PageRenderTime 223ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/profile.php

https://gitlab.com/LibreTitan/Panther
PHP | 1503 lines | 1159 code | 276 blank | 68 comment | 397 complexity | 2fb2bb47cb446c796ffd4e3dcb76061e MD5 | raw file
  1. <?php
  2. /**
  3. * Copyright (C) 2015 Panther (https://www.pantherforum.org)
  4. * based on code by FluxBB copyright (C) 2008-2012 FluxBB
  5. * License: http://www.gnu.org/licenses/gpl.html GPL version 3 or higher
  6. */
  7. if (!defined('PANTHER'))
  8. {
  9. define('PANTHER_ROOT', __DIR__.'/');
  10. require PANTHER_ROOT.'include/common.php';
  11. }
  12. if ($panther_user['is_bot'])
  13. message($lang_common['No permission']);
  14. // Include UTF-8 function
  15. require PANTHER_ROOT.'include/utf8/substr_replace.php';
  16. require PANTHER_ROOT.'include/utf8/ucwords.php'; // utf8_ucwords needs utf8_substr_replace
  17. require PANTHER_ROOT.'include/utf8/strcasecmp.php';
  18. $action = isset($_GET['action']) ? $_GET['action'] : null;
  19. $section = isset($_GET['section']) ? $_GET['section'] : null;
  20. $id = isset($_GET['id']) ? intval($_GET['id']) : 0;
  21. if ($id < 2)
  22. message($lang_common['Bad request'], false, '404 Not Found');
  23. if ($action != 'change_pass' || !isset($_GET['key']))
  24. {
  25. if ($panther_user['g_read_board'] == '0')
  26. message($lang_common['No view'], false, '403 Forbidden');
  27. else if ($panther_user['g_view_users'] == '0' && ($panther_user['is_guest'] || $panther_user['id'] != $id))
  28. message($lang_common['No permission'], false, '403 Forbidden');
  29. }
  30. // Load the prof_reg.php language file
  31. require PANTHER_ROOT.'lang/'.$panther_user['language'].'/prof_reg.php';
  32. // Load the profile.php language file
  33. require PANTHER_ROOT.'lang/'.$panther_user['language'].'/profile.php';
  34. if ($action == 'change_pass')
  35. {
  36. if (isset($_GET['key']))
  37. {
  38. // If the user is already logged in we shouldn't be here :)
  39. if (!$panther_user['is_guest'])
  40. {
  41. header('Location: '.panther_link($panther_url['index']));
  42. exit;
  43. }
  44. $key = $_GET['key'];
  45. $data = array(
  46. ':id' => $id,
  47. );
  48. $ps = $db->select('users', 'activate_string, activate_key, salt', $data, 'id=:id');
  49. $cur_user = $ps->fetch();
  50. if ($key == '' || $key != $cur_user['activate_key'])
  51. message($lang_profile['Pass key bad'].' '.$panther_config['o_admin_email']);
  52. else
  53. {
  54. $data = array(
  55. ':password' => $cur_user['activate_string'],
  56. ':id' => $id,
  57. );
  58. $db->run('UPDATE '.$db->prefix.'users SET password=:password, activate_string=NULL, activate_key=NULL WHERE id=:id', $data);
  59. message($lang_profile['Pass updated'], true);
  60. }
  61. }
  62. // Make sure we are allowed to change this user's password
  63. if ($panther_user['id'] != $id)
  64. {
  65. if (!$panther_user['is_admmod'])
  66. message($lang_common['No permission'], false, '403 Forbidden');
  67. else if ($panther_user['g_moderator'] == '1') // A moderator trying to change a user's password?
  68. {
  69. $ps = $db->select('SELECT u.group_id, g.g_moderator, g.g_admin FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id=:id', array(':id'=>$id));
  70. if (!$ps->rowCount())
  71. message($lang_common['Bad request'], false, '404 Not Found');
  72. list($group_id, $is_moderator) = $ps->fetch(PDO::FETCH_NUM);
  73. if ($panther_user['g_mod_edit_users'] == '0' || $panther_user['g_mod_change_passwords'] == '0' || $group_id == PANTHER_ADMIN || $is_admin == '1' || $is_moderator == '1')
  74. message($lang_common['No permission'], false, '403 Forbidden');
  75. }
  76. }
  77. if (isset($_POST['form_sent']))
  78. {
  79. // Make sure they got here from the site
  80. confirm_referrer('profile.php');
  81. $old_password = isset($_POST['req_old_password']) ? panther_trim($_POST['req_old_password']) : '';
  82. $new_password1 = isset($_POST['req_new_password1']) ? panther_trim($_POST['req_new_password1']) : '';
  83. $new_password2 = isset($_POST['req_new_password2']) ? panther_trim($_POST['req_new_password2']) : '';
  84. if ($new_password1 != $new_password2)
  85. message($lang_prof_reg['Pass not match']);
  86. if (panther_strlen($new_password1) < 6)
  87. message($lang_prof_reg['Pass too short']);
  88. $data = array(
  89. ':id' => $id,
  90. );
  91. $ps = $db->select('users', 'password, salt', $data, 'id=:id');
  92. $cur_user = $ps->fetch();
  93. $authorized = false;
  94. if (!empty($cur_user['password']))
  95. {
  96. $old_password_hash = panther_hash($old_password.$cur_user['salt']);
  97. if ($cur_user['password'] == $old_password_hash || $panther_user['is_admmod'])
  98. $authorized = true;
  99. }
  100. if (!$authorized)
  101. message($lang_profile['Wrong pass']);
  102. $new_salt = random_pass(16);
  103. $new_password_hash = panther_hash($new_password1.$new_salt);
  104. $update = array(
  105. 'password' => $new_password_hash,
  106. 'salt' => $new_salt,
  107. );
  108. $data = array(
  109. ':id' => $id,
  110. );
  111. $db->update('users', $update, 'id=:id', $data);
  112. if ($panther_user['id'] == $id)
  113. panther_setcookie($panther_user['id'], $new_password_hash, time() + $panther_config['o_timeout_visit']);
  114. redirect(panther_link($panther_url['profile_essentials'], array($id)), $lang_profile['Pass updated redirect']);
  115. }
  116. $page_title = array($panther_config['o_board_title'], $lang_common['Profile'], $lang_profile['Change pass']);
  117. $required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']);
  118. $focus_element = array('change_pass', ((!$panther_user['is_admmod']) ? 'req_old_password' : 'req_new_password1'));
  119. define('PANTHER_ACTIVE_PAGE', 'profile');
  120. require PANTHER_ROOT.'header.php';
  121. $tpl = load_template('change_password.tpl');
  122. echo $tpl->render(
  123. array(
  124. 'lang_profile' => $lang_profile,
  125. 'lang_common' => $lang_common,
  126. 'csrf_token' => generate_csrf_token(),
  127. 'form_action' => panther_link($panther_url['change_password'], array($id)),
  128. 'panther_user' => $panther_user,
  129. )
  130. );
  131. require PANTHER_ROOT.'footer.php';
  132. }
  133. else if ($action == 'change_email')
  134. {
  135. // Make sure we are allowed to change this user's email
  136. if ($panther_user['id'] != $id)
  137. {
  138. if (!$panther_user['is_admmod']) // A regular user trying to change another user's email?
  139. message($lang_common['No permission'], false, '403 Forbidden');
  140. else if ($panther_user['g_moderator'] == '1') // A moderator trying to change a user's email?
  141. {
  142. $data = array(
  143. ':id' => $id,
  144. );
  145. $ps = $db->run('SELECT u.group_id, g.g_moderator, g.g_admin FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id=:id', $data);
  146. if (!$ps->rowCount())
  147. message($lang_common['Bad request'], false, '404 Not Found');
  148. list($group_id, $is_moderator, $is_admin) = $ps->fetch(PDO::FETCH_NUM);
  149. if ($panther_user['g_mod_edit_users'] == '0' || $group_id == PANTHER_ADMIN || $is_admin == '1' || $is_moderator == '1')
  150. message($lang_common['No permission'], false, '403 Forbidden');
  151. }
  152. }
  153. if (isset($_GET['key']))
  154. {
  155. $key = $_GET['key'];
  156. $update = array(
  157. ':id' => $id,
  158. );
  159. $ps = $db->select('users', 'activate_string, activate_key', $update, 'id=:id');
  160. list($new_email, $new_email_key) = $ps->fetch(PDO::FETCH_NUM);
  161. if ($key == '' || $key != $new_email_key)
  162. message(sprintf($lang_profile['Email key bad'], $panther_config['o_admin_email']));
  163. else
  164. {
  165. $data = array(
  166. ':id' => $id,
  167. );
  168. $db->run('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id=:id', $data);
  169. message($lang_profile['Email updated'], true);
  170. }
  171. }
  172. else if (isset($_POST['form_sent']))
  173. {
  174. confirm_referrer('profile.php');
  175. if (panther_hash($_POST['req_password'].$panther_user['salt']) !== $panther_user['password'])
  176. message($lang_profile['Wrong pass']);
  177. require PANTHER_ROOT.'include/email.php';
  178. // Validate the email address
  179. $new_email = isset($_POST['req_new_email']) ? strtolower(panther_trim($_POST['req_new_email'])) : '';
  180. if (!$mailer->is_valid_email($new_email))
  181. message($lang_common['Invalid email']);
  182. // Check if it's a banned email address
  183. if ($mailer->is_banned_email($new_email))
  184. {
  185. if ($panther_config['p_allow_banned_email'] == '0')
  186. message($lang_prof_reg['Banned email']);
  187. else if ($panther_config['o_mailing_list'] != '')
  188. {
  189. $info = array(
  190. 'message' => array(
  191. '<username>' => $panther_user['username'],
  192. '<email>' => $new_email,
  193. '<profile_url>' => panther_link($panther_url['profile_essentials'], array($id)),
  194. )
  195. );
  196. $mail_tpl = $mailer->parse(PANTHER_ROOT.'lang/'.$panther_user['language'].'/mail_templates/banned_email_change.tpl', $info);
  197. $mailer->send($panther_config['o_mailing_list'], $mail_tpl['subject'], $mail_tpl['message']);
  198. }
  199. }
  200. // Check if someone else already has registered with that email address
  201. $data = array(
  202. ':email' => $new_email,
  203. );
  204. $ps = $db->select('users', 'id, username', $data, 'email=:email');
  205. if ($ps->rowCount())
  206. {
  207. if ($panther_config['p_allow_dupe_email'] == '0')
  208. message($lang_prof_reg['Dupe email']);
  209. else if ($panther_config['o_mailing_list'] != '')
  210. {
  211. $ps->setFetchMode(PDO::FETCH_COLUMN, 0);
  212. foreach ($ps as $cur_dupe)
  213. $dupe_list[] = $cur_dupe;
  214. $info = array(
  215. 'message' => array(
  216. '<username>' => $panther_user['username'],
  217. '<dupe_list>' => implode(', ', $dupe_list),
  218. '<profile_url>' => panther_link($panther_url['profile_essentials'], array($id)),
  219. )
  220. );
  221. $mail_tpl = $mailer->parse(PANTHER_ROOT.'lang/'.$panther_user['language'].'/mail_templates/dupe_email_change.tpl', $info);
  222. $mailer->send($panther_config['o_mailing_list'], $mail_tpl['subject'], $mail_tpl['message']);
  223. }
  224. }
  225. $new_email_key = random_pass(8);
  226. $update = array(
  227. 'activate_string' => $new_email,
  228. 'activate_key' => $new_email_key,
  229. );
  230. $data = array(
  231. ':id' => $id,
  232. );
  233. $db->update('users', $update, 'id=:id', $data);
  234. $info = array(
  235. 'message' => array(
  236. '<username>' => $panther_user['username'],
  237. '<base_url>' => get_base_url(),
  238. '<activation_url>' => panther_link($panther_url['change_email_key'], array($id, $new_email_key)),
  239. )
  240. );
  241. $mail_tpl = $mailer->parse(PANTHER_ROOT.'lang/'.$panther_user['language'].'/mail_templates/activate_email.tpl', $info);
  242. $mailer->send($new_email, $mail_tpl['subject'], $mail_tpl['message']);
  243. message($lang_profile['Activate email sent'].' '.$panther_config['o_admin_email'], true);
  244. }
  245. $page_title = array($panther_config['o_board_title'], $lang_common['Profile'], $lang_profile['Change email']);
  246. $required_fields = array('req_new_email' => $lang_profile['New email'], 'req_password' => $lang_common['Password']);
  247. $focus_element = array('change_email', 'req_new_email');
  248. define('PANTHER_ACTIVE_PAGE', 'profile');
  249. require PANTHER_ROOT.'header.php';
  250. $tpl = load_template('change_email.tpl');
  251. echo $tpl->render(
  252. array(
  253. 'lang_profile' => $lang_profile,
  254. 'lang_common' => $lang_common,
  255. 'form_action' => panther_link($panther_url['change_email'], array($id)),
  256. 'csrf_token' => generate_csrf_token(),
  257. )
  258. );
  259. require PANTHER_ROOT.'footer.php';
  260. }
  261. else if ($action == 'use_gravatar')
  262. {
  263. if ($panther_config['o_avatars'] == '0')
  264. message($lang_profile['Avatars disabled']);
  265. if ($panther_user['id'] != $id && !$panther_user['is_admmod'])
  266. message($lang_common['No permission']);
  267. confirm_referrer('profile.php');
  268. $data = array(
  269. ':id' => $id,
  270. );
  271. $ps = $db->select('users', 'use_gravatar', $data, 'id=:id');
  272. $use_gravatar = $ps->fetchColumn();
  273. if (!$use_gravatar)
  274. delete_avatar($id);
  275. $redirect_msg = ($use_gravatar) ? $lang_profile['Gravatar disabled redirect'] : $lang_profile['Gravatar enabled redirect'];
  276. $update = array(
  277. 'use_gravatar' => (($use_gravatar == 0) ? 1 : 0)
  278. );
  279. $db->update('users', $update, 'id=:id', $data);
  280. redirect(panther_link($panther_url['profile_personality'], array($id)), $redirect_msg);
  281. }
  282. else if ($action == 'upload_avatar')
  283. {
  284. if ($panther_config['o_avatars'] == '0')
  285. message($lang_profile['Avatars disabled']);
  286. if ($panther_config['o_avatar_upload'] == '0')
  287. message($lang_profile['Avatars disabled']);
  288. if ($panther_user['id'] != $id && !$panther_user['is_admmod'])
  289. message($lang_common['No permission'], false, '403 Forbidden');
  290. if (isset($_POST['form_sent']))
  291. {
  292. if (!isset($_FILES['req_file']))
  293. message($lang_profile['No file']);
  294. $avatar_path = ($panther_config['o_avatars_dir'] != '') ? $panther_config['o_avatars_path'] : PANTHER_ROOT.$panther_config['o_avatars_path'].'/';
  295. // Make sure they got here from the site
  296. confirm_referrer('profile.php');
  297. $uploaded_file = $_FILES['req_file'];
  298. // Make sure the upload went smooth
  299. if (isset($uploaded_file['error']))
  300. {
  301. switch ($uploaded_file['error'])
  302. {
  303. case 1: // UPLOAD_ERR_INI_SIZE
  304. case 2: // UPLOAD_ERR_FORM_SIZE
  305. message($lang_profile['Too large ini']);
  306. break;
  307. case 3: // UPLOAD_ERR_PARTIAL
  308. message($lang_profile['Partial upload']);
  309. break;
  310. case 4: // UPLOAD_ERR_NO_FILE
  311. message($lang_profile['No file']);
  312. break;
  313. case 6: // UPLOAD_ERR_NO_TMP_DIR
  314. message($lang_profile['No tmp directory']);
  315. break;
  316. default:
  317. // No error occured, but was something actually uploaded?
  318. if ($uploaded_file['size'] == 0)
  319. message($lang_profile['No file']);
  320. break;
  321. }
  322. }
  323. if (is_uploaded_file($uploaded_file['tmp_name']))
  324. {
  325. // Preliminary file check, adequate in most cases
  326. $allowed_types = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png');
  327. if (!in_array($uploaded_file['type'], $allowed_types))
  328. message($lang_profile['Bad type']);
  329. // Make sure the file isn't too big
  330. if ($uploaded_file['size'] > $panther_config['o_avatars_size'])
  331. message($lang_profile['Too large'].' '.forum_number_format($panther_config['o_avatars_size']).' '.$lang_profile['bytes'].'.');
  332. // Move the file to the avatar directory. We do this before checking the width/height to circumvent open_basedir restrictions
  333. if (!@move_uploaded_file($uploaded_file['tmp_name'], $avatar_path.$id.'.tmp'))
  334. message($lang_profile['Move failed'].' '.$panther_config['o_admin_email']);
  335. list($width, $height, $type,) = @getimagesize($avatar_path.$id.'.tmp');
  336. // Determine type
  337. if ($type == IMAGETYPE_GIF)
  338. $extension = '.gif';
  339. else if ($type == IMAGETYPE_JPEG)
  340. $extension = '.jpg';
  341. else if ($type == IMAGETYPE_PNG)
  342. $extension = '.png';
  343. else
  344. {
  345. // Invalid type
  346. @unlink($avatar_path.$id.'.tmp');
  347. message($lang_profile['Bad type']);
  348. }
  349. // Now check the width/height
  350. if (empty($width) || empty($height) || $width > $panther_config['o_avatars_width'] || $height > $panther_config['o_avatars_height'])
  351. {
  352. @unlink($avatar_path.$id.'.tmp');
  353. message($lang_profile['Too wide or high'].' '.$panther_config['o_avatars_width'].'x'.$panther_config['o_avatars_height'].' '.$lang_profile['pixels'].'.');
  354. }
  355. // Delete any old avatars and put the new one in place
  356. delete_avatar($id);
  357. @rename($avatar_path.$id.'.tmp', $avatar_path.$id.$extension);
  358. compress_image($avatar_path.$id.$extension);
  359. @chmod($avatar_path.$id.$extension, 0644);
  360. // Disable Gravatar
  361. $update = array(
  362. 'use_gravatar' => 0,
  363. );
  364. $data = array(
  365. ':id' => $id,
  366. );
  367. $db->update('users', $update, 'id=:id', $data);
  368. }
  369. else
  370. message($lang_profile['Unknown failure']);
  371. redirect(panther_link($panther_url['profile_personality'], array($id)), $lang_profile['Avatar upload redirect']);
  372. }
  373. $page_title = array($panther_config['o_board_title'], $lang_common['Profile'], $lang_profile['Upload avatar']);
  374. $required_fields = array('req_file' => $lang_profile['File']);
  375. $focus_element = array('upload_avatar', 'req_file');
  376. define('PANTHER_ACTIVE_PAGE', 'profile');
  377. require PANTHER_ROOT.'header.php';
  378. $csrf_token = generate_csrf_token();
  379. $tpl = load_template('upload_avatar.tpl');
  380. echo $tpl->render(
  381. array(
  382. 'lang_profile' => $lang_profile,
  383. 'lang_common' => $lang_common,
  384. 'form_action' => panther_link($panther_url['upload_avatar'], array($id, $csrf_token)),
  385. 'csrf_token' => $csrf_token,
  386. 'panther_config' => $panther_config,
  387. 'avatar_size' => forum_number_format($panther_config['o_avatars_size']),
  388. 'file_size' => file_size($panther_config['o_avatars_size']),
  389. )
  390. );
  391. require PANTHER_ROOT.'footer.php';
  392. }
  393. else if ($action == 'delete_avatar')
  394. {
  395. confirm_referrer('profile.php');
  396. if ($panther_user['id'] != $id && !$panther_user['is_admmod'])
  397. message($lang_common['No permission'], false, '403 Forbidden');
  398. delete_avatar($id);
  399. redirect(panther_link($panther_url['profile_personality'], array($id)), $lang_profile['Avatar deleted redirect']);
  400. }
  401. else if (isset($_POST['update_group_membership']))
  402. {
  403. confirm_referrer('profile.php');
  404. if (!$panther_user['is_admin'])
  405. message($lang_common['No permission'], false, '403 Forbidden');
  406. $new_group_id = intval($_POST['group_id']);
  407. $select = array(
  408. ':id' => $id,
  409. );
  410. $ps = $db->select('users', 'group_id', $select, 'id=:id');
  411. $old_group_id = $ps->fetchColumn();
  412. $update = array(
  413. 'group_id' => $new_group_id,
  414. );
  415. $data = array(
  416. ':id' => $id,
  417. );
  418. $db->update('users', $update, 'id=:id', $data);
  419. // Regenerate the users info cache
  420. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  421. require PANTHER_ROOT.'include/cache.php';
  422. generate_users_info_cache();
  423. if ($old_group_id !=0 && ($old_group_id == PANTHER_ADMIN || $new_group_id == PANTHER_ADMIN || $panther_groups[$old_group_id]['g_admin'] == '1' || $panther_groups[$new_group_id]['g_admin'] == '1'))
  424. generate_admins_cache();
  425. $data = array(
  426. ':id' => $new_group_id
  427. );
  428. $ps = $db->select('groups', 'g_moderator', $data, 'g_id=:id');
  429. $new_group_mod = $ps->fetchColumn();
  430. // If the user was a moderator or an administrator, we remove him/her from the moderator list in all forums as well
  431. if ($new_group_id != PANTHER_ADMIN && $new_group_mod != '1')
  432. {
  433. $ps = $db->select('forums', 'id, moderators');
  434. foreach ($ps as $cur_forum)
  435. {
  436. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  437. if (in_array($id, $cur_moderators))
  438. {
  439. $username = array_search($id, $cur_moderators);
  440. unset($cur_moderators[$username]);
  441. unset($cur_moderators['groups'][$id]);
  442. if (empty($cur_moderators['groups']))
  443. unset($cur_moderators['groups']);
  444. $cur_moderators = (!empty($cur_moderators)) ? serialize($cur_moderators) : NULL;
  445. $update = array(
  446. 'moderators' => $cur_moderators,
  447. );
  448. $data = array(
  449. ':id' => $cur_forum['id'],
  450. );
  451. $db->update('forums', $update, 'id=:id', $data);
  452. }
  453. }
  454. }
  455. else // Else update moderator's group_id
  456. {
  457. $ps = $db->select('forums', 'id, moderators');
  458. foreach ($ps as $cur_forum)
  459. {
  460. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  461. if (in_array($id, $cur_moderators))
  462. {
  463. $cur_moderators['groups'][$id] = $new_group_id;
  464. $update = array(
  465. 'moderators' => serialize($cur_moderators),
  466. );
  467. $data = array(
  468. ':id' => $cur_forum['id'],
  469. );
  470. $db->update('forums', $update, 'id=:id', $data);
  471. }
  472. }
  473. }
  474. redirect(panther_link($panther_url['profile_admin'], array($id)), $lang_profile['Group membership redirect']);
  475. }
  476. else if (isset($_POST['update_forums']))
  477. {
  478. confirm_referrer('profile.php');
  479. if (!$panther_user['is_admin'])
  480. message($lang_common['No permission'], false, '403 Forbidden');
  481. // Get the username of the user we are processing
  482. $data = array(
  483. ':id' => $id,
  484. );
  485. $ps = $db->select('users', 'username, group_id', $data, 'id=:id');
  486. list($username, $group_id) = $ps->fetch(PDO::FETCH_NUM);
  487. $moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array();
  488. // Loop through all forums
  489. $ps = $db->select('forums', 'id, moderators');
  490. foreach ($ps as $cur_forum)
  491. {
  492. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  493. if (!isset($cur_moderators['groups']))
  494. $cur_moderators['groups'] = array();
  495. $cur_moderators['groups'][$id] = $group_id;
  496. // If the user should have moderator access (and he/she doesn't already have it)
  497. if (in_array($cur_forum['id'], $moderator_in) && !in_array($id, $cur_moderators))
  498. {
  499. $cur_moderators[$username] = $id;
  500. uksort($cur_moderators, 'utf8_strcasecmp');
  501. $update = array(
  502. 'moderators' => serialize($cur_moderators),
  503. );
  504. $data = array(
  505. ':id' => $cur_forum['id'],
  506. );
  507. $db->update('forums', $update, 'id=:id', $data);
  508. }
  509. // If the user shouldn't have moderator access (and he/she already has it)
  510. else if (!in_array($cur_forum['id'], $moderator_in) && in_array($id, $cur_moderators))
  511. {
  512. unset($cur_moderators[$username]);
  513. unset($cur_moderators['groups'][$id]);
  514. if (empty($cur_moderators['groups']))
  515. unset($cur_moderators['groups']);
  516. $cur_moderators = (!empty($cur_moderators)) ? serialize($cur_moderators) : NULL;
  517. $update = array(
  518. 'moderators' => $cur_moderators,
  519. );
  520. $data = array(
  521. ':id' => $cur_forum['id'],
  522. );
  523. $db->update('forums', $update, 'id=:id', $data);
  524. }
  525. elseif (in_array($cur_forum['id'], $moderator_in) || in_array($id, $cur_moderators))
  526. {
  527. $update = array(
  528. 'moderators' => serialize($cur_moderators),
  529. );
  530. $data = array(
  531. ':id' => $cur_forum['id'],
  532. );
  533. $db->update('forums', $update, 'id=:id', $data);
  534. }
  535. }
  536. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  537. require PANTHER_ROOT.'include/cache.php';
  538. generate_forums_cache();
  539. redirect(panther_link($panther_url['profile_admin'], array($id)), $lang_profile['Update forums redirect']);
  540. }
  541. else if (isset($_POST['update_posting_ban']))
  542. {
  543. confirm_referrer('profile.php');
  544. if (!$panther_user['is_admin'])
  545. message($lang_common['No permission']);
  546. $data = array(
  547. ':id' => $id,
  548. );
  549. $ps = $db->select('users', 'username, group_id', $data, 'id=:id');
  550. $cur_user = $ps->fetch();
  551. if ($panther_groups[$cur_user['group_id']]['g_admin'] == '1' || $cur_user['group_id'] == PANTHER_ADMIN)
  552. message(sprintf($lang_profile['posting ban admin'], $cur_user['username']));
  553. if ($panther_groups[$cur_user['group_id']]['g_moderator'] == '1')
  554. message(sprintf($lang_profile['posting ban moderator'], $cur_user['username']));
  555. $expiration_time = isset($_POST['expiration_time']) ? intval($_POST['expiration_time']) : 0;
  556. $expiration_unit = isset($_POST['expiration_unit']) ? panther_trim($_POST['expiration_unit']) : $lang_profile['Days'];
  557. $delete_ban = isset($_POST['remove_ban']) ? '1' : '0';
  558. $time = ($delete_ban == '1') ? '0' : (time() + get_expiration_time($expiration_time, $expiration_unit));
  559. $update = array(
  560. 'posting_ban' => $time,
  561. );
  562. $db->update('users', $update, 'id=:id', $data);
  563. redirect(panther_link($panther_url['profile_admin'], array($id)), $lang_profile['Update posting ban redirect']);
  564. }
  565. else if (isset($_POST['ban']))
  566. {
  567. if (!$panther_user['is_admin'] && ($panther_user['g_moderator'] != '1' || $panther_user['g_mod_ban_users'] == '0'))
  568. message($lang_common['No permission'], false, '403 Forbidden');
  569. // Get the username of the user we are banning
  570. $data = array(
  571. ':id' => $id,
  572. );
  573. $ps = $db->select('users', 'username', $data, 'id=:id');
  574. $username = $ps->fetchColumn();
  575. // Check whether user is already banned
  576. $data = array(
  577. ':username' => $username,
  578. );
  579. $ps = $db->select('bans', 'id', $data, 'username=:username', 'expire IS NULL DESC, expire DESC LIMIT 1');
  580. if ($ps->rowCount())
  581. {
  582. $ban_id = $ps->fetchColumn();
  583. redirect(panther_link($panther_url['edit_ban'], array($ban_id)), $lang_profile['Ban redirect']);
  584. }
  585. else
  586. redirect(panther_link($panther_url['admin_bans_add'], array($id)), $lang_profile['Ban redirect']);
  587. }
  588. else if ($action == 'promote')
  589. {
  590. confirm_referrer('viewtopic.php');
  591. if (!$panther_user['is_admin'] && ($panther_user['g_moderator'] != '1' || $panther_user['g_mod_promote_users'] == '0'))
  592. message($lang_common['No permission']);
  593. $pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
  594. if ($pid < 1)
  595. message($lag_common['Bad request']);
  596. $data = array(
  597. ':id' => $id,
  598. );
  599. $ps = $db->run('SELECT g.g_promote_next_group FROM '.$db->prefix.'groups AS g INNER JOIN '.$db->prefix.'users AS u ON u.group_id=g.g_id WHERE u.id=:id AND g.g_promote_next_group>0', $data);
  600. if (!$ps->rowCount())
  601. message($lang_common['Bad request'], false, '404 Not Found');
  602. $update = array(
  603. 'group_id' => $ps->fetchColumn(),
  604. );
  605. $data = array(
  606. ':id' => $id,
  607. );
  608. $db->update('users', $update, 'id=:id', $data);
  609. redirect(panther_link($panther_url['post'], array($pid)), $lang_profile['User promote redirect']);
  610. }
  611. else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
  612. {
  613. confirm_referrer('profile.php');
  614. if ($panther_user['g_id'] != PANTHER_ADMIN && $panther_user['g_admin'] != '1')
  615. message($lang_common['No permission'], false, '403 Forbidden');
  616. if (file_exists(FORUM_CACHE_DIR.'cache_restrictions.php'))
  617. require FORUM_CACHE_DIR.'cache_restrictions.php';
  618. else
  619. {
  620. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  621. require PANTHER_ROOT.'include/cache.php';
  622. generate_admin_restrictions_cache();
  623. require FORUM_CACHE_DIR.'cache_restrictions.php';
  624. }
  625. if (!isset($admins[$panther_user['id']]) || $panther_user['id'] == '2')
  626. $admins[$panther_user['id']] = array('admin_users' => '1');
  627. if ($admins[$panther_user['id']]['admin_users'] == '0')
  628. message($lang_common['No permission']);
  629. // Get the username and group of the user we are deleting
  630. $data = array(
  631. ':id' => $id,
  632. );
  633. $ps = $db->select('users', 'group_id, username', $data, 'id=:id');
  634. list($group_id, $username) = $ps->fetch(PDO::FETCH_NUM);
  635. if ($group_id == PANTHER_ADMIN || $panther_groups[$group_id]['g_admin'] == '1')
  636. message($lang_profile['No delete admin message']);
  637. if (isset($_POST['delete_user_comply']))
  638. {
  639. // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well7
  640. $data = array(
  641. ':id' => $group_id,
  642. );
  643. $ps = $db->select('groups', 'g_moderator', $data, 'g_id=:id');
  644. $group_mod = $ps->fetchColumn();
  645. if ($group_id == PANTHER_ADMIN || $group_mod == '1')
  646. {
  647. $ps = $db->select('forums', 'id, moderators');
  648. foreach ($ps as $cur_forum)
  649. {
  650. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  651. if (in_array($id, $cur_moderators))
  652. {
  653. unset($cur_moderators[$username]);
  654. $cur_moderators = (!empty($cur_moderators)) ? serialize($cur_moderators) : NULL;
  655. $update = array(
  656. 'moderators' => $cur_moderators,
  657. );
  658. $data = array(
  659. ':id' => $cur_forum['id'],
  660. );
  661. $db->update('forums', $update, 'id=:id', $data);
  662. }
  663. }
  664. }
  665. $data = array(
  666. ':id' => $id,
  667. );
  668. // Delete any subscriptions
  669. $db->delete('topic_subscriptions', 'user_id=:id', $data);
  670. $db->delete('forum_subscriptions', 'user_id=:id', $data);
  671. // Remove any issued warnings
  672. $db->delete('warnings', 'user_id=:id', $data);
  673. // Remove them from the online list (if they happen to be logged in)
  674. $db->delete('online', 'user_id=:id', $data);
  675. // Should we delete all posts made by this user?
  676. if (isset($_POST['delete_posts']))
  677. {
  678. require PANTHER_ROOT.'include/search_idx.php';
  679. @set_time_limit(0);
  680. // Find all posts made by this user
  681. $ps = $db->run('SELECT p.id, p.topic_id, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id=:id', $data);
  682. if ($ps->rowCount())
  683. {
  684. foreach ($ps as $cur_post)
  685. {
  686. // Determine whether this post is the "topic post" or not
  687. $select = array(
  688. ':id' => $cur_post['topic_id'],
  689. );
  690. $ps1 = $db->select('posts', 'id', $select, 'topic_id=:id', 'posted LIMIT 1');
  691. if ($ps1->fetchColumn() == $cur_post['id'])
  692. delete_topic($cur_post['topic_id']);
  693. else
  694. delete_post($cur_post['id'], $cur_post['topic_id']);
  695. $delete = array(
  696. ':id' => $cur_post['id'],
  697. );
  698. $db->delete('reputation', 'post_id=:id', $delete);
  699. update_forum($cur_post['forum_id']);
  700. }
  701. }
  702. }
  703. else // Set all his/her posts to guest
  704. {
  705. $update = array(
  706. 'poster_id' => 1,
  707. );
  708. $db->update('posts', $update, 'poster_id=:id', $data);
  709. }
  710. // Delete user avatar
  711. delete_avatar($id);
  712. // Delete the user
  713. $db->delete('users', 'id=:id', $data);
  714. // Regenerate the users info cache
  715. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  716. require PANTHER_ROOT.'include/cache.php';
  717. generate_users_info_cache();
  718. if ($group_id == PANTHER_ADMIN || $panther_groups[$group_id]['g_admin'] == '1')
  719. {
  720. generate_admins_cache();
  721. generate_admin_restrictions_cache();
  722. }
  723. redirect(panther_link($panther_url['index']), $lang_profile['User delete redirect']);
  724. }
  725. $page_title = array($panther_config['o_board_title'], $lang_common['Profile'], $lang_profile['Confirm delete user']);
  726. define('PANTHER_ACTIVE_PAGE', 'profile');
  727. require PANTHER_ROOT.'header.php';
  728. $tpl = load_template('delete_user.tpl');
  729. echo $tpl->render(
  730. array(
  731. 'lang_profile' => $lang_profile,
  732. 'lang_common' => $lang_common,
  733. 'form_action' => panther_link($panther_url['profile'], array($id, url_friendly($username))),
  734. 'username' => $username,
  735. 'csrf_token' => generate_csrf_token(),
  736. )
  737. );
  738. require PANTHER_ROOT.'footer.php';
  739. }
  740. else if (isset($_POST['form_sent']))
  741. {
  742. confirm_referrer('profile.php');
  743. $data = array(
  744. ':id' => $id,
  745. );
  746. // Fetch the user group of the user we are editing
  747. $ps = $db->run('SELECT u.username, u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id=:id', $data);
  748. if (!$ps->rowCount())
  749. message($lang_common['Bad request'], false, '404 Not Found');
  750. list($old_username, $group_id, $is_moderator) = $ps->fetch(PDO::FETCH_NUM);
  751. if ($panther_user['id'] != $id && !in_array($section, array('rep_received', 'rep_given')) && // If we aren't the user (i.e. editing your own profile) and we aren't viewing what rep they have
  752. (!$panther_user['is_admmod'] || // and we are not an admin or mod
  753. (!$panther_user['is_admin'] && // or we aren't an admin and ...
  754. ($panther_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users
  755. $group_id == PANTHER_ADMIN || // or the user is an admin
  756. $is_moderator)))) // or the user is another mod
  757. message($lang_common['No permission'], false, '403 Forbidden');
  758. $username_updated = false;
  759. // Validate input depending on section
  760. switch ($section)
  761. {
  762. case 'essentials':
  763. {
  764. $form = array(
  765. 'timezone' => floatval($_POST['form']['timezone']),
  766. 'dst' => isset($_POST['form']['dst']) ? '1' : '0',
  767. 'time_format' => intval($_POST['form']['time_format']),
  768. 'date_format' => intval($_POST['form']['date_format']),
  769. );
  770. // Make sure we got a valid language string
  771. if (isset($_POST['language']))
  772. {
  773. $languages = forum_list_langs();
  774. $form['language'] = panther_trim($_POST['language']);
  775. if (!in_array($form['language'], $languages))
  776. message($lang_common['Bad request'], false, '404 Not Found');
  777. }
  778. else
  779. $form['language'] = $panther_config['o_default_lang'];
  780. if ($panther_user['is_admmod'])
  781. {
  782. $form['admin_note'] = panther_trim($_POST['admin_note']);
  783. // Are we allowed to change usernames?
  784. if ($panther_user['is_admin'] || ($panther_user['g_moderator'] == '1' && $panther_user['g_mod_rename_users'] == '1'))
  785. {
  786. $form['username'] = panther_trim($_POST['req_username']);
  787. if ($form['username'] != $old_username)
  788. {
  789. // Check username
  790. require PANTHER_ROOT.'lang/'.$panther_user['language'].'/register.php';
  791. $errors = array();
  792. check_username($form['username'], $id);
  793. if (!empty($errors))
  794. message($errors[0]);
  795. $username_updated = true;
  796. }
  797. }
  798. // We only allow administrators to update the post count
  799. if ($panther_user['is_admin'])
  800. $form['num_posts'] = intval($_POST['num_posts']);
  801. }
  802. if ($panther_config['o_regs_verify'] == '0' || $panther_user['is_admmod'])
  803. {
  804. require PANTHER_ROOT.'include/email.php';
  805. // Validate the email address
  806. $form['email'] = strtolower(panther_trim($_POST['req_email']));
  807. if (!$mailer->is_valid_email($form['email']))
  808. message($lang_common['Invalid email']);
  809. }
  810. break;
  811. }
  812. case 'personal':
  813. {
  814. $form = array(
  815. 'realname' => isset($_POST['form']['realname']) ? panther_trim($_POST['form']['realname']) : '',
  816. 'url' => isset($_POST['form']['url']) ? panther_trim($_POST['form']['url']) : '',
  817. 'location' => isset($_POST['form']['location']) ? panther_trim($_POST['form']['location']) : '',
  818. );
  819. // Add http:// if the URL doesn't contain it already (while allowing https://, too)
  820. if ($panther_user['g_post_links'] == '1')
  821. {
  822. if ($form['url'] != '')
  823. {
  824. $url = url_valid($form['url']);
  825. if ($url === false)
  826. message($lang_profile['Invalid website URL']);
  827. $form['url'] = $url['url'];
  828. }
  829. }
  830. else
  831. {
  832. if (!empty($form['url']))
  833. message($lang_profile['Website not allowed']);
  834. $form['url'] = '';
  835. }
  836. if ($panther_user['is_admin'])
  837. $form['title'] = panther_trim($_POST['title']);
  838. else if ($panther_user['g_set_title'] == '1')
  839. {
  840. $form['title'] = panther_trim($_POST['title']);
  841. if ($form['title'] != '')
  842. {
  843. // A list of words that the title may not contain
  844. // If the language is English, there will be some duplicates, but it's not the end of the world
  845. $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower($lang_common['Member']), utf8_strtolower($lang_common['Moderator']), utf8_strtolower($lang_common['Administrator']), utf8_strtolower($lang_common['Banned']), utf8_strtolower($lang_common['Guest']));
  846. if (in_array(utf8_strtolower($form['title']), $forbidden))
  847. message($lang_profile['Forbidden title']);
  848. }
  849. }
  850. break;
  851. }
  852. case 'messaging':
  853. {
  854. $form = array(
  855. 'facebook' => panther_trim($_POST['form']['facebook']),
  856. 'steam' => panther_trim($_POST['form']['steam']),
  857. 'skype' => panther_trim($_POST['form']['skype']),
  858. 'google' => panther_trim($_POST['form']['google']),
  859. 'twitter' => panther_trim($_POST['form']['twitter']),
  860. );
  861. break;
  862. }
  863. case 'personality':
  864. {
  865. $form = array();
  866. // Clean up signature from POST
  867. if ($panther_config['o_signatures'] == '1')
  868. {
  869. $form['signature'] = isset($_POST['signature']) ? panther_linebreaks(panther_trim($_POST['signature'])) : '';
  870. // Validate signature
  871. if (panther_strlen($form['signature']) > $panther_config['p_sig_length'])
  872. message(sprintf($lang_prof_reg['Sig too long'], $panther_config['p_sig_length'], panther_strlen($form['signature']) - $panther_config['p_sig_length']));
  873. else if (substr_count($form['signature'], "\n") > ($panther_config['p_sig_lines']-1))
  874. message(sprintf($lang_prof_reg['Sig too many lines'], $panther_config['p_sig_lines']));
  875. else if ($form['signature'] && $panther_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$panther_user['is_admmod'])
  876. $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
  877. // Validate BBCode syntax
  878. if ($panther_config['p_sig_bbcode'] == '1')
  879. {
  880. require PANTHER_ROOT.'include/parser.php';
  881. $errors = array();
  882. $form['signature'] = $parser->preparse_bbcode($form['signature'], $errors, true);
  883. if (count($errors) > 0)
  884. message('<ul><li>'.implode('</li><li>', $errors).'</li></ul>');
  885. }
  886. }
  887. break;
  888. }
  889. case 'display':
  890. {
  891. $form = array(
  892. 'disp_topics' => panther_trim($_POST['form']['disp_topics']),
  893. 'disp_posts' => panther_trim($_POST['form']['disp_posts']),
  894. 'show_smilies' => isset($_POST['form']['show_smilies']) ? '1' : '0',
  895. 'show_img' => isset($_POST['form']['show_img']) ? '1' : '0',
  896. 'show_img_sig' => isset($_POST['form']['show_img_sig']) ? '1' : '0',
  897. 'show_avatars' => isset($_POST['form']['show_avatars']) ? '1' : '0',
  898. 'show_sig' => isset($_POST['form']['show_sig']) ? '1' : '0',
  899. 'use_editor' => isset($_POST['form']['use_editor']) ? '1' : '0',
  900. );
  901. if ($form['disp_topics'] != '')
  902. {
  903. $form['disp_topics'] = intval($form['disp_topics']);
  904. if ($form['disp_topics'] < 3)
  905. $form['disp_topics'] = 3;
  906. else if ($form['disp_topics'] > 75)
  907. $form['disp_topics'] = 75;
  908. }
  909. if ($form['disp_posts'] != '')
  910. {
  911. $form['disp_posts'] = intval($form['disp_posts']);
  912. if ($form['disp_posts'] < 3)
  913. $form['disp_posts'] = 3;
  914. else if ($form['disp_posts'] > 75)
  915. $form['disp_posts'] = 75;
  916. }
  917. // Make sure we got a valid style string
  918. if (isset($_POST['form']['style']))
  919. {
  920. $styles = forum_list_styles();
  921. $form['style'] = panther_trim($_POST['form']['style']);
  922. if (!in_array($form['style'], $styles))
  923. message($lang_common['Bad request'], false, '404 Not Found');
  924. }
  925. else
  926. $form['style'] = $panther_config['o_default_style'];
  927. break;
  928. }
  929. case 'privacy':
  930. {
  931. $form = array(
  932. 'email_setting' => intval($_POST['form']['email_setting']),
  933. 'notify_with_post' => isset($_POST['form']['notify_with_post']) ? '1' : '0',
  934. 'auto_notify' => isset($_POST['form']['auto_notify']) ? '1' : '0',
  935. 'pm_enabled' => isset($_POST['form']['pm_enabled']) ? '1' : '0',
  936. 'pm_notify' => isset($_POST['form']['pm_notify']) ? '1' : '0',
  937. );
  938. if ($form['email_setting'] < 0 || $form['email_setting'] > 2)
  939. $form['email_setting'] = $panther_config['o_default_email_setting'];
  940. break;
  941. }
  942. default:
  943. message($lang_common['Bad request'], false, '404 Not Found');
  944. }
  945. // Single quotes around non-empty values and NULL for empty values
  946. $temp = $data = array();
  947. foreach ($form as $key => $input)
  948. {
  949. $value = ($input !== '') ? $input : NULL;
  950. $temp[] = $key.'= ?';
  951. $data[] = $value;
  952. }
  953. if (empty($temp))
  954. message($lang_common['Bad request'], false, '404 Not Found');
  955. $data[] = $id;
  956. $db->run('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id=?', $data);
  957. // If we changed the username we have to update some stuff
  958. if ($username_updated)
  959. {
  960. $update = array(
  961. 'username' => $form['username'],
  962. );
  963. $data = array(
  964. ':user' => $old_username,
  965. );
  966. $rows = $db->update('bans', $update, 'username=:user', $data);
  967. // If any bans were updated, we will need to know because the cache will need to be regenerated.
  968. if ($rows > 0)
  969. $bans_updated = true;
  970. $update = array(
  971. 'poster' => $form['username'],
  972. );
  973. $data = array(
  974. ':id' => $id,
  975. );
  976. $db->update('posts', $update, 'poster_id=:id', $data);
  977. $data = array(
  978. ':username' => $old_username,
  979. );
  980. $db->update('topics', $update, 'poster=:username', $data);
  981. $update = array(
  982. 'edited_by' => $form['username'],
  983. );
  984. $db->update('posts', $update, 'edited_by=:username', $data);
  985. $update = array(
  986. 'last_poster' => $form['username'],
  987. );
  988. $db->update('topics', $update, 'last_poster=:username', $data);
  989. $db->update('topics', $update, 'last_poster=:username', $data);
  990. $db->update('forums', $update, 'last_poster=:username', $data);
  991. $update = array(
  992. 'ident' => $form['username'],
  993. );
  994. $db->update('online', $update, 'ident=:username', $data);
  995. // If the user is a moderator or an administrator we have to update the moderator lists
  996. $data = array(
  997. ':id' => $id,
  998. );
  999. $ps = $db->select('users', 'group_id', $data, 'id=:id');
  1000. $group_id = $ps->fetchColumn();
  1001. if ($group_id == PANTHER_ADMIN || $panther_groups[$group_id]['g_moderator'] == '1')
  1002. {
  1003. $ps = $db->select('forums', 'id, moderators');
  1004. foreach ($ps as $cur_forum)
  1005. {
  1006. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  1007. if (in_array($id, $cur_moderators))
  1008. {
  1009. unset($cur_moderators[$old_username]);
  1010. $cur_moderators[$form['username']] = $id;
  1011. uksort($cur_moderators, 'utf8_strcasecmp');
  1012. $update = array(
  1013. 'moderators' => serialize($cur_moderators),
  1014. );
  1015. $data = array(
  1016. ':id' => $cur_forum['id'],
  1017. );
  1018. $db->update('forums', $update, 'id=:id', $data);
  1019. }
  1020. }
  1021. }
  1022. // Regenerate the users info cache
  1023. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  1024. require PANTHER_ROOT.'include/cache.php';
  1025. generate_users_info_cache();
  1026. // Check if the bans table was updated and regenerate the bans cache when needed
  1027. if (isset($bans_updated))
  1028. generate_bans_cache();
  1029. }
  1030. redirect(panther_link($panther_url['profile_'.strtolower($section)], array($id)), $lang_profile['Profile redirect']);
  1031. }
  1032. ($hook = get_extensions('profile_after_form_handling')) ? eval($hook) : null;
  1033. $data = array(
  1034. ':id' => $id,
  1035. );
  1036. $ps = $db->run('SELECT u.username, u.email, u.title, u.realname, u.url, u.facebook, u.steam, u.skype, u.google, u.twitter, u.location, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.notify_with_post, u.auto_notify, u.use_editor, u.pm_enabled, u.pm_notify, u.use_gravatar, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.dst, u.language, u.style, u.num_posts, u.last_post, u.last_visit, u.registered, u.registration_ip, u.reputation, u.admin_note, u.date_format, u.time_format, u.last_visit, u.posting_ban, g.g_id, g.g_user_title, g.g_moderator, g.g_use_pm, g.g_admin FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id=:id', $data);
  1037. if (!$ps->rowCount())
  1038. message($lang_common['Bad request'], false, '404 Not Found');
  1039. else
  1040. $user = $ps->fetch();
  1041. // View or edit?
  1042. if ($panther_user['id'] != $id && !in_array($section, array('rep_received', 'rep_given', 'view')) && // If we aren't the user (i.e. editing your own profile) and we aren't viewing what rep they have
  1043. (!$panther_user['is_admmod'] || // and we are not an admin or mod
  1044. (!$panther_user['is_admin'] && // or we aren't an admin and ...
  1045. ($panther_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users
  1046. $user['g_id'] == PANTHER_ADMIN || // or the user is an admin
  1047. $user['g_moderator'] == '1'))) || $section == 'view') // or the user is another mod
  1048. {
  1049. $user_personal = array();
  1050. if ($panther_config['o_users_online'] == '1')
  1051. {
  1052. require PANTHER_ROOT.'lang/'.$panther_user['language'].'/online.php';
  1053. $data = array(
  1054. ':id' => $id,
  1055. );
  1056. $ps = $db->select('online', 'currently', $data, 'user_id=:id');
  1057. $online = $ps->fetch();
  1058. if ($online['currently'] == NULL || $online['currently'] == '')
  1059. {
  1060. $icon = 'status_offline';
  1061. $status = $lang_online['user is offline'];
  1062. $location = $lang_online['not online'];
  1063. }
  1064. else
  1065. {
  1066. $icon = 'status_online';
  1067. $status = $lang_online['user is online'];
  1068. $location = generate_user_location($online['currently']);
  1069. }
  1070. }
  1071. $user_personal[] = array('title' => $lang_common['Username']);
  1072. $user_personal[] = array('data' => colourize_group($user['username'], $user['g_id']), 'raw' => true, 'icon' => $panther_config['o_image_dir'].$icon.'.png', 'icon_title' => $status);
  1073. $user_title_field = get_title($user);
  1074. $user_personal[] = array('title' => $lang_common['Title']);
  1075. $user_personal[] = array('data' => (($panther_config['o_censoring'] == '1') ? censor_words($user_title_field) : $user_title_field));
  1076. if ($user['realname'] != '')
  1077. {
  1078. $user_personal[] = array('title' => $lang_profile['Realname']);
  1079. $user_personal[] = array('data' => (($panther_config['o_censoring'] == '1') ? censor_words($user['realname']) : $user['realname']));
  1080. }
  1081. if ($user['location'] != '')
  1082. {
  1083. $user_personal[] = array('title' => $lang_profile['Location']);
  1084. $user_personal[] = array('data' => (($panther_config['o_censoring'] == '1') ? censor_words($user['location']) : $user['location']));
  1085. }
  1086. if ($user['url'] != '')
  1087. {
  1088. $user['url'] = ($panther_config['o_censoring'] == '1') ? censor_words($user['url']) : $user['url'];
  1089. $user_personal[] = array('title' => $lang_profile['Website']);
  1090. $user_personal[] = array('data' => $user['url'], 'class' => 'website', 'href' => true, 'lang' => $user['url']);
  1091. }
  1092. if ($user['email_setting'] == '0' && !$panther_user['is_guest'] && $panther_user['g_send_email'] == '1')
  1093. $email_field = array('data' => 'mailto:'.$user['email'], 'class' => 'email', 'href' => true, 'lang' => $user['email']);
  1094. else if ($user['email_setting'] == '1' && !$panther_user['is_guest'] && $panther_user['g_send_email'] == '1')
  1095. $email_field = array('data' => panther_link($panther_url['email'], array($id)), 'class' => 'email', 'href' => true, 'lang' => $lang_common['Send email']);
  1096. if (isset($email_field))
  1097. {
  1098. $user_personal[] = array('title' => $lang_common['Email']);
  1099. $user_personal[] = $email_field;
  1100. }
  1101. $user_personal[] = array('title' => $lang_online['currently']);
  1102. $user_personal[] = array('data' => $location, 'raw' => true);
  1103. $user_messaging = array();
  1104. if ($user['facebook'] != '')
  1105. {
  1106. $user_messaging[] = array('title' => $lang_profile['Facebook']);
  1107. $user_messaging[] = array('data' => (($panther_config['o_censoring'] == '1') ? censor_words($user['facebook']) : $user['facebook']));
  1108. }
  1109. if ($user['steam'] != '')
  1110. {
  1111. $user_messaging[] = array('title' => $lang_profile['Steam']);
  1112. $user_messaging[] = array('data' => $user['steam']);
  1113. }
  1114. if ($user['skype'] != '')
  1115. {
  1116. $user_messaging[] = array('title' => $lang_profile['Skype']);
  1117. $user_messaging[] = array('data' => (($panther_config['o_censoring'] == '1') ? censor_words($user['skype']) : $user['skype']));
  1118. }
  1119. if ($user['twitter'] != '')
  1120. {
  1121. $user_messaging[] = array('title' => $lang_profile['Twitter']);
  1122. $user_messaging[] = array('data' => (($panther_config['o_censoring'] == '1') ? censor_words($user['twitter']) : $user['twitter']));
  1123. }
  1124. if ($user['google'] != '')
  1125. {
  1126. $user_messaging[] = array('title' => $lang_profile['Google']);
  1127. $user_messaging[] = array('data' => (($panther_config['o_censoring'] == '1') ? censor_words($user['google']) : $user['google']));
  1128. }
  1129. $user_personality = array();
  1130. if ($panther_config['o_avatars'] == '1')
  1131. {
  1132. $user_personality[] = array('title' => $lang_profile['Avatar']);
  1133. $user_personality[] = array('data' => generate_avatar_markup($id, $user['email'], $user['use_gravatar']));
  1134. }
  1135. if ($panther_config['o_signatures'] == '1')
  1136. {
  1137. if ($user['signature'] != '')
  1138. {
  1139. require PANTHER_ROOT.'include/parser.php';
  1140. $user_personality[] = array('title' => $lang_profile['Signature']);
  1141. $user_personality[] = array('data' => $parser->parse_signature($user['signature']), 'signature' => true);
  1142. }
  1143. }
  1144. $user_activity = $quick_searches = array();
  1145. if ($panther_config['o_show_post_count'] == '1' || $panther_user['is_admmod'])
  1146. $quick_searches[]['data'] = forum_number_format($user['num_posts']);
  1147. if ($panther_user['g_search'] == '1')
  1148. {
  1149. if ($panther_user['is_admmod'] && $panther_config['o_warnings'] == '1')
  1150. {
  1151. // Load the warnings.php language file
  1152. require PANTHER_ROOT.'lang/'.$panther_user['language'].'/warnings.php';
  1153. // Does the user have active warnings?
  1154. $data = array(
  1155. ':id' => $id,
  1156. ':time' => time(),
  1157. );
  1158. $ps = $db->select('warnings', 'SUM(points)', $data, 'user_id=:id AND (date_expire>:time OR date_expire=0)');
  1159. $has_active = $ps->fetchColumn();
  1160. if ($has_active)
  1161. {
  1162. $warning_level = $lang_warnings['Warning level'];
  1163. $points_active = $has_active;
  1164. }
  1165. else
  1166. {
  1167. $warning_level = $lang_warnings['Warning level'];
  1168. $points_active = '0';
  1169. }
  1170. }
  1171. if (($panther_user['is_admin'] || ($panther_user['is_admmod'] && $panther_user['g_mod_warn_users'] == '1')) && $panther_config['o_warnings'] == '1')
  1172. {
  1173. $user_activity[] = array('title' => $warning_level);
  1174. $user_activity[] = array('data' => $points_active, 'href' => panther_link($panther_url['warning_view'], array($id)), 'lang' => $lang_warnings['Show all warnings'], 'href2' => panther_link($panther_url['warn_user'], array($id)), 'lang2' => $lang_warnings['Warn user']);
  1175. }
  1176. else if ($panther_user['is_admmod'] && $panther_config['o_warnings'] == '1')
  1177. {
  1178. $user_activity[] = array('title' => $warning_level);
  1179. $user_activity[] = array('data' => $points_active);
  1180. }
  1181. $quick_searches = array();
  1182. if ($user['num_posts'] > 0)
  1183. {
  1184. $quick_searches[] = array(panther_link($panther_url['search_user_topics'], array($id)), $lang_profile['Show topics']);
  1185. $quick_searches[] = array(panther_link($panther_url['search_user_posts'], array($id)), $lang_profile['Show posts']);
  1186. }
  1187. if ($panther_user['is_admmod'] && $panther_config['o_topic_subscriptions'] == '1')
  1188. $quick_searches[] = array(panther_link($panther_url['search_subscriptions'], array($id)), $lang_profile['Show subscriptions']);
  1189. }
  1190. if (!empty($quick_searches))
  1191. {
  1192. $user_activity[] = array('title' => $lang_common['Posts']);
  1193. $user_activity[] = array('implode' => true, 'data' => $quick_searches);
  1194. }
  1195. if ($user['num_posts'] > 0)
  1196. {
  1197. $user_activity[] = array('title' => $lang_common['Last post']);
  1198. $user_activity[] = array('data' => format_time($user['last_post']));
  1199. }
  1200. $user_activity[] = array('title' => $lang_profile['Last visit']);
  1201. $user_activity[] = array('data' => format_time($user['last_visit']));
  1202. $user_activity[] = array('title' => $lang_common['Registered']);
  1203. $user_activity[] = array('data' => format_time($user['registered'], true));
  1204. $render = array(
  1205. 'lang_profile' => $lang_profile,
  1206. 'lang_common' => $lang_common,
  1207. 'user_personal' => $user_personal,
  1208. 'user_messaging' => $user_messaging,
  1209. 'user_personality' => $user_personality,
  1210. 'user_activity' => $user_activity,
  1211. 'panther_config' => $panther_config,
  1212. );
  1213. if ($panther_config['o_reputation'] == '1')
  1214. {
  1215. switch(true)
  1216. {
  1217. case $user['reputation'] > '0':
  1218. $type = 'positive';
  1219. break;
  1220. case $user['reputation'] < '0':
  1221. $type = 'negative';
  1222. break;
  1223. default:
  1224. $type = 'zero';
  1225. break;
  1226. }
  1227. $render['reputation'] = array('type' => $type, 'value' => forum_number_format($user['reputation']), 'link_received' => panther_link($panther_url['profile_rep_received']