Profile-Modify.php 117 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536
  1. <?php
  2. /**
  3. * This file has the primary job of showing and editing people's profiles.
  4. * It also allows the user to change some of their or another's preferences,
  5. * and such things
  6. *
  7. * Simple Machines Forum (SMF)
  8. *
  9. * @package SMF
  10. * @author Simple Machines http://www.simplemachines.org
  11. * @copyright 2011 Simple Machines
  12. * @license http://www.simplemachines.org/about/smf/license.php BSD
  13. *
  14. * @version 2.1 Alpha 1
  15. */
  16. if (!defined('SMF'))
  17. die('Hacking attempt...');
  18. /**
  19. * This defines every profile field known to man.
  20. *
  21. * @param bool $force_reload = false
  22. */
  23. function loadProfileFields($force_reload = false)
  24. {
  25. global $context, $profile_fields, $txt, $scripturl, $modSettings, $user_info, $old_profile, $smcFunc, $cur_profile, $language;
  26. // Don't load this twice!
  27. if (!empty($profile_fields) && !$force_reload)
  28. return;
  29. /* This horrific array defines all the profile fields in the whole world!
  30. In general each "field" has one array - the key of which is the database column name associated with said field. Each item
  31. can have the following attributes:
  32. string $type: The type of field this is - valid types are:
  33. - callback: This is a field which has its own callback mechanism for templating.
  34. - check: A simple checkbox.
  35. - hidden: This doesn't have any visual aspects but may have some validity.
  36. - password: A password box.
  37. - select: A select box.
  38. - text: A string of some description.
  39. string $label: The label for this item - default will be $txt[$key] if this isn't set.
  40. string $subtext: The subtext (Small label) for this item.
  41. int $size: Optional size for a text area.
  42. array $input_attr: An array of text strings to be added to the input box for this item.
  43. string $value: The value of the item. If not set $cur_profile[$key] is assumed.
  44. string $permission: Permission required for this item (Excluded _any/_own subfix which is applied automatically).
  45. function $input_validate: A runtime function which validates the element before going to the database. It is passed
  46. the relevant $_POST element if it exists and should be treated like a reference.
  47. Return types:
  48. - true: Element can be stored.
  49. - false: Skip this element.
  50. - a text string: An error occured - this is the error message.
  51. function $preload: A function that is used to load data required for this element to be displayed. Must return
  52. true to be displayed at all.
  53. string $cast_type: If set casts the element to a certain type. Valid types (bool, int, float).
  54. string $save_key: If the index of this element isn't the database column name it can be overriden
  55. with this string.
  56. bool $is_dummy: If set then nothing is acted upon for this element.
  57. bool $enabled: A test to determine whether this is even available - if not is unset.
  58. string $link_with: Key which links this field to an overall set.
  59. Note that all elements that have a custom input_validate must ensure they set the value of $cur_profile correct to enable
  60. the changes to be displayed correctly on submit of the form.
  61. */
  62. $profile_fields = array(
  63. 'aim' => array(
  64. 'type' => 'text',
  65. 'label' => $txt['aim'],
  66. 'subtext' => $txt['your_aim'],
  67. 'size' => 24,
  68. 'value' => strtr(empty($cur_profile['aim']) ? '' : $cur_profile['aim'], '+', ' '),
  69. 'permission' => 'profile_extra',
  70. 'input_validate' => create_function('&$value', '
  71. $value = strtr($value, \' \', \'+\');
  72. return true;
  73. '),
  74. ),
  75. 'avatar_choice' => array(
  76. 'type' => 'callback',
  77. 'callback_func' => 'avatar_select',
  78. // This handles the permissions too.
  79. 'preload' => 'profileLoadAvatarData',
  80. 'input_validate' => 'profileSaveAvatarData',
  81. 'save_key' => 'avatar',
  82. ),
  83. 'bday1' => array(
  84. 'type' => 'callback',
  85. 'callback_func' => 'birthdate',
  86. 'permission' => 'profile_extra',
  87. 'preload' => create_function('', '
  88. global $cur_profile, $context;
  89. // Split up the birthdate....
  90. list ($uyear, $umonth, $uday) = explode(\'-\', empty($cur_profile[\'birthdate\']) || $cur_profile[\'birthdate\'] == \'0001-01-01\' ? \'0000-00-00\' : $cur_profile[\'birthdate\']);
  91. $context[\'member\'][\'birth_date\'] = array(
  92. \'year\' => $uyear == \'0004\' ? \'0000\' : $uyear,
  93. \'month\' => $umonth,
  94. \'day\' => $uday,
  95. );
  96. return true;
  97. '),
  98. 'input_validate' => create_function('&$value', '
  99. global $profile_vars, $cur_profile;
  100. if (isset($_POST[\'bday2\'], $_POST[\'bday3\']) && $value > 0 && $_POST[\'bday2\'] > 0)
  101. {
  102. // Set to blank?
  103. if ((int) $_POST[\'bday3\'] == 1 && (int) $_POST[\'bday2\'] == 1 && (int) $value == 1)
  104. $value = \'0001-01-01\';
  105. else
  106. $value = checkdate($value, $_POST[\'bday2\'], $_POST[\'bday3\'] < 4 ? 4 : $_POST[\'bday3\']) ? sprintf(\'%04d-%02d-%02d\', $_POST[\'bday3\'] < 4 ? 4 : $_POST[\'bday3\'], $_POST[\'bday1\'], $_POST[\'bday2\']) : \'0001-01-01\';
  107. }
  108. else
  109. $value = \'0001-01-01\';
  110. $profile_vars[\'birthdate\'] = $value;
  111. $cur_profile[\'birthdate\'] = $value;
  112. return false;
  113. '),
  114. ),
  115. // Setting the birthdate the old style way?
  116. 'birthdate' => array(
  117. 'type' => 'hidden',
  118. 'permission' => 'profile_extra',
  119. 'input_validate' => create_function('&$value', '
  120. global $cur_profile;
  121. // @todo Should we check for this year and tell them they made a mistake :P? (based on coppa at least?)
  122. if (preg_match(\'/(\d{4})[\-\., ](\d{2})[\-\., ](\d{2})/\', $value, $dates) === 1)
  123. {
  124. $value = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf(\'%04d-%02d-%02d\', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : \'0001-01-01\';
  125. return true;
  126. }
  127. else
  128. {
  129. $value = empty($cur_profile[\'birthdate\']) ? \'0001-01-01\' : $cur_profile[\'birthdate\'];
  130. return false;
  131. }
  132. '),
  133. ),
  134. 'date_registered' => array(
  135. 'type' => 'text',
  136. 'value' => empty($cur_profile['date_registered']) ? $txt['not_applicable'] : strftime('%Y-%m-%d', $cur_profile['date_registered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600),
  137. 'label' => $txt['date_registered'],
  138. 'log_change' => true,
  139. 'permission' => 'moderate_forum',
  140. 'input_validate' => create_function('&$value', '
  141. global $txt, $user_info, $modSettings, $cur_profile, $context;
  142. // Bad date! Go try again - please?
  143. if (($value = strtotime($value)) === -1)
  144. {
  145. $value = $cur_profile[\'date_registered\'];
  146. return $txt[\'invalid_registration\'] . \' \' . strftime(\'%d %b %Y \' . (strpos($user_info[\'time_format\'], \'%H\') !== false ? \'%I:%M:%S %p\' : \'%H:%M:%S\'), forum_time(false));
  147. }
  148. // As long as it doesn\'t equal "N/A"...
  149. elseif ($value != $txt[\'not_applicable\'] && $value != strtotime(strftime(\'%Y-%m-%d\', $cur_profile[\'date_registered\'] + ($user_info[\'time_offset\'] + $modSettings[\'time_offset\']) * 3600)))
  150. $value = $value - ($user_info[\'time_offset\'] + $modSettings[\'time_offset\']) * 3600;
  151. else
  152. $value = $cur_profile[\'date_registered\'];
  153. return true;
  154. '),
  155. ),
  156. 'email_address' => array(
  157. 'type' => 'text',
  158. 'label' => $txt['user_email_address'],
  159. 'subtext' => $txt['valid_email'],
  160. 'log_change' => true,
  161. 'permission' => 'profile_identity',
  162. 'input_validate' => create_function('&$value', '
  163. global $context, $old_profile, $context, $profile_vars, $sourcedir, $modSettings;
  164. if (strtolower($value) == strtolower($old_profile[\'email_address\']))
  165. return false;
  166. $isValid = profileValidateEmail($value, $context[\'id_member\']);
  167. // Do they need to revalidate? If so schedule the function!
  168. if ($isValid === true && !empty($modSettings[\'send_validation_onChange\']) && !allowedTo(\'moderate_forum\'))
  169. {
  170. require_once($sourcedir . \'/Subs-Members.php\');
  171. $profile_vars[\'validation_code\'] = generateValidationCode();
  172. $profile_vars[\'is_activated\'] = 2;
  173. $context[\'profile_execute_on_save\'][] = \'profileSendActivation\';
  174. unset($context[\'profile_execute_on_save\'][\'reload_user\']);
  175. }
  176. return $isValid;
  177. '),
  178. ),
  179. 'gender' => array(
  180. 'type' => 'select',
  181. 'cast_type' => 'int',
  182. 'options' => 'return array(0 => \'\', 1 => $txt[\'male\'], 2 => $txt[\'female\']);',
  183. 'label' => $txt['gender'],
  184. 'permission' => 'profile_extra',
  185. ),
  186. 'hide_email' => array(
  187. 'type' => 'check',
  188. 'value' => empty($cur_profile['hide_email']) ? true : false,
  189. 'label' => $txt['allow_user_email'],
  190. 'permission' => 'profile_identity',
  191. 'input_validate' => create_function('&$value', '
  192. $value = $value == 0 ? 1 : 0;
  193. return true;
  194. '),
  195. ),
  196. 'icq' => array(
  197. 'type' => 'text',
  198. 'label' => $txt['icq'],
  199. 'subtext' => $txt['your_icq'],
  200. 'size' => 24,
  201. 'permission' => 'profile_extra',
  202. // Need to make sure ICQ doesn't equal 0.
  203. 'input_validate' => create_function('&$value', '
  204. if (empty($value))
  205. $value = \'\';
  206. else
  207. $value = (int) $value;
  208. return true;
  209. '),
  210. ),
  211. // Selecting group membership is a complicated one so we treat it separate!
  212. 'id_group' => array(
  213. 'type' => 'callback',
  214. 'callback_func' => 'group_manage',
  215. 'permission' => 'manage_membergroups',
  216. 'preload' => 'profileLoadGroups',
  217. 'log_change' => true,
  218. 'input_validate' => 'profileSaveGroups',
  219. ),
  220. 'id_theme' => array(
  221. 'type' => 'callback',
  222. 'callback_func' => 'theme_pick',
  223. 'permission' => 'profile_extra',
  224. 'enabled' => $modSettings['theme_allow'] || allowedTo('admin_forum'),
  225. 'preload' => create_function('', '
  226. global $smcFunc, $context, $cur_profile, $txt;
  227. $request = $smcFunc[\'db_query\'](\'\', \'
  228. SELECT value
  229. FROM {db_prefix}themes
  230. WHERE id_theme = {int:id_theme}
  231. AND variable = {string:variable}
  232. LIMIT 1\', array(
  233. \'id_theme\' => $cur_profile[\'id_theme\'],
  234. \'variable\' => \'name\',
  235. )
  236. );
  237. list ($name) = $smcFunc[\'db_fetch_row\']($request);
  238. $smcFunc[\'db_free_result\']($request);
  239. $context[\'member\'][\'theme\'] = array(
  240. \'id\' => $cur_profile[\'id_theme\'],
  241. \'name\' => empty($cur_profile[\'id_theme\']) ? $txt[\'theme_forum_default\'] : $name
  242. );
  243. return true;
  244. '),
  245. 'input_validate' => create_function('&$value', '
  246. $value = (int) $value;
  247. return true;
  248. '),
  249. ),
  250. 'karma_good' => array(
  251. 'type' => 'callback',
  252. 'callback_func' => 'karma_modify',
  253. 'permission' => 'admin_forum',
  254. // Set karma_bad too!
  255. 'input_validate' => create_function('&$value', '
  256. global $profile_vars, $cur_profile;
  257. $value = (int) $value;
  258. if (isset($_POST[\'karma_bad\']))
  259. {
  260. $profile_vars[\'karma_bad\'] = $_POST[\'karma_bad\'] != \'\' ? (int) $_POST[\'karma_bad\'] : 0;
  261. $cur_profile[\'karma_bad\'] = $_POST[\'karma_bad\'] != \'\' ? (int) $_POST[\'karma_bad\'] : 0;
  262. }
  263. return true;
  264. '),
  265. 'preload' => create_function('', '
  266. global $context, $cur_profile;
  267. $context[\'member\'][\'karma\'][\'good\'] = $cur_profile[\'karma_good\'];
  268. $context[\'member\'][\'karma\'][\'bad\'] = $cur_profile[\'karma_bad\'];
  269. return true;
  270. '),
  271. 'enabled' => !empty($modSettings['karmaMode']),
  272. ),
  273. 'lngfile' => array(
  274. 'type' => 'select',
  275. 'options' => 'return $context[\'profile_languages\'];',
  276. 'label' => $txt['preferred_language'],
  277. 'permission' => 'profile_identity',
  278. 'preload' => 'profileLoadLanguages',
  279. 'enabled' => !empty($modSettings['userLanguage']),
  280. 'value' => empty($cur_profile['lngfile']) ? $language : $cur_profile['lngfile'],
  281. 'input_validate' => create_function('&$value', '
  282. global $context, $cur_profile;
  283. // Load the languages.
  284. profileLoadLanguages();
  285. if (isset($context[\'profile_languages\'][$value]))
  286. {
  287. if ($context[\'user\'][\'is_owner\'] && empty($context[\'password_auth_failed\']))
  288. $_SESSION[\'language\'] = $value;
  289. return true;
  290. }
  291. else
  292. {
  293. $value = $cur_profile[\'lngfile\'];
  294. return false;
  295. }
  296. '),
  297. ),
  298. 'location' => array(
  299. 'type' => 'text',
  300. 'label' => $txt['location'],
  301. 'log_change' => true,
  302. 'size' => 50,
  303. 'permission' => 'profile_extra',
  304. ),
  305. // The username is not always editable - so adjust it as such.
  306. 'member_name' => array(
  307. 'type' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? 'text' : 'label',
  308. 'label' => $txt['username'],
  309. 'subtext' => allowedTo('admin_forum') && !isset($_GET['changeusername']) ? '[<a href="' . $scripturl . '?action=profile;u=' . $context['id_member'] . ';area=account;changeusername" style="font-style: italic;">' . $txt['username_change'] . '</a>]' : '',
  310. 'log_change' => true,
  311. 'permission' => 'profile_identity',
  312. 'prehtml' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? '<div class="alert">' . $txt['username_warning'] . '</div>' : '',
  313. 'input_validate' => create_function('&$value', '
  314. global $sourcedir, $context, $user_info, $cur_profile;
  315. if (allowedTo(\'admin_forum\'))
  316. {
  317. // We\'ll need this...
  318. require_once($sourcedir . \'/Subs-Auth.php\');
  319. // Maybe they are trying to change their password as well?
  320. $resetPassword = true;
  321. if (isset($_POST[\'passwrd1\']) && $_POST[\'passwrd1\'] != \'\' && isset($_POST[\'passwrd2\']) && $_POST[\'passwrd1\'] == $_POST[\'passwrd2\'] && validatePassword($_POST[\'passwrd1\'], $value, array($cur_profile[\'real_name\'], $user_info[\'username\'], $user_info[\'name\'], $user_info[\'email\'])) == null)
  322. $resetPassword = false;
  323. // Do the reset... this will send them an email too.
  324. if ($resetPassword)
  325. resetPassword($context[\'id_member\'], $value);
  326. elseif ($value !== null)
  327. {
  328. validateUsername($context[\'id_member\'], $value);
  329. updateMemberData($context[\'id_member\'], array(\'member_name\' => $value));
  330. }
  331. }
  332. return false;
  333. '),
  334. ),
  335. 'msn' => array(
  336. 'type' => 'text',
  337. 'label' => $txt['msn'],
  338. 'subtext' => $txt['msn_email_address'],
  339. 'size' => 24,
  340. 'permission' => 'profile_extra',
  341. 'input_validate' => create_function('&$value', '
  342. global $cur_profile;
  343. // Make sure the msn one is an email address, not something like \'none\' :P.
  344. if ($value != \'\' && preg_match(\'~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\\\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~\', $value) == 0)
  345. {
  346. $value = $cur_profile[\'msn\'];
  347. return false;
  348. }
  349. return true;
  350. '),
  351. ),
  352. 'passwrd1' => array(
  353. 'type' => 'password',
  354. 'label' => ucwords($txt['choose_pass']),
  355. 'subtext' => $txt['password_strength'],
  356. 'size' => 20,
  357. 'value' => '',
  358. 'enabled' => empty($cur_profile['openid_uri']),
  359. 'permission' => 'profile_identity',
  360. 'save_key' => 'passwd',
  361. // Note this will only work if passwrd2 also exists!
  362. 'input_validate' => create_function('&$value', '
  363. global $sourcedir, $user_info, $smcFunc, $cur_profile;
  364. // If we didn\'t try it then ignore it!
  365. if ($value == \'\')
  366. return false;
  367. // Do the two entries for the password even match?
  368. if (!isset($_POST[\'passwrd2\']) || $value != $_POST[\'passwrd2\'])
  369. return \'bad_new_password\';
  370. // Let\'s get the validation function into play...
  371. require_once($sourcedir . \'/Subs-Auth.php\');
  372. $passwordErrors = validatePassword($value, $cur_profile[\'member_name\'], array($cur_profile[\'real_name\'], $user_info[\'username\'], $user_info[\'name\'], $user_info[\'email\']));
  373. // Were there errors?
  374. if ($passwordErrors != null)
  375. return \'password_\' . $passwordErrors;
  376. // Set up the new password variable... ready for storage.
  377. $value = sha1(strtolower($cur_profile[\'member_name\']) . un_htmlspecialchars($value));
  378. return true;
  379. '),
  380. ),
  381. 'passwrd2' => array(
  382. 'type' => 'password',
  383. 'label' => ucwords($txt['verify_pass']),
  384. 'enabled' => empty($cur_profile['openid_uri']),
  385. 'size' => 20,
  386. 'value' => '',
  387. 'permission' => 'profile_identity',
  388. 'is_dummy' => true,
  389. ),
  390. 'personal_text' => array(
  391. 'type' => 'text',
  392. 'label' => $txt['personal_text'],
  393. 'log_change' => true,
  394. 'input_attr' => array('maxlength="50"'),
  395. 'size' => 50,
  396. 'permission' => 'profile_extra',
  397. ),
  398. // This does ALL the pm settings
  399. 'pm_prefs' => array(
  400. 'type' => 'callback',
  401. 'callback_func' => 'pm_settings',
  402. 'permission' => 'pm_read',
  403. 'preload' => create_function('', '
  404. global $context, $cur_profile;
  405. $context[\'display_mode\'] = $cur_profile[\'pm_prefs\'] & 3;
  406. $context[\'send_email\'] = $cur_profile[\'pm_email_notify\'];
  407. $context[\'receive_from\'] = !empty($cur_profile[\'pm_receive_from\']) ? $cur_profile[\'pm_receive_from\'] : 0;
  408. return true;
  409. '),
  410. 'input_validate' => create_function('&$value', '
  411. global $cur_profile, $profile_vars;
  412. // Simple validate and apply the two "sub settings"
  413. $value = max(min($value, 2), 0);
  414. $cur_profile[\'pm_email_notify\'] = $profile_vars[\'pm_email_notify\'] = max(min((int) $_POST[\'pm_email_notify\'], 2), 0);
  415. $cur_profile[\'pm_receive_from\'] = $profile_vars[\'pm_receive_from\'] = max(min((int) $_POST[\'pm_receive_from\'], 4), 0);
  416. return true;
  417. '),
  418. ),
  419. 'posts' => array(
  420. 'type' => 'int',
  421. 'label' => $txt['profile_posts'],
  422. 'log_change' => true,
  423. 'size' => 7,
  424. 'permission' => 'moderate_forum',
  425. 'input_validate' => create_function('&$value', '
  426. if (!is_numeric($value))
  427. return \'digits_only\';
  428. else
  429. $value = $value != \'\' ? strtr($value, array(\',\' => \'\', \'.\' => \'\', \' \' => \'\')) : 0;
  430. return true;
  431. '),
  432. ),
  433. 'real_name' => array(
  434. 'type' => !empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum') ? 'text' : 'label',
  435. 'label' => $txt['name'],
  436. 'subtext' => $txt['display_name_desc'],
  437. 'log_change' => true,
  438. 'input_attr' => array('maxlength="60"'),
  439. 'permission' => 'profile_identity',
  440. 'enabled' => !empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'),
  441. 'input_validate' => create_function('&$value', '
  442. global $context, $smcFunc, $sourcedir, $cur_profile;
  443. $value = trim(preg_replace(\'~[\s]~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value));
  444. if (trim($value) == \'\')
  445. return \'no_name\';
  446. elseif ($smcFunc[\'strlen\']($value) > 60)
  447. return \'name_too_long\';
  448. elseif ($cur_profile[\'real_name\'] != $value)
  449. {
  450. require_once($sourcedir . \'/Subs-Members.php\');
  451. if (isReservedName($value, $context[\'id_member\']))
  452. return \'name_taken\';
  453. }
  454. return true;
  455. '),
  456. ),
  457. 'secret_question' => array(
  458. 'type' => 'text',
  459. 'label' => $txt['secret_question'],
  460. 'subtext' => $txt['secret_desc'],
  461. 'size' => 50,
  462. 'permission' => 'profile_identity',
  463. ),
  464. 'secret_answer' => array(
  465. 'type' => 'text',
  466. 'label' => $txt['secret_answer'],
  467. 'subtext' => $txt['secret_desc2'],
  468. 'size' => 20,
  469. 'postinput' => '<span class="smalltext" style="margin-left: 4ex;">[<a href="' . $scripturl . '?action=helpadmin;help=secret_why_blank" onclick="return reqOverlayDiv(this.href);">' . $txt['secret_why_blank'] . '</a>]</span>',
  470. 'value' => '',
  471. 'permission' => 'profile_identity',
  472. 'input_validate' => create_function('&$value', '
  473. $value = $value != \'\' ? md5($value) : \'\';
  474. return true;
  475. '),
  476. ),
  477. 'signature' => array(
  478. 'type' => 'callback',
  479. 'callback_func' => 'signature_modify',
  480. 'permission' => 'profile_extra',
  481. 'enabled' => substr($modSettings['signature_settings'], 0, 1) == 1,
  482. 'preload' => 'profileLoadSignatureData',
  483. 'input_validate' => 'profileValidateSignature',
  484. ),
  485. 'show_online' => array(
  486. 'type' => 'check',
  487. 'label' => $txt['show_online'],
  488. 'permission' => 'profile_identity',
  489. 'enabled' => !empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum'),
  490. ),
  491. 'smiley_set' => array(
  492. 'type' => 'callback',
  493. 'callback_func' => 'smiley_pick',
  494. 'enabled' => !empty($modSettings['smiley_sets_enable']),
  495. 'permission' => 'profile_extra',
  496. 'preload' => create_function('', '
  497. global $modSettings, $context, $txt, $cur_profile;
  498. $context[\'member\'][\'smiley_set\'][\'id\'] = empty($cur_profile[\'smiley_set\']) ? \'\' : $cur_profile[\'smiley_set\'];
  499. $context[\'smiley_sets\'] = explode(\',\', \'none,,\' . $modSettings[\'smiley_sets_known\']);
  500. $set_names = explode("\n", $txt[\'smileys_none\'] . "\n" . $txt[\'smileys_forum_board_default\'] . "\n" . $modSettings[\'smiley_sets_names\']);
  501. foreach ($context[\'smiley_sets\'] as $i => $set)
  502. {
  503. $context[\'smiley_sets\'][$i] = array(
  504. \'id\' => htmlspecialchars($set),
  505. \'name\' => htmlspecialchars($set_names[$i]),
  506. \'selected\' => $set == $context[\'member\'][\'smiley_set\'][\'id\']
  507. );
  508. if ($context[\'smiley_sets\'][$i][\'selected\'])
  509. $context[\'member\'][\'smiley_set\'][\'name\'] = $set_names[$i];
  510. }
  511. return true;
  512. '),
  513. 'input_validate' => create_function('&$value', '
  514. global $modSettings;
  515. $smiley_sets = explode(\',\', $modSettings[\'smiley_sets_known\']);
  516. if (!in_array($value, $smiley_sets) && $value != \'none\')
  517. $value = \'\';
  518. return true;
  519. '),
  520. ),
  521. // Pretty much a dummy entry - it populates all the theme settings.
  522. 'theme_settings' => array(
  523. 'type' => 'callback',
  524. 'callback_func' => 'theme_settings',
  525. 'permission' => 'profile_extra',
  526. 'is_dummy' => true,
  527. 'preload' => create_function('', '
  528. global $context, $user_info;
  529. loadLanguage(\'Settings\');
  530. $context[\'allow_no_censored\'] = false;
  531. if ($user_info[\'is_admin\'] || $context[\'user\'][\'is_owner\'])
  532. $context[\'allow_no_censored\'] = allowedTo(\'disable_censor\');
  533. return true;
  534. '),
  535. ),
  536. 'time_format' => array(
  537. 'type' => 'callback',
  538. 'callback_func' => 'timeformat_modify',
  539. 'permission' => 'profile_extra',
  540. 'preload' => create_function('', '
  541. global $context, $user_info, $txt, $cur_profile, $modSettings;
  542. $context[\'easy_timeformats\'] = array(
  543. array(\'format\' => \'\', \'title\' => $txt[\'timeformat_default\']),
  544. array(\'format\' => \'%B %d, %Y, %I:%M:%S %p\', \'title\' => $txt[\'timeformat_easy1\']),
  545. array(\'format\' => \'%B %d, %Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy2\']),
  546. array(\'format\' => \'%Y-%m-%d, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy3\']),
  547. array(\'format\' => \'%d %B %Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy4\']),
  548. array(\'format\' => \'%d-%m-%Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy5\'])
  549. );
  550. $context[\'member\'][\'time_format\'] = $cur_profile[\'time_format\'];
  551. $context[\'current_forum_time\'] = timeformat(time() - $user_info[\'time_offset\'] * 3600, false);
  552. $context[\'current_forum_time_js\'] = strftime(\'%Y,\' . ((int) strftime(\'%m\', time() + $modSettings[\'time_offset\'] * 3600) - 1) . \',%d,%H,%M,%S\', time() + $modSettings[\'time_offset\'] * 3600);
  553. $context[\'current_forum_time_hour\'] = (int) strftime(\'%H\', forum_time(false));
  554. return true;
  555. '),
  556. ),
  557. 'time_offset' => array(
  558. 'type' => 'callback',
  559. 'callback_func' => 'timeoffset_modify',
  560. 'permission' => 'profile_extra',
  561. 'preload' => create_function('', '
  562. global $context, $cur_profile;
  563. $context[\'member\'][\'time_offset\'] = $cur_profile[\'time_offset\'];
  564. return true;
  565. '),
  566. 'input_validate' => create_function('&$value', '
  567. // Validate the time_offset...
  568. $value = (float) strtr($value, \',\', \'.\');
  569. if ($value < -23.5 || $value > 23.5)
  570. return \'bad_offset\';
  571. return true;
  572. '),
  573. ),
  574. 'usertitle' => array(
  575. 'type' => 'text',
  576. 'label' => $txt['custom_title'],
  577. 'log_change' => true,
  578. 'input_attr' => array('maxlength="50"'),
  579. 'size' => 50,
  580. 'permission' => 'profile_title',
  581. 'enabled' => !empty($modSettings['titlesEnable']),
  582. ),
  583. 'website_title' => array(
  584. 'type' => 'text',
  585. 'label' => $txt['website_title'],
  586. 'subtext' => $txt['include_website_url'],
  587. 'size' => 50,
  588. 'permission' => 'profile_extra',
  589. 'link_with' => 'website',
  590. ),
  591. 'website_url' => array(
  592. 'type' => 'text',
  593. 'label' => $txt['website_url'],
  594. 'subtext' => $txt['complete_url'],
  595. 'size' => 50,
  596. 'permission' => 'profile_extra',
  597. // Fix the URL...
  598. 'input_validate' => create_function('&$value', '
  599. if (strlen(trim($value)) > 0 && strpos($value, \'://\') === false)
  600. $value = \'http://\' . $value;
  601. if (strlen($value) < 8 || (substr($value, 0, 7) !== \'http://\' && substr($value, 0, 8) !== \'https://\'))
  602. $value = \'\';
  603. return true;
  604. '),
  605. 'link_with' => 'website',
  606. ),
  607. 'yim' => array(
  608. 'type' => 'text',
  609. 'label' => $txt['yim'],
  610. 'subtext' => $txt['your_yim'],
  611. 'size' => 24,
  612. 'input_attr' => array('maxlength="32"'),
  613. 'permission' => 'profile_extra',
  614. ),
  615. );
  616. call_integration_hook('integrate_load_profile_fields', array($profile_fields));
  617. $disabled_fields = !empty($modSettings['disabled_profile_fields']) ? explode(',', $modSettings['disabled_profile_fields']) : array();
  618. // For each of the above let's take out the bits which don't apply - to save memory and security!
  619. foreach ($profile_fields as $key => $field)
  620. {
  621. // Do we have permission to do this?
  622. if (isset($field['permission']) && !allowedTo(($context['user']['is_owner'] ? array($field['permission'] . '_own', $field['permission'] . '_any') : $field['permission'] . '_any')) && !allowedTo($field['permission']))
  623. unset($profile_fields[$key]);
  624. // Is it enabled?
  625. if (isset($field['enabled']) && !$field['enabled'])
  626. unset($profile_fields[$key]);
  627. // Is it specifically disabled?
  628. if (in_array($key, $disabled_fields) || (isset($field['link_with']) && in_array($field['link_with'], $disabled_fields)))
  629. unset($profile_fields[$key]);
  630. }
  631. }
  632. /**
  633. * Setup the context for a page load!
  634. *
  635. * @param array $fields
  636. */
  637. function setupProfileContext($fields)
  638. {
  639. global $profile_fields, $context, $cur_profile, $smcFunc, $txt;
  640. // Make sure we have this!
  641. loadProfileFields(true);
  642. // First check for any linked sets.
  643. foreach ($profile_fields as $key => $field)
  644. if (isset($field['link_with']) && in_array($field['link_with'], $fields))
  645. $fields[] = $key;
  646. // Some default bits.
  647. $context['profile_prehtml'] = '';
  648. $context['profile_posthtml'] = '';
  649. $context['profile_javascript'] = '';
  650. $context['profile_onsubmit_javascript'] = '';
  651. $i = 0;
  652. $last_type = '';
  653. foreach ($fields as $key => $field)
  654. {
  655. if (isset($profile_fields[$field]))
  656. {
  657. // Shortcut.
  658. $cur_field = &$profile_fields[$field];
  659. // Does it have a preload and does that preload succeed?
  660. if (isset($cur_field['preload']) && !$cur_field['preload']())
  661. continue;
  662. // If this is anything but complex we need to do more cleaning!
  663. if ($cur_field['type'] != 'callback' && $cur_field['type'] != 'hidden')
  664. {
  665. if (!isset($cur_field['label']))
  666. $cur_field['label'] = isset($txt[$field]) ? $txt[$field] : $field;
  667. // Everything has a value!
  668. if (!isset($cur_field['value']))
  669. {
  670. $cur_field['value'] = isset($cur_profile[$field]) ? $cur_profile[$field] : '';
  671. }
  672. // Any input attributes?
  673. $cur_field['input_attr'] = !empty($cur_field['input_attr']) ? implode(',', $cur_field['input_attr']) : '';
  674. }
  675. // Was there an error with this field on posting?
  676. if (isset($context['profile_errors'][$field]))
  677. $cur_field['is_error'] = true;
  678. // Any javascript stuff?
  679. if (!empty($cur_field['js_submit']))
  680. $context['profile_onsubmit_javascript'] .= $cur_field['js_submit'];
  681. if (!empty($cur_field['js']))
  682. $context['profile_javascript'] .= $cur_field['js'];
  683. // Any template stuff?
  684. if (!empty($cur_field['prehtml']))
  685. $context['profile_prehtml'] .= $cur_field['prehtml'];
  686. if (!empty($cur_field['posthtml']))
  687. $context['profile_posthtml'] .= $cur_field['posthtml'];
  688. // Finally put it into context?
  689. if ($cur_field['type'] != 'hidden')
  690. {
  691. $last_type = $cur_field['type'];
  692. $context['profile_fields'][$field] = &$profile_fields[$field];
  693. }
  694. }
  695. // Bodge in a line break - without doing two in a row ;)
  696. elseif ($field == 'hr' && $last_type != 'hr' && $last_type != '')
  697. {
  698. $last_type = 'hr';
  699. $context['profile_fields'][$i++]['type'] = 'hr';
  700. }
  701. }
  702. // Free up some memory.
  703. unset($profile_fields);
  704. }
  705. /**
  706. * Save the profile changes.
  707. */
  708. function saveProfileFields()
  709. {
  710. global $profile_fields, $profile_vars, $context, $old_profile, $post_errors, $sourcedir, $modSettings, $cur_profile, $smcFunc;
  711. // Load them up.
  712. loadProfileFields();
  713. // This makes things easier...
  714. $old_profile = $cur_profile;
  715. // This allows variables to call activities when they save - by default just to reload their settings
  716. $context['profile_execute_on_save'] = array();
  717. if ($context['user']['is_owner'])
  718. $context['profile_execute_on_save']['reload_user'] = 'profileReloadUser';
  719. // Assume we log nothing.
  720. $context['log_changes'] = array();
  721. // Cycle through the profile fields working out what to do!
  722. foreach ($profile_fields as $key => $field)
  723. {
  724. if (!isset($_POST[$key]) || !empty($field['is_dummy']) || (isset($_POST['preview_signature']) && $key == 'signature'))
  725. continue;
  726. // What gets updated?
  727. $db_key = isset($field['save_key']) ? $field['save_key'] : $key;
  728. // Right - we have something that is enabled, we can act upon and has a value posted to it. Does it have a validation function?
  729. if (isset($field['input_validate']))
  730. {
  731. $is_valid = $field['input_validate']($_POST[$key]);
  732. // An error occured - set it as such!
  733. if ($is_valid !== true)
  734. {
  735. // Is this an actual error?
  736. if ($is_valid !== false)
  737. {
  738. $post_errors[$key] = $is_valid;
  739. $profile_fields[$key]['is_error'] = $is_valid;
  740. }
  741. // Retain the old value.
  742. $cur_profile[$key] = $_POST[$key];
  743. continue;
  744. }
  745. }
  746. // Are we doing a cast?
  747. $field['cast_type'] = empty($field['cast_type']) ? $field['type'] : $field['cast_type'];
  748. // Finally, clean up certain types.
  749. if ($field['cast_type'] == 'int')
  750. $_POST[$key] = (int) $_POST[$key];
  751. elseif ($field['cast_type'] == 'float')
  752. $_POST[$key] = (float) $_POST[$key];
  753. elseif ($field['cast_type'] == 'check')
  754. $_POST[$key] = !empty($_POST[$key]) ? 1 : 0;
  755. // If we got here we're doing OK.
  756. if ($field['type'] != 'hidden' && (!isset($old_profile[$key]) || $_POST[$key] != $old_profile[$key]))
  757. {
  758. // Set the save variable.
  759. $profile_vars[$db_key] = $_POST[$key];
  760. // And update the user profile.
  761. $cur_profile[$key] = $_POST[$key];
  762. // Are we logging it?
  763. if (!empty($field['log_change']) && isset($old_profile[$key]))
  764. $context['log_changes'][$key] = array(
  765. 'previous' => $old_profile[$key],
  766. 'new' => $_POST[$key],
  767. );
  768. }
  769. // Logging group changes are a bit different...
  770. if ($key == 'id_group' && $field['log_change'])
  771. {
  772. profileLoadGroups();
  773. // Any changes to primary group?
  774. if ($_POST['id_group'] != $old_profile['id_group'])
  775. {
  776. $context['log_changes']['id_group'] = array(
  777. 'previous' => !empty($old_profile[$key]) && isset($context['member_groups'][$old_profile[$key]]) ? $context['member_groups'][$old_profile[$key]]['name'] : '',
  778. 'new' => !empty($_POST[$key]) && isset($context['member_groups'][$_POST[$key]]) ? $context['member_groups'][$_POST[$key]]['name'] : '',
  779. );
  780. }
  781. // Prepare additional groups for comparison.
  782. $additional_groups = array(
  783. 'previous' => !empty($old_profile['additional_groups']) ? explode(',', $old_profile['additional_groups']) : array(),
  784. 'new' => !empty($_POST['additional_groups']) ? array_diff($_POST['additional_groups'], array(0)) : array(),
  785. );
  786. sort($additional_groups['previous']);
  787. sort($additional_groups['new']);
  788. // What about additional groups?
  789. if ($additional_groups['previous'] != $additional_groups['new'])
  790. {
  791. foreach ($additional_groups as $type => $groups)
  792. {
  793. foreach ($groups as $id => $group)
  794. {
  795. if (isset($context['member_groups'][$group]))
  796. $additional_groups[$type][$id] = $context['member_groups'][$group]['name'];
  797. else
  798. unset($additional_groups[$type][$id]);
  799. }
  800. $additional_groups[$type] = implode(', ', $additional_groups[$type]);
  801. }
  802. $context['log_changes']['additional_groups'] = $additional_groups;
  803. }
  804. }
  805. }
  806. // @todo Temporary
  807. if ($context['user']['is_owner'])
  808. $changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
  809. else
  810. $changeOther = allowedTo('profile_extra_any');
  811. if ($changeOther && empty($post_errors))
  812. {
  813. makeThemeChanges($context['id_member'], isset($_POST['id_theme']) ? (int) $_POST['id_theme'] : $old_profile['id_theme']);
  814. if (!empty($_REQUEST['sa']))
  815. makeCustomFieldChanges($context['id_member'], $_REQUEST['sa'], false);
  816. }
  817. // Free memory!
  818. unset($profile_fields);
  819. }
  820. /**
  821. * Save the profile changes
  822. *
  823. * @param array &$profile_variables
  824. * @param array &$post_errors
  825. * @param int $memID id_member
  826. */
  827. function saveProfileChanges(&$profile_vars, &$post_errors, $memID)
  828. {
  829. global $user_info, $txt, $modSettings, $user_profile;
  830. global $context, $settings, $sourcedir;
  831. global $smcFunc;
  832. // These make life easier....
  833. $old_profile = &$user_profile[$memID];
  834. // Permissions...
  835. if ($context['user']['is_owner'])
  836. {
  837. $changeIdentity = allowedTo(array('profile_identity_any', 'profile_identity_own'));
  838. $changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
  839. }
  840. else
  841. {
  842. $changeIdentity = allowedTo('profile_identity_any');
  843. $changeOther = allowedTo('profile_extra_any');
  844. }
  845. // Arrays of all the changes - makes things easier.
  846. $profile_bools = array(
  847. 'notify_announcements', 'notify_send_body',
  848. );
  849. $profile_ints = array(
  850. 'notify_regularity',
  851. 'notify_types',
  852. );
  853. $profile_floats = array(
  854. );
  855. $profile_strings = array(
  856. 'buddy_list',
  857. 'ignore_boards',
  858. );
  859. if (isset($_POST['sa']) && $_POST['sa'] == 'ignoreboards' && empty($_POST['ignore_brd']))
  860. $_POST['ignore_brd'] = array();
  861. unset($_POST['ignore_boards']); // Whatever it is set to is a dirty fithy thing. Kinda like our minds.
  862. if (isset($_POST['ignore_brd']))
  863. {
  864. if (!is_array($_POST['ignore_brd']))
  865. $_POST['ignore_brd'] = array ($_POST['ignore_brd']);
  866. foreach ($_POST['ignore_brd'] as $k => $d)
  867. {
  868. $d = (int) $d;
  869. if ($d != 0)
  870. $_POST['ignore_brd'][$k] = $d;
  871. else
  872. unset($_POST['ignore_brd'][$k]);
  873. }
  874. $_POST['ignore_boards'] = implode(',', $_POST['ignore_brd']);
  875. unset($_POST['ignore_brd']);
  876. }
  877. // Here's where we sort out all the 'other' values...
  878. if ($changeOther)
  879. {
  880. makeThemeChanges($memID, isset($_POST['id_theme']) ? (int) $_POST['id_theme'] : $old_profile['id_theme']);
  881. //makeAvatarChanges($memID, $post_errors);
  882. makeNotificationChanges($memID);
  883. if (!empty($_REQUEST['sa']))
  884. makeCustomFieldChanges($memID, $_REQUEST['sa'], false);
  885. foreach ($profile_bools as $var)
  886. if (isset($_POST[$var]))
  887. $profile_vars[$var] = empty($_POST[$var]) ? '0' : '1';
  888. foreach ($profile_ints as $var)
  889. if (isset($_POST[$var]))
  890. $profile_vars[$var] = $_POST[$var] != '' ? (int) $_POST[$var] : '';
  891. foreach ($profile_floats as $var)
  892. if (isset($_POST[$var]))
  893. $profile_vars[$var] = (float) $_POST[$var];
  894. foreach ($profile_strings as $var)
  895. if (isset($_POST[$var]))
  896. $profile_vars[$var] = $_POST[$var];
  897. }
  898. }
  899. /**
  900. * Make any theme changes that are sent with the profile.
  901. *
  902. * @param int $memID
  903. * @param int $id_theme
  904. */
  905. function makeThemeChanges($memID, $id_theme)
  906. {
  907. global $modSettings, $smcFunc, $context, $user_info;
  908. $reservedVars = array(
  909. 'actual_theme_url',
  910. 'actual_images_url',
  911. 'base_theme_dir',
  912. 'base_theme_url',
  913. 'default_images_url',
  914. 'default_theme_dir',
  915. 'default_theme_url',
  916. 'default_template',
  917. 'images_url',
  918. 'number_recent_posts',
  919. 'smiley_sets_default',
  920. 'theme_dir',
  921. 'theme_id',
  922. 'theme_layers',
  923. 'theme_templates',
  924. 'theme_url',
  925. );
  926. // Can't change reserved vars.
  927. if ((isset($_POST['options']) && count(array_intersect(array_keys($_POST['options']), $reservedVars)) != 0) || (isset($_POST['default_options']) && count(array_intersect(array_keys($_POST['default_options']), $reservedVars)) != 0))
  928. fatal_lang_error('no_access', false);
  929. // Don't allow any overriding of custom fields with default or non-default options.
  930. $request = $smcFunc['db_query']('', '
  931. SELECT col_name
  932. FROM {db_prefix}custom_fields
  933. WHERE active = {int:is_active}',
  934. array(
  935. 'is_active' => 1,
  936. )
  937. );
  938. $custom_fields = array();
  939. while ($row = $smcFunc['db_fetch_assoc']($request))
  940. $custom_fields[] = $row['col_name'];
  941. $smcFunc['db_free_result']($request);
  942. // These are the theme changes...
  943. $themeSetArray = array();
  944. if (isset($_POST['options']) && is_array($_POST['options']))
  945. {
  946. foreach ($_POST['options'] as $opt => $val)
  947. {
  948. if (in_array($opt, $custom_fields))
  949. continue;
  950. // These need to be controlled.
  951. if ($opt == 'topics_per_page' || $opt == 'messages_per_page')
  952. $val = max(0, min($val, 50));
  953. // We don't set this per theme anymore.
  954. elseif ($opt == 'allow_no_censored')
  955. continue;
  956. $themeSetArray[] = array($memID, $id_theme, $opt, is_array($val) ? implode(',', $val) : $val);
  957. }
  958. }
  959. $erase_options = array();
  960. if (isset($_POST['default_options']) && is_array($_POST['default_options']))
  961. foreach ($_POST['default_options'] as $opt => $val)
  962. {
  963. if (in_array($opt, $custom_fields))
  964. continue;
  965. // These need to be controlled.
  966. if ($opt == 'topics_per_page' || $opt == 'messages_per_page')
  967. $val = max(0, min($val, 50));
  968. // Only let admins and owners change the censor.
  969. elseif ($opt == 'allow_no_censored' && !$user_info['is_admin'] && !$context['user']['is_owner'])
  970. continue;
  971. $themeSetArray[] = array($memID, 1, $opt, is_array($val) ? implode(',', $val) : $val);
  972. $erase_options[] = $opt;
  973. }
  974. // If themeSetArray isn't still empty, send it to the database.
  975. if (empty($context['password_auth_failed']))
  976. {
  977. if (!empty($themeSetArray))
  978. {
  979. $smcFunc['db_insert']('replace',
  980. '{db_prefix}themes',
  981. array('id_member' => 'int', 'id_theme' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  982. $themeSetArray,
  983. array('id_member', 'id_theme', 'variable')
  984. );
  985. }
  986. if (!empty($erase_options))
  987. {
  988. $smcFunc['db_query']('', '
  989. DELETE FROM {db_prefix}themes
  990. WHERE id_theme != {int:id_theme}
  991. AND variable IN ({array_string:erase_variables})
  992. AND id_member = {int:id_member}',
  993. array(
  994. 'id_theme' => 1,
  995. 'id_member' => $memID,
  996. 'erase_variables' => $erase_options
  997. )
  998. );
  999. }
  1000. $themes = explode(',', $modSettings['knownThemes']);
  1001. foreach ($themes as $t)
  1002. cache_put_data('theme_settings-' . $t . ':' . $memID, null, 60);
  1003. }
  1004. }
  1005. /**
  1006. * Make any notification changes that need to be made.
  1007. *
  1008. * @param int $memID id_member
  1009. */
  1010. function makeNotificationChanges($memID)
  1011. {
  1012. global $smcFunc;
  1013. // Update the boards they are being notified on.
  1014. if (isset($_POST['edit_notify_boards']) && !empty($_POST['notify_boards']))
  1015. {
  1016. // Make sure only integers are deleted.
  1017. foreach ($_POST['notify_boards'] as $index => $id)
  1018. $_POST['notify_boards'][$index] = (int) $id;
  1019. // id_board = 0 is reserved for topic notifications.
  1020. $_POST['notify_boards'] = array_diff($_POST['notify_boards'], array(0));
  1021. $smcFunc['db_query']('', '
  1022. DELETE FROM {db_prefix}log_notify
  1023. WHERE id_board IN ({array_int:board_list})
  1024. AND id_member = {int:selected_member}',
  1025. array(
  1026. 'board_list' => $_POST['notify_boards'],
  1027. 'selected_member' => $memID,
  1028. )
  1029. );
  1030. }
  1031. // We are editing topic notifications......
  1032. elseif (isset($_POST['edit_notify_topics']) && !empty($_POST['notify_topics']))
  1033. {
  1034. foreach ($_POST['notify_topics'] as $index => $id)
  1035. $_POST['notify_topics'][$index] = (int) $id;
  1036. // Make sure there are no zeros left.
  1037. $_POST['notify_topics'] = array_diff($_POST['notify_topics'], array(0));
  1038. $smcFunc['db_query']('', '
  1039. DELETE FROM {db_prefix}log_notify
  1040. WHERE id_topic IN ({array_int:topic_list})
  1041. AND id_member = {int:selected_member}',
  1042. array(
  1043. 'topic_list' => $_POST['notify_topics'],
  1044. 'selected_member' => $memID,
  1045. )
  1046. );
  1047. }
  1048. }
  1049. /**
  1050. * Save any changes to the custom profile fields
  1051. *
  1052. * @param int $memID
  1053. * @param string $area
  1054. * @param bool $sanitize = true
  1055. */
  1056. function makeCustomFieldChanges($memID, $area, $sanitize = true)
  1057. {
  1058. global $context, $smcFunc, $user_profile, $user_info, $modSettings, $sourcedir;
  1059. if ($sanitize && isset($_POST['customfield']))
  1060. $_POST['customfield'] = htmlspecialchars__recursive($_POST['customfield']);
  1061. $where = $area == 'register' ? 'show_reg != 0' : 'show_profile = {string:area}';
  1062. // Load the fields we are saving too - make sure we save valid data (etc).
  1063. $request = $smcFunc['db_query']('', '
  1064. SELECT col_name, field_name, field_desc, field_type, field_length, field_options, default_value, show_reg, mask, private
  1065. FROM {db_prefix}custom_fields
  1066. WHERE ' . $where . '
  1067. AND active = {int:is_active}',
  1068. array(
  1069. 'is_active' => 1,
  1070. 'area' => $area,
  1071. )
  1072. );
  1073. $changes = array();
  1074. $log_changes = array();
  1075. while ($row = $smcFunc['db_fetch_assoc']($request))
  1076. {
  1077. /* This means don't save if:
  1078. - The user is NOT an admin.
  1079. - The data is not freely viewable and editable by users.
  1080. - The data is not invisible to users but editable by the owner (or if it is the user is not the owner)
  1081. - The area isn't registration, and if it is that the field is not suppossed to be shown there.
  1082. */
  1083. if ($row['private'] != 0 && !allowedTo('admin_forum') && ($memID != $user_info['id'] || $row['private'] != 2) && ($area != 'register' || $row['show_reg'] == 0))
  1084. continue;
  1085. // Validate the user data.
  1086. if ($row['field_type'] == 'check')
  1087. $value = isset($_POST['customfield'][$row['col_name']]) ? 1 : 0;
  1088. elseif ($row['field_type'] == 'select' || $row['field_type'] == 'radio')
  1089. {
  1090. $value = $row['default_value'];
  1091. foreach (explode(',', $row['field_options']) as $k => $v)
  1092. if (isset($_POST['customfield'][$row['col_name']]) && $_POST['customfield'][$row['col_name']] == $k)
  1093. $value = $v;
  1094. }
  1095. // Otherwise some form of text!
  1096. else
  1097. {
  1098. $value = isset($_POST['customfield'][$row['col_name']]) ? $_POST['customfield'][$row['col_name']] : '';
  1099. if ($row['field_length'])
  1100. $value = $smcFunc['substr']($value, 0, $row['field_length']);
  1101. // Any masks?
  1102. if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none')
  1103. {
  1104. // @todo We never error on this - just ignore it at the moment...
  1105. if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $value) === 0 || strlen($value) > 255))
  1106. $value = '';
  1107. elseif ($row['mask'] == 'number')
  1108. {
  1109. $value = (int) $value;
  1110. }
  1111. elseif (substr($row['mask'], 0, 5) == 'regex' && preg_match(substr($row['mask'], 5), $value) === 0)
  1112. $value = '';
  1113. }
  1114. }
  1115. // Did it change?
  1116. if (!isset($user_profile[$memID]['options'][$row['col_name']]) || $user_profile[$memID]['options'][$row['col_name']] != $value)
  1117. {
  1118. $log_changes[] = array(
  1119. 'action' => 'customfield_' . $row['col_name'],
  1120. 'log_type' => 'user',
  1121. 'extra' => array(
  1122. 'previous' => !empty($user_profile[$memID]['options'][$row['col_name']]) ? $user_profile[$memID]['options'][$row['col_name']] : '',
  1123. 'new' => $value,
  1124. 'applicator' => $user_info['id'],
  1125. 'member_affected' => $memID,
  1126. ),
  1127. );
  1128. $changes[] = array(1, $row['col_name'], $value, $memID);
  1129. $user_profile[$memID]['options'][$row['col_name']] = $value;
  1130. }
  1131. }
  1132. $smcFunc['db_free_result']($request);
  1133. call_integration_hook('integrate_save_custom_profile_fields', array($changes, $log_changes, $memID, $area, $sanitize));
  1134. // Make those changes!
  1135. if (!empty($changes) && empty($context['password_auth_failed']))
  1136. {
  1137. $smcFunc['db_insert']('replace',
  1138. '{db_prefix}themes',
  1139. array('id_theme' => 'int', 'variable' => 'string-255', 'value' => 'string-65534', 'id_member' => 'int'),
  1140. $changes,
  1141. array('id_theme', 'variable', 'id_member')
  1142. );
  1143. if (!empty($log_changes) && !empty($modSettings['modlog_enabled']))
  1144. {
  1145. require_once($sourcedir . '/Logging.php');
  1146. logActions($log_changes);
  1147. }
  1148. }
  1149. }
  1150. /**
  1151. * Show all the users buddies, as well as a add/delete interface.
  1152. *
  1153. * @param int $memID id_member
  1154. */
  1155. function editBuddyIgnoreLists($memID)
  1156. {
  1157. global $sourcedir, $context, $txt, $scripturl, $modSettings, $user_profile;
  1158. // Do a quick check to ensure people aren't getting here illegally!
  1159. if (!$context['user']['is_owner'] || empty($modSettings['enable_buddylist']))
  1160. fatal_lang_error('no_access', false);
  1161. // Can we email the user direct?
  1162. $context['can_moderate_forum'] = allowedTo('moderate_forum');
  1163. $context['can_send_email'] = allowedTo('send_email_to_members');
  1164. $subActions = array(
  1165. 'buddies' => array('editBuddies', $txt['editBuddies']),
  1166. 'ignore' => array('editIgnoreList', $txt['editIgnoreList']),
  1167. );
  1168. $context['list_area'] = isset($_GET['sa']) && isset($subActions[$_GET['sa']]) ? $_GET['sa'] : 'buddies';
  1169. // Create the tabs for the template.
  1170. $context[$context['profile_menu_name']]['tab_data'] = array(
  1171. 'title' => $txt['editBuddyIgnoreLists'],
  1172. 'description' => $txt['buddy_ignore_desc'],
  1173. 'icon' => 'profile_sm.png',
  1174. 'tabs' => array(
  1175. 'buddies' => array(),
  1176. 'ignore' => array(),
  1177. ),
  1178. );
  1179. // Pass on to the actual function.
  1180. $context['sub_template'] = $subActions[$context['list_area']][0];
  1181. $subActions[$context['list_area']][0]($memID);
  1182. }
  1183. /**
  1184. * Show all the users buddies, as well as a add/delete interface.
  1185. *
  1186. * @param int $memID id_member
  1187. */
  1188. function editBuddies($memID)
  1189. {
  1190. global $txt, $scripturl, $modSettings;
  1191. global $context, $user_profile, $memberContext, $smcFunc;
  1192. // For making changes!
  1193. $buddiesArray = explode(',', $user_profile[$memID]['buddy_list']);
  1194. foreach ($buddiesArray as $k => $dummy)
  1195. if ($dummy == '')
  1196. unset($buddiesArray[$k]);
  1197. // Removing a buddy?
  1198. if (isset($_GET['remove']))
  1199. {
  1200. checkSession('get');
  1201. call_integration_hook('integrate_remove_buddy', array($memID));
  1202. // Heh, I'm lazy, do it the easy way...
  1203. foreach ($buddiesArray as $key => $buddy)
  1204. if ($buddy == (int) $_GET['remove'])
  1205. unset($buddiesArray[$key]);
  1206. // Make the changes.
  1207. $user_profile[$memID]['buddy_list'] = implode(',', $buddiesArray);
  1208. updateMemberData($memID, array('buddy_list' => $user_profile[$memID]['buddy_list']));
  1209. // Redirect off the page because we don't like all this ugly query stuff to stick in the history.
  1210. redirectexit('action=profile;area=lists;sa=buddies;u=' . $memID);
  1211. }
  1212. elseif (isset($_POST['new_buddy']))
  1213. {
  1214. checkSession();
  1215. // Prepare the string for extraction...
  1216. $_POST['new_buddy'] = strtr($smcFunc['htmlspecialchars']($_POST['new_buddy'], ENT_QUOTES), array('&quot;' => '"'));
  1217. preg_match_all('~"([^"]+)"~', $_POST['new_buddy'], $matches);
  1218. $new_buddies = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST['new_buddy']))));
  1219. foreach ($new_buddies as $k => $dummy)
  1220. {
  1221. $new_buddies[$k] = strtr(trim($new_buddies[$k]), array('\'' => '&#039;'));
  1222. if (strlen($new_buddies[$k]) == 0 || in_array($new_buddies[$k], array($user_profile[$memID]['member_name'], $user_profile[$memID]['real_name'])))
  1223. unset($new_buddies[$k]);
  1224. }
  1225. call_integration_hook('integrate_add_buddies', array($memID, &$new_buddies));
  1226. if (!empty($new_buddies))
  1227. {
  1228. // Now find out the id_member of the buddy.
  1229. $request = $smcFunc['db_query']('', '
  1230. SELECT id_member
  1231. FROM {db_prefix}members
  1232. WHERE member_name IN ({array_string:new_buddies}) OR real_name IN ({array_string:new_buddies})
  1233. LIMIT {int:count_new_buddies}',
  1234. array(
  1235. 'new_buddies' => $new_buddies,
  1236. 'count_new_buddies' => count($new_buddies),
  1237. )
  1238. );
  1239. // Add the new member to the buddies array.
  1240. while ($row = $smcFunc['db_fetch_assoc']($request))
  1241. $buddiesArray[] = (int) $row['id_member'];
  1242. $smcFunc['db_free_result']($request);
  1243. // Now update the current users buddy list.
  1244. $user_profile[$memID]['buddy_list'] = implode(',', $buddiesArray);
  1245. updateMemberData($memID, array('buddy_list' => $user_profile[$memID]['buddy_list']));
  1246. }
  1247. // Back to the buddy list!
  1248. redirectexit('action=profile;area=lists;sa=buddies;u=' . $memID);
  1249. }
  1250. // Get all the users "buddies"...
  1251. $buddies = array();
  1252. if (!empty($buddiesArray))
  1253. {
  1254. $result = $smcFunc['db_query']('', '
  1255. SELECT id_member
  1256. FROM {db_prefix}members
  1257. WHERE id_member IN ({array_int:buddy_list})
  1258. ORDER BY real_name
  1259. LIMIT {int:buddy_list_count}',
  1260. array(
  1261. 'buddy_list' => $buddiesArray,
  1262. 'buddy_list_count' => substr_count($user_profile[$memID]['buddy_list'], ',') + 1,
  1263. )
  1264. );
  1265. while ($row = $smcFunc['db_fetch_assoc']($result))
  1266. $buddies[] = $row['id_member'];
  1267. $smcFunc['db_free_result']($result);
  1268. }
  1269. $context['buddy_count'] = count($buddies);
  1270. // Load all the members up.
  1271. loadMemberData($buddies, false, 'profile');
  1272. // Setup the context for each buddy.
  1273. $context['buddies'] = array();
  1274. foreach ($buddies as $buddy)
  1275. {
  1276. loadMemberContext($buddy);
  1277. $context['buddies'][$buddy] = $memberContext[$buddy];
  1278. }
  1279. call_integration_hook('integrate_view_buddies', array($memID));
  1280. }
  1281. /**
  1282. * Allows the user to view their ignore list, as well as the option to manage members on it.
  1283. *
  1284. * @param int $memID id_member
  1285. */
  1286. function editIgnoreList($memID)
  1287. {
  1288. global $txt, $scripturl, $modSettings;
  1289. global $context, $user_profile, $memberContext, $smcFunc;
  1290. // For making changes!
  1291. $ignoreArray = explode(',', $user_profile[$memID]['pm_ignore_list']);
  1292. foreach ($ignoreArray as $k => $dummy)
  1293. if ($dummy == '')
  1294. unset($ignoreArray[$k]);
  1295. // Removing a member from the ignore list?
  1296. if (isset($_GET['remove']))
  1297. {
  1298. checkSession('get');
  1299. // Heh, I'm lazy, do it the easy way...
  1300. foreach ($ignoreArray as $key => $id_remove)
  1301. if ($id_remove == (int) $_GET['remove'])
  1302. unset($ignoreArray[$key]);
  1303. // Make the changes.
  1304. $user_profile[$memID]['pm_ignore_list'] = implode(',', $ignoreArray);
  1305. updateMemberData($memID, array('pm_ignore_list' => $user_profile[$memID]['pm_ignore_list']));
  1306. // Redirect off the page because we don't like all this ugly query stuff to stick in the history.
  1307. redirectexit('action=profile;area=lists;sa=ignore;u=' . $memID);
  1308. }
  1309. elseif (isset($_POST['new_ignore']))
  1310. {
  1311. checkSession();
  1312. // Prepare the string for extraction...
  1313. $_POST['new_ignore'] = strtr($smcFunc['htmlspecialchars']($_POST['new_ignore'], ENT_QUOTES), array('&quot;' => '"'));
  1314. preg_match_all('~"([^"]+)"~', $_POST['new_ignore'], $matches);
  1315. $new_entries = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST['new_ignore']))));
  1316. foreach ($new_entries as $k => $dummy)
  1317. {
  1318. $new_entries[$k] = strtr(trim($new_entries[$k]), array('\'' => '&#039;'));
  1319. if (strlen($new_entries[$k]) == 0 || in_array($new_entries[$k], array($user_profile[$memID]['member_name'], $user_profile[$memID]['real_name'])))
  1320. unset($new_entries[$k]);
  1321. }
  1322. if (!empty($new_entries))
  1323. {
  1324. // Now find out the id_member for the members in question.
  1325. $request = $smcFunc['db_query']('', '
  1326. SELECT id_member
  1327. FROM {db_prefix}members
  1328. WHERE member_name IN ({array_string:new_entries}) OR real_name IN ({array_string:new_entries})
  1329. LIMIT {int:count_new_entries}',
  1330. array(
  1331. 'new_entries' => $new_entries,
  1332. 'count_new_entries' => count($new_entries),
  1333. )
  1334. );
  1335. // Add the new member to the buddies array.
  1336. while ($row = $smcFunc['db_fetch_assoc']($request))
  1337. $ignoreArray[] = (int) $row['id_member'];
  1338. $smcFunc['db_free_result']($request);
  1339. // Now update the current users buddy list.
  1340. $user_profile[$memID]['pm_ignore_list'] = implode(',', $ignoreArray);
  1341. updateMemberData($memID, array('pm_ignore_list' => $user_profile[$memID]['pm_ignore_list']));
  1342. }
  1343. // Back to the list of pityful people!
  1344. redirectexit('action=profile;area=lists;sa=ignore;u=' . $memID);
  1345. }
  1346. // Initialise the list of members we're ignoring.
  1347. $ignored = array();
  1348. if (!empty($ignoreArray))
  1349. {
  1350. $result = $smcFunc['db_query']('', '
  1351. SELECT id_member
  1352. FROM {db_prefix}members
  1353. WHERE id_member IN ({array_int:ignore_list})
  1354. ORDER BY real_name
  1355. LIMIT {int:ignore_list_count}',
  1356. array(
  1357. 'ignore_list' => $ignoreArray,
  1358. 'ignore_list_count' => substr_count($user_profile[$memID]['pm_ignore_list'], ',') + 1,
  1359. )
  1360. );
  1361. while ($row = $smcFunc['db_fetch_assoc']($result))
  1362. $ignored[] = $row['id_member'];
  1363. $smcFunc['db_free_result']($result);
  1364. }
  1365. $context['ignore_count'] = count($ignored);
  1366. // Load all the members up.
  1367. loadMemberData($ignored, false, 'profile');
  1368. // Setup the context for each buddy.
  1369. $context['ignore_list'] = array();
  1370. foreach ($ignored as $ignore_member)
  1371. {
  1372. loadMemberContext($ignore_member);
  1373. $context['ignore_list'][$ignore_member] = $memberContext[$ignore_member];
  1374. }
  1375. }
  1376. /**
  1377. * @todo Needs a description
  1378. *
  1379. * @param int $memID id_member
  1380. */
  1381. function account($memID)
  1382. {
  1383. global $context, $txt;
  1384. loadThemeOptions($memID);
  1385. if (allowedTo(array('profile_identity_own', 'profile_identity_any')))
  1386. loadCustomFields($memID, 'account');
  1387. $context['sub_template'] = 'edit_options';
  1388. $context['page_desc'] = $txt['account_info'];
  1389. setupProfileContext(
  1390. array(
  1391. 'member_name', 'real_name', 'date_registered', 'posts', 'lngfile', 'hr',
  1392. 'id_group', 'hr',
  1393. 'email_address', 'hide_email', 'show_online', 'hr',
  1394. 'passwrd1', 'passwrd2', 'hr',
  1395. 'secret_question', 'secret_answer',
  1396. )
  1397. );
  1398. }
  1399. /**
  1400. * @todo Needs a description
  1401. *
  1402. * @param int $memID id_member
  1403. */
  1404. function forumProfile($memID)
  1405. {
  1406. global $context, $user_profile, $user_info, $txt, $modSettings;
  1407. loadThemeOptions($memID);
  1408. if (allowedTo(array('profile_extra_own', 'profile_extra_any')))
  1409. loadCustomFields($memID, 'forumprofile');
  1410. $context['sub_template'] = 'edit_options';
  1411. $context['page_desc'] = $txt['forumProfile_info'];
  1412. $context['show_preview_button'] = true;
  1413. setupProfileContext(
  1414. array(
  1415. 'avatar_choice', 'hr', 'personal_text', 'hr',
  1416. 'bday1', 'location', 'gender', 'hr',
  1417. 'icq', 'aim', 'msn', 'yim', 'hr',
  1418. 'usertitle', 'signature', 'hr',
  1419. 'karma_good', 'hr',
  1420. 'website_title', 'website_url',
  1421. )
  1422. );
  1423. }
  1424. /**
  1425. * Allow the edit of *someone elses* personal message settings.
  1426. *
  1427. * @param int $memID id_member
  1428. */
  1429. function pmprefs($memID)
  1430. {
  1431. global $sourcedir, $context, $txt, $scripturl;
  1432. loadThemeOptions($memID);
  1433. loadCustomFields($memID, 'pmprefs');
  1434. $context['sub_template'] = 'edit_options';
  1435. $context['page_desc'] = $txt['pm_settings_desc'];
  1436. setupProfileContext(
  1437. array(
  1438. 'pm_prefs',
  1439. )
  1440. );
  1441. }
  1442. /**
  1443. * Recursive function to retrieve server-stored avatar files
  1444. *
  1445. * @param string $directory
  1446. * @param int $level
  1447. * @return array
  1448. */
  1449. function getAvatars($directory, $level)
  1450. {
  1451. global $context, $txt, $modSettings;
  1452. $result = array();
  1453. // Open the directory..
  1454. $dir = dir($modSettings['avatar_directory'] . (!empty($directory) ? '/' : '') . $directory);
  1455. $dirs = array();
  1456. $files = array();
  1457. if (!$dir)
  1458. return array();
  1459. while ($line = $dir->read())
  1460. {
  1461. if (in_array($line, array('.', '..', 'blank.png', 'index.php')))
  1462. continue;
  1463. if (is_dir($modSettings['avatar_directory'] . '/' . $directory . (!empty($directory) ? '/' : '') . $line))
  1464. $dirs[] = $line;
  1465. else
  1466. $files[] = $line;
  1467. }
  1468. $dir->close();
  1469. // Sort the results...
  1470. natcasesort($dirs);
  1471. natcasesort($files);
  1472. if ($level == 0)
  1473. {
  1474. $result[] = array(
  1475. 'filename' => 'blank.png',
  1476. 'checked' => in_array($context['member']['avatar']['server_pic'], array('', 'blank.png')),
  1477. 'name' => $txt['no_pic'],
  1478. 'is_dir' => false
  1479. );
  1480. }
  1481. foreach ($dirs as $line)
  1482. {
  1483. $tmp = getAvatars($directory . (!empty($directory) ? '/' : '') . $line, $level + 1);
  1484. if (!empty($tmp))
  1485. $result[] = array(
  1486. 'filename' => htmlspecialchars($line),
  1487. 'checked' => strpos($context['member']['avatar']['server_pic'], $line . '/') !== false,
  1488. 'name' => '[' . htmlspecialchars(str_replace('_', ' ', $line)) . ']',
  1489. 'is_dir' => true,
  1490. 'files' => $tmp
  1491. );
  1492. unset($tmp);
  1493. }
  1494. foreach ($files as $line)
  1495. {
  1496. $filename = substr($line, 0, (strlen($line) - strlen(strrchr($line, '.'))));
  1497. $extension = substr(strrchr($line, '.'), 1);
  1498. // Make sure it is an image.
  1499. if (strcasecmp($extension, 'gif') != 0 && strcasecmp($extension, 'jpg') != 0 && strcasecmp($extension, 'jpeg') != 0 && strcasecmp($extension, 'png') != 0 && strcasecmp($extension, 'bmp') != 0)
  1500. continue;
  1501. $result[] = array(
  1502. 'filename' => htmlspecialchars($line),
  1503. 'checked' => $line == $context['member']['avatar']['server_pic'],
  1504. 'name' => htmlspecialchars(str_replace('_', ' ', $filename)),
  1505. 'is_dir' => false
  1506. );
  1507. if ($level == 1)
  1508. $context['avatar_list'][] = $directory . '/' . $line;
  1509. }
  1510. return $result;
  1511. }
  1512. /**
  1513. * @todo needs a description
  1514. *
  1515. * @param int $memID id_member
  1516. */
  1517. function theme($memID)
  1518. {
  1519. global $txt, $context, $user_profile, $modSettings, $settings, $user_info, $smcFunc;
  1520. loadThemeOptions($memID);
  1521. if (allowedTo(array('profile_extra_own', 'profile_extra_any')))
  1522. loadCustomFields($memID, 'theme');
  1523. $context['sub_template'] = 'edit_options';
  1524. $context['page_desc'] = $txt['theme_info'];
  1525. setupProfileContext(
  1526. array(
  1527. 'id_theme', 'smiley_set', 'hr',
  1528. 'time_format', 'time_offset', 'hr',
  1529. 'theme_settings',
  1530. )
  1531. );
  1532. }
  1533. /**
  1534. * Changing authentication method? Only appropriate for people using OpenID.
  1535. *
  1536. * @param int $memID id_member
  1537. * @param bool $saving = false
  1538. */
  1539. function authentication($memID, $saving = false)
  1540. {
  1541. global $context, $cur_profile, $sourcedir, $txt, $post_errors, $modSettings;
  1542. loadLanguage('Login');
  1543. // We are saving?
  1544. if ($saving)
  1545. {
  1546. // Moving to password passed authentication?
  1547. if ($_POST['authenticate'] == 'passwd')
  1548. {
  1549. // Didn't enter anything?
  1550. if ($_POST['passwrd1'] == '')
  1551. $post_errors[] = 'no_password';
  1552. // Do the two entries for the password even match?
  1553. elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2'])
  1554. $post_errors[] = 'bad_new_password';
  1555. // Is it valid?
  1556. else
  1557. {
  1558. require_once($sourcedir . '/Subs-Auth.php');
  1559. $passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address']));
  1560. // Were there errors?
  1561. if ($passwordErrors != null)
  1562. $post_errors[] = 'password_' . $passwordErrors;
  1563. }
  1564. if (empty($post_errors))
  1565. {
  1566. // Integration?
  1567. call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1']));
  1568. // Go then.
  1569. $passwd = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd1']));
  1570. // Do the important bits.
  1571. updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd));
  1572. if ($context['user']['is_owner'])
  1573. {
  1574. setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
  1575. redirectexit('action=profile;area=authentication;updated');
  1576. }
  1577. else
  1578. redirectexit('action=profile;u=' . $memID);
  1579. }
  1580. return true;
  1581. }
  1582. // Not right yet!
  1583. elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier']))
  1584. {
  1585. require_once($sourcedir . '/Subs-OpenID.php');
  1586. $_POST['openid_identifier'] = smf_openID_canonize($_POST['openid_identifier']);
  1587. if (smf_openid_member_exists($_POST['openid_identifier']))
  1588. $post_errors[] = 'openid_in_use';
  1589. elseif (empty($post_errors))
  1590. {
  1591. // Authenticate using the new OpenID URI first to make sure they didn't make a mistake.
  1592. if ($context['user']['is_owner'])
  1593. {
  1594. $_SESSION['new_openid_uri'] = $_POST['openid_identifier'];
  1595. smf_openID_validate($_POST['openid_identifier'], false, null, 'change_uri');
  1596. }
  1597. else
  1598. updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier']));
  1599. }
  1600. }
  1601. }
  1602. // Some stuff.
  1603. $context['member']['openid_uri'] = $cur_profile['openid_uri'];
  1604. $context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid';
  1605. $context['sub_template'] = 'authentication_method';
  1606. }
  1607. /**
  1608. * Display the notifications and settings for changes.
  1609. *
  1610. * @param int $memID id_member
  1611. */
  1612. function notification($memID)
  1613. {
  1614. global $txt, $scripturl, $user_profile, $user_info, $context, $modSettings, $smcFunc, $sourcedir, $settings;
  1615. // Gonna want this for the list.
  1616. require_once($sourcedir . '/Subs-List.php');
  1617. // Fine, start with the board list.
  1618. $listOptions = array(
  1619. 'id' => 'board_notification_list',
  1620. 'width' => '100%',
  1621. 'no_items_label' => $txt['notifications_boards_none'] . '<br /><br />' . $txt['notifications_boards_howto'],
  1622. 'no_items_align' => 'left',
  1623. 'base_href' => $scripturl . '?action=profile;u=' . $memID . ';area=notification',
  1624. 'default_sort_col' => 'board_name',
  1625. 'get_items' => array(
  1626. 'function' => 'list_getBoardNotifications',
  1627. 'params' => array(
  1628. $memID,
  1629. ),
  1630. ),
  1631. 'columns' => array(
  1632. 'board_name' => array(
  1633. 'header' => array(
  1634. 'value' => $txt['notifications_boards'],
  1635. 'class' => 'lefttext first_th',
  1636. ),
  1637. 'data' => array(
  1638. 'function' => create_function('$board', '
  1639. global $settings, $txt;
  1640. $link = $board[\'link\'];
  1641. if ($board[\'new\'])
  1642. $link .= \' <a href="\' . $board[\'href\'] . \'"><span class="new_posts">' . $txt['new'] . '</span></a>\';
  1643. return $link;
  1644. '),
  1645. ),
  1646. 'sort' => array(
  1647. 'default' => 'name',
  1648. 'reverse' => 'name DESC',
  1649. ),
  1650. ),
  1651. 'delete' => array(
  1652. 'header' => array(
  1653. 'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />',
  1654. 'style' => 'width: 4%;',
  1655. ),
  1656. 'data' => array(
  1657. 'sprintf' => array(
  1658. 'format' => '<input type="checkbox" name="notify_boards[]" value="%1$d" class="input_check" />',
  1659. 'params' => array(
  1660. 'id' => false,
  1661. ),
  1662. ),
  1663. 'style' => 'text-align: center;',
  1664. ),
  1665. ),
  1666. ),
  1667. 'form' => array(
  1668. 'href' => $scripturl . '?action=profile;area=notification;save',
  1669. 'include_sort' => true,
  1670. 'include_start' => true,
  1671. 'hidden_fields' => array(
  1672. 'u' => $memID,
  1673. 'sa' => $context['menu_item_selected'],
  1674. $context['session_var'] => $context['session_id'],
  1675. ),
  1676. 'token' => $context['token_check'],
  1677. ),
  1678. 'additional_rows' => array(
  1679. array(
  1680. 'position' => 'bottom_of_list',
  1681. 'value' => '<input type="submit" name="edit_notify_boards" value="' . $txt['notifications_update'] . '" class="button_submit" />',
  1682. 'align' => 'right',
  1683. ),
  1684. ),
  1685. );
  1686. // Create the board notification list.
  1687. createList($listOptions);
  1688. // Now do the topic notifications.
  1689. $listOptions = array(
  1690. 'id' => 'topic_notification_list',
  1691. 'width' => '100%',
  1692. 'items_per_page' => $modSettings['defaultMaxMessages'],
  1693. 'no_items_label' => $txt['notifications_topics_none'] . '<br /><br />' . $txt['notifications_topics_howto'],
  1694. 'no_items_align' => 'left',
  1695. 'base_href' => $scripturl . '?action=profile;u=' . $memID . ';area=notification',
  1696. 'default_sort_col' => 'last_post',
  1697. 'get_items' => array(
  1698. 'function' => 'list_getTopicNotifications',
  1699. 'params' => array(
  1700. $memID,
  1701. ),
  1702. ),
  1703. 'get_count' => array(
  1704. 'function' => 'list_getTopicNotificationCount',
  1705. 'params' => array(
  1706. $memID,
  1707. ),
  1708. ),
  1709. 'columns' => array(
  1710. 'subject' => array(
  1711. 'header' => array(
  1712. 'value' => $txt['notifications_topics'],
  1713. 'class' => 'lefttext first_th',
  1714. ),
  1715. 'data' => array(
  1716. 'function' => create_function('$topic', '
  1717. global $settings, $txt;
  1718. $link = $topic[\'link\'];
  1719. if ($topic[\'new\'])
  1720. $link .= \' <a href="\' . $topic[\'new_href\'] . \'"><span class="new_posts">\' . $txt[\'new\'] . \'</span></a>\';
  1721. $link .= \'<br /><span class="smalltext"><em>\' . $txt[\'in\'] . \' \' . $topic[\'board_link\'] . \'</em></span>\';
  1722. return $link;
  1723. '),
  1724. ),
  1725. 'sort' => array(
  1726. 'default' => 'ms.subject',
  1727. 'reverse' => 'ms.subject DESC',
  1728. ),
  1729. ),
  1730. 'started_by' => array(
  1731. 'header' => array(
  1732. 'value' => $txt['started_by'],
  1733. 'class' => 'lefttext',
  1734. ),
  1735. 'data' => array(
  1736. 'db' => 'poster_link',
  1737. ),
  1738. 'sort' => array(
  1739. 'default' => 'real_name_col',
  1740. 'reverse' => 'real_name_col DESC',
  1741. ),
  1742. ),
  1743. 'last_post' => array(
  1744. 'header' => array(
  1745. 'value' => $txt['last_post'],
  1746. 'class' => 'lefttext',
  1747. ),
  1748. 'data' => array(
  1749. 'sprintf' => array(
  1750. 'format' => '<span class="smalltext">%1$s<br />' . $txt['by'] . ' %2$s</span>',
  1751. 'params' => array(
  1752. 'updated' => false,
  1753. 'poster_updated_link' => false,
  1754. ),
  1755. ),
  1756. ),
  1757. 'sort' => array(
  1758. 'default' => 'ml.id_msg DESC',
  1759. 'reverse' => 'ml.id_msg',
  1760. ),
  1761. ),
  1762. 'delete' => array(
  1763. 'header' => array(
  1764. 'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />',
  1765. 'style' => 'width: 4%;',
  1766. ),
  1767. 'data' => array(
  1768. 'sprintf' => array(
  1769. 'format' => '<input type="checkbox" name="notify_topics[]" value="%1$d" class="input_check" />',
  1770. 'params' => array(
  1771. 'id' => false,
  1772. ),
  1773. ),
  1774. 'style' => 'text-align: center;',
  1775. ),
  1776. ),
  1777. ),
  1778. 'form' => array(
  1779. 'href' => $scripturl . '?action=profile;area=notification;save',
  1780. 'include_sort' => true,
  1781. 'include_start' => true,
  1782. 'hidden_fields' => array(
  1783. 'u' => $memID,
  1784. 'sa' => $context['menu_item_selected'],
  1785. $context['session_var'] => $context['session_id'],
  1786. ),
  1787. 'token' => $context['token_check'],
  1788. ),
  1789. 'additional_rows' => array(
  1790. array(
  1791. 'position' => 'bottom_of_list',
  1792. 'value' => '<input type="submit" name="edit_notify_topics" value="' . $txt['notifications_update'] . '" class="button_submit" />',
  1793. 'align' => 'right',
  1794. ),
  1795. ),
  1796. );
  1797. // Create the notification list.
  1798. createList($listOptions);
  1799. // What options are set?
  1800. $context['member'] += array(
  1801. 'notify_announcements' => $user_profile[$memID]['notify_announcements'],
  1802. 'notify_send_body' => $user_profile[$memID]['notify_send_body'],
  1803. 'notify_types' => $user_profile[$memID]['notify_types'],
  1804. 'notify_regularity' => $user_profile[$memID]['notify_regularity'],
  1805. );
  1806. loadThemeOptions($memID);
  1807. }
  1808. /**
  1809. * @todo needs a description
  1810. *
  1811. * @param int $memID id_member
  1812. * @return string
  1813. */
  1814. function list_getTopicNotificationCount($memID)
  1815. {
  1816. global $smcFunc, $user_info, $context, $modSettings;
  1817. $request = $smcFunc['db_query']('', '
  1818. SELECT COUNT(*)
  1819. FROM {db_prefix}log_notify AS ln' . (!$modSettings['postmod_active'] && $user_info['query_see_board'] === '1=1' ? '' : '
  1820. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ln.id_topic)') . ($user_info['query_see_board'] === '1=1' ? '' : '
  1821. INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)') . '
  1822. WHERE ln.id_member = {int:selected_member}' . ($user_info['query_see_board'] === '1=1' ? '' : '
  1823. AND {query_see_board}') . ($modSettings['postmod_active'] ? '
  1824. AND t.approved = {int:is_approved}' : ''),
  1825. array(
  1826. 'selected_member' => $memID,
  1827. 'is_approved' => 1,
  1828. )
  1829. );
  1830. list ($totalNotifications) = $smcFunc['db_fetch_row']($request);
  1831. $smcFunc['db_free_result']($request);
  1832. // @todo make this an integer before it gets returned
  1833. return $totalNotifications;
  1834. }
  1835. /**
  1836. * @todo Needs a description
  1837. *
  1838. * @param int $start
  1839. * @param int $items_per_page
  1840. * @param string $sort
  1841. * @param int $memID id_member
  1842. * @return array $notification_topics
  1843. */
  1844. function list_getTopicNotifications($start, $items_per_page, $sort, $memID)
  1845. {
  1846. global $smcFunc, $txt, $scripturl, $user_info, $context, $modSettings;
  1847. // All the topics with notification on...
  1848. $request = $smcFunc['db_query']('', '
  1849. SELECT
  1850. IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1 AS new_from, b.id_board, b.name,
  1851. t.id_topic, ms.subject, ms.id_member, IFNULL(mem.real_name, ms.poster_name) AS real_name_col,
  1852. ml.id_msg_modified, ml.poster_time, ml.id_member AS id_member_updated,
  1853. IFNULL(mem2.real_name, ml.poster_name) AS last_real_name
  1854. FROM {db_prefix}log_notify AS ln
  1855. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ln.id_topic' . ($modSettings['postmod_active'] ? ' AND t.approved = {int:is_approved}' : '') . ')
  1856. INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board AND {query_see_board})
  1857. INNER JOIN {db_prefix}messages AS ms ON (ms.id_msg = t.id_first_msg)
  1858. INNER JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg)
  1859. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = ms.id_member)
  1860. LEFT JOIN {db_prefix}members AS mem2 ON (mem2.id_member = ml.id_member)
  1861. LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = t.id_topic AND lt.id_member = {int:current_member})
  1862. LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = b.id_board AND lmr.id_member = {int:current_member})
  1863. WHERE ln.id_member = {int:selected_member}
  1864. ORDER BY {raw:sort}
  1865. LIMIT {int:offset}, {int:items_per_page}',
  1866. array(
  1867. 'current_member' => $user_info['id'],
  1868. 'is_approved' => 1,
  1869. 'selected_member' => $memID,
  1870. 'sort' => $sort,
  1871. 'offset' => $start,
  1872. 'items_per_page' => $items_per_page,
  1873. )
  1874. );
  1875. $notification_topics = array();
  1876. while ($row = $smcFunc['db_fetch_assoc']($request))
  1877. {
  1878. censorText($row['subject']);
  1879. $notification_topics[] = array(
  1880. 'id' => $row['id_topic'],
  1881. 'poster_link' => empty($row['id_member']) ? $row['real_name_col'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name_col'] . '</a>',
  1882. 'poster_updated_link' => empty($row['id_member_updated']) ? $row['last_real_name'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_updated'] . '">' . $row['last_real_name'] . '</a>',
  1883. 'subject' => $row['subject'],
  1884. 'href' => $scripturl . '?topic=' . $row['id_topic'] . '.0',
  1885. 'link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.0">' . $row['subject'] . '</a>',
  1886. 'new' => $row['new_from'] <= $row['id_msg_modified'],
  1887. 'new_from' => $row['new_from'],
  1888. 'updated' => timeformat($row['poster_time']),
  1889. 'new_href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['new_from'] . '#new',
  1890. 'new_link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['new_from'] . '#new">' . $row['subject'] . '</a>',
  1891. 'board_link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['name'] . '</a>',
  1892. );
  1893. }
  1894. $smcFunc['db_free_result']($request);
  1895. return $notification_topics;
  1896. }
  1897. /**
  1898. * @todo needs a description
  1899. *
  1900. * @param int $start
  1901. * @param int $items_per_page
  1902. * @param string $sort
  1903. * @param int $memID id_member
  1904. * @return array
  1905. */
  1906. function list_getBoardNotifications($start, $items_per_page, $sort, $memID)
  1907. {
  1908. global $smcFunc, $txt, $scripturl, $user_info;
  1909. $request = $smcFunc['db_query']('', '
  1910. SELECT b.id_board, b.name, IFNULL(lb.id_msg, 0) AS board_read, b.id_msg_updated
  1911. FROM {db_prefix}log_notify AS ln
  1912. INNER JOIN {db_prefix}boards AS b ON (b.id_board = ln.id_board)
  1913. LEFT JOIN {db_prefix}log_boards AS lb ON (lb.id_board = b.id_board AND lb.id_member = {int:current_member})
  1914. WHERE ln.id_member = {int:selected_member}
  1915. AND {query_see_board}
  1916. ORDER BY ' . $sort,
  1917. array(
  1918. 'current_member' => $user_info['id'],
  1919. 'selected_member' => $memID,
  1920. )
  1921. );
  1922. $notification_boards = array();
  1923. while ($row = $smcFunc['db_fetch_assoc']($request))
  1924. $notification_boards[] = array(
  1925. 'id' => $row['id_board'],
  1926. 'name' => $row['name'],
  1927. 'href' => $scripturl . '?board=' . $row['id_board'] . '.0',
  1928. 'link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['name'] . '</a>',
  1929. 'new' => $row['board_read'] < $row['id_msg_updated']
  1930. );
  1931. $smcFunc['db_free_result']($request);
  1932. return $notification_boards;
  1933. }
  1934. /**
  1935. * @todo needs a description
  1936. *
  1937. * @param int $memID id_member
  1938. */
  1939. function loadThemeOptions($memID)
  1940. {
  1941. global $context, $options, $cur_profile, $smcFunc;
  1942. if (isset($_POST['default_options']))
  1943. $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
  1944. if ($context['user']['is_owner'])
  1945. {
  1946. $context['member']['options'] = $options;
  1947. if (isset($_POST['options']) && is_array($_POST['options']))
  1948. foreach ($_POST['options'] as $k => $v)
  1949. $context['member']['options'][$k] = $v;
  1950. }
  1951. else
  1952. {
  1953. $request = $smcFunc['db_query']('', '
  1954. SELECT id_member, variable, value
  1955. FROM {db_prefix}themes
  1956. WHERE id_theme IN (1, {int:member_theme})
  1957. AND id_member IN (-1, {int:selected_member})',
  1958. array(
  1959. 'member_theme' => (int) $cur_profile['id_theme'],
  1960. 'selected_member' => $memID,
  1961. )
  1962. );
  1963. $temp = array();
  1964. while ($row = $smcFunc['db_fetch_assoc']($request))
  1965. {
  1966. if ($row['id_member'] == -1)
  1967. {
  1968. $temp[$row['variable']] = $row['value'];
  1969. continue;
  1970. }
  1971. if (isset($_POST['options'][$row['variable']]))
  1972. $row['value'] = $_POST['options'][$row['variable']];
  1973. $context['member']['options'][$row['variable']] = $row['value'];
  1974. }
  1975. $smcFunc['db_free_result']($request);
  1976. // Load up the default theme options for any missing.
  1977. foreach ($temp as $k => $v)
  1978. {
  1979. if (!isset($context['member']['options'][$k]))
  1980. $context['member']['options'][$k] = $v;
  1981. }
  1982. }
  1983. }
  1984. /**
  1985. * @todo needs a description
  1986. *
  1987. * @param int $memID id_member
  1988. */
  1989. function ignoreboards($memID)
  1990. {
  1991. global $txt, $user_info, $context, $modSettings, $smcFunc, $cur_profile;
  1992. // Have the admins enabled this option?
  1993. if (empty($modSettings['allow_ignore_boards']))
  1994. fatal_lang_error('ignoreboards_disallowed', 'user');
  1995. // Find all the boards this user is allowed to see.
  1996. $request = $smcFunc['db_query']('order_by_board_order', '
  1997. SELECT b.id_cat, c.name AS cat_name, b.id_board, b.name, b.child_level,
  1998. '. (!empty($cur_profile['ignore_boards']) ? 'b.id_board IN ({array_int:ignore_boards})' : '0') . ' AS is_ignored
  1999. FROM {db_prefix}boards AS b
  2000. LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
  2001. WHERE {query_see_board}
  2002. AND redirect = {string:empty_string}',
  2003. array(
  2004. 'ignore_boards' => !empty($cur_profile['ignore_boards']) ? explode(',', $cur_profile['ignore_boards']) : array(),
  2005. 'empty_string' => '',
  2006. )
  2007. );
  2008. $context['num_boards'] = $smcFunc['db_num_rows']($request);
  2009. $context['categories'] = array();
  2010. while ($row = $smcFunc['db_fetch_assoc']($request))
  2011. {
  2012. // This category hasn't been set up yet..
  2013. if (!isset($context['categories'][$row['id_cat']]))
  2014. $context['categories'][$row['id_cat']] = array(
  2015. 'id' => $row['id_cat'],
  2016. 'name' => $row['cat_name'],
  2017. 'boards' => array()
  2018. );
  2019. // Set this board up, and let the template know when it's a child. (indent them..)
  2020. $context['categories'][$row['id_cat']]['boards'][$row['id_board']] = array(
  2021. 'id' => $row['id_board'],
  2022. 'name' => $row['name'],
  2023. 'child_level' => $row['child_level'],
  2024. 'selected' => $row['is_ignored'],
  2025. );
  2026. }
  2027. $smcFunc['db_free_result']($request);
  2028. // Now, let's sort the list of categories into the boards for templates that like that.
  2029. $temp_boards = array();
  2030. foreach ($context['categories'] as $category)
  2031. {
  2032. // Include a list of boards per category for easy toggling.
  2033. $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
  2034. $temp_boards[] = array(
  2035. 'name' => $category['name'],
  2036. 'child_ids' => array_keys($category['boards'])
  2037. );
  2038. $temp_boards = array_merge($temp_boards, array_values($category['boards']));
  2039. }
  2040. $max_boards = ceil(count($temp_boards) / 2);
  2041. if ($max_boards == 1)
  2042. $max_boards = 2;
  2043. // Now, alternate them so they can be shown left and right ;).
  2044. $context['board_columns'] = array();
  2045. for ($i = 0; $i < $max_boards; $i++)
  2046. {
  2047. $context['board_columns'][] = $temp_boards[$i];
  2048. if (isset($temp_boards[$i + $max_boards]))
  2049. $context['board_columns'][] = $temp_boards[$i + $max_boards];
  2050. else
  2051. $context['board_columns'][] = array();
  2052. }
  2053. loadThemeOptions($memID);
  2054. }
  2055. /**
  2056. * Load all the languages for the profile.
  2057. * @return bool
  2058. */
  2059. function profileLoadLanguages()
  2060. {
  2061. global $context, $modSettings, $settings, $cur_profile, $language, $smcFunc;
  2062. $context['profile_languages'] = array();
  2063. // Get our languages!
  2064. getLanguages(true, true);
  2065. // Setup our languages.
  2066. foreach ($context['languages'] as $lang)
  2067. {
  2068. $context['profile_languages'][$lang['filename']] = strtr($lang['name'], array('-utf8' => ''));
  2069. }
  2070. ksort($context['profile_languages']);
  2071. // Return whether we should proceed with this.
  2072. return count($context['profile_languages']) > 1 ? true : false;
  2073. }
  2074. /**
  2075. * @todo needs description
  2076. *
  2077. * @return true
  2078. */
  2079. function profileLoadGroups()
  2080. {
  2081. global $cur_profile, $txt, $context, $smcFunc, $user_settings;
  2082. $context['member_groups'] = array(
  2083. 0 => array(
  2084. 'id' => 0,
  2085. 'name' => $txt['no_primary_membergroup'],
  2086. 'is_primary' => $cur_profile['id_group'] == 0,
  2087. 'can_be_additional' => false,
  2088. 'can_be_primary' => true,
  2089. )
  2090. );
  2091. $curGroups = explode(',', $cur_profile['additional_groups']);
  2092. // Load membergroups, but only those groups the user can assign.
  2093. $request = $smcFunc['db_query']('', '
  2094. SELECT group_name, id_group, hidden
  2095. FROM {db_prefix}membergroups
  2096. WHERE id_group != {int:moderator_group}
  2097. AND min_posts = {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  2098. AND group_type != {int:is_protected}') . '
  2099. ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  2100. array(
  2101. 'moderator_group' => 3,
  2102. 'min_posts' => -1,
  2103. 'is_protected' => 1,
  2104. 'newbie_group' => 4,
  2105. )
  2106. );
  2107. while ($row = $smcFunc['db_fetch_assoc']($request))
  2108. {
  2109. // We should skip the administrator group if they don't have the admin_forum permission!
  2110. if ($row['id_group'] == 1 && !allowedTo('admin_forum'))
  2111. continue;
  2112. $context['member_groups'][$row['id_group']] = array(
  2113. 'id' => $row['id_group'],
  2114. 'name' => $row['group_name'],
  2115. 'is_primary' => $cur_profile['id_group'] == $row['id_group'],
  2116. 'is_additional' => in_array($row['id_group'], $curGroups),
  2117. 'can_be_additional' => true,
  2118. 'can_be_primary' => $row['hidden'] != 2,
  2119. );
  2120. }
  2121. $smcFunc['db_free_result']($request);
  2122. $context['member']['group_id'] = $user_settings['id_group'];
  2123. return true;
  2124. }
  2125. /**
  2126. * Load key signature context data.
  2127. *
  2128. * @return true
  2129. */
  2130. function profileLoadSignatureData()
  2131. {
  2132. global $modSettings, $context, $txt, $cur_profile, $smcFunc, $memberContext;
  2133. // Signature limits.
  2134. list ($sig_limits, $sig_bbc) = explode(':', $modSettings['signature_settings']);
  2135. $sig_limits = explode(',', $sig_limits);
  2136. $context['signature_enabled'] = isset($sig_limits[0]) ? $sig_limits[0] : 0;
  2137. $context['signature_limits'] = array(
  2138. 'max_length' => isset($sig_limits[1]) ? $sig_limits[1] : 0,
  2139. 'max_lines' => isset($sig_limits[2]) ? $sig_limits[2] : 0,
  2140. 'max_images' => isset($sig_limits[3]) ? $sig_limits[3] : 0,
  2141. 'max_smileys' => isset($sig_limits[4]) ? $sig_limits[4] : 0,
  2142. 'max_image_width' => isset($sig_limits[5]) ? $sig_limits[5] : 0,
  2143. 'max_image_height' => isset($sig_limits[6]) ? $sig_limits[6] : 0,
  2144. 'max_font_size' => isset($sig_limits[7]) ? $sig_limits[7] : 0,
  2145. 'bbc' => !empty($sig_bbc) ? explode(',', $sig_bbc) : array(),
  2146. );
  2147. // Kept this line in for backwards compatibility!
  2148. $context['max_signature_length'] = $context['signature_limits']['max_length'];
  2149. // Warning message for signature image limits?
  2150. $context['signature_warning'] = '';
  2151. if ($context['signature_limits']['max_image_width'] && $context['signature_limits']['max_image_height'])
  2152. $context['signature_warning'] = sprintf($txt['profile_error_signature_max_image_size'], $context['signature_limits']['max_image_width'], $context['signature_limits']['max_image_height']);
  2153. elseif ($context['signature_limits']['max_image_width'] || $context['signature_limits']['max_image_height'])
  2154. $context['signature_warning'] = sprintf($txt['profile_error_signature_max_image_' . ($context['signature_limits']['max_image_width'] ? 'width' : 'height')], $context['signature_limits'][$context['signature_limits']['max_image_width'] ? 'max_image_width' : 'max_image_height']);
  2155. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new');
  2156. if (empty($context['do_preview']))
  2157. $context['member']['signature'] = empty($cur_profile['signature']) ? '' : str_replace(array('<br />', '<', '>', '"', '\''), array("\n", '&lt;', '&gt;', '&quot;', '&#039;'), $cur_profile['signature']);
  2158. else
  2159. {
  2160. $signature = !empty($_POST['signature']) ? $_POST['signature'] : '';
  2161. $validation = profileValidateSignature($signature);
  2162. if (empty($context['post_errors']))
  2163. {
  2164. loadLanguage('Errors');
  2165. $context['post_errors'] = array();
  2166. }
  2167. $context['post_errors'][] = 'signature_not_yet_saved';
  2168. if ($validation !== true && $validation !== false)
  2169. $context['post_errors'][] = $validation;
  2170. censorText($context['member']['signature']);
  2171. $context['member']['current_signature'] = $context['member']['signature'];
  2172. censorText($signature);
  2173. $context['member']['signature_preview'] = parse_bbc($signature, true, 'sig' . $memberContext[$context['id_member']]);
  2174. $context['member']['signature'] = $_POST['signature'];
  2175. }
  2176. return true;
  2177. }
  2178. /**
  2179. * Load avatar context data.
  2180. *
  2181. * @return true
  2182. */
  2183. function profileLoadAvatarData()
  2184. {
  2185. global $context, $cur_profile, $modSettings, $scripturl;
  2186. $context['avatar_url'] = $modSettings['avatar_url'];
  2187. // Default context.
  2188. $context['member']['avatar'] += array(
  2189. 'custom' => stristr($cur_profile['avatar'], 'http://') ? $cur_profile['avatar'] : 'http://',
  2190. 'selection' => $cur_profile['avatar'] == '' || stristr($cur_profile['avatar'], 'http://') ? '' : $cur_profile['avatar'],
  2191. 'id_attach' => $cur_profile['id_attach'],
  2192. 'filename' => $cur_profile['filename'],
  2193. 'allow_server_stored' => allowedTo('profile_server_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2194. 'allow_upload' => allowedTo('profile_upload_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2195. 'allow_external' => allowedTo('profile_remote_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2196. );
  2197. if ($cur_profile['avatar'] == '' && $cur_profile['id_attach'] > 0 && $context['member']['avatar']['allow_upload'])
  2198. {
  2199. $context['member']['avatar'] += array(
  2200. 'choice' => 'upload',
  2201. 'server_pic' => 'blank.png',
  2202. 'external' => 'http://'
  2203. );
  2204. $context['member']['avatar']['href'] = empty($cur_profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $cur_profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $cur_profile['filename'];
  2205. }
  2206. elseif (stristr($cur_profile['avatar'], 'http://') && $context['member']['avatar']['allow_external'])
  2207. $context['member']['avatar'] += array(
  2208. 'choice' => 'external',
  2209. 'server_pic' => 'blank.png',
  2210. 'external' => $cur_profile['avatar']
  2211. );
  2212. elseif ($cur_profile['avatar'] != '' && file_exists($modSettings['avatar_directory'] . '/' . $cur_profile['avatar']) && $context['member']['avatar']['allow_server_stored'])
  2213. $context['member']['avatar'] += array(
  2214. 'choice' => 'server_stored',
  2215. 'server_pic' => $cur_profile['avatar'] == '' ? 'blank.png' : $cur_profile['avatar'],
  2216. 'external' => 'http://'
  2217. );
  2218. else
  2219. $context['member']['avatar'] += array(
  2220. 'choice' => 'none',
  2221. 'server_pic' => 'blank.png',
  2222. 'external' => 'http://'
  2223. );
  2224. // Get a list of all the avatars.
  2225. if ($context['member']['avatar']['allow_server_stored'])
  2226. {
  2227. $context['avatar_list'] = array();
  2228. $context['avatars'] = is_dir($modSettings['avatar_directory']) ? getAvatars('', 0) : array();
  2229. }
  2230. else
  2231. $context['avatars'] = array();
  2232. // Second level selected avatar...
  2233. $context['avatar_selected'] = substr(strrchr($context['member']['avatar']['server_pic'], '/'), 1);
  2234. return true;
  2235. }
  2236. /**
  2237. * Save a members group.
  2238. *
  2239. * @param int &$value
  2240. * @return true
  2241. */
  2242. function profileSaveGroups(&$value)
  2243. {
  2244. global $profile_vars, $old_profile, $context, $smcFunc, $cur_profile;
  2245. // Do we need to protect some groups?
  2246. if (!allowedTo('admin_forum'))
  2247. {
  2248. $request = $smcFunc['db_query']('', '
  2249. SELECT id_group
  2250. FROM {db_prefix}membergroups
  2251. WHERE group_type = {int:is_protected}',
  2252. array(
  2253. 'is_protected' => 1,
  2254. )
  2255. );
  2256. $protected_groups = array(1);
  2257. while ($row = $smcFunc['db_fetch_assoc']($request))
  2258. $protected_groups[] = $row['id_group'];
  2259. $smcFunc['db_free_result']($request);
  2260. $protected_groups = array_unique($protected_groups);
  2261. }
  2262. // The account page allows the change of your id_group - but not to a protected group!
  2263. if (empty($protected_groups) || count(array_intersect(array((int) $value, $old_profile['id_group']), $protected_groups)) == 0)
  2264. $value = (int) $value;
  2265. // ... otherwise it's the old group sir.
  2266. else
  2267. $value = $old_profile['id_group'];
  2268. // Find the additional membergroups (if any)
  2269. if (isset($_POST['additional_groups']) && is_array($_POST['additional_groups']))
  2270. {
  2271. $additional_groups = array();
  2272. foreach ($_POST['additional_groups'] as $group_id)
  2273. {
  2274. $group_id = (int) $group_id;
  2275. if (!empty($group_id) && (empty($protected_groups) || !in_array($group_id, $protected_groups)))
  2276. $additional_groups[] = $group_id;
  2277. }
  2278. // Put the protected groups back in there if you don't have permission to take them away.
  2279. $old_additional_groups = explode(',', $old_profile['additional_groups']);
  2280. foreach ($old_additional_groups as $group_id)
  2281. {
  2282. if (!empty($protected_groups) && in_array($group_id, $protected_groups))
  2283. $additional_groups[] = $group_id;
  2284. }
  2285. if (implode(',', $additional_groups) !== $old_profile['additional_groups'])
  2286. {
  2287. $profile_vars['additional_groups'] = implode(',', $additional_groups);
  2288. $cur_profile['additional_groups'] = implode(',', $additional_groups);
  2289. }
  2290. }
  2291. // Too often, people remove delete their own account, or something.
  2292. if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1)
  2293. {
  2294. $stillAdmin = $value == 1 || (isset($additional_groups) && in_array(1, $additional_groups));
  2295. // If they would no longer be an admin, look for any other...
  2296. if (!$stillAdmin)
  2297. {
  2298. $request = $smcFunc['db_query']('', '
  2299. SELECT id_member
  2300. FROM {db_prefix}members
  2301. WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
  2302. AND id_member != {int:selected_member}
  2303. LIMIT 1',
  2304. array(
  2305. 'admin_group' => 1,
  2306. 'selected_member' => $context['id_member'],
  2307. )
  2308. );
  2309. list ($another) = $smcFunc['db_fetch_row']($request);
  2310. $smcFunc['db_free_result']($request);
  2311. if (empty($another))
  2312. fatal_lang_error('at_least_one_admin', 'critical');
  2313. }
  2314. }
  2315. // If we are changing group status, update permission cache as necessary.
  2316. if ($value != $old_profile['id_group'] || isset($profile_vars['additional_groups']))
  2317. {
  2318. if ($context['user']['is_owner'])
  2319. $_SESSION['mc']['time'] = 0;
  2320. else
  2321. updateSettings(array('settings_updated' => time()));
  2322. }
  2323. return true;
  2324. }
  2325. /**
  2326. * The avatar is incredibly complicated, what with the options... and what not.
  2327. * @todo argh, the avatar here. Take this out of here!
  2328. *
  2329. * @param array &$value
  2330. * @return mixed
  2331. */
  2332. function profileSaveAvatarData(&$value)
  2333. {
  2334. global $modSettings, $sourcedir, $smcFunc, $profile_vars, $cur_profile, $context;
  2335. $memID = $context['id_member'];
  2336. if (empty($memID) && !empty($context['password_auth_failed']))
  2337. return false;
  2338. require_once($sourcedir . '/ManageAttachments.php');
  2339. // We need to know where we're going to be putting it..
  2340. if (!empty($modSettings['custom_avatar_enabled']))
  2341. {
  2342. $uploadDir = $modSettings['custom_avatar_dir'];
  2343. $id_folder = 1;
  2344. }
  2345. elseif (!empty($modSettings['currentAttachmentUploadDir']))
  2346. {
  2347. if (!is_array($modSettings['attachmentUploadDir']))
  2348. $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
  2349. // Just use the current path for temp files.
  2350. $uploadDir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
  2351. $id_folder = $modSettings['currentAttachmentUploadDir'];
  2352. }
  2353. else
  2354. {
  2355. $uploadDir = $modSettings['attachmentUploadDir'];
  2356. $id_folder = 1;
  2357. }
  2358. $downloadedExternalAvatar = false;
  2359. if ($value == 'external' && allowedTo('profile_remote_avatar') && stripos($_POST['userpicpersonal'], 'http://') === 0 && strlen($_POST['userpicpersonal']) > 7 && !empty($modSettings['avatar_download_external']))
  2360. {
  2361. if (!is_writable($uploadDir))
  2362. fatal_lang_error('attachments_no_write', 'critical');
  2363. require_once($sourcedir . '/Subs-Package.php');
  2364. $url = parse_url($_POST['userpicpersonal']);
  2365. $contents = fetch_web_data('http://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . str_replace(' ', '%20', trim($url['path'])));
  2366. if ($contents != false && $tmpAvatar = fopen($uploadDir . '/avatar_tmp_' . $memID, 'wb'))
  2367. {
  2368. fwrite($tmpAvatar, $contents);
  2369. fclose($tmpAvatar);
  2370. $downloadedExternalAvatar = true;
  2371. $_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
  2372. }
  2373. }
  2374. if ($value == 'none')
  2375. {
  2376. $profile_vars['avatar'] = '';
  2377. // Reset the attach ID.
  2378. $cur_profile['id_attach'] = 0;
  2379. $cur_profile['attachment_type'] = 0;
  2380. $cur_profile['filename'] = '';
  2381. removeAttachments(array('id_member' => $memID));
  2382. }
  2383. elseif ($value == 'server_stored' && allowedTo('profile_server_avatar'))
  2384. {
  2385. $profile_vars['avatar'] = strtr(empty($_POST['file']) ? (empty($_POST['cat']) ? '' : $_POST['cat']) : $_POST['file'], array('&amp;' => '&'));
  2386. $profile_vars['avatar'] = preg_match('~^([\w _!@%*=\-#()\[\]&.,]+/)?[\w _!@%*=\-#()\[\]&.,]+$~', $profile_vars['avatar']) != 0 && preg_match('/\.\./', $profile_vars['avatar']) == 0 && file_exists($modSettings['avatar_directory'] . '/' . $profile_vars['avatar']) ? ($profile_vars['avatar'] == 'blank.png' ? '' : $profile_vars['avatar']) : '';
  2387. // Clear current profile...
  2388. $cur_profile['id_attach'] = 0;
  2389. $cur_profile['attachment_type'] = 0;
  2390. $cur_profile['filename'] = '';
  2391. // Get rid of their old avatar. (if uploaded.)
  2392. removeAttachments(array('id_member' => $memID));
  2393. }
  2394. elseif ($value == 'external' && allowedTo('profile_remote_avatar') && stripos($_POST['userpicpersonal'], 'http://') === 0 && empty($modSettings['avatar_download_external']))
  2395. {
  2396. // We need these clean...
  2397. $cur_profile['id_attach'] = 0;
  2398. $cur_profile['attachment_type'] = 0;
  2399. $cur_profile['filename'] = '';
  2400. // Remove any attached avatar...
  2401. removeAttachments(array('id_member' => $memID));
  2402. // @todo http://www.simplemachines.org/community/index.php?topic=462089.msg3226650#msg3226650
  2403. $profile_vars['avatar'] = str_replace(' ', '%20', preg_replace('~action(?:=|%3d)(?!dlattach)~i', 'action-', $_POST['userpicpersonal']));
  2404. if ($profile_vars['avatar'] == 'http://' || $profile_vars['avatar'] == 'http:///')
  2405. $profile_vars['avatar'] = '';
  2406. // Trying to make us do something we'll regret?
  2407. elseif (substr($profile_vars['avatar'], 0, 7) != 'http://')
  2408. return 'bad_avatar';
  2409. // Should we check dimensions?
  2410. elseif (!empty($modSettings['avatar_max_height_external']) || !empty($modSettings['avatar_max_width_external']))
  2411. {
  2412. // Now let's validate the avatar.
  2413. $sizes = url_image_size($profile_vars['avatar']);
  2414. if (is_array($sizes) && (($sizes[0] > $modSettings['avatar_max_width_external'] && !empty($modSettings['avatar_max_width_external'])) || ($sizes[1] > $modSettings['avatar_max_height_external'] && !empty($modSettings['avatar_max_height_external']))))
  2415. {
  2416. // Houston, we have a problem. The avatar is too large!!
  2417. if ($modSettings['avatar_action_too_large'] == 'option_refuse')
  2418. return 'bad_avatar';
  2419. elseif ($modSettings['avatar_action_too_large'] == 'option_download_and_resize')
  2420. {
  2421. // @todo remove this if appropriate
  2422. require_once($sourcedir . '/Subs-Graphics.php');
  2423. if (downloadAvatar($profile_vars['avatar'], $memID, $modSettings['avatar_max_width_external'], $modSettings['avatar_max_height_external']))
  2424. {
  2425. $profile_vars['avatar'] = '';
  2426. $cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
  2427. $cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
  2428. $cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
  2429. }
  2430. else
  2431. return 'bad_avatar';
  2432. }
  2433. }
  2434. }
  2435. }
  2436. elseif (($value == 'upload' && allowedTo('profile_upload_avatar')) || $downloadedExternalAvatar)
  2437. {
  2438. if ((isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != '') || $downloadedExternalAvatar)
  2439. {
  2440. // Get the dimensions of the image.
  2441. if (!$downloadedExternalAvatar)
  2442. {
  2443. if (!is_writable($uploadDir))
  2444. fatal_lang_error('attachments_no_write', 'critical');
  2445. if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $uploadDir . '/avatar_tmp_' . $memID))
  2446. fatal_lang_error('attach_timeout', 'critical');
  2447. $_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
  2448. }
  2449. $sizes = @getimagesize($_FILES['attachment']['tmp_name']);
  2450. // No size, then it's probably not a valid pic.
  2451. if ($sizes === false)
  2452. return 'bad_avatar';
  2453. // Check whether the image is too large.
  2454. elseif ((!empty($modSettings['avatar_max_width_upload']) && $sizes[0] > $modSettings['avatar_max_width_upload']) || (!empty($modSettings['avatar_max_height_upload']) && $sizes[1] > $modSettings['avatar_max_height_upload']))
  2455. {
  2456. if (!empty($modSettings['avatar_resize_upload']))
  2457. {
  2458. // Attempt to chmod it.
  2459. @chmod($uploadDir . '/avatar_tmp_' . $memID, 0644);
  2460. // @todo remove this require when appropriate
  2461. require_once($sourcedir . '/Subs-Graphics.php');
  2462. if (!downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
  2463. return 'bad_avatar';
  2464. // Reset attachment avatar data.
  2465. $cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
  2466. $cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
  2467. $cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
  2468. }
  2469. else
  2470. return 'bad_avatar';
  2471. }
  2472. elseif (is_array($sizes))
  2473. {
  2474. // Now try to find an infection.
  2475. require_once($sourcedir . '/Subs-Graphics.php');
  2476. if (!checkImageContents($_FILES['attachment']['tmp_name'], !empty($modSettings['avatar_paranoid'])))
  2477. {
  2478. // It's bad. Try to re-encode the contents?
  2479. if (empty($modSettings['avatar_reencode']) || (!reencodeImage($_FILES['attachment']['tmp_name'], $sizes[2])))
  2480. return 'bad_avatar';
  2481. // We were successful. However, at what price?
  2482. $sizes = @getimagesize($_FILES['attachment']['tmp_name']);
  2483. // Hard to believe this would happen, but can you bet?
  2484. if ($sizes === false)
  2485. return 'bad_avatar';
  2486. }
  2487. $extensions = array(
  2488. '1' => 'gif',
  2489. '2' => 'jpg',
  2490. '3' => 'png',
  2491. '6' => 'bmp'
  2492. );
  2493. $extension = isset($extensions[$sizes[2]]) ? $extensions[$sizes[2]] : 'bmp';
  2494. $mime_type = 'image/' . ($extension === 'jpg' ? 'jpeg' : ($extension === 'bmp' ? 'x-ms-bmp' : $extension));
  2495. $destName = 'avatar_' . $memID . '_' . time() . '.' . $extension;
  2496. list ($width, $height) = getimagesize($_FILES['attachment']['tmp_name']);
  2497. $file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, null, true) : '';
  2498. // Remove previous attachments this member might have had.
  2499. removeAttachments(array('id_member' => $memID));
  2500. $smcFunc['db_insert']('',
  2501. '{db_prefix}attachments',
  2502. array(
  2503. 'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'fileext' => 'string', 'size' => 'int',
  2504. 'width' => 'int', 'height' => 'int', 'mime_type' => 'string', 'id_folder' => 'int',
  2505. ),
  2506. array(
  2507. $memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $file_hash, $extension, filesize($_FILES['attachment']['tmp_name']),
  2508. (int) $width, (int) $height, $mime_type, $id_folder,
  2509. ),
  2510. array('id_attach')
  2511. );
  2512. $cur_profile['id_attach'] = $smcFunc['db_insert_id']('{db_prefix}attachments', 'id_attach');
  2513. $cur_profile['filename'] = $destName;
  2514. $cur_profile['attachment_type'] = empty($modSettings['custom_avatar_enabled']) ? 0 : 1;
  2515. $destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $cur_profile['id_attach'] . '_' . $file_hash);
  2516. if (!rename($_FILES['attachment']['tmp_name'], $destinationPath))
  2517. {
  2518. // I guess a man can try.
  2519. removeAttachments(array('id_member' => $memID));
  2520. fatal_lang_error('attach_timeout', 'critical');
  2521. }
  2522. // Attempt to chmod it.
  2523. @chmod($uploadDir . '/' . $destinationPath, 0644);
  2524. }
  2525. $profile_vars['avatar'] = '';
  2526. // Delete any temporary file.
  2527. if (file_exists($uploadDir . '/avatar_tmp_' . $memID))
  2528. @unlink($uploadDir . '/avatar_tmp_' . $memID);
  2529. }
  2530. // Selected the upload avatar option and had one already uploaded before or didn't upload one.
  2531. else
  2532. $profile_vars['avatar'] = '';
  2533. }
  2534. else
  2535. $profile_vars['avatar'] = '';
  2536. // Setup the profile variables so it shows things right on display!
  2537. $cur_profile['avatar'] = $profile_vars['avatar'];
  2538. return false;
  2539. }
  2540. /**
  2541. * Validate the signature
  2542. *
  2543. * @param mixed &$value
  2544. * @return bool|string
  2545. */
  2546. function profileValidateSignature(&$value)
  2547. {
  2548. global $sourcedir, $modSettings, $smcFunc, $txt;
  2549. require_once($sourcedir . '/Subs-Post.php');
  2550. // Admins can do whatever they hell they want!
  2551. if (!allowedTo('admin_forum'))
  2552. {
  2553. // Load all the signature limits.
  2554. list ($sig_limits, $sig_bbc) = explode(':', $modSettings['signature_settings']);
  2555. $sig_limits = explode(',', $sig_limits);
  2556. $disabledTags = !empty($sig_bbc) ? explode(',', $sig_bbc) : array();
  2557. $unparsed_signature = strtr(un_htmlspecialchars($value), array("\r" => '', '&#039' => '\''));
  2558. // Too many lines?
  2559. if (!empty($sig_limits[2]) && substr_count($unparsed_signature, "\n") >= $sig_limits[2])
  2560. {
  2561. $txt['profile_error_signature_max_lines'] = sprintf($txt['profile_error_signature_max_lines'], $sig_limits[2]);
  2562. return 'signature_max_lines';
  2563. }
  2564. // Too many images?!
  2565. if (!empty($sig_limits[3]) && (substr_count(strtolower($unparsed_signature), '[img') + substr_count(strtolower($unparsed_signature), '<img')) > $sig_limits[3])
  2566. {
  2567. $txt['profile_error_signature_max_image_count'] = sprintf($txt['profile_error_signature_max_image_count'], $sig_limits[3]);
  2568. return 'signature_max_image_count';
  2569. }
  2570. // What about too many smileys!
  2571. $smiley_parsed = $unparsed_signature;
  2572. parsesmileys($smiley_parsed);
  2573. $smiley_count = substr_count(strtolower($smiley_parsed), '<img') - substr_count(strtolower($unparsed_signature), '<img');
  2574. if (!empty($sig_limits[4]) && $sig_limits[4] == -1 && $smiley_count > 0)
  2575. return 'signature_allow_smileys';
  2576. elseif (!empty($sig_limits[4]) && $sig_limits[4] > 0 && $smiley_count > $sig_limits[4])
  2577. {
  2578. $txt['profile_error_signature_max_smileys'] = sprintf($txt['profile_error_signature_max_smileys'], $sig_limits[4]);
  2579. return 'signature_max_smileys';
  2580. }
  2581. // Maybe we are abusing font sizes?
  2582. if (!empty($sig_limits[7]) && preg_match_all('~\[size=([\d\.]+)?(px|pt|em|x-large|larger)~i', $unparsed_signature, $matches) !== false && isset($matches[2]))
  2583. {
  2584. foreach ($matches[1] as $ind => $size)
  2585. {
  2586. $limit_broke = 0;
  2587. // Attempt to allow all sizes of abuse, so to speak.
  2588. if ($matches[2][$ind] == 'px' && $size > $sig_limits[7])
  2589. $limit_broke = $sig_limits[7] . 'px';
  2590. elseif ($matches[2][$ind] == 'pt' && $size > ($sig_limits[7] * 0.75))
  2591. $limit_broke = ((int) $sig_limits[7] * 0.75) . 'pt';
  2592. elseif ($matches[2][$ind] == 'em' && $size > ((float) $sig_limits[7] / 16))
  2593. $limit_broke = ((float) $sig_limits[7] / 16) . 'em';
  2594. elseif ($matches[2][$ind] != 'px' && $matches[2][$ind] != 'pt' && $matches[2][$ind] != 'em' && $sig_limits[7] < 18)
  2595. $limit_broke = 'large';
  2596. if ($limit_broke)
  2597. {
  2598. $txt['profile_error_signature_max_font_size'] = sprintf($txt['profile_error_signature_max_font_size'], $limit_broke);
  2599. return 'signature_max_font_size';
  2600. }
  2601. }
  2602. }
  2603. // The difficult one - image sizes! Don't error on this - just fix it.
  2604. if ((!empty($sig_limits[5]) || !empty($sig_limits[6])))
  2605. {
  2606. // Get all BBC tags...
  2607. preg_match_all('~\[img(\s+width=([\d]+))?(\s+height=([\d]+))?(\s+width=([\d]+))?\s*\](?:<br />)*([^<">]+?)(?:<br />)*\[/img\]~i', $unparsed_signature, $matches);
  2608. // ... and all HTML ones.
  2609. preg_match_all('~<img\s+src=(?:")?((?:http://|ftp://|https://|ftps://).+?)(?:")?(?:\s+alt=(?:")?(.*?)(?:")?)?(?:\s?/)?>~i', $unparsed_signature, $matches2, PREG_PATTERN_ORDER);
  2610. // And stick the HTML in the BBC.
  2611. if (!empty($matches2))
  2612. {
  2613. foreach ($matches2[0] as $ind => $dummy)
  2614. {
  2615. $matches[0][] = $matches2[0][$ind];
  2616. $matches[1][] = '';
  2617. $matches[2][] = '';
  2618. $matches[3][] = '';
  2619. $matches[4][] = '';
  2620. $matches[5][] = '';
  2621. $matches[6][] = '';
  2622. $matches[7][] = $matches2[1][$ind];
  2623. }
  2624. }
  2625. $replaces = array();
  2626. // Try to find all the images!
  2627. if (!empty($matches))
  2628. {
  2629. foreach ($matches[0] as $key => $image)
  2630. {
  2631. $width = -1; $height = -1;
  2632. // Does it have predefined restraints? Width first.
  2633. if ($matches[6][$key])
  2634. $matches[2][$key] = $matches[6][$key];
  2635. if ($matches[2][$key] && $sig_limits[5] && $matches[2][$key] > $sig_limits[5])
  2636. {
  2637. $width = $sig_limits[5];
  2638. $matches[4][$key] = $matches[4][$key] * ($width / $matches[2][$key]);
  2639. }
  2640. elseif ($matches[2][$key])
  2641. $width = $matches[2][$key];
  2642. // ... and height.
  2643. if ($matches[4][$key] && $sig_limits[6] && $matches[4][$key] > $sig_limits[6])
  2644. {
  2645. $height = $sig_limits[6];
  2646. if ($width != -1)
  2647. $width = $width * ($height / $matches[4][$key]);
  2648. }
  2649. elseif ($matches[4][$key])
  2650. $height = $matches[4][$key];
  2651. // If the dimensions are still not fixed - we need to check the actual image.
  2652. if (($width == -1 && $sig_limits[5]) || ($height == -1 && $sig_limits[6]))
  2653. {
  2654. $sizes = url_image_size($matches[7][$key]);
  2655. if (is_array($sizes))
  2656. {
  2657. // Too wide?
  2658. if ($sizes[0] > $sig_limits[5] && $sig_limits[5])
  2659. {
  2660. $width = $sig_limits[5];
  2661. $sizes[1] = $sizes[1] * ($width / $sizes[0]);
  2662. }
  2663. // Too high?
  2664. if ($sizes[1] > $sig_limits[6] && $sig_limits[6])
  2665. {
  2666. $height = $sig_limits[6];
  2667. if ($width == -1)
  2668. $width = $sizes[0];
  2669. $width = $width * ($height / $sizes[1]);
  2670. }
  2671. elseif ($width != -1)
  2672. $height = $sizes[1];
  2673. }
  2674. }
  2675. // Did we come up with some changes? If so remake the string.
  2676. if ($width != -1 || $height != -1)
  2677. $replaces[$image] = '[img' . ($width != -1 ? ' width=' . round($width) : '') . ($height != -1 ? ' height=' . round($height) : '') . ']' . $matches[7][$key] . '[/img]';
  2678. }
  2679. if (!empty($replaces))
  2680. $value = str_replace(array_keys($replaces), array_values($replaces), $value);
  2681. }
  2682. }
  2683. // Any disabled BBC?
  2684. $disabledSigBBC = implode('|', $disabledTags);
  2685. if (!empty($disabledSigBBC))
  2686. {
  2687. if (preg_match('~\[(' . $disabledSigBBC . '[ =\]/])~i', $unparsed_signature, $matches) !== false && isset($matches[1]))
  2688. {
  2689. $disabledTags = array_unique($disabledTags);
  2690. $txt['profile_error_signature_disabled_bbc'] = sprintf($txt['profile_error_signature_disabled_bbc'], implode(', ', $disabledTags));
  2691. return 'signature_disabled_bbc';
  2692. }
  2693. }
  2694. }
  2695. preparsecode($value);
  2696. // Too long?
  2697. if (!allowedTo('admin_forum') && !empty($sig_limits[1]) && $smcFunc['strlen'](str_replace('<br />', "\n", $value)) > $sig_limits[1])
  2698. {
  2699. $_POST['signature'] = trim(htmlspecialchars(str_replace('<br />', "\n", $value), ENT_QUOTES));
  2700. $txt['profile_error_signature_max_length'] = sprintf($txt['profile_error_signature_max_length'], $sig_limits[1]);
  2701. return 'signature_max_length';
  2702. }
  2703. return true;
  2704. }
  2705. /**
  2706. * Validate an email address.
  2707. *
  2708. * @param string $email
  2709. * @param int $memID = 0
  2710. * @return bool|string
  2711. */
  2712. function profileValidateEmail($email, $memID = 0)
  2713. {
  2714. global $smcFunc, $context;
  2715. $email = strtr($email, array('&#039;' => '\''));
  2716. // Check the name and email for validity.
  2717. if (trim($email) == '')
  2718. return 'no_email';
  2719. if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $email) == 0)
  2720. return 'bad_email';
  2721. // Email addresses should be and stay unique.
  2722. $request = $smcFunc['db_query']('', '
  2723. SELECT id_member
  2724. FROM {db_prefix}members
  2725. WHERE ' . ($memID != 0 ? 'id_member != {int:selected_member} AND ' : '') . '
  2726. email_address = {string:email_address}
  2727. LIMIT 1',
  2728. array(
  2729. 'selected_member' => $memID,
  2730. 'email_address' => $email,
  2731. )
  2732. );
  2733. if ($smcFunc['db_num_rows']($request) > 0)
  2734. return 'email_taken';
  2735. $smcFunc['db_free_result']($request);
  2736. return true;
  2737. }
  2738. /**
  2739. * Reload a users settings.
  2740. */
  2741. function profileReloadUser()
  2742. {
  2743. global $sourcedir, $modSettings, $context, $cur_profile, $smcFunc, $profile_vars;
  2744. // Log them back in - using the verify password as they must have matched and this one doesn't get changed by anyone!
  2745. if (isset($_POST['passwrd2']) && $_POST['passwrd2'] != '')
  2746. {
  2747. require_once($sourcedir . '/Subs-Auth.php');
  2748. setLoginCookie(60 * $modSettings['cookieTime'], $context['id_member'], sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
  2749. }
  2750. loadUserSettings();
  2751. writeLog();
  2752. }
  2753. /**
  2754. * Send the user a new activation email if they need to reactivate!
  2755. */
  2756. function profileSendActivation()
  2757. {
  2758. global $sourcedir, $profile_vars, $txt, $context, $scripturl, $smcFunc, $cookiename, $cur_profile, $language, $modSettings;
  2759. require_once($sourcedir . '/Subs-Post.php');
  2760. // Shouldn't happen but just in case.
  2761. if (empty($profile_vars['email_address']))
  2762. return;
  2763. $replacements = array(
  2764. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $context['id_member'] . ';code=' . $profile_vars['validation_code'],
  2765. 'ACTIVATIONCODE' => $profile_vars['validation_code'],
  2766. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $context['id_member'],
  2767. );
  2768. // Send off the email.
  2769. $emaildata = loadEmailTemplate('activate_reactivate', $replacements, empty($cur_profile['lngfile']) || empty($modSettings['userLanguage']) ? $language : $cur_profile['lngfile']);
  2770. sendmail($profile_vars['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  2771. // Log the user out.
  2772. $smcFunc['db_query']('', '
  2773. DELETE FROM {db_prefix}log_online
  2774. WHERE id_member = {int:selected_member}',
  2775. array(
  2776. 'selected_member' => $context['id_member'],
  2777. )
  2778. );
  2779. $_SESSION['log_time'] = 0;
  2780. $_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));
  2781. if (isset($_COOKIE[$cookiename]))
  2782. $_COOKIE[$cookiename] = '';
  2783. loadUserSettings();
  2784. $context['user']['is_logged'] = false;
  2785. $context['user']['is_guest'] = true;
  2786. // Send them to the done-with-registration-login screen.
  2787. loadTemplate('Register');
  2788. $context['page_title'] = $txt['profile'];
  2789. $context['sub_template'] = 'after';
  2790. $context['title'] = $txt['activate_changed_email_title'];
  2791. $context['description'] = $txt['activate_changed_email_desc'];
  2792. // We're gone!
  2793. obExit();
  2794. }
  2795. /**
  2796. * Function to allow the user to choose group membership etc...
  2797. *
  2798. * @param int $memID id_member
  2799. */
  2800. function groupMembership($memID)
  2801. {
  2802. global $txt, $scripturl, $user_profile, $user_info, $context, $modSettings, $smcFunc;
  2803. $curMember = $user_profile[$memID];
  2804. $context['primary_group'] = $curMember['id_group'];
  2805. // Can they manage groups?
  2806. $context['can_manage_membergroups'] = allowedTo('manage_membergroups');
  2807. $context['can_manage_protected'] = allowedTo('admin_forum');
  2808. $context['can_edit_primary'] = $context['can_manage_protected'];
  2809. $context['update_message'] = isset($_GET['msg']) && isset($txt['group_membership_msg_' . $_GET['msg']]) ? $txt['group_membership_msg_' . $_GET['msg']] : '';
  2810. // Get all the groups this user is a member of.
  2811. $groups = explode(',', $curMember['additional_groups']);
  2812. $groups[] = $curMember['id_group'];
  2813. // Ensure the query doesn't croak!
  2814. if (empty($groups))
  2815. $groups = array(0);
  2816. // Just to be sure...
  2817. foreach ($groups as $k => $v)
  2818. $groups[$k] = (int) $v;
  2819. // Get all the membergroups they can join.
  2820. $request = $smcFunc['db_query']('', '
  2821. SELECT mg.id_group, mg.group_name, mg.description, mg.group_type, mg.online_color, mg.hidden,
  2822. IFNULL(lgr.id_member, 0) AS pending
  2823. FROM {db_prefix}membergroups AS mg
  2824. LEFT JOIN {db_prefix}log_group_requests AS lgr ON (lgr.id_member = {int:selected_member} AND lgr.id_group = mg.id_group)
  2825. WHERE (mg.id_group IN ({array_int:group_list})
  2826. OR mg.group_type > {int:nonjoin_group_id})
  2827. AND mg.min_posts = {int:min_posts}
  2828. AND mg.id_group != {int:moderator_group}
  2829. ORDER BY group_name',
  2830. array(
  2831. 'group_list' => $groups,
  2832. 'selected_member' => $memID,
  2833. 'nonjoin_group_id' => 1,
  2834. 'min_posts' => -1,
  2835. 'moderator_group' => 3,
  2836. )
  2837. );
  2838. // This beast will be our group holder.
  2839. $context['groups'] = array(
  2840. 'member' => array(),
  2841. 'available' => array()
  2842. );
  2843. while ($row = $smcFunc['db_fetch_assoc']($request))
  2844. {
  2845. // Can they edit their primary group?
  2846. if (($row['id_group'] == $context['primary_group'] && $row['group_type'] > 1) || ($row['hidden'] != 2 && $context['primary_group'] == 0 && in_array($row['id_group'], $groups)))
  2847. $context['can_edit_primary'] = true;
  2848. // If they can't manage (protected) groups, and it's not publically joinable or already assigned, they can't see it.
  2849. if (((!$context['can_manage_protected'] && $row['group_type'] == 1) || (!$context['can_manage_membergroups'] && $row['group_type'] == 0)) && $row['id_group'] != $context['primary_group'])
  2850. continue;
  2851. $context['groups'][in_array($row['id_group'], $groups) ? 'member' : 'available'][$row['id_group']] = array(
  2852. 'id' => $row['id_group'],
  2853. 'name' => $row['group_name'],
  2854. 'desc' => $row['description'],
  2855. 'color' => $row['online_color'],
  2856. 'type' => $row['group_type'],
  2857. 'pending' => $row['pending'],
  2858. 'is_primary' => $row['id_group'] == $context['primary_group'],
  2859. 'can_be_primary' => $row['hidden'] != 2,
  2860. // Anything more than this needs to be done through account settings for security.
  2861. 'can_leave' => $row['id_group'] != 1 && $row['group_type'] > 1 ? true : false,
  2862. );
  2863. }
  2864. $smcFunc['db_free_result']($request);
  2865. // Add registered members on the end.
  2866. $context['groups']['member'][0] = array(
  2867. 'id' => 0,
  2868. 'name' => $txt['regular_members'],
  2869. 'desc' => $txt['regular_members_desc'],
  2870. 'type' => 0,
  2871. 'is_primary' => $context['primary_group'] == 0 ? true : false,
  2872. 'can_be_primary' => true,
  2873. 'can_leave' => 0,
  2874. );
  2875. // No changing primary one unless you have enough groups!
  2876. if (count($context['groups']['member']) < 2)
  2877. $context['can_edit_primary'] = false;
  2878. // In the special case that someone is requesting membership of a group, setup some special context vars.
  2879. if (isset($_REQUEST['request']) && isset($context['groups']['available'][(int) $_REQUEST['request']]) && $context['groups']['available'][(int) $_REQUEST['request']]['type'] == 2)
  2880. $context['group_request'] = $context['groups']['available'][(int) $_REQUEST['request']];
  2881. }
  2882. /**
  2883. * This function actually makes all the group changes
  2884. *
  2885. * @param array $profile_vars
  2886. * @param array $post_errors
  2887. * @param int $memID id_member
  2888. * @return mixed
  2889. */
  2890. function groupMembership2($profile_vars, $post_errors, $memID)
  2891. {
  2892. global $user_info, $sourcedir, $context, $user_profile, $modSettings, $txt, $smcFunc, $scripturl, $language;
  2893. // Let's be extra cautious...
  2894. if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership']))
  2895. isAllowedTo('manage_membergroups');
  2896. if (!isset($_REQUEST['gid']) && !isset($_POST['primary']))
  2897. fatal_lang_error('no_access', false);
  2898. checkSession(isset($_GET['gid']) ? 'get' : 'post');
  2899. $old_profile = &$user_profile[$memID];
  2900. $context['can_manage_membergroups'] = allowedTo('manage_membergroups');
  2901. $context['can_manage_protected'] = allowedTo('admin_forum');
  2902. // By default the new primary is the old one.
  2903. $newPrimary = $old_profile['id_group'];
  2904. $addGroups = array_flip(explode(',', $old_profile['additional_groups']));
  2905. $canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0;
  2906. $changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free');
  2907. // One way or another, we have a target group in mind...
  2908. $group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary'];
  2909. $foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false;
  2910. // Sanity check!!
  2911. if ($group_id == 1)
  2912. isAllowedTo('admin_forum');
  2913. // Protected groups too!
  2914. else
  2915. {
  2916. $request = $smcFunc['db_query']('', '
  2917. SELECT group_type
  2918. FROM {db_prefix}membergroups
  2919. WHERE id_group = {int:current_group}
  2920. LIMIT {int:limit}',
  2921. array(
  2922. 'current_group' => $group_id,
  2923. 'limit' => 1,
  2924. )
  2925. );
  2926. list ($is_protected) = $smcFunc['db_fetch_row']($request);
  2927. $smcFunc['db_free_result']($request);
  2928. if ($is_protected == 1)
  2929. isAllowedTo('admin_forum');
  2930. }
  2931. // What ever we are doing, we need to determine if changing primary is possible!
  2932. $request = $smcFunc['db_query']('', '
  2933. SELECT id_group, group_type, hidden, group_name
  2934. FROM {db_prefix}membergroups
  2935. WHERE id_group IN ({int:group_list}, {int:current_group})',
  2936. array(
  2937. 'group_list' => $group_id,
  2938. 'current_group' => $old_profile['id_group'],
  2939. )
  2940. );
  2941. while ($row = $smcFunc['db_fetch_assoc']($request))
  2942. {
  2943. // Is this the new group?
  2944. if ($row['id_group'] == $group_id)
  2945. {
  2946. $foundTarget = true;
  2947. $group_name = $row['group_name'];
  2948. // Does the group type match what we're doing - are we trying to request a non-requestable group?
  2949. if ($changeType == 'request' && $row['group_type'] != 2)
  2950. fatal_lang_error('no_access', false);
  2951. // What about leaving a requestable group we are not a member of?
  2952. elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']]))
  2953. fatal_lang_error('no_access', false);
  2954. elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2)
  2955. fatal_lang_error('no_access', false);
  2956. // We can't change the primary group if this is hidden!
  2957. if ($row['hidden'] == 2)
  2958. $canChangePrimary = false;
  2959. }
  2960. // If this is their old primary, can we change it?
  2961. if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false)
  2962. $canChangePrimary = 1;
  2963. // If we are not doing a force primary move, don't do it automatically if current primary is not 0.
  2964. if ($changeType != 'primary' && $old_profile['id_group'] != 0)
  2965. $canChangePrimary = false;
  2966. // If this is the one we are acting on, can we even act?
  2967. if ((!$context['can_manage_protected'] && $row['group_type'] == 1) || (!$context['can_manage_membergroups'] && $row['group_type'] == 0))
  2968. $canChangePrimary = false;
  2969. }
  2970. $smcFunc['db_free_result']($request);
  2971. // Didn't find the target?
  2972. if (!$foundTarget)
  2973. fatal_lang_error('no_access', false);
  2974. // Final security check, don't allow users to promote themselves to admin.
  2975. if ($context['can_manage_membergroups'] && !allowedTo('admin_forum'))
  2976. {
  2977. $request = $smcFunc['db_query']('', '
  2978. SELECT COUNT(permission)
  2979. FROM {db_prefix}permissions
  2980. WHERE id_group = {int:selected_group}
  2981. AND permission = {string:admin_forum}
  2982. AND add_deny = {int:not_denied}',
  2983. array(
  2984. 'selected_group' => $group_id,
  2985. 'not_denied' => 1,
  2986. 'admin_forum' => 'admin_forum',
  2987. )
  2988. );
  2989. list ($disallow) = $smcFunc['db_fetch_row']($request);
  2990. $smcFunc['db_free_result']($request);
  2991. if ($disallow)
  2992. isAllowedTo('admin_forum');
  2993. }
  2994. // If we're requesting, add the note then return.
  2995. if ($changeType == 'request')
  2996. {
  2997. $request = $smcFunc['db_query']('', '
  2998. SELECT id_member
  2999. FROM {db_prefix}log_group_requests
  3000. WHERE id_member = {int:selected_member}
  3001. AND id_group = {int:selected_group}',
  3002. array(
  3003. 'selected_member' => $memID,
  3004. 'selected_group' => $group_id,
  3005. )
  3006. );
  3007. if ($smcFunc['db_num_rows']($request) != 0)
  3008. fatal_lang_error('profile_error_already_requested_group');
  3009. $smcFunc['db_free_result']($request);
  3010. // Log the request.
  3011. $smcFunc['db_insert']('',
  3012. '{db_prefix}log_group_requests',
  3013. array(
  3014. 'id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534',
  3015. ),
  3016. array(
  3017. $memID, $group_id, time(), $_POST['reason'],
  3018. ),
  3019. array('id_request')
  3020. );
  3021. // Send an email to all group moderators etc.
  3022. require_once($sourcedir . '/Subs-Post.php');
  3023. // Do we have any group moderators?
  3024. $request = $smcFunc['db_query']('', '
  3025. SELECT id_member
  3026. FROM {db_prefix}group_moderators
  3027. WHERE id_group = {int:selected_group}',
  3028. array(
  3029. 'selected_group' => $group_id,
  3030. )
  3031. );
  3032. $moderators = array();
  3033. while ($row = $smcFunc['db_fetch_assoc']($request))
  3034. $moderators[] = $row['id_member'];
  3035. $smcFunc['db_free_result']($request);
  3036. // Otherwise this is the backup!
  3037. if (empty($moderators))
  3038. {
  3039. require_once($sourcedir . '/Subs-Members.php');
  3040. $moderators = membersAllowedTo('manage_membergroups');
  3041. }
  3042. if (!empty($moderators))
  3043. {
  3044. $request = $smcFunc['db_query']('', '
  3045. SELECT id_member, email_address, lngfile, member_name, mod_prefs
  3046. FROM {db_prefix}members
  3047. WHERE id_member IN ({array_int:moderator_list})
  3048. AND notify_types != {int:no_notifications}
  3049. ORDER BY lngfile',
  3050. array(
  3051. 'moderator_list' => $moderators,
  3052. 'no_notifications' => 4,
  3053. )
  3054. );
  3055. while ($row = $smcFunc['db_fetch_assoc']($request))
  3056. {
  3057. // Check whether they are interested.
  3058. if (!empty($row['mod_prefs']))
  3059. {
  3060. list(,, $pref_binary) = explode('|', $row['mod_prefs']);
  3061. if (!($pref_binary & 4))
  3062. continue;
  3063. }
  3064. $replacements = array(
  3065. 'RECPNAME' => $row['member_name'],
  3066. 'APPYNAME' => $old_profile['member_name'],
  3067. 'GROUPNAME' => $group_name,
  3068. 'REASON' => $_POST['reason'],
  3069. 'MODLINK' => $scripturl . '?action=moderate;area=groups;sa=requests',
  3070. );
  3071. $emaildata = loadEmailTemplate('request_membership', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
  3072. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
  3073. }
  3074. $smcFunc['db_free_result']($request);
  3075. }
  3076. return $changeType;
  3077. }
  3078. // Otherwise we are leaving/joining a group.
  3079. elseif ($changeType == 'free')
  3080. {
  3081. // Are we leaving?
  3082. if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id]))
  3083. {
  3084. if ($old_profile['id_group'] == $group_id)
  3085. $newPrimary = 0;
  3086. else
  3087. unset($addGroups[$group_id]);
  3088. }
  3089. // ... if not, must be joining.
  3090. else
  3091. {
  3092. // Can we change the primary, and do we want to?
  3093. if ($canChangePrimary)
  3094. {
  3095. if ($old_profile['id_group'] != 0)
  3096. $addGroups[$old_profile['id_group']] = -1;
  3097. $newPrimary = $group_id;
  3098. }
  3099. // Otherwise it's an additional group...
  3100. else
  3101. $addGroups[$group_id] = -1;
  3102. }
  3103. }
  3104. // Finally, we must be setting the primary.
  3105. elseif ($canChangePrimary)
  3106. {
  3107. if ($old_profile['id_group'] != 0)
  3108. $addGroups[$old_profile['id_group']] = -1;
  3109. if (isset($addGroups[$group_id]))
  3110. unset($addGroups[$group_id]);
  3111. $newPrimary = $group_id;
  3112. }
  3113. // Finally, we can make the changes!
  3114. foreach ($addGroups as $id => $dummy)
  3115. if (empty($id))
  3116. unset($addGroups[$id]);
  3117. $addGroups = implode(',', array_flip($addGroups));
  3118. // Ensure that we don't cache permissions if the group is changing.
  3119. if ($context['user']['is_owner'])
  3120. $_SESSION['mc']['time'] = 0;
  3121. else
  3122. updateSettings(array('settings_updated' => time()));
  3123. updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups));
  3124. return $changeType;
  3125. }
  3126. ?>