Profile.php 33 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950
  1. <?php
  2. /**
  3. * This file has the primary job of showing and editing people's profiles.
  4. * It also allows the user to change some of their or another's preferences,
  5. * and such things.
  6. *
  7. * Simple Machines Forum (SMF)
  8. *
  9. * @package SMF
  10. * @author Simple Machines http://www.simplemachines.org
  11. * @copyright 2014 Simple Machines and individual contributors
  12. * @license http://www.simplemachines.org/about/smf/license.php BSD
  13. *
  14. * @version 2.1 Alpha 1
  15. */
  16. if (!defined('SMF'))
  17. die('No direct access...');
  18. /**
  19. * Allow the change or view of profiles...
  20. *
  21. * @param array $post_errors = array()
  22. */
  23. function ModifyProfile($post_errors = array())
  24. {
  25. global $txt, $scripturl, $user_info, $context, $sourcedir, $user_profile, $cur_profile;
  26. global $modSettings, $memberContext, $profile_vars, $post_errors, $user_settings;
  27. // Don't reload this as we may have processed error strings.
  28. if (empty($post_errors))
  29. loadLanguage('Profile+Drafts');
  30. loadTemplate('Profile');
  31. require_once($sourcedir . '/Subs-Menu.php');
  32. // Did we get the user by name...
  33. if (isset($_REQUEST['user']))
  34. $memberResult = loadMemberData($_REQUEST['user'], true, 'profile');
  35. // ... or by id_member?
  36. elseif (!empty($_REQUEST['u']))
  37. $memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile');
  38. // If it was just ?action=profile, edit your own profile, but only if you're not a guest.
  39. else
  40. {
  41. // Members only...
  42. is_not_guest();
  43. $memberResult = loadMemberData($user_info['id'], false, 'profile');
  44. }
  45. // Check if loadMemberData() has returned a valid result.
  46. if (!is_array($memberResult))
  47. fatal_lang_error('not_a_user', false);
  48. // If all went well, we have a valid member ID!
  49. list ($memID) = $memberResult;
  50. $context['id_member'] = $memID;
  51. $cur_profile = $user_profile[$memID];
  52. // Let's have some information about this member ready, too.
  53. loadMemberContext($memID);
  54. $context['member'] = $memberContext[$memID];
  55. // Is this the profile of the user himself or herself?
  56. $context['user']['is_owner'] = $memID == $user_info['id'];
  57. // Group management isn't actually a permission. But we need it to be for this, so we need a phantom permission.
  58. // And we care about what the current user can do, not what the user whose profile it is.
  59. if ($user_info['mod_cache']['gq'] != '0=1')
  60. $user_info['permissions'][] = 'approve_group_requests';
  61. /* Define all the sections within the profile area!
  62. We start by defining the permission required - then SMF takes this and turns it into the relevant context ;)
  63. Possible fields:
  64. For Section:
  65. string $title: Section title.
  66. array $areas: Array of areas within this section.
  67. For Areas:
  68. string $label: Text string that will be used to show the area in the menu.
  69. string $file: Optional text string that may contain a file name that's needed for inclusion in order to display the area properly.
  70. string $custom_url: Optional href for area.
  71. string $function: Function to execute for this section.
  72. bool $enabled: Should area be shown?
  73. string $sc: Session check validation to do on save - note without this save will get unset - if set.
  74. bool $hidden: Does this not actually appear on the menu?
  75. bool $password: Whether to require the user's password in order to save the data in the area.
  76. array $subsections: Array of subsections, in order of appearance.
  77. array $permission: Array of permissions to determine who can access this area. Should contain arrays $own and $any.
  78. */
  79. $profile_areas = array(
  80. 'info' => array(
  81. 'title' => $txt['profileInfo'],
  82. 'areas' => array(
  83. 'summary' => array(
  84. 'label' => $txt['summary'],
  85. 'file' => 'Profile-View.php',
  86. 'function' => 'summary',
  87. 'icon' => 'administration.png',
  88. 'permission' => array(
  89. 'own' => 'is_not_guest',
  90. 'any' => 'profile_view',
  91. ),
  92. ),
  93. 'popup' => array(
  94. 'function' => 'profile_popup',
  95. 'permission' => array(
  96. 'own' => 'is_not_guest',
  97. 'any' => array(),
  98. ),
  99. 'select' => 'summary',
  100. ),
  101. 'alerts_popup' => array(
  102. 'function' => 'alerts_popup',
  103. 'permission' => array(
  104. 'own' => 'is_not_guest',
  105. 'any' => array(),
  106. ),
  107. 'select' => 'summary',
  108. ),
  109. 'statistics' => array(
  110. 'label' => $txt['statPanel'],
  111. 'file' => 'Profile-View.php',
  112. 'function' => 'statPanel',
  113. 'icon' => 'stats.png',
  114. 'permission' => array(
  115. 'own' => 'is_not_guest',
  116. 'any' => 'profile_view',
  117. ),
  118. ),
  119. 'showposts' => array(
  120. 'label' => $txt['showPosts'],
  121. 'file' => 'Profile-View.php',
  122. 'function' => 'showPosts',
  123. 'icon' => 'posts.png',
  124. 'subsections' => array(
  125. 'messages' => array($txt['showMessages'], array('is_not_guest', 'profile_view')),
  126. 'topics' => array($txt['showTopics'], array('is_not_guest', 'profile_view')),
  127. 'unwatchedtopics' => array($txt['showUnwatched'], array('is_not_guest', 'profile_view'), 'enabled' => $modSettings['enable_unwatch'] && $context['user']['is_owner']),
  128. 'attach' => array($txt['showAttachments'], array('is_not_guest', 'profile_view')),
  129. ),
  130. 'permission' => array(
  131. 'own' => 'is_not_guest',
  132. 'any' => 'profile_view',
  133. ),
  134. ),
  135. 'showdrafts' => array(
  136. 'label' => $txt['drafts_show'],
  137. 'file' => 'Drafts.php',
  138. 'function' => 'showProfileDrafts',
  139. 'icon' => 'drafts.png',
  140. 'enabled' => !empty($modSettings['drafts_post_enabled']) && $context['user']['is_owner'],
  141. 'permission' => array(
  142. 'own' => 'is_not_guest',
  143. 'any' => array(),
  144. ),
  145. ),
  146. 'permissions' => array(
  147. 'label' => $txt['showPermissions'],
  148. 'file' => 'Profile-View.php',
  149. 'function' => 'showPermissions',
  150. 'icon' => 'permissions.png',
  151. 'permission' => array(
  152. 'own' => 'manage_permissions',
  153. 'any' => 'manage_permissions',
  154. ),
  155. ),
  156. 'tracking' => array(
  157. 'label' => $txt['trackUser'],
  158. 'file' => 'Profile-View.php',
  159. 'function' => 'tracking',
  160. 'icon' => 'logs.png',
  161. 'subsections' => array(
  162. 'activity' => array($txt['trackActivity'], 'moderate_forum'),
  163. 'ip' => array($txt['trackIP'], 'moderate_forum'),
  164. 'edits' => array($txt['trackEdits'], 'moderate_forum', 'enabled' => !empty($modSettings['userlog_enabled'])),
  165. 'groupreq' => array($txt['trackGroupRequests'], 'approve_group_requests', 'enabled' => !empty($modSettings['show_group_membership'])),
  166. 'logins' => array($txt['trackLogins'], 'moderate_forum'),
  167. ),
  168. 'permission' => array(
  169. 'own' => array('moderate_forum', 'approve_group_requests'),
  170. 'any' => array('moderate_forum', 'approve_group_requests'),
  171. ),
  172. ),
  173. 'viewwarning' => array(
  174. 'label' => $txt['profile_view_warnings'],
  175. 'enabled' => $modSettings['warning_settings'][0] == 1 && $cur_profile['warning'] && (!empty($modSettings['warning_show']) && ($context['user']['is_owner'] || $modSettings['warning_show'] == 2)),
  176. 'file' => 'Profile-View.php',
  177. 'function' => 'viewWarning',
  178. 'icon' => 'warning.png',
  179. 'permission' => array(
  180. 'own' => 'is_not_guest', // @todo this needs to be a view-own warning
  181. 'any' => 'issue_warning',
  182. ),
  183. ),
  184. ),
  185. ),
  186. 'edit_profile' => array(
  187. 'title' => $txt['profileEdit'],
  188. 'areas' => array(
  189. 'account' => array(
  190. 'label' => $txt['account'],
  191. 'file' => 'Profile-Modify.php',
  192. 'function' => 'account',
  193. 'icon' => 'maintain.png',
  194. 'enabled' => $context['user']['is_admin'] || ($cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups']))),
  195. 'sc' => 'post',
  196. 'token' => 'profile-ac%u',
  197. 'password' => true,
  198. 'permission' => array(
  199. 'own' => array('profile_identity_any', 'profile_identity_own', 'profile_password_any', 'profile_password_own', 'manage_membergroups'),
  200. 'any' => array('profile_identity_any', 'profile_password_any', 'manage_membergroups'),
  201. ),
  202. ),
  203. 'forumprofile' => array(
  204. 'label' => $txt['forumprofile'],
  205. 'file' => 'Profile-Modify.php',
  206. 'function' => 'forumProfile',
  207. 'icon' => 'members.png',
  208. 'sc' => 'post',
  209. 'token' => 'profile-fp%u',
  210. 'permission' => array(
  211. 'own' => array('profile_forum_any', 'profile_forum_own'),
  212. 'any' => array('profile_forum_any'),
  213. ),
  214. ),
  215. 'theme' => array(
  216. 'label' => $txt['theme'],
  217. 'file' => 'Profile-Modify.php',
  218. 'function' => 'theme',
  219. 'icon' => 'features.png',
  220. 'sc' => 'post',
  221. 'token' => 'profile-th%u',
  222. 'permission' => array(
  223. 'own' => array('profile_extra_any', 'profile_extra_own'),
  224. 'any' => array('profile_extra_any'),
  225. ),
  226. ),
  227. 'authentication' => array(
  228. 'label' => $txt['authentication'],
  229. 'file' => 'Profile-Modify.php',
  230. 'function' => 'authentication',
  231. 'icon' => 'openid.png',
  232. 'enabled' => !empty($modSettings['enableOpenID']) && ($modSettings['enableOpenID'] == 1 || !empty($cur_profile['openid_uri'])),
  233. 'sc' => 'post',
  234. 'token' => 'profile-au%u',
  235. 'hidden' => empty($modSettings['enableOpenID']) && empty($cur_profile['openid_uri']),
  236. 'password' => true,
  237. 'permission' => array(
  238. 'own' => array('profile_password_any', 'profile_password_own'),
  239. 'any' => array('profile_password_any'),
  240. ),
  241. ),
  242. 'notification' => array(
  243. 'label' => $txt['notification'],
  244. 'file' => 'Profile-Modify.php',
  245. 'function' => 'notification',
  246. 'icon' => 'mail.png',
  247. 'sc' => 'post',
  248. //'token' => 'profile-nt%u', This is not checked here. We do it in the function itself - but if it was checked, this is what it'd be.
  249. 'subsections' => array(
  250. 'alerts' => array($txt['alert_prefs'], array('is_not_guest', 'profile_extra_any')),
  251. 'topics' => array($txt['watched_topics'], array('is_not_guest', 'profile_extra_any')),
  252. 'boards' => array($txt['watched_boards'], array('is_not_guest', 'profile_extra_any')),
  253. ),
  254. 'permission' => array(
  255. 'own' => array('is_not_guest'),
  256. 'any' => array('profile_extra_any'), // If you change this, update it in the functions themselves; we delegate all saving checks there.
  257. ),
  258. ),
  259. 'ignoreboards' => array(
  260. 'label' => $txt['ignoreboards'],
  261. 'file' => 'Profile-Modify.php',
  262. 'function' => 'ignoreboards',
  263. 'icon' => 'boards.png',
  264. 'enabled' => !empty($modSettings['allow_ignore_boards']),
  265. 'sc' => 'post',
  266. 'token' => 'profile-ib%u',
  267. 'permission' => array(
  268. 'own' => array('profile_extra_any', 'profile_extra_own'),
  269. 'any' => array('profile_extra_any'),
  270. ),
  271. ),
  272. 'lists' => array(
  273. 'label' => $txt['editBuddyIgnoreLists'],
  274. 'file' => 'Profile-Modify.php',
  275. 'function' => 'editBuddyIgnoreLists',
  276. 'icon' => 'frenemy.png',
  277. 'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'],
  278. 'sc' => 'post',
  279. 'subsections' => array(
  280. 'buddies' => array($txt['editBuddies']),
  281. 'ignore' => array($txt['editIgnoreList']),
  282. ),
  283. 'permission' => array(
  284. 'own' => array('profile_extra_any', 'profile_extra_own'),
  285. 'any' => array(),
  286. ),
  287. ),
  288. 'groupmembership' => array(
  289. 'label' => $txt['groupmembership'],
  290. 'file' => 'Profile-Modify.php',
  291. 'function' => 'groupMembership',
  292. 'icon' => 'membergroups.png',
  293. 'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'],
  294. 'sc' => 'request',
  295. 'token' => 'profile-gm%u',
  296. 'token_type' => 'request',
  297. 'permission' => array(
  298. 'own' => array('is_not_guest'),
  299. 'any' => array('manage_membergroups'),
  300. ),
  301. ),
  302. ),
  303. ),
  304. 'profile_action' => array(
  305. 'title' => $txt['profileAction'],
  306. 'areas' => array(
  307. 'sendpm' => array(
  308. 'label' => $txt['profileSendIm'],
  309. 'custom_url' => $scripturl . '?action=pm;sa=send',
  310. 'icon' => 'personal_message.png',
  311. 'permission' => array(
  312. 'own' => array(),
  313. 'any' => array('pm_send'),
  314. ),
  315. ),
  316. 'issuewarning' => array(
  317. 'label' => $txt['profile_issue_warning'],
  318. 'enabled' => $modSettings['warning_settings'][0] == 1,
  319. 'file' => 'Profile-Actions.php',
  320. 'function' => 'issueWarning',
  321. 'icon' => 'warning.png',
  322. 'token' => 'profile-iw%u',
  323. 'permission' => array(
  324. 'own' => array(),
  325. 'any' => array('issue_warning'),
  326. ),
  327. ),
  328. 'banuser' => array(
  329. 'label' => $txt['profileBanUser'],
  330. 'custom_url' => $scripturl . '?action=admin;area=ban;sa=add',
  331. 'icon' => 'ban.png',
  332. 'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])),
  333. 'permission' => array(
  334. 'own' => array(),
  335. 'any' => array('manage_bans'),
  336. ),
  337. ),
  338. 'subscriptions' => array(
  339. 'label' => $txt['subscriptions'],
  340. 'file' => 'Profile-Actions.php',
  341. 'function' => 'subscriptions',
  342. 'icon' => 'paid.png',
  343. 'enabled' => !empty($modSettings['paid_enabled']),
  344. 'permission' => array(
  345. 'own' => array('is_not_guest'),
  346. 'any' => array('moderate_forum'),
  347. ),
  348. ),
  349. 'deleteaccount' => array(
  350. 'label' => $txt['deleteAccount'],
  351. 'file' => 'Profile-Actions.php',
  352. 'function' => 'deleteAccount',
  353. 'icon' => 'members_delete.png',
  354. 'sc' => 'post',
  355. 'token' => 'profile-da%u',
  356. 'password' => true,
  357. 'permission' => array(
  358. 'own' => array('profile_remove_any', 'profile_remove_own'),
  359. 'any' => array('profile_remove_any'),
  360. ),
  361. ),
  362. 'activateaccount' => array(
  363. 'file' => 'Profile-Actions.php',
  364. 'function' => 'activateAccount',
  365. 'icon' => 'regcenter.png',
  366. 'sc' => 'get',
  367. 'token' => 'profile-aa%u',
  368. 'token_type' => 'get',
  369. 'permission' => array(
  370. 'own' => array(),
  371. 'any' => array('moderate_forum'),
  372. ),
  373. ),
  374. ),
  375. ),
  376. );
  377. // Let them modify profile areas easily.
  378. call_integration_hook('integrate_profile_areas', array(&$profile_areas));
  379. // Do some cleaning ready for the menu function.
  380. $context['password_areas'] = array();
  381. $current_area = isset($_REQUEST['area']) ? $_REQUEST['area'] : '';
  382. foreach ($profile_areas as $section_id => $section)
  383. {
  384. // Do a bit of spring cleaning so to speak.
  385. foreach ($section['areas'] as $area_id => $area)
  386. {
  387. // If it said no permissions that meant it wasn't valid!
  388. if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any']))
  389. $profile_areas[$section_id]['areas'][$area_id]['enabled'] = false;
  390. // Otherwise pick the right set.
  391. else
  392. $profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any'];
  393. // Password required - only if not on OpenID.
  394. if (!empty($area['password']))
  395. $context['password_areas'][] = $area_id;
  396. }
  397. }
  398. // Is there an updated message to show?
  399. if (isset($_GET['updated']))
  400. $context['profile_updated'] = $txt['profile_updated_own'];
  401. // Set a few options for the menu.
  402. $menuOptions = array(
  403. 'disable_url_session_check' => true,
  404. 'current_area' => $current_area,
  405. 'extra_url_parameters' => array(
  406. 'u' => $context['id_member'],
  407. ),
  408. );
  409. // Actually create the menu!
  410. $profile_include_data = createMenu($profile_areas, $menuOptions);
  411. // No menu means no access.
  412. if (!$profile_include_data && (!$user_info['is_guest'] || validateSession()))
  413. fatal_lang_error('no_access', false);
  414. // Make a note of the Unique ID for this menu.
  415. $context['profile_menu_id'] = $context['max_menu_id'];
  416. $context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id'];
  417. // Set the selected item - now it's been validated.
  418. $current_area = $profile_include_data['current_area'];
  419. $current_sa = $profile_include_data['current_subsection'];
  420. $context['menu_item_selected'] = $current_area;
  421. // Before we go any further, let's work on the area we've said is valid. Note this is done here just in case we ever compromise the menu function in error!
  422. $context['completed_save'] = false;
  423. $context['do_preview'] = isset($_REQUEST['preview_signature']);
  424. $security_checks = array();
  425. $found_area = false;
  426. foreach ($profile_areas as $section_id => $section)
  427. {
  428. // Do a bit of spring cleaning so to speak.
  429. foreach ($section['areas'] as $area_id => $area)
  430. {
  431. // Is this our area?
  432. if ($current_area == $area_id)
  433. {
  434. // This can't happen - but is a security check.
  435. if ((isset($section['enabled']) && $section['enabled'] == false) || (isset($area['enabled']) && $area['enabled'] == false))
  436. fatal_lang_error('no_access', false);
  437. // Are we saving data in a valid area?
  438. if (isset($area['sc']) && (isset($_REQUEST['save']) || $context['do_preview']))
  439. {
  440. $security_checks['session'] = $area['sc'];
  441. $context['completed_save'] = true;
  442. }
  443. // Do we need to perform a token check?
  444. if (!empty($area['token']))
  445. {
  446. $security_checks[isset($_REQUEST['save']) ? 'validateToken' : 'needsToken'] = $area['token'];
  447. $token_name = $area['token'] !== true ? str_replace('%u', $context['id_member'], $area['token']) : 'profile-u' . $context['id_member'];
  448. $token_type = isset($area['token_type']) && in_array($area['token_type'], array('request', 'post', 'get')) ? $area['token_type'] : 'post';
  449. }
  450. // Does this require session validating?
  451. if (!empty($area['validate']) || (isset($_REQUEST['save']) && !$context['user']['is_owner']))
  452. $security_checks['validate'] = true;
  453. // Permissions for good measure.
  454. if (!empty($profile_include_data['permission']))
  455. $security_checks['permission'] = $profile_include_data['permission'];
  456. // Either way got something.
  457. $found_area = true;
  458. }
  459. }
  460. }
  461. // Oh dear, some serious security lapse is going on here... we'll put a stop to that!
  462. if (!$found_area)
  463. fatal_lang_error('no_access', false);
  464. // Release this now.
  465. unset($profile_areas);
  466. // Now the context is setup have we got any security checks to carry out additional to that above?
  467. if (isset($security_checks['session']))
  468. checkSession($security_checks['session']);
  469. if (isset($security_checks['validate']))
  470. validateSession();
  471. if (isset($security_checks['validateToken']))
  472. validateToken($token_name, $token_type);
  473. if (isset($security_checks['permission']))
  474. isAllowedTo($security_checks['permission']);
  475. // Create a token if needed.
  476. if (isset($security_checks['needsToken']) || isset($security_checks['validateToken']))
  477. {
  478. createToken($token_name, $token_type);
  479. $context['token_check'] = $token_name;
  480. }
  481. // File to include?
  482. if (isset($profile_include_data['file']))
  483. require_once($sourcedir . '/' . $profile_include_data['file']);
  484. // Make sure that the area function does exist!
  485. if (!isset($profile_include_data['function']) || !function_exists($profile_include_data['function']))
  486. {
  487. destroyMenu();
  488. fatal_lang_error('no_access', false);
  489. }
  490. // Build the link tree.
  491. $context['linktree'][] = array(
  492. 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''),
  493. 'name' => sprintf($txt['profile_of_username'], $context['member']['name']),
  494. );
  495. if (!empty($profile_include_data['label']))
  496. $context['linktree'][] = array(
  497. 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'],
  498. 'name' => $profile_include_data['label'],
  499. );
  500. if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label'])
  501. $context['linktree'][] = array(
  502. 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'],
  503. 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0],
  504. );
  505. // Set the template for this area and add the profile layer.
  506. $context['sub_template'] = $profile_include_data['function'];
  507. $context['template_layers'][] = 'profile';
  508. // All the subactions that require a user password in order to validate.
  509. $check_password = $context['user']['is_owner'] && in_array($profile_include_data['current_area'], $context['password_areas']);
  510. $context['require_password'] = $check_password && empty($user_settings['openid_uri']);
  511. // If we're in wireless then we have a cut down template...
  512. if (WIRELESS && $context['sub_template'] == 'summary' && WIRELESS_PROTOCOL != 'wap')
  513. $context['sub_template'] = WIRELESS_PROTOCOL . '_profile';
  514. // These will get populated soon!
  515. $post_errors = array();
  516. $profile_vars = array();
  517. // Right - are we saving - if so let's save the old data first.
  518. if ($context['completed_save'])
  519. {
  520. // Clean up the POST variables.
  521. $_POST = htmltrim__recursive($_POST);
  522. $_POST = htmlspecialchars__recursive($_POST);
  523. if ($check_password)
  524. {
  525. // If we're using OpenID try to revalidate.
  526. if (!empty($user_settings['openid_uri']))
  527. {
  528. require_once($sourcedir . '/Subs-OpenID.php');
  529. smf_openID_revalidate();
  530. }
  531. else
  532. {
  533. // You didn't even enter a password!
  534. if (trim($_POST['oldpasswrd']) == '')
  535. $post_errors[] = 'no_password';
  536. // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
  537. $_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
  538. // Does the integration want to check passwords?
  539. $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
  540. // Bad password!!!
  541. if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['member_name']) . un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))))
  542. $post_errors[] = 'bad_password';
  543. // Warn other elements not to jump the gun and do custom changes!
  544. if (in_array('bad_password', $post_errors))
  545. $context['password_auth_failed'] = true;
  546. }
  547. }
  548. // Change the IP address in the database.
  549. if ($context['user']['is_owner'])
  550. $profile_vars['member_ip'] = $user_info['ip'];
  551. // Now call the sub-action function...
  552. if ($current_area == 'activateaccount')
  553. {
  554. if (empty($post_errors))
  555. activateAccount($memID);
  556. }
  557. elseif ($current_area == 'deleteaccount')
  558. {
  559. if (empty($post_errors))
  560. {
  561. deleteAccount2($memID);
  562. redirectexit();
  563. }
  564. }
  565. elseif ($current_area == 'groupmembership' && empty($post_errors))
  566. {
  567. $msg = groupMembership2($profile_vars, $post_errors, $memID);
  568. // Whatever we've done, we have nothing else to do here...
  569. redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : ''));
  570. }
  571. // Authentication changes?
  572. elseif ($current_area == 'authentication')
  573. {
  574. authentication($memID, true);
  575. }
  576. elseif (in_array($current_area, array('account', 'forumprofile', 'theme')))
  577. saveProfileFields();
  578. else
  579. {
  580. $force_redirect = true;
  581. // Ensure we include this.
  582. require_once($sourcedir . '/Profile-Modify.php');
  583. saveProfileChanges($profile_vars, $post_errors, $memID);
  584. }
  585. call_integration_hook('integrate_profile_save', array(&$profile_vars, &$post_errors, $memID));
  586. // There was a problem, let them try to re-enter.
  587. if (!empty($post_errors))
  588. {
  589. // Load the language file so we can give a nice explanation of the errors.
  590. loadLanguage('Errors');
  591. $context['post_errors'] = $post_errors;
  592. }
  593. elseif (!empty($profile_vars))
  594. {
  595. // If we've changed the password, notify any integration that may be listening in.
  596. if (isset($profile_vars['passwd']))
  597. call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
  598. updateMemberData($memID, $profile_vars);
  599. // What if this is the newest member?
  600. if ($modSettings['latestMember'] == $memID)
  601. updateStats('member');
  602. elseif (isset($profile_vars['real_name']))
  603. updateSettings(array('memberlist_updated' => time()));
  604. // If the member changed his/her birthdate, update calendar statistics.
  605. if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name']))
  606. updateSettings(array(
  607. 'calendar_updated' => time(),
  608. ));
  609. // Anything worth logging?
  610. if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled']))
  611. {
  612. $log_changes = array();
  613. require_once($sourcedir . '/Logging.php');
  614. foreach ($context['log_changes'] as $k => $v)
  615. $log_changes[] = array(
  616. 'action' => $k,
  617. 'log_type' => 'user',
  618. 'extra' => array_merge($v, array(
  619. 'applicator' => $user_info['id'],
  620. 'member_affected' => $memID,
  621. )),
  622. );
  623. logActions($log_changes);
  624. }
  625. // Have we got any post save functions to execute?
  626. if (!empty($context['profile_execute_on_save']))
  627. foreach ($context['profile_execute_on_save'] as $saveFunc)
  628. $saveFunc();
  629. // Let them know it worked!
  630. $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']);
  631. // Invalidate any cached data.
  632. cache_put_data('member_data-profile-' . $memID, null, 0);
  633. }
  634. }
  635. // Have some errors for some reason?
  636. if (!empty($post_errors))
  637. {
  638. // Set all the errors so the template knows what went wrong.
  639. foreach ($post_errors as $error_type)
  640. $context['modify_error'][$error_type] = true;
  641. }
  642. // If it's you then we should redirect upon save.
  643. elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview'])
  644. redirectexit('action=profile;area=' . $current_area . (!empty($current_sa) ? ';sa=' . $current_sa : '') . ';updated');
  645. elseif (!empty($force_redirect))
  646. redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
  647. // Call the appropriate subaction function.
  648. $profile_include_data['function']($memID);
  649. // Set the page title if it's not already set...
  650. if (!isset($context['page_title']))
  651. $context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
  652. }
  653. /**
  654. * Set up the requirements for the profile popup - the area that is shown as the popup menu for the current user.
  655. *
  656. * @param int $memID
  657. */
  658. function profile_popup($memID)
  659. {
  660. global $context, $scripturl, $txt, $db_show_debug;
  661. // We do not want to output debug information here.
  662. $db_show_debug = false;
  663. // We only want to output our little layer here.
  664. $context['template_layers'] = array();
  665. // This list will pull from the master list wherever possible. Hopefully it should be clear what does what.
  666. $profile_items = array(
  667. array(
  668. 'menu' => 'info',
  669. 'area' => 'summary',
  670. 'title' => $txt['popup_summary'],
  671. ),
  672. array(
  673. 'menu' => 'edit_profile',
  674. 'area' => 'account',
  675. ),
  676. array(
  677. 'menu' => 'info',
  678. 'area' => 'showposts',
  679. 'title' => $txt['popup_showposts'],
  680. ),
  681. array(
  682. 'menu' => 'edit_profile',
  683. 'area' => 'forumprofile',
  684. ),
  685. array(
  686. 'menu' => 'edit_profile',
  687. 'area' => 'notification',
  688. ),
  689. array(
  690. 'menu' => 'edit_profile',
  691. 'area' => 'theme',
  692. 'title' => $txt['popup_preferences'],
  693. ),
  694. array(
  695. 'menu' => 'edit_profile',
  696. 'area' => 'ignoreboards',
  697. ),
  698. array(
  699. 'menu' => 'edit_profile',
  700. 'area' => 'lists',
  701. 'url' => $scripturl . '?action=profile;area=lists;sa=ignore',
  702. 'title' => $txt['popup_ignore'],
  703. ),
  704. array(
  705. 'menu' => 'edit_profile',
  706. 'area' => 'groupmembership',
  707. ),
  708. array(
  709. 'menu' => 'profile_action',
  710. 'area' => 'subscriptions',
  711. ),
  712. );
  713. call_integration_hook('integrate_profile_popup', array(&$profile_items));
  714. // Now check if these items are available
  715. $context['profile_items'] = array();
  716. $menu_context = &$context[$context['profile_menu_name']]['sections'];
  717. foreach ($profile_items as $item)
  718. {
  719. if (isset($menu_context[$item['menu']]['areas'][$item['area']]))
  720. {
  721. $context['profile_items'][] = $item;
  722. }
  723. }
  724. }
  725. /**
  726. * Set up the requirements for the alerts popup - the area that shows all the alerts just quickly for the current user.
  727. *
  728. * @param int $memID
  729. */
  730. function alerts_popup($memID)
  731. {
  732. global $context, $scripturl, $txt, $sourcedir, $db_show_debug;
  733. // We do not want to output debug information here.
  734. $db_show_debug = false;
  735. // We only want to output our little layer here.
  736. $context['template_layers'] = array();
  737. // Now fetch me my unread alerts, pronto!
  738. require_once($sourcedir . '/Profile-View.php');
  739. $context['unread_alerts'] = fetch_alerts($memID, false);
  740. }
  741. /**
  742. * Load any custom fields for this area... no area means load all, 'summary' loads all public ones.
  743. *
  744. * @param int $memID
  745. * @param string $area = 'summary'
  746. */
  747. function loadCustomFields($memID, $area = 'summary')
  748. {
  749. global $context, $txt, $user_profile, $smcFunc, $user_info, $settings, $scripturl;
  750. // Get the right restrictions in place...
  751. $where = 'active = 1';
  752. if (!allowedTo('admin_forum') && $area != 'register')
  753. {
  754. // If it's the owner they can see two types of private fields, regardless.
  755. if ($memID == $user_info['id'])
  756. $where .= $area == 'summary' ? ' AND private < 3' : ' AND (private = 0 OR private = 2)';
  757. else
  758. $where .= $area == 'summary' ? ' AND private < 2' : ' AND private = 0';
  759. }
  760. if ($area == 'register')
  761. $where .= ' AND show_reg != 0';
  762. elseif ($area != 'summary')
  763. $where .= ' AND show_profile = {string:area}';
  764. // Load all the relevant fields - and data.
  765. $request = $smcFunc['db_query']('', '
  766. SELECT
  767. col_name, field_name, field_desc, field_type, show_reg, field_length, field_options,
  768. default_value, bbc, enclose, placement
  769. FROM {db_prefix}custom_fields
  770. WHERE ' . $where,
  771. array(
  772. 'area' => $area,
  773. )
  774. );
  775. $context['custom_fields'] = array();
  776. $context['custom_fields_required'] = false;
  777. while ($row = $smcFunc['db_fetch_assoc']($request))
  778. {
  779. // Shortcut.
  780. $exists = $memID && isset($user_profile[$memID], $user_profile[$memID]['options'][$row['col_name']]);
  781. $value = $exists ? $user_profile[$memID]['options'][$row['col_name']] : '';
  782. // If this was submitted already then make the value the posted version.
  783. if (isset($_POST['customfield']) && isset($_POST['customfield'][$row['col_name']]))
  784. {
  785. $value = $smcFunc['htmlspecialchars']($_POST['customfield'][$row['col_name']]);
  786. if (in_array($row['field_type'], array('select', 'radio')))
  787. $value = ($options = explode(',', $row['field_options'])) && isset($options[$value]) ? $options[$value] : '';
  788. }
  789. // HTML for the input form.
  790. $output_html = $value;
  791. if ($row['field_type'] == 'check')
  792. {
  793. $true = (!$exists && $row['default_value']) || $value;
  794. $input_html = '<input type="checkbox" name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . ($true ? ' checked' : '') . ' class="input_check" />';
  795. $output_html = $true ? $txt['yes'] : $txt['no'];
  796. }
  797. elseif ($row['field_type'] == 'select')
  798. {
  799. $input_html = '<select name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"><option value="-1"></option>';
  800. $options = explode(',', $row['field_options']);
  801. foreach ($options as $k => $v)
  802. {
  803. $true = (!$exists && $row['default_value'] == $v) || $value == $v;
  804. $input_html .= '<option value="' . $k . '"' . ($true ? ' selected="selected"' : '') . '>' . $v . '</option>';
  805. if ($true)
  806. $output_html = $v;
  807. }
  808. $input_html .= '</select>';
  809. }
  810. elseif ($row['field_type'] == 'radio')
  811. {
  812. $input_html = '<fieldset>';
  813. $options = explode(',', $row['field_options']);
  814. foreach ($options as $k => $v)
  815. {
  816. $true = (!$exists && $row['default_value'] == $v) || $value == $v;
  817. $input_html .= '<label for="customfield_' . $row['col_name'] . '_' . $k . '"><input type="radio" name="customfield[' . $row['col_name'] . ']" class="input_radio" id="customfield_' . $row['col_name'] . '_' . $k . '" value="' . $k . '"' . ($true ? ' checked' : '') . ' />' . $v . '</label><br />';
  818. if ($true)
  819. $output_html = $v;
  820. }
  821. $input_html .= '</fieldset>';
  822. }
  823. elseif ($row['field_type'] == 'text')
  824. {
  825. $input_html = '<input type="text" name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . ($row['field_length'] != 0 ? 'maxlength="' . $row['field_length'] . '"' : '') . ' size="' . ($row['field_length'] == 0 || $row['field_length'] >= 50 ? 50 : ($row['field_length'] > 30 ? 30 : ($row['field_length'] > 10 ? 20 : 10))) . '" value="' . $value . '" class="input_text" />';
  826. }
  827. else
  828. {
  829. @list ($rows, $cols) = @explode(',', $row['default_value']);
  830. $input_html = '<textarea name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . (!empty($rows) ? 'rows="' . $rows . '"' : '') . ' ' . (!empty($cols) ? 'cols="' . $cols . '"' : '') . '>' . $value . '</textarea>';
  831. }
  832. // Parse BBCode
  833. if ($row['bbc'])
  834. $output_html = parse_bbc($output_html);
  835. elseif ($row['field_type'] == 'textarea')
  836. // Allow for newlines at least
  837. $output_html = strtr($output_html, array("\n" => '<br />'));
  838. // Enclosing the user input within some other text?
  839. if (!empty($row['enclose']) && !empty($output_html))
  840. $output_html = strtr($row['enclose'], array(
  841. '{SCRIPTURL}' => $scripturl,
  842. '{IMAGES_URL}' => $settings['images_url'],
  843. '{DEFAULT_IMAGES_URL}' => $settings['default_images_url'],
  844. '{INPUT}' => $output_html,
  845. ));
  846. $context['custom_fields'][] = array(
  847. 'name' => $row['field_name'],
  848. 'desc' => $row['field_desc'],
  849. 'type' => $row['field_type'],
  850. 'input_html' => $input_html,
  851. 'output_html' => $output_html,
  852. 'placement' => $row['placement'],
  853. 'colname' => $row['col_name'],
  854. 'value' => $value,
  855. 'show_reg' => $row['show_reg'],
  856. );
  857. $context['custom_fields_required'] = $context['custom_fields_required'] || $row['show_reg'];
  858. }
  859. $smcFunc['db_free_result']($request);
  860. call_integration_hook('integrate_load_custom_profile_fields', array($memID, $area));
  861. }
  862. ?>