PageRenderTime 35ms CodeModel.GetById 35ms RepoModel.GetById 1ms app.codeStats 0ms

/html/AppCode/expressionengine/modules/member/mod.member_settings.php

https://github.com/w3bg/www.hsifin.com
PHP | 2305 lines | 1452 code | 491 blank | 362 comment | 325 complexity | 23ca8e45036cd534ce14202d25cbda85 MD5 | raw file
Possible License(s): AGPL-3.0 
    

  1. <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
    2. 

  2. 

  3. /**
    4. 

  4.  * ExpressionEngine - by EllisLab
    5. 

  5.  *
    6. 

  6.  * @package		ExpressionEngine
    7. 

  7.  * @author		ExpressionEngine Dev Team
    8. 

  8.  * @copyright	Copyright (c) 2003 - 2010, EllisLab, Inc.
    9. 

  9.  * @license		http://expressionengine.com/user_guide/license.html
    10. 

  10.  * @link		http://expressionengine.com
    11. 

  11.  * @since		Version 2.0
    12. 

  12.  * @filesource
    13. 

  13.  */
    14. 

  14. 

  15. // --------------------------------------------------------------------
    16. 

  16. 

  17. /**
    18. 

  18.  * Member Management Module
    19. 

  19.  *
    20. 

  20.  * @package		ExpressionEngine
    21. 

  21.  * @subpackage	Modules
    22. 

  22.  * @category	Modules
    23. 

  23.  * @author		ExpressionEngine Dev Team
    24. 

  24.  * @link		http://expressionengine.com
    25. 

  25.  */
    26. 

  26. 

  27. class Member_settings extends Member {
    28. 

  28. 

  29. 

  30. 	/** ----------------------------------
    31. 

  31. 	/**  Member_settings Profile Constructor
    32. 

  32. 	/** ----------------------------------*/
    33. 

  33. 	function Member_settings()
    34. 

  34. 	{
    35. 

  35. 	}
    36. 

  36. 

  37. 

  38. 	/** ----------------------------------------
    39. 

  39. 	/**  Member Profile - Menu
    40. 

  40. 	/** ----------------------------------------*/
    41. 

  41. 	function profile_menu()
    42. 

  42. 	{
    43. 

  43. 		$menu = $this->_load_element('menu');
    44. 

  44. 

  45. 		if ($this->EE->config->item('allow_member_localization') == 'n' AND $this->EE->session->userdata('group_id') != 1)
    46. 

  46. 		{
    47. 

  47. 			$menu = $this->_deny_if('allow_localization', $menu);
    48. 

  48. 		}
    49. 

  49. 		else
    50. 

  50. 		{
    51. 

  51. 			$menu = $this->_allow_if('allow_localization', $menu);
    52. 

  52. 		}
    53. 

  53. 

  54. 		return $this->_var_swap($menu,
    55. 

  55. 								array(
    56. 

  56. 										'path:profile'			=> $this->_member_path('edit_profile'),
    57. 

  57. 										'path:email'			=> $this->_member_path('edit_email'),
    58. 

  58. 										'path:username'			=> $this->_member_path('edit_userpass'),
    59. 

  59. 										'path:localization'		=> $this->_member_path('edit_localization'),
    60. 

  60. 										'path:subscriptions'	=> $this->_member_path('edit_subscriptions'),
    61. 

  61. 										'path:ignore_list'		=> $this->_member_path('edit_ignore_list'),
    62. 

  62. 										'path:notepad'			=> $this->_member_path('edit_notepad'),
    63. 

  63. 										'include:messages_menu' => $this->pm_menu()
    64. 

  64. 									 )
    65. 

  65. 								 );
    66. 

  66. 	}
    67. 

  67. 

  68. 

  69. 	/** ----------------------------------------
    70. 

  70. 	/**  Member Profile Main Page
    71. 

  71. 	/** ----------------------------------------*/
    72. 

  72. 	function profile_main()
    73. 

  73. 	{
    74. 

  74. 		$query = $this->EE->db->query("SELECT email, join_date, last_visit, last_activity, last_entry_date, last_comment_date, total_forum_topics, total_forum_posts, total_entries, total_comments, last_forum_post_date FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    75. 

  75. 

  76. 		$time_fmt = ($this->EE->session->userdata['time_format'] != '') ? $this->EE->session->userdata['time_format'] : $this->EE->config->item('time_format');
    77. 

  77. 		$datecodes = ($time_fmt == 'us') ? $this->us_datecodes : $this->eu_datecodes;
    78. 

  78. 

  79. 		return  $this->_var_swap($this->_load_element('home_page'),
    80. 

  80. 								array(
    81. 

  81. 										'email'						=> $query->row('email') ,
    82. 

  82. 										'join_date'					=> $this->EE->localize->decode_date($datecodes['long'], $query->row('join_date') ),
    83. 

  83. 										'last_visit_date'			=> ($query->row('last_activity')  == 0) ? '--' : $this->EE->localize->decode_date($datecodes['long'], $query->row('last_activity') ),
    84. 

  84. 										'recent_entry_date'			=> ($query->row('last_entry_date')  == 0) ? '--' : $this->EE->localize->decode_date($datecodes['long'], $query->row('last_entry_date') ),
    85. 

  85. 										'recent_comment_date'		=> ($query->row('last_comment_date')  == 0) ? '--' : $this->EE->localize->decode_date($datecodes['long'], $query->row('last_comment_date') ),
    86. 

  86. 										'recent_forum_post_date'	=> ($query->row('last_forum_post_date')  == 0) ? '--' : $this->EE->localize->decode_date($datecodes['long'], $query->row('last_forum_post_date') ),
    87. 

  87. 										'total_topics'				=> $query->row('total_forum_topics') ,
    88. 

  88. 										'total_posts'				=> $query->row('total_forum_posts')  + $query->row('total_forum_topics') ,
    89. 

  89. 										'total_replies'				=> $query->row('total_forum_posts') ,
    90. 

  90. 										'total_entries'				=> $query->row('total_entries') ,
    91. 

  91. 										'total_comments'			=> $query->row('total_comments')
    92. 

  92. 									)
    93. 

  93. 								);
    94. 

  94. 	}
    95. 

  95. 

  96. 

  97. 

  98. 

  99. 	/** ----------------------------------------
    100. 

  100. 	/**  Member Public Profile
    101. 

  101. 	/** ----------------------------------------*/
    102. 

  102. 	function public_profile()
    103. 

  103. 	{
    104. 

  104. 		/** ----------------------------------------
    105. 

  105. 		/**  Can the user view profiles?
    106. 

  106. 		/** ----------------------------------------*/
    107. 

  107. 

  108. 		if ($this->EE->session->userdata('can_view_profiles') == 'n')
    109. 

  109. 		{
    110. 

  110. 			return $this->EE->output->show_user_error('general', 
    111. 

  111. 					array($this->EE->lang->line('mbr_not_allowed_to_view_profiles')));
    112. 

  112. 		}
    113. 

  113. 

  114. 		/** ----------------------------------------
    115. 

  115. 		/**  Fetch the member data
    116. 

  116. 		/** ----------------------------------------*/
    117. 

  117. 

  118. 		$select = 'm.member_id, m.group_id, m.username, m.screen_name, m.email, m.signature, 
    119. 

  119. 					m.avatar_filename, m.avatar_width, m.avatar_height, m.photo_filename, 
    120. 

  120. 					m.photo_width, m.photo_height, m.url, m.location, m.occupation, m.interests,
    121. 

  121. 					m.icq, m.aol_im, m.yahoo_im, m.msn_im, m.bio, m.join_date, m.last_visit, 
    122. 

  122. 					m.last_activity, m.last_entry_date, m.last_comment_date, m.last_forum_post_date, 
    123. 

  123. 					m.total_entries, m.total_comments, m.total_forum_topics,
    124. 

  124. 					m.total_forum_posts, m.language, m.timezone, m.daylight_savings, 
    125. 

  125. 					m.bday_d, m.bday_m, m.bday_y, m.accept_user_email, m.accept_messages,
    126. 

  126. 					g.group_title, g.can_send_private_messages';
    127. 

    128. 

  128. 		$this->EE->db->select($select);
    129. 

  129. 		$this->EE->db->from(array('members m', 'member_groups g'));
    130. 

  130. 		$this->EE->db->where('m.member_id', $this->cur_id, FALSE);
    131. 

  131. 		$this->EE->db->where('g.site_id', $this->EE->config->item('site_id'));
    132. 

  132. 		$this->EE->db->where('m.group_id', 'g.group_id', FALSE);
    133. 

  133. 

  134. 		if ($this->is_admin == FALSE OR $this->EE->session->userdata('group_id') != 1)
    135. 

  135. 		{
    136. 

  136. 			$this->EE->db->where('m.group_id !=', 2);
    137. 

  137. 		}
    138. 

  138. 

  139. 		$this->EE->db->where('m.group_id !=', 3);
    140. 

  140. 		$this->EE->db->where('m.group_id !=', 4);
    141. 

  141. 

  142. 		$query = $this->EE->db->get();
    143. 

  143. 

  144. 		if ($query->num_rows() == 0)
    145. 

  145. 		{
    146. 

  146. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('profile_not_available')));
    147. 

  147. 		}
    148. 

  148. 

  149. 		// Fetch the row
    150. 

  150. 		$row = $query->row_array();
    151. 

  151. 

  152. 		/** ----------------------------------------
    153. 

  153. 		/**  Fetch the template
    154. 

  154. 		/** ----------------------------------------*/
    155. 

  155. 

  156. 		$content = $this->_load_element('public_profile');
    157. 

  157. 

  158. 		/** ----------------------------------------
    159. 

  159. 		/**  Is there an avatar?
    160. 

  160. 		/** ----------------------------------------*/
    161. 

  161. 

  162. 		if ($this->EE->config->item('enable_avatars') == 'y' AND $row['avatar_filename']  != '')
    163. 

  163. 		{
    164. 

  164. 			$avatar_path	= $this->EE->config->slash_item('avatar_url').$row['avatar_filename'] ;
    165. 

  165. 			$avatar_width	= $row['avatar_width'] ;
    166. 

  166. 			$avatar_height	= $row['avatar_height'] ;
    167. 

  167. 

  168. 			$content = $this->_allow_if('avatar', $content);
    169. 

  169. 		}
    170. 

  170. 		else
    171. 

  171. 		{
    172. 

  172. 			$avatar_path	= '';
    173. 

  173. 			$avatar_width	= '';
    174. 

  174. 			$avatar_height	= '';
    175. 

  175. 

  176. 			$content = $this->_deny_if('avatar', $content);
    177. 

  177. 		}
    178. 

  178. 

  179. 		/** ----------------------------------------
    180. 

  180. 		/**  Is there a member photo?
    181. 

  181. 		/** ----------------------------------------*/
    182. 

  182. 

  183. 		if ($this->EE->config->item('enable_photos') == 'y' AND $row['photo_filename'] != '')
    184. 

  184. 		{
    185. 

  185. 			$photo_path		= $this->EE->config->slash_item('photo_url').$row['photo_filename'] ;
    186. 

  186. 			$photo_width	= $row['photo_width'] ;
    187. 

  187. 			$photo_height	= $row['photo_height'] ;
    188. 

  188. 

  189. 			$content = $this->_allow_if('photo', $content);
    190. 

  190. 			$content = $this->_deny_if('not_photo', $content);
    191. 

  191. 		}
    192. 

  192. 		else
    193. 

  193. 		{
    194. 

  194. 			$photo_path	= '';
    195. 

  195. 			$photo_width	= '';
    196. 

  196. 			$photo_height	= '';
    197. 

  197. 

  198. 			$content = $this->_deny_if('photo', $content);
    199. 

  199. 			$content = $this->_allow_if('not_photo', $content);
    200. 

  200. 		}
    201. 

  201. 

  202. 

  203. 		/** ----------------------------------------
    204. 

  204. 		/**  Forum specific stuff
    205. 

  205. 		/** ----------------------------------------*/
    206. 

  206. 

  207. 		$rank_class = 'rankMember';
    208. 

  208. 		$rank_title	= '';
    209. 

  209. 		$rank_stars	= '';
    210. 

  210. 		$stars		= '';
    211. 

  211. 

  212. 		if ($this->in_forum == TRUE)
    213. 

  213. 		{
    214. 

  214. 			$rank_query	 = $this->EE->db->query("SELECT rank_title, rank_min_posts, rank_stars FROM exp_forum_ranks ORDER BY rank_min_posts");
    215. 

  215. 			$mod_query	 = $this->EE->db->query("SELECT mod_member_id, mod_group_id FROM exp_forum_moderators");
    216. 

  216. 

  217. 			$total_posts = ($row['total_forum_topics']  + $row['total_forum_posts'] );
    218. 

  218. 

  219. 			/** ----------------------------------------
    220. 

  220. 			/**  Assign the rank stars
    221. 

  221. 			/** ----------------------------------------*/
    222. 

  222. 

  223. 			if (preg_match("/{if\s+rank_stars\}(.+?){\/if\}/i", $content, $matches))
    224. 

  224. 			{
    225. 

  225. 				$rank_stars = $matches['1'];
    226. 

  226. 				$content = str_replace($matches['0'], '{rank_stars}', $content);
    227. 

  227. 			}
    228. 

  228. 

  229. 			if ($rank_stars != '' AND $rank_query->num_rows() > 0)
    230. 

  230. 			{
    231. 

  231. 				$num_stars = NULL;
    232. 

  232. 				$rank_title = '';
    233. 

  233. 

  234. 				$i = 1;
    235. 

  235. 				foreach ($rank_query->result_array() as $rank)
    236. 

  236. 				{
    237. 

  237. 					if ($num_stars == NULL)
    238. 

  238. 					{
    239. 

  239. 						$num_stars	= $rank['rank_stars'];
    240. 

  240. 						$rank_title	= $rank['rank_title'];
    241. 

  241. 					}
    242. 

  242. 

  243. 					if ($rank['rank_min_posts'] >= $total_posts)
    244. 

  244. 					{
    245. 

  245. 						$stars = str_repeat($rank_stars, $num_stars);
    246. 

  246. 						break;
    247. 

  247. 					}
    248. 

  248. 					else
    249. 

  249. 					{
    250. 

  250. 						$num_stars	= $rank['rank_stars'];
    251. 

  251. 						$rank_title = $rank['rank_title'];
    252. 

  252. 					}
    253. 

  253. 

  254. 					if ($i++ == $rank_query->num_rows)
    255. 

  255. 					{
    256. 

  256. 						$stars = str_repeat($rank_stars,  $num_stars);
    257. 

  257. 						break;
    258. 

  258. 					}
    259. 

  259. 				}
    260. 

  260. 			}
    261. 

  261. 

  262. 			/** ----------------------------------------
    263. 

  263. 			/**  Assign the member rank
    264. 

  264. 			/** ----------------------------------------*/
    265. 

  265. 

  266. 			// Is the user an admin?
    267. 

  267. 

  268. 			$admin_query = $this->EE->db->query('SELECT admin_group_id, admin_member_id FROM exp_forum_administrators');
    269. 

  269. 

  270. 			$is_admin = FALSE;
    271. 

  271. 			if ($admin_query->num_rows() > 0)
    272. 

  272. 			{
    273. 

  273. 				foreach ($admin_query->result_array() as $admin)
    274. 

  274. 				{
    275. 

  275. 					if ($admin['admin_member_id'] != 0)
    276. 

  276. 					{
    277. 

  277. 						if ($admin['admin_member_id'] == $this->cur_id)
    278. 

  278. 						{
    279. 

  279. 							$is_admin = TRUE;
    280. 

  280. 							break;
    281. 

  281. 						}
    282. 

  282. 					}
    283. 

  283. 					elseif ($admin['admin_group_id'] != 0)
    284. 

  284. 					{
    285. 

  285. 						if ($admin['admin_group_id'] == $row['group_id'] )
    286. 

  286. 						{
    287. 

  287. 							$is_admin = TRUE;
    288. 

  288. 							break;
    289. 

  289. 						}
    290. 

  290. 					}
    291. 

  291. 				}
    292. 

  292. 			}
    293. 

  293. 

  294. 

  295. 			if ($row['group_id']  == 1 OR $is_admin == TRUE)
    296. 

  296. 			{
    297. 

  297. 				$rankclass = 'rankAdmin';
    298. 

  298. 				$rank_class = 'rankAdmin';
    299. 

  299. 				$rank_title = $this->EE->lang->line('administrator');
    300. 

  300. 			}
    301. 

  301. 			else
    302. 

  302. 			{
    303. 

  303. 				if ($mod_query->num_rows() > 0)
    304. 

  304. 				{
    305. 

  305. 					foreach ($mod_query->result_array() as $mod)
    306. 

  306. 					{
    307. 

  307. 						if ($mod['mod_member_id'] == $this->cur_id OR $mod['mod_group_id'] == $row['group_id'] )
    308. 

  308. 						{
    309. 

  309. 							$rank_class = 'rankModerator';
    310. 

  310. 							$rank_title = $this->EE->lang->line('moderator');
    311. 

  311. 							break;
    312. 

  312. 						}
    313. 

  313. 					}
    314. 

  314. 				}
    315. 

  315. 			}
    316. 

  316. 		}
    317. 

  317. 

  318. 		/** ----------------------------------------
    319. 

  319. 		/**  Parse variables
    320. 

  320. 		/** ----------------------------------------*/
    321. 

  321. 

  322. 		if ($this->in_forum == TRUE)
    323. 

  323. 		{
    324. 

  324. 			$search_path = $this->forum_path.'member_search/'.$this->cur_id.'/';
    325. 

  325. 		}
    326. 

  326. 		else
    327. 

  327. 		{
    328. 

  328. 			$search_path = $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$this->EE->functions->fetch_action_id('Search', 'do_search').'&amp;mbr='.urlencode($row['member_id'] );
    329. 

  329. 		}
    330. 

  330. 

  331. 		$ignore_form = array('hidden_fields'	=> array('toggle[]' => '', 'name' => '', 'daction' => ''),
    332. 

  332. 							  'action'			=> $this->_member_path('update_ignore_list'),
    333. 

  333. 						 	  'id'				=> 'target'
    334. 

  334. 						 	  );
    335. 

  335. 

  336. 		if ( ! in_array($row['member_id'] , $this->EE->session->userdata['ignore_list']))
    337. 

  337. 		{
    338. 

  338. 			$ignore_button = "<div><a href='".$this->_member_path('edit_ignore_list')."' ".
    339. 

  339. 								"onclick='dynamic_action(\"add\");list_addition(\"".$row['screen_name'] ."\");return false;'>".
    340. 

  340. 								"{lang:ignore_member}</a></div></form>";
    341. 

  341. 		}
    342. 

  342. 		else
    343. 

  343. 		{
    344. 

  344. 			$ignore_button = "<div><a href='".$this->_member_path('edit_ignore_list')."' ".
    345. 

  345. 								"onclick='dynamic_action(\"delete\");list_addition(\"".$row['member_id'] ."\", \"toggle[]\");return false;'>".
    346. 

  346. 								"{lang:unignore_member}</a></div></form>";
    347. 

  347. 		}
    348. 

  348. 

  349. 		$content = $this->_var_swap($content,
    350. 

  350. 										array(
    351. 

  351. 												'aim_console'			=> "onclick=\"window.open('".$this->_member_path('aim_console/'.$this->cur_id)."', '_blank', 'width=240,height=360,scrollbars=yes,resizable=yes,status=yes,screenx=5,screeny=5');\"",
    352. 

  352. 												'icq_console'			=> "onclick=\"window.open('".$this->_member_path('icq_console/'.$this->cur_id)."', '_blank', 'width=650,height=580,scrollbars=yes,resizable=yes,status=yes,screenx=5,screeny=5');\"",
    353. 

  353. 												'yahoo_console'			=> "http://edit.yahoo.com/config/send_webmesg?.target=".$row['yahoo_im'] ."&amp;.src=pg",
    354. 

  354. 												'email_console'			=> "onclick=\"window.open('".$this->_member_path('email_console/'.$this->cur_id)."', '_blank', 'width=650,height=600,scrollbars=yes,resizable=yes,status=yes,screenx=5,screeny=5');\"",
    355. 

  355. 												'send_private_message'	=> $this->_member_path('messages/pm/'.$this->cur_id),
    356. 

  356. 												'search_path'			=> $search_path,
    357. 

  357. 												'path:avatar_url'		=> $avatar_path,
    358. 

  358. 												'avatar_width'			=> $avatar_width,
    359. 

  359. 												'avatar_height'			=> $avatar_height,
    360. 

  360. 												'path:photo_url'		=> $photo_path,
    361. 

  361. 												'photo_width'			=> $photo_width,
    362. 

  362. 												'photo_height'			=> $photo_height,
    363. 

  363. 												'rank_class'			=> $rank_class,
    364. 

  364. 												'rank_stars'			=> $stars,
    365. 

  365. 												'rank_title'			=> $rank_title,
    366. 

  366. 												'ignore_link'			=> $this->list_js().
    367. 

  367. 																			$this->EE->functions->form_declaration($ignore_form).
    368. 

  368. 																			$ignore_button
    369. 

  369. 											)
    370. 

  370. 										);
    371. 

  371. 

  372. 

  373. 		$vars = $this->EE->functions->assign_variables($content, '/');
    374. 

  374. 		$this->var_single	= $vars['var_single'];
    375. 

  375. 		$this->var_pair		= $vars['var_pair'];
    376. 

  376. 

  377. 		$this->var_cond = $this->EE->functions->assign_conditional_variables($content, '/');
    378. 

  378. 

  379. 		/** ----------------------------------------
    380. 

  380. 		/**  Parse conditional pairs
    381. 

  381. 		/** ----------------------------------------*/
    382. 

  382. 		foreach ($this->var_cond as $val)
    383. 

  383. 		{
    384. 

  384. 			/** ----------------------------------------
    385. 

  385. 			/**  Conditional statements
    386. 

  386. 			/** ----------------------------------------*/
    387. 

  387. 

  388. 			$cond = $this->EE->functions->prep_conditional($val['0']);
    389. 

  389. 

  390. 			$lcond	= substr($cond, 0, strpos($cond, ' '));
    391. 

  391. 			$rcond	= substr($cond, strpos($cond, ' '));
    392. 

  392. 

  393. 			if ( isset($row[$val['3']]))
    394. 

  394. 			{
    395. 

  395. 				$lcond = str_replace($val['3'], "\$row['".$val['3'] ."']", $lcond);
    396. 

  396. 				$cond = $lcond.' '.$rcond;
    397. 

  397. 				$cond = str_replace("\|", "|", $cond);
    398. 

  398. 

  399. 				eval("\$result = ".$cond.";");
    400. 

  400. 

  401. 				if ($result)
    402. 

  402. 				{
    403. 

  403. 					$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "\\1", $content);
    404. 

  404. 				}
    405. 

  405. 				else
    406. 

  406. 				{
    407. 

  407. 					$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "", $content);
    408. 

  408. 				}
    409. 

  409. 			}
    410. 

  410. 

  411. 			/** ----------------------------------------
    412. 

  412. 			/**  {if accept_email}
    413. 

  413. 			/** ----------------------------------------*/
    414. 

  414. 			if (preg_match("/^if\s+accept_email.*/i", $val['0']))
    415. 

  415. 			{
    416. 

  416. 				if ($row['accept_user_email'] == 'n')
    417. 

  417. 				{
    418. 

  418. 					$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "", $content);
    419. 

  419. 				}
    420. 

  420. 				else
    421. 

  421. 				{
    422. 

  422. 					$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "\\1", $content);
    423. 

  423. 				}
    424. 

  424. 			}
    425. 

  425. 

  426. 			/** ----------------------------------------
    427. 

  427. 			/**  {if can_private_message}
    428. 

  428. 			/** ----------------------------------------*/
    429. 

  429. 			if (stristr($val['0'], 'can_private_message'))
    430. 

  430. 			{
    431. 

  431. 				if ($row['can_send_private_messages'] == 'n' OR $row['accept_messages'] == 'n')
    432. 

  432. 				{
    433. 

  433. 					$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "", $content);
    434. 

  434. 				}
    435. 

  435. 				else
    436. 

  436. 				{
    437. 

  437. 					$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "\\1", $content);
    438. 

  438. 				}
    439. 

  439. 			}
    440. 

  440. 

  441. 			/** -------------------------------------
    442. 

  442. 			/**  {if ignore}
    443. 

  443. 			/** -------------------------------------*/
    444. 

  444. 

  445. 			if (stristr($val['0'], 'ignore'))
    446. 

  446. 			{
    447. 

  447. 				if ($row['member_id'] == $this->EE->session->userdata['member_id'])
    448. 

  448. 				{
    449. 

  449. 					$content = $this->_deny_if('ignore', $content);
    450. 

  450. 				}
    451. 

  451. 				else
    452. 

  452. 				{
    453. 

  453. 					$content = $this->_allow_if('ignore', $content);
    454. 

  454. 				}
    455. 

  455. 			}
    456. 

  456. 		}
    457. 

  457. 		// END CONDITIONAL PAIRS
    458. 

  458. 		$this->EE->load->library('typography');
    459. 

  459. 		$this->EE->typography->initialize();
    460. 

  460. 

  461. 		/** ----------------------------------------
    462. 

  462. 		/**  Parse "single" variables
    463. 

  463. 		/** ----------------------------------------*/
    464. 

  464. 		foreach ($this->var_single as $key => $val)
    465. 

  465. 		{
    466. 

  466. 			/** ----------------------------------------
    467. 

  467. 			/**  Format URLs
    468. 

  468. 			/** ----------------------------------------*/
    469. 

  469. 			if ($key == 'url')
    470. 

  470. 			{
    471. 

  471. 				if (strncmp($row['url'], 'http', 4) != 0 && strpos($row['url'], '://') === FALSE)
    472. 

  472. 				{
    473. 

  473. 					$row['url'] = "http://".$row['url'] ;
    474. 

  474. 				}
    475. 

  475. 			}
    476. 

  476. 

  477. 			/** ----------------------------------------
    478. 

  478. 			/**  "last_visit"
    479. 

  479. 			/** ----------------------------------------*/
    480. 

  480. 

  481. 			if (strncmp($key, 'last_visit', 10) == 0)
    482. 

  482. 			{
    483. 

  483. 				$content = $this->_var_swap_single($key, ($row['last_activity'] > 0) ? $this->EE->localize->decode_date($val, $row['last_activity'] ) : '', $content);
    484. 

  484. 			}
    485. 

  485. 

  486. 			/** ----------------------------------------
    487. 

  487. 			/**  "join_date"
    488. 

  488. 			/** ----------------------------------------*/
    489. 

  489. 

  490. 			if (strncmp($key, 'join_date', 9) == 0)
    491. 

  491. 			{
    492. 

  492. 				$content = $this->_var_swap_single($key, ($row['join_date'] > 0) ? $this->EE->localize->decode_date($val, $row['join_date'] ) : '', $content);
    493. 

  493. 			}
    494. 

  494. 

  495. 			/** ----------------------------------------
    496. 

  496. 			/**  "last_entry_date"
    497. 

  497. 			/** ----------------------------------------*/
    498. 

  498. 

  499. 			if (strncmp($key, 'last_entry_date', 15) == 0)
    500. 

  500. 			{
    501. 

  501. 				$content = $this->_var_swap_single($key, ($row['last_entry_date']  > 0) ? $this->EE->localize->decode_date($val, $row['last_entry_date'] ) : '', $content);
    502. 

  502. 			}
    503. 

  503. 

  504. 			/** ----------------------------------------
    505. 

  505. 			/**  "last_forum_post_date"
    506. 

  506. 			/** ----------------------------------------*/
    507. 

  507. 

  508. 			if (strncmp($key, 'last_forum_post_date', 20) == 0)
    509. 

  509. 			{
    510. 

  510. 				$content = $this->_var_swap_single($key, ($row['last_forum_post_date']  > 0) ? $this->EE->localize->decode_date($val, $row['last_forum_post_date'] ) : '', $content);
    511. 

  511. 			}
    512. 

  512. 

  513. 			/** ----------------------------------------
    514. 

  514. 			/**  parse "recent_comment"
    515. 

  515. 			/** ----------------------------------------*/
    516. 

  516. 

  517. 			if (strncmp($key, 'last_comment_date', 17) == 0)
    518. 

  518. 			{
    519. 

  519. 				$content = $this->_var_swap_single($key, ($row['last_comment_date']  > 0) ? $this->EE->localize->decode_date($val, $row['last_comment_date'] ) : '', $content);
    520. 

  520. 			}
    521. 

  521. 

  522. 			/** ----------------------
    523. 

  523. 			/**  {name}
    524. 

  524. 			/** ----------------------*/
    525. 

  525. 

  526. 			$name = ( ! $row['screen_name'] ) ? $row['username']  : $row['screen_name'] ;
    527. 

  527. 

  528. 			$name = $this->_convert_special_chars($name);
    529. 

  529. 

  530. 			if ($key == "name")
    531. 

  531. 			{
    532. 

  532. 				$content = $this->_var_swap_single($val, $name, $content);
    533. 

  533. 			}
    534. 

  534. 

  535. 			/** ----------------------
    536. 

  536. 			/**  {member_group}
    537. 

  537. 			/** ----------------------*/
    538. 

  538. 

  539. 			if ($key == "member_group")
    540. 

  540. 			{
    541. 

  541. 				$content = $this->_var_swap_single($val, $row['group_title'] , $content);
    542. 

  542. 			}
    543. 

  543. 

  544. 			/** ----------------------
    545. 

  545. 			/**  {email}
    546. 

  546. 			/** ----------------------*/
    547. 

  547. 

  548. 			if ($key == "email")
    549. 

  549. 			{
    550. 

  550. 				$content = $this->_var_swap_single($val, $this->EE->typography->encode_email($row['email'] ), $content);
    551. 

  551. 			}
    552. 

  552. 

  553. 			/** ----------------------
    554. 

  554. 			/**  {birthday}
    555. 

  555. 			/** ----------------------*/
    556. 

  556. 

  557. 			if ($key == "birthday")
    558. 

  558. 			{
    559. 

  559. 				$birthday = '';
    560. 

  560. 

  561. 				if ($row['bday_m']  != '' AND $row['bday_m']  != 0)
    562. 

  562. 				{
    563. 

  563. 					$month = (strlen($row['bday_m'] ) == 1) ? '0'.$row['bday_m'] : $row['bday_m'];
    564. 

  564. 

  565. 					$m = $this->EE->localize->localize_month($month);
    566. 

  566. 

  567. 					$birthday .= $this->EE->lang->line($m['1']);
    568. 

  568. 

  569. 					if ($row['bday_d'] != '' AND $row['bday_d']  != 0)
    570. 

  570. 					{
    571. 

  571. 						$birthday .= ' '.$row['bday_d'] ;
    572. 

  572. 					}
    573. 

  573. 				}
    574. 

  574. 

  575. 				if ($row['bday_y']  != '' AND $row['bday_y']  != 0)
    576. 

  576. 				{
    577. 

  577. 					if ($birthday != '')
    578. 

  578. 					{
    579. 

  579. 						$birthday .= ', ';
    580. 

  580. 					}
    581. 

  581. 

  582. 					$birthday .= $row['bday_y'] ;
    583. 

  583. 				}
    584. 

  584. 

  585. 				if ($birthday == '')
    586. 

  586. 				{
    587. 

  587. 					$birthday = '';
    588. 

  588. 				}
    589. 

  589. 

  590. 				$content = $this->_var_swap_single($val, $birthday, $content);
    591. 

  591. 			}
    592. 

  592. 

  593. 			/** ----------------------
    594. 

  594. 			/**  {timezone}
    595. 

  595. 			/** ----------------------*/
    596. 

  596. 

  597. 			if ($key == "timezone")
    598. 

  598. 			{
    599. 

  599. 				$timezone = ($row['timezone']  != '') ? $this->EE->lang->line($row['timezone'] ) : '';
    600. 

  600. 

  601. 				$content = $this->_var_swap_single($val, $timezone, $content);
    602. 

  602. 			}
    603. 

  603. 

  604. 			/** ----------------------
    605. 

  605. 			/**  {local_time}
    606. 

  606. 			/** ----------------------*/
    607. 

  607. 

  608. 			if (strncmp($key, 'local_time', 10) == 0)
    609. 

  609. 			{
    610. 

  610. 				$time = $this->EE->localize->now;
    611. 

  611. 

  612. 				if ($this->EE->session->userdata('member_id') != $this->cur_id)
    613. 

  613. 				{  
    614. 

  614. 					// Default is UTC?
    615. 

  615. 					$zone = ($row['timezone']  == '') ? 'UTC' : $row['timezone'] ;
    616. 

  616. 					$time = $this->EE->localize->set_localized_time($time, $zone, $row['daylight_savings'] );
    617. 

  617. 				}
    618. 

  618. 

  619. 				$content = $this->_var_swap_single($key, $this->EE->localize->decode_date($val, $time), $content);
    620. 

  620. 			}
    621. 

  621. 

  622. 			/** ----------------------
    623. 

  623. 			/**  {bio}
    624. 

  624. 			/** ----------------------*/
    625. 

  625. 

  626. 			if ($key == 'bio')
    627. 

  627. 			{
    628. 

  628. 				$bio = $this->EE->typography->parse_type($row[$val],
    629. 

  629. 															 array(
    630. 

  630. 																		'text_format'	=> 'xhtml',
    631. 

  631. 																		'html_format'	=> 'safe',
    632. 

  632. 																		'auto_links'	=> 'y',
    633. 

  633. 																		'allow_img_url' => 'n'
    634. 

  634. 																	)
    635. 

  635. 															);
    636. 

  636. 

  637. 				$content = $this->_var_swap_single($key, $bio, $content);
    638. 

  638. 			}
    639. 

  639. 

  640. 			// Special consideration for {total_forum_replies}, and
    641. 

  641. 			// {total_forum_posts} whose meanings do not match the
    642. 

  642. 			// database field names
    643. 

  643. 			if ($key == 'total_forum_replies')
    644. 

  644. 			{
    645. 

  645. 				$content = $this->_var_swap_single($key, $row['total_forum_posts'] , $content);
    646. 

  646. 			}
    647. 

  647. 

  648. 			if ($key == 'total_forum_posts')
    649. 

  649. 			{
    650. 

  650. 				$total_posts = $row['total_forum_topics'] + $row['total_forum_posts'];
    651. 

  651. 				$content = $this->_var_swap_single($key, $total_posts, $content);
    652. 

  652. 			}
    653. 

  653. 

  654. 			/** ----------------------------------------
    655. 

  655. 			/**  parse basic fields (username, screen_name, etc.)
    656. 

  656. 			/** ----------------------------------------*/
    657. 

  657. 

  658. 			// array_key_exists instead of isset since some columns may be NULL
    659. 

  659. 			if (array_key_exists($val, $row))
    660. 

  660. 			{				
    661. 

  661. 				$content = $this->_var_swap_single($val, strip_tags($row[$val]), $content);
    662. 

  662. 			}
    663. 

  663. 		}
    664. 

  664. 

  665. 

  666. 		/** -------------------------------------
    667. 

  667. 		/**  Do we have custom fields to show?
    668. 

  668. 		/** ------------------------------------*/
    669. 

  669. 		// Grab the data for the particular member
    670. 

  670. 

  671. 		$sql = "SELECT m_field_id, m_field_name, m_field_label, m_field_description, m_field_fmt FROM  exp_member_fields ";
    672. 

  672. 

  673. 		if ($this->EE->session->userdata['group_id'] != 1)
    674. 

  674. 		{
    675. 

  675. 			$sql .= " WHERE m_field_public = 'y' ";
    676. 

  676. 		}
    677. 

  677. 

  678. 		$sql .= " ORDER BY m_field_order";
    679. 

  679. 

  680. 		$query = $this->EE->db->query($sql);
    681. 

  681. 

  682. 		if ($query->num_rows() > 0)
    683. 

  683. 		{
    684. 

  684. 			$fnames = array();
    685. 

  685. 

  686. 			foreach ($query->result_array() as $row)
    687. 

  687. 			{
    688. 

  688. 				$fnames[$row['m_field_name']] = $row['m_field_id'];
    689. 

  689. 			}
    690. 

  690. 

  691. 			$result = $this->EE->db->query("SELECT * FROM exp_member_data WHERE member_id = '{$this->cur_id}'");
    692. 

  692. 

  693. 			/** ----------------------------------------
    694. 

  694. 			/**  Parse conditionals for custom fields
    695. 

  695. 			/** ----------------------------------------*/
    696. 

  696. 

  697. 			$result_row = $result->row_array();
    698. 

  698. 

  699. 			foreach ($this->var_cond as $val)
    700. 

  700. 			{
    701. 

  701. 				// Prep the conditional
    702. 

  702. 

  703. 				$cond = $this->EE->functions->prep_conditional($val['0']);
    704. 

  704. 

  705. 				$lcond	= substr($cond, 0, strpos($cond, ' '));
    706. 

  706. 				$rcond	= substr($cond, strpos($cond, ' '));
    707. 

  707. 

  708. 				if (isset($fnames[$val['3']]))
    709. 

  709. 				{
    710. 

  710. 					$lcond = str_replace($val['3'], "\$result_row['m_field_id_".$fnames[$val['3']]."']", $lcond);
    711. 

  711. 

  712. 					$cond = $lcond.' '.$rcond;
    713. 

  713. 

  714. 					$cond = str_replace("\|", "|", $cond);
    715. 

  715. 

  716. 					eval("\$rez = ".$cond.";");
    717. 

  717. 

  718. 					if ($rez)
    719. 

  719. 					{
    720. 

  720. 						$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "\\1", $content);
    721. 

  721. 					}
    722. 

  722. 					else
    723. 

  723. 					{
    724. 

  724. 						$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "", $content);
    725. 

  725. 					}
    726. 

  726. 				}
    727. 

  727. 

  728. 			}
    729. 

  729. 			// END CONDITIONALS
    730. 

  730. 

  731. 			/** ----------------------------------------
    732. 

  732. 			/**  Parse single variables
    733. 

  733. 			/** ----------------------------------------*/
    734. 

  734. 

  735. 			foreach ($this->var_single as $key => $val)
    736. 

  736. 			{
    737. 

  737. 				foreach ($query->result_array() as $row)
    738. 

  738. 				{
    739. 

  739. 					if ($row['m_field_name'] == $key)
    740. 

  740. 					{
    741. 

  741. 						$field_data = (isset($result_row['m_field_id_'.$row['m_field_id']])) ? $result_row['m_field_id_'.$row['m_field_id']] : '';
    742. 

  742. 

  743. 						if ($field_data != '')
    744. 

  744. 						{
    745. 

  745. 							$field_data = $this->EE->typography->parse_type($field_data,
    746. 

  746. 																		 array(
    747. 

  747. 																					'text_format'	=> $row['m_field_fmt'],
    748. 

  748. 																					'html_format'	=> 'none',
    749. 

  749. 																					'auto_links'	=> 'n',
    750. 

  750. 																					'allow_img_url' => 'n'
    751. 

  751. 																				)
    752. 

  752. 																		);
    753. 

  753. 						}
    754. 

  754. 

  755. 						$content = $this->_var_swap_single($val, $field_data, $content);
    756. 

  756. 					}
    757. 

  757. 				}
    758. 

  758. 			}
    759. 

  759. 

  760. 			/** ----------------------------------------
    761. 

  761. 			/**  Parse auto-generated "custom_fields"
    762. 

  762. 			/** ----------------------------------------*/
    763. 

  763. 

  764. 			$field_chunk = $this->_load_element('public_custom_profile_fields');
    765. 

  765. 

  766. 			// Is there a chunk to parse?
    767. 

  767. 

  768. 			if ($query->num_rows() == 0)
    769. 

  769. 			{
    770. 

  770. 				$content = str_replace("/{custom_profile_fields}/s", '', $content);
    771. 

  771. 			}
    772. 

  772. 			else
    773. 

  773. 			{
    774. 

  774. 				$this->EE->load->library('typography');
    775. 

  775. 				$this->EE->typography->initialize();
    776. 

  776. 

  777. 				$str = '';
    778. 

  778. 

  779. 				foreach ($query->result_array() as $row)
    780. 

  780. 				{
    781. 

  781. 					$temp = $field_chunk;
    782. 

  782. 

  783. 					$field_data = (isset($result_row['m_field_id_'.$row['m_field_id']])) ? $result_row['m_field_id_'.$row['m_field_id']] : '';
    784. 

  784. 

  785. 					if ($field_data != '')
    786. 

  786. 					{
    787. 

  787. 						$field_data = $this->EE->typography->parse_type($field_data,
    788. 

  788. 																	 array(
    789. 

  789. 																				'text_format'	=> $row['m_field_fmt'],
    790. 

  790. 																				'html_format'	=> 'safe',
    791. 

  791. 																				'auto_links'	=> 'y',
    792. 

  792. 																				'allow_img_url' => 'n'
    793. 

  793. 																			)
    794. 

  794. 																	);
    795. 

  795. 

  796. 

  797. 

  798. 					}
    799. 

  799. 

  800. 

  801. 					$temp = str_replace('{field_name}', $row['m_field_label'], $temp);
    802. 

  802. 					$temp = str_replace('{field_description}', $row['m_field_description'], $temp);
    803. 

  803. 					$temp = str_replace('{field_data}', $field_data, $temp);
    804. 

  804. 

  805. 					$str .= $temp;
    806. 

  806. 

  807. 				}
    808. 

  808. 

  809. 				$content = str_replace("{custom_profile_fields}", $str, $content);
    810. 

  810. 			}
    811. 

  811. 

  812. 		}
    813. 

  813. 		// END  if ($quey->num_rows() > 0)
    814. 

  814. 

  815. 		/** ----------------------------------------
    816. 

  816. 		/**  Clean up left over variables
    817. 

  817. 		/** ----------------------------------------*/
    818. 

  818. 

  819. 		$content = str_replace(LD.'custom_profile_fields'.RD, '', $content);
    820. 

  820. 

  821. 		return $content;
    822. 

  822. 	}
    823. 

  823. 

  824. 

  825. 	/** ----------------------------------------
    826. 

  826. 	/**  Member Profile Edit Page
    827. 

  827. 	/** ----------------------------------------*/
    828. 

  828. 	function edit_profile()
    829. 

  829. 	{
    830. 

  830. 		// Load the form helper
    831. 

  831. 		$this->EE->load->helper('form');
    832. 

  832. 

  833. 		/** ----------------------------------------
    834. 

  834. 		/**  Build the custom profile fields
    835. 

  835. 		/** ----------------------------------------*/
    836. 

  836. 

  837. 		$tmpl = $this->_load_element('custom_profile_fields');
    838. 

  838. 

  839. 		/** ----------------------------------------
    840. 

  840. 		/**  Fetch the data
    841. 

  841. 		/** ----------------------------------------*/
    842. 

  842. 

  843. 		$sql = "SELECT * FROM exp_member_data WHERE member_id = '".$this->EE->session->userdata('member_id')."'";
    844. 

  844. 

  845. 		$result = $this->EE->db->query($sql);
    846. 

  846. 

  847. 		if ($result->num_rows() > 0)
    848. 

  848. 		{
    849. 

  849. 			foreach ($result->row_array() as $key => $val)
    850. 

  850. 			{
    851. 

  851. 				$$key = $val;
    852. 

  852. 			}
    853. 

  853. 		}
    854. 

  854. 

  855. 		/** ----------------------------------------
    856. 

  856. 		/**  Fetch the field definitions
    857. 

  857. 		/** ----------------------------------------*/
    858. 

  858. 

  859. 		$r = '';
    860. 

  860. 

  861. 		$sql = "SELECT *  FROM exp_member_fields ";
    862. 

  862. 

  863. 		if ($this->EE->session->userdata['group_id'] != 1)
    864. 

  864. 		{
    865. 

  865. 			$sql .= " WHERE m_field_public = 'y' ";
    866. 

  866. 		}
    867. 

  867. 

  868. 		$sql .= " ORDER BY m_field_order";
    869. 

  869. 

  870. 		$query = $this->EE->db->query($sql);
    871. 

  871. 

  872. 		$result_row = $result->row_array();
    873. 

  873. 

  874. 		if ($query->num_rows() > 0)
    875. 

  875. 		{
    876. 

  876. 			foreach ($query->result_array() as $row)
    877. 

  877. 			{
    878. 

  878. 				$temp = $tmpl;
    879. 

  879. 

  880. 				/** ----------------------------------------
    881. 

  881. 				/**  Assign the data to the field
    882. 

  882. 				/** ----------------------------------------*/
    883. 

  883. 

  884. 				$temp = str_replace('{field_id}', $row['m_field_id'], $temp);
    885. 

  885. 

  886. 				$field_data = (isset($result_row['m_field_id_'.$row['m_field_id']])) ? $result_row['m_field_id_'.$row['m_field_id']] : '';
    887. 

  887. 

  888. 				$required  = ($row['m_field_required'] == 'n') ? '' : "<span class='alert'>*</span>&nbsp;";
    889. 

  889. 

  890. 				if ($row['m_field_width'] == '')
    891. 

  891. 				{
    892. 

  892. 					$row['m_field_width'] == '100%';
    893. 

  893. 				}
    894. 

  894. 

  895. 				$width = ( ! stristr($row['m_field_width'], 'px')  AND ! stristr($row['m_field_width'], '%')) ? $row['m_field_width'].'px' : $row['m_field_width'];
    896. 

  896. 

  897. 				/** ----------------------------------------
    898. 

  898. 				/**  Render textarea fields
    899. 

  899. 				/** ----------------------------------------*/
    900. 

  900. 

  901. 				if ($row['m_field_type'] == 'textarea')
    902. 

  902. 				{
    903. 

  903. 					$rows = ( ! isset($row['m_field_ta_rows'])) ? '10' : $row['m_field_ta_rows'];
    904. 

  904. 

  905. 					$tarea = "<textarea name='".'m_field_id_'.$row['m_field_id']."' id='".'m_field_id_'.$row['m_field_id']."' style='width:".$width.";' class='textarea' cols='90' rows='{$rows}'>".form_prep($field_data)."</textarea>";
    906. 

  906. 

  907. 					$temp = str_replace('<td ', "<td valign='top' ", $temp);
    908. 

  908. 					$temp = str_replace('{lang:profile_field}', $required.$row['m_field_label'], $temp);
    909. 

  909. 					$temp = str_replace('{lang:profile_field_description}', $row['m_field_description'], $temp);
    910. 

  910. 					$temp = str_replace('{form:custom_profile_field}', $tarea, $temp);
    911. 

  911. 				}
    912. 

  912. 				elseif ($row['m_field_type'] == 'text')
    913. 

  913. 				{
    914. 

  914. 					/** ----------------------------------------
    915. 

  915. 					/**  Render text fields
    916. 

  916. 					/** ----------------------------------------*/
    917. 

  917. 

  918. 					$input = "<input type='text' name='".'m_field_id_'.$row['m_field_id']."' id='".'m_field_id_'.$row['m_field_id']."' style='width:".$width.";' value='".form_prep($field_data)."' maxlength='".$row['m_field_maxl']."' class='input' />";
    919. 

  919. 

  920. 					$temp = str_replace('{lang:profile_field}', $required.$row['m_field_label'], $temp);
    921. 

  921. 					$temp = str_replace('{lang:profile_field_description}', $row['m_field_description'], $temp);
    922. 

  922. 					$temp = str_replace('{form:custom_profile_field}', $input, $temp);
    923. 

  923. 				}
    924. 

  924. 				elseif ($row['m_field_type'] == 'select')
    925. 

  925. 				{
    926. 

  926. 					/** ----------------------------------------
    927. 

  927. 					/**  Render pull-down menues
    928. 

  928. 					/** ----------------------------------------*/
    929. 

  929. 

  930. 					$menu = "<select name='m_field_id_".$row['m_field_id']."' id='m_field_id_".$row['m_field_id']."' class='select'>\n";
    931. 

  931. 

  932. 					foreach (explode("\n", trim($row['m_field_list_items'])) as $v)
    933. 

  933. 					{
    934. 

  934. 						$v = trim($v);
    935. 

  935. 

  936. 						$selected = ($field_data == $v) ? " selected='selected'" : '';
    937. 

  937. 

  938. 						$menu .= "<option value='{$v}'{$selected}>".$v."</option>\n";
    939. 

  939. 					}
    940. 

  940. 

  941. 					$menu .= "</select>\n";
    942. 

  942. 

  943. 					$temp = str_replace('{lang:profile_field}', $required.$row['m_field_label'], $temp);
    944. 

  944. 					$temp = str_replace('{lang:profile_field_description}', $row['m_field_description'], $temp);
    945. 

  945. 					$temp = str_replace('{form:custom_profile_field}', $menu, $temp);
    946. 

  946. 				}
    947. 

  947. 

  948. 				$r .= $temp;
    949. 

  949. 			}
    950. 

  950. 		}
    951. 

  951. 

  952. 		/** ----------------------------------------
    953. 

  953. 		/**  Build the output data
    954. 

  954. 		/** ----------------------------------------*/
    955. 

  955. 		$query = $this->EE->db->query("SELECT bday_y, bday_m, bday_d, url, location, occupation, interests, aol_im, icq, yahoo_im, msn_im, bio FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    956. 

  956. 

  957. 		return  $this->_var_swap($this->_load_element('edit_profile_form'),
    958. 

  958. 								array(
    959. 

  959. 										'path:update_profile'	=> $this->_member_path('update_profile'),
    960. 

  960. 										'form:birthday_year'	=> $this->_birthday_year($query->row('bday_y') ),
    961. 

  961. 										'form:birthday_month'	=> $this->_birthday_month($query->row('bday_m') ),
    962. 

  962. 										'form:birthday_day'		=> $this->_birthday_day($query->row('bday_d') ),
    963. 

  963. 										'url'					=> ($query->row('url')  == '') ? 'http://' : $query->row('url') ,
    964. 

  964. 										'location'				=> form_prep($query->row('location') ),
    965. 

  965. 										'occupation'			=> form_prep($query->row('occupation') ),
    966. 

  966. 										'interests'				=> form_prep($query->row('interests') ),
    967. 

  967. 										'aol_im'				=> form_prep($query->row('aol_im') ),
    968. 

  968. 										'icq'					=> form_prep($query->row('icq') ),
    969. 

  969. 										'icq_im'				=> form_prep($query->row('icq') ),
    970. 

  970. 										'yahoo_im'				=> form_prep($query->row('yahoo_im') ),
    971. 

  971. 										'msn_im'				=> form_prep($query->row('msn_im') ),
    972. 

  972. 										'bio'					=> form_prep($query->row('bio') ),
    973. 

  973. 										'custom_profile_fields'	=> $r
    974. 

  974. 									)
    975. 

  975. 								);
    976. 

  976. 	}
    977. 

  977. 

  978. 

  979. 

  980. 

  981. 	/** ----------------------------------------
    982. 

  982. 	/**  Profile Update
    983. 

  983. 	/** ----------------------------------------*/
    984. 

  984. 	function update_profile()
    985. 

  985. 	{
    986. 

  986. 		$this->EE->load->model('member_model');
    987. 

  987. 		
    988. 

  988. 		/** -------------------------------------
    989. 

  989. 		/**  Safety....
    990. 

  990. 		/** -------------------------------------*/
    991. 

  991. 		if (count($_POST) == 0)
    992. 

  992. 		{
    993. 

  993. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('invalid_action')));
    994. 

  994. 		}
    995. 

  995. 

  996. 		// Are any required custom fields empty?
    997. 

  997. 		$this->EE->db->select('m_field_id, m_field_label');
    998. 

  998. 		$this->EE->db->where('m_field_required = "y"');
    999. 

  999. 		$query = $this->EE->db->get('member_fields');
    1000. 

  1000. 

  1001. 		 $errors = array();
    1002. 

  1002. 

  1003. 		 if ($query->num_rows() > 0)
    1004. 

  1004. 		 {
    1005. 

  1005. 			foreach ($query->result_array() as $row)
    1006. 

  1006. 			{
    1007. 

  1007. 				if (isset($_POST['m_field_id_'.$row['m_field_id']]) AND $_POST['m_field_id_'.$row['m_field_id']] == '')
    1008. 

  1008. 				{
    1009. 

  1009. 					$errors[] = $this->EE->lang->line('mbr_custom_field_empty').'&nbsp;'.$row['m_field_label'];
    1010. 

  1010. 				}
    1011. 

  1011. 			}
    1012. 

  1012. 		 }
    1013. 

  1013. 

  1014. 		/** ----------------------------------------
    1015. 

  1015. 		/**  Blacklist/Whitelist Check
    1016. 

  1016. 		/** ----------------------------------------*/
    1017. 

  1017. 

  1018. 		if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n')
    1019. 

  1019. 		{
    1020. 

  1020. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
    1021. 

  1021. 		}
    1022. 

  1022. 

  1023. 		/** -------------------------------------
    1024. 

  1024. 		/**  Show errors
    1025. 

  1025. 		/** -------------------------------------*/
    1026. 

  1026. 		 if (count($errors) > 0)
    1027. 

  1027. 		 {
    1028. 

  1028. 			return $this->EE->output->show_user_error('submission', $errors);
    1029. 

  1029. 		 }
    1030. 

  1030. 

  1031. 		/** -------------------------------------
    1032. 

  1032. 		/**  Build query
    1033. 

  1033. 		/** -------------------------------------*/
    1034. 

  1034. 

  1035. 		if (isset($_POST['url']) AND $_POST['url'] == 'http://')
    1036. 

  1036. 		{
    1037. 

  1037. 			$_POST['url'] = '';
    1038. 

  1038. 		}
    1039. 

  1039. 

  1040. 		$fields = array(	'bday_y',
    1041. 

  1041. 							'bday_m',
    1042. 

  1042. 							'bday_d',
    1043. 

  1043. 							'url',
    1044. 

  1044. 							'location',
    1045. 

  1045. 							'occupation',
    1046. 

  1046. 							'interests',
    1047. 

  1047. 							'aol_im',
    1048. 

  1048. 							'icq',
    1049. 

  1049. 							'yahoo_im',
    1050. 

  1050. 							'msn_im',
    1051. 

  1051. 							'bio'
    1052. 

  1052. 						);
    1053. 

  1053. 

  1054. 		$data = array();
    1055. 

  1055. 

  1056. 		foreach ($fields as $val)
    1057. 

  1057. 		{
    1058. 

  1058. 			$data[$val] = (isset($_POST[$val])) ? $this->EE->security->xss_clean($_POST[$val]) : '';
    1059. 

  1059. 			unset($_POST[$val]);
    1060. 

  1060. 		}
    1061. 

  1061. 

  1062. 		if (is_numeric($data['bday_d']) AND is_numeric($data['bday_m']))
    1063. 

  1063. 		{
    1064. 

  1064. 			$year = ($data['bday_y'] != '') ? $data['bday_y'] : date('Y');
    1065. 

  1065. 			$mdays = $this->EE->localize->fetch_days_in_month($data['bday_m'], $year);
    1066. 

  1066. 

  1067. 			if ($data['bday_d'] > $mdays)
    1068. 

  1068. 			{
    1069. 

  1069. 				$data['bday_d'] = $mdays;
    1070. 

  1070. 			}
    1071. 

  1071. 		}
    1072. 

  1072. 

  1073. 		unset($_POST['HTTP_REFERER']);
    1074. 

  1074. 

  1075. 		if (count($data) > 0)
    1076. 

  1076. 		{
    1077. 

  1077. 			$this->EE->member_model->update_member($this->EE->session->userdata('member_id'), $data);
    1078. 

  1078. 		}
    1079. 

  1079. 

  1080. 		/** -------------------------------------
    1081. 

  1081. 		/**  Update the custom fields
    1082. 

  1082. 		/** -------------------------------------*/
    1083. 

  1083. 

  1084. 		$m_data = array();
    1085. 

  1085. 

  1086. 		if (count($_POST) > 0)
    1087. 

  1087. 		{
    1088. 

  1088. 			foreach ($_POST as $key => $val)
    1089. 

  1089. 			{
    1090. 

  1090. 				if (strncmp($key, 'm_field_id_', 11) == 0)
    1091. 

  1091. 				{
    1092. 

  1092. 					$m_data[$key] = $this->EE->security->xss_clean($val);
    1093. 

  1093. 				}
    1094. 

  1094. 			}
    1095. 

  1095. 

  1096. 			if (count($m_data) > 0)
    1097. 

  1097. 			{
    1098. 

  1098. 				$this->EE->member_model->update_member_data($this->EE->session->userdata('member_id'), $m_data);
    1099. 

  1099. 			}
    1100. 

  1100. 		}
    1101. 

  1101. 

  1102. 		/** -------------------------------------
    1103. 

  1103. 		/**  Update comments
    1104. 

  1104. 		/** -------------------------------------*/
    1105. 

  1105. 

  1106. 		if ($data['location'] != "" OR $data['url'] != "")
    1107. 

  1107. 		{
    1108. 

  1108. 			if ($this->EE->db->table_exists('comments'))
    1109. 

  1109. 			{
    1110. 

  1110. 				$d = array(
    1111. 

  1111. 						'location'	=> $data['location'],
    1112. 

  1112. 						'url'		=> $data['url']
    1113. 

  1113. 					);
    1114. 

  1114. 				
    1115. 

  1115. 				$this->EE->db->where('author_id', $this->EE->session->userdata('member_id'));
    1116. 

  1116. 				$this->EE->db->update('comments', $d);
    1117. 

  1117. 			}
    1118. 

  1118. 	  	}
    1119. 

  1119. 

  1120. 		/** -------------------------------------
    1121. 

  1121. 		/**  Success message
    1122. 

  1122. 		/** -------------------------------------*/
    1123. 

  1123. 

  1124. 		return $this->_var_swap($this->_load_element('success'),
    1125. 

  1125. 								array(
    1126. 

  1126. 										'lang:heading'	=>	$this->EE->lang->line('profile_updated'),
    1127. 

  1127. 										'lang:message'	=>	$this->EE->lang->line('mbr_profile_has_been_updated')
    1128. 

  1128. 									 )
    1129. 

  1129. 								);
    1130. 

  1130. 	}
    1131. 

  1131. 

  1132. 

  1133. 

  1134. 	/** ----------------------------------------
    1135. 

  1135. 	/**  Forum Preferences
    1136. 

  1136. 	/** ----------------------------------------*/
    1137. 

  1137. 	function edit_preferences()
    1138. 

  1138. 	{
    1139. 

  1139. 		$query = $this->EE->db->query("SELECT display_avatars, display_signatures, smart_notifications, accept_messages, parse_smileys FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    1140. 

  1140. 	 
    1141. 

  1141. 	 	$element = $this->_load_element('edit_preferences');
    1142. 

  1142. 	 
    1143. 

  1143. 	 	// -------------------------------------------
    1144. 

  1144. 		// 'member_edit_preferences' hook.
    1145. 

  1145. 		//  - Allows adding of preferences to user side preferences form
    1146. 

  1146. 		//
    1147. 

  1147. 			if ($this->EE->extensions->active_hook('member_edit_preferences') === TRUE)
    1148. 

  1148. 			{
    1149. 

  1149. 				$element = $this->EE->extensions->call('member_edit_preferences', $element);
    1150. 

  1150. 			}
    1151. 

  1151. 		//
    1152. 

  1152. 		// -------------------------------------------
    1153. 

  1153. 	 
    1154. 

  1154. 	 
    1155. 

  1155. 		return $this->_var_swap($element,
    1156. 

  1156. 								array(
    1157. 

  1157. 										'path:update_edit_preferences'	=>	$this->_member_path('update_preferences'),
    1158. 

  1158. 										'state:display_avatars'		=>	($query->row('display_avatars')  == 'y') ? " checked='checked'" : '',
    1159. 

  1159. 										'state:accept_messages'		=>	($query->row('accept_messages')  == 'y') ? " checked='checked'" : '',
    1160. 

  1160. 										'state:display_signatures'	=>	($query->row('display_signatures')  == 'y')  ? " checked='checked'" : '',
    1161. 

  1161. 										'state:parse_smileys'		=>	($query->row('parse_smileys')  == 'y')  ? " checked='checked'" : ''
    1162. 

  1162. 									 )
    1163. 

  1163. 								);
    1164. 

  1164. 	}
    1165. 

  1165. 

  1166. 

  1167. 

  1168. 

  1169. 

  1170. 	/** ----------------------------------------
    1171. 

  1171. 	/**  Update  Preferences
    1172. 

  1172. 	/** ----------------------------------------*/
    1173. 

  1173. 	function update_preferences()
    1174. 

  1174. 	{
    1175. 

  1175. 		/** -------------------------------------
    1176. 

  1176. 		/**  Assign the query data
    1177. 

  1177. 		/** -------------------------------------*/
    1178. 

  1178. 

  1179. 		$data = array(
    1180. 

  1180. 						'accept_messages'		=> (isset($_POST['accept_messages'])) ? 'y' : 'n',
    1181. 

  1181. 						'display_avatars'		=> (isset($_POST['display_avatars'])) ? 'y' : 'n',
    1182. 

  1182. 						'display_signatures'	=> (isset($_POST['display_signatures']))  ? 'y' : 'n',
    1183. 

  1183. 						'parse_smileys'			=> (isset($_POST['parse_smileys']))  ? 'y' : 'n'
    1184. 

  1184. 					  );
    1185. 

  1185. 

  1186. 		$this->EE->db->query($this->EE->db->update_string('exp_members', $data, "member_id = '".$this->EE->session->userdata('member_id')."'"));
    1187. 

  1187. 

  1188. 		// -------------------------------------------
    1189. 

  1189. 		// 'member_update_preferences' hook.
    1190. 

  1190. 		//  - Allows updating of added preferences via user side preferences form
    1191. 

  1191. 		//
    1192. 

  1192. 			$edata = $this->EE->extensions->call('member_update_preferences', $data);
    1193. 

  1193. 			if ($this->EE->extensions->end_script === TRUE) return;
    1194. 

  1194. 		//
    1195. 

  1195. 		// -------------------------------------------
    1196. 

  1196. 

  1197. 		/** -------------------------------------
    1198. 

  1198. 		/**  Success message
    1199. 

  1199. 		/** -------------------------------------*/
    1200. 

  1200. 

  1201. 		return $this->_var_swap($this->_load_element('success'),
    1202. 

  1202. 								array(
    1203. 

  1203. 										'lang:heading'	=>	$this->EE->lang->line('mbr_preferences_updated'),
    1204. 

  1204. 										'lang:message'	=>	$this->EE->lang->line('mbr_prefereces_have_been_updated')
    1205. 

  1205. 									 )
    1206. 

  1206. 							);
    1207. 

  1207. 	}
    1208. 

  1208. 

  1209. 

  1210. 

  1211. 	/** ----------------------------------------
    1212. 

  1212. 	/**  Email Settings
    1213. 

  1213. 	/** ----------------------------------------*/
    1214. 

  1214. 	function edit_email()
    1215. 

  1215. 	{
    1216. 

  1216. 		$query = $this->EE->db->query("SELECT email, accept_admin_email, accept_user_email, notify_by_default, notify_of_pm, smart_notifications FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    1217. 

  1217. 	 
    1218. 

  1218. 		return $this->_var_swap($this->_load_element('email_prefs_form'),
    1219. 

  1219. 								array(
    1220. 

  1220. 										'path:update_email_settings'	=>	$this->_member_path('update_email'),
    1221. 

  1221. 										'email'							=>	$query->row('email') ,
    1222. 

  1222. 										'state:accept_admin_email'		=>	($query->row('accept_admin_email')  == 'y') ? " checked='checked'" : '',
    1223. 

  1223. 										'state:accept_user_email'		=>	($query->row('accept_user_email')  == 'y')  ? " checked='checked'" : '',
    1224. 

  1224. 										'state:notify_by_default'		=>	($query->row('notify_by_default')  == 'y')  ? " checked='checked'" : '',
    1225. 

  1225. 										'state:notify_of_pm'			=>	($query->row('notify_of_pm')  == 'y')  ? " checked='checked'" : '',
    1226. 

  1226. 										'state:smart_notifications'		=>	($query->row('smart_notifications')  == 'y')  ? " checked='checked'" : ''
    1227. 

  1227. 									 )
    1228. 

  1228. 								);
    1229. 

  1229. 	}
    1230. 

  1230. 

  1231. 

  1232. 

  1233. 

  1234. 

  1235. 	/** ----------------------------------------
    1236. 

  1236. 	/**  Email Update
    1237. 

  1237. 	/** ----------------------------------------*/
    1238. 

  1238. 	function update_email()
    1239. 

  1239. 	{
    1240. 

  1240. 		// Safety.
    1241. 

  1241. 

  1242. 		if ( ! isset($_POST['email']))
    1243. 

  1243. 		{
    1244. 

  1244. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('invalid_action')));
    1245. 

  1245. 		}
    1246. 

  1246. 

  1247. 		/** ----------------------------------------
    1248. 

  1248. 		/**  Blacklist/Whitelist Check
    1249. 

  1249. 		/** ----------------------------------------*/
    1250. 

  1250. 

  1251. 		if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n')
    1252. 

  1252. 		{
    1253. 

  1253. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
    1254. 

  1254. 		}
    1255. 

  1255. 

  1256. 		/** -------------------------------------
    1257. 

  1257. 		/**  Validate submitted data
    1258. 

  1258. 		/** -------------------------------------*/
    1259. 

  1259. 		if ( ! class_exists('EE_Validate'))
    1260. 

  1260. 		{
    1261. 

  1261. 			require APPPATH.'libraries/Validate'.EXT;
    1262. 

  1262. 		}
    1263. 

  1263. 

  1264. 

  1265. 		$query = $this->EE->db->query("SELECT email, password FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    1266. 

  1266. 

  1267. 		$VAL = new EE_Validate(
    1268. 

  1268. 								array(
    1269. 

  1269. 										'member_id'		=> $this->EE->session->userdata('member_id'),
    1270. 

  1270. 										'val_type'		=> 'update', // new or update
    1271. 

  1271. 										'fetch_lang' 	=> TRUE,
    1272. 

  1272. 										'require_cpw' 	=> FALSE,
    1273. 

  1273. 										'enable_log'	=> FALSE,
    1274. 

  1274. 										'email'			=> $_POST['email'],
    1275. 

  1275. 										'cur_email'		=> $query->row('email')
    1276. 

  1276. 									 )
    1277. 

  1277. 							);
    1278. 

  1278. 

  1279. 		$VAL->validate_email();
    1280. 

  1280. 

  1281. 		if ($_POST['email'] != $query->row('email') )
    1282. 

  1282. 		{
    1283. 

  1283. 			if ($this->EE->session->userdata['group_id'] != 1)
    1284. 

  1284. 			{
    1285. 

  1285. 				if ($_POST['password'] == '')
    1286. 

  1286. 				{
    1287. 

  1287. 					$VAL->errors[] = $this->EE->lang->line('missing_current_password');
    1288. 

  1288. 				}
    1289. 

  1289. 				elseif ($this->EE->functions->hash(stripslashes($_POST['password'])) != $query->row('password') )
    1290. 

  1290. 				{
    1291. 

  1291. 					$VAL->errors[] = $this->EE->lang->line('invalid_password');
    1292. 

  1292. 				}
    1293. 

  1293. 			}
    1294. 

  1294. 		}
    1295. 

  1295. 

  1296. 		if (count($VAL->errors) > 0)
    1297. 

  1297. 		{
    1298. 

  1298. 			return $this->EE->output->show_user_error('submission', $VAL->errors);
    1299. 

  1299. 		}
    1300. 

  1300. 

  1301. 		/** -------------------------------------
    1302. 

  1302. 		/**  Assign the query data
    1303. 

  1303. 		/** -------------------------------------*/
    1304. 

  1304. 

  1305. 		$data = array(
    1306. 

  1306. 						'email'					=>  $_POST['email'],
    1307. 

  1307. 						'accept_admin_email'	=> (isset($_POST['accept_admin_email'])) ? 'y' : 'n',
    1308. 

  1308. 						'accept_user_email'		=> (isset($_POST['accept_user_email']))  ? 'y' : 'n',
    1309. 

  1309. 						'notify_by_default'		=> (isset($_POST['notify_by_default']))  ? 'y' : 'n',
    1310. 

  1310. 						'notify_of_pm'			=> (isset($_POST['notify_of_pm']))  ? 'y' : 'n',
    1311. 

  1311. 						'smart_notifications'	=> (isset($_POST['smart_notifications']))  ? 'y' : 'n'
    1312. 

  1312. 					  );
    1313. 

  1313. 

  1314. 		$this->EE->db->query($this->EE->db->update_string('exp_members', $data, "member_id = '".$this->EE->session->userdata('member_id')."'"));
    1315. 

  1315. 

  1316. 		/** -------------------------------------
    1317. 

  1317. 		/**  Update comments and log email change
    1318. 

  1318. 		/** -------------------------------------*/
    1319. 

  1319. 

  1320. 		if ($query->row('email')  != $_POST['email'])
    1321. 

  1321. 		{
    1322. 

  1322. 			$this->EE->db->query($this->EE->db->update_string('exp_comments', array('email' => $_POST['email']), "author_id = '".$this->EE->session->userdata('member_id')."'"));
    1323. 

  1323. 

  1324. 			// We need to update the gallery comments
    1325. 

  1325. 			// But!  Only if the table exists
    1326. 

  1326. 

  1327. 			if ($this->EE->db->table_exists('exp_gallery_comments'))
    1328. 

  1328. 			{
    1329. 

  1329. 				$this->EE->db->query($this->EE->db->update_string('exp_gallery_comments', array('email' => $_POST['email']), "author_id = '".$this->EE->session->userdata('member_id')."'"));
    1330. 

  1330. 			}
    1331. 

  1331. 		}
    1332. 

  1332. 

  1333. 		/** -------------------------------------
    1334. 

  1334. 		/**  Success message
    1335. 

  1335. 		/** -------------------------------------*/
    1336. 

  1336. 

  1337. 		return $this->_var_swap($this->_load_element('success'),
    1338. 

  1338. 								array(
    1339. 

  1339. 										'lang:heading'	=>	$this->EE->lang->line('mbr_email_updated'),
    1340. 

  1340. 										'lang:message'	=>	$this->EE->lang->line('mbr_email_has_been_updated')
    1341. 

  1341. 									 )
    1342. 

  1342. 							);
    1343. 

  1343. 	}
    1344. 

  1344. 

  1345. 

  1346. 

  1347. 

  1348. 	/** ----------------------------------------
    1349. 

  1349. 	/**  Username/Password Preferences
    1350. 

  1350. 	/** ----------------------------------------*/
    1351. 

  1351. 	function edit_userpass()
    1352. 

  1352. 	{
    1353. 

  1353. 		$query = $this->EE->db->query("SELECT username, screen_name FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    1354. 

  1354. 

  1355. 		return $this->_var_swap($this->_load_element('username_password_form'),
    1356. 

  1356. 								array(
    1357. 

  1357. 										'row:username_form'				=>	($this->EE->session->userdata['group_id'] == 1 OR $this->EE->config->item('allow_username_change') == 'y') ? $this->_load_element('username_row') : $this->_load_element('username_change_disallowed'),
    1358. 

  1358. 										'path:update_username_password'	=>	$this->_member_path('update_userpass'),
    1359. 

  1359. 										'username'						=>	$query->row('username') ,
    1360. 

  1360. 										'screen_name'					=>	$this->_convert_special_chars($query->row('screen_name') )
    1361. 

  1361. 									 )
    1362. 

  1362. 								);
    1363. 

  1363. 	}
    1364. 

  1364. 

  1365. 

  1366. 

  1367. 

  1368. 

  1369. 	/** ----------------------------------------
    1370. 

  1370. 	/**  Username/Password Update
    1371. 

  1371. 	/** ----------------------------------------*/
    1372. 

  1372. 	function update_userpass()
    1373. 

  1373. 	{
    1374. 

  1374. 	  	// Safety.  Prevents accessing this function unless
    1375. 

  1375. 	  	// the requrest came from the form submission
    1376. 

  1376. 

  1377. 		if ( ! isset($_POST['current_password']))
    1378. 

  1378. 		{
    1379. 

  1379. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('invalid_action')));
    1380. 

  1380. 		}
    1381. 

  1381. 

  1382. 		$query = $this->EE->db->query("SELECT username, screen_name FROM exp_members WHERE member_id = '".$this->EE->db->escape_str($this->EE->session->userdata('member_id'))."'");
    1383. 

  1383. 

  1384. 		if ($query->num_rows() == 0)
    1385. 

  1385. 		{
    1386. 

  1386. 			return FALSE;
    1387. 

  1387. 		}
    1388. 

  1388. 

  1389. 		if ($this->EE->config->item('allow_username_change') != 'y')
    1390. 

  1390. 		{
    1391. 

  1391. 			$_POST['username'] = $query->row('username');
    1392. 

  1392. 		}
    1393. 

  1393. 

  1394. 		// If the screen name field is empty, we'll assign is
    1395. 

  1395. 		// from the username field.
    1396. 

  1396. 

  1397. 		if ($_POST['screen_name'] == '')
    1398. 

  1398. 			$_POST['screen_name'] = $_POST['username'];
    1399. 

  1399. 

  1400. 		if ( ! isset($_POST['username']))
    1401. 

  1401. 			$_POST['username'] = '';
    1402. 

  1402. 

  1403. 		/** -------------------------------------
    1404. 

  1404. 		/**  Validate submitted data
    1405. 

  1405. 		/** -------------------------------------*/
    1406. 

  1406. 		if ( ! class_exists('EE_Validate'))
    1407. 

  1407. 		{
    1408. 

  1408. 			require APPPATH.'libraries/Validate'.EXT;
    1409. 

  1409. 		}
    1410. 

  1410. 

  1411. 		$VAL = new EE_Validate(
    1412. 

  1412. 								array(
    1413. 

  1413. 										'member_id'			=> $this->EE->session->userdata('member_id'),
    1414. 

  1414. 										'val_type'			=> 'update', // new or update
    1415. 

  1415. 										'fetch_lang' 		=> TRUE,
    1416. 

  1416. 										'require_cpw' 		=> TRUE,
    1417. 

  1417. 									 	'enable_log'		=> FALSE,
    1418. 

  1418. 										'username'			=> $_POST['username'],
    1419. 

  1419. 										'cur_username'		=> $query->row('username') ,
    1420. 

  1420. 										'screen_name'		=> $_POST['screen_name'],
    1421. 

  1421. 										'cur_screen_name'	=> $query->row('screen_name') ,
    1422. 

  1422. 										'password'			=> $_POST['password'],
    1423. 

  1423. 									 	'password_confirm'	=> $_POST['password_confirm'],
    1424. 

  1424. 									 	'cur_password'		=> $_POST['current_password']
    1425. 

  1425. 									 )
    1426. 

  1426. 							);
    1427. 

  1427. 

  1428. 		$VAL->validate_screen_name();
    1429. 

  1429. 

  1430. 		if ($this->EE->config->item('allow_username_change') == 'y')
    1431. 

  1431. 		{
    1432. 

  1432. 			$VAL->validate_username();
    1433. 

  1433. 		}
    1434. 

  1434. 

  1435. 		if ($_POST['password'] != '')
    1436. 

  1436. 		{
    1437. 

  1437. 			$VAL->validate_password();
    1438. 

  1438. 		}
    1439. 

  1439. 

  1440. 		/** -------------------------------------
    1441. 

  1441. 		/**  Display error is there are any
    1442. 

  1442. 		/** -------------------------------------*/
    1443. 

  1443. 

  1444. 		if (count($VAL->errors) > 0)
    1445. 

  1445. 		{
    1446. 

  1446. 			return $this->EE->output->show_user_error('submission', $VAL->errors);
    1447. 

  1447. 		}
    1448. 

  1448. 

  1449. 		/** -------------------------------------
    1450. 

  1450. 		/**  Update "last post" forum info if needed
    1451. 

  1451. 		/** -------------------------------------*/
    1452. 

  1452. 

  1453. 		if ($query->row('screen_name')  != $_POST['screen_name'] AND $this->EE->config->item('forum_is_installed') == "y" )
    1454. 

  1454. 		{
    1455. 

  1455. 			$this->EE->db->query("UPDATE exp_forums SET forum_last_post_author = '".$this->EE->db->escape_str($_POST['screen_name'])."' WHERE forum_last_post_author_id = '".$this->EE->session->userdata('member_id')."'");
    1456. 

  1456. 			$this->EE->db->query("UPDATE exp_forum_moderators SET mod_member_name = '".$this->EE->db->escape_str($_POST['screen_name'])."' WHERE mod_member_id = '".$this->EE->session->userdata('member_id')."'");
    1457. 

  1457. 		}
    1458. 

  1458. 

  1459. 		/** -------------------------------------
    1460. 

  1460. 		/**  Assign the query data
    1461. 

  1461. 		/** -------------------------------------*/
    1462. 

  1462. 		$data['screen_name'] = $_POST['screen_name'];
    1463. 

  1463. 

  1464. 		if ($this->EE->config->item('allow_username_change') == 'y')
    1465. 

  1465. 		{
    1466. 

  1466. 			$data['username'] = $_POST['username'];
    1467. 

  1467. 		}
    1468. 

  1468. 

  1469. 		// Was a password submitted?
    1470. 

  1470. 

  1471. 		$pw_change = '';
    1472. 

  1472. 

  1473. 		if ($_POST['password'] != '')
    1474. 

  1474. 		{
    1475. 

  1475. 			$data['password'] = $this->EE->functions->hash(stripslashes($_POST['password']));
    1476. 

  1476. 

  1477. 			$pw_change = $this->_var_swap($this->_load_element('password_change_warning'),
    1478. 

  1478. 											array('lang:password_change_warning' => $this->EE->lang->line('password_change_warning'))
    1479. 

  1479. 										);
    1480. 

  1480. 		}
    1481. 

  1481. 

  1482. 		$this->EE->db->query($this->EE->db->update_string('exp_members', $data, "member_id = '".$this->EE->session->userdata('member_id')."'"));
    1483. 

  1483. 

  1484. 		/** -------------------------------------
    1485. 

  1485. 		/**  Update comments if screen name has changed
    1486. 

  1486. 		/** -------------------------------------*/
    1487. 

  1487. 		if ($query->row('screen_name')  != $_POST['screen_name'])
    1488. 

  1488. 		{
    1489. 

  1489. 			$this->EE->db->query($this->EE->db->update_string('exp_comments', array('name' => $_POST['screen_name']), "author_id = '".$this->EE->session->userdata('member_id')."'"));
    1490. 

  1490. 

  1491. 			// We need to update the gallery comments
    1492. 

  1492. 			// But!  Only if the table exists
    1493. 

  1493. 

  1494. 			if ($this->EE->db->table_exists('exp_gallery_comments'))
    1495. 

  1495. 			{
    1496. 

  1496. 				$this->EE->db->query($this->EE->db->update_string('exp_gallery_comments', array('name' => $_POST['screen_name']), "author_id = '".$this->EE->session->userdata('member_id')."'"));
    1497. 

  1497. 			}
    1498. 

  1498. 

  1499. 			$this->EE->session->userdata['screen_name'] = stripslashes($_POST['screen_name']);
    1500. 

  1500. 		}
    1501. 

  1501. 

  1502. 		/** -------------------------------------
    1503. 

  1503. 		/**  Success message
    1504. 

  1504. 		/** -------------------------------------*/
    1505. 

  1505. 

  1506. 		return $this->_var_swap($this->_load_element('success'),
    1507. 

  1507. 								array(
    1508. 

  1508. 										'lang:heading'	=>	$this->EE->lang->line('username_and_password'),
    1509. 

  1509. 										'lang:message'	=>	$this->EE->lang->line('mbr_settings_updated').$pw_change
    1510. 

  1510. 									 )
    1511. 

  1511. 							);
    1512. 

  1512. 	}
    1513. 

  1513. 

  1514. 

  1515. 

  1516. 

  1517. 	/** ----------------------------------------
    1518. 

  1518. 	/**  Localization Edit Form
    1519. 

  1519. 	/** ----------------------------------------*/
    1520. 

  1520. 

  1521. 	function edit_localization()
    1522. 

  1522. 	{
    1523. 

  1523. 		// Are localizations enabled?
    1524. 

  1524. 

  1525. 		if ($this->EE->config->item('allow_member_localization') == 'n' AND $this->EE->session->userdata('group_id') != 1)
    1526. 

  1526. 		{
    1527. 

  1527. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('localization_disallowed')));
    1528. 

  1528. 		}
    1529. 

  1529. 

  1530. 		// Time format selection menu
    1531. 

  1531. 

  1532. 		$tf = "<select name='time_format' class='select'>\n";
    1533. 

  1533. 		$selected = ($this->EE->session->userdata['time_format'] == 'us') ? " selected='selected'" : '';
    1534. 

  1534. 		$tf .= "<option value='us'{$selected}>".$this->EE->lang->line('united_states')."</option>\n";
    1535. 

  1535. 		$selected = ($this->EE->session->userdata['time_format'] == 'eu') ? " selected='selected'" : '';
    1536. 

  1536. 		$tf .= "<option value='eu'{$selected}>".$this->EE->lang->line('european')."</option>\n";
    1537. 

  1537. 		$tf .= "</select>\n";
    1538. 

  1538. 

  1539. 

  1540. 		$query = $this->EE->db->query("SELECT language, timezone,daylight_savings FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    1541. 

  1541. 

  1542. 		return $this->_var_swap($this->_load_element('localization_form'),
    1543. 

  1543. 								array(
    1544. 

  1544. 										'path:update_localization'		=>	$this->_member_path('update_localization'),
    1545. 

  1545. 										'form:localization'				=>	$this->EE->localize->timezone_menu(($query->row('timezone')  == '') ? 'UTC' : $query->row('timezone') ),
    1546. 

  1546. 										'state:daylight_savings'		=>	($query->row('daylight_savings')  == 'y') ? " checked='checked'" : '',
    1547. 

  1547. 										'form:time_format'				=>	$tf,
    1548. 

  1548. 										'form:language'					=>	$this->EE->functions->language_pack_names(($query->row('language')  == '') ? 'english' : $query->row('language') )
    1549. 

  1549. 									 )
    1550. 

  1550. 								);
    1551. 

  1551. 	}
    1552. 

  1552. 

  1553. 

  1554. 

  1555. 

  1556. 

  1557. 	/** ----------------------------------------
    1558. 

  1558. 	/**  Update Localization Prefs
    1559. 

  1559. 	/** ----------------------------------------*/
    1560. 

  1560. 

  1561. 	function update_localization()
    1562. 

  1562. 	{
    1563. 

  1563. 		// Are localizations enabled?
    1564. 

  1564. 

  1565. 		if ($this->EE->config->item('allow_member_localization') == 'n' AND $this->EE->session->userdata('group_id') != 1)
    1566. 

  1566. 		{
    1567. 

  1567. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('localization_disallowed')));
    1568. 

  1568. 		}
    1569. 

  1569. 

  1570. 		if ( ! isset($_POST['server_timezone']))
    1571. 

  1571. 		{
    1572. 

  1572. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('invalid_action')));
    1573. 

  1573. 		}
    1574. 

  1574. 

  1575. 		$this->EE->load->library('security');
    1576. 

  1576. 		
    1577. 

  1577. 		$data['language']	= $this->EE->security->sanitize_filename($_POST['deft_lang']);
    1578. 

  1578. 		$data['timezone']	= $_POST['server_timezone'];
    1579. 

  1579. 		$data['time_format'] = $_POST['time_format'];
    1580. 

  1580. 

  1581. 		if ( ! is_dir(APPPATH.'language/'.$data['language']))
    1582. 

  1582. 		{
    1583. 

  1583. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('invalid_action')));
    1584. 

  1584. 		}
    1585. 

  1585. 

  1586. 		$data['daylight_savings'] = ($this->EE->input->post('daylight_savings') == 'y') ? 'y' : 'n';
    1587. 

  1587. 

  1588. 		$this->EE->db->query($this->EE->db->update_string('exp_members', $data, "member_id = '".$this->EE->session->userdata('member_id')."'"));
    1589. 

  1589. 

  1590. 		/** -------------------------------------
    1591. 

  1591. 		/**  Success message
    1592. 

  1592. 		/** -------------------------------------*/
    1593. 

  1593. 

  1594. 		return $this->_var_swap($this->_load_element('success'),
    1595. 

  1595. 								array(
    1596. 

  1596. 										'lang:heading'	=>	$this->EE->lang->line('localization_settings'),
    1597. 

  1597. 										'lang:message'	=>	$this->EE->lang->line('mbr_localization_settings_updated')
    1598. 

  1598. 									 )
    1599. 

  1599. 								);
    1600. 

  1600. 	}
    1601. 

  1601. 

  1602. 

  1603. 

  1604. 	/** -------------------------------------
    1605. 

  1605. 	/**  Edit Ignore List
    1606. 

  1606. 	/** -------------------------------------*/
    1607. 

  1607. 

  1608. 	function edit_ignore_list($msg = '')
    1609. 

  1609. 	{
    1610. 

  1610. 		$query = $this->EE->db->query("SELECT ignore_list FROM exp_members WHERE member_id = '".$this->EE->session->userdata['member_id']."'");
    1611. 

  1611. 

  1612. 		if ($query->num_rows() == 0)
    1613. 

  1613. 		{
    1614. 

  1614. 			return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
    1615. 

  1615. 		}
    1616. 

  1616. 		else
    1617. 

  1617. 		{
    1618. 

  1618. 			$ignored = ($query->row('ignore_list')  == '') ? array() : explode('|', $query->row('ignore_list') );
    1619. 

  1619. 		}
    1620. 

  1620. 

  1621. 		$query = $this->EE->db->query("SELECT screen_name, member_id FROM exp_members WHERE member_id IN ('".implode("', '", $ignored)."') ORDER BY screen_name");
    1622. 

  1622. 		$out = '';
    1623. 

  1623. 

  1624. 		if ($query->num_rows() == 0)
    1625. 

  1625. 		{
    1626. 

  1626. 			// not ignoring anyone right now
    1627. 

  1627. 		}
    1628. 

  1628. 		else
    1629. 

  1629. 		{
    1630. 

  1630. 			$template = $this->_load_element('edit_ignore_list_rows');
    1631. 

  1631. 			$i = 0;
    1632. 

  1632. 

  1633. 			foreach ($query->result_array() as $row)
    1634. 

  1634. 			{
    1635. 

  1635. 				$temp = $this->_var_swap($template,
    1636. 

  1636. 										 array(
    1637. 

  1637. 											'path:profile_link'		=> $this->_member_path($row['member_id']),
    1638. 

  1638. 											'name'					=> $row['screen_name'],
    1639. 

  1639. 											'member_id'				=> $row['member_id'],
    1640. 

  1640. 											'class'					=> ($i++ % 2) ? 'tableCellOne' : 'tableCellTwo'
    1641. 

  1641. 											)
    1642. 

  1642. 										);
    1643. 

  1643. 				$out .= $temp;
    1644. 

  1644. 			}
    1645. 

  1645. 		}
    1646. 

  1646. 

  1647. 		$form_details = array('hidden_fields'	=> array('name' => '', 'daction' => '', 'toggle[]' => ''),
    1648. 

  1648. 							  'action'			=> $this->_member_path('update_ignore_list'),
    1649. 

  1649. 						 	  'id'				=> 'target'
    1650. 

  1650. 						 	  );
    1651. 

  1651. 

  1652. 		$images_folder = $this->EE->config->slash_item('theme_folder_url').'cp_global_images/';
    1653. 

  1653. 

  1654. 		$finalized = $this->_var_swap($this->_load_element('edit_ignore_list_form'),
    1655. 

  1655. 								array(
    1656. 

  1656. 										'form:form_declaration'			=> $this->EE->functions->form_declaration($form_details),
    1657. 

  1657. 										'include:edit_ignore_list_rows'	=> $out,
    1658. 

  1658. 										'include:member_search'			=> $this->member_search_js().
    1659. 

  1659. 																			'<a href="#" title="{lang:member_search}" onclick="member_search(); return false;">'.
    1660. 

  1660. 																			'<img src="'.$images_folder.'search_glass.gif" style="border: 0px" width="12" height="12" alt="'.$this->EE->lang->line('search_glass').'" />'.
    1661. 

  1661. 																			'</a>',
    1662. 

  1662. 										'include:toggle_js'				=> $this->toggle_js(),
    1663. 

  1663. 										'form:add_button'				=> $this->list_js().
    1664. 

  1664. 						 													"<button type='submit' id='add' name='add' value='add' ".
    1665. 

  1665. 						 													"class='buttons' title='{lang:add_member}' ".
    1666. 

  1666. 						 													"onclick='dynamic_action(\"add\");list_addition();return false;'>".
    1667. 

  1667. 						 													"{lang:add_member}</button>".NBS.NBS,
    1668. 

  1668. 										'form:delete_button'			=> "<button type='submit' id='delete' name='delete' value='delete' ".
    1669. 

  1669. 					 														"class='buttons' title='{lang:delete_selected_members}' ".
    1670. 

  1670. 					 														"onclick='dynamic_action(\"delete\");'>".
    1671. 

  1671. 					 														"{lang:delete_member}</button> ",
    1672. 

  1672. 										'path:update_ignore_list'		=> $this->_member_path('update_ignore_list'),
    1673. 

  1673. 										'lang:message'					=> $this->EE->lang->line('ignore_list_updated')
    1674. 

  1674. 									)
    1675. 

  1675. 								);
    1676. 

  1676. 		if ($msg == '')
    1677. 

  1677. 		{
    1678. 

  1678. 			$finalized = $this->_deny_if('success_message', $finalized);
    1679. 

  1679. 		}
    1680. 

  1680. 		else
    1681. 

  1681. 		{
    1682. 

  1682. 			$finalized = $this->_allow_if('success_message', $finalized);
    1683. 

  1683. 		}
    1684. 

  1684. 

  1685. 		return $finalized;
    1686. 

  1686. 	}
    1687. 

  1687. 

  1688. 

  1689. 

  1690. 	/** -------------------------------------
    1691. 

  1691. 	/**  Update Ignore List
    1692. 

  1692. 	/** -------------------------------------*/
    1693. 

  1693. 

  1694. 	function update_ignore_list()
    1695. 

  1695. 	{
    1696. 

  1696. 		if ( ! ($action = $this->EE->input->post('daction')))
    1697. 

  1697. 		{
    1698. 

  1698. 			return $this->edit_ignore_list();
    1699. 

  1699. 		}
    1700. 

  1700. 

  1701. 		$ignored = array_flip($this->EE->session->userdata['ignore_list']);
    1702. 

  1702. 

  1703. 		if ($action == 'delete')
    1704. 

  1704. 		{
    1705. 

  1705. 			if ( ! ($member_ids = $this->EE->input->post('toggle')))
    1706. 

  1706. 			{
    1707. 

  1707. 				return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
    1708. 

  1708. 			}
    1709. 

  1709. 

  1710. 			foreach ($member_ids as $member_id)
    1711. 

  1711. 			{
    1712. 

  1712. 				unset($ignored[$member_id]);
    1713. 

  1713. 			}
    1714. 

  1714. 		}
    1715. 

  1715. 		else
    1716. 

  1716. 		{
    1717. 

  1717. 			if ( ! ($screen_name = $this->EE->input->post('name')))
    1718. 

  1718. 			{
    1719. 

  1719. 				return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
    1720. 

  1720. 			}
    1721. 

  1721. 

  1722. 			$query = $this->EE->db->query("SELECT member_id FROM exp_members WHERE screen_name = '".$this->EE->db->escape_str($screen_name)."'");
    1723. 

  1723. 

  1724. 			if ($query->num_rows() == 0)
    1725. 

  1725. 			{
    1726. 

  1726. 				return $this->_trigger_error('invalid_screen_name', 'invalid_screen_name_message');
    1727. 

  1727. 			}
    1728. 

  1728. 

  1729. 			if ($query->row('member_id')  == $this->EE->session->userdata['member_id'])
    1730. 

  1730. 			{
    1731. 

  1731. 				return $this->_trigger_error('invalid_screen_name', 'can_not_ignore_self');
    1732. 

  1732. 			}
    1733. 

  1733. 

  1734. 			if ( ! isset($ignored[$query->row('member_id') ]))
    1735. 

  1735. 			{
    1736. 

  1736. 				$ignored[$query->row('member_id') ] = $query->row('member_id') ;
    1737. 

  1737. 			}
    1738. 

  1738. 		}
    1739. 

  1739. 

  1740. 		$ignored_list = implode('|', array_keys($ignored));
    1741. 

  1741. 

  1742. 		$this->EE->db->query($this->EE->db->update_string('exp_members', array('ignore_list' => $ignored_list), "member_id = '".$this->EE->session->userdata['member_id']."'"));
    1743. 

  1743. 

  1744. 		return $this->edit_ignore_list('ignore_list_updated');
    1745. 

  1745. 	}
    1746. 

  1746. 

  1747. 

  1748. 

  1749. 	/** -------------------------------------
    1750. 

  1750. 	/**  Member Mini Search (Ignore List)
    1751. 

  1751. 	/** -------------------------------------*/
    1752. 

  1752. 

  1753. 	function member_mini_search($msg = '')
    1754. 

  1754. 	{
    1755. 

  1755. 		$form_details = array('hidden_fields' => array(),
    1756. 

  1756. 							  'action'	=> $this->_member_path('do_member_mini_search'),
    1757. 

  1757. 						 	  );
    1758. 

  1758. 

  1759. 		$group_opts = '';
    1760. 

  1760. 

  1761. 		$query = $this->EE->db->query("SELECT group_id, group_title FROM exp_member_groups WHERE site_id = '".$this->EE->db->escape_str($this->EE->config->item('site_id'))."' ORDER BY group_title");
    1762. 

  1762. 

  1763. 		foreach ($query->result_array() as $row)
    1764. 

  1764. 		{
    1765. 

  1765. 			$group_opts .= "<option value='{$row['group_id']}'>{$row['group_title']}</option>";
    1766. 

  1766. 		}
    1767. 

  1767. 

  1768. 		$template = $this->_var_swap($this->_load_element('search_members'),
    1769. 

  1769. 										array(
    1770. 

  1770. 												'form:form_declaration:do_member_search'	=> $this->EE->functions->form_declaration($form_details),
    1771. 

  1771. 												'include:message'							=> $msg,
    1772. 

  1772. 												'include:member_group_options'				=> $group_opts
    1773. 

  1773. 											)
    1774. 

  1774. 									);
    1775. 

  1775. 

  1776. 		if ($msg == '')
    1777. 

  1777. 		{
    1778. 

  1778. 			$template = $this->_deny_if('message', $template);
    1779. 

  1779. 		}
    1780. 

  1780. 		else
    1781. 

  1781. 		{
    1782. 

  1782. 			$template = $this->_allow_if('message', $template);
    1783. 

  1783. 		}
    1784. 

  1784. 

  1785. 		return $template;
    1786. 

  1786. 	}
    1787. 

  1787. 

  1788. 

  1789. 

  1790. 	/** -------------------------------------
    1791. 

  1791. 	/**  Do Member Mini Search (Ignore List)
    1792. 

  1792. 	/** -------------------------------------*/
    1793. 

  1793. 

  1794. 	function do_member_mini_search()
    1795. 

  1795. 	{
    1796. 

  1796. 			$redirect_url = $this->_member_path('member_mini_search');
    1797. 

  1797. 

  1798. 		/** -------------------------------------
    1799. 

  1799. 		/**  Parse the $_POST data
    1800. 

  1800. 		/** -------------------------------------*/
    1801. 

  1801. 		if ($_POST['screen_name'] 	== '' &&
    1802. 

  1802. 			$_POST['email'] 		== ''
    1803. 

  1803. 			)
    1804. 

  1804. 			{
    1805. 

  1805. 				$this->EE->functions->redirect($redirect_url);
    1806. 

  1806. 				exit;
    1807. 

  1807. 			}
    1808. 

  1808. 

  1809. 		$search_query = array();
    1810. 

  1810. 

  1811. 		foreach ($_POST as $key => $val)
    1812. 

  1812. 		{
    1813. 

  1813. 			if ($key == 'XID')
    1814. 

  1814. 			{
    1815. 

  1815. 				continue;
    1816. 

  1816. 			}
    1817. 

  1817. 			if ($key == 'group_id')
    1818. 

  1818. 			{
    1819. 

  1819. 				if ($val != 'any')
    1820. 

  1820. 				{
    1821. 

  1821. 					$search_query[] = " group_id ='".$this->EE->db->escape_str($_POST['group_id'])."'";
    1822. 

  1822. 				}
    1823. 

  1823. 			}
    1824. 

  1824. 			else
    1825. 

  1825. 			{
    1826. 

  1826. 				if ($val != '')
    1827. 

  1827. 				{
    1828. 

  1828. 					$search_query[] = $key." LIKE '%".$this->EE->db->escape_like_str($val)."%'";
    1829. 

  1829. 				}
    1830. 

  1830. 			}
    1831. 

  1831. 		}
    1832. 

  1832. 

  1833. 		if (count($search_query) < 1)
    1834. 

  1834. 		{
    1835. 

  1835. 			$this->EE->functions->redirect($redirect_url);
    1836. 

  1836. 			exit;
    1837. 

  1837. 		}
    1838. 

  1838. 

  1839.   		$Q = implode(" AND ", $search_query);
    1840. 

  1840. 

  1841. 		$sql = "SELECT DISTINCT exp_members.member_id, exp_members.screen_name FROM exp_members, exp_member_groups
    1842. 

  1842. 				WHERE exp_members.group_id = exp_member_groups.group_id AND exp_member_groups.site_id = '".$this->EE->db->escape_str($this->EE->config->item('site_id'))."'
    1843. 

  1843. 				AND ".$Q;
    1844. 

    1845. 

  1845. 		$query = $this->EE->db->query($sql);
    1846. 

  1846. 

  1847. 		if ($query->num_rows() == 0)
    1848. 

  1848. 		{
    1849. 

  1849. 			return $this->member_mini_search($this->EE->lang->line('no_search_results'));
    1850. 

  1850. 		}
    1851. 

  1851. 

  1852. 		$r = '';
    1853. 

  1853. 

  1854. 		foreach($query->result_array() as $row)
    1855. 

  1855. 		{
    1856. 

  1856. 			$item = '<a href="#" onclick="opener.dynamic_action(\'add\');opener.list_addition(\''.$row['screen_name'].'\', \'name\');return false;">'.$row['screen_name'].'</a>';
    1857. 

  1857. 			$r .= $this->_var_swap($this->_load_element('member_results_row'),
    1858. 

  1858. 									array(
    1859. 

  1859. 											'item' => $item
    1860. 

  1860. 										)
    1861. 

  1861. 									);
    1862. 

  1862. 		}
    1863. 

  1863. 

  1864. 		return $this->_var_swap($this->_load_element('member_results'),
    1865. 

  1865. 								array(
    1866. 

  1866. 										'include:search_results'	=> $r,
    1867. 

  1867. 										'path:new_search_url'		=> $redirect_url,
    1868. 

  1868. 										'which_field'				=> 'name'		// not used in this instance; probably will log a minor js error
    1869. 

  1869. 									)
    1870. 

  1870. 								);
    1871. 

  1871. 	}
    1872. 

  1872. 

  1873. 

  1874. 

  1875. 	/** -------------------------------------
    1876. 

  1876. 	/**  Toggle JS - used in Ignore List mgmt.
    1877. 

  1877. 	/** -------------------------------------*/
    1878. 

  1878. 

  1879. 	function toggle_js()
    1880. 

  1880. 	{
    1881. 

  1881. 	$str = <<<EOT
    1882. 

  1882. 

  1883. 	<script type="text/javascript">
    1884. 

  1884. 	//<![CDATA[
    1885. 

  1885. 

  1886. 	function toggle(thebutton)
    1887. 

  1887. 	{
    1888. 

  1888. 		if (thebutton.checked)
    1889. 

  1889. 		{
    1890. 

  1890. 			val = true;
    1891. 

  1891. 		}
    1892. 

  1892. 		else
    1893. 

  1893. 		{
    1894. 

  1894. 			val = false;
    1895. 

  1895. 		}
    1896. 

  1896. 

  1897. 		if (document.target)
    1898. 

  1898. 		{
    1899. 

  1899. 			var theForm = document.target;
    1900. 

  1900. 		}
    1901. 

  1901. 		else if (document.getElementById('target'))
    1902. 

  1902. 		{
    1903. 

  1903. 			var theForm = document.getElementById('target');
    1904. 

  1904. 		}
    1905. 

  1905. 		else
    1906. 

  1906. 		{
    1907. 

  1907. 			return false;
    1908. 

  1908. 		}
    1909. 

  1909. 

  1910. 		var len = theForm.elements.length;
    1911. 

  1911. 

  1912. 		for (var i = 0; i < len; i++)
    1913. 

  1913. 		{
    1914. 

  1914. 			var button = theForm.elements[i];
    1915. 

  1915. 

  1916. 			var name_array = button.name.split("[");
    1917. 

  1917. 

  1918. 			if (name_array[0] == "toggle")
    1919. 

  1919. 			{
    1920. 

  1920. 				button.checked = val;
    1921. 

  1921. 			}
    1922. 

  1922. 		}
    1923. 

  1923. 

  1924. 		theForm.toggleflag.checked = val;
    1925. 

  1925. 	}
    1926. 

  1926. 	//]]>
    1927. 

  1927. 	</script>
    1928. 

  1928. 

  1929. EOT;
    1930. 

  1930. 

  1931. 		return trim($str);
    1932. 

  1932. 	}
    1933. 

  1933. 

  1934. 

  1935. 

  1936. 	/** -------------------------------------
    1937. 

  1937. 	/**  Add member to Ignore List js
    1938. 

  1938. 	/** -------------------------------------*/
    1939. 

  1939. 

  1940. 	function list_js()
    1941. 

  1941. 	{
    1942. 

  1942. 		return <<<EWOK
    1943. 

  1943. 

  1944. 	<script type="text/javascript">
    1945. 

  1945. 	//<![CDATA[
    1946. 

  1946. 

  1947. 	function list_addition(member, el)
    1948. 

  1948. 	{
    1949. 

  1949. 		var member_text = '{lang:member_usernames}';
    1950. 

  1950. 

  1951. 		var Name = (member == null) ? prompt(member_text, '') : member;
    1952. 

  1952. 		var el = (el == null) ? 'name' : el;
    1953. 

  1953. 

  1954. 		 if ( ! Name || Name == null)
    1955. 

  1955. 		 {
    1956. 

  1956. 		 	return;
    1957. 

  1957. 		 }
    1958. 

  1958. 

  1959. 		var frm = document.getElementById('target');
    1960. 

  1960. 		var x;
    1961. 

  1961. 

  1962. 		for (i = 0; i < frm.length; i++)
    1963. 

  1963. 		{
    1964. 

  1964. 			if (frm.elements[i].name == el)
    1965. 

  1965. 			{
    1966. 

  1966. 				frm.elements[i].value = Name;
    1967. 

  1967. 			}
    1968. 

  1968. 		}
    1969. 

  1969. 

  1970. 		 document.getElementById('target').submit();
    1971. 

  1971. 	}
    1972. 

  1972. 

  1973. 	function dynamic_action(which)
    1974. 

  1974. 	{
    1975. 

  1975. 		if (document.getElementById('target').daction)
    1976. 

  1976. 		{
    1977. 

  1977. 			document.getElementById('target').daction.value = which;
    1978. 

  1978. 		}
    1979. 

  1979. 	}
    1980. 

  1980. 	//]]>
    1981. 

  1981. 	</script>
    1982. 

  1982. EWOK;
    1983. 

  1983. 

  1984. 	}
    1985. 

  1985. 

  1986. 

  1987. 

  1988. 	/** -------------------------------------
    1989. 

  1989. 	/**  Member Search JS for Ignore List
    1990. 

  1990. 	/** -------------------------------------*/
    1991. 

  1991. 

  1992. 	function member_search_js()
    1993. 

  1993. 	{
    1994. 

  1994. 			$url = $this->_member_path('member_mini_search');
    1995. 

  1995. 

  1996. 		$str = <<<UNGA
    1997. 

  1997. 

  1998. <script type="text/javascript">
    1999. 

  1999. //<![CDATA[
    2000. 

  2000. function member_search()
    2001. 

  2001. {
    2002. 

  2002. 	var popWin = window.open('{$url}', '_blank', 'width=450,height=480,scrollbars=yes,status=yes,screenx=0,screeny=0,resizable=yes');
    2003. 

  2003. }
    2004. 

  2004. 

  2005. //]]>
    2006. 

  2006. </script>
    2007. 

  2007. 

  2008. UNGA;
    2009. 

  2009. 

  2010. 		return $str;
    2011. 

  2011. 	}
    2012. 

  2012. 

  2013. 

  2014. 	/** ----------------------------------------
    2015. 

  2015. 	/**  Notepad Edit Form
    2016. 

  2016. 	/** ----------------------------------------*/
    2017. 

  2017. 

  2018. 	function edit_notepad()
    2019. 

  2019. 	{
    2020. 

  2020. 		$query = $this->EE->db->query("SELECT notepad, notepad_size FROM exp_members WHERE member_id = '".$this->EE->session->userdata('member_id')."'");
    2021. 

  2021. 									 
    2022. 

  2022. 		return $this->_var_swap($this->_load_element('notepad_form'),
    2023. 

  2023. 								array(
    2024. 

  2024. 										'path:update_notepad'	=>	$this->_member_path('update_notepad'),
    2025. 

  2025. 										'notepad_data'			=>	$query->row('notepad') ,
    2026. 

  2026. 										'notepad_size'			=>	$query->row('notepad_size')
    2027. 

  2027. 									 )
    2028. 

  2028. 								);
    2029. 

  2029. 	}
    2030. 

  2030. 

  2031. 

  2032. 

  2033. 	/** ----------------------------------------
    2034. 

  2034. 	/**  Update Notepad
    2035. 

  2035. 	/** ----------------------------------------*/
    2036. 

  2036. 

  2037. 	function update_notepad()
    2038. 

  2038. 	{
    2039. 

  2039. 		if ( ! isset($_POST['notepad']))
    2040. 

  2040. 		{
    2041. 

  2041. 			return $this->EE->functions->redirect($this->_member_path('edit_notepad'));
    2042. 

  2042. 		}
    2043. 

  2043. 

  2044. 		$notepad_size = ( ! is_numeric($_POST['notepad_size'])) ? 18 : $_POST['notepad_size'];
    2045. 

  2045. 

  2046. 		$this->EE->db->query("UPDATE exp_members SET notepad = '".$this->EE->db->escape_str($this->EE->security->xss_clean($_POST['notepad']))."', notepad_size = '".$notepad_size."' WHERE member_id ='".$this->EE->session->userdata('member_id')."'");
    2047. 

  2047. 

  2048. 		/** -------------------------------------
    2049. 

  2049. 		/**  Success message
    2050. 

  2050. 		/** -------------------------------------*/
    2051. 

  2051. 

  2052. 		return $this->_var_swap($this->_load_element('success'),
    2053. 

  2053. 								array(
    2054. 

  2054. 										'lang:heading'	=>	$this->EE->lang->line('mbr_notepad'),
    2055. 

  2055. 										'lang:message'	=>	$this->EE->lang->line('mbr_notepad_updated')
    2056. 

  2056. 									 )
    2057. 

  2057. 								);
    2058. 

  2058. 	}
    2059. 

  2059. 

  2060. 

  2061. 

  2062. 

  2063. 	/** ----------------------------------
    2064. 

  2064. 	/**  Username/password update
    2065. 

  2065. 	/** ----------------------------------*/
    2066. 

  2066. 	function unpw_update()
    2067. 

  2067. 	{
    2068. 

  2068. 		if ($this->cur_id == '' OR strpos($this->cur_id, '_') === FALSE)
    2069. 

  2069. 		{
    2070. 

  2070. 			return;
    2071. 

  2071. 		}
    2072. 

  2072. 

  2073. 		$x = explode('_', $this->cur_id);
    2074. 

  2074. 

  2075. 		if (count($x) != 3)
    2076. 

  2076. 		{
    2077. 

  2077. 			return;
    2078. 

  2078. 		}
    2079. 

  2079. 

  2080. 		foreach ($x as $val)
    2081. 

  2081. 		{
    2082. 

  2082. 			if ( ! is_numeric($val))
    2083. 

  2083. 			{
    2084. 

  2084. 				return;
    2085. 

  2085. 			}
    2086. 

  2086. 		}
    2087. 

  2087. 

  2088. 		$mid	= $x['0'];
    2089. 

  2089. 		$ulen	= $x['1'];
    2090. 

  2090. 		$plen	= $x['2'];
    2091. 

  2091. 

  2092. 		$tmpl = $this->_load_element('update_un_pw_form');
    2093. 

  2093. 

  2094. 		$uml = $this->EE->config->item('un_min_len');
    2095. 

  2095. 		$pml = $this->EE->config->item('pw_min_len');
    2096. 

  2096. 

  2097. 

  2098. 		if ($ulen < $uml)
    2099. 

  2099. 		{
    2100. 

  2100. 			$tmpl = $this->_allow_if('invalid_username', $tmpl);
    2101. 

  2101. 		}
    2102. 

  2102. 

  2103. 		if ($plen < $pml)
    2104. 

  2104. 		{
    2105. 

  2105. 			$tmpl = $this->_allow_if('invalid_password', $tmpl);
    2106. 

  2106. 		}
    2107. 

  2107. 

  2108. 

  2109. 		$tmpl = $this->_deny_if('invalid_username', $tmpl);
    2110. 

  2110. 		$tmpl = $this->_deny_if('invalid_password', $tmpl);
    2111. 

  2111. 

  2112. 

  2113. 		$data['hidden_fields']['ACT']	= $this->EE->functions->fetch_action_id('Member', 'update_un_pw');
    2114. 

  2114. 		$data['hidden_fields']['FROM']	= ($this->in_forum == TRUE) ? 'forum' : '';
    2115. 

  2115. 

  2116. 		if ($this->EE->uri->segment(5))
    2117. 

  2117. 		{
    2118. 

  2118. 			$data['action']	= $this->EE->functions->fetch_current_uri();
    2119. 

  2119. 		}
    2120. 

  2120. 

  2121. 		$this->_set_page_title($this->EE->lang->line('member_login'));
    2122. 

  2122. 

  2123. 		return $this->_var_swap($tmpl,
    2124. 

  2124. 								array(
    2125. 

  2125. 										'form_declaration' 	=> $this->EE->functions->form_declaration($data),
    2126. 

  2126. 										'lang:username_length'	=> str_replace('%x', $this->EE->config->item('un_min_len'), $this->EE->lang->line('un_len')),
    2127. 

  2127. 										'lang:password_length'	=> sprintf($this->EE->lang->line('pw_len'),	
    2128. 

  2128. 																		$this->EE->config->item('pw_min_len'))
    2129. 

  2129. 									)
    2130. 

  2130. 								);
    2131. 

  2131. 	}
    2132. 

  2132. 

  2133. 

  2134. 

  2135. 	/** ----------------------------------
    2136. 

  2136. 	/**  Update the username/password
    2137. 

  2137. 	/** ----------------------------------*/
    2138. 

  2138. 

  2139. 	function update_un_pw()
    2140. 

  2140. 	{
    2141. 

  2141. 		$missing = FALSE;
    2142. 

  2142. 

  2143. 		if ( ! isset($_POST['new_username']) AND  ! isset($_POST['new_password']))
    2144. 

  2144. 		{
    2145. 

  2145. 			$missing = TRUE;
    2146. 

  2146. 		}
    2147. 

  2147. 

  2148. 		if ((isset($_POST['new_username']) AND $_POST['new_username'] == '') OR (isset($_POST['new_password']) AND $_POST['new_password'] == ''))
    2149. 

  2149. 		{
    2150. 

  2150. 			$missing = TRUE;
    2151. 

  2151. 		}
    2152. 

  2152. 

  2153. 		if ($this->EE->input->post('username') == '' OR $this->EE->input->get_post('password') == '')
    2154. 

  2154. 		{
    2155. 

  2155. 			$missing = TRUE;
    2156. 

  2156. 		}
    2157. 

  2157. 

  2158. 		if ($missing == TRUE)
    2159. 

  2159. 		{
    2160. 

  2160. 			return $this->EE->output->show_user_error('submission', $this->EE->lang->line('all_fields_required'));
    2161. 

  2161. 		}
    2162. 

  2162. 

  2163. 		/** ----------------------------------------
    2164. 

  2164. 		/**  Check password lockout status
    2165. 

  2165. 		/** ----------------------------------------*/
    2166. 

  2166. 

  2167. 		if ($this->EE->session->check_password_lockout($this->EE->input->post('username')) === TRUE)
    2168. 

  2168. 		{
    2169. 

  2169. 			$line = str_replace("%x", $this->EE->config->item('password_lockout_interval'), $this->EE->lang->line('password_lockout_in_effect'));
    2170. 

  2170. 			return $this->EE->output->show_user_error('submission', $line);
    2171. 

  2171. 		}
    2172. 

  2172. 

  2173. 		/** ----------------------------------------
    2174. 

  2174. 		/**  Fetch member data
    2175. 

  2175. 		/** ----------------------------------------*/
    2176. 

  2176. 		$sql = "SELECT member_id, group_id
    2177. 

  2177. 				FROM	exp_members
    2178. 

  2178. 				WHERE  username = '".$this->EE->db->escape_str($this->EE->input->post('username'))."'
    2179. 

  2179. 				AND	password = '".$this->EE->functions->hash(stripslashes($this->EE->input->post('password')))."'";
    2180. 

    2181. 

  2181. 		$query = $this->EE->db->query($sql);
    2182. 

  2182. 

  2183. 		/** ----------------------------------------
    2184. 

  2184. 		/**  Invalid Username or Password
    2185. 

  2185. 		/** ----------------------------------------*/
    2186. 

  2186. 		if ($query->num_rows() == 0)
    2187. 

  2187. 		{
    2188. 

  2188. 			$this->EE->session->save_password_lockout($this->EE->input->post('username'));
    2189. 

  2189. 			return $this->EE->output->show_user_error('submission', $this->EE->lang->line('invalid_existing_un_pw'));
    2190. 

  2190. 		}
    2191. 

  2191. 

  2192. 		$member_id = $query->row('member_id') ;
    2193. 

  2193. 

  2194. 		/** ----------------------------------------
    2195. 

  2195. 		/**  Is the user banned?
    2196. 

  2196. 		/** ----------------------------------------*/
    2197. 

  2197. 

  2198. 		// Super Admins can't be banned
    2199. 

  2199. 

  2200. 		if ($query->row('group_id')  != 1)
    2201. 

  2201. 		{
    2202. 

  2202. 			if ($this->EE->session->ban_check())
    2203. 

  2203. 			{
    2204. 

  2204. 				return $this->EE->output->fatal_error($this->EE->lang->line('not_authorized'));
    2205. 

  2205. 			}
    2206. 

  2206. 		}
    2207. 

  2207. 

  2208. 		/** -------------------------------------
    2209. 

  2209. 		/**  Instantiate validation class
    2210. 

  2210. 		/** -------------------------------------*/
    2211. 

  2211. 		if ( ! class_exists('EE_Validate'))
    2212. 

  2212. 		{
    2213. 

  2213. 			require APPPATH.'libraries/Validate'.EXT;
    2214. 

  2214. 		}
    2215. 

  2215. 

  2216. 		$new_un  = (isset($_POST['new_username'])) ? $_POST['new_username'] : '';
    2217. 

  2217. 		$new_pw  = (isset($_POST['new_password'])) ? $_POST['new_password'] : '';
    2218. 

  2218. 		$new_pwc = (isset($_POST['new_password_confirm'])) ? $_POST['new_password_confirm'] : '';
    2219. 

  2219. 

  2220. 		$VAL = new EE_Validate(
    2221. 

  2221. 								array(
    2222. 

  2222. 										'val_type'			=> 'new',
    2223. 

  2223. 										'fetch_lang' 		=> TRUE,
    2224. 

  2224. 										'require_cpw' 		=> FALSE,
    2225. 

  2225. 									 	'enable_log'		=> FALSE,
    2226. 

  2226. 										'username'			=> $new_un,
    2227. 

  2227. 										'password'			=> $new_pw,
    2228. 

  2228. 									 	'password_confirm'	=> $new_pwc,
    2229. 

  2229. 									 	'cur_password'		=> $_POST['password'],
    2230. 

  2230. 									 )
    2231. 

  2231. 							);
    2232. 

  2232. 

  2233. 		$un_exists = (isset($_POST['new_username']) AND $_POST['new_username'] != '') ? TRUE : FALSE;
    2234. 

  2234. 		$pw_exists = (isset($_POST['new_password']) AND $_POST['new_password'] != '') ? TRUE : FALSE;
    2235. 

  2235. 

  2236. 		if ($un_exists)
    2237. 

  2237. 			$VAL->validate_username();
    2238. 

  2238. 		if ($pw_exists)
    2239. 

  2239. 			$VAL->validate_password();
    2240. 

  2240. 

  2241. 		/** -------------------------------------
    2242. 

  2242. 		/**  Display error is there are any
    2243. 

  2243. 		/** -------------------------------------*/
    2244. 

  2244. 

  2245. 		if (count($VAL->errors) > 0)
    2246. 

  2246. 		{		 
    2247. 

  2247. 			return $this->EE->output->show_user_error('submission', $VAL->errors);
    2248. 

  2248. 		}
    2249. 

  2249. 

  2250. 

  2251. 		if ($un_exists)
    2252. 

  2252. 		{
    2253. 

  2253. 			$this->EE->db->query("UPDATE exp_members SET username = '".$this->EE->db->escape_str($_POST['new_username'])."' WHERE member_id = '{$member_id}'");
    2254. 

  2254. 		}
    2255. 

  2255. 

  2256. 		if ($pw_exists)
    2257. 

  2257. 		{
    2258. 

  2258. 			$this->EE->db->query("UPDATE exp_members SET password = '".$this->EE->functions->hash(stripslashes($_POST['new_password']))."' WHERE member_id = '{$member_id}'");
    2259. 

  2259. 		}
    2260. 

  2260. 

  2261. 		// Clear the tracker cookie since we're not sure where the redirect should go
    2262. 

  2262. 		$this->EE->functions->set_cookie('tracker');
    2263. 

  2263. 

  2264. 		$return = $this->EE->functions->form_backtrack();
    2265. 

  2265. 

  2266. 		if ($this->EE->config->item('user_session_type') != 'c')
    2267. 

  2267. 		{
    2268. 

  2268. 			if ($this->EE->config->item('force_query_string') == 'y' && substr($return, 0, -3) == "php")
    2269. 

  2269. 			{
    2270. 

  2270. 				$return .= '?';
    2271. 

  2271. 			}
    2272. 

  2272. 

  2273. 			if ($this->EE->session->userdata['session_id'] != '')
    2274. 

  2274. 			{
    2275. 

  2275. 				$return .= "/S=".$this->EE->session->userdata['session_id']."/";
    2276. 

  2276. 			}
    2277. 

  2277. 		}
    2278. 

  2278. 

  2279. 		if ($this->EE->uri->segment(5))
    2280. 

  2280. 		{
    2281. 

  2281. 			$link = $this->EE->functions->create_url($this->EE->uri->segment(5));
    2282. 

  2282. 			$line = $this->EE->lang->line('return_to_forum');
    2283. 

  2283. 		}
    2284. 

  2284. 		else
    2285. 

  2285. 		{
    2286. 

  2286. 			$link = $this->_member_path('login');
    2287. 

  2287. 			$line = $this->EE->lang->line('return_to_login');
    2288. 

  2288. 		}
    2289. 

  2289. 

  2290. 		// We're done.
    2291. 

  2291. 		$data = array(	'title' 	=> $this->EE->lang->line('settings_update'),
    2292. 

  2292. 						'heading'	=> $this->EE->lang->line('thank_you'),
    2293. 

  2293. 						'content'	=> $this->EE->lang->line('unpw_updated'),
    2294. 

  2294. 						'link'		=> array($link, $line)
    2295. 

  2295. 						 );
    2296. 

  2296. 

  2297. 		$this->EE->output->show_message($data);
    2298. 

  2298. 	}
    2299. 

  2299. 

  2300. 

  2301. }
    2302. 

  2302. // END CLASS
    2303. 

  2303. 

  2304. /* End of file mod.member_settings.php */
    2305. 

  2305. /* Location: ./system/expressionengine/modules/member/mod.member_settings.php */
    2306.