/**
* Add an error for multiple variables, either to the Form's field and/or the global {@link $Messages} object.
*
* @param array of param names
* @param string|NULL error message (by using NULL you can only add an error to the field, but not the $Message object)
* @param string|NULL error message for form fields ($err_msg gets used if === NULL).
*/
function param_error_multiple($vars, $err_msg, $field_err_msg = NULL)
{
global $param_input_err_messages;
if ($field_err_msg === NULL) {
$field_err_msg = $err_msg;
}
foreach ($vars as $var) {
if (!isset($param_input_err_messages[$var])) {
// We haven't already recorded an error for this field:
$param_input_err_messages[$var] = $field_err_msg;
}
}
if (isset($err_msg)) {
param_add_message_to_Log($var, $err_msg, 'error');
}
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
global $DB, $Settings, $UserSettings, $GroupCache, $Messages, $action;
global $current_User, $Session, $localtimenow;
$is_new_user = $this->ID == 0;
// ---- Login checking / START ----
$edited_user_login = param('edited_user_login', 'string');
if (empty($edited_user_login)) {
// Empty login
param_error('edited_user_login', T_('Please enter your login.'));
}
param_check_valid_login('edited_user_login');
$UserCache =& get_UserCache();
$UserLogin = $UserCache->get_by_login($edited_user_login);
if ($UserLogin && $UserLogin->ID != $this->ID) {
// The login is already registered
$login_error_message = T_('This login already exists.');
if ($current_User->check_perm('users', 'edit')) {
$login_error_message = sprintf(T_('This login «%s» already exists. Do you want to <a %s>edit the existing user</a>?'), $edited_user_login, 'href="' . get_user_settings_url('profile', $UserLogin->ID) . '"');
}
param_error('edited_user_login', $login_error_message);
}
if (!param_has_error('edited_user_login')) {
// We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes:
$this->set_from_Request('login', 'edited_user_login', true, 'utf8_strtolower');
}
// ---- Login checking / END ----
$is_identity_form = param('identity_form', 'boolean', false);
$is_admin_form = param('admin_form', 'boolean', false);
$has_full_access = $current_User->check_perm('users', 'edit');
$has_moderate_access = $current_User->check_perm('users', 'moderate');
// ******* Admin form or new user create ******* //
// In both cases current user must have users edit permission!
if (($is_admin_form || $is_identity_form && $is_new_user) && $has_moderate_access) {
// level/group and email options are displayed on identity form only when creating a new user.
if ($this->ID != 1) {
// the admin user group can't be changed
param_integer_range('edited_user_level', 0, 10, T_('User level must be between %d and %d.'));
$this->set_from_Request('level', 'edited_user_level', true);
$edited_user_Group = $GroupCache->get_by_ID(param('edited_user_grp_ID', 'integer'));
if ($has_full_access || $has_moderate_access && $edited_user_Group->get('level') < $current_User->get_Group()->get('level')) {
$this->set_Group($edited_user_Group);
}
}
param('edited_user_source', 'string', true);
$this->set_from_Request('source', 'edited_user_source', true);
// set email, without changing the user status
$edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true));
param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.'));
param_check_email('edited_user_email', true);
$this->set_email($edited_user_email, false);
if ($is_admin_form) {
// Admin form
$notification_sender_email = utf8_strtolower(param('notification_sender_email', 'string', true));
param_check_email('notification_sender_email');
if (!empty($notification_sender_email)) {
// Change a value of setting
$UserSettings->set('notification_sender_email', $notification_sender_email, $this->ID);
} elseif ($UserSettings->get('notification_sender_email', $this->ID) != '') {
// Delete a setting record from DB
$UserSettings->delete('notification_sender_email', $this->ID);
}
$notification_sender_name = param('notification_sender_name', 'string', true);
if (!empty($notification_sender_name)) {
// Change a value of setting
$UserSettings->set('notification_sender_name', $notification_sender_name, $this->ID);
} elseif ($UserSettings->get('notification_sender_name', $this->ID) != '') {
// Delete a setting record from DB
$UserSettings->delete('notification_sender_name', $this->ID);
}
if ($has_full_access && !isset($this->dbchanges['user_email'])) {
// If email address is not changed
// Update status of email address in the T_email_address table
$edited_email_status = param('edited_email_status', 'string');
$EmailAddressCache =& get_EmailAddressCache();
$EmailAddress =& $EmailAddressCache->get_by_name($this->get('email'), false, false);
if (!$EmailAddress && $edited_email_status != 'unknown') {
// Create new record in the T_email_address table
$EmailAddress = new EmailAddress();
$EmailAddress->set('address', $this->get('email'));
}
if (!empty($EmailAddress)) {
// Save status of an email address
$EmailAddress->set('status', $edited_email_status);
$EmailAddress->dbsave();
}
}
if ($current_User->check_perm('spamblacklist', 'edit')) {
// User can edit IP ranges
// Update status of IP range in DB
$edited_iprange_status = param('edited_iprange_status', 'string');
$IPRangeCache =& get_IPRangeCache();
$IPRange =& $IPRangeCache->get_by_ip(int2ip($UserSettings->get('created_fromIPv4', $this->ID)));
if (!$IPRange && !empty($edited_iprange_status)) {
// IP range doesn't exist in DB, Create new record
$ip_24bit_start = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.0', int2ip($UserSettings->get('created_fromIPv4', $this->ID))));
$ip_24bit_end = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.255', int2ip($UserSettings->get('created_fromIPv4', $this->ID))));
$IPRange = new IPRange();
$IPRange->set('IPv4start', $ip_24bit_start);
$IPRange->set('IPv4end', $ip_24bit_end);
$IPRange->set('user_count', 1);
}
if ($IPRange) {
// Save status of IP range
if ($IPRange->get('status') != 'blocked' && $edited_iprange_status == 'blocked') {
// Status was changed to blocked, we should increase counter
$IPRange->set('block_count', $IPRange->block_count + 1);
} else {
if ($IPRange->get('status') == 'blocked' && $edited_iprange_status != 'blocked') {
// Status was changed from blocked to another, we should decrease counter
$IPRange->set('block_count', $IPRange->block_count - 1);
}
}
$IPRange->set('status', $edited_iprange_status, true);
$IPRange->dbsave();
}
}
if ($current_User->check_perm('stats', 'edit')) {
// User can edit Domains
$DomainCache =& get_DomainCache();
// Update status of Domain in DB
$edited_domain_status = param('edited_domain_status', 'string');
$user_domain = $UserSettings->get('user_domain', $this->ID);
$Domain =& $DomainCache->get_by_name($user_domain, false, false);
if (!$Domain && $edited_domain_status != 'unknown' && !empty($user_domain)) {
// Domain doesn't exist in DB, Create new record
$Domain = new Domain();
$Domain->set('name', $user_domain);
}
if ($Domain) {
// Save status of Domain
$Domain->set('status', $edited_domain_status, true);
$Domain->dbsave();
}
// Update status of Initial referer in DB
load_funcs('sessions/model/_hitlog.funcs.php');
$edited_initial_referer_status = param('edited_initial_referer_status', 'string');
$initial_referer = $UserSettings->get('initial_referer', $this->ID);
$initial_referer_domain = url_part($initial_referer, 'host');
$Domain =& get_Domain_by_url($initial_referer);
if (!$Domain && $edited_initial_referer_status != 'unknown' && !empty($initial_referer_domain)) {
// Domain doesn't exist in DB, Create new record
$Domain = new Domain();
$Domain->set('name', $initial_referer_domain);
}
if ($Domain) {
// Save status of Domain
$Domain->set('status', $edited_initial_referer_status, true);
$Domain->dbsave();
}
}
}
}
// ******* Identity form ******* //
if ($is_identity_form) {
$can_edit_users = $current_User->check_perm('users', 'edit');
$edited_user_perms = array('edited-user', 'edited-user-required');
global $edited_user_age_min, $edited_user_age_max;
param('edited_user_age_min', 'string', true);
param('edited_user_age_max', 'string', true);
param_check_interval('edited_user_age_min', 'edited_user_age_max', T_('Age must be a number.'), T_('The first age must be lower than (or equal to) the second.'));
if (!param_has_error('edited_user_age_min') && $Settings->get('minimum_age') > 0 && !empty($edited_user_age_min) && $edited_user_age_min < $Settings->get('minimum_age')) {
// Limit user by minimum age
param_error('edited_user_age_min', sprintf(T_('You must be at least %d years old to use this service.'), $Settings->get('minimum_age')));
}
$this->set_from_Request('age_min', 'edited_user_age_min', true);
$this->set_from_Request('age_max', 'edited_user_age_max', true);
$firstname_editing = $Settings->get('firstname_editing');
if (in_array($firstname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $firstname_editing != 'hidden' && $can_edit_users) {
// User has a permissions to save Firstname
param('edited_user_firstname', 'string', true);
if ($firstname_editing == 'edited-user-required') {
// First name is required
if ($can_edit_users) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_firstname', T_('Please enter your first name.'), 'note');
} else {
// Display an error message
param_check_not_empty('edited_user_firstname', T_('Please enter your first name.'));
}
}
$this->set_from_Request('firstname', 'edited_user_firstname', true);
}
$lastname_editing = $Settings->get('lastname_editing');
if (in_array($lastname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $lastname_editing != 'hidden' && $can_edit_users) {
// User has a permissions to save Lastname
param('edited_user_lastname', 'string', true);
if ($lastname_editing == 'edited-user-required') {
// Last name is required
if ($can_edit_users) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_lastname', T_('Please enter last name.'), 'note');
} else {
// Display an error message
param_check_not_empty('edited_user_lastname', T_('Please enter last name.'));
}
}
$this->set_from_Request('lastname', 'edited_user_lastname', true);
}
$nickname_editing = $Settings->get('nickname_editing');
if (in_array($nickname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $nickname_editing != 'hidden' && $can_edit_users) {
// User has a permissions to save Nickname
param('edited_user_nickname', 'string', true);
if ($nickname_editing == 'edited-user-required') {
// Nickname is required
if ($can_edit_users) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_nickname', T_('Please enter your nickname.'), 'note');
} else {
// Display an error message
param_check_not_empty('edited_user_nickname', T_('Please enter your nickname.'));
}
}
$this->set_from_Request('nickname', 'edited_user_nickname', true);
}
param('edited_user_gender', 'string', '');
if (param_check_gender('edited_user_gender', $Settings->get('registration_require_gender') == 'required')) {
$this->set_from_Request('gender', 'edited_user_gender', true);
}
// ---- Locations / START ----
load_funcs('regional/model/_regional.funcs.php');
if (user_country_visible()) {
// Save country
$country_ID = param('edited_user_ctry_ID', 'integer', true);
$country_is_required = $Settings->get('location_country') == 'required' && countries_exist();
if ($country_is_required && $can_edit_users && $country_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_ctry_ID', T_('Please select a country.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_ctry_ID', T_('Please select a country.'), $country_is_required);
}
$this->set_from_Request('ctry_ID', 'edited_user_ctry_ID', true);
}
if (user_region_visible()) {
// Save region
$region_ID = param('edited_user_rgn_ID', 'integer', true);
$region_is_required = $Settings->get('location_region') == 'required' && regions_exist($country_ID);
if ($region_is_required && $can_edit_users && $region_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_rgn_ID', T_('Please select a region.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_rgn_ID', T_('Please select a region'), $region_is_required);
}
$this->set_from_Request('rgn_ID', 'edited_user_rgn_ID', true);
}
if (user_subregion_visible()) {
// Save subregion
$subregion_ID = param('edited_user_subrg_ID', 'integer', true);
$subregion_is_required = $Settings->get('location_subregion') == 'required' && subregions_exist($region_ID);
if ($subregion_is_required && $can_edit_users && $subregion_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_subrg_ID', T_('Please select a sub-region.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_subrg_ID', T_('Please select a sub-region.'), $subregion_is_required);
}
$this->set_from_Request('subrg_ID', 'edited_user_subrg_ID', true);
}
if (user_city_visible()) {
// Save city
$city_ID = param('edited_user_city_ID', 'integer', true);
$city_is_required = $Settings->get('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID);
if ($city_is_required && $can_edit_users && $city_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_city_ID', T_('Please select a city.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_city_ID', T_('Please select a city.'), $city_is_required);
}
$this->set_from_Request('city_ID', 'edited_user_city_ID', true);
}
// ---- Locations / END ----
// ---- Organizations / START ----
$organizations = param('organizations', 'array:string');
$org_roles = param('org_roles', 'array:string');
$this->update_organizations($organizations, $org_roles);
// ---- Organizations / END ----
// ---- Additional Fields / START ----
// Load all defined userfields for following checking of required fields
$this->userfield_defs_load();
// EXPERIMENTAL user fields & EXISTING fields:
// Get indices of existing userfields:
$userfield_IDs = $DB->get_results('
SELECT uf_ID, uf_ufdf_ID
FROM T_users__fields
WHERE uf_user_ID = ' . $this->ID);
foreach ($userfield_IDs as $userfield) {
if (!isset($this->userfield_defs[$userfield->uf_ufdf_ID])) {
// If user field definition doesn't exist in DB then delete field value of this user:
$this->userfield_update($userfield->uf_ID, NULL);
continue;
}
$field_type = $this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'text' ? 'text' : 'string';
$uf_val = param('uf_' . $userfield->uf_ID, $field_type, '');
if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'list' && $uf_val == '---') {
// Option list has a value '---' for empty value
$uf_val = '';
}
$uf_val = trim(strip_tags($uf_val));
if (empty($uf_val) && $this->userfield_defs[$userfield->uf_ufdf_ID][2] == 'require') {
// Display error for empty required field
if ($current_User->check_perm('users', 'edit')) {
// Display a note message if user can edit all users
param_add_message_to_Log('uf_' . $userfield->uf_ID, sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$userfield->uf_ufdf_ID][1]), 'note');
} else {
// Display an error message
param_error('uf_' . $userfield->uf_ID, T_('Please enter a value.'));
}
} else {
// Update field
if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'url') {
// Check url fields
param_check_url('uf_' . $userfield->uf_ID, 'commenting');
}
if ($this->userfield_defs[$userfield->uf_ufdf_ID][4] == 'list') {
// Option "Multiple values" == "List style"
// Split by comma and save each phrase as separate field
$uf_val = explode(',', $uf_val);
foreach ($uf_val as $v => $val) {
$val = trim($val);
if ($v == 0) {
// Update field with first value
$this->userfield_update($userfield->uf_ID, $val);
} else {
if (!empty($val)) {
// Add a new field for new values
$this->userfield_add($userfield->uf_ufdf_ID, $val);
}
}
}
} else {
// Forbidden & Allowed fields
$this->userfield_update($userfield->uf_ID, $uf_val);
}
}
}
// Duplicate fields:
if ($is_new_user) {
$user_id = param('orig_user_ID', 'integer', 0);
if ($user_id !== 0) {
$userfield_IDs = $DB->get_results('
SELECT uf_ID, uf_ufdf_ID
FROM T_users__fields
WHERE uf_user_ID = ' . $user_id);
foreach ($userfield_IDs as $userfield_ID) {
$uf_val = param('uf_' . $userfield_ID->uf_ID, 'string', '');
$uf_type = $userfield_ID->uf_ufdf_ID;
if (!empty($uf_val)) {
$this->userfield_add($uf_type, $uf_val);
}
}
}
}
$uf_new_fields = param('uf_new', 'array:array:string');
// Recommended & required fields (it still not saved in DB)
$uf_add_fields = param('uf_add', 'array:array:string');
// Added fields
// Add a new field: (JS is not enabled)
if ($action == 'add_field') {
// Button 'Add' new field is pressed
$new_field_type = param('new_field_type', 'integer', 0);
if (empty($new_field_type)) {
// We cannot add a new field without type
param_error('new_field_type', T_('Please select a field type.'));
} else {
// Save an adding field(in the array) to display it again if errors will be exist
$new_field_type_exists = false;
if ($this->userfield_defs[$new_field_type][4] == 'allowed' || $this->userfield_defs[$new_field_type][4] == 'list') {
// This field can be duplicated
global $add_field_types;
$add_field_types = array($new_field_type);
} else {
// We should to solve we can add this field or don't
if (!isset($uf_new_fields[$new_field_type]) && !isset($uf_add_fields[$new_field_type])) {
// User is adding this field first time
if (is_array($userfield_IDs) && count($userfield_IDs) > 0) {
// User has fields that saved in DB
foreach ($userfield_IDs as $userfield) {
if ($userfield->uf_ufdf_ID == $new_field_type) {
// New adding field already exists for current user in DB
$new_field_type_exists = true;
break;
}
}
}
if (!$new_field_type_exists) {
// Field doesn't still exist for current user
global $add_field_types;
$add_field_types = array($new_field_type);
}
} else {
// Field exists, no duplicates available
$new_field_type_exists = true;
}
if ($new_field_type_exists) {
// Field already is added for current user, we should display error about this
param_error('new_field_type', T_('You already added this field, please select another.'));
}
}
if (!$new_field_type_exists) {
// Mark a new field to enter a value
param_error('uf_add[' . $new_field_type . '][]', T_('Please enter a value in this new field.'));
}
}
}
// Save a New recommended & require fields AND Adding fields
if (count($uf_new_fields) > 0 || count($uf_add_fields) > 0) {
$uf_fields = array('new' => $uf_new_fields, 'add' => $uf_add_fields);
foreach ($uf_fields as $uf_type => $uf_new_fields) {
if ($uf_type == 'add') {
// Save an adding fields to display it again if errors will be exist
global $add_field_types;
if (!isset($add_field_types)) {
// Don't rewrite already existing array
$add_field_types = array();
}
}
foreach ($uf_new_fields as $uf_new_id => $uf_new_vals) {
foreach ($uf_new_vals as $uf_new_val) {
if ($this->userfield_defs[$uf_new_id][0] == 'list' && $uf_new_val == '---') {
// Option list has a value '---' for empty value
$uf_new_val = '';
}
$uf_new_val = trim(strip_tags($uf_new_val));
if ($uf_new_val != '') {
// Insert a new field in DB if it is filled
if ($this->userfield_defs[$uf_new_id][0] == 'url') {
// Check url fields
param_check_url('uf_' . $uf_type . '[' . $uf_new_id . '][]', 'commenting');
}
if ($this->userfield_defs[$uf_new_id][4] == 'list') {
// Option "Multiple values" == "List style"
// Split by comma and save each phrase as separate field
$uf_new_val = explode(',', $uf_new_val);
foreach ($uf_new_val as $val) {
$val = trim($val);
if (!empty($val)) {
// Exclude empty values(spaces)
$this->userfield_add((int) $uf_new_id, $val);
}
}
} else {
// Forbidden & Allowed fields
$this->userfield_add((int) $uf_new_id, $uf_new_val);
}
} elseif (empty($uf_new_val) && $this->userfield_defs[$uf_new_id][2] == 'require') {
// Display error for empty required field & new adding field
if ($current_User->check_perm('users', 'edit')) {
// Display a note message if user can edit all users
param_add_message_to_Log('uf_' . $uf_type . '[' . $uf_new_id . '][]', sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$uf_new_id][1]), 'note');
} else {
// Display an error message
param_error('uf_' . $uf_type . '[' . $uf_new_id . '][]', T_('Please enter a value.'));
}
}
if ($uf_type == 'add') {
// Save new added field, it used on the _user_identity.form
$add_field_types[] = $uf_new_id;
}
}
}
}
}
// ---- Additional Fields / END ----
// update profileupdate_date, because a publicly visible user property was changed
$this->set_profileupdate_date();
}
// ******* Password form ******* //
$is_password_form = param('password_form', 'boolean', false);
if ($is_password_form || $is_new_user) {
$reqID = param('reqID', 'string', '');
global $edited_user_pass1, $edited_user_pass2;
$edited_user_pass1 = param('edited_user_pass1', 'string', true);
$edited_user_pass2 = param('edited_user_pass2', 'string', true);
// Remove the invalid chars from password vars
$edited_user_pass1 = preg_replace('/[<>&]/', '', $edited_user_pass1);
$edited_user_pass2 = preg_replace('/[<>&]/', '', $edited_user_pass2);
if ($is_new_user || !empty($reqID) && $reqID == $Session->get('core.changepwd.request_id')) {
// current password is not required:
// - new user creating process
// - password change requested by email
if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'))) {
// We can set password
$this->set_password($edited_user_pass2);
}
} else {
// ******* Password edit form ****** //
$current_user_pass = param('current_user_pass', 'string', true);
if ($this->ID != $current_User->ID) {
// Set the messages when admin changes a password of other user
$checkpwd_params = array('msg_pass_new' => T_('Please enter new password.'), 'msg_pass_twice' => T_('Please enter new password twice.'));
} else {
// Use default messages
$checkpwd_params = array();
}
if (!strlen($current_user_pass)) {
param_error('current_user_pass', T_('Please enter your current password.'));
param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params);
} else {
if ($has_full_access && $this->ID != $current_User->ID) {
// Admin is changing a password of other user, Check a password of current admin
$pass_to_check = $current_User->pass;
$current_user_salt = $current_User->salt;
} else {
// User is changing own pasword
$pass_to_check = $this->pass;
$current_user_salt = $this->salt;
}
if ($pass_to_check == md5($current_user_salt . $current_user_pass, true)) {
if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params)) {
// We can set password
$this->set_password($edited_user_pass2);
}
} else {
param_error('current_user_pass', T_('Your current password is incorrect.'));
param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params);
}
}
}
}
// Used in Preferences & Notifications forms
$has_messaging_perm = $this->check_perm('perm_messaging', 'reply');
// ******* Preferences form ******* //
$is_preferences_form = param('preferences_form', 'boolean', false);
if ($is_preferences_form) {
// Other preferences
param('edited_user_locale', 'string', true);
$this->set_from_Request('locale', 'edited_user_locale', true);
// Session timeout
$edited_user_timeout_sessions = param('edited_user_timeout_sessions', 'string', NULL);
if (isset($edited_user_timeout_sessions) && ($current_User->ID == $this->ID || $current_User->check_perm('users', 'edit'))) {
switch ($edited_user_timeout_sessions) {
case 'default':
$UserSettings->set('timeout_sessions', NULL, $this->ID);
break;
case 'custom':
$UserSettings->set('timeout_sessions', param_duration('timeout_sessions'), $this->ID);
break;
}
}
$UserSettings->set('show_online', param('edited_user_showonline', 'integer', 0), $this->ID);
}
// ******* Notifications form ******* //
$is_subscriptions_form = param('subscriptions_form', 'boolean', false);
if ($is_subscriptions_form) {
if ($action == 'subscribe') {
// Do only subscribe to new blog (Don't update the user's settings from the same form)
// A selected blog to subscribe
$subscribe_blog_ID = param('subscribe_blog', 'integer', 0);
// Get checkbox values:
$sub_items = param('sub_items_new', 'integer', 0);
$sub_comments = param('sub_comments_new', 'integer', 0);
// Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something
if ($subscribe_blog_ID && ($sub_items || $sub_comments)) {
// We need to record values:
$DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments )
VALUES ( ' . $DB->quote($subscribe_blog_ID) . ', ' . $DB->quote($this->ID) . ', ' . $DB->quote($sub_items) . ', ' . $DB->quote($sub_comments) . ' )');
$Messages->add(T_('Subscriptions have been changed.'), 'success');
} else {
// Display an error message to inform user about incorrect actions
$Messages->add(T_('Please select at least one setting to subscribe on the selected blog.'), 'error');
}
} else {
// Update user's settings
// Email communication
$edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true));
param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.'));
param_check_email('edited_user_email', true);
$this->set_email($edited_user_email);
// set messaging options
if ($has_messaging_perm) {
$UserSettings->set('enable_PM', param('PM', 'integer', 0), $this->ID);
}
$emails_msgform = $Settings->get('emails_msgform');
if ($emails_msgform == 'userset' || $emails_msgform == 'adminset' && $current_User->check_perm('users', 'edit')) {
// enable email option is displayed only if user can set or if admin can set and current User is an administrator
$UserSettings->set('enable_email', param('email', 'integer', 0), $this->ID);
}
// Email format
$UserSettings->set('email_format', param('edited_user_email_format', 'string', 'auto'), $this->ID);
// set notification options
if ($has_messaging_perm) {
// update 'notify messages' only if user has messaging rights and this option was displayed
$UserSettings->set('notify_messages', param('edited_user_notify_messages', 'integer', 0), $this->ID);
$UserSettings->set('notify_unread_messages', param('edited_user_notify_unread_messages', 'integer', 0), $this->ID);
}
if ($this->check_role('post_owner')) {
// update 'notify_published_comments' only if user has at least one post or user has right to create new post
$UserSettings->set('notify_published_comments', param('edited_user_notify_publ_comments', 'integer', 0), $this->ID);
}
$is_comment_moderator = $this->check_role('comment_moderator');
if ($is_comment_moderator || $this->check_role('comment_editor')) {
// update 'notify_comment_moderation' only if user is comment moderator/editor at least in one blog
$UserSettings->set('notify_comment_moderation', param('edited_user_notify_cmt_moderation', 'integer', 0), $this->ID);
}
if ($this->check_perm('admin', 'restricted', false)) {
// update 'notify_meta_comments' only if edited user has a permission to back-office
$UserSettings->set('notify_meta_comments', param('edited_user_notify_meta_comments', 'integer', 0), $this->ID);
}
if ($is_comment_moderator) {
// update 'send_cmt_moderation_reminder' only if user is comment moderator at least in one blog
$UserSettings->set('send_cmt_moderation_reminder', param('edited_user_send_cmt_moderation_reminder', 'integer', 0), $this->ID);
}
if ($this->check_role('post_moderator')) {
// update 'notify_post_moderation' and 'send_cmt_moderation_reminder' only if user is post moderator at least in one blog
$UserSettings->set('notify_post_moderation', param('edited_user_notify_post_moderation', 'integer', 0), $this->ID);
$UserSettings->set('send_pst_moderation_reminder', param('edited_user_send_pst_moderation_reminder', 'integer', 0), $this->ID);
}
if ($this->grp_ID == 1) {
$UserSettings->set('send_activation_reminder', param('edited_user_send_activation_reminder', 'integer', 0), $this->ID);
}
if ($this->check_perm('users', 'edit')) {
// edited user has permission to edit all users, save notification preferences
$UserSettings->set('notify_new_user_registration', param('edited_user_notify_new_user_registration', 'integer', 0), $this->ID);
$UserSettings->set('notify_activated_account', param('edited_user_notify_activated_account', 'integer', 0), $this->ID);
$UserSettings->set('notify_closed_account', param('edited_user_notify_closed_account', 'integer', 0), $this->ID);
$UserSettings->set('notify_reported_account', param('edited_user_notify_reported_account', 'integer', 0), $this->ID);
$UserSettings->set('notify_changed_account', param('edited_user_notify_changed_account', 'integer', 0), $this->ID);
}
if ($this->check_perm('options', 'edit')) {
// edited user has permission to edit options, save notification preferences
$UserSettings->set('notify_cronjob_error', param('edited_user_notify_cronjob_error', 'integer', 0), $this->ID);
}
// Newsletter
$UserSettings->set('newsletter_news', param('edited_user_newsletter_news', 'integer', 0), $this->ID);
$UserSettings->set('newsletter_ads', param('edited_user_newsletter_ads', 'integer', 0), $this->ID);
// Emails limit per day
param_integer_range('edited_user_notification_email_limit', 0, 999, T_('Notificaiton email limit must be between %d and %d.'));
$UserSettings->set('notification_email_limit', param('edited_user_notification_email_limit', 'integer', 0), $this->ID);
param_integer_range('edited_user_newsletter_limit', 0, 999, T_('Newsletter limit must be between %d and %d.'));
$UserSettings->set('newsletter_limit', param('edited_user_newsletter_limit', 'integer', 0), $this->ID);
/**
* Update the subscriptions:
*/
$subs_blog_IDs = param('subs_blog_IDs', 'string', true);
$subs_item_IDs = param('subs_item_IDs', 'string', true);
// Work the blogs:
$subscription_values = array();
$unsubscribed = array();
$subs_blog_IDs = explode(',', $subs_blog_IDs);
foreach ($subs_blog_IDs as $loop_blog_ID) {
// Make sure no dirty hack is coming in here:
$loop_blog_ID = intval($loop_blog_ID);
// Get checkbox values:
$sub_items = param('sub_items_' . $loop_blog_ID, 'integer', 0);
$sub_comments = param('sub_comments_' . $loop_blog_ID, 'integer', 0);
if ($sub_items || $sub_comments) {
// We have a subscription for this blog
$subscription_values[] = "( {$loop_blog_ID}, {$this->ID}, {$sub_items}, {$sub_comments} )";
} else {
// No subscription here:
$unsubscribed[] = $loop_blog_ID;
}
}
// Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something
if (count($subscription_values)) {
// We need to record values:
$DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments )
VALUES ' . implode(', ', $subscription_values));
}
if (count($unsubscribed)) {
// We need to make sure some values are cleared:
$DB->query('DELETE FROM T_subscriptions
WHERE sub_user_ID = ' . $this->ID . '
AND sub_coll_ID IN (' . implode(', ', $unsubscribed) . ')');
}
// Individual post subscriptions
if (!empty($subs_item_IDs)) {
// user was subscribed to at least one post update notification
$subs_item_IDs = explode(',', $subs_item_IDs);
$unsubscribed = array();
foreach ($subs_item_IDs as $loop_item_ID) {
if (!param('item_sub_' . $loop_item_ID, 'integer', 0)) {
// user wants to unsubscribe from this post notifications
$unsubscribed[] = $loop_item_ID;
}
}
if (!empty($unsubscribed)) {
// unsubscribe list is not empty, delete not wanted subscriptions
$DB->query('DELETE FROM T_items__subscriptions
WHERE isub_user_ID = ' . $this->ID . '
AND isub_item_ID IN (' . implode(', ', $unsubscribed) . ')');
}
}
}
}
// ******* Advanced form ******* //
$is_advanced_form = param('advanced_form', 'boolean', false);
if ($is_advanced_form) {
$UserSettings->set('admin_skin', param('edited_user_admin_skin', 'string'), $this->ID);
// Action icon params:
param_integer_range('edited_user_action_icon_threshold', 1, 5, T_('The threshold must be between 1 and 5.'));
$UserSettings->set('action_icon_threshold', param('edited_user_action_icon_threshold', 'integer', true), $this->ID);
param_integer_range('edited_user_action_word_threshold', 1, 5, T_('The threshold must be between 1 and 5.'));
$UserSettings->set('action_word_threshold', param('edited_user_action_word_threshold', 'integer'), $this->ID);
$UserSettings->set('display_icon_legend', param('edited_user_legend', 'integer', 0), $this->ID);
// Set bozo validador activation
$UserSettings->set('control_form_abortions', param('edited_user_bozo', 'integer', 0), $this->ID);
// Focus on first
$UserSettings->set('focus_on_first_input', param('edited_user_focusonfirst', 'integer', 0), $this->ID);
// Results per page
$edited_user_results_page_size = param('edited_user_results_page_size', 'integer', NULL);
if (isset($edited_user_results_page_size)) {
$UserSettings->set('results_per_page', $edited_user_results_page_size, $this->ID);
}
}
if ($is_preferences_form || $is_identity_form && $is_new_user) {
// Multiple session
$multiple_sessions = $Settings->get('multiple_sessions');
if ($multiple_sessions != 'adminset_default_no' && $multiple_sessions != 'adminset_default_yes' || $current_User->check_perm('users', 'edit')) {
$UserSettings->set('login_multiple_sessions', param('edited_user_set_login_multiple_sessions', 'integer', 0), $this->ID);
}
}
return !param_errors_detected();
}
/**
* @param string param name
* @param boolean required
* @return booelan true if OK
*/
function param_check_gender($var, $required = false)
{
if (empty($GLOBALS[$var])) {
// empty is OK if not required:
global $current_User;
if ($required) {
if ($current_User->check_perm('users', 'edit')) {
// Display a note message if user can edit all users
param_add_message_to_Log($var, T_('Please select a gender.'), 'note');
return true;
} else {
// Display an error message
param_error($var, T_('Please select a gender.'));
return false;
}
}
return true;
}
$gender_value = $GLOBALS[$var];
if ($gender_value != 'M' && $gender_value != 'F') {
param_error($var, 'Gender value is invalid');
return false;
}
return true;
}