user.php | searchcode

/os-includes/ajax/user.php

https://github.com/meltingice/Osimo-Forum-System-v1
PHP | 381 lines | 326 code | 34 blank | 21 comment | 40 complexity | c25ac5e41ada54218e688882e1329d21 MD5 | raw file

<?php
/*
*	Osimo - next-generation forum system
*	Licensed under GPLv3 (GPL-LICENSE.txt)
*
*	os-includes/ajax/user.php - ajax backend for user modification
*/
session_start();
include_once('../dbconnect.php'); //connects to database
include_once('../paths.php');
include_once('../osimo.php');
$osimo = new Osimo(); //makes magic happen

/* User profile related ajax backend */
if(isset($_POST['section'])&&$_POST['section']=='info')
{
	$args['birthday_day'] = $_POST['birthday_day'];
	$args['birthday_month'] = $_POST['birthday_month'];
	$args['birthday_year'] = $_POST['birthday_year'];
	$args['field_about'] = $_POST['field_about'];
	$args['field_interests'] = $_POST['field_interests'];
	$args['field_sex'] = $_POST['field_sex'];
	$args['field_website'] = $_POST['field_website'];
	updateProfile('info',$args);
}
if(isset($_POST['section'])&&$_POST['section']=='contact')
{
	$args['field_aim'] = $_POST['field_aim'];
	$args['field_jabber'] = $_POST['field_jabber'];
	$args['field_msn'] = $_POST['field_msn'];
	$args['field_yim'] = $_POST['field_yim'];
	$args['field_icq'] = $_POST['field_icq'];
	updateProfile('contact',$args);
}
if(isset($_POST['section'])&&$_POST['section']=='bio')
{
	$args['field_biography'] = $_POST['field_biography'];
	updateProfile('bio',$args);
}
if(isset($_POST['section'])&&$_POST['section']=='sig')
{
	$args['signature'] = $_POST['signature'];
	updateProfile('sig',$args);
}

/* Memberlist related ajax backend */
if(isset($_POST['memberlist'])){ getMemberList($_POST['page'],$_POST['num'],$_POST['sort'],$_POST['sortDir']); }

/* User CP related ajax backend */
if(isset($_POST['updatepersonal']))
{
	if(isset($_POST['curPassword']))
	{
		$pwdChg = changePassword($_POST['curPassword'],$_POST['newPassword'],$_POST['newPassword2']);
		if($pwdChg)
		{
			updateUserSettings($_POST['displayName'],$_POST['email'],$_POST['timeZone']);
		}
	}
	else
	{
		updateUserSettings($_POST['displayName'],$_POST['email'],$_POST['timeZone']);
	}
}

/* User warning */
if(isset($_POST['warnuser']))
{
	warnUser($_POST['warnuser'],$_POST['warnpost']);
}

function updateUserSettings($displayName,$email,$timeZone)
{
	global $osimo;
	$user = $osimo->getLoggedInUser();
	if($user==false){ echo "0"; exit; }
	
	$displayName = secureContent($displayName);
	$email = secureContent($email);
	$timeZone = secureContent($timeZone);
	if($displayName==''||$email==''||$timeZone=='')
	{
		echo "0"; exit;
	}
	
	$query = "UPDATE users SET username_clean='$displayName',email='$email',time_zone='$timeZone' WHERE id='{$user['ID']}' LIMIT 1";
	$result = mysql_query($query);
	
	if($result)
	{
		$_SESSION['user']['display_name'] = $displayName;
    	$_SESSION['user']['email'] = $email;
    	$_SESSION['user']['time_zone'] = $timeZone;
		echo "1";
	}
	else
	{
		echo "0";
	}
}

function changePassword($curPassword, $newPassword, $newPassword2)
{
	global $osimo;
	
	$user = $osimo->getLoggedInUser();
	if($user==false){ echo "0"; return false; }
	
	$curPassword = sha1(secureContent($curPassword));
	$newPassword = sha1(secureContent($newPassword));
	$newPassword2 = sha1(secureContent($newPassword2));
	$query = "SELECT password FROM users WHERE id='{$user['ID']}' LIMIT 1";
	$result = mysql_query($query);
	
	if($result&&mysql_num_rows($result)>0)
	{
		$curPassword2 = reset(mysql_fetch_row($result));
		if($curPassword==$curPassword2)
		{
			if($newPassword==$newPassword2)
			{
				$query = "UPDATE users SET password='$newPassword' WHERE id='{$user['ID']}' LIMIT 1";
				$result = mysql_query($query);
				if($result)
				{
					echo "1";
					return true;
				}
				else
				{
					echo "0";
					return false;
				}
			}
			else
			{
				echo "passmismatch";
				return false;
			}
		}
		else
		{
			echo "passincorrect";
			return false;
		}
	}
	else
	{
		echo "0";
		return false;
	}
}

function updateProfile($section,$_args)
{
	global $osimo;
	$section = secureContent($section);
	$user = $osimo->getLoggedInUser();
	$userID = $user['ID'];
	
	/* First lets escape everything that was entered */
	foreach($_args as $key => $value)
	{
		$args[$key] = htmlspecialchars(secureContent(stripslashes($value)));
	}
	
	if($section=='info')
	{
		/* Retrieve the UNIX timestamp for the birthday */
		$birthday = adodb_mktime(12,0,0,$args['birthday_month'],$args['birthday_day'],$args['birthday_year']);
		$age = date('Y') - $args['birthday_year'];
		
		$args['birthday_month'] = false;
		$args['birthday_day'] = false;
		$args['birthday_year'] = false;
		
		$args = array_filter($args);
		
		$query = "UPDATE users SET birthday='$birthday',field_age='$age'";
		foreach($args as $key => $value)
		{
			$query .= ",$key='$value'";
		}
	}
	
	if($section=='contact')
	{
		$query = "UPDATE users SET ";
		$first=true;
		foreach($args as $key => $value)
		{
			if($first)
			{
				$query .= "$key='$value'";
				$first = false;
			}
			else
			{
				$query .= ",$key='$value'";
			}
		}
	}
	
	if($section=='bio')
	{
		$query = "UPDATE users SET field_biography='{$args['field_biography']}'";
	}
	
	if($section=='sig')
	{
		$query = "UPDATE users SET signature='{$args['signature']}'";
	}
	
	$query .= " WHERE id='$userID' LIMIT 1";
	$result = mysql_query($query);
	
	if($result)
	{
		$osimo->writeToSysLog('user-profile-edit',$user['ID'],$user['name']." edited their profile");
		echo $osimo->getUserSignature($userID,true,true);
	}
	else
	{
		echo "0";
	}
}

function getMemberList($page,$rows = 15,$sort='id',$sortDir='ASC')
{
	global $osimo;
	
	$memberlist = $osimo->getMemberList($page,$rows,$sort,$sortDir);
	$query = "SELECT COUNT(*) FROM users";
	$result = mysql_query($query);
	if($result){ $numMembers = reset(mysql_fetch_row($result)); }
	?>
	<div id="memberlist-wrap">
	<p><?php echo $numMembers; ?> Members | Page <span id="osimo_memberlist-curpage"><?php echo $page; ?></span> of <span id="osimo_memberlist-totpage"><?php echo $osimo->getPagination('table=users', 'num=15'); ?></span></p>
	<table cellpadding='4' cellspacing='0' id="memberlist">
		<tr style="font-weight: bold; cursor:pointer;">
			<td onclick="getMemberList(-1,-1,'id',-2)">ID</td>
			<td onclick="getMemberList(-1,-1,'username',-2)">Username</td>
			<td>Status</td>
			<td onclick="getMemberList(-1,-1,'birthday',-2)">Birthday</td>
			<td onclick="getMemberList(-1,-1,'rank_level',-2)">Rank</td>
			<td onclick="getMemberList(-1,-1,'posts',-2)">Posts</td>
		</tr>
		
	<?php
	foreach($memberlist as $member)
	{
		echo "
		<tr>
    		<td>" . $member['id'] . "</td>
    		<td>" . $member['username'] . "</td>
   		 	<td>" . $member['status'] . "</td>
   			<td>" . $member['birthday'] . "</td>
    		<td>" . $member['rank'] . "</td>
    		<td>" . $member['posts'] . "</td>
		</tr>";
	}
	echo "</table>";
	?>
	<ul class="osimo_memberlist-controls">
		<li onclick="getMemberList('first',-1,-1,-1)">First</li>
		<li onclick="getMemberList('prev',-1,-1,-1)">Previous</li>
		<li onclick="getMemberList('next',-1,-1,-1)">Next</li>
		<li onclick="getMemberList('last',-1,-1,-1)">Last</li>
	</ul>
	<?php
}

function resetPassword($step,$type,$data)
{
	global $osimo;
	$data = secureContent($data);
	/* User entered username */
	if($step==1&&$type==1)
	{
		/* First we need to make sure the user exists */
		$query = "SELECT COUNT(*) FROM users WHERE username='$data' LIMIT 1";
		$result = mysql_query($query);
		if(reset(mysql_fetch_row($result))==1)
		{
			/* User exists, proceed with reset */
			$code = sha1(time()+rand(0,9999));
			$query2 = "UPDATE users SET reset_code='$code' WHERE username='$data' LIMIT 1";
			$result2 = mysql_query($query2);
			if($result2)
			{
				$query3 = "SELECT email FROM users WHERE username='$data' LIMIT 1";
				$result3 = mysql_query($query3);
				if($result3){ $email = reset(mysql_fetch_row($result3)); $username = $data; }
			}
		}
		else
		{
			echo "0";
		}
	}
	/* User entered email address */
	elseif($step==1&&$type==2)
	{
	    /* First, check to make sure email address is in database */
	    $query = "SELECT COUNT(*) FROM users WHERE email='$data' LIMIT 1";
	    $result = mysql_query($query);
	    if(reset(mysql_fetch_row($result))==1)
	    {
	    	/* Email exists, proceed with reset */
	    	$code = sha1(time()+rand(0,9999));
	    	$query2 = "UPDATE users SET reset_code='$code' WHERE email='$data' LIMIT 1";
	    	$result2 = mysql_query($query2);
	    	if($result2)
	    	{
	    		$query3 = "SELECT username FROM users WHERE email='$data' LIMIT 1";
	    		$result3 = mysql_query($query3);
	    		if($result3){ $username = reset(mysql_fetch_row($result3)); $email = $data; }
	    	}
	    }
	}
	if($step==1)
	{
		if($result3)
		{
		    include_once(ABS_INCLUDES.'mail.php');
		    /* Send welcome email to user */
		    $title = "Osimo Password Reset";
		    $content = "<h4>Osimo Password Reset</h4>";
		    $content .= "<p>Someone (probably you) has requested a password reset for the username $username on ".processDomain($_SERVER['HTTP_HOST'])."</p>";
		    $content .= "<p>If you did not make this request, then simply ignore this email and your account will not be touched.</p>";
		    $content .= "<p>To reset your password, enter this code into the Reset Code field: $code</p>";
		    sendMail($title,$content,$username,$email,'Osimo Registration',"OsimoRegistration@".processDomain($_SERVER['HTTP_HOST']));
		    
		    getForgotPasswordBox(1);
		}
	}
	
	if($step==2)
	{
		/* User is resetting password, need code validation check */
		if($data['pass1']!=$data['pass2'])
		{
			echo "<p>The passwords entered do not match!</p>"; getForgotPasswordBox(1); exit;
		}
		
		$query = "SELECT id FROM users WHERE reset_code='{$data['code']}' LIMIT 1";
		$result = mysql_query($query);
		if($result&&mysql_num_rows($result)>0)
		{
			while(list($id)=mysql_fetch_row($result))
			{
				/* Code entered is correct, continue */
				$password = sha1($data['pass1']);
				$query2 = "UPDATE users SET password='$password' WHERE id='$id' LIMIT 1";
				$result2 = mysql_query($query2);
				if($result2)
				{
					$osimo->writeToSysLog('password-reset',$user['ID'],$user['name']." has reset their password");
					getForgotPasswordBox(2);
				}
			}
		}
		else
		{
			echo "<p>The reset code entered is not correct!</p>"; getForgotPasswordBox(1); exit;
		}
	}
}

function warnUser($userID,$postID)
{
	global $osimo;
	
	if(!$osimo->userIsAdmin()&&!$osimo->userIsModerator()){ echo "0"; exit; }
	
	$result = $osimo->createWarning($userID,$postID);
	
	if($result){ echo "1"; }
	else{ echo "0"; }
}
?>