Better avatar handling, code cleanup

2025-08-02 20:57:26 +02:00 · 2008-12-10 16:37:17 +00:00
parent abab89c39d
commit 7fe42a3b96
4 changed files with 598 additions and 585 deletions
--- a/e107_files/shortcode/user_avatar.sc
+++ b/e107_files/shortcode/user_avatar.sc
@@ -24,5 +24,10 @@ else
 {
 	$image = USERIMAGE;
 }
-require_once(e_HANDLER."avatar_handler.php");
+if(!$image) { return; }
 require_once(e_HANDLER.'avatar_handler.php');
 $avatar = avatar($image);
 if($avatar)
 {
 	return "<div class='spacer'><img src='".avatar($image)."' alt='' /></div><br />";
 }
--- a/e107_handlers/avatar_handler.php
+++ b/e107_handlers/avatar_handler.php
@@ -11,27 +11,37 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_handlers/avatar_handler.php,v $
-|     $Revision: 1.1.1.1 $
+|     $Revision: 1.2 $
-|     $Date: 2006-12-02 04:33:42 $
+|     $Date: 2008-12-10 16:37:17 $
 |     $Author: mcfly_e107 $
 +----------------------------------------------------------------------------+
 */
-if (!defined('e107_INIT')) { exit; }
+if (!defined('e107_INIT'))
 {
 	exit;
 }
-function avatar($avatar) {
+function avatar($avatar)
 {
 	global $tp;
-	if (stristr($avatar, "-upload-") !== FALSE) {
+	if (stristr($avatar, '-upload-') !== false)
-		return e_FILE."public/avatars/".str_replace("-upload-", "", $avatar);
+	{
-	} else if (stristr($avatar, "Binary") !== FALSE) {
+		return e_FILE.'public/avatars/'.str_replace('-upload-', '', $avatar);
 	}
 	elseif (stristr($avatar, 'Binary') !== false)
 	{
 		$sqla = new db;
 		preg_match("/Binary\s(.*?)\//", $avatar, $result);
-		$sqla->db_Select("rbinary", "*", "binary_id='".$tp -> toDB($result[1])."' ");
+		$sqla->db_Select('rbinary', '*', "binary_id='".$tp->toDB($result[1])."' ");
 		$row = $sqla->db_Fetch();
-		 extract($row);
+		return $row['binary_data'];
-		return $binary_data;
+	}
-	} else if (strpos($avatar, "http://") === FALSE) {
+	elseif (strpos($avatar, 'http://') === false)
 	{
 		return e_IMAGE."avatars/".$avatar;
-	} else {
+	}
 	else
 	{
 		return $avatar;
 	}
 }
--- a/e107_plugins/login_menu/login_menu_template.php
+++ b/e107_plugins/login_menu/login_menu_template.php
@@ -11,9 +11,9 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_plugins/login_menu/login_menu_template.php,v $
-|     $Revision: 1.5 $
+|     $Revision: 1.6 $
-|     $Date: 2008-06-13 20:20:22 $
+|     $Date: 2008-12-10 16:37:17 $
-|     $Author: e107steved $
+|     $Author: mcfly_e107 $
 +----------------------------------------------------------------------------+
 */
--- a/usersettings.php
+++ b/usersettings.php
@@ -11,9 +11,9 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/usersettings.php,v $
-|     $Revision: 1.26 $
+|     $Revision: 1.27 $
-|     $Date: 2008-10-19 21:13:58 $
+|     $Date: 2008-12-10 16:37:17 $
-|     $Author: e107steved $
+|     $Author: mcfly_e107 $
 +----------------------------------------------------------------------------+
 Notes:
@@ -24,50 +24,50 @@ Admin log events:
 */
-require_once("class2.php");
+require_once ('class2.php');
-require_once(e_HANDLER."ren_help.php");
+require_once (e_HANDLER.'ren_help.php');
-require_once(e_HANDLER."user_extended_class.php");
+require_once (e_HANDLER.'user_extended_class.php');
-require_once(e_HANDLER."user_handler.php");
+require_once (e_HANDLER.'user_handler.php');
 $ue = new e107_user_extended;
 $user_info = new UserHandler;
 //define("US_DEBUG",TRUE);
-define("US_DEBUG",FALSE);
+define('US_DEBUG', false);
 if (!USER)
 { // Must be logged in to change settings
-  header("location:".e_BASE."index.php");
+	header('location:'.e_BASE.'index.php');
 	exit;
 }
-if (!ADMIN && e_QUERY && e_QUERY != "update") 
+if (!ADMIN && e_QUERY && e_QUERY != 'update')
 {
-  header("location:".e_BASE."usersettings.php");
+	header('location:'.e_BASE.'usersettings.php');
 	exit;
 }
-require_once(e_HANDLER."ren_help.php");
+require_once (e_HANDLER.'ren_help.php');
-if(is_readable(THEME."usersettings_template.php"))
+if (is_readable(THEME.'usersettings_template.php'))
 {
-  include_once(THEME."usersettings_template.php");
+	include_once (THEME.'usersettings_template.php');
 }
 else
 {
-  include_once(e_THEME."templates/usersettings_template.php");
+	include_once (e_THEME.'templates/usersettings_template.php');
 }
-include_once(e_FILE."shortcode/batch/usersettings_shortcodes.php");
+include_once (e_FILE.'shortcode/batch/usersettings_shortcodes.php');
-require_once(e_HANDLER."calendar/calendar_class.php");
+require_once (e_HANDLER.'calendar/calendar_class.php');
 $cal = new DHTML_Calendar(true);
-$_uid = is_numeric(e_QUERY) ? intval(e_QUERY) : "";
+$_uid = is_numeric(e_QUERY) ? intval(e_QUERY) : '';
 $sesschange = ''; // Notice removal
 $photo_to_delete = '';
 $avatar_to_delete = '';
 $changed_user_data = array();
 $ue_fields = '';
-$promptPassword = FALSE;
+$promptPassword = false;
 require_once (HEADERF);
@@ -76,7 +76,7 @@ require_once(HEADERF);
 function addCommonClasses($udata)
 {
 	$tmp = array();
-  if ($udata['user_class'] != "") $tmp = explode(",", $udata['user_class']);
+	if ($udata['user_class'] != '') $tmp = explode(',', $udata['user_class']);
 	$tmp[] = e_UC_MEMBER;
 	$tmp[] = e_UC_READONLY;
 	$tmp[] = e_UC_PUBLIC;
@@ -94,7 +94,7 @@ function addCommonClasses($udata)
 // Save user settings (changes only)
 //-----------------------------------
-$error = "";
+$error = '';
 if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo']))
 {
@@ -102,7 +102,7 @@ if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo']))
 	if ($_uid && ADMIN)
 	{ // Admin logged in and editing another user's settings - so editing a different ID
 		$inp = $_uid;
-	  $remflag = TRUE;
+		$remflag = true;
 	}
 	else
 	{ // Current user logged in - use their ID
@@ -130,15 +130,26 @@ if (isset($_POST['updatesettings']))
 		$_POST['password2'] = '';
 	}
 	if ($_POST['image'] == '' && $udata['user_image'])
 	{
 		$changed_user_data['user_image'] = '';
 	}
 	// Check external avatar
 	if ($_POST['image'])
 	{
-	  $_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']);   // these are invalid anyway, so why allow them? (XSS Fix)
+		$img = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
-	  if ($size = getimagesize($_POST['image']))
+
 		if (preg_match('#[0-9\._]#', $_POST['image']))
 		{
 			$img = e_IMAGE.'avatars/'.$_POST['image'];
 		}
 		if ($size = getimagesize($img))
 		{
 			$avwidth = $size[0];
 			$avheight = $size[1];
-		$avmsg = "";
+			$avmsg = '';
 			$pref['im_width'] = varsettrue($pref['im_width'], 120);
 			$pref['im_height'] = varsettrue($pref['im_height'], 100);
@@ -152,7 +163,7 @@ if (isset($_POST['updatesettings']))
 			}
 			if ($avmsg)
 			{
-		  $_POST['image'] = "";
+				$_POST['image'] = '';
 				$error = $avmsg;
 			}
 			else
@@ -164,13 +175,12 @@ if (isset($_POST['updatesettings']))
 			}
 		}
 		else
-	  {  // Invalid image file - we could just put up a message
+		{
 			// Invalid image file - we could just put up a message
 		}
 	}
 	// The 'class' option doesn't really make sense to me, but left it for now
 	//	$signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_USET_19);
 	//	$signup_option_names = array("realname", "signature", "image", "timezone");
@@ -186,7 +196,6 @@ if (isset($_POST['updatesettings']))
 	}
 	// Login Name checks - only admin can change login name
 	if (isset($_POST['loginname']) && ADMIN && getperms("4"))
 	{ // Only check if its been edited
@@ -209,9 +218,14 @@ if (isset($_POST['updatesettings']))
 			unset($loginname);
 		}
 	}
-	if (isset($loginname)) $_POST['loginname'] = $loginname; else unset($_POST['loginname']);			// Make sure no chance of the $_POST value staying set inappropriately
+	if (isset($loginname))
-
+	{
-
+		$_POST['loginname'] = $loginname;
 	}
 	else
 	{
 		unset($_POST['loginname']); // Make sure no chance of the $_POST value staying set inappropriately
 	}
 	// Display name checks
 	// If display name == login name, it has to meet the criteria for both login name and display name
@@ -230,8 +244,6 @@ if (isset($_POST['updatesettings']))
 		if (varsettrue($loginname)) $username = $loginname;
 	}
 	if (varsettrue($username))
 	{
 		// Impose a minimum length on display name
@@ -257,16 +269,15 @@ if (isset($_POST['updatesettings']))
 		}
 		// Display Name exists.
-	  if ($sql->db_Count("user", "(*)", "WHERE `user_name`='".$username."' AND `user_id` != '".intval($inp)."' "))
+		if ($sql->db_Count('user', '(*)', "WHERE `user_name`='".$username."' AND `user_id` != ".(int)$inp))
 		{
 			$error .= LAN_USET_17;
 		}
-	  if ($username != $udata['user_name']) $changed_user_data['user_name'] = $username;
+		if ($username != $udata['user_name']) { $changed_user_data['user_name'] = $username; }
 		unset($username);
 	}
 	// Password checks
 	$new_pass = '';
 	if ($_POST['password1'] != $_POST['password2'])
@@ -296,20 +307,19 @@ if (isset($_POST['updatesettings']))
 	}
 	// Check for duplicate of email address
-	if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".intval($inp)."' "))
+	if ($sql->db_Select('user', 'user_name, user_email', "user_email='".$tp->toDB($_POST['email'])."' AND user_id !=".(int)$inp))
 	{
 		$error .= LAN_408."\\n";
 	}
 	// Uploaded avatar and/or photo
 	if ($file_userfile['error'] != 4)
 	{
-	  require_once(e_HANDLER."upload_handler.php");
+		require_once (e_HANDLER.'upload_handler.php');
-	  require_once(e_HANDLER."resize_handler.php");
+		require_once (e_HANDLER.'resize_handler.php');
-		if ($uploaded = file_upload(e_FILE."public/avatars/", "avatar=".$udata['user_id']))
+		if ($uploaded = file_upload(e_FILE.'public/avatars/', 'avatar='.$udata['user_id']))
 		{
 			foreach ($uploaded as $upload)
 			{ // Needs the latest upload handler (with legacy and 'future' interfaces) to work
@@ -328,7 +338,7 @@ if (isset($_POST['updatesettings']))
 					{
 						unset($message);
 						$error .= RESIZE_NOT_SUPPORTED."\\n";
-			  @unlink(e_FILE."public/avatars/".$upload['name']);
+						@unlink(e_FILE.'public/avatars/'.$upload['name']);
 						$_POST['image'] = '';
 						unset($changed_user_data['user_image']);
 					}
@@ -343,11 +353,11 @@ if (isset($_POST['updatesettings']))
 						$changed_user_data['user_sess'] = $upload['name'];
 					}
-			if (!resize_image(e_FILE."public/avatars/".$upload['name'], e_FILE."public/avatars/".$upload['name'], 180))
+					if (!resize_image(e_FILE.'public/avatars/'.$upload['name'], e_FILE.'public/avatars/'.$upload['name'], 180))
 					{
 						unset($message);
 						$error .= RESIZE_NOT_SUPPORTED."\\n";
-			  @unlink(e_FILE."public/avatars/".$upload['name']);
+						@unlink(e_FILE.'public/avatars/'.$upload['name']);
 						unset($changed_user_data['user_sess']);
 					}
 				}
@@ -364,8 +374,6 @@ if (isset($_POST['updatesettings']))
 	}
 	// Validate Extended User Fields.
 	if ($_POST['ue'])
 	{
@@ -373,7 +381,7 @@ if (isset($_POST['updatesettings']))
 		{
 			while ($row = $sql->db_Fetch())
 			{
-		  $extList["user_".$row['user_extended_struct_name']] = $row;
+				$extList['user_'.$row['user_extended_struct_name']] = $row;
 			}
 		}
@@ -382,14 +390,13 @@ if (isset($_POST['updatesettings']))
 			if (isset($extList[$key]))
 			{ // Only allow valid keys
 				$err = $ue->user_extended_validate_entry($val, $extList[$key]);
-				if($err === TRUE && !$_uid)
+				if ($err === true && !$_uid)
 				{ // General error - usually empty field; could be unacceptable value, or regex fail and no error message defined
-					$error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'],FALSE,"defs"))." ".LAN_SIGNUP_7."\\n";
+					$error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'], false, "defs"))." ".LAN_SIGNUP_7."\\n";
-				}
+				} elseif ($err)
 				elseif ($err)
 				{ // Specific error message returned - usually regex fail
 					$error .= $err."\\n";
-					$err = TRUE;
+					$err = true;
 				}
 				if (!$err)
 				{
@@ -413,8 +420,6 @@ if (isset($_POST['updatesettings']))
 	if (!$error)
 	{
 		$_POST['user_id'] = intval($inp);
 		$ret = $e_event->trigger("preuserset", $_POST);
 		if ($ret == '')
@@ -422,9 +427,11 @@ if (isset($_POST['updatesettings']))
 			if (isset($_POST['customtitle']) && ($pref['signup_option_customtitle']))
 			{
 				$new_customtitle = $tp->toDB($_POST['customtitle']);
-		  if ($new_customtitle != $udata['user_customtitle']) $changed_user_data['user_customtitle'] = $new_customtitle;
+				if ($new_customtitle != $udata['user_customtitle'])
 				{
 					$changed_user_data['user_customtitle'] = $new_customtitle;
 				}
 			}
 			// Extended fields - handle any hidden fields
 			if ($ue_fields)
@@ -439,16 +446,10 @@ if (isset($_POST['updatesettings']))
 			// Handle fields which are just transferred without vetting (but are subject to toDB() for exploit restriction)
-		$copy_list = array('user_signature' => 'signature', 
+			$copy_list = array('user_signature' => 'signature', 'user_login' => 'realname', 'user_email' => 'email', 'user_hideemail' => 'hideemail', 'user_xup' => 'user_xup');
 							'user_login' => 'realname', 
 							'user_email' => 'email',
 							'user_hideemail' =>'hideemail',
 							'user_xup' => 'user_xup');
 			// Next list identifies numerics which might take a value of 0
-		$non_text_list = array(
+			$non_text_list = array('user_hideemail' => 'hideemail');
 							'user_hideemail' =>'hideemail'
 							);
 			foreach ($copy_list as $k => $v)
 			{
 				if (isset($_POST[$v]) && (trim($_POST[$v]) || isset($non_text_list[$k])))
@@ -466,11 +467,17 @@ if (isset($_POST['updatesettings']))
 			// Update Userclass - only if its the user changing their own data (admins can do it another way)
 			if (!$_uid)
 			{
-		  if (!is_object($e_userclass)) $e_userclass = new user_class;
+				if (!is_object($e_userclass))
 				{
 					$e_userclass = new user_class;
 				}
 				$ucList = explode(',', $e_userclass->get_editable_classes()); // List of classes which this user can edit
 				if (count($ucList))
 				{
-			if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Read editable list. Current user classes: ".$udata['user_class'],FALSE,LOG_TO_ROLLING);
+					if (US_DEBUG)
 					{
 						$admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Read editable list. Current user classes: ".$udata['user_class'], false, LOG_TO_ROLLING);
 					}
 					$cur_classes = explode(",", $udata['user_class']); // Current class membership
 					$newclist = array_flip($cur_classes); // Array keys are now the class IDs
@@ -492,16 +499,17 @@ if (isset($_POST['updatesettings']))
 					//				echo "Userclass data - new: {$nid}, old: {$udata['user_class']}<br />";
 					if ($nid != $udata['user_class'])
 					{
-			  if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Write back classes; old list: {$udata['user_class']}; new list: ".$nid,FALSE,LOG_TO_ROLLING);
+						if (US_DEBUG)
 						{
 							$admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Write back classes; old list: {$udata['user_class']}; new list: ".$nid, false, LOG_TO_ROLLING);
 						}
 						$changed_user_data['user_class'] = $nid;
 					}
 				}
 			}
 			// Only admins can update login name - do this just in case one of the event triggers has mucked it about
-		if (!(ADMIN && getperms("4")))
+			if (!(ADMIN && getperms('4')))
 			{
 				unset($changed_user_data['user_loginname']);
 			}
@@ -534,7 +542,8 @@ elseif (isset($_POST['SaveValidatedInfo']))
 			}
 		}
-	if ($user_info->CheckPassword($_POST['currentpassword'],$udata['user_loginname'], $udata['user_password']) === FALSE)		// Use old data to validate
+		if ($user_info->CheckPassword($_POST['currentpassword'], $udata['user_loginname'], $udata['user_password']) === false) // Use old data to validate
 		{ // Invalid password
 			echo "<br />".LAN_USET_22."<br />";
 			require_once (FOOTERF);
@@ -560,7 +569,7 @@ if (!$error && (count($changed_user_data) || $new_pass))
 	{
 		if (empty($loginname)) $loginname = $udata['user_loginname'];
 		$email = $changed_user_data['user_email'] ? $changed_user_data['user_email'] : $udata['user_email'];
-		  $changed_user_data['user_password'] = $sql->escape($user_info->HashPassword($new_pass, $loginname), FALSE);
+		$changed_user_data['user_password'] = $sql->escape($user_info->HashPassword($new_pass, $loginname), false);
 		if (varsettrue($pref['allowEmailLogin']))
 		{
 			$user_prefs = unserialize($udata['user_prefs']);
@@ -570,8 +579,7 @@ if (!$error && (count($changed_user_data) || $new_pass))
 	}
 	else
 	{
-		  if ((isset($changed_user_data['user_loginname']) && $user_info->isPasswordRequired('user_loginname')) 
+		if ((isset($changed_user_data['user_loginname']) && $user_info->isPasswordRequired('user_loginname')) || (isset($changed_user_data['user_email']) && $user_info->isPasswordRequired('user_email')))
 		    || (isset($changed_user_data['user_email']) && $user_info->isPasswordRequired('user_email')))
 		{
 			if ($_uid)
 			{ // Admin is changing it
@@ -579,7 +587,7 @@ if (!$error && (count($changed_user_data) || $new_pass))
 			}
 			else
 			{ // User is changing their own info
-			  $promptPassword = TRUE;
+				$promptPassword = true;
 			}
 		}
 	}
@@ -588,7 +596,7 @@ if (!$error && (count($changed_user_data) || $new_pass))
 if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields))
 {
 	// We can update the basic user record now - can just update fields from $changed_user_data
-		if (US_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Usersettings test","Changed data:<br> ".var_export($changed_user_data,TRUE),FALSE,LOG_TO_ROLLING);
+	if (US_DEBUG) { $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Changed data:<br> ".var_export($changed_user_data, true), false, LOG_TO_ROLLING); }
 	$sql->db_UpdateArray("user", $changed_user_data, " WHERE user_id='".intval($inp)."' ");
 	// Now see if we need to log anything. First check the options and class membership
@@ -600,11 +608,11 @@ if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields))
 	{ // Its an admin changing someone elses data - make an admin log entry here
 		$admin_log->log_event('USET_01', "UID: {$udata['user_id']}. UName: {$udata['user_name']}", E_LOG_INFORMATIVE);
 		// Check against the class of the target user, not the admin!
-		  if (!check_class(varset($pref['user_audit_class'],''),$udata['user_class'])) $user_logging_opts = array();
+		if (!check_class(varset($pref['user_audit_class'], ''), $udata['user_class'])) { $user_logging_opts = array(); }
 	}
 	else
 	{
-		  if (!check_class(varset($pref['user_audit_class'],''))) $user_logging_opts = array();
+		if (!check_class(varset($pref['user_audit_class'], ''))) { $user_logging_opts = array(); }
 	}
 	// Now log changes if required
@@ -659,7 +667,7 @@ if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields))
 			}
 			else
 			{
-				if (count($do_log) > 1)  $log_action = USER_AUDIT_NEW_SET;		// Log multiple entries to one record
+				if (count($do_log) > 1) { $log_action = USER_AUDIT_NEW_SET; } // Log multiple entries to one record
 				$admin_log->user_audit($log_action, $do_log);
 			}
 		}
@@ -680,7 +688,7 @@ if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields))
 	// If user has changed display name, update the record in the online table
 	if (isset($changed_user_data['user_name']) && !$_uid)
 	{
-		  $sql->db_Update("online", "online_user_id = '".USERID.".".$changed_user_data['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'");
+		$sql->db_Update('online', "online_user_id = '".USERID.".".$changed_user_data['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'");
 	}
@@ -689,7 +697,7 @@ if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields))
 	{
 		// ***** Next line creates a record which presumably should be there anyway, so could generate an error
 		$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')");
-		  $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'");
+		$sql->db_Update('user_extended', $ue_fields." WHERE user_extended_id = ".intval($inp));
 	}
@@ -701,33 +709,29 @@ if ((!$error && !$promptPassword) && (count($changed_user_data) || $ue_fields))
 	}
-		$e_event->trigger("postuserset", $_POST);
+	$e_event->trigger('postuserset', $_POST);
-		if(e_QUERY == "update") 
+	if (e_QUERY == 'update')
 	{
-          header("Location: index.php");
+		header('Location: index.php');
 	}
-		$message = "<div style='text-align:center'>".LAN_150."</div>";
+	$message = "<div style='text-align:center'>".LAN_150.'</div>';
 	$caption = LAN_151;
 } // End - if (!$error)...
-if (!$error && !$promptPassword) unset($_POST);
+if (!$error && !$promptPassword) { unset($_POST); }
 if ($error)
 {
-  require_once(e_HANDLER."message_handler.php");
+	require_once (e_HANDLER.'message_handler.php');
-  message_handler("P_ALERT", $error);
+	message_handler('P_ALERT', $error);
 	$adref = $_POST['adminreturn'];
 }
 // --- User data has been updated here if appropriate ---
 if (isset($message))
@@ -736,10 +740,7 @@ if(isset($message))
 }
-
+$uuid = ($_uid ? $_uid : USERID); // If $_uid is set, its an admin changing another user's data
 $uuid = ($_uid) ? $_uid : USERID;			// If $_uid is set, its an admin changing another user's data
 if ($promptPassword)
@@ -780,7 +781,6 @@ if ($promptPassword)
 }
 //--------------------------------------------------------
 // Re-read the user data into curVal (ready for display)
 //--------------------------------------------------------
@@ -801,7 +801,7 @@ if($_POST)
 	// (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block
 	foreach ($_POST as $key => $val)
 	{
-	$curVal["user_".$key] = $val;
+		$curVal['user_'.$key] = $val;
 	}
 	foreach ($_POST['ue'] as $key => $val)
 	{
@@ -819,7 +819,7 @@ if(e_QUERY == "update")
 	$text .= "<div class='fborder' style='text-align:center'><br />".str_replace("*", "<span style='color:red'>*</span>", LAN_USET_9)."<br />".LAN_USET_10."<br /><br /></div>";
 }
-$text .= $tp->parseTemplate($USERSETTINGS_EDIT, TRUE, $usersettings_shortcodes);
+$text .= $tp->parseTemplate($USERSETTINGS_EDIT, true, $usersettings_shortcodes);
 $text .= "<div>";
 $text .= "
@@ -848,24 +848,22 @@ function req($field)
 }
 // Delete a file from the public directories. Return TRUE on success, FALSE on failure.
 // Also deletes from database if appropriate.
 function delete_file($fname, $dir = 'avatars/')
 {
 	global $sql;
-  if (!$fname) return FALSE;
+	if (!$fname) return false;
 	if (preg_match("#Binary (.*?)/#", $fname, $match))
 	{
 		return $sql->db_Delete("rbinary", "binary_id='".$tp->toDB($match[1])."'");
-  }
+	} elseif (file_exists(e_FILE."public/".$dir.$fname))
  elseif (file_exists(e_FILE."public/".$dir.$fname)) 
 	{
 		unlink(e_FILE."public/".$dir.$fname);
-	return TRUE;
+		return true;
 	}
-  return FALSE;
+	return false;
 }