From 5d25c47657f4eaecde386b35062c4ba0eb9164f1 Mon Sep 17 00:00:00 2001 From: e107steved Date: Sun, 28 Dec 2008 22:37:43 +0000 Subject: [PATCH] First cut of usersettings changes using common validation routines; more shared LANs, eliminate unused LANs --- class2.php | 7 +- .../batch/usersettings_shortcodes.php | 15 +- e107_handlers/e_parse_class.php | 5 +- e107_handlers/user_extended_class.php | 92 +- e107_handlers/user_handler.php | 38 +- e107_handlers/userclass_class.php | 120 +- e107_handlers/validator_class.php | 72 +- e107_languages/English/English.php | 60 +- e107_languages/English/lan_signup.php | 16 +- e107_languages/English/lan_user.php | 30 +- e107_languages/English/lan_usersettings.php | 113 +- e107_themes/templates/signup_template.php | 12 +- .../templates/usersettings_template.php | 52 +- signup.php | 96 +- usersettings.php | 1011 +++++++---------- 15 files changed, 844 insertions(+), 895 deletions(-) diff --git a/class2.php b/class2.php index b7a8df6da..5c849bf56 100644 --- a/class2.php +++ b/class2.php @@ -9,9 +9,9 @@ * General purpose file * * $Source: /cvs_backup/e107_0.8/class2.php,v $ -* $Revision: 1.90 $ -* $Date: 2008-12-22 03:15:04 $ -* $Author: mcfly_e107 $ +* $Revision: 1.91 $ +* $Date: 2008-12-28 22:37:42 $ +* $Author: e107steved $ * */ // @@ -1282,6 +1282,7 @@ function get_user_data($uid, $extra = '') } //=========================================================== + $var['user_baseclasslist'] = $var['user_class']; // Keep track of which base classes are in DB // Now look up the 'inherited' user classes $var['user_class'] = $e107->user_class->get_all_user_classes($var['user_class']); diff --git a/e107_files/shortcode/batch/usersettings_shortcodes.php b/e107_files/shortcode/batch/usersettings_shortcodes.php index e22987364..6e5250c1b 100755 --- a/e107_files/shortcode/batch/usersettings_shortcodes.php +++ b/e107_files/shortcode/batch/usersettings_shortcodes.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_files/shortcode/batch/usersettings_shortcodes.php,v $ -| $Revision: 1.9 $ -| $Date: 2008-01-15 21:57:31 $ +| $Revision: 1.10 $ +| $Date: 2008-12-28 22:37:42 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -49,7 +49,7 @@ SC_END SC_BEGIN CUSTOMTITLE global $rs, $curVal, $pref; -if ($pref['signup_option_customtitle'] || ADMIN) +if ($pref['signup_option_customtitle']) { return $rs->form_text("customtitle", 40, $curVal['user_customtitle'], 100, "tbox"); } @@ -98,7 +98,7 @@ SC_BEGIN HIDEEMAIL global $rs, $curVal; if($parm == 'radio') { - return ($curVal['user_hideemail'] ? $rs->form_radio("hideemail", 1, 1)." ".LAN_416."  ".$rs->form_radio("hideemail", 0)." ".LAN_417 : $rs->form_radio("hideemail", 1)." ".LAN_416."  ".$rs->form_radio("hideemail", 0, 1)." ".LAN_417); + return ($curVal['user_hideemail'] ? $rs->form_radio("hideemail", 1, 1)." ".LAN_YES."  ".$rs->form_radio("hideemail", 0)." ".LAN_NO : $rs->form_radio("hideemail", 1)." ".LAN_YES."  ".$rs->form_radio("hideemail", 0, 1)." ".LAN_NO); } SC_END @@ -110,7 +110,7 @@ if(ADMIN && $curVal['user_id'] != USERID) return ""; } if (!is_object($e_userclass)) $e_userclass = new user_class; -$ucList = explode(',',$e_userclass->get_editable_classes()); // List of classes which this user can edit +$ucList = $e_userclass->get_editable_classes(USERCLASS_LIST, TRUE); // List of classes which this user can edit (as array) $ret = ''; if(!count($ucList)) return; @@ -120,8 +120,9 @@ if(!count($ucList)) return; if (check_class($cid, $curVal['user_class'])) $is_checked[$cid] = $cid; if(isset($_POST['class'])) { - $is_checked[$cid] = in_array($cid, $_POST['class']); +// $is_checked[$cid] = in_array($cid, $_POST['class']); } + } $inclass = implode(',',$is_checked); @@ -161,7 +162,7 @@ SC_END SC_BEGIN AVATAR_CHOOSE $ret = " - +
"; $avatarlist[0] = ""; $handle = opendir(e_IMAGE."avatars/"); diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index 0e7285ae9..349f2ec01 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/e_parse_class.php,v $ -| $Revision: 1.45 $ -| $Date: 2008-11-16 19:58:42 $ +| $Revision: 1.46 $ +| $Date: 2008-12-28 22:37:43 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -313,6 +313,7 @@ class e_parse function parseTemplate($text, $parseSCFiles = TRUE, $extraCodes = "") { + $this->sch_load(); return $this->e_sc->parseCodes($text, $parseSCFiles, $extraCodes); } diff --git a/e107_handlers/user_extended_class.php b/e107_handlers/user_extended_class.php index 5d5b0ffa9..49fe82497 100755 --- a/e107_handlers/user_extended_class.php +++ b/e107_handlers/user_extended_class.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/user_extended_class.php,v $ -| $Revision: 1.20 $ -| $Date: 2008-12-21 11:07:58 $ +| $Revision: 1.21 $ +| $Date: 2008-12-28 22:37:43 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -82,7 +82,7 @@ class e107_user_extended 'sess', 'email', 'signature', 'image', 'hideemail', 'join', 'lastvisit', 'currentvisit', 'chats', 'comments', 'forums', 'ip', 'ban', 'prefs', 'viewed', - 'visits', 'admin', 'login', 'class', 'perms', 'pwchange', + 'visits', 'admin', 'login', 'class', 'baseclasslist', 'perms', 'pwchange', 'xup' ); @@ -94,32 +94,78 @@ class e107_user_extended } + // Validate a single extended user field // $val is whatever the user entered. // $params is the field definition // Return FALSE if acceptable, TRUE if fail , error message on regex fail if the message is defined function user_extended_validate_entry($val, $params) { - global $tp; - $parms = explode("^,^", $params['user_extended_struct_parms']); - $requiredField = $params['user_extended_struct_required'] == 1; - $regex = $tp->toText($parms[1]); - $regexfail = $tp->toText($parms[2]); - if (defined($regexfail)) { $regexfail = constant($regexfail); } - if($val == '' && $requiredField) return TRUE; - switch ($type) - { - case EUF_DATE : - if ($requiredField && ($val == '0000-00-00')) return TRUE; - break; - } - if($regex != "" && $val != "") - { - if(!preg_match($regex, $val)) return $regexfail ? $regexfail : TRUE; - } - return FALSE; // Pass by default here + global $tp; + $parms = explode("^,^", $params['user_extended_struct_parms']); + $requiredField = $params['user_extended_struct_required'] == 1; + $regex = $tp->toText($parms[1]); + $regexfail = $tp->toText($parms[2]); + if (defined($regexfail)) { $regexfail = constant($regexfail); } + if($val == '' && $requiredField) return TRUE; + switch ($type) + { + case EUF_DATE : + if ($requiredField && ($val == '0000-00-00')) return TRUE; + break; + } + if($regex != "" && $val != "") + { + if(!preg_match($regex, $val)) return $regexfail ? $regexfail : TRUE; + } + return FALSE; // Pass by default here } + // Validate all user-modifable extended user fields which are presented. + // $inArray is the input data (usually from $_POST or $_POST['ue'], although doesn't have to be) - may have 'surplus' values + // $hideArray is a set of possible 'hide' flags + function userExtendedValidateAll($inArray, $hideArray) + { + global $tp; + $extList = $this->user_extended_get_fieldList(); // Filter this more later + $eufVals = array(); // 'Answer' array + $hideFlags = array(); + foreach ($extList as $k => $defs) + { + $f = 'user_'.$defs['user_extended_struct_name']; + if (isset($inArray[$f])) + { // Only allow valid keys + $val = $inArray[$f]; + $err = $this->user_extended_validate_entry($val, $defs); + if ($err === true) + { // General error - usually empty field; could be unacceptable value, or regex fail and no error message defined + $eufVals['errortext'][$f] = str_replace('--SOMETHING--',$tp->toHtml($defs['user_extended_struct_text'],FALSE,'defs'),LAN_USER_75); + $eufVals['errors'][$f] = ERR_GENERIC; + } + elseif ($err) + { // Specific error message returned - usually regex fail + $eufVals['errortext'][$f] = $err; + $eufVals['errors'][$f] = ERR_GENERIC; + } + elseif (!$err) + { + $eufVals['validate'][$f] = $tp->toDB($val); + } + if (isset($hideArray[$f])) + { + $hideFlags[] = $f; + } + } + } + $hidden_fields = implode("^", $hideFlags); + if ($hidden_fields != "") + { + $hidden_fields = "^".$hidden_fields."^"; + } + $eufVals['validate']['user_hidden_fields'] = $hidden_fields; + return $eufVals; + } + function user_extended_get_categories($byID = TRUE) { @@ -151,7 +197,7 @@ class e107_user_extended $more = ($cat) ? " AND user_extended_struct_parent = ".intval($cat)." " : ""; if($sql->db_Select("user_extended_struct", "*", "user_extended_struct_type > 0 AND user_extended_struct_text != '_system_' {$more} ORDER BY user_extended_struct_order ASC")) { - while($row = $sql->db_Fetch()) + while($row = $sql->db_Fetch(MYSQL_ASSOC)) { $ret[$row['user_extended_struct_parent']][] = $row; } @@ -166,7 +212,7 @@ class e107_user_extended $more = ($cat != '') ? " AND user_extended_struct_parent = ".intval($cat)." " : ""; if($sql->db_Select("user_extended_struct", "*", "user_extended_struct_type > 0 AND user_extended_struct_text != '_system_' {$more} ORDER BY user_extended_struct_order ASC")) { - while($row = $sql->db_Fetch()) + while($row = $sql->db_Fetch(MYSQL_ASSOC)) { $ret[$row[$indexField]] = $row; } diff --git a/e107_handlers/user_handler.php b/e107_handlers/user_handler.php index 66af0aea6..4a1ecdb5b 100644 --- a/e107_handlers/user_handler.php +++ b/e107_handlers/user_handler.php @@ -9,8 +9,8 @@ * Handler - user-related functions * * $Source: /cvs_backup/e107_0.8/e107_handlers/user_handler.php,v $ - * $Revision: 1.4 $ - * $Date: 2008-12-21 22:17:05 $ + * $Revision: 1.5 $ + * $Date: 2008-12-28 22:37:43 $ * $Author: e107steved $ * */ @@ -74,7 +74,11 @@ class UserHandler Index is the destination field name. If the source index name is different, specify 'srcName' in the array. Possible processing options: - 'doToDB' - passes final value through $tp->toDB() + 'dbClean' - 'sanitising' method for final value: + - 'toDB' - passes final value through $tp->toDB() + - 'intval' - converts to an integer + - 'image' - checks image for size + - 'avatar' - checks an image in the avatars directory 'stripTags' - strips HTML tags from the value (not an error if there are some) 'minLength' - minimum length (in utf-8 characters) for the string 'maxLength' - minimum length (in utf-8 characters) for the string @@ -86,9 +90,9 @@ class UserHandler 'user_loginname' => array('niceName'=> LAN_USER_02, 'vetMethod' => '1', 'vetParam' => '', 'srcName' => 'loginname', 'stripTags' => TRUE, 'stripChars' => '/ |\#|\=|\$/', 'minLength' => 2, 'maxLength' => varset($pref['loginname_maxlength'],30)), // User name 'user_login' => array('niceName'=> LAN_USER_03, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'realname', 'dbClean' => 'toDB'), // Real name (no real vetting) 'user_customtitle' => array('niceName'=> LAN_USER_04, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'customtitle', 'dbClean' => 'toDB', 'enablePref' => 'signup_option_customtitle'), // No real vetting - 'user_password' => array('niceName'=> LAN_USER_05, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'password1', 'minLength' => varset($pref['signup_pass_len'],1)), - 'user_sess' => array('niceName'=> LAN_USER_06, 'vetMethod' => '0', 'vetParam' => '', 'dbClean' => 'toDB'), // Photo - 'user_image' => array('niceName'=> LAN_USER_07, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'image', 'dbClean' => 'toDB'), // Avatar + 'user_password' => array('niceName'=> LAN_USER_05, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'password1', 'dataType' => 2, 'minLength' => varset($pref['signup_pass_len'],1)), + 'user_sess' => array('niceName'=> LAN_USER_06, 'vetMethod' => '0', 'vetParam' => '', 'stripChars' => "#\"|'|(|)#", 'dbClean' => 'image', 'imagePath' => e_FILE.'public/avatars/', 'maxHeight' => varset($pref['im_height'], 100), 'maxWidth' => varset($pref['im_width'], 120)), // Photo + 'user_image' => array('niceName'=> LAN_USER_07, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'image', 'stripChars' => "#\"|'|(|)#", 'dbClean' => 'avatar', 'maxHeight' => varset($pref['im_height'], 100), 'maxWidth' => varset($pref['im_width'], 120)), // Avatar 'user_email' => array('niceName'=> LAN_USER_08, 'vetMethod' => '1,3', 'vetParam' => '', 'srcName' => 'email', 'dbClean' => 'toDB'), 'user_signature' => array('niceName'=> LAN_USER_09, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'signature', 'dbClean' => 'toDB'), 'user_hideemail' => array('niceName'=> LAN_USER_10, 'vetMethod' => '0', 'vetParam' => '', 'srcName' => 'hideemail', 'dbClean' => 'intval'), @@ -335,18 +339,18 @@ class UserHandler $cookieval = $lode['user_id'].".".md5($lode['user_password']); // (Use extra md5 on cookie value to obscure hashed value for password) if ($pref['user_tracking'] == "session") { - $_SESSION[$pref['cookie_name']] = $cookieval; + $_SESSION[$pref['cookie_name']] = $cookieval; } else { - if ($autologin == 1) - { // Cookie valid for up to 30 days - cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30)); - } - else - { - cookie($pref['cookie_name'], $cookieval); - } + if ($autologin == 1) + { // Cookie valid for up to 30 days + cookie($pref['cookie_name'], $cookieval, (time() + 3600 * 24 * 30)); + } + else + { + cookie($pref['cookie_name'], $cookieval); + } } } @@ -528,8 +532,8 @@ Following fields auto-filled in code as required: global $pref, $sql; if (isset($pref['del_unv']) && $pref['del_unv'] && $pref['user_reg_veri'] != 2) { - $threshold=(time() - ($pref['del_unv'] * 60)); - $sql->db_Delete("user", "user_ban = 2 AND user_join < '{$threshold}' "); + $threshold= intval(time() - ($pref['del_unv'] * 60)); + $sql->db_Delete('user', 'user_ban = 2 AND user_join < '.$threshold); } } } diff --git a/e107_handlers/userclass_class.php b/e107_handlers/userclass_class.php index 75a146496..9f6bab82f 100644 --- a/e107_handlers/userclass_class.php +++ b/e107_handlers/userclass_class.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/userclass_class.php,v $ -| $Revision: 1.24 $ -| $Date: 2008-12-21 11:07:58 $ +| $Revision: 1.25 $ +| $Date: 2008-12-28 22:37:43 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -173,43 +173,91 @@ class user_class // Given the list of 'base' classes a user belongs to, returns a comma separated list including ancestors. Duplicates stripped - function get_all_user_classes($start_list) - { - $is = array(); - $start_array = explode(',', $start_list); - foreach ($start_array as $sa) - { // Merge in latest values - should eliminate duplicates as it goes - if (isset($this->class_tree[$sa])) - { - $is = array_merge($is,explode(',',$this->class_tree[$sa]['userclass_accum'])); - } - } - return implode(',',array_unique($is)); - } - - - // Returns a list of user classes which can be edited by the specified classlist (defaults to current user's classes) - function get_editable_classes($class_list = USERCLASS_LIST) - { - $ret = array(); - $blockers = array(e_UC_PUBLIC => 1, e_UC_READONLY => 1, e_UC_MEMBER => 1, e_UC_NOBODY => 1, e_UC_GUEST => 1); - $possibles = array_flip(explode(',',$class_list)); -// unset($possibles[e_UC_PUBLIC]); - unset($possibles[e_UC_READONLY]); - foreach ($this->class_tree as $uc => $uv) + function get_all_user_classes($start_list) { - if (!isset($blockers[$uc])) - { - $ec = $this->class_tree[$uc]['userclass_editclass']; -// echo "Check class: {$uc} editclass {$ec} in array: ".(isset($possibles[$ec]) ? 'yes' : 'no').'
'; - if (isset($possibles[$ec])) - { - $ret[] = $uc; + $is = array(); + $start_array = explode(',', $start_list); + foreach ($start_array as $sa) + { // Merge in latest values - should eliminate duplicates as it goes + if (isset($this->class_tree[$sa])) + { + $is = array_merge($is,explode(',',$this->class_tree[$sa]['userclass_accum'])); + } } - } + return implode(',',array_unique($is)); + } + + + // Returns a list of user classes which can be edited by the specified classlist (defaults to current user's classes) + function get_editable_classes($class_list = USERCLASS_LIST, $asArray = FALSE) + { + $ret = array(); + $blockers = array(e_UC_PUBLIC => 1, e_UC_READONLY => 1, e_UC_MEMBER => 1, e_UC_NOBODY => 1, e_UC_GUEST => 1, e_UC_NEWUSER => 1); + $possibles = array_flip(explode(',',$class_list)); + unset($possibles[e_UC_READONLY]); + foreach ($this->class_tree as $uc => $uv) + { + if (!isset($blockers[$uc])) + { + $ec = $uv['userclass_editclass']; + if (isset($possibles[$ec])) + { +// echo $uc." {$ec} {$uv['userclass_description']}
"; + $ret[] = $uc; + } + } + } + if ($asArray) { return $ret; } + return implode(',',$ret); + } + + + + // Combines the selected editable classes into the main class list for a user. + // $combined - the complete list of current class memberships + // $possible - the classes which are being edited + // $actual - the actual membership of the editable classes + // All classes may be passed as comma-separated lists or arrays + function mergeClassLists($combined, $possible, $actual, $asArray = FALSE) + { + if (!is_array($combined)) { $combined = explode(',',$combined); } + if (!is_array($possible)) { $possible = explode(',',$possible); } + if (!is_array($actual)) { $actual = explode(',',$actual); } + $combined = array_flip($combined); + foreach ($possible as $p) + { + if (in_array($p,$actual)) + { // Class must be in final array + $combined[$p] = 1; + } + else + { + unset($combined[$p]); + } + } + $combined = array_keys($combined); + if ($asArray) { return $combined; } + return implode(',', $combined); + } + + + function stripFixedClasses($inClasses) + { + $asArray = TRUE; + if (!is_array($inClasses)) + { + $asArray = FALSE; + $inClasses = explode(',',$inClasses); + } + $inClasses = array_flip($inClasses); + foreach ($this->fixed_classes as $k => $v) + { + if (isset($inClasses[$k])) { unset($inClasses[$k]); } + } + $inClasses = array_keys($inClasses); + if ($asArray) { return ($inClasses); } + return implode(',',$inClasses); } - return implode(',',$ret); - } // Given a comma separated list, returns the minimum number of class memberships required to achieve this (i.e. strips classes 'above' another in the tree) diff --git a/e107_handlers/validator_class.php b/e107_handlers/validator_class.php index 35a714416..851688245 100644 --- a/e107_handlers/validator_class.php +++ b/e107_handlers/validator_class.php @@ -9,8 +9,8 @@ * Handler - general purpose validation functions * * $Source: /cvs_backup/e107_0.8/e107_handlers/validator_class.php,v $ - * $Revision: 1.2 $ - * $Date: 2008-12-21 22:17:05 $ + * $Revision: 1.3 $ + * $Date: 2008-12-28 22:37:43 $ * $Author: e107steved $ * */ @@ -35,6 +35,8 @@ define('ERR_CODE_ERROR', '16'); define('ERR_TOO_LOW', '17'); define('ERR_TOO_HIGH', '18'); define('ERR_GENERIC', '19'); // This requires coder-defined error text +define('ERR_IMAGE_TOO_WIDE', '20'); +define('ERR_IMAGE_TOO_HIGH', '21'); /* @@ -45,8 +47,10 @@ The validator functions use an array of parameters for each variable to be valid Possible processing options: 'srcname' - specifies the array index of the source data, where its different to the destination index 'dbClean' - method for preparing the value to write to the DB (done as final step before returning). Options are: - - 'toDB' - passes final value through $tp->toDB() - - 'intval' - makes an integer + - 'toDB' - passes final value through $tp->toDB() + - 'intval' - converts to an integer + - 'image' - checks image for size + - 'avatar' - checks an image in the avatars directory 'stripTags' - strips HTML tags from the value (not an error if there are some) 'minLength' - minimum length (in utf-8 characters) for the string 'maxLength' - minimum length (in utf-8 characters) for the string @@ -94,7 +98,7 @@ class validatorClass $value = $sourceFields[$src]; if (!$errNum && isset($defs['enablePref'])) { // Only process this field if a specified pref enables it - if (!varsettrue($pref[$options['enablePref']])) + if (!varsettrue($pref[$defs['enablePref']])) { continue; // Just loop to the next field - ignore this one. } @@ -113,11 +117,12 @@ class validatorClass $newValue = trim(preg_replace($defs['stripChars'], "", $value)); if ($newValue <> $value) { + echo "Invalid: {$newValue} :: {$value}
"; $errNum = ERR_INVALID_CHARS; } $value = $newValue; } - if (!$errNum && isset($defs['minLength']) && $tp->uStrLen($value) < $defs['minLength']) + if (!$errNum && isset($defs['minLength']) && ($tp->uStrLen($value) < $defs['minLength'])) { if ($value == '') { @@ -179,6 +184,13 @@ class validatorClass $errNum = ERR_ARRAY_EXPECTED; } break; + case 2 : // Assumes we're processing a dual password field - array name for second value is one more than for first + $src2 = substr($src,0,-1).(substr($src,-1,1) + 1); + if (!isset($sourceFields[$src2]) || ($sourceFields[$src2] != $value)) + { + $errNum = ERR_PASSWORDS_DIFFERENT; + } + break; default : $errNum = ERR_CODE_ERROR; // Pick up bad values } @@ -195,6 +207,43 @@ class validatorClass case 'intval' : $value = intval($value); break; + case 'avatar' : // Special case of an image - may be found in the avatars directory + if (preg_match('#[0-9\._]#', $value)) + { + if (strpos('-upload-', $value) === 0) + { + $img = e_FILE.'public/avatars/'.$value; // Its a server-stored image + } + else + { + $img = $value; // Its a remote image + } + } + // Deliberately fall through into normal image processing + case 'image' : // File is an image name. $img may be set if we fall through from 'avatar' option - its the 'true' path to the image + if (!isset($img) && isset($defs['imagePath'])) + { + $img = $defs['imagePath'].$value; + } + $img = varset($img,$value); + if ($size = getimagesize($img)) + { + // echo "Image {$img} size: {$size[0]} x {$size[1]}
"; + if (isset($defs['maxWidth']) && $size[0] > $defs['maxWidth']) + { // Image too wide + $errNum = ERR_IMAGE_TOO_WIDE; + } + if (isset($defs['maxHeight']) && $size[1] > $defs['maxHeight']) + { // Image too high + $errNum = ERR_IMAGE_TOO_HIGH; + } + } + else + { + // echo "Image {$img} not found or cannot size - original value {$value}
"; + } + unset($img); + break; default : echo "Invalid dbClean method: {$defs['dbClean']}
"; // Debug message } @@ -205,7 +254,14 @@ class validatorClass if ($errNum) { // error to report $ret['errors'][$dest] = $errNum; - $ret['failed'][$dest] = $sourceFields[$src]; // Save value with error + if ($defs['dataType'] == 2) + { + $ret['failed'][$dest] = str_repeat('*',strlen($sourceFields[$src])); // Save value with error - obfuscated + } + else + { + $ret['failed'][$dest] = $sourceFields[$src]; // Save value with error + } } } return $ret; @@ -384,7 +440,7 @@ class validatorClass { $curLine = str_replace('%t', constant($constPrefix.$n), $curLine); // Standard messages } - $curLine = str_replace('%v', $vars['failed'][$f],$curLine); // Possibly this should have some protection added + $curLine = str_replace('%v', htmlentities($vars['failed'][$f]),$curLine); $curLine = str_replace('%f', $f, $curLine); if ($checkNice & isset($niceNames[$f]['niceName'])) { diff --git a/e107_languages/English/English.php b/e107_languages/English/English.php index 18b8d1ba0..ab97e2f01 100644 --- a/e107_languages/English/English.php +++ b/e107_languages/English/English.php @@ -4,50 +4,44 @@ | e107 website system - Language File. | | $Source: /cvs_backup/e107_0.8/e107_languages/English/English.php,v $ -| $Revision: 1.8 $ -| $Date: 2008-12-21 22:17:05 $ +| $Revision: 1.9 $ +| $Date: 2008-12-28 22:37:43 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ setlocale(LC_ALL, 'en'); -define("CORE_LC", 'en'); -define("CORE_LC2", 'gb'); +define('CORE_LC', 'en'); +define('CORE_LC2', 'gb'); // define("TEXTDIRECTION","rtl"); -define("CHARSET", "utf-8"); // for a true multi-language site. :) -define("CORE_LAN1","Error : theme is missing.\\n\\nChange the used themes in your preferences (admin area) or upload files of the current theme on the server."); - -//v.616 -define("CORE_LAN2"," \\1 wrote:");// "\\1" represents the username. -define("CORE_LAN3","file attachment disabled"); - -//v0.7+ -define("CORE_LAN4", "Please delete install.php from your server"); -define("CORE_LAN5", "if you do not there is a potential security risk to your website"); - -// v0.7.6 -define("CORE_LAN6", "The flood protection on this site has been activated and you are warned that if you carry on requesting pages you could be banned."); -define("CORE_LAN7", "Core is attempting to restore prefs from automatic backup."); -define("CORE_LAN8", "Core Prefs Error"); -define("CORE_LAN9", "Core could not restore from automatic backup. Execution halted."); -define("CORE_LAN10", "Corrupted cookie detected - logged out."); +define('CHARSET', 'utf-8'); // for a true multi-language site. :) +define('CORE_LAN1',"Error : theme is missing.\\n\\nChange the used themes in your preferences (admin area) or upload files for the current theme to the server."); +define('CORE_LAN2'," \\1 wrote:");// "\\1" represents the username. +define('CORE_LAN3', 'file attachment disabled'); // Not used in 0.8 +define('CORE_LAN4', 'Please delete install.php from your server'); +define('CORE_LAN5', 'if you do not there is a potential security risk to your website'); +define('CORE_LAN6', 'The flood protection on this site has been activated and you are warned that if you carry on requesting pages you could be banned.'); +define('CORE_LAN7', 'Core is attempting to restore prefs from automatic backup.'); +define('CORE_LAN8', 'Core Prefs Error'); +define('CORE_LAN9', 'Core could not restore from automatic backup. Execution halted.'); +define('CORE_LAN10', 'Corrupted cookie detected - logged out.'); // Footer -define("CORE_LAN11", "Render time: "); -define("CORE_LAN12", " sec ("); -define("CORE_LAN13", "% of that for queries) "); -define("CORE_LAN14", "%2.3f cpu sec (%2.2f%% load, %2.3f startup). Clock: "); -define("CORE_LAN15", "DB queries: "); -define("CORE_LAN16", "Memory: "); +define('CORE_LAN11', 'Render time: '); +define('CORE_LAN12', ' sec ('); +define('CORE_LAN13', '% of that for queries) '); +define('CORE_LAN14', '%2.3f cpu sec (%2.2f%% load, %2.3f startup). Clock: '); +define('CORE_LAN15', 'DB queries: '); +define('CORE_LAN16', 'Memory: '); // img.bb define('CORE_LAN17', '[ image disabled ]'); define('CORE_LAN18', 'Image: '); -define("CORE_LAN_B", "B"); -define("CORE_LAN_KB", "kB"); -define("CORE_LAN_MB", "MB"); -define("CORE_LAN_GB", "GB"); -define("CORE_LAN_TB", "TB"); +define('CORE_LAN_B', 'B'); +define('CORE_LAN_KB', 'kB'); +define('CORE_LAN_MB', 'MB'); +define('CORE_LAN_GB', 'GB'); +define('CORE_LAN_TB', 'TB'); define('LAN_WARNING', 'Warning!'); @@ -56,6 +50,8 @@ define('LAN_ANONYMOUS', 'Anonymous'); define('LAN_EMAIL_SUBS', '-email-'); define('LAN_YES', 'Yes'); define('LAN_NO', 'No'); +define('LAN_OK', 'OK'); define('LAN_CONTINUE', 'Continue'); +define('LAN_ENTER', 'Enter'); ?> \ No newline at end of file diff --git a/e107_languages/English/lan_signup.php b/e107_languages/English/lan_signup.php index cc31fc92f..39795f38f 100644 --- a/e107_languages/English/lan_signup.php +++ b/e107_languages/English/lan_signup.php @@ -9,8 +9,8 @@ * Language file - User signup * * $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_signup.php,v $ - * $Revision: 1.14 $ - * $Date: 2008-12-21 22:17:05 $ + * $Revision: 1.15 $ + * $Date: 2008-12-28 22:37:43 $ * $Author: e107steved $ * */ @@ -44,8 +44,8 @@ define("LAN_SIGNUP_2", "chars."); define("LAN_SIGNUP_3", "Code verification failed."); define("LAN_SIGNUP_4", "Your password must be at least "); define("LAN_SIGNUP_5", " characters long."); -define("LAN_SIGNUP_6", "Your "); -define("LAN_SIGNUP_7", " is required"); +//define("LAN_SIGNUP_6", "Your "); See LAN_USER_75 +//define("LAN_SIGNUP_7", " is required"); See LAN_USER_75 define("LAN_SIGNUP_8", "Thank you!"); define("LAN_SIGNUP_9", "Unable to proceed."); //define("LAN_SIGNUP_10", "Yes"); @@ -66,7 +66,7 @@ define("LAN_SIGNUP_24", "Thank you for registering at"); define("LAN_SIGNUP_25", "Upload your avatar"); define("LAN_SIGNUP_26", "Upload your photograph"); define("LAN_SIGNUP_27", "Show"); -define("LAN_SIGNUP_28", "choice of Content/Mail-lists"); +//define("LAN_SIGNUP_28", "choice of Content/Mail-lists"); Now LAN_USER_73 define("LAN_SIGNUP_29", "A verification email will be sent to the email address you enter here so it must be valid."); define("LAN_SIGNUP_30", "If you do not wish to display your email address on this site, please select 'Yes' for the 'Hide email address?' option."); define("LAN_SIGNUP_31", "URL to your XUP file"); @@ -100,7 +100,7 @@ define("LAN_SIGNUP_59","**** If the link doesn't work, please check that part of define('LAN_SIGNUP_60','Signup email resend requested'); define('LAN_SIGNUP_61','Send succeeded'); define('LAN_SIGNUP_62','Send failed'); -define('LAN_SIGNUP_63','Password reset email resent requested'); +define('LAN_SIGNUP_63','Password reset email resend requested'); define('LAN_SIGNUP_64','That doesn\'t appear to be valid user information'); define('LAN_SIGNUP_65','You have been assigned the following login name'); define('LAN_SIGNUP_66','Please make a note of it.'); @@ -123,8 +123,8 @@ define('LAN_SIGNUP_82', 'the name that you use to login'); // LAN_10 define('LAN_SIGNUP_83', 'Password: '); // LAN_17 define('LAN_SIGNUP_84', 'Re-type Password: '); // LAN_111 define('LAN_SIGNUP_85', 'Usernames and passwords are case-sensitive.'); // LAN_400 -define('LAN_SIGNUP_86', 'Email Address: '); // LAN_112 -define('LAN_SIGNUP_87', 'Hide email address?: '); // LAN_113 +//define('LAN_SIGNUP_86', 'Email Address: '); // LAN_112 = LAN_USER_60 +//define('LAN_SIGNUP_87', 'Hide email address?: '); // LAN_113 = LAN_USER_83 //define('LAN_SIGNUP_88', 'This will prevent your email address from being displayed on site'); // LAN_114 define('LAN_SIGNUP_89', 'Display Name: '); // LAN_7 define('LAN_SIGNUP_90', 'the name that will be displayed on site'); // LAN_8 diff --git a/e107_languages/English/lan_user.php b/e107_languages/English/lan_user.php index 992949ec5..5eadc0f24 100644 --- a/e107_languages/English/lan_user.php +++ b/e107_languages/English/lan_user.php @@ -9,8 +9,8 @@ * Language file - user-related (many generic definitions) * * $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_user.php,v $ - * $Revision: 1.3 $ - * $Date: 2008-12-21 22:17:05 $ + * $Revision: 1.4 $ + * $Date: 2008-12-28 22:37:43 $ * $Author: e107steved $ * */ @@ -36,7 +36,7 @@ define('LAN_USER_02','Login Name'); define('LAN_USER_03','Real Name'); define('LAN_USER_04','Custom title'); define('LAN_USER_05','Password'); -define('LAN_USER_06','Photo'); +define('LAN_USER_06','Photograph'); define('LAN_USER_07','Avatar'); define('LAN_USER_08','Email address'); define('LAN_USER_09','Signature'); @@ -87,10 +87,10 @@ define('LAN_USER_56', 'Registered members: '); // LAN_138 define('LAN_USER_57', 'Order: '); // LAN_139 define('LAN_USER_58', 'Member'); // LAN_142 define('LAN_USER_59', 'Joined'); // LAN_145 -define('LAN_USER_60', 'Email Address'); // LAN_112 +define('LAN_USER_60', 'Email Address: '); // LAN_112 define('LAN_USER_61', 'Rating'); // LAN_406 define('LAN_USER_62', 'Send Private Message'); // LAN_425 -define('LAN_USER_63', 'Real Name'); // LAN_308 +define('LAN_USER_63', 'Real Name: '); // LAN_308 define('LAN_USER_64', 'Site Stats'); // LAN_403 define('LAN_USER_65', 'Last visit'); // LAN_404 define('LAN_USER_66', 'Visits to site since registration'); // LAN_146 @@ -98,8 +98,22 @@ define('LAN_USER_67', 'Chatbox posts'); // LAN_147 define('LAN_USER_68', 'Comments posted'); // LAN_148 define('LAN_USER_69', 'Forum posts'); // LAN_149 define('LAN_USER_70', 'Show'); // LAN_419 -define('LAN_USER_71', 'Signature'); // LAN_120 +define('LAN_USER_71', 'Signature: '); // LAN_120 define('LAN_USER_72', 'Avatar: '); // LAN_121 +define('LAN_USER_73', 'choice of Content/Mail-lists'); +define('LAN_USER_74', 'Custom Title'); +define('LAN_USER_75', 'Your --SOMETHING-- is required'); // Replaces LAN_SIGNUP_6, LAN_SIGNUP_7 combination +define('LAN_USER_76', 'Subscribed to'); // LAN_USET_5 +define('LAN_USER_77', 'Your password must be at least --COUNT-- characters long.'); // Replaces LAN_SIGNUP_4, LAN_SIGNUP_5 combination +define('LAN_USER_78', 'Min.'); // LAN_SIGNUP_1 +define('LAN_USER_79', 'chars.'); // LAN_SIGNUP_2 +define('LAN_USER_80', 'the name displayed on site'); // LAN_8 +define('LAN_USER_81', 'Username: '); // LAN_9 +define('LAN_USER_82', 'the name you use to login to the site'); // LAN_10 +define('LAN_USER_83', 'Hide email address?: '); // LAN_113 +define('LAN_USER_84', 'This will prevent your email address from being displayed on site'); // LAN_114 +define('LAN_USER_85', 'If you want to change your user name, you must ask a site administrator'); +define('LAN_USER_86', 'Maximum avatar size is --WIDTH-- x --HEIGHT-- pixels'); // Error messages for when user data is missing. Done this way so that other code can override the default messages @@ -122,7 +136,9 @@ if (!defined('USER_ERR_16')) { define('USER_ERR_16','Software error'); } if (!defined('USER_ERR_17')) { define('USER_ERR_17','Value too low'); } if (!defined('USER_ERR_18')) { define('USER_ERR_18','Value too high'); } if (!defined('USER_ERR_19')) { define('USER_ERR_19','General error'); } -if (!defined('USER_ERR_20')) { define('USER_ERR_20','Unspecified error'); } +if (!defined('USER_ERR_20')) { define('USER_ERR_20','Image too wide'); } +if (!defined('USER_ERR_21')) { define('USER_ERR_21','Image too high'); } +if (!defined('USER_ERR_22')) { define('USER_ERR_22','Unspecified error'); } ?> \ No newline at end of file diff --git a/e107_languages/English/lan_usersettings.php b/e107_languages/English/lan_usersettings.php index 22111dd49..6159b8ea1 100644 --- a/e107_languages/English/lan_usersettings.php +++ b/e107_languages/English/lan_usersettings.php @@ -4,98 +4,75 @@ | e107 website system - Language File. | | $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_usersettings.php,v $ -| $Revision: 1.14 $ -| $Date: 2008-12-21 22:17:05 $ +| $Revision: 1.15 $ +| $Date: 2008-12-28 22:37:43 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ define("PAGE_NAME", "User Settings"); -define("LAN_7", "Display Name: "); -define("LAN_8", "the name displayed on site"); -define("LAN_9", "Username: "); -define("LAN_10", "the name you use to login to the site"); +/* +LANs rationalised - some common ones now in lan_user.php. Old numbers generally cross-referenced +// define("LAN_7", "Display Name: "); See LAN_USER_01 define("LAN_11", "the name you use to login to the site - this cannot be changed, please contact an administrator if it needs to be changed for security purposes"); -define("LAN_20", "Error"); -define("LAN_105", "The two passwords do not match"); +//define("LAN_20", "Error"); define("LAN_106", "That doesn't appear to be a valid email address"); -define("LAN_112", "Email Address: "); -define("LAN_113", "Hide email address?: "); -define("LAN_114", "This will prevent your email address from being displayed on site"); +//define("LAN_112", "Email Address: "); see LAN_USER_60 define("LAN_119", "Location: "); //define("LAN_120", "Signature: "); //define("LAN_121", "Avatar: "); define("LAN_144", "Website URL: "); -define("LAN_150", "Settings updated and saved into database."); -define("LAN_151", "OK"); -define("LAN_152", "New Password: "); -define("LAN_153", "Re-type New Password: "); -define("LAN_154", "Save Settings"); -define("LAN_155", "Update User Settings"); +//define("LAN_151", "OK"); define("LAN_185", "You left the password field blank "); -define("LAN_308", "Real Name: "); -define("LAN_401", "Leave blank to keep existing password"); +//define("LAN_308", "Real Name: "); define("LAN_402", "Type path or choose avatar"); -define("LAN_403", "Choose avatar"); -define("LAN_404", "Please note: Any image uploaded to this server that is deemed inappropriate by the administrators will be deleted immediately."); define("LAN_410", "Settings for"); define("LAN_411", "Update Your Settings"); define("LAN_412", "Change Your Password"); define("LAN_413", "Choose An Avatar"); -define("LAN_414", "Upload Your Photograph"); -define("LAN_415", "Upload your Avatar"); - -define("LAN_416", "Yes"); -define("LAN_417", "No"); - -define("LAN_418", "Registration Information"); +//define("LAN_416", "Yes"); +//define("LAN_417", "No"); define("LAN_419", "Personal / Contact Information"); -define("LAN_420", "Avatar"); -define("LAN_421", "Choose site-stored avatar"); -define("LAN_422", "Use remote avatar"); -define("LAN_423", "Please type full address to image"); -define("LAN_424", "Click button to see avatars stored on this site"); -define("LAN_425", "Photograph"); -define("LAN_426", "This will be shown on your profile page"); -define("LAN_427", "Submit ..."); -define("LAN_428", "News Item"); -define("LAN_429", "Link"); -define("LAN_430", "Download"); -define("LAN_431", "Article"); -define("LAN_432", "Review"); +//define("LAN_420", "Avatar"); LAN_USER_07 +//define("LAN_425", "Photograph"); LAN_USER_06 +//define("LAN_427", "Submit ..."); +//define("LAN_428", "News Item"); +//define("LAN_429", "Link"); +//define("LAN_430", "Download"); +//define("LAN_431", "Article"); +//define("LAN_432", "Review"); -define("LAN_433", "URL to your XUP file"); -define("LAN_434", "what's this?"); -define("LAN_435", "XML User Protocol file"); +//define("LAN_435", "XML User Protocol file"); // LAN_USER_11 -define("LAN_SIGNUP_1", "Min."); -define("LAN_SIGNUP_2", "chars."); -define("LAN_SIGNUP_4", "Your password must be at least "); -define("LAN_SIGNUP_5", " characters long."); -define("LAN_SIGNUP_6", "Your "); -define("LAN_SIGNUP_7", " is required"); +//define("LAN_SIGNUP_1", "Min."); See LAN_USER_78 +//define("LAN_SIGNUP_2", "chars."); See LAN_USER_79 +//define("LAN_SIGNUP_4", "Your password must be at least "); See LAN_USER_77 +//define("LAN_SIGNUP_5", " characters long."); See LAN_USER_77 +//define("LAN_SIGNUP_6", "Your "); See LAN_USER_75 +//define("LAN_SIGNUP_7", " is required"); See LAN_USER_75 -// v.616 -define("LAN_CUSTOMTITLE", "Custom Title"); +//define("LAN_CUSTOMTITLE", "Custom Title"); See LAN_USER_04 //define("LAN_ICQNUMBER", "ICQ number must contain only numbers"); //v.617 define("LAN_408", "A user with that email address already exists. "); +*/ define("MAX_AVWIDTH", "Maximum avatar size (wxh) is "); define("MAX_AVHEIGHT", " x "); // define("GIF_RESIZE", "Please resize gif image or convert to different format"); -define("RESIZE_NOT_SUPPORTED", "Resize method not supported by this server. Please resize image or choose another. File has been deleted."); +//define("RESIZE_NOT_SUPPORTED", "Resize method not supported by this server. Please resize image or choose another. File has been deleted."); + // v0.7 define("LAN_USET_1", "Your avatar is too wide"); define("LAN_USET_2", "Maximum allowable width is"); define("LAN_USET_3", "Your avatar is too high"); define("LAN_USET_4", "Maximum allowable height is"); -define("LAN_USET_5", "Subscribed to"); -define("LAN_USET_6", "Subscribe to our mailing-list(s) and/or sections of this site."); +//define("LAN_USET_5", "Subscribed to"); // Now LAN_USER_76 +//define("LAN_USET_6", "Subscribe to our mailing-list(s) and/or sections of this site."); Now LAN_USER_73 define("LAN_USET_7", "Miscellaneous"); define("LAN_USET_8", "User Signature"); define("LAN_USET_9", "Some of the required fields (marked with a *) are missing from your settings."); @@ -108,14 +85,30 @@ define("LAN_USET_15", "Display name too long. Please choose another"); define("LAN_USET_16", "Tick box to delete existing photo without uploading another"); define("LAN_USET_17", "Display name already used. Please choose another"); define('LAN_USET_18', 'User data changed by admin: --ID--, login name: --LOGNAME--'); -define('LAN_USET_19', 'Custom Title'); +//define('LAN_USET_19', 'Custom Title'); Now LAN_USER_74 define('LAN_USET_20', 'You must also change the user\'s password if you are changing their login name or email address'); define('LAN_USET_21', 'Please validate the changes by re-entering your password: '); define('LAN_USET_22', 'Invalid password!'); -define('LAN_USET_23', ''); -define('LAN_USET_24', ''); -define('LAN_USET_25', ''); +define('LAN_USET_23', 'Leave blank to keep existing password'); // LAN_401 +define('LAN_USET_24', 'New Password: '); // LAN_152 +define('LAN_USET_25', 'Re-type New Password: '); // LAN_153 +define('LAN_USET_26', 'Upload your Avatar'); // LAN_415 +define('LAN_USET_27', 'Upload Your Photograph'); // LAN_414 +define('LAN_USET_28', 'This will be shown on your profile page'); // LAN_426 +define('LAN_USET_29', 'URL to your XUP file'); // LAN_433 +define('LAN_USET_30', 'what\'s this?'); // LAN_434 +define('LAN_USET_31', 'Registration Information'); // LAN_418 +define('LAN_USET_32', 'Please note: Any image uploaded to this server that is deemed inappropriate by the administrators will be deleted immediately.'); // LAN_404 +define('LAN_USET_33', 'Choose site-stored avatar'); // LAN_421 +define('LAN_USET_34', 'Use remote avatar'); // LAN_422 +define('LAN_USET_35', 'Please type full address to image'); // LAN_423 +define('LAN_USET_36', 'Click button to see avatars stored on this site'); // LAN_424 +define('LAN_USET_37', 'Save Settings'); // LAN_154 +define('LAN_USET_38', 'Choose avatar'); // LAN_403 +define('LAN_USET_39', 'Update User Settings'); // LAN_155 +define('LAN_USET_40', 'The two passwords do not match'); // LAN_105 +define('LAN_USET_41', 'Settings updated and saved into database.'); // LAN_150 +define('LAN_USET_42', ''); -define('LAN_ENTER', 'Enter'); ?> \ No newline at end of file diff --git a/e107_themes/templates/signup_template.php b/e107_themes/templates/signup_template.php index 5e9eb0462..2b4145ddb 100755 --- a/e107_themes/templates/signup_template.php +++ b/e107_themes/templates/signup_template.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_themes/templates/signup_template.php,v $ -| $Revision: 1.11 $ -| $Date: 2008-12-21 22:17:05 $ +| $Revision: 1.12 $ +| $Date: 2008-12-28 22:37:43 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -53,8 +53,8 @@ if(!defined($USERCLASS_SUBSCRIBE_START)) { $USERCLASS_SUBSCRIBE_START = " -".LAN_USET_5." ".req($pref['signup_option_class'])." -
".LAN_USET_6." +".LAN_USER_76." ".req($pref['signup_option_class'])." +
".LAN_USER_73." "; @@ -276,7 +276,7 @@ $SIGNUP_BODY = " - + @@ -290,7 +290,7 @@ $SIGNUP_BODY = " - + diff --git a/e107_themes/templates/usersettings_template.php b/e107_themes/templates/usersettings_template.php index 5237bb13e..c0c662105 100755 --- a/e107_themes/templates/usersettings_template.php +++ b/e107_themes/templates/usersettings_template.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_themes/templates/usersettings_template.php,v $ -| $Revision: 1.5 $ -| $Date: 2008-01-15 21:57:53 $ +| $Revision: 1.6 $ +| $Date: 2008-12-28 22:37:43 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -24,14 +24,14 @@ global $usersettings_shortcodes, $pref; $sc_style['CUSTOMTITLE']['pre'] = " - +"; $sc_style['PASSWORD1']['pre'] = " - + - + "; -$sc_style['PASSWORD_LEN']['pre'] = "
(".LAN_SIGNUP_1." "; -$sc_style['PASSWORD_LEN']['post'] = " ".LAN_SIGNUP_2.")"; +$sc_style['PASSWORD_LEN']['pre'] = "
(".LAN_USER_78." "; +$sc_style['PASSWORD_LEN']['post'] = " ".LAN_USER_79.")"; $sc_style['USERCLASSES']['pre'] = " -"; $sc_style['AVATAR_UPLOAD']['pre'] = " - +"; $sc_style['PHOTO_UPLOAD']['pre'] = " - + - +"; @@ -78,10 +78,10 @@ $sc_style['PHOTO_UPLOAD']['post'] = ""; $sc_style['XUP']['pre'] = " - + - +"; @@ -104,25 +104,25 @@ $USERSETTINGS_EDIT = "
".LAN_SIGNUP_86."{SIGNUP_IS_MANDATORY=email}".LAN_USER_60."{SIGNUP_IS_MANDATORY=email} {SIGNUP_EMAIL}
".LAN_SIGNUP_87."".LAN_USER_83." {SIGNUP_HIDE_EMAIL}
".LAN_CUSTOMTITLE.":".LAN_USER_04.": "; $sc_style['CUSTOMTITLE']['post'] = "
".LAN_152."
".LAN_401."		".LAN_USET_24."
".LAN_USET_23."		 "; @@ -40,7 +40,7 @@ $sc_style['PASSWORD2']['pre'] = "
".LAN_153."
".LAN_401."		".LAN_USET_25."
".LAN_USET_23."		 "; $sc_style['PASSWORD2']['post'] = " @@ -48,29 +48,29 @@ $sc_style['PASSWORD2']['post'] = "
".LAN_USET_5.":".req($pref['signup_option_class'])." -
".LAN_USET_6." +		".LAN_USER_76.":".req($pref['signup_option_class'])." +
".LAN_USER_73." 		"; $sc_style['USERCLASSES']['post'] = "
".LAN_415."
".LAN_USET_26."
 "; $sc_style['AVATAR_UPLOAD']['post'] = "
".LAN_425."".LAN_USER_06."
".LAN_414."
".LAN_426."		".LAN_USET_27."
".LAN_USET_28."		 "; $sc_style['PHOTO_UPLOAD']['post'] = "
".LAN_435."".LAN_USER_11."
".LAN_433."
".LAN_434."		".LAN_USET_29."
".LAN_USET_30."		 "; $sc_style['XUP']['post'] = "
- + - + - + - + @@ -135,14 +135,14 @@ $USERSETTINGS_EDIT = " {PASSWORD2} - + - + - + - + - + - + - + @@ -189,7 +189,7 @@ $USERSETTINGS_EDIT = " {XUP} - +
".LAN_418."".LAN_USET_31."
".LAN_7."
".LAN_8."		".LAN_USER_01."
".LAN_USER_80."		 {USERNAME}
".LAN_9."
".LAN_10."		".LAN_USER_81."
".LAN_USER_82."		 {LOGINNAME}
".LAN_308.req($pref['signup_option_realname'])."".LAN_USER_63.req($pref['signup_option_realname'])." {REALNAME}
".LAN_112.req(!$pref['disable_emailcheck'])."".LAN_USER_60.req(!$pref['disable_emailcheck'])." {EMAIL}
".LAN_113."
".LAN_114."		".LAN_USER_83."
".LAN_USER_84."		 {HIDEEMAIL=radio} @@ -154,7 +154,7 @@ $USERSETTINGS_EDIT = "
".LAN_USET_8."
".LAN_120.req($pref['signup_option_signature'])."".LAN_USER_71.req($pref['signup_option_signature'])." {SIGNATURE=cols=58&rows=4}
@@ -163,22 +163,22 @@ $USERSETTINGS_EDIT = "
".LAN_420."".LAN_USER_07."
".LAN_404.($pref['im_width'] || $pref['im_height'] ? "
".($pref['im_width'] ? MAX_AVWIDTH.$pref['im_width']." pixels. " : "").($pref['im_height'] ? MAX_AVHEIGHT.$pref['im_height']." pixels." : "") : "")."		".LAN_USET_32.($pref['im_width'] || $pref['im_height'] ? "
".str_replace(array('--WIDTH--','--HEIGHT--'), array($pref['im_width'], $pref['im_height']), LAN_USER_86) : "")."
".LAN_422.req($pref['signup_option_image'])."
".LAN_423."		".LAN_USET_34.req($pref['signup_option_image'])."
".LAN_USET_35."		 {AVATAR_REMOTE}
".LAN_421."
".LAN_424."		".LAN_USET_33."
".LAN_USET_36."		 {AVATAR_CHOOSE}
diff --git a/signup.php b/signup.php index b85fd78ff..052c03edc 100644 --- a/signup.php +++ b/signup.php @@ -9,8 +9,8 @@ * User signup * * $Source: /cvs_backup/e107_0.8/signup.php,v $ - * $Revision: 1.28 $ - * $Date: 2008-12-21 22:17:05 $ + * $Revision: 1.29 $ + * $Date: 2008-12-28 22:37:42 $ * $Author: e107steved $ * */ @@ -21,7 +21,7 @@ $qs = explode(".", e_QUERY); if($qs[0] != 'activate') { // multi-language fix. include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); - include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_usersettings.php"); +// include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_usersettings.php"); Shouldn't need this now } include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php'); // Generic user-related language defines @@ -443,15 +443,15 @@ if (isset($_POST['register'])) else { $savePassword = $_POST['password1']; // May need in plaintext later - unset($_POST['password1']); // Restrict the scope of this - unset($_POST['password2']); } + unset($_POST['password1']); // Restrict the scope of this + unset($_POST['password2']); $allData['user_ip'] = $e107->getip(); // check for multiple signups from the same IP address. - if($ipcount = $sql->db_Select("user", "*", "user_ip='".$allData['user_ip']."' and user_ban !='2' ")) + if($ipcount = $sql->db_Select('user', '*', "user_ip='".$allData['user_ip']."' and user_ban !='2' ")) { if($ipcount >= $pref['signup_maxip'] && trim($pref['signup_maxip']) != "") { @@ -473,83 +473,55 @@ if (isset($_POST['register'])) // Verify Custom Signup options if selected - need specific loop since the need for them is configuration-dependent - $signup_option_title = array(LAN_USER_63, LAN_USER_71, LAN_USER_72, LAN_SIGNUP_28); - $signup_option_names = array("realname", "signature", "image", "class"); + $signup_option_title = array(LAN_USER_63, LAN_USER_71, LAN_USER_72, LAN_USER_73, LAN_USER_74); + $signup_option_names = array('realname', 'signature', 'image', 'class', 'customtitle'); foreach($signup_option_names as $key => $value) { if ($pref['signup_option_'.$value] == 2 && !isset($alldata['validate']['user_'.$value]) && !isset($alldata['errors']['user_'.$value])) { $alldata['errors']['user_'.$value] = ERR_GENERIC; - $alldata['errortext']['user_'.$value] = LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7; + $alldata['errortext']['user_'.$value] = str_replace('--SOMETHING--',$signup_option_title[$key],LAN_USER_75); } } - // Extended Field validation - $extList = $usere->user_extended_get_fieldList(); + // Validate Extended User Fields. $eufVals = array(); - - foreach($extList as $ext) + if (isset($_POST['ue'])) { - $eufName = 'user_'.$ext['user_extended_struct_name']; - if(isset($_POST['ue'][$eufName])) - { - $newval = trim($_POST['ue'][$eufName]); // use $tp->toDB() ?? - // echo "Vetting field ".'user_'.$ext['user_extended_struct_name'].": {$newval} = ".trim($_POST['ue']['user_'.$ext['user_extended_struct_name']])."
"; - if($ext['user_extended_struct_required'] == 1 && (($newval == "") || (($ext['user_extended_struct_type'] == 7) && ($newval == '0000-00-00')) )) - { // Required field not present - $_ftext = (defined($ext['user_extended_struct_text']) ? constant($ext['user_extended_struct_text']) : $ext['user_extended_struct_text']); - $error_message .= LAN_SIGNUP_6.$_ftext.LAN_SIGNUP_7."\\n"; - $error = TRUE; - } - else - { - $parms = explode("^,^", $ext['user_extended_struct_parms']); - $regex = (isset($parms[1]) ? $tp->toText($parms[1]) : ""); - $regexfail = (isset($parms[2]) ? trim($tp->toText($parms[2])) : ""); - - if($regexfail == "") - { - $regexfail = $ext['user_extended_struct_name']." ".LAN_SIGNUP_53; - } - - if(defined($regexfail)) {$regexfail = constant($regexfail);} - - if($regex != "" && $newval != "" && !preg_match($regex, $newval)) - { - $error_message .= $regexfail."\\n"; - $error = TRUE; - } - else - { - $eufVals[$eufName] = $newval; - } - } - } + $eufVals = $ue->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],array())); // Validate the extended user fields } + + + // Determine whether we have an error + $error = ((isset($allData['errors']) && count($allData['errors'])) || (isset($eufVals['errors']) && count($eufVals['errors']))); + // All validated here - handle any errors - if (count($allData['errors'])) + if ($error) { require_once(e_HANDLER."message_handler.php"); - $temp = validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo); - message_handler('P_ALERT', $temp.'
'.$error_message); - $error = TRUE; + $temp = array(); + if (count($allData['errors'])) + { + $temp[] = validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo); + } + if (varsettrue($eufData['errors'])) + { + $temp[] = validatorClass::makeErrorList($eufData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo); + } + if ($error_message) { $temp[] = $error_message; } + message_handler('P_ALERT', implode('
', $temp)); } } // End of data validation - if($error_message) - { - message_handler("P_ALERT", $error_message); - $error_message = ''; - } // ========== End of verification.. ============== // If no errors, we can enter the new member in the DB // At this point we have two data arrays: // $allData['validate'] - the 'core' user data - // $eufVals - any extended user fields + // $eufVals['validate'] - any extended user fields if (!$error) { @@ -566,8 +538,8 @@ if (isset($_POST['register'])) } - $u_key = md5(uniqid(rand(), 1)); // Key for signup completion - $allData['validate']['user_sess'] = $u_key; // Validation key + $u_key = md5(uniqid(rand(), 1)); // Key for signup completion + $allData['validate']['user_sess'] = $u_key; // Validation key // Work out all user classes $intClasses = array(); @@ -613,10 +585,10 @@ if (isset($_POST['register'])) // Actually write data to DB $nid = $sql->db_Insert("user", $allData['validate']); - if(count($eufVals)) + if (isset($eufVals['validate']) && count($eufVals['validate'])) { $sql->db_Select_gen("INSERT INTO `#user_extended` (user_extended_id) values ('{$nid}')"); - $sql->db_UpdateArray("user_extended", $eufVals." WHERE `user_extended_id` = ".intval($nid)); + $sql->db_UpdateArray("user_extended", $eufVals['validate']." WHERE `user_extended_id` = ".intval($nid)); } if (SIGNUP_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Signup new user",array_merge($allData['validate'],$eufVals) ,FALSE,LOG_TO_ROLLING); diff --git a/usersettings.php b/usersettings.php index 2875a4a8a..fb3f1a67f 100644 --- a/usersettings.php +++ b/usersettings.php @@ -1,35 +1,28 @@ addCommonClasses($udata, FALSE); - - $peer = ($inp == USERID ? false : true); // FALSE if editing own data + $udata['user_classlist'] = $userMethods->addCommonClasses($udata, FALSE); } if (isset($_POST['updatesettings'])) { - if (!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107') + if (!varsettrue($pref['auth_method'])) { - $pref['auth_method'] = 'e107'; + $pref['auth_method'] = 'e107'; } if ($pref['auth_method'] != 'e107') { - $_POST['password1'] = ''; - $_POST['password2'] = ''; + $_POST['password1'] = ''; + $_POST['password2'] = ''; } - if ($_POST['image'] == '' && $udata['user_image']) - { - $changed_user_data['user_image'] = ''; - } - - // Check external avatar - if ($_POST['image']) - { - $img = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix) - - if (preg_match('#[0-9\._]#', $_POST['image'])) - { - $img = e_IMAGE.'avatars/'.$_POST['image']; - } - - if ($size = getimagesize($img)) - { - $avwidth = $size[0]; - $avheight = $size[1]; - $avmsg = ''; - - $pref['im_width'] = varsettrue($pref['im_width'], 120); - $pref['im_height'] = varsettrue($pref['im_height'], 100); - if ($avwidth > $pref['im_width']) - { - $avmsg .= LAN_USET_1." ({$avwidth})
".LAN_USET_2.": {$pref['im_width']}

"; - } - if ($avheight > $pref['im_height']) - { - $avmsg .= LAN_USET_3." ({$avheight})
".LAN_USET_4.": {$pref['im_height']}"; - } - if ($avmsg) - { - $_POST['image'] = ''; - $error = $avmsg; - } - else - { - if ($_POST['image'] != $udata['user_image']) - { - $changed_user_data['user_image'] = $_POST['image']; - } - } - } - else - { - // Invalid image file - we could just put up a message - } - } - - - // The 'class' option doesn't really make sense to me, but left it for now - // $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_USET_19); - // $signup_option_names = array("realname", "signature", "image", "timezone"); - - $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_USET_6, LAN_USET_19); - $signup_option_names = array("realname", "signature", "image", "class", 'signup_option_customtitle'); - foreach ($signup_option_names as $key => $value) - { // Check required signup fields - if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid) - { - $error .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n"; - } - } - - - // Login Name checks - only admin can change login name - if (isset($_POST['loginname']) && ADMIN && getperms("4")) - { // Only check if its been edited - $loginname = trim(preg_replace('/ |\#|\=|\$/', "", strip_tags($_POST['loginname']))); - if ($loginname != $_POST['loginname']) - { - $error .= LAN_USET_13."\\n"; - } - // Check if login name exceeds maximum allowed length - if (strlen($loginname) > varset($pref['loginname_maxlength'], 30)) - { - $error .= LAN_USET_14."\\n"; - } - if ($udata['user_loginname'] != $loginname) - { - $changed_user_data['user_loginname'] = $loginname; - } - else - { - unset($loginname); - } - } - if (isset($loginname)) - { - $_POST['loginname'] = $loginname; - } - else - { - unset($_POST['loginname']); // Make sure no chance of the $_POST value staying set inappropriately - } - - // Display name checks - // If display name == login name, it has to meet the criteria for both login name and display name - // echo "Check_class: {$pref['displayname_class']}; {$udata['user_classlist']}; {$peer}
"; - if (check_class($pref['displayname_class'], $udata['user_classlist'], $peer)) - { // Display name can be different to login name - check display name if its been entered - if (isset($_POST['username'])) - { - $username = trim(strip_tags($_POST['username'])); - $_POST['username'] = $username; - // echo "Found new display name: {$username}
"; - } - } - else - { // Display name and login name must be the same - check only if the login name has been changed - if (varsettrue($loginname)) $username = $loginname; - } - - if (varsettrue($username)) - { - // Impose a minimum length on display name - if (strlen($username) < 2) - { - $error .= LAN_USET_12."\\n"; - } - if (strlen($username) > varset($pref['displayname_maxlength'], 15)) - { - $error .= LAN_USET_15."\\n"; - } - - if (isset($pref['signup_disallow_text'])) - { - $tmp = explode(",", $pref['signup_disallow_text']); - foreach ($tmp as $disallow) - { - if (stristr($username, trim($disallow))) - { - $error .= LAN_USET_11."\\n"; - } - } - } - - // Display Name exists. - if ($sql->db_Count('user', '(*)', "WHERE `user_name`='".$username."' AND `user_id` != ".(int)$inp)) - { - $error .= LAN_USET_17; - } - if ($username != $udata['user_name']) { $changed_user_data['user_name'] = $username; } - unset($username); - } - - - // Password checks - $new_pass = ''; - if ($_POST['password1'] != $_POST['password2']) - { - $error .= LAN_105."\\n"; - } - else - { - if (trim($_POST['password1']) != "") - { - if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len']) - { - $error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n"; - } - $new_pass = $_POST['password1']; // Don't hash it yet - } - } - - - // Email address checks - if (!varsettrue($pref['disable_emailcheck'])) - { - if (!check_email($_POST['email'])) - { - $error .= LAN_106."\\n"; - } - } - - // Check for duplicate of email address - if ($sql->db_Select('user', 'user_name, user_email', "user_email='".$tp->toDB($_POST['email'])."' AND user_id !=".(int)$inp)) - { - $error .= LAN_408."\\n"; - } - - // Uploaded avatar and/or photo if ($file_userfile['error'] != 4) { require_once (e_HANDLER.'upload_handler.php'); require_once (e_HANDLER.'resize_handler.php'); - if ($uploaded = file_upload(e_FILE.'public/avatars/', 'avatar='.$udata['user_id'])) - { - foreach ($uploaded as $upload) - { // Needs the latest upload handler (with legacy and 'future' interfaces) to work - if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload']) - { - // avatar uploaded - give it a reference which identifies it as server-stored - $_POST['image'] = "-upload-".$upload['name']; - if ($_POST['image'] != $udata['user_image']) + if ($uploaded = process_uploaded_files(e_FILE.'public/avatars/', 'prefix+ap_'.$udata['user_id'].'_', array('overwrite' => TRUE, 'file_mask'=>'jpg,png,gif', 'max_file_count' => 2))) + { + foreach ($uploaded as $upload) { - $avatar_to_delete = str_replace("-upload-", "", $udata['user_image']); - // echo "Avatar change; deleting {$avatar_to_delete}
"; - $changed_user_data['user_image'] = $_POST['image']; + if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload']) + { + // avatar uploaded - give it a reference which identifies it as server-stored + // Vetting routines will do resizing and so on + $_POST['image'] = '-upload-'.$upload['name']; + } + elseif ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload']) + { + // photograph uploaded + $_POST['user_sess'] = $upload['name']; + } + elseif (isset($upload['error']) && isset($upload['message'])) + { + $extraErrors[] = $upload['message']; + } } - - if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], "avatar")) - { - unset($message); - $error .= RESIZE_NOT_SUPPORTED."\\n"; - @unlink(e_FILE.'public/avatars/'.$upload['name']); - $_POST['image'] = ''; - unset($changed_user_data['user_image']); - } - } - - if ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload']) - { - // photograph uploaded - if ($udata['user_sess'] != $upload['name']) - { - $photo_to_delete = $udata['user_sess']; - $changed_user_data['user_sess'] = $upload['name']; - } - - if (!resize_image(e_FILE.'public/avatars/'.$upload['name'], e_FILE.'public/avatars/'.$upload['name'], 180)) - { - unset($message); - $error .= RESIZE_NOT_SUPPORTED."\\n"; - @unlink(e_FILE.'public/avatars/'.$upload['name']); - unset($changed_user_data['user_sess']); - } - } } - } } + + // Now validate everything - just check everything that's been entered + $allData = validatorClass::validateFields($_POST,$userMethods->userVettingInfo, TRUE); // Do basic validation + validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', $inp); // Do basic DB-related checks + $userMethods->userValidation($allData); // Do user-specific DB checks + + $savePassword = ''; + + if (($_POST['password1'] != '') || ($_POST['password2'] != '')) + { // Need to validate new password here + if (!isset($allData['errors']['user_password'])) + { // No errors in password yet - may be valid + $savePassword = $allData['validate']['user_password']; + unset($allData['validate']['user_password']); // Delete the password value in the output array + } + } + else + { + unset($allData['errors']['user_password']); // Delete the error which an empty password field generates + } + + unset($_POST['password1']); + unset($_POST['password2']); + + + $changedUserData = validatorClass::findChanges($allData['validate'], $udata,FALSE); + + + // Login Name checks - only admin can change login name + if (isset($changedUserData['user_loginname'])) + { + if (ADMIN && getperms('4')) + { + if (!check_class($pref['displayname_class'], $udata['user_classlist'], $adminEdit)) + { // Display name and login name must be the same + $changedUserData['user_name'] = $changedUserData['user_loginname']; + } + } + else + { + unset($changedUserData['user_loginname']); // Just doing this is probably being kind! + $alldata['errors']['user_loginname'] = ERR_GENERIC; + $alldata['errortext']['user_loginname'] = LAN_USER_85; + } + } + + // See if user just wants to delete existing photo if (isset($_POST['user_delete_photo'])) { $photo_to_delete = $udata['user_sess']; - $changed_user_data['user_sess'] = ''; - // echo "Just delete old photo: {$photo_to_delete}
"; + $changedUserData['user_sess'] = ''; } - // Validate Extended User Fields. - if ($_POST['ue']) + if ($udata['user_image'] && !isset($changedUserData['user_image'])) { - if ($sql->db_Select('user_extended_struct')) - { - while ($row = $sql->db_Fetch()) + $changedUserData['user_image'] = ''; + $avatar_to_delete = str_replace('-upload-', '', $udata['user_image']); + } + + + + // Validate Extended User Fields. + $changedEUFData = array(); + if (isset($_POST['ue'])) + { + $eufVals = $ue->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],array())); // Validate the extended user fields + $changedEUFData = validatorClass::findChanges($eufVals['validate'], $udata,FALSE); + } + + // Determine whether we have an error + $error = ((isset($allData['errors']) && count($allData['errors'])) || (isset($eufVals['errors']) && count($eufVals['errors'])) || count($extraErrors)); + + + // Update Userclass - only if its the user changing their own data (admins can do it another way) + if (isset($allData['validate']['user_class'])) + { + unset($changedUserData['user_class']); // We always recalculate this + if (FALSE === $adminEdit) + { // Make sure admin can't edit another's user classes + if (!is_object($e_userclass)) { - $extList['user_'.$row['user_extended_struct_name']] = $row; + $e_userclass = new user_class; } - } - - foreach ($_POST['ue'] as $key => $val) - { - if (isset($extList[$key])) - { // Only allow valid keys - $err = $ue->user_extended_validate_entry($val, $extList[$key]); - if ($err === true && !$_uid) - { // General error - usually empty field; could be unacceptable value, or regex fail and no error message defined - $error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'],FALSE,"defs"))." ".LAN_SIGNUP_7."\\n"; - } - elseif ($err) - { // Specific error message returned - usually regex fail - $error .= $err."\\n"; - $err = true; - } - if (!$err) + $ucList = $e_userclass->get_editable_classes(USERCLASS_LIST,TRUE); // List of classes which this user can edit + if (count($ucList)) + { + $nid = $e_userclass->mergeClassLists($udata['user_class'], $ucList, $allData['validate']['user_class'], TRUE); + $nid = $e_userclass->stripFixedClasses($nid); + $nid = implode(',',$nid); + // echo "Userclass data - new: {$nid}, old: {$udata['user_baseclasslist']}, editable: ".implode(',',$ucList).", entered: {$allData['validate']['user_class']}
"; + if ($nid != $udata['user_baseclasslist']) { - $val = $tp->toDB($val); - $ue_fields .= ($ue_fields) ? ", " : ""; - $ue_fields .= $key."='".$val."'"; + if (US_DEBUG) + { + $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Write back classes; old list: {$udata['user_class']}; new list: ".$nid, false, LOG_TO_ROLLING); + } + $changedUserData['user_class'] = $nid; } } } - } - - - unset($_POST['password1']); // Always clear the password fields - value noted if required - unset($_POST['password2']); + } // All key fields validated here // ----------------------------- - // $inp - UID of user whose data is being changed (may not be the currently logged in user) - if (!$error) + if (!$error && count($changedUserData) || count($changedEUFData)) { - $_POST['user_id'] = intval($inp); - $ret = $e_event->trigger("preuserset", $_POST); + $_POST['user_id'] = intval($inp); + $ret = $e_event->trigger('preuserset', $_POST); - if ($ret == '') - { - if (isset($_POST['customtitle']) && ($pref['signup_option_customtitle'])) + if ($ret == '') { - $new_customtitle = $tp->toDB($_POST['customtitle']); - if ($new_customtitle != $udata['user_customtitle']) - { - $changed_user_data['user_customtitle'] = $new_customtitle; - } - } - - // Extended fields - handle any hidden fields - if ($ue_fields) - { - $hidden_fields = implode("^", array_keys($_POST['hide'])); - if ($hidden_fields != "") - { - $hidden_fields = "^".$hidden_fields."^"; - } - $ue_fields .= ", user_hidden_fields = '".$hidden_fields."'"; - } - - - // Handle fields which are just transferred without vetting (but are subject to toDB() for exploit restriction) - $copy_list = array('user_signature' => 'signature', - 'user_login' => 'realname', - 'user_email' => 'email', - 'user_hideemail' =>'hideemail', - 'user_xup' => 'user_xup'); - - // Next list identifies numerics which might take a value of 0 - $non_text_list = array( - 'user_hideemail' =>'hideemail' - ); - foreach ($copy_list as $k => $v) - { - if (isset($_POST[$v]) && (trim($_POST[$v]) || isset($non_text_list[$k]))) - { - $_POST[$v] = $tp->toDB(trim($_POST[$v])); - if ($_POST[$v] != $udata[$k]) - { - $changed_user_data[$k] = $_POST[$v]; - // echo "Changed {$k}, {$v} from {$udata[$k]} to {$_POST[$v]}
"; - } - } - } - - - // Update Userclass - only if its the user changing their own data (admins can do it another way) - if (!$_uid) - { - if (!is_object($e_userclass)) - { - $e_userclass = new user_class; - } - $ucList = explode(',', $e_userclass->get_editable_classes()); // List of classes which this user can edit - if (count($ucList)) - { - if (US_DEBUG) - { - $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Read editable list. Current user classes: ".$udata['user_class'], false, LOG_TO_ROLLING); - } - - $cur_classes = explode(",", $udata['user_class']); // Current class membership - $newclist = array_flip($cur_classes); // Array keys are now the class IDs - - // Update class list - we must take care to only change those classes a user can edit themselves - foreach ($ucList as $cid) - { - if (!in_array($cid, $_POST['class'])) - { - unset($newclist[$cid]); - } - else - { - $newclist[$cid] = 1; - } - } - $newclist = array_keys($newclist); - $nid = implode(',', array_diff($newclist, array(''))); - // echo "Userclass data - new: {$nid}, old: {$udata['user_class']}
"; - if ($nid != $udata['user_class']) - { - if (US_DEBUG) - { - $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Write back classes; old list: {$udata['user_class']}; new list: ".$nid, false, LOG_TO_ROLLING); - } - $changed_user_data['user_class'] = $nid; - } - } - } // Only admins can update login name - do this just in case one of the event triggers has mucked it about if (!(ADMIN && getperms('4'))) - { - unset($changed_user_data['user_loginname']); + { + unset($changedUserData['user_loginname']); + } + } + else + { // Invalid data - from hooked in trigger event + $message = "
".$ret."
"; + $caption = LAN_OK; + $error = TRUE; } - } - else - { // Invalid data - from hooked in trigger event - $message = "
".$ret."
"; - $caption = LAN_151; - } } } // End - update setttings elseif (isset($_POST['SaveValidatedInfo'])) { // Next bit only valid if user editing their own data - if (!$peer && !empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key'])) - { // Got some data confirmed with password entry - $new_data = base64_decode($_POST['updated_data']); - if (md5($new_data) != $_POST['updated_key']) - { // Should only happen if someone's fooling around - echo "Mismatch on validation key
"; - exit; - } + if (!$adminEdit && !empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key'])) + { // Got some data confirmed with password entry + $new_data = base64_decode($_POST['updated_data']); + if (md5($new_data) != $_POST['updated_key']) + { // Should only happen if someone's fooling around + echo 'Mismatch on validation key
'; + exit(); + } - if (isset($_POST['updated_extended'])) - { - $new_extended = base64_decode($_POST['updated_extended']); - if (md5($new_extended) != $_POST['extended_key']) - { // Should only happen if someone's fooling around - echo "Mismatch on validity key
"; - exit; - } - } + if (isset($_POST['updated_extended'])) + { + $new_extended = base64_decode($_POST['updated_extended']); + if (md5($new_extended) != $_POST['extended_key']) + { // Should only happen if someone's fooling around + echo 'Mismatch on validity key
'; + exit(); + } + } - if ($user_info->CheckPassword($_POST['currentpassword'], $udata['user_loginname'], $udata['user_password']) === false) // Use old data to validate + if ($userMethods->CheckPassword($_POST['currentpassword'], $udata['user_loginname'], $udata['user_password']) === false) // Use old data to validate - { // Invalid password - echo "
".LAN_USET_22."
"; + { // Invalid password + echo "
".LAN_USET_22."
"; require_once (FOOTERF); - exit; + exit(); + } + $changedUserData = unserialize($new_data); + $savePassword = $_POST['currentpassword']; + if (!empty($new_extended)) $changedEUFData = unserialize($new_extended); + unset($new_data); + unset($new_extended); + if (isset($changedUserData['user_sess'])) + { + $photo_to_delete = $udata['user_sess']; + } + if (isset($changedUserData['user_image'])) + { + $avatar_to_delete = $udata['user_image']; + } } - $changed_user_data = unserialize($new_data); - $new_pass = $_POST['currentpassword']; - if (!empty($new_extended)) $ue_fields = unserialize($new_extended); - unset($new_data); - unset($new_extended); - } } unset($_POST['updatesettings']); unset($_POST['SaveValidatedInfo']); // At this point we know the error status. -// $changed_user_data has an array of core changed data, except password, which is in $new_pass if changed (or entered as confirmation). -if (!$error && (count($changed_user_data) || $new_pass)) +// $changedUserData has an array of core changed data, except password, which is in $savePassword if changed (or entered as confirmation). +// $eufData has extended user field data +$dataToSave = !$error && (isset($changedUserData) && count($changedUserData)) || (isset($changedEUFData) && count($changedEUFData)) || $savePassword; + +if ($dataToSave) { - // Sort out password hashes - if ($new_pass) + // Sort out password hashes + if ($savePassword) + { + $loginname = $changedUserData['user_loginname'] ? $changedUserData['user_loginname'] : $udata['user_loginname']; + $email = (isset($changedUserData['user_email']) && $changedUserData['user_email']) ? $changedUserData['user_email'] : $udata['user_email']; + $changedUserData['user_password'] = $sql->escape($userMethods->HashPassword($savePassword, $loginname), false); + if (varset($pref['allowEmailLogin'], FALSE)) { - if (empty($loginname)) $loginname = $udata['user_loginname']; - $email = $changed_user_data['user_email'] ? $changed_user_data['user_email'] : $udata['user_email']; - $changed_user_data['user_password'] = $sql->escape($user_info->HashPassword($new_pass, $loginname), false); - if (varsettrue($pref['allowEmailLogin'])) - { $user_prefs = unserialize($udata['user_prefs']); - $user_prefs['email_password'] = $user_info->HashPassword($new_pass, $email); - $changed_user_data['user_prefs'] = serialize($user_prefs); - } + $user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $email); + $changedUserData['user_prefs'] = serialize($user_prefs); } - else + } + else + { + if ((isset($changedUserData['user_loginname']) && $userMethods->isPasswordRequired('user_loginname')) + || (isset($changedUserData['user_email']) && $userMethods->isPasswordRequired('user_email'))) { - if ((isset($changed_user_data['user_loginname']) && $user_info->isPasswordRequired('user_loginname')) - || (isset($changed_user_data['user_email']) && $user_info->isPasswordRequired('user_email'))) - { if ($_uid) { // Admin is changing it - $error = LAN_USET_20; + $error = LAN_USET_20; } else { // User is changing their own info $promptPassword = true; } - } } + } } -if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields)) +if ($dataToSave && !$promptPassword) { - // We can update the basic user record now - can just update fields from $changed_user_data - if (US_DEBUG) { $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Changed data:
".var_export($changed_user_data, true), false, LOG_TO_ROLLING); } - $sql->db_UpdateArray("user", $changed_user_data, " WHERE user_id='".intval($inp)."' "); + $message = LAN_USET_41; - // Now see if we need to log anything. First check the options and class membership - // (Normally we would leave logging decision to the log class. But this one's a bit more complicated) - $user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], ''))); - $do_log = array(); - $log_action = ''; - if ($_uid) - { // Its an admin changing someone elses data - make an admin log entry here - $admin_log->log_event('USET_01', "UID: {$udata['user_id']}. UName: {$udata['user_name']}", E_LOG_INFORMATIVE); - // Check against the class of the target user, not the admin! - if (!check_class(varset($pref['user_audit_class'], ''), $udata['user_class'])) { $user_logging_opts = array(); } + // We can update the basic user record now - can just update fields from $changedUserData + if (US_DEBUG) { $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Changed data:
".var_export($changedUserData, true), false, LOG_TO_ROLLING); } + if (isset($changedUserData) && count($changedUserData)) + { + //print_a($changedUserData); + if (FALSE === $sql->db_UpdateArray('user', $changedUserData, ' WHERE user_id='.intval($inp))) + { + $message .= '
Error updating user data'; } else { - if (!check_class(varset($pref['user_audit_class'], ''))) { $user_logging_opts = array(); } + if (isset($changedUserData['user_password'])) + { + // echo "Make new cookie
"; + $userMethods->makeUserCookie(array('user_id' => $udata['user_id'],'user_password' => $changedUserData['user_password']), FALSE); // Can't handle autologin ATM + } } - - // Now log changes if required - if (count($user_logging_opts)) + } + + // Save extended field values + if (isset($changedEUFData) && count($changedEUFData)) + { + // ***** Next line creates a record which presumably should be there anyway, so could generate an error + $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')"); + if (!$sql->db_UpdateArray('user_extended', $changedEUFData,' WHERE user_extended_id = '.$inp)) { - // Start with any specific fields we're changing + $message .= '
Error updating EUF'; + } + } - if (isset($changed_user_data['user_name'])) + // Now see if we need to log anything. First check the options and class membership + // (Normally we would leave logging decision to the log class. But this one's a bit more complicated) + $user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], ''))); + $do_log = array(); + $log_action = ''; + if ($_uid) + { // Its an admin changing someone elses data - make an admin log entry here + $admin_log->log_event('USET_01', "UID: {$udata['user_id']}. UName: {$udata['user_name']}", E_LOG_INFORMATIVE); + // Check against the class of the target user, not the admin! + if (!check_class(varset($pref['user_audit_class'], ''), $udata['user_class'])) { $user_logging_opts = array(); } + } + else + { + if (!check_class(varset($pref['user_audit_class'], ''))) { $user_logging_opts = array(); } + } + + // Now log changes if required + if (count($user_logging_opts)) + { + // Start with any specific fields we're changing + if (isset($changedUserData['user_name'])) + { + if (isset($user_logging_opts[USER_AUDIT_NEW_DN])) { - if (isset($user_logging_opts[USER_AUDIT_NEW_DN])) - { - $do_log['user_name'] = $changed_user_data['user_name']; + $do_log['user_name'] = $changedUserData['user_name']; $log_action = USER_AUDIT_NEW_DN; - } - unset($changed_user_data['user_name']); } + unset($changedUserData['user_name']); + } - if (isset($changed_user_data['user_password'])) - { - if (isset($user_logging_opts[USER_AUDIT_NEW_PW])) - { // Password has already been changed to a hashed value, so OK to leave the data - $do_log['user_password'] = $changed_user_data['user_password']; + if (isset($changedUserData['user_password'])) + { + if (isset($user_logging_opts[USER_AUDIT_NEW_PW])) + { // Password has already been changed to a hashed value, so OK to leave the data + $do_log['user_password'] = $changedUserData['user_password']; $log_action = USER_AUDIT_NEW_PW; - } - unset($changed_user_data['user_password']); } + unset($changedUserData['user_password']); + } - if (isset($changed_user_data['user_email'])) + if (isset($changedUserData['user_email'])) + { + if (isset($user_logging_opts[USER_AUDIT_NEW_EML])) { - if (isset($user_logging_opts[USER_AUDIT_NEW_EML])) - { - $do_log['user_email'] = $changed_user_data['user_email']; + $do_log['user_email'] = $changedUserData['user_email']; $log_action = USER_AUDIT_NEW_EML; - } - unset($changed_user_data['user_email']); } + unset($changedUserData['user_email']); + } - if (count($changed_user_data) && isset($user_logging_opts[USER_AUDIT_NEW_SET])) - { - $do_log = array_merge($do_log, $changed_user_data); - $log_action = USER_AUDIT_NEW_SET; - } - if (count($do_log)) - { // Got some changes to audit + if (count($changedUserData) && isset($user_logging_opts[USER_AUDIT_NEW_SET])) + { + $do_log = array_merge($do_log, $changedUserData); + $log_action = USER_AUDIT_NEW_SET; + } + if (count($do_log)) + { // Got some changes to audit // echo "Adding to audit log
"; - if ($_uid) - { + if ($_uid) + { $log_action = USER_AUDIT_ADMIN; // If an admin did the mod, different heading // Embed a message saying who changed the data - $changed_user_data['message'] = str_replace(array('--ID--', '--LOGNAME--'), array(USERID, USERNAME), LAN_USET_18); + $changedUserData['message'] = str_replace(array('--ID--', '--LOGNAME--'), array(USERID, USERNAME), LAN_USET_18); $admin_log->user_audit($log_action, $do_log, $udata['user_id'], $udata['user_loginname']); - } - else - { + } + else + { if (count($do_log) > 1) { $log_action = USER_AUDIT_NEW_SET; } // Log multiple entries to one record $admin_log->user_audit($log_action, $do_log); - } } - } // End of audit logging - - - // Now tidy up - if ($photo_to_delete) - { // Photo may be a flat file, or in the database - delete_file($photo_to_delete); - } - if ($avatar_to_delete) - { // Avatar may be a flat file, or in the database - delete_file($avatar_to_delete); } + } // End of audit logging + // Now tidy up + if ($photo_to_delete) + { // Photo may be a flat file, or in the database + delete_file($photo_to_delete); + } + if ($avatar_to_delete) + { // Avatar may be a flat file, or in the database + delete_file($avatar_to_delete); + } + // If user has changed display name, update the record in the online table - if (isset($changed_user_data['user_name']) && !$_uid) - { - $sql->db_Update('online', "online_user_id = '".USERID.".".$changed_user_data['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'"); - } + if (isset($changedUserData['user_name']) && !$_uid) + { + $sql->db_Update('online', "online_user_id = '".USERID.".".$changedUserData['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'"); + } - // Save extended field values - if ($ue_fields) - { - // ***** Next line creates a record which presumably should be there anyway, so could generate an error - $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')"); - $sql->db_Update('user_extended', $ue_fields." WHERE user_extended_id = ".intval($inp)); - } - // Update XUP data if file name changed. - if (isset($changed_user_data['user_xup'])) - { + if (isset($changedUserData['user_xup'])) + { require_once (e_HANDLER."login.php"); - userlogin::update_xup($inp, $changed_user_data['user_xup']); - } + userlogin::update_xup($inp, $changedUserData['user_xup']); + } $e_event->trigger('postuserset', $_POST); if (e_QUERY == 'update') - { + { header('Location: index.php'); - } - $message = "
".LAN_150.'
'; - $caption = LAN_151; + } + $message = "
".$message.'
'; + $caption = LAN_OK; } // End - if (!$error)... @@ -716,13 +521,25 @@ if (!$error && !$promptPassword) { unset($_POST); } if ($error) { require_once (e_HANDLER.'message_handler.php'); - message_handler('P_ALERT', $error); - $adref = $_POST['adminreturn']; + $temp = ''; + if (count($extraErrors)) + { + $temp .= implode('
', $extraErrors); + } + if (count($allData['errors'])) + { + $temp .= validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo); + } + if (varsettrue($eufData['errors'])) + { + $temp .= '
'.validatorClass::makeErrorList($eufData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo); + } + message_handler('P_ALERT', $temp); +// $adref = $_POST['adminreturn']; } // --- User data has been updated here if appropriate --- - if (isset($message)) { $ns->tablerender($caption, $message); @@ -734,38 +551,38 @@ $uuid = ($_uid ? $_uid : USERID); // If $_uid is set, its an admin changing anot if ($promptPassword) { // User has to enter password to validate data - $updated_data = serialize($changed_user_data); - $validation_key = md5($updated_data); - $updated_data = base64_encode($updated_data); - $updated_extended = serialize($ue_fields); - $extended_key = md5($updated_extended); - $updated_extended = base64_encode($updated_extended); - $text = "
- + + + +
"; - foreach ($_POST as $k => $v) - { - if (is_array($v)) + $updated_data = serialize($changedUserData); + $validation_key = md5($updated_data); + $updated_data = base64_encode($updated_data); + $updated_extended = serialize($changedEUFData); + $extended_key = md5($updated_extended); + $updated_extended = base64_encode($updated_extended); + $text = " + - - - -
"; + foreach ($_POST as $k => $v) { - foreach ($v as $sk => $sv) - { - $text .= "\n"; - } + if (is_array($v)) + { + foreach ($v as $sk => $sv) + { + $text .= "\n"; + } + } + else + { + $text .= "\n"; + } } - else - { - $text .= "\n"; - } - } - $text .= LAN_USET_21."
 
"; - $text .= " - -
 
- "; - $ns->tablerender(LAN_155, $text); + $text .= LAN_USET_21."
 
"; + $text .= " + +
 
+ "; + $ns->tablerender(LAN_USET_39, $text); require_once (FOOTERF); } @@ -777,25 +594,24 @@ if ($promptPassword) $qry = " SELECT u.*, ue.* FROM #user AS u LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id -WHERE u.user_id='".intval($uuid)."' -"; +WHERE u.user_id=".intval($uuid); $sql->db_Select_gen($qry); -$curVal=$sql->db_Fetch(); -$curVal['userclass_list'] = $user_info->addCommonClasses($curVal, FALSE); - +$curVal=$sql->db_Fetch(MYSQL_ASSOC); +$curVal['user_class'] = varset($changedUserData['user_class'], $curVal['user_class']); +$curVal['userclass_list'] = $userMethods->addCommonClasses($curVal, FALSE); if ($_POST) { // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values // (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block foreach ($_POST as $key => $val) - { - $curVal['user_'.$key] = $tp->post_toForm($val); - } + { + if ($key != 'class') { $curVal['user_'.$key] = $tp->post_toForm($val); } + } foreach ($_POST['ue'] as $key => $val) - { - $curVal[$key] = $to->post_toForm($val); - } + { + $curVal[$key] = $tp->post_toForm($val); + } } require_once (e_HANDLER."form_handler.php"); @@ -817,22 +633,20 @@ $text .= " "; -$ns->tablerender(LAN_155, $text); +$ns->tablerender(LAN_USET_39, $text); require_once (FOOTERF); + + // If a field is required, returns a red asterisk function req($field) { - global $pref; + $ret = ""; if ($field == 2) { $ret = " *"; } - else - { - $ret = ""; - } return $ret; } @@ -842,18 +656,19 @@ function req($field) // Also deletes from database if appropriate. function delete_file($fname, $dir = 'avatars/') { - global $sql; + global $sql; + $fname = trim($fname); if (!$fname) return false; - if (preg_match("#Binary (.*?)/#", $fname, $match)) - { - return $sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'"); - } - elseif (file_exists(e_FILE."public/".$dir.$fname)) - { - unlink(e_FILE."public/".$dir.$fname); + if (preg_match("#Binary (.*?)/#", $fname, $match)) + { + return $sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'"); + } + elseif (file_exists(e_FILE."public/".$dir.$fname)) + { + unlink(e_FILE."public/".$dir.$fname); return true; - } + } return false; } @@ -862,10 +677,10 @@ function headerjs() { global $cal; $script = "\n"; $script .= $cal->load_files();