PageRenderTime 57ms CodeModel.GetById 21ms RepoModel.GetById 1ms app.codeStats 0ms

/phpBB/includes/ucp/ucp_profile.php

http://github.com/phpbb/phpbb3
PHP | 847 lines | 564 code | 155 blank | 128 comment | 101 complexity | e9777fc0ea223b323a106a781b50fccb MD5 | raw file
Possible License(s): AGPL-1.0
  1. <?php
  2. /**
  3. *
  4. * This file is part of the phpBB Forum Software package.
  5. *
  6. * @copyright (c) phpBB Limited <https://www.phpbb.com>
  7. * @license GNU General Public License, version 2 (GPL-2.0)
  8. *
  9. * For full copyright and license information, please see
  10. * the docs/CREDITS.txt file.
  11. *
  12. */
  13. /**
  14. * @ignore
  15. */
  16. if (!defined('IN_PHPBB'))
  17. {
  18. exit;
  19. }
  20. /**
  21. * ucp_profile
  22. * Changing profile settings
  23. *
  24. * @todo what about pertaining user_sig_options?
  25. */
  26. class ucp_profile
  27. {
  28. var $u_action;
  29. function main($id, $mode)
  30. {
  31. global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
  32. global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
  33. $user->add_lang('posting');
  34. $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
  35. $error = $data = array();
  36. $s_hidden_fields = '';
  37. switch ($mode)
  38. {
  39. case 'reg_details':
  40. $data = array(
  41. 'username' => $request->variable('username', $user->data['username'], true),
  42. 'email' => strtolower($request->variable('email', $user->data['user_email'])),
  43. 'new_password' => $request->variable('new_password', '', true),
  44. 'cur_password' => $request->variable('cur_password', '', true),
  45. 'password_confirm' => $request->variable('password_confirm', '', true),
  46. );
  47. /**
  48. * Modify user registration data on editing account settings in UCP
  49. *
  50. * @event core.ucp_profile_reg_details_data
  51. * @var array data Array with current or updated user registration data
  52. * @var bool submit Flag indicating if submit button has been pressed
  53. * @since 3.1.4-RC1
  54. */
  55. $vars = array('data', 'submit');
  56. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_data', compact($vars)));
  57. add_form_key('ucp_reg_details');
  58. if ($submit)
  59. {
  60. // Do not check cur_password, it is the old one.
  61. $check_ary = array(
  62. 'new_password' => array(
  63. array('string', true, $config['min_pass_chars'], 0),
  64. array('password')),
  65. 'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
  66. 'email' => array(
  67. array('string', false, 6, 60),
  68. array('user_email')),
  69. );
  70. if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
  71. {
  72. $check_ary['username'] = array(
  73. array('string', false, $config['min_name_chars'], $config['max_name_chars']),
  74. array('username'),
  75. );
  76. }
  77. $error = validate_data($data, $check_ary);
  78. if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
  79. {
  80. $error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
  81. }
  82. // Instantiate passwords manager
  83. /* @var $passwords_manager \phpbb\passwords\manager */
  84. $passwords_manager = $phpbb_container->get('passwords.manager');
  85. // Only check the new password against the previous password if there have been no errors
  86. if (!count($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
  87. {
  88. $error[] = 'SAME_PASSWORD_ERROR';
  89. }
  90. if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
  91. {
  92. $error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
  93. }
  94. if (!check_form_key('ucp_reg_details'))
  95. {
  96. $error[] = 'FORM_INVALID';
  97. }
  98. /**
  99. * Validate user data on editing registration data in UCP
  100. *
  101. * @event core.ucp_profile_reg_details_validate
  102. * @var array data Array with user profile data
  103. * @var bool submit Flag indicating if submit button has been pressed
  104. * @var array error Array of any generated errors
  105. * @since 3.1.4-RC1
  106. */
  107. $vars = array('data', 'submit', 'error');
  108. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars)));
  109. if (!count($error))
  110. {
  111. $sql_ary = array(
  112. 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
  113. 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
  114. 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
  115. 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
  116. );
  117. if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
  118. {
  119. $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
  120. 'reportee_id' => $user->data['user_id'],
  121. $user->data['username'],
  122. $data['username']
  123. ));
  124. }
  125. if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
  126. {
  127. $sql_ary['user_passchg'] = time();
  128. $user->reset_login_keys();
  129. $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
  130. 'reportee_id' => $user->data['user_id'],
  131. $user->data['username']
  132. ));
  133. }
  134. if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
  135. {
  136. $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
  137. 'reportee_id' => $user->data['user_id'],
  138. $user->data['username'],
  139. $user->data['user_email'],
  140. $data['email']
  141. ));
  142. }
  143. $message = 'PROFILE_UPDATED';
  144. if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
  145. {
  146. $message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
  147. include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
  148. $server_url = generate_board_url();
  149. $user_actkey = gen_rand_string(mt_rand(6, 10));
  150. $messenger = new messenger(false);
  151. $template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
  152. $messenger->template($template_file, $user->data['user_lang']);
  153. $messenger->to($data['email'], $data['username']);
  154. $messenger->anti_abuse_headers($config, $user);
  155. $messenger->assign_vars(array(
  156. 'USERNAME' => htmlspecialchars_decode($data['username']),
  157. 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
  158. );
  159. $messenger->send(NOTIFY_EMAIL);
  160. if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
  161. {
  162. $notifications_manager = $phpbb_container->get('notification_manager');
  163. $notifications_manager->add_notifications('notification.type.admin_activate_user', array(
  164. 'user_id' => $user->data['user_id'],
  165. 'user_actkey' => $user_actkey,
  166. 'user_regdate' => time(), // Notification time
  167. ));
  168. }
  169. user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
  170. // Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
  171. $sql_ary['user_actkey'] = $user_actkey;
  172. $sql_ary['user_newpasswd'] = '';
  173. }
  174. /**
  175. * Modify user registration data before submitting it to the database
  176. *
  177. * @event core.ucp_profile_reg_details_sql_ary
  178. * @var array data Array with current or updated user registration data
  179. * @var array sql_ary Array with user registration data to submit to the database
  180. * @since 3.1.4-RC1
  181. */
  182. $vars = array('data', 'sql_ary');
  183. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars)));
  184. if (count($sql_ary))
  185. {
  186. $sql = 'UPDATE ' . USERS_TABLE . '
  187. SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
  188. WHERE user_id = ' . $user->data['user_id'];
  189. $db->sql_query($sql);
  190. }
  191. // Need to update config, forum, topic, posting, messages, etc.
  192. if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
  193. {
  194. user_update_name($user->data['username'], $data['username']);
  195. }
  196. // Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
  197. if (!empty($sql_ary['user_actkey']))
  198. {
  199. meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
  200. $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>');
  201. // Because the user gets deactivated we log him out too, killing his session
  202. $user->session_kill();
  203. }
  204. else
  205. {
  206. meta_refresh(3, $this->u_action);
  207. $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
  208. }
  209. trigger_error($message);
  210. }
  211. // Replace "error" strings with their real, localised form
  212. $error = array_map(array($user, 'lang'), $error);
  213. }
  214. $template->assign_vars(array(
  215. 'ERROR' => (count($error)) ? implode('<br />', $error) : '',
  216. 'USERNAME' => $data['username'],
  217. 'EMAIL' => $data['email'],
  218. 'PASSWORD_CONFIRM' => $data['password_confirm'],
  219. 'NEW_PASSWORD' => $data['new_password'],
  220. 'CUR_PASSWORD' => '',
  221. 'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
  222. 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
  223. 'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
  224. 'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
  225. 'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false,
  226. 'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false)
  227. );
  228. break;
  229. case 'profile_info':
  230. // Do not display profile information panel if not authed to do so
  231. if (!$auth->acl_get('u_chgprofileinfo'))
  232. {
  233. send_status_line(403, 'Forbidden');
  234. trigger_error('NO_AUTH_PROFILEINFO');
  235. }
  236. /* @var $cp \phpbb\profilefields\manager */
  237. $cp = $phpbb_container->get('profilefields.manager');
  238. $cp_data = $cp_error = array();
  239. $data = array(
  240. 'jabber' => $request->variable('jabber', $user->data['user_jabber'], true),
  241. );
  242. if ($config['allow_birthdays'])
  243. {
  244. $data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
  245. if ($user->data['user_birthday'])
  246. {
  247. list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
  248. }
  249. $data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
  250. $data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
  251. $data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
  252. $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
  253. }
  254. /**
  255. * Modify user data on editing profile in UCP
  256. *
  257. * @event core.ucp_profile_modify_profile_info
  258. * @var array data Array with user profile data
  259. * @var bool submit Flag indicating if submit button has been pressed
  260. * @since 3.1.4-RC1
  261. */
  262. $vars = array('data', 'submit');
  263. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_profile_info', compact($vars)));
  264. add_form_key('ucp_profile_info');
  265. if ($submit)
  266. {
  267. $validate_array = array(
  268. 'jabber' => array(
  269. array('string', true, 5, 255),
  270. array('jabber')),
  271. );
  272. if ($config['allow_birthdays'])
  273. {
  274. $validate_array = array_merge($validate_array, array(
  275. 'bday_day' => array('num', true, 1, 31),
  276. 'bday_month' => array('num', true, 1, 12),
  277. 'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50),
  278. 'user_birthday' => array('date', true),
  279. ));
  280. }
  281. $error = validate_data($data, $validate_array);
  282. // validate custom profile fields
  283. $cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
  284. if (count($cp_error))
  285. {
  286. $error = array_merge($error, $cp_error);
  287. }
  288. if (!check_form_key('ucp_profile_info'))
  289. {
  290. $error[] = 'FORM_INVALID';
  291. }
  292. /**
  293. * Validate user data on editing profile in UCP
  294. *
  295. * @event core.ucp_profile_validate_profile_info
  296. * @var array data Array with user profile data
  297. * @var bool submit Flag indicating if submit button has been pressed
  298. * @var array error Array of any generated errors
  299. * @since 3.1.4-RC1
  300. */
  301. $vars = array('data', 'submit', 'error');
  302. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars)));
  303. if (!count($error))
  304. {
  305. $data['notify'] = $user->data['user_notify_type'];
  306. if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml')))
  307. {
  308. // User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
  309. // Disable notify by Jabber now for this user.
  310. $data['notify'] = NOTIFY_EMAIL;
  311. }
  312. $sql_ary = array(
  313. 'user_jabber' => $data['jabber'],
  314. 'user_notify_type' => $data['notify'],
  315. );
  316. if ($config['allow_birthdays'])
  317. {
  318. $sql_ary['user_birthday'] = $data['user_birthday'];
  319. }
  320. /**
  321. * Modify profile data in UCP before submitting to the database
  322. *
  323. * @event core.ucp_profile_info_modify_sql_ary
  324. * @var array cp_data Array with the user custom profile fields data
  325. * @var array data Array with user profile data
  326. * @var array sql_ary user options data we update
  327. * @since 3.1.4-RC1
  328. */
  329. $vars = array('cp_data', 'data', 'sql_ary');
  330. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars)));
  331. $sql = 'UPDATE ' . USERS_TABLE . '
  332. SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
  333. WHERE user_id = ' . $user->data['user_id'];
  334. $db->sql_query($sql);
  335. // Update Custom Fields
  336. $cp->update_profile_field_data($user->data['user_id'], $cp_data);
  337. meta_refresh(3, $this->u_action);
  338. $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
  339. trigger_error($message);
  340. }
  341. // Replace "error" strings with their real, localised form
  342. $error = array_map(array($user, 'lang'), $error);
  343. }
  344. if ($config['allow_birthdays'])
  345. {
  346. $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
  347. for ($i = 1; $i < 32; $i++)
  348. {
  349. $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
  350. $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
  351. }
  352. $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
  353. for ($i = 1; $i < 13; $i++)
  354. {
  355. $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
  356. $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
  357. }
  358. $now = getdate();
  359. $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
  360. for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
  361. {
  362. $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
  363. $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
  364. }
  365. unset($now);
  366. $template->assign_vars(array(
  367. 'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
  368. 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
  369. 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
  370. 'S_BIRTHDAYS_ENABLED' => true,
  371. ));
  372. }
  373. $template->assign_vars(array(
  374. 'ERROR' => (count($error)) ? implode('<br />', $error) : '',
  375. 'S_JABBER_ENABLED' => $config['jab_enable'],
  376. 'JABBER' => $data['jabber'],
  377. ));
  378. // Get additional profile fields and assign them to the template block var 'profile_fields'
  379. $user->get_profile_fields($user->data['user_id']);
  380. $cp->generate_profile_fields('profile', $user->get_iso_lang_id());
  381. break;
  382. case 'signature':
  383. if (!$auth->acl_get('u_sig'))
  384. {
  385. send_status_line(403, 'Forbidden');
  386. trigger_error('NO_AUTH_SIGNATURE');
  387. }
  388. if (!function_exists('generate_smilies'))
  389. {
  390. include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
  391. }
  392. if (!function_exists('display_custom_bbcodes'))
  393. {
  394. include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
  395. }
  396. $preview = $request->is_set_post('preview');
  397. $enable_bbcode = ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false;
  398. $enable_smilies = ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false;
  399. $enable_urls = ($config['allow_sig_links']) ? $user->optionget('sig_links') : false;
  400. $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
  401. $decoded_message = generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $bbcode_flags);
  402. $signature = $request->variable('signature', $decoded_message['text'], true);
  403. $signature_preview = '';
  404. if ($submit || $preview)
  405. {
  406. $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
  407. $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
  408. $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
  409. if (!check_form_key('ucp_sig'))
  410. {
  411. $error[] = 'FORM_INVALID';
  412. }
  413. }
  414. /**
  415. * Modify user signature on editing profile in UCP
  416. *
  417. * @event core.ucp_profile_modify_signature
  418. * @var bool enable_bbcode Whether or not bbcode is enabled
  419. * @var bool enable_smilies Whether or not smilies are enabled
  420. * @var bool enable_urls Whether or not urls are enabled
  421. * @var string signature Users signature text
  422. * @var array error Any error strings
  423. * @var bool submit Whether or not the form has been sumitted
  424. * @var bool preview Whether or not the signature is being previewed
  425. * @since 3.1.10-RC1
  426. * @changed 3.2.0-RC2 Removed message parser
  427. */
  428. $vars = array(
  429. 'enable_bbcode',
  430. 'enable_smilies',
  431. 'enable_urls',
  432. 'signature',
  433. 'error',
  434. 'submit',
  435. 'preview',
  436. );
  437. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars)));
  438. $bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
  439. $warn_msg = generate_text_for_storage(
  440. $signature,
  441. $bbcode_uid,
  442. $bbcode_bitfield,
  443. $bbcode_flags,
  444. $enable_bbcode,
  445. $enable_urls,
  446. $enable_smilies,
  447. $config['allow_sig_img'],
  448. $config['allow_sig_flash'],
  449. true,
  450. $config['allow_sig_links'],
  451. 'sig'
  452. );
  453. if (count($warn_msg))
  454. {
  455. $error += $warn_msg;
  456. }
  457. if (!$submit)
  458. {
  459. // Parse it for displaying
  460. $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
  461. }
  462. else
  463. {
  464. if (!count($error))
  465. {
  466. $user->optionset('sig_bbcode', $enable_bbcode);
  467. $user->optionset('sig_smilies', $enable_smilies);
  468. $user->optionset('sig_links', $enable_urls);
  469. $sql_ary = array(
  470. 'user_sig' => $signature,
  471. 'user_options' => $user->data['user_options'],
  472. 'user_sig_bbcode_uid' => $bbcode_uid,
  473. 'user_sig_bbcode_bitfield' => $bbcode_bitfield
  474. );
  475. /**
  476. * Modify user registration data before submitting it to the database
  477. *
  478. * @event core.ucp_profile_modify_signature_sql_ary
  479. * @var array sql_ary Array with user signature data to submit to the database
  480. * @since 3.1.10-RC1
  481. */
  482. $vars = array('sql_ary');
  483. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars)));
  484. $sql = 'UPDATE ' . USERS_TABLE . '
  485. SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
  486. WHERE user_id = ' . $user->data['user_id'];
  487. $db->sql_query($sql);
  488. $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
  489. trigger_error($message);
  490. }
  491. }
  492. // Replace "error" strings with their real, localised form
  493. $error = array_map(array($user, 'lang'), $error);
  494. if ($request->is_set_post('preview'))
  495. {
  496. $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
  497. }
  498. /** @var \phpbb\controller\helper $controller_helper */
  499. $controller_helper = $phpbb_container->get('controller.helper');
  500. $template->assign_vars(array(
  501. 'ERROR' => (count($error)) ? implode('<br />', $error) : '',
  502. 'SIGNATURE' => $decoded_message['text'],
  503. 'SIGNATURE_PREVIEW' => $signature_preview,
  504. 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
  505. 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
  506. 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
  507. 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
  508. 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
  509. 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
  510. 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
  511. 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
  512. 'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'],
  513. 'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
  514. 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
  515. 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
  516. 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
  517. 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
  518. 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
  519. );
  520. add_form_key('ucp_sig');
  521. // Build custom bbcodes array
  522. display_custom_bbcodes();
  523. // Generate smiley listing
  524. generate_smilies('inline', 0);
  525. break;
  526. case 'avatar':
  527. add_form_key('ucp_avatar');
  528. $avatars_enabled = false;
  529. if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar'))
  530. {
  531. /* @var $phpbb_avatar_manager \phpbb\avatar\manager */
  532. $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
  533. $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
  534. // This is normalised data, without the user_ prefix
  535. $avatar_data = \phpbb\avatar\manager::clean_row($user->data, 'user');
  536. if ($submit)
  537. {
  538. if (check_form_key('ucp_avatar'))
  539. {
  540. $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
  541. if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
  542. {
  543. $driver = $phpbb_avatar_manager->get_driver($driver_name);
  544. $result = $driver->process_form($request, $template, $user, $avatar_data, $error);
  545. if ($result && empty($error))
  546. {
  547. // Success! Lets save the result in the database
  548. $result = array(
  549. 'user_avatar_type' => $driver_name,
  550. 'user_avatar' => $result['avatar'],
  551. 'user_avatar_width' => $result['avatar_width'],
  552. 'user_avatar_height' => $result['avatar_height'],
  553. );
  554. /**
  555. * Trigger events on successfull avatar change
  556. *
  557. * @event core.ucp_profile_avatar_sql
  558. * @var array result Array with data to be stored in DB
  559. * @since 3.1.11-RC1
  560. */
  561. $vars = array('result');
  562. extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_sql', compact($vars)));
  563. $sql = 'UPDATE ' . USERS_TABLE . '
  564. SET ' . $db->sql_build_array('UPDATE', $result) . '
  565. WHERE user_id = ' . (int) $user->data['user_id'];
  566. $db->sql_query($sql);
  567. meta_refresh(3, $this->u_action);
  568. $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
  569. trigger_error($message);
  570. }
  571. }
  572. }
  573. else
  574. {
  575. $error[] = 'FORM_INVALID';
  576. }
  577. }
  578. // Handle deletion of avatars
  579. if ($request->is_set_post('avatar_delete'))
  580. {
  581. if (!confirm_box(true))
  582. {
  583. confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
  584. 'avatar_delete' => true,
  585. 'i' => $id,
  586. 'mode' => $mode))
  587. );
  588. }
  589. else
  590. {
  591. $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
  592. meta_refresh(3, $this->u_action);
  593. $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
  594. trigger_error($message);
  595. }
  596. }
  597. $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
  598. $template->assign_vars(array(
  599. 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
  600. 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
  601. 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
  602. 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
  603. ));
  604. foreach ($avatar_drivers as $current_driver)
  605. {
  606. $driver = $phpbb_avatar_manager->get_driver($current_driver);
  607. $avatars_enabled = true;
  608. $template->set_filenames(array(
  609. 'avatar' => $driver->get_template_name(),
  610. ));
  611. if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
  612. {
  613. $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
  614. $driver_upper = strtoupper($driver_name);
  615. $template->assign_block_vars('avatar_drivers', array(
  616. 'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
  617. 'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
  618. 'DRIVER' => $driver_name,
  619. 'SELECTED' => $current_driver == $selected_driver,
  620. 'OUTPUT' => $template->assign_display('avatar'),
  621. ));
  622. }
  623. }
  624. // Replace "error" strings with their real, localised form
  625. $error = $phpbb_avatar_manager->localize_errors($user, $error);
  626. }
  627. $avatar = phpbb_get_user_avatar($user->data, 'USER_AVATAR', true);
  628. $template->assign_vars(array(
  629. 'ERROR' => (count($error)) ? implode('<br />', $error) : '',
  630. 'AVATAR' => $avatar,
  631. 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
  632. 'L_AVATAR_EXPLAIN' => phpbb_avatar_explanation_string(),
  633. 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
  634. ));
  635. break;
  636. case 'autologin_keys':
  637. add_form_key('ucp_autologin_keys');
  638. if ($submit)
  639. {
  640. $keys = $request->variable('keys', array(''));
  641. if (!check_form_key('ucp_autologin_keys'))
  642. {
  643. $error[] = 'FORM_INVALID';
  644. }
  645. if (!count($error))
  646. {
  647. if (!empty($keys))
  648. {
  649. foreach ($keys as $key => $id)
  650. {
  651. $keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
  652. }
  653. $sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
  654. $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
  655. WHERE user_id = ' . (int) $user->data['user_id'] . '
  656. AND ' . $sql_where ;
  657. $db->sql_query($sql);
  658. meta_refresh(3, $this->u_action);
  659. $message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
  660. trigger_error($message);
  661. }
  662. }
  663. // Replace "error" strings with their real, localised form
  664. $error = array_map(array($user, 'lang'), $error);
  665. }
  666. $sql = 'SELECT key_id, last_ip, last_login
  667. FROM ' . SESSIONS_KEYS_TABLE . '
  668. WHERE user_id = ' . (int) $user->data['user_id'] . '
  669. ORDER BY last_login ASC';
  670. $result = $db->sql_query($sql);
  671. while ($row = $db->sql_fetchrow($result))
  672. {
  673. $template->assign_block_vars('sessions', array(
  674. 'KEY' => substr($row['key_id'], 0, 8),
  675. 'IP' => $row['last_ip'],
  676. 'LOGIN_TIME' => $user->format_date($row['last_login']),
  677. ));
  678. }
  679. $db->sql_freeresult($result);
  680. break;
  681. }
  682. $template->assign_vars(array(
  683. 'ERROR' => (count($error)) ? implode('<br />', $error) : '',
  684. 'L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)],
  685. 'S_HIDDEN_FIELDS' => $s_hidden_fields,
  686. 'S_UCP_ACTION' => $this->u_action)
  687. );
  688. // Set desired template
  689. $this->tpl_name = 'ucp_profile_' . $mode;
  690. $this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
  691. }
  692. }