diff --git a/usersettings.php b/usersettings.php index b546c4173..9a7d07ffd 100644 --- a/usersettings.php +++ b/usersettings.php @@ -48,757 +48,901 @@ if ((!ADMIN || !getperms("4")) && e_QUERY && e_QUERY != "update" ) include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php'); // Generic user-related language defines include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_usersettings.php'); - +$ue = e107::getUserExt(); // needed by shortcodes for now. require_once (e_HANDLER.'ren_help.php'); -require_once (e_HANDLER.'user_extended_class.php'); // require_once (e_HANDLER.'user_handler.php'); require_once(e_HANDLER.'validator_class.php'); -$ue = new e107_user_extended; - -$userMethods = e107::getUserSession(); - -require_once (e_HANDLER.'ren_help.php'); -if(deftrue('BOOTSTRAP')===3) + + + +class usersettings_front // Begin Usersettings rewrite. { - $template = e107::getCoreTemplate('usersettings','', true, true); // always merge - - $USERSETTINGS_MESSAGE = "{MESSAGE}"; - $USERSETTINGS_MESSAGE_CAPTION = LAN_OK; - $USERSETTINGS_EDIT_CAPTION = LAN_USET_39; // 'Update User Settings' - $USERSETTINGS_EDIT = $template['edit']; - $usersettings_shortcodes = e107::getScBatch('usersettings'); - - $usersettings_shortcodes->wrapper('usersettings/edit'); -} -else -{ - include_once (e107::coreTemplatePath('usersettings')); //correct way to load a core template. - e107::scStyle($sc_style); - $usersettings_shortcodes = e107::getScBatch('usersettings'); -} + + private $template = array(); + private $sc = null; - - - - -e107::js('footer-inline'," - function addtext_us(sc) + /** + * usersettings_front constructor. + */ + function __construct() { - document.getElementById('dataform').image.value = sc; - } - "); - - - -$photo_to_delete = ''; -$avatar_to_delete = ''; -$ue_fields = ''; -$promptPassword = false; -$error = FALSE; -$extraErrors = array(); -$eufVals = array(); -$savePassword = ''; - - -$inp = USERID; // Initially assume that user is modifying their own data. -$_uid = false; // FALSE if user modifying their own data; otherwise ID of data being modified -$adminEdit = FALSE; // FALSE if editing own data. TRUE if admin edit - -if(is_numeric(e_QUERY)) -{ // Trying to edit specific user record - if (ADMIN) - { // Admin edit of specific record -/* -$_usersettings_matches = Array -( - [0] => /e107/usersettings.php?# OR /e107/edit/user/# - [1] => e107 - [2] => usersettings.php OR edit/user - [3] => ? OR / - [4] => # -) -*/ -$inp = intval(e_QUERY); - -$usersettings_form_action = strstr('?', $_usersettings_matches[3]) ? e_SELF.'?'.e_QUERY : e_SELF; - -$_uid = $inp; -$info = e107::user($inp); - //Only site admin is able to change setting for other admins -if(!is_array($info) || ($info['user_admin'] == 1 && (!defined('ADMINPERMS') || ADMINPERMS !== '0')) || ((!defined('ADMINPERMS') || ADMINPERMS !== '0') && !getperms('4'))) -{ - e107::redirect(); - exit(); -} - $adminEdit = TRUE; // Flag to indicate admin edit - } - else - { - //Non admin attempting to edit another user's ID - e107::redirect(); - exit(); - } - -} - - - -require_once (HEADERF); - - - -// Save user settings (changes only) -//----------------------------------- - -if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo'])) -{ -// $udata = e107::user($inp); //@deprecated // Get all the existing user data, including any extended fields - - $udata = e107::user($inp); // Get all the existing user data, including any extended fields - $udata['user_classlist'] = $userMethods->addCommonClasses($udata, FALSE); -} - - -if (isset($_POST['updatesettings'])) -{ - if (!vartrue($pref['auth_method'])) - { - $pref['auth_method'] = 'e107'; - } - - if ($pref['auth_method'] != 'e107') - { - $_POST['password1'] = ''; - $_POST['password2'] = ''; - } - - // Uploaded avatar and/or photo - if (varset($file_userfile['error']) != 4) - { - require_once (e_HANDLER.'upload_handler.php'); - require_once (e_HANDLER.'resize_handler.php'); - - if ($uploaded = process_uploaded_files(e_AVATAR_UPLOAD, 'prefix+ap_'.$tp->leadingZeros($udata['user_id'],7).'_', array('overwrite' => TRUE, 'file_mask'=>'jpg,png,gif,jpeg', 'max_file_count' => 2))) + if(deftrue('BOOTSTRAP')===3) { - foreach ($uploaded as $upload) - { - if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload']) - { - // avatar uploaded - give it a reference which identifies it as server-stored - // Vetting routines will do resizing and so on - $_POST['image'] = '-upload-'.$upload['name']; - } - elseif ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload']) - { - // photograph uploaded - $_POST['user_sess'] = '-upload-'.$upload['name']; - } - elseif (isset($upload['error']) && isset($upload['message'])) - { - $extraErrors[] = $upload['message']; - } - - } - } - - - } + $template = e107::getCoreTemplate('usersettings','', true, true); // always merge + $USERSETTINGS_MESSAGE = "{MESSAGE}"; + $USERSETTINGS_MESSAGE_CAPTION = LAN_OK; + $USERSETTINGS_EDIT_CAPTION = LAN_USET_39; // 'Update User Settings' + $USERSETTINGS_EDIT = $template['edit']; + $usersettings_shortcodes = e107::getScBatch('usersettings'); - // Now validate everything - just check everything that's been entered - $allData = validatorClass::validateFields($_POST,$userMethods->userVettingInfo, TRUE); // Do basic validation - validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', $inp); // Do basic DB-related checks - $userMethods->userValidation($allData); // Do user-specific DB checks - - $savePassword = ''; - - if (($_POST['password1'] != '') || ($_POST['password2'] != '')) - { // Need to validate new password here - if (!isset($allData['errors']['user_password'])) - { // No errors in password yet - may be valid - $savePassword = $allData['data']['user_password']; - unset($allData['data']['user_password']); // Delete the password value in the output array - } - } - else - { - unset($allData['errors']['user_password']); // Delete the error which an empty password field generates - } - - unset($_POST['password1']); - unset($_POST['password2']); - - - $changedUserData = validatorClass::findChanges($allData['data'], $udata,FALSE); - - -e107::getMessage()->addDebug("
Existing User Info
".print_a($udata,true)); -e107::getMessage()->addDebug('
$allData
'.print_a($allData['data'],true)); - -e107::getMessage()->addDebug("
Posted Changes
".print_a($changedUserData,true)); - - // Login Name checks - only admin can change login name - if (isset($changedUserData['user_loginname'])) - { - if (ADMIN && getperms('4')) - { - if (!check_class($pref['displayname_class'], $udata['user_classlist'], $adminEdit)) - { // Display name and login name must be the same - $changedUserData['user_name'] = $changedUserData['user_loginname']; - } + $usersettings_shortcodes->wrapper('usersettings/edit'); } else { - unset($changedUserData['user_loginname']); // Just doing this is probably being kind! - $alldata['errors']['user_loginname'] = ERR_GENERIC; - $alldata['errortext']['user_loginname'] = LAN_USER_85; + global $sc_style; + include_once (e107::coreTemplatePath('usersettings')); //correct way to load a core template. + e107::scStyle($sc_style); + $usersettings_shortcodes = e107::getScBatch('usersettings'); } - } + $this->sc = $usersettings_shortcodes; + $this->template = array( + 'message' => $USERSETTINGS_MESSAGE, + 'message_caption' => $USERSETTINGS_MESSAGE_CAPTION, + 'edit_caption' => $USERSETTINGS_EDIT_CAPTION, + 'edit' => $USERSETTINGS_EDIT, - // See if user just wants to delete existing photo - if (isset($_POST['user_delete_photo'])) - { - $photo_to_delete = $udata['user_sess']; - $changedUserData['user_sess'] = ''; - } + ); - if ($udata['user_image'] && !isset($changedUserData['user_image'])) - { - // $changedUserData['user_image'] = ''; // FIXME Deletes the user's image when no changes made. - $avatar_to_delete = str_replace('-upload-', '', $udata['user_image']); - } - // Validate Extended User Fields. - $changedEUFData = array(); - if (isset($_POST['ue'])) - { - $eufVals = $ue->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],TRUE)); // Validate the extended user fields - $changedEUFData['data'] = validatorClass::findChanges($eufVals['data'], $udata,FALSE); - } - - - // Determine whether we have an error - $error = ((isset($allData['errors']) && count($allData['errors'])) || (isset($eufVals['errors']) && count($eufVals['errors'])) || count($extraErrors)); - - - // Update Userclass - only if its the user changing their own data (admins can do it another way) - if (isset($allData['data']['user_class'])) - { - unset($changedUserData['user_class']); // We always recalculate this - if (FALSE === $adminEdit) // Make sure admin can't edit another's user classes - { - - $e_userclass = e107::getUserClass(); - $ucList = $e_userclass->get_editable_classes(USERCLASS_LIST,TRUE); // List of classes which this user can edit - if (count($ucList)) + e107::js('footer-inline'," + function addtext_us(sc) { - $nid = $e_userclass->mergeClassLists($udata['user_class'], $ucList, $allData['data']['user_class'], TRUE); - $nid = $e_userclass->stripFixedClasses($nid); - $nid = implode(',',$nid); - // echo "Userclass data - new: {$nid}, old: {$udata['user_baseclasslist']}, editable: ".implode(',',$ucList).", entered: {$allData['data']['user_class']}
"; - if ($nid != $udata['user_baseclasslist']) + document.getElementById('dataform').image.value = sc; + } + "); + + } + + /** + * @param $id + * @return mixed + */ + private function getTemplate($id) + { + return $this->template[$id]; + } + + /** + * @return bool + */ + public function init() + { + $pref = e107::getPref(); + $tp = e107::getParser(); + $ue = e107::getUserExt(); + $mes = e107::getMessage(); + $sql = e107::getDb(); + $ns = e107::getRender(); + $userMethods = e107::getUserSession(); + + $photo_to_delete = ''; + $avatar_to_delete = ''; + $ue_fields = ''; + $promptPassword = false; + $error = FALSE; + $extraErrors = array(); + $eufVals = array(); + $savePassword = ''; + + $inp = USERID; // Initially assume that user is modifying their own data. + $_uid = false; // FALSE if user modifying their own data; otherwise ID of data being modified + $adminEdit = false; // @deprecated // FALSE if editing own data. TRUE if admin edit + + if(is_numeric(e_QUERY)) + { // Trying to edit specific user record + if (ADMIN) + { // Admin edit of specific record + /* + $_usersettings_matches = Array + ( + [0] => /e107/usersettings.php?# OR /e107/edit/user/# + [1] => e107 + [2] => usersettings.php OR edit/user + [3] => ? OR / + [4] => # + ) + */ + $inp = intval(e_QUERY); + + // $usersettings_form_action = strstr('?', $_usersettings_matches[3]) ? e_SELF.'?'.e_QUERY : e_SELF; + + $_uid = $inp; + $info = e107::user($inp); + //Only site admin is able to change setting for other admins + if(!is_array($info) || ($info['user_admin'] == 1 && (!defined('ADMINPERMS') || ADMINPERMS !== '0')) || ((!defined('ADMINPERMS') || ADMINPERMS !== '0') && !getperms('4'))) { - if (US_DEBUG) - { - $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Write back classes; old list: {$udata['user_class']}; new list: ".$nid, false, LOG_TO_ROLLING); - } - $changedUserData['user_class'] = $nid; + e107::redirect(); + exit(); } + $adminEdit = TRUE; // Flag to indicate admin edit } - } - } - - - - e107::getMessage()->addDebug("

Processed Posted Changes

".print_a($changedUserData,true)); - - // All key fields validated here - // ----------------------------- - // $inp - UID of user whose data is being changed (may not be the currently logged in user) - $inp = intval($inp); - if (!$error && count($changedUserData) || count($changedEUFData)) - { - $_POST['user_id'] = $inp; - $ret =e107::getEvent()->trigger('preuserset', $_POST); - - if ($ret == '') - { - - // Only admins can update login name - do this just in case one of the event triggers has mucked it about - if (!(ADMIN && getperms('4'))) + else { - unset($changedUserData['user_loginname']); - } - } - else - { // Invalid data - from hooked in trigger event - $message = "
".$ret."
"; - $caption = LAN_OK; - $error = true; - } - } -} // End - update setttings -elseif (isset($_POST['SaveValidatedInfo'])) // Next bit only valid if user editing their own data -{ - if (!$adminEdit && !empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key'])) - { // Got some data confirmed with password entry - $new_data = base64_decode($_POST['updated_data']); - - - // Should only happen if someone's fooling around - if (md5($new_data) != $_POST['updated_key'] || ($userMethods->hasReadonlyField($new_data) !==false)) - { - echo LAN_USET_42.'
'; - exit(); - } - - if (isset($_POST['updated_extended'])) - { - $new_extended = base64_decode($_POST['updated_extended']); - if (md5($new_extended) != $_POST['extended_key']) - { // Should only happen if someone's fooling around - echo LAN_USET_42.'
'; + //Non admin attempting to edit another user's ID + e107::redirect(); exit(); } + } - if ($userMethods->CheckPassword($_POST['currentpassword'], $udata['user_loginname'], $udata['user_password']) === false) // Use old data to validate - { // Invalid password - echo "
".LAN_INCORRECT_PASSWORD."
"; - if(!$adminEdit) + + // Save user settings (changes only) + //----------------------------------- + + if (isset($_POST['updatesettings']) || isset($_POST['SaveValidatedInfo'])) + { + // $udata = e107::user($inp); //@deprecated // Get all the existing user data, including any extended fields + + $udata = e107::user($inp); // Get all the existing user data, including any extended fields + $udata['user_classlist'] = $userMethods->addCommonClasses($udata, FALSE); + } + + + if (isset($_POST['updatesettings'])) + { + if (!vartrue($pref['auth_method'])) { - require_once (FOOTERF); + $pref['auth_method'] = 'e107'; } - else + + if ($pref['auth_method'] != 'e107') { - require_once(e_ADMIN."footer.php"); + $_POST['password1'] = ''; + $_POST['password2'] = ''; } - exit(); - } - $changedUserData = unserialize($new_data); - $savePassword = $_POST['currentpassword']; - if (!empty($new_extended)) $changedEUFData = unserialize($new_extended); - unset($new_data); - unset($new_extended); - if (isset($changedUserData['user_sess'])) - { - $photo_to_delete = $udata['user_sess']; - } - if (isset($changedUserData['user_image'])) - { - $avatar_to_delete = $udata['user_image']; - } - } -} -unset($_POST['updatesettings']); -unset($_POST['SaveValidatedInfo']); - -// At this point we know the error status. -// $changedUserData has an array of core changed data, except password, which is in $savePassword if changed (or entered as confirmation). -// $eufData has extended user field data -// $changedEUFData has any changes in extended user field data -$dataToSave = !$error && (isset($changedUserData) && count($changedUserData)) || (isset($changedEUFData['data']) && count($changedEUFData['data'])) || $savePassword; - -if ($dataToSave) -{ - // Sort out password hashes - if ($savePassword) - { - $loginname = $changedUserData['user_loginname'] ? $changedUserData['user_loginname'] : $udata['user_loginname']; - $email = (isset($changedUserData['user_email']) && $changedUserData['user_email']) ? $changedUserData['user_email'] : $udata['user_email']; - $changedUserData['user_password'] = $sql->escape($userMethods->HashPassword($savePassword, $loginname), false); - if (varset($pref['allowEmailLogin'], FALSE)) - { - $user_prefs = e107::getArrayStorage()->unserialize($udata['user_prefs']); - $user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $email); - $changedUserData['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs); - } - } - else - { - if ((isset($changedUserData['user_loginname']) && $userMethods->isPasswordRequired('user_loginname')) - || (isset($changedUserData['user_email']) && $userMethods->isPasswordRequired('user_email'))) - { - if ($_uid && ADMIN) - { // Admin is changing it - $extraErrors[] = LAN_USET_20; - } - else - { // User is changing their own info - $promptPassword = true; - } - } - } -} - -if ($dataToSave && !$promptPassword) -{ - $inp = intval($inp); - - - // We can update the basic user record now - can just update fields from $changedUserData - if (US_DEBUG) { $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Changed data:
".var_export($changedUserData, true), false, LOG_TO_ROLLING); } - if (isset($changedUserData) && count($changedUserData)) - { - $changedData['data'] = $changedUserData; - $changedData['WHERE'] = 'user_id='.$inp; - validatorClass::addFieldTypes($userMethods->userVettingInfo,$changedData); - - // print_a($changedData); - if (FALSE === $sql->update('user', $changedData)) - { - $extraErrors[] = LAN_USET_43; - } - else - { - $message = LAN_USET_41; - if (isset($changedUserData['user_password']) && !$adminEdit) + // Uploaded avatar and/or photo + if (varset($_FILES['file_userfile']['error']) != UPLOAD_ERR_NO_FILE) { - // echo "Make new cookie
"; - $userMethods->makeUserCookie(array('user_id' => $udata['user_id'],'user_password' => $changedUserData['user_password']), FALSE); // Can't handle autologin ATM - } - } - } + require_once (e_HANDLER.'resize_handler.php'); - // Save extended field values - if (isset($changedEUFData['data']) && count($changedEUFData['data'])) - { - $ue->addFieldTypes($changedEUFData); // Add in the data types for storage - $changedEUFData['WHERE'] = '`user_extended_id` = '.$inp; + $opts = array('overwrite' => TRUE, 'file_mask'=>'jpg,png,gif,jpeg', 'max_file_count' => 2); - //print_a($changedEUFData); - if (false === $sql->retrieve('user_extended', 'user_extended_id', 'user_extended_id='.$inp)) - { - // ***** Next line creates a record which presumably should be there anyway, so could generate an error if no test first - $sql->gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".$inp."', '')"); - //print_a('New extended fields added: '.$inp.'
'); - } - if (false === $sql->update('user_extended', $changedEUFData)) - { - $message .= '
Error updating EUF'; - } - } - - // Now see if we need to log anything. First check the options and class membership - // (Normally we would leave logging decision to the log class. But this one's a bit more complicated) - $user_logging_opts = e107::getConfig()->get('user_audit_opts'); - $do_log = array(); - $log_action = ''; - if ($_uid) - { // Its an admin changing someone elses data - make an admin log entry here - e107::getLog()->add('USET_01', "UID: {$udata['user_id']}. UName: {$udata['user_name']}", E_LOG_INFORMATIVE); - // Check against the class of the target user, not the admin! - if (!check_class(varset($pref['user_audit_class'], ''), $udata['user_class'])) { $user_logging_opts = array(); } - } - else - { - if (!check_class(varset($pref['user_audit_class'], ''))) { $user_logging_opts = array(); } - } - - $triggerData = array(); - if (count($changedUserData)) - { - $triggerData = $changedUserData; // Create record for changed user data trigger - $triggerData['user_id'] = $udata['user_id']; - $triggerData['_CHANGED_BY_UID'] = USERID; // May be admin changing data - $triggerData['_CHANGED_BY_UNAME'] = USERNAME; - if (!isset($triggerData['user_name'])) { $triggerData['user_name'] = $udata['user_name']; } - } - - // Now log changes if required - if (count($user_logging_opts)) - { - // Start with any specific fields we're changing - if (isset($changedUserData['user_name'])) - { - if (isset($user_logging_opts[USER_AUDIT_NEW_DN])) - { - $do_log['user_name'] = $changedUserData['user_name']; - $log_action = USER_AUDIT_NEW_DN; - } - unset($changedUserData['user_name']); - } - - if (isset($changedUserData['user_password'])) - { - if (isset($user_logging_opts[USER_AUDIT_NEW_PW])) - { // Password has already been changed to a hashed value, so OK to leave the data - $do_log['user_password'] = $changedUserData['user_password']; - $log_action = USER_AUDIT_NEW_PW; - } - unset($changedUserData['user_password']); - } - - if (isset($changedUserData['user_email'])) - { - if (isset($user_logging_opts[USER_AUDIT_NEW_EML])) - { - $do_log['user_email'] = $changedUserData['user_email']; - $log_action = USER_AUDIT_NEW_EML; - } - unset($changedUserData['user_email']); - } - - if (count($changedUserData) && isset($user_logging_opts[USER_AUDIT_NEW_SET])) - { - $do_log = array_merge($do_log, $changedUserData); - $log_action = USER_AUDIT_NEW_SET; - } - if (count($do_log)) - { // Got some changes to audit - // echo "Adding to audit log
"; - if ($_uid) - { - $log_action = USER_AUDIT_ADMIN; // If an admin did the mod, different heading - // Embed a message saying who changed the data - $changedUserData['message'] = str_replace(array('--ID--', '--LOGNAME--'), array(USERID, USERNAME), LAN_USET_18); - $admin_log->user_audit($log_action, $do_log, $udata['user_id'], $udata['user_loginname']); - } - else - { - if (count($do_log) > 1) { $log_action = USER_AUDIT_NEW_SET; } // Log multiple entries to one record - $admin_log->user_audit($log_action, $do_log); - } - } - } // End of audit logging - - - // Now tidy up - if ($photo_to_delete) - { // Photo may be a flat file, or in the database - delete_file($photo_to_delete); - } - if ($avatar_to_delete) - { // Avatar may be a flat file, or in the database - delete_file($avatar_to_delete); - } - - // If user has changed display name, update the record in the online table - if (isset($changedUserData['user_name']) && !$_uid) - { - $sql->update('online', "online_user_id = '".USERID.".".$changedUserData['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'"); - } - - - - - e107::getEvent()->trigger('postuserset', $_POST); - if (count($triggerData)) - { - e107::getEvent()->trigger('userdatachanged', $triggerData); - } - - if (e_QUERY == 'update') - { - e107::redirect(); - } - - if($adminEdit && $message) - { - $mes->addSuccess($message); - } - - - if(isset($USERSETTINGS_MESSAGE)) - { - $message = str_replace("{MESSAGE}",$message,$USERSETTINGS_MESSAGE); - } - elseif(!deftrue('BOOTSTRAP')) // backwards compatible - { - $message = "
".$message.'
'; - - } - - $caption = (isset($USERSETTINGS_MESSAGE_CAPTION)) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK; - -} // End - if (!$error)... - - -if (!$error && !$promptPassword) -{ - if(isset($_POST) && vartrue($changedUserData['user_name'])) - { - $redirect = e107::getRedirect(); - $url = e107::getUrl(); - $to = $_uid ? $url->create('user/profile/edit', array('id' => $_uid, 'name' => $changedUserData['user_name'])) : $url->create('user/myprofile/edit'); - if($message) e107::getMessage()->addSuccess($message, 'default', true); - $redirect->redirect($to); - } - unset($_POST); -} - - -if ($error) -{ - // require_once (e_HANDLER.'message_handler.php'); - $temp = array(); - if (count($extraErrors)) - { - $temp[] = implode('
', $extraErrors); - } - if (count($allData['errors'])) - { - $temp[] = validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo); - } - if (vartrue($eufVals['errors'])) - { - $temp[] = '
'.validatorClass::makeErrorList($eufVals,'USER_ERR_','%n - %x - %t: %v', '
', NULL); - } - // message_handler('P_ALERT', implode('
', $temp)); - - $errorMsg = implode('
', $temp); - - if(deftrue('BOOTSTRAP')) - { - echo e107::getMessage()->addError($errorMsg)->render(); - } - else - { - $ns->tablerender($caption, $message); - } - - -// $adref = $_POST['adminreturn']; -} - - -// --- User data has been updated here if appropriate --- -$testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true); // only success in the session -if($testSessionMessage) $message = implode('
', $testSessionMessage); // we got raw message - array - -if (isset($message)) -{ - if(deftrue('BOOTSTRAP')) - { - echo e107::getMessage()->addInfo($message)->render(); - } - else - { - $ns->tablerender($caption, $message); - } -} - - -$uuid = ($_uid ? $_uid : USERID); // If $_uid is set, its an admin changing another user's data - - -if ($promptPassword) -{ // User has to enter password to validate data - $updated_data = serialize($changedUserData); - $validation_key = md5($updated_data); - $updated_data = base64_encode($updated_data); - $updated_extended = serialize($changedEUFData); - $extended_key = md5($updated_extended); - $updated_extended = base64_encode($updated_extended); - $text = "
- - - - -
"; - foreach ($_POST as $k => $v) - { - if (is_array($v)) - { - foreach ($v as $sk => $sv) + if ($uploaded = e107::getFile()->getUploaded(e_AVATAR_UPLOAD, 'prefix+ap_'.$tp->leadingZeros($udata['user_id'],7).'_', $opts)) { - $text .= "\n"; + foreach ($uploaded as $upload) + { + if ($upload['name'] && ($upload['index'] == 'avatar') && $pref['avatar_upload']) + { + // avatar uploaded - give it a reference which identifies it as server-stored + // Vetting routines will do resizing and so on + $_POST['image'] = '-upload-'.$upload['name']; + } + elseif ($upload['name'] && ($upload['index'] == 'photo') && $pref['photo_upload']) + { + // photograph uploaded + $_POST['user_sess'] = '-upload-'.$upload['name']; + } + elseif (isset($upload['error']) && isset($upload['message'])) + { + $extraErrors[] = $upload['message']; + } + + } + } + + + } + + + // Now validate everything - just check everything that's been entered + $allData = validatorClass::validateFields($_POST,$userMethods->userVettingInfo, TRUE); // Do basic validation + validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', $inp); // Do basic DB-related checks + $userMethods->userValidation($allData); // Do user-specific DB checks + + $savePassword = ''; + + if (($_POST['password1'] != '') || ($_POST['password2'] != '')) + { // Need to validate new password here + if (!isset($allData['errors']['user_password'])) + { // No errors in password yet - may be valid + $savePassword = $allData['data']['user_password']; + unset($allData['data']['user_password']); // Delete the password value in the output array } } else { - $text .= "\n"; + unset($allData['errors']['user_password']); // Delete the error which an empty password field generates + } + + unset($_POST['password1']); + unset($_POST['password2']); + + + $changedUserData = validatorClass::findChanges($allData['data'], $udata,FALSE); + + + e107::getMessage()->addDebug("
Existing User Info
".print_a($udata,true)); + e107::getMessage()->addDebug('
$allData
'.print_a($allData['data'],true)); + + e107::getMessage()->addDebug("
Posted Changes
".print_a($changedUserData,true)); + + // Login Name checks - only admin can change login name + if (isset($changedUserData['user_loginname'])) + { + if (ADMIN && getperms('4')) + { + if (!check_class($pref['displayname_class'], $udata['user_classlist'], $adminEdit)) + { // Display name and login name must be the same + $changedUserData['user_name'] = $changedUserData['user_loginname']; + } + } + else + { + unset($changedUserData['user_loginname']); // Just doing this is probably being kind! + $alldata['errors']['user_loginname'] = ERR_GENERIC; + $alldata['errortext']['user_loginname'] = LAN_USER_85; + } + } + + + // See if user just wants to delete existing photo + if (isset($_POST['user_delete_photo'])) + { + $photo_to_delete = $udata['user_sess']; + $changedUserData['user_sess'] = ''; + } + + + + if ($udata['user_image'] && !isset($changedUserData['user_image'])) + { + // $changedUserData['user_image'] = ''; // FIXME Deletes the user's image when no changes made. + $avatar_to_delete = str_replace('-upload-', '', $udata['user_image']); + } + + // Validate Extended User Fields. + $changedEUFData = array(); + if (isset($_POST['ue'])) + { + $eufVals = $ue->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],TRUE)); // Validate the extended user fields + $changedEUFData['data'] = validatorClass::findChanges($eufVals['data'], $udata,FALSE); + } + + + // Determine whether we have an error + $error = ((isset($allData['errors']) && count($allData['errors'])) || (isset($eufVals['errors']) && count($eufVals['errors'])) || count($extraErrors)); + + + // Update Userclass - only if its the user changing their own data (admins can do it another way) + if (isset($allData['data']['user_class'])) + { + unset($changedUserData['user_class']); // We always recalculate this + if (FALSE === $adminEdit) // Make sure admin can't edit another's user classes + { + + $e_userclass = e107::getUserClass(); + $ucList = $e_userclass->get_editable_classes(USERCLASS_LIST,TRUE); // List of classes which this user can edit + if (count($ucList)) + { + $nid = $e_userclass->mergeClassLists($udata['user_class'], $ucList, $allData['data']['user_class'], TRUE); + $nid = $e_userclass->stripFixedClasses($nid); + $nid = implode(',',$nid); + // echo "Userclass data - new: {$nid}, old: {$udata['user_baseclasslist']}, editable: ".implode(',',$ucList).", entered: {$allData['data']['user_class']}
"; + if ($nid != $udata['user_baseclasslist']) + { + if (US_DEBUG) + { + e107::getLog()->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Write back classes; old list: {$udata['user_class']}; new list: ".$nid, false, LOG_TO_ROLLING); + } + $changedUserData['user_class'] = $nid; + } + } + } + } + + + + e107::getMessage()->addDebug("

Processed Posted Changes

".print_a($changedUserData,true)); + + // All key fields validated here + // ----------------------------- + // $inp - UID of user whose data is being changed (may not be the currently logged in user) + $inp = intval($inp); + if (!$error && count($changedUserData) || count($changedEUFData)) + { + $_POST['user_id'] = $inp; + $ret =e107::getEvent()->trigger('preuserset', $_POST); + + if ($ret == '') + { + + // Only admins can update login name - do this just in case one of the event triggers has mucked it about + if (!(ADMIN && getperms('4'))) + { + unset($changedUserData['user_loginname']); + } + } + else + { // Invalid data - from hooked in trigger event + $message = "
".$ret."
"; + $caption = LAN_OK; + $error = true; + } + } + } // End - update setttings + elseif(isset($_POST['SaveValidatedInfo'])) // Next bit only valid if user editing their own data + { +/* if(!empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key'])) + { // Got some data confirmed with password entry*/ + $new_data = base64_decode($_POST['updated_data']); + + // Should only happen if someone's fooling around + if ($this->getValidationKey($new_data) !== $_POST['updated_key'] || ($userMethods->hasReadonlyField($new_data) !==false)) + { + echo LAN_USET_42.'
'; + return false; + } + + if (isset($_POST['updated_extended'])) + { + $new_extended = base64_decode($_POST['updated_extended']); + + if ($this->getValidationKey($new_extended) !== $_POST['extended_key']) + { // Should only happen if someone's fooling around + echo LAN_USET_42.'
'; + return false; + } + } + + if ($userMethods->CheckPassword($_POST['currentpassword'], $udata['user_loginname'], $udata['user_password']) === false) // Use old data to validate + { // Invalid password + + $mes->addError("

".LAN_INCORRECT_PASSWORD."

"); + $mes->addError("".LAN_BACK.""); + + echo $mes->render(); + return false; + } + + + $changedUserData = e107::unserialize($new_data); + + $savePassword = $_POST['currentpassword']; + + if(!empty($new_extended)) + { + $changedEUFData = e107::unserialize($new_extended); + } + + unset($new_data); + unset($new_extended); + + if (isset($changedUserData['user_sess'])) + { + $photo_to_delete = $udata['user_sess']; + } + if (isset($changedUserData['user_image'])) + { + $avatar_to_delete = $udata['user_image']; + } + // } + } + unset($_POST['updatesettings']); + unset($_POST['SaveValidatedInfo']); + + + // At this point we know the error status. + // $changedUserData has an array of core changed data, except password, which is in $savePassword if changed (or entered as confirmation). + // $eufData has extended user field data + // $changedEUFData has any changes in extended user field data + $dataToSave = !$error && (isset($changedUserData) && count($changedUserData)) || (isset($changedEUFData['data']) && count($changedEUFData['data'])) || $savePassword; + + if ($dataToSave) + { + // Sort out password hashes + if ($savePassword) + { + $loginname = $changedUserData['user_loginname'] ? $changedUserData['user_loginname'] : $udata['user_loginname']; + $email = (isset($changedUserData['user_email']) && $changedUserData['user_email']) ? $changedUserData['user_email'] : $udata['user_email']; + $changedUserData['user_password'] = $sql->escape($userMethods->HashPassword($savePassword, $loginname), false); + if (varset($pref['allowEmailLogin'], FALSE)) + { + $user_prefs = e107::unserialize($udata['user_prefs']); + $user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $email); + $changedUserData['user_prefs'] = e107::serialize($user_prefs); + } + } + else + { + if ((isset($changedUserData['user_loginname']) && $userMethods->isPasswordRequired('user_loginname')) + || (isset($changedUserData['user_email']) && $userMethods->isPasswordRequired('user_email'))) + { + if ($_uid && ADMIN) + { // Admin is changing it + $extraErrors[] = LAN_USET_20; + } + else + { // User is changing their own info + $promptPassword = true; + } + } } } - $text .= LAN_USET_21."
 
"; - $text .= " - -
 
-
"; -$ns->tablerender(LAN_USET_39, $text); -if(!$adminEdit) -{ - require_once (FOOTERF); -} -else -{ - require_once(e_ADMIN."footer.php"); -} -} + + if ($dataToSave && !$promptPassword) + { + $inp = intval($inp); -//-------------------------------------------------------- -// Re-read the user data into curVal (ready for display) -//-------------------------------------------------------- + // We can update the basic user record now - can just update fields from $changedUserData + if (US_DEBUG) { e107::getLog()->e_log_event(10, debug_backtrace(), "DEBUG", "Usersettings test", "Changed data:
".var_export($changedUserData, true), false, LOG_TO_ROLLING); } + if (isset($changedUserData) && count($changedUserData)) + { + $changedData['data'] = $changedUserData; + $changedData['WHERE'] = 'user_id='.$inp; + validatorClass::addFieldTypes($userMethods->userVettingInfo,$changedData); -$qry = " -SELECT u.*, ue.* FROM #user AS u -LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id -WHERE u.user_id=".intval($uuid); + // print_a($changedData); + if (FALSE === $sql->update('user', $changedData)) + { + $extraErrors[] = LAN_USET_43; + } + else + { + $message = LAN_USET_41; + if (isset($changedUserData['user_password']) && !$adminEdit) + { + // echo "Make new cookie
"; + $userMethods->makeUserCookie(array('user_id' => $udata['user_id'],'user_password' => $changedUserData['user_password']), FALSE); // Can't handle autologin ATM + } + } + } -$sql->gen($qry); -$curVal=$sql->fetch(); -$curVal['user_class'] = varset($changedUserData['user_class'], $curVal['user_class']); -$curVal['userclass_list'] = $userMethods->addCommonClasses($curVal, FALSE); + // Save extended field values + if (isset($changedEUFData['data']) && count($changedEUFData['data'])) + { + $ue->addFieldTypes($changedEUFData); // Add in the data types for storage + $changedEUFData['WHERE'] = '`user_extended_id` = '.$inp; + + //print_a($changedEUFData); + if (false === $sql->retrieve('user_extended', 'user_extended_id', 'user_extended_id='.$inp)) + { + // ***** Next line creates a record which presumably should be there anyway, so could generate an error if no test first + $sql->gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".$inp."', '')"); + //print_a('New extended fields added: '.$inp.'
'); + } + if (false === $sql->update('user_extended', $changedEUFData)) + { + $message .= '
Error updating EUF'; + } + + } + + // Now see if we need to log anything. First check the options and class membership + // (Normally we would leave logging decision to the log class. But this one's a bit more complicated) + $user_logging_opts = e107::getConfig()->get('user_audit_opts'); + $do_log = array(); + $log_action = ''; + if ($_uid) + { // Its an admin changing someone elses data - make an admin log entry here + e107::getLog()->add('USET_01', "UID: {$udata['user_id']}. UName: {$udata['user_name']}", E_LOG_INFORMATIVE); + // Check against the class of the target user, not the admin! + if (!check_class(varset($pref['user_audit_class'], ''), $udata['user_class'])) { $user_logging_opts = array(); } + } + else + { + if (!check_class(varset($pref['user_audit_class'], ''))) { $user_logging_opts = array(); } + } + + $triggerData = array(); + if (count($changedUserData)) + { + $triggerData = $changedUserData; // Create record for changed user data trigger + $triggerData['user_id'] = $udata['user_id']; + $triggerData['_CHANGED_BY_UID'] = USERID; // May be admin changing data + $triggerData['_CHANGED_BY_UNAME'] = USERNAME; + if (!isset($triggerData['user_name'])) { $triggerData['user_name'] = $udata['user_name']; } + } + + // Now log changes if required + if (count($user_logging_opts)) + { + // Start with any specific fields we're changing + if (isset($changedUserData['user_name'])) + { + if (isset($user_logging_opts[USER_AUDIT_NEW_DN])) + { + $do_log['user_name'] = $changedUserData['user_name']; + $log_action = USER_AUDIT_NEW_DN; + } + unset($changedUserData['user_name']); + } + + if (isset($changedUserData['user_password'])) + { + if (isset($user_logging_opts[USER_AUDIT_NEW_PW])) + { // Password has already been changed to a hashed value, so OK to leave the data + $do_log['user_password'] = $changedUserData['user_password']; + $log_action = USER_AUDIT_NEW_PW; + } + unset($changedUserData['user_password']); + } + + if (isset($changedUserData['user_email'])) + { + if (isset($user_logging_opts[USER_AUDIT_NEW_EML])) + { + $do_log['user_email'] = $changedUserData['user_email']; + $log_action = USER_AUDIT_NEW_EML; + } + unset($changedUserData['user_email']); + } + + if (count($changedUserData) && isset($user_logging_opts[USER_AUDIT_NEW_SET])) + { + $do_log = array_merge($do_log, $changedUserData); + $log_action = USER_AUDIT_NEW_SET; + } + if (count($do_log)) + { // Got some changes to audit + // echo "Adding to audit log
"; + if ($_uid) + { + $log_action = USER_AUDIT_ADMIN; // If an admin did the mod, different heading + // Embed a message saying who changed the data + $changedUserData['message'] = str_replace(array('--ID--', '--LOGNAME--'), array(USERID, USERNAME), LAN_USET_18); + e107::getLog()->user_audit($log_action, $do_log, $udata['user_id'], $udata['user_loginname']); + } + else + { + if (count($do_log) > 1) { $log_action = USER_AUDIT_NEW_SET; } // Log multiple entries to one record + e107::getLog()->user_audit($log_action, $do_log); + } + } + } // End of audit logging + + + // Now tidy up + if ($photo_to_delete) + { // Photo may be a flat file, or in the database + $this->deleteFile($photo_to_delete); + } + if ($avatar_to_delete) + { // Avatar may be a flat file, or in the database + $this->deleteFile($avatar_to_delete); + } + + // If user has changed display name, update the record in the online table + if (isset($changedUserData['user_name']) && !$_uid) + { + $sql->update('online', "online_user_id = '".USERID.".".$changedUserData['user_name']."' WHERE online_user_id = '".USERID.".".USERNAME."'"); + } + + + + + e107::getEvent()->trigger('postuserset', $_POST); + if (count($triggerData)) + { + e107::getEvent()->trigger('userdatachanged', $triggerData); + } + + if (e_QUERY == 'update') + { + e107::redirect(); + } + + if($adminEdit && $message) + { + $mes->addSuccess($message); + } + + + $USERSETTINGS_MESSAGE =$this->getTemplate('message'); + $USERSETTINGS_MESSAGE_CAPTION = $this->getTemplate('message_caption'); + + if(isset($USERSETTINGS_MESSAGE)) + { + $message = str_replace("{MESSAGE}",$message,$USERSETTINGS_MESSAGE); + } + elseif(!deftrue('BOOTSTRAP')) // backwards compatible + { + $message = "
".$message.'
'; + + } + + $caption = (isset($USERSETTINGS_MESSAGE_CAPTION)) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK; + + } // End - if (!$error)... + + + if (!$error && !$promptPassword) + { + if(isset($_POST) && vartrue($changedUserData['user_name'])) + { + $redirect = e107::getRedirect(); + $url = e107::getUrl(); + $to = $_uid ? $url->create('user/profile/edit', array('id' => $_uid, 'name' => $changedUserData['user_name'])) : $url->create('user/myprofile/edit'); + if($message) e107::getMessage()->addSuccess($message, 'default', true); + $redirect->redirect($to); + } + unset($_POST); + } + + + if ($promptPassword) // User has to enter password to validate data + { + $this->renderPasswordForm($changedUserData,$changedEUFData); + return false; + } + + + + if ($error) + { + $message = $this->compileErrors($extraErrors, $allData, $eufVals); + + // if(!empty($message)) + { + if(deftrue('BOOTSTRAP')) + { + echo e107::getMessage()->addError($message)->render(); + } + else + { + $ns->tablerender($caption, $message); + } + } + } + else // --- User data has been updated here if appropriate --- + { + + $testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true); // only success in the session + + if($testSessionMessage) $message = implode('
', $testSessionMessage); // we got raw message - array + + if(empty($message)) + { + $message = LAN_USET_41; // probably only extended fields updated. + } + + if(deftrue('BOOTSTRAP')) + { + echo e107::getMessage()->addSuccess($message)->render(); + } + else + { + $ns->tablerender($caption, $message); + } + + } + + + + $this->renderForm($changedUserData); -if (vartrue($_POST)) -{ // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values - // (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block - foreach ($_POST as $key => $val) - { - if ($key != 'class') { $curVal['user_'.$key] = $tp->post_toForm($val); } } - foreach ($_POST['ue'] as $key => $val) + + + /** + * @param $extraErrors + * @param $allData + * @param $eufVals + * @return string + */ + private function compileErrors($extraErrors, $allData, $eufVals) { - $curVal[$key] = $tp->post_toForm($val); + $temp = array(); + $userMethods = e107::getUserSession(); + + if (count($extraErrors)) + { + $temp[] = implode('
', $extraErrors); + } + + if (count($allData['errors'])) + { + $temp[] = validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo); + } + + if (vartrue($eufVals['errors'])) + { + $temp[] = '
'.validatorClass::makeErrorList($eufVals,'USER_ERR_','%n - %x - %t: %v', '
', NULL); + } + + return implode('
', $temp); + + } + + + /** + * @param $string + * @return string + */ + private function getValidationKey($string) + { + return crypt($string, e_TOKEN); + } + + + /** + * @param $changedUserData + * @param $changedEUFData + */ + private function renderPasswordForm($changedUserData, $changedEUFData ) + { + $ns = e107::getRender(); + $updated_data = e107::serialize($changedUserData,'json'); + $validation_key = $this->getValidationKey($updated_data); + $updated_data = base64_encode($updated_data); + $updated_extended = e107::serialize($changedEUFData, 'json'); + $extended_key = $this->getValidationKey($updated_extended); + $updated_extended = base64_encode($updated_extended); + + $formTarget = e107::getUrl()->create('user/myprofile/edit'); + + $text = "
+ + + + + +
"; + + foreach ($_POST as $k => $v) + { + if (is_array($v)) + { + foreach ($v as $sk => $sv) + { + $text .= "\n"; + } + } + else + { + $text .= "\n"; + } + } + + $text .= LAN_USET_21."
 
+ + "; + + $text .= " + + + + +
 
+ ".e107::getForm()->button('SaveValidatedInfo',1, 'submit', LAN_ENTER)." +
+
"; + + + + + $ns->tablerender(LAN_USET_39, $text); + + } + + + /** + * @param $changedUserData + */ + private function renderForm($changedUserData) + { + $sql = e107::getDb(); + $ns = e107::getRender(); + $tp = e107::getParser(); + $userMethods = e107::getUserSession(); + $uuid = USERID; + $qry = " + SELECT u.*, ue.* FROM #user AS u + LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id + WHERE u.user_id=".intval($uuid); + + $sql->gen($qry); // Re-read the user data into curVal (ready for display) + $curVal=$sql->fetch(); + $curVal['user_class'] = varset($changedUserData['user_class'], $curVal['user_class']); + $curVal['userclass_list'] = $userMethods->addCommonClasses($curVal, FALSE); + + if(!empty($_POST)) + { // Fix for all the values being lost when there was an error in a field - restore from the latest $_POST values + // (Password fields have intentionally been cleared). If no error, there's an unset($_POST) to disable this block + foreach ($_POST as $key => $val) + { + if ($key != 'class') { $curVal['user_'.$key] = $tp->post_toForm($val); } + } + foreach ($_POST['ue'] as $key => $val) + { + $curVal[$key] = $tp->post_toForm($val); + } + } + + $text = '
'; + + //$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'")); + + if (e_QUERY == "update") + { + $text .= "

".str_replace("*", "*", LAN_USET_9)."
".LAN_USET_10."

"; + } + + // e107::scStyle($sc_style); + e107::getScBatch('usersettings')->setVars($curVal); + + $USERSETTINGS_EDIT = $this->getTemplate('edit'); + $USERSETTINGS_EDIT_CAPTION = $this->getTemplate('edit_caption'); + + $text .= $tp->parseTemplate($USERSETTINGS_EDIT, true, $this->sc); //ParseSC must be set to true so that custom plugin -shortcodes can be utilized. + + + $text .= "
+
+ "; + + $caption = (isset($USERSETTINGS_EDIT_CAPTION)) ? $USERSETTINGS_EDIT_CAPTION : LAN_USET_39; // 'Update User Settings' + + $ns->tablerender($caption, $text); + + + + + + } + + + + + // + /**' + * todo review and remove method if deemed appropriate + * Delete a file from the public directories. Return TRUE on success, FALSE on failure. + * Also deletes from database if appropriate. + * @param $fname + */ + private function deleteFile($fname) + { + /* + $dir = 'avatars/'; + + $sql = e107::getDb(); + $tp = e107::getParser(); + + $fname = trim($fname); + if (!$fname) return false; + + if (preg_match("#Binary (.*?)/#", $fname, $match)) + { + return $sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'"); + } + elseif (file_exists(e_UPLOAD.$dir.$fname)) + { + unlink(e_UPLOAD.$dir.$fname); + return true; + } + return false; + */ + } + } -//require_once (e_HANDLER."form_handler.php"); -//$rs = new form; - -$text = '
'; - -//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'")); - -if (e_QUERY == "update") -{ - $text .= "

".str_replace("*", "*", LAN_USET_9)."
".LAN_USET_10."

"; -} - -// e107::scStyle($sc_style); -e107::getScBatch('usersettings')->setVars($curVal); - -$text .= $tp->parseTemplate($USERSETTINGS_EDIT, true, $usersettings_shortcodes); //ParseSC must be set to true so that custom plugin -shortcodes can be utilized. - - -$text .= "
-
-"; - -$caption = (isset($USERSETTINGS_EDIT_CAPTION)) ? $USERSETTINGS_EDIT_CAPTION : LAN_USET_39; // 'Update User Settings' - -$ns->tablerender($caption, $text); - -if(!$adminEdit) -{ - require_once (FOOTERF); -} -else -{ - require_once(e_ADMIN."footer.php"); -} - +$us = new usersettings_front; +require_once (HEADERF); +$us->init(); +require_once (FOOTERF); @@ -814,28 +958,4 @@ function req($field) } -// Delete a file from the public directories. Return TRUE on success, FALSE on failure. -// Also deletes from database if appropriate. -function delete_file($fname, $dir = 'avatars/') -{ - return; - /* - $sql = e107::getDb(); - $tp = e107::getParser(); - - $fname = trim($fname); - if (!$fname) return false; - - if (preg_match("#Binary (.*?)/#", $fname, $match)) - { - return $sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'"); - } - elseif (file_exists(e_UPLOAD.$dir.$fname)) - { - unlink(e_UPLOAD.$dir.$fname); - return true; - } - return false; - */ -}