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_sent', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));
+ userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));
+ userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));
+
+ /*
+ // Reserved for Enano's Next Big Innovation.(TM)
+ userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special', 'Private_Messages#folder:inbox'));
+ userprefs_menu_add('Private messages', 'Starred', makeUrlNS('Special', 'Private_Messages#folder:starred'));
+ userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'Private_Messages#folder:sent'));
+ userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special', 'Private_Messages#folder:drafts'));
+ userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special', 'Private_Messages#folder:archive'));
+ userprefs_menu_add('Private messages', 'Trash', makeUrlNS('Special', 'Private_Messages#folder:trash'));
+ */
+
+ $userprefs_menu_links['usercp_sec_profile'] = makeUrlNS('Special', 'Preferences');
+ $userprefs_menu_links['usercp_sec_pm'] = makeUrlNS('Special', 'PrivateMessages');
+
+ $code = $plugins->setHook('userprefs_jbox');
+ foreach ( $code as $cmd )
+ {
+ eval($cmd);
+ }
}
$plugins->attachHook('common_post', 'userprefs_menu_init();');
function page_Special_Preferences()
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- global $timezone;
- global $cache;
-
- // We need a login to continue
- if ( !$session->user_logged_in )
- redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');
-
- // User ID - later this will be specified on the URL, but hardcoded for now
- $uid = intval($session->user_id);
-
- // Instanciate the AES encryptor
- $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
-
- // Basic user info
- $q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');
- if ( !$q )
- $db->_die();
-
- $row = $db->fetchrow();
- $db->free_result();
-
- $section = $paths->getParam(0);
- if ( !$section )
- {
- $section = 'Home';
- }
-
- $errors = '';
-
- switch ( $section )
- {
- case 'Avatar':
- $template->preload_js('jquery');
- $template->preload_js('jquery-ui');
- break;
- case 'EmailPassword':
- // Require elevated privileges (well sortof)
- if ( $session->auth_level < USER_LEVEL_CHPREF )
- {
- redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);
- }
-
- if ( isset($_POST['submit']) )
- {
- $email_changed = false;
- // First do the e-mail address
- if ( strlen($_POST['newemail']) > 0 )
- {
- switch('foo') // Same reason as in the password code...
- {
- case 'foo':
- if ( $_POST['newemail'] != $_POST['newemail_conf'] )
- {
- $errors .= '' . $lang->get('usercp_emailpassword_err_email_no_match') . '
';
- break;
- }
- }
- $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
- if ( !$q )
- $db->_die();
- $row = $db->fetchrow();
- $db->free_result();
-
- $new_email = $_POST['newemail'];
-
- $result = $session->change_email($session->user_id, $new_email);
- if ( $result != 'success' )
- {
- $message = '' . $lang->get('usercp_emailpassword_err_list') . '
';
- $message .= '' . implode(" \n", $result) . ' ';
- die_friendly($lang->get('usercp_emailpassword_err_title'), $message);
- }
- $email_changed = true;
- }
- // Obtain password
- if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) || $session->password_change_disabled )
- {
- $newpass = $session->password_change_disabled ? '' : $session->get_aes_post('newpass');
- // At this point we know if we _want_ to change the password...
-
- // We can't check the password to see if it matches the confirmation
- // because the confirmation was destroyed during the encryption. I figured
- // this wasn't a big deal because if the encryption worked, then either
- // the Javascript validated it or the user hacked the form. In the latter
- // case, if he's smart enough to hack the encryption code, he's probably
- // smart enough to remember his password.
-
- if ( strlen($newpass) > 0 )
- {
- if ( defined('ENANO_DEMO_MODE') )
- $errors .= '' . $lang->get('usercp_emailpassword_err_demo') . '
';
- // Perform checks
- if ( strlen($newpass) < 6 )
- $errors .= '' . $lang->get('usercp_emailpassword_err_password_too_short') . '
';
- if ( getConfig('pw_strength_enable') == '1' )
- {
- $score_inp = password_score($newpass);
- $score_min = getConfig('pw_strength_minimum', -10);
- if ( $score_inp < $score_min )
- $errors .= '' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '
';
- }
- if ( $_POST['use_crypt'] == 'no' && $newpass != $_POST['newpass_confirm'] )
- {
- $errors .= '' . $lang->get('usercp_emailpassword_err_password_no_match') . '
';
- }
- // Encrypt new password
- if ( empty($errors) )
- {
- // Perform the swap
- $session->set_password($session->username, $newpass);
- // Log out and back in
- $username = $session->username;
- $session->logout();
- if ( $email_changed )
- {
- if ( getConfig('account_activation') == 'user' )
- {
- redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);
- }
- else if ( getConfig('account_activation') == 'admin' )
- {
- redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
- }
- }
- $session->login_without_crypto($username, $newpass);
- redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
- }
- }
- else if ( $email_changed )
- {
- $session->logout(USER_LEVEL_CHPREF);
- $activation = $session->user_level >= USER_LEVEL_MOD ? 'none' : getConfig('account_activation', 'none');
- switch($activation)
- {
- default:
- $message_body = $lang->get('usercp_emailpassword_msg_password_changed');
- $timeout = 5;
- break;
- case 'admin':
- $message_body = $lang->get('usercp_emailpassword_msg_need_activ_user');
- $timeout = 20;
- break;
- case 'user':
- $message_body = $lang->get('usercp_emailpassword_msg_need_activ_admin');
- $timeout = 20;
- break;
- }
- redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_email_success'), $message_body, $timeout);
- }
- }
- }
- $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
- break;
- case 'Signature':
- $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');
- break;
- case 'Profile':
- case 'Home':
- if ( isset($_POST['submit']) )
- csrf_request_confirm();
-
- $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');
- break;
- }
-
- $template->header();
-
- // Output the menu
- // This is not templatized because it conforms to the jBox menu standard.
-
- userprefs_show_menu();
-
- switch ( $section )
- {
- case 'EmailPassword':
-
- $errors = trim($errors);
- if ( !empty($errors) )
- {
- echo $errors;
- }
-
- echo '';
-
- // ENCRYPTION CODE
- ?>
- password_change_disabled && getConfig('pw_strength_enable') == '1' ): ?>
-
-
- aes_javascript('empwform', 'newpass');
- break;
- case 'Signature':
- if ( isset($_POST['new_sig']) )
- {
- $sig = $_POST['new_sig'];
- $sig = RenderMan::preprocess_text($sig, true, false);
- $sql_sig = $db->escape($sig);
- $q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');
- if ( !$q )
- $db->_die();
- $session->signature = $sig;
- echo '' . $lang->get('usercp_signature_msg_saved') . '
';
- }
- echo '';
- break;
- case "Profile":
- case 'Home':
-
- global $email;
- $userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);
- $userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';
- $user_page = makeUrlNS('User', sanitize_page_id($session->username));
- $site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('usercp_intro_para3_admin_link'));
-
- echo '' . $lang->get('usercp_intro_heading_main', array('username' => $session->username)) . ' ';
-
- echo $lang->get('usercp_intro', array('userpage_link' => $user_page));
-
- $available_ranks = $session->get_user_possible_ranks($session->user_id);
- $current_rank = $session->get_user_rank($session->user_id);
-
- if ( isset($_POST['submit']) )
- {
- $real_name = htmlspecialchars($_POST['real_name']);
- $real_name = $db->escape($real_name);
-
- $timezone = intval($_POST['timezone']);
- $tz_local = $timezone + 1440;
-
- $dst = $db->escape($_POST['dst']);
- if ( !preg_match('/^[0-9]+;[0-9]+;[0-9]+;[0-9]+;[0-9]+$/', $dst) )
- $dst = '0;0;0;0;60';
-
- $GLOBALS['dst_params'] = explode(';', $dst);
-
- $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);
- $imaddr_aim = $db->escape($imaddr_aim);
-
- $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);
- $imaddr_msn = $db->escape($imaddr_msn);
-
- $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);
- $imaddr_yahoo = $db->escape($imaddr_yahoo);
-
- $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);
- $imaddr_xmpp = $db->escape($imaddr_xmpp);
-
- $homepage = htmlspecialchars($_POST['homepage']);
- $homepage = $db->escape($homepage);
-
- $location = htmlspecialchars($_POST['location']);
- $location = $db->escape($location);
-
- $occupation = htmlspecialchars($_POST['occupation']);
- $occupation = $db->escape($occupation);
-
- $hobbies = htmlspecialchars($_POST['hobbies']);
- $hobbies = $db->escape($hobbies);
-
- $date_format = $db->escape(htmlspecialchars($_POST['date_format']));
- $time_format = $db->escape(htmlspecialchars($_POST['time_format']));
-
- $email_public = ( isset($_POST['email_public']) ) ? '1' : '0';
- $disable_js_fx = ( isset($_POST['disable_js_fx']) ) ? '1' : '0';
-
- $session->real_name = $real_name;
-
- if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )
- {
- $imaddr_msn = "$imaddr_msn@hotmail.com";
- }
-
- if ( !preg_match('#^https?://#', $homepage) )
- {
- $homepage = "http://$homepage";
- }
-
- if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
- {
- $homepage = '';
- }
-
- $session->user_extra['user_aim'] = $imaddr_aim;
- $session->user_extra['user_msn'] = $imaddr_msn;
- $session->user_extra['user_xmpp'] = $imaddr_xmpp;
- $session->user_extra['user_yahoo'] = $imaddr_yahoo;
- $session->user_extra['user_homepage'] = $homepage;
- $session->user_extra['user_location'] = $location;
- $session->user_extra['user_job'] = $occupation;
- $session->user_extra['user_hobbies'] = $hobbies;
- $session->user_extra['email_public'] = intval($email_public);
- $session->date_format = $date_format;
- $session->time_format = $time_format;
-
- // user title
- $user_title_col = '';
- if ( $session->get_permissions('custom_user_title') && isset($_POST['user_title']) )
- {
- $user_title = trim($_POST['user_title']);
- if ( empty($user_title) )
- {
- $colval = 'NULL';
- $session->user_title = null;
- }
- else
- {
- $colval = "'" . $db->escape($user_title) . "'";
- $session->user_title = $user_title;
- }
- $user_title_col = ", user_title = $colval";
- }
- $user_rank_col = '';
- if ( isset($_POST['user_rank']) && intval($_POST['user_rank']) != $current_rank['rank_id'] && count($available_ranks) > 1 )
- {
- if ( $_POST['user_rank'] == 'NULL' )
- {
- $user_rank_col = ", user_rank = NULL, user_rank_userset = 0";
- }
- else
- {
- $new_rank = intval($_POST['user_rank']);
- $rank_allowed = false;
- foreach ( $available_ranks as $rank )
- {
- if ( $rank['rank_id'] == $new_rank )
- {
- $rank_allowed = true;
- break;
- }
- }
- if ( $rank_allowed )
- {
- $user_rank_col = ", user_rank = $new_rank, user_rank_userset = 1";
- // hack
- $current_rank['rank_id'] = $new_rank;
- $cache->purge('ranks');
- }
- }
- }
-
- $q = $db->sql_query('UPDATE '.table_prefix."users SET real_name='$real_name', user_timezone = {$tz_local}, user_dst = '$dst'{$user_title_col}{$user_rank_col} WHERE user_id=$session->user_id;");
- if ( !$q )
- $db->_die();
-
- $q = $db->sql_query('UPDATE '.table_prefix."users_extra SET user_aim='$imaddr_aim',user_yahoo='$imaddr_yahoo',user_msn='$imaddr_msn',
- user_xmpp='$imaddr_xmpp',user_homepage='$homepage',user_location='$location',user_job='$occupation',
- user_hobbies='$hobbies',email_public=$email_public,disable_js_fx=$disable_js_fx,date_format='$date_format',
- time_format='$time_format'
- WHERE user_id=$session->user_id;");
-
- if ( !$q )
- $db->_die();
-
- // verify language id
- $lang_id = strval(intval($_POST['lang_id']));
- $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'language WHERE lang_id = ' . $lang_id . ';');
- if ( !$q )
- $db->_die();
-
- if ( $db->numrows() > 0 )
- {
- $db->free_result();
-
- // unload / reload $lang, this verifies that the selected language works
- // enano should die a violent death if the language fails to load
- unset($GLOBALS['lang']);
- unset($lang);
- $lang_id = intval($lang_id);
- $GLOBALS['lang'] = new Language($lang_id);
- global $lang;
-
- $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_lang = ' . $lang_id . " WHERE user_id = {$session->user_id};");
- if ( !$q )
- $db->_die();
- }
- else
- {
- $db->free_result();
- }
-
- generate_cache_userranks();
-
- echo '' . $lang->get('usercp_publicinfo_msg_save_success') . '
';
- }
-
- $lang_box = '';
- $q = $db->sql_query('SELECT lang_id, lang_name_native FROM ' . table_prefix . "language;");
- if ( !$q )
- $db->_die();
-
- while ( $row = $db->fetchrow_num() )
- {
- list($lang_id, $lang_name) = $row;
- $lang_name = htmlspecialchars($lang_name);
- $selected = ( $lang->lang_id == $lang_id ) ? ' selected="selected"' : '';
- $lang_box .= "$lang_name ";
- }
-
- $lang_box .= ' ';
-
- $tz_select = '';
- $tz_list = $lang->get('tz_list');
- try
- {
- $tz_list = enano_json_decode($tz_list);
- }
- catch(Exception $e)
- {
- die("Caught exception decoding timezone data: $e ");
- }
- foreach ( $tz_list as $key => $i )
- {
- $i = ($i * 60);
- $title = $lang->get("tz_title_{$key}");
- $hrs = $lang->get("tz_hrs_{$key}");
- $selected = ( $i == $timezone ) ? ' selected="selected"' : '';
- $tz_select .= "$title ";
- }
- $tz_select .= ' ';
-
- echo '';
- break;
- case 'Avatar':
- if ( getConfig('avatar_enable', 0) !== 1 )
- {
- echo '' . $lang->get('usercp_avatar_err_disabled_title') . ' ' . $lang->get('usercp_avatar_err_disabled_body') . '
';
- break;
- }
-
- if ( isset($_POST['submit']) )
- {
- list($has_avi, $avi_type) = avatar_post($session->user_id);
- }
- else
- {
- // Determine current avatar
- $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
- if ( !$q )
- $db->_die('Avatar CP selecting user\'s avatar data');
-
- list($has_avi, $avi_type) = $db->fetchrow_num();
- }
-
- ?>
-
- fullpage) . '" method="post" enctype="multipart/form-data">';
- echo '';
-
- break;
- default:
- $good = false;
- $code = $plugins->setHook('userprefs_body', true);
- foreach ( $code as $cmd )
- {
- if ( eval($cmd) )
- $good = true;
- }
- if ( !$good )
- {
- echo 'Invalid module
- Userprefs module "'.$section.'" not found.
';
- }
- break;
- }
-
- $template->footer();
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+ global $timezone;
+ global $cache;
+
+ // We need a login to continue
+ if ( !$session->user_logged_in )
+ redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');
+
+ // User ID - later this will be specified on the URL, but hardcoded for now
+ $uid = intval($session->user_id);
+
+ // Instanciate the AES encryptor
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
+
+ // Basic user info
+ $q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');
+ if ( !$q )
+ $db->_die();
+
+ $row = $db->fetchrow();
+ $db->free_result();
+
+ $section = $paths->getParam(0);
+ if ( !$section )
+ {
+ $section = 'Home';
+ }
+
+ $errors = '';
+
+ switch ( $section )
+ {
+ case 'Avatar':
+ $template->preload_js('jquery');
+ $template->preload_js('jquery-ui');
+ break;
+ case 'EmailPassword':
+ // Require elevated privileges (well sortof)
+ if ( $session->auth_level < USER_LEVEL_CHPREF )
+ {
+ redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);
+ }
+
+ if ( isset($_POST['submit']) )
+ {
+ $email_changed = false;
+ // First do the e-mail address
+ if ( strlen($_POST['newemail']) > 0 )
+ {
+ switch('foo') // Same reason as in the password code...
+ {
+ case 'foo':
+ if ( $_POST['newemail'] != $_POST['newemail_conf'] )
+ {
+ $errors .= '' . $lang->get('usercp_emailpassword_err_email_no_match') . '
';
+ break;
+ }
+ }
+ $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
+ if ( !$q )
+ $db->_die();
+ $row = $db->fetchrow();
+ $db->free_result();
+
+ $new_email = $_POST['newemail'];
+
+ $result = $session->change_email($session->user_id, $new_email);
+ if ( $result != 'success' )
+ {
+ $message = '' . $lang->get('usercp_emailpassword_err_list') . '
';
+ $message .= '' . implode(" \n", $result) . ' ';
+ die_friendly($lang->get('usercp_emailpassword_err_title'), $message);
+ }
+ $email_changed = true;
+ }
+ // Obtain password
+ if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) || $session->password_change_disabled )
+ {
+ $newpass = $session->password_change_disabled ? '' : $session->get_aes_post('newpass');
+ // At this point we know if we _want_ to change the password...
+
+ // We can't check the password to see if it matches the confirmation
+ // because the confirmation was destroyed during the encryption. I figured
+ // this wasn't a big deal because if the encryption worked, then either
+ // the Javascript validated it or the user hacked the form. In the latter
+ // case, if he's smart enough to hack the encryption code, he's probably
+ // smart enough to remember his password.
+
+ if ( strlen($newpass) > 0 )
+ {
+ if ( defined('ENANO_DEMO_MODE') )
+ $errors .= '' . $lang->get('usercp_emailpassword_err_demo') . '
';
+ // Perform checks
+ if ( strlen($newpass) < 6 )
+ $errors .= '' . $lang->get('usercp_emailpassword_err_password_too_short') . '
';
+ if ( getConfig('pw_strength_enable') == '1' )
+ {
+ $score_inp = password_score($newpass);
+ $score_min = getConfig('pw_strength_minimum', -10);
+ if ( $score_inp < $score_min )
+ $errors .= '' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '
';
+ }
+ if ( $_POST['use_crypt'] == 'no' && $newpass != $_POST['newpass_confirm'] )
+ {
+ $errors .= '' . $lang->get('usercp_emailpassword_err_password_no_match') . '
';
+ }
+ // Encrypt new password
+ if ( empty($errors) )
+ {
+ // Perform the swap
+ $session->set_password($session->username, $newpass);
+ // Log out and back in
+ $username = $session->username;
+ $session->logout();
+ if ( $email_changed )
+ {
+ if ( getConfig('account_activation') == 'user' )
+ {
+ redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);
+ }
+ else if ( getConfig('account_activation') == 'admin' )
+ {
+ redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
+ }
+ }
+ $session->login_without_crypto($username, $newpass);
+ redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
+ }
+ }
+ else if ( $email_changed )
+ {
+ $session->logout(USER_LEVEL_CHPREF);
+ $activation = $session->user_level >= USER_LEVEL_MOD ? 'none' : getConfig('account_activation', 'none');
+ switch($activation)
+ {
+ default:
+ $message_body = $lang->get('usercp_emailpassword_msg_password_changed');
+ $timeout = 5;
+ break;
+ case 'admin':
+ $message_body = $lang->get('usercp_emailpassword_msg_need_activ_user');
+ $timeout = 20;
+ break;
+ case 'user':
+ $message_body = $lang->get('usercp_emailpassword_msg_need_activ_admin');
+ $timeout = 20;
+ break;
+ }
+ redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_email_success'), $message_body, $timeout);
+ }
+ }
+ }
+ $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
+ break;
+ case 'Signature':
+ $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');
+ break;
+ case 'Profile':
+ case 'Home':
+ if ( isset($_POST['submit']) )
+ csrf_request_confirm();
+
+ $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');
+ break;
+ }
+
+ $template->header();
+
+ // Output the menu
+ // This is not templatized because it conforms to the jBox menu standard.
+
+ userprefs_show_menu();
+
+ switch ( $section )
+ {
+ case 'EmailPassword':
+
+ $errors = trim($errors);
+ if ( !empty($errors) )
+ {
+ echo $errors;
+ }
+
+ echo '';
+
+ // ENCRYPTION CODE
+ ?>
+ password_change_disabled && getConfig('pw_strength_enable') == '1' ): ?>
+
+
+ aes_javascript('empwform', 'newpass');
+ break;
+ case 'Signature':
+ if ( isset($_POST['new_sig']) )
+ {
+ $sig = $_POST['new_sig'];
+ $sig = RenderMan::preprocess_text($sig, true, false);
+ $sql_sig = $db->escape($sig);
+ $q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');
+ if ( !$q )
+ $db->_die();
+ $session->signature = $sig;
+ echo '' . $lang->get('usercp_signature_msg_saved') . '
';
+ }
+ echo '';
+ break;
+ case "Profile":
+ case 'Home':
+
+ global $email;
+ $userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);
+ $userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';
+ $user_page = makeUrlNS('User', sanitize_page_id($session->username));
+ $site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('usercp_intro_para3_admin_link'));
+
+ echo '' . $lang->get('usercp_intro_heading_main', array('username' => $session->username)) . ' ';
+
+ echo $lang->get('usercp_intro', array('userpage_link' => $user_page));
+
+ $available_ranks = $session->get_user_possible_ranks($session->user_id);
+ $current_rank = $session->get_user_rank($session->user_id);
+
+ if ( isset($_POST['submit']) )
+ {
+ $real_name = htmlspecialchars($_POST['real_name']);
+ $real_name = $db->escape($real_name);
+
+ $timezone = intval($_POST['timezone']);
+ $tz_local = $timezone + 1440;
+
+ $dst = $db->escape($_POST['dst']);
+ if ( !preg_match('/^[0-9]+;[0-9]+;[0-9]+;[0-9]+;[0-9]+$/', $dst) )
+ $dst = '0;0;0;0;60';
+
+ $GLOBALS['dst_params'] = explode(';', $dst);
+
+ $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);
+ $imaddr_aim = $db->escape($imaddr_aim);
+
+ $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);
+ $imaddr_msn = $db->escape($imaddr_msn);
+
+ $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);
+ $imaddr_yahoo = $db->escape($imaddr_yahoo);
+
+ $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);
+ $imaddr_xmpp = $db->escape($imaddr_xmpp);
+
+ $homepage = htmlspecialchars($_POST['homepage']);
+ $homepage = $db->escape($homepage);
+
+ $location = htmlspecialchars($_POST['location']);
+ $location = $db->escape($location);
+
+ $occupation = htmlspecialchars($_POST['occupation']);
+ $occupation = $db->escape($occupation);
+
+ $hobbies = htmlspecialchars($_POST['hobbies']);
+ $hobbies = $db->escape($hobbies);
+
+ $date_format = $db->escape(htmlspecialchars($_POST['date_format']));
+ $time_format = $db->escape(htmlspecialchars($_POST['time_format']));
+
+ $email_public = ( isset($_POST['email_public']) ) ? '1' : '0';
+ $disable_js_fx = ( isset($_POST['disable_js_fx']) ) ? '1' : '0';
+
+ $session->real_name = $real_name;
+
+ if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )
+ {
+ $imaddr_msn = "$imaddr_msn@hotmail.com";
+ }
+
+ if ( !preg_match('#^https?://#', $homepage) )
+ {
+ $homepage = "http://$homepage";
+ }
+
+ if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
+ {
+ $homepage = '';
+ }
+
+ $session->user_extra['user_aim'] = $imaddr_aim;
+ $session->user_extra['user_msn'] = $imaddr_msn;
+ $session->user_extra['user_xmpp'] = $imaddr_xmpp;
+ $session->user_extra['user_yahoo'] = $imaddr_yahoo;
+ $session->user_extra['user_homepage'] = $homepage;
+ $session->user_extra['user_location'] = $location;
+ $session->user_extra['user_job'] = $occupation;
+ $session->user_extra['user_hobbies'] = $hobbies;
+ $session->user_extra['email_public'] = intval($email_public);
+ $session->date_format = $date_format;
+ $session->time_format = $time_format;
+
+ // user title
+ $user_title_col = '';
+ if ( $session->get_permissions('custom_user_title') && isset($_POST['user_title']) )
+ {
+ $user_title = trim($_POST['user_title']);
+ if ( empty($user_title) )
+ {
+ $colval = 'NULL';
+ $session->user_title = null;
+ }
+ else
+ {
+ $colval = "'" . $db->escape($user_title) . "'";
+ $session->user_title = $user_title;
+ }
+ $user_title_col = ", user_title = $colval";
+ }
+ $user_rank_col = '';
+ if ( isset($_POST['user_rank']) && intval($_POST['user_rank']) != $current_rank['rank_id'] && count($available_ranks) > 1 )
+ {
+ if ( $_POST['user_rank'] == 'NULL' )
+ {
+ $user_rank_col = ", user_rank = NULL, user_rank_userset = 0";
+ }
+ else
+ {
+ $new_rank = intval($_POST['user_rank']);
+ $rank_allowed = false;
+ foreach ( $available_ranks as $rank )
+ {
+ if ( $rank['rank_id'] == $new_rank )
+ {
+ $rank_allowed = true;
+ break;
+ }
+ }
+ if ( $rank_allowed )
+ {
+ $user_rank_col = ", user_rank = $new_rank, user_rank_userset = 1";
+ // hack
+ $current_rank['rank_id'] = $new_rank;
+ $cache->purge('ranks');
+ }
+ }
+ }
+
+ $q = $db->sql_query('UPDATE '.table_prefix."users SET real_name='$real_name', user_timezone = {$tz_local}, user_dst = '$dst'{$user_title_col}{$user_rank_col} WHERE user_id=$session->user_id;");
+ if ( !$q )
+ $db->_die();
+
+ $q = $db->sql_query('UPDATE '.table_prefix."users_extra SET user_aim='$imaddr_aim',user_yahoo='$imaddr_yahoo',user_msn='$imaddr_msn',
+ user_xmpp='$imaddr_xmpp',user_homepage='$homepage',user_location='$location',user_job='$occupation',
+ user_hobbies='$hobbies',email_public=$email_public,disable_js_fx=$disable_js_fx,date_format='$date_format',
+ time_format='$time_format'
+ WHERE user_id=$session->user_id;");
+
+ if ( !$q )
+ $db->_die();
+
+ // verify language id
+ $lang_id = strval(intval($_POST['lang_id']));
+ $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'language WHERE lang_id = ' . $lang_id . ';');
+ if ( !$q )
+ $db->_die();
+
+ if ( $db->numrows() > 0 )
+ {
+ $db->free_result();
+
+ // unload / reload $lang, this verifies that the selected language works
+ // enano should die a violent death if the language fails to load
+ unset($GLOBALS['lang']);
+ unset($lang);
+ $lang_id = intval($lang_id);
+ $GLOBALS['lang'] = new Language($lang_id);
+ global $lang;
+
+ $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_lang = ' . $lang_id . " WHERE user_id = {$session->user_id};");
+ if ( !$q )
+ $db->_die();
+ }
+ else
+ {
+ $db->free_result();
+ }
+
+ generate_cache_userranks();
+
+ echo '' . $lang->get('usercp_publicinfo_msg_save_success') . '
';
+ }
+
+ $lang_box = '';
+ $q = $db->sql_query('SELECT lang_id, lang_name_native FROM ' . table_prefix . "language;");
+ if ( !$q )
+ $db->_die();
+
+ while ( $row = $db->fetchrow_num() )
+ {
+ list($lang_id, $lang_name) = $row;
+ $lang_name = htmlspecialchars($lang_name);
+ $selected = ( $lang->lang_id == $lang_id ) ? ' selected="selected"' : '';
+ $lang_box .= "$lang_name ";
+ }
+
+ $lang_box .= ' ';
+
+ $tz_select = '';
+ $tz_list = $lang->get('tz_list');
+ try
+ {
+ $tz_list = enano_json_decode($tz_list);
+ }
+ catch(Exception $e)
+ {
+ die("Caught exception decoding timezone data: $e ");
+ }
+ foreach ( $tz_list as $key => $i )
+ {
+ $i = ($i * 60);
+ $title = $lang->get("tz_title_{$key}");
+ $hrs = $lang->get("tz_hrs_{$key}");
+ $selected = ( $i == $timezone ) ? ' selected="selected"' : '';
+ $tz_select .= "$title ";
+ }
+ $tz_select .= ' ';
+
+ echo '';
+ break;
+ case 'Avatar':
+ if ( getConfig('avatar_enable', 0) !== 1 )
+ {
+ echo '' . $lang->get('usercp_avatar_err_disabled_title') . ' ' . $lang->get('usercp_avatar_err_disabled_body') . '
';
+ break;
+ }
+
+ if ( isset($_POST['submit']) )
+ {
+ list($has_avi, $avi_type) = avatar_post($session->user_id);
+ }
+ else
+ {
+ // Determine current avatar
+ $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
+ if ( !$q )
+ $db->_die('Avatar CP selecting user\'s avatar data');
+
+ list($has_avi, $avi_type) = $db->fetchrow_num();
+ }
+
+ ?>
+
+ fullpage) . '" method="post" enctype="multipart/form-data">';
+ echo '';
+
+ break;
+ default:
+ $good = false;
+ $code = $plugins->setHook('userprefs_body', true);
+ foreach ( $code as $cmd )
+ {
+ if ( eval($cmd) )
+ $good = true;
+ }
+ if ( !$good )
+ {
+ echo 'Invalid module
+ Userprefs module "'.$section.'" not found.
';
+ }
+ break;
+ }
+
+ $template->footer();
}
// Avatar POST processor
function avatar_post($user_id, $quiet = false)
{
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
-
- $had_a_boo_boo = true;
-
- // Determine current avatar
- $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
- if ( !$q )
- $db->_die('Avatar CP selecting user\'s avatar data');
-
- list($has_avi, $avi_type) = $db->fetchrow_num();
-
- $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
- $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
- switch($action)
- {
- case 'keep':
- default:
- $had_a_boo_boo = false;
- break;
- case 'remove':
- if ( $has_avi )
- {
- // First switch the avatar off
- $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
- if ( !$q )
- $db->_die('Avatar CP switching user avatar off');
-
- if ( @unlink($avi_path) )
- {
- $quiet || print '' . $lang->get('usercp_avatar_delete_success') . '
';
- }
- $has_avi = 0;
- }
- $had_a_boo_boo = false;
- break;
- case 'set_http':
- case 'set_file':
- // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
- if ( $action == 'set_http' )
- {
- // Check if this action is enabled
- if ( getConfig('avatar_upload_http', 1) !== 1 )
- {
- // non-localized, only appears on hack attempt
- echo 'Uploads over HTTP are disabled.
';
- break;
- }
- // Download the file
- require_once( ENANO_ROOT . '/includes/http.php' );
-
- if ( !preg_match('/^http:\/\/((?:[a-z0-9-\.]+|\[[a-f0-9:]+\]))(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
- {
- echo '' . $lang->get('usercp_avatar_invalid_url') . '
';
- break;
- }
-
- $hostname = $match[1];
- $uri = '/' . $match[4];
- $port = ( $match[3] ) ? intval($match[3]) : 80;
- $max_size = intval(getConfig('avatar_max_size'));
-
- // Get temporary file
- $tempfile = tempnam(false, "enanoavatar_{$user_id}");
- if ( !$tempfile )
- echo 'Error getting temp file.
';
-
- @unlink($tempfile);
- $request = new Request_HTTP($hostname, $uri, 'GET', $port);
- // max download size: 2MB, keeps things reasonable
- // note: we'll try to scale the image down before checking filesize
- $result = $request->write_response_to_file($tempfile, 1160, 2097152);
- if ( !$result || $request->response_code != HTTP_OK )
- {
- @unlink($tempfile);
- echo '' . $lang->get('usercp_avatar_bad_write') . '
';
- break;
- }
-
- // Response written. Proceed to validation...
- }
- else
- {
- // Check if this action is enabled
- if ( getConfig('avatar_upload_file', 1) !== 1 )
- {
- // non-localized, only appears on hack attempt
- echo 'Uploads from the browser are disabled.
';
- break;
- }
-
- $max_size = intval(getConfig('avatar_max_size'));
-
- $file =& $_FILES['avatar_file'];
- $tempfile =& $file['tmp_name'];
- }
- $file_type = get_image_filetype($tempfile);
- if ( !$file_type )
- {
- @unlink($tempfile);
- echo '' . $lang->get('usercp_avatar_bad_filetype') . '
';
- break;
- }
-
- $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
-
- // The file type is good - validate dimensions and animation
- switch($file_type)
- {
- case 'png':
- $is_animated = is_png_animated($tempfile);
- $dimensions = png_get_dimensions($tempfile);
- break;
- case 'gif':
- $is_animated = is_gif_animated($tempfile);
- $dimensions = gif_get_dimensions($tempfile);
- break;
- case 'jpg':
- $is_animated = false;
- $dimensions = jpg_get_dimensions($tempfile);
- break;
- default:
- echo 'API mismatch
';
- break 2;
- }
- // Did we get invalid size data? If so the image is probably corrupt.
- if ( !$dimensions )
- {
- @unlink($tempfile);
- echo '' . $lang->get('usercp_avatar_corrupt_image') . '
';
- break;
- }
- // Is the image animated?
- if ( $is_animated && getConfig('avatar_enable_anim', 0) !== 1 )
- {
- @unlink($tempfile);
- echo '' . $lang->get('usercp_avatar_disallowed_animation') . '
';
- break;
- }
- // Check image dimensions
- list($image_x, $image_y) = $dimensions;
- $max_x = intval(getConfig('avatar_max_width'));
- $max_y = intval(getConfig('avatar_max_height'));
- if ( $image_x > $max_x || $image_y > $max_y )
- {
- // try to scale the image
- try
- {
- @rename($tempfile, "$tempfile-unscaled.$file_type");
- $scale_result = scale_image("$tempfile-unscaled.$file_type", "$tempfile.$file_type", $max_x, $max_y, true);
- if ( $scale_result )
- {
- if ( !(@unlink("$tempfile-unscaled.$file_type") && @rename("$tempfile.$file_type", $tempfile)) )
- {
- // scale failed
- @unlink("$tempfile-scale.$file_type");
- echo 'Rename failure: ' . $lang->get('usercp_avatar_too_large') . '
';
- break;
- }
- }
- else
- {
- @unlink($tempfile);
- @unlink("$tempfile-unscaled.$file_type");
- echo 'Scale failure: ' . $lang->get('usercp_avatar_too_large') . '
';
- break;
- }
- }
- catch ( Exception $e )
- {
- // If we get here, the scaling process most definitely failed.
- echo 'EXCEPTION: ' . $lang->get('usercp_avatar_too_large') . '
';
- break;
- }
- }
- // Check file size last, so that the scale operation is considered
- if ( filesize($tempfile) > $max_size )
- {
- @unlink($tempfile);
- echo '' . $lang->get('usercp_avatar_file_too_large') . '
';
- break;
- }
- // All good!
- @unlink($avi_path);
- if ( rename($tempfile, $avi_path_new) )
- {
- $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$user_id};");
- if ( !$q )
- $db->_die('Avatar CP updating users table after successful avatar upload');
- $has_avi = 1;
- $avi_type = $file_type;
- $quiet || print '' . $lang->get('usercp_avatar_upload_success') . '
';
- }
- else
- {
- echo '' . $lang->get('usercp_avatar_move_failed') . '
';
- }
- $had_a_boo_boo = false;
- break;
- case 'set_gravatar':
- // set avatar to use Gravatar
- // make sure we're allowed to do this
- if ( getConfig('avatar_upload_gravatar') != '1' )
- {
- // access denied
- break;
- }
- // first, remove old image
- if ( $has_avi )
- {
- // First switch the avatar off
- $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
- if ( !$q )
- $db->_die('Avatar CP switching user avatar off');
-
- @unlink($avi_path);
- }
- // set to gravatar mode
- $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $user_id . ';');
- if ( !$q )
- $db->_die('Avatar CP switching user avatar off');
-
- $has_avi = 1;
- $quiet || print '' . $lang->get('usercp_avatar_gravatar_success') . '
';
- $had_a_boo_boo = false;
- break;
- }
- return array($has_avi, $avi_type, $had_a_boo_boo);
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
+ $had_a_boo_boo = true;
+
+ // Determine current avatar
+ $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
+ if ( !$q )
+ $db->_die('Avatar CP selecting user\'s avatar data');
+
+ list($has_avi, $avi_type) = $db->fetchrow_num();
+
+ $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
+ $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
+ switch($action)
+ {
+ case 'keep':
+ default:
+ $had_a_boo_boo = false;
+ break;
+ case 'remove':
+ if ( $has_avi )
+ {
+ // First switch the avatar off
+ $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
+ if ( !$q )
+ $db->_die('Avatar CP switching user avatar off');
+
+ if ( @unlink($avi_path) )
+ {
+ $quiet || print '' . $lang->get('usercp_avatar_delete_success') . '
';
+ }
+ $has_avi = 0;
+ }
+ $had_a_boo_boo = false;
+ break;
+ case 'set_http':
+ case 'set_file':
+ // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
+ if ( $action == 'set_http' )
+ {
+ // Check if this action is enabled
+ if ( getConfig('avatar_upload_http', 1) !== 1 )
+ {
+ // non-localized, only appears on hack attempt
+ echo 'Uploads over HTTP are disabled.
';
+ break;
+ }
+ // Download the file
+ require_once( ENANO_ROOT . '/includes/http.php' );
+
+ if ( !preg_match('/^http:\/\/((?:[a-z0-9-\.]+|\[[a-f0-9:]+\]))(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
+ {
+ echo '' . $lang->get('usercp_avatar_invalid_url') . '
';
+ break;
+ }
+
+ $hostname = $match[1];
+ $uri = '/' . $match[4];
+ $port = ( $match[3] ) ? intval($match[3]) : 80;
+ $max_size = intval(getConfig('avatar_max_size'));
+
+ // Get temporary file
+ $tempfile = tempnam(false, "enanoavatar_{$user_id}");
+ if ( !$tempfile )
+ echo 'Error getting temp file.
';
+
+ @unlink($tempfile);
+ $request = new Request_HTTP($hostname, $uri, 'GET', $port);
+ // max download size: 2MB, keeps things reasonable
+ // note: we'll try to scale the image down before checking filesize
+ $result = $request->write_response_to_file($tempfile, 1160, 2097152);
+ if ( !$result || $request->response_code != HTTP_OK )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_bad_write') . '
';
+ break;
+ }
+
+ // Response written. Proceed to validation...
+ }
+ else
+ {
+ // Check if this action is enabled
+ if ( getConfig('avatar_upload_file', 1) !== 1 )
+ {
+ // non-localized, only appears on hack attempt
+ echo 'Uploads from the browser are disabled.
';
+ break;
+ }
+
+ $max_size = intval(getConfig('avatar_max_size'));
+
+ $file =& $_FILES['avatar_file'];
+ $tempfile =& $file['tmp_name'];
+ }
+ $file_type = get_image_filetype($tempfile);
+ if ( !$file_type )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_bad_filetype') . '
';
+ break;
+ }
+
+ $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
+
+ // The file type is good - validate dimensions and animation
+ switch($file_type)
+ {
+ case 'png':
+ $is_animated = is_png_animated($tempfile);
+ $dimensions = png_get_dimensions($tempfile);
+ break;
+ case 'gif':
+ $is_animated = is_gif_animated($tempfile);
+ $dimensions = gif_get_dimensions($tempfile);
+ break;
+ case 'jpg':
+ $is_animated = false;
+ $dimensions = jpg_get_dimensions($tempfile);
+ break;
+ default:
+ echo 'API mismatch
';
+ break 2;
+ }
+ // Did we get invalid size data? If so the image is probably corrupt.
+ if ( !$dimensions )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_corrupt_image') . '
';
+ break;
+ }
+ // Is the image animated?
+ if ( $is_animated && getConfig('avatar_enable_anim', 0) !== 1 )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_disallowed_animation') . '
';
+ break;
+ }
+ // Check image dimensions
+ list($image_x, $image_y) = $dimensions;
+ $max_x = intval(getConfig('avatar_max_width'));
+ $max_y = intval(getConfig('avatar_max_height'));
+ if ( $image_x > $max_x || $image_y > $max_y )
+ {
+ // try to scale the image
+ try
+ {
+ @rename($tempfile, "$tempfile-unscaled.$file_type");
+ $scale_result = scale_image("$tempfile-unscaled.$file_type", "$tempfile.$file_type", $max_x, $max_y, true);
+ if ( $scale_result )
+ {
+ if ( !(@unlink("$tempfile-unscaled.$file_type") && @rename("$tempfile.$file_type", $tempfile)) )
+ {
+ // scale failed
+ @unlink("$tempfile-scale.$file_type");
+ echo 'Rename failure: ' . $lang->get('usercp_avatar_too_large') . '
';
+ break;
+ }
+ }
+ else
+ {
+ @unlink($tempfile);
+ @unlink("$tempfile-unscaled.$file_type");
+ echo 'Scale failure: ' . $lang->get('usercp_avatar_too_large') . '
';
+ break;
+ }
+ }
+ catch ( Exception $e )
+ {
+ // If we get here, the scaling process most definitely failed.
+ echo 'EXCEPTION: ' . $lang->get('usercp_avatar_too_large') . '
';
+ break;
+ }
+ }
+ // Check file size last, so that the scale operation is considered
+ if ( filesize($tempfile) > $max_size )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_file_too_large') . '
';
+ break;
+ }
+ // All good!
+ @unlink($avi_path);
+ if ( rename($tempfile, $avi_path_new) )
+ {
+ $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$user_id};");
+ if ( !$q )
+ $db->_die('Avatar CP updating users table after successful avatar upload');
+ $has_avi = 1;
+ $avi_type = $file_type;
+ $quiet || print '' . $lang->get('usercp_avatar_upload_success') . '
';
+ }
+ else
+ {
+ echo '' . $lang->get('usercp_avatar_move_failed') . '
';
+ }
+ $had_a_boo_boo = false;
+ break;
+ case 'set_gravatar':
+ // set avatar to use Gravatar
+ // make sure we're allowed to do this
+ if ( getConfig('avatar_upload_gravatar') != '1' )
+ {
+ // access denied
+ break;
+ }
+ // first, remove old image
+ if ( $has_avi )
+ {
+ // First switch the avatar off
+ $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
+ if ( !$q )
+ $db->_die('Avatar CP switching user avatar off');
+
+ @unlink($avi_path);
+ }
+ // set to gravatar mode
+ $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $user_id . ';');
+ if ( !$q )
+ $db->_die('Avatar CP switching user avatar off');
+
+ $has_avi = 1;
+ $quiet || print '' . $lang->get('usercp_avatar_gravatar_success') . '
';
+ $had_a_boo_boo = false;
+ break;
+ }
+ return array($has_avi, $avi_type, $had_a_boo_boo);
}
?>