$error = ""; if (isset($_POST['updatesettings'])) { if(!varsettrue($pref['auth_method']) || $pref['auth_method'] == '>e107') { $pref['auth_method'] = 'e107'; } if($pref['auth_method'] != 'e107') { $_POST['password1'] = ''; $_POST['password2'] = ''; } if ($_uid && ADMIN) { // Admin logged in and editing another user's settings - so editing a different ID $inp = $_uid; $remflag = TRUE; } else { // Current user logged in - use their ID $inp = USERID; } $_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix) // check prefs for required fields =================================. if ($_POST['image'] && $size = getimagesize($_POST['image'])) { $avwidth = $size[0]; $avheight = $size[1]; $avmsg = ""; $pref['im_width'] = ($pref['im_width']) ? $pref['im_width'] : 120; $pref['im_height'] = ($pref['im_height']) ? $pref['im_height'] : 100; if ($avwidth > $pref['im_width']) { $avmsg .= LAN_USET_1." ($avwidth)
".LAN_USET_2.": {$pref['im_width']}

"; } if ($avheight > $pref['im_height']) { $avmsg .= LAN_USET_3." ($avheight)
".LAN_USET_4.": {$pref['im_height']}"; } if ($avmsg) { $_POST['image'] = ""; $error = $avmsg; } } $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122, LAN_USET_6); $signup_option_names = array("realname", "signature", "image", "timezone", "class"); foreach($signup_option_names as $key => $value) { // Check required signup fields if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid) { $error .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n"; } } if (isset($_POST['loginname'])) { // Only check if its been edited $temp_name = trim(preg_replace('/ |\#|\=|\$/', "", strip_tags($_POST['loginname']))); if ($temp_name != $_POST['loginname']) { $error .= LAN_USET_13."\\n"; } $_POST['loginname'] = $temp_name; } // ==================================================================== $pwreset = ""; if ($_POST['password1'] != $_POST['password2']) { $error .= LAN_105."\\n"; } else { if(trim($_POST['password1']) != "") { $pwreset = "user_password = '".md5(trim($_POST['password1']))."', "; } } if(isset($pref['signup_disallow_text'])) { $tmp = explode(",", $pref['signup_disallow_text']); foreach($tmp as $disallow){ if(strstr($_POST['username'], $disallow)){ $error .= LAN_USET_11."\\n"; } } } if (strlen(trim($_POST['password1'])) < $pref['signup_pass_len'] && trim($_POST['password1']) != "") { $error .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n"; $password1 = ""; $password2 = ""; } if (isset($pref['disable_emailcheck']) && $pref['disable_emailcheck']==1) { } else { if (!check_email($_POST['email'])) { $error .= LAN_106."\\n"; } } // Check for duplicate of email address if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".$inp."' ")) { $error .= LAN_408."\\n"; } // Impose a minimum length on display name $username = trim(strip_tags($_POST['username'])); if (isset($_POST['username']) && strlen($username) < 2) { $error .= LAN_USET_12."\\n"; } $user_sess = ""; if ($file_userfile['error'] != 4) { require_once(e_HANDLER."upload_handler.php"); require_once(e_HANDLER."resize_handler.php"); if ($uploaded = file_upload(e_FILE."public/avatars/", "avatar")) { if ($uploaded[0]['name'] && $pref['avatar_upload']) { // avatar uploaded $_POST['image'] = "-upload-".$uploaded[0]['name']; if (!resize_image(e_FILE."public/avatars/".$uploaded[0]['name'], e_FILE."public/avatars/".$uploaded[0]['name'], "avatar")) { unset($message); $error .= RESIZE_NOT_SUPPORTED."\\n"; @unlink(e_FILE."public/avatars/".$uploaded[0]['name']); } } if ($uploaded[1]['name'] || (!$pref['avatar_upload'] && $uploaded[0]['name'])) { // photograph uploaded $user_sess = ($pref['avatar_upload'] ? $uploaded[1]['name'] : $uploaded[0]['name']); resize_image(e_FILE."public/avatars/".$user_sess, e_FILE."public/avatars/".$user_sess, 180); } } } if ($user_sess != "") { $sesschange = "user_sess = '".$tp->toDB($user_sess)."', "; } // Validate Extended User Fields. if($_POST['ue']) { if($sql->db_Select('user_extended_struct')) { while($row = $sql->db_Fetch()) { $extList["user_".$row['user_extended_struct_name']] = $row; } } $ue_fields = ""; foreach($_POST['ue'] as $key => $val) { $err = false; $parms = explode("^,^", $extList[$key]['user_extended_struct_parms']); $regex = $tp->toText($parms[1]); $regexfail = $tp->toText($parms[2]); if(defined($regexfail)) {$regexfail = constant($regexfail);} if($val == '' && $extList[$key]['user_extended_struct_required'] == 1 && !$_uid) { $error .= LAN_SIGNUP_6.($tp->toHtml($extList[$key]['user_extended_struct_text'],FALSE,"defs"))." ".LAN_SIGNUP_7."\\n"; $err = TRUE; } if($regex != "" && $val != "") { if(!preg_match($regex, $val)) { $error .= $regexfail."\\n"; $err = TRUE; } } if(!$err) { $val = $tp->toDB($val); $ue_fields .= ($ue_fields) ? ", " : ""; $ue_fields .= $key."='".$val."'"; } } } if (!$error) { unset($_POST['password1']); unset($_POST['password2']); $ret = $e_event->trigger("preuserset", $_POST); if(trim($_POST['user_xup']) != "") { if($sql->db_Select('user', 'user_xup', "user_id = '".intval($inp)."'")) { $row = $sql->db_Fetch(); $update_xup = ($row['user_xup'] != $_POST['user_xup']) ? TRUE : FALSE; } } if ($ret == '') { $udata = get_user_data($inp); $peer = ($inp == USERID ? false : true); $loginname = strip_tags($_POST['loginname']); if (!$loginname) { $sql->db_Select("user", "user_loginname", "user_id='".intval($inp)."'"); $row = $sql -> db_Fetch(); $loginname = $row['user_loginname']; } else { if(!check_class($pref['displayname_class'], $udata['user_class'], $peer)) { $new_username = "user_name = '{$loginname}', "; $username = $loginname; } } if (isset($_POST['username']) && check_class($pref['displayname_class'])) { $username = strip_tags($_POST['username']); $username = $tp->toDB(substr($username, 0, $pref['displayname_maxlength'])); $new_username = "user_name = '{$username}', "; } $_POST['signature'] = $tp->toDB($_POST['signature']); $_POST['realname'] = $tp->toDB($_POST['realname']); $new_customtitle = ""; if(isset($_POST['customtitle']) && ($pref['forum_user_customtitle'] || ADMIN)) { $new_customtitle = ", user_customtitle = '".$tp->toDB($_POST['customtitle'])."' "; } if($ue_fields) { $hidden_fields = implode("^", array_keys($_POST['hide'])); if($hidden_fields != "") { $hidden_fields = "^".$hidden_fields."^"; } $ue_fields .= ", user_hidden_fields = '".$hidden_fields."'"; } $sql->db_Update("user", "{$new_username} {$pwreset} {$sesschange} user_email='".$tp -> toDB($_POST['email'])."', user_signature='".$_POST['signature']."', user_image='".$tp -> toDB($_POST['image'])."', user_timezone='".$tp -> toDB($_POST['timezone'])."', user_hideemail='".$tp -> toDB($_POST['hideemail'])."', user_login='".$_POST['realname']."' {$new_customtitle}, user_xup='".$tp -> toDB($_POST['user_xup'])."' WHERE user_id='".intval($inp)."' "); // If user has changed display name, update the record in the online table if(isset($username) && ($username != USERNAME) && !$_uid) { $sql->db_Update("online", "online_user_id = '".USERID.".".$username."' WHERE online_user_id = '".USERID.".".USERNAME."'"); } if(ADMIN && getperms("4")) { $sql -> db_Update("user", "user_loginname='".$tp -> toDB($loginname)."' WHERE user_id='".intval($inp)."' "); } if($ue_fields) { $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('".intval($inp)."', '')"); $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'"); } // Update Userclass ======= if (!$_uid && $sql->db_Select("userclass_classes", "*", "userclass_editclass IN (".USERCLASS_LIST.")")) { $ucList = $sql->db_getList(); if ($sql->db_Select("user", "user_class", "user_id = '".intval($inp)."'")) { $row = $sql->db_Fetch(); $cur_classes = explode(",", $row['user_class']); $newclist = array_flip($cur_classes); foreach($ucList as $c) { $cid = $c['userclass_id']; if(!in_array($cid, $_POST['class'])) { unset($newclist[$cid]); } else { $newclist[$cid] = 1; } } $newclist = array_keys($newclist); $nid = implode(',', array_diff($newclist, array(''))); $sql->db_Update("user", "user_class='".$nid."' WHERE user_id='".intval($inp)."'"); } } if($update_xup == TRUE) { require_once(e_HANDLER."login.php"); userlogin::update_xup($inp, $_POST['user_xup']); } $e_event->trigger("postuserset", $_POST); // ======================= if(e_QUERY == "update") { header("Location: index.php"); } $message = "

".LAN_150."

"; $caption = LAN_151; } else { $message = "

".$ret."

"; $caption = LAN_151; } unset($_POST); } } if ($error) { require_once(e_HANDLER."message_handler.php"); message_handler("P_ALERT", $error); $adref = $_POST['adminreturn']; } // ------------------- if(isset($message)) { $ns->tablerender($caption, $message); } // --------------------- $uuid = ($_uid) ? $_uid : USERID; $qry = " SELECT u.*, ue.* FROM #user AS u LEFT JOIN #user_extended AS ue ON ue.user_extended_id = u.user_id WHERE u.user_id='".intval($uuid)."' "; $sql->db_Select_gen($qry); $curVal=$sql->db_Fetch(); $tmp = ($curVal['user_class'] != "" ? explode(",", $curVal['user_class']) : ""); $tmp[] = e_UC_MEMBER; $tmp[] = e_UC_READONLY; $tmp[] = e_UC_PUBLIC; if($curVal['user_admin'] == 1) { $tmp[] = e_UC_ADMIN; } $curVal['userclass_list'] = implode(",", $tmp); if($_POST) { // Fix for all the values being lost when an error occurred. foreach($_POST as $key => $val) { $curVal["user_".$key] = $val; } foreach($_POST['ue'] as $key => $val) { $curVal[$key] = $val; } } require_once(e_HANDLER."form_handler.php"); $rs = new form; $text = (e_QUERY ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " enctype='multipart/form-data'")); if(e_QUERY == "update") { $text .= "

".str_replace("*","*",LAN_USET_9)."
".LAN_USET_10."

"; } $text .= $tp->parseTemplate($USERSETTINGS_EDIT, FALSE, $usersettings_shortcodes); $text .= "

"; $text .= "

"; $ns->tablerender(LAN_155, $text); require_once(FOOTERF); //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// function req($field) { global $pref; if ($field == 2) { $ret = " *"; } else { $ret = ""; } return $ret; } //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// function headerjs() { global $cal; $script = "\n"; $script .= $cal->load_files(); return $script; } ?>