Profile.php 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813
  1. <?php
  2. /**
  3. * This file has the primary job of showing and editing people's profiles.
  4. * It also allows the user to change some of their or another's preferences,
  5. * and such things.
  6. *
  7. * Simple Machines Forum (SMF)
  8. *
  9. * @package SMF
  10. * @author Simple Machines http://www.simplemachines.org
  11. * @copyright 2013 Simple Machines and individual contributors
  12. * @license http://www.simplemachines.org/about/smf/license.php BSD
  13. *
  14. * @version 2.1 Alpha 1
  15. */
  16. if (!defined('SMF'))
  17. die('No direct access...');
  18. /**
  19. * Allow the change or view of profiles...
  20. *
  21. * @param array $post_errors = array()
  22. */
  23. function ModifyProfile($post_errors = array())
  24. {
  25. global $txt, $scripturl, $user_info, $context, $sourcedir, $user_profile, $cur_profile;
  26. global $modSettings, $memberContext, $profile_vars, $smcFunc, $post_errors, $options, $user_settings;
  27. // Don't reload this as we may have processed error strings.
  28. if (empty($post_errors))
  29. loadLanguage('Profile+Drafts');
  30. loadTemplate('Profile');
  31. require_once($sourcedir . '/Subs-Menu.php');
  32. // Did we get the user by name...
  33. if (isset($_REQUEST['user']))
  34. $memberResult = loadMemberData($_REQUEST['user'], true, 'profile');
  35. // ... or by id_member?
  36. elseif (!empty($_REQUEST['u']))
  37. $memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile');
  38. // If it was just ?action=profile, edit your own profile.
  39. else
  40. $memberResult = loadMemberData($user_info['id'], false, 'profile');
  41. // Check if loadMemberData() has returned a valid result.
  42. if (!is_array($memberResult))
  43. fatal_lang_error('not_a_user', false);
  44. // If all went well, we have a valid member ID!
  45. list ($memID) = $memberResult;
  46. $context['id_member'] = $memID;
  47. $cur_profile = $user_profile[$memID];
  48. // Let's have some information about this member ready, too.
  49. loadMemberContext($memID);
  50. $context['member'] = $memberContext[$memID];
  51. // Is this the profile of the user himself or herself?
  52. $context['user']['is_owner'] = $memID == $user_info['id'];
  53. /* Define all the sections within the profile area!
  54. We start by defining the permission required - then SMF takes this and turns it into the relevant context ;)
  55. Possible fields:
  56. For Section:
  57. string $title: Section title.
  58. array $areas: Array of areas within this section.
  59. For Areas:
  60. string $label: Text string that will be used to show the area in the menu.
  61. string $file: Optional text string that may contain a file name that's needed for inclusion in order to display the area properly.
  62. string $custom_url: Optional href for area.
  63. string $function: Function to execute for this section.
  64. bool $enabled: Should area be shown?
  65. string $sc: Session check validation to do on save - note without this save will get unset - if set.
  66. bool $hidden: Does this not actually appear on the menu?
  67. bool $password: Whether to require the user's password in order to save the data in the area.
  68. array $subsections: Array of subsections, in order of appearance.
  69. array $permission: Array of permissions to determine who can access this area. Should contain arrays $own and $any.
  70. */
  71. $profile_areas = array(
  72. 'info' => array(
  73. 'title' => $txt['profileInfo'],
  74. 'areas' => array(
  75. 'summary' => array(
  76. 'label' => $txt['summary'],
  77. 'file' => 'Profile-View.php',
  78. 'function' => 'summary',
  79. 'permission' => array(
  80. 'own' => 'profile_view_own',
  81. 'any' => 'profile_view_any',
  82. ),
  83. ),
  84. 'statistics' => array(
  85. 'label' => $txt['statPanel'],
  86. 'file' => 'Profile-View.php',
  87. 'function' => 'statPanel',
  88. 'permission' => array(
  89. 'own' => 'profile_view_own',
  90. 'any' => 'profile_view_any',
  91. ),
  92. ),
  93. 'showposts' => array(
  94. 'label' => $txt['showPosts'],
  95. 'file' => 'Profile-View.php',
  96. 'function' => 'showPosts',
  97. 'subsections' => array(
  98. 'messages' => array($txt['showMessages'], array('profile_view_own', 'profile_view_any')),
  99. 'topics' => array($txt['showTopics'], array('profile_view_own', 'profile_view_any')),
  100. 'disregardedtopics' => array($txt['showDisregarded'], array('profile_view_own', 'profile_view_any'), 'enabled' => $modSettings['enable_disregard'] && $context['user']['is_owner']),
  101. 'attach' => array($txt['showAttachments'], array('profile_view_own', 'profile_view_any')),
  102. ),
  103. 'permission' => array(
  104. 'own' => 'profile_view_own',
  105. 'any' => 'profile_view_any',
  106. ),
  107. ),
  108. 'showdrafts' => array(
  109. 'label' => $txt['drafts_show'],
  110. 'file' => 'Drafts.php',
  111. 'function' => 'showProfileDrafts',
  112. 'enabled' => !empty($modSettings['drafts_enabled']) && $context['user']['is_owner'],
  113. 'permission' => array(
  114. 'own' => 'profile_view_own',
  115. 'any' => array(),
  116. ),
  117. ),
  118. 'permissions' => array(
  119. 'label' => $txt['showPermissions'],
  120. 'file' => 'Profile-View.php',
  121. 'function' => 'showPermissions',
  122. 'permission' => array(
  123. 'own' => 'manage_permissions',
  124. 'any' => 'manage_permissions',
  125. ),
  126. ),
  127. 'tracking' => array(
  128. 'label' => $txt['trackUser'],
  129. 'file' => 'Profile-View.php',
  130. 'function' => 'tracking',
  131. 'subsections' => array(
  132. 'activity' => array($txt['trackActivity'], 'moderate_forum'),
  133. 'ip' => array($txt['trackIP'], 'moderate_forum'),
  134. 'edits' => array($txt['trackEdits'], 'moderate_forum'),
  135. 'logins' => array($txt['trackLogins'], array('profile_view_own', 'moderate_forum')),
  136. ),
  137. 'permission' => array(
  138. 'own' => 'moderate_forum',
  139. 'any' => 'moderate_forum',
  140. ),
  141. ),
  142. 'viewwarning' => array(
  143. 'label' => $txt['profile_view_warnings'],
  144. 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && $cur_profile['warning'] && (!empty($modSettings['warning_show']) && ($context['user']['is_owner'] || $modSettings['warning_show'] == 2)),
  145. 'file' => 'Profile-View.php',
  146. 'function' => 'viewWarning',
  147. 'permission' => array(
  148. 'own' => 'profile_view_own',
  149. 'any' => 'issue_warning',
  150. ),
  151. ),
  152. ),
  153. ),
  154. 'edit_profile' => array(
  155. 'title' => $txt['profileEdit'],
  156. 'areas' => array(
  157. 'account' => array(
  158. 'label' => $txt['account'],
  159. 'file' => 'Profile-Modify.php',
  160. 'function' => 'account',
  161. 'enabled' => $context['user']['is_admin'] || ($cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups']))),
  162. 'sc' => 'post',
  163. 'token' => 'profile-ac%u',
  164. 'password' => true,
  165. 'permission' => array(
  166. 'own' => array('profile_identity_any', 'profile_identity_own', 'manage_membergroups'),
  167. 'any' => array('profile_identity_any', 'manage_membergroups'),
  168. ),
  169. ),
  170. 'forumprofile' => array(
  171. 'label' => $txt['forumprofile'],
  172. 'file' => 'Profile-Modify.php',
  173. 'function' => 'forumProfile',
  174. 'sc' => 'post',
  175. 'token' => 'profile-fp%u',
  176. 'permission' => array(
  177. 'own' => array('profile_extra_any', 'profile_extra_own', 'profile_title_own', 'profile_title_any'),
  178. 'any' => array('profile_extra_any', 'profile_title_any'),
  179. ),
  180. ),
  181. 'theme' => array(
  182. 'label' => $txt['theme'],
  183. 'file' => 'Profile-Modify.php',
  184. 'function' => 'theme',
  185. 'sc' => 'post',
  186. 'token' => 'profile-th%u',
  187. 'permission' => array(
  188. 'own' => array('profile_extra_any', 'profile_extra_own'),
  189. 'any' => array('profile_extra_any'),
  190. ),
  191. ),
  192. 'authentication' => array(
  193. 'label' => $txt['authentication'],
  194. 'file' => 'Profile-Modify.php',
  195. 'function' => 'authentication',
  196. 'enabled' => !empty($modSettings['enableOpenID']) || !empty($cur_profile['openid_uri']),
  197. 'sc' => 'post',
  198. 'token' => 'profile-au%u',
  199. 'hidden' => empty($modSettings['enableOpenID']) && empty($cur_profile['openid_uri']),
  200. 'password' => true,
  201. 'permission' => array(
  202. 'own' => array('profile_identity_any', 'profile_identity_own'),
  203. 'any' => array('profile_identity_any'),
  204. ),
  205. ),
  206. 'notification' => array(
  207. 'label' => $txt['notification'],
  208. 'file' => 'Profile-Modify.php',
  209. 'function' => 'notification',
  210. 'sc' => 'post',
  211. 'token' => 'profile-nt%u',
  212. 'permission' => array(
  213. 'own' => array('profile_extra_any', 'profile_extra_own'),
  214. 'any' => array('profile_extra_any'),
  215. ),
  216. ),
  217. // Without profile_extra_own, settings are accessible from the PM section.
  218. 'pmprefs' => array(
  219. 'label' => $txt['pmprefs'],
  220. 'file' => 'Profile-Modify.php',
  221. 'function' => 'pmprefs',
  222. 'enabled' => allowedTo(array('profile_extra_own', 'profile_extra_any')),
  223. 'sc' => 'post',
  224. 'token' => 'profile-pm%u',
  225. 'permission' => array(
  226. 'own' => array('pm_read'),
  227. 'any' => array('profile_extra_any'),
  228. ),
  229. ),
  230. 'ignoreboards' => array(
  231. 'label' => $txt['ignoreboards'],
  232. 'file' => 'Profile-Modify.php',
  233. 'function' => 'ignoreboards',
  234. 'enabled' => !empty($modSettings['allow_ignore_boards']),
  235. 'sc' => 'post',
  236. 'token' => 'profile-ib%u',
  237. 'permission' => array(
  238. 'own' => array('profile_extra_any', 'profile_extra_own'),
  239. 'any' => array('profile_extra_any'),
  240. ),
  241. ),
  242. 'lists' => array(
  243. 'label' => $txt['editBuddyIgnoreLists'],
  244. 'file' => 'Profile-Modify.php',
  245. 'function' => 'editBuddyIgnoreLists',
  246. 'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'],
  247. 'sc' => 'post',
  248. 'token' => 'profile-bl%u',
  249. 'subsections' => array(
  250. 'buddies' => array($txt['editBuddies']),
  251. 'ignore' => array($txt['editIgnoreList']),
  252. ),
  253. 'permission' => array(
  254. 'own' => array('profile_extra_any', 'profile_extra_own'),
  255. 'any' => array(),
  256. ),
  257. ),
  258. 'groupmembership' => array(
  259. 'label' => $txt['groupmembership'],
  260. 'file' => 'Profile-Modify.php',
  261. 'function' => 'groupMembership',
  262. 'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'],
  263. 'sc' => 'request',
  264. 'token' => 'profile-gm%u',
  265. 'token_type' => 'request',
  266. 'permission' => array(
  267. 'own' => array('profile_view_own'),
  268. 'any' => array('manage_membergroups'),
  269. ),
  270. ),
  271. ),
  272. ),
  273. 'profile_action' => array(
  274. 'title' => $txt['profileAction'],
  275. 'areas' => array(
  276. 'sendpm' => array(
  277. 'label' => $txt['profileSendIm'],
  278. 'custom_url' => $scripturl . '?action=pm;sa=send',
  279. 'permission' => array(
  280. 'own' => array(),
  281. 'any' => array('pm_send'),
  282. ),
  283. ),
  284. 'issuewarning' => array(
  285. 'label' => $txt['profile_issue_warning'],
  286. 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && (!$context['user']['is_owner'] || $context['user']['is_admin']),
  287. 'file' => 'Profile-Actions.php',
  288. 'function' => 'issueWarning',
  289. 'token' => 'profile-iw%u',
  290. 'permission' => array(
  291. 'own' => array('issue_warning'),
  292. 'any' => array('issue_warning'),
  293. ),
  294. ),
  295. 'banuser' => array(
  296. 'label' => $txt['profileBanUser'],
  297. 'custom_url' => $scripturl . '?action=admin;area=ban;sa=add',
  298. 'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])),
  299. 'permission' => array(
  300. 'own' => array(),
  301. 'any' => array('manage_bans'),
  302. ),
  303. ),
  304. 'subscriptions' => array(
  305. 'label' => $txt['subscriptions'],
  306. 'file' => 'Profile-Actions.php',
  307. 'function' => 'subscriptions',
  308. 'enabled' => !empty($modSettings['paid_enabled']),
  309. 'permission' => array(
  310. 'own' => array('profile_view_own'),
  311. 'any' => array('moderate_forum'),
  312. ),
  313. ),
  314. 'deleteaccount' => array(
  315. 'label' => $txt['deleteAccount'],
  316. 'file' => 'Profile-Actions.php',
  317. 'function' => 'deleteAccount',
  318. 'sc' => 'post',
  319. 'token' => 'profile-da%u',
  320. 'password' => true,
  321. 'permission' => array(
  322. 'own' => array('profile_remove_any', 'profile_remove_own'),
  323. 'any' => array('profile_remove_any'),
  324. ),
  325. ),
  326. 'activateaccount' => array(
  327. 'file' => 'Profile-Actions.php',
  328. 'function' => 'activateAccount',
  329. 'sc' => 'get',
  330. 'token' => 'profile-aa%u',
  331. 'select' => 'summary',
  332. 'permission' => array(
  333. 'own' => array(),
  334. 'any' => array('moderate_forum'),
  335. ),
  336. ),
  337. ),
  338. ),
  339. );
  340. // Let them modify profile areas easily.
  341. call_integration_hook('integrate_profile_areas', array(&$profile_areas));
  342. // Do some cleaning ready for the menu function.
  343. $context['password_areas'] = array();
  344. $current_area = isset($_REQUEST['area']) ? $_REQUEST['area'] : '';
  345. foreach ($profile_areas as $section_id => $section)
  346. {
  347. // Do a bit of spring cleaning so to speak.
  348. foreach ($section['areas'] as $area_id => $area)
  349. {
  350. // If it said no permissions that meant it wasn't valid!
  351. if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any']))
  352. $profile_areas[$section_id]['areas'][$area_id]['enabled'] = false;
  353. // Otherwise pick the right set.
  354. else
  355. $profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any'];
  356. // Password required - only if not on OpenID.
  357. if (!empty($area['password']))
  358. $context['password_areas'][] = $area_id;
  359. }
  360. }
  361. // Is there an updated message to show?
  362. if (isset($_GET['updated']))
  363. $context['profile_updated'] = $txt['profile_updated_own'];
  364. // Set a few options for the menu.
  365. $menuOptions = array(
  366. 'disable_url_session_check' => true,
  367. 'current_area' => $current_area,
  368. 'extra_url_parameters' => array(
  369. 'u' => $context['id_member'],
  370. ),
  371. );
  372. // Actually create the menu!
  373. $profile_include_data = createMenu($profile_areas, $menuOptions);
  374. // No menu means no access.
  375. if (!$profile_include_data && (!$user_info['is_guest'] || validateSession()))
  376. fatal_lang_error('no_access', false);
  377. // Make a note of the Unique ID for this menu.
  378. $context['profile_menu_id'] = $context['max_menu_id'];
  379. $context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id'];
  380. // Set the selected item - now it's been validated.
  381. $current_area = $profile_include_data['current_area'];
  382. $context['menu_item_selected'] = $current_area;
  383. // Before we go any further, let's work on the area we've said is valid. Note this is done here just in case we ever compromise the menu function in error!
  384. $context['completed_save'] = false;
  385. $context['do_preview'] = isset($_REQUEST['preview_signature']);
  386. $security_checks = array();
  387. $found_area = false;
  388. foreach ($profile_areas as $section_id => $section)
  389. {
  390. // Do a bit of spring cleaning so to speak.
  391. foreach ($section['areas'] as $area_id => $area)
  392. {
  393. // Is this our area?
  394. if ($current_area == $area_id)
  395. {
  396. // This can't happen - but is a security check.
  397. if ((isset($section['enabled']) && $section['enabled'] == false) || (isset($area['enabled']) && $area['enabled'] == false))
  398. fatal_lang_error('no_access', false);
  399. // Are we saving data in a valid area?
  400. if (isset($area['sc']) && (isset($_REQUEST['save']) || $context['do_preview']))
  401. {
  402. $security_checks['session'] = $area['sc'];
  403. $context['completed_save'] = true;
  404. }
  405. // Do we need to perform a token check?
  406. if (!empty($area['token']))
  407. {
  408. $security_checks[isset($_REQUEST['save']) ? 'validateToken' : 'needsToken'] = $area['token'];
  409. $token_name = $area['token'] !== true ? str_replace('%u', $context['id_member'], $area['token']) : 'profile-u' . $context['id_member'];
  410. $token_type = isset($area['token_type']) && in_array($area['token_type'], array('request', 'post', 'get')) ? $area['token_type'] : 'post';
  411. }
  412. // Does this require session validating?
  413. if (!empty($area['validate']) || (isset($_REQUEST['save']) && !$context['user']['is_owner']))
  414. $security_checks['validate'] = true;
  415. // Permissions for good measure.
  416. if (!empty($profile_include_data['permission']))
  417. $security_checks['permission'] = $profile_include_data['permission'];
  418. // Either way got something.
  419. $found_area = true;
  420. }
  421. }
  422. }
  423. // Oh dear, some serious security lapse is going on here... we'll put a stop to that!
  424. if (!$found_area)
  425. fatal_lang_error('no_access', false);
  426. // Release this now.
  427. unset($profile_areas);
  428. // Now the context is setup have we got any security checks to carry out additional to that above?
  429. if (isset($security_checks['session']))
  430. checkSession($security_checks['session']);
  431. if (isset($security_checks['validate']))
  432. validateSession();
  433. if (isset($security_checks['validateToken']))
  434. validateToken($token_name, $token_type);
  435. if (isset($security_checks['permission']))
  436. isAllowedTo($security_checks['permission']);
  437. // Create a token if needed.
  438. if (isset($security_checks['needsToken']) || isset($security_checks['validateToken']))
  439. {
  440. createToken($token_name, $token_type);
  441. $context['token_check'] = $token_name;
  442. }
  443. // File to include?
  444. if (isset($profile_include_data['file']))
  445. require_once($sourcedir . '/' . $profile_include_data['file']);
  446. // Make sure that the area function does exist!
  447. if (!isset($profile_include_data['function']) || !function_exists($profile_include_data['function']))
  448. {
  449. destroyMenu();
  450. fatal_lang_error('no_access', false);
  451. }
  452. // Build the link tree.
  453. $context['linktree'][] = array(
  454. 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''),
  455. 'name' => sprintf($txt['profile_of_username'], $context['member']['name']),
  456. );
  457. if (!empty($profile_include_data['label']))
  458. $context['linktree'][] = array(
  459. 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'],
  460. 'name' => $profile_include_data['label'],
  461. );
  462. if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label'])
  463. $context['linktree'][] = array(
  464. 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'],
  465. 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0],
  466. );
  467. // Set the template for this area and add the profile layer.
  468. $context['sub_template'] = $profile_include_data['function'];
  469. $context['template_layers'][] = 'profile';
  470. // All the subactions that require a user password in order to validate.
  471. $check_password = $context['user']['is_owner'] && in_array($profile_include_data['current_area'], $context['password_areas']);
  472. $context['require_password'] = $check_password && empty($user_settings['openid_uri']);
  473. // If we're in wireless then we have a cut down template...
  474. if (WIRELESS && $context['sub_template'] == 'summary' && WIRELESS_PROTOCOL != 'wap')
  475. $context['sub_template'] = WIRELESS_PROTOCOL . '_profile';
  476. // These will get populated soon!
  477. $post_errors = array();
  478. $profile_vars = array();
  479. // Right - are we saving - if so let's save the old data first.
  480. if ($context['completed_save'])
  481. {
  482. // Clean up the POST variables.
  483. $_POST = htmltrim__recursive($_POST);
  484. $_POST = htmlspecialchars__recursive($_POST);
  485. if ($check_password)
  486. {
  487. // If we're using OpenID try to revalidate.
  488. if (!empty($user_settings['openid_uri']))
  489. {
  490. require_once($sourcedir . '/Subs-OpenID.php');
  491. smf_openID_revalidate();
  492. }
  493. else
  494. {
  495. // You didn't even enter a password!
  496. if (trim($_POST['oldpasswrd']) == '')
  497. $post_errors[] = 'no_password';
  498. // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
  499. $_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
  500. // Does the integration want to check passwords?
  501. $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
  502. // Bad password!!!
  503. if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['member_name']) . un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))))
  504. $post_errors[] = 'bad_password';
  505. // Warn other elements not to jump the gun and do custom changes!
  506. if (in_array('bad_password', $post_errors))
  507. $context['password_auth_failed'] = true;
  508. }
  509. }
  510. // Change the IP address in the database.
  511. if ($context['user']['is_owner'])
  512. $profile_vars['member_ip'] = $user_info['ip'];
  513. // Now call the sub-action function...
  514. if ($current_area == 'activateaccount')
  515. {
  516. if (empty($post_errors))
  517. activateAccount($memID);
  518. }
  519. elseif ($current_area == 'deleteaccount')
  520. {
  521. if (empty($post_errors))
  522. {
  523. deleteAccount2($memID);
  524. redirectexit();
  525. }
  526. }
  527. elseif ($current_area == 'groupmembership' && empty($post_errors))
  528. {
  529. $msg = groupMembership2($profile_vars, $post_errors, $memID);
  530. // Whatever we've done, we have nothing else to do here...
  531. redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : ''));
  532. }
  533. // Authentication changes?
  534. elseif ($current_area == 'authentication')
  535. {
  536. authentication($memID, true);
  537. }
  538. elseif (in_array($current_area, array('account', 'forumprofile', 'theme', 'pmprefs')))
  539. saveProfileFields();
  540. else
  541. {
  542. $force_redirect = true;
  543. // Ensure we include this.
  544. require_once($sourcedir . '/Profile-Modify.php');
  545. saveProfileChanges($profile_vars, $post_errors, $memID);
  546. }
  547. call_integration_hook('integrate_profile_save', array(&$profile_vars, &$post_errors, $memID));
  548. // There was a problem, let them try to re-enter.
  549. if (!empty($post_errors))
  550. {
  551. // Load the language file so we can give a nice explanation of the errors.
  552. loadLanguage('Errors');
  553. $context['post_errors'] = $post_errors;
  554. }
  555. elseif (!empty($profile_vars))
  556. {
  557. // If we've changed the password, notify any integration that may be listening in.
  558. if (isset($profile_vars['passwd']))
  559. call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
  560. updateMemberData($memID, $profile_vars);
  561. // What if this is the newest member?
  562. if ($modSettings['latestMember'] == $memID)
  563. updateStats('member');
  564. elseif (isset($profile_vars['real_name']))
  565. updateSettings(array('memberlist_updated' => time()));
  566. // If the member changed his/her birthdate, update calendar statistics.
  567. if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name']))
  568. updateSettings(array(
  569. 'calendar_updated' => time(),
  570. ));
  571. // Anything worth logging?
  572. if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled']))
  573. {
  574. $log_changes = array();
  575. require_once($sourcedir . '/Logging.php');
  576. foreach ($context['log_changes'] as $k => $v)
  577. $log_changes[] = array(
  578. 'action' => $k,
  579. 'log_type' => 'user',
  580. 'extra' => array_merge($v, array(
  581. 'applicator' => $user_info['id'],
  582. 'member_affected' => $memID,
  583. )),
  584. );
  585. logActions($log_changes);
  586. }
  587. // Have we got any post save functions to execute?
  588. if (!empty($context['profile_execute_on_save']))
  589. foreach ($context['profile_execute_on_save'] as $saveFunc)
  590. $saveFunc();
  591. // Let them know it worked!
  592. $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']);
  593. // Invalidate any cached data.
  594. cache_put_data('member_data-profile-' . $memID, null, 0);
  595. }
  596. }
  597. // Have some errors for some reason?
  598. if (!empty($post_errors))
  599. {
  600. // Set all the errors so the template knows what went wrong.
  601. foreach ($post_errors as $error_type)
  602. $context['modify_error'][$error_type] = true;
  603. }
  604. // If it's you then we should redirect upon save.
  605. elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview'])
  606. redirectexit('action=profile;area=' . $current_area . ';updated');
  607. elseif (!empty($force_redirect))
  608. redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
  609. // Call the appropriate subaction function.
  610. $profile_include_data['function']($memID);
  611. // Set the page title if it's not already set...
  612. if (!isset($context['page_title']))
  613. $context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
  614. }
  615. /**
  616. * Load any custom fields for this area... no area means load all, 'summary' loads all public ones.
  617. *
  618. * @param int $memID
  619. * @param string $area = 'summary'
  620. */
  621. function loadCustomFields($memID, $area = 'summary')
  622. {
  623. global $context, $txt, $user_profile, $smcFunc, $user_info, $settings, $scripturl;
  624. // Get the right restrictions in place...
  625. $where = 'active = 1';
  626. if (!allowedTo('admin_forum') && $area != 'register')
  627. {
  628. // If it's the owner they can see two types of private fields, regardless.
  629. if ($memID == $user_info['id'])
  630. $where .= $area == 'summary' ? ' AND private < 3' : ' AND (private = 0 OR private = 2)';
  631. else
  632. $where .= $area == 'summary' ? ' AND private < 2' : ' AND private = 0';
  633. }
  634. if ($area == 'register')
  635. $where .= ' AND show_reg != 0';
  636. elseif ($area != 'summary')
  637. $where .= ' AND show_profile = {string:area}';
  638. // Load all the relevant fields - and data.
  639. $request = $smcFunc['db_query']('', '
  640. SELECT
  641. col_name, field_name, field_desc, field_type, show_reg, field_length, field_options,
  642. default_value, bbc, enclose, placement
  643. FROM {db_prefix}custom_fields
  644. WHERE ' . $where,
  645. array(
  646. 'area' => $area,
  647. )
  648. );
  649. $context['custom_fields'] = array();
  650. $context['custom_fields_required'] = false;
  651. while ($row = $smcFunc['db_fetch_assoc']($request))
  652. {
  653. // Shortcut.
  654. $exists = $memID && isset($user_profile[$memID], $user_profile[$memID]['options'][$row['col_name']]);
  655. $value = $exists ? $user_profile[$memID]['options'][$row['col_name']] : '';
  656. // If this was submitted already then make the value the posted version.
  657. if (isset($_POST['customfield']) && isset($_POST['customfield'][$row['col_name']]))
  658. {
  659. $value = $smcFunc['htmlspecialchars']($_POST['customfield'][$row['col_name']]);
  660. if (in_array($row['field_type'], array('select', 'radio')))
  661. $value = ($options = explode(',', $row['field_options'])) && isset($options[$value]) ? $options[$value] : '';
  662. }
  663. // HTML for the input form.
  664. $output_html = $value;
  665. if ($row['field_type'] == 'check')
  666. {
  667. $true = (!$exists && $row['default_value']) || $value;
  668. $input_html = '<input type="checkbox" name="customfield[' . $row['col_name'] . ']" ' . ($true ? 'checked="checked"' : '') . ' class="input_check" />';
  669. $output_html = $true ? $txt['yes'] : $txt['no'];
  670. }
  671. elseif ($row['field_type'] == 'select')
  672. {
  673. $input_html = '<select name="customfield[' . $row['col_name'] . ']"><option value="-1"></option>';
  674. $options = explode(',', $row['field_options']);
  675. foreach ($options as $k => $v)
  676. {
  677. $true = (!$exists && $row['default_value'] == $v) || $value == $v;
  678. $input_html .= '<option value="' . $k . '"' . ($true ? ' selected="selected"' : '') . '>' . $v . '</option>';
  679. if ($true)
  680. $output_html = $v;
  681. }
  682. $input_html .= '</select>';
  683. }
  684. elseif ($row['field_type'] == 'radio')
  685. {
  686. $input_html = '<fieldset>';
  687. $options = explode(',', $row['field_options']);
  688. foreach ($options as $k => $v)
  689. {
  690. $true = (!$exists && $row['default_value'] == $v) || $value == $v;
  691. $input_html .= '<label for="customfield_' . $row['col_name'] . '_' . $k . '"><input type="radio" name="customfield[' . $row['col_name'] . ']" class="input_radio" id="customfield_' . $row['col_name'] . '_' . $k . '" value="' . $k . '" ' . ($true ? 'checked="checked"' : '') . ' />' . $v . '</label><br />';
  692. if ($true)
  693. $output_html = $v;
  694. }
  695. $input_html .= '</fieldset>';
  696. }
  697. elseif ($row['field_type'] == 'text')
  698. {
  699. $input_html = '<input type="text" name="customfield[' . $row['col_name'] . ']" ' . ($row['field_length'] != 0 ? 'maxlength="' . $row['field_length'] . '"' : '') . ' size="' . ($row['field_length'] == 0 || $row['field_length'] >= 50 ? 50 : ($row['field_length'] > 30 ? 30 : ($row['field_length'] > 10 ? 20 : 10))) . '" value="' . $value . '" class="input_text" />';
  700. }
  701. else
  702. {
  703. @list ($rows, $cols) = @explode(',', $row['default_value']);
  704. $input_html = '<textarea name="customfield[' . $row['col_name'] . ']" ' . (!empty($rows) ? 'rows="' . $rows . '"' : '') . ' ' . (!empty($cols) ? 'cols="' . $cols . '"' : '') . '>' . $value . '</textarea>';
  705. }
  706. // Parse BBCode
  707. if ($row['bbc'])
  708. $output_html = parse_bbc($output_html);
  709. elseif ($row['field_type'] == 'textarea')
  710. // Allow for newlines at least
  711. $output_html = strtr($output_html, array("\n" => '<br />'));
  712. // Enclosing the user input within some other text?
  713. if (!empty($row['enclose']) && !empty($output_html))
  714. $output_html = strtr($row['enclose'], array(
  715. '{SCRIPTURL}' => $scripturl,
  716. '{IMAGES_URL}' => $settings['images_url'],
  717. '{DEFAULT_IMAGES_URL}' => $settings['default_images_url'],
  718. '{INPUT}' => $output_html,
  719. ));
  720. $context['custom_fields'][] = array(
  721. 'name' => $row['field_name'],
  722. 'desc' => $row['field_desc'],
  723. 'type' => $row['field_type'],
  724. 'input_html' => $input_html,
  725. 'output_html' => $output_html,
  726. 'placement' => $row['placement'],
  727. 'colname' => $row['col_name'],
  728. 'value' => $value,
  729. 'show_reg' => $row['show_reg'],
  730. );
  731. $context['custom_fields_required'] = $context['custom_fields_required'] || $row['show_reg'];
  732. }
  733. $smcFunc['db_free_result']($request);
  734. call_integration_hook('integrate_load_custom_profile_fields', array($memID, $area));
  735. }
  736. ?>