2006-12-02 04:36:16 +00:00
< ? php
/*
2008-12-28 22:37:43 +00:00
* e107 website system
*
2009-11-18 01:06:08 +00:00
* Copyright ( C ) 2008 - 2009 e107 Inc ( e107 . org )
2008-12-28 22:37:43 +00:00
* Released under the terms and conditions of the
* GNU General Public License ( http :// www . gnu . org / licenses / gpl . txt )
*
* User settings modify
*
* $Source : / cvs_backup / e107_0 . 8 / usersettings . php , v $
2010-02-10 18:18:01 +00:00
* $Revision $
* $Date $
* $Author $
2008-12-28 22:37:43 +00:00
*
*/
/*
2007-12-15 15:06:40 +00:00
Notes :
Uses $udata initially , later curVal to hold current user data
2008-01-06 21:16:37 +00:00
Admin log events :
2008-12-10 16:37:17 +00:00
USET_01 - admin changed user data
2006-12-02 04:36:16 +00:00
*/
2014-03-13 00:21:34 +01:00
2008-12-10 16:37:17 +00:00
require_once ( 'class2.php' );
2014-03-13 00:21:34 +01:00
2014-08-21 13:15:47 -07:00
// TODO - Remove all the adminEdit stuff.
2014-03-13 00:21:34 +01:00
2017-01-23 09:41:23 -08:00
e107 :: includeLan ( e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE );
2006-12-02 04:36:16 +00:00
2009-08-05 21:47:18 +00:00
define ( " US_DEBUG " , FALSE );
//define('US_DEBUG', false);
2007-10-09 21:30:29 +00:00
2007-12-15 15:06:40 +00:00
2010-02-10 21:53:56 +00:00
if ( ! USER )
2008-12-21 11:07:58 +00:00
{ // Must be logged in to change settings
2016-01-13 19:17:37 -08:00
e107 :: redirect ();
2008-12-28 22:37:43 +00:00
exit ();
2006-12-02 04:36:16 +00:00
}
2018-07-13 16:12:56 +02:00
if (( ! ADMIN || ! getperms ( " 4 " )) && e_QUERY && e_QUERY != " update " && substr ( e_QUERY , 0 , 4 ) !== 'del=' )
2007-12-15 15:06:40 +00:00
{
2008-12-10 16:37:17 +00:00
header ( 'location:' . e_BASE . 'usersettings.php' );
2008-12-28 22:37:43 +00:00
exit ();
2006-12-02 04:36:16 +00:00
}
2017-01-23 09:41:23 -08:00
e107 :: includeLan ( e_LANGUAGEDIR . e_LANGUAGE . '/lan_user.php' ); // Generic user-related language defines
e107 :: includeLan ( e_LANGUAGEDIR . e_LANGUAGE . '/lan_usersettings.php' );
2008-12-28 22:37:43 +00:00
2016-11-26 13:59:21 -08:00
$ue = e107 :: getUserExt (); // needed by shortcodes for now.
2014-03-13 00:21:34 +01:00
2008-12-28 22:37:43 +00:00
require_once ( e_HANDLER . 'ren_help.php' );
2009-11-22 14:10:09 +00:00
// require_once (e_HANDLER.'user_handler.php');
2008-12-28 22:37:43 +00:00
require_once ( e_HANDLER . 'validator_class.php' );
2006-12-02 04:36:16 +00:00
2009-11-22 14:10:09 +00:00
2013-12-21 21:54:23 -08:00
2016-11-26 13:59:21 -08:00
class usersettings_front // Begin Usersettings rewrite.
2013-12-21 21:54:23 -08:00
{
2016-11-26 13:59:21 -08:00
private $template = array ();
private $sc = null ;
2013-12-21 21:54:23 -08:00
2016-11-26 13:59:21 -08:00
/**
* usersettings_front constructor .
*/
function __construct ()
{
2013-12-21 21:54:23 -08:00
2018-06-05 12:55:20 -07:00
if ( deftrue ( 'BOOTSTRAP' ))
2016-11-26 13:59:21 -08:00
{
$template = e107 :: getCoreTemplate ( 'usersettings' , '' , true , true ); // always merge
2012-06-19 09:08:41 +00:00
2016-11-26 13:59:21 -08:00
$USERSETTINGS_MESSAGE = " { MESSAGE} " ;
$USERSETTINGS_MESSAGE_CAPTION = LAN_OK ;
$USERSETTINGS_EDIT_CAPTION = LAN_USET_39 ; // 'Update User Settings'
$USERSETTINGS_EDIT = $template [ 'edit' ];
$usersettings_shortcodes = e107 :: getScBatch ( 'usersettings' );
2012-06-19 12:53:48 +00:00
2016-11-26 13:59:21 -08:00
$usersettings_shortcodes -> wrapper ( 'usersettings/edit' );
2016-11-27 10:59:26 -08:00
2020-05-13 13:31:43 -07:00
/* e107 :: css ( 'inline' , "
2016-11-27 10:59:26 -08:00
. usersettings - form . col - sm - 9 . checkboxes { margin - left : 20 px }
2020-05-13 13:31:43 -07:00
" );*/
2016-11-26 13:59:21 -08:00
}
else
{
global $sc_style ;
2017-01-23 17:54:43 -08:00
$REQUIRED_FIELD = '' ;
$USER_EXTENDED_CAT = '' ;
$USEREXTENDED_FIELD = '' ;
2016-11-26 14:11:22 -08:00
$USERSETTINGS_MESSAGE = '' ;
$USERSETTINGS_MESSAGE_CAPTION = '' ;
$USERSETTINGS_EDIT_CAPTION = '' ;
$USERSETTINGS_EDIT = '' ;
$coreTemplatePath = e107 :: coreTemplatePath ( 'usersettings' );
include_once ( $coreTemplatePath ); //correct way to load a core template.
2016-11-26 13:59:21 -08:00
e107 :: scStyle ( $sc_style );
$usersettings_shortcodes = e107 :: getScBatch ( 'usersettings' );
2017-01-23 17:54:43 -08:00
$usersettings_shortcodes -> legacyTemplate = array (
'USER_EXTENDED_CAT' => $USER_EXTENDED_CAT ,
'USEREXTENDED_FIELD' => $USEREXTENDED_FIELD ,
'REQUIRED_FIELD' => $REQUIRED_FIELD
);
2016-11-26 13:59:21 -08:00
}
$this -> sc = $usersettings_shortcodes ;
$this -> template = array (
'message' => $USERSETTINGS_MESSAGE ,
'message_caption' => $USERSETTINGS_MESSAGE_CAPTION ,
'edit_caption' => $USERSETTINGS_EDIT_CAPTION ,
'edit' => $USERSETTINGS_EDIT ,
2013-05-25 16:52:45 -07:00
2016-11-26 13:59:21 -08:00
);
2013-05-25 16:52:45 -07:00
2012-06-15 04:15:46 +00:00
2008-12-28 22:37:43 +00:00
2016-11-26 13:59:21 -08:00
e107 :: js ( 'footer-inline' , "
function addtext_us ( sc )
{
document . getElementById ( 'dataform' ) . image . value = sc ;
}
" );
}
/**
* @ param $id
* @ return mixed
*/
private function getTemplate ( $id )
{
return $this -> template [ $id ];
}
2018-07-12 15:31:11 -07:00
private function sendDeleteConfirmationEmail ()
{
$tp = e107 :: getParser ();
$message = defset ( 'LAN_USET_52' , " A confirmation email has been sent to [x]. Please click the link in the email to permanently delete your account. " ); // Load LAN with fall-back.
$subject = defset ( " LAN_USET_53 " , " Account Removal Confirmation " ); // Load LAN with fall-back.
$caption = defset ( 'LAN_USET_54' , " Confirmation Email Sent " ); // Load LAN with fall-back.
$hash = e107 :: getUserSession () -> generateRandomString ( " #**************************************************************************# " );
$link = SITEURL . " usersettings.php?del= " . $hash ; // Security measure - user must be logged in to utilize the link.
$text = LAN_USET_55 ; // "Please click the following link to complete the deletion of your account.";
$text .= " <br /><br /> " ;
$text .= " <a href=' " . $link . " ' target='_blank'> " . $link . " </a> " ;
$eml = array (
'subject' => $subject ,
'html' => true ,
'priority' => 1 ,
'template' => 'default' ,
'body' => $text ,
);
if ( e107 :: getEmail () -> sendEmail ( USEREMAIL , USERNAME , $eml ))
{
$update = array (
'user_sess' => $hash ,
'WHERE' => 'user_id = ' . USERID
);
e107 :: getDb () -> update ( 'user' , $update );
$alert = $tp -> lanVars ( $message , USEREMAIL );
return e107 :: getMessage () -> setTitle ( $caption , E_MESSAGE_INFO ) -> addInfo ( $alert ) -> render ();
}
//todo Email Failure message.
return null ;
}
/*
private function processUserDeleteFields ( $vars )
{
$qry = array ();
foreach ( $vars as $field => $var )
{
}
return $qry ;
} */
private function processUserDelete ( $hash )
{
2018-07-13 16:12:56 +02:00
if ( ! e107 :: getDb () -> select ( 'user' , '*' , " user_id = " . USERID . " AND user_sess=' " . $hash . " ' LIMIT 1 " )) // user must be logged in AND have correct hash.
2018-07-12 15:31:11 -07:00
{
return false ;
}
$arr = e107 :: getAddonConfig ( 'e_user' , '' , 'delete' , USERID );
$sql = e107 :: getDb ();
foreach ( $arr as $plugin )
{
foreach ( $plugin as $table => $query )
{
$mode = $query [ 'MODE' ];
unset ( $query [ 'MODE' ]);
// $query = $this->processUserDeleteFields($query); //optional pre-processing..
if ( $mode === 'update' )
{
//echo "<h3>UPDATE ".$table."</h3>";
// print_a($query);
2018-07-13 16:12:56 +02:00
$sql -> update ( $table , $query ); // todo check query ran successfully.
2018-07-12 15:31:11 -07:00
}
elseif ( $mode === 'delete' )
{
//echo "<h3>DELETE ".$table."</h3>";
//print_a($query);
2018-07-13 16:12:56 +02:00
$sql -> delete ( $table , $query [ 'WHERE' ]); // todo check query ran successfully.
2018-07-12 15:31:11 -07:00
}
}
}
$alert = defset ( 'LAN_USET_56' , " Your account has been successfully deleted. " );
return e107 :: getMessage () -> addSuccess ( $alert ) -> render ();
}
2016-11-26 13:59:21 -08:00
/**
* @ return bool
*/
public function init ()
{
$pref = e107 :: getPref ();
$tp = e107 :: getParser ();
$ue = e107 :: getUserExt ();
$mes = e107 :: getMessage ();
$sql = e107 :: getDb ();
$ns = e107 :: getRender ();
$userMethods = e107 :: getUserSession ();
$photo_to_delete = '' ;
$avatar_to_delete = '' ;
2016-11-26 14:11:22 -08:00
// $ue_fields = '';
$caption = '' ;
2016-11-26 13:59:21 -08:00
$promptPassword = false ;
$error = FALSE ;
$extraErrors = array ();
$eufVals = array ();
$savePassword = '' ;
2016-11-26 14:11:22 -08:00
$changedUserData = array ();
$udata = array ();
$allData = array ();
$message = '' ;
$changedEUFData = array ();
2016-11-26 13:59:21 -08:00
$inp = USERID ; // Initially assume that user is modifying their own data.
$_uid = false ; // FALSE if user modifying their own data; otherwise ID of data being modified
$adminEdit = false ; // @deprecated // FALSE if editing own data. TRUE if admin edit
2016-11-26 14:11:22 -08:00
2018-07-12 15:31:11 -07:00
if ( ! empty ( $_POST [ 'delete_account' ])) // button clicked.
{
echo $this -> sendDeleteConfirmationEmail ();
}
if ( ! empty ( $_GET [ 'del' ])) // delete account via confirmation email link.
2018-06-05 12:55:20 -07:00
{
2018-07-13 16:12:56 +02:00
2018-07-12 15:31:11 -07:00
echo $this -> processUserDelete ( $_GET [ 'del' ]);
2018-07-13 16:12:56 +02:00
//e107::getSession()->destroy();
e107 :: getUser () -> logout ();
return null ;
2018-06-05 12:55:20 -07:00
}
2016-11-26 14:11:22 -08:00
/* todo subject of removal */
2016-11-26 13:59:21 -08:00
if ( is_numeric ( e_QUERY ))
{ // Trying to edit specific user record
if ( ADMIN )
{ // Admin edit of specific record
/*
$_usersettings_matches = Array
(
[ 0 ] => / e107 / usersettings . php ? # OR /e107/edit/user/#
[ 1 ] => e107
[ 2 ] => usersettings . php OR edit / user
[ 3 ] => ? OR /
[ 4 ] => #
)
*/
$inp = intval ( e_QUERY );
// $usersettings_form_action = strstr('?', $_usersettings_matches[3]) ? e_SELF.'?'.e_QUERY : e_SELF;
$_uid = $inp ;
$info = e107 :: user ( $inp );
//Only site admin is able to change setting for other admins
if ( ! is_array ( $info ) || ( $info [ 'user_admin' ] == 1 && ( ! defined ( 'ADMINPERMS' ) || ADMINPERMS !== '0' )) || (( ! defined ( 'ADMINPERMS' ) || ADMINPERMS !== '0' ) && ! getperms ( '4' )))
{
e107 :: redirect ();
exit ();
}
$adminEdit = TRUE ; // Flag to indicate admin edit
}
else
{
//Non admin attempting to edit another user's ID
e107 :: redirect ();
exit ();
}
2008-12-28 22:37:43 +00:00
2016-11-26 13:59:21 -08:00
}
2014-03-13 00:21:34 +01:00
2016-11-26 13:59:21 -08:00
// Save user settings (changes only)
//-----------------------------------
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
if ( isset ( $_POST [ 'updatesettings' ]) || isset ( $_POST [ 'SaveValidatedInfo' ]))
{
// $udata = e107::user($inp); //@deprecated // Get all the existing user data, including any extended fields
2014-08-21 13:15:47 -07:00
2016-11-26 13:59:21 -08:00
$udata = e107 :: user ( $inp ); // Get all the existing user data, including any extended fields
$udata [ 'user_classlist' ] = $userMethods -> addCommonClasses ( $udata , FALSE );
}
2015-04-20 11:27:31 -07:00
2016-12-02 12:04:08 -08:00
if ( ! empty ( $_POST [ 'updatesettings' ]))
2016-11-26 13:59:21 -08:00
{
2019-11-04 18:38:00 +01:00
// Do not filter these values (saving)
$ueVals = $_POST [ 'ue' ];
$passtemp1 = $_POST [ 'password1' ];
$passtemp2 = $_POST [ 'password2' ];
// Filter the others
2016-12-02 12:04:08 -08:00
$_POST = e107 :: getParser () -> filter ( $_POST );
2019-11-04 18:38:00 +01:00
// Pass the original values back (restoring)
$_POST [ 'ue' ] = $ueVals ;
$_POST [ 'password1' ] = $passtemp1 ;
$_POST [ 'password2' ] = $passtemp2 ;
2016-12-02 12:04:08 -08:00
2019-11-04 18:38:00 +01:00
// Unset temporary vars
2019-06-08 10:31:15 -07:00
unset ( $ueVals );
2019-11-04 18:38:00 +01:00
unset ( $passtemp1 );
unset ( $passtemp2 );
2019-06-08 10:31:15 -07:00
2016-11-26 13:59:21 -08:00
if ( ! vartrue ( $pref [ 'auth_method' ]))
{
$pref [ 'auth_method' ] = 'e107' ;
}
2015-04-20 11:27:31 -07:00
2016-11-26 13:59:21 -08:00
if ( $pref [ 'auth_method' ] != 'e107' )
{
$_POST [ 'password1' ] = '' ;
$_POST [ 'password2' ] = '' ;
}
2006-12-02 04:36:16 +00:00
2016-12-17 09:45:48 -08:00
e107 :: getMessage () -> addDebug ( " _FILES " . print_a ( $_FILES , true ));
2016-11-26 13:59:21 -08:00
// Uploaded avatar and/or photo
2016-12-17 09:45:48 -08:00
if ( varset ( $_FILES [ 'file_userfile' ][ 'error' ][ 'avatar' ], false ) === UPLOAD_ERR_OK || varset ( $_FILES [ 'file_userfile' ][ 'error' ][ 'photo' ], false ) == UPLOAD_ERR_OK )
2016-11-26 13:59:21 -08:00
{
2016-12-17 09:45:48 -08:00
e107 :: getMessage () -> addDebug ( " Uploaded File Detected " );
2016-11-26 13:59:21 -08:00
require_once ( e_HANDLER . 'resize_handler.php' );
2008-01-06 21:16:37 +00:00
2016-11-26 13:59:21 -08:00
$opts = array ( 'overwrite' => TRUE , 'file_mask' => 'jpg,png,gif,jpeg' , 'max_file_count' => 2 );
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
if ( $uploaded = e107 :: getFile () -> getUploaded ( e_AVATAR_UPLOAD , 'prefix+ap_' . $tp -> leadingZeros ( $udata [ 'user_id' ], 7 ) . '_' , $opts ))
{
2016-12-17 09:45:48 -08:00
e107 :: getMessage () -> addDebug ( " Uploaded: " . print_a ( $uploaded , true ));
2016-11-26 13:59:21 -08:00
foreach ( $uploaded as $upload )
{
if ( $upload [ 'name' ] && ( $upload [ 'index' ] == 'avatar' ) && $pref [ 'avatar_upload' ])
{
// avatar uploaded - give it a reference which identifies it as server-stored
// Vetting routines will do resizing and so on
$_POST [ 'image' ] = '-upload-' . $upload [ 'name' ];
}
elseif ( $upload [ 'name' ] && ( $upload [ 'index' ] == 'photo' ) && $pref [ 'photo_upload' ])
{
// photograph uploaded
$_POST [ 'user_sess' ] = '-upload-' . $upload [ 'name' ];
}
elseif ( isset ( $upload [ 'error' ]) && isset ( $upload [ 'message' ]))
{
$extraErrors [] = $upload [ 'message' ];
}
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
}
}
2008-06-13 20:20:23 +00:00
2008-12-10 16:37:17 +00:00
2016-11-26 13:59:21 -08:00
}
2007-12-15 15:06:40 +00:00
2008-12-10 16:37:17 +00:00
2016-11-26 13:59:21 -08:00
// Now validate everything - just check everything that's been entered
$allData = validatorClass :: validateFields ( $_POST , $userMethods -> userVettingInfo , TRUE ); // Do basic validation
validatorClass :: dbValidateArray ( $allData , $userMethods -> userVettingInfo , 'user' , $inp ); // Do basic DB-related checks
$userMethods -> userValidation ( $allData ); // Do user-specific DB checks
$savePassword = '' ;
if (( $_POST [ 'password1' ] != '' ) || ( $_POST [ 'password2' ] != '' ))
{ // Need to validate new password here
if ( ! isset ( $allData [ 'errors' ][ 'user_password' ]))
{ // No errors in password yet - may be valid
$savePassword = $allData [ 'data' ][ 'user_password' ];
unset ( $allData [ 'data' ][ 'user_password' ]); // Delete the password value in the output array
2008-12-28 22:37:43 +00:00
}
2016-11-26 13:59:21 -08:00
}
else
{
unset ( $allData [ 'errors' ][ 'user_password' ]); // Delete the error which an empty password field generates
}
unset ( $_POST [ 'password1' ]);
unset ( $_POST [ 'password2' ]);
$changedUserData = validatorClass :: findChanges ( $allData [ 'data' ], $udata , FALSE );
e107 :: getMessage () -> addDebug ( " <h5>Existing User Info</h5> " . print_a ( $udata , true ));
e107 :: getMessage () -> addDebug ( '<h5>$allData</h5>' . print_a ( $allData [ 'data' ], true ));
e107 :: getMessage () -> addDebug ( " <h5>Posted Changes</h5> " . print_a ( $changedUserData , true ));
// Login Name checks - only admin can change login name
if ( isset ( $changedUserData [ 'user_loginname' ]))
{
if ( ADMIN && getperms ( '4' ))
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
if ( ! check_class ( $pref [ 'displayname_class' ], $udata [ 'user_classlist' ], $adminEdit ))
{ // Display name and login name must be the same
$changedUserData [ 'user_name' ] = $changedUserData [ 'user_loginname' ];
}
2008-12-28 22:37:43 +00:00
}
2016-11-26 13:59:21 -08:00
else
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
unset ( $changedUserData [ 'user_loginname' ]); // Just doing this is probably being kind!
$alldata [ 'errors' ][ 'user_loginname' ] = ERR_GENERIC ;
$alldata [ 'errortext' ][ 'user_loginname' ] = LAN_USER_85 ;
2008-12-28 22:37:43 +00:00
}
}
2006-12-02 04:36:16 +00:00
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
// See if user just wants to delete existing photo
if ( isset ( $_POST [ 'user_delete_photo' ]))
{
$photo_to_delete = $udata [ 'user_sess' ];
$changedUserData [ 'user_sess' ] = '' ;
}
2007-05-28 09:37:35 +00:00
2007-12-15 15:06:40 +00:00
2008-12-10 16:37:17 +00:00
2016-11-26 13:59:21 -08:00
if ( $udata [ 'user_image' ] && ! isset ( $changedUserData [ 'user_image' ]))
{
// $changedUserData['user_image'] = ''; // FIXME Deletes the user's image when no changes made.
$avatar_to_delete = str_replace ( '-upload-' , '' , $udata [ 'user_image' ]);
}
2008-12-28 22:37:43 +00:00
2016-11-26 13:59:21 -08:00
// Validate Extended User Fields.
2016-11-26 14:11:22 -08:00
2019-06-08 10:31:15 -07:00
2016-11-26 13:59:21 -08:00
if ( isset ( $_POST [ 'ue' ]))
{
2019-06-08 10:31:15 -07:00
$eufVals = $ue -> sanitizeAll ( $_POST [ 'ue' ]);
$eufVals = $ue -> userExtendedValidateAll ( $eufVals , varset ( $_POST [ 'hide' ], TRUE )); // Validate the extended user fields
2016-11-26 13:59:21 -08:00
$changedEUFData [ 'data' ] = validatorClass :: findChanges ( $eufVals [ 'data' ], $udata , FALSE );
}
2006-12-02 04:36:16 +00:00
2019-06-08 10:31:15 -07:00
e107 :: getMessage () -> addDebug ( " <h4>Extended Data - post validation</h4> " . print_a ( $changedEUFData [ 'data' ], true ));
2008-12-28 22:37:43 +00:00
2016-11-26 13:59:21 -08:00
// Determine whether we have an error
$error = (( isset ( $allData [ 'errors' ]) && count ( $allData [ 'errors' ])) || ( isset ( $eufVals [ 'errors' ]) && count ( $eufVals [ 'errors' ])) || count ( $extraErrors ));
2008-12-28 22:37:43 +00:00
2014-08-21 13:15:47 -07:00
2016-11-26 13:59:21 -08:00
// Update Userclass - only if its the user changing their own data (admins can do it another way)
if ( isset ( $allData [ 'data' ][ 'user_class' ]))
{
unset ( $changedUserData [ 'user_class' ]); // We always recalculate this
if ( FALSE === $adminEdit ) // Make sure admin can't edit another's user classes
{
2014-08-21 13:15:47 -07:00
2016-11-26 13:59:21 -08:00
$e_userclass = e107 :: getUserClass ();
$ucList = $e_userclass -> get_editable_classes ( USERCLASS_LIST , TRUE ); // List of classes which this user can edit
if ( count ( $ucList ))
{
$nid = $e_userclass -> mergeClassLists ( $udata [ 'user_class' ], $ucList , $allData [ 'data' ][ 'user_class' ], TRUE );
$nid = $e_userclass -> stripFixedClasses ( $nid );
$nid = implode ( ',' , $nid );
// echo "Userclass data - new: {$nid}, old: {$udata['user_baseclasslist']}, editable: ".implode(',',$ucList).", entered: {$allData['data']['user_class']}<br />";
if ( $nid != $udata [ 'user_baseclasslist' ])
{
if ( US_DEBUG )
{
2020-12-18 09:39:02 -08:00
e107 :: getLog () -> addEvent ( 10 , debug_backtrace (), " DEBUG " , " Usersettings test " , " Write back classes; old list: { $udata [ 'user_class' ] } ; new list: " . $nid , false , LOG_TO_ROLLING );
2016-11-26 13:59:21 -08:00
}
$changedUserData [ 'user_class' ] = $nid ;
}
}
}
2008-12-28 22:37:43 +00:00
}
2016-11-26 13:59:21 -08:00
e107 :: getMessage () -> addDebug ( " <h4>Processed Posted Changes</h4> " . print_a ( $changedUserData , true ));
// All key fields validated here
// -----------------------------
// $inp - UID of user whose data is being changed (may not be the currently logged in user)
$inp = intval ( $inp );
if ( ! $error && count ( $changedUserData ) || count ( $changedEUFData ))
{
$_POST [ 'user_id' ] = $inp ;
$ret = e107 :: getEvent () -> trigger ( 'preuserset' , $_POST );
if ( $ret == '' )
{
// Only admins can update login name - do this just in case one of the event triggers has mucked it about
if ( ! ( ADMIN && getperms ( '4' )))
{
unset ( $changedUserData [ 'user_loginname' ]);
}
}
else
{ // Invalid data - from hooked in trigger event
$message = " <div style='text-align:center'> " . $ret . " </div> " ;
$caption = LAN_OK ;
$error = true ;
}
}
} // End - update setttings
elseif ( isset ( $_POST [ 'SaveValidatedInfo' ])) // Next bit only valid if user editing their own data
2007-12-15 15:06:40 +00:00
{
2016-11-26 13:59:21 -08:00
/* if ( ! empty ( $_POST [ 'updated_data' ]) && ! empty ( $_POST [ 'currentpassword' ]) && ! empty ( $_POST [ 'updated_key' ]))
{ // Got some data confirmed with password entry*/
$new_data = base64_decode ( $_POST [ 'updated_data' ]);
// Should only happen if someone's fooling around
if ( $this -> getValidationKey ( $new_data ) !== $_POST [ 'updated_key' ] || ( $userMethods -> hasReadonlyField ( $new_data ) !== false ))
{
echo LAN_USET_42 . '<br />' ;
return false ;
}
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
if ( isset ( $_POST [ 'updated_extended' ]))
{
$new_extended = base64_decode ( $_POST [ 'updated_extended' ]);
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
if ( $this -> getValidationKey ( $new_extended ) !== $_POST [ 'extended_key' ])
{ // Should only happen if someone's fooling around
echo LAN_USET_42 . '<br />' ;
return false ;
}
}
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
if ( $userMethods -> CheckPassword ( $_POST [ 'currentpassword' ], $udata [ 'user_loginname' ], $udata [ 'user_password' ]) === false ) // Use old data to validate
{ // Invalid password
2007-05-28 09:37:35 +00:00
2016-11-26 13:59:21 -08:00
$mes -> addError ( " <p> " . LAN_INCORRECT_PASSWORD . " </p> " );
$mes -> addError ( " <a class='btn btn-danger' href=' " . e107 :: getUrl () -> create ( 'user/myprofile/edit' ) . " '> " . LAN_BACK . " </a> " );
2013-05-07 20:30:20 -07:00
2016-11-26 13:59:21 -08:00
echo $mes -> render ();
return false ;
}
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
$changedUserData = e107 :: unserialize ( $new_data );
2016-12-02 12:04:08 -08:00
$changedUserData = e107 :: getParser () -> filter ( $changedUserData , 'str' );
2009-06-12 20:41:35 +00:00
2016-11-26 13:59:21 -08:00
$savePassword = $_POST [ 'currentpassword' ];
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
if ( ! empty ( $new_extended ))
{
$changedEUFData = e107 :: unserialize ( $new_extended );
2016-12-02 12:04:08 -08:00
$changedEUFData = e107 :: getParser () -> filter ( $changedEUFData , 'str' );
2016-11-26 13:59:21 -08:00
}
2008-12-28 22:37:43 +00:00
2016-11-26 13:59:21 -08:00
unset ( $new_data );
unset ( $new_extended );
if ( isset ( $changedUserData [ 'user_sess' ]))
{
$photo_to_delete = $udata [ 'user_sess' ];
}
if ( isset ( $changedUserData [ 'user_image' ]))
{
$avatar_to_delete = $udata [ 'user_image' ];
}
// }
}
unset ( $_POST [ 'updatesettings' ]);
unset ( $_POST [ 'SaveValidatedInfo' ]);
// At this point we know the error status.
// $changedUserData has an array of core changed data, except password, which is in $savePassword if changed (or entered as confirmation).
// $eufData has extended user field data
// $changedEUFData has any changes in extended user field data
$dataToSave = ! $error && ( isset ( $changedUserData ) && count ( $changedUserData )) || ( isset ( $changedEUFData [ 'data' ]) && count ( $changedEUFData [ 'data' ])) || $savePassword ;
2015-02-15 16:07:27 -08:00
2016-11-26 13:59:21 -08:00
if ( $dataToSave )
{
// Sort out password hashes
if ( $savePassword )
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
$loginname = $changedUserData [ 'user_loginname' ] ? $changedUserData [ 'user_loginname' ] : $udata [ 'user_loginname' ];
$email = ( isset ( $changedUserData [ 'user_email' ]) && $changedUserData [ 'user_email' ]) ? $changedUserData [ 'user_email' ] : $udata [ 'user_email' ];
$changedUserData [ 'user_password' ] = $sql -> escape ( $userMethods -> HashPassword ( $savePassword , $loginname ), false );
if ( varset ( $pref [ 'allowEmailLogin' ], FALSE ))
2008-10-19 21:17:58 +00:00
{
2016-11-26 13:59:21 -08:00
$user_prefs = e107 :: unserialize ( $udata [ 'user_prefs' ]);
$user_prefs [ 'email_password' ] = $userMethods -> HashPassword ( $savePassword , $email );
$changedUserData [ 'user_prefs' ] = e107 :: serialize ( $user_prefs );
}
}
else
{
if (( isset ( $changedUserData [ 'user_loginname' ]) && $userMethods -> isPasswordRequired ( 'user_loginname' ))
|| ( isset ( $changedUserData [ 'user_email' ]) && $userMethods -> isPasswordRequired ( 'user_email' )))
{
if ( $_uid && ADMIN )
{ // Admin is changing it
$extraErrors [] = LAN_USET_20 ;
}
else
{ // User is changing their own info
$promptPassword = true ;
2008-12-28 22:37:43 +00:00
}
2008-10-19 21:17:58 +00:00
}
2008-06-13 20:20:23 +00:00
}
2008-10-19 21:17:58 +00:00
}
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
if ( $dataToSave && ! $promptPassword )
{
$inp = intval ( $inp );
2007-12-15 15:06:40 +00:00
2014-08-21 13:15:47 -07:00
2016-11-26 13:59:21 -08:00
// We can update the basic user record now - can just update fields from $changedUserData
2020-12-18 09:39:02 -08:00
if ( US_DEBUG ) { e107 :: getLog () -> addEvent ( 10 , debug_backtrace (), " DEBUG " , " Usersettings test " , " Changed data:<br /> " . var_export ( $changedUserData , true ), false , LOG_TO_ROLLING ); }
2016-11-26 13:59:21 -08:00
if ( isset ( $changedUserData ) && count ( $changedUserData ))
{
$changedData [ 'data' ] = $changedUserData ;
$changedData [ 'WHERE' ] = 'user_id=' . $inp ;
validatorClass :: addFieldTypes ( $userMethods -> userVettingInfo , $changedData );
2014-08-21 13:15:47 -07:00
2016-11-26 13:59:21 -08:00
// print_a($changedData);
if ( FALSE === $sql -> update ( 'user' , $changedData ))
{
$extraErrors [] = LAN_USET_43 ;
}
else
{
$message = LAN_USET_41 ;
if ( isset ( $changedUserData [ 'user_password' ]) && ! $adminEdit )
{
// echo "Make new cookie<br />";
$userMethods -> makeUserCookie ( array ( 'user_id' => $udata [ 'user_id' ], 'user_password' => $changedUserData [ 'user_password' ]), FALSE ); // Can't handle autologin ATM
}
}
}
2007-12-15 15:06:40 +00:00
2018-09-08 11:19:16 -07:00
2016-11-26 13:59:21 -08:00
// Save extended field values
2018-09-08 11:19:16 -07:00
if ( ! empty ( $changedEUFData [ 'data' ]))
2016-11-26 13:59:21 -08:00
{
2018-09-08 11:19:16 -07:00
2016-11-26 13:59:21 -08:00
$ue -> addFieldTypes ( $changedEUFData ); // Add in the data types for storage
2018-09-08 11:19:16 -07:00
$changedEUFData [ '_DUPLICATE_KEY_UPDATE' ] = true ; // update record if key found, otherwise INSERT.
$changedEUFData [ 'data' ][ 'user_extended_id' ] = $inp ;
if ( false === $sql -> insert ( 'user_extended' , $changedEUFData ))
2016-11-26 13:59:21 -08:00
{
$message .= '<br />Error updating EUF' ;
}
2018-09-08 11:19:16 -07:00
2016-11-26 13:59:21 -08:00
}
// Now see if we need to log anything. First check the options and class membership
// (Normally we would leave logging decision to the log class. But this one's a bit more complicated)
$user_logging_opts = e107 :: getConfig () -> get ( 'user_audit_opts' );
$do_log = array ();
$log_action = '' ;
if ( $_uid )
{ // Its an admin changing someone elses data - make an admin log entry here
e107 :: getLog () -> add ( 'USET_01' , " UID: { $udata [ 'user_id' ] } . UName: { $udata [ 'user_name' ] } " , E_LOG_INFORMATIVE );
// Check against the class of the target user, not the admin!
if ( ! check_class ( varset ( $pref [ 'user_audit_class' ], '' ), $udata [ 'user_class' ])) { $user_logging_opts = array (); }
}
else
2008-12-21 11:07:58 +00:00
{
2016-11-26 13:59:21 -08:00
if ( ! check_class ( varset ( $pref [ 'user_audit_class' ], '' ))) { $user_logging_opts = array (); }
2006-12-02 04:36:16 +00:00
}
2016-06-22 13:52:07 -07:00
2016-11-26 13:59:21 -08:00
$triggerData = array ();
if ( count ( $changedUserData ))
{
$triggerData = $changedUserData ; // Create record for changed user data trigger
$triggerData [ 'user_id' ] = $udata [ 'user_id' ];
$triggerData [ '_CHANGED_BY_UID' ] = USERID ; // May be admin changing data
$triggerData [ '_CHANGED_BY_UNAME' ] = USERNAME ;
if ( ! isset ( $triggerData [ 'user_name' ])) { $triggerData [ 'user_name' ] = $udata [ 'user_name' ]; }
}
2016-06-28 09:25:30 -07:00
2016-11-26 13:59:21 -08:00
// Now log changes if required
if ( count ( $user_logging_opts ))
{
// Start with any specific fields we're changing
if ( isset ( $changedUserData [ 'user_name' ]))
{
if ( isset ( $user_logging_opts [ USER_AUDIT_NEW_DN ]))
{
$do_log [ 'user_name' ] = $changedUserData [ 'user_name' ];
$log_action = USER_AUDIT_NEW_DN ;
}
unset ( $changedUserData [ 'user_name' ]);
}
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
if ( isset ( $changedUserData [ 'user_password' ]))
{
if ( isset ( $user_logging_opts [ USER_AUDIT_NEW_PW ]))
{ // Password has already been changed to a hashed value, so OK to leave the data
$do_log [ 'user_password' ] = $changedUserData [ 'user_password' ];
$log_action = USER_AUDIT_NEW_PW ;
}
unset ( $changedUserData [ 'user_password' ]);
}
if ( isset ( $changedUserData [ 'user_email' ]))
{
if ( isset ( $user_logging_opts [ USER_AUDIT_NEW_EML ]))
{
$do_log [ 'user_email' ] = $changedUserData [ 'user_email' ];
$log_action = USER_AUDIT_NEW_EML ;
}
unset ( $changedUserData [ 'user_email' ]);
}
if ( count ( $changedUserData ) && isset ( $user_logging_opts [ USER_AUDIT_NEW_SET ]))
{
$do_log = array_merge ( $do_log , $changedUserData );
$log_action = USER_AUDIT_NEW_SET ;
}
if ( count ( $do_log ))
{ // Got some changes to audit
// echo "Adding to audit log<br />";
if ( $_uid )
{
$log_action = USER_AUDIT_ADMIN ; // If an admin did the mod, different heading
// Embed a message saying who changed the data
2017-11-06 13:48:08 -08:00
$changedUserData [ 'message' ] = str_replace ( array ( '[x]' , '[y]' ), array ( USERID , USERNAME ), LAN_USET_18 );
2016-11-26 13:59:21 -08:00
e107 :: getLog () -> user_audit ( $log_action , $do_log , $udata [ 'user_id' ], $udata [ 'user_loginname' ]);
}
else
{
if ( count ( $do_log ) > 1 ) { $log_action = USER_AUDIT_NEW_SET ; } // Log multiple entries to one record
e107 :: getLog () -> user_audit ( $log_action , $do_log );
}
}
} // End of audit logging
// Now tidy up
if ( $photo_to_delete )
{ // Photo may be a flat file, or in the database
$this -> deleteFile ( $photo_to_delete );
2014-05-26 21:38:29 +02:00
}
2016-11-26 13:59:21 -08:00
if ( $avatar_to_delete )
{ // Avatar may be a flat file, or in the database
$this -> deleteFile ( $avatar_to_delete );
}
// If user has changed display name, update the record in the online table
if ( isset ( $changedUserData [ 'user_name' ]) && ! $_uid )
{
$sql -> update ( 'online' , " online_user_id = ' " . USERID . " . " . $changedUserData [ 'user_name' ] . " ' WHERE online_user_id = ' " . USERID . " . " . USERNAME . " ' " );
}
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
e107 :: getEvent () -> trigger ( 'postuserset' , $_POST );
if ( count ( $triggerData ))
2009-08-05 21:47:18 +00:00
{
2016-11-26 13:59:21 -08:00
e107 :: getEvent () -> trigger ( 'userdatachanged' , $triggerData );
2017-01-08 09:01:56 -08:00
e107 :: getEvent () -> trigger ( 'user_profile_edit' , $triggerData );
2009-08-05 21:47:18 +00:00
}
2016-11-26 13:59:21 -08:00
if ( e_QUERY == 'update' )
2009-08-05 21:47:18 +00:00
{
2016-11-26 13:59:21 -08:00
e107 :: redirect ();
2009-08-05 21:47:18 +00:00
}
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
if ( $adminEdit && $message )
{
$mes -> addSuccess ( $message );
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
2016-11-26 13:59:21 -08:00
$USERSETTINGS_MESSAGE = $this -> getTemplate ( 'message' );
$USERSETTINGS_MESSAGE_CAPTION = $this -> getTemplate ( 'message_caption' );
if ( isset ( $USERSETTINGS_MESSAGE ))
{
$message = str_replace ( " { MESSAGE} " , $message , $USERSETTINGS_MESSAGE );
2008-06-13 20:20:23 +00:00
}
2016-11-26 13:59:21 -08:00
elseif ( ! deftrue ( 'BOOTSTRAP' )) // backwards compatible
{
$message = " <div style='text-align:center'> " . $message . '</div>' ;
2008-06-13 20:20:23 +00:00
}
2016-11-26 13:59:21 -08:00
$caption = ( isset ( $USERSETTINGS_MESSAGE_CAPTION )) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK ;
2016-08-19 16:12:58 -07:00
2016-11-26 13:59:21 -08:00
} // End - if (!$error)...
2008-12-10 16:37:17 +00:00
2009-01-11 21:06:52 +00:00
2016-11-26 13:59:21 -08:00
if ( ! $error && ! $promptPassword )
2008-12-21 11:07:58 +00:00
{
2016-11-26 13:59:21 -08:00
if ( isset ( $_POST ) && vartrue ( $changedUserData [ 'user_name' ]))
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
$redirect = e107 :: getRedirect ();
$url = e107 :: getUrl ();
$to = $_uid ? $url -> create ( 'user/profile/edit' , array ( 'id' => $_uid , 'name' => $changedUserData [ 'user_name' ])) : $url -> create ( 'user/myprofile/edit' );
if ( $message ) e107 :: getMessage () -> addSuccess ( $message , 'default' , true );
$redirect -> redirect ( $to );
2008-12-28 22:37:43 +00:00
}
2016-11-26 13:59:21 -08:00
unset ( $_POST );
2008-12-21 11:07:58 +00:00
}
2008-12-28 22:37:43 +00:00
2009-01-11 21:06:52 +00:00
2016-11-26 13:59:21 -08:00
if ( $promptPassword ) // User has to enter password to validate data
2008-12-10 16:37:17 +00:00
{
2016-11-26 13:59:21 -08:00
$this -> renderPasswordForm ( $changedUserData , $changedEUFData );
return false ;
2008-12-28 22:37:43 +00:00
}
2008-12-21 11:07:58 +00:00
2016-11-26 14:11:22 -08:00
2009-02-22 14:21:08 +00:00
2016-11-26 13:59:21 -08:00
if ( $error )
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
$message = $this -> compileErrors ( $extraErrors , $allData , $eufVals );
// if(!empty($message))
2007-12-15 15:06:40 +00:00
{
2016-11-26 13:59:21 -08:00
if ( deftrue ( 'BOOTSTRAP' ))
{
echo e107 :: getMessage () -> addError ( $message ) -> render ();
}
else
{
$ns -> tablerender ( $caption , $message );
}
2007-12-15 15:06:40 +00:00
}
2008-12-28 22:37:43 +00:00
}
2016-11-27 10:30:26 -08:00
elseif ( $dataToSave === true ) // --- User data has been updated here if appropriate ---
2008-12-28 22:37:43 +00:00
{
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
$testSessionMessage = e107 :: getMessage () -> get ( E_MESSAGE_SUCCESS , 'default' , true ); // only success in the session
if ( $testSessionMessage ) $message = implode ( '<br />' , $testSessionMessage ); // we got raw message - array
if ( empty ( $message ))
2007-12-15 15:06:40 +00:00
{
2016-11-26 13:59:21 -08:00
$message = LAN_USET_41 ; // probably only extended fields updated.
2007-12-15 15:06:40 +00:00
}
2016-11-26 13:59:21 -08:00
if ( deftrue ( 'BOOTSTRAP' ))
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
echo e107 :: getMessage () -> addSuccess ( $message ) -> render ();
2008-12-28 22:37:43 +00:00
}
else
{
2016-11-26 13:59:21 -08:00
$ns -> tablerender ( $caption , $message );
2006-12-02 04:36:16 +00:00
}
2016-11-26 13:59:21 -08:00
2008-12-21 11:07:58 +00:00
}
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
$this -> renderForm ( $changedUserData );
2016-11-26 14:11:22 -08:00
return false ;
2008-12-28 22:37:43 +00:00
}
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
/**
* @ param $extraErrors
* @ param $allData
* @ param $eufVals
* @ return string
*/
private function compileErrors ( $extraErrors , $allData , $eufVals )
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
$temp = array ();
$userMethods = e107 :: getUserSession ();
if ( count ( $extraErrors ))
{
$temp [] = implode ( '<br />' , $extraErrors );
}
2007-12-15 15:06:40 +00:00
2016-11-26 13:59:21 -08:00
if ( count ( $allData [ 'errors' ]))
{
$temp [] = validatorClass :: makeErrorList ( $allData , 'USER_ERR_' , '%n - %x - %t: %v' , '<br />' , $userMethods -> userVettingInfo );
}
2008-01-06 21:16:37 +00:00
2016-11-26 13:59:21 -08:00
if ( vartrue ( $eufVals [ 'errors' ]))
{
$temp [] = '<br />' . validatorClass :: makeErrorList ( $eufVals , 'USER_ERR_' , '%n - %x - %t: %v' , '<br />' , NULL );
}
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
return implode ( '<br />' , $temp );
2007-10-09 21:30:29 +00:00
2008-06-13 20:20:23 +00:00
2008-12-28 22:37:43 +00:00
}
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
/**
* @ param $string
* @ return string
*/
private function getValidationKey ( $string )
2011-11-28 09:14:51 +00:00
{
2016-11-26 13:59:21 -08:00
return crypt ( $string , e_TOKEN );
2011-11-28 09:14:51 +00:00
}
2008-06-13 20:20:23 +00:00
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
/**
* @ param $changedUserData
* @ param $changedEUFData
*/
private function renderPasswordForm ( $changedUserData , $changedEUFData )
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
$ns = e107 :: getRender ();
$updated_data = e107 :: serialize ( $changedUserData , 'json' );
$validation_key = $this -> getValidationKey ( $updated_data );
$updated_data = base64_encode ( $updated_data );
$updated_extended = e107 :: serialize ( $changedEUFData , 'json' );
$extended_key = $this -> getValidationKey ( $updated_extended );
$updated_extended = base64_encode ( $updated_extended );
2007-10-09 21:30:29 +00:00
2016-11-26 13:59:21 -08:00
$formTarget = e107 :: getUrl () -> create ( 'user/myprofile/edit' );
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
$text = " <form method='post' action=' " . $formTarget . " '>
< table >< tr >< td > " ;
foreach ( $_POST as $k => $v )
{
if ( is_array ( $v ))
{
foreach ( $v as $sk => $sv )
{
$text .= " <input type='hidden' name=' { $k } [ { $sk } ]' value=' { $sv } ' /> \n " ;
}
}
else
{
$text .= " <input type='hidden' name=' { $k } ' value=' { $v } ' /> \n " ;
}
}
$text .= LAN_USET_21 . " </td></tr>
< tr >< td >& nbsp ; </ td ></ tr >
< tr >< td >
< input type = 'password' class = 'form-control' name = 'currentpassword' value = '' size = '30' /> " ;
$text .= "
< input type = 'hidden' name = 'updated_data' value = '{$updated_data}' />
< input type = 'hidden' name = 'updated_key' value = '{$validation_key}' />
< input type = 'hidden' name = 'updated_extended' value = '{$updated_extended}' />
< input type = 'hidden' name = 'extended_key' value = '{$extended_key}' />
</ td ></ tr >
< tr >< td >& nbsp ; </ td ></ tr >
< tr >< td style = 'text-align:center' >
" .e107::getForm()->button('SaveValidatedInfo',1, 'submit', LAN_ENTER). "
</ td ></ tr >
</ table >
</ form > " ;
$ns -> tablerender ( LAN_USET_39 , $text );
2013-05-07 20:30:20 -07:00
}
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
/**
* @ param $changedUserData
*/
private function renderForm ( $changedUserData )
{
$sql = e107 :: getDb ();
$ns = e107 :: getRender ();
$tp = e107 :: getParser ();
$userMethods = e107 :: getUserSession ();
$uuid = USERID ;
$qry = "
SELECT u .* , ue .* FROM #user AS u
LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id
WHERE u . user_id = " .intval( $uuid );
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
$sql -> gen ( $qry ); // Re-read the user data into curVal (ready for display)
$curVal = $sql -> fetch ();
$curVal [ 'user_class' ] = varset ( $changedUserData [ 'user_class' ], $curVal [ 'user_class' ]);
$curVal [ 'userclass_list' ] = $userMethods -> addCommonClasses ( $curVal , FALSE );
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
if ( ! empty ( $_POST ))
{ // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values
// (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block
foreach ( $_POST as $key => $val )
2008-12-28 22:37:43 +00:00
{
2016-11-26 13:59:21 -08:00
if ( $key != 'class' ) { $curVal [ 'user_' . $key ] = $tp -> post_toForm ( $val ); }
2014-03-13 00:21:34 +01:00
}
2016-11-26 13:59:21 -08:00
foreach ( $_POST [ 'ue' ] as $key => $val )
2014-03-13 00:21:34 +01:00
{
2016-11-26 13:59:21 -08:00
$curVal [ $key ] = $tp -> post_toForm ( $val );
2008-12-28 22:37:43 +00:00
}
}
2008-06-13 20:20:23 +00:00
2016-12-02 12:04:08 -08:00
$target = e107 :: getUrl () -> create ( 'user/myprofile/edit' , array ( 'id' => USERID ));
$text = '<form method="post" action="' . $target . '" id="dataform" class="usersettings-form form-horizontal" enctype="multipart/form-data" autocomplete="off">' ;
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));
2008-06-13 20:20:23 +00:00
2016-11-26 13:59:21 -08:00
if ( e_QUERY == " update " )
{
$text .= " <div class='fborder' style='text-align:center'><br /> " . str_replace ( " * " , " <span class='required'>*</span> " , LAN_USET_9 ) . " <br /> " . LAN_USET_10 . " <br /><br /></div> " ;
}
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
// e107::scStyle($sc_style);
e107 :: getScBatch ( 'usersettings' ) -> setVars ( $curVal );
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
$USERSETTINGS_EDIT = $this -> getTemplate ( 'edit' );
$USERSETTINGS_EDIT_CAPTION = $this -> getTemplate ( 'edit_caption' );
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
$text .= $tp -> parseTemplate ( $USERSETTINGS_EDIT , true , $this -> sc ); //ParseSC must be set to true so that custom plugin -shortcodes can be utilized.
2014-03-13 00:21:34 +01:00
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
$text .= " <div><input type='hidden' name='_uid' value=' { $uuid } ' /></div>
</ form >
" ;
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
$caption = ( isset ( $USERSETTINGS_EDIT_CAPTION )) ? $USERSETTINGS_EDIT_CAPTION : LAN_USET_39 ; // 'Update User Settings'
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
$ns -> tablerender ( $caption , $text );
2013-05-07 18:32:38 -07:00
2011-05-03 22:39:51 +00:00
2006-12-02 04:36:16 +00:00
2011-05-03 22:39:51 +00:00
2016-11-26 13:59:21 -08:00
}
//
/** '
* todo review and remove method if deemed appropriate
* Delete a file from the public directories . Return TRUE on success , FALSE on failure .
* Also deletes from database if appropriate .
* @ param $fname
*/
private function deleteFile ( $fname )
{
/*
$dir = 'avatars/' ;
$sql = e107 :: getDb ();
$tp = e107 :: getParser ();
$fname = trim ( $fname );
if ( ! $fname ) return false ;
if ( preg_match ( " #Binary (.*?)/# " , $fname , $match ))
{
return $sql -> db_Delete ( " rbinary " , " binary_id=' " . $tp -> toDB ( $match [ 1 ]) . " ' " );
}
elseif ( file_exists ( e_UPLOAD . $dir . $fname ))
{
unlink ( e_UPLOAD . $dir . $fname );
return true ;
}
return false ;
*/
}
2011-05-03 22:39:51 +00:00
}
2006-12-02 04:36:16 +00:00
2016-11-26 13:59:21 -08:00
$us = new usersettings_front ;
2016-11-26 14:11:22 -08:00
require_once ( HEADERF );
2016-11-26 13:59:21 -08:00
$us -> init ();
require_once ( FOOTERF );
2006-12-02 04:36:16 +00:00
2008-12-28 22:37:43 +00:00
2007-12-15 15:06:40 +00:00
// If a field is required, returns a red asterisk
2010-02-10 21:53:56 +00:00
function req ( $field )
2007-12-15 15:06:40 +00:00
{
2008-12-28 22:37:43 +00:00
$ret = " " ;
2006-12-02 04:36:16 +00:00
if ( $field == 2 )
{
2019-02-14 14:29:25 -08:00
$ret = " <span class='required'><!-- empty --></span> " ;
2006-12-02 04:36:16 +00:00
}
return $ret ;
}
2007-12-15 15:06:40 +00:00
2007-07-23 20:06:05 +00:00