Modernized the "timezone hack", made the config option a dropdown, and moved all timezone-related code into a new TimeZoneConfig class
3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
7 // | usersettings.php |
9 // | Geeklog user settings page. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
35 require_once 'lib-common.php';
36 require_once $_CONF['path_system'] . 'lib-user.php';
38 // Set this to true to have this script generate various debug messages in
42 // Uncomment the line below if you need to debug the HTTP variables being passed
43 // to the script. This will sometimes cause errors but it will allow you to see
44 // the data being passed in a POST operation
45 // echo COM_debug($_POST);
48 * Shows the user's current settings
53 global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN;
55 $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}");
56 $A = DB_fetchArray ($result);
58 $preferences = new Template ($_CONF['path_layout'] . 'preferences');
59 $preferences->set_file (array ('profile' => 'profile.thtml',
60 'photo' => 'userphoto.thtml',
61 'username' => 'username.thtml',
62 'deleteaccount' => 'deleteaccount.thtml'));
64 include ($_CONF['path_system'] . 'classes/navbar.class.php');
67 foreach ($LANG_MYACCOUNT as $id => $label) {
68 $navbar->add_menuitem($label,'showhideProfileEditorDiv("'.$id.'",'.$cnt.');return false;',true);
71 $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
72 $preferences->set_var ( 'xhtml', XHTML );
73 $preferences->set_var ('navbar', $navbar->generate());
75 $preferences->set_var ('site_url', $_CONF['site_url']);
76 $preferences->set_var ('layout_url', $_CONF['layout_url']);
77 $preferences->set_var ('no_javascript_warning',$LANG04[150]);
79 $preferences->set_var ('cssid1', 1);
80 $preferences->set_var ('cssid2', 2);
82 $preferences->set_var ('preview', userprofile($_USER['uid']));
83 $preferences->set_var ('prefs', editpreferences());
85 // some trickery to ensure alternating colors with the available options ...
86 if ($_CONF['allow_username_change'] == 1) {
93 $preferences->set_var ('cssid1u', $first);
94 $preferences->set_var ('cssid2u', $second);
96 if ($_CONF['allow_user_photo'] == 1) {
101 $preferences->set_var ('cssid1p', $first);
102 $preferences->set_var ('cssid2p', $second);
104 $preferences->set_var ('lang_fullname', $LANG04[3]);
105 $preferences->set_var ('lang_fullname_text', $LANG04[34]);
106 $preferences->set_var ('lang_username', $LANG04[2]);
107 $preferences->set_var ('lang_username_text', $LANG04[87]);
108 $preferences->set_var ('lang_password_help_title', $LANG04[146]);
109 $preferences->set_var ('lang_password_help', $LANG04[147]);
110 $preferences->set_var ('lang_password', $LANG04[4]);
111 $preferences->set_var ('lang_password_text', $LANG04[35]);
112 $preferences->set_var ('lang_password_conf', $LANG04[108]);
113 $preferences->set_var ('lang_password_text_conf', $LANG04[109]);
114 $preferences->set_var ('lang_old_password', $LANG04[110]);
115 $preferences->set_var ('lang_old_password_text', $LANG04[111]);
116 $preferences->set_var ('lang_cooktime', $LANG04[68]);
117 $preferences->set_var ('lang_cooktime_text', $LANG04[69]);
118 $preferences->set_var ('lang_email', $LANG04[5]);
119 $preferences->set_var ('lang_email_text', $LANG04[33]);
120 $preferences->set_var ('lang_email_conf', $LANG04[124]);
121 $preferences->set_var ('lang_email_conf_text', $LANG04[126]);
122 $preferences->set_var ('lang_userinfo_help_title', $LANG04[148]);
123 $preferences->set_var ('lang_userinfo_help', $LANG04[149]);
124 $preferences->set_var ('lang_homepage', $LANG04[6]);
125 $preferences->set_var ('lang_homepage_text', $LANG04[36]);
126 $preferences->set_var ('lang_location', $LANG04[106]);
127 $preferences->set_var ('lang_location_text', $LANG04[107]);
128 $preferences->set_var ('lang_signature', $LANG04[32]);
129 $preferences->set_var ('lang_signature_text', $LANG04[37]);
130 $preferences->set_var ('lang_userphoto', $LANG04[77]);
131 $preferences->set_var ('lang_userphoto_text', $LANG04[78]);
132 $preferences->set_var ('lang_about', $LANG04[7]);
133 $preferences->set_var ('lang_about_text', $LANG04[38]);
134 $preferences->set_var ('lang_pgpkey', $LANG04[8]);
135 $preferences->set_var ('lang_pgpkey_text', $LANG04[39]);
136 $preferences->set_var ('lang_submit', $LANG04[9]);
137 $preferences->set_var ('lang_cancel',$LANG_ADMIN['cancel']);
138 $preferences->set_var ('lang_preview_title', $LANG04[145]);
139 $preferences->set_var ('lang_enter_current_password', $LANG04[127]);
140 $preferences->set_var ('lang_name_legend', $LANG04[128]);
141 $preferences->set_var ('lang_password_email_legend', $LANG04[129]);
142 $preferences->set_var ('lang_personal_info_legend', $LANG04[130]);
144 $display_name = COM_getDisplayName ($_USER['uid']);
146 //$preferences->set_var ('start_block_profile',
147 // COM_startBlock ($LANG04[1] . ' ' . $display_name));
148 //$preferences->set_var ('end_block', COM_endBlock ());
150 $preferences->set_var ('profile_headline',
151 $LANG04[1] . ' ' . $display_name);
153 if ($_CONF['allow_user_photo'] == 1) {
154 $preferences->set_var ('enctype', 'enctype="multipart/form-data"');
156 $preferences->set_var ('enctype', '');
158 $preferences->set_var ('fullname_value', htmlspecialchars ($A['fullname']));
159 $preferences->set_var ('new_username_value',
160 htmlspecialchars ($_USER['username']));
161 $preferences->set_var ('password_value', '');
162 if ($_CONF['allow_username_change'] == 1) {
163 $preferences->parse ('username_option', 'username', true);
165 $preferences->set_var ('username_option', '');
168 $selection = '<select id="cooktime" name="cooktime">' . LB;
169 $selection .= COM_optionList ($_TABLES['cookiecodes'], 'cc_value,cc_descr',
170 $A['cookietimeout'], 0);
171 $selection .= '</select>';
172 $preferences->set_var ('cooktime_selector', $selection);
174 $preferences->set_var ('email_value', htmlspecialchars ($A['email']));
175 $preferences->set_var ('homepage_value',
176 htmlspecialchars (COM_killJS ($A['homepage'])));
177 $preferences->set_var ('location_value',
178 htmlspecialchars (strip_tags ($A['location'])));
179 $preferences->set_var ('signature_value', htmlspecialchars ($A['sig']));
181 if ($_CONF['allow_user_photo'] == 1) {
182 $photo = USER_getPhoto ($_USER['uid'], $A['photo'], $A['email'], -1);
183 if (empty ($photo)) {
184 $preferences->set_var ('display_photo', '');
186 if (empty ($A['photo'])) { // external avatar
187 $photo = '<br' . XHTML . '>' . $photo;
188 } else { // uploaded photo - add delete option
189 $photo = '<br' . XHTML . '>' . $photo . '<br' . XHTML . '>' . $LANG04[79]
190 . ' <input type="checkbox" name="delete_photo"' . XHTML . '>'
193 $preferences->set_var ('display_photo', $photo);
195 if (empty($_CONF['image_lib'])) {
196 $scaling = $LANG04[162];
198 $scaling = $LANG04[161];
200 $preferences->set_var('photo_max_dimensions',
201 sprintf($LANG04[160],
202 $_CONF['max_photo_width'], $_CONF['max_photo_height'],
203 $_CONF['max_photo_size'], $scaling));
204 $preferences->parse ('userphoto_option', 'photo', true);
206 $preferences->set_var ('userphoto_option', '');
209 $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}");
210 $A = DB_fetchArray($result);
212 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
213 DB_change ($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']);
215 $preferences->set_var ('about_value', htmlspecialchars ($A['about']));
216 $preferences->set_var ('pgpkey_value', htmlspecialchars ($A['pgpkey']));
217 $preferences->set_var ('uid_value', $reqid);
218 $preferences->set_var ('username_value',
219 htmlspecialchars ($_USER['username']));
221 if ($_CONF['allow_account_delete'] == 1) {
222 $preferences->set_var ('lang_deleteaccount', $LANG04[156]);
223 $preferences->set_var ('delete_text', $LANG04[95]);
224 $preferences->set_var ('lang_button_delete', $LANG04[96]);
225 $preferences->set_var ('delete_mode', 'confirmdelete');
226 $preferences->set_var ('account_id', $reqid);
227 if (isset ($LANG04[157])) {
228 $preferences->set_var ('lang_deleteoption', $LANG04[157]);
230 $preferences->set_var ('lang_deleteoption', $LANG04[156]);
232 $preferences->parse ('delete_account_option', 'deleteaccount', false);
234 $preferences->set_var ('delete_account_option', '');
237 // Call custom account form and edit function if enabled and exists
238 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) {
239 $preferences->set_var ('customfields', CUSTOM_userEdit($_USER['uid']) );
242 PLG_profileVariablesEdit ($_USER['uid'], $preferences);
244 $retval = $preferences->finish ($preferences->parse ('output', 'profile'));
245 $retval .= PLG_profileBlocksEdit ($_USER['uid']);
251 * Ask user for confirmation to delete his/her account.
253 * @param string form_reqid request id
254 * @return string confirmation form
257 function confirmAccountDelete ($form_reqid)
259 global $_CONF, $_TABLES, $_USER, $LANG04;
261 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) {
263 return COM_refresh ($_CONF['site_url'] . '/index.php');
266 // to change the password, email address, or cookie timeout,
267 // we need the user's current password
268 $current_password = DB_getItem($_TABLES['users'], 'passwd',
269 "uid = {$_USER['uid']}");
270 if (empty($_POST['old_passwd']) ||
271 (SEC_encryptPassword($_POST['old_passwd']) != $current_password)) {
272 return COM_refresh($_CONF['site_url']
273 . '/usersettings.php?msg=84');
276 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
277 DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
278 'uid', $_USER['uid']);
282 $retval .= COM_siteHeader ('menu', $LANG04[97]);
283 $retval .= COM_startBlock ($LANG04[97], '',
284 COM_getBlockTemplate ('_msg_block', 'header'));
285 $retval .= '<p>' . $LANG04[98] . '</p>' . LB;
286 $retval .= '<form action="' . $_CONF['site_url']
287 . '/usersettings.php" method="post"><div>' . LB;
288 $retval .= '<p align="center"><input type="submit" name="btnsubmit" value="'
289 . $LANG04[96] . '"' . XHTML . '></p>' . LB;
290 $retval .= '<input type="hidden" name="mode" value="deleteconfirmed"' . XHTML . '>' . LB;
291 $retval .= '<input type="hidden" name="account_id" value="' . $reqid
292 . '"' . XHTML . '>' . LB;
293 $retval .= '</div></form>' . LB;
294 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
295 $retval .= COM_siteFooter ();
303 * @param string form_reqid request id
304 * @return string redirection to main page (+ success msg)
307 function deleteUserAccount ($form_reqid)
309 global $_CONF, $_TABLES, $_USER;
311 if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'),
312 array ($form_reqid, $_USER['uid'])) != 1) {
314 return COM_refresh ($_CONF['site_url'] . '/index.php');
317 if (!USER_deleteAccount ($_USER['uid'])) {
318 return COM_refresh ($_CONF['site_url'] . '/index.php');
321 return COM_refresh ($_CONF['site_url'] . '/index.php?msg=57');
325 * Displays user preferences
328 function editpreferences()
330 global $_TABLES, $_CONF, $LANG04, $_USER, $_GROUPS;
332 $result = DB_query("SELECT noicons,willing,dfid,tzid,noboxes,maxstories,tids,aids,boxes,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userprefs']},{$_TABLES['userindex']} WHERE {$_TABLES['userindex']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']}");
334 $A = DB_fetchArray($result);
336 // 'maxstories' may be 0, in which case it will pick up the default
337 // setting for the current topic or $_CONF['limitnews'] (see index.php)
338 if (empty ($A['maxstories'])) {
339 $A['maxstories'] = 0;
340 } else if ($A['maxstories'] > 0) {
341 if ($A['maxstories'] < $_CONF['minnews']) {
342 $A['maxstories'] = $_CONF['minnews'];
346 $preferences = new Template ($_CONF['path_layout'] . 'preferences');
347 $preferences->set_file (array ('prefs' => 'displayprefs.thtml',
348 'display' => 'displayblock.thtml',
349 'exclude' => 'excludeblock.thtml',
350 'digest' => 'digestblock.thtml',
351 'boxes' => 'boxesblock.thtml',
352 'comment' => 'commentblock.thtml',
353 'language' => 'language.thtml',
354 'theme' => 'theme.thtml',
355 'privacy' => 'privacyblock.thtml'
357 $preferences->set_var ( 'xhtml', XHTML );
358 $preferences->set_var ('site_url', $_CONF['site_url']);
359 $preferences->set_var ('layout_url', $_CONF['layout_url']);
361 $preferences->set_var ('user_name', $_USER['username']);
363 $preferences->set_var ('lang_language', $LANG04[73]);
364 $preferences->set_var ('lang_theme', $LANG04[72]);
365 $preferences->set_var ('lang_theme_text', $LANG04[74]);
366 $preferences->set_var ('lang_misc_title', $LANG04[138]);
367 $preferences->set_var ('lang_misc_help_title', $LANG04[139]);
368 $preferences->set_var ('lang_misc_help', $LANG04[140]);
369 $preferences->set_var ('lang_noicons', $LANG04[40]);
370 $preferences->set_var ('lang_noicons_text', $LANG04[49]);
371 $preferences->set_var ('lang_noboxes', $LANG04[44]);
372 $preferences->set_var ('lang_noboxes_text', $LANG04[51]);
373 $preferences->set_var ('lang_maxstories', $LANG04[43]);
374 if (strpos ($LANG04[52], '%d') === false) {
375 $maxtext = $LANG04[52] . ' ' . $_CONF['limitnews'];
377 $maxtext = sprintf ($LANG04[52], $_CONF['limitnews']);
379 $preferences->set_var ('lang_maxstories_text', $maxtext);
380 $preferences->set_var ('lang_dateformat', $LANG04[42]);
381 $preferences->set_var ('lang_excluded_items_title', $LANG04[137]);
382 $preferences->set_var ('lang_excluded_items', $LANG04[54]);
383 $preferences->set_var ('lang_exclude_title', $LANG04[136]);
384 $preferences->set_var ('lang_topics', $LANG04[48]);
385 $preferences->set_var ('lang_emailedtopics', $LANG04[76]);
386 $preferences->set_var ('lang_digest_top_header', $LANG04[131]);
387 $preferences->set_var ('lang_digest_help_header', $LANG04[132]);
388 $preferences->set_var ('lang_boxes_title', $LANG04[144]);
389 $preferences->set_var ('lang_boxes_help_title', $LANG04[143]);
390 $preferences->set_var ('lang_boxes', $LANG04[55]);
391 $preferences->set_var ('lang_displaymode', $LANG04[57]);
392 $preferences->set_var ('lang_displaymode_text', $LANG04[60]);
393 $preferences->set_var ('lang_sortorder', $LANG04[58]);
394 $preferences->set_var ('lang_sortorder_text', $LANG04[61]);
395 $preferences->set_var ('lang_comment_title', $LANG04[133]);
396 $preferences->set_var ('lang_comment_help_title', $LANG04[134]);
397 $preferences->set_var ('lang_comment_help', $LANG04[135]);
398 $preferences->set_var ('lang_commentlimit', $LANG04[59]);
399 $preferences->set_var ('lang_commentlimit_text', $LANG04[62]);
400 $preferences->set_var ('lang_privacy_title', $LANG04[141]);
401 $preferences->set_var ('lang_privacy_help_title', $LANG04[141]);
402 $preferences->set_var ('lang_privacy_help', $LANG04[142]);
403 $preferences->set_var ('lang_emailfromadmin', $LANG04[100]);
404 $preferences->set_var ('lang_emailfromadmin_text', $LANG04[101]);
405 $preferences->set_var ('lang_emailfromuser', $LANG04[102]);
406 $preferences->set_var ('lang_emailfromuser_text', $LANG04[103]);
407 $preferences->set_var ('lang_showonline', $LANG04[104]);
408 $preferences->set_var ('lang_showonline_text', $LANG04[105]);
409 $preferences->set_var ('lang_submit', $LANG04[9]);
411 $display_name = COM_getDisplayName ($_USER['uid']);
413 $preferences->set_var ('lang_authors_exclude', $LANG04[46]);
414 $preferences->set_var ('lang_boxes_exclude', $LANG04[47]);
416 $preferences->set_var ('start_block_display',
417 COM_startBlock ($LANG04[45] . ' ' . $display_name));
418 $preferences->set_var ('start_block_digest',
419 COM_startBlock ($LANG04[75] . ' ' . $display_name));
420 $preferences->set_var ('start_block_comment',
421 COM_startBlock ($LANG04[64] . ' ' . $display_name));
422 $preferences->set_var ('start_block_privacy',
423 COM_startBlock ($LANG04[99] . ' ' . $display_name));
424 $preferences->set_var ('end_block', COM_endBlock ());
426 $preferences->set_var ('display_headline',
427 $LANG04[45] . ' ' . $display_name);
428 $preferences->set_var ('exclude_headline',
429 $LANG04[46] . ' ' . $display_name);
430 $preferences->set_var ('digest_headline',
431 $LANG04[75] . ' ' . $display_name);
432 $preferences->set_var ('boxes_headline',
433 $LANG04[47] . ' ' . $display_name);
434 $preferences->set_var ('comment_headline',
435 $LANG04[64] . ' ' . $display_name);
436 $preferences->set_var ('privacy_headline',
437 $LANG04[99] . ' ' . $display_name);
439 // display preferences block
440 if ($_CONF['allow_user_language'] == 1) {
442 if (empty ($_USER['language'])) {
443 $userlang = $_CONF['language'];
445 $userlang = $_USER['language'];
448 // Get available languages
449 $language = MBYTE_languageList ($_CONF['default_charset']);
451 $has_valid_language = count (array_keys ($language, $userlang));
452 if ($has_valid_language == 0) {
453 // The user's preferred language is no longer available.
454 // We have a problem now, since we've overwritten $_CONF['language']
455 // with the user's preferred language ($_USER['language']) and
456 // therefore don't know what the system's default language is.
457 // So we'll try to find a similar language. If that doesn't help,
458 // the dropdown will default to the first language in the list ...
459 $tmp = explode ('_', $userlang);
460 $similarLang = $tmp[0];
463 $selection = '<select id="language" name="language">' . LB;
465 foreach ($language as $langFile => $langName) {
466 $selection .= '<option value="' . $langFile . '"';
467 if (($langFile == $userlang) || (($has_valid_language == 0) &&
468 (strpos ($langFile, $similarLang) === 0))) {
469 $selection .= ' selected="selected"';
470 $has_valid_language = 1;
471 } else if ($userlang == $langFile) {
472 $selection .= ' selected="selected"';
475 $selection .= '>' . $langName . '</option>' . LB;
477 $selection .= '</select>';
478 $preferences->set_var ('language_selector', $selection);
479 $preferences->parse ('language_selection', 'language', true);
481 $preferences->set_var ('language_selection', '');
484 if ($_CONF['allow_user_themes'] == 1) {
485 $selection = '<select id="theme" name="theme">' . LB;
487 if (empty ($_USER['theme'])) {
488 $usertheme = $_CONF['theme'];
490 $usertheme = $_USER['theme'];
493 $themeFiles = COM_getThemes ();
495 create_function ('$a,$b', 'return strcasecmp($a,$b);'));
497 foreach ($themeFiles as $theme) {
498 $selection .= '<option value="' . $theme . '"';
499 if ($usertheme == $theme) {
500 $selection .= ' selected="selected"';
502 $words = explode ('_', $theme);
504 foreach ($words as $th) {
505 if ((strtolower ($th{0}) == $th{0}) &&
506 (strtolower ($th{1}) == $th{1})) {
507 $bwords[] = strtoupper ($th{0}) . substr ($th, 1);
512 $selection .= '>' . implode (' ', $bwords) . '</option>' . LB;
514 $selection .= '</select>';
515 $preferences->set_var ('theme_selector', $selection);
516 $preferences->parse ('theme_selection', 'theme', true);
518 $preferences->set_var ('theme_selection', '');
522 require_once $_CONF['path_system'] . 'classes/timezoneconfig.class.php';
524 $timezone = TimeZoneConfig::getUserTimeZone();
525 $selection = TimeZoneConfig::getTimeZoneDropDown($timezone,
526 array('id' => 'tzid', 'name' => 'tzid'));
528 $preferences->set_var('timezone_selector', $selection);
529 $preferences->set_var('lang_timezone', $LANG04[158]);
531 if ($A['noicons'] == '1') {
532 $preferences->set_var ('noicons_checked', 'checked="checked"');
534 $preferences->set_var ('noicons_checked', '');
537 if ($A['noboxes'] == 1) {
538 $preferences->set_var ('noboxes_checked', 'checked="checked"');
540 $preferences->set_var ('noboxes_checked', '');
543 $preferences->set_var ('maxstories_value', $A['maxstories']);
544 $selection = '<select id="dfid" name="dfid">' . LB
545 . COM_optionList ($_TABLES['dateformats'], 'dfid,description',
546 $A['dfid']) . '</select>';
547 $preferences->set_var ('dateformat_selector', $selection);
548 $preferences->parse ('display_block', 'display', true);
550 // privacy options block
551 if ($A['emailfromadmin'] == 1) {
552 $preferences->set_var ('emailfromadmin_checked', 'checked="checked"');
554 $preferences->set_var ('emailfromadmin_checked', '');
556 if ($A['emailfromuser'] == 1) {
557 $preferences->set_var ('emailfromuser_checked', 'checked="checked"');
559 $preferences->set_var ('emailfromuser_checked', '');
561 if ($A['showonline'] == 1) {
562 $preferences->set_var ('showonline_checked', 'checked="checked"');
564 $preferences->set_var ('showonline_checked', '');
566 PLG_profileVariablesEdit ($_USER['uid'], $preferences);
567 $preferences->parse ('privacy_block', 'privacy', true);
569 // excluded items block
570 $permissions = COM_getPermSQL ('');
571 $preferences->set_var ('exclude_topic_checklist',
572 COM_checkList($_TABLES['topics'], 'tid,topic', $permissions, $A['tids'],
575 if (($_CONF['contributedbyline'] == 1) &&
576 ($_CONF['hide_author_exclusion'] == 0)) {
577 $preferences->set_var ('lang_authors', $LANG04[56]);
578 $sql = "SELECT DISTINCT story.uid, users.username,users.fullname FROM {$_TABLES['stories']} story, {$_TABLES['users']} users WHERE story.uid = users.uid";
579 if ($_CONF['show_fullname'] == 1) {
580 $sql .= ' ORDER BY users.fullname';
582 $sql .= ' ORDER BY users.username';
584 $query = DB_query ($sql);
585 $nrows = DB_numRows ($query );
586 $authors = explode (' ', $A['aids']);
589 for( $i = 0; $i < $nrows; $i++ ) {
590 $B = DB_fetchArray ($query);
591 $selauthors .= '<option value="' . $B['uid'] . '"';
592 if (in_array (sprintf ('%d', $B['uid']), $authors)) {
593 $selauthors .= ' selected';
595 $selauthors .= '>' . COM_getDisplayName ($B['uid'], $B['username'],
600 if (DB_count($_TABLES['topics']) > 10) {
601 $Selboxsize = intval (DB_count ($_TABLES['topics']) * 1.5);
605 $preferences->set_var ('exclude_author_checklist', '<select name="selauthors[]" multiple="multiple" size="'. $Selboxsize. '">' . $selauthors . '</select>');
607 $preferences->set_var ('lang_authors', '');
608 $preferences->set_var ('exclude_author_checklist', '');
610 $preferences->parse ('exclude_block', 'exclude', true);
612 // daily digest block
613 if ($_CONF['emailstories'] == 1) {
614 $user_etids = DB_getItem ($_TABLES['userindex'], 'etids',
615 "uid = {$_USER['uid']}");
616 if (empty ($user_etids)) { // an empty string now means "all topics"
617 $etids = USER_getAllowedTopics();
618 $user_etids = implode(' ', $etids);
619 } elseif ($user_etids == '-') { // this means "no topics"
622 $tmp = COM_checkList($_TABLES['topics'], 'tid,topic', $permissions,
623 $user_etids, 'topics');
624 $preferences->set_var('email_topic_checklist',
625 str_replace($_TABLES['topics'], 'etids', $tmp));
626 $preferences->parse('digest_block', 'digest', true);
628 $preferences->set_var('digest_block', '');
632 $selectedblocks = '';
633 if (strlen($A['boxes']) > 0) {
634 $blockresult = DB_query("SELECT bid FROM {$_TABLES['blocks']} WHERE bid NOT IN (" . str_replace(' ',',',$A['boxes']) . ")");
635 for ($x = 1; $x <= DB_numRows($blockresult); $x++) {
636 $row = DB_fetchArray($blockresult);
637 $selectedblocks .= $row['bid'];
638 if ($x <> DB_numRows($blockresult)) {
639 $selectedblocks .= ' ';
644 if (!empty ($permissions)) {
645 $whereblock .= $permissions . ' AND ';
647 $whereblock .= "((type != 'layout' AND type != 'gldefault' AND is_enabled = 1) OR "
648 . "(type = 'gldefault' AND is_enabled = 1 AND name IN ('whats_new_block','older_stories'))) "
649 . "ORDER BY onleft desc,blockorder,title";
650 $preferences->set_var ('boxes_checklist', COM_checkList ($_TABLES['blocks'],
651 'bid,title,type', $whereblock, $selectedblocks));
652 $preferences->parse ('boxes_block', 'boxes', true);
654 // comment preferences block
655 $result = DB_query("SELECT commentmode,commentorder,commentlimit FROM {$_TABLES['usercomment']} WHERE uid = {$_USER['uid']}");
656 $A = DB_fetchArray ($result);
658 if (empty ($A['commentmode'])) {
659 $A['commentmode'] = $_CONF['comment_mode'];
661 if (empty ($A['commentorder'])) $A['commentorder'] = 0;
662 if (empty ($A['commentlimit'])) $A['commentlimit'] = 100;
664 $selection = '<select id="commentmode" name="commentmode">';
665 $selection .= COM_optionList ($_TABLES['commentmodes'], 'mode,name',
667 $selection .= '</select>';
668 $preferences->set_var ('displaymode_selector', $selection);
670 $selection = '<select id="commentorder" name="commentorder">';
671 $selection .= COM_optionList ($_TABLES['sortcodes'], 'code,name',
673 $selection .= '</select>';
674 $preferences->set_var ('sortorder_selector', $selection);
675 $preferences->set_var ('commentlimit_value', $A['commentlimit']);
676 $preferences->parse ('comment_block', 'comment', true);
678 return $preferences->finish ($preferences->parse ('output', 'prefs'));
682 * Check if an email address already exists in the database
684 * NOTE: Allows remote accounts to have duplicate email addresses
686 * @param email string email address to check
687 * @param uid int user id of current user
688 * @return bool true = exists, false = does not exist
691 function emailAddressExists ($email, $uid)
695 $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '$uid'");
696 if ($email == $old_email) {
697 // email address didn't change so don't care
701 $email = addslashes($email);
702 $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE email = '$email' AND uid <> '$uid' AND (remoteservice IS NULL OR remoteservice = '')");
703 if (DB_numRows($result) > 0) {
704 // email address is already in use for another non-remote account
712 * Upload new photo, delete old photo
714 * @param string $delete_photo 'on': delete old photo
715 * @return string filename of new photo (empty = no new photo)
718 function handlePhotoUpload ($delete_photo = '')
720 global $_CONF, $_TABLES, $_USER, $LANG24;
722 require_once ($_CONF['path_system'] . 'classes/upload.class.php');
724 $upload = new upload();
725 if (!empty ($_CONF['image_lib'])) {
726 if ($_CONF['image_lib'] == 'imagemagick') {
728 $upload->setMogrifyPath ($_CONF['path_to_mogrify']);
729 } elseif ($_CONF['image_lib'] == 'netpbm') {
731 $upload->setNetPBM ($_CONF['path_to_netpbm']);
732 } elseif ($_CONF['image_lib'] == 'gdlib') {
733 // using the GD library
734 $upload->setGDLib ();
736 $upload->setAutomaticResize (true);
737 if (isset ($_CONF['debug_image_upload']) &&
738 $_CONF['debug_image_upload']) {
739 $upload->setLogFile ($_CONF['path'] . 'logs/error.log');
740 $upload->setDebug (true);
742 if (isset($_CONF['jpeg_quality'])) {
743 $upload->setJpegQuality($_CONF['jpeg_quality']);
746 $upload->setAllowedMimeTypes (array ('image/gif' => '.gif',
747 'image/jpeg' => '.jpg,.jpeg',
748 'image/pjpeg' => '.jpg,.jpeg',
749 'image/x-png' => '.png',
750 'image/png' => '.png'
752 if (!$upload->setPath ($_CONF['path_images'] . 'userphotos')) {
753 $display = COM_siteHeader ('menu', $LANG24[30]);
754 $display .= COM_startBlock ($LANG24[30], '',
755 COM_getBlockTemplate ('_msg_block', 'header'));
756 $display .= $upload->printErrors (false);
757 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
759 $display .= COM_siteFooter ();
760 COM_output($display);
761 exit; // don't return
765 if (!empty ($delete_photo) && ($delete_photo == 'on')) {
766 $delete_photo = true;
768 $delete_photo = false;
771 $curphoto = DB_getItem ($_TABLES['users'], 'photo',
772 "uid = {$_USER['uid']}");
773 if (empty ($curphoto)) {
774 $delete_photo = false;
777 // see if user wants to upload a (new) photo
778 $newphoto = $_FILES['photo'];
779 if (!empty ($newphoto['name'])) {
780 $pos = strrpos ($newphoto['name'], '.') + 1;
781 $fextension = substr ($newphoto['name'], $pos);
782 $filename = $_USER['username'] . '.' . $fextension;
784 if (!empty ($curphoto) && ($filename != $curphoto)) {
785 $delete_photo = true;
787 $delete_photo = false;
791 // delete old photo first
793 USER_deletePhoto ($curphoto);
797 if (!empty ($filename)) {
798 $upload->setFileNames ($filename);
799 $upload->setPerms ('0644');
800 if (($_CONF['max_photo_width'] > 0) &&
801 ($_CONF['max_photo_height'] > 0)) {
802 $upload->setMaxDimensions ($_CONF['max_photo_width'],
803 $_CONF['max_photo_height']);
805 $upload->setMaxDimensions ($_CONF['max_image_width'],
806 $_CONF['max_image_height']);
808 if ($_CONF['max_photo_size'] > 0) {
809 $upload->setMaxFileSize($_CONF['max_photo_size']);
811 $upload->setMaxFileSize($_CONF['max_image_size']);
813 $upload->uploadFiles ();
815 if ($upload->areErrors ()) {
816 $display = COM_siteHeader ('menu', $LANG24[30]);
817 $display .= COM_startBlock ($LANG24[30], '',
818 COM_getBlockTemplate ('_msg_block', 'header'));
819 $display .= $upload->printErrors (false);
820 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
822 $display .= COM_siteFooter ();
823 COM_output($display);
824 exit; // don't return
826 } else if (!$delete_photo && !empty ($curphoto)) {
827 $filename = $curphoto;
834 * Saves the user's information back to the database
836 * @param array $A User's data
837 * @return string HTML error message or meta redirect
840 function saveuser($A)
842 global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
845 COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
848 $reqid = DB_getItem ($_TABLES['users'], 'pwrequestid',
849 "uid = {$_USER['uid']}");
850 if ($reqid != $A['uid']) {
851 DB_change ($_TABLES['users'], 'pwrequestid', "NULL",
852 'uid', $_USER['uid']);
853 COM_accessLog ("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
855 return COM_refresh ($_CONF['site_url'] . '/index.php');
858 if (! isset($A['cooktime'])) {
859 // If not set or possibly removed from template - set to default
860 $A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
862 $A['cooktime'] = COM_applyFilter($A['cooktime'], true);
864 // If empty or invalid - set to user default
865 // So code after this does not fail the user password required test
866 if ($A['cooktime'] < 0) { // note that == 0 is allowed!
867 $A['cooktime'] = $_USER['cookietimeout'];
870 // to change the password, email address, or cookie timeout,
871 // we need the user's current password
872 $current_password = DB_getItem($_TABLES['users'], 'passwd',
873 "uid = {$_USER['uid']}");
874 if (!empty ($A['passwd']) || ($A['email'] != $_USER['email']) ||
875 ($A['cooktime'] != $_USER['cookietimeout'])) {
876 if (empty($A['old_passwd']) ||
877 (SEC_encryptPassword($A['old_passwd']) != $current_password)) {
879 return COM_refresh ($_CONF['site_url']
880 . '/usersettings.php?msg=83');
881 } elseif ($_CONF['custom_registration'] &&
882 function_exists ('CUSTOM_userCheck')) {
883 $ret = CUSTOM_userCheck ($A['username'], $A['email']);
885 // Need a numeric return for the default message handler
886 // - if not numeric use default message
887 if (!is_numeric($ret['number'])) {
888 $ret['number'] = 400;
890 return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
893 } elseif ($_CONF['custom_registration'] &&
894 function_exists ('CUSTOM_userCheck')) {
895 $ret = CUSTOM_userCheck ($A['username'], $A['email']);
897 // Need a numeric return for the default message handler
898 // - if not numeric use default message
899 if (!is_numeric($ret['number'])) {
900 $ret['number'] = 400;
902 return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
906 // no need to filter the password as it's encoded anyway
907 if ($_CONF['allow_username_change'] == 1) {
908 $A['new_username'] = COM_applyFilter ($A['new_username']);
909 if (!empty ($A['new_username']) &&
910 ($A['new_username'] != $_USER['username'])) {
911 $A['new_username'] = addslashes ($A['new_username']);
912 if (DB_count ($_TABLES['users'], 'username', $A['new_username']) == 0) {
913 if ($_CONF['allow_user_photo'] == 1) {
914 $photo = DB_getItem ($_TABLES['users'], 'photo',
915 "uid = {$_USER['uid']}");
916 if (!empty ($photo)) {
917 $newphoto = preg_replace ('/' . $_USER['username'] . '/',
918 $A['new_username'], $photo, 1);
919 $imgpath = $_CONF['path_images'] . 'userphotos/';
920 if (rename ($imgpath . $photo,
921 $imgpath . $newphoto) === false) {
922 $display = COM_siteHeader ('menu', $LANG04[21]);
923 $display .= COM_errorLog ('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
924 $display .= COM_siteFooter ();
928 DB_change ($_TABLES['users'], 'photo',
929 addslashes ($newphoto), "uid", $_USER['uid']);
933 DB_change ($_TABLES['users'], 'username', $A['new_username'],
934 "uid", $_USER['uid']);
936 return COM_refresh ($_CONF['site_url']
937 . '/usersettings.php?msg=51');
942 // a quick spam check with the unfiltered field contents
943 $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>'
944 . '<p>'. COM_createLink($A['homepage'], $A['homepage'])
945 . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>'
946 . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
947 $result = PLG_checkforSpam ($profile, $_CONF['spamx']);
949 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden');
952 $A['email'] = COM_applyFilter ($A['email']);
953 $A['email_conf'] = COM_applyFilter ($A['email_conf']);
954 $A['homepage'] = COM_applyFilter ($A['homepage']);
956 // basic filtering only
957 $A['fullname'] = strip_tags (COM_stripslashes ($A['fullname']));
958 $A['location'] = strip_tags (COM_stripslashes ($A['location']));
959 $A['sig'] = strip_tags (COM_stripslashes ($A['sig']));
960 $A['about'] = strip_tags (COM_stripslashes ($A['about']));
961 $A['pgpkey'] = strip_tags (COM_stripslashes ($A['pgpkey']));
963 if (!COM_isEmail ($A['email'])) {
964 return COM_refresh ($_CONF['site_url']
965 . '/usersettings.php?msg=52');
966 } else if ($A['email'] !== $A['email_conf']) {
967 return COM_refresh ($_CONF['site_url']
968 . '/usersettings.php?msg=78');
969 } else if (emailAddressExists ($A['email'], $_USER['uid'])) {
970 return COM_refresh ($_CONF['site_url']
971 . '/usersettings.php?msg=56');
974 if (!empty($A['passwd'])) {
975 if (($A['passwd'] == $A['passwd_conf']) &&
976 (SEC_encryptPassword($A['old_passwd']) == $current_password)) {
977 $passwd = SEC_encryptPassword($A['passwd']);
978 DB_change($_TABLES['users'], 'passwd', "$passwd",
979 "uid", $_USER['uid']);
980 if ($A['cooktime'] > 0) {
981 $cooktime = $A['cooktime'];
985 SEC_setCookie($_CONF['cookie_password'], $passwd,
987 } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
988 return COM_refresh ($_CONF['site_url']
989 . '/usersettings.php?msg=68');
990 } elseif ($A['passwd'] != $A['passwd_conf']) {
991 return COM_refresh ($_CONF['site_url']
992 . '/usersettings.php?msg=67');
997 COM_errorLog('cooktime = ' . $A['cooktime'],1);
1000 if ($A['cooktime'] <= 0) {
1002 SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
1003 time() - $cooktime);
1005 SEC_setCookie($_CONF['cookie_name'], $_USER['uid'],
1006 time() + $A['cooktime']);
1009 if ($_CONF['allow_user_photo'] == 1) {
1011 if (isset ($A['delete_photo'])) {
1012 $delete_photo = $A['delete_photo'];
1014 $filename = handlePhotoUpload ($delete_photo);
1017 if (!empty ($A['homepage'])) {
1018 $pos = MBYTE_strpos ($A['homepage'], ':');
1019 if ($pos === false) {
1020 $A['homepage'] = 'http://' . $A['homepage'];
1023 $prot = substr ($A['homepage'], 0, $pos + 1);
1024 if (($prot != 'http:') && ($prot != 'https:')) {
1025 $A['homepage'] = 'http:' . substr ($A['homepage'], $pos + 1);
1028 $A['homepage'] = addslashes ($A['homepage']);
1031 $A['fullname'] = addslashes ($A['fullname']);
1032 $A['email'] = addslashes ($A['email']);
1033 $A['location'] = addslashes ($A['location']);
1034 $A['sig'] = addslashes ($A['sig']);
1035 $A['about'] = addslashes ($A['about']);
1036 $A['pgpkey'] = addslashes ($A['pgpkey']);
1038 if (!empty ($filename)) {
1039 if (!file_exists ($_CONF['path_images'] . 'userphotos/' . $filename)) {
1044 DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='$filename' WHERE uid={$_USER['uid']}");
1045 DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
1047 // Call custom registration save function if enabled and exists
1048 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) {
1049 CUSTOM_userSave($_USER['uid']);
1052 PLG_userInfoChanged ($_USER['uid']);
1055 COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
1058 return COM_refresh ($_CONF['site_url'] . '/users.php?mode=profile&uid='
1059 . $_USER['uid'] . '&msg=5');
1064 * Shows a profile for a user
1066 * This grabs the user profile for a given user and displays it
1068 * @param int $user User ID of profile to get
1069 * @param int $msg Message to display (if != 0)
1070 * @return string HTML for user profile page
1073 function userprofile ($user, $msg = 0)
1075 global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
1079 if (empty ($_USER['username']) &&
1080 (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) {
1081 $retval .= COM_siteHeader ('menu');
1082 $retval .= COM_startBlock ($LANG_LOGIN[1], '',
1083 COM_getBlockTemplate ('_msg_block', 'header'));
1084 $login = new Template($_CONF['path_layout'] . 'submit');
1085 $login->set_file (array ('login'=>'submitloginrequired.thtml'));
1086 $login->set_var ( 'xhtml', XHTML );
1087 $login->set_var ('login_message', $LANG_LOGIN[2]);
1088 $login->set_var ('site_url', $_CONF['site_url']);
1089 $login->set_var ('site_admin_url', $_CONF['site_admin_url']);
1090 $login->set_var ('layout_url', $_CONF['layout_url']);
1091 $login->set_var ('lang_login', $LANG_LOGIN[3]);
1092 $login->set_var ('lang_newuser', $LANG_LOGIN[4]);
1093 $login->parse ('output', 'login');
1094 $retval .= $login->finish ($login->get_var('output'));
1095 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
1096 $retval .= COM_siteFooter ();
1101 $result = DB_query ("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user");
1102 $nrows = DB_numRows ($result);
1103 if ($nrows == 0) { // no such user
1104 return COM_refresh ($_CONF['site_url'] . '/index.php');
1106 $A = DB_fetchArray ($result);
1108 $display_name = COM_getDisplayName ($user, $A['username'], $A['fullname']);
1110 // format date/time to user preference
1111 $curtime = COM_getUserDateTimeFormat ($A['regdate']);
1112 $A['regdate'] = $curtime[0];
1114 $user_templates = new Template ($_CONF['path_layout'] . 'users');
1115 $user_templates->set_file (array ('profile' => 'profile.thtml',
1116 'row' => 'commentrow.thtml',
1117 'strow' => 'storyrow.thtml'));
1118 $user_templates->set_var ( 'xhtml', XHTML );
1119 $user_templates->set_var ('site_url', $_CONF['site_url']);
1120 $user_templates->set_var ('start_block_userprofile',
1121 COM_startBlock ($LANG04[1] . ' ' . $display_name));
1122 $user_templates->set_var ('end_block', COM_endBlock ());
1123 $user_templates->set_var ('lang_username', $LANG04[2]);
1124 if ($_CONF['show_fullname'] == 1) {
1125 $user_templates->set_var ('username', $A['fullname']);
1126 $user_templates->set_var ('user_fullname', $A['username']);
1128 $user_templates->set_var ('username', $A['username']);
1129 $user_templates->set_var ('user_fullname', $A['fullname']);
1132 if (SEC_hasRights('user.edit')) {
1133 global $_IMAGE_TYPE, $LANG_ADMIN;
1134 $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.'
1135 . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit']
1136 . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
1137 $edit_link_url = COM_createLink(
1139 "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}"
1141 $user_templates->set_var ('edit_link', $edit_link_url);
1144 $photo = USER_getPhoto ($user, $A['photo'], $A['email'], -1);
1145 $user_templates->set_var ('user_photo', $photo);
1147 $user_templates->set_var ('lang_membersince', $LANG04[67]);
1148 $user_templates->set_var ('user_regdate', $A['regdate']);
1149 $user_templates->set_var ('lang_email', $LANG04[5]);
1150 $user_templates->set_var ('user_id', $user);
1151 $user_templates->set_var ('lang_sendemail', $LANG04[81]);
1152 $user_templates->set_var ('lang_homepage', $LANG04[6]);
1153 $user_templates->set_var ('user_homepage', COM_killJS ($A['homepage']));
1154 $user_templates->set_var ('lang_location', $LANG04[106]);
1155 $user_templates->set_var ('user_location', strip_tags ($A['location']));
1156 $user_templates->set_var ('lang_bio', $LANG04[7]);
1157 $user_templates->set_var ('user_bio', nl2br (stripslashes ($A['about'])));
1158 $user_templates->set_var ('lang_pgpkey', $LANG04[8]);
1159 $user_templates->set_var ('user_pgp', nl2br ($A['pgpkey']));
1160 $user_templates->set_var ('start_block_last10stories',
1161 COM_startBlock ($LANG04[82] . ' ' . $display_name));
1162 $user_templates->set_var ('start_block_last10comments',
1163 COM_startBlock($LANG04[10] . ' ' . $display_name));
1164 $user_templates->set_var ('start_block_postingstats',
1165 COM_startBlock ($LANG04[83] . ' ' . $display_name));
1166 $user_templates->set_var ('lang_title', $LANG09[16]);
1167 $user_templates->set_var ('lang_date', $LANG09[17]);
1169 // for alternative layouts: use these as headlines instead of block titles
1170 $user_templates->set_var ('headline_last10stories', $LANG04[82]);
1171 $user_templates->set_var ('headline_last10comments', $LANG04[10]);
1172 $user_templates->set_var ('headline_postingstats', $LANG04[83]);
1174 $result = DB_query ("SELECT tid FROM {$_TABLES['topics']}"
1175 . COM_getPermSQL ());
1176 $nrows = DB_numRows ($result);
1178 for ($i = 0; $i < $nrows; $i++) {
1179 $T = DB_fetchArray ($result);
1180 $tids[] = $T['tid'];
1182 $topics = "'" . implode ("','", $tids) . "'";
1184 // list of last 10 stories by this user
1185 if (count($tids) > 0) {
1186 $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
1187 $sql .= " ORDER BY unixdate DESC LIMIT 10";
1188 $result = DB_query ($sql);
1189 $nrows = DB_numRows ($result);
1194 for ($i = 0; $i < $nrows; $i++) {
1195 $C = DB_fetchArray ($result);
1196 $user_templates->set_var ('cssid', ($i % 2) + 1);
1197 $user_templates->set_var ('row_number', ($i + 1) . '.');
1198 $articleUrl = COM_buildUrl ($_CONF['site_url']
1199 . '/article.php?story=' . $C['sid']);
1200 $user_templates->set_var ('article_url', $articleUrl);
1201 $C['title'] = str_replace ('$', '$', $C['title']);
1202 $user_templates->set_var ('story_title',
1204 stripslashes ($C['title']),
1206 array('class'=> 'b')
1209 $storytime = COM_getUserDateTimeFormat ($C['unixdate']);
1210 $user_templates->set_var ('story_date', $storytime[0]);
1211 $user_templates->parse ('story_row', 'strow', true);
1214 $user_templates->set_var ('story_row',
1215 '<tr><td>' . $LANG01[37] . '</td></tr>');
1218 // list of last 10 comments by this user
1219 $sidArray = array();
1220 if (count($tids) > 0) {
1221 // first, get a list of all stories the current visitor has access to
1222 $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
1223 $result = DB_query($sql);
1224 $numsids = DB_numRows($result);
1225 for ($i = 1; $i <= $numsids; $i++) {
1226 $S = DB_fetchArray ($result);
1227 $sidArray[] = $S['sid'];
1231 $sidList = implode("', '",$sidArray);
1232 $sidList = "'$sidList'";
1234 // then, find all comments by the user in those stories
1235 $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
1237 // SQL NOTE: Using a HAVING clause is usually faster than a where if the
1238 // field is part of the select
1239 // if (!empty ($sidList)) {
1240 // $sql .= " AND (sid in ($sidList))";
1242 if (!empty ($sidList)) {
1243 $sql .= " HAVING sid in ($sidList)";
1245 $sql .= " ORDER BY unixdate DESC LIMIT 10";
1247 $result = DB_query($sql);
1248 $nrows = DB_numRows($result);
1250 for ($i = 0; $i < $nrows; $i++) {
1251 $C = DB_fetchArray ($result);
1252 $user_templates->set_var ('cssid', ($i % 2) + 1);
1253 $user_templates->set_var ('row_number', ($i + 1) . '.');
1254 $comment_url = $_CONF['site_url']
1255 . '/comment.php?mode=view&cid=' . $C['cid'];
1256 $C['title'] = str_replace ('$', '$', $C['title']);
1257 $user_templates->set_var ('comment_title',
1259 stripslashes ($C['title']),
1261 array('class'=> 'b')
1264 $commenttime = COM_getUserDateTimeFormat ($C['unixdate']);
1265 $user_templates->set_var ('comment_date', $commenttime[0]);
1266 $user_templates->parse ('comment_row', 'row', true);
1269 $user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>');
1272 // posting stats for this user
1273 $user_templates->set_var ('lang_number_stories', $LANG04[84]);
1274 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND');
1275 $result = DB_query($sql);
1276 $N = DB_fetchArray ($result);
1277 $user_templates->set_var ('number_stories', COM_numberFormat ($N['count']));
1278 $user_templates->set_var ('lang_number_comments', $LANG04[85]);
1279 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user)";
1280 if (!empty ($sidList)) {
1281 $sql .= " AND (sid in ($sidList))";
1283 $result = DB_query ($sql);
1284 $N = DB_fetchArray ($result);
1285 $user_templates->set_var ('number_comments', COM_numberFormat($N['count']));
1286 $user_templates->set_var ('lang_all_postings_by',
1287 $LANG04[86] . ' ' . $display_name);
1289 // Call custom registration function if enabled and exists
1290 if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userDisplay') ) {
1291 $user_templates->set_var ('customfields', CUSTOM_userDisplay ($user));
1293 PLG_profileVariablesDisplay ($user, $user_templates);
1295 $user_templates->parse ('output', 'profile');
1296 $retval .= $user_templates->finish ($user_templates->get_var ('output'));
1298 $retval .= PLG_profileBlocksDisplay ($user);
1304 * Saves user's preferences back to the database
1306 * @param array $A User's data to save
1310 function savepreferences($A)
1312 global $_CONF, $_TABLES, $_USER;
1314 if (isset ($A['noicons']) && ($A['noicons'] == 'on')) {
1319 if (isset ($A['willing']) && ($A['willing'] == 'on')) {
1324 if (isset ($A['noboxes']) && ($A['noboxes'] == 'on')) {
1329 if (isset ($A['emailfromadmin']) && ($A['emailfromadmin'] == 'on')) {
1330 $A['emailfromadmin'] = 1;
1332 $A['emailfromadmin'] = 0;
1334 if (isset ($A['emailfromuser']) && ($A['emailfromuser'] == 'on')) {
1335 $A['emailfromuser'] = 1;
1337 $A['emailfromuser'] = 0;
1339 if (isset ($A['showonline']) && ($A['showonline'] == 'on')) {
1340 $A['showonline'] = 1;
1342 $A['showonline'] = 0;
1345 $A['maxstories'] = COM_applyFilter ($A['maxstories'], true);
1346 if (empty ($A['maxstories'])) {
1347 $A['maxstories'] = 0;
1348 } else if ($A['maxstories'] > 0) {
1349 if ($A['maxstories'] < $_CONF['minnews']) {
1350 $A['maxstories'] = $_CONF['minnews'];
1354 $TIDS = @array_values($A['topics']); // array of strings
1355 $AIDS = @array_values($A['selauthors']); // array of integers
1356 $BOXES = @array_values($A['blocks']); // array of integers
1357 $ETIDS = @array_values($A['etids']); // array of strings
1358 $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS)
1361 if (count($TIDS) > 0) {
1362 // the array_intersect mitigates the need to scrub the TIDS input
1363 $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS)));
1367 if (count($AIDS) > 0) {
1368 // Scrub the AIDS array to prevent SQL injection and bad values
1369 foreach ($AIDS as $key => $val) {
1370 $AIDS[$key] = COM_applyFilter($val, true);
1372 $aids = addslashes (implode (' ', $AIDS));
1375 $selectedblocks = '';
1376 if (count ($BOXES) > 0) {
1377 // Scrub the BOXES array to prevent SQL injection and bad values
1378 foreach ($BOXES as $key => $val) {
1379 $BOXES[$key] = COM_applyFilter($val, true);
1381 $boxes = addslashes (implode (',', $BOXES));
1383 $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)");
1384 $numRows = DB_numRows($blockresult);
1385 for ($x = 1; $x <= $numRows; $x++) {
1386 $row = DB_fetchArray ($blockresult);
1387 if ($row['name'] <> 'user_block' AND $row['name'] <> 'admin_block' AND $row['name'] <> 'section_block') {
1388 $selectedblocks .= $row['bid'];
1389 if ($x <> $numRows) {
1390 $selectedblocks .= ' ';
1397 if (($_CONF['emailstories'] == 1) && (count($ETIDS) > 0)) {
1398 // the array_intersect mitigates the need to scrub the ETIDS input
1399 $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS)));
1402 if (isset ($A['tzid'])) {
1403 $A['tzid'] = COM_applyFilter ($A['tzid']);
1408 if (isset($A['theme'])) {
1409 $A['theme'] = COM_applyFilter($A['theme']);
1411 if (empty($A['theme'])) {
1412 $A['theme'] = $_CONF['theme'];
1415 if (isset($A['language'])) {
1416 $A['language'] = COM_applyFilter($A['language']);
1418 if (empty($A['language'])) {
1419 $A['language'] = $_CONF['language'];
1422 // Save theme, when doing so, put in cookie so we can set the user's theme
1423 // even when they aren't logged in
1424 $theme = addslashes ($A['theme']);
1425 $language = addslashes ($A['language']);
1426 DB_query("UPDATE {$_TABLES['users']} SET theme='$theme',language='$language' WHERE uid = '{$_USER['uid']}'");
1427 setcookie ($_CONF['cookie_theme'], $A['theme'], time() + 31536000,
1428 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1429 $_CONF['cookiesecure']);
1430 setcookie ($_CONF['cookie_language'], $A['language'], time() + 31536000,
1431 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1432 $_CONF['cookiesecure']);
1433 setcookie ($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000,
1434 $_CONF['cookie_path'], $_CONF['cookiedomain'],
1435 $_CONF['cookiesecure']);
1437 $A['dfid'] = COM_applyFilter ($A['dfid'], true);
1439 DB_query("UPDATE {$_TABLES['userprefs']} SET noicons='{$A['noicons']}', willing='{$A['willing']}', dfid='{$A['dfid']}', tzid='{$A['tzid']}', emailfromadmin='{$A['emailfromadmin']}', emailfromuser='{$A['emailfromuser']}', showonline='{$A['showonline']}' WHERE uid='{$_USER['uid']}'");
1441 if (empty ($etids)) {
1444 DB_save($_TABLES['userindex'],"uid,tids,aids,boxes,noboxes,maxstories,etids","'{$_USER['uid']}','$tids','$aids','$selectedblocks','{$A['noboxes']}',{$A['maxstories']},'$etids'");
1446 $A['commentmode'] = COM_applyFilter ($A['commentmode']);
1447 if (empty ($A['commentmode'])) {
1448 $A['commentmode'] = $_CONF['comment_mode'];
1450 $A['commentmode'] = addslashes ($A['commentmode']);
1452 $A['commentorder'] = COM_applyFilter ($A['commentorder']);
1453 if (empty ($A['commentorder'])) {
1454 $A['commentorder'] = 'ASC';
1456 $A['commentorder'] = addslashes ($A['commentorder']);
1458 $A['commentlimit'] = COM_applyFilter ($A['commentlimit'], true);
1459 if ($A['commentlimit'] <= 0) {
1460 $A['commentlimit'] = $_CONF['comment_limit'];
1463 DB_save($_TABLES['usercomment'],'uid,commentmode,commentorder,commentlimit',"'{$_USER['uid']}','{$A['commentmode']}','{$A['commentorder']}','{$A['commentlimit']}'");
1465 PLG_userInfoChanged ($_USER['uid']);
1470 if (isset($_POST['btncancel']) AND $_POST['btncancel'] == $LANG_ADMIN['cancel']) {
1471 echo COM_refresh($_CONF['site_url']);
1473 } else if (isset($_POST['btnsubmit']) AND ($_POST['btnsubmit'] == $LANG04[96]) && ($_POST['mode'] != 'deleteconfirmed')) {
1474 $mode = 'confirmdelete';
1475 } else if (isset ($_POST['mode'])) {
1476 $mode = COM_applyFilter ($_POST['mode']);
1477 } else if (isset ($_GET['mode'])) {
1478 $mode = COM_applyFilter ($_GET['mode']);
1483 if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) {
1486 savepreferences ($_POST);
1487 $display .= saveuser($_POST);
1488 PLG_profileExtrasSave ();
1491 case 'savepreferences':
1492 savepreferences ($_POST);
1493 $display .= COM_refresh ($_CONF['site_url']
1494 . '/usersettings.php?mode=preferences&msg=6');
1497 case 'confirmdelete':
1498 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) {
1499 $accountId = COM_applyFilter ($_POST['account_id']);
1500 if (!empty ($accountId)) {
1501 $display .= confirmAccountDelete ($accountId);
1503 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1506 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1510 case 'deleteconfirmed':
1511 if (($_CONF['allow_account_delete'] == 1) && ($_USER['uid'] > 1)) {
1512 $accountId = COM_applyFilter ($_POST['account_id']);
1513 if (!empty ($accountId)) {
1514 $display .= deleteUserAccount ($accountId);
1516 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1519 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
1524 PLG_profileExtrasSave ($_POST['plugin']);
1525 $display = COM_refresh ($_CONF['site_url']
1526 . '/usersettings.php?msg=5');
1529 default: // also if $mode == 'edit', 'preferences', or 'comments'
1530 $display .= COM_siteHeader('menu', $LANG04[16]);
1531 $display .= COM_showMessageFromParameter();
1532 $display .= edituser();
1533 $display .= COM_siteFooter();
1537 $display .= COM_siteHeader ('menu');
1538 $display .= COM_startBlock ($LANG04[70] . '!');
1539 $display .= '<br' . XHTML . '>' . $LANG04[71] . '<br' . XHTML . '><br' . XHTML . '>';
1540 $display .= COM_endBlock ();
1541 $display .= COM_siteFooter ();
1544 COM_output($display);