Profile-Modify.php 128 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841
  1. <?php
  2. /**
  3. * This file has the primary job of showing and editing people's profiles.
  4. * It also allows the user to change some of their or another's preferences,
  5. * and such things
  6. *
  7. * Simple Machines Forum (SMF)
  8. *
  9. * @package SMF
  10. * @author Simple Machines http://www.simplemachines.org
  11. * @copyright 2014 Simple Machines and individual contributors
  12. * @license http://www.simplemachines.org/about/smf/license.php BSD
  13. *
  14. * @version 2.1 Alpha 1
  15. */
  16. if (!defined('SMF'))
  17. die('No direct access...');
  18. /**
  19. * This defines every profile field known to man.
  20. *
  21. * @param bool $force_reload = false
  22. */
  23. function loadProfileFields($force_reload = false)
  24. {
  25. global $context, $profile_fields, $txt, $scripturl, $modSettings, $user_info, $old_profile, $smcFunc, $cur_profile, $language;
  26. // Don't load this twice!
  27. if (!empty($profile_fields) && !$force_reload)
  28. return;
  29. /* This horrific array defines all the profile fields in the whole world!
  30. In general each "field" has one array - the key of which is the database column name associated with said field. Each item
  31. can have the following attributes:
  32. string $type: The type of field this is - valid types are:
  33. - callback: This is a field which has its own callback mechanism for templating.
  34. - check: A simple checkbox.
  35. - hidden: This doesn't have any visual aspects but may have some validity.
  36. - password: A password box.
  37. - select: A select box.
  38. - text: A string of some description.
  39. string $label: The label for this item - default will be $txt[$key] if this isn't set.
  40. string $subtext: The subtext (Small label) for this item.
  41. int $size: Optional size for a text area.
  42. array $input_attr: An array of text strings to be added to the input box for this item.
  43. string $value: The value of the item. If not set $cur_profile[$key] is assumed.
  44. string $permission: Permission required for this item (Excluded _any/_own subfix which is applied automatically).
  45. function $input_validate: A runtime function which validates the element before going to the database. It is passed
  46. the relevant $_POST element if it exists and should be treated like a reference.
  47. Return types:
  48. - true: Element can be stored.
  49. - false: Skip this element.
  50. - a text string: An error occured - this is the error message.
  51. function $preload: A function that is used to load data required for this element to be displayed. Must return
  52. true to be displayed at all.
  53. string $cast_type: If set casts the element to a certain type. Valid types (bool, int, float).
  54. string $save_key: If the index of this element isn't the database column name it can be overriden
  55. with this string.
  56. bool $is_dummy: If set then nothing is acted upon for this element.
  57. bool $enabled: A test to determine whether this is even available - if not is unset.
  58. string $link_with: Key which links this field to an overall set.
  59. Note that all elements that have a custom input_validate must ensure they set the value of $cur_profile correct to enable
  60. the changes to be displayed correctly on submit of the form.
  61. */
  62. $profile_fields = array(
  63. 'aim' => array(
  64. 'type' => 'text',
  65. 'label' => $txt['aim'],
  66. 'subtext' => $txt['your_aim'],
  67. 'size' => 24,
  68. 'value' => strtr(empty($cur_profile['aim']) ? '' : $cur_profile['aim'], '+', ' '),
  69. 'permission' => 'profile_extra',
  70. 'input_validate' => create_function('&$value', '
  71. $value = strtr($value, \' \', \'+\');
  72. if (strlen($value) > 32)
  73. return \'aim_too_long\';
  74. return true;
  75. '),
  76. ),
  77. 'avatar_choice' => array(
  78. 'type' => 'callback',
  79. 'callback_func' => 'avatar_select',
  80. // This handles the permissions too.
  81. 'preload' => 'profileLoadAvatarData',
  82. 'input_validate' => 'profileSaveAvatarData',
  83. 'save_key' => 'avatar',
  84. ),
  85. 'bday1' => array(
  86. 'type' => 'callback',
  87. 'callback_func' => 'birthdate',
  88. 'permission' => 'profile_extra',
  89. 'preload' => create_function('', '
  90. global $cur_profile, $context;
  91. // Split up the birthdate....
  92. list ($uyear, $umonth, $uday) = explode(\'-\', empty($cur_profile[\'birthdate\']) || $cur_profile[\'birthdate\'] == \'0001-01-01\' ? \'0000-00-00\' : $cur_profile[\'birthdate\']);
  93. $context[\'member\'][\'birth_date\'] = array(
  94. \'year\' => $uyear == \'0004\' ? \'0000\' : $uyear,
  95. \'month\' => $umonth,
  96. \'day\' => $uday,
  97. );
  98. return true;
  99. '),
  100. 'input_validate' => create_function('&$value', '
  101. global $profile_vars, $cur_profile;
  102. if (isset($_POST[\'bday2\'], $_POST[\'bday3\']) && $value > 0 && $_POST[\'bday2\'] > 0)
  103. {
  104. // Set to blank?
  105. if ((int) $_POST[\'bday3\'] == 1 && (int) $_POST[\'bday2\'] == 1 && (int) $value == 1)
  106. $value = \'0001-01-01\';
  107. else
  108. $value = checkdate($value, $_POST[\'bday2\'], $_POST[\'bday3\'] < 4 ? 4 : $_POST[\'bday3\']) ? sprintf(\'%04d-%02d-%02d\', $_POST[\'bday3\'] < 4 ? 4 : $_POST[\'bday3\'], $_POST[\'bday1\'], $_POST[\'bday2\']) : \'0001-01-01\';
  109. }
  110. else
  111. $value = \'0001-01-01\';
  112. $profile_vars[\'birthdate\'] = $value;
  113. $cur_profile[\'birthdate\'] = $value;
  114. return false;
  115. '),
  116. ),
  117. // Setting the birthdate the old style way?
  118. 'birthdate' => array(
  119. 'type' => 'hidden',
  120. 'permission' => 'profile_extra',
  121. 'input_validate' => create_function('&$value', '
  122. global $cur_profile;
  123. // @todo Should we check for this year and tell them they made a mistake :P? (based on coppa at least?)
  124. if (preg_match(\'/(\d{4})[\-\., ](\d{2})[\-\., ](\d{2})/\', $value, $dates) === 1)
  125. {
  126. $value = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf(\'%04d-%02d-%02d\', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : \'0001-01-01\';
  127. return true;
  128. }
  129. else
  130. {
  131. $value = empty($cur_profile[\'birthdate\']) ? \'0001-01-01\' : $cur_profile[\'birthdate\'];
  132. return false;
  133. }
  134. '),
  135. ),
  136. 'date_registered' => array(
  137. 'type' => 'date',
  138. 'value' => empty($cur_profile['date_registered']) ? $txt['not_applicable'] : strftime('%Y-%m-%d', $cur_profile['date_registered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600),
  139. 'label' => $txt['date_registered'],
  140. 'log_change' => true,
  141. 'permission' => 'moderate_forum',
  142. 'input_validate' => create_function('&$value', '
  143. global $txt, $user_info, $modSettings, $cur_profile, $context;
  144. // Bad date! Go try again - please?
  145. if (($value = strtotime($value)) === -1)
  146. {
  147. $value = $cur_profile[\'date_registered\'];
  148. return $txt[\'invalid_registration\'] . \' \' . strftime(\'%d %b %Y \' . (strpos($user_info[\'time_format\'], \'%H\') !== false ? \'%I:%M:%S %p\' : \'%H:%M:%S\'), forum_time(false));
  149. }
  150. // As long as it doesn\'t equal "N/A"...
  151. elseif ($value != $txt[\'not_applicable\'] && $value != strtotime(strftime(\'%Y-%m-%d\', $cur_profile[\'date_registered\'] + ($user_info[\'time_offset\'] + $modSettings[\'time_offset\']) * 3600)))
  152. $value = $value - ($user_info[\'time_offset\'] + $modSettings[\'time_offset\']) * 3600;
  153. else
  154. $value = $cur_profile[\'date_registered\'];
  155. return true;
  156. '),
  157. ),
  158. 'email_address' => array(
  159. 'type' => 'email',
  160. 'label' => $txt['user_email_address'],
  161. 'subtext' => $txt['valid_email'],
  162. 'log_change' => true,
  163. 'permission' => 'profile_password',
  164. 'js_submit' => !empty($modSettings['send_validation_onChange']) ? '
  165. form_handle.addEventListener(\'submit\', function(event)
  166. {
  167. if (this.email_address.value != "'. $cur_profile['email_address'] .'")
  168. {
  169. alert('. JavaScriptEscape($txt['email_change_logout']) .');
  170. return true;
  171. }
  172. }, false);' : '',
  173. 'input_validate' => create_function('&$value', '
  174. global $context, $old_profile, $profile_vars, $sourcedir, $modSettings;
  175. if (strtolower($value) == strtolower($old_profile[\'email_address\']))
  176. return false;
  177. $isValid = profileValidateEmail($value, $context[\'id_member\']);
  178. // Do they need to revalidate? If so schedule the function!
  179. if ($isValid === true && !empty($modSettings[\'send_validation_onChange\']) && !allowedTo(\'moderate_forum\'))
  180. {
  181. require_once($sourcedir . \'/Subs-Members.php\');
  182. $profile_vars[\'validation_code\'] = generateValidationCode();
  183. $profile_vars[\'is_activated\'] = 2;
  184. $context[\'profile_execute_on_save\'][] = \'profileSendActivation\';
  185. unset($context[\'profile_execute_on_save\'][\'reload_user\']);
  186. }
  187. return $isValid;
  188. '),
  189. ),
  190. 'gender' => array(
  191. 'type' => 'select',
  192. 'cast_type' => 'int',
  193. 'options' => 'return array(0 => \'\', 1 => $txt[\'male\'], 2 => $txt[\'female\']);',
  194. 'label' => $txt['gender'],
  195. 'permission' => 'profile_extra',
  196. ),
  197. 'hide_email' => array(
  198. 'type' => 'check',
  199. 'value' => empty($cur_profile['hide_email']) ? true : false,
  200. 'label' => $txt['allow_user_email'],
  201. 'permission' => 'profile_identity',
  202. 'input_validate' => create_function('&$value', '
  203. $value = $value == 0 ? 1 : 0;
  204. return true;
  205. '),
  206. ),
  207. 'icq' => array(
  208. 'type' => 'text',
  209. 'label' => $txt['icq'],
  210. 'subtext' => $txt['your_icq'],
  211. 'size' => 24,
  212. 'permission' => 'profile_extra',
  213. // Need to make sure ICQ doesn't equal 0.
  214. 'input_validate' => create_function('&$value', '
  215. if (empty($value))
  216. $value = \'\';
  217. else
  218. $value = (int) $value;
  219. return true;
  220. '),
  221. ),
  222. // Selecting group membership is a complicated one so we treat it separate!
  223. 'id_group' => array(
  224. 'type' => 'callback',
  225. 'callback_func' => 'group_manage',
  226. 'permission' => 'manage_membergroups',
  227. 'preload' => 'profileLoadGroups',
  228. 'log_change' => true,
  229. 'input_validate' => 'profileSaveGroups',
  230. ),
  231. 'id_theme' => array(
  232. 'type' => 'callback',
  233. 'callback_func' => 'theme_pick',
  234. 'permission' => 'profile_extra',
  235. 'enabled' => $modSettings['theme_allow'] || allowedTo('admin_forum'),
  236. 'preload' => create_function('', '
  237. global $smcFunc, $context, $cur_profile, $txt;
  238. $request = $smcFunc[\'db_query\'](\'\', \'
  239. SELECT value
  240. FROM {db_prefix}themes
  241. WHERE id_theme = {int:id_theme}
  242. AND variable = {string:variable}
  243. LIMIT 1\', array(
  244. \'id_theme\' => $cur_profile[\'id_theme\'],
  245. \'variable\' => \'name\',
  246. )
  247. );
  248. list ($name) = $smcFunc[\'db_fetch_row\']($request);
  249. $smcFunc[\'db_free_result\']($request);
  250. $context[\'member\'][\'theme\'] = array(
  251. \'id\' => $cur_profile[\'id_theme\'],
  252. \'name\' => empty($cur_profile[\'id_theme\']) ? $txt[\'theme_forum_default\'] : $name
  253. );
  254. return true;
  255. '),
  256. 'input_validate' => create_function('&$value', '
  257. $value = (int) $value;
  258. return true;
  259. '),
  260. ),
  261. 'karma_good' => array(
  262. 'type' => 'callback',
  263. 'callback_func' => 'karma_modify',
  264. 'permission' => 'admin_forum',
  265. // Set karma_bad too!
  266. 'input_validate' => create_function('&$value', '
  267. global $profile_vars, $cur_profile;
  268. $value = (int) $value;
  269. if (isset($_POST[\'karma_bad\']))
  270. {
  271. $profile_vars[\'karma_bad\'] = $_POST[\'karma_bad\'] != \'\' ? (int) $_POST[\'karma_bad\'] : 0;
  272. $cur_profile[\'karma_bad\'] = $_POST[\'karma_bad\'] != \'\' ? (int) $_POST[\'karma_bad\'] : 0;
  273. }
  274. return true;
  275. '),
  276. 'preload' => create_function('', '
  277. global $context, $cur_profile;
  278. $context[\'member\'][\'karma\'][\'good\'] = $cur_profile[\'karma_good\'];
  279. $context[\'member\'][\'karma\'][\'bad\'] = $cur_profile[\'karma_bad\'];
  280. return true;
  281. '),
  282. 'enabled' => !empty($modSettings['karmaMode']),
  283. ),
  284. 'lngfile' => array(
  285. 'type' => 'select',
  286. 'options' => 'return $context[\'profile_languages\'];',
  287. 'label' => $txt['preferred_language'],
  288. 'permission' => 'profile_identity',
  289. 'preload' => 'profileLoadLanguages',
  290. 'enabled' => !empty($modSettings['userLanguage']),
  291. 'value' => empty($cur_profile['lngfile']) ? $language : $cur_profile['lngfile'],
  292. 'input_validate' => create_function('&$value', '
  293. global $context, $cur_profile;
  294. // Load the languages.
  295. profileLoadLanguages();
  296. if (isset($context[\'profile_languages\'][$value]))
  297. {
  298. if ($context[\'user\'][\'is_owner\'] && empty($context[\'password_auth_failed\']))
  299. $_SESSION[\'language\'] = $value;
  300. return true;
  301. }
  302. else
  303. {
  304. $value = $cur_profile[\'lngfile\'];
  305. return false;
  306. }
  307. '),
  308. ),
  309. 'location' => array(
  310. 'type' => 'text',
  311. 'label' => $txt['location'],
  312. 'log_change' => true,
  313. 'size' => 50,
  314. 'permission' => 'profile_other',
  315. ),
  316. // The username is not always editable - so adjust it as such.
  317. 'member_name' => array(
  318. 'type' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? 'text' : 'label',
  319. 'label' => $txt['username'],
  320. 'subtext' => allowedTo('admin_forum') && !isset($_GET['changeusername']) ? '[<a href="' . $scripturl . '?action=profile;u=' . $context['id_member'] . ';area=account;changeusername" style="font-style: italic;">' . $txt['username_change'] . '</a>]' : '',
  321. 'log_change' => true,
  322. 'permission' => 'profile_identity',
  323. 'prehtml' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? '<div class="alert">' . $txt['username_warning'] . '</div>' : '',
  324. 'input_validate' => create_function('&$value', '
  325. global $sourcedir, $context, $user_info, $cur_profile;
  326. if (allowedTo(\'admin_forum\'))
  327. {
  328. // We\'ll need this...
  329. require_once($sourcedir . \'/Subs-Auth.php\');
  330. // Maybe they are trying to change their password as well?
  331. $resetPassword = true;
  332. if (isset($_POST[\'passwrd1\']) && $_POST[\'passwrd1\'] != \'\' && isset($_POST[\'passwrd2\']) && $_POST[\'passwrd1\'] == $_POST[\'passwrd2\'] && validatePassword($_POST[\'passwrd1\'], $value, array($cur_profile[\'real_name\'], $user_info[\'username\'], $user_info[\'name\'], $user_info[\'email\'])) == null)
  333. $resetPassword = false;
  334. // Do the reset... this will send them an email too.
  335. if ($resetPassword)
  336. resetPassword($context[\'id_member\'], $value);
  337. elseif ($value !== null)
  338. {
  339. validateUsername($context[\'id_member\'], trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value)));
  340. updateMemberData($context[\'id_member\'], array(\'member_name\' => $value));
  341. }
  342. }
  343. return false;
  344. '),
  345. ),
  346. 'skype' => array(
  347. 'type' => 'text',
  348. 'label' => $txt['skype'],
  349. 'subtext' => $txt['skype_username'],
  350. 'size' => 24,
  351. 'permission' => 'profile_extra',
  352. ),
  353. 'passwrd1' => array(
  354. 'type' => 'password',
  355. 'label' => ucwords($txt['choose_pass']),
  356. 'subtext' => $txt['password_strength'],
  357. 'size' => 20,
  358. 'value' => '',
  359. 'enabled' => empty($cur_profile['openid_uri']),
  360. 'permission' => 'profile_password',
  361. 'save_key' => 'passwd',
  362. // Note this will only work if passwrd2 also exists!
  363. 'input_validate' => create_function('&$value', '
  364. global $sourcedir, $user_info, $smcFunc, $cur_profile;
  365. // If we didn\'t try it then ignore it!
  366. if ($value == \'\')
  367. return false;
  368. // Do the two entries for the password even match?
  369. if (!isset($_POST[\'passwrd2\']) || $value != $_POST[\'passwrd2\'])
  370. return \'bad_new_password\';
  371. // Let\'s get the validation function into play...
  372. require_once($sourcedir . \'/Subs-Auth.php\');
  373. $passwordErrors = validatePassword($value, $cur_profile[\'member_name\'], array($cur_profile[\'real_name\'], $user_info[\'username\'], $user_info[\'name\'], $user_info[\'email\']));
  374. // Were there errors?
  375. if ($passwordErrors != null)
  376. return \'password_\' . $passwordErrors;
  377. // Set up the new password variable... ready for storage.
  378. $value = sha1(strtolower($cur_profile[\'member_name\']) . un_htmlspecialchars($value));
  379. return true;
  380. '),
  381. ),
  382. 'passwrd2' => array(
  383. 'type' => 'password',
  384. 'label' => ucwords($txt['verify_pass']),
  385. 'enabled' => empty($cur_profile['openid_uri']),
  386. 'size' => 20,
  387. 'value' => '',
  388. 'permission' => 'profile_password',
  389. 'is_dummy' => true,
  390. ),
  391. 'personal_text' => array(
  392. 'type' => 'text',
  393. 'label' => $txt['personal_text'],
  394. 'log_change' => true,
  395. 'input_attr' => array('maxlength="50"'),
  396. 'size' => 50,
  397. 'permission' => 'profile_blurb',
  398. 'input_validate' => create_function('&$value', '
  399. global $smcFunc;
  400. if ($smcFunc[\'strlen\']($value) > 50)
  401. return \'personal_text_too_long\';
  402. return true;
  403. '),
  404. ),
  405. // This does ALL the pm settings
  406. 'pm_prefs' => array(
  407. 'type' => 'callback',
  408. 'callback_func' => 'pm_settings',
  409. 'permission' => 'pm_read',
  410. 'preload' => create_function('', '
  411. global $context, $cur_profile;
  412. $context[\'display_mode\'] = $cur_profile[\'pm_prefs\'] & 3;
  413. $context[\'send_email\'] = $cur_profile[\'pm_email_notify\'];
  414. $context[\'receive_from\'] = !empty($cur_profile[\'pm_receive_from\']) ? $cur_profile[\'pm_receive_from\'] : 0;
  415. return true;
  416. '),
  417. 'input_validate' => create_function('&$value', '
  418. global $cur_profile, $profile_vars;
  419. // Simple validate and apply the two "sub settings"
  420. $value = max(min($value, 2), 0);
  421. $cur_profile[\'pm_email_notify\'] = $profile_vars[\'pm_email_notify\'] = max(min((int) $_POST[\'pm_email_notify\'], 2), 0);
  422. $cur_profile[\'pm_receive_from\'] = $profile_vars[\'pm_receive_from\'] = max(min((int) $_POST[\'pm_receive_from\'], 4), 0);
  423. return true;
  424. '),
  425. ),
  426. 'posts' => array(
  427. 'type' => 'int',
  428. 'label' => $txt['profile_posts'],
  429. 'log_change' => true,
  430. 'size' => 7,
  431. 'permission' => 'moderate_forum',
  432. 'input_validate' => create_function('&$value', '
  433. if (!is_numeric($value))
  434. return \'digits_only\';
  435. else
  436. $value = $value != \'\' ? strtr($value, array(\',\' => \'\', \'.\' => \'\', \' \' => \'\')) : 0;
  437. return true;
  438. '),
  439. ),
  440. 'real_name' => array(
  441. 'type' => allowedTo('profile_displayed_name_own') || allowedTo('profile_displayed_name_any') || allowedTo('moderate_forum') ? 'text' : 'label',
  442. 'label' => $txt['name'],
  443. 'subtext' => $txt['display_name_desc'],
  444. 'log_change' => true,
  445. 'input_attr' => array('maxlength="60"'),
  446. 'permission' => 'profile_displayed_name',
  447. 'enabled' => allowedTo('profile_displayed_name_own') || allowedTo('profile_displayed_name_any') || allowedTo('moderate_forum'),
  448. 'input_validate' => create_function('&$value', '
  449. global $context, $smcFunc, $sourcedir, $cur_profile;
  450. $value = trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value));
  451. if (trim($value) == \'\')
  452. return \'no_name\';
  453. elseif ($smcFunc[\'strlen\']($value) > 60)
  454. return \'name_too_long\';
  455. elseif ($cur_profile[\'real_name\'] != $value)
  456. {
  457. require_once($sourcedir . \'/Subs-Members.php\');
  458. if (isReservedName($value, $context[\'id_member\']))
  459. return \'name_taken\';
  460. }
  461. return true;
  462. '),
  463. ),
  464. 'secret_question' => array(
  465. 'type' => 'text',
  466. 'label' => $txt['secret_question'],
  467. 'subtext' => $txt['secret_desc'],
  468. 'size' => 50,
  469. 'permission' => 'profile_password',
  470. ),
  471. 'secret_answer' => array(
  472. 'type' => 'text',
  473. 'label' => $txt['secret_answer'],
  474. 'subtext' => $txt['secret_desc2'],
  475. 'size' => 20,
  476. 'postinput' => '<span class="smalltext" style="margin-left: 4ex;">[<a href="' . $scripturl . '?action=helpadmin;help=secret_why_blank" onclick="return reqOverlayDiv(this.href);">' . $txt['secret_why_blank'] . '</a>]</span>',
  477. 'value' => '',
  478. 'permission' => 'profile_password',
  479. 'input_validate' => create_function('&$value', '
  480. $value = $value != \'\' ? md5($value) : \'\';
  481. return true;
  482. '),
  483. ),
  484. 'signature' => array(
  485. 'type' => 'callback',
  486. 'callback_func' => 'signature_modify',
  487. 'permission' => 'profile_signature',
  488. 'enabled' => substr($modSettings['signature_settings'], 0, 1) == 1,
  489. 'preload' => 'profileLoadSignatureData',
  490. 'input_validate' => 'profileValidateSignature',
  491. ),
  492. 'show_online' => array(
  493. 'type' => 'check',
  494. 'label' => $txt['show_online'],
  495. 'permission' => 'profile_identity',
  496. 'enabled' => !empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum'),
  497. ),
  498. 'smiley_set' => array(
  499. 'type' => 'callback',
  500. 'callback_func' => 'smiley_pick',
  501. 'enabled' => !empty($modSettings['smiley_sets_enable']),
  502. 'permission' => 'profile_extra',
  503. 'preload' => create_function('', '
  504. global $modSettings, $context, $txt, $cur_profile, $smcFunc;
  505. $context[\'member\'][\'smiley_set\'][\'id\'] = empty($cur_profile[\'smiley_set\']) ? \'\' : $cur_profile[\'smiley_set\'];
  506. $context[\'smiley_sets\'] = explode(\',\', \'none,,\' . $modSettings[\'smiley_sets_known\']);
  507. $set_names = explode("\n", $txt[\'smileys_none\'] . "\n" . $txt[\'smileys_forum_board_default\'] . "\n" . $modSettings[\'smiley_sets_names\']);
  508. foreach ($context[\'smiley_sets\'] as $i => $set)
  509. {
  510. $context[\'smiley_sets\'][$i] = array(
  511. \'id\' => $smcFunc[\'htmlspecialchars\']($set),
  512. \'name\' => $smcFunc[\'htmlspecialchars\']($set_names[$i]),
  513. \'selected\' => $set == $context[\'member\'][\'smiley_set\'][\'id\']
  514. );
  515. if ($context[\'smiley_sets\'][$i][\'selected\'])
  516. $context[\'member\'][\'smiley_set\'][\'name\'] = $set_names[$i];
  517. }
  518. return true;
  519. '),
  520. 'input_validate' => create_function('&$value', '
  521. global $modSettings;
  522. $smiley_sets = explode(\',\', $modSettings[\'smiley_sets_known\']);
  523. if (!in_array($value, $smiley_sets) && $value != \'none\')
  524. $value = \'\';
  525. return true;
  526. '),
  527. ),
  528. // Pretty much a dummy entry - it populates all the theme settings.
  529. 'theme_settings' => array(
  530. 'type' => 'callback',
  531. 'callback_func' => 'theme_settings',
  532. 'permission' => 'profile_extra',
  533. 'is_dummy' => true,
  534. 'preload' => create_function('', '
  535. global $context, $user_info, $modSettings;
  536. loadLanguage(\'Settings\');
  537. $context[\'allow_no_censored\'] = false;
  538. if ($user_info[\'is_admin\'] || $context[\'user\'][\'is_owner\'])
  539. $context[\'allow_no_censored\'] = !empty($modSettings[\'allow_no_censored\']);
  540. return true;
  541. '),
  542. ),
  543. 'time_format' => array(
  544. 'type' => 'callback',
  545. 'callback_func' => 'timeformat_modify',
  546. 'permission' => 'profile_extra',
  547. 'preload' => create_function('', '
  548. global $context, $user_info, $txt, $cur_profile, $modSettings;
  549. $context[\'easy_timeformats\'] = array(
  550. array(\'format\' => \'\', \'title\' => $txt[\'timeformat_default\']),
  551. array(\'format\' => \'%B %d, %Y, %I:%M:%S %p\', \'title\' => $txt[\'timeformat_easy1\']),
  552. array(\'format\' => \'%B %d, %Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy2\']),
  553. array(\'format\' => \'%Y-%m-%d, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy3\']),
  554. array(\'format\' => \'%d %B %Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy4\']),
  555. array(\'format\' => \'%d-%m-%Y, %H:%M:%S\', \'title\' => $txt[\'timeformat_easy5\'])
  556. );
  557. $context[\'member\'][\'time_format\'] = $cur_profile[\'time_format\'];
  558. $context[\'current_forum_time\'] = timeformat(time() - $user_info[\'time_offset\'] * 3600, false);
  559. $context[\'current_forum_time_js\'] = strftime(\'%Y,\' . ((int) strftime(\'%m\', time() + $modSettings[\'time_offset\'] * 3600) - 1) . \',%d,%H,%M,%S\', time() + $modSettings[\'time_offset\'] * 3600);
  560. $context[\'current_forum_time_hour\'] = (int) strftime(\'%H\', forum_time(false));
  561. return true;
  562. '),
  563. ),
  564. 'time_offset' => array(
  565. 'type' => 'callback',
  566. 'callback_func' => 'timeoffset_modify',
  567. 'permission' => 'profile_extra',
  568. 'preload' => create_function('', '
  569. global $context, $cur_profile;
  570. $context[\'member\'][\'time_offset\'] = $cur_profile[\'time_offset\'];
  571. return true;
  572. '),
  573. 'input_validate' => create_function('&$value', '
  574. // Validate the time_offset...
  575. $value = (float) strtr($value, \',\', \'.\');
  576. if ($value < -23.5 || $value > 23.5)
  577. return \'bad_offset\';
  578. return true;
  579. '),
  580. ),
  581. 'usertitle' => array(
  582. 'type' => 'text',
  583. 'label' => $txt['custom_title'],
  584. 'log_change' => true,
  585. 'input_attr' => array('maxlength="50"'),
  586. 'size' => 50,
  587. 'permission' => 'profile_other',
  588. 'enabled' => !empty($modSettings['titlesEnable']),
  589. 'input_validate' => create_function('&$value', '
  590. global $smcFunc;
  591. if ($smcFunc[\'strlen\']($value) > 50)
  592. return \'user_title_too_long\';
  593. return true;
  594. '),
  595. ),
  596. 'website_title' => array(
  597. 'type' => 'text',
  598. 'label' => $txt['website_title'],
  599. 'subtext' => $txt['include_website_url'],
  600. 'size' => 50,
  601. 'permission' => 'profile_other',
  602. 'link_with' => 'website',
  603. ),
  604. 'website_url' => array(
  605. 'type' => 'url',
  606. 'label' => $txt['website_url'],
  607. 'subtext' => $txt['complete_url'],
  608. 'size' => 50,
  609. 'permission' => 'profile_other',
  610. // Fix the URL...
  611. 'input_validate' => create_function('&$value', '
  612. if (strlen(trim($value)) > 0 && strpos($value, \'://\') === false)
  613. $value = \'http://\' . $value;
  614. if (strlen($value) < 8 || (substr($value, 0, 7) !== \'http://\' && substr($value, 0, 8) !== \'https://\'))
  615. $value = \'\';
  616. return true;
  617. '),
  618. 'link_with' => 'website',
  619. ),
  620. 'yim' => array(
  621. 'type' => 'text',
  622. 'label' => $txt['yim'],
  623. 'subtext' => $txt['your_yim'],
  624. 'size' => 24,
  625. 'input_attr' => array('maxlength="32"'),
  626. 'permission' => 'profile_extra',
  627. ),
  628. );
  629. call_integration_hook('integrate_load_profile_fields', array(&$profile_fields));
  630. $disabled_fields = !empty($modSettings['disabled_profile_fields']) ? explode(',', $modSettings['disabled_profile_fields']) : array();
  631. // For each of the above let's take out the bits which don't apply - to save memory and security!
  632. foreach ($profile_fields as $key => $field)
  633. {
  634. // Do we have permission to do this?
  635. if (isset($field['permission']) && !allowedTo(($context['user']['is_owner'] ? array($field['permission'] . '_own', $field['permission'] . '_any') : $field['permission'] . '_any')) && !allowedTo($field['permission']))
  636. unset($profile_fields[$key]);
  637. // Is it enabled?
  638. if (isset($field['enabled']) && !$field['enabled'])
  639. unset($profile_fields[$key]);
  640. // Is it specifically disabled?
  641. if (in_array($key, $disabled_fields) || (isset($field['link_with']) && in_array($field['link_with'], $disabled_fields)))
  642. unset($profile_fields[$key]);
  643. }
  644. }
  645. /**
  646. * Setup the context for a page load!
  647. *
  648. * @param array $fields
  649. */
  650. function setupProfileContext($fields)
  651. {
  652. global $profile_fields, $context, $cur_profile, $smcFunc, $txt;
  653. // Make sure we have this!
  654. loadProfileFields(true);
  655. // First check for any linked sets.
  656. foreach ($profile_fields as $key => $field)
  657. if (isset($field['link_with']) && in_array($field['link_with'], $fields))
  658. $fields[] = $key;
  659. // Some default bits.
  660. $context['profile_prehtml'] = '';
  661. $context['profile_posthtml'] = '';
  662. $context['profile_javascript'] = '';
  663. $context['profile_onsubmit_javascript'] = '';
  664. $i = 0;
  665. $last_type = '';
  666. foreach ($fields as $key => $field)
  667. {
  668. if (isset($profile_fields[$field]))
  669. {
  670. // Shortcut.
  671. $cur_field = &$profile_fields[$field];
  672. // Does it have a preload and does that preload succeed?
  673. if (isset($cur_field['preload']) && !$cur_field['preload']())
  674. continue;
  675. // If this is anything but complex we need to do more cleaning!
  676. if ($cur_field['type'] != 'callback' && $cur_field['type'] != 'hidden')
  677. {
  678. if (!isset($cur_field['label']))
  679. $cur_field['label'] = isset($txt[$field]) ? $txt[$field] : $field;
  680. // Everything has a value!
  681. if (!isset($cur_field['value']))
  682. {
  683. $cur_field['value'] = isset($cur_profile[$field]) ? $cur_profile[$field] : '';
  684. }
  685. // Any input attributes?
  686. $cur_field['input_attr'] = !empty($cur_field['input_attr']) ? implode(',', $cur_field['input_attr']) : '';
  687. }
  688. // Was there an error with this field on posting?
  689. if (isset($context['profile_errors'][$field]))
  690. $cur_field['is_error'] = true;
  691. // Any javascript stuff?
  692. if (!empty($cur_field['js_submit']))
  693. $context['profile_onsubmit_javascript'] .= $cur_field['js_submit'];
  694. if (!empty($cur_field['js']))
  695. $context['profile_javascript'] .= $cur_field['js'];
  696. // Any template stuff?
  697. if (!empty($cur_field['prehtml']))
  698. $context['profile_prehtml'] .= $cur_field['prehtml'];
  699. if (!empty($cur_field['posthtml']))
  700. $context['profile_posthtml'] .= $cur_field['posthtml'];
  701. // Finally put it into context?
  702. if ($cur_field['type'] != 'hidden')
  703. {
  704. $last_type = $cur_field['type'];
  705. $context['profile_fields'][$field] = &$profile_fields[$field];
  706. }
  707. }
  708. // Bodge in a line break - without doing two in a row ;)
  709. elseif ($field == 'hr' && $last_type != 'hr' && $last_type != '')
  710. {
  711. $last_type = 'hr';
  712. $context['profile_fields'][$i++]['type'] = 'hr';
  713. }
  714. }
  715. // Some spicy JS.
  716. addInlineJavascript('
  717. var form_handle = document.forms.creator;
  718. createEventListener(form_handle);
  719. '. (!empty($context['require_password']) ? '
  720. form_handle.addEventListener(\'submit\', function(event)
  721. {
  722. if (this.oldpasswrd.value == "")
  723. {
  724. event.preventDefault();
  725. alert('. (JavaScriptEscape($txt['required_security_reasons'])) .');
  726. return false;
  727. }
  728. }, false);' : ''), true);
  729. // Any onsubmit javascript?
  730. if (!empty($context['profile_onsubmit_javascript']))
  731. addInlineJavascript($context['profile_onsubmit_javascript'], true);
  732. // Any totally custom stuff?
  733. if (!empty($context['profile_javascript']))
  734. addInlineJavascript($context['profile_javascript'], true);
  735. // Free up some memory.
  736. unset($profile_fields);
  737. }
  738. /**
  739. * Save the profile changes.
  740. */
  741. function saveProfileFields()
  742. {
  743. global $profile_fields, $profile_vars, $context, $old_profile, $post_errors, $sourcedir, $cur_profile, $smcFunc;
  744. // Load them up.
  745. loadProfileFields();
  746. // This makes things easier...
  747. $old_profile = $cur_profile;
  748. // This allows variables to call activities when they save - by default just to reload their settings
  749. $context['profile_execute_on_save'] = array();
  750. if ($context['user']['is_owner'])
  751. $context['profile_execute_on_save']['reload_user'] = 'profileReloadUser';
  752. // Assume we log nothing.
  753. $context['log_changes'] = array();
  754. // Cycle through the profile fields working out what to do!
  755. foreach ($profile_fields as $key => $field)
  756. {
  757. if (!isset($_POST[$key]) || !empty($field['is_dummy']) || (isset($_POST['preview_signature']) && $key == 'signature'))
  758. continue;
  759. // What gets updated?
  760. $db_key = isset($field['save_key']) ? $field['save_key'] : $key;
  761. // Right - we have something that is enabled, we can act upon and has a value posted to it. Does it have a validation function?
  762. if (isset($field['input_validate']))
  763. {
  764. $is_valid = $field['input_validate']($_POST[$key]);
  765. // An error occured - set it as such!
  766. if ($is_valid !== true)
  767. {
  768. // Is this an actual error?
  769. if ($is_valid !== false)
  770. {
  771. $post_errors[$key] = $is_valid;
  772. $profile_fields[$key]['is_error'] = $is_valid;
  773. }
  774. // Retain the old value.
  775. $cur_profile[$key] = $_POST[$key];
  776. continue;
  777. }
  778. }
  779. // Are we doing a cast?
  780. $field['cast_type'] = empty($field['cast_type']) ? $field['type'] : $field['cast_type'];
  781. // Finally, clean up certain types.
  782. if ($field['cast_type'] == 'int')
  783. $_POST[$key] = (int) $_POST[$key];
  784. elseif ($field['cast_type'] == 'float')
  785. $_POST[$key] = (float) $_POST[$key];
  786. elseif ($field['cast_type'] == 'check')
  787. $_POST[$key] = !empty($_POST[$key]) ? 1 : 0;
  788. // If we got here we're doing OK.
  789. if ($field['type'] != 'hidden' && (!isset($old_profile[$key]) || $_POST[$key] != $old_profile[$key]))
  790. {
  791. // Set the save variable.
  792. $profile_vars[$db_key] = $_POST[$key];
  793. // And update the user profile.
  794. $cur_profile[$key] = $_POST[$key];
  795. // Are we logging it?
  796. if (!empty($field['log_change']) && isset($old_profile[$key]))
  797. $context['log_changes'][$key] = array(
  798. 'previous' => $old_profile[$key],
  799. 'new' => $_POST[$key],
  800. );
  801. }
  802. // Logging group changes are a bit different...
  803. if ($key == 'id_group' && $field['log_change'])
  804. {
  805. profileLoadGroups();
  806. // Any changes to primary group?
  807. if ($_POST['id_group'] != $old_profile['id_group'])
  808. {
  809. $context['log_changes']['id_group'] = array(
  810. 'previous' => !empty($old_profile[$key]) && isset($context['member_groups'][$old_profile[$key]]) ? $context['member_groups'][$old_profile[$key]]['name'] : '',
  811. 'new' => !empty($_POST[$key]) && isset($context['member_groups'][$_POST[$key]]) ? $context['member_groups'][$_POST[$key]]['name'] : '',
  812. );
  813. }
  814. // Prepare additional groups for comparison.
  815. $additional_groups = array(
  816. 'previous' => !empty($old_profile['additional_groups']) ? explode(',', $old_profile['additional_groups']) : array(),
  817. 'new' => !empty($_POST['additional_groups']) ? array_diff($_POST['additional_groups'], array(0)) : array(),
  818. );
  819. sort($additional_groups['previous']);
  820. sort($additional_groups['new']);
  821. // What about additional groups?
  822. if ($additional_groups['previous'] != $additional_groups['new'])
  823. {
  824. foreach ($additional_groups as $type => $groups)
  825. {
  826. foreach ($groups as $id => $group)
  827. {
  828. if (isset($context['member_groups'][$group]))
  829. $additional_groups[$type][$id] = $context['member_groups'][$group]['name'];
  830. else
  831. unset($additional_groups[$type][$id]);
  832. }
  833. $additional_groups[$type] = implode(', ', $additional_groups[$type]);
  834. }
  835. $context['log_changes']['additional_groups'] = $additional_groups;
  836. }
  837. }
  838. }
  839. // @todo Temporary
  840. if ($context['user']['is_owner'])
  841. $changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
  842. else
  843. $changeOther = allowedTo('profile_extra_any');
  844. if ($changeOther && empty($post_errors))
  845. {
  846. makeThemeChanges($context['id_member'], isset($_POST['id_theme']) ? (int) $_POST['id_theme'] : $old_profile['id_theme']);
  847. if (!empty($_REQUEST['sa']))
  848. makeCustomFieldChanges($context['id_member'], $_REQUEST['sa'], false);
  849. }
  850. // Free memory!
  851. unset($profile_fields);
  852. }
  853. /**
  854. * Save the profile changes
  855. *
  856. * @param array &$profile_variables
  857. * @param array &$post_errors
  858. * @param int $memID id_member
  859. */
  860. function saveProfileChanges(&$profile_vars, &$post_errors, $memID)
  861. {
  862. global $txt, $user_profile;
  863. global $context, $sourcedir;
  864. global $smcFunc;
  865. // These make life easier....
  866. $old_profile = &$user_profile[$memID];
  867. // Permissions...
  868. if ($context['user']['is_owner'])
  869. {
  870. $changeIdentity = allowedTo(array('profile_identity_any', 'profile_identity_own', 'profile_password_any', 'profile_password_own'));
  871. $changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own', 'profile_other_any', 'profile_other_own', 'profile_signature_any', 'profile_signature_own'));
  872. }
  873. else
  874. {
  875. $changeIdentity = allowedTo('profile_identity_any', 'profile_signature_any');
  876. $changeOther = allowedTo('profile_extra_any', 'profile_other_any', 'profile_signature_any');
  877. }
  878. // Arrays of all the changes - makes things easier.
  879. $profile_bools = array(
  880. 'notify_announcements', 'notify_send_body',
  881. );
  882. $profile_ints = array(
  883. 'notify_regularity',
  884. 'notify_types',
  885. );
  886. $profile_floats = array(
  887. );
  888. $profile_strings = array(
  889. 'buddy_list',
  890. 'ignore_boards',
  891. );
  892. if (isset($_POST['sa']) && $_POST['sa'] == 'ignoreboards' && empty($_POST['ignore_brd']))
  893. $_POST['ignore_brd'] = array();
  894. unset($_POST['ignore_boards']); // Whatever it is set to is a dirty fithy thing. Kinda like our minds.
  895. if (isset($_POST['ignore_brd']))
  896. {
  897. if (!is_array($_POST['ignore_brd']))
  898. $_POST['ignore_brd'] = array ($_POST['ignore_brd']);
  899. foreach ($_POST['ignore_brd'] as $k => $d)
  900. {
  901. $d = (int) $d;
  902. if ($d != 0)
  903. $_POST['ignore_brd'][$k] = $d;
  904. else
  905. unset($_POST['ignore_brd'][$k]);
  906. }
  907. $_POST['ignore_boards'] = implode(',', $_POST['ignore_brd']);
  908. unset($_POST['ignore_brd']);
  909. }
  910. // Here's where we sort out all the 'other' values...
  911. if ($changeOther)
  912. {
  913. makeThemeChanges($memID, isset($_POST['id_theme']) ? (int) $_POST['id_theme'] : $old_profile['id_theme']);
  914. //makeAvatarChanges($memID, $post_errors);
  915. if (!empty($_REQUEST['sa']))
  916. makeCustomFieldChanges($memID, $_REQUEST['sa'], false);
  917. foreach ($profile_bools as $var)
  918. if (isset($_POST[$var]))
  919. $profile_vars[$var] = empty($_POST[$var]) ? '0' : '1';
  920. foreach ($profile_ints as $var)
  921. if (isset($_POST[$var]))
  922. $profile_vars[$var] = $_POST[$var] != '' ? (int) $_POST[$var] : '';
  923. foreach ($profile_floats as $var)
  924. if (isset($_POST[$var]))
  925. $profile_vars[$var] = (float) $_POST[$var];
  926. foreach ($profile_strings as $var)
  927. if (isset($_POST[$var]))
  928. $profile_vars[$var] = $_POST[$var];
  929. }
  930. }
  931. /**
  932. * Make any theme changes that are sent with the profile.
  933. *
  934. * @param int $memID
  935. * @param int $id_theme
  936. */
  937. function makeThemeChanges($memID, $id_theme)
  938. {
  939. global $modSettings, $smcFunc, $context, $user_info;
  940. $reservedVars = array(
  941. 'actual_theme_url',
  942. 'actual_images_url',
  943. 'base_theme_dir',
  944. 'base_theme_url',
  945. 'default_images_url',
  946. 'default_theme_dir',
  947. 'default_theme_url',
  948. 'default_template',
  949. 'images_url',
  950. 'number_recent_posts',
  951. 'smiley_sets_default',
  952. 'theme_dir',
  953. 'theme_id',
  954. 'theme_layers',
  955. 'theme_templates',
  956. 'theme_url',
  957. );
  958. // Can't change reserved vars.
  959. if ((isset($_POST['options']) && count(array_intersect(array_keys($_POST['options']), $reservedVars)) != 0) || (isset($_POST['default_options']) && count(array_intersect(array_keys($_POST['default_options']), $reservedVars)) != 0))
  960. fatal_lang_error('no_access', false);
  961. // Don't allow any overriding of custom fields with default or non-default options.
  962. $request = $smcFunc['db_query']('', '
  963. SELECT col_name
  964. FROM {db_prefix}custom_fields
  965. WHERE active = {int:is_active}',
  966. array(
  967. 'is_active' => 1,
  968. )
  969. );
  970. $custom_fields = array();
  971. while ($row = $smcFunc['db_fetch_assoc']($request))
  972. $custom_fields[] = $row['col_name'];
  973. $smcFunc['db_free_result']($request);
  974. // These are the theme changes...
  975. $themeSetArray = array();
  976. if (isset($_POST['options']) && is_array($_POST['options']))
  977. {
  978. foreach ($_POST['options'] as $opt => $val)
  979. {
  980. if (in_array($opt, $custom_fields))
  981. continue;
  982. // These need to be controlled.
  983. if ($opt == 'topics_per_page' || $opt == 'messages_per_page')
  984. $val = max(0, min($val, 50));
  985. // We don't set this per theme anymore.
  986. elseif ($opt == 'allow_no_censored')
  987. continue;
  988. $themeSetArray[] = array($memID, $id_theme, $opt, is_array($val) ? implode(',', $val) : $val);
  989. }
  990. }
  991. $erase_options = array();
  992. if (isset($_POST['default_options']) && is_array($_POST['default_options']))
  993. foreach ($_POST['default_options'] as $opt => $val)
  994. {
  995. if (in_array($opt, $custom_fields))
  996. continue;
  997. // These need to be controlled.
  998. if ($opt == 'topics_per_page' || $opt == 'messages_per_page')
  999. $val = max(0, min($val, 50));
  1000. // Only let admins and owners change the censor.
  1001. elseif ($opt == 'allow_no_censored' && !$user_info['is_admin'] && !$context['user']['is_owner'])
  1002. continue;
  1003. $themeSetArray[] = array($memID, 1, $opt, is_array($val) ? implode(',', $val) : $val);
  1004. $erase_options[] = $opt;
  1005. }
  1006. // If themeSetArray isn't still empty, send it to the database.
  1007. if (empty($context['password_auth_failed']))
  1008. {
  1009. if (!empty($themeSetArray))
  1010. {
  1011. $smcFunc['db_insert']('replace',
  1012. '{db_prefix}themes',
  1013. array('id_member' => 'int', 'id_theme' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'),
  1014. $themeSetArray,
  1015. array('id_member', 'id_theme', 'variable')
  1016. );
  1017. }
  1018. if (!empty($erase_options))
  1019. {
  1020. $smcFunc['db_query']('', '
  1021. DELETE FROM {db_prefix}themes
  1022. WHERE id_theme != {int:id_theme}
  1023. AND variable IN ({array_string:erase_variables})
  1024. AND id_member = {int:id_member}',
  1025. array(
  1026. 'id_theme' => 1,
  1027. 'id_member' => $memID,
  1028. 'erase_variables' => $erase_options
  1029. )
  1030. );
  1031. }
  1032. // Admins can choose any theme, even if it's not enabled...
  1033. $themes = allowedTo('admin_forum') ? explode(',', $modSettings['knownThemes']) : explode(',', $modSettings['enableThemes']);
  1034. foreach ($themes as $t)
  1035. cache_put_data('theme_settings-' . $t . ':' . $memID, null, 60);
  1036. }
  1037. }
  1038. /**
  1039. * Make any notification changes that need to be made.
  1040. *
  1041. * @param int $memID id_member
  1042. */
  1043. function makeNotificationChanges($memID)
  1044. {
  1045. global $smcFunc;
  1046. // Update the boards they are being notified on.
  1047. if (isset($_POST['edit_notify_boards']) && !empty($_POST['notify_boards']))
  1048. {
  1049. // Make sure only integers are deleted.
  1050. foreach ($_POST['notify_boards'] as $index => $id)
  1051. $_POST['notify_boards'][$index] = (int) $id;
  1052. // id_board = 0 is reserved for topic notifications.
  1053. $_POST['notify_boards'] = array_diff($_POST['notify_boards'], array(0));
  1054. $smcFunc['db_query']('', '
  1055. DELETE FROM {db_prefix}log_notify
  1056. WHERE id_board IN ({array_int:board_list})
  1057. AND id_member = {int:selected_member}',
  1058. array(
  1059. 'board_list' => $_POST['notify_boards'],
  1060. 'selected_member' => $memID,
  1061. )
  1062. );
  1063. }
  1064. // We are editing topic notifications......
  1065. elseif (isset($_POST['edit_notify_topics']) && !empty($_POST['notify_topics']))
  1066. {
  1067. foreach ($_POST['notify_topics'] as $index => $id)
  1068. $_POST['notify_topics'][$index] = (int) $id;
  1069. // Make sure there are no zeros left.
  1070. $_POST['notify_topics'] = array_diff($_POST['notify_topics'], array(0));
  1071. $smcFunc['db_query']('', '
  1072. DELETE FROM {db_prefix}log_notify
  1073. WHERE id_topic IN ({array_int:topic_list})
  1074. AND id_member = {int:selected_member}',
  1075. array(
  1076. 'topic_list' => $_POST['notify_topics'],
  1077. 'selected_member' => $memID,
  1078. )
  1079. );
  1080. }
  1081. }
  1082. /**
  1083. * Save any changes to the custom profile fields
  1084. *
  1085. * @param int $memID
  1086. * @param string $area
  1087. * @param bool $sanitize = true
  1088. */
  1089. function makeCustomFieldChanges($memID, $area, $sanitize = true)
  1090. {
  1091. global $context, $smcFunc, $user_profile, $user_info, $modSettings, $sourcedir;
  1092. if ($sanitize && isset($_POST['customfield']))
  1093. $_POST['customfield'] = htmlspecialchars__recursive($_POST['customfield']);
  1094. $where = $area == 'register' ? 'show_reg != 0' : 'show_profile = {string:area}';
  1095. // Load the fields we are saving too - make sure we save valid data (etc).
  1096. $request = $smcFunc['db_query']('', '
  1097. SELECT col_name, field_name, field_desc, field_type, field_length, field_options, default_value, show_reg, mask, private
  1098. FROM {db_prefix}custom_fields
  1099. WHERE ' . $where . '
  1100. AND active = {int:is_active}',
  1101. array(
  1102. 'is_active' => 1,
  1103. 'area' => $area,
  1104. )
  1105. );
  1106. $changes = array();
  1107. $log_changes = array();
  1108. while ($row = $smcFunc['db_fetch_assoc']($request))
  1109. {
  1110. /* This means don't save if:
  1111. - The user is NOT an admin.
  1112. - The data is not freely viewable and editable by users.
  1113. - The data is not invisible to users but editable by the owner (or if it is the user is not the owner)
  1114. - The area isn't registration, and if it is that the field is not suppossed to be shown there.
  1115. */
  1116. if ($row['private'] != 0 && !allowedTo('admin_forum') && ($memID != $user_info['id'] || $row['private'] != 2) && ($area != 'register' || $row['show_reg'] == 0))
  1117. continue;
  1118. // Validate the user data.
  1119. if ($row['field_type'] == 'check')
  1120. $value = isset($_POST['customfield'][$row['col_name']]) ? 1 : 0;
  1121. elseif ($row['field_type'] == 'select' || $row['field_type'] == 'radio')
  1122. {
  1123. $value = $row['default_value'];
  1124. foreach (explode(',', $row['field_options']) as $k => $v)
  1125. if (isset($_POST['customfield'][$row['col_name']]) && $_POST['customfield'][$row['col_name']] == $k)
  1126. $value = $v;
  1127. }
  1128. // Otherwise some form of text!
  1129. else
  1130. {
  1131. $value = isset($_POST['customfield'][$row['col_name']]) ? $_POST['customfield'][$row['col_name']] : '';
  1132. if ($row['field_length'])
  1133. $value = $smcFunc['substr']($value, 0, $row['field_length']);
  1134. // Any masks?
  1135. if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none')
  1136. {
  1137. // @todo We never error on this - just ignore it at the moment...
  1138. if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $value) === 0 || strlen($value) > 255))
  1139. $value = '';
  1140. elseif ($row['mask'] == 'number')
  1141. {
  1142. $value = (int) $value;
  1143. }
  1144. elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0)
  1145. $value = '';
  1146. }
  1147. }
  1148. // Did it change?
  1149. if (!isset($user_profile[$memID]['options'][$row['col_name']]) || $user_profile[$memID]['options'][$row['col_name']] != $value)
  1150. {
  1151. $log_changes[] = array(
  1152. 'action' => 'customfield_' . $row['col_name'],
  1153. 'log_type' => 'user',
  1154. 'extra' => array(
  1155. 'previous' => !empty($user_profile[$memID]['options'][$row['col_name']]) ? $user_profile[$memID]['options'][$row['col_name']] : '',
  1156. 'new' => $value,
  1157. 'applicator' => $user_info['id'],
  1158. 'member_affected' => $memID,
  1159. ),
  1160. );
  1161. $changes[] = array(1, $row['col_name'], $value, $memID);
  1162. $user_profile[$memID]['options'][$row['col_name']] = $value;
  1163. }
  1164. }
  1165. $smcFunc['db_free_result']($request);
  1166. call_integration_hook('integrate_save_custom_profile_fields', array(&$changes, &$log_changes, $memID, $area, $sanitize));
  1167. // Make those changes!
  1168. if (!empty($changes) && empty($context['password_auth_failed']))
  1169. {
  1170. $smcFunc['db_insert']('replace',
  1171. '{db_prefix}themes',
  1172. array('id_theme' => 'int', 'variable' => 'string-255', 'value' => 'string-65534', 'id_member' => 'int'),
  1173. $changes,
  1174. array('id_theme', 'variable', 'id_member')
  1175. );
  1176. if (!empty($log_changes) && !empty($modSettings['modlog_enabled']))
  1177. {
  1178. require_once($sourcedir . '/Logging.php');
  1179. logActions($log_changes);
  1180. }
  1181. }
  1182. }
  1183. /**
  1184. * Show all the users buddies, as well as a add/delete interface.
  1185. *
  1186. * @param int $memID id_member
  1187. */
  1188. function editBuddyIgnoreLists($memID)
  1189. {
  1190. global $sourcedir, $context, $txt, $scripturl, $modSettings, $user_profile;
  1191. // Do a quick check to ensure people aren't getting here illegally!
  1192. if (!$context['user']['is_owner'] || empty($modSettings['enable_buddylist']))
  1193. fatal_lang_error('no_access', false);
  1194. // Can we email the user direct?
  1195. $context['can_moderate_forum'] = allowedTo('moderate_forum');
  1196. $context['can_send_email'] = allowedTo('send_email_to_members');
  1197. $subActions = array(
  1198. 'buddies' => array('editBuddies', $txt['editBuddies']),
  1199. 'ignore' => array('editIgnoreList', $txt['editIgnoreList']),
  1200. );
  1201. $context['list_area'] = isset($_GET['sa']) && isset($subActions[$_GET['sa']]) ? $_GET['sa'] : 'buddies';
  1202. // Create the tabs for the template.
  1203. $context[$context['profile_menu_name']]['tab_data'] = array(
  1204. 'title' => $txt['editBuddyIgnoreLists'],
  1205. 'description' => $txt['buddy_ignore_desc'],
  1206. 'icon' => 'profile_hd.png',
  1207. 'tabs' => array(
  1208. 'buddies' => array(),
  1209. 'ignore' => array(),
  1210. ),
  1211. );
  1212. loadJavascriptFile('suggest.js', array('default_theme' => true, 'defer' => false), 'smf_suggest');
  1213. // Pass on to the actual function.
  1214. $context['sub_template'] = $subActions[$context['list_area']][0];
  1215. $subActions[$context['list_area']][0]($memID);
  1216. }
  1217. /**
  1218. * Show all the users buddies, as well as a add/delete interface.
  1219. *
  1220. * @param int $memID id_member
  1221. */
  1222. function editBuddies($memID)
  1223. {
  1224. global $txt, $scripturl;
  1225. global $context, $user_profile, $memberContext, $smcFunc;
  1226. // For making changes!
  1227. $buddiesArray = explode(',', $user_profile[$memID]['buddy_list']);
  1228. foreach ($buddiesArray as $k => $dummy)
  1229. if ($dummy == '')
  1230. unset($buddiesArray[$k]);
  1231. // Removing a buddy?
  1232. if (isset($_GET['remove']))
  1233. {
  1234. checkSession('get');
  1235. call_integration_hook('integrate_remove_buddy', array($memID));
  1236. $_SESSION['prf-save'] = $txt['could_not_remove_person'];
  1237. // Heh, I'm lazy, do it the easy way...
  1238. foreach ($buddiesArray as $key => $buddy)
  1239. if ($buddy == (int) $_GET['remove'])
  1240. {
  1241. unset($buddiesArray[$key]);
  1242. $_SESSION['prf-save'] = true;
  1243. }
  1244. // Make the changes.
  1245. $user_profile[$memID]['buddy_list'] = implode(',', $buddiesArray);
  1246. updateMemberData($memID, array('buddy_list' => $user_profile[$memID]['buddy_list']));
  1247. // Redirect off the page because we don't like all this ugly query stuff to stick in the history.
  1248. redirectexit('action=profile;area=lists;sa=buddies;u=' . $memID);
  1249. }
  1250. elseif (isset($_POST['new_buddy']))
  1251. {
  1252. checkSession();
  1253. // Prepare the string for extraction...
  1254. $_POST['new_buddy'] = strtr($smcFunc['htmlspecialchars']($_POST['new_buddy'], ENT_QUOTES), array('&quot;' => '"'));
  1255. preg_match_all('~"([^"]+)"~', $_POST['new_buddy'], $matches);
  1256. $new_buddies = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST['new_buddy']))));
  1257. foreach ($new_buddies as $k => $dummy)
  1258. {
  1259. $new_buddies[$k] = strtr(trim($new_buddies[$k]), array('\'' => '&#039;'));
  1260. if (strlen($new_buddies[$k]) == 0 || in_array($new_buddies[$k], array($user_profile[$memID]['member_name'], $user_profile[$memID]['real_name'])))
  1261. unset($new_buddies[$k]);
  1262. }
  1263. call_integration_hook('integrate_add_buddies', array($memID, &$new_buddies));
  1264. $_SESSION['prf-save'] = $txt['could_not_add_person'];
  1265. if (!empty($new_buddies))
  1266. {
  1267. // Now find out the id_member of the buddy.
  1268. $request = $smcFunc['db_query']('', '
  1269. SELECT id_member
  1270. FROM {db_prefix}members
  1271. WHERE member_name IN ({array_string:new_buddies}) OR real_name IN ({array_string:new_buddies})
  1272. LIMIT {int:count_new_buddies}',
  1273. array(
  1274. 'new_buddies' => $new_buddies,
  1275. 'count_new_buddies' => count($new_buddies),
  1276. )
  1277. );
  1278. if ($smcFunc['db_num_rows']($request) != 0)
  1279. $_SESSION['prf-save'] = true;
  1280. // Add the new member to the buddies array.
  1281. while ($row = $smcFunc['db_fetch_assoc']($request))
  1282. $buddiesArray[] = (int) $row['id_member'];
  1283. $smcFunc['db_free_result']($request);
  1284. // Now update the current users buddy list.
  1285. $user_profile[$memID]['buddy_list'] = implode(',', $buddiesArray);
  1286. updateMemberData($memID, array('buddy_list' => $user_profile[$memID]['buddy_list']));
  1287. }
  1288. // Back to the buddy list!
  1289. redirectexit('action=profile;area=lists;sa=buddies;u=' . $memID);
  1290. }
  1291. // Get all the users "buddies"...
  1292. $buddies = array();
  1293. if (!empty($buddiesArray))
  1294. {
  1295. $result = $smcFunc['db_query']('', '
  1296. SELECT id_member
  1297. FROM {db_prefix}members
  1298. WHERE id_member IN ({array_int:buddy_list})
  1299. ORDER BY real_name
  1300. LIMIT {int:buddy_list_count}',
  1301. array(
  1302. 'buddy_list' => $buddiesArray,
  1303. 'buddy_list_count' => substr_count($user_profile[$memID]['buddy_list'], ',') + 1,
  1304. )
  1305. );
  1306. while ($row = $smcFunc['db_fetch_assoc']($result))
  1307. $buddies[] = $row['id_member'];
  1308. $smcFunc['db_free_result']($result);
  1309. }
  1310. $context['buddy_count'] = count($buddies);
  1311. // Load all the members up.
  1312. loadMemberData($buddies, false, 'profile');
  1313. // Setup the context for each buddy.
  1314. $context['buddies'] = array();
  1315. foreach ($buddies as $buddy)
  1316. {
  1317. loadMemberContext($buddy);
  1318. $context['buddies'][$buddy] = $memberContext[$buddy];
  1319. }
  1320. if (isset($_SESSION['prf-save']))
  1321. {
  1322. if ($_SESSION['prf-save'] === true)
  1323. $context['saved_successful'] = true;
  1324. else
  1325. $context['saved_failed'] = $_SESSION['prf-save'];
  1326. unset($_SESSION['prf-save']);
  1327. }
  1328. call_integration_hook('integrate_view_buddies', array($memID));
  1329. }
  1330. /**
  1331. * Allows the user to view their ignore list, as well as the option to manage members on it.
  1332. *
  1333. * @param int $memID id_member
  1334. */
  1335. function editIgnoreList($memID)
  1336. {
  1337. global $txt, $scripturl;
  1338. global $context, $user_profile, $memberContext, $smcFunc;
  1339. // For making changes!
  1340. $ignoreArray = explode(',', $user_profile[$memID]['pm_ignore_list']);
  1341. foreach ($ignoreArray as $k => $dummy)
  1342. if ($dummy == '')
  1343. unset($ignoreArray[$k]);
  1344. // Removing a member from the ignore list?
  1345. if (isset($_GET['remove']))
  1346. {
  1347. checkSession('get');
  1348. $_SESSION['prf-save'] = $txt['could_not_remove_person'];
  1349. // Heh, I'm lazy, do it the easy way...
  1350. foreach ($ignoreArray as $key => $id_remove)
  1351. if ($id_remove == (int) $_GET['remove'])
  1352. {
  1353. unset($ignoreArray[$key]);
  1354. $_SESSION['prf-save'] = true;
  1355. }
  1356. // Make the changes.
  1357. $user_profile[$memID]['pm_ignore_list'] = implode(',', $ignoreArray);
  1358. updateMemberData($memID, array('pm_ignore_list' => $user_profile[$memID]['pm_ignore_list']));
  1359. // Redirect off the page because we don't like all this ugly query stuff to stick in the history.
  1360. redirectexit('action=profile;area=lists;sa=ignore;u=' . $memID);
  1361. }
  1362. elseif (isset($_POST['new_ignore']))
  1363. {
  1364. checkSession();
  1365. // Prepare the string for extraction...
  1366. $_POST['new_ignore'] = strtr($smcFunc['htmlspecialchars']($_POST['new_ignore'], ENT_QUOTES), array('&quot;' => '"'));
  1367. preg_match_all('~"([^"]+)"~', $_POST['new_ignore'], $matches);
  1368. $new_entries = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST['new_ignore']))));
  1369. foreach ($new_entries as $k => $dummy)
  1370. {
  1371. $new_entries[$k] = strtr(trim($new_entries[$k]), array('\'' => '&#039;'));
  1372. if (strlen($new_entries[$k]) == 0 || in_array($new_entries[$k], array($user_profile[$memID]['member_name'], $user_profile[$memID]['real_name'])))
  1373. unset($new_entries[$k]);
  1374. }
  1375. $_SESSION['prf-save'] = $txt['could_not_add_person'];
  1376. if (!empty($new_entries))
  1377. {
  1378. // Now find out the id_member for the members in question.
  1379. $request = $smcFunc['db_query']('', '
  1380. SELECT id_member
  1381. FROM {db_prefix}members
  1382. WHERE member_name IN ({array_string:new_entries}) OR real_name IN ({array_string:new_entries})
  1383. LIMIT {int:count_new_entries}',
  1384. array(
  1385. 'new_entries' => $new_entries,
  1386. 'count_new_entries' => count($new_entries),
  1387. )
  1388. );
  1389. if ($smcFunc['db_num_rows']($request) != 0)
  1390. $_SESSION['prf-save'] = true;
  1391. // Add the new member to the buddies array.
  1392. while ($row = $smcFunc['db_fetch_assoc']($request))
  1393. $ignoreArray[] = (int) $row['id_member'];
  1394. $smcFunc['db_free_result']($request);
  1395. // Now update the current users buddy list.
  1396. $user_profile[$memID]['pm_ignore_list'] = implode(',', $ignoreArray);
  1397. updateMemberData($memID, array('pm_ignore_list' => $user_profile[$memID]['pm_ignore_list']));
  1398. }
  1399. // Back to the list of pityful people!
  1400. redirectexit('action=profile;area=lists;sa=ignore;u=' . $memID);
  1401. }
  1402. // Initialise the list of members we're ignoring.
  1403. $ignored = array();
  1404. if (!empty($ignoreArray))
  1405. {
  1406. $result = $smcFunc['db_query']('', '
  1407. SELECT id_member
  1408. FROM {db_prefix}members
  1409. WHERE id_member IN ({array_int:ignore_list})
  1410. ORDER BY real_name
  1411. LIMIT {int:ignore_list_count}',
  1412. array(
  1413. 'ignore_list' => $ignoreArray,
  1414. 'ignore_list_count' => substr_count($user_profile[$memID]['pm_ignore_list'], ',') + 1,
  1415. )
  1416. );
  1417. while ($row = $smcFunc['db_fetch_assoc']($result))
  1418. $ignored[] = $row['id_member'];
  1419. $smcFunc['db_free_result']($result);
  1420. }
  1421. $context['ignore_count'] = count($ignored);
  1422. // Load all the members up.
  1423. loadMemberData($ignored, false, 'profile');
  1424. // Setup the context for each buddy.
  1425. $context['ignore_list'] = array();
  1426. foreach ($ignored as $ignore_member)
  1427. {
  1428. loadMemberContext($ignore_member);
  1429. $context['ignore_list'][$ignore_member] = $memberContext[$ignore_member];
  1430. }
  1431. if (isset($_SESSION['prf-save']))
  1432. {
  1433. if ($_SESSION['prf-save'] === true)
  1434. $context['saved_successful'] = true;
  1435. else
  1436. $context['saved_failed'] = $_SESSION['prf-save'];
  1437. unset($_SESSION['prf-save']);
  1438. }
  1439. }
  1440. /**
  1441. * @todo Needs a description
  1442. *
  1443. * @param int $memID id_member
  1444. */
  1445. function account($memID)
  1446. {
  1447. global $context, $txt;
  1448. loadThemeOptions($memID);
  1449. if (allowedTo(array('profile_identity_own', 'profile_identity_any', 'profile_password_own', 'profile_password_any')))
  1450. loadCustomFields($memID, 'account');
  1451. $context['sub_template'] = 'edit_options';
  1452. $context['page_desc'] = $txt['account_info'];
  1453. setupProfileContext(
  1454. array(
  1455. 'member_name', 'real_name', 'date_registered', 'posts', 'lngfile', 'hr',
  1456. 'id_group', 'hr',
  1457. 'email_address', 'hide_email', 'show_online', 'hr',
  1458. 'passwrd1', 'passwrd2', 'hr',
  1459. 'secret_question', 'secret_answer',
  1460. )
  1461. );
  1462. }
  1463. /**
  1464. * @todo Needs a description
  1465. *
  1466. * @param int $memID id_member
  1467. */
  1468. function forumProfile($memID)
  1469. {
  1470. global $context, $txt;
  1471. loadThemeOptions($memID);
  1472. if (allowedTo(array('profile_forum_own', 'profile_forum_any')))
  1473. loadCustomFields($memID, 'forumprofile');
  1474. $context['sub_template'] = 'edit_options';
  1475. $context['page_desc'] = $txt['forumProfile_info'];
  1476. $context['show_preview_button'] = true;
  1477. setupProfileContext(
  1478. array(
  1479. 'avatar_choice', 'hr', 'personal_text', 'hr',
  1480. 'bday1', 'location', 'gender', 'hr',
  1481. 'icq', 'aim', 'yim', 'skype', 'hr',
  1482. 'usertitle', 'signature', 'hr',
  1483. 'karma_good', 'hr',
  1484. 'website_title', 'website_url',
  1485. )
  1486. );
  1487. }
  1488. /**
  1489. * Recursive function to retrieve server-stored avatar files
  1490. *
  1491. * @param string $directory
  1492. * @param int $level
  1493. * @return array
  1494. */
  1495. function getAvatars($directory, $level)
  1496. {
  1497. global $context, $txt, $modSettings, $smcFunc;
  1498. $result = array();
  1499. // Open the directory..
  1500. $dir = dir($modSettings['avatar_directory'] . (!empty($directory) ? '/' : '') . $directory);
  1501. $dirs = array();
  1502. $files = array();
  1503. if (!$dir)
  1504. return array();
  1505. while ($line = $dir->read())
  1506. {
  1507. if (in_array($line, array('.', '..', 'blank.png', 'index.php')))
  1508. continue;
  1509. if (is_dir($modSettings['avatar_directory'] . '/' . $directory . (!empty($directory) ? '/' : '') . $line))
  1510. $dirs[] = $line;
  1511. else
  1512. $files[] = $line;
  1513. }
  1514. $dir->close();
  1515. // Sort the results...
  1516. natcasesort($dirs);
  1517. natcasesort($files);
  1518. if ($level == 0)
  1519. {
  1520. $result[] = array(
  1521. 'filename' => 'blank.png',
  1522. 'checked' => in_array($context['member']['avatar']['server_pic'], array('', 'blank.png')),
  1523. 'name' => $txt['no_pic'],
  1524. 'is_dir' => false
  1525. );
  1526. }
  1527. foreach ($dirs as $line)
  1528. {
  1529. $tmp = getAvatars($directory . (!empty($directory) ? '/' : '') . $line, $level + 1);
  1530. if (!empty($tmp))
  1531. $result[] = array(
  1532. 'filename' => $smcFunc['htmlspecialchars']($line),
  1533. 'checked' => strpos($context['member']['avatar']['server_pic'], $line . '/') !== false,
  1534. 'name' => '[' . $smcFunc['htmlspecialchars'](str_replace('_', ' ', $line)) . ']',
  1535. 'is_dir' => true,
  1536. 'files' => $tmp
  1537. );
  1538. unset($tmp);
  1539. }
  1540. foreach ($files as $line)
  1541. {
  1542. $filename = substr($line, 0, (strlen($line) - strlen(strrchr($line, '.'))));
  1543. $extension = substr(strrchr($line, '.'), 1);
  1544. // Make sure it is an image.
  1545. if (strcasecmp($extension, 'gif') != 0 && strcasecmp($extension, 'jpg') != 0 && strcasecmp($extension, 'jpeg') != 0 && strcasecmp($extension, 'png') != 0 && strcasecmp($extension, 'bmp') != 0)
  1546. continue;
  1547. $result[] = array(
  1548. 'filename' => $smcFunc['htmlspecialchars']($line),
  1549. 'checked' => $line == $context['member']['avatar']['server_pic'],
  1550. 'name' => $smcFunc['htmlspecialchars'](str_replace('_', ' ', $filename)),
  1551. 'is_dir' => false
  1552. );
  1553. if ($level == 1)
  1554. $context['avatar_list'][] = $directory . '/' . $line;
  1555. }
  1556. return $result;
  1557. }
  1558. /**
  1559. * @todo needs a description
  1560. *
  1561. * @param int $memID id_member
  1562. */
  1563. function theme($memID)
  1564. {
  1565. global $txt, $context, $user_profile, $smcFunc;
  1566. loadThemeOptions($memID);
  1567. if (allowedTo(array('profile_extra_own', 'profile_extra_any')))
  1568. loadCustomFields($memID, 'theme');
  1569. $context['sub_template'] = 'edit_options';
  1570. $context['page_desc'] = $txt['theme_info'];
  1571. setupProfileContext(
  1572. array(
  1573. 'id_theme', 'smiley_set', 'hr',
  1574. 'time_format', 'time_offset', 'hr',
  1575. 'theme_settings',
  1576. )
  1577. );
  1578. }
  1579. /**
  1580. * Changing authentication method? Only appropriate for people using OpenID.
  1581. *
  1582. * @param int $memID id_member
  1583. * @param bool $saving = false
  1584. */
  1585. function authentication($memID, $saving = false)
  1586. {
  1587. global $context, $cur_profile, $sourcedir, $txt, $post_errors, $modSettings;
  1588. loadLanguage('Login');
  1589. // We are saving?
  1590. if ($saving)
  1591. {
  1592. // Moving to password passed authentication?
  1593. if ($_POST['authenticate'] == 'passwd')
  1594. {
  1595. // Didn't enter anything?
  1596. if ($_POST['passwrd1'] == '')
  1597. $post_errors[] = 'no_password';
  1598. // Do the two entries for the password even match?
  1599. elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2'])
  1600. $post_errors[] = 'bad_new_password';
  1601. // Is it valid?
  1602. else
  1603. {
  1604. require_once($sourcedir . '/Subs-Auth.php');
  1605. $passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address']));
  1606. // Were there errors?
  1607. if ($passwordErrors != null)
  1608. $post_errors[] = 'password_' . $passwordErrors;
  1609. }
  1610. if (empty($post_errors))
  1611. {
  1612. // Integration?
  1613. call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1']));
  1614. // Go then.
  1615. $passwd = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd1']));
  1616. // Do the important bits.
  1617. updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd));
  1618. if ($context['user']['is_owner'])
  1619. {
  1620. setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
  1621. redirectexit('action=profile;area=authentication;updated');
  1622. }
  1623. else
  1624. redirectexit('action=profile;u=' . $memID);
  1625. }
  1626. return true;
  1627. }
  1628. // Not right yet!
  1629. elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier']))
  1630. {
  1631. require_once($sourcedir . '/Subs-OpenID.php');
  1632. $_POST['openid_identifier'] = smf_openID_canonize($_POST['openid_identifier']);
  1633. if (smf_openid_member_exists($_POST['openid_identifier']))
  1634. $post_errors[] = 'openid_in_use';
  1635. elseif (empty($post_errors))
  1636. {
  1637. // Authenticate using the new OpenID URI first to make sure they didn't make a mistake.
  1638. if ($context['user']['is_owner'])
  1639. {
  1640. $_SESSION['new_openid_uri'] = $_POST['openid_identifier'];
  1641. smf_openID_validate($_POST['openid_identifier'], false, null, 'change_uri');
  1642. }
  1643. else
  1644. updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier']));
  1645. }
  1646. }
  1647. }
  1648. // Some stuff.
  1649. $context['member']['openid_uri'] = $cur_profile['openid_uri'];
  1650. $context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid';
  1651. $context['sub_template'] = 'authentication_method';
  1652. loadJavascriptFile('register.js', array('default_theme' => true, 'defer' => false), 'smf_register');
  1653. }
  1654. /**
  1655. * Display the notifications and settings for changes.
  1656. *
  1657. * @param int $memID id_member
  1658. */
  1659. function notification($memID)
  1660. {
  1661. global $txt, $scripturl, $user_profile, $context, $smcFunc, $sourcedir;
  1662. // Going to want this for consistency.
  1663. loadCSSFile('admin.css', array(), 'admin');
  1664. // This is just a bootstrap for everything else.
  1665. $sa = array(
  1666. 'alerts' => 'alert_configuration',
  1667. 'markread' => 'alert_markread',
  1668. 'topics' => 'alert_notifications_topics',
  1669. 'boards' => 'alert_notifications_boards',
  1670. );
  1671. $subAction = !empty($_GET['sa']) && isset($sa[$_GET['sa']]) ? $_GET['sa'] : 'alerts';
  1672. $context['sub_template'] = $sa[$subAction];
  1673. $context[$context['profile_menu_name']]['tab_data'] = array(
  1674. 'title' => $txt['notification'],
  1675. 'help' => '',
  1676. 'description' => $txt['notification_info'],
  1677. );
  1678. $sa[$subAction]($memID);
  1679. }
  1680. function alert_configuration($memID)
  1681. {
  1682. global $txt, $scripturl, $user_profile, $context, $modSettings, $smcFunc, $sourcedir;
  1683. $context['token_check'] = 'profile-nt' . $memID;
  1684. is_not_guest();
  1685. if (!$context['user']['is_owner'])
  1686. isAllowedTo('profile_extra_any');
  1687. // What options are set?
  1688. $context['member'] += array(
  1689. 'notify_announcements' => $user_profile[$memID]['notify_announcements'],
  1690. 'notify_send_body' => $user_profile[$memID]['notify_send_body'],
  1691. 'notify_types' => $user_profile[$memID]['notify_types'],
  1692. 'notify_regularity' => $user_profile[$memID]['notify_regularity'],
  1693. );
  1694. loadThemeOptions($memID);
  1695. // Now load all the values for this user.
  1696. require_once($sourcedir . '/Subs-Notify.php');
  1697. $prefs = getNotifyPrefs($memID);
  1698. // And we might as well now perform the splicing of default values.
  1699. if (!empty($prefs[0]))
  1700. foreach ($prefs[0] as $this_pref => $value)
  1701. if (!isset($prefs[$memID][$this_pref]))
  1702. $prefs[$memID][$this_pref] = $value;
  1703. $context['alert_prefs'] = !empty($prefs[$memID]) ? $prefs[$memID] : array();
  1704. // Now for the exciting stuff.
  1705. // We have groups of items, each item has both an alert and an email key as well as an optional help string.
  1706. // Valid values for these keys are 'always', 'yes', 'never'; if using always or never you should add a help string.
  1707. $alert_types = array(
  1708. 'msg' => array(
  1709. 'topic_notify' => array('alert' => 'yes', 'email' => 'yes'),
  1710. 'board_notify' => array('alert' => 'yes', 'email' => 'yes'),
  1711. 'msg_mention' => array('alert' => 'yes', 'email' => 'yes'),
  1712. 'msg_quote' => array('alert' => 'yes', 'email' => 'yes'),
  1713. 'msg_like' => array('alert' => 'yes', 'email' => 'never'),
  1714. ),
  1715. 'pm' => array(
  1716. 'pm_new' => array('alert' => 'always', 'email' => 'yes', 'help' => 'alert_pm_new', 'permission' => array('name' => 'pm_read', 'is_board' => false)),
  1717. 'pm_reply' => array('alert' => 'always', 'email' => 'yes', 'help' => 'alert_pm_new', 'permission' => array('name' => 'pm_send', 'is_board' => false)),
  1718. ),
  1719. 'moderation' => array(
  1720. 'msg_report' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_board', 'is_board' => true)),
  1721. 'msg_report_reply' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_board', 'is_board' => true)),
  1722. ),
  1723. 'members' => array(
  1724. 'member_register' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'moderate_forum', 'is_board' => false)),
  1725. 'request_group' => array('alert' => 'yes', 'email' => 'yes'),
  1726. 'warn_any' => array('alert' => 'yes', 'email' => 'yes', 'permission' => array('name' => 'issue_warning', 'is_board' => false)),
  1727. ),
  1728. 'calendar' => array(
  1729. 'event_new' => array('alert' => 'yes', 'email' => 'yes', 'help' => 'alert_event_new'),
  1730. ),
  1731. );
  1732. $group_options = array(
  1733. 'msg' => array(
  1734. array('check', 'msg_auto_notify', 'label' => 'after'),
  1735. array('select', 'msg_notify_pref', 'label' => 'before', 'opts' => array(
  1736. 0 => $txt['alert_opt_msg_notify_pref_nothing'],
  1737. 1 => $txt['alert_opt_msg_notify_pref_instant'],
  1738. 2 => $txt['alert_opt_msg_notify_pref_first'],
  1739. 3 => $txt['alert_opt_msg_notify_pref_daily'],
  1740. 4 => $txt['alert_opt_msg_notify_pref_weekly'],
  1741. )),
  1742. ),
  1743. );
  1744. $disabled_options = array();
  1745. // There are certain things that are disabled at the group level.
  1746. if (empty($modSettings['cal_enabled']))
  1747. {
  1748. foreach ($alert_types['calendar'] as $k => $v)
  1749. $disabled_options[] = $k;
  1750. unset ($alert_types['calendar']);
  1751. }
  1752. // Now, now, we could pass this through global but we should really get into the habit of
  1753. // passing content to hooks, not expecting hooks to splatter everything everywhere.
  1754. call_integration_hook('integrate_alert_types', array(&$alert_types, &$group_options, &$disabled_options));
  1755. // Now we have to do some permissions testing.
  1756. require_once($sourcedir . '/Subs-Members.php');
  1757. $perms_cache = array();
  1758. foreach ($alert_types as $group => $items)
  1759. {
  1760. foreach ($items as $alert_key => $alert_value)
  1761. {
  1762. if (!isset($alert_value['permission']))
  1763. continue;
  1764. if (!isset($perms_cache[$alert_value['permission']['name']]))
  1765. {
  1766. $in_board = !empty($alert_value['permission']['is_board']) ? 0 : null;
  1767. $members = membersAllowedTo($alert_value['permission']['name'], $in_board);
  1768. $perms_cache[$alert_value['permission']['name']] = in_array($memID, $members);
  1769. }
  1770. if (!$perms_cache[$alert_value['permission']['name']])
  1771. {
  1772. $disabled_options[] = $alert_key;
  1773. unset ($alert_types[$group][$alert_key]);
  1774. }
  1775. }
  1776. if (empty($alert_types[$group]))
  1777. unset ($alert_types[$group]);
  1778. }
  1779. // Slightly different for group requests
  1780. $request = $smcFunc['db_query']('', '
  1781. SELECT COUNT(*)
  1782. FROM {db_prefix}group_moderators
  1783. WHERE id_member = {int:memID}',
  1784. array(
  1785. 'memID' => $memID,
  1786. )
  1787. );
  1788. list($can_mod) = $smcFunc['db_fetch_row']($request);
  1789. if (!isset($perms_cache['manage_membergroups']))
  1790. {
  1791. $members = membersAllowedTo('manage_membergroups');
  1792. $perms_cache['manage_membergroups'] = in_array($memID, $members);
  1793. }
  1794. if (!($perms_cache['manage_membergroups'] || $can_mod != 0))
  1795. unset($alert_types['members']['request_group']);
  1796. // And finally, exporting it to be useful later.
  1797. $context['alert_types'] = $alert_types;
  1798. $context['alert_group_options'] = $group_options;
  1799. $context['disabled_alerts'] = $disabled_options;
  1800. $context['alert_bits'] = array(
  1801. 'alert' => 0x01,
  1802. 'email' => 0x02,
  1803. );
  1804. if (isset($_POST['notify_submit']))
  1805. {
  1806. checkSession();
  1807. validateToken($context['token_check'], 'post');
  1808. // We need to step through the list of valid settings and figure out what the user has set.
  1809. $update_prefs = array();
  1810. // Now the group level options
  1811. foreach ($context['alert_group_options'] as $opt_group => $group)
  1812. {
  1813. foreach ($group as $this_option)
  1814. {
  1815. switch ($this_option[0])
  1816. {
  1817. case 'check':
  1818. $update_prefs[$this_option[1]] = !empty($_POST['opt_' . $this_option[1]]) ? 1 : 0;
  1819. break;
  1820. case 'select':
  1821. if (isset($_POST['opt_' . $this_option[1]], $this_option['opts'][$_POST['opt_' . $this_option[1]]]))
  1822. $update_prefs[$this_option[1]] = $_POST['opt_' . $this_option[1]];
  1823. else
  1824. {
  1825. // We didn't have a sane value. Let's grab the first item from the possibles.
  1826. $keys = array_keys($this_option['opts']);
  1827. $first = array_shift($keys);
  1828. $update_prefs[$this_option[1]] = $first;
  1829. }
  1830. break;
  1831. }
  1832. }
  1833. }
  1834. // Now the individual options
  1835. foreach ($context['alert_types'] as $alert_group => $items)
  1836. {
  1837. foreach ($items as $item_key => $this_options)
  1838. {
  1839. $this_value = 0;
  1840. foreach ($context['alert_bits'] as $type => $bitvalue)
  1841. {
  1842. if ($this_options[$type] == 'yes' && !empty($_POST[$type . '_' . $item_key]))
  1843. $this_value |= $bitvalue;
  1844. }
  1845. $update_prefs[$item_key] = $this_value;
  1846. }
  1847. }
  1848. setNotifyPrefs($memID, $update_prefs);
  1849. foreach ($update_prefs as $pref => $value)
  1850. $context['alert_prefs'][$pref] = $value;
  1851. makeNotificationChanges($memID);
  1852. $context['profile_updated'] = $txt['profile_updated_own'];
  1853. }
  1854. createToken($context['token_check'], 'post');
  1855. }
  1856. function alert_markread($memID)
  1857. {
  1858. global $context, $db_show_debug, $smcFunc;
  1859. // We do not want to output debug information here.
  1860. $db_show_debug = false;
  1861. // We only want to output our little layer here.
  1862. $context['template_layers'] = array();
  1863. $context['sub_template'] = 'alerts_all_read';
  1864. loadLanguage('Alerts');
  1865. // Now we're all set up.
  1866. is_not_guest();
  1867. if (!$context['user']['is_owner'])
  1868. fatal_error('no_access');
  1869. checkSession('get');
  1870. // Assuming we're here, mark everything as read and head back.
  1871. // We only spit back the little layer because this should be called AJAXively.
  1872. $smcFunc['db_query']('', '
  1873. UPDATE {db_prefix}user_alerts
  1874. SET is_read = {int:now}
  1875. WHERE id_member = {int:current_member}
  1876. AND is_read = 0',
  1877. array(
  1878. 'now' => time(),
  1879. 'current_member' => $memID,
  1880. )
  1881. );
  1882. updateMemberData($memID, array('alerts' => 0));
  1883. }
  1884. function alert_notifications_topics($memID)
  1885. {
  1886. global $txt, $scripturl, $user_profile, $context, $modSettings, $smcFunc, $sourcedir;
  1887. // Because of the way this stuff works, we want to do this ourselves.
  1888. if (isset($_POST['edit_notify_topics']))
  1889. {
  1890. checkSession();
  1891. validateToken(str_replace('%u', $memID, 'profile-nt%u'), 'post');
  1892. makeNotificationChanges($memID);
  1893. $context['profile_updated'] = $txt['profile_updated_own'];
  1894. }
  1895. // Now set up for the token check.
  1896. $context['token_check'] = str_replace('%u', $memID, 'profile-nt%u');
  1897. createToken($context['token_check'], 'post');
  1898. // Gonna want this for the list.
  1899. require_once($sourcedir . '/Subs-List.php');
  1900. // Do the topic notifications.
  1901. $listOptions = array(
  1902. 'id' => 'topic_notification_list',
  1903. 'width' => '100%',
  1904. 'items_per_page' => $modSettings['defaultMaxMessages'],
  1905. 'no_items_label' => $txt['notifications_topics_none'] . '<br><br>' . $txt['notifications_topics_howto'],
  1906. 'no_items_align' => 'left',
  1907. 'base_href' => $scripturl . '?action=profile;u=' . $memID . ';area=notification;sa=topics',
  1908. 'default_sort_col' => 'last_post',
  1909. 'get_items' => array(
  1910. 'function' => 'list_getTopicNotifications',
  1911. 'params' => array(
  1912. $memID,
  1913. ),
  1914. ),
  1915. 'get_count' => array(
  1916. 'function' => 'list_getTopicNotificationCount',
  1917. 'params' => array(
  1918. $memID,
  1919. ),
  1920. ),
  1921. 'columns' => array(
  1922. 'subject' => array(
  1923. 'header' => array(
  1924. 'value' => $txt['notifications_topics'],
  1925. 'class' => 'lefttext first_th',
  1926. ),
  1927. 'data' => array(
  1928. 'function' => create_function('$topic', '
  1929. global $txt;
  1930. $link = $topic[\'link\'];
  1931. if ($topic[\'new\'])
  1932. $link .= \' <a href="\' . $topic[\'new_href\'] . \'"><span class="new_posts">\' . $txt[\'new\'] . \'</span></a>\';
  1933. $link .= \'<br><span class="smalltext"><em>\' . $txt[\'in\'] . \' \' . $topic[\'board_link\'] . \'</em></span>\';
  1934. return $link;
  1935. '),
  1936. ),
  1937. 'sort' => array(
  1938. 'default' => 'ms.subject',
  1939. 'reverse' => 'ms.subject DESC',
  1940. ),
  1941. ),
  1942. 'started_by' => array(
  1943. 'header' => array(
  1944. 'value' => $txt['started_by'],
  1945. 'class' => 'lefttext',
  1946. ),
  1947. 'data' => array(
  1948. 'db' => 'poster_link',
  1949. ),
  1950. 'sort' => array(
  1951. 'default' => 'real_name_col',
  1952. 'reverse' => 'real_name_col DESC',
  1953. ),
  1954. ),
  1955. 'last_post' => array(
  1956. 'header' => array(
  1957. 'value' => $txt['last_post'],
  1958. 'class' => 'lefttext',
  1959. ),
  1960. 'data' => array(
  1961. 'sprintf' => array(
  1962. 'format' => '<span class="smalltext">%1$s<br>' . $txt['by'] . ' %2$s</span>',
  1963. 'params' => array(
  1964. 'updated' => false,
  1965. 'poster_updated_link' => false,
  1966. ),
  1967. ),
  1968. ),
  1969. 'sort' => array(
  1970. 'default' => 'ml.id_msg DESC',
  1971. 'reverse' => 'ml.id_msg',
  1972. ),
  1973. ),
  1974. 'delete' => array(
  1975. 'header' => array(
  1976. 'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);">',
  1977. 'style' => 'width: 4%;',
  1978. 'class' => 'centercol',
  1979. ),
  1980. 'data' => array(
  1981. 'sprintf' => array(
  1982. 'format' => '<input type="checkbox" name="notify_topics[]" value="%1$d" class="input_check">',
  1983. 'params' => array(
  1984. 'id' => false,
  1985. ),
  1986. ),
  1987. 'class' => 'centercol',
  1988. ),
  1989. ),
  1990. ),
  1991. 'form' => array(
  1992. 'href' => $scripturl . '?action=profile;area=notification;sa=topics',
  1993. 'include_sort' => true,
  1994. 'include_start' => true,
  1995. 'hidden_fields' => array(
  1996. 'u' => $memID,
  1997. 'sa' => $context['menu_item_selected'],
  1998. $context['session_var'] => $context['session_id'],
  1999. ),
  2000. 'token' => $context['token_check'],
  2001. ),
  2002. 'additional_rows' => array(
  2003. array(
  2004. 'position' => 'bottom_of_list',
  2005. 'value' => '<input type="submit" name="edit_notify_topics" value="' . $txt['notifications_update'] . '" class="button_submit">',
  2006. 'align' => 'right',
  2007. ),
  2008. ),
  2009. );
  2010. // Create the notification list.
  2011. createList($listOptions);
  2012. }
  2013. function alert_notifications_boards($memID)
  2014. {
  2015. global $txt, $scripturl, $user_profile, $context, $smcFunc, $sourcedir;
  2016. // Because of the way this stuff works, we want to do this ourselves.
  2017. if (isset($_POST['edit_notify_boards']))
  2018. {
  2019. checkSession();
  2020. validateToken(str_replace('%u', $memID, 'profile-nt%u'), 'post');
  2021. makeNotificationChanges($memID);
  2022. $context['profile_updated'] = $txt['profile_updated_own'];
  2023. }
  2024. // Now set up for the token check.
  2025. $context['token_check'] = str_replace('%u', $memID, 'profile-nt%u');
  2026. createToken($context['token_check'], 'post');
  2027. // Gonna want this for the list.
  2028. require_once($sourcedir . '/Subs-List.php');
  2029. // Fine, start with the board list.
  2030. $listOptions = array(
  2031. 'id' => 'board_notification_list',
  2032. 'width' => '100%',
  2033. 'no_items_label' => $txt['notifications_boards_none'] . '<br><br>' . $txt['notifications_boards_howto'],
  2034. 'no_items_align' => 'left',
  2035. 'base_href' => $scripturl . '?action=profile;u=' . $memID . ';area=notification;sa=boards',
  2036. 'default_sort_col' => 'board_name',
  2037. 'get_items' => array(
  2038. 'function' => 'list_getBoardNotifications',
  2039. 'params' => array(
  2040. $memID,
  2041. ),
  2042. ),
  2043. 'columns' => array(
  2044. 'board_name' => array(
  2045. 'header' => array(
  2046. 'value' => $txt['notifications_boards'],
  2047. 'class' => 'lefttext first_th',
  2048. ),
  2049. 'data' => array(
  2050. 'function' => create_function('$board', '
  2051. global $txt;
  2052. $link = $board[\'link\'];
  2053. if ($board[\'new\'])
  2054. $link .= \' <a href="\' . $board[\'href\'] . \'"><span class="new_posts">' . $txt['new'] . '</span></a>\';
  2055. return $link;
  2056. '),
  2057. ),
  2058. 'sort' => array(
  2059. 'default' => 'name',
  2060. 'reverse' => 'name DESC',
  2061. ),
  2062. ),
  2063. 'delete' => array(
  2064. 'header' => array(
  2065. 'value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);">',
  2066. 'style' => 'width: 4%;',
  2067. 'class' => 'centercol',
  2068. ),
  2069. 'data' => array(
  2070. 'sprintf' => array(
  2071. 'format' => '<input type="checkbox" name="notify_boards[]" value="%1$d" class="input_check">',
  2072. 'params' => array(
  2073. 'id' => false,
  2074. ),
  2075. ),
  2076. 'class' => 'centercol',
  2077. ),
  2078. ),
  2079. ),
  2080. 'form' => array(
  2081. 'href' => $scripturl . '?action=profile;area=notification;sa=boards',
  2082. 'include_sort' => true,
  2083. 'include_start' => true,
  2084. 'hidden_fields' => array(
  2085. 'u' => $memID,
  2086. 'sa' => $context['menu_item_selected'],
  2087. $context['session_var'] => $context['session_id'],
  2088. ),
  2089. 'token' => $context['token_check'],
  2090. ),
  2091. 'additional_rows' => array(
  2092. array(
  2093. 'position' => 'bottom_of_list',
  2094. 'value' => '<input type="submit" name="edit_notify_boards" value="' . $txt['notifications_update'] . '" class="button_submit">',
  2095. 'align' => 'right',
  2096. ),
  2097. ),
  2098. );
  2099. // Create the board notification list.
  2100. createList($listOptions);
  2101. }
  2102. /**
  2103. * @todo needs a description
  2104. *
  2105. * @param int $memID id_member
  2106. * @return string
  2107. */
  2108. function list_getTopicNotificationCount($memID)
  2109. {
  2110. global $smcFunc, $user_info, $context, $modSettings;
  2111. $request = $smcFunc['db_query']('', '
  2112. SELECT COUNT(*)
  2113. FROM {db_prefix}log_notify AS ln' . (!$modSettings['postmod_active'] && $user_info['query_see_board'] === '1=1' ? '' : '
  2114. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ln.id_topic)') . ($user_info['query_see_board'] === '1=1' ? '' : '
  2115. INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)') . '
  2116. WHERE ln.id_member = {int:selected_member}' . ($user_info['query_see_board'] === '1=1' ? '' : '
  2117. AND {query_see_board}') . ($modSettings['postmod_active'] ? '
  2118. AND t.approved = {int:is_approved}' : ''),
  2119. array(
  2120. 'selected_member' => $memID,
  2121. 'is_approved' => 1,
  2122. )
  2123. );
  2124. list ($totalNotifications) = $smcFunc['db_fetch_row']($request);
  2125. $smcFunc['db_free_result']($request);
  2126. // @todo make this an integer before it gets returned
  2127. return $totalNotifications;
  2128. }
  2129. /**
  2130. * @todo Needs a description
  2131. *
  2132. * @param int $start
  2133. * @param int $items_per_page
  2134. * @param string $sort
  2135. * @param int $memID id_member
  2136. * @return array $notification_topics
  2137. */
  2138. function list_getTopicNotifications($start, $items_per_page, $sort, $memID)
  2139. {
  2140. global $smcFunc, $txt, $scripturl, $user_info, $context, $modSettings;
  2141. // All the topics with notification on...
  2142. $request = $smcFunc['db_query']('', '
  2143. SELECT
  2144. IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1 AS new_from, b.id_board, b.name,
  2145. t.id_topic, ms.subject, ms.id_member, IFNULL(mem.real_name, ms.poster_name) AS real_name_col,
  2146. ml.id_msg_modified, ml.poster_time, ml.id_member AS id_member_updated,
  2147. IFNULL(mem2.real_name, ml.poster_name) AS last_real_name
  2148. FROM {db_prefix}log_notify AS ln
  2149. INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ln.id_topic' . ($modSettings['postmod_active'] ? ' AND t.approved = {int:is_approved}' : '') . ')
  2150. INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board AND {query_see_board})
  2151. INNER JOIN {db_prefix}messages AS ms ON (ms.id_msg = t.id_first_msg)
  2152. INNER JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg)
  2153. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = ms.id_member)
  2154. LEFT JOIN {db_prefix}members AS mem2 ON (mem2.id_member = ml.id_member)
  2155. LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = t.id_topic AND lt.id_member = {int:current_member})
  2156. LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = b.id_board AND lmr.id_member = {int:current_member})
  2157. WHERE ln.id_member = {int:selected_member}
  2158. ORDER BY {raw:sort}
  2159. LIMIT {int:offset}, {int:items_per_page}',
  2160. array(
  2161. 'current_member' => $user_info['id'],
  2162. 'is_approved' => 1,
  2163. 'selected_member' => $memID,
  2164. 'sort' => $sort,
  2165. 'offset' => $start,
  2166. 'items_per_page' => $items_per_page,
  2167. )
  2168. );
  2169. $notification_topics = array();
  2170. while ($row = $smcFunc['db_fetch_assoc']($request))
  2171. {
  2172. censorText($row['subject']);
  2173. $notification_topics[] = array(
  2174. 'id' => $row['id_topic'],
  2175. 'poster_link' => empty($row['id_member']) ? $row['real_name_col'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name_col'] . '</a>',
  2176. 'poster_updated_link' => empty($row['id_member_updated']) ? $row['last_real_name'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_updated'] . '">' . $row['last_real_name'] . '</a>',
  2177. 'subject' => $row['subject'],
  2178. 'href' => $scripturl . '?topic=' . $row['id_topic'] . '.0',
  2179. 'link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.0">' . $row['subject'] . '</a>',
  2180. 'new' => $row['new_from'] <= $row['id_msg_modified'],
  2181. 'new_from' => $row['new_from'],
  2182. 'updated' => timeformat($row['poster_time']),
  2183. 'new_href' => $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['new_from'] . '#new',
  2184. 'new_link' => '<a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.msg' . $row['new_from'] . '#new">' . $row['subject'] . '</a>',
  2185. 'board_link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['name'] . '</a>',
  2186. );
  2187. }
  2188. $smcFunc['db_free_result']($request);
  2189. return $notification_topics;
  2190. }
  2191. /**
  2192. * @todo needs a description
  2193. *
  2194. * @param int $start
  2195. * @param int $items_per_page
  2196. * @param string $sort
  2197. * @param int $memID id_member
  2198. * @return array
  2199. */
  2200. function list_getBoardNotifications($start, $items_per_page, $sort, $memID)
  2201. {
  2202. global $smcFunc, $txt, $scripturl, $user_info;
  2203. $request = $smcFunc['db_query']('', '
  2204. SELECT b.id_board, b.name, IFNULL(lb.id_msg, 0) AS board_read, b.id_msg_updated
  2205. FROM {db_prefix}log_notify AS ln
  2206. INNER JOIN {db_prefix}boards AS b ON (b.id_board = ln.id_board)
  2207. LEFT JOIN {db_prefix}log_boards AS lb ON (lb.id_board = b.id_board AND lb.id_member = {int:current_member})
  2208. WHERE ln.id_member = {int:selected_member}
  2209. AND {query_see_board}
  2210. ORDER BY ' . $sort,
  2211. array(
  2212. 'current_member' => $user_info['id'],
  2213. 'selected_member' => $memID,
  2214. )
  2215. );
  2216. $notification_boards = array();
  2217. while ($row = $smcFunc['db_fetch_assoc']($request))
  2218. $notification_boards[] = array(
  2219. 'id' => $row['id_board'],
  2220. 'name' => $row['name'],
  2221. 'href' => $scripturl . '?board=' . $row['id_board'] . '.0',
  2222. 'link' => '<a href="' . $scripturl . '?board=' . $row['id_board'] . '.0">' . $row['name'] . '</a>',
  2223. 'new' => $row['board_read'] < $row['id_msg_updated']
  2224. );
  2225. $smcFunc['db_free_result']($request);
  2226. return $notification_boards;
  2227. }
  2228. /**
  2229. * @todo needs a description
  2230. *
  2231. * @param int $memID id_member
  2232. */
  2233. function loadThemeOptions($memID)
  2234. {
  2235. global $context, $options, $cur_profile, $smcFunc;
  2236. if (isset($_POST['default_options']))
  2237. $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
  2238. if ($context['user']['is_owner'])
  2239. {
  2240. $context['member']['options'] = $options;
  2241. if (isset($_POST['options']) && is_array($_POST['options']))
  2242. foreach ($_POST['options'] as $k => $v)
  2243. $context['member']['options'][$k] = $v;
  2244. }
  2245. else
  2246. {
  2247. $request = $smcFunc['db_query']('', '
  2248. SELECT id_member, variable, value
  2249. FROM {db_prefix}themes
  2250. WHERE id_theme IN (1, {int:member_theme})
  2251. AND id_member IN (-1, {int:selected_member})',
  2252. array(
  2253. 'member_theme' => (int) $cur_profile['id_theme'],
  2254. 'selected_member' => $memID,
  2255. )
  2256. );
  2257. $temp = array();
  2258. while ($row = $smcFunc['db_fetch_assoc']($request))
  2259. {
  2260. if ($row['id_member'] == -1)
  2261. {
  2262. $temp[$row['variable']] = $row['value'];
  2263. continue;
  2264. }
  2265. if (isset($_POST['options'][$row['variable']]))
  2266. $row['value'] = $_POST['options'][$row['variable']];
  2267. $context['member']['options'][$row['variable']] = $row['value'];
  2268. }
  2269. $smcFunc['db_free_result']($request);
  2270. // Load up the default theme options for any missing.
  2271. foreach ($temp as $k => $v)
  2272. {
  2273. if (!isset($context['member']['options'][$k]))
  2274. $context['member']['options'][$k] = $v;
  2275. }
  2276. }
  2277. }
  2278. /**
  2279. * @todo needs a description
  2280. *
  2281. * @param int $memID id_member
  2282. */
  2283. function ignoreboards($memID)
  2284. {
  2285. global $txt, $context, $modSettings, $smcFunc, $cur_profile;
  2286. // Have the admins enabled this option?
  2287. if (empty($modSettings['allow_ignore_boards']))
  2288. fatal_lang_error('ignoreboards_disallowed', 'user');
  2289. // Find all the boards this user is allowed to see.
  2290. $request = $smcFunc['db_query']('order_by_board_order', '
  2291. SELECT b.id_cat, c.name AS cat_name, b.id_board, b.name, b.child_level,
  2292. '. (!empty($cur_profile['ignore_boards']) ? 'b.id_board IN ({array_int:ignore_boards})' : '0') . ' AS is_ignored
  2293. FROM {db_prefix}boards AS b
  2294. LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
  2295. WHERE {query_see_board}
  2296. AND redirect = {string:empty_string}',
  2297. array(
  2298. 'ignore_boards' => !empty($cur_profile['ignore_boards']) ? explode(',', $cur_profile['ignore_boards']) : array(),
  2299. 'empty_string' => '',
  2300. )
  2301. );
  2302. $context['num_boards'] = $smcFunc['db_num_rows']($request);
  2303. $context['categories'] = array();
  2304. while ($row = $smcFunc['db_fetch_assoc']($request))
  2305. {
  2306. // This category hasn't been set up yet..
  2307. if (!isset($context['categories'][$row['id_cat']]))
  2308. $context['categories'][$row['id_cat']] = array(
  2309. 'id' => $row['id_cat'],
  2310. 'name' => $row['cat_name'],
  2311. 'boards' => array()
  2312. );
  2313. // Set this board up, and let the template know when it's a child. (indent them..)
  2314. $context['categories'][$row['id_cat']]['boards'][$row['id_board']] = array(
  2315. 'id' => $row['id_board'],
  2316. 'name' => $row['name'],
  2317. 'child_level' => $row['child_level'],
  2318. 'selected' => $row['is_ignored'],
  2319. );
  2320. }
  2321. $smcFunc['db_free_result']($request);
  2322. // Now, let's sort the list of categories into the boards for templates that like that.
  2323. $temp_boards = array();
  2324. foreach ($context['categories'] as $category)
  2325. {
  2326. // Include a list of boards per category for easy toggling.
  2327. $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
  2328. $temp_boards[] = array(
  2329. 'name' => $category['name'],
  2330. 'child_ids' => array_keys($category['boards'])
  2331. );
  2332. $temp_boards = array_merge($temp_boards, array_values($category['boards']));
  2333. }
  2334. $max_boards = ceil(count($temp_boards) / 2);
  2335. if ($max_boards == 1)
  2336. $max_boards = 2;
  2337. // Now, alternate them so they can be shown left and right ;).
  2338. $context['board_columns'] = array();
  2339. for ($i = 0; $i < $max_boards; $i++)
  2340. {
  2341. $context['board_columns'][] = $temp_boards[$i];
  2342. if (isset($temp_boards[$i + $max_boards]))
  2343. $context['board_columns'][] = $temp_boards[$i + $max_boards];
  2344. else
  2345. $context['board_columns'][] = array();
  2346. }
  2347. loadThemeOptions($memID);
  2348. }
  2349. /**
  2350. * Load all the languages for the profile.
  2351. * @return boolean
  2352. */
  2353. function profileLoadLanguages()
  2354. {
  2355. global $context, $cur_profile, $language, $smcFunc;
  2356. $context['profile_languages'] = array();
  2357. // Get our languages!
  2358. getLanguages(true, true);
  2359. // Setup our languages.
  2360. foreach ($context['languages'] as $lang)
  2361. {
  2362. $context['profile_languages'][$lang['filename']] = strtr($lang['name'], array('-utf8' => ''));
  2363. }
  2364. ksort($context['profile_languages']);
  2365. // Return whether we should proceed with this.
  2366. return count($context['profile_languages']) > 1 ? true : false;
  2367. }
  2368. /**
  2369. * @todo needs description
  2370. *
  2371. * @return true
  2372. */
  2373. function profileLoadGroups()
  2374. {
  2375. global $cur_profile, $txt, $context, $smcFunc, $user_settings;
  2376. $context['member_groups'] = array(
  2377. 0 => array(
  2378. 'id' => 0,
  2379. 'name' => $txt['no_primary_membergroup'],
  2380. 'is_primary' => $cur_profile['id_group'] == 0,
  2381. 'can_be_additional' => false,
  2382. 'can_be_primary' => true,
  2383. )
  2384. );
  2385. $curGroups = explode(',', $cur_profile['additional_groups']);
  2386. // Load membergroups, but only those groups the user can assign.
  2387. $request = $smcFunc['db_query']('', '
  2388. SELECT group_name, id_group, hidden
  2389. FROM {db_prefix}membergroups
  2390. WHERE id_group != {int:moderator_group}
  2391. AND min_posts = {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
  2392. AND group_type != {int:is_protected}') . '
  2393. ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  2394. array(
  2395. 'moderator_group' => 3,
  2396. 'min_posts' => -1,
  2397. 'is_protected' => 1,
  2398. 'newbie_group' => 4,
  2399. )
  2400. );
  2401. while ($row = $smcFunc['db_fetch_assoc']($request))
  2402. {
  2403. // We should skip the administrator group if they don't have the admin_forum permission!
  2404. if ($row['id_group'] == 1 && !allowedTo('admin_forum'))
  2405. continue;
  2406. $context['member_groups'][$row['id_group']] = array(
  2407. 'id' => $row['id_group'],
  2408. 'name' => $row['group_name'],
  2409. 'is_primary' => $cur_profile['id_group'] == $row['id_group'],
  2410. 'is_additional' => in_array($row['id_group'], $curGroups),
  2411. 'can_be_additional' => true,
  2412. 'can_be_primary' => $row['hidden'] != 2,
  2413. );
  2414. }
  2415. $smcFunc['db_free_result']($request);
  2416. $context['member']['group_id'] = $user_settings['id_group'];
  2417. return true;
  2418. }
  2419. /**
  2420. * Load key signature context data.
  2421. *
  2422. * @return true
  2423. */
  2424. function profileLoadSignatureData()
  2425. {
  2426. global $modSettings, $context, $txt, $cur_profile, $smcFunc, $memberContext;
  2427. // Signature limits.
  2428. list ($sig_limits, $sig_bbc) = explode(':', $modSettings['signature_settings']);
  2429. $sig_limits = explode(',', $sig_limits);
  2430. $context['signature_enabled'] = isset($sig_limits[0]) ? $sig_limits[0] : 0;
  2431. $context['signature_limits'] = array(
  2432. 'max_length' => isset($sig_limits[1]) ? $sig_limits[1] : 0,
  2433. 'max_lines' => isset($sig_limits[2]) ? $sig_limits[2] : 0,
  2434. 'max_images' => isset($sig_limits[3]) ? $sig_limits[3] : 0,
  2435. 'max_smileys' => isset($sig_limits[4]) ? $sig_limits[4] : 0,
  2436. 'max_image_width' => isset($sig_limits[5]) ? $sig_limits[5] : 0,
  2437. 'max_image_height' => isset($sig_limits[6]) ? $sig_limits[6] : 0,
  2438. 'max_font_size' => isset($sig_limits[7]) ? $sig_limits[7] : 0,
  2439. 'bbc' => !empty($sig_bbc) ? explode(',', $sig_bbc) : array(),
  2440. );
  2441. // Kept this line in for backwards compatibility!
  2442. $context['max_signature_length'] = $context['signature_limits']['max_length'];
  2443. // Warning message for signature image limits?
  2444. $context['signature_warning'] = '';
  2445. if ($context['signature_limits']['max_image_width'] && $context['signature_limits']['max_image_height'])
  2446. $context['signature_warning'] = sprintf($txt['profile_error_signature_max_image_size'], $context['signature_limits']['max_image_width'], $context['signature_limits']['max_image_height']);
  2447. elseif ($context['signature_limits']['max_image_width'] || $context['signature_limits']['max_image_height'])
  2448. $context['signature_warning'] = sprintf($txt['profile_error_signature_max_image_' . ($context['signature_limits']['max_image_width'] ? 'width' : 'height')], $context['signature_limits'][$context['signature_limits']['max_image_width'] ? 'max_image_width' : 'max_image_height']);
  2449. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new');
  2450. if (empty($context['do_preview']))
  2451. $context['member']['signature'] = empty($cur_profile['signature']) ? '' : str_replace(array('<br>', '<', '>', '"', '\''), array("\n", '&lt;', '&gt;', '&quot;', '&#039;'), $cur_profile['signature']);
  2452. else
  2453. {
  2454. $signature = !empty($_POST['signature']) ? $_POST['signature'] : '';
  2455. $validation = profileValidateSignature($signature);
  2456. if (empty($context['post_errors']))
  2457. {
  2458. loadLanguage('Errors');
  2459. $context['post_errors'] = array();
  2460. }
  2461. $context['post_errors'][] = 'signature_not_yet_saved';
  2462. if ($validation !== true && $validation !== false)
  2463. $context['post_errors'][] = $validation;
  2464. censorText($context['member']['signature']);
  2465. $context['member']['current_signature'] = $context['member']['signature'];
  2466. censorText($signature);
  2467. $context['member']['signature_preview'] = parse_bbc($signature, true, 'sig' . $memberContext[$context['id_member']]);
  2468. $context['member']['signature'] = $_POST['signature'];
  2469. }
  2470. // Load the spell checker?
  2471. if ($context['show_spellchecking'])
  2472. loadJavascriptFile('spellcheck.js', array('default_theme' => true, 'defer' => false), 'smf_spellcheck');
  2473. return true;
  2474. }
  2475. /**
  2476. * Load avatar context data.
  2477. *
  2478. * @return true
  2479. */
  2480. function profileLoadAvatarData()
  2481. {
  2482. global $context, $cur_profile, $modSettings, $scripturl;
  2483. $context['avatar_url'] = $modSettings['avatar_url'];
  2484. // Default context.
  2485. $context['member']['avatar'] += array(
  2486. 'custom' => stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://') ? $cur_profile['avatar'] : 'http://',
  2487. 'selection' => $cur_profile['avatar'] == '' || (stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://')) ? '' : $cur_profile['avatar'],
  2488. 'id_attach' => $cur_profile['id_attach'],
  2489. 'filename' => $cur_profile['filename'],
  2490. 'allow_server_stored' => allowedTo('profile_server_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2491. 'allow_upload' => allowedTo('profile_upload_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2492. 'allow_external' => allowedTo('profile_remote_avatar') || (!$context['user']['is_owner'] && allowedTo('profile_extra_any')),
  2493. );
  2494. if ($cur_profile['avatar'] == '' && $cur_profile['id_attach'] > 0 && $context['member']['avatar']['allow_upload'])
  2495. {
  2496. $context['member']['avatar'] += array(
  2497. 'choice' => 'upload',
  2498. 'server_pic' => 'blank.png',
  2499. 'external' => 'http://'
  2500. );
  2501. $context['member']['avatar']['href'] = empty($cur_profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $cur_profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $cur_profile['filename'];
  2502. }
  2503. elseif ((stristr($cur_profile['avatar'], 'http://') || stristr($cur_profile['avatar'], 'https://')) && $context['member']['avatar']['allow_external'])
  2504. $context['member']['avatar'] += array(
  2505. 'choice' => 'external',
  2506. 'server_pic' => 'blank.png',
  2507. 'external' => $cur_profile['avatar']
  2508. );
  2509. elseif ($cur_profile['avatar'] != '' && file_exists($modSettings['avatar_directory'] . '/' . $cur_profile['avatar']) && $context['member']['avatar']['allow_server_stored'])
  2510. $context['member']['avatar'] += array(
  2511. 'choice' => 'server_stored',
  2512. 'server_pic' => $cur_profile['avatar'] == '' ? 'blank.png' : $cur_profile['avatar'],
  2513. 'external' => 'http://'
  2514. );
  2515. else
  2516. $context['member']['avatar'] += array(
  2517. 'choice' => 'none',
  2518. 'server_pic' => 'blank.png',
  2519. 'external' => 'http://'
  2520. );
  2521. // Get a list of all the avatars.
  2522. if ($context['member']['avatar']['allow_server_stored'])
  2523. {
  2524. $context['avatar_list'] = array();
  2525. $context['avatars'] = is_dir($modSettings['avatar_directory']) ? getAvatars('', 0) : array();
  2526. }
  2527. else
  2528. $context['avatars'] = array();
  2529. // Second level selected avatar...
  2530. $context['avatar_selected'] = substr(strrchr($context['member']['avatar']['server_pic'], '/'), 1);
  2531. return !empty($context['member']['avatar']['allow_server_stored']) || !empty($context['member']['avatar']['allow_external']) || !empty($context['member']['avatar']['allow_upload']);
  2532. }
  2533. /**
  2534. * Save a members group.
  2535. *
  2536. * @param int &$value
  2537. * @return true
  2538. */
  2539. function profileSaveGroups(&$value)
  2540. {
  2541. global $profile_vars, $old_profile, $context, $smcFunc, $cur_profile;
  2542. // Do we need to protect some groups?
  2543. if (!allowedTo('admin_forum'))
  2544. {
  2545. $request = $smcFunc['db_query']('', '
  2546. SELECT id_group
  2547. FROM {db_prefix}membergroups
  2548. WHERE group_type = {int:is_protected}',
  2549. array(
  2550. 'is_protected' => 1,
  2551. )
  2552. );
  2553. $protected_groups = array(1);
  2554. while ($row = $smcFunc['db_fetch_assoc']($request))
  2555. $protected_groups[] = $row['id_group'];
  2556. $smcFunc['db_free_result']($request);
  2557. $protected_groups = array_unique($protected_groups);
  2558. }
  2559. // The account page allows the change of your id_group - but not to a protected group!
  2560. if (empty($protected_groups) || count(array_intersect(array((int) $value, $old_profile['id_group']), $protected_groups)) == 0)
  2561. $value = (int) $value;
  2562. // ... otherwise it's the old group sir.
  2563. else
  2564. $value = $old_profile['id_group'];
  2565. // Find the additional membergroups (if any)
  2566. if (isset($_POST['additional_groups']) && is_array($_POST['additional_groups']))
  2567. {
  2568. $additional_groups = array();
  2569. foreach ($_POST['additional_groups'] as $group_id)
  2570. {
  2571. $group_id = (int) $group_id;
  2572. if (!empty($group_id) && (empty($protected_groups) || !in_array($group_id, $protected_groups)))
  2573. $additional_groups[] = $group_id;
  2574. }
  2575. // Put the protected groups back in there if you don't have permission to take them away.
  2576. $old_additional_groups = explode(',', $old_profile['additional_groups']);
  2577. foreach ($old_additional_groups as $group_id)
  2578. {
  2579. if (!empty($protected_groups) && in_array($group_id, $protected_groups))
  2580. $additional_groups[] = $group_id;
  2581. }
  2582. if (implode(',', $additional_groups) !== $old_profile['additional_groups'])
  2583. {
  2584. $profile_vars['additional_groups'] = implode(',', $additional_groups);
  2585. $cur_profile['additional_groups'] = implode(',', $additional_groups);
  2586. }
  2587. }
  2588. // Too often, people remove delete their own account, or something.
  2589. if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1)
  2590. {
  2591. $stillAdmin = $value == 1 || (isset($additional_groups) && in_array(1, $additional_groups));
  2592. // If they would no longer be an admin, look for any other...
  2593. if (!$stillAdmin)
  2594. {
  2595. $request = $smcFunc['db_query']('', '
  2596. SELECT id_member
  2597. FROM {db_prefix}members
  2598. WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
  2599. AND id_member != {int:selected_member}
  2600. LIMIT 1',
  2601. array(
  2602. 'admin_group' => 1,
  2603. 'selected_member' => $context['id_member'],
  2604. )
  2605. );
  2606. list ($another) = $smcFunc['db_fetch_row']($request);
  2607. $smcFunc['db_free_result']($request);
  2608. if (empty($another))
  2609. fatal_lang_error('at_least_one_admin', 'critical');
  2610. }
  2611. }
  2612. // If we are changing group status, update permission cache as necessary.
  2613. if ($value != $old_profile['id_group'] || isset($profile_vars['additional_groups']))
  2614. {
  2615. if ($context['user']['is_owner'])
  2616. $_SESSION['mc']['time'] = 0;
  2617. else
  2618. updateSettings(array('settings_updated' => time()));
  2619. }
  2620. return true;
  2621. }
  2622. /**
  2623. * The avatar is incredibly complicated, what with the options... and what not.
  2624. * @todo argh, the avatar here. Take this out of here!
  2625. *
  2626. * @param array &$value
  2627. * @return mixed
  2628. */
  2629. function profileSaveAvatarData(&$value)
  2630. {
  2631. global $modSettings, $sourcedir, $smcFunc, $profile_vars, $cur_profile, $context;
  2632. $memID = $context['id_member'];
  2633. if (empty($memID) && !empty($context['password_auth_failed']))
  2634. return false;
  2635. require_once($sourcedir . '/ManageAttachments.php');
  2636. // We're going to put this on a nice custom dir.
  2637. $uploadDir = $modSettings['custom_avatar_dir'];
  2638. $id_folder = 1;
  2639. $downloadedExternalAvatar = false;
  2640. if ($value == 'external' && allowedTo('profile_remote_avatar') && (stripos($_POST['userpicpersonal'], 'http://') === 0 || stripos($_POST['userpicpersonal'], 'https://') === 0) && strlen($_POST['userpicpersonal']) > 7 && !empty($modSettings['avatar_download_external']))
  2641. {
  2642. if (!is_writable($uploadDir))
  2643. fatal_lang_error('attachments_no_write', 'critical');
  2644. require_once($sourcedir . '/Subs-Package.php');
  2645. $url = parse_url($_POST['userpicpersonal']);
  2646. $contents = fetch_web_data($url['scheme'] . '://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . str_replace(' ', '%20', trim($url['path'])));
  2647. $new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
  2648. if ($contents != false && $tmpAvatar = fopen($new_filename, 'wb'))
  2649. {
  2650. fwrite($tmpAvatar, $contents);
  2651. fclose($tmpAvatar);
  2652. $downloadedExternalAvatar = true;
  2653. $_FILES['attachment']['tmp_name'] = $new_filename;
  2654. }
  2655. }
  2656. // Removes whatever attachment there was before updating
  2657. if ($value == 'none')
  2658. {
  2659. $profile_vars['avatar'] = '';
  2660. // Reset the attach ID.
  2661. $cur_profile['id_attach'] = 0;
  2662. $cur_profile['attachment_type'] = 0;
  2663. $cur_profile['filename'] = '';
  2664. removeAttachments(array('id_member' => $memID));
  2665. }
  2666. // An avatar from the server-stored galleries.
  2667. elseif ($value == 'server_stored' && allowedTo('profile_server_avatar'))
  2668. {
  2669. $profile_vars['avatar'] = strtr(empty($_POST['file']) ? (empty($_POST['cat']) ? '' : $_POST['cat']) : $_POST['file'], array('&amp;' => '&'));
  2670. $profile_vars['avatar'] = preg_match('~^([\w _!@%*=\-#()\[\]&.,]+/)?[\w _!@%*=\-#()\[\]&.,]+$~', $profile_vars['avatar']) != 0 && preg_match('/\.\./', $profile_vars['avatar']) == 0 && file_exists($modSettings['avatar_directory'] . '/' . $profile_vars['avatar']) ? ($profile_vars['avatar'] == 'blank.png' ? '' : $profile_vars['avatar']) : '';
  2671. // Clear current profile...
  2672. $cur_profile['id_attach'] = 0;
  2673. $cur_profile['attachment_type'] = 0;
  2674. $cur_profile['filename'] = '';
  2675. // Get rid of their old avatar. (if uploaded.)
  2676. removeAttachments(array('id_member' => $memID));
  2677. }
  2678. elseif ($value == 'external' && allowedTo('profile_remote_avatar') && (stripos($_POST['userpicpersonal'], 'http://') === 0 || stripos($_POST['userpicpersonal'], 'https://') === 0) && empty($modSettings['avatar_download_external']))
  2679. {
  2680. // We need these clean...
  2681. $cur_profile['id_attach'] = 0;
  2682. $cur_profile['attachment_type'] = 0;
  2683. $cur_profile['filename'] = '';
  2684. // Remove any attached avatar...
  2685. removeAttachments(array('id_member' => $memID));
  2686. $profile_vars['avatar'] = str_replace(' ', '%20', preg_replace('~action(?:=|%3d)(?!dlattach)~i', 'action-', $_POST['userpicpersonal']));
  2687. if ($profile_vars['avatar'] == 'http://' || $profile_vars['avatar'] == 'http:///')
  2688. $profile_vars['avatar'] = '';
  2689. // Trying to make us do something we'll regret?
  2690. elseif (substr($profile_vars['avatar'], 0, 7) != 'http://' && substr($profile_vars['avatar'], 0, 8) != 'https://')
  2691. return 'bad_avatar_invalid_url';
  2692. // Should we check dimensions?
  2693. elseif (!empty($modSettings['avatar_max_height_external']) || !empty($modSettings['avatar_max_width_external']))
  2694. {
  2695. // Now let's validate the avatar.
  2696. $sizes = url_image_size($profile_vars['avatar']);
  2697. if (is_array($sizes) && (($sizes[0] > $modSettings['avatar_max_width_external'] && !empty($modSettings['avatar_max_width_external'])) || ($sizes[1] > $modSettings['avatar_max_height_external'] && !empty($modSettings['avatar_max_height_external']))))
  2698. {
  2699. // Houston, we have a problem. The avatar is too large!!
  2700. if ($modSettings['avatar_action_too_large'] == 'option_refuse')
  2701. return 'bad_avatar_too_large';
  2702. elseif ($modSettings['avatar_action_too_large'] == 'option_download_and_resize')
  2703. {
  2704. // @todo remove this if appropriate
  2705. require_once($sourcedir . '/Subs-Graphics.php');
  2706. if (downloadAvatar($profile_vars['avatar'], $memID, $modSettings['avatar_max_width_external'], $modSettings['avatar_max_height_external']))
  2707. {
  2708. $profile_vars['avatar'] = '';
  2709. $cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
  2710. $cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
  2711. $cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
  2712. }
  2713. else
  2714. return 'bad_avatar';
  2715. }
  2716. }
  2717. }
  2718. }
  2719. elseif (($value == 'upload' && allowedTo('profile_upload_avatar')) || $downloadedExternalAvatar)
  2720. {
  2721. if ((isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != '') || $downloadedExternalAvatar)
  2722. {
  2723. // Get the dimensions of the image.
  2724. if (!$downloadedExternalAvatar)
  2725. {
  2726. if (!is_writable($uploadDir))
  2727. fatal_lang_error('attachments_no_write', 'critical');
  2728. $new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
  2729. if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $new_filename))
  2730. fatal_lang_error('attach_timeout', 'critical');
  2731. $_FILES['attachment']['tmp_name'] = $new_filename;
  2732. }
  2733. $sizes = @getimagesize($_FILES['attachment']['tmp_name']);
  2734. // No size, then it's probably not a valid pic.
  2735. if ($sizes === false)
  2736. {
  2737. @unlink($_FILES['attachment']['tmp_name']);
  2738. return 'bad_avatar';
  2739. }
  2740. // Check whether the image is too large.
  2741. elseif ((!empty($modSettings['avatar_max_width_upload']) && $sizes[0] > $modSettings['avatar_max_width_upload']) || (!empty($modSettings['avatar_max_height_upload']) && $sizes[1] > $modSettings['avatar_max_height_upload']))
  2742. {
  2743. if (!empty($modSettings['avatar_resize_upload']))
  2744. {
  2745. // Attempt to chmod it.
  2746. @chmod($_FILES['attachment']['tmp_name'], 0644);
  2747. // @todo remove this require when appropriate
  2748. require_once($sourcedir . '/Subs-Graphics.php');
  2749. if (!downloadAvatar($_FILES['attachment']['tmp_name'], $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
  2750. {
  2751. @unlink($_FILES['attachment']['tmp_name']);
  2752. return 'bad_avatar';
  2753. }
  2754. // Reset attachment avatar data.
  2755. $cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
  2756. $cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
  2757. $cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
  2758. }
  2759. // Admin doesn't want to resize large avatars, can't do much about it but to tell you to use a different one :(
  2760. else
  2761. {
  2762. @unlink($_FILES['attachment']['tmp_name']);
  2763. return 'bad_avatar_too_large';
  2764. }
  2765. }
  2766. // So far, so good, checks lies ahead!
  2767. elseif (is_array($sizes))
  2768. {
  2769. // Now try to find an infection.
  2770. require_once($sourcedir . '/Subs-Graphics.php');
  2771. if (!checkImageContents($_FILES['attachment']['tmp_name'], !empty($modSettings['avatar_paranoid'])))
  2772. {
  2773. // It's bad. Try to re-encode the contents?
  2774. if (empty($modSettings['avatar_reencode']) || (!reencodeImage($_FILES['attachment']['tmp_name'], $sizes[2])))
  2775. {
  2776. @unlink($_FILES['attachment']['tmp_name']);
  2777. return 'bad_avatar_fail_reencode';
  2778. }
  2779. // We were successful. However, at what price?
  2780. $sizes = @getimagesize($_FILES['attachment']['tmp_name']);
  2781. // Hard to believe this would happen, but can you bet?
  2782. if ($sizes === false)
  2783. {
  2784. @unlink($_FILES['attachment']['tmp_name']);
  2785. return 'bad_avatar';
  2786. }
  2787. }
  2788. $extensions = array(
  2789. '1' => 'gif',
  2790. '2' => 'jpg',
  2791. '3' => 'png',
  2792. '6' => 'bmp'
  2793. );
  2794. $extension = isset($extensions[$sizes[2]]) ? $extensions[$sizes[2]] : 'bmp';
  2795. $mime_type = 'image/' . ($extension === 'jpg' ? 'jpeg' : ($extension === 'bmp' ? 'x-ms-bmp' : $extension));
  2796. $destName = 'avatar_' . $memID . '_' . time() . '.' . $extension;
  2797. list ($width, $height) = getimagesize($_FILES['attachment']['tmp_name']);
  2798. $file_hash = '';
  2799. // Remove previous attachments this member might have had.
  2800. removeAttachments(array('id_member' => $memID));
  2801. $smcFunc['db_insert']('',
  2802. '{db_prefix}attachments',
  2803. array(
  2804. 'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'fileext' => 'string', 'size' => 'int',
  2805. 'width' => 'int', 'height' => 'int', 'mime_type' => 'string', 'id_folder' => 'int',
  2806. ),
  2807. array(
  2808. $memID, 1, $destName, $file_hash, $extension, filesize($_FILES['attachment']['tmp_name']),
  2809. (int) $width, (int) $height, $mime_type, $id_folder,
  2810. ),
  2811. array('id_attach')
  2812. );
  2813. $cur_profile['id_attach'] = $smcFunc['db_insert_id']('{db_prefix}attachments', 'id_attach');
  2814. $cur_profile['filename'] = $destName;
  2815. $cur_profile['attachment_type'] = 1;
  2816. $destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $cur_profile['id_attach'] . '_' . $file_hash . '.dat');
  2817. if (!rename($_FILES['attachment']['tmp_name'], $destinationPath))
  2818. {
  2819. // I guess a man can try.
  2820. removeAttachments(array('id_member' => $memID));
  2821. fatal_lang_error('attach_timeout', 'critical');
  2822. }
  2823. // Attempt to chmod it.
  2824. @chmod($uploadDir . '/' . $destinationPath, 0644);
  2825. }
  2826. $profile_vars['avatar'] = '';
  2827. // Delete any temporary file.
  2828. if (file_exists($_FILES['attachment']['tmp_name']))
  2829. @unlink($_FILES['attachment']['tmp_name']);
  2830. }
  2831. // Selected the upload avatar option and had one already uploaded before or didn't upload one.
  2832. else
  2833. $profile_vars['avatar'] = '';
  2834. }
  2835. else
  2836. $profile_vars['avatar'] = '';
  2837. // Setup the profile variables so it shows things right on display!
  2838. $cur_profile['avatar'] = $profile_vars['avatar'];
  2839. return false;
  2840. }
  2841. /**
  2842. * Validate the signature
  2843. *
  2844. * @param mixed &$value
  2845. * @return boolean|string
  2846. */
  2847. function profileValidateSignature(&$value)
  2848. {
  2849. global $sourcedir, $modSettings, $smcFunc, $txt;
  2850. require_once($sourcedir . '/Subs-Post.php');
  2851. // Admins can do whatever they hell they want!
  2852. if (!allowedTo('admin_forum'))
  2853. {
  2854. // Load all the signature limits.
  2855. list ($sig_limits, $sig_bbc) = explode(':', $modSettings['signature_settings']);
  2856. $sig_limits = explode(',', $sig_limits);
  2857. $disabledTags = !empty($sig_bbc) ? explode(',', $sig_bbc) : array();
  2858. $unparsed_signature = strtr(un_htmlspecialchars($value), array("\r" => '', '&#039' => '\''));
  2859. // Too many lines?
  2860. if (!empty($sig_limits[2]) && substr_count($unparsed_signature, "\n") >= $sig_limits[2])
  2861. {
  2862. $txt['profile_error_signature_max_lines'] = sprintf($txt['profile_error_signature_max_lines'], $sig_limits[2]);
  2863. return 'signature_max_lines';
  2864. }
  2865. // Too many images?!
  2866. if (!empty($sig_limits[3]) && (substr_count(strtolower($unparsed_signature), '[img') + substr_count(strtolower($unparsed_signature), '<img')) > $sig_limits[3])
  2867. {
  2868. $txt['profile_error_signature_max_image_count'] = sprintf($txt['profile_error_signature_max_image_count'], $sig_limits[3]);
  2869. return 'signature_max_image_count';
  2870. }
  2871. // What about too many smileys!
  2872. $smiley_parsed = $unparsed_signature;
  2873. parsesmileys($smiley_parsed);
  2874. $smiley_count = substr_count(strtolower($smiley_parsed), '<img') - substr_count(strtolower($unparsed_signature), '<img');
  2875. if (!empty($sig_limits[4]) && $sig_limits[4] == -1 && $smiley_count > 0)
  2876. return 'signature_allow_smileys';
  2877. elseif (!empty($sig_limits[4]) && $sig_limits[4] > 0 && $smiley_count > $sig_limits[4])
  2878. {
  2879. $txt['profile_error_signature_max_smileys'] = sprintf($txt['profile_error_signature_max_smileys'], $sig_limits[4]);
  2880. return 'signature_max_smileys';
  2881. }
  2882. // Maybe we are abusing font sizes?
  2883. if (!empty($sig_limits[7]) && preg_match_all('~\[size=([\d\.]+)?(px|pt|em|x-large|larger)~i', $unparsed_signature, $matches) !== false && isset($matches[2]))
  2884. {
  2885. foreach ($matches[1] as $ind => $size)
  2886. {
  2887. $limit_broke = 0;
  2888. // Attempt to allow all sizes of abuse, so to speak.
  2889. if ($matches[2][$ind] == 'px' && $size > $sig_limits[7])
  2890. $limit_broke = $sig_limits[7] . 'px';
  2891. elseif ($matches[2][$ind] == 'pt' && $size > ($sig_limits[7] * 0.75))
  2892. $limit_broke = ((int) $sig_limits[7] * 0.75) . 'pt';
  2893. elseif ($matches[2][$ind] == 'em' && $size > ((float) $sig_limits[7] / 16))
  2894. $limit_broke = ((float) $sig_limits[7] / 16) . 'em';
  2895. elseif ($matches[2][$ind] != 'px' && $matches[2][$ind] != 'pt' && $matches[2][$ind] != 'em' && $sig_limits[7] < 18)
  2896. $limit_broke = 'large';
  2897. if ($limit_broke)
  2898. {
  2899. $txt['profile_error_signature_max_font_size'] = sprintf($txt['profile_error_signature_max_font_size'], $limit_broke);
  2900. return 'signature_max_font_size';
  2901. }
  2902. }
  2903. }
  2904. // The difficult one - image sizes! Don't error on this - just fix it.
  2905. if ((!empty($sig_limits[5]) || !empty($sig_limits[6])))
  2906. {
  2907. // Get all BBC tags...
  2908. preg_match_all('~\[img(\s+width=([\d]+))?(\s+height=([\d]+))?(\s+width=([\d]+))?\s*\](?:<br>)*([^<">]+?)(?:<br>)*\[/img\]~i', $unparsed_signature, $matches);
  2909. // ... and all HTML ones.
  2910. preg_match_all('~<img\s+src=(?:")?((?:http://|ftp://|https://|ftps://).+?)(?:")?(?:\s+alt=(?:")?(.*?)(?:")?)?(?:\s?/)?>~i', $unparsed_signature, $matches2, PREG_PATTERN_ORDER);
  2911. // And stick the HTML in the BBC.
  2912. if (!empty($matches2))
  2913. {
  2914. foreach ($matches2[0] as $ind => $dummy)
  2915. {
  2916. $matches[0][] = $matches2[0][$ind];
  2917. $matches[1][] = '';
  2918. $matches[2][] = '';
  2919. $matches[3][] = '';
  2920. $matches[4][] = '';
  2921. $matches[5][] = '';
  2922. $matches[6][] = '';
  2923. $matches[7][] = $matches2[1][$ind];
  2924. }
  2925. }
  2926. $replaces = array();
  2927. // Try to find all the images!
  2928. if (!empty($matches))
  2929. {
  2930. foreach ($matches[0] as $key => $image)
  2931. {
  2932. $width = -1; $height = -1;
  2933. // Does it have predefined restraints? Width first.
  2934. if ($matches[6][$key])
  2935. $matches[2][$key] = $matches[6][$key];
  2936. if ($matches[2][$key] && $sig_limits[5] && $matches[2][$key] > $sig_limits[5])
  2937. {
  2938. $width = $sig_limits[5];
  2939. $matches[4][$key] = $matches[4][$key] * ($width / $matches[2][$key]);
  2940. }
  2941. elseif ($matches[2][$key])
  2942. $width = $matches[2][$key];
  2943. // ... and height.
  2944. if ($matches[4][$key] && $sig_limits[6] && $matches[4][$key] > $sig_limits[6])
  2945. {
  2946. $height = $sig_limits[6];
  2947. if ($width != -1)
  2948. $width = $width * ($height / $matches[4][$key]);
  2949. }
  2950. elseif ($matches[4][$key])
  2951. $height = $matches[4][$key];
  2952. // If the dimensions are still not fixed - we need to check the actual image.
  2953. if (($width == -1 && $sig_limits[5]) || ($height == -1 && $sig_limits[6]))
  2954. {
  2955. $sizes = url_image_size($matches[7][$key]);
  2956. if (is_array($sizes))
  2957. {
  2958. // Too wide?
  2959. if ($sizes[0] > $sig_limits[5] && $sig_limits[5])
  2960. {
  2961. $width = $sig_limits[5];
  2962. $sizes[1] = $sizes[1] * ($width / $sizes[0]);
  2963. }
  2964. // Too high?
  2965. if ($sizes[1] > $sig_limits[6] && $sig_limits[6])
  2966. {
  2967. $height = $sig_limits[6];
  2968. if ($width == -1)
  2969. $width = $sizes[0];
  2970. $width = $width * ($height / $sizes[1]);
  2971. }
  2972. elseif ($width != -1)
  2973. $height = $sizes[1];
  2974. }
  2975. }
  2976. // Did we come up with some changes? If so remake the string.
  2977. if ($width != -1 || $height != -1)
  2978. $replaces[$image] = '[img' . ($width != -1 ? ' width=' . round($width) : '') . ($height != -1 ? ' height=' . round($height) : '') . ']' . $matches[7][$key] . '[/img]';
  2979. }
  2980. if (!empty($replaces))
  2981. $value = str_replace(array_keys($replaces), array_values($replaces), $value);
  2982. }
  2983. }
  2984. // Any disabled BBC?
  2985. $disabledSigBBC = implode('|', $disabledTags);
  2986. if (!empty($disabledSigBBC))
  2987. {
  2988. if (preg_match('~\[(' . $disabledSigBBC . '[ =\]/])~i', $unparsed_signature, $matches) !== false && isset($matches[1]))
  2989. {
  2990. $disabledTags = array_unique($disabledTags);
  2991. $txt['profile_error_signature_disabled_bbc'] = sprintf($txt['profile_error_signature_disabled_bbc'], implode(', ', $disabledTags));
  2992. return 'signature_disabled_bbc';
  2993. }
  2994. }
  2995. }
  2996. preparsecode($value);
  2997. // Too long?
  2998. if (!allowedTo('admin_forum') && !empty($sig_limits[1]) && $smcFunc['strlen'](str_replace('<br>', "\n", $value)) > $sig_limits[1])
  2999. {
  3000. $_POST['signature'] = trim($smcFunc['htmlspecialchars'](str_replace('<br>', "\n", $value), ENT_QUOTES));
  3001. $txt['profile_error_signature_max_length'] = sprintf($txt['profile_error_signature_max_length'], $sig_limits[1]);
  3002. return 'signature_max_length';
  3003. }
  3004. return true;
  3005. }
  3006. /**
  3007. * Validate an email address.
  3008. *
  3009. * @param string $email
  3010. * @param int $memID = 0
  3011. * @return boolean|string
  3012. */
  3013. function profileValidateEmail($email, $memID = 0)
  3014. {
  3015. global $smcFunc, $context;
  3016. $email = strtr($email, array('&#039;' => '\''));
  3017. // Check the name and email for validity.
  3018. if (trim($email) == '')
  3019. return 'no_email';
  3020. if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $email) == 0)
  3021. return 'bad_email';
  3022. // Email addresses should be and stay unique.
  3023. $request = $smcFunc['db_query']('', '
  3024. SELECT id_member
  3025. FROM {db_prefix}members
  3026. WHERE ' . ($memID != 0 ? 'id_member != {int:selected_member} AND ' : '') . '
  3027. email_address = {string:email_address}
  3028. LIMIT 1',
  3029. array(
  3030. 'selected_member' => $memID,
  3031. 'email_address' => $email,
  3032. )
  3033. );
  3034. if ($smcFunc['db_num_rows']($request) > 0)
  3035. return 'email_taken';
  3036. $smcFunc['db_free_result']($request);
  3037. return true;
  3038. }
  3039. /**
  3040. * Reload a users settings.
  3041. */
  3042. function profileReloadUser()
  3043. {
  3044. global $sourcedir, $modSettings, $context, $cur_profile, $smcFunc, $profile_vars;
  3045. // Log them back in - using the verify password as they must have matched and this one doesn't get changed by anyone!
  3046. if (isset($_POST['passwrd2']) && $_POST['passwrd2'] != '')
  3047. {
  3048. require_once($sourcedir . '/Subs-Auth.php');
  3049. setLoginCookie(60 * $modSettings['cookieTime'], $context['id_member'], sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
  3050. }
  3051. loadUserSettings();
  3052. writeLog();
  3053. }
  3054. /**
  3055. * Send the user a new activation email if they need to reactivate!
  3056. */
  3057. function profileSendActivation()
  3058. {
  3059. global $sourcedir, $profile_vars, $txt, $context, $scripturl, $smcFunc, $cookiename, $cur_profile, $language, $modSettings;
  3060. require_once($sourcedir . '/Subs-Post.php');
  3061. // Shouldn't happen but just in case.
  3062. if (empty($profile_vars['email_address']))
  3063. return;
  3064. $replacements = array(
  3065. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $context['id_member'] . ';code=' . $profile_vars['validation_code'],
  3066. 'ACTIVATIONCODE' => $profile_vars['validation_code'],
  3067. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $context['id_member'],
  3068. );
  3069. // Send off the email.
  3070. $emaildata = loadEmailTemplate('activate_reactivate', $replacements, empty($cur_profile['lngfile']) || empty($modSettings['userLanguage']) ? $language : $cur_profile['lngfile']);
  3071. sendmail($profile_vars['email_address'], $emaildata['subject'], $emaildata['body'], null, 'reactivate', false, 0);
  3072. // Log the user out.
  3073. $smcFunc['db_query']('', '
  3074. DELETE FROM {db_prefix}log_online
  3075. WHERE id_member = {int:selected_member}',
  3076. array(
  3077. 'selected_member' => $context['id_member'],
  3078. )
  3079. );
  3080. $_SESSION['log_time'] = 0;
  3081. $_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));
  3082. if (isset($_COOKIE[$cookiename]))
  3083. $_COOKIE[$cookiename] = '';
  3084. loadUserSettings();
  3085. $context['user']['is_logged'] = false;
  3086. $context['user']['is_guest'] = true;
  3087. redirectexit('action=sendactivation');
  3088. }
  3089. /**
  3090. * Function to allow the user to choose group membership etc...
  3091. *
  3092. * @param int $memID id_member
  3093. */
  3094. function groupMembership($memID)
  3095. {
  3096. global $txt, $scripturl, $user_profile, $context, $smcFunc;
  3097. $curMember = $user_profile[$memID];
  3098. $context['primary_group'] = $curMember['id_group'];
  3099. // Can they manage groups?
  3100. $context['can_manage_membergroups'] = allowedTo('manage_membergroups');
  3101. $context['can_manage_protected'] = allowedTo('admin_forum');
  3102. $context['can_edit_primary'] = $context['can_manage_protected'];
  3103. $context['update_message'] = isset($_GET['msg']) && isset($txt['group_membership_msg_' . $_GET['msg']]) ? $txt['group_membership_msg_' . $_GET['msg']] : '';
  3104. // Get all the groups this user is a member of.
  3105. $groups = explode(',', $curMember['additional_groups']);
  3106. $groups[] = $curMember['id_group'];
  3107. // Ensure the query doesn't croak!
  3108. if (empty($groups))
  3109. $groups = array(0);
  3110. // Just to be sure...
  3111. foreach ($groups as $k => $v)
  3112. $groups[$k] = (int) $v;
  3113. // Get all the membergroups they can join.
  3114. $request = $smcFunc['db_query']('', '
  3115. SELECT mg.id_group, mg.group_name, mg.description, mg.group_type, mg.online_color, mg.hidden,
  3116. IFNULL(lgr.id_member, 0) AS pending
  3117. FROM {db_prefix}membergroups AS mg
  3118. LEFT JOIN {db_prefix}log_group_requests AS lgr ON (lgr.id_member = {int:selected_member} AND lgr.id_group = mg.id_group AND lgr.status = {int:status_open})
  3119. WHERE (mg.id_group IN ({array_int:group_list})
  3120. OR mg.group_type > {int:nonjoin_group_id})
  3121. AND mg.min_posts = {int:min_posts}
  3122. AND mg.id_group != {int:moderator_group}
  3123. ORDER BY group_name',
  3124. array(
  3125. 'group_list' => $groups,
  3126. 'selected_member' => $memID,
  3127. 'status_open' => 0,
  3128. 'nonjoin_group_id' => 1,
  3129. 'min_posts' => -1,
  3130. 'moderator_group' => 3,
  3131. )
  3132. );
  3133. // This beast will be our group holder.
  3134. $context['groups'] = array(
  3135. 'member' => array(),
  3136. 'available' => array()
  3137. );
  3138. while ($row = $smcFunc['db_fetch_assoc']($request))
  3139. {
  3140. // Can they edit their primary group?
  3141. if (($row['id_group'] == $context['primary_group'] && $row['group_type'] > 1) || ($row['hidden'] != 2 && $context['primary_group'] == 0 && in_array($row['id_group'], $groups)))
  3142. $context['can_edit_primary'] = true;
  3143. // If they can't manage (protected) groups, and it's not publically joinable or already assigned, they can't see it.
  3144. if (((!$context['can_manage_protected'] && $row['group_type'] == 1) || (!$context['can_manage_membergroups'] && $row['group_type'] == 0)) && $row['id_group'] != $context['primary_group'])
  3145. continue;
  3146. $context['groups'][in_array($row['id_group'], $groups) ? 'member' : 'available'][$row['id_group']] = array(
  3147. 'id' => $row['id_group'],
  3148. 'name' => $row['group_name'],
  3149. 'desc' => $row['description'],
  3150. 'color' => $row['online_color'],
  3151. 'type' => $row['group_type'],
  3152. 'pending' => $row['pending'],
  3153. 'is_primary' => $row['id_group'] == $context['primary_group'],
  3154. 'can_be_primary' => $row['hidden'] != 2,
  3155. // Anything more than this needs to be done through account settings for security.
  3156. 'can_leave' => $row['id_group'] != 1 && $row['group_type'] > 1 ? true : false,
  3157. );
  3158. }
  3159. $smcFunc['db_free_result']($request);
  3160. // Add registered members on the end.
  3161. $context['groups']['member'][0] = array(
  3162. 'id' => 0,
  3163. 'name' => $txt['regular_members'],
  3164. 'desc' => $txt['regular_members_desc'],
  3165. 'type' => 0,
  3166. 'is_primary' => $context['primary_group'] == 0 ? true : false,
  3167. 'can_be_primary' => true,
  3168. 'can_leave' => 0,
  3169. );
  3170. // No changing primary one unless you have enough groups!
  3171. if (count($context['groups']['member']) < 2)
  3172. $context['can_edit_primary'] = false;
  3173. // In the special case that someone is requesting membership of a group, setup some special context vars.
  3174. if (isset($_REQUEST['request']) && isset($context['groups']['available'][(int) $_REQUEST['request']]) && $context['groups']['available'][(int) $_REQUEST['request']]['type'] == 2)
  3175. $context['group_request'] = $context['groups']['available'][(int) $_REQUEST['request']];
  3176. }
  3177. /**
  3178. * This function actually makes all the group changes
  3179. *
  3180. * @param array $profile_vars
  3181. * @param array $post_errors
  3182. * @param int $memID id_member
  3183. * @return mixed
  3184. */
  3185. function groupMembership2($profile_vars, $post_errors, $memID)
  3186. {
  3187. global $user_info, $sourcedir, $context, $user_profile, $modSettings, $txt, $smcFunc, $scripturl, $language;
  3188. // Let's be extra cautious...
  3189. if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership']))
  3190. isAllowedTo('manage_membergroups');
  3191. if (!isset($_REQUEST['gid']) && !isset($_POST['primary']))
  3192. fatal_lang_error('no_access', false);
  3193. checkSession(isset($_GET['gid']) ? 'get' : 'post');
  3194. $old_profile = &$user_profile[$memID];
  3195. $context['can_manage_membergroups'] = allowedTo('manage_membergroups');
  3196. $context['can_manage_protected'] = allowedTo('admin_forum');
  3197. // By default the new primary is the old one.
  3198. $newPrimary = $old_profile['id_group'];
  3199. $addGroups = array_flip(explode(',', $old_profile['additional_groups']));
  3200. $canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0;
  3201. $changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free');
  3202. // One way or another, we have a target group in mind...
  3203. $group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary'];
  3204. $foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false;
  3205. // Sanity check!!
  3206. if ($group_id == 1)
  3207. isAllowedTo('admin_forum');
  3208. // Protected groups too!
  3209. else
  3210. {
  3211. $request = $smcFunc['db_query']('', '
  3212. SELECT group_type
  3213. FROM {db_prefix}membergroups
  3214. WHERE id_group = {int:current_group}
  3215. LIMIT {int:limit}',
  3216. array(
  3217. 'current_group' => $group_id,
  3218. 'limit' => 1,
  3219. )
  3220. );
  3221. list ($is_protected) = $smcFunc['db_fetch_row']($request);
  3222. $smcFunc['db_free_result']($request);
  3223. if ($is_protected == 1)
  3224. isAllowedTo('admin_forum');
  3225. }
  3226. // What ever we are doing, we need to determine if changing primary is possible!
  3227. $request = $smcFunc['db_query']('', '
  3228. SELECT id_group, group_type, hidden, group_name
  3229. FROM {db_prefix}membergroups
  3230. WHERE id_group IN ({int:group_list}, {int:current_group})',
  3231. array(
  3232. 'group_list' => $group_id,
  3233. 'current_group' => $old_profile['id_group'],
  3234. )
  3235. );
  3236. while ($row = $smcFunc['db_fetch_assoc']($request))
  3237. {
  3238. // Is this the new group?
  3239. if ($row['id_group'] == $group_id)
  3240. {
  3241. $foundTarget = true;
  3242. $group_name = $row['group_name'];
  3243. // Does the group type match what we're doing - are we trying to request a non-requestable group?
  3244. if ($changeType == 'request' && $row['group_type'] != 2)
  3245. fatal_lang_error('no_access', false);
  3246. // What about leaving a requestable group we are not a member of?
  3247. elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']]))
  3248. fatal_lang_error('no_access', false);
  3249. elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2)
  3250. fatal_lang_error('no_access', false);
  3251. // We can't change the primary group if this is hidden!
  3252. if ($row['hidden'] == 2)
  3253. $canChangePrimary = false;
  3254. }
  3255. // If this is their old primary, can we change it?
  3256. if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false)
  3257. $canChangePrimary = 1;
  3258. // If we are not doing a force primary move, don't do it automatically if current primary is not 0.
  3259. if ($changeType != 'primary' && $old_profile['id_group'] != 0)
  3260. $canChangePrimary = false;
  3261. // If this is the one we are acting on, can we even act?
  3262. if ((!$context['can_manage_protected'] && $row['group_type'] == 1) || (!$context['can_manage_membergroups'] && $row['group_type'] == 0))
  3263. $canChangePrimary = false;
  3264. }
  3265. $smcFunc['db_free_result']($request);
  3266. // Didn't find the target?
  3267. if (!$foundTarget)
  3268. fatal_lang_error('no_access', false);
  3269. // Final security check, don't allow users to promote themselves to admin.
  3270. if ($context['can_manage_membergroups'] && !allowedTo('admin_forum'))
  3271. {
  3272. $request = $smcFunc['db_query']('', '
  3273. SELECT COUNT(permission)
  3274. FROM {db_prefix}permissions
  3275. WHERE id_group = {int:selected_group}
  3276. AND permission = {string:admin_forum}
  3277. AND add_deny = {int:not_denied}',
  3278. array(
  3279. 'selected_group' => $group_id,
  3280. 'not_denied' => 1,
  3281. 'admin_forum' => 'admin_forum',
  3282. )
  3283. );
  3284. list ($disallow) = $smcFunc['db_fetch_row']($request);
  3285. $smcFunc['db_free_result']($request);
  3286. if ($disallow)
  3287. isAllowedTo('admin_forum');
  3288. }
  3289. // If we're requesting, add the note then return.
  3290. if ($changeType == 'request')
  3291. {
  3292. $request = $smcFunc['db_query']('', '
  3293. SELECT id_member
  3294. FROM {db_prefix}log_group_requests
  3295. WHERE id_member = {int:selected_member}
  3296. AND id_group = {int:selected_group}
  3297. AND status = {int:status_open}',
  3298. array(
  3299. 'selected_member' => $memID,
  3300. 'selected_group' => $group_id,
  3301. 'status_open' => 0,
  3302. )
  3303. );
  3304. if ($smcFunc['db_num_rows']($request) != 0)
  3305. fatal_lang_error('profile_error_already_requested_group');
  3306. $smcFunc['db_free_result']($request);
  3307. // Log the request.
  3308. $smcFunc['db_insert']('',
  3309. '{db_prefix}log_group_requests',
  3310. array(
  3311. 'id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534',
  3312. 'status' => 'int', 'id_member_acted' => 'int', 'member_name_acted' => 'string', 'time_acted' => 'int', 'act_reason' => 'string',
  3313. ),
  3314. array(
  3315. $memID, $group_id, time(), $_POST['reason'],
  3316. 0, 0, '', 0, '',
  3317. ),
  3318. array('id_request')
  3319. );
  3320. // Set up some data for our background task...
  3321. $data = serialize(array('id_member' => $memID, 'member_name' => $user_info['name'], 'id_group' => $group_id, 'group_name' => $group_name, 'reason' => $_POST['reason'], 'time' => time()));
  3322. // Add a background task to handle notifying people of this request
  3323. $smcFunc['db_insert']('insert', '{db_prefix}background_tasks',
  3324. array('task_file' => 'string-255', 'task_class' => 'string-255', 'task_data' => 'string', 'claimed_time' => 'int'),
  3325. array('$sourcedir/tasks/GroupReq-Notify.php', 'GroupReq_Notify_Background', $data, 0), array()
  3326. );
  3327. return $changeType;
  3328. }
  3329. // Otherwise we are leaving/joining a group.
  3330. elseif ($changeType == 'free')
  3331. {
  3332. // Are we leaving?
  3333. if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id]))
  3334. {
  3335. if ($old_profile['id_group'] == $group_id)
  3336. $newPrimary = 0;
  3337. else
  3338. unset($addGroups[$group_id]);
  3339. }
  3340. // ... if not, must be joining.
  3341. else
  3342. {
  3343. // Can we change the primary, and do we want to?
  3344. if ($canChangePrimary)
  3345. {
  3346. if ($old_profile['id_group'] != 0)
  3347. $addGroups[$old_profile['id_group']] = -1;
  3348. $newPrimary = $group_id;
  3349. }
  3350. // Otherwise it's an additional group...
  3351. else
  3352. $addGroups[$group_id] = -1;
  3353. }
  3354. }
  3355. // Finally, we must be setting the primary.
  3356. elseif ($canChangePrimary)
  3357. {
  3358. if ($old_profile['id_group'] != 0)
  3359. $addGroups[$old_profile['id_group']] = -1;
  3360. if (isset($addGroups[$group_id]))
  3361. unset($addGroups[$group_id]);
  3362. $newPrimary = $group_id;
  3363. }
  3364. // Finally, we can make the changes!
  3365. foreach ($addGroups as $id => $dummy)
  3366. if (empty($id))
  3367. unset($addGroups[$id]);
  3368. $addGroups = implode(',', array_flip($addGroups));
  3369. // Ensure that we don't cache permissions if the group is changing.
  3370. if ($context['user']['is_owner'])
  3371. $_SESSION['mc']['time'] = 0;
  3372. else
  3373. updateSettings(array('settings_updated' => time()));
  3374. updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups));
  3375. return $changeType;
  3376. }
  3377. ?>