2006-12-02 04:36:16 +00:00
< ? php
/*
2008-12-28 22:37:43 +00:00
* e107 website system
*
2009-11-18 01:06:08 +00:00
* Copyright ( C ) 2008 - 2009 e107 Inc ( e107 . org )
2008-12-28 22:37:43 +00:00
* Released under the terms and conditions of the
* GNU General Public License ( http :// www . gnu . org / licenses / gpl . txt )
*
* User settings modify
*
* $Source : / cvs_backup / e107_0 . 8 / usersettings . php , v $
2010-02-10 18:18:01 +00:00
* $Revision $
* $Date $
* $Author $
2008-12-28 22:37:43 +00:00
*
*/
/*
2007-12-15 15:06:40 +00:00
Notes :
Uses $udata initially , later curVal to hold current user data
2008-01-06 21:16:37 +00:00
Admin log events :
2008-12-10 16:37:17 +00:00
USET_01 - admin changed user data
2006-12-02 04:36:16 +00:00
*/
2014-03-13 00:21:34 +01:00
2008-12-10 16:37:17 +00:00
require_once ( 'class2.php' );
2014-03-13 00:21:34 +01:00
2014-08-21 13:15:47 -07:00
// TODO - Remove all the adminEdit stuff.
2014-03-13 00:21:34 +01:00
2009-08-28 15:30:25 +00:00
include_lan ( e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE );
2006-12-02 04:36:16 +00:00
2009-08-05 21:47:18 +00:00
define ( " US_DEBUG " , FALSE );
//define('US_DEBUG', false);
2007-10-09 21:30:29 +00:00
2007-12-15 15:06:40 +00:00
2010-02-10 21:53:56 +00:00
if ( ! USER )
2008-12-21 11:07:58 +00:00
{ // Must be logged in to change settings
2008-12-10 16:37:17 +00:00
header ( 'location:' . e_BASE . 'index.php' );
2008-12-28 22:37:43 +00:00
exit ();
2006-12-02 04:36:16 +00:00
}
2010-02-10 21:53:56 +00:00
if (( ! ADMIN || ! getperms ( " 4 " )) && e_QUERY && e_QUERY != " update " )
2007-12-15 15:06:40 +00:00
{
2008-12-10 16:37:17 +00:00
header ( 'location:' . e_BASE . 'usersettings.php' );
2008-12-28 22:37:43 +00:00
exit ();
2006-12-02 04:36:16 +00:00
}
2008-12-28 22:37:43 +00:00
include_lan ( e_LANGUAGEDIR . e_LANGUAGE . '/lan_user.php' ); // Generic user-related language defines
2009-08-05 21:47:18 +00:00
include_lan ( e_LANGUAGEDIR . e_LANGUAGE . '/lan_usersettings.php' );
2008-12-28 22:37:43 +00:00
2014-03-13 00:21:34 +01:00
2008-12-28 22:37:43 +00:00
require_once ( e_HANDLER . 'ren_help.php' );
require_once ( e_HANDLER . 'user_extended_class.php' );
2009-11-22 14:10:09 +00:00
// require_once (e_HANDLER.'user_handler.php');
2008-12-28 22:37:43 +00:00
require_once ( e_HANDLER . 'validator_class.php' );
$ue = new e107_user_extended ;
2006-12-02 04:36:16 +00:00
2010-10-26 07:41:20 +00:00
$userMethods = e107 :: getUserSession ();
2009-11-22 14:10:09 +00:00
require_once ( e_HANDLER . 'ren_help.php' );
2013-12-21 21:54:23 -08:00
2013-12-24 02:24:14 -08:00
if ( deftrue ( 'BOOTSTRAP' ) === 3 )
2013-12-21 21:54:23 -08:00
{
$template = e107 :: getCoreTemplate ( 'usersettings' , '' , true , true ); // always merge
$USERSETTINGS_MESSAGE = " { MESSAGE} " ;
$USERSETTINGS_MESSAGE_CAPTION = LAN_OK ;
$USERSETTINGS_EDIT_CAPTION = LAN_USET_39 ; // 'Update User Settings'
$USERSETTINGS_EDIT = $template [ 'edit' ];
$usersettings_shortcodes = e107 :: getScBatch ( 'usersettings' );
$usersettings_shortcodes -> wrapper ( 'usersettings/edit' );
}
else
{
include_once ( e107 :: coreTemplatePath ( 'usersettings' )); //correct way to load a core template.
e107 :: scStyle ( $sc_style );
$usersettings_shortcodes = e107 :: getScBatch ( 'usersettings' );
}
2012-06-19 09:08:41 +00:00
2012-06-19 12:53:48 +00:00
2013-05-24 04:53:24 -07:00
e107 :: js ( 'footer-inline' , "
2014-03-13 00:21:34 +01:00
function addtext_us ( sc )
{
document . getElementById ( 'dataform' ) . image . value = sc ;
}
" );
2013-05-25 16:52:45 -07:00
2012-06-15 04:15:46 +00:00
2007-07-23 20:06:05 +00:00
$photo_to_delete = '' ;
$avatar_to_delete = '' ;
2008-06-13 20:20:23 +00:00
$ue_fields = '' ;
2008-12-10 16:37:17 +00:00
$promptPassword = false ;
2008-12-28 22:37:43 +00:00
$error = FALSE ;
$extraErrors = array ();
$eufVals = array ();
$savePassword = '' ;
$inp = USERID ; // Initially assume that user is modifying their own data.
$_uid = false ; // FALSE if user modifying their own data; otherwise ID of data being modified
$adminEdit = FALSE ; // FALSE if editing own data. TRUE if admin edit
2014-03-13 00:21:34 +01:00
2008-12-28 22:37:43 +00:00
if ( is_numeric ( e_QUERY ))
{ // Trying to edit specific user record
if ( ADMIN )
2014-03-13 00:21:34 +01:00
{ // Admin edit of specific record
/*
$_usersettings_matches = Array
(
[ 0 ] => / e107 / usersettings . php ? # OR /e107/edit/user/#
[ 1 ] => e107
[ 2 ] => usersettings . php OR edit / user
[ 3 ] => ? OR /
[ 4 ] => #
)
*/
$inp = intval ( e_QUERY );
$usersettings_form_action = strstr ( '?' , $_usersettings_matches [ 3 ]) ? e_SELF . '?' . e_QUERY : e_SELF ;
$_uid = $inp ;
2015-01-26 18:03:14 -08:00
$info = e107 :: user ( $inp );
2008-12-28 22:37:43 +00:00
//Only site admin is able to change setting for other admins
2014-03-13 00:21:34 +01:00
if ( ! is_array ( $info ) || ( $info [ 'user_admin' ] == 1 && ( ! defined ( 'ADMINPERMS' ) || ADMINPERMS !== '0' )) || (( ! defined ( 'ADMINPERMS' ) || ADMINPERMS !== '0' ) && ! getperms ( '4' )))
{
header ( 'location:' . e_BASE . 'index.php' );
exit ();
}
2008-12-28 22:37:43 +00:00
$adminEdit = TRUE ; // Flag to indicate admin edit
}
else
{
//Non admin attempting to edit another user's ID
header ( 'location:' . e_BASE . 'index.php' );
exit ();
}
2006-12-02 04:36:16 +00:00
2009-08-05 21:47:18 +00:00
}
2014-08-21 13:15:47 -07:00
2015-04-20 11:27:31 -07:00
require_once ( HEADERF );
2006-12-02 04:36:16 +00:00
2008-01-06 21:16:37 +00:00
2007-12-15 15:06:40 +00:00
// Save user settings (changes only)
//-----------------------------------
2006-12-02 04:36:16 +00:00
2008-06-13 20:20:23 +00:00
if ( isset ( $_POST [ 'updatesettings' ]) || isset ( $_POST [ 'SaveValidatedInfo' ]))
2006-12-02 04:36:16 +00:00
{
2015-01-26 18:03:14 -08:00
// $udata = e107::user($inp); //@deprecated // Get all the existing user data, including any extended fields
2014-08-21 13:15:47 -07:00
$udata = e107 :: user ( $inp ); // Get all the existing user data, including any extended fields
2008-12-28 22:37:43 +00:00
$udata [ 'user_classlist' ] = $userMethods -> addCommonClasses ( $udata , FALSE );
2008-06-13 20:20:23 +00:00
}
if ( isset ( $_POST [ 'updatesettings' ]))
{
2015-02-14 23:34:15 -08:00
if ( ! vartrue ( $pref [ 'auth_method' ]))
2008-12-10 16:37:17 +00:00
{
2008-12-28 22:37:43 +00:00
$pref [ 'auth_method' ] = 'e107' ;
2008-12-10 16:37:17 +00:00
}
if ( $pref [ 'auth_method' ] != 'e107' )
2008-06-13 20:20:23 +00:00
{
2008-12-28 22:37:43 +00:00
$_POST [ 'password1' ] = '' ;
$_POST [ 'password2' ] = '' ;
2008-06-13 20:20:23 +00:00
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
// Uploaded avatar and/or photo
if ( $file_userfile [ 'error' ] != 4 )
2007-12-15 15:06:40 +00:00
{
2008-12-28 22:37:43 +00:00
require_once ( e_HANDLER . 'upload_handler.php' );
require_once ( e_HANDLER . 'resize_handler.php' );
2008-12-10 16:37:17 +00:00
2013-05-07 20:30:20 -07:00
if ( $uploaded = process_uploaded_files ( e_AVATAR_UPLOAD , 'prefix+ap_' . $tp -> leadingZeros ( $udata [ 'user_id' ], 7 ) . '_' , array ( 'overwrite' => TRUE , 'file_mask' => 'jpg,png,gif' , 'max_file_count' => 2 )))
2008-12-21 11:07:58 +00:00
{
2008-12-28 22:37:43 +00:00
foreach ( $uploaded as $upload )
{
if ( $upload [ 'name' ] && ( $upload [ 'index' ] == 'avatar' ) && $pref [ 'avatar_upload' ])
{
// avatar uploaded - give it a reference which identifies it as server-stored
// Vetting routines will do resizing and so on
$_POST [ 'image' ] = '-upload-' . $upload [ 'name' ];
}
elseif ( $upload [ 'name' ] && ( $upload [ 'index' ] == 'photo' ) && $pref [ 'photo_upload' ])
{
// photograph uploaded
2014-07-04 08:34:33 +01:00
$_POST [ 'user_sess' ] = '-upload-' . $upload [ 'name' ];
2008-12-28 22:37:43 +00:00
}
elseif ( isset ( $upload [ 'error' ]) && isset ( $upload [ 'message' ]))
{
$extraErrors [] = $upload [ 'message' ];
}
2013-05-07 20:30:20 -07:00
2008-12-28 22:37:43 +00:00
}
2007-12-15 15:06:40 +00:00
}
2013-05-07 20:30:20 -07:00
2006-12-02 04:36:16 +00:00
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
// Now validate everything - just check everything that's been entered
$allData = validatorClass :: validateFields ( $_POST , $userMethods -> userVettingInfo , TRUE ); // Do basic validation
validatorClass :: dbValidateArray ( $allData , $userMethods -> userVettingInfo , 'user' , $inp ); // Do basic DB-related checks
$userMethods -> userValidation ( $allData ); // Do user-specific DB checks
2007-05-28 09:37:35 +00:00
2008-12-28 22:37:43 +00:00
$savePassword = '' ;
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
if (( $_POST [ 'password1' ] != '' ) || ( $_POST [ 'password2' ] != '' ))
{ // Need to validate new password here
if ( ! isset ( $allData [ 'errors' ][ 'user_password' ]))
{ // No errors in password yet - may be valid
2009-01-11 21:06:52 +00:00
$savePassword = $allData [ 'data' ][ 'user_password' ];
unset ( $allData [ 'data' ][ 'user_password' ]); // Delete the password value in the output array
2008-12-28 22:37:43 +00:00
}
2008-12-10 16:37:17 +00:00
}
else
{
2008-12-28 22:37:43 +00:00
unset ( $allData [ 'errors' ][ 'user_password' ]); // Delete the error which an empty password field generates
2008-12-10 16:37:17 +00:00
}
2008-12-28 22:37:43 +00:00
unset ( $_POST [ 'password1' ]);
unset ( $_POST [ 'password2' ]);
2006-12-02 04:36:16 +00:00
2009-01-11 21:06:52 +00:00
$changedUserData = validatorClass :: findChanges ( $allData [ 'data' ], $udata , FALSE );
2008-12-28 22:37:43 +00:00
2014-08-21 13:15:47 -07:00
e107 :: getMessage () -> addDebug ( " <h5>Existing User Info</h5> " . print_a ( $udata , true ));
e107 :: getMessage () -> addDebug ( '<h5>$allData</h5>' . print_a ( $allData [ 'data' ], true ));
e107 :: getMessage () -> addDebug ( " <h5>Posted Changes</h5> " . print_a ( $changedUserData , true ));
2008-12-28 22:37:43 +00:00
// Login Name checks - only admin can change login name
if ( isset ( $changedUserData [ 'user_loginname' ]))
2006-12-30 22:39:43 +00:00
{
2008-12-28 22:37:43 +00:00
if ( ADMIN && getperms ( '4' ))
2008-12-21 11:07:58 +00:00
{
2008-12-28 22:37:43 +00:00
if ( ! check_class ( $pref [ 'displayname_class' ], $udata [ 'user_classlist' ], $adminEdit ))
{ // Display name and login name must be the same
$changedUserData [ 'user_name' ] = $changedUserData [ 'user_loginname' ];
}
}
else
2007-12-15 15:06:40 +00:00
{
2008-12-28 22:37:43 +00:00
unset ( $changedUserData [ 'user_loginname' ]); // Just doing this is probably being kind!
$alldata [ 'errors' ][ 'user_loginname' ] = ERR_GENERIC ;
$alldata [ 'errortext' ][ 'user_loginname' ] = LAN_USER_85 ;
2007-12-15 15:06:40 +00:00
}
}
2008-12-28 22:37:43 +00:00
// See if user just wants to delete existing photo
if ( isset ( $_POST [ 'user_delete_photo' ]))
2007-12-15 15:06:40 +00:00
{
2014-03-13 00:21:34 +01:00
$photo_to_delete = $udata [ 'user_sess' ];
$changedUserData [ 'user_sess' ] = '' ;
2006-12-30 22:39:43 +00:00
}
2006-12-02 04:36:16 +00:00
2007-05-28 09:37:35 +00:00
2013-05-07 20:30:20 -07:00
2008-12-28 22:37:43 +00:00
if ( $udata [ 'user_image' ] && ! isset ( $changedUserData [ 'user_image' ]))
2006-12-02 04:36:16 +00:00
{
2013-05-07 20:30:20 -07:00
// $changedUserData['user_image'] = ''; // FIXME Deletes the user's image when no changes made.
2008-12-28 22:37:43 +00:00
$avatar_to_delete = str_replace ( '-upload-' , '' , $udata [ 'user_image' ]);
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
// Validate Extended User Fields.
$changedEUFData = array ();
if ( isset ( $_POST [ 'ue' ]))
2006-12-02 04:36:16 +00:00
{
2009-11-18 20:45:20 +00:00
$eufVals = $ue -> userExtendedValidateAll ( $_POST [ 'ue' ], varset ( $_POST [ 'hide' ], TRUE )); // Validate the extended user fields
2009-01-11 21:06:52 +00:00
$changedEUFData [ 'data' ] = validatorClass :: findChanges ( $eufVals [ 'data' ], $udata , FALSE );
2007-07-23 20:06:05 +00:00
}
2007-12-15 15:06:40 +00:00
2009-06-12 20:41:35 +00:00
2008-12-28 22:37:43 +00:00
// Determine whether we have an error
$error = (( isset ( $allData [ 'errors' ]) && count ( $allData [ 'errors' ])) || ( isset ( $eufVals [ 'errors' ]) && count ( $eufVals [ 'errors' ])) || count ( $extraErrors ));
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
// Update Userclass - only if its the user changing their own data (admins can do it another way)
2009-01-11 21:06:52 +00:00
if ( isset ( $allData [ 'data' ][ 'user_class' ]))
2006-12-02 04:36:16 +00:00
{
2008-12-28 22:37:43 +00:00
unset ( $changedUserData [ 'user_class' ]); // We always recalculate this
2015-02-15 16:07:27 -08:00
if ( FALSE === $adminEdit ) // Make sure admin can't edit another's user classes
{
$e_userclass = e107 :: getUserClass ();
2008-12-28 22:37:43 +00:00
$ucList = $e_userclass -> get_editable_classes ( USERCLASS_LIST , TRUE ); // List of classes which this user can edit
if ( count ( $ucList ))
{
2009-01-11 21:06:52 +00:00
$nid = $e_userclass -> mergeClassLists ( $udata [ 'user_class' ], $ucList , $allData [ 'data' ][ 'user_class' ], TRUE );
2008-12-28 22:37:43 +00:00
$nid = $e_userclass -> stripFixedClasses ( $nid );
$nid = implode ( ',' , $nid );
2009-01-11 21:06:52 +00:00
// echo "Userclass data - new: {$nid}, old: {$udata['user_baseclasslist']}, editable: ".implode(',',$ucList).", entered: {$allData['data']['user_class']}<br />";
2008-12-28 22:37:43 +00:00
if ( $nid != $udata [ 'user_baseclasslist' ])
2008-10-19 21:17:58 +00:00
{
2008-12-28 22:37:43 +00:00
if ( US_DEBUG )
{
$admin_log -> e_log_event ( 10 , debug_backtrace (), " DEBUG " , " Usersettings test " , " Write back classes; old list: { $udata [ 'user_class' ] } ; new list: " . $nid , false , LOG_TO_ROLLING );
}
$changedUserData [ 'user_class' ] = $nid ;
2008-10-19 21:17:58 +00:00
}
2008-06-13 20:20:23 +00:00
}
2008-10-19 21:17:58 +00:00
}
2008-12-28 22:37:43 +00:00
}
2008-06-13 20:20:23 +00:00
2007-12-15 15:06:40 +00:00
2014-08-21 13:15:47 -07:00
e107 :: getMessage () -> addDebug ( " <h4>Processed Posted Changes</h4> " . print_a ( $changedUserData , true ));
2008-12-10 16:37:17 +00:00
// All key fields validated here
// -----------------------------
// $inp - UID of user whose data is being changed (may not be the currently logged in user)
2013-04-28 22:03:46 +01:00
$inp = intval ( $inp );
2008-12-28 22:37:43 +00:00
if ( ! $error && count ( $changedUserData ) || count ( $changedEUFData ))
2006-12-02 04:36:16 +00:00
{
2013-04-28 22:03:46 +01:00
$_POST [ 'user_id' ] = $inp ;
2015-02-15 16:07:27 -08:00
$ret = e107 :: getEvent () -> trigger ( 'preuserset' , $_POST );
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
if ( $ret == '' )
2008-12-21 11:07:58 +00:00
{
2008-12-10 16:37:17 +00:00
2008-12-28 22:37:43 +00:00
// Only admins can update login name - do this just in case one of the event triggers has mucked it about
if ( ! ( ADMIN && getperms ( '4' )))
2008-12-21 11:07:58 +00:00
{
2008-12-28 22:37:43 +00:00
unset ( $changedUserData [ 'user_loginname' ]);
2006-12-02 04:36:16 +00:00
}
2008-12-21 11:07:58 +00:00
}
2010-02-10 21:53:56 +00:00
else
2008-12-28 22:37:43 +00:00
{ // Invalid data - from hooked in trigger event
$message = " <div style='text-align:center'> " . $ret . " </div> " ;
$caption = LAN_OK ;
$error = TRUE ;
2008-12-10 16:37:17 +00:00
}
}
2008-12-21 11:07:58 +00:00
} // End - update setttings
2008-12-10 16:37:17 +00:00
elseif ( isset ( $_POST [ 'SaveValidatedInfo' ]))
2008-12-21 11:07:58 +00:00
{ // Next bit only valid if user editing their own data
2008-12-28 22:37:43 +00:00
if ( ! $adminEdit && ! empty ( $_POST [ 'updated_data' ]) && ! empty ( $_POST [ 'currentpassword' ]) && ! empty ( $_POST [ 'updated_key' ]))
{ // Got some data confirmed with password entry
$new_data = base64_decode ( $_POST [ 'updated_data' ]);
2010-02-10 21:53:56 +00:00
if ( md5 ( $new_data ) != $_POST [ 'updated_key' ])
2008-12-28 22:37:43 +00:00
{ // Should only happen if someone's fooling around
2014-05-26 21:38:29 +02:00
echo LAN_USET_42 . '<br />' ;
exit ();
}
2007-12-15 15:06:40 +00:00
2014-05-26 21:38:29 +02:00
if ( isset ( $_POST [ 'updated_extended' ]))
{
$new_extended = base64_decode ( $_POST [ 'updated_extended' ]);
if ( md5 ( $new_extended ) != $_POST [ 'extended_key' ])
2008-12-28 22:37:43 +00:00
{ // Should only happen if someone's fooling around
2014-05-26 21:38:29 +02:00
echo LAN_USET_42 . '<br />' ;
exit ();
}
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
if ( $userMethods -> CheckPassword ( $_POST [ 'currentpassword' ], $udata [ 'user_loginname' ], $udata [ 'user_password' ]) === false ) // Use old data to validate
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
{ // Invalid password
echo " <br /> " . LAN_USET_22 . " <br /> " ;
2009-08-05 21:47:18 +00:00
if ( ! $adminEdit )
{
require_once ( FOOTERF );
}
else
{
2014-03-13 00:21:34 +01:00
require_once ( e_ADMIN . " footer.php " );
2009-08-05 21:47:18 +00:00
}
2008-12-28 22:37:43 +00:00
exit ();
}
$changedUserData = unserialize ( $new_data );
$savePassword = $_POST [ 'currentpassword' ];
if ( ! empty ( $new_extended )) $changedEUFData = unserialize ( $new_extended );
unset ( $new_data );
unset ( $new_extended );
if ( isset ( $changedUserData [ 'user_sess' ]))
{
$photo_to_delete = $udata [ 'user_sess' ];
}
if ( isset ( $changedUserData [ 'user_image' ]))
{
$avatar_to_delete = $udata [ 'user_image' ];
}
}
2008-06-13 20:20:23 +00:00
}
unset ( $_POST [ 'updatesettings' ]);
unset ( $_POST [ 'SaveValidatedInfo' ]);
2007-12-15 15:06:40 +00:00
2008-06-13 20:20:23 +00:00
// At this point we know the error status.
2008-12-28 22:37:43 +00:00
// $changedUserData has an array of core changed data, except password, which is in $savePassword if changed (or entered as confirmation).
// $eufData has extended user field data
2009-06-12 20:41:35 +00:00
// $changedEUFData has any changes in extended user field data
2009-01-11 21:06:52 +00:00
$dataToSave = ! $error && ( isset ( $changedUserData ) && count ( $changedUserData )) || ( isset ( $changedEUFData [ 'data' ]) && count ( $changedEUFData [ 'data' ])) || $savePassword ;
2008-12-28 22:37:43 +00:00
if ( $dataToSave )
2008-06-13 20:20:23 +00:00
{
2008-12-28 22:37:43 +00:00
// Sort out password hashes
if ( $savePassword )
{
$loginname = $changedUserData [ 'user_loginname' ] ? $changedUserData [ 'user_loginname' ] : $udata [ 'user_loginname' ];
$email = ( isset ( $changedUserData [ 'user_email' ]) && $changedUserData [ 'user_email' ]) ? $changedUserData [ 'user_email' ] : $udata [ 'user_email' ];
$changedUserData [ 'user_password' ] = $sql -> escape ( $userMethods -> HashPassword ( $savePassword , $loginname ), false );
if ( varset ( $pref [ 'allowEmailLogin' ], FALSE ))
2008-06-13 20:20:23 +00:00
{
2014-10-24 07:37:03 +03:00
$user_prefs = e107 :: getArrayStorage () -> unserialize ( $udata [ 'user_prefs' ]);
2008-12-28 22:37:43 +00:00
$user_prefs [ 'email_password' ] = $userMethods -> HashPassword ( $savePassword , $email );
2014-10-24 07:37:03 +03:00
$changedUserData [ 'user_prefs' ] = e107 :: getArrayStorage () -> serialize ( $user_prefs );
2008-06-13 20:20:23 +00:00
}
2008-12-28 22:37:43 +00:00
}
else
{
2010-02-10 21:53:56 +00:00
if (( isset ( $changedUserData [ 'user_loginname' ]) && $userMethods -> isPasswordRequired ( 'user_loginname' ))
2008-12-28 22:37:43 +00:00
|| ( isset ( $changedUserData [ 'user_email' ]) && $userMethods -> isPasswordRequired ( 'user_email' )))
2008-06-13 20:20:23 +00:00
{
2014-05-26 21:38:29 +02:00
if ( $_uid && ADMIN )
2008-12-21 11:07:58 +00:00
{ // Admin is changing it
2008-12-28 22:37:43 +00:00
$error = LAN_USET_20 ;
2008-06-13 20:20:23 +00:00
}
else
2008-12-21 11:07:58 +00:00
{ // User is changing their own info
2008-12-10 16:37:17 +00:00
$promptPassword = true ;
2008-06-13 20:20:23 +00:00
}
}
2008-12-28 22:37:43 +00:00
}
2008-06-13 20:20:23 +00:00
}
2008-12-28 22:37:43 +00:00
if ( $dataToSave && ! $promptPassword )
2008-06-13 20:20:23 +00:00
{
2013-04-28 22:03:46 +01:00
$inp = intval ( $inp );
2008-12-28 22:37:43 +00:00
$message = LAN_USET_41 ;
2008-12-10 16:37:17 +00:00
2008-12-28 22:37:43 +00:00
// We can update the basic user record now - can just update fields from $changedUserData
if ( US_DEBUG ) { $admin_log -> e_log_event ( 10 , debug_backtrace (), " DEBUG " , " Usersettings test " , " Changed data:<br /> " . var_export ( $changedUserData , true ), false , LOG_TO_ROLLING ); }
if ( isset ( $changedUserData ) && count ( $changedUserData ))
{
2009-01-11 21:06:52 +00:00
$changedData [ 'data' ] = $changedUserData ;
2013-04-28 22:03:46 +01:00
$changedData [ 'WHERE' ] = 'user_id=' . $inp ;
2009-01-11 21:06:52 +00:00
validatorClass :: addFieldTypes ( $userMethods -> userVettingInfo , $changedData );
2014-05-26 21:38:29 +02:00
// print_a($changedData);
2009-01-11 21:06:52 +00:00
if ( FALSE === $sql -> db_Update ( 'user' , $changedData ))
2008-12-28 22:37:43 +00:00
{
2014-05-26 21:38:29 +02:00
$message .= '<br />' . LAN_USET_43 ;
2008-12-21 11:07:58 +00:00
}
else
{
2008-12-29 11:00:16 +00:00
if ( isset ( $changedUserData [ 'user_password' ]) && ! $adminEdit )
2008-12-28 22:37:43 +00:00
{
2014-05-26 21:38:29 +02:00
// echo "Make new cookie<br />";
2008-12-28 22:37:43 +00:00
$userMethods -> makeUserCookie ( array ( 'user_id' => $udata [ 'user_id' ], 'user_password' => $changedUserData [ 'user_password' ]), FALSE ); // Can't handle autologin ATM
}
2008-12-21 11:07:58 +00:00
}
2008-12-28 22:37:43 +00:00
}
// Save extended field values
2009-01-11 21:06:52 +00:00
if ( isset ( $changedEUFData [ 'data' ]) && count ( $changedEUFData [ 'data' ]))
2008-12-28 22:37:43 +00:00
{
2009-01-11 21:06:52 +00:00
$ue -> addFieldTypes ( $changedEUFData ); // Add in the data types for storage
2013-04-28 22:03:46 +01:00
$changedEUFData [ 'WHERE' ] = '`user_extended_id` = ' . $inp ;
2009-01-11 21:06:52 +00:00
//print_a($changedEUFData);
2013-04-28 22:03:46 +01:00
if ( false === $sql -> retrieve ( 'user_extended' , 'user_extended_id' , 'user_extended_id=' . $inp ))
{
// ***** Next line creates a record which presumably should be there anyway, so could generate an error if no test first
$sql -> db_Select_gen ( " INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values (' " . $inp . " ', '') " );
//print_a('New extended fields added: '.$inp.'<br />');
}
2012-02-07 16:37:44 +00:00
if ( false === $sql -> db_Update ( 'user_extended' , $changedEUFData ))
2008-12-10 16:37:17 +00:00
{
2008-12-28 22:37:43 +00:00
$message .= '<br />Error updating EUF' ;
}
}
2008-12-21 11:07:58 +00:00
2008-12-28 22:37:43 +00:00
// Now see if we need to log anything. First check the options and class membership
// (Normally we would leave logging decision to the log class. But this one's a bit more complicated)
2014-10-14 16:23:16 -07:00
$user_logging_opts = e107 :: getConfig () -> get ( 'user_audit_opts' );
2008-12-28 22:37:43 +00:00
$do_log = array ();
$log_action = '' ;
if ( $_uid )
{ // Its an admin changing someone elses data - make an admin log entry here
2014-10-23 11:07:18 -07:00
e107 :: getLog () -> add ( 'USET_01' , " UID: { $udata [ 'user_id' ] } . UName: { $udata [ 'user_name' ] } " , E_LOG_INFORMATIVE );
2008-12-28 22:37:43 +00:00
// Check against the class of the target user, not the admin!
if ( ! check_class ( varset ( $pref [ 'user_audit_class' ], '' ), $udata [ 'user_class' ])) { $user_logging_opts = array (); }
}
else
{
if ( ! check_class ( varset ( $pref [ 'user_audit_class' ], '' ))) { $user_logging_opts = array (); }
}
2009-02-22 14:21:08 +00:00
$triggerData = array ();
if ( count ( $changedUserData ))
{
$triggerData = $changedUserData ; // Create record for changed user data trigger
$triggerData [ 'user_id' ] = $udata [ 'user_id' ];
$triggerData [ '_CHANGED_BY_UID' ] = USERID ; // May be admin changing data
$triggerData [ '_CHANGED_BY_UNAME' ] = USERNAME ;
if ( ! isset ( $triggerData [ 'user_name' ])) { $triggerData [ 'user_name' ] = $udata [ 'user_name' ]; }
}
2008-12-28 22:37:43 +00:00
// Now log changes if required
if ( count ( $user_logging_opts ))
{
// Start with any specific fields we're changing
if ( isset ( $changedUserData [ 'user_name' ]))
{
if ( isset ( $user_logging_opts [ USER_AUDIT_NEW_DN ]))
2007-12-15 15:06:40 +00:00
{
2008-12-28 22:37:43 +00:00
$do_log [ 'user_name' ] = $changedUserData [ 'user_name' ];
2007-12-15 15:06:40 +00:00
$log_action = USER_AUDIT_NEW_DN ;
}
2008-12-28 22:37:43 +00:00
unset ( $changedUserData [ 'user_name' ]);
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
if ( isset ( $changedUserData [ 'user_password' ]))
{
if ( isset ( $user_logging_opts [ USER_AUDIT_NEW_PW ]))
{ // Password has already been changed to a hashed value, so OK to leave the data
$do_log [ 'user_password' ] = $changedUserData [ 'user_password' ];
2007-12-15 15:06:40 +00:00
$log_action = USER_AUDIT_NEW_PW ;
}
2008-12-28 22:37:43 +00:00
unset ( $changedUserData [ 'user_password' ]);
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
if ( isset ( $changedUserData [ 'user_email' ]))
{
if ( isset ( $user_logging_opts [ USER_AUDIT_NEW_EML ]))
2007-12-15 15:06:40 +00:00
{
2008-12-28 22:37:43 +00:00
$do_log [ 'user_email' ] = $changedUserData [ 'user_email' ];
2007-12-15 15:06:40 +00:00
$log_action = USER_AUDIT_NEW_EML ;
}
2008-12-28 22:37:43 +00:00
unset ( $changedUserData [ 'user_email' ]);
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
if ( count ( $changedUserData ) && isset ( $user_logging_opts [ USER_AUDIT_NEW_SET ]))
{
$do_log = array_merge ( $do_log , $changedUserData );
$log_action = USER_AUDIT_NEW_SET ;
}
if ( count ( $do_log ))
{ // Got some changes to audit
2008-12-10 16:37:17 +00:00
// echo "Adding to audit log<br />";
2008-12-28 22:37:43 +00:00
if ( $_uid )
{
2008-12-21 11:07:58 +00:00
$log_action = USER_AUDIT_ADMIN ; // If an admin did the mod, different heading
2007-12-15 15:06:40 +00:00
// Embed a message saying who changed the data
2008-12-28 22:37:43 +00:00
$changedUserData [ 'message' ] = str_replace ( array ( '--ID--' , '--LOGNAME--' ), array ( USERID , USERNAME ), LAN_USET_18 );
2008-12-10 16:37:17 +00:00
$admin_log -> user_audit ( $log_action , $do_log , $udata [ 'user_id' ], $udata [ 'user_loginname' ]);
2008-12-28 22:37:43 +00:00
}
else
{
2008-12-10 16:37:17 +00:00
if ( count ( $do_log ) > 1 ) { $log_action = USER_AUDIT_NEW_SET ; } // Log multiple entries to one record
$admin_log -> user_audit ( $log_action , $do_log );
2006-12-02 04:36:16 +00:00
}
2008-12-21 11:07:58 +00:00
}
2008-12-28 22:37:43 +00:00
} // End of audit logging
2006-12-02 04:36:16 +00:00
2008-12-28 22:37:43 +00:00
// Now tidy up
if ( $photo_to_delete )
{ // Photo may be a flat file, or in the database
delete_file ( $photo_to_delete );
}
if ( $avatar_to_delete )
{ // Avatar may be a flat file, or in the database
delete_file ( $avatar_to_delete );
}
2007-12-15 15:06:40 +00:00
2008-12-28 22:37:43 +00:00
// If user has changed display name, update the record in the online table
if ( isset ( $changedUserData [ 'user_name' ]) && ! $_uid )
{
$sql -> db_Update ( 'online' , " online_user_id = ' " . USERID . " . " . $changedUserData [ 'user_name' ] . " ' WHERE online_user_id = ' " . USERID . " . " . USERNAME . " ' " );
}
2007-12-15 15:06:40 +00:00
2008-01-06 21:16:37 +00:00
2006-12-02 04:36:16 +00:00
2007-10-09 21:30:29 +00:00
2015-02-15 16:07:27 -08:00
e107 :: getEvent () -> trigger ( 'postuserset' , $_POST );
2009-02-22 14:21:08 +00:00
if ( count ( $triggerData ))
{
2015-02-15 16:07:27 -08:00
e107 :: getEvent () -> trigger ( 'userdatachanged' , $triggerData );
2009-02-22 14:21:08 +00:00
}
2008-06-13 20:20:23 +00:00
2008-12-10 16:37:17 +00:00
if ( e_QUERY == 'update' )
2008-12-28 22:37:43 +00:00
{
2008-12-10 16:37:17 +00:00
header ( 'Location: index.php' );
2008-12-28 22:37:43 +00:00
}
2011-05-03 22:39:51 +00:00
2012-11-28 12:13:10 -08:00
if ( $adminEdit && $message )
{
$mes -> addSuccess ( $message );
}
2011-05-03 22:39:51 +00:00
if ( isset ( $USERSETTINGS_MESSAGE ))
{
$message = str_replace ( " { MESSAGE} " , $message , $USERSETTINGS_MESSAGE );
}
2013-06-17 16:03:33 -07:00
elseif ( ! deftrue ( 'BOOTSTRAP' )) // backwards compatible
2011-05-03 22:39:51 +00:00
{
$message = " <div style='text-align:center'> " . $message . '</div>' ;
}
$caption = ( isset ( $USERSETTINGS_MESSAGE_CAPTION )) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK ;
2008-12-21 11:07:58 +00:00
} // End - if (!$error)...
2008-06-13 20:20:23 +00:00
2011-11-28 09:14:51 +00:00
if ( ! $error && ! $promptPassword )
{
2012-12-09 18:12:18 +01:00
if ( isset ( $_POST ) && vartrue ( $changedUserData [ 'user_name' ]))
2011-11-28 09:14:51 +00:00
{
$redirect = e107 :: getRedirect ();
$url = e107 :: getUrl ();
$to = $_uid ? $url -> create ( 'user/profile/edit' , array ( 'id' => $_uid , 'name' => $changedUserData [ 'user_name' ])) : $url -> create ( 'user/myprofile/edit' );
if ( $message ) e107 :: getMessage () -> addSuccess ( $message , 'default' , true );
$redirect -> redirect ( $to );
}
unset ( $_POST );
}
2008-06-13 20:20:23 +00:00
2006-12-02 04:36:16 +00:00
if ( $error )
{
2015-01-27 11:32:09 -08:00
// require_once (e_HANDLER.'message_handler.php');
2008-12-29 09:31:36 +00:00
$temp = array ();
2008-12-28 22:37:43 +00:00
if ( count ( $extraErrors ))
{
2008-12-29 09:31:36 +00:00
$temp [] = implode ( '<br />' , $extraErrors );
2008-12-28 22:37:43 +00:00
}
if ( count ( $allData [ 'errors' ]))
{
2008-12-29 09:31:36 +00:00
$temp [] = validatorClass :: makeErrorList ( $allData , 'USER_ERR_' , '%n - %x - %t: %v' , '<br />' , $userMethods -> userVettingInfo );
2008-12-28 22:37:43 +00:00
}
2015-02-14 23:34:15 -08:00
if ( vartrue ( $eufVals [ 'errors' ]))
2008-12-28 22:37:43 +00:00
{
2009-06-12 20:41:35 +00:00
$temp [] = '<br />' . validatorClass :: makeErrorList ( $eufVals , 'USER_ERR_' , '%n - %x - %t: %v' , '<br />' , NULL );
2008-12-28 22:37:43 +00:00
}
2015-01-27 11:32:09 -08:00
// message_handler('P_ALERT', implode('<br />', $temp));
$errorMsg = implode ( '<br />' , $temp );
if ( deftrue ( 'BOOTSTRAP' ))
{
echo e107 :: getMessage () -> addError ( $errorMsg ) -> render ();
}
else
{
$ns -> tablerender ( $caption , $message );
}
2008-12-28 22:37:43 +00:00
// $adref = $_POST['adminreturn'];
2006-12-02 04:36:16 +00:00
}
2007-10-09 21:30:29 +00:00
2008-06-13 20:20:23 +00:00
2007-12-15 15:06:40 +00:00
// --- User data has been updated here if appropriate ---
2011-11-28 09:14:51 +00:00
$testSessionMessage = e107 :: getMessage () -> get ( E_MESSAGE_SUCCESS , 'default' , true ); // only success in the session
if ( $testSessionMessage ) $message = implode ( '<br />' , $testSessionMessage ); // we got raw message - array
2013-05-07 20:30:20 -07:00
2008-12-10 16:37:17 +00:00
if ( isset ( $message ))
2006-12-02 04:36:16 +00:00
{
2013-06-17 16:03:33 -07:00
if ( deftrue ( 'BOOTSTRAP' ))
2013-05-07 20:30:20 -07:00
{
echo e107 :: getMessage () -> addInfo ( $message ) -> render ();
}
else
{
$ns -> tablerender ( $caption , $message );
}
2006-12-02 04:36:16 +00:00
}
2008-12-10 16:37:17 +00:00
$uuid = ( $_uid ? $_uid : USERID ); // If $_uid is set, its an admin changing another user's data
2008-06-13 20:20:23 +00:00
if ( $promptPassword )
2008-12-21 11:07:58 +00:00
{ // User has to enter password to validate data
2008-12-28 22:37:43 +00:00
$updated_data = serialize ( $changedUserData );
$validation_key = md5 ( $updated_data );
$updated_data = base64_encode ( $updated_data );
$updated_extended = serialize ( $changedEUFData );
$extended_key = md5 ( $updated_extended );
$updated_extended = base64_encode ( $updated_extended );
$text = " <form method='post' action=' " . e_SELF . ( e_QUERY ? " ? " . e_QUERY : '' ) . " '>
2014-03-13 00:21:34 +01:00
< table >< tr >< td style = 'text-align:center' > " ;
foreach ( $_POST as $k => $v )
2008-12-28 22:37:43 +00:00
{
2014-03-13 00:21:34 +01:00
if ( is_array ( $v ))
2008-12-28 22:37:43 +00:00
{
2014-03-13 00:21:34 +01:00
foreach ( $v as $sk => $sv )
{
$text .= " <input type='hidden' name=' { $k } [ { $sk } ]' value=' { $sv } ' /> \n " ;
}
}
else
{
$text .= " <input type='hidden' name=' { $k } ' value=' { $v } ' /> \n " ;
2008-12-28 22:37:43 +00:00
}
}
2014-03-13 00:21:34 +01:00
$text .= LAN_USET_21 . " </td></tr><tr><td> </td></tr>
2008-12-28 22:37:43 +00:00
< tr >< td style = 'text-align:center' >< input type = 'password' name = 'currentpassword' value = '' size = '30' /> " ;
2014-03-13 00:21:34 +01:00
$text .= " <input type='hidden' name='updated_data' value=' { $updated_data } ' /><input type='hidden' name='updated_key' value=' { $validation_key } ' />
< input type = 'hidden' name = 'updated_extended' value = '{$updated_extended}' />< input type = 'hidden' name = 'extended_key' value = '{$extended_key}' />
2008-12-28 22:37:43 +00:00
</ td ></ tr >
< tr >< td >& nbsp ; </ td ></ tr >
< tr >< td style = 'text-align:center' >< input type = 'submit' name = 'SaveValidatedInfo' value = '".LAN_ENTER."' /></ td ></ tr >
2014-03-13 00:21:34 +01:00
</ table >
</ form > " ;
$ns -> tablerender ( LAN_USET_39 , $text );
if ( ! $adminEdit )
{
require_once ( FOOTERF );
}
else
{
require_once ( e_ADMIN . " footer.php " );
}
2008-06-13 20:20:23 +00:00
}
//--------------------------------------------------------
// Re-read the user data into curVal (ready for display)
//--------------------------------------------------------
2006-12-02 04:36:16 +00:00
$qry = "
SELECT u .* , ue .* FROM #user AS u
LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id
2008-12-28 22:37:43 +00:00
WHERE u . user_id = " .intval( $uuid );
2006-12-02 04:36:16 +00:00
$sql -> db_Select_gen ( $qry );
2008-12-28 22:37:43 +00:00
$curVal = $sql -> db_Fetch ( MYSQL_ASSOC );
$curVal [ 'user_class' ] = varset ( $changedUserData [ 'user_class' ], $curVal [ 'user_class' ]);
$curVal [ 'userclass_list' ] = $userMethods -> addCommonClasses ( $curVal , FALSE );
2006-12-02 04:36:16 +00:00
2012-12-09 18:12:18 +01:00
if ( vartrue ( $_POST ))
2008-12-21 11:07:58 +00:00
{ // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values
// (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block
2008-12-10 16:37:17 +00:00
foreach ( $_POST as $key => $val )
2008-12-28 22:37:43 +00:00
{
if ( $key != 'class' ) { $curVal [ 'user_' . $key ] = $tp -> post_toForm ( $val ); }
}
2008-12-10 16:37:17 +00:00
foreach ( $_POST [ 'ue' ] as $key => $val )
2008-12-28 22:37:43 +00:00
{
$curVal [ $key ] = $tp -> post_toForm ( $val );
}
2006-12-02 04:36:16 +00:00
}
2014-03-13 00:21:34 +01:00
//require_once (e_HANDLER."form_handler.php");
//$rs = new form;
2015-05-15 13:07:26 -07:00
$text = '<form method="post" action="' . $usersettings_form_action . '" id="dataform" class="form-horizontal" role="form" enctype="multipart/form-data" autocomplete="off">' ;
2006-12-02 04:36:16 +00:00
2014-03-13 00:21:34 +01:00
//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));
2006-12-02 04:36:16 +00:00
2008-12-10 16:37:17 +00:00
if ( e_QUERY == " update " )
2006-12-02 04:36:16 +00:00
{
2009-10-29 11:32:58 +00:00
$text .= " <div class='fborder' style='text-align:center'><br /> " . str_replace ( " * " , " <span class='required'>*</span> " , LAN_USET_9 ) . " <br /> " . LAN_USET_10 . " <br /><br /></div> " ;
2006-12-02 04:36:16 +00:00
}
2013-05-07 18:32:38 -07:00
// e107::scStyle($sc_style);
2012-06-19 09:08:41 +00:00
e107 :: getScBatch ( 'usersettings' ) -> setVars ( $curVal );
2013-05-07 18:32:38 -07:00
2014-08-20 22:23:48 -07:00
$text .= $tp -> parseTemplate ( $USERSETTINGS_EDIT , true , $usersettings_shortcodes ); //ParseSC must be set to true so that custom plugin -shortcodes can be utilized.
2011-05-03 22:39:51 +00:00
2006-12-02 04:36:16 +00:00
2011-05-03 22:39:51 +00:00
$text .= " <div><input type='hidden' name='_uid' value=' { $uuid } ' /></div>
2014-03-13 00:21:34 +01:00
</ form >
" ;
2006-12-02 04:36:16 +00:00
2011-05-03 22:39:51 +00:00
$caption = ( isset ( $USERSETTINGS_EDIT_CAPTION )) ? $USERSETTINGS_EDIT_CAPTION : LAN_USET_39 ; // 'Update User Settings'
$ns -> tablerender ( $caption , $text );
if ( ! $adminEdit )
{
require_once ( FOOTERF );
}
else
{
2014-03-13 00:21:34 +01:00
require_once ( e_ADMIN . " footer.php " );
2011-05-03 22:39:51 +00:00
}
2006-12-02 04:36:16 +00:00
2008-12-28 22:37:43 +00:00
2007-12-15 15:06:40 +00:00
// If a field is required, returns a red asterisk
2010-02-10 21:53:56 +00:00
function req ( $field )
2007-12-15 15:06:40 +00:00
{
2008-12-28 22:37:43 +00:00
$ret = " " ;
2006-12-02 04:36:16 +00:00
if ( $field == 2 )
{
2009-10-29 11:32:58 +00:00
$ret = " <span class='required'> *</span> " ;
2006-12-02 04:36:16 +00:00
}
return $ret ;
}
2007-12-15 15:06:40 +00:00
2008-12-21 11:07:58 +00:00
2007-07-23 20:06:05 +00:00
// Delete a file from the public directories. Return TRUE on success, FALSE on failure.
// Also deletes from database if appropriate.
function delete_file ( $fname , $dir = 'avatars/' )
{
2015-02-15 16:07:27 -08:00
return ;
/*
$sql = e107 :: getDb ();
$tp = e107 :: getParser ();
2008-12-28 22:37:43 +00:00
$fname = trim ( $fname );
2008-12-10 16:37:17 +00:00
if ( ! $fname ) return false ;
2010-02-10 21:53:56 +00:00
if ( preg_match ( " #Binary (.*?)/# " , $fname , $match ))
2008-12-28 22:37:43 +00:00
{
return $sql -> db_Delete ( " rbinary " , " binary_id=' " . $tp -> toDB ( $match [ 1 ]) . " ' " );
}
2010-02-10 21:53:56 +00:00
elseif ( file_exists ( e_UPLOAD . $dir . $fname ))
2008-12-28 22:37:43 +00:00
{
2009-11-07 02:10:52 +00:00
unlink ( e_UPLOAD . $dir . $fname );
2008-12-10 16:37:17 +00:00
return true ;
2008-12-28 22:37:43 +00:00
}
2008-12-10 16:37:17 +00:00
return false ;
2015-02-15 16:07:27 -08:00
*/
2007-07-23 20:06:05 +00:00
}