Profile-Modify.php 126 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771
  1. <?php
  2. /**
  3. * This file has the primary job of showing and editing people's profiles.
  4. * It also allows the user to change some of their or another's preferences,
  5. * and such things
  6. *
  7. * Simple Machines Forum (SMF)
  8. *
  9. * @package SMF
  10. * @author Simple Machines http://www.simplemachines.org
  11. * @copyright 2014 Simple Machines and individual contributors
  12. * @license http://www.simplemachines.org/about/smf/license.php BSD
  13. *
  14. * @version 2.1 Alpha 1
  15. */
  16. if (!defined('SMF'))
  17. die('No direct access...');
  18. /**
  19. * This defines every profile field known to man.
  20. *
  21. * @param bool $force_reload = false
  22. */
  23. function loadProfileFields($force_reload = false)
  24. {
  25. global $context, $profile_fields, $txt, $scripturl, $modSettings, $user_info, $old_profile, $smcFunc, $cur_profile, $language;
  26. // Don't load this twice!
  27. if (!empty($profile_fields) && !$force_reload)
  28. return;
  29. /* This horrific array defines all the profile fields in the whole world!
  30. In general each "field" has one array - the key of which is the database column name associated with said field. Each item
  31. can have the following attributes:
  32. string $type: The type of field this is - valid types are:
  33. - callback: This is a field which has its own callback mechanism for templating.
  34. - check: A simple checkbox.
  35. - hidden: This doesn't have any visual aspects but may have some validity.
  36. - password: A password box.
  37. - select: A select box.
  38. - text: A string of some description.
  39. string $label: The label for this item - default will be $txt[$key] if this isn't set.
  40. string $subtext: The subtext (Small label) for this item.
  41. int $size: Optional size for a text area.
  42. array $input_attr: An array of text strings to be added to the input box for this item.
  43. string $value: The value of the item. If not set $cur_profile[$key] is assumed.
  44. string $permission: Permission required for this item (Excluded _any/_own subfix which is applied automatically).
  45. function $input_validate: A runtime function which validates the element before going to the database. It is passed
  46. the relevant $_POST element if it exists and should be treated like a reference.
  47. Return types:
  48. - true: Element can be stored.
  49. - false: Skip this element.
  50. - a text string: An error occured - this is the error message.
  51. function $preload: A function that is used to load data required for this element to be displayed. Must return
  52. true to be displayed at all.
  53. string $cast_type: If set casts the element to a certain type. Valid types (bool, int, float).
  54. string $save_key: If the index of this element isn't the database column name it can be overriden
  55. with this string.
  56. bool $is_dummy: If set then nothing is acted upon for this element.
  57. bool $enabled: A test to determine whether this is even available - if not is unset.
  58. string $link_with: Key which links this field to an overall set.
  59. Note that all elements that have a custom input_validate must ensure they set the value of $cur_profile correct to enable
  60. the changes to be displayed correctly on submit of the form.
  61. */
  62. $profile_fields = array(
  63. 'avatar_choice' => array(
  64. 'type' => 'callback',
  65. 'callback_func' => 'avatar_select',
  66. // This handles the permissions too.
  67. 'preload' => 'profileLoadAvatarData',
  68. 'input_validate' => 'profileSaveAvatarData',
  69. 'save_key' => 'avatar',
  70. ),
  71. 'bday1' => array(
  72. 'type' => 'callback',
  73. 'callback_func' => 'birthdate',
  74. 'permission' => 'profile_extra',
  75. 'preload' => create_function('', '
  76. global $cur_profile, $context;
  77. // Split up the birthdate....
  78. list ($uyear, $umonth, $uday) = explode(\'-\', empty($cur_profile[\'birthdate\']) || $cur_profile[\'birthdate\'] == \'0001-01-01\' ? \'0000-00-00\' : $cur_profile[\'birthdate\']);
  79. $context[\'member\'][\'birth_date\'] = array(
  80. \'year\' => $uyear == \'0004\' ? \'0000\' : $uyear,
  81. \'month\' => $umonth,
  82. \'day\' => $uday,
  83. );
  84. return true;
  85. '),
  86. 'input_validate' => create_function('&$value', '
  87. global $profile_vars, $cur_profile;
  88. if (isset($_POST[\'bday2\'], $_POST[\'bday3\']) && $value > 0 && $_POST[\'bday2\'] > 0)
  89. {
  90. // Set to blank?
  91. if ((int) $_POST[\'bday3\'] == 1 && (int) $_POST[\'bday2\'] == 1 && (int) $value == 1)
  92. $value = \'0001-01-01\';
  93. else
  94. $value = checkdate($value, $_POST[\'bday2\'], $_POST[\'bday3\'] < 4 ? 4 : $_POST[\'bday3\']) ? sprintf(\'%04d-%02d-%02d\', $_POST[\'bday3\'] < 4 ? 4 : $_POST[\'bday3\'], $_POST[\'bday1\'], $_POST[\'bday2\']) : \'0001-01-01\';
  95. }
  96. else
  97. $value = \'0001-01-01\';
  98. $profile_vars[\'birthdate\'] = $value;
  99. $cur_profile[\'birthdate\'] = $value;
  100. return false;
  101. '),
  102. ),
  103. // Setting the birthdate the old style way?
  104. 'birthdate' => array(
  105. 'type' => 'hidden',
  106. 'permission' => 'profile_extra',
  107. 'input_validate' => create_function('&$value', '
  108. global $cur_profile;
  109. // @todo Should we check for this year and tell them they made a mistake :P? (based on coppa at least?)
  110. if (preg_match(\'/(\d{4})[\-\., ](\d{2})[\-\., ](\d{2})/\', $value, $dates) === 1)
  111. {
  112. $value = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf(\'%04d-%02d-%02d\', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : \'0001-01-01\';
  113. return true;
  114. }
  115. else
  116. {
  117. $value = empty($cur_profile[\'birthdate\']) ? \'0001-01-01\' : $cur_profile[\'birthdate\'];
  118. return false;
  119. }
  120. '),
  121. ),
  122. 'date_registered' => array(
  123. 'type' => 'date',
  124. 'value' => empty($cur_profile['date_registered']) ? $txt['not_applicable'] : strftime('%Y-%m-%d', $cur_profile['date_registered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600),
  125. 'label' => $txt['date_registered'],
  126. 'log_change' => true,
  127. 'permission' => 'moderate_forum',
  128. 'input_validate' => create_function('&$value', '
  129. global $txt, $user_info, $modSettings, $cur_profile, $context;
  130. // Bad date! Go try again - please?
  131. if (($value = strtotime($value)) === -1)
  132. {
  133. $value = $cur_profile[\'date_registered\'];
  134. return $txt[\'invalid_registration\'] . \' \' . strftime(\'%d %b %Y \' . (strpos($user_info[\'time_format\'], \'%H\') !== false ? \'%I:%M:%S %p\' : \'%H:%M:%S\'), forum_time(false));
  135. }
  136. // As long as it doesn\'t equal "N/A"...
  137. elseif ($value != $txt[\'not_applicable\'] && $value != strtotime(strftime(\'%Y-%m-%d\', $cur_profile[\'date_registered\'] + ($user_info[\'time_offset\'] + $modSettings[\'time_offset\']) * 3600)))
  138. $value = $value - ($user_info[\'time_offset\'] + $modSettings[\'time_offset\']) * 3600;
  139. else
  140. $value = $cur_profile[\'date_registered\'];
  141. return true;
  142. '),
  143. ),
  144. 'email_address' => array(
  145. 'type' => 'email',
  146. 'label' => $txt['user_email_address'],
  147. 'subtext' => $txt['valid_email'],
  148. 'log_change' => true,
  149. 'permission' => 'profile_password',
  150. 'js_submit' => !empty($modSettings['send_validation_onChange']) ? '
  151. form_handle.addEventListener(\'submit\', function(event)
  152. {
  153. if (this.email_address.value != "'. $cur_profile['email_address'] .'")
  154. {
  155. alert('. JavaScriptEscape($txt['email_change_logout']) .');
  156. return true;
  157. }
  158. }, false);' : '',
  159. 'input_validate' => create_function('&$value', '
  160. global $context, $old_profile, $profile_vars, $sourcedir, $modSettings;
  161. if (strtolower($value) == strtolower($old_profile[\'email_address\']))
  162. return false;
  163. $isValid = profileValidateEmail($value, $context[\'id_member\']);
  164. // Do they need to revalidate? If so schedule the function!
  165. if ($isValid === true && !empty($modSettings[\'send_validation_onChange\']) && !allowedTo(\'moderate_forum\'))
  166. {
  167. require_once($sourcedir . \'/Subs-Members.php\');
  168. $profile_vars[\'validation_code\'] = generateValidationCode();
  169. $profile_vars[\'is_activated\'] = 2;
  170. $context[\'profile_execute_on_save\'][] = \'profileSendActivation\';
  171. unset($context[\'profile_execute_on_save\'][\'reload_user\']);
  172. }
  173. return $isValid;
  174. '),
  175. ),
  176. // Selecting group membership is a complicated one so we treat it separate!
  177. 'id_group' => array(
  178. 'type' => 'callback',
  179. 'callback_func' => 'group_manage',
  180. 'permission' => 'manage_membergroups',
  181. 'preload' => 'profileLoadGroups',
  182. 'log_change' => true,
  183. 'input_validate' => 'profileSaveGroups',
  184. ),
  185. 'id_theme' => array(
  186. 'type' => 'callback',
  187. 'callback_func' => 'theme_pick',
  188. 'permission' => 'profile_extra',
  189. 'enabled' => $modSettings['theme_allow'] || allowedTo('admin_forum'),
  190. 'preload' => create_function('', '
  191. global $smcFunc, $context, $cur_profile, $txt;
  192. $request = $smcFunc[\'db_query\'](\'\', \'
  193. SELECT value
  194. FROM {db_prefix}themes
  195. WHERE id_theme = {int:id_theme}
  196. AND variable = {string:variable}
  197. LIMIT 1\', array(
  198. \'id_theme\' => $cur_profile[\'id_theme\'],
  199. \'variable\' => \'name\',
  200. )
  201. );
  202. list ($name) = $smcFunc[\'db_fetch_row\']($request);
  203. $smcFunc[\'db_free_result\']($request);
  204. $context[\'member\'][\'theme\'] = array(
  205. \'id\' => $cur_profile[\'id_theme\'],
  206. \'name\' => empty($cur_profile[\'id_theme\']) ? $txt[\'theme_forum_default\'] : $name
  207. );
  208. return true;
  209. '),
  210. 'input_validate' => create_function('&$value', '
  211. $value = (int) $value;
  212. return true;
  213. '),
  214. ),
  215. 'karma_good' => array(
  216. 'type' => 'callback',
  217. 'callback_func' => 'karma_modify',
  218. 'permission' => 'admin_forum',
  219. // Set karma_bad too!
  220. 'input_validate' => create_function('&$value', '
  221. global $profile_vars, $cur_profile;
  222. $value = (int) $value;
  223. if (isset($_POST[\'karma_bad\']))
  224. {
  225. $profile_vars[\'karma_bad\'] = $_POST[\'karma_bad\'] != \'\' ? (int) $_POST[\'karma_bad\'] : 0;
  226. $cur_profile[\'karma_bad\'] = $_POST[\'karma_bad\'] != \'\' ? (int) $_POST[\'karma_bad\'] : 0;
  227. }
  228. return true;
  229. '),
  230. 'preload' => create_function('', '
  231. global $context, $cur_profile;
  232. $context[\'member\'][\'karma\'][\'good\'] = $cur_profile[\'karma_good\'];
  233. $context[\'member\'][\'karma\'][\'bad\'] = $cur_profile[\'karma_bad\'];
  234. return true;
  235. '),
  236. 'enabled' => !empty($modSettings['karmaMode']),
  237. ),
  238. 'lngfile' => array(
  239. 'type' => 'select',
  240. 'options' => 'return $context[\'profile_languages\'];',
  241. 'label' => $txt['preferred_language'],
  242. 'permission' => 'profile_identity',
  243. 'preload' => 'profileLoadLanguages',
  244. 'enabled' => !empty($modSettings['userLanguage']),
  245. 'value' => empty($cur_profile['lngfile']) ? $language : $cur_profile['lngfile'],
  246. 'input_validate' => create_function('&$value', '
  247. global $context, $cur_profile;
  248. // Load the languages.
  249. profileLoadLanguages();
  250. if (isset($context[\'profile_languages\'][$value]))
  251. {
  252. if ($context[\'user\'][\'is_owner\'] && empty($context[\'password_auth_failed\']))
  253. $_SESSION[\'language\'] = $value;
  254. return true;
  255. }
  256. else
  257. {
  258. $value = $cur_profile[\'lngfile\'];
  259. return false;
  260. }
  261. '),
  262. ),
  263. // The username is not always editable - so adjust it as such.
  264. 'member_name' => array(
  265. 'type' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? 'text' : 'label',
  266. 'label' => $txt['username'],
  267. 'subtext' => allowedTo('admin_forum') && !isset($_GET['changeusername']) ? '[<a href="' . $scripturl . '?action=profile;u=' . $context['id_member'] . ';area=account;changeusername" style="font-style: italic;">' . $txt['username_change'] . '</a>]' : '',
  268. 'log_change' => true,
  269. 'permission' => 'profile_identity',
  270. 'prehtml' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? '<div class="alert">' . $txt['username_warning'] . '</div>' : '',
  271. 'input_validate' => create_function('&$value', '
  272. global $sourcedir, $context, $user_info, $cur_profile;
  273. if (allowedTo(\'admin_forum\'))
  274. {
  275. // We\'ll need this...
  276. require_once($sourcedir . \'/Subs-Auth.php\');
  277. // Maybe they are trying to change their password as well?
  278. $resetPassword = true;
  279. if (isset($_POST[\'passwrd1\']) && $_POST[\'passwrd1\'] != \'\' && isset($_POST[\'passwrd2\']) && $_POST[\'passwrd1\'] == $_POST[\'passwrd2\'] && validatePassword($_POST[\'passwrd1\'], $value, array($cur_profile[\'real_name\'], $user_info[\'username\'], $user_info[\'name\'], $user_info[\'email\'])) == null)
  280. $resetPassword = false;
  281. // Do the reset... this will send them an email too.
  282. if ($resetPassword)
  283. resetPassword($context[\'id_member\'], $value);
  284. elseif ($value !== null)
  285. {
  286. validateUsername($context[\'id_member\'], trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value)));
  287. updateMemberData($context[\'id_member\'], array(\'member_name\' => $value));
  288. }
  289. }
  290. return false;
  291. '),
  292. ),
  293. 'passwrd1' => array(
  294. 'type' => 'password',
  295. 'label' => ucwords($txt['choose_pass']),
  296. 'subtext' => $txt['password_strength'],
  297. 'size' => 20,
  298. 'value' => '',
  299. 'enabled' => empty($cur_profile['openid_uri']),
  300. 'permission' => 'profile_password',
  301. 'save_key' => 'passwd',
  302. // Note this will only work if passwrd2 also exists!
  303. 'input_validate' => create_function('&$value', '
  304. global $sourcedir, $user_info, $smcFunc, $cur_profile;
  305. // If we didn\'t try it then ignore it!
  306. if ($value == \'\')
  307. return false;
  308. // Do the two entries for the password even match?
  309. if (!isset($_POST[\'passwrd2\']) || $value != $_POST[\'passwrd2\'])
  310. return \'bad_new_password\';
  311. // Let\'s get the validation function into play...
  312. require_once($sourcedir . \'/Subs-Auth.php\');
  313. $passwordErrors = validatePassword($value, $cur_profile[\'member_name\'], array($cur_profile[\'real_name\'], $user_info[\'username\'], $user_info[\'name\'], $user_info[\'email\']));
  314. // Were there errors?
  315. if ($passwordErrors != null)
  316. return \'password_\' . $passwordErrors;
  317. // Set up the new password variable... ready for storage.
  318. $value = sha1(strtolower($cur_profile[\'member_name\']) . un_htmlspecialchars($value));
  319. return true;
  320. '),
  321. ),
  322. 'passwrd2' => array(
  323. 'type' => 'password',
  324. 'label' => ucwords($txt['verify_pass']),
  325. 'enabled' => empty($cur_profile['openid_uri']),
  326. 'size' => 20,
  327. 'value' => '',
  328. 'permission' => 'profile_password',
  329. 'is_dummy' => true,
  330. ),
  331. 'personal_text' => array(
  332. 'type' => 'text',
  333. 'label' => $txt['personal_text'],
  334. 'log_change' => true,
  335. 'input_attr' => array('maxlength="50"'),
  336. 'size' => 50,
  337. 'permission' => 'profile_blurb',
  338. 'input_validate' => create_function('&$value', '
  339. global $smcFunc;
  340. if ($smcFunc[\'strlen\']($value) > 50)
  341. return \'personal_text_too_long\';
  342. return true;
  343. '),
  344. ),
  345. // This does ALL the pm settings
  346. 'pm_prefs' => array(
  347. 'type' => 'callback',
  348. 'callback_func' => 'pm_settings',
  349. 'permission' => 'pm_read',
  350. 'preload' => create_function('', '
  351. global $context, $cur_profile;
  352. $context[\'display_mode\'] = $cur_profile[\'pm_prefs\'] & 3;
  353. $context[\'send_email\'] = $cur_profile[\'pm_email_notify\'];
  354. $context[\'receive_from\'] = !empty($cur_profile[\'pm_receive_from\']) ? $cur_profile[\'pm_receive_from\'] : 0;
  355. return true;
  356. '),
  357. 'input_validate' => create_function('&$value', '
  358. global $cur_profile, $profile_vars;
  359. // Simple validate and apply the two "sub settings"
  360. $value = max(min($value, 2), 0);
  361. $cur_profile[\'pm_email_notify\'] = $profile_vars[\'pm_email_notify\'] = max(min((int) $_POST[\'pm_email_notify\'], 2), 0);
  362. $cur_profile[\'pm_receive_from\'] = $profile_vars[\'pm_receive_from\'] = max(min((int) $_POST[\'pm_receive_from\'], 4), 0);
  363. return true;
  364. '),
  365. ),
  366. 'posts' => array(
  367. 'type' => 'int',
  368. 'label' => $txt['profile_posts'],
  369. 'log_change' => true,
  370. 'size' => 7,
  371. 'permission' => 'moderate_forum',
  372. 'input_validate' => create_function('&$value', '
  373. if (!is_numeric($value))
  374. return \'digits_only\';
  375. else
  376. $value = $value != \'\' ? strtr($value, array(\',\' => \'\', \'.\' => \'\', \' \' => \'\')) : 0;
  377. return true;
  378. '),
  379. ),
  380. 'real_name' => array(
  381. 'type' => allowedTo('profile_displayed_name_own') || allowedTo('profile_displayed_name_any') || allowedTo('moderate_forum') ? 'text' : 'label',
  382. 'label' => $txt['name'],
  383. 'subtext' => $txt['display_name_desc'],
  384. 'log_change' => true,
  385. 'input_attr' => array('maxlength="60"'),
  386. 'permission' => 'profile_displayed_name',
  387. 'enabled' => allowedTo('profile_displayed_name_own') || allowedTo('profile_displayed_name_any') || allowedTo('moderate_forum'),
  388. 'input_validate' => create_function('&$value', '
  389. global $context, $smcFunc, $sourcedir, $cur_profile;
  390. $value = trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value));
  391. if (trim($value) == \'\')
  392. return \'no_name\';
  393. elseif ($smcFunc[\'strlen\']($value) > 60)
  394. return \'name_too_long\';
  395. elseif ($cur_profile[\'real_name\'] != $value)
  396. {
  397. require_once($sourcedir . \'/Subs-Members.php\');
  398. if (isReservedName($value, $context[\'id_member\']))
  399. return \'name_taken\';
  400. }
  401. return true;
  402. '),
  403. ),
  404. 'secret_question' => array(
  405. 'type' => 'text',
  406. 'label' => $txt['secret_question'],
  407. 'subtext' => $txt['secret_desc'],
  408. 'size' => 50,
  409. 'permission' => 'profile_password',
  410. ),
  411. 'secret_answer' => array(
  412. 'type' => 'text',
  413. 'label' => $txt['secret_answer'],
  414. 'subtext' => $txt['secret_desc2'],
  415. 'size' => 20,
  416. 'postinput' => '<span class="smalltext" style="margin-left: 4ex;">[<a href="' . $scripturl . '?action=helpadmin;help=secret_why_blank" onclick="return reqOverlayDiv(this.href);">' . $txt['secret_why_blank'] . '</a>]</span>',
  417. 'value' => '',
  418. 'permission' => 'profile_password',
  419. 'input_validate' => create_function('&$value', '
  420. $value = $value != \'\' ? md5($value) : \'\';
  421. return true;
  422. '),
  423. ),
  424. 'signature' => array(
  425. 'type' => 'callback',
  426. 'callback_func' => 'signature_modify',
  427. 'permission' => 'profile_signature',
  428. 'enabled' => substr($modSettings['signature_settings'], 0, 1) == 1,
  429. 'preload' => 'profileLoadSignatureData',
  430. 'input_validate' => 'profileValidateSignature',
  431. ),
  432. 'show_online' => array(
  433. 'type' => 'check',
  434. 'label' => $txt['show_online'],
  435. 'permission' => 'profile_identity',
  436. 'enabled' => !empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum'),
  437. ),
  438. 'smiley_set' => array(
  439. 'type' => 'callback',
  440. 'callback_func' => 'smiley_pick',
  441. 'enabled' => !empty($modSettings['smiley_sets_enable']),
  442. 'permission' => 'profile_extra',
  443. 'preload' => create_function('', '
  444. global $modSettings, $context, $txt, $cur_profile, $smcFunc;
  445. $context[\'member\'][\'smiley_set\'][\'id\'] = empty($cur_profile[\'smiley_set\']) ? \'\' : $cur_profile[\'smiley_set\'];
  446. $context[\'smiley_sets\'] = explode(\',\', \'none,,\' . $modSettings[\'smiley_sets_known\']);
  447. $set_names = explode("\n", $txt[\'smileys_none\'] . "\n" . $txt[\'smileys_forum_board_default\'] . "\n" . $modSettings[\'smiley_sets_names\']);
  448. foreach ($context[\'smiley_sets\'] as $i => $set)
  449. {
  450. $context[\'smiley_sets\'][$i] = array(
  451. \'id\' => $smcFunc[\'htmlspecialchars\']($set),
  452. \'name\' => $smcFunc[\'htmlspecialchars\']($set_names[$i]),
  453. \'selected\' => $set == $context[\'member\'][\'smiley_set\'][\'id\']
  454. );
  455. if ($context[\'smiley_sets\'][$i][\'selected\'])
  456. $context[\'member\'][\'smiley_set\'][\'name\'] = $set_names[$i];
  457. }
  458. return true;
  459. '),
  460. 'input_validate' => create_function('&$value', '
  461. global $modSettings;
  462. $smiley_sets = explode(\',\', $modSettings[\'smiley_sets_known\']);
  463. if (!in_array($value, $smiley_sets) && $value != \'none\')
  464. $value = \'\';
  465. return true;
  466. '),
  467. ),
  468. // Pretty much a dummy entry - it populates all the theme settings.
  469. 'theme_settings' => array(
  470. 'type' => 'callback',
  471. 'callback_func' => 'theme_settings',
  472. 'permission' => 'profile_extra',
  473. 'is_dummy' => true,
  474. 'preload' => create_function('', '
  475. global $context, $user_info, $modSettings;
  476. loadLanguage(\'Settings\');
  477. $context[\'allow_no_censored\'] = false;
  478. if ($user_info[\'is_admin\'] || $context[\'user\'][\'is_owner\'])
  479. $context[\'allow_no_censored\'] = !empty($modSettings[\'allow_no_censored\']);
  480. return true;
  481. '),
  482. ),
  483. 'time_format' => array(
  484. 'type' => 'callback',
  485. 'callback_func' => 'timeformat_modify',
  486. 'permission' => 'profile_extra',
  487. 'preload' => create_function('', '
  488. global $context, $user_info, $txt, $cur_profile, $modSettings;
  489. $context[\'easy_timeformats\'] = array(
  490. array(\'format\' => \'\', \'title\' => $txt[\'timeformat_default\']),
  491. array(\'format\' => \'%B %d, %Y, %I:%M:%S %p\', \'title\' => $txt[\'timeformat_easy1\']),
  492. array(\'format\' => \'%B %d, %Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy2\']),
  493. array(\'format\' => \'%Y-%m-%d, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy3\']),
  494. array(\'format\' => \'%d %B %Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy4\']),
  495. array(\'format\' => \'%d-%m-%Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy5\'])
  496. );
  497. $context[\'member\'][\'time_format\'] = $cur_profile[\'time_format\'];
  498. $context[\'current_forum_time\'] = timeformat(time() - $user_info[\'time_offset\'] * 3600, false);
  499. $context[\'current_forum_time_js\'] = strftime(\'%Y,\' . ((int) strftime(\'%m\', time() + $modSettings[\'time_offset\'] * 3600) - 1) . \',%d,%H,%M,%S\', time() + $modSettings[\'time_offset\'] * 3600);
  500. $context[\'current_forum_time_hour\'] = (int) strftime(\'%H\', forum_time(false));
  501. return true;
  502. '),
  503. ),
  504. 'time_offset' => array(
  505. 'type' => 'callback',
  506. 'callback_func' => 'timeoffset_modify',
  507. 'permission' => 'profile_extra',
  508. 'preload' => create_function('', '
  509. global $context, $cur_profile;
  510. $context[\'member\'][\'time_offset\'] = $cur_profile[\'time_offset\'];
  511. return true;
  512. '),
  513. 'input_validate' => create_function('&$value', '
  514. // Validate the time_offset...
  515. $value = (float) strtr($value, \',\', \'.\');
  516. if ($value < -23.5 || $value > 23.5)
  517. return \'bad_offset\';
  518. return true;
  519. '),
  520. ),
  521. 'usertitle' => array(
  522. 'type' => 'text',
  523. 'label' => $txt['custom_title'],
  524. 'log_change' => true,
  525. 'input_attr' => array('maxlength="50"'),
  526. 'size' => 50,
  527. 'permission' => 'profile_other',
  528. 'enabled' => !empty($modSettings['titlesEnable']),
  529. 'input_validate' => create_function('&$value', '
  530. global $smcFunc;
  531. if ($smcFunc[\'strlen\']($value) > 50)
  532. return \'user_title_too_long\';
  533. return true;
  534. '),
  535. ),
  536. 'website_title' => array(
  537. 'type' => 'text',
  538. 'label' => $txt['website_title'],
  539. 'subtext' => $txt['include_website_url'],
  540. 'size' => 50,
  541. 'permission' => 'profile_other',
  542. 'link_with' => 'website',
  543. ),
  544. 'website_url' => array(
  545. 'type' => 'url',
  546. 'label' => $txt['website_url'],
  547. 'subtext' => $txt['complete_url'],
  548. 'size' => 50,
  549. 'permission' => 'profile_other',
  550. // Fix the URL...
  551. 'input_validate' => create_function('&$value', '
  552. if (strlen(trim($value)) > 0 && strpos($value, \'://\') === false)
  553. $value = \'http://\' . $value;
  554. if (strlen($value) < 8 || (substr($value, 0, 7) !== \'http://\' && substr($value, 0, 8) !== \'https://\'))
  555. $value = \'\';
  556. return true;
  557. '),
  558. 'link_with' => 'website',
  559. ),
  560. );
  561. call_integration_hook('integrate_load_profile_fields', array(&$profile_fields));
  562. $disabled_fields = !empty($modSettings['disabled_profile_fields']) ? explode(',', $modSettings['disabled_profile_fields']) : array();
  563. // For each of the above let's take out the bits which don't apply - to save memory and security!
  564. foreach ($profile_fields as $key => $field)
  565. {
  566. // Do we have permission to do this?
  567. if (isset($field['permission']) && !allowedTo(($context['user']['is_owner'] ? array($field['permission'] . '_own', $field['permission'] . '_any') : $field['permission'] . '_any')) && !allowedTo($field['permission']))
  568. unset($profile_fields[$key]);
  569. // Is it enabled?
  570. if (isset($field['enabled']) && !$field['enabled'])
  571. unset($profile_fields[$key]);
  572. // Is it specifically disabled?
  573. if (in_array($key, $disabled_fields) || (isset($field['link_with']) && in_array($field['link_with'], $disabled_fields)))
  574. unset($profile_fields[$key]);
  575. }
  576. }
  577. /**
  578. * Setup the context for a page load!
  579. *
  580. * @param array $fields
  581. */
  582. function setupProfileContext($fields)
  583. {
  584. global $profile_fields, $context, $cur_profile, $smcFunc, $txt;
  585. // Make sure we have this!
  586. loadProfileFields(true);
  587. // First check for any linked sets.
  588. foreach ($profile_fields as $key => $field)
  589. if (isset($field['link_with']) && in_array($field['link_with'], $fields))
  590. $fields[] = $key;
  591. // Some default bits.
  592. $context['profile_prehtml'] = '';
  593. $context['profile_posthtml'] = '';
  594. $context['profile_javascript'] = '';
  595. $context['profile_onsubmit_javascript'] = '';
  596. $i = 0;
  597. $last_type = '';
  598. foreach ($fields as $key => $field)
  599. {
  600. if (isset($profile_fields[$field]))
  601. {
  602. // Shortcut.
  603. $cur_field = &$profile_fields[$field];
  604. // Does it have a preload and does that preload succeed?
  605. if (isset($cur_field['preload']) && !$cur_field['preload']())
  606. continue;
  607. // If this is anything but complex we need to do more cleaning!
  608. if ($cur_field['type'] != 'callback' && $cur_field['type'] != 'hidden')
  609. {
  610. if (!isset($cur_field['label']))
  611. $cur_field['label'] = isset($txt[$field]) ? $txt[$field] : $field;
  612. // Everything has a value!
  613. if (!isset($cur_field['value']))
  614. {
  615. $cur_field['value'] = isset($cur_profile[$field]) ? $cur_profile[$field] : '';
  616. }
  617. // Any input attributes?
  618. $cur_field['input_attr'] = !empty($cur_field['input_attr']) ? implode(',', $cur_field['input_attr']) : '';
  619. }
  620. // Was there an error with this field on posting?
  621. if (isset($context['profile_errors'][$field]))
  622. $cur_field['is_error'] = true;
  623. // Any javascript stuff?
  624. if (!empty($cur_field['js_submit']))
  625. $context['profile_onsubmit_javascript'] .= $cur_field['js_submit'];
  626. if (!empty($cur_field['js']))
  627. $context['profile_javascript'] .= $cur_field['js'];
  628. // Any template stuff?
  629. if (!empty($cur_field['prehtml']))
  630. $context['profile_prehtml'] .= $cur_field['prehtml'];
  631. if (!empty($cur_field['posthtml']))
  632. $context['profile_posthtml'] .= $cur_field['posthtml'];
  633. // Finally put it into context?
  634. if ($cur_field['type'] != 'hidden')
  635. {
  636. $last_type = $cur_field['type'];
  637. $context['profile_fields'][$field] = &$profile_fields[$field];
  638. }
  639. }
  640. // Bodge in a line break - without doing two in a row ;)
  641. elseif ($field == 'hr' && $last_type != 'hr' && $last_type != '')
  642. {
  643. $last_type = 'hr';
  644. $context['profile_fields'][$i++]['type'] = 'hr';
  645. }
  646. }
  647. // Some spicy JS.
  648. addInlineJavascript('
  649. var form_handle = document.forms.creator;
  650. createEventListener(form_handle);
  651. '. (!empty($context['require_password']) ? '
  652. form_handle.addEventListener(\'submit\', function(event)
  653. {
  654. if (this.oldpasswrd.value == "")
  655. {
  656. event.preventDefault();
  657. alert('. (JavaScriptEscape($txt['required_security_reasons'])) .');
  658. return false;
  659. }
  660. }, false);' : ''), true);
  661. // Any onsubmit javascript?
  662. if (!empty($context['profile_onsubmit_javascript']))
  663. addInlineJavascript($context['profile_onsubmit_javascript'], true);
  664. // Any totally custom stuff?
  665. if (!empty($context['profile_javascript']))
  666. addInlineJavascript($context['profile_javascript'], true);
  667. // Free up some memory.
  668. unset($profile_fields);
  669. }
  670. /**
  671. * Save the profile changes.
  672. */
  673. function saveProfileFields()
  674. {
  675. global $profile_fields, $profile_vars, $context, $old_profile, $post_errors, $sourcedir, $cur_profile, $smcFunc;
  676. // Load them up.
  677. loadProfileFields();
  678. // This makes things easier...
  679. $old_profile = $cur_profile;
  680. // This allows variables to call activities when they save - by default just to reload their settings
  681. $context['profile_execute_on_save'] = array();
  682. if ($context['user']['is_owner'])
  683. $context['profile_execute_on_save']['reload_user'] = 'profileReloadUser';
  684. // Assume we log nothing.
  685. $context['log_changes'] = array();
  686. // Cycle through the profile fields working out what to do!
  687. foreach ($profile_fields as $key => $field)
  688. {
  689. if (!isset($_POST[$key]) || !empty($field['is_dummy']) || (isset($_POST['preview_signature']) && $key == 'signature'))
  690. continue;
  691. // What gets updated?
  692. $db_key = isset($field['save_key']) ? $field['save_key'] : $key;
  693. // Right - we have something that is enabled, we can act upon and has a value posted to it. Does it have a validation function?
  694. if (isset($field['input_validate']))
  695. {
  696. $is_valid = $field['input_validate']($_POST[$key]);
  697. // An error occured - set it as such!
  698. if ($is_valid !== true)
  699. {
  700. // Is this an actual error?
  701. if ($is_valid !== false)
  702. {
  703. $post_errors[$key] = $is_valid;
  704. $profile_fields[$key]['is_error'] = $is_valid;
  705. }
  706. // Retain the old value.
  707. $cur_profile[$key] = $_POST[$key];
  708. continue;
  709. }
  710. }
  711. // Are we doing a cast?
  712. $field['cast_type'] = empty($field['cast_type']) ? $field['type'] : $field['cast_type'];
  713. // Finally, clean up certain types.
  714. if ($field['cast_type'] == 'int')
  715. $_POST[$key] = (int) $_POST[$key];
  716. elseif ($field['cast_type'] == 'float')
  717. $_POST[$key] = (float) $_POST[$key];
  718. elseif ($field['cast_type'] == 'check')
  719. $_POST[$key] = !empty($_POST[$key]) ? 1 : 0;
  720. // If we got here we're doing OK.
  721. if ($field['type'] != 'hidden' && (!isset($old_profile[$key]) || $_POST[$key] != $old_profile[$key]))
  722. {
  723. // Set the save variable.
  724. $profile_vars[$db_key] = $_POST[$key];
  725. // And update the user profile.
  726. $cur_profile[$key] = $_POST[$key];
  727. // Are we logging it?
  728. if (!empty($field['log_change']) && isset($old_profile[$key]))
  729. $context['log_changes'][$key] = array(
  730. 'previous' => $old_profile[$key],
  731. 'new' => $_POST[$key],
  732. );
  733. }
  734. // Logging group changes are a bit different...
  735. if ($key == 'id_group' && $field['log_change'])
  736. {
  737. profileLoadGroups();
  738. // Any changes to primary group?
  739. if ($_POST['id_group'] != $old_profile['id_group'])
  740. {
  741. $context['log_changes']['id_group'] = array(
  742. 'previous' => !empty($old_profile[$key]) && isset($context['member_groups'][$old_profile[$key]]) ? $context['member_groups'][$old_profile[$key]]['name'] : '',
  743. 'new' => !empty($_POST[$key]) && isset($context['member_groups'][$_POST[$key]]) ? $context['member_groups'][$_POST[$key]]['name'] : '',
  744. );
  745. }
  746. // Prepare additional groups for comparison.
  747. $additional_groups = array(
  748. 'previous' => !empty($old_profile['additional_groups']) ? explode(',', $old_profile['additional_groups']) : array(),
  749. 'new' => !empty($_POST['additional_groups']) ? array_diff($_POST['additional_groups'], array(0)) : array(),
  750. );
  751. sort($additional_groups['previous']);
  752. sort($additional_groups['new']);
  753. // What about additional groups?
  754. if ($additional_groups['previous'] != $additional_groups['new'])
  755. {
  756. foreach ($additional_groups as $type => $groups)
  757. {
  758. foreach ($groups as $id => $group)
  759. {
  760. if (isset($context['member_groups'][$group]))
  761. $additional_groups[$type][$id] = $context['member_groups'][$group]['name'];
  762. else
  763. unset($additional_groups[$type][$id]);
  764. }
  765. $additional_groups[$type] = implode(', ', $additional_groups[$type]);
  766. }
  767. $context['log_changes']['additional_groups'] = $additional_groups;
  768. }
  769. }
  770. }
  771. // @todo Temporary
  772. if ($context['user']['is_owner'])
  773. $changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
  774. else
  775. $changeOther = allowedTo('profile_extra_any');
  776. if ($changeOther && empty($post_errors))
  777. {
  778. makeThemeChanges($context['id_member'], isset($_POST['id_theme']) ? (int) $_POST['id_theme'] : $old_profile['id_theme']);
  779. if (!empty($_REQUEST['sa']))
  780. makeCustomFieldChanges($context['id_member'], $_REQUEST['sa'], false);
  781. }
  782. // Free memory!
  783. unset($profile_fields);
  784. }
  785. /**
  786. * Save the profile changes
  787. *
  788. * @param array &$profile_variables
  789. * @param array &$post_errors
  790. * @param int $memID id_member
  791. */
  792. function saveProfileChanges(&$profile_vars, &$post_errors, $memID)
  793. {
  794. global $txt, $user_profile;
  795. global $context, $sourcedir;
  796. global $smcFunc;
  797. // These make life easier....
  798. $old_profile = &$user_profile[$memID];
  799. // Permissions...
  800. if ($context['user']['is_owner'])
  801. {
  802. $changeIdentity = allowedTo(array('profile_identity_any', 'profile_identity_own', 'profile_password_any', 'profile_password_own'));
  803. $changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own', 'profile_other_any', 'profile_other_own', 'profile_signature_any', 'profile_signature_own'));
  804. }
  805. else
  806. {
  807. $changeIdentity = allowedTo('profile_identity_any', 'profile_signature_any');
  808. $changeOther = allowedTo('profile_extra_any', 'profile_other_any', 'profile_signature_any');
  809. }
  810. // Arrays of all the changes - makes things easier.
  811. $profile_bools = array(
  812. 'notify_announcements', 'notify_send_body',
  813. );
  814. $profile_ints = array(
  815. 'notify_regularity',
  816. 'notify_types',
  817. );
  818. $profile_floats = array(
  819. );
  820. $profile_strings = array(
  821. 'buddy_list',
  822. 'ignore_boards',
  823. );
  824. if (isset($_POST['sa']) && $_POST['sa'] == 'ignoreboards' && empty($_POST['ignore_brd']))
  825. $_POST['ignore_brd'] = array();
  826. unset($_POST['ignore_boards']); // Whatever it is set to is a dirty fithy thing. Kinda like our minds.
  827. if (isset($_POST['ignore_brd']))
  828. {
  829. if (!is_array($_POST['ignore_brd']))
  830. $_POST['ignore_brd'] = array ($_POST['ignore_brd']);
  831. foreach ($_POST['ignore_brd'] as $k => $d)
  832. {
  833. $d = (int) $d;
  834. if ($d != 0)
  835. $_POST['ignore_brd'][$k] = $d;
  836. else
  837. unset($_POST['ignore_brd'][$k]);
  838. }
  839. $_POST['ignore_boards'] = implode(',', $_POST['ignore_brd']);
  840. unset($_POST['ignore_brd']);
  841. }
  842. // Here's where we sort out all the 'other' values...
  843. if ($changeOther)
  844. {
  845. makeThemeChanges($memID, isset($_POST['id_theme']) ? (int) $_POST['id_theme'] : $old_profile['id_theme']);
  846. //makeAvatarChanges($memID, $post_errors);
  847. if (!empty($_REQUEST['sa']))
  848. makeCustomFieldChanges($memID, $_REQUEST['sa'], false);
  849. foreach ($profile_bools as $var)
  850. if (isset($_POST[$var]))
  851. $profile_vars[$var] = empty($_POST[$var]) ? '0' : '1';
  852. foreach ($profile_ints as $var)
  853. if (isset($_POST[$var]))
  854. $profile_vars[$var] = $_POST[$var] != '' ? (int) $_POST[$var] : '';
  855. foreach ($profile_floats as $var)
  856. if (isset($_POST[$var]))
  857. $profile_vars[$var] = (float) $_POST[$var];
  858. foreach ($profile_strings as $var)
  859. if (isset($_POST[$var]))
  860. $profile_vars[$var] = $_POST[$var];
  861. }
  862. }
  863. /**
  864. * Make any theme changes that are sent with the profile.
  865. *
  866. * @param int $memID
  867. * @param int $id_theme
  868. */
  869. function makeThemeChanges($memID, $id_theme)
  870. {
  871. global $modSettings, $smcFunc, $context, $user_info;
  872. $reservedVars = array(
  873. 'actual_theme_url',
  874. 'actual_images_url',
  875. 'base_theme_dir',
  876. 'base_theme_url',
  877. 'default_images_url',
  878. 'default_theme_dir',
  879. 'default_theme_url',
  880. 'default_template',
  881. 'images_url',
  882. 'number_recent_posts',
  883. 'smiley_sets_default',
  884. 'theme_dir',
  885. 'theme_id',
  886. 'theme_layers',
  887. 'theme_templates',
  888. 'theme_url',
  889. );
  890. // Can't change reserved vars.
  891. if ((isset($_POST['options']) && count(array_intersect(array_keys($_POST['options']), $reservedVars)) != 0) || (isset($_POST['default_options']) && count(array_intersect(array_keys($_POST['default_options']), $reservedVars)) != 0))
  892. fatal_lang_error('no_access', false);
  893. // Don't allow any overriding of custom fields with default or non-default options.
  894. $request = $smcFunc['db_query']('', '
  895. SELECT col_name
  896. FROM {db_prefix}custom_fields
  897. WHERE active = {int:is_active}',
  898. array(
  899. 'is_active' => 1,
  900. )
  901. );
  902. $custom_fields = array();
  903. while ($row = $smcFunc['db_fetch_assoc']($request))
  904. $custom_fields[] = $row['col_name'];
  905. $smcFunc['db_free_result']($request);
  906. // These are the theme changes...
  907. $themeSetArray = array();
  908. if (isset($_POST['options']) && is_array($_POST['options']))
  909. {
  910. foreach ($_POST['options'] as $opt => $val)
  911. {
  912. if (in_array($opt, $custom_fields))
  913. continue;
  914. // These need to be controlled.
  915. if ($opt == 'topics_per_page' || $opt == 'messages_per_page')
  916. $val = max(0, min($val, 50));
  917. // We don't set this per theme anymore.
  918. elseif ($opt == 'allow_no_censored')
  919. continue;
  920. $themeSetArray[] = array($memID, $id_theme, $opt, is_array($val) ? implode(',', $val) : $val);
  921. }
  922. }
  923. $erase_options = array();
  924. if (isset($_POST['default_options']) && is_array($_POST['default_options']))
  925. foreach ($_POST['default_options'] as $opt => $val)
  926. {
  927. if (in_array($opt, $custom_fields))
  928. continue;
  929. // These need to be controlled.
  930. if ($opt == 'topics_per_page' || $opt == 'messages_per_page')
  931. $val = max(0, min($val, 50));
  932. // Only let admins and owners change the censor.
  933. elseif ($opt == 'allow_no_censored' && !$user_info['is_admin'] && !$context['user']['is_owner'])
  934. continue;
  935. $themeSetArray[] = array($memID, 1, $opt, is_array($val) ? implode(',', $val) : $val);
  936. $erase_options[] = $opt;
  937. }
  938. // If themeSetArray isn't still empty, send it to the database.
  939. if (empty($context['password_auth_failed']))
  940. {
  941. if (!empty($themeSetArray))
  942. {
  943. $smcFunc['db_insert']('replace',
  944. '{db_prefix}themes',
  945. array('id_member' => 'int', 'id_theme' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  946. $themeSetArray,
  947. array('id_member', 'id_theme', 'variable')
  948. );
  949. }
  950. if (!empty($erase_options))
  951. {
  952. $smcFunc['db_query']('', '
  953. DELETE FROM {db_prefix}themes
  954. WHERE id_theme != {int:id_theme}
  955. AND variable IN ({array_string:erase_variables})
  956. AND id_member = {int:id_member}',
  957. array(
  958. 'id_theme' => 1,
  959. 'id_member' => $memID,
  960. 'erase_variables' => $erase_options
  961. )
  962. );
  963. }
  964. // Admins can choose any theme, even if it's not enabled...
  965. $themes = allowedTo('admin_forum') ? explode(',', $modSettings['knownThemes']) : explode(',', $modSettings['enableThemes']);
  966. foreach ($themes as $t)
  967. cache_put_data('theme_settings-' . $t . ':' . $memID, null, 60);
  968. }
  969. }
  970. /**
  971. * Make any notification changes that need to be made.
  972. *
  973. * @param int $memID id_member
  974. */
  975. function makeNotificationChanges($memID)
  976. {
  977. global $smcFunc;
  978. // Update the boards they are being notified on.
  979. if (isset($_POST['edit_notify_boards']) && !empty($_POST['notify_boards']))
  980. {
  981. // Make sure only integers are deleted.
  982. foreach ($_POST['notify_boards'] as $index => $id)
  983. $_POST['notify_boards'][$index] = (int) $id;
  984. // id_board = 0 is reserved for topic notifications.
  985. $_POST['notify_boards'] = array_diff($_POST['notify_boards'], array(0));
  986. $smcFunc['db_query']('', '
  987. DELETE FROM {db_prefix}log_notify
  988. WHERE id_board IN ({array_int:board_list})
  989. AND id_member = {int:selected_member}',
  990. array(
  991. 'board_list' => $_POST['notify_boards'],
  992. 'selected_member' => $memID,
  993. )
  994. );
  995. }
  996. // We are editing topic notifications......
  997. elseif (isset($_POST['edit_notify_topics']) && !empty($_POST['notify_topics']))
  998. {
  999. foreach ($_POST['notify_topics'] as $index => $id)
  1000. $_POST['notify_topics'][$index] = (int) $id;
  1001. // Make sure there are no zeros left.
  1002. $_POST['notify_topics'] = array_diff($_POST['notify_topics'], array(0));
  1003. $smcFunc['db_query']('', '
  1004. DELETE FROM {db_prefix}log_notify
  1005. WHERE id_topic IN ({array_int:topic_list})
  1006. AND id_member = {int:selected_member}',
  1007. array(
  1008. 'topic_list' => $_POST['notify_topics'],
  1009. 'selected_member' => $memID,
  1010. )
  1011. );
  1012. }
  1013. }
  1014. /**
  1015. * Save any changes to the custom profile fields
  1016. *
  1017. * @param int $memID
  1018. * @param string $area
  1019. * @param bool $sanitize = true
  1020. */
  1021. function makeCustomFieldChanges($memID, $area, $sanitize = true)
  1022. {
  1023. global $context, $smcFunc, $user_profile, $user_info, $modSettings, $sourcedir;
  1024. if ($sanitize && isset($_POST['customfield']))
  1025. $_POST['customfield'] = htmlspecialchars__recursive($_POST['customfield']);
  1026. $where = $area == 'register' ? 'show_reg != 0' : 'show_profile = {string:area}';
  1027. // Load the fields we are saving too - make sure we save valid data (etc).
  1028. $request = $smcFunc['db_query']('', '
  1029. SELECT col_name, field_name, field_desc, field_type, field_length, field_options, default_value, show_reg, mask, private
  1030. FROM {db_prefix}custom_fields
  1031. WHERE ' . $where . '
  1032. AND active = {int:is_active}',
  1033. array(
  1034. 'is_active' => 1,
  1035. 'area' => $area,
  1036. )
  1037. );
  1038. $changes = array();
  1039. $log_changes = array();
  1040. while ($row = $smcFunc['db_fetch_assoc']($request))
  1041. {
  1042. /* This means don't save if:
  1043. - The user is NOT an admin.
  1044. - The data is not freely viewable and editable by users.
  1045. - The data is not invisible to users but editable by the owner (or if it is the user is not the owner)
  1046. - The area isn't registration, and if it is that the field is not suppossed to be shown there.
  1047. */
  1048. if ($row['private'] != 0 && !allowedTo('admin_forum') && ($memID != $user_info['id'] || $row['private'] != 2) && ($area != 'register' || $row['show_reg'] == 0))
  1049. continue;
  1050. // Validate the user data.
  1051. if ($row['field_type'] == 'check')
  1052. $value = isset($_POST['customfield'][$row['col_name']]) ? 1 : 0;
  1053. elseif ($row['field_type'] == 'select' || $row['field_type'] == 'radio')
  1054. {
  1055. $value = $row['default_value'];
  1056. foreach (explode(',', $row['field_options']) as $k => $v)
  1057. if (isset($_POST['customfield'][$row['col_name']]) && $_POST['customfield'][$row['col_name']] == $k)
  1058. $value = $v;
  1059. }
  1060. // Otherwise some form of text!
  1061. else
  1062. {
  1063. $value = isset($_POST['customfield'][$row['col_name']]) ? $_POST['customfield'][$row['col_name']] : '';
  1064. if ($row['field_length'])
  1065. $value = $smcFunc['substr']($value, 0, $row['field_length']);
  1066. // Any masks?
  1067. if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none')
  1068. {
  1069. // @todo We never error on this - just ignore it at the moment...
  1070. if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $value) === 0 || strlen($value) > 255))
  1071. $value = '';
  1072. elseif ($row['mask'] == 'number')
  1073. {
  1074. $value = (int) $value;
  1075. }
  1076. elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0)
  1077. $value = '';
  1078. }
  1079. }
  1080. // Did it change?
  1081. if (!isset($user_profile[$memID]['options'][$row['col_name']]) || $user_profile[$memID]['options'][$row['col_name']] != $value)
  1082. {
  1083. $log_changes[] = array(
  1084. 'action' => 'customfield_' . $row['col_name'],
  1085. 'log_type' => 'user',
  1086. 'extra' => array(
  1087. 'previous' => !empty($user_profile[$memID]['options'][$row['col_name']]) ? $user_profile[$memID]['options'][$row['col_name']] : '',
  1088. 'new' => $value,
  1089. 'applicator' => $user_info['id'],
  1090. 'member_affected' => $memID,
  1091. ),
  1092. );
  1093. $changes[] = array(1, $row['col_name'], $value, $memID);
  1094. $user_profile[$memID]['options'][$row['col_name']] = $value;
  1095. }
  1096. }
  1097. $smcFunc['db_free_result']($request);
  1098. call_integration_hook('integrate_save_custom_profile_fields', array(&$changes, &$log_changes, $memID, $area, $sanitize));
  1099. // Make those changes!
  1100. if (!empty($changes) && empty($context['password_auth_failed']))
  1101. {
  1102. $smcFunc['db_insert']('replace',
  1103. '{db_prefix}themes',
  1104. array('id_theme' => 'int', 'variable' => 'string-255', 'value' => 'string-65534', 'id_member' => 'int'),
  1105. $changes,
  1106. array('id_theme', 'variable', 'id_member')
  1107. );
  1108. if (!empty($log_changes) && !empty($modSettings['modlog_enabled']))
  1109. {
  1110. require_once($sourcedir . '/Logging.php');
  1111. logActions($log_changes);
  1112. }
  1113. }
  1114. }
  1115. /**
  1116. * Show all the users buddies, as well as a add/delete interface.
  1117. *
  1118. * @param int $memID id_member
  1119. */
  1120. function editBuddyIgnoreLists($memID)
  1121. {
  1122. global $sourcedir, $context, $txt, $scripturl, $modSettings, $user_profile;
  1123. // Do a quick check to ensure people aren't getting here illegally!
  1124. if (!$context['user']['is_owner'] || empty($modSettings['enable_buddylist']))
  1125. fatal_lang_error('no_access', false);
  1126. // Can we email the user direct?
  1127. $context['can_moderate_forum'] = allowedTo('moderate_forum');
  1128. $context['can_send_email'] = allowedTo('moderate_forum');
  1129. $subActions = array(
  1130. 'buddies' => array('editBuddies', $txt['editBuddies']),
  1131. 'ignore' => array('editIgnoreList', $txt['editIgnoreList']),
  1132. );
  1133. $context['list_area'] = isset($_GET['sa']) && isset($subActions[$_GET['sa']]) ? $_GET['sa'] : 'buddies';
  1134. // Create the tabs for the template.
  1135. $context[$context['profile_menu_name']]['tab_data'] = array(
  1136. 'title' => $txt['editBuddyIgnoreLists'],
  1137. 'description' => $txt['buddy_ignore_desc'],
  1138. 'icon' => 'profile_hd.png',
  1139. 'tabs' => array(
  1140. 'buddies' => array(),
  1141. 'ignore' => array(),
  1142. ),
  1143. );
  1144. loadJavascriptFile('suggest.js', array('default_theme' => true, 'defer' => false), 'smf_suggest');
  1145. // Pass on to the actual function.
  1146. $context['sub_template'] = $subActions[$context['list_area']][0];
  1147. $subActions[$context['list_area']][0]($memID);
  1148. }
  1149. /**
  1150. * Show all the users buddies, as well as a add/delete interface.
  1151. *
  1152. * @param int $memID id_member
  1153. */
  1154. function editBuddies($memID)
  1155. {
  1156. global $txt, $scripturl;
  1157. global $context, $user_profile, $memberContext, $smcFunc;
  1158. // For making changes!
  1159. $buddiesArray = explode(',', $user_profile[$memID]['buddy_list']);
  1160. foreach ($buddiesArray as $k => $dummy)
  1161. if ($dummy == '')
  1162. unset($buddiesArray[$k]);
  1163. // Removing a buddy?
  1164. if (isset($_GET['remove']))
  1165. {
  1166. checkSession('get');
  1167. call_integration_hook('integrate_remove_buddy', array($memID));
  1168. $_SESSION['prf-save'] = $txt['could_not_remove_person'];
  1169. // Heh, I'm lazy, do it the easy way...
  1170. foreach ($buddiesArray as $key => $buddy)
  1171. if ($buddy == (int) $_GET['remove'])
  1172. {
  1173. unset($buddiesArray[$key]);
  1174. $_SESSION['prf-save'] = true;
  1175. }
  1176. // Make the changes.
  1177. $user_profile[$memID]['buddy_list'] = implode(',', $buddiesArray);
  1178. updateMemberData($memID, array('buddy_list' => $user_profile[$memID]['buddy_list']));
  1179. // Redirect off the page because we don't like all this ugly query stuff to stick in the history.
  1180. redirectexit('action=profile;area=lists;sa=buddies;u=' . $memID);
  1181. }
  1182. elseif (isset($_POST['new_buddy']))
  1183. {
  1184. checkSession();
  1185. // Prepare the string for extraction...
  1186. $_POST['new_buddy'] = strtr($smcFunc['htmlspecialchars']($_POST['new_buddy'], ENT_QUOTES), array('&quot;' => '"'));
  1187. preg_match_all('~"([^"]+)"~', $_POST['new_buddy'], $matches);
  1188. $new_buddies = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST['new_buddy']))));
  1189. foreach ($new_buddies as $k => $dummy)
  1190. {
  1191. $new_buddies[$k] = strtr(trim($new_buddies[$k]), array('\'' => '&#039;'));
  1192. if (strlen($new_buddies[$k]) == 0 || in_array($new_buddies[$k], array($user_profile[$memID]['member_name'], $user_profile[$memID]['real_name'])))
  1193. unset($new_buddies[$k]);
  1194. }
  1195. call_integration_hook('integrate_add_buddies', array($memID, &$new_buddies));
  1196. $_SESSION['prf-save'] = $txt['could_not_add_person'];
  1197. if (!empty($new_buddies))
  1198. {
  1199. // Now find out the id_member of the buddy.
  1200. $request = $smcFunc['db_query']('', '
  1201. SELECT id_member
  1202. FROM {db_prefix}members
  1203. WHERE member_name IN ({array_string:new_buddies}) OR real_name IN ({array_string:new_buddies})
  1204. LIMIT {int:count_new_buddies}',
  1205. array(
  1206. 'new_buddies' => $new_buddies,
  1207. 'count_new_buddies' => count($new_buddies),
  1208. )
  1209. );
  1210. if ($smcFunc['db_num_rows']($request) != 0)
  1211. $_SESSION['prf-save'] = true;
  1212. // Add the new member to the buddies array.
  1213. while ($row = $smcFunc['db_fetch_assoc']($request))
  1214. $buddiesArray[] = (int) $row['id_member'];
  1215. $smcFunc['db_free_result']($request);
  1216. // Now update the current users buddy list.
  1217. $user_profile[$memID]['buddy_list'] = implode(',', $buddiesArray);
  1218. updateMemberData($memID, array('buddy_list' => $user_profile[$memID]['buddy_list']));
  1219. }
  1220. // Back to the buddy list!
  1221. redirectexit('action=profile;area=lists;sa=buddies;u=' . $memID);
  1222. }
  1223. // Get all the users "buddies"...
  1224. $buddies = array();
  1225. if (!empty($buddiesArray))
  1226. {
  1227. $result = $smcFunc['db_query']('', '
  1228. SELECT id_member
  1229. FROM {db_prefix}members
  1230. WHERE id_member IN ({array_int:buddy_list})
  1231. ORDER BY real_name
  1232. LIMIT {int:buddy_list_count}',
  1233. array(
  1234. 'buddy_list' => $buddiesArray,
  1235. 'buddy_list_count' => substr_count($user_profile[$memID]['buddy_list'], ',') + 1,
  1236. )
  1237. );
  1238. while ($row = $smcFunc['db_fetch_assoc']($result))
  1239. $buddies[] = $row['id_member'];
  1240. $smcFunc['db_free_result']($result);
  1241. }
  1242. $context['buddy_count'] = count($buddies);
  1243. // Load all the members up.
  1244. loadMemberData($buddies, false, 'profile');
  1245. // Setup the context for each buddy.
  1246. $context['buddies'] = array();
  1247. foreach ($buddies as $buddy)
  1248. {
  1249. loadMemberContext($buddy);
  1250. $context['buddies'][$buddy] = $memberContext[$buddy];
  1251. }
  1252. if (isset($_SESSION['prf-save']))
  1253. {
  1254. if ($_SESSION['prf-save'] === true)
  1255. $context['saved_successful'] = true;
  1256. else
  1257. $context['saved_failed'] = $_SESSION['prf-save'];
  1258. unset($_SESSION['prf-save']);
  1259. }
  1260. call_integration_hook('integrate_view_buddies', array($memID));
  1261. }
  1262. /**
  1263. * Allows the user to view their ignore list, as well as the option to manage members on it.
  1264. *
  1265. * @param int $memID id_member
  1266. */
  1267. function editIgnoreList($memID)
  1268. {
  1269. global $txt, $scripturl;
  1270. global $context, $user_profile, $memberContext, $smcFunc;
  1271. // For making changes!
  1272. $ignoreArray = explode(',', $user_profile[$memID]['pm_ignore_list']);
  1273. foreach ($ignoreArray as $k => $dummy)
  1274. if ($dummy == '')
  1275. unset($ignoreArray[$k]);
  1276. // Removing a member from the ignore list?
  1277. if (isset($_GET['remove']))
  1278. {
  1279. checkSession('get');
  1280. $_SESSION['prf-save'] = $txt['could_not_remove_person'];
  1281. // Heh, I'm lazy, do it the easy way...
  1282. foreach ($ignoreArray as $key => $id_remove)
  1283. if ($id_remove == (int) $_GET['remove'])
  1284. {
  1285. unset($ignoreArray[$key]);
  1286. $_SESSION['prf-save'] = true;
  1287. }
  1288. // Make the changes.
  1289. $user_profile[$memID]['pm_ignore_list'] = implode(',', $ignoreArray);
  1290. updateMemberData($memID, array('pm_ignore_list' => $user_profile[$memID]['pm_ignore_list']));
  1291. // Redirect off the page because we don't like all this ugly query stuff to stick in the history.
  1292. redirectexit('action=profile;area=lists;sa=ignore;u=' . $memID);
  1293. }
  1294. elseif (isset($_POST['new_ignore']))
  1295. {
  1296. checkSession();
  1297. // Prepare the string for extraction...
  1298. $_POST['new_ignore'] = strtr($smcFunc['htmlspecialchars']($_POST['new_ignore'], ENT_QUOTES), array('&quot;' => '"'));
  1299. preg_match_all('~"([^"]+)"~', $_POST['new_ignore'], $matches);
  1300. $new_entries = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST['new_ignore']))));
  1301. foreach ($new_entries as $k => $dummy)
  1302. {
  1303. $new_entries[$k] = strtr(trim($new_entries[$k]), array('\'' => '&#039;'));
  1304. if (strlen($new_entries[$k]) == 0 || in_array($new_entries[$k], array($user_profile[$memID]['member_name'], $user_profile[$memID]['real_name'])))
  1305. unset($new_entries[$k]);
  1306. }
  1307. $_SESSION['prf-save'] = $txt['could_not_add_person'];
  1308. if (!empty($new_entries))
  1309. {
  1310. // Now find out the id_member for the members in question.
  1311. $request = $smcFunc['db_query']('', '
  1312. SELECT id_member
  1313. FROM {db_prefix}members
  1314. WHERE member_name IN ({array_string:new_entries}) OR real_name IN ({array_string:new_entries})
  1315. LIMIT {int:count_new_entries}',
  1316. array(
  1317. 'new_entries' => $new_entries,
  1318. 'count_new_entries' => count($new_entries),
  1319. )
  1320. );
  1321. if ($smcFunc['db_num_rows']($request) != 0)
  1322. $_SESSION['prf-save'] = true;
  1323. // Add the new member to the buddies array.
  1324. while ($row = $smcFunc['db_fetch_assoc']($request))
  1325. $ignoreArray[] = (int) $row['id_member'];
  1326. $smcFunc['db_free_result']($request);
  1327. // Now update the current users buddy list.
  1328. $user_profile[$memID]['pm_ignore_list'] = implode(',', $ignoreArray);
  1329. updateMemberData($memID, array('pm_ignore_list' => $user_profile[$memID]['pm_ignore_list']));
  1330. }
  1331. // Back to the list of pityful people!
  1332. redirectexit('action=profile;area=lists;sa=ignore;u=' . $memID);
  1333. }
  1334. // Initialise the list of members we're ignoring.
  1335. $ignored = array();
  1336. if (!empty($ignoreArray))
  1337. {
  1338. $result = $smcFunc['db_query']('', '
  1339. SELECT id_member
  1340. FROM {db_prefix}members
  1341. WHERE id_member IN ({array_int:ignore_list})
  1342. ORDER BY real_name
  1343. LIMIT {int:ignore_list_count}',
  1344. array(
  1345. 'ignore_list' => $ignoreArray,
  1346. 'ignore_list_count' => substr_count($user_profile[$memID]['pm_ignore_list'], ',') + 1,
  1347. )
  1348. );
  1349. while ($row = $smcFunc['db_fetch_assoc']($result))
  1350. $ignored[] = $row['id_member'];
  1351. $smcFunc['db_free_result']($result);
  1352. }
  1353. $context['ignore_count'] = count($ignored);
  1354. // Load all the members up.
  1355. loadMemberData($ignored, false, 'profile');
  1356. // Setup the context for each buddy.
  1357. $context['ignore_list'] = array();
  1358. foreach ($ignored as $ignore_member)
  1359. {
  1360. loadMemberContext($ignore_member);
  1361. $context['ignore_list'][$ignore_member] = $memberContext[$ignore_member];
  1362. }
  1363. if (isset($_SESSION['prf-save']))
  1364. {
  1365. if ($_SESSION['prf-save'] === true)
  1366. $context['saved_successful'] = true;
  1367. else
  1368. $context['saved_failed'] = $_SESSION['prf-save'];
  1369. unset($_SESSION['prf-save']);
  1370. }
  1371. }
  1372. /**
  1373. * @todo Needs a description
  1374. *
  1375. * @param int $memID id_member
  1376. */
  1377. function account($memID)
  1378. {
  1379. global $context, $txt;
  1380. loadThemeOptions($memID);
  1381. if (allowedTo(array('profile_identity_own', 'profile_identity_any', 'profile_password_own', 'profile_password_any')))
  1382. loadCustomFields($memID, 'account');
  1383. $context['sub_template'] = 'edit_options';
  1384. $context['page_desc'] = $txt['account_info'];
  1385. setupProfileContext(
  1386. array(
  1387. 'member_name', 'real_name', 'date_registered', 'posts', 'lngfile', 'hr',
  1388. 'id_group', 'hr',
  1389. 'email_address', 'show_online', 'hr',
  1390. 'passwrd1', 'passwrd2', 'hr',
  1391. 'secret_question', 'secret_answer',
  1392. )
  1393. );
  1394. }
  1395. /**
  1396. * @todo Needs a description
  1397. *
  1398. * @param int $memID id_member
  1399. */
  1400. function forumProfile($memID)
  1401. {
  1402. global $context, $txt;
  1403. loadThemeOptions($memID);
  1404. if (allowedTo(array('profile_forum_own', 'profile_forum_any')))
  1405. loadCustomFields($memID, 'forumprofile');
  1406. $context['sub_template'] = 'edit_options';
  1407. $context['page_desc'] = $txt['forumProfile_info'];
  1408. $context['show_preview_button'] = true;
  1409. setupProfileContext(
  1410. array(
  1411. 'avatar_choice', 'hr', 'personal_text', 'hr',
  1412. 'bday1', 'usertitle', 'signature', 'hr',
  1413. 'karma_good', 'hr',
  1414. 'website_title', 'website_url',
  1415. )
  1416. );
  1417. }
  1418. /**
  1419. * Recursive function to retrieve server-stored avatar files
  1420. *
  1421. * @param string $directory
  1422. * @param int $level
  1423. * @return array
  1424. */
  1425. function getAvatars($directory, $level)
  1426. {
  1427. global $context, $txt, $modSettings, $smcFunc;
  1428. $result = array();
  1429. // Open the directory..
  1430. $dir = dir($modSettings['avatar_directory'] . (!empty($directory) ? '/' : '') . $directory);
  1431. $dirs = array();
  1432. $files = array();
  1433. if (!$dir)
  1434. return array();
  1435. while ($line = $dir->read())
  1436. {
  1437. if (in_array($line, array('.', '..', 'blank.png', 'index.php')))
  1438. continue;
  1439. if (is_dir($modSettings['avatar_directory'] . '/' . $directory . (!empty($directory) ? '/' : '') . $line))
  1440. $dirs[] = $line;
  1441. else
  1442. $files[] = $line;
  1443. }
  1444. $dir->close();
  1445. // Sort the results...
  1446. natcasesort($dirs);
  1447. natcasesort($files);
  1448. if ($level == 0)
  1449. {
  1450. $result[] = array(
  1451. 'filename' => 'blank.png',
  1452. 'checked' => in_array($context['member']['avatar']['server_pic'], array('', 'blank.png')),
  1453. 'name' => $txt['no_pic'],
  1454. 'is_dir' => false
  1455. );
  1456. }
  1457. foreach ($dirs as $line)
  1458. {
  1459. $tmp = getAvatars($directory . (!empty($directory) ? '/' : '') . $line, $level + 1);
  1460. if (!empty($tmp))
  1461. $result[] = array(
  1462. 'filename' => $smcFunc['htmlspecialchars']($line),
  1463. 'checked' => strpos($context['member']['avatar']['server_pic'], $line . '/') !== false,
  1464. 'name' => '[' . $smcFunc['htmlspecialchars'](str_replace('_', ' ', $line)) . ']',
  1465. 'is_dir' => true,
  1466. 'files' => $tmp
  1467. );
  1468. unset($tmp);
  1469. }
  1470. foreach ($files as $line)
  1471. {
  1472. $filename = substr($line, 0, (strlen($line) - strlen(strrchr($line, '.'))));
  1473. $extension = substr(strrchr($line, '.'), 1);
  1474. // Make sure it is an image.
  1475. if (strcasecmp($extension, 'gif') != 0 && strcasecmp($extension, 'jpg') != 0 && strcasecmp($extension, 'jpeg') != 0 && strcasecmp($extension, 'png') != 0 && strcasecmp($extension, 'bmp') != 0)
  1476. continue;
  1477. $result[] = array(
  1478. 'filename' => $smcFunc['htmlspecialchars']($line),
  1479. 'checked' => $line == $context['member']['avatar']['server_pic'],
  1480. 'name' => $smcFunc['htmlspecialchars'](str_replace('_', ' ', $filename)),
  1481. 'is_dir' => false
  1482. );
  1483. if ($level == 1)
  1484. $context['avatar_list'][] = $directory . '/' . $line;
  1485. }
  1486. return $result;
  1487. }
  1488. /**
  1489. * @todo needs a description
  1490. *
  1491. * @param int $memID id_member
  1492. */
  1493. function theme($memID)
  1494. {
  1495. global $txt, $context, $user_profile, $smcFunc;
  1496. loadThemeOptions($memID);
  1497. if (allowedTo(array('profile_extra_own', 'profile_extra_any')))
  1498. loadCustomFields($memID, 'theme');
  1499. $context['sub_template'] = 'edit_options';
  1500. $context['page_desc'] = $txt['theme_info'];
  1501. setupProfileContext(
  1502. array(
  1503. 'id_theme', 'smiley_set', 'hr',
  1504. 'time_format', 'time_offset', 'hr',
  1505. 'theme_settings',
  1506. )
  1507. );
  1508. }
  1509. /**
  1510. * Changing authentication method? Only appropriate for people using OpenID.
  1511. *
  1512. * @param int $memID id_member
  1513. * @param bool $saving = false
  1514. */
  1515. function authentication($memID, $saving = false)
  1516. {
  1517. global $context, $cur_profile, $sourcedir, $txt, $post_errors, $modSettings;
  1518. loadLanguage('Login');
  1519. // We are saving?
  1520. if ($saving)
  1521. {
  1522. // Moving to password passed authentication?
  1523. if ($_POST['authenticate'] == 'passwd')
  1524. {
  1525. // Didn't enter anything?
  1526. if ($_POST['passwrd1'] == '')
  1527. $post_errors[] = 'no_password';
  1528. // Do the two entries for the password even match?
  1529. elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2'])
  1530. $post_errors[] = 'bad_new_password';
  1531. // Is it valid?
  1532. else
  1533. {
  1534. require_once($sourcedir . '/Subs-Auth.php');
  1535. $passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address']));
  1536. // Were there errors?
  1537. if ($passwordErrors != null)
  1538. $post_errors[] = 'password_' . $passwordErrors;
  1539. }
  1540. if (empty($post_errors))
  1541. {
  1542. // Integration?
  1543. call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1']));
  1544. // Go then.
  1545. $passwd = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd1']));
  1546. // Do the important bits.
  1547. updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd));
  1548. if ($context['user']['is_owner'])
  1549. {
  1550. setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
  1551. redirectexit('action=profile;area=authentication;updated');
  1552. }
  1553. else
  1554. redirectexit('action=profile;u=' . $memID);
  1555. }
  1556. return true;
  1557. }
  1558. // Not right yet!
  1559. elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier']))
  1560. {
  1561. require_once($sourcedir . '/Subs-OpenID.php');
  1562. $_POST['openid_identifier'] = smf_openID_canonize($_POST['openid_identifier']);
  1563. if (smf_openid_member_exists($_POST['openid_identifier']))
  1564. $post_errors[] = 'openid_in_use';
  1565. elseif (empty($post_errors))
  1566. {
  1567. // Authenticate using the new OpenID URI first to make sure they didn't make a mistake.
  1568. if ($context['user']['is_owner'])
  1569. {
  1570. $_SESSION['new_openid_uri'] = $_POST['openid_identifier'];
  1571. smf_openID_validate($_POST['openid_identifier'], false, null, 'change_uri');
  1572. }
  1573. else
  1574. updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier']));
  1575. }
  1576. }
  1577. }
  1578. // Some stuff.
  1579. $context['member']['openid_uri'] = $cur_profile['openid_uri'];
  1580. $context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid';
  1581. $context['sub_template'] = 'authentication_method';
  1582. loadJavascriptFile('register.js', array('default_theme' => true, 'defer' => false), 'smf_register');
  1583. }
  1584. /**
  1585. * Display the notifications and settings for changes.
  1586. *
  1587. * @param int $memID id_member
  1588. */
  1589. function notification($memID)
  1590. {
  1591. global $txt, $scripturl, $user_profile, $context, $smcFunc, $sourcedir;
  1592. // Going to want this for consistency.
  1593. loadCSSFile('admin.css', array(), 'admin');
  1594. // This is just a bootstrap for everything else.
  1595. $sa = array(
  1596. 'alerts' => 'alert_configuration',
  1597. 'markread' => 'alert_markread',
  1598. 'topics' => 'alert_notifications_topics',
  1599. 'boards' => 'alert_notifications_boards',
  1600. );
  1601. $subAction = !empty($_GET['sa']) && isset($sa[$_GET['sa']]) ? $_GET['sa'] : 'alerts';
  1602. $context['sub_template'] = $sa[$subAction];
  1603. $context[$context['profile_menu_name']]['tab_data'] = array(
  1604. 'title' => $txt['notification'],
  1605. 'help' => '',
  1606. 'description' => $txt['notification_info'],
  1607. );
  1608. $sa[$subAction]($memID);
  1609. }
  1610. function alert_configuration($memID)
  1611. {
  1612. global $txt, $scripturl, $user_profile, $context, $modSettings, $smcFunc, $sourcedir;
  1613. $context['token_check'] = 'profile-nt' . $memID;
  1614. is_not_guest();
  1615. if (!$context['user']['is_owner'])
  1616. isAllowedTo('profile_extra_any');
  1617. // What options are set?
  1618. $context['member'] += array(
  1619. 'notify_announcements' => $user_profile[$memID]['notify_announcements'],
  1620. 'notify_send_body' => $user_profile[$memID]['notify_send_body'],
  1621. 'notify_types' => $user_profile[$memID]['notify_types'],
  1622. 'notify_regularity' => $user_profile[$memID]['notify_regularity'],
  1623. );
  1624. loadThemeOptions($memID);
  1625. // Now load all the values for this user.
  1626. require_once($sourcedir . '/Subs-Notify.php');
  1627. $prefs = getNotifyPrefs($memID);
  1628. // And we might as well now perform the splicing of default values.
  1629. if (!empty($prefs[0]))
  1630. foreach ($prefs[0] as $this_pref => $value)
  1631. if (!isset($prefs[$memID][$this_pref]))
  1632. $prefs[$memID][$this_pref] = $value;
  1633. $context['alert_prefs'] = !empty($prefs[$memID]) ? $prefs[$memID] : array();
  1634. // Now for the exciting stuff.
  1635. // We have groups of items, each item has both an alert and an email key as well as an optional help string.
  1636. // Valid values for these keys are 'always', 'yes', 'never'; if using always or never you should add a help string.
  1637. $alert_types = array(
  1638. 'msg' => array(
  1639. 'topic_notify' => array('alert' => 'yes', 'email' => 'yes'),
  1640. 'board_notify' => array('alert' => 'yes', 'email' => 'yes'),
  1641. 'msg_mention' => array('alert' => 'yes', 'email' => 'yes'),
  1642. 'msg_quote' => array('alert' => 'yes', 'email' => 'yes'),
  1643. 'msg_like' => array('alert' => 'yes', 'email' => 'never'),
  1644. ),
  1645. 'pm' => array(
  1646. 'pm_new' => array('alert' => 'always', 'email' => 'yes', 'help' => 'alert_pm_new', 'permission' => array('name' => 'pm_read', 'is_board' => false)),
  1647. 'pm_reply' => array('alert' => 'always', 'email' => 'yes', 'help' => 'alert_pm_new', 'permission' => array('name' => 'pm_send', 'is_board' => false)),
  1648. ),
  1649. 'moderation' => array(
  1650. 'msg_report' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_board', 'is_board' => true)),
  1651. 'msg_report_reply' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_board', 'is_board' => true)),
  1652. 'member_report' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_forum', 'is_board' => false)),
  1653. 'member_report_reply' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_forum', 'is_board' => false)),
  1654. ),
  1655. 'members' => array(
  1656. 'member_register' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_forum', 'is_board' => false)),
  1657. 'request_group' => array('alert' => 'yes', 'email' => 'yes'),
  1658. 'warn_any' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'issue_warning', 'is_board' => false)),
  1659. ),
  1660. 'calendar' => array(
  1661. 'event_new' => array('alert' => 'yes', 'email' => 'yes', 'help' => 'alert_event_new'),
  1662. ),
  1663. );
  1664. $group_options = array(
  1665. 'msg' => array(
  1666. array('check', 'msg_auto_notify', 'label' => 'after'),
  1667. array('select', 'msg_notify_pref', 'label' => 'before', 'opts' => array(
  1668. 0 => $txt['alert_opt_msg_notify_pref_nothing'],
  1669. 1 => $txt['alert_opt_msg_notify_pref_instant'],
  1670. 2 => $txt['alert_opt_msg_notify_pref_first'],
  1671. 3 => $txt['alert_opt_msg_notify_pref_daily'],
  1672. 4 => $txt['alert_opt_msg_notify_pref_weekly'],
  1673. )),
  1674. ),
  1675. );
  1676. $disabled_options = array();
  1677. // There are certain things that are disabled at the group level.
  1678. if (empty($modSettings['cal_enabled']))
  1679. {
  1680. foreach ($alert_types['calendar'] as $k => $v)
  1681. $disabled_options[] = $k;
  1682. unset ($alert_types['calendar']);
  1683. }
  1684. // Now, now, we could pass this through global but we should really get into the habit of
  1685. // passing content to hooks, not expecting hooks to splatter everything everywhere.
  1686. call_integration_hook('integrate_alert_types', array(&$alert_types, &$group_options, &$disabled_options));
  1687. // Now we have to do some permissions testing.
  1688. require_once($sourcedir . '/Subs-Members.php');
  1689. $perms_cache = array();
  1690. foreach ($alert_types as $group => $items)
  1691. {
  1692. foreach ($items as $alert_key => $alert_value)
  1693. {
  1694. if (!isset($alert_value['permission']))
  1695. continue;
  1696. if (!isset($perms_cache[$alert_value['permission']['name']]))
  1697. {
  1698. $in_board = !empty($alert_value['permission']['is_board']) ? 0 : null;
  1699. $members = membersAllowedTo($alert_value['permission']['name'], $in_board);
  1700. $perms_cache[$alert_value['permission']['name']] = in_array($memID, $members);
  1701. }
  1702. if (!$perms_cache[$alert_value['permission']['name']])
  1703. {
  1704. $disabled_options[] = $alert_key;
  1705. unset ($alert_types[$group][$alert_key]);
  1706. }
  1707. }
  1708. if (empty($alert_types[$group]))
  1709. unset ($alert_types[$group]);
  1710. }
  1711. // Slightly different for group requests
  1712. $request = $smcFunc['db_query']('', '
  1713. SELECT COUNT(*)
  1714. FROM {db_prefix}group_moderators
  1715. WHERE id_member = {int:memID}',
  1716. array(
  1717. 'memID' => $memID,
  1718. )
  1719. );
  1720. list($can_mod) = $smcFunc['db_fetch_row']($request);
  1721. if (!isset($perms_cache['manage_membergroups']))
  1722. {
  1723. $members = membersAllowedTo('manage_membergroups');
  1724. $perms_cache['manage_membergroups'] = in_array($memID, $members);
  1725. }
  1726. if (!($perms_cache['manage_membergroups'] || $can_mod != 0))
  1727. unset($alert_types['members']['request_group']);
  1728. // And finally, exporting it to be useful later.
  1729. $context['alert_types'] = $alert_types;
  1730. $context['alert_group_options'] = $group_options;
  1731. $context['disabled_alerts'] = $disabled_options;
  1732. $context['alert_bits'] = array(
  1733. 'alert' => 0x01,
  1734. 'email' => 0x02,
  1735. );
  1736. if (isset($_POST['notify_submit']))
  1737. {
  1738. checkSession();
  1739. validateToken($context['token_check'], 'post');
  1740. // We need to step through the list of valid settings and figure out what the user has set.
  1741. $update_prefs = array();
  1742. // Now the group level options
  1743. foreach ($context['alert_group_options'] as $opt_group => $group)
  1744. {
  1745. foreach ($group as $this_option)
  1746. {
  1747. switch ($this_option[0])
  1748. {
  1749. case 'check':
  1750. $update_prefs[$this_option[1]] = !empty($_POST['opt_' . $this_option[1]]) ? 1 : 0;
  1751. break;
  1752. case 'select':
  1753. if (isset($_POST['opt_' . $this_option[1]], $this_option['opts'][$_POST['opt_' . $this_option[1]]]))
  1754. $update_prefs[$this_option[1]] = $_POST['opt_' . $this_option[1]];
  1755. else
  1756. {
  1757. // We didn't have a sane value. Let's grab the first item from the possibles.
  1758. $keys = array_keys($this_option['opts']);
  1759. $first = array_shift($keys);
  1760. $update_prefs[$this_option[1]] = $first;
  1761. }
  1762. break;
  1763. }
  1764. }
  1765. }
  1766. // Now the individual options
  1767. foreach ($context['alert_types'] as $alert_group => $items)
  1768. {
  1769. foreach ($items as $item_key => $this_options)
  1770. {
  1771. $this_value = 0;
  1772. foreach ($context['alert_bits'] as $type => $bitvalue)
  1773. {
  1774. if ($this_options[$type] == 'yes' && !empty($_POST[$type . '_' . $item_key]))
  1775. $this_value |= $bitvalue;
  1776. }
  1777. $update_prefs[$item_key] = $this_value;
  1778. }
  1779. }
  1780. setNotifyPrefs($memID, $update_prefs);
  1781. foreach ($update_prefs as $pref => $value)
  1782. $context['alert_prefs'][$pref] = $value;
  1783. makeNotificationChanges($memID);
  1784. $context['profile_updated'] = $txt['profile_updated_own'];
  1785. }
  1786. createToken($context['token_check'], 'post');
  1787. }
  1788. function alert_markread($memID)
  1789. {
  1790. global $context, $db_show_debug, $smcFunc;
  1791. // We do not want to output debug information here.
  1792. $db_show_debug = false;
  1793. // We only want to output our little layer here.
  1794. $context['template_layers'] = array();
  1795. $context['sub_template'] = 'alerts_all_read';
  1796. loadLanguage('Alerts');
  1797. // Now we're all set up.
  1798. is_not_guest();
  1799. if (!$context['user']['is_owner'])
  1800. fatal_error('no_access');
  1801. checkSession('get');
  1802. // Assuming we're here, mark everything as read and head back.
  1803. // We only spit back the little layer because this should be called AJAXively.
  1804. $smcFunc['db_query']('', '
  1805. UPDATE {db_prefix}user_alerts
  1806. SET is_read = {int:now}
  1807. WHERE id_member = {int:current_member}
  1808. AND is_read = 0',
  1809. array(
  1810. 'now' => time(),
  1811. 'current_member' => $memID,
  1812. )
  1813. );
  1814. updateMemberData($memID, array('alerts' => 0));
  1815. }
  1816. function alert_notifications_topics($memID)
  1817. {
  1818. global $txt, $scripturl, $user_profile, $context, $modSettings, $smcFunc, $sourcedir;
  1819. // Because of the way this stuff works, we want to do this ourselves.
  1820. if (isset($_POST['edit_notify_topics']))
  1821. {
  1822. checkSession();
  1823. validateToken(str_replace('%u', $memID, 'profile-nt%u'), 'post');
  1824. makeNotificationChanges($memID);
  1825. $context['profile_updated'] = $txt['profile_updated_own'];
  1826. }
  1827. // Now set up for the token check.
  1828. $context['token_check'] = str_replace('%u', $memID, 'profile-nt%u');
  1829. createToken($context['token_check'], 'post');
  1830. // Gonna want this for the list.
  1831. require_once($sourcedir . '/Subs-List.php');
  1832. // Do the topic notifications.
  1833. $listOptions = array(
  1834. 'id' => 'topic_notification_list',
  1835. 'width' => '100%',
  1836. 'items_per_page' => $modSettings['defaultMaxMessages'],
  1837. 'no_items_label' => $txt['notifications_topics_none'] . '<br><br>' . $txt['notifications_topics_howto'],
  1838. 'no_items_align' => 'left',
  1839. 'base_href' => $scripturl . '?action=profile;u=' . $memID . ';area=notification;sa=topics',
  1840. 'default_sort_col' => 'last_post',
  1841. 'get_items' => array(
  1842. 'function' => 'list_getTopicNotifications',
  1843. 'params' => array(
  1844. $memID,
  1845. ),
  1846. ),
  1847. 'get_count' => array(
  1848. 'function' => 'list_getTopicNotificationCount',
  1849. 'params' => array(
  1850. $memID,
  1851. ),
  1852. ),
  1853. 'columns' => array(
  1854. 'subject' => array(
  1855. 'header' => array(
  1856. 'value' => $txt['notifications_topics'],
  1857. 'class' => 'lefttext first_th',
  1858. ),
  1859. 'data' => array(
  1860. 'function' => create_function('$topic', '
  1861. global $txt;
  1862. $link = $topic[\'link\'];
  1863. if ($topic[\'new\'])
  1864. $link .= \' <a href="\' . $topic[\'new_href\'] . \'"><span class="new_posts">\' . $txt[\'new\'] . \'</span></a>\';
  1865. $link .= \'<br><span class="smalltext"><em>\' . $txt[\'in\'] . \' \' . $topic[\'board_link\'] . \'</em></span>\';
  1866. return $link;
  1867. '),
  1868. ),
  1869. 'sort' => array(
  1870. 'default' => 'ms.subject',
  1871. 'reverse' => 'ms.subject DESC',
  1872. ),
  1873. ),
  1874. 'started_by' => array(
  1875. 'header' => array(
  1876. 'value' => $txt['started_by'],
  1877. 'class' => 'lefttext',
  1878. ),
  1879. 'data' => array(
  1880. 'db' => 'poster_link',
  1881. ),
  1882. 'sort' => array(
  1883. 'default' => 'real_name_col',
  1884. 'reverse' => 'real_name_col DESC',
  1885. ),
  1886. ),
  1887. 'last_post' => array(
  1888. 'header' => array(
  1889. 'value' => $txt['last_post'],
  1890. 'class' => 'lefttext',
  1891. ),
  1892. 'data' => array(
  1893. 'sprintf' => array(
  1894. 'format' => '<span class="smalltext">%1$s<br>' . $txt['by'] . ' %2$s</span>',
  1895. 'params' => array(
  1896. 'updated' => false,
  1897. 'poster_updated_link' => false,
  1898. ),
  1899. ),
  1900. ),
  1901. 'sort' => array(
  1902. 'default' => 'ml.id_msg DESC',
  1903. 'reverse' => 'ml.id_msg',
  1904. ),
  1905. ),
  1906. 'delete' => array(
  1907. 'header' => array(
  1908. 'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);">',
  1909. 'style' => 'width: 4%;',
  1910. 'class' => 'centercol',
  1911. ),
  1912. 'data' => array(
  1913. 'sprintf' => array(
  1914. 'format' => '<input type="checkbox" name="notify_topics[]" value="%1$d" class="input_check">',
  1915. 'params' => array(
  1916. 'id' => false,
  1917. ),
  1918. ),
  1919. 'class' => 'centercol',
  1920. ),
  1921. ),
  1922. ),
  1923. 'form' => array(
  1924. 'href' => $scripturl . '?action=profile;area=notification;sa=topics',
  1925. 'include_sort' => true,
  1926. 'include_start' => true,
  1927. 'hidden_fields' => array(
  1928. 'u' => $memID,
  1929. 'sa' => $context['menu_item_selected'],
  1930. $context['session_var'] => $context['session_id'],
  1931. ),
  1932. 'token' => $context['token_check'],
  1933. ),
  1934. 'additional_rows' => array(
  1935. array(
  1936. 'position' => 'bottom_of_list',
  1937. 'value' => '<input type="submit" name="edit_notify_topics" value="' . $txt['notifications_update'] . '" class="button_submit">',
  1938. 'align' => 'right',
  1939. ),
  1940. ),
  1941. );
  1942. // Create the notification list.
  1943. createList($listOptions);
  1944. }
  1945. function alert_notifications_boards($memID)
  1946. {
  1947. global $txt, $scripturl, $user_profile, $context, $smcFunc, $sourcedir;
  1948. // Because of the way this stuff works, we want to do this ourselves.
  1949. if (isset($_POST['edit_notify_boards']))
  1950. {
  1951. checkSession();
  1952. validateToken(str_replace('%u', $memID, 'profile-nt%u'), 'post');
  1953. makeNotificationChanges($memID);
  1954. $context['profile_updated'] = $txt['profile_updated_own'];
  1955. }
  1956. // Now set up for the token check.
  1957. $context['token_check'] = str_replace('%u', $memID, 'profile-nt%u');
  1958. createToken($context['token_check'], 'post');
  1959. // Gonna want this for the list.
  1960. require_once($sourcedir . '/Subs-List.php');
  1961. // Fine, start with the board list.
  1962. $listOptions = array(
  1963. 'id' => 'board_notification_list',
  1964. 'width' => '100%',
  1965. 'no_items_label' => $txt['notifications_boards_none'] . '<br><br>' . $txt['notifications_boards_howto'],
  1966. 'no_items_align' => 'left',
  1967. 'base_href' => $scripturl . '?action=profile;u=' . $memID . ';area=notification;sa=boards',
  1968. 'default_sort_col' => 'board_name',
  1969. 'get_items' => array(
  1970. 'function' => 'list_getBoardNotifications',
  1971. 'params' => array(
  1972. $memID,
  1973. ),
  1974. ),
  1975. 'columns' => array(
  1976. 'board_name' => array(
  1977. 'header' => array(
  1978. 'value' => $txt['notifications_boards'],
  1979. 'class' => 'lefttext first_th',
  1980. ),
  1981. 'data' => array(
  1982. 'function' => create_function('$board', '
  1983. global $txt;
  1984. $link = $board[\'link\'];
  1985. if ($board[\'new\'])
  1986. $link .= \' <a href="\' . $board[\'href\'] . \'"><span class="new_posts">' . $txt['new'] . '</span></a>\';
  1987. return $link;
  1988. '),
  1989. ),
  1990. 'sort' => array(
  1991. 'default' => 'name',
  1992. 'reverse' => 'name DESC',
  1993. ),
  1994. ),
  1995. 'delete' => array(
  1996. 'header' => array(
  1997. 'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);">',
  1998. 'style' => 'width: 4%;',
  1999. 'class' => 'centercol',
  2000. ),
  2001. 'data' => array(
  2002. 'sprintf' => array(
  2003. 'format' => '<input type="checkbox" name="notify_boards[]" value="%1$d" class="input_check">',
  2004. 'params' => array(
  2005. 'id' => false,
  2006. ),
  2007. ),
  2008. 'class' => 'centercol',
  2009. ),
  2010. ),
  2011. ),
  2012. 'form' => array(
  2013. 'href' => $scripturl . '?action=profile;area=notification;sa=boards',
  2014. 'include_sort' => true,
  2015. 'include_start' => true,
  2016. 'hidden_fields' => array(
  2017. 'u' => $memID,
  2018. 'sa' => $context['menu_item_selected'],
  2019. $context['session_var'] => $context['session_id'],
  2020. ),
  2021. 'token' => $context['token_check'],
  2022. ),
  2023. 'additional_rows' => array(
  2024. array(
  2025. 'position' => 'bottom_of_list',
  2026. 'value' => '<input type="submit" name="edit_notify_boards" value="' . $txt['notifications_update'] . '" class="button_submit">',
  2027. 'align' => 'right',
  2028. ),
  2029. ),
  2030. );
  2031. // Create the board notification list.
  2032. createList($listOptions);
  2033. }
  2034. /**
  2035. * @todo needs a description
  2036. *
  2037. * @param int $memID id_member
  2038. * @return string
  2039. */
  2040. function list_getTopicNotificationCount($memID)
  2041. {
  2042. global $smcFunc, $user_info, $context, $modSettings;
  2043. $request = $smcFunc['db_query']('', '
  2044. SELECT COUNT(*)
  2045. FROM {db_prefix}log_notify AS ln' . (!$modSettings['postmod_active'] && $user_info['query_see_board'] === '1=1' ? '' : '
  2046. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ln.id_topic)') . ($user_info['query_see_board'] === '1=1' ? '' : '
  2047. INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)') . '
  2048. WHERE ln.id_member = {int:selected_member}' . ($user_info['query_see_board'] === '1=1' ? '' : '
  2049. AND {query_see_board}') . ($modSettings['postmod_active'] ? '
  2050. AND t.approved = {int:is_approved}' : ''),
  2051. array(
  2052. 'selected_member' => $memID,
  2053. 'is_approved' => 1,
  2054. )
  2055. );
  2056. list ($totalNotifications) = $smcFunc['db_fetch_row']($request);
  2057. $smcFunc['db_free_result']($request);
  2058. // @todo make this an integer before it gets returned
  2059. return $totalNotifications;
  2060. }
  2061. /**
  2062. * @todo Needs a description
  2063. *
  2064. * @param int $start
  2065. * @param int $items_per_page
  2066. * @param string $sort
  2067. * @param int $memID id_member
  2068. * @return array $notification_topics
  2069. */
  2070. function list_getTopicNotifications($start, $items_per_page, $sort, $memID)
  2071. {
  2072. global $smcFunc, $txt, $scripturl, $user_info, $context, $modSettings;
  2073. // All the topics with notification on...
  2074. $request = $smcFunc['db_query']('', '
  2075. SELECT
  2076. IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1 AS new_from, b.id_board, b.name,
  2077. t.id_topic, ms.subject, ms.id_member, IFNULL(mem.real_name, ms.poster_name) AS real_name_col,
  2078. ml.id_msg_modified, ml.poster_time, ml.id_member AS id_member_updated,
  2079. IFNULL(mem2.real_name, ml.poster_name) AS last_real_name
  2080. FROM {db_prefix}log_notify AS ln
  2081. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ln.id_topic' . ($modSettings['postmod_active'] ? ' AND t.approved = {int:is_approved}' : '') . ')
  2082. INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board AND {query_see_board})
  2083. INNER JOIN {db_prefix}messages AS ms ON (ms.id_msg = t.id_first_msg)
  2084. INNER JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg)
  2085. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = ms.id_member)
  2086. LEFT JOIN {db_prefix}members AS mem2 ON (mem2.id_member = ml.id_member)
  2087. LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = t.id_topic AND lt.id_member = {int:current_member})
  2088. LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = b.id_board AND lmr.id_member = {int:current_member})
  2089. WHERE ln.id_member = {int:selected_member}
  2090. ORDER BY {raw:sort}
  2091. LIMIT {int:offset}, {int:items_per_page}',
  2092. array(
  2093. 'current_member' => $user_info['id'],
  2094. 'is_approved' => 1,
  2095. 'selected_member' => $memID,
  2096. 'sort' => $sort,
  2097. 'offset' => $start,
  2098. 'items_per_page' => $items_per_page,
  2099. )
  2100. );
  2101. $notification_topics = array();
  2102. while ($row = $smcFunc['db_fetch_assoc']($request))
  2103. {
  2104. censorText($row['subject']);
  2105. $notification_topics[] = array(
  2106. 'id' => $row['id_topic'],
  2107. 'poster_link' => empty($row['id_member']) ? $row['real_name_col'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name_col'] . '</a>',
  2108. 'poster_updated_link' => empty($row['id_member_updated']) ? $row['last_real_name'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_updated'] . '">' . $row['last_real_name'] . '</a>',
  2109. 'subject' => $row['subject'],
  2110. 'href' => $scripturl . '?topic=' . $row['id_topic'] . '.0',
  2111. 'link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.0">' . $row['subject'] . '</a>',
  2112. 'new' => $row['new_from'] <= $row['id_msg_modified'],
  2113. 'new_from' => $row['new_from'],
  2114. 'updated' => timeformat($row['poster_time']),
  2115. 'new_href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['new_from'] . '#new',
  2116. 'new_link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['new_from'] . '#new">' . $row['subject'] . '</a>',
  2117. 'board_link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['name'] . '</a>',
  2118. );
  2119. }
  2120. $smcFunc['db_free_result']($request);
  2121. return $notification_topics;
  2122. }
  2123. /**
  2124. * @todo needs a description
  2125. *
  2126. * @param int $start
  2127. * @param int $items_per_page
  2128. * @param string $sort
  2129. * @param int $memID id_member
  2130. * @return array
  2131. */
  2132. function list_getBoardNotifications($start, $items_per_page, $sort, $memID)
  2133. {
  2134. global $smcFunc, $txt, $scripturl, $user_info;
  2135. $request = $smcFunc['db_query']('', '
  2136. SELECT b.id_board, b.name, IFNULL(lb.id_msg, 0) AS board_read, b.id_msg_updated
  2137. FROM {db_prefix}log_notify AS ln
  2138. INNER JOIN {db_prefix}boards AS b ON (b.id_board = ln.id_board)
  2139. LEFT JOIN {db_prefix}log_boards AS lb ON (lb.id_board = b.id_board AND lb.id_member = {int:current_member})
  2140. WHERE ln.id_member = {int:selected_member}
  2141. AND {query_see_board}
  2142. ORDER BY ' . $sort,
  2143. array(
  2144. 'current_member' => $user_info['id'],
  2145. 'selected_member' => $memID,
  2146. )
  2147. );
  2148. $notification_boards = array();
  2149. while ($row = $smcFunc['db_fetch_assoc']($request))
  2150. $notification_boards[] = array(
  2151. 'id' => $row['id_board'],
  2152. 'name' => $row['name'],
  2153. 'href' => $scripturl . '?board=' . $row['id_board'] . '.0',
  2154. 'link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['name'] . '</a>',
  2155. 'new' => $row['board_read'] < $row['id_msg_updated']
  2156. );
  2157. $smcFunc['db_free_result']($request);
  2158. return $notification_boards;
  2159. }
  2160. /**
  2161. * @todo needs a description
  2162. *
  2163. * @param int $memID id_member
  2164. */
  2165. function loadThemeOptions($memID)
  2166. {
  2167. global $context, $options, $cur_profile, $smcFunc;
  2168. if (isset($_POST['default_options']))
  2169. $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
  2170. if ($context['user']['is_owner'])
  2171. {
  2172. $context['member']['options'] = $options;
  2173. if (isset($_POST['options']) && is_array($_POST['options']))
  2174. foreach ($_POST['options'] as $k => $v)
  2175. $context['member']['options'][$k] = $v;
  2176. }
  2177. else
  2178. {
  2179. $request = $smcFunc['db_query']('', '
  2180. SELECT id_member, variable, value
  2181. FROM {db_prefix}themes
  2182. WHERE id_theme IN (1, {int:member_theme})
  2183. AND id_member IN (-1, {int:selected_member})',
  2184. array(
  2185. 'member_theme' => (int) $cur_profile['id_theme'],
  2186. 'selected_member' => $memID,
  2187. )
  2188. );
  2189. $temp = array();
  2190. while ($row = $smcFunc['db_fetch_assoc']($request))
  2191. {
  2192. if ($row['id_member'] == -1)
  2193. {
  2194. $temp[$row['variable']] = $row['value'];
  2195. continue;
  2196. }
  2197. if (isset($_POST['options'][$row['variable']]))
  2198. $row['value'] = $_POST['options'][$row['variable']];
  2199. $context['member']['options'][$row['variable']] = $row['value'];
  2200. }
  2201. $smcFunc['db_free_result']($request);
  2202. // Load up the default theme options for any missing.
  2203. foreach ($temp as $k => $v)
  2204. {
  2205. if (!isset($context['member']['options'][$k]))
  2206. $context['member']['options'][$k] = $v;
  2207. }
  2208. }
  2209. }
  2210. /**
  2211. * @todo needs a description
  2212. *
  2213. * @param int $memID id_member
  2214. */
  2215. function ignoreboards($memID)
  2216. {
  2217. global $txt, $context, $modSettings, $smcFunc, $cur_profile;
  2218. // Have the admins enabled this option?
  2219. if (empty($modSettings['allow_ignore_boards']))
  2220. fatal_lang_error('ignoreboards_disallowed', 'user');
  2221. // Find all the boards this user is allowed to see.
  2222. $request = $smcFunc['db_query']('order_by_board_order', '
  2223. SELECT b.id_cat, c.name AS cat_name, b.id_board, b.name, b.child_level,
  2224. '. (!empty($cur_profile['ignore_boards']) ? 'b.id_board IN ({array_int:ignore_boards})' : '0') . ' AS is_ignored
  2225. FROM {db_prefix}boards AS b
  2226. LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
  2227. WHERE {query_see_board}
  2228. AND redirect = {string:empty_string}',
  2229. array(
  2230. 'ignore_boards' => !empty($cur_profile['ignore_boards']) ? explode(',', $cur_profile['ignore_boards']) : array(),
  2231. 'empty_string' => '',
  2232. )
  2233. );
  2234. $context['num_boards'] = $smcFunc['db_num_rows']($request);
  2235. $context['categories'] = array();
  2236. while ($row = $smcFunc['db_fetch_assoc']($request))
  2237. {
  2238. // This category hasn't been set up yet..
  2239. if (!isset($context['categories'][$row['id_cat']]))
  2240. $context['categories'][$row['id_cat']] = array(
  2241. 'id' => $row['id_cat'],
  2242. 'name' => $row['cat_name'],
  2243. 'boards' => array()
  2244. );
  2245. // Set this board up, and let the template know when it's a child. (indent them..)
  2246. $context['categories'][$row['id_cat']]['boards'][$row['id_board']] = array(
  2247. 'id' => $row['id_board'],
  2248. 'name' => $row['name'],
  2249. 'child_level' => $row['child_level'],
  2250. 'selected' => $row['is_ignored'],
  2251. );
  2252. }
  2253. $smcFunc['db_free_result']($request);
  2254. // Now, let's sort the list of categories into the boards for templates that like that.
  2255. $temp_boards = array();
  2256. foreach ($context['categories'] as $category)
  2257. {
  2258. // Include a list of boards per category for easy toggling.
  2259. $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
  2260. $temp_boards[] = array(
  2261. 'name' => $category['name'],
  2262. 'child_ids' => array_keys($category['boards'])
  2263. );
  2264. $temp_boards = array_merge($temp_boards, array_values($category['boards']));
  2265. }
  2266. $max_boards = ceil(count($temp_boards) / 2);
  2267. if ($max_boards == 1)
  2268. $max_boards = 2;
  2269. // Now, alternate them so they can be shown left and right ;).
  2270. $context['board_columns'] = array();
  2271. for ($i = 0; $i < $max_boards; $i++)
  2272. {
  2273. $context['board_columns'][] = $temp_boards[$i];
  2274. if (isset($temp_boards[$i + $max_boards]))
  2275. $context['board_columns'][] = $temp_boards[$i + $max_boards];
  2276. else
  2277. $context['board_columns'][] = array();
  2278. }
  2279. loadThemeOptions($memID);
  2280. }
  2281. /**
  2282. * Load all the languages for the profile.
  2283. * @return boolean
  2284. */
  2285. function profileLoadLanguages()
  2286. {
  2287. global $context, $cur_profile, $language, $smcFunc;
  2288. $context['profile_languages'] = array();
  2289. // Get our languages!
  2290. getLanguages(true, true);
  2291. // Setup our languages.
  2292. foreach ($context['languages'] as $lang)
  2293. {
  2294. $context['profile_languages'][$lang['filename']] = strtr($lang['name'], array('-utf8' => ''));
  2295. }
  2296. ksort($context['profile_languages']);
  2297. // Return whether we should proceed with this.
  2298. return count($context['profile_languages']) > 1 ? true : false;
  2299. }
  2300. /**
  2301. * @todo needs description
  2302. *
  2303. * @return true
  2304. */
  2305. function profileLoadGroups()
  2306. {
  2307. global $cur_profile, $txt, $context, $smcFunc, $user_settings;
  2308. $context['member_groups'] = array(
  2309. 0 => array(
  2310. 'id' => 0,
  2311. 'name' => $txt['no_primary_membergroup'],
  2312. 'is_primary' => $cur_profile['id_group'] == 0,
  2313. 'can_be_additional' => false,
  2314. 'can_be_primary' => true,
  2315. )
  2316. );
  2317. $curGroups = explode(',', $cur_profile['additional_groups']);
  2318. // Load membergroups, but only those groups the user can assign.
  2319. $request = $smcFunc['db_query']('', '
  2320. SELECT group_name, id_group, hidden
  2321. FROM {db_prefix}membergroups
  2322. WHERE id_group != {int:moderator_group}
  2323. AND min_posts = {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  2324. AND group_type != {int:is_protected}') . '
  2325. ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  2326. array(
  2327. 'moderator_group' => 3,
  2328. 'min_posts' => -1,
  2329. 'is_protected' => 1,
  2330. 'newbie_group' => 4,
  2331. )
  2332. );
  2333. while ($row = $smcFunc['db_fetch_assoc']($request))
  2334. {
  2335. // We should skip the administrator group if they don't have the admin_forum permission!
  2336. if ($row['id_group'] == 1 && !allowedTo('admin_forum'))
  2337. continue;
  2338. $context['member_groups'][$row['id_group']] = array(
  2339. 'id' => $row['id_group'],
  2340. 'name' => $row['group_name'],
  2341. 'is_primary' => $cur_profile['id_group'] == $row['id_group'],
  2342. 'is_additional' => in_array($row['id_group'], $curGroups),
  2343. 'can_be_additional' => true,
  2344. 'can_be_primary' => $row['hidden'] != 2,
  2345. );
  2346. }
  2347. $smcFunc['db_free_result']($request);
  2348. $context['member']['group_id'] = $user_settings['id_group'];
  2349. return true;
  2350. }
  2351. /**
  2352. * Load key signature context data.
  2353. *
  2354. * @return true
  2355. */
  2356. function profileLoadSignatureData()
  2357. {
  2358. global $modSettings, $context, $txt, $cur_profile, $smcFunc, $memberContext;
  2359. // Signature limits.
  2360. list ($sig_limits, $sig_bbc) = explode(':', $modSettings['signature_settings']);
  2361. $sig_limits = explode(',', $sig_limits);
  2362. $context['signature_enabled'] = isset($sig_limits[0]) ? $sig_limits[0] : 0;
  2363. $context['signature_limits'] = array(
  2364. 'max_length' => isset($sig_limits[1]) ? $sig_limits[1] : 0,
  2365. 'max_lines' => isset($sig_limits[2]) ? $sig_limits[2] : 0,
  2366. 'max_images' => isset($sig_limits[3]) ? $sig_limits[3] : 0,
  2367. 'max_smileys' => isset($sig_limits[4]) ? $sig_limits[4] : 0,
  2368. 'max_image_width' => isset($sig_limits[5]) ? $sig_limits[5] : 0,
  2369. 'max_image_height' => isset($sig_limits[6]) ? $sig_limits[6] : 0,
  2370. 'max_font_size' => isset($sig_limits[7]) ? $sig_limits[7] : 0,
  2371. 'bbc' => !empty($sig_bbc) ? explode(',', $sig_bbc) : array(),
  2372. );
  2373. // Kept this line in for backwards compatibility!
  2374. $context['max_signature_length'] = $context['signature_limits']['max_length'];
  2375. // Warning message for signature image limits?
  2376. $context['signature_warning'] = '';
  2377. if ($context['signature_limits']['max_image_width'] && $context['signature_limits']['max_image_height'])
  2378. $context['signature_warning'] = sprintf($txt['profile_error_signature_max_image_size'], $context['signature_limits']['max_image_width'], $context['signature_limits']['max_image_height']);
  2379. elseif ($context['signature_limits']['max_image_width'] || $context['signature_limits']['max_image_height'])
  2380. $context['signature_warning'] = sprintf($txt['profile_error_signature_max_image_' . ($context['signature_limits']['max_image_width'] ? 'width' : 'height')], $context['signature_limits'][$context['signature_limits']['max_image_width'] ? 'max_image_width' : 'max_image_height']);
  2381. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && (function_exists('pspell_new') || (function_exists('enchant_broker_init') && ($txt['lang_charset'] == 'UTF-8' || function_exists('iconv'))));
  2382. if (empty($context['do_preview']))
  2383. $context['member']['signature'] = empty($cur_profile['signature']) ? '' : str_replace(array('<br>', '<', '>', '"', '\''), array("\n", '&lt;', '&gt;', '&quot;', '&#039;'), $cur_profile['signature']);
  2384. else
  2385. {
  2386. $signature = !empty($_POST['signature']) ? $_POST['signature'] : '';
  2387. $validation = profileValidateSignature($signature);
  2388. if (empty($context['post_errors']))
  2389. {
  2390. loadLanguage('Errors');
  2391. $context['post_errors'] = array();
  2392. }
  2393. $context['post_errors'][] = 'signature_not_yet_saved';
  2394. if ($validation !== true && $validation !== false)
  2395. $context['post_errors'][] = $validation;
  2396. censorText($context['member']['signature']);
  2397. $context['member']['current_signature'] = $context['member']['signature'];
  2398. censorText($signature);
  2399. $context['member']['signature_preview'] = parse_bbc($signature, true, 'sig' . $memberContext[$context['id_member']]);
  2400. $context['member']['signature'] = $_POST['signature'];
  2401. }
  2402. // Load the spell checker?
  2403. if ($context['show_spellchecking'])
  2404. loadJavascriptFile('spellcheck.js', array('default_theme' => true, 'defer' => false), 'smf_spellcheck');
  2405. return true;
  2406. }
  2407. /**
  2408. * Load avatar context data.
  2409. *
  2410. * @return true
  2411. */
  2412. function profileLoadAvatarData()
  2413. {
  2414. global $context, $cur_profile, $modSettings, $scripturl;
  2415. $context['avatar_url'] = $modSettings['avatar_url'];
  2416. // Default context.
  2417. $context['member']['avatar'] += array(
  2418. 'custom' => stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://') ? $cur_profile['avatar'] : 'http://',
  2419. 'selection' => $cur_profile['avatar'] == '' || (stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://')) ? '' : $cur_profile['avatar'],
  2420. 'id_attach' => $cur_profile['id_attach'],
  2421. 'filename' => $cur_profile['filename'],
  2422. 'allow_server_stored' => allowedTo('profile_server_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2423. 'allow_upload' => allowedTo('profile_upload_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2424. 'allow_external' => allowedTo('profile_remote_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2425. );
  2426. if ($cur_profile['avatar'] == '' && $cur_profile['id_attach'] > 0 && $context['member']['avatar']['allow_upload'])
  2427. {
  2428. $context['member']['avatar'] += array(
  2429. 'choice' => 'upload',
  2430. 'server_pic' => 'blank.png',
  2431. 'external' => 'http://'
  2432. );
  2433. $context['member']['avatar']['href'] = empty($cur_profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $cur_profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $cur_profile['filename'];
  2434. }
  2435. elseif ((stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://')) && $context['member']['avatar']['allow_external'])
  2436. $context['member']['avatar'] += array(
  2437. 'choice' => 'external',
  2438. 'server_pic' => 'blank.png',
  2439. 'external' => $cur_profile['avatar']
  2440. );
  2441. elseif ($cur_profile['avatar'] != '' && file_exists($modSettings['avatar_directory'] . '/' . $cur_profile['avatar']) && $context['member']['avatar']['allow_server_stored'])
  2442. $context['member']['avatar'] += array(
  2443. 'choice' => 'server_stored',
  2444. 'server_pic' => $cur_profile['avatar'] == '' ? 'blank.png' : $cur_profile['avatar'],
  2445. 'external' => 'http://'
  2446. );
  2447. else
  2448. $context['member']['avatar'] += array(
  2449. 'choice' => 'none',
  2450. 'server_pic' => 'blank.png',
  2451. 'external' => 'http://'
  2452. );
  2453. // Get a list of all the avatars.
  2454. if ($context['member']['avatar']['allow_server_stored'])
  2455. {
  2456. $context['avatar_list'] = array();
  2457. $context['avatars'] = is_dir($modSettings['avatar_directory']) ? getAvatars('', 0) : array();
  2458. }
  2459. else
  2460. $context['avatars'] = array();
  2461. // Second level selected avatar...
  2462. $context['avatar_selected'] = substr(strrchr($context['member']['avatar']['server_pic'], '/'), 1);
  2463. return !empty($context['member']['avatar']['allow_server_stored']) || !empty($context['member']['avatar']['allow_external']) || !empty($context['member']['avatar']['allow_upload']);
  2464. }
  2465. /**
  2466. * Save a members group.
  2467. *
  2468. * @param int &$value
  2469. * @return true
  2470. */
  2471. function profileSaveGroups(&$value)
  2472. {
  2473. global $profile_vars, $old_profile, $context, $smcFunc, $cur_profile;
  2474. // Do we need to protect some groups?
  2475. if (!allowedTo('admin_forum'))
  2476. {
  2477. $request = $smcFunc['db_query']('', '
  2478. SELECT id_group
  2479. FROM {db_prefix}membergroups
  2480. WHERE group_type = {int:is_protected}',
  2481. array(
  2482. 'is_protected' => 1,
  2483. )
  2484. );
  2485. $protected_groups = array(1);
  2486. while ($row = $smcFunc['db_fetch_assoc']($request))
  2487. $protected_groups[] = $row['id_group'];
  2488. $smcFunc['db_free_result']($request);
  2489. $protected_groups = array_unique($protected_groups);
  2490. }
  2491. // The account page allows the change of your id_group - but not to a protected group!
  2492. if (empty($protected_groups) || count(array_intersect(array((int) $value, $old_profile['id_group']), $protected_groups)) == 0)
  2493. $value = (int) $value;
  2494. // ... otherwise it's the old group sir.
  2495. else
  2496. $value = $old_profile['id_group'];
  2497. // Find the additional membergroups (if any)
  2498. if (isset($_POST['additional_groups']) && is_array($_POST['additional_groups']))
  2499. {
  2500. $additional_groups = array();
  2501. foreach ($_POST['additional_groups'] as $group_id)
  2502. {
  2503. $group_id = (int) $group_id;
  2504. if (!empty($group_id) && (empty($protected_groups) || !in_array($group_id, $protected_groups)))
  2505. $additional_groups[] = $group_id;
  2506. }
  2507. // Put the protected groups back in there if you don't have permission to take them away.
  2508. $old_additional_groups = explode(',', $old_profile['additional_groups']);
  2509. foreach ($old_additional_groups as $group_id)
  2510. {
  2511. if (!empty($protected_groups) && in_array($group_id, $protected_groups))
  2512. $additional_groups[] = $group_id;
  2513. }
  2514. if (implode(',', $additional_groups) !== $old_profile['additional_groups'])
  2515. {
  2516. $profile_vars['additional_groups'] = implode(',', $additional_groups);
  2517. $cur_profile['additional_groups'] = implode(',', $additional_groups);
  2518. }
  2519. }
  2520. // Too often, people remove delete their own account, or something.
  2521. if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1)
  2522. {
  2523. $stillAdmin = $value == 1 || (isset($additional_groups) && in_array(1, $additional_groups));
  2524. // If they would no longer be an admin, look for any other...
  2525. if (!$stillAdmin)
  2526. {
  2527. $request = $smcFunc['db_query']('', '
  2528. SELECT id_member
  2529. FROM {db_prefix}members
  2530. WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
  2531. AND id_member != {int:selected_member}
  2532. LIMIT 1',
  2533. array(
  2534. 'admin_group' => 1,
  2535. 'selected_member' => $context['id_member'],
  2536. )
  2537. );
  2538. list ($another) = $smcFunc['db_fetch_row']($request);
  2539. $smcFunc['db_free_result']($request);
  2540. if (empty($another))
  2541. fatal_lang_error('at_least_one_admin', 'critical');
  2542. }
  2543. }
  2544. // If we are changing group status, update permission cache as necessary.
  2545. if ($value != $old_profile['id_group'] || isset($profile_vars['additional_groups']))
  2546. {
  2547. if ($context['user']['is_owner'])
  2548. $_SESSION['mc']['time'] = 0;
  2549. else
  2550. updateSettings(array('settings_updated' => time()));
  2551. }
  2552. return true;
  2553. }
  2554. /**
  2555. * The avatar is incredibly complicated, what with the options... and what not.
  2556. * @todo argh, the avatar here. Take this out of here!
  2557. *
  2558. * @param array &$value
  2559. * @return mixed
  2560. */
  2561. function profileSaveAvatarData(&$value)
  2562. {
  2563. global $modSettings, $sourcedir, $smcFunc, $profile_vars, $cur_profile, $context;
  2564. $memID = $context['id_member'];
  2565. if (empty($memID) && !empty($context['password_auth_failed']))
  2566. return false;
  2567. require_once($sourcedir . '/ManageAttachments.php');
  2568. // We're going to put this on a nice custom dir.
  2569. $uploadDir = $modSettings['custom_avatar_dir'];
  2570. $id_folder = 1;
  2571. $downloadedExternalAvatar = false;
  2572. if ($value == 'external' && allowedTo('profile_remote_avatar') && (stripos($_POST['userpicpersonal'], 'http://') === 0 || stripos($_POST['userpicpersonal'], 'https://') === 0) && strlen($_POST['userpicpersonal']) > 7 && !empty($modSettings['avatar_download_external']))
  2573. {
  2574. if (!is_writable($uploadDir))
  2575. fatal_lang_error('attachments_no_write', 'critical');
  2576. require_once($sourcedir . '/Subs-Package.php');
  2577. $url = parse_url($_POST['userpicpersonal']);
  2578. $contents = fetch_web_data($url['scheme'] . '://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . str_replace(' ', '%20', trim($url['path'])));
  2579. $new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
  2580. if ($contents != false && $tmpAvatar = fopen($new_filename, 'wb'))
  2581. {
  2582. fwrite($tmpAvatar, $contents);
  2583. fclose($tmpAvatar);
  2584. $downloadedExternalAvatar = true;
  2585. $_FILES['attachment']['tmp_name'] = $new_filename;
  2586. }
  2587. }
  2588. // Removes whatever attachment there was before updating
  2589. if ($value == 'none')
  2590. {
  2591. $profile_vars['avatar'] = '';
  2592. // Reset the attach ID.
  2593. $cur_profile['id_attach'] = 0;
  2594. $cur_profile['attachment_type'] = 0;
  2595. $cur_profile['filename'] = '';
  2596. removeAttachments(array('id_member' => $memID));
  2597. }
  2598. // An avatar from the server-stored galleries.
  2599. elseif ($value == 'server_stored' && allowedTo('profile_server_avatar'))
  2600. {
  2601. $profile_vars['avatar'] = strtr(empty($_POST['file']) ? (empty($_POST['cat']) ? '' : $_POST['cat']) : $_POST['file'], array('&amp;' => '&'));
  2602. $profile_vars['avatar'] = preg_match('~^([\w _!@%*=\-#()\[\]&.,]+/)?[\w _!@%*=\-#()\[\]&.,]+$~', $profile_vars['avatar']) != 0 && preg_match('/\.\./', $profile_vars['avatar']) == 0 && file_exists($modSettings['avatar_directory'] . '/' . $profile_vars['avatar']) ? ($profile_vars['avatar'] == 'blank.png' ? '' : $profile_vars['avatar']) : '';
  2603. // Clear current profile...
  2604. $cur_profile['id_attach'] = 0;
  2605. $cur_profile['attachment_type'] = 0;
  2606. $cur_profile['filename'] = '';
  2607. // Get rid of their old avatar. (if uploaded.)
  2608. removeAttachments(array('id_member' => $memID));
  2609. }
  2610. elseif ($value == 'external' && allowedTo('profile_remote_avatar') && (stripos($_POST['userpicpersonal'], 'http://') === 0 || stripos($_POST['userpicpersonal'], 'https://') === 0) && empty($modSettings['avatar_download_external']))
  2611. {
  2612. // We need these clean...
  2613. $cur_profile['id_attach'] = 0;
  2614. $cur_profile['attachment_type'] = 0;
  2615. $cur_profile['filename'] = '';
  2616. // Remove any attached avatar...
  2617. removeAttachments(array('id_member' => $memID));
  2618. $profile_vars['avatar'] = str_replace(' ', '%20', preg_replace('~action(?:=|%3d)(?!dlattach)~i', 'action-', $_POST['userpicpersonal']));
  2619. if ($profile_vars['avatar'] == 'http://' || $profile_vars['avatar'] == 'http:///')
  2620. $profile_vars['avatar'] = '';
  2621. // Trying to make us do something we'll regret?
  2622. elseif (substr($profile_vars['avatar'], 0, 7) != 'http://' && substr($profile_vars['avatar'], 0, 8) != 'https://')
  2623. return 'bad_avatar_invalid_url';
  2624. // Should we check dimensions?
  2625. elseif (!empty($modSettings['avatar_max_height_external']) || !empty($modSettings['avatar_max_width_external']))
  2626. {
  2627. // Now let's validate the avatar.
  2628. $sizes = url_image_size($profile_vars['avatar']);
  2629. if (is_array($sizes) && (($sizes[0] > $modSettings['avatar_max_width_external'] && !empty($modSettings['avatar_max_width_external'])) || ($sizes[1] > $modSettings['avatar_max_height_external'] && !empty($modSettings['avatar_max_height_external']))))
  2630. {
  2631. // Houston, we have a problem. The avatar is too large!!
  2632. if ($modSettings['avatar_action_too_large'] == 'option_refuse')
  2633. return 'bad_avatar_too_large';
  2634. elseif ($modSettings['avatar_action_too_large'] == 'option_download_and_resize')
  2635. {
  2636. // @todo remove this if appropriate
  2637. require_once($sourcedir . '/Subs-Graphics.php');
  2638. if (downloadAvatar($profile_vars['avatar'], $memID, $modSettings['avatar_max_width_external'], $modSettings['avatar_max_height_external']))
  2639. {
  2640. $profile_vars['avatar'] = '';
  2641. $cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
  2642. $cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
  2643. $cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
  2644. }
  2645. else
  2646. return 'bad_avatar';
  2647. }
  2648. }
  2649. }
  2650. }
  2651. elseif (($value == 'upload' && allowedTo('profile_upload_avatar')) || $downloadedExternalAvatar)
  2652. {
  2653. if ((isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != '') || $downloadedExternalAvatar)
  2654. {
  2655. // Get the dimensions of the image.
  2656. if (!$downloadedExternalAvatar)
  2657. {
  2658. if (!is_writable($uploadDir))
  2659. fatal_lang_error('attachments_no_write', 'critical');
  2660. $new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
  2661. if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $new_filename))
  2662. fatal_lang_error('attach_timeout', 'critical');
  2663. $_FILES['attachment']['tmp_name'] = $new_filename;
  2664. }
  2665. $sizes = @getimagesize($_FILES['attachment']['tmp_name']);
  2666. // No size, then it's probably not a valid pic.
  2667. if ($sizes === false)
  2668. {
  2669. @unlink($_FILES['attachment']['tmp_name']);
  2670. return 'bad_avatar';
  2671. }
  2672. // Check whether the image is too large.
  2673. elseif ((!empty($modSettings['avatar_max_width_upload']) && $sizes[0] > $modSettings['avatar_max_width_upload']) || (!empty($modSettings['avatar_max_height_upload']) && $sizes[1] > $modSettings['avatar_max_height_upload']))
  2674. {
  2675. if (!empty($modSettings['avatar_resize_upload']))
  2676. {
  2677. // Attempt to chmod it.
  2678. @chmod($_FILES['attachment']['tmp_name'], 0644);
  2679. // @todo remove this require when appropriate
  2680. require_once($sourcedir . '/Subs-Graphics.php');
  2681. if (!downloadAvatar($_FILES['attachment']['tmp_name'], $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
  2682. {
  2683. @unlink($_FILES['attachment']['tmp_name']);
  2684. return 'bad_avatar';
  2685. }
  2686. // Reset attachment avatar data.
  2687. $cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
  2688. $cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
  2689. $cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
  2690. }
  2691. // Admin doesn't want to resize large avatars, can't do much about it but to tell you to use a different one :(
  2692. else
  2693. {
  2694. @unlink($_FILES['attachment']['tmp_name']);
  2695. return 'bad_avatar_too_large';
  2696. }
  2697. }
  2698. // So far, so good, checks lies ahead!
  2699. elseif (is_array($sizes))
  2700. {
  2701. // Now try to find an infection.
  2702. require_once($sourcedir . '/Subs-Graphics.php');
  2703. if (!checkImageContents($_FILES['attachment']['tmp_name'], !empty($modSettings['avatar_paranoid'])))
  2704. {
  2705. // It's bad. Try to re-encode the contents?
  2706. if (empty($modSettings['avatar_reencode']) || (!reencodeImage($_FILES['attachment']['tmp_name'], $sizes[2])))
  2707. {
  2708. @unlink($_FILES['attachment']['tmp_name']);
  2709. return 'bad_avatar_fail_reencode';
  2710. }
  2711. // We were successful. However, at what price?
  2712. $sizes = @getimagesize($_FILES['attachment']['tmp_name']);
  2713. // Hard to believe this would happen, but can you bet?
  2714. if ($sizes === false)
  2715. {
  2716. @unlink($_FILES['attachment']['tmp_name']);
  2717. return 'bad_avatar';
  2718. }
  2719. }
  2720. $extensions = array(
  2721. '1' => 'gif',
  2722. '2' => 'jpg',
  2723. '3' => 'png',
  2724. '6' => 'bmp'
  2725. );
  2726. $extension = isset($extensions[$sizes[2]]) ? $extensions[$sizes[2]] : 'bmp';
  2727. $mime_type = 'image/' . ($extension === 'jpg' ? 'jpeg' : ($extension === 'bmp' ? 'x-ms-bmp' : $extension));
  2728. $destName = 'avatar_' . $memID . '_' . time() . '.' . $extension;
  2729. list ($width, $height) = getimagesize($_FILES['attachment']['tmp_name']);
  2730. $file_hash = '';
  2731. // Remove previous attachments this member might have had.
  2732. removeAttachments(array('id_member' => $memID));
  2733. $smcFunc['db_insert']('',
  2734. '{db_prefix}attachments',
  2735. array(
  2736. 'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'fileext' => 'string', 'size' => 'int',
  2737. 'width' => 'int', 'height' => 'int', 'mime_type' => 'string', 'id_folder' => 'int',
  2738. ),
  2739. array(
  2740. $memID, 1, $destName, $file_hash, $extension, filesize($_FILES['attachment']['tmp_name']),
  2741. (int) $width, (int) $height, $mime_type, $id_folder,
  2742. ),
  2743. array('id_attach')
  2744. );
  2745. $cur_profile['id_attach'] = $smcFunc['db_insert_id']('{db_prefix}attachments', 'id_attach');
  2746. $cur_profile['filename'] = $destName;
  2747. $cur_profile['attachment_type'] = 1;
  2748. $destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $cur_profile['id_attach'] . '_' . $file_hash . '.dat');
  2749. if (!rename($_FILES['attachment']['tmp_name'], $destinationPath))
  2750. {
  2751. // I guess a man can try.
  2752. removeAttachments(array('id_member' => $memID));
  2753. fatal_lang_error('attach_timeout', 'critical');
  2754. }
  2755. // Attempt to chmod it.
  2756. @chmod($uploadDir . '/' . $destinationPath, 0644);
  2757. }
  2758. $profile_vars['avatar'] = '';
  2759. // Delete any temporary file.
  2760. if (file_exists($_FILES['attachment']['tmp_name']))
  2761. @unlink($_FILES['attachment']['tmp_name']);
  2762. }
  2763. // Selected the upload avatar option and had one already uploaded before or didn't upload one.
  2764. else
  2765. $profile_vars['avatar'] = '';
  2766. }
  2767. else
  2768. $profile_vars['avatar'] = '';
  2769. // Setup the profile variables so it shows things right on display!
  2770. $cur_profile['avatar'] = $profile_vars['avatar'];
  2771. return false;
  2772. }
  2773. /**
  2774. * Validate the signature
  2775. *
  2776. * @param mixed &$value
  2777. * @return boolean|string
  2778. */
  2779. function profileValidateSignature(&$value)
  2780. {
  2781. global $sourcedir, $modSettings, $smcFunc, $txt;
  2782. require_once($sourcedir . '/Subs-Post.php');
  2783. // Admins can do whatever they hell they want!
  2784. if (!allowedTo('admin_forum'))
  2785. {
  2786. // Load all the signature limits.
  2787. list ($sig_limits, $sig_bbc) = explode(':', $modSettings['signature_settings']);
  2788. $sig_limits = explode(',', $sig_limits);
  2789. $disabledTags = !empty($sig_bbc) ? explode(',', $sig_bbc) : array();
  2790. $unparsed_signature = strtr(un_htmlspecialchars($value), array("\r" => '', '&#039' => '\''));
  2791. // Too many lines?
  2792. if (!empty($sig_limits[2]) && substr_count($unparsed_signature, "\n") >= $sig_limits[2])
  2793. {
  2794. $txt['profile_error_signature_max_lines'] = sprintf($txt['profile_error_signature_max_lines'], $sig_limits[2]);
  2795. return 'signature_max_lines';
  2796. }
  2797. // Too many images?!
  2798. if (!empty($sig_limits[3]) && (substr_count(strtolower($unparsed_signature), '[img') + substr_count(strtolower($unparsed_signature), '<img')) > $sig_limits[3])
  2799. {
  2800. $txt['profile_error_signature_max_image_count'] = sprintf($txt['profile_error_signature_max_image_count'], $sig_limits[3]);
  2801. return 'signature_max_image_count';
  2802. }
  2803. // What about too many smileys!
  2804. $smiley_parsed = $unparsed_signature;
  2805. parsesmileys($smiley_parsed);
  2806. $smiley_count = substr_count(strtolower($smiley_parsed), '<img') - substr_count(strtolower($unparsed_signature), '<img');
  2807. if (!empty($sig_limits[4]) && $sig_limits[4] == -1 && $smiley_count > 0)
  2808. return 'signature_allow_smileys';
  2809. elseif (!empty($sig_limits[4]) && $sig_limits[4] > 0 && $smiley_count > $sig_limits[4])
  2810. {
  2811. $txt['profile_error_signature_max_smileys'] = sprintf($txt['profile_error_signature_max_smileys'], $sig_limits[4]);
  2812. return 'signature_max_smileys';
  2813. }
  2814. // Maybe we are abusing font sizes?
  2815. if (!empty($sig_limits[7]) && preg_match_all('~\[size=([\d\.]+)?(px|pt|em|x-large|larger)~i', $unparsed_signature, $matches) !== false && isset($matches[2]))
  2816. {
  2817. foreach ($matches[1] as $ind => $size)
  2818. {
  2819. $limit_broke = 0;
  2820. // Attempt to allow all sizes of abuse, so to speak.
  2821. if ($matches[2][$ind] == 'px' && $size > $sig_limits[7])
  2822. $limit_broke = $sig_limits[7] . 'px';
  2823. elseif ($matches[2][$ind] == 'pt' && $size > ($sig_limits[7] * 0.75))
  2824. $limit_broke = ((int) $sig_limits[7] * 0.75) . 'pt';
  2825. elseif ($matches[2][$ind] == 'em' && $size > ((float) $sig_limits[7] / 16))
  2826. $limit_broke = ((float) $sig_limits[7] / 16) . 'em';
  2827. elseif ($matches[2][$ind] != 'px' && $matches[2][$ind] != 'pt' && $matches[2][$ind] != 'em' && $sig_limits[7] < 18)
  2828. $limit_broke = 'large';
  2829. if ($limit_broke)
  2830. {
  2831. $txt['profile_error_signature_max_font_size'] = sprintf($txt['profile_error_signature_max_font_size'], $limit_broke);
  2832. return 'signature_max_font_size';
  2833. }
  2834. }
  2835. }
  2836. // The difficult one - image sizes! Don't error on this - just fix it.
  2837. if ((!empty($sig_limits[5]) || !empty($sig_limits[6])))
  2838. {
  2839. // Get all BBC tags...
  2840. preg_match_all('~\[img(\s+width=([\d]+))?(\s+height=([\d]+))?(\s+width=([\d]+))?\s*\](?:<br>)*([^<">]+?)(?:<br>)*\[/img\]~i', $unparsed_signature, $matches);
  2841. // ... and all HTML ones.
  2842. preg_match_all('~<img\s+src=(?:")?((?:http://|ftp://|https://|ftps://).+?)(?:")?(?:\s+alt=(?:")?(.*?)(?:")?)?(?:\s?/)?>~i', $unparsed_signature, $matches2, PREG_PATTERN_ORDER);
  2843. // And stick the HTML in the BBC.
  2844. if (!empty($matches2))
  2845. {
  2846. foreach ($matches2[0] as $ind => $dummy)
  2847. {
  2848. $matches[0][] = $matches2[0][$ind];
  2849. $matches[1][] = '';
  2850. $matches[2][] = '';
  2851. $matches[3][] = '';
  2852. $matches[4][] = '';
  2853. $matches[5][] = '';
  2854. $matches[6][] = '';
  2855. $matches[7][] = $matches2[1][$ind];
  2856. }
  2857. }
  2858. $replaces = array();
  2859. // Try to find all the images!
  2860. if (!empty($matches))
  2861. {
  2862. foreach ($matches[0] as $key => $image)
  2863. {
  2864. $width = -1; $height = -1;
  2865. // Does it have predefined restraints? Width first.
  2866. if ($matches[6][$key])
  2867. $matches[2][$key] = $matches[6][$key];
  2868. if ($matches[2][$key] && $sig_limits[5] && $matches[2][$key] > $sig_limits[5])
  2869. {
  2870. $width = $sig_limits[5];
  2871. $matches[4][$key] = $matches[4][$key] * ($width / $matches[2][$key]);
  2872. }
  2873. elseif ($matches[2][$key])
  2874. $width = $matches[2][$key];
  2875. // ... and height.
  2876. if ($matches[4][$key] && $sig_limits[6] && $matches[4][$key] > $sig_limits[6])
  2877. {
  2878. $height = $sig_limits[6];
  2879. if ($width != -1)
  2880. $width = $width * ($height / $matches[4][$key]);
  2881. }
  2882. elseif ($matches[4][$key])
  2883. $height = $matches[4][$key];
  2884. // If the dimensions are still not fixed - we need to check the actual image.
  2885. if (($width == -1 && $sig_limits[5]) || ($height == -1 && $sig_limits[6]))
  2886. {
  2887. $sizes = url_image_size($matches[7][$key]);
  2888. if (is_array($sizes))
  2889. {
  2890. // Too wide?
  2891. if ($sizes[0] > $sig_limits[5] && $sig_limits[5])
  2892. {
  2893. $width = $sig_limits[5];
  2894. $sizes[1] = $sizes[1] * ($width / $sizes[0]);
  2895. }
  2896. // Too high?
  2897. if ($sizes[1] > $sig_limits[6] && $sig_limits[6])
  2898. {
  2899. $height = $sig_limits[6];
  2900. if ($width == -1)
  2901. $width = $sizes[0];
  2902. $width = $width * ($height / $sizes[1]);
  2903. }
  2904. elseif ($width != -1)
  2905. $height = $sizes[1];
  2906. }
  2907. }
  2908. // Did we come up with some changes? If so remake the string.
  2909. if ($width != -1 || $height != -1)
  2910. $replaces[$image] = '[img' . ($width != -1 ? ' width=' . round($width) : '') . ($height != -1 ? ' height=' . round($height) : '') . ']' . $matches[7][$key] . '[/img]';
  2911. }
  2912. if (!empty($replaces))
  2913. $value = str_replace(array_keys($replaces), array_values($replaces), $value);
  2914. }
  2915. }
  2916. // Any disabled BBC?
  2917. $disabledSigBBC = implode('|', $disabledTags);
  2918. if (!empty($disabledSigBBC))
  2919. {
  2920. if (preg_match('~\[(' . $disabledSigBBC . '[ =\]/])~i', $unparsed_signature, $matches) !== false && isset($matches[1]))
  2921. {
  2922. $disabledTags = array_unique($disabledTags);
  2923. $txt['profile_error_signature_disabled_bbc'] = sprintf($txt['profile_error_signature_disabled_bbc'], implode(', ', $disabledTags));
  2924. return 'signature_disabled_bbc';
  2925. }
  2926. }
  2927. }
  2928. preparsecode($value);
  2929. // Too long?
  2930. if (!allowedTo('admin_forum') && !empty($sig_limits[1]) && $smcFunc['strlen'](str_replace('<br>', "\n", $value)) > $sig_limits[1])
  2931. {
  2932. $_POST['signature'] = trim($smcFunc['htmlspecialchars'](str_replace('<br>', "\n", $value), ENT_QUOTES));
  2933. $txt['profile_error_signature_max_length'] = sprintf($txt['profile_error_signature_max_length'], $sig_limits[1]);
  2934. return 'signature_max_length';
  2935. }
  2936. return true;
  2937. }
  2938. /**
  2939. * Validate an email address.
  2940. *
  2941. * @param string $email
  2942. * @param int $memID = 0
  2943. * @return boolean|string
  2944. */
  2945. function profileValidateEmail($email, $memID = 0)
  2946. {
  2947. global $smcFunc, $context;
  2948. $email = strtr($email, array('&#039;' => '\''));
  2949. // Check the name and email for validity.
  2950. if (trim($email) == '')
  2951. return 'no_email';
  2952. if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $email) == 0)
  2953. return 'bad_email';
  2954. // Email addresses should be and stay unique.
  2955. $request = $smcFunc['db_query']('', '
  2956. SELECT id_member
  2957. FROM {db_prefix}members
  2958. WHERE ' . ($memID != 0 ? 'id_member != {int:selected_member} AND ' : '') . '
  2959. email_address = {string:email_address}
  2960. LIMIT 1',
  2961. array(
  2962. 'selected_member' => $memID,
  2963. 'email_address' => $email,
  2964. )
  2965. );
  2966. if ($smcFunc['db_num_rows']($request) > 0)
  2967. return 'email_taken';
  2968. $smcFunc['db_free_result']($request);
  2969. return true;
  2970. }
  2971. /**
  2972. * Reload a users settings.
  2973. */
  2974. function profileReloadUser()
  2975. {
  2976. global $sourcedir, $modSettings, $context, $cur_profile, $smcFunc, $profile_vars;
  2977. // Log them back in - using the verify password as they must have matched and this one doesn't get changed by anyone!
  2978. if (isset($_POST['passwrd2']) && $_POST['passwrd2'] != '')
  2979. {
  2980. require_once($sourcedir . '/Subs-Auth.php');
  2981. setLoginCookie(60 * $modSettings['cookieTime'], $context['id_member'], sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
  2982. }
  2983. loadUserSettings();
  2984. writeLog();
  2985. }
  2986. /**
  2987. * Send the user a new activation email if they need to reactivate!
  2988. */
  2989. function profileSendActivation()
  2990. {
  2991. global $sourcedir, $profile_vars, $txt, $context, $scripturl, $smcFunc, $cookiename, $cur_profile, $language, $modSettings;
  2992. require_once($sourcedir . '/Subs-Post.php');
  2993. // Shouldn't happen but just in case.
  2994. if (empty($profile_vars['email_address']))
  2995. return;
  2996. $replacements = array(
  2997. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $context['id_member'] . ';code=' . $profile_vars['validation_code'],
  2998. 'ACTIVATIONCODE' => $profile_vars['validation_code'],
  2999. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $context['id_member'],
  3000. );
  3001. // Send off the email.
  3002. $emaildata = loadEmailTemplate('activate_reactivate', $replacements, empty($cur_profile['lngfile']) || empty($modSettings['userLanguage']) ? $language : $cur_profile['lngfile']);
  3003. sendmail($profile_vars['email_address'], $emaildata['subject'], $emaildata['body'], null, 'reactivate', false, 0);
  3004. // Log the user out.
  3005. $smcFunc['db_query']('', '
  3006. DELETE FROM {db_prefix}log_online
  3007. WHERE id_member = {int:selected_member}',
  3008. array(
  3009. 'selected_member' => $context['id_member'],
  3010. )
  3011. );
  3012. $_SESSION['log_time'] = 0;
  3013. $_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));
  3014. if (isset($_COOKIE[$cookiename]))
  3015. $_COOKIE[$cookiename] = '';
  3016. loadUserSettings();
  3017. $context['user']['is_logged'] = false;
  3018. $context['user']['is_guest'] = true;
  3019. redirectexit('action=sendactivation');
  3020. }
  3021. /**
  3022. * Function to allow the user to choose group membership etc...
  3023. *
  3024. * @param int $memID id_member
  3025. */
  3026. function groupMembership($memID)
  3027. {
  3028. global $txt, $scripturl, $user_profile, $context, $smcFunc;
  3029. $curMember = $user_profile[$memID];
  3030. $context['primary_group'] = $curMember['id_group'];
  3031. // Can they manage groups?
  3032. $context['can_manage_membergroups'] = allowedTo('manage_membergroups');
  3033. $context['can_manage_protected'] = allowedTo('admin_forum');
  3034. $context['can_edit_primary'] = $context['can_manage_protected'];
  3035. $context['update_message'] = isset($_GET['msg']) && isset($txt['group_membership_msg_' . $_GET['msg']]) ? $txt['group_membership_msg_' . $_GET['msg']] : '';
  3036. // Get all the groups this user is a member of.
  3037. $groups = explode(',', $curMember['additional_groups']);
  3038. $groups[] = $curMember['id_group'];
  3039. // Ensure the query doesn't croak!
  3040. if (empty($groups))
  3041. $groups = array(0);
  3042. // Just to be sure...
  3043. foreach ($groups as $k => $v)
  3044. $groups[$k] = (int) $v;
  3045. // Get all the membergroups they can join.
  3046. $request = $smcFunc['db_query']('', '
  3047. SELECT mg.id_group, mg.group_name, mg.description, mg.group_type, mg.online_color, mg.hidden,
  3048. IFNULL(lgr.id_member, 0) AS pending
  3049. FROM {db_prefix}membergroups AS mg
  3050. LEFT JOIN {db_prefix}log_group_requests AS lgr ON (lgr.id_member = {int:selected_member} AND lgr.id_group = mg.id_group AND lgr.status = {int:status_open})
  3051. WHERE (mg.id_group IN ({array_int:group_list})
  3052. OR mg.group_type > {int:nonjoin_group_id})
  3053. AND mg.min_posts = {int:min_posts}
  3054. AND mg.id_group != {int:moderator_group}
  3055. ORDER BY group_name',
  3056. array(
  3057. 'group_list' => $groups,
  3058. 'selected_member' => $memID,
  3059. 'status_open' => 0,
  3060. 'nonjoin_group_id' => 1,
  3061. 'min_posts' => -1,
  3062. 'moderator_group' => 3,
  3063. )
  3064. );
  3065. // This beast will be our group holder.
  3066. $context['groups'] = array(
  3067. 'member' => array(),
  3068. 'available' => array()
  3069. );
  3070. while ($row = $smcFunc['db_fetch_assoc']($request))
  3071. {
  3072. // Can they edit their primary group?
  3073. if (($row['id_group'] == $context['primary_group'] && $row['group_type'] > 1) || ($row['hidden'] != 2 && $context['primary_group'] == 0 && in_array($row['id_group'], $groups)))
  3074. $context['can_edit_primary'] = true;
  3075. // If they can't manage (protected) groups, and it's not publically joinable or already assigned, they can't see it.
  3076. if (((!$context['can_manage_protected'] && $row['group_type'] == 1) || (!$context['can_manage_membergroups'] && $row['group_type'] == 0)) && $row['id_group'] != $context['primary_group'])
  3077. continue;
  3078. $context['groups'][in_array($row['id_group'], $groups) ? 'member' : 'available'][$row['id_group']] = array(
  3079. 'id' => $row['id_group'],
  3080. 'name' => $row['group_name'],
  3081. 'desc' => $row['description'],
  3082. 'color' => $row['online_color'],
  3083. 'type' => $row['group_type'],
  3084. 'pending' => $row['pending'],
  3085. 'is_primary' => $row['id_group'] == $context['primary_group'],
  3086. 'can_be_primary' => $row['hidden'] != 2,
  3087. // Anything more than this needs to be done through account settings for security.
  3088. 'can_leave' => $row['id_group'] != 1 && $row['group_type'] > 1 ? true : false,
  3089. );
  3090. }
  3091. $smcFunc['db_free_result']($request);
  3092. // Add registered members on the end.
  3093. $context['groups']['member'][0] = array(
  3094. 'id' => 0,
  3095. 'name' => $txt['regular_members'],
  3096. 'desc' => $txt['regular_members_desc'],
  3097. 'type' => 0,
  3098. 'is_primary' => $context['primary_group'] == 0 ? true : false,
  3099. 'can_be_primary' => true,
  3100. 'can_leave' => 0,
  3101. );
  3102. // No changing primary one unless you have enough groups!
  3103. if (count($context['groups']['member']) < 2)
  3104. $context['can_edit_primary'] = false;
  3105. // In the special case that someone is requesting membership of a group, setup some special context vars.
  3106. if (isset($_REQUEST['request']) && isset($context['groups']['available'][(int) $_REQUEST['request']]) && $context['groups']['available'][(int) $_REQUEST['request']]['type'] == 2)
  3107. $context['group_request'] = $context['groups']['available'][(int) $_REQUEST['request']];
  3108. }
  3109. /**
  3110. * This function actually makes all the group changes
  3111. *
  3112. * @param array $profile_vars
  3113. * @param array $post_errors
  3114. * @param int $memID id_member
  3115. * @return mixed
  3116. */
  3117. function groupMembership2($profile_vars, $post_errors, $memID)
  3118. {
  3119. global $user_info, $sourcedir, $context, $user_profile, $modSettings, $txt, $smcFunc, $scripturl, $language;
  3120. // Let's be extra cautious...
  3121. if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership']))
  3122. isAllowedTo('manage_membergroups');
  3123. if (!isset($_REQUEST['gid']) && !isset($_POST['primary']))
  3124. fatal_lang_error('no_access', false);
  3125. checkSession(isset($_GET['gid']) ? 'get' : 'post');
  3126. $old_profile = &$user_profile[$memID];
  3127. $context['can_manage_membergroups'] = allowedTo('manage_membergroups');
  3128. $context['can_manage_protected'] = allowedTo('admin_forum');
  3129. // By default the new primary is the old one.
  3130. $newPrimary = $old_profile['id_group'];
  3131. $addGroups = array_flip(explode(',', $old_profile['additional_groups']));
  3132. $canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0;
  3133. $changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free');
  3134. // One way or another, we have a target group in mind...
  3135. $group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary'];
  3136. $foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false;
  3137. // Sanity check!!
  3138. if ($group_id == 1)
  3139. isAllowedTo('admin_forum');
  3140. // Protected groups too!
  3141. else
  3142. {
  3143. $request = $smcFunc['db_query']('', '
  3144. SELECT group_type
  3145. FROM {db_prefix}membergroups
  3146. WHERE id_group = {int:current_group}
  3147. LIMIT {int:limit}',
  3148. array(
  3149. 'current_group' => $group_id,
  3150. 'limit' => 1,
  3151. )
  3152. );
  3153. list ($is_protected) = $smcFunc['db_fetch_row']($request);
  3154. $smcFunc['db_free_result']($request);
  3155. if ($is_protected == 1)
  3156. isAllowedTo('admin_forum');
  3157. }
  3158. // What ever we are doing, we need to determine if changing primary is possible!
  3159. $request = $smcFunc['db_query']('', '
  3160. SELECT id_group, group_type, hidden, group_name
  3161. FROM {db_prefix}membergroups
  3162. WHERE id_group IN ({int:group_list}, {int:current_group})',
  3163. array(
  3164. 'group_list' => $group_id,
  3165. 'current_group' => $old_profile['id_group'],
  3166. )
  3167. );
  3168. while ($row = $smcFunc['db_fetch_assoc']($request))
  3169. {
  3170. // Is this the new group?
  3171. if ($row['id_group'] == $group_id)
  3172. {
  3173. $foundTarget = true;
  3174. $group_name = $row['group_name'];
  3175. // Does the group type match what we're doing - are we trying to request a non-requestable group?
  3176. if ($changeType == 'request' && $row['group_type'] != 2)
  3177. fatal_lang_error('no_access', false);
  3178. // What about leaving a requestable group we are not a member of?
  3179. elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']]))
  3180. fatal_lang_error('no_access', false);
  3181. elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2)
  3182. fatal_lang_error('no_access', false);
  3183. // We can't change the primary group if this is hidden!
  3184. if ($row['hidden'] == 2)
  3185. $canChangePrimary = false;
  3186. }
  3187. // If this is their old primary, can we change it?
  3188. if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false)
  3189. $canChangePrimary = 1;
  3190. // If we are not doing a force primary move, don't do it automatically if current primary is not 0.
  3191. if ($changeType != 'primary' && $old_profile['id_group'] != 0)
  3192. $canChangePrimary = false;
  3193. // If this is the one we are acting on, can we even act?
  3194. if ((!$context['can_manage_protected'] && $row['group_type'] == 1) || (!$context['can_manage_membergroups'] && $row['group_type'] == 0))
  3195. $canChangePrimary = false;
  3196. }
  3197. $smcFunc['db_free_result']($request);
  3198. // Didn't find the target?
  3199. if (!$foundTarget)
  3200. fatal_lang_error('no_access', false);
  3201. // Final security check, don't allow users to promote themselves to admin.
  3202. if ($context['can_manage_membergroups'] && !allowedTo('admin_forum'))
  3203. {
  3204. $request = $smcFunc['db_query']('', '
  3205. SELECT COUNT(permission)
  3206. FROM {db_prefix}permissions
  3207. WHERE id_group = {int:selected_group}
  3208. AND permission = {string:admin_forum}
  3209. AND add_deny = {int:not_denied}',
  3210. array(
  3211. 'selected_group' => $group_id,
  3212. 'not_denied' => 1,
  3213. 'admin_forum' => 'admin_forum',
  3214. )
  3215. );
  3216. list ($disallow) = $smcFunc['db_fetch_row']($request);
  3217. $smcFunc['db_free_result']($request);
  3218. if ($disallow)
  3219. isAllowedTo('admin_forum');
  3220. }
  3221. // If we're requesting, add the note then return.
  3222. if ($changeType == 'request')
  3223. {
  3224. $request = $smcFunc['db_query']('', '
  3225. SELECT id_member
  3226. FROM {db_prefix}log_group_requests
  3227. WHERE id_member = {int:selected_member}
  3228. AND id_group = {int:selected_group}
  3229. AND status = {int:status_open}',
  3230. array(
  3231. 'selected_member' => $memID,
  3232. 'selected_group' => $group_id,
  3233. 'status_open' => 0,
  3234. )
  3235. );
  3236. if ($smcFunc['db_num_rows']($request) != 0)
  3237. fatal_lang_error('profile_error_already_requested_group');
  3238. $smcFunc['db_free_result']($request);
  3239. // Log the request.
  3240. $smcFunc['db_insert']('',
  3241. '{db_prefix}log_group_requests',
  3242. array(
  3243. 'id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534',
  3244. 'status' => 'int', 'id_member_acted' => 'int', 'member_name_acted' => 'string', 'time_acted' => 'int', 'act_reason' => 'string',
  3245. ),
  3246. array(
  3247. $memID, $group_id, time(), $_POST['reason'],
  3248. 0, 0, '', 0, '',
  3249. ),
  3250. array('id_request')
  3251. );
  3252. // Set up some data for our background task...
  3253. $data = serialize(array('id_member' => $memID, 'member_name' => $user_info['name'], 'id_group' => $group_id, 'group_name' => $group_name, 'reason' => $_POST['reason'], 'time' => time()));
  3254. // Add a background task to handle notifying people of this request
  3255. $smcFunc['db_insert']('insert', '{db_prefix}background_tasks',
  3256. array('task_file' => 'string-255', 'task_class' => 'string-255', 'task_data' => 'string', 'claimed_time' => 'int'),
  3257. array('$sourcedir/tasks/GroupReq-Notify.php', 'GroupReq_Notify_Background', $data, 0), array()
  3258. );
  3259. return $changeType;
  3260. }
  3261. // Otherwise we are leaving/joining a group.
  3262. elseif ($changeType == 'free')
  3263. {
  3264. // Are we leaving?
  3265. if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id]))
  3266. {
  3267. if ($old_profile['id_group'] == $group_id)
  3268. $newPrimary = 0;
  3269. else
  3270. unset($addGroups[$group_id]);
  3271. }
  3272. // ... if not, must be joining.
  3273. else
  3274. {
  3275. // Can we change the primary, and do we want to?
  3276. if ($canChangePrimary)
  3277. {
  3278. if ($old_profile['id_group'] != 0)
  3279. $addGroups[$old_profile['id_group']] = -1;
  3280. $newPrimary = $group_id;
  3281. }
  3282. // Otherwise it's an additional group...
  3283. else
  3284. $addGroups[$group_id] = -1;
  3285. }
  3286. }
  3287. // Finally, we must be setting the primary.
  3288. elseif ($canChangePrimary)
  3289. {
  3290. if ($old_profile['id_group'] != 0)
  3291. $addGroups[$old_profile['id_group']] = -1;
  3292. if (isset($addGroups[$group_id]))
  3293. unset($addGroups[$group_id]);
  3294. $newPrimary = $group_id;
  3295. }
  3296. // Finally, we can make the changes!
  3297. foreach ($addGroups as $id => $dummy)
  3298. if (empty($id))
  3299. unset($addGroups[$id]);
  3300. $addGroups = implode(',', array_flip($addGroups));
  3301. // Ensure that we don't cache permissions if the group is changing.
  3302. if ($context['user']['is_owner'])
  3303. $_SESSION['mc']['time'] = 0;
  3304. else
  3305. updateSettings(array('settings_updated' => time()));
  3306. updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups));
  3307. return $changeType;
  3308. }
  3309. ?>