3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
7 // | usersettings.php |
9 // | Geeklog user settings page. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
35 require_once 'lib-common.php';
36 require_once $_CONF['path_system'] . 'lib-user.php';
38 // Set this to true to have this script generate various debug messages in
42 // Uncomment the line below if you need to debug the HTTP variables being passed
43 // to the script. This will sometimes cause errors but it will allow you to see
44 // the data being passed in a POST operation
45 // echo COM_debug($_POST);
48 * Shows the user's current settings
53 global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN;
55 $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}");
56 $A = DB_fetchArray ($result);
58 $preferences = new Template ($_CONF['path_layout'] . 'preferences');
59 $preferences->set_file (array ('profile' => 'profile.thtml',
60 'photo' => 'userphoto.thtml',
61 'username' => 'username.thtml',
62 'deleteaccount' => 'deleteaccount.thtml'));
64 include ($_CONF['path_system'] . 'classes/navbar.class.php');
67 foreach ($LANG_MYACCOUNT as $id => $label) {
68 $navbar->add_menuitem($label,'showhideProfileEditorDiv("'.$id.'",'.$cnt.');return false;',true);
71 $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
72 $preferences->set_var ( 'xhtml', XHTML );
73 $preferences->set_var ('navbar', $navbar->generate());
75 $preferences->set_var ('site_url', $_CONF['site_url']);
76 $preferences->set_var ('layout_url', $_CONF['layout_url']);
77 $preferences->set_var ('no_javascript_warning',$LANG04[150]);
79 $preferences->set_var ('cssid1', 1);
80 $preferences->set_var ('cssid2', 2);
82 $preferences->set_var ('preview', userprofile($_USER['uid']));
83 $preferences->set_var ('prefs', editpreferences());
85 // some trickery to ensure alternating colors with the available options ...
86 if ($_CONF['allow_username_change'] == 1) {
93 $preferences->set_var ('cssid1u', $first);
94 $preferences->set_var ('cssid2u', $second);
96 if ($_CONF['allow_user_photo'] == 1) {
101 $preferences->set_var ('cssid1p', $first);
102 $preferences->set_var ('cssid2p', $second);
104 $preferences->set_var ('lang_fullname', $LANG04[3]);
105 $preferences->set_var ('lang_fullname_text', $LANG04[34]);
106 $preferences->set_var ('lang_username', $LANG04[2]);
107 $preferences->set_var ('lang_username_text', $LANG04[87]);
108 $preferences->set_var ('lang_password_help_title', $LANG04[146]);
109 $preferences->set_var ('lang_password_help', $LANG04[147]);
110 $preferences->set_var ('lang_password', $LANG04[4]);
111 $preferences->set_var ('lang_password_text', $LANG04[35]);
112 $preferences->set_var ('lang_password_conf', $LANG04[108]);
113 $preferences->set_var ('lang_password_text_conf', $LANG04[109]);
114 $preferences->set_var ('lang_old_password', $LANG04[110]);
115 $preferences->set_var ('lang_old_password_text', $LANG04[111]);
116 $preferences->set_var ('lang_cooktime', $LANG04[68]);
117 $preferences->set_var ('lang_cooktime_text', $LANG04[69]);
118 $preferences->set_var ('lang_email', $LANG04[5]);
119 $preferences->set_var ('lang_email_text', $LANG04[33]);
120 $preferences->set_var ('lang_email_conf', $LANG04[124]);
121 $preferences->set_var ('lang_email_conf_text', $LANG04[126]);
122 $preferences->set_var ('lang_userinfo_help_title', $LANG04[148]);
123 $preferences->set_var ('lang_userinfo_help', $LANG04[149]);
124 $preferences->set_var ('lang_homepage', $LANG04[6]);
125 $preferences->set_var ('lang_homepage_text', $LANG04[36]);
126 $preferences->set_var ('lang_location', $LANG04[106]);
127 $preferences->set_var ('lang_location_text', $LANG04[107]);
128 $preferences->set_var ('lang_signature', $LANG04[32]);
129 $preferences->set_var ('lang_signature_text', $LANG04[37]);
130 $preferences->set_var ('lang_userphoto', $LANG04[77]);
131 $preferences->set_var ('lang_userphoto_text', $LANG04[78]);
132 $preferences->set_var ('lang_about', $LANG04[7]);
133 $preferences->set_var ('lang_about_text', $LANG04[38]);
134 $preferences->set_var ('lang_pgpkey', $LANG04[8]);
135 $preferences->set_var ('lang_pgpkey_text', $LANG04[39]);
136 $preferences->set_var ('lang_submit', $LANG04[9]);
137 $preferences->set_var ('lang_cancel',$LANG_ADMIN['cancel']);
138 $preferences->set_var ('lang_preview_title', $LANG04[145]);
139 $preferences->set_var ('lang_enter_current_password', $LANG04[127]);
140 $preferences->set_var ('lang_name_legend', $LANG04[128]);
141 $preferences->set_var ('lang_password_email_legend', $LANG04[129]);
142 $preferences->set_var ('lang_personal_info_legend', $LANG04[130]);
144 $display_name = COM_getDisplayName ($_USER['uid']);
146 //$preferences->set_var ('start_block_profile',
147 // COM_startBlock ($LANG04[1] . ' ' . $display_name));
148 //$preferences->set_var ('end_block', COM_endBlock ());
150 $preferences->set_var ('profile_headline',
151 $LANG04[1] . ' ' . $display_name);
153 if ($_CONF['allow_user_photo'] == 1) {
154 $preferences->set_var ('enctype', 'enctype="multipart/form-data"');
156 $preferences->set_var ('enctype', '');
158 $preferences->set_var ('fullname_value', htmlspecialchars ($A['fullname']));
159 $preferences->set_var ('new_username_value',
160 htmlspecialchars ($_USER['username']));
161 $preferences->set_var ('password_value', '');
162 if ($_CONF['allow_username_change'] == 1) {
163 $preferences->parse ('username_option', 'username', true);
165 $preferences->set_var ('username_option', '');
168 $selection = '<select id="cooktime" name="cooktime">' . LB;
169 $selection .= COM_optionList ($_TABLES['cookiecodes'], 'cc_value,cc_descr',
170 $A['cookietimeout'], 0);
171 $selection .= '</select>';
172 $preferences->set_var ('cooktime_selector', $selection);
174 $preferences->set_var ('email_value', htmlspecialchars ($A['email']));
175 $preferences->set_var ('homepage_value',
176 htmlspecialchars (COM_killJS ($A['homepage'])));
177 $preferences->set_var ('location_value',
178 htmlspecialchars (strip_tags ($A['location'])));
179 $preferences->set_var ('signature_value', htmlspecialchars ($A['sig']));
181 if ($_CONF['allow_user_photo'] == 1) {
182 $photo = USER_getPhoto ($_USER['uid'], $A['photo'], $A['email'], -1);
183 if (empty ($photo)) {
184 $preferences->set_var ('display_photo', '');
186 if (empty ($A['photo'])) { // external avatar
187 $photo = '<br' . XHTML . '>' . $photo;
188 } else { // uploaded photo - add delete option
189 $photo = '<br' . XHTML . '>' . $photo . '<br' . XHTML . '>' . $LANG04[79]
190 . ' <input type="checkbox" name="delete_photo"' . XHTML . '>'
193 $preferences->set_var ('display_photo', $photo);
195 if (empty($_CONF['image_lib'])) {
196 $scaling = $LANG04[162];
198 $scaling = $LANG04[161];
200 $preferences->set_var('photo_max_dimensions',
201 sprintf($LANG04[160],
202 $_CONF['max_photo_width'], $_CONF['max_photo_height'],
203 $_CONF['max_photo_size'], $scaling));
204 $preferences->parse ('userphoto_option', 'photo', true);
206 $preferences->set_var ('userphoto_option', '');
209 $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}");
210 $A = DB_fetchArray($result);
212 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
213 DB_change ($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']);
215 $preferences->set_var ('about_value', htmlspecialchars ($A['about']));
216 $preferences->set_var ('pgpkey_value', htmlspecialchars ($A['pgpkey']));
217 $preferences->set_var ('uid_value', $reqid);
218 $preferences->set_var ('username_value',
219 htmlspecialchars ($_USER['username']));
221 if ($_CONF['allow_account_delete'] == 1) {
222 $preferences->set_var ('lang_deleteaccount', $LANG04[156]);
223 $preferences->set_var ('delete_text', $LANG04[95]);
224 $preferences->set_var ('lang_button_delete', $LANG04[96]);
225 $preferences->set_var ('delete_mode', 'confirmdelete');
226 $preferences->set_var ('account_id', $reqid);
227 if (isset ($LANG04[157])) {
228 $preferences->set_var ('lang_deleteoption', $LANG04[157]);
230 $preferences->set_var ('lang_deleteoption', $LANG04[156]);
232 $preferences->parse ('delete_account_option', 'deleteaccount', false);
234 $preferences->set_var ('delete_account_option', '');
237 // Call custom account form and edit function if enabled and exists
238 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) {
239 $preferences->set_var ('customfields', CUSTOM_userEdit($_USER['uid']) );
242 PLG_profileVariablesEdit ($_USER['uid'], $preferences);
244 $retval = $preferences->finish ($preferences->parse ('output', 'profile'));
245 $retval .= PLG_profileBlocksEdit ($_USER['uid']);
251 * Ask user for confirmation to delete his/her account.
253 * @param string form_reqid request id
254 * @return string confirmation form
257 function confirmAccountDelete ($form_reqid)
259 global $_CONF, $_TABLES, $_USER, $LANG04;
261 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) {
263 return COM_refresh ($_CONF['site_url'] . '/index.php');
266 // to change the password, email address, or cookie timeout,
267 // we need the user's current password
268 $current_password = DB_getItem($_TABLES['users'], 'passwd',
269 "uid = {$_USER['uid']}");
270 if (empty($_POST['old_passwd']) ||
271 (SEC_encryptPassword($_POST['old_passwd']) != $current_password)) {
272 return COM_refresh($_CONF['site_url']
273 . '/usersettings.php?msg=84');
276 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
277 DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
278 'uid', $_USER['uid']);
282 $retval .= COM_siteHeader ('menu', $LANG04[97]);
283 $retval .= COM_startBlock ($LANG04[97], '',
284 COM_getBlockTemplate ('_msg_block', 'header'));
285 $retval .= '<p>' . $LANG04[98] . '</p>' . LB;
286 $retval .= '<form action="' . $_CONF['site_url']
287 . '/usersettings.php" method="post"><div>' . LB;
288 $retval .= '<p align="center"><input type="submit" name="btnsubmit" value="'
289 . $LANG04[96] . '"' . XHTML . '></p>' . LB;
290 $retval .= '<input type="hidden" name="mode" value="deleteconfirmed"' . XHTML . '>' . LB;
291 $retval .= '<input type="hidden" name="account_id" value="' . $reqid
292 . '"' . XHTML . '>' . LB;
293 $retval .= '</div></form>' . LB;
294 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
295 $retval .= COM_siteFooter ();
303 * @param string form_reqid request id
304 * @return string redirection to main page (+ success msg)
307 function deleteUserAccount ($form_reqid)
309 global $_CONF, $_TABLES, $_USER;
311 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'),
312 array ($form_reqid, $_USER['uid'])) != 1) {
314 return COM_refresh ($_CONF['site_url'] . '/index.php');
317 if (!USER_deleteAccount ($_USER['uid'])) {
318 return COM_refresh ($_CONF['site_url'] . '/index.php');
321 return COM_refresh ($_CONF['site_url'] . '/index.php?msg=57');
325 * Displays user preferences
328 function editpreferences()
330 global $_TABLES, $_CONF, $LANG04, $_USER, $_GROUPS;
332 $result = DB_query("SELECT noicons,willing,dfid,tzid,noboxes,maxstories,tids,aids,boxes,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userprefs']},{$_TABLES['userindex']} WHERE {$_TABLES['userindex']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']}");
334 $A = DB_fetchArray($result);
336 // 'maxstories' may be 0, in which case it will pick up the default
337 // setting for the current topic or $_CONF['limitnews'] (see index.php)
338 if (empty ($A['maxstories'])) {
339 $A['maxstories'] = 0;
340 } else if ($A['maxstories'] > 0) {
341 if ($A['maxstories'] < $_CONF['minnews']) {
342 $A['maxstories'] = $_CONF['minnews'];
346 $preferences = new Template ($_CONF['path_layout'] . 'preferences');
347 $preferences->set_file (array ('prefs' => 'displayprefs.thtml',
348 'display' => 'displayblock.thtml',
349 'exclude' => 'excludeblock.thtml',
350 'digest' => 'digestblock.thtml',
351 'boxes' => 'boxesblock.thtml',
352 'comment' => 'commentblock.thtml',
353 'language' => 'language.thtml',
354 'theme' => 'theme.thtml',
355 'privacy' => 'privacyblock.thtml'
357 $preferences->set_var ( 'xhtml', XHTML );
358 $preferences->set_var ('site_url', $_CONF['site_url']);
359 $preferences->set_var ('layout_url', $_CONF['layout_url']);
361 $preferences->set_var ('user_name', $_USER['username']);
363 $preferences->set_var ('lang_language', $LANG04[73]);
364 $preferences->set_var ('lang_theme', $LANG04[72]);
365 $preferences->set_var ('lang_theme_text', $LANG04[74]);
366 $preferences->set_var ('lang_misc_title', $LANG04[138]);
367 $preferences->set_var ('lang_misc_help_title', $LANG04[139]);
368 $preferences->set_var ('lang_misc_help', $LANG04[140]);
369 $preferences->set_var ('lang_noicons', $LANG04[40]);
370 $preferences->set_var ('lang_noicons_text', $LANG04[49]);
371 $preferences->set_var ('lang_noboxes', $LANG04[44]);
372 $preferences->set_var ('lang_noboxes_text', $LANG04[51]);
373 $preferences->set_var ('lang_maxstories', $LANG04[43]);
374 if (strpos ($LANG04[52], '%d') === false) {
375 $maxtext = $LANG04[52] . ' ' . $_CONF['limitnews'];
377 $maxtext = sprintf ($LANG04[52], $_CONF['limitnews']);
379 $preferences->set_var ('lang_maxstories_text', $maxtext);
380 $preferences->set_var ('lang_dateformat', $LANG04[42]);
381 $preferences->set_var ('lang_excluded_items_title', $LANG04[137]);
382 $preferences->set_var ('lang_excluded_items', $LANG04[54]);
383 $preferences->set_var ('lang_exclude_title', $LANG04[136]);
384 $preferences->set_var ('lang_topics', $LANG04[48]);
385 $preferences->set_var ('lang_emailedtopics', $LANG04[76]);
386 $preferences->set_var ('lang_digest_top_header', $LANG04[131]);
387 $preferences->set_var ('lang_digest_help_header', $LANG04[132]);
388 $preferences->set_var ('lang_boxes_title', $LANG04[144]);
389 $preferences->set_var ('lang_boxes_help_title', $LANG04[143]);
390 $preferences->set_var ('lang_boxes', $LANG04[55]);
391 $preferences->set_var ('lang_displaymode', $LANG04[57]);
392 $preferences->set_var ('lang_displaymode_text', $LANG04[60]);
393 $preferences->set_var ('lang_sortorder', $LANG04[58]);
394 $preferences->set_var ('lang_sortorder_text', $LANG04[61]);
395 $preferences->set_var ('lang_comment_title', $LANG04[133]);
396 $preferences->set_var ('lang_comment_help_title', $LANG04[134]);
397 $preferences->set_var ('lang_comment_help', $LANG04[135]);
398 $preferences->set_var ('lang_commentlimit', $LANG04[59]);
399 $preferences->set_var ('lang_commentlimit_text', $LANG04[62]);
400 $preferences->set_var ('lang_privacy_title', $LANG04[141]);
401 $preferences->set_var ('lang_privacy_help_title', $LANG04[141]);
402 $preferences->set_var ('lang_privacy_help', $LANG04[142]);
403 $preferences->set_var ('lang_emailfromadmin', $LANG04[100]);
404 $preferences->set_var ('lang_emailfromadmin_text', $LANG04[101]);
405 $preferences->set_var ('lang_emailfromuser', $LANG04[102]);
406 $preferences->set_var ('lang_emailfromuser_text', $LANG04[103]);
407 $preferences->set_var ('lang_showonline', $LANG04[104]);
408 $preferences->set_var ('lang_showonline_text', $LANG04[105]);
409 $preferences->set_var ('lang_submit', $LANG04[9]);
411 $display_name = COM_getDisplayName ($_USER['uid']);
413 $preferences->set_var ('lang_authors_exclude', $LANG04[46]);
414 $preferences->set_var ('lang_boxes_exclude', $LANG04[47]);
416 $preferences->set_var ('start_block_display',
417 COM_startBlock ($LANG04[45] . ' ' . $display_name));
418 $preferences->set_var ('start_block_digest',
419 COM_startBlock ($LANG04[75] . ' ' . $display_name));
420 $preferences->set_var ('start_block_comment',
421 COM_startBlock ($LANG04[64] . ' ' . $display_name));
422 $preferences->set_var ('start_block_privacy',
423 COM_startBlock ($LANG04[99] . ' ' . $display_name));
424 $preferences->set_var ('end_block', COM_endBlock ());
426 $preferences->set_var ('display_headline',
427 $LANG04[45] . ' ' . $display_name);
428 $preferences->set_var ('exclude_headline',
429 $LANG04[46] . ' ' . $display_name);
430 $preferences->set_var ('digest_headline',
431 $LANG04[75] . ' ' . $display_name);
432 $preferences->set_var ('boxes_headline',
433 $LANG04[47] . ' ' . $display_name);
434 $preferences->set_var ('comment_headline',
435 $LANG04[64] . ' ' . $display_name);
436 $preferences->set_var ('privacy_headline',
437 $LANG04[99] . ' ' . $display_name);
439 // display preferences block
440 if ($_CONF['allow_user_language'] == 1) {
442 if (empty ($_USER['language'])) {
443 $userlang = $_CONF['language'];
445 $userlang = $_USER['language'];
448 // Get available languages
449 $language = MBYTE_languageList ($_CONF['default_charset']);
451 $has_valid_language = count (array_keys ($language, $userlang));
452 if ($has_valid_language == 0) {
453 // The user's preferred language is no longer available.
454 // We have a problem now, since we've overwritten $_CONF['language']
455 // with the user's preferred language ($_USER['language']) and
456 // therefore don't know what the system's default language is.
457 // So we'll try to find a similar language. If that doesn't help,
458 // the dropdown will default to the first language in the list ...
459 $tmp = explode ('_', $userlang);
460 $similarLang = $tmp[0];
463 $selection = '<select id="language" name="language">' . LB;
465 foreach ($language as $langFile => $langName) {
466 $selection .= '<option value="' . $langFile . '"';
467 if (($langFile == $userlang) || (($has_valid_language == 0) &&
468 (strpos ($langFile, $similarLang) === 0))) {
469 $selection .= ' selected="selected"';
470 $has_valid_language = 1;
471 } else if ($userlang == $langFile) {
472 $selection .= ' selected="selected"';
475 $selection .= '>' . $langName . '</option>' . LB;
477 $selection .= '</select>';
478 $preferences->set_var ('language_selector', $selection);
479 $preferences->parse ('language_selection', 'language', true);
481 $preferences->set_var ('language_selection', '');
484 if ($_CONF['allow_user_themes'] == 1) {
485 $selection = '<select id="theme" name="theme">' . LB;
487 if (empty($_USER['theme'])) {
488 $usertheme = $_CONF['theme'];
490 $usertheme = $_USER['theme'];
493 $themeFiles = COM_getThemes();
494 usort($themeFiles, 'strcasecmp');
496 foreach ($themeFiles as $theme) {
497 $selection .= '<option value="' . $theme . '"';
498 if ($usertheme == $theme) {
499 $selection .= ' selected="selected"';
501 $words = explode('_', $theme);
503 foreach ($words as $th) {
504 if ((strtolower($th{0}) == $th{0}) &&
505 (strtolower($th{1}) == $th{1})) {
506 $bwords[] = ucfirst($th);
511 $selection .= '>' . implode(' ', $bwords) . '</option>' . LB;
513 $selection .= '</select>';
514 $preferences->set_var('theme_selector', $selection);
515 $preferences->parse('theme_selection', 'theme', true);
517 $preferences->set_var('theme_selection', '');
521 require_once $_CONF['path_system'] . 'classes/timezoneconfig.class.php';
523 $timezone = TimeZoneConfig::getUserTimeZone();
524 $selection = TimeZoneConfig::getTimeZoneDropDown($timezone,
525 array('id' => 'tzid', 'name' => 'tzid'));
527 $preferences->set_var('timezone_selector', $selection);
528 $preferences->set_var('lang_timezone', $LANG04[158]);
530 if ($A['noicons'] == '1') {
531 $preferences->set_var ('noicons_checked', 'checked="checked"');
533 $preferences->set_var ('noicons_checked', '');
536 if ($A['noboxes'] == 1) {
537 $preferences->set_var ('noboxes_checked', 'checked="checked"');
539 $preferences->set_var ('noboxes_checked', '');
542 $preferences->set_var ('maxstories_value', $A['maxstories']);
543 $selection = '<select id="dfid" name="dfid">' . LB
544 . COM_optionList ($_TABLES['dateformats'], 'dfid,description',
545 $A['dfid']) . '</select>';
546 $preferences->set_var ('dateformat_selector', $selection);
547 $preferences->parse ('display_block', 'display', true);
549 // privacy options block
550 if ($A['emailfromadmin'] == 1) {
551 $preferences->set_var ('emailfromadmin_checked', 'checked="checked"');
553 $preferences->set_var ('emailfromadmin_checked', '');
555 if ($A['emailfromuser'] == 1) {
556 $preferences->set_var ('emailfromuser_checked', 'checked="checked"');
558 $preferences->set_var ('emailfromuser_checked', '');
560 if ($A['showonline'] == 1) {
561 $preferences->set_var ('showonline_checked', 'checked="checked"');
563 $preferences->set_var ('showonline_checked', '');
565 PLG_profileVariablesEdit ($_USER['uid'], $preferences);
566 $preferences->parse ('privacy_block', 'privacy', true);
568 // excluded items block
569 $permissions = COM_getPermSQL ('');
570 $preferences->set_var ('exclude_topic_checklist',
571 COM_checkList($_TABLES['topics'], 'tid,topic', $permissions, $A['tids'],
574 if (($_CONF['contributedbyline'] == 1) &&
575 ($_CONF['hide_author_exclusion'] == 0)) {
576 $preferences->set_var ('lang_authors', $LANG04[56]);
577 $sql = "SELECT DISTINCT story.uid, users.username,users.fullname FROM {$_TABLES['stories']} story, {$_TABLES['users']} users WHERE story.uid = users.uid";
578 if ($_CONF['show_fullname'] == 1) {
579 $sql .= ' ORDER BY users.fullname';
581 $sql .= ' ORDER BY users.username';
583 $query = DB_query ($sql);
584 $nrows = DB_numRows ($query );
585 $authors = explode (' ', $A['aids']);
588 for( $i = 0; $i < $nrows; $i++ ) {
589 $B = DB_fetchArray ($query);
590 $selauthors .= '<option value="' . $B['uid'] . '"';
591 if (in_array (sprintf ('%d', $B['uid']), $authors)) {
592 $selauthors .= ' selected';
594 $selauthors .= '>' . COM_getDisplayName ($B['uid'], $B['username'],
599 if (DB_count($_TABLES['topics']) > 10) {
600 $Selboxsize = intval (DB_count ($_TABLES['topics']) * 1.5);
604 $preferences->set_var ('exclude_author_checklist', '<select name="selauthors[]" multiple="multiple" size="'. $Selboxsize. '">' . $selauthors . '</select>');
606 $preferences->set_var ('lang_authors', '');
607 $preferences->set_var ('exclude_author_checklist', '');
609 $preferences->parse ('exclude_block', 'exclude', true);
611 // daily digest block
612 if ($_CONF['emailstories'] == 1) {
613 $user_etids = DB_getItem ($_TABLES['userindex'], 'etids',
614 "uid = {$_USER['uid']}");
615 if (empty ($user_etids)) { // an empty string now means "all topics"
616 $etids = USER_getAllowedTopics();
617 $user_etids = implode(' ', $etids);
618 } elseif ($user_etids == '-') { // this means "no topics"
621 $tmp = COM_checkList($_TABLES['topics'], 'tid,topic', $permissions,
622 $user_etids, 'topics');
623 $preferences->set_var('email_topic_checklist',
624 str_replace($_TABLES['topics'], 'etids', $tmp));
625 $preferences->parse('digest_block', 'digest', true);
627 $preferences->set_var('digest_block', '');
631 $selectedblocks = '';
632 if (strlen($A['boxes']) > 0) {
633 $blockresult = DB_query("SELECT bid FROM {$_TABLES['blocks']} WHERE bid NOT IN (" . str_replace(' ',',',$A['boxes']) . ")");
634 for ($x = 1; $x <= DB_numRows($blockresult); $x++) {
635 $row = DB_fetchArray($blockresult);
636 $selectedblocks .= $row['bid'];
637 if ($x <> DB_numRows($blockresult)) {
638 $selectedblocks .= ' ';
643 if (!empty ($permissions)) {
644 $whereblock .= $permissions . ' AND ';
646 $whereblock .= "((type != 'layout' AND type != 'gldefault' AND is_enabled = 1) OR "
647 . "(type = 'gldefault' AND is_enabled = 1 AND name IN ('whats_new_block','older_stories'))) "
648 . "ORDER BY onleft desc,blockorder,title";
649 $preferences->set_var ('boxes_checklist', COM_checkList ($_TABLES['blocks'],
650 'bid,title,type', $whereblock, $selectedblocks));
651 $preferences->parse ('boxes_block', 'boxes', true);
653 // comment preferences block
654 $result = DB_query("SELECT commentmode,commentorder,commentlimit FROM {$_TABLES['usercomment']} WHERE uid = {$_USER['uid']}");
655 $A = DB_fetchArray ($result);
657 if (empty ($A['commentmode'])) {
658 $A['commentmode'] = $_CONF['comment_mode'];
660 if (empty ($A['commentorder'])) $A['commentorder'] = 0;
661 if (empty ($A['commentlimit'])) $A['commentlimit'] = 100;
663 $selection = '<select id="commentmode" name="commentmode">';
664 $selection .= COM_optionList ($_TABLES['commentmodes'], 'mode,name',
666 $selection .= '</select>';
667 $preferences->set_var ('displaymode_selector', $selection);
669 $selection = '<select id="commentorder" name="commentorder">';
670 $selection .= COM_optionList ($_TABLES['sortcodes'], 'code,name',
672 $selection .= '</select>';
673 $preferences->set_var ('sortorder_selector', $selection);
674 $preferences->set_var ('commentlimit_value', $A['commentlimit']);
675 $preferences->parse ('comment_block', 'comment', true);
677 return $preferences->finish ($preferences->parse ('output', 'prefs'));
681 * Check if an email address already exists in the database
683 * NOTE: Allows remote accounts to have duplicate email addresses
685 * @param email string email address to check
686 * @param uid int user id of current user
687 * @return bool true = exists, false = does not exist
690 function emailAddressExists ($email, $uid)
694 $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '$uid'");
695 if ($email == $old_email) {
696 // email address didn't change so don't care
700 $email = addslashes($email);
701 $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE email = '$email' AND uid <> '$uid' AND (remoteservice IS NULL OR remoteservice = '')");
702 if (DB_numRows($result) > 0) {
703 // email address is already in use for another non-remote account
711 * Upload new photo, delete old photo
713 * @param string $delete_photo 'on': delete old photo
714 * @return string filename of new photo (empty = no new photo)
717 function handlePhotoUpload ($delete_photo = '')
719 global $_CONF, $_TABLES, $_USER, $LANG24;
721 require_once ($_CONF['path_system'] . 'classes/upload.class.php');
723 $upload = new upload();
724 if (!empty ($_CONF['image_lib'])) {
725 if ($_CONF['image_lib'] == 'imagemagick') {
727 $upload->setMogrifyPath ($_CONF['path_to_mogrify']);
728 } elseif ($_CONF['image_lib'] == 'netpbm') {
730 $upload->setNetPBM ($_CONF['path_to_netpbm']);
731 } elseif ($_CONF['image_lib'] == 'gdlib') {
732 // using the GD library
733 $upload->setGDLib ();
735 $upload->setAutomaticResize (true);
736 if (isset ($_CONF['debug_image_upload']) &&
737 $_CONF['debug_image_upload']) {
738 $upload->setLogFile ($_CONF['path'] . 'logs/error.log');
739 $upload->setDebug (true);
741 if (isset($_CONF['jpeg_quality'])) {
742 $upload->setJpegQuality($_CONF['jpeg_quality']);
745 $upload->setAllowedMimeTypes (array ('image/gif' => '.gif',
746 'image/jpeg' => '.jpg,.jpeg',
747 'image/pjpeg' => '.jpg,.jpeg',
748 'image/x-png' => '.png',
749 'image/png' => '.png'
751 if (!$upload->setPath ($_CONF['path_images'] . 'userphotos')) {
752 $display = COM_siteHeader ('menu', $LANG24[30]);
753 $display .= COM_startBlock ($LANG24[30], '',
754 COM_getBlockTemplate ('_msg_block', 'header'));
755 $display .= $upload->printErrors (false);
756 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
758 $display .= COM_siteFooter ();
759 COM_output($display);
760 exit; // don't return
764 if (!empty ($delete_photo) && ($delete_photo == 'on')) {
765 $delete_photo = true;
767 $delete_photo = false;
770 $curphoto = DB_getItem ($_TABLES['users'], 'photo',
771 "uid = {$_USER['uid']}");
772 if (empty ($curphoto)) {
773 $delete_photo = false;
776 // see if user wants to upload a (new) photo
777 $newphoto = $_FILES['photo'];
778 if (!empty ($newphoto['name'])) {
779 $pos = strrpos ($newphoto['name'], '.') + 1;
780 $fextension = substr ($newphoto['name'], $pos);
781 $filename = $_USER['username'] . '.' . $fextension;
783 if (!empty ($curphoto) && ($filename != $curphoto)) {
784 $delete_photo = true;
786 $delete_photo = false;
790 // delete old photo first
792 USER_deletePhoto ($curphoto);
796 if (!empty ($filename)) {
797 $upload->setFileNames ($filename);
798 $upload->setPerms ('0644');
799 if (($_CONF['max_photo_width'] > 0) &&
800 ($_CONF['max_photo_height'] > 0)) {
801 $upload->setMaxDimensions ($_CONF['max_photo_width'],
802 $_CONF['max_photo_height']);
804 $upload->setMaxDimensions ($_CONF['max_image_width'],
805 $_CONF['max_image_height']);
807 if ($_CONF['max_photo_size'] > 0) {
808 $upload->setMaxFileSize($_CONF['max_photo_size']);
810 $upload->setMaxFileSize($_CONF['max_image_size']);
812 $upload->uploadFiles ();
814 if ($upload->areErrors ()) {
815 $display = COM_siteHeader ('menu', $LANG24[30]);
816 $display .= COM_startBlock ($LANG24[30], '',
817 COM_getBlockTemplate ('_msg_block', 'header'));
818 $display .= $upload->printErrors (false);
819 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
821 $display .= COM_siteFooter ();
822 COM_output($display);
823 exit; // don't return
825 } else if (!$delete_photo && !empty ($curphoto)) {
826 $filename = $curphoto;
833 * Saves the user's information back to the database
835 * @param array $A User's data
836 * @return string HTML error message or meta redirect
839 function saveuser($A)
841 global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
844 COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
847 $reqid = DB_getItem ($_TABLES['users'], 'pwrequestid',
848 "uid = {$_USER['uid']}");
849 if ($reqid != $A['uid']) {
850 DB_change ($_TABLES['users'], 'pwrequestid', "NULL",
851 'uid', $_USER['uid']);
852 COM_accessLog ("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
854 return COM_refresh ($_CONF['site_url'] . '/index.php');
857 if (! isset($A['cooktime'])) {
858 // If not set or possibly removed from template - set to default
859 $A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
861 $A['cooktime'] = COM_applyFilter($A['cooktime'], true);
863 // If empty or invalid - set to user default
864 // So code after this does not fail the user password required test
865 if ($A['cooktime'] < 0) { // note that == 0 is allowed!
866 $A['cooktime'] = $_USER['cookietimeout'];
869 // to change the password, email address, or cookie timeout,
870 // we need the user's current password
871 $current_password = DB_getItem($_TABLES['users'], 'passwd',
872 "uid = {$_USER['uid']}");
873 if (!empty ($A['passwd']) || ($A['email'] != $_USER['email']) ||
874 ($A['cooktime'] != $_USER['cookietimeout'])) {
875 if (empty($A['old_passwd']) ||
876 (SEC_encryptPassword($A['old_passwd']) != $current_password)) {
878 return COM_refresh ($_CONF['site_url']
879 . '/usersettings.php?msg=83');
880 } elseif ($_CONF['custom_registration'] &&
881 function_exists ('CUSTOM_userCheck')) {
882 $ret = CUSTOM_userCheck ($A['username'], $A['email']);
884 // Need a numeric return for the default message handler
885 // - if not numeric use default message
886 if (!is_numeric($ret['number'])) {
887 $ret['number'] = 400;
889 return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
892 } elseif ($_CONF['custom_registration'] &&
893 function_exists ('CUSTOM_userCheck')) {
894 $ret = CUSTOM_userCheck ($A['username'], $A['email']);
896 // Need a numeric return for the default message handler
897 // - if not numeric use default message
898 if (!is_numeric($ret['number'])) {
899 $ret['number'] = 400;
901 return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
905 // no need to filter the password as it's encoded anyway
906 if ($_CONF['allow_username_change'] == 1) {
907 $A['new_username'] = COM_applyFilter ($A['new_username']);
908 if (!empty ($A['new_username']) &&
909 ($A['new_username'] != $_USER['username'])) {
910 $A['new_username'] = addslashes ($A['new_username']);
911 if (DB_count ($_TABLES['users'], 'username', $A['new_username']) == 0) {
912 if ($_CONF['allow_user_photo'] == 1) {
913 $photo = DB_getItem ($_TABLES['users'], 'photo',
914 "uid = {$_USER['uid']}");
915 if (!empty ($photo)) {
916 $newphoto = preg_replace ('/' . $_USER['username'] . '/',
917 $A['new_username'], $photo, 1);
918 $imgpath = $_CONF['path_images'] . 'userphotos/';
919 if (rename ($imgpath . $photo,
920 $imgpath . $newphoto) === false) {
921 $display = COM_siteHeader ('menu', $LANG04[21]);
922 $display .= COM_errorLog ('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
923 $display .= COM_siteFooter ();
927 DB_change ($_TABLES['users'], 'photo',
928 addslashes ($newphoto), "uid", $_USER['uid']);
932 DB_change ($_TABLES['users'], 'username', $A['new_username'],
933 "uid", $_USER['uid']);
935 return COM_refresh ($_CONF['site_url']
936 . '/usersettings.php?msg=51');
941 // a quick spam check with the unfiltered field contents
942 $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>'
943 . '<p>'. COM_createLink($A['homepage'], $A['homepage'])
944 . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>'
945 . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
946 $result = PLG_checkforSpam ($profile, $_CONF['spamx']);
948 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden');
951 $A['email'] = COM_applyFilter ($A['email']);
952 $A['email_conf'] = COM_applyFilter ($A['email_conf']);
953 $A['homepage'] = COM_applyFilter ($A['homepage']);
955 // basic filtering only
956 $A['fullname'] = strip_tags (COM_stripslashes ($A['fullname']));
957 $A['location'] = strip_tags (COM_stripslashes ($A['location']));
958 $A['sig'] = strip_tags (COM_stripslashes ($A['sig']));
959 $A['about'] = strip_tags (COM_stripslashes ($A['about']));
960 $A['pgpkey'] = strip_tags (COM_stripslashes ($A['pgpkey']));
962 if (!COM_isEmail ($A['email'])) {
963 return COM_refresh ($_CONF['site_url']
964 . '/usersettings.php?msg=52');
965 } else if ($A['email'] !== $A['email_conf']) {
966 return COM_refresh ($_CONF['site_url']
967 . '/usersettings.php?msg=78');
968 } else if (emailAddressExists ($A['email'], $_USER['uid'])) {
969 return COM_refresh ($_CONF['site_url']
970 . '/usersettings.php?msg=56');
973 if (!empty($A['passwd'])) {
974 if (($A['passwd'] == $A['passwd_conf']) &&
975 (SEC_encryptPassword($A['old_passwd']) == $current_password)) {
976 $passwd = SEC_encryptPassword($A['passwd']);
977 DB_change($_TABLES['users'], 'passwd', "$passwd",
978 "uid", $_USER['uid']);
979 if ($A['cooktime'] > 0) {
980 $cooktime = $A['cooktime'];
984 SEC_setCookie($_CONF['cookie_password'], $passwd,
986 } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
987 return COM_refresh ($_CONF['site_url']
988 . '/usersettings.php?msg=68');
989 } elseif ($A['passwd'] != $A['passwd_conf']) {
990 return COM_refresh ($_CONF['site_url']
991 . '/usersettings.php?msg=67');
996 COM_errorLog('cooktime = ' . $A['cooktime'],1);
999 if ($A['cooktime'] <= 0) {
1001 SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
1002 time() - $cooktime);
1004 SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
1005 time() + $A['cooktime']);
1008 if ($_CONF['allow_user_photo'] == 1) {
1010 if (isset ($A['delete_photo'])) {
1011 $delete_photo = $A['delete_photo'];
1013 $filename = handlePhotoUpload ($delete_photo);
1016 if (!empty ($A['homepage'])) {
1017 $pos = MBYTE_strpos ($A['homepage'], ':');
1018 if ($pos === false) {
1019 $A['homepage'] = 'http://' . $A['homepage'];
1022 $prot = substr ($A['homepage'], 0, $pos + 1);
1023 if (($prot != 'http:') && ($prot != 'https:')) {
1024 $A['homepage'] = 'http:' . substr ($A['homepage'], $pos + 1);
1027 $A['homepage'] = addslashes ($A['homepage']);
1030 $A['fullname'] = addslashes ($A['fullname']);
1031 $A['email'] = addslashes ($A['email']);
1032 $A['location'] = addslashes ($A['location']);
1033 $A['sig'] = addslashes ($A['sig']);
1034 $A['about'] = addslashes ($A['about']);
1035 $A['pgpkey'] = addslashes ($A['pgpkey']);
1037 if (!empty ($filename)) {
1038 if (!file_exists ($_CONF['path_images'] . 'userphotos/' . $filename)) {
1043 DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='$filename' WHERE uid={$_USER['uid']}");
1044 DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
1046 // Call custom registration save function if enabled and exists
1047 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) {
1048 CUSTOM_userSave($_USER['uid']);
1051 PLG_userInfoChanged ($_USER['uid']);
1054 COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
1057 return COM_refresh ($_CONF['site_url'] . '/users.php?mode=profile&uid='
1058 . $_USER['uid'] . '&msg=5');
1063 * Shows a profile for a user
1065 * This grabs the user profile for a given user and displays it
1067 * @param int $user User ID of profile to get
1068 * @param int $msg Message to display (if != 0)
1069 * @return string HTML for user profile page
1072 function userprofile ($user, $msg = 0)
1074 global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
1078 if (empty ($_USER['username']) &&
1079 (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) {
1080 $retval .= COM_siteHeader ('menu');
1081 $retval .= COM_startBlock ($LANG_LOGIN[1], '',
1082 COM_getBlockTemplate ('_msg_block', 'header'));
1083 $login = new Template($_CONF['path_layout'] . 'submit');
1084 $login->set_file (array ('login'=>'submitloginrequired.thtml'));
1085 $login->set_var ( 'xhtml', XHTML );
1086 $login->set_var ('login_message', $LANG_LOGIN[2]);
1087 $login->set_var ('site_url', $_CONF['site_url']);
1088 $login->set_var ('site_admin_url', $_CONF['site_admin_url']);
1089 $login->set_var ('layout_url', $_CONF['layout_url']);
1090 $login->set_var ('lang_login', $LANG_LOGIN[3]);
1091 $login->set_var ('lang_newuser', $LANG_LOGIN[4]);
1092 $login->parse ('output', 'login');
1093 $retval .= $login->finish ($login->get_var('output'));
1094 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
1095 $retval .= COM_siteFooter ();
1100 $result = DB_query ("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user");
1101 $nrows = DB_numRows ($result);
1102 if ($nrows == 0) { // no such user
1103 return COM_refresh ($_CONF['site_url'] . '/index.php');
1105 $A = DB_fetchArray ($result);
1107 $display_name = COM_getDisplayName ($user, $A['username'], $A['fullname']);
1109 // format date/time to user preference
1110 $curtime = COM_getUserDateTimeFormat ($A['regdate']);
1111 $A['regdate'] = $curtime[0];
1113 $user_templates = new Template ($_CONF['path_layout'] . 'users');
1114 $user_templates->set_file (array ('profile' => 'profile.thtml',
1115 'row' => 'commentrow.thtml',
1116 'strow' => 'storyrow.thtml'));
1117 $user_templates->set_var ( 'xhtml', XHTML );
1118 $user_templates->set_var ('site_url', $_CONF['site_url']);
1119 $user_templates->set_var ('start_block_userprofile',
1120 COM_startBlock ($LANG04[1] . ' ' . $display_name));
1121 $user_templates->set_var ('end_block', COM_endBlock ());
1122 $user_templates->set_var ('lang_username', $LANG04[2]);
1123 if ($_CONF['show_fullname'] == 1) {
1124 $user_templates->set_var ('username', $A['fullname']);
1125 $user_templates->set_var ('user_fullname', $A['username']);
1127 $user_templates->set_var ('username', $A['username']);
1128 $user_templates->set_var ('user_fullname', $A['fullname']);
1131 if (SEC_hasRights('user.edit')) {
1132 global $_IMAGE_TYPE, $LANG_ADMIN;
1133 $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.'
1134 . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit']
1135 . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
1136 $edit_link_url = COM_createLink(
1138 "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}"
1140 $user_templates->set_var ('edit_link', $edit_link_url);
1143 $photo = USER_getPhoto ($user, $A['photo'], $A['email'], -1);
1144 $user_templates->set_var ('user_photo', $photo);
1146 $user_templates->set_var ('lang_membersince', $LANG04[67]);
1147 $user_templates->set_var ('user_regdate', $A['regdate']);
1148 $user_templates->set_var ('lang_email', $LANG04[5]);
1149 $user_templates->set_var ('user_id', $user);
1150 $user_templates->set_var ('lang_sendemail', $LANG04[81]);
1151 $user_templates->set_var ('lang_homepage', $LANG04[6]);
1152 $user_templates->set_var ('user_homepage', COM_killJS ($A['homepage']));
1153 $user_templates->set_var ('lang_location', $LANG04[106]);
1154 $user_templates->set_var ('user_location', strip_tags ($A['location']));
1155 $user_templates->set_var ('lang_bio', $LANG04[7]);
1156 $user_templates->set_var ('user_bio', nl2br (stripslashes ($A['about'])));
1157 $user_templates->set_var ('lang_pgpkey', $LANG04[8]);
1158 $user_templates->set_var ('user_pgp', nl2br ($A['pgpkey']));
1159 $user_templates->set_var ('start_block_last10stories',
1160 COM_startBlock ($LANG04[82] . ' ' . $display_name));
1161 $user_templates->set_var ('start_block_last10comments',
1162 COM_startBlock($LANG04[10] . ' ' . $display_name));
1163 $user_templates->set_var ('start_block_postingstats',
1164 COM_startBlock ($LANG04[83] . ' ' . $display_name));
1165 $user_templates->set_var ('lang_title', $LANG09[16]);
1166 $user_templates->set_var ('lang_date', $LANG09[17]);
1168 // for alternative layouts: use these as headlines instead of block titles
1169 $user_templates->set_var ('headline_last10stories', $LANG04[82]);
1170 $user_templates->set_var ('headline_last10comments', $LANG04[10]);
1171 $user_templates->set_var ('headline_postingstats', $LANG04[83]);
1173 $result = DB_query ("SELECT tid FROM {$_TABLES['topics']}"
1174 . COM_getPermSQL ());
1175 $nrows = DB_numRows ($result);
1177 for ($i = 0; $i < $nrows; $i++) {
1178 $T = DB_fetchArray ($result);
1179 $tids[] = $T['tid'];
1181 $topics = "'" . implode ("','", $tids) . "'";
1183 // list of last 10 stories by this user
1184 if (count($tids) > 0) {
1185 $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
1186 $sql .= " ORDER BY unixdate DESC LIMIT 10";
1187 $result = DB_query ($sql);
1188 $nrows = DB_numRows ($result);
1193 for ($i = 0; $i < $nrows; $i++) {
1194 $C = DB_fetchArray ($result);
1195 $user_templates->set_var ('cssid', ($i % 2) + 1);
1196 $user_templates->set_var ('row_number', ($i + 1) . '.');
1197 $articleUrl = COM_buildUrl ($_CONF['site_url']
1198 . '/article.php?story=' . $C['sid']);
1199 $user_templates->set_var ('article_url', $articleUrl);
1200 $C['title'] = str_replace ('$', '$', $C['title']);
1201 $user_templates->set_var ('story_title',
1203 stripslashes ($C['title']),
1205 array('class'=> 'b')
1208 $storytime = COM_getUserDateTimeFormat ($C['unixdate']);
1209 $user_templates->set_var ('story_date', $storytime[0]);
1210 $user_templates->parse ('story_row', 'strow', true);
1213 $user_templates->set_var ('story_row',
1214 '<tr><td>' . $LANG01[37] . '</td></tr>');
1217 // list of last 10 comments by this user
1218 $sidArray = array();
1219 if (count($tids) > 0) {
1220 // first, get a list of all stories the current visitor has access to
1221 $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
1222 $result = DB_query($sql);
1223 $numsids = DB_numRows($result);
1224 for ($i = 1; $i <= $numsids; $i++) {
1225 $S = DB_fetchArray ($result);
1226 $sidArray[] = $S['sid'];
1230 $sidList = implode("', '",$sidArray);
1231 $sidList = "'$sidList'";
1233 // then, find all comments by the user in those stories
1234 $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
1236 // SQL NOTE: Using a HAVING clause is usually faster than a where if the
1237 // field is part of the select
1238 // if (!empty ($sidList)) {
1239 // $sql .= " AND (sid in ($sidList))";
1241 if (!empty ($sidList)) {
1242 $sql .= " HAVING sid in ($sidList)";
1244 $sql .= " ORDER BY unixdate DESC LIMIT 10";
1246 $result = DB_query($sql);
1247 $nrows = DB_numRows($result);
1249 for ($i = 0; $i < $nrows; $i++) {
1250 $C = DB_fetchArray ($result);
1251 $user_templates->set_var ('cssid', ($i % 2) + 1);
1252 $user_templates->set_var ('row_number', ($i + 1) . '.');
1253 $comment_url = $_CONF['site_url']
1254 . '/comment.php?mode=view&cid=' . $C['cid'];
1255 $C['title'] = str_replace ('$', '$', $C['title']);
1256 $user_templates->set_var ('comment_title',
1258 stripslashes ($C['title']),
1260 array('class'=> 'b')
1263 $commenttime = COM_getUserDateTimeFormat ($C['unixdate']);
1264 $user_templates->set_var ('comment_date', $commenttime[0]);
1265 $user_templates->parse ('comment_row', 'row', true);
1268 $user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>');
1271 // posting stats for this user
1272 $user_templates->set_var ('lang_number_stories', $LANG04[84]);
1273 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND');
1274 $result = DB_query($sql);
1275 $N = DB_fetchArray ($result);
1276 $user_templates->set_var ('number_stories', COM_numberFormat ($N['count']));
1277 $user_templates->set_var ('lang_number_comments', $LANG04[85]);
1278 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user)";
1279 if (!empty ($sidList)) {
1280 $sql .= " AND (sid in ($sidList))";
1282 $result = DB_query ($sql);
1283 $N = DB_fetchArray ($result);
1284 $user_templates->set_var ('number_comments', COM_numberFormat($N['count']));
1285 $user_templates->set_var ('lang_all_postings_by',
1286 $LANG04[86] . ' ' . $display_name);
1288 // Call custom registration function if enabled and exists
1289 if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userDisplay') ) {
1290 $user_templates->set_var ('customfields', CUSTOM_userDisplay ($user));
1292 PLG_profileVariablesDisplay ($user, $user_templates);
1294 $user_templates->parse ('output', 'profile');
1295 $retval .= $user_templates->finish ($user_templates->get_var ('output'));
1297 $retval .= PLG_profileBlocksDisplay ($user);
1303 * Saves user's preferences back to the database
1305 * @param array $A User's data to save
1309 function savepreferences($A)
1311 global $_CONF, $_TABLES, $_USER;
1313 if (isset ($A['noicons']) && ($A['noicons'] == 'on')) {
1318 if (isset ($A['willing']) && ($A['willing'] == 'on')) {
1323 if (isset ($A['noboxes']) && ($A['noboxes'] == 'on')) {
1328 if (isset ($A['emailfromadmin']) && ($A['emailfromadmin'] == 'on')) {
1329 $A['emailfromadmin'] = 1;
1331 $A['emailfromadmin'] = 0;
1333 if (isset ($A['emailfromuser']) && ($A['emailfromuser'] == 'on')) {
1334 $A['emailfromuser'] = 1;
1336 $A['emailfromuser'] = 0;
1338 if (isset ($A['showonline']) && ($A['showonline'] == 'on')) {
1339 $A['showonline'] = 1;
1341 $A['showonline'] = 0;
1344 $A['maxstories'] = COM_applyFilter ($A['maxstories'], true);
1345 if (empty ($A['maxstories'])) {
1346 $A['maxstories'] = 0;
1347 } else if ($A['maxstories'] > 0) {
1348 if ($A['maxstories'] < $_CONF['minnews']) {
1349 $A['maxstories'] = $_CONF['minnews'];
1353 $TIDS = @array_values($A['topics']); // array of strings
1354 $AIDS = @array_values($A['selauthors']); // array of integers
1355 $BOXES = @array_values($A['blocks']); // array of integers
1356 $ETIDS = @array_values($A['etids']); // array of strings
1357 $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS)
1360 if (count($TIDS) > 0) {
1361 // the array_intersect mitigates the need to scrub the TIDS input
1362 $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS)));
1366 if (count($AIDS) > 0) {
1367 // Scrub the AIDS array to prevent SQL injection and bad values
1368 foreach ($AIDS as $key => $val) {
1369 $AIDS[$key] = COM_applyFilter($val, true);
1371 $aids = addslashes (implode (' ', $AIDS));
1374 $selectedblocks = '';
1375 if (count ($BOXES) > 0) {
1376 // Scrub the BOXES array to prevent SQL injection and bad values
1377 foreach ($BOXES as $key => $val) {
1378 $BOXES[$key] = COM_applyFilter($val, true);
1380 $boxes = addslashes (implode (',', $BOXES));
1382 $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)");
1383 $numRows = DB_numRows($blockresult);
1384 for ($x = 1; $x <= $numRows; $x++) {
1385 $row = DB_fetchArray ($blockresult);
1386 if ($row['name'] <> 'user_block' AND $row['name'] <> 'admin_block' AND $row['name'] <> 'section_block') {
1387 $selectedblocks .= $row['bid'];
1388 if ($x <> $numRows) {
1389 $selectedblocks .= ' ';
1394 $selectedblocks = trim($selectedblocks);
1397 if (($_CONF['emailstories'] == 1) && (count($ETIDS) > 0)) {
1398 // the array_intersect mitigates the need to scrub the ETIDS input
1399 $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS)));
1402 if (isset ($A['tzid'])) {
1403 $A['tzid'] = COM_applyFilter ($A['tzid']);
1408 if (isset($A['theme'])) {
1409 $A['theme'] = COM_applyFilter($A['theme']);
1411 if (empty($A['theme'])) {
1412 $A['theme'] = $_CONF['theme'];
1415 if (isset($A['language'])) {
1416 $A['language'] = COM_applyFilter($A['language']);
1418 if (empty($A['language'])) {
1419 $A['language'] = $_CONF['language'];
1422 // Save theme, when doing so, put in cookie so we can set the user's theme
1423 // even when they aren't logged in
1424 $theme = addslashes ($A['theme']);
1425 $language = addslashes ($A['language']);
1426 DB_query("UPDATE {$_TABLES['users']} SET theme='$theme',language='$language' WHERE uid = '{$_USER['uid']}'");
1427 setcookie ($_CONF['cookie_theme'], $A['theme'], time() + 31536000,
1428 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1429 $_CONF['cookiesecure']);
1430 setcookie ($_CONF['cookie_language'], $A['language'], time() + 31536000,
1431 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1432 $_CONF['cookiesecure']);
1433 setcookie ($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000,
1434 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1435 $_CONF['cookiesecure']);
1437 $A['dfid'] = COM_applyFilter ($A['dfid'], true);
1439 DB_query("UPDATE {$_TABLES['userprefs']} SET noicons='{$A['noicons']}', willing='{$A['willing']}', dfid='{$A['dfid']}', tzid='{$A['tzid']}', emailfromadmin='{$A['emailfromadmin']}', emailfromuser='{$A['emailfromuser']}', showonline='{$A['showonline']}' WHERE uid='{$_USER['uid']}'");
1441 if (empty ($etids)) {
1444 DB_save($_TABLES['userindex'],"uid,tids,aids,boxes,noboxes,maxstories,etids","'{$_USER['uid']}','$tids','$aids','$selectedblocks','{$A['noboxes']}',{$A['maxstories']},'$etids'");
1446 $A['commentmode'] = COM_applyFilter ($A['commentmode']);
1447 if (empty ($A['commentmode'])) {
1448 $A['commentmode'] = $_CONF['comment_mode'];
1450 $A['commentmode'] = addslashes ($A['commentmode']);
1452 $A['commentorder'] = COM_applyFilter ($A['commentorder']);
1453 if (empty ($A['commentorder'])) {
1454 $A['commentorder'] = 'ASC';
1456 $A['commentorder'] = addslashes ($A['commentorder']);
1458 $A['commentlimit'] = COM_applyFilter ($A['commentlimit'], true);
1459 if ($A['commentlimit'] <= 0) {
1460 $A['commentlimit'] = $_CONF['comment_limit'];
1463 DB_save($_TABLES['usercomment'],'uid,commentmode,commentorder,commentlimit',"'{$_USER['uid']}','{$A['commentmode']}','{$A['commentorder']}','{$A['commentlimit']}'");
1465 PLG_userInfoChanged ($_USER['uid']);
1470 if (isset($_POST['btncancel']) AND $_POST['btncancel'] == $LANG_ADMIN['cancel']) {
1471 echo COM_refresh($_CONF['site_url']);
1473 } else if (isset($_POST['btnsubmit']) AND ($_POST['btnsubmit'] == $LANG04[96]) && ($_POST['mode'] != 'deleteconfirmed')) {
1474 $mode = 'confirmdelete';
1475 } else if (isset ($_POST['mode'])) {
1476 $mode = COM_applyFilter ($_POST['mode']);
1477 } else if (isset ($_GET['mode'])) {
1478 $mode = COM_applyFilter ($_GET['mode']);
1483 if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) {
1486 savepreferences ($_POST);
1487 $display .= saveuser($_POST);
1488 PLG_profileExtrasSave ();
1491 case 'savepreferences':
1492 savepreferences ($_POST);
1493 $display .= COM_refresh ($_CONF['site_url']
1494 . '/usersettings.php?mode=preferences&msg=6');
1497 case 'confirmdelete':
1498 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) {
1499 $accountId = COM_applyFilter ($_POST['account_id']);
1500 if (!empty ($accountId)) {
1501 $display .= confirmAccountDelete ($accountId);
1503 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1506 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1510 case 'deleteconfirmed':
1511 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) {
1512 $accountId = COM_applyFilter ($_POST['account_id']);
1513 if (!empty ($accountId)) {
1514 $display .= deleteUserAccount ($accountId);
1516 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1519 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1524 PLG_profileExtrasSave ($_POST['plugin']);
1525 $display = COM_refresh ($_CONF['site_url']
1526 . '/usersettings.php?msg=5');
1529 default: // also if $mode == 'edit', 'preferences', or 'comments'
1530 $display .= COM_siteHeader('menu', $LANG04[16]);
1531 $display .= COM_showMessageFromParameter();
1532 $display .= edituser();
1533 $display .= COM_siteFooter();
1537 $display .= COM_siteHeader ('menu');
1538 $display .= COM_startBlock ($LANG04[70] . '!');
1539 $display .= '<br' . XHTML . '>' . $LANG04[71] . '<br' . XHTML . '><br' . XHTML . '>';
1540 $display .= COM_endBlock ();
1541 $display .= COM_siteFooter ();
1544 COM_output($display);