3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
7 // | usersettings.php |
9 // | Geeklog user settings page. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
35 require_once 'lib-common.php';
36 require_once $_CONF['path_system'] . 'lib-user.php';
38 // Set this to true to have this script generate various debug messages in
42 // Uncomment the line below if you need to debug the HTTP variables being passed
43 // to the script. This will sometimes cause errors but it will allow you to see
44 // the data being passed in a POST operation
45 // echo COM_debug($_POST);
48 * Shows the user's current settings
53 global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN;
55 $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}");
56 $A = DB_fetchArray ($result);
58 $preferences = new Template ($_CONF['path_layout'] . 'preferences');
59 $preferences->set_file (array ('profile' => 'profile.thtml',
60 'photo' => 'userphoto.thtml',
61 'username' => 'username.thtml',
62 'deleteaccount' => 'deleteaccount.thtml'));
64 include ($_CONF['path_system'] . 'classes/navbar.class.php');
67 foreach ($LANG_MYACCOUNT as $id => $label) {
68 $navbar->add_menuitem($label,'showhideProfileEditorDiv("'.$id.'",'.$cnt.');return false;',true);
71 $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
72 $preferences->set_var ( 'xhtml', XHTML );
73 $preferences->set_var ('navbar', $navbar->generate());
75 $preferences->set_var ('site_url', $_CONF['site_url']);
76 $preferences->set_var ('layout_url', $_CONF['layout_url']);
77 $preferences->set_var ('no_javascript_warning',$LANG04[150]);
79 $preferences->set_var ('cssid1', 1);
80 $preferences->set_var ('cssid2', 2);
82 $preferences->set_var ('preview', userprofile($_USER['uid']));
83 $preferences->set_var ('prefs', editpreferences());
85 // some trickery to ensure alternating colors with the available options ...
86 if ($_CONF['allow_username_change'] == 1) {
93 $preferences->set_var ('cssid1u', $first);
94 $preferences->set_var ('cssid2u', $second);
96 if ($_CONF['allow_user_photo'] == 1) {
101 $preferences->set_var ('cssid1p', $first);
102 $preferences->set_var ('cssid2p', $second);
104 $preferences->set_var ('lang_fullname', $LANG04[3]);
105 $preferences->set_var ('lang_fullname_text', $LANG04[34]);
106 $preferences->set_var ('lang_username', $LANG04[2]);
107 $preferences->set_var ('lang_username_text', $LANG04[87]);
108 $preferences->set_var ('lang_password_help_title', $LANG04[146]);
109 $preferences->set_var ('lang_password_help', $LANG04[147]);
110 $preferences->set_var ('lang_password', $LANG04[4]);
111 $preferences->set_var ('lang_password_text', $LANG04[35]);
112 $preferences->set_var ('lang_password_conf', $LANG04[108]);
113 $preferences->set_var ('lang_password_text_conf', $LANG04[109]);
114 $preferences->set_var ('lang_old_password', $LANG04[110]);
115 $preferences->set_var ('lang_old_password_text', $LANG04[111]);
116 $preferences->set_var ('lang_cooktime', $LANG04[68]);
117 $preferences->set_var ('lang_cooktime_text', $LANG04[69]);
118 $preferences->set_var ('lang_email', $LANG04[5]);
119 $preferences->set_var ('lang_email_text', $LANG04[33]);
120 $preferences->set_var ('lang_email_conf', $LANG04[124]);
121 $preferences->set_var ('lang_email_conf_text', $LANG04[126]);
122 $preferences->set_var ('lang_userinfo_help_title', $LANG04[148]);
123 $preferences->set_var ('lang_userinfo_help', $LANG04[149]);
124 $preferences->set_var ('lang_homepage', $LANG04[6]);
125 $preferences->set_var ('lang_homepage_text', $LANG04[36]);
126 $preferences->set_var ('lang_location', $LANG04[106]);
127 $preferences->set_var ('lang_location_text', $LANG04[107]);
128 $preferences->set_var ('lang_signature', $LANG04[32]);
129 $preferences->set_var ('lang_signature_text', $LANG04[37]);
130 $preferences->set_var ('lang_userphoto', $LANG04[77]);
131 $preferences->set_var ('lang_userphoto_text', $LANG04[78]);
132 $preferences->set_var ('lang_about', $LANG04[7]);
133 $preferences->set_var ('lang_about_text', $LANG04[38]);
134 $preferences->set_var ('lang_pgpkey', $LANG04[8]);
135 $preferences->set_var ('lang_pgpkey_text', $LANG04[39]);
136 $preferences->set_var ('lang_submit', $LANG04[9]);
137 $preferences->set_var ('lang_cancel',$LANG_ADMIN['cancel']);
138 $preferences->set_var ('lang_preview_title', $LANG04[145]);
139 $preferences->set_var ('lang_enter_current_password', $LANG04[127]);
140 $preferences->set_var ('lang_name_legend', $LANG04[128]);
141 $preferences->set_var ('lang_password_email_legend', $LANG04[129]);
142 $preferences->set_var ('lang_personal_info_legend', $LANG04[130]);
144 $display_name = COM_getDisplayName ($_USER['uid']);
146 //$preferences->set_var ('start_block_profile',
147 // COM_startBlock ($LANG04[1] . ' ' . $display_name));
148 //$preferences->set_var ('end_block', COM_endBlock ());
150 $preferences->set_var ('profile_headline',
151 $LANG04[1] . ' ' . $display_name);
153 if ($_CONF['allow_user_photo'] == 1) {
154 $preferences->set_var ('enctype', 'enctype="multipart/form-data"');
156 $preferences->set_var ('enctype', '');
158 $preferences->set_var ('fullname_value', htmlspecialchars ($A['fullname']));
159 $preferences->set_var ('new_username_value',
160 htmlspecialchars ($_USER['username']));
161 $preferences->set_var ('password_value', '');
162 if ($_CONF['allow_username_change'] == 1) {
163 $preferences->parse ('username_option', 'username', true);
165 $preferences->set_var ('username_option', '');
168 $selection = '<select id="cooktime" name="cooktime">' . LB;
169 $selection .= COM_optionList ($_TABLES['cookiecodes'], 'cc_value,cc_descr',
170 $A['cookietimeout'], 0);
171 $selection .= '</select>';
172 $preferences->set_var ('cooktime_selector', $selection);
174 $preferences->set_var ('email_value', htmlspecialchars ($A['email']));
175 $preferences->set_var ('homepage_value',
176 htmlspecialchars (COM_killJS ($A['homepage'])));
177 $preferences->set_var ('location_value',
178 htmlspecialchars (strip_tags ($A['location'])));
179 $preferences->set_var ('signature_value', htmlspecialchars ($A['sig']));
181 if ($_CONF['allow_user_photo'] == 1) {
182 $photo = USER_getPhoto ($_USER['uid'], $A['photo'], $A['email'], -1);
183 if (empty ($photo)) {
184 $preferences->set_var ('display_photo', '');
186 if (empty ($A['photo'])) { // external avatar
187 $photo = '<br' . XHTML . '>' . $photo;
188 } else { // uploaded photo - add delete option
189 $photo = '<br' . XHTML . '>' . $photo . '<br' . XHTML . '>' . $LANG04[79]
190 . ' <input type="checkbox" name="delete_photo"' . XHTML . '>'
193 $preferences->set_var ('display_photo', $photo);
195 if (empty($_CONF['image_lib'])) {
196 $scaling = $LANG04[162];
198 $scaling = $LANG04[161];
200 $preferences->set_var('photo_max_dimensions',
201 sprintf($LANG04[160],
202 $_CONF['max_photo_width'], $_CONF['max_photo_height'],
203 $_CONF['max_photo_size'], $scaling));
204 $preferences->parse ('userphoto_option', 'photo', true);
206 $preferences->set_var ('userphoto_option', '');
209 $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}");
210 $A = DB_fetchArray($result);
212 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
213 DB_change ($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']);
215 $preferences->set_var ('about_value', htmlspecialchars ($A['about']));
216 $preferences->set_var ('pgpkey_value', htmlspecialchars ($A['pgpkey']));
217 $preferences->set_var ('uid_value', $reqid);
218 $preferences->set_var ('username_value',
219 htmlspecialchars ($_USER['username']));
221 if ($_CONF['allow_account_delete'] == 1) {
222 $preferences->set_var ('lang_deleteaccount', $LANG04[156]);
223 $preferences->set_var ('delete_text', $LANG04[95]);
224 $preferences->set_var ('lang_button_delete', $LANG04[96]);
225 $preferences->set_var ('delete_mode', 'confirmdelete');
226 $preferences->set_var ('account_id', $reqid);
227 if (isset ($LANG04[157])) {
228 $preferences->set_var ('lang_deleteoption', $LANG04[157]);
230 $preferences->set_var ('lang_deleteoption', $LANG04[156]);
232 $preferences->parse ('delete_account_option', 'deleteaccount', false);
234 $preferences->set_var ('delete_account_option', '');
237 // Call custom account form and edit function if enabled and exists
238 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) {
239 $preferences->set_var ('customfields', CUSTOM_userEdit($_USER['uid']) );
242 PLG_profileVariablesEdit ($_USER['uid'], $preferences);
244 $retval = $preferences->finish ($preferences->parse ('output', 'profile'));
245 $retval .= PLG_profileBlocksEdit ($_USER['uid']);
251 * Ask user for confirmation to delete his/her account.
253 * @param string form_reqid request id
254 * @return string confirmation form
257 function confirmAccountDelete ($form_reqid)
259 global $_CONF, $_TABLES, $_USER, $LANG04;
261 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) {
263 return COM_refresh ($_CONF['site_url'] . '/index.php');
266 // to change the password, email address, or cookie timeout,
267 // we need the user's current password
268 $current_password = DB_getItem($_TABLES['users'], 'passwd',
269 "uid = {$_USER['uid']}");
270 if (empty($_POST['old_passwd']) ||
271 (SEC_encryptPassword($_POST['old_passwd']) != $current_password)) {
272 return COM_refresh($_CONF['site_url']
273 . '/usersettings.php?msg=84');
276 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
277 DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
278 'uid', $_USER['uid']);
282 $retval .= COM_siteHeader ('menu', $LANG04[97]);
283 $retval .= COM_startBlock ($LANG04[97], '',
284 COM_getBlockTemplate ('_msg_block', 'header'));
285 $retval .= '<p>' . $LANG04[98] . '</p>' . LB;
286 $retval .= '<form action="' . $_CONF['site_url']
287 . '/usersettings.php" method="post"><div>' . LB;
288 $retval .= '<p align="center"><input type="submit" name="btnsubmit" value="'
289 . $LANG04[96] . '"' . XHTML . '></p>' . LB;
290 $retval .= '<input type="hidden" name="mode" value="deleteconfirmed"' . XHTML . '>' . LB;
291 $retval .= '<input type="hidden" name="account_id" value="' . $reqid
292 . '"' . XHTML . '>' . LB;
293 $retval .= '</div></form>' . LB;
294 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
295 $retval .= COM_siteFooter ();
303 * @param string form_reqid request id
304 * @return string redirection to main page (+ success msg)
307 function deleteUserAccount ($form_reqid)
309 global $_CONF, $_TABLES, $_USER;
311 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'),
312 array ($form_reqid, $_USER['uid'])) != 1) {
314 return COM_refresh ($_CONF['site_url'] . '/index.php');
317 if (!USER_deleteAccount ($_USER['uid'])) {
318 return COM_refresh ($_CONF['site_url'] . '/index.php');
321 return COM_refresh ($_CONF['site_url'] . '/index.php?msg=57');
325 * Displays user preferences
328 function editpreferences()
330 global $_TABLES, $_CONF, $LANG04, $_USER, $_GROUPS;
332 $result = DB_query("SELECT noicons,willing,dfid,tzid,noboxes,maxstories,tids,aids,boxes,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userprefs']},{$_TABLES['userindex']} WHERE {$_TABLES['userindex']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']}");
334 $A = DB_fetchArray($result);
336 // 'maxstories' may be 0, in which case it will pick up the default
337 // setting for the current topic or $_CONF['limitnews'] (see index.php)
338 if (empty ($A['maxstories'])) {
339 $A['maxstories'] = 0;
340 } else if ($A['maxstories'] > 0) {
341 if ($A['maxstories'] < $_CONF['minnews']) {
342 $A['maxstories'] = $_CONF['minnews'];
346 $preferences = new Template ($_CONF['path_layout'] . 'preferences');
347 $preferences->set_file (array ('prefs' => 'displayprefs.thtml',
348 'display' => 'displayblock.thtml',
349 'exclude' => 'excludeblock.thtml',
350 'digest' => 'digestblock.thtml',
351 'boxes' => 'boxesblock.thtml',
352 'comment' => 'commentblock.thtml',
353 'language' => 'language.thtml',
354 'theme' => 'theme.thtml',
355 'privacy' => 'privacyblock.thtml'
357 $preferences->set_var ( 'xhtml', XHTML );
358 $preferences->set_var ('site_url', $_CONF['site_url']);
359 $preferences->set_var ('layout_url', $_CONF['layout_url']);
361 $preferences->set_var ('user_name', $_USER['username']);
363 $preferences->set_var ('lang_language', $LANG04[73]);
364 $preferences->set_var ('lang_theme', $LANG04[72]);
365 $preferences->set_var ('lang_theme_text', $LANG04[74]);
366 $preferences->set_var ('lang_misc_title', $LANG04[138]);
367 $preferences->set_var ('lang_misc_help_title', $LANG04[139]);
368 $preferences->set_var ('lang_misc_help', $LANG04[140]);
369 $preferences->set_var ('lang_noicons', $LANG04[40]);
370 $preferences->set_var ('lang_noicons_text', $LANG04[49]);
371 $preferences->set_var ('lang_noboxes', $LANG04[44]);
372 $preferences->set_var ('lang_noboxes_text', $LANG04[51]);
373 $preferences->set_var ('lang_maxstories', $LANG04[43]);
374 if (strpos ($LANG04[52], '%d') === false) {
375 $maxtext = $LANG04[52] . ' ' . $_CONF['limitnews'];
377 $maxtext = sprintf ($LANG04[52], $_CONF['limitnews']);
379 $preferences->set_var ('lang_maxstories_text', $maxtext);
380 $preferences->set_var ('lang_dateformat', $LANG04[42]);
381 $preferences->set_var ('lang_excluded_items_title', $LANG04[137]);
382 $preferences->set_var ('lang_excluded_items', $LANG04[54]);
383 $preferences->set_var ('lang_exclude_title', $LANG04[136]);
384 $preferences->set_var ('lang_topics', $LANG04[48]);
385 $preferences->set_var ('lang_emailedtopics', $LANG04[76]);
386 $preferences->set_var ('lang_digest_top_header', $LANG04[131]);
387 $preferences->set_var ('lang_digest_help_header', $LANG04[132]);
388 $preferences->set_var ('lang_boxes_title', $LANG04[144]);
389 $preferences->set_var ('lang_boxes_help_title', $LANG04[143]);
390 $preferences->set_var ('lang_boxes', $LANG04[55]);
391 $preferences->set_var ('lang_displaymode', $LANG04[57]);
392 $preferences->set_var ('lang_displaymode_text', $LANG04[60]);
393 $preferences->set_var ('lang_sortorder', $LANG04[58]);
394 $preferences->set_var ('lang_sortorder_text', $LANG04[61]);
395 $preferences->set_var ('lang_comment_title', $LANG04[133]);
396 $preferences->set_var ('lang_comment_help_title', $LANG04[134]);
397 $preferences->set_var ('lang_comment_help', $LANG04[135]);
398 $preferences->set_var ('lang_commentlimit', $LANG04[59]);
399 $preferences->set_var ('lang_commentlimit_text', $LANG04[62]);
400 $preferences->set_var ('lang_privacy_title', $LANG04[141]);
401 $preferences->set_var ('lang_privacy_help_title', $LANG04[141]);
402 $preferences->set_var ('lang_privacy_help', $LANG04[142]);
403 $preferences->set_var ('lang_emailfromadmin', $LANG04[100]);
404 $preferences->set_var ('lang_emailfromadmin_text', $LANG04[101]);
405 $preferences->set_var ('lang_emailfromuser', $LANG04[102]);
406 $preferences->set_var ('lang_emailfromuser_text', $LANG04[103]);
407 $preferences->set_var ('lang_showonline', $LANG04[104]);
408 $preferences->set_var ('lang_showonline_text', $LANG04[105]);
409 $preferences->set_var ('lang_submit', $LANG04[9]);
411 $display_name = COM_getDisplayName ($_USER['uid']);
413 $preferences->set_var ('lang_authors_exclude', $LANG04[46]);
414 $preferences->set_var ('lang_boxes_exclude', $LANG04[47]);
416 $preferences->set_var ('start_block_display',
417 COM_startBlock ($LANG04[45] . ' ' . $display_name));
418 $preferences->set_var ('start_block_digest',
419 COM_startBlock ($LANG04[75] . ' ' . $display_name));
420 $preferences->set_var ('start_block_comment',
421 COM_startBlock ($LANG04[64] . ' ' . $display_name));
422 $preferences->set_var ('start_block_privacy',
423 COM_startBlock ($LANG04[99] . ' ' . $display_name));
424 $preferences->set_var ('end_block', COM_endBlock ());
426 $preferences->set_var ('display_headline',
427 $LANG04[45] . ' ' . $display_name);
428 $preferences->set_var ('exclude_headline',
429 $LANG04[46] . ' ' . $display_name);
430 $preferences->set_var ('digest_headline',
431 $LANG04[75] . ' ' . $display_name);
432 $preferences->set_var ('boxes_headline',
433 $LANG04[47] . ' ' . $display_name);
434 $preferences->set_var ('comment_headline',
435 $LANG04[64] . ' ' . $display_name);
436 $preferences->set_var ('privacy_headline',
437 $LANG04[99] . ' ' . $display_name);
439 // display preferences block
440 if ($_CONF['allow_user_language'] == 1) {
442 if (empty ($_USER['language'])) {
443 $userlang = $_CONF['language'];
445 $userlang = $_USER['language'];
448 // Get available languages
449 $language = MBYTE_languageList ($_CONF['default_charset']);
451 $has_valid_language = count (array_keys ($language, $userlang));
452 if ($has_valid_language == 0) {
453 // The user's preferred language is no longer available.
454 // We have a problem now, since we've overwritten $_CONF['language']
455 // with the user's preferred language ($_USER['language']) and
456 // therefore don't know what the system's default language is.
457 // So we'll try to find a similar language. If that doesn't help,
458 // the dropdown will default to the first language in the list ...
459 $tmp = explode ('_', $userlang);
460 $similarLang = $tmp[0];
463 $selection = '<select id="language" name="language">' . LB;
465 foreach ($language as $langFile => $langName) {
466 $selection .= '<option value="' . $langFile . '"';
467 if (($langFile == $userlang) || (($has_valid_language == 0) &&
468 (strpos ($langFile, $similarLang) === 0))) {
469 $selection .= ' selected="selected"';
470 $has_valid_language = 1;
471 } else if ($userlang == $langFile) {
472 $selection .= ' selected="selected"';
475 $selection .= '>' . $langName . '</option>' . LB;
477 $selection .= '</select>';
478 $preferences->set_var ('language_selector', $selection);
479 $preferences->parse ('language_selection', 'language', true);
481 $preferences->set_var ('language_selection', '');
484 if ($_CONF['allow_user_themes'] == 1) {
485 $selection = '<select id="theme" name="theme">' . LB;
487 if (empty($_USER['theme'])) {
488 $usertheme = $_CONF['theme'];
490 $usertheme = $_USER['theme'];
493 $themeFiles = COM_getThemes();
494 usort($themeFiles, 'strcasecmp');
496 foreach ($themeFiles as $theme) {
497 $selection .= '<option value="' . $theme . '"';
498 if ($usertheme == $theme) {
499 $selection .= ' selected="selected"';
501 $words = explode('_', $theme);
503 foreach ($words as $th) {
504 if ((strtolower($th{0}) == $th{0}) &&
505 (strtolower($th{1}) == $th{1})) {
506 $bwords[] = ucfirst($th);
511 $selection .= '>' . implode(' ', $bwords) . '</option>' . LB;
513 $selection .= '</select>';
514 $preferences->set_var('theme_selector', $selection);
515 $preferences->parse('theme_selection', 'theme', true);
517 $preferences->set_var('theme_selection', '');
520 require_once ('Date/TimeZone.php');
522 if (empty($_USER['tzid']) && isset($_CONF['timezone'])) {
523 $timezone = $_CONF['timezone'];
524 } else if (!empty($_USER['tzid'])) {
525 $timezone = $_USER['tzid'];
527 $tz_obj = Date_TimeZone::getDefault();
528 $timezone = $tz_obj->id;
530 $selection = '<select id="tzid" name="tzid">' . LB;
532 $T = $GLOBALS['_DATE_TIMEZONE_DATA'];
534 foreach ($T as $tzid => $tDetails) {
535 $tzcode = str_replace('_', ' ', $tzid);
536 $tzcode = htmlspecialchars($tzcode);
537 $selection .= '<option value="' . $tzcode . '"';
538 if ($timezone == $tzcode) {
539 $selection .= ' selected="selected"';
541 $hours = $tDetails['offset'] / (3600 * 1000);
545 $selection .= ">$hours, {$tDetails['shortname']} ($tzcode)</option>" . LB;
547 $selection .= '</select>';
548 $preferences->set_var ('timezone_selector', $selection);
549 $preferences->set_var ('lang_timezone', $LANG04[158]);
551 if ($A['noicons'] == '1') {
552 $preferences->set_var ('noicons_checked', 'checked="checked"');
554 $preferences->set_var ('noicons_checked', '');
557 if ($A['noboxes'] == 1) {
558 $preferences->set_var ('noboxes_checked', 'checked="checked"');
560 $preferences->set_var ('noboxes_checked', '');
563 $preferences->set_var ('maxstories_value', $A['maxstories']);
564 $selection = '<select id="dfid" name="dfid">' . LB
565 . COM_optionList ($_TABLES['dateformats'], 'dfid,description',
566 $A['dfid']) . '</select>';
567 $preferences->set_var ('dateformat_selector', $selection);
568 $preferences->parse ('display_block', 'display', true);
570 // privacy options block
571 if ($A['emailfromadmin'] == 1) {
572 $preferences->set_var ('emailfromadmin_checked', 'checked="checked"');
574 $preferences->set_var ('emailfromadmin_checked', '');
576 if ($A['emailfromuser'] == 1) {
577 $preferences->set_var ('emailfromuser_checked', 'checked="checked"');
579 $preferences->set_var ('emailfromuser_checked', '');
581 if ($A['showonline'] == 1) {
582 $preferences->set_var ('showonline_checked', 'checked="checked"');
584 $preferences->set_var ('showonline_checked', '');
586 PLG_profileVariablesEdit ($_USER['uid'], $preferences);
587 $preferences->parse ('privacy_block', 'privacy', true);
589 // excluded items block
590 $permissions = COM_getPermSQL ('');
591 $preferences->set_var ('exclude_topic_checklist',
592 COM_checkList($_TABLES['topics'], 'tid,topic', $permissions, $A['tids'],
595 if (($_CONF['contributedbyline'] == 1) &&
596 ($_CONF['hide_author_exclusion'] == 0)) {
597 $preferences->set_var ('lang_authors', $LANG04[56]);
598 $sql = "SELECT DISTINCT story.uid, users.username,users.fullname FROM {$_TABLES['stories']} story, {$_TABLES['users']} users WHERE story.uid = users.uid";
599 if ($_CONF['show_fullname'] == 1) {
600 $sql .= ' ORDER BY users.fullname';
602 $sql .= ' ORDER BY users.username';
604 $query = DB_query ($sql);
605 $nrows = DB_numRows ($query );
606 $authors = explode (' ', $A['aids']);
609 for( $i = 0; $i < $nrows; $i++ ) {
610 $B = DB_fetchArray ($query);
611 $selauthors .= '<option value="' . $B['uid'] . '"';
612 if (in_array (sprintf ('%d', $B['uid']), $authors)) {
613 $selauthors .= ' selected';
615 $selauthors .= '>' . COM_getDisplayName ($B['uid'], $B['username'],
620 if (DB_count($_TABLES['topics']) > 10) {
621 $Selboxsize = intval (DB_count ($_TABLES['topics']) * 1.5);
625 $preferences->set_var ('exclude_author_checklist', '<select name="selauthors[]" multiple="multiple" size="'. $Selboxsize. '">' . $selauthors . '</select>');
627 $preferences->set_var ('lang_authors', '');
628 $preferences->set_var ('exclude_author_checklist', '');
630 $preferences->parse ('exclude_block', 'exclude', true);
632 // daily digest block
633 if ($_CONF['emailstories'] == 1) {
634 $user_etids = DB_getItem ($_TABLES['userindex'], 'etids',
635 "uid = {$_USER['uid']}");
636 if (empty ($user_etids)) { // an empty string now means "all topics"
637 $etids = USER_getAllowedTopics();
638 $user_etids = implode(' ', $etids);
639 } elseif ($user_etids == '-') { // this means "no topics"
642 $tmp = COM_checkList($_TABLES['topics'], 'tid,topic', $permissions,
643 $user_etids, 'topics');
644 $preferences->set_var('email_topic_checklist',
645 str_replace($_TABLES['topics'], 'etids', $tmp));
646 $preferences->parse('digest_block', 'digest', true);
648 $preferences->set_var('digest_block', '');
652 $selectedblocks = '';
653 if (strlen($A['boxes']) > 0) {
654 $blockresult = DB_query("SELECT bid FROM {$_TABLES['blocks']} WHERE bid NOT IN (" . str_replace(' ',',',$A['boxes']) . ")");
655 for ($x = 1; $x <= DB_numRows($blockresult); $x++) {
656 $row = DB_fetchArray($blockresult);
657 $selectedblocks .= $row['bid'];
658 if ($x <> DB_numRows($blockresult)) {
659 $selectedblocks .= ' ';
664 if (!empty ($permissions)) {
665 $whereblock .= $permissions . ' AND ';
667 $whereblock .= "((type != 'layout' AND type != 'gldefault' AND is_enabled = 1) OR "
668 . "(type = 'gldefault' AND is_enabled = 1 AND name IN ('whats_new_block','older_stories'))) "
669 . "ORDER BY onleft desc,blockorder,title";
670 $preferences->set_var ('boxes_checklist', COM_checkList ($_TABLES['blocks'],
671 'bid,title,type', $whereblock, $selectedblocks));
672 $preferences->parse ('boxes_block', 'boxes', true);
674 // comment preferences block
675 $result = DB_query("SELECT commentmode,commentorder,commentlimit FROM {$_TABLES['usercomment']} WHERE uid = {$_USER['uid']}");
676 $A = DB_fetchArray ($result);
678 if (empty ($A['commentmode'])) {
679 $A['commentmode'] = $_CONF['comment_mode'];
681 if (empty ($A['commentorder'])) $A['commentorder'] = 0;
682 if (empty ($A['commentlimit'])) $A['commentlimit'] = 100;
684 $selection = '<select id="commentmode" name="commentmode">';
685 $selection .= COM_optionList ($_TABLES['commentmodes'], 'mode,name',
687 $selection .= '</select>';
688 $preferences->set_var ('displaymode_selector', $selection);
690 $selection = '<select id="commentorder" name="commentorder">';
691 $selection .= COM_optionList ($_TABLES['sortcodes'], 'code,name',
693 $selection .= '</select>';
694 $preferences->set_var ('sortorder_selector', $selection);
695 $preferences->set_var ('commentlimit_value', $A['commentlimit']);
696 $preferences->parse ('comment_block', 'comment', true);
698 return $preferences->finish ($preferences->parse ('output', 'prefs'));
702 * Check if an email address already exists in the database
704 * NOTE: Allows remote accounts to have duplicate email addresses
706 * @param email string email address to check
707 * @param uid int user id of current user
708 * @return bool true = exists, false = does not exist
711 function emailAddressExists ($email, $uid)
715 $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '$uid'");
716 if ($email == $old_email) {
717 // email address didn't change so don't care
721 $email = addslashes($email);
722 $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE email = '$email' AND uid <> '$uid' AND (remoteservice IS NULL OR remoteservice = '')");
723 if (DB_numRows($result) > 0) {
724 // email address is already in use for another non-remote account
732 * Upload new photo, delete old photo
734 * @param string $delete_photo 'on': delete old photo
735 * @return string filename of new photo (empty = no new photo)
738 function handlePhotoUpload ($delete_photo = '')
740 global $_CONF, $_TABLES, $_USER, $LANG24;
742 require_once ($_CONF['path_system'] . 'classes/upload.class.php');
744 $upload = new upload();
745 if (!empty ($_CONF['image_lib'])) {
746 if ($_CONF['image_lib'] == 'imagemagick') {
748 $upload->setMogrifyPath ($_CONF['path_to_mogrify']);
749 } elseif ($_CONF['image_lib'] == 'netpbm') {
751 $upload->setNetPBM ($_CONF['path_to_netpbm']);
752 } elseif ($_CONF['image_lib'] == 'gdlib') {
753 // using the GD library
754 $upload->setGDLib ();
756 $upload->setAutomaticResize (true);
757 if (isset ($_CONF['debug_image_upload']) &&
758 $_CONF['debug_image_upload']) {
759 $upload->setLogFile ($_CONF['path'] . 'logs/error.log');
760 $upload->setDebug (true);
762 if (isset($_CONF['jpeg_quality'])) {
763 $upload->setJpegQuality($_CONF['jpeg_quality']);
766 $upload->setAllowedMimeTypes (array ('image/gif' => '.gif',
767 'image/jpeg' => '.jpg,.jpeg',
768 'image/pjpeg' => '.jpg,.jpeg',
769 'image/x-png' => '.png',
770 'image/png' => '.png'
772 if (!$upload->setPath ($_CONF['path_images'] . 'userphotos')) {
773 $display = COM_siteHeader ('menu', $LANG24[30]);
774 $display .= COM_startBlock ($LANG24[30], '',
775 COM_getBlockTemplate ('_msg_block', 'header'));
776 $display .= $upload->printErrors (false);
777 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
779 $display .= COM_siteFooter ();
780 COM_output($display);
781 exit; // don't return
785 if (!empty ($delete_photo) && ($delete_photo == 'on')) {
786 $delete_photo = true;
788 $delete_photo = false;
791 $curphoto = DB_getItem ($_TABLES['users'], 'photo',
792 "uid = {$_USER['uid']}");
793 if (empty ($curphoto)) {
794 $delete_photo = false;
797 // see if user wants to upload a (new) photo
798 $newphoto = $_FILES['photo'];
799 if (!empty ($newphoto['name'])) {
800 $pos = strrpos ($newphoto['name'], '.') + 1;
801 $fextension = substr ($newphoto['name'], $pos);
802 $filename = $_USER['username'] . '.' . $fextension;
804 if (!empty ($curphoto) && ($filename != $curphoto)) {
805 $delete_photo = true;
807 $delete_photo = false;
811 // delete old photo first
813 USER_deletePhoto ($curphoto);
817 if (!empty ($filename)) {
818 $upload->setFileNames ($filename);
819 $upload->setPerms ('0644');
820 if (($_CONF['max_photo_width'] > 0) &&
821 ($_CONF['max_photo_height'] > 0)) {
822 $upload->setMaxDimensions ($_CONF['max_photo_width'],
823 $_CONF['max_photo_height']);
825 $upload->setMaxDimensions ($_CONF['max_image_width'],
826 $_CONF['max_image_height']);
828 if ($_CONF['max_photo_size'] > 0) {
829 $upload->setMaxFileSize($_CONF['max_photo_size']);
831 $upload->setMaxFileSize($_CONF['max_image_size']);
833 $upload->uploadFiles ();
835 if ($upload->areErrors ()) {
836 $display = COM_siteHeader ('menu', $LANG24[30]);
837 $display .= COM_startBlock ($LANG24[30], '',
838 COM_getBlockTemplate ('_msg_block', 'header'));
839 $display .= $upload->printErrors (false);
840 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
842 $display .= COM_siteFooter ();
843 COM_output($display);
844 exit; // don't return
846 } else if (!$delete_photo && !empty ($curphoto)) {
847 $filename = $curphoto;
854 * Saves the user's information back to the database
856 * @param array $A User's data
857 * @return string HTML error message or meta redirect
860 function saveuser($A)
862 global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
865 COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
868 $reqid = DB_getItem ($_TABLES['users'], 'pwrequestid',
869 "uid = {$_USER['uid']}");
870 if ($reqid != $A['uid']) {
871 DB_change ($_TABLES['users'], 'pwrequestid', "NULL",
872 'uid', $_USER['uid']);
873 COM_accessLog ("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
875 return COM_refresh ($_CONF['site_url'] . '/index.php');
878 if (! isset($A['cooktime'])) {
879 // If not set or possibly removed from template - set to default
880 $A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
882 $A['cooktime'] = COM_applyFilter($A['cooktime'], true);
884 // If empty or invalid - set to user default
885 // So code after this does not fail the user password required test
886 if ($A['cooktime'] < 0) { // note that == 0 is allowed!
887 $A['cooktime'] = $_USER['cookietimeout'];
890 // to change the password, email address, or cookie timeout,
891 // we need the user's current password
892 $current_password = DB_getItem($_TABLES['users'], 'passwd',
893 "uid = {$_USER['uid']}");
894 if (!empty ($A['passwd']) || ($A['email'] != $_USER['email']) ||
895 ($A['cooktime'] != $_USER['cookietimeout'])) {
896 if (empty($A['old_passwd']) ||
897 (SEC_encryptPassword($A['old_passwd']) != $current_password)) {
899 return COM_refresh ($_CONF['site_url']
900 . '/usersettings.php?msg=83');
901 } elseif ($_CONF['custom_registration'] &&
902 function_exists ('CUSTOM_userCheck')) {
903 $ret = CUSTOM_userCheck ($A['username'], $A['email']);
905 // Need a numeric return for the default message handler
906 // - if not numeric use default message
907 if (!is_numeric($ret['number'])) {
908 $ret['number'] = 400;
910 return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
913 } elseif ($_CONF['custom_registration'] &&
914 function_exists ('CUSTOM_userCheck')) {
915 $ret = CUSTOM_userCheck ($A['username'], $A['email']);
917 // Need a numeric return for the default message handler
918 // - if not numeric use default message
919 if (!is_numeric($ret['number'])) {
920 $ret['number'] = 400;
922 return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
926 // no need to filter the password as it's encoded anyway
927 if ($_CONF['allow_username_change'] == 1) {
928 $A['new_username'] = COM_applyFilter ($A['new_username']);
929 if (!empty ($A['new_username']) &&
930 ($A['new_username'] != $_USER['username'])) {
931 $A['new_username'] = addslashes ($A['new_username']);
932 if (DB_count ($_TABLES['users'], 'username', $A['new_username']) == 0) {
933 if ($_CONF['allow_user_photo'] == 1) {
934 $photo = DB_getItem ($_TABLES['users'], 'photo',
935 "uid = {$_USER['uid']}");
936 if (!empty ($photo)) {
937 $newphoto = preg_replace ('/' . $_USER['username'] . '/',
938 $A['new_username'], $photo, 1);
939 $imgpath = $_CONF['path_images'] . 'userphotos/';
940 if (rename ($imgpath . $photo,
941 $imgpath . $newphoto) === false) {
942 $display = COM_siteHeader ('menu', $LANG04[21]);
943 $display .= COM_errorLog ('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
944 $display .= COM_siteFooter ();
948 DB_change ($_TABLES['users'], 'photo',
949 addslashes ($newphoto), "uid", $_USER['uid']);
953 DB_change ($_TABLES['users'], 'username', $A['new_username'],
954 "uid", $_USER['uid']);
956 return COM_refresh ($_CONF['site_url']
957 . '/usersettings.php?msg=51');
962 // a quick spam check with the unfiltered field contents
963 $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>'
964 . '<p>'. COM_createLink($A['homepage'], $A['homepage'])
965 . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>'
966 . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
967 $result = PLG_checkforSpam ($profile, $_CONF['spamx']);
969 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden');
972 $A['email'] = COM_applyFilter ($A['email']);
973 $A['email_conf'] = COM_applyFilter ($A['email_conf']);
974 $A['homepage'] = COM_applyFilter ($A['homepage']);
976 // basic filtering only
977 $A['fullname'] = strip_tags (COM_stripslashes ($A['fullname']));
978 $A['location'] = strip_tags (COM_stripslashes ($A['location']));
979 $A['sig'] = strip_tags (COM_stripslashes ($A['sig']));
980 $A['about'] = strip_tags (COM_stripslashes ($A['about']));
981 $A['pgpkey'] = strip_tags (COM_stripslashes ($A['pgpkey']));
983 if (!COM_isEmail ($A['email'])) {
984 return COM_refresh ($_CONF['site_url']
985 . '/usersettings.php?msg=52');
986 } else if ($A['email'] !== $A['email_conf']) {
987 return COM_refresh ($_CONF['site_url']
988 . '/usersettings.php?msg=78');
989 } else if (emailAddressExists ($A['email'], $_USER['uid'])) {
990 return COM_refresh ($_CONF['site_url']
991 . '/usersettings.php?msg=56');
994 if (!empty($A['passwd'])) {
995 if (($A['passwd'] == $A['passwd_conf']) &&
996 (SEC_encryptPassword($A['old_passwd']) == $current_password)) {
997 $passwd = SEC_encryptPassword($A['passwd']);
998 DB_change($_TABLES['users'], 'passwd', "$passwd",
999 "uid", $_USER['uid']);
1000 if ($A['cooktime'] > 0) {
1001 $cooktime = $A['cooktime'];
1005 SEC_setCookie($_CONF['cookie_password'], $passwd,
1006 time() + $cooktime);
1007 } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
1008 return COM_refresh ($_CONF['site_url']
1009 . '/usersettings.php?msg=68');
1010 } elseif ($A['passwd'] != $A['passwd_conf']) {
1011 return COM_refresh ($_CONF['site_url']
1012 . '/usersettings.php?msg=67');
1017 COM_errorLog('cooktime = ' . $A['cooktime'],1);
1020 if ($A['cooktime'] <= 0) {
1022 SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
1023 time() - $cooktime);
1025 SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
1026 time() + $A['cooktime']);
1029 if ($_CONF['allow_user_photo'] == 1) {
1031 if (isset ($A['delete_photo'])) {
1032 $delete_photo = $A['delete_photo'];
1034 $filename = handlePhotoUpload ($delete_photo);
1037 if (!empty ($A['homepage'])) {
1038 $pos = MBYTE_strpos ($A['homepage'], ':');
1039 if ($pos === false) {
1040 $A['homepage'] = 'http://' . $A['homepage'];
1043 $prot = substr ($A['homepage'], 0, $pos + 1);
1044 if (($prot != 'http:') && ($prot != 'https:')) {
1045 $A['homepage'] = 'http:' . substr ($A['homepage'], $pos + 1);
1048 $A['homepage'] = addslashes ($A['homepage']);
1051 $A['fullname'] = addslashes ($A['fullname']);
1052 $A['email'] = addslashes ($A['email']);
1053 $A['location'] = addslashes ($A['location']);
1054 $A['sig'] = addslashes ($A['sig']);
1055 $A['about'] = addslashes ($A['about']);
1056 $A['pgpkey'] = addslashes ($A['pgpkey']);
1058 if (!empty ($filename)) {
1059 if (!file_exists ($_CONF['path_images'] . 'userphotos/' . $filename)) {
1064 DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='$filename' WHERE uid={$_USER['uid']}");
1065 DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
1067 // Call custom registration save function if enabled and exists
1068 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) {
1069 CUSTOM_userSave($_USER['uid']);
1072 PLG_userInfoChanged ($_USER['uid']);
1075 COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
1078 return COM_refresh ($_CONF['site_url'] . '/users.php?mode=profile&uid='
1079 . $_USER['uid'] . '&msg=5');
1084 * Shows a profile for a user
1086 * This grabs the user profile for a given user and displays it
1088 * @param int $user User ID of profile to get
1089 * @param int $msg Message to display (if != 0)
1090 * @return string HTML for user profile page
1093 function userprofile ($user, $msg = 0)
1095 global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
1099 if (empty ($_USER['username']) &&
1100 (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) {
1101 $retval .= COM_siteHeader ('menu');
1102 $retval .= COM_startBlock ($LANG_LOGIN[1], '',
1103 COM_getBlockTemplate ('_msg_block', 'header'));
1104 $login = new Template($_CONF['path_layout'] . 'submit');
1105 $login->set_file (array ('login'=>'submitloginrequired.thtml'));
1106 $login->set_var ( 'xhtml', XHTML );
1107 $login->set_var ('login_message', $LANG_LOGIN[2]);
1108 $login->set_var ('site_url', $_CONF['site_url']);
1109 $login->set_var ('site_admin_url', $_CONF['site_admin_url']);
1110 $login->set_var ('layout_url', $_CONF['layout_url']);
1111 $login->set_var ('lang_login', $LANG_LOGIN[3]);
1112 $login->set_var ('lang_newuser', $LANG_LOGIN[4]);
1113 $login->parse ('output', 'login');
1114 $retval .= $login->finish ($login->get_var('output'));
1115 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
1116 $retval .= COM_siteFooter ();
1121 $result = DB_query ("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user");
1122 $nrows = DB_numRows ($result);
1123 if ($nrows == 0) { // no such user
1124 return COM_refresh ($_CONF['site_url'] . '/index.php');
1126 $A = DB_fetchArray ($result);
1128 $display_name = COM_getDisplayName ($user, $A['username'], $A['fullname']);
1130 // format date/time to user preference
1131 $curtime = COM_getUserDateTimeFormat ($A['regdate']);
1132 $A['regdate'] = $curtime[0];
1134 $user_templates = new Template ($_CONF['path_layout'] . 'users');
1135 $user_templates->set_file (array ('profile' => 'profile.thtml',
1136 'row' => 'commentrow.thtml',
1137 'strow' => 'storyrow.thtml'));
1138 $user_templates->set_var ( 'xhtml', XHTML );
1139 $user_templates->set_var ('site_url', $_CONF['site_url']);
1140 $user_templates->set_var ('start_block_userprofile',
1141 COM_startBlock ($LANG04[1] . ' ' . $display_name));
1142 $user_templates->set_var ('end_block', COM_endBlock ());
1143 $user_templates->set_var ('lang_username', $LANG04[2]);
1144 if ($_CONF['show_fullname'] == 1) {
1145 $user_templates->set_var ('username', $A['fullname']);
1146 $user_templates->set_var ('user_fullname', $A['username']);
1148 $user_templates->set_var ('username', $A['username']);
1149 $user_templates->set_var ('user_fullname', $A['fullname']);
1152 if (SEC_hasRights('user.edit')) {
1153 global $_IMAGE_TYPE, $LANG_ADMIN;
1154 $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.'
1155 . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit']
1156 . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
1157 $edit_link_url = COM_createLink(
1159 "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}"
1161 $user_templates->set_var ('edit_link', $edit_link_url);
1164 $photo = USER_getPhoto ($user, $A['photo'], $A['email'], -1);
1165 $user_templates->set_var ('user_photo', $photo);
1167 $user_templates->set_var ('lang_membersince', $LANG04[67]);
1168 $user_templates->set_var ('user_regdate', $A['regdate']);
1169 $user_templates->set_var ('lang_email', $LANG04[5]);
1170 $user_templates->set_var ('user_id', $user);
1171 $user_templates->set_var ('lang_sendemail', $LANG04[81]);
1172 $user_templates->set_var ('lang_homepage', $LANG04[6]);
1173 $user_templates->set_var ('user_homepage', COM_killJS ($A['homepage']));
1174 $user_templates->set_var ('lang_location', $LANG04[106]);
1175 $user_templates->set_var ('user_location', strip_tags ($A['location']));
1176 $user_templates->set_var ('lang_bio', $LANG04[7]);
1177 $user_templates->set_var ('user_bio', nl2br (stripslashes ($A['about'])));
1178 $user_templates->set_var ('lang_pgpkey', $LANG04[8]);
1179 $user_templates->set_var ('user_pgp', nl2br ($A['pgpkey']));
1180 $user_templates->set_var ('start_block_last10stories',
1181 COM_startBlock ($LANG04[82] . ' ' . $display_name));
1182 $user_templates->set_var ('start_block_last10comments',
1183 COM_startBlock($LANG04[10] . ' ' . $display_name));
1184 $user_templates->set_var ('start_block_postingstats',
1185 COM_startBlock ($LANG04[83] . ' ' . $display_name));
1186 $user_templates->set_var ('lang_title', $LANG09[16]);
1187 $user_templates->set_var ('lang_date', $LANG09[17]);
1189 // for alternative layouts: use these as headlines instead of block titles
1190 $user_templates->set_var ('headline_last10stories', $LANG04[82]);
1191 $user_templates->set_var ('headline_last10comments', $LANG04[10]);
1192 $user_templates->set_var ('headline_postingstats', $LANG04[83]);
1194 $result = DB_query ("SELECT tid FROM {$_TABLES['topics']}"
1195 . COM_getPermSQL ());
1196 $nrows = DB_numRows ($result);
1198 for ($i = 0; $i < $nrows; $i++) {
1199 $T = DB_fetchArray ($result);
1200 $tids[] = $T['tid'];
1202 $topics = "'" . implode ("','", $tids) . "'";
1204 // list of last 10 stories by this user
1205 if (count($tids) > 0) {
1206 $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
1207 $sql .= " ORDER BY unixdate DESC LIMIT 10";
1208 $result = DB_query ($sql);
1209 $nrows = DB_numRows ($result);
1214 for ($i = 0; $i < $nrows; $i++) {
1215 $C = DB_fetchArray ($result);
1216 $user_templates->set_var ('cssid', ($i % 2) + 1);
1217 $user_templates->set_var ('row_number', ($i + 1) . '.');
1218 $articleUrl = COM_buildUrl ($_CONF['site_url']
1219 . '/article.php?story=' . $C['sid']);
1220 $user_templates->set_var ('article_url', $articleUrl);
1221 $C['title'] = str_replace ('$', '$', $C['title']);
1222 $user_templates->set_var ('story_title',
1224 stripslashes ($C['title']),
1226 array('class'=> 'b')
1229 $storytime = COM_getUserDateTimeFormat ($C['unixdate']);
1230 $user_templates->set_var ('story_date', $storytime[0]);
1231 $user_templates->parse ('story_row', 'strow', true);
1234 $user_templates->set_var ('story_row',
1235 '<tr><td>' . $LANG01[37] . '</td></tr>');
1238 // list of last 10 comments by this user
1239 $sidArray = array();
1240 if (count($tids) > 0) {
1241 // first, get a list of all stories the current visitor has access to
1242 $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
1243 $result = DB_query($sql);
1244 $numsids = DB_numRows($result);
1245 for ($i = 1; $i <= $numsids; $i++) {
1246 $S = DB_fetchArray ($result);
1247 $sidArray[] = $S['sid'];
1251 $sidList = implode("', '",$sidArray);
1252 $sidList = "'$sidList'";
1254 // then, find all comments by the user in those stories
1255 $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
1257 // SQL NOTE: Using a HAVING clause is usually faster than a where if the
1258 // field is part of the select
1259 // if (!empty ($sidList)) {
1260 // $sql .= " AND (sid in ($sidList))";
1262 if (!empty ($sidList)) {
1263 $sql .= " HAVING sid in ($sidList)";
1265 $sql .= " ORDER BY unixdate DESC LIMIT 10";
1267 $result = DB_query($sql);
1268 $nrows = DB_numRows($result);
1270 for ($i = 0; $i < $nrows; $i++) {
1271 $C = DB_fetchArray ($result);
1272 $user_templates->set_var ('cssid', ($i % 2) + 1);
1273 $user_templates->set_var ('row_number', ($i + 1) . '.');
1274 $comment_url = $_CONF['site_url']
1275 . '/comment.php?mode=view&cid=' . $C['cid'];
1276 $C['title'] = str_replace ('$', '$', $C['title']);
1277 $user_templates->set_var ('comment_title',
1279 stripslashes ($C['title']),
1281 array('class'=> 'b')
1284 $commenttime = COM_getUserDateTimeFormat ($C['unixdate']);
1285 $user_templates->set_var ('comment_date', $commenttime[0]);
1286 $user_templates->parse ('comment_row', 'row', true);
1289 $user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>');
1292 // posting stats for this user
1293 $user_templates->set_var ('lang_number_stories', $LANG04[84]);
1294 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND');
1295 $result = DB_query($sql);
1296 $N = DB_fetchArray ($result);
1297 $user_templates->set_var ('number_stories', COM_numberFormat ($N['count']));
1298 $user_templates->set_var ('lang_number_comments', $LANG04[85]);
1299 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user)";
1300 if (!empty ($sidList)) {
1301 $sql .= " AND (sid in ($sidList))";
1303 $result = DB_query ($sql);
1304 $N = DB_fetchArray ($result);
1305 $user_templates->set_var ('number_comments', COM_numberFormat($N['count']));
1306 $user_templates->set_var ('lang_all_postings_by',
1307 $LANG04[86] . ' ' . $display_name);
1309 // Call custom registration function if enabled and exists
1310 if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userDisplay') ) {
1311 $user_templates->set_var ('customfields', CUSTOM_userDisplay ($user));
1313 PLG_profileVariablesDisplay ($user, $user_templates);
1315 $user_templates->parse ('output', 'profile');
1316 $retval .= $user_templates->finish ($user_templates->get_var ('output'));
1318 $retval .= PLG_profileBlocksDisplay ($user);
1324 * Saves user's preferences back to the database
1326 * @param array $A User's data to save
1330 function savepreferences($A)
1332 global $_CONF, $_TABLES, $_USER;
1334 if (isset ($A['noicons']) && ($A['noicons'] == 'on')) {
1339 if (isset ($A['willing']) && ($A['willing'] == 'on')) {
1344 if (isset ($A['noboxes']) && ($A['noboxes'] == 'on')) {
1349 if (isset ($A['emailfromadmin']) && ($A['emailfromadmin'] == 'on')) {
1350 $A['emailfromadmin'] = 1;
1352 $A['emailfromadmin'] = 0;
1354 if (isset ($A['emailfromuser']) && ($A['emailfromuser'] == 'on')) {
1355 $A['emailfromuser'] = 1;
1357 $A['emailfromuser'] = 0;
1359 if (isset ($A['showonline']) && ($A['showonline'] == 'on')) {
1360 $A['showonline'] = 1;
1362 $A['showonline'] = 0;
1365 $A['maxstories'] = COM_applyFilter ($A['maxstories'], true);
1366 if (empty ($A['maxstories'])) {
1367 $A['maxstories'] = 0;
1368 } else if ($A['maxstories'] > 0) {
1369 if ($A['maxstories'] < $_CONF['minnews']) {
1370 $A['maxstories'] = $_CONF['minnews'];
1374 $TIDS = @array_values($A['topics']); // array of strings
1375 $AIDS = @array_values($A['selauthors']); // array of integers
1376 $BOXES = @array_values($A['blocks']); // array of integers
1377 $ETIDS = @array_values($A['etids']); // array of strings
1378 $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS)
1381 if (count($TIDS) > 0) {
1382 // the array_intersect mitigates the need to scrub the TIDS input
1383 $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS)));
1387 if (count($AIDS) > 0) {
1388 // Scrub the AIDS array to prevent SQL injection and bad values
1389 foreach ($AIDS as $key => $val) {
1390 $AIDS[$key] = COM_applyFilter($val, true);
1392 $aids = addslashes (implode (' ', $AIDS));
1395 $selectedblocks = '';
1396 if (count ($BOXES) > 0) {
1397 // Scrub the BOXES array to prevent SQL injection and bad values
1398 foreach ($BOXES as $key => $val) {
1399 $BOXES[$key] = COM_applyFilter($val, true);
1401 $boxes = addslashes (implode (',', $BOXES));
1403 $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)");
1404 $numRows = DB_numRows($blockresult);
1405 for ($x = 1; $x <= $numRows; $x++) {
1406 $row = DB_fetchArray ($blockresult);
1407 if ($row['name'] <> 'user_block' AND $row['name'] <> 'admin_block' AND $row['name'] <> 'section_block') {
1408 $selectedblocks .= $row['bid'];
1409 if ($x <> $numRows) {
1410 $selectedblocks .= ' ';
1417 if (($_CONF['emailstories'] == 1) && (count($ETIDS) > 0)) {
1418 // the array_intersect mitigates the need to scrub the ETIDS input
1419 $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS)));
1422 if (isset ($A['tzid'])) {
1423 $A['tzid'] = COM_applyFilter ($A['tzid']);
1428 if (isset($A['theme'])) {
1429 $A['theme'] = COM_applyFilter($A['theme']);
1431 if (empty($A['theme'])) {
1432 $A['theme'] = $_CONF['theme'];
1435 if (isset($A['language'])) {
1436 $A['language'] = COM_applyFilter($A['language']);
1438 if (empty($A['language'])) {
1439 $A['language'] = $_CONF['language'];
1442 // Save theme, when doing so, put in cookie so we can set the user's theme
1443 // even when they aren't logged in
1444 $theme = addslashes ($A['theme']);
1445 $language = addslashes ($A['language']);
1446 DB_query("UPDATE {$_TABLES['users']} SET theme='$theme',language='$language' WHERE uid = '{$_USER['uid']}'");
1447 setcookie ($_CONF['cookie_theme'], $A['theme'], time() + 31536000,
1448 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1449 $_CONF['cookiesecure']);
1450 setcookie ($_CONF['cookie_language'], $A['language'], time() + 31536000,
1451 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1452 $_CONF['cookiesecure']);
1453 setcookie ($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000,
1454 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1455 $_CONF['cookiesecure']);
1457 $A['dfid'] = COM_applyFilter ($A['dfid'], true);
1459 DB_query("UPDATE {$_TABLES['userprefs']} SET noicons='{$A['noicons']}', willing='{$A['willing']}', dfid='{$A['dfid']}', tzid='{$A['tzid']}', emailfromadmin='{$A['emailfromadmin']}', emailfromuser='{$A['emailfromuser']}', showonline='{$A['showonline']}' WHERE uid='{$_USER['uid']}'");
1461 if (empty ($etids)) {
1464 DB_save($_TABLES['userindex'],"uid,tids,aids,boxes,noboxes,maxstories,etids","'{$_USER['uid']}','$tids','$aids','$selectedblocks','{$A['noboxes']}',{$A['maxstories']},'$etids'");
1466 $A['commentmode'] = COM_applyFilter ($A['commentmode']);
1467 if (empty ($A['commentmode'])) {
1468 $A['commentmode'] = $_CONF['comment_mode'];
1470 $A['commentmode'] = addslashes ($A['commentmode']);
1472 $A['commentorder'] = COM_applyFilter ($A['commentorder']);
1473 if (empty ($A['commentorder'])) {
1474 $A['commentorder'] = 'ASC';
1476 $A['commentorder'] = addslashes ($A['commentorder']);
1478 $A['commentlimit'] = COM_applyFilter ($A['commentlimit'], true);
1479 if ($A['commentlimit'] <= 0) {
1480 $A['commentlimit'] = $_CONF['comment_limit'];
1483 DB_save($_TABLES['usercomment'],'uid,commentmode,commentorder,commentlimit',"'{$_USER['uid']}','{$A['commentmode']}','{$A['commentorder']}','{$A['commentlimit']}'");
1485 PLG_userInfoChanged ($_USER['uid']);
1490 if (isset($_POST['btncancel']) AND $_POST['btncancel'] == $LANG_ADMIN['cancel']) {
1491 echo COM_refresh($_CONF['site_url']);
1493 } else if (isset($_POST['btnsubmit']) AND ($_POST['btnsubmit'] == $LANG04[96]) && ($_POST['mode'] != 'deleteconfirmed')) {
1494 $mode = 'confirmdelete';
1495 } else if (isset ($_POST['mode'])) {
1496 $mode = COM_applyFilter ($_POST['mode']);
1497 } else if (isset ($_GET['mode'])) {
1498 $mode = COM_applyFilter ($_GET['mode']);
1503 if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) {
1506 savepreferences ($_POST);
1507 $display .= saveuser($_POST);
1508 PLG_profileExtrasSave ();
1511 case 'savepreferences':
1512 savepreferences ($_POST);
1513 $display .= COM_refresh ($_CONF['site_url']
1514 . '/usersettings.php?mode=preferences&msg=6');
1517 case 'confirmdelete':
1518 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) {
1519 $accountId = COM_applyFilter ($_POST['account_id']);
1520 if (!empty ($accountId)) {
1521 $display .= confirmAccountDelete ($accountId);
1523 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1526 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1530 case 'deleteconfirmed':
1531 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) {
1532 $accountId = COM_applyFilter ($_POST['account_id']);
1533 if (!empty ($accountId)) {
1534 $display .= deleteUserAccount ($accountId);
1536 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1539 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1544 PLG_profileExtrasSave ($_POST['plugin']);
1545 $display = COM_refresh ($_CONF['site_url']
1546 . '/usersettings.php?msg=5');
1549 default: // also if $mode == 'edit', 'preferences', or 'comments'
1550 $display .= COM_siteHeader('menu', $LANG04[16]);
1551 $display .= COM_showMessageFromParameter();
1552 $display .= edituser();
1553 $display .= COM_siteFooter();
1557 $display .= COM_siteHeader ('menu');
1558 $display .= COM_startBlock ($LANG04[70] . '!');
1559 $display .= '<br' . XHTML . '>' . $LANG04[71] . '<br' . XHTML . '><br' . XHTML . '>';
1560 $display .= COM_endBlock ();
1561 $display .= COM_siteFooter ();
1564 COM_output($display);