function sp_UpdateProfile()
{
    global $spGlobals, $spThisUser;
    # make sure nonce is there
    check_admin_referer('forum-profile', 'forum-profile');
    $message = array();
    # dont update forum if its locked down
    if ($spGlobals['lockdown']) {
        $message['type'] = 'error';
        $message['text'] = sp_text('This forum is currently locked - access is read only - profile not updated');
        return $message;
    }
    # do we have a form to update?
    if (isset($_GET['form'])) {
        $thisForm = sp_esc_str($_GET['form']);
    } else {
        $message['type'] = 'error';
        $message['text'] = sp_text('Profile update aborted - no valid form');
        return $message;
    }
    # do we have an actual user to update?
    if (isset($_GET['userid'])) {
        $thisUser = sp_esc_int($_GET['userid']);
    } else {
        $message['type'] = 'error';
        $message['text'] = sp_text('Profile update aborted - no valid user');
        return $message;
    }
    # Check the user ID for current user of admin edit
    if ($thisUser != $spThisUser->ID && !$spThisUser->admin) {
        $message['type'] = 'error';
        $message['text'] = sp_text('Profile update aborted - no valid user');
        return $message;
    }
    if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) {
        $pass1 = $pass2 = '';
        if (isset($_POST['pass1'])) {
            $pass1 = $_POST['pass1'];
        }
        if (isset($_POST['pass2'])) {
            $pass2 = $_POST['pass2'];
        }
        if (empty($pass1) || empty($pass2) || $pass1 != $pass2) {
            $message['type'] = 'error';
            $message['text'] = sp_text('Cannot save profile until password has been changed');
            return $message;
        }
    }
    # form save filter
    $thisForm = apply_filters('sph_profile_save_thisForm', $thisForm);
    # valid save attempt, so lets process the save
    switch ($thisForm) {
        case 'show-memberships':
            # update memberships
            # any usergroup removals?
            if (isset($_POST['usergroup_leave'])) {
                foreach ($_POST['usergroup_leave'] as $membership) {
                    sp_remove_membership(sp_esc_str($membership), $thisUser);
                }
            }
            # any usergroup joins?
            if (isset($_POST['usergroup_join'])) {
                foreach ($_POST['usergroup_join'] as $membership) {
                    sp_add_membership(sp_esc_int($membership), $thisUser);
                }
            }
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileMemberships', $message, $thisUser);
            # output update message
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Memberships updated');
            }
            break;
        case 'account-settings':
            # update account settings
            # check for password update
            $pass1 = $pass2 = '';
            if (isset($_POST['pass1'])) {
                $pass1 = $_POST['pass1'];
            }
            if (isset($_POST['pass2'])) {
                $pass2 = $_POST['pass2'];
            }
            if (!empty($pass1) || !empty($pass2)) {
                if ($pass1 != $pass2) {
                    $message['type'] = 'error';
                    $message['text'] = sp_text('Please enter the same password in the two password fields');
                    return $message;
                } else {
                    # update the password
                    $user = new stdClass();
                    $user->ID = (int) $thisUser;
                    $user->user_pass = $pass1;
                    wp_update_user(get_object_vars($user));
                    if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) {
                        delete_user_meta($spThisUser->ID, 'sp_change_pw');
                    }
                }
            }
            # now check the email is valid and unique
            $update = apply_filters('sph_ProfileUserEmailUpdate', true);
            if ($update) {
                $curEmail = sp_filter_email_save($_POST['curemail']);
                $email = sp_filter_email_save($_POST['email']);
                if ($email != $curEmail) {
                    if (empty($email)) {
                        $message['type'] = 'error';
                        $message['text'] = sp_text('Please enter a valid email address');
                        return $message;
                    } elseif (($owner_id = email_exists($email)) && $owner_id != $thisUser) {
                        $message['type'] = 'error';
                        $message['text'] = sp_text('The email address is already registered. Please choose another one');
                        return $message;
                    }
                    # save new email address
                    $sql = 'UPDATE ' . SFUSERS . " SET user_email='{$email}' WHERE ID=" . $thisUser;
                    spdb_query($sql);
                }
            }
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileSettings', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Account settings updated');
            }
            break;
        case 'edit-profile':
            # update profile settings
            # validate any username change
            $update = apply_filters('sph_ProfileUserDisplayNameUpdate', true);
            if ($update) {
                $spProfile = sp_get_option('sfprofile');
                if ($spProfile['nameformat'] || $spThisUser->admin) {
                    $display_name = !empty($_POST['display_name']) ? trim($_POST['display_name']) : spdb_table(SFUSERS, "ID={$thisUser}", 'user_login');
                    $display_name = sp_filter_name_save($display_name);
                    # make sure display name isnt already used
                    if ($_POST['oldname'] != $display_name) {
                        $records = spdb_table(SFMEMBERS, "display_name='{$display_name}'");
                        if ($records) {
                            foreach ($records as $record) {
                                if ($record->user_id != $thisUser) {
                                    $message['type'] = 'error';
                                    $message['text'] = $display_name . ' ' . sp_text('is already in use - please choose a different display name');
                                    return $message;
                                }
                            }
                        }
                        # validate display name
                        $errors = new WP_Error();
                        $user = new stdClass();
                        $user->display_name = $display_name;
                        sp_validate_display_name($errors, true, $user);
                        if ($errors->get_error_codes()) {
                            $message['type'] = 'error';
                            $message['text'] = sp_text('The display name you have chosen is not allowed on this site');
                            return $message;
                        }
                        # now save the display name
                        sp_update_member_item($thisUser, 'display_name', $display_name);
                        # Update new users list with changed display name
                        sp_update_newuser_name(sp_filter_name_save($_POST['oldname']), $display_name);
                        # do we need to sync display name with wp?
                        $options = sp_get_member_item($thisUser, 'user_options');
                        if ($options['namesync']) {
                            spdb_query('UPDATE ' . SFUSERS . ' SET display_name="' . $display_name . '" WHERE ID=' . $thisUser);
                        }
                    }
                }
            }
            # save the url
            $update = apply_filters('sph_ProfileUserWebsiteUpdate', true);
            if ($update) {
                $url = sp_filter_url_save($_POST['website']);
                $sql = 'UPDATE ' . SFUSERS . ' SET user_url="' . $url . '" WHERE ID=' . $thisUser;
                spdb_query($sql);
            }
            # update first name, last name, location and biorgraphy
            $update = apply_filters('sph_ProfileUserFirstNameUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'first_name', sp_filter_name_save(trim($_POST['first_name'])));
            }
            $update = apply_filters('sph_ProfileUserLastNameUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'last_name', sp_filter_name_save(trim($_POST['last_name'])));
            }
            $update = apply_filters('sph_ProfileUserLocationUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'location', sp_filter_title_save(trim($_POST['location'])));
            }
            $update = apply_filters('sph_ProfileUserBiographyUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'description', sp_filter_save_kses($_POST['description']));
            }
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileProfile', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Profile settings updated');
            }
            break;
        case 'edit-identities':
            # update identity settings
            # update the user identities
            $update = apply_filters('sph_ProfileUserAIMUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'aim', sp_filter_title_save(trim($_POST['aim'])));
            }
            $update = apply_filters('sph_ProfileUserYahooUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'yim', sp_filter_title_save(trim($_POST['yim'])));
            }
            $update = apply_filters('sph_ProfileUserGoogleUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'jabber', sp_filter_title_save(trim($_POST['jabber'])));
            }
            $update = apply_filters('sph_ProfileUserMSNUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'msn', sp_filter_title_save(trim($_POST['msn'])));
            }
            $update = apply_filters('sph_ProfileUserICQUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'icq', sp_filter_title_save(trim($_POST['icq'])));
            }
            $update = apply_filters('sph_ProfileUserSkypeUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'skype', sp_filter_title_save(trim($_POST['skype'])));
            }
            $update = apply_filters('sph_ProfileUserFacebookUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'facebook', sp_filter_title_save(trim($_POST['facebook'])));
            }
            $update = apply_filters('sph_ProfileUserMySpaceUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'myspace', sp_filter_title_save(trim($_POST['myspace'])));
            }
            $update = apply_filters('sph_ProfileUserTwitterUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'twitter', sp_filter_title_save(trim($_POST['twitter'])));
            }
            $update = apply_filters('sph_ProfileUserLinkedInUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'linkedin', sp_filter_title_save(trim($_POST['linkedin'])));
            }
            $update = apply_filters('sph_ProfileUserYouTubeUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'youtube', sp_filter_title_save(trim($_POST['youtube'])));
            }
            $update = apply_filters('sph_ProfileUserGooglePlusUpdate', true);
            if ($update) {
                update_user_meta($thisUser, 'googleplus', sp_filter_title_save(trim($_POST['googleplus'])));
            }
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileIdentities', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Identities updated');
            }
            break;
        case 'avatar-upload':
            # upload avatar
            # did we get an avatar to upload?
            if (empty($_FILES['avatar-upload']['name'])) {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, the avatar filename was empty');
                return $message;
            }
            # Verify the file extension
            global $spPaths;
            $uploaddir = SF_STORE_DIR . '/' . $spPaths['avatars'] . '/';
            $filename = basename($_FILES['avatar-upload']['name']);
            $path = pathinfo($filename);
            $ext = strtolower($path['extension']);
            if ($ext != 'jpg' && $ext != 'jpeg' && $ext != 'gif' && $ext != 'png') {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, only JPG, JPEG, PNG, or GIF files are allowed');
                return $message;
            }
            # check image file mimetype
            $mimetype = 0;
            $mimetype = exif_imagetype($_FILES['avatar-upload']['tmp_name']);
            if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, the avatar file is an invalid format');
                return $message;
            }
            # make sure file extension and mime type actually match
            if ($mimetype == 1 && $ext != 'gif' || $mimetype == 2 && ($ext != 'jpg' && $ext != 'jpeg') || $mimetype == 3 && $ext != 'png') {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, the file mime type does not match file extension');
                return $message;
            }
            # Clean up file name just in case
            $filename = date('U') . sp_filter_filename_save(basename($_FILES['avatar-upload']['name']));
            $uploadfile = $uploaddir . $filename;
            # check for existence
            if (file_exists($uploadfile)) {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, the avatar file already exists');
                return $message;
            }
            # check file size against limit if provided
            $spAvatars = sp_get_option('sfavatars');
            if ($_FILES['avatar-upload']['size'] > $spAvatars['sfavatarfilesize']) {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, the avatar file exceeds the maximum allowed size');
                return $message;
            }
            # valid avatar, so try moving the uploaded file to the avatar storage directory
            if (move_uploaded_file($_FILES['avatar-upload']['tmp_name'], $uploadfile)) {
                @chmod("{$uploadfile}", 0644);
                # do we need to resize?
                $sfavatars = sp_get_option('sfavatars');
                if ($sfavatars['sfavatarresize']) {
                    $editor = wp_get_image_editor($uploadfile);
                    if (is_wp_error($editor)) {
                        @unlink($uploadfile);
                        $message['type'] = 'error';
                        $message['text'] = sp_text('Sorry, there was a problem resizing the avatar');
                        return $message;
                    } else {
                        $editor->resize($sfavatars['sfavatarsize'], $sfavatars['sfavatarsize'], true);
                        $imageinfo = $editor->save($uploadfile);
                        $filename = $imageinfo['file'];
                    }
                }
                # update member avatar data
                $avatar = sp_get_member_item($thisUser, 'avatar');
                $avatar['uploaded'] = $filename;
                sp_update_member_item($thisUser, 'avatar', $avatar);
            } else {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, the avatar file could not be moved to the avatar storage location');
                return $message;
            }
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileAvatarUpload', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Uploaded avatar updated');
            }
            break;
        case 'avatar-pool':
            # pool avatar
            # get pool avatar name
            $filename = sp_filter_filename_save($_POST['spPoolAvatar']);
            # error if no pool avatar provided
            if (empty($filename)) {
                $message['type'] = 'error';
                $message['text'] = sp_text('Sorry, you must select a pool avatar before trying to save it');
                return $message;
            }
            # save the pool avatar
            $avatar = sp_get_member_item($thisUser, 'avatar');
            $avatar['pool'] = $filename;
            sp_update_member_item($thisUser, 'avatar', $avatar);
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileAvatarPool', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Pool avatar updated');
            }
            break;
        case 'avatar-remote':
            # remote avatar
            # get remote avatar name
            $filename = sp_filter_url_save($_POST['spAvatarRemote']);
            $avatar = sp_get_member_item($thisUser, 'avatar');
            $avatar['remote'] = $filename;
            sp_update_member_item($thisUser, 'avatar', $avatar);
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileAvatarRemote', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Remote avatar updated');
            }
            break;
        case 'edit-signature':
            # save signature
            # Check if maxmium links has been exceeded
            $numLinks = substr_count($_POST['postitem'], '</a>');
            $spFilters = sp_get_option('sffilters');
            if (!sp_get_auth('create_links', 'global', $thisUser) && $numLinks > 0 && !$spThisUser->admin) {
                $message['type'] = 'error';
                $message['text'] = sp_text('You are not allowed to put links in signatures');
                return $message;
            }
            if (sp_get_auth('create_links', 'global', $thisUser) && $spFilters['sfmaxlinks'] != 0 && $numLinks > $spFilters['sfmaxlinks'] && !$spThisUser->admin) {
                $message['type'] = 'error';
                $message['text'] = sp_text('Maximum number of allowed links exceeded in signature') . ': ' . $spFilters['sfmaxlinks'] . ' ' . sp_text('allowed');
                return $message;
            }
            //			$sig = esc_sql(sp_filter_save_kses(trim($_POST['postitem'])));
            $sig = sp_filter_content_save($_POST['postitem'], 'edit');
            sp_update_member_item($thisUser, 'signature', $sig);
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileSignature', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Signature updated');
            }
            break;
        case 'edit-photos':
            # save photos
            $photos = array();
            $spProfileOptions = sp_get_option('sfprofile');
            for ($x = 0; $x < $spProfileOptions['photosmax']; $x++) {
                $photos[$x] = sp_filter_url_save($_POST['photo' . $x]);
            }
            update_user_meta($thisUser, 'photos', $photos);
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfilePhotos', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Photos updated');
            }
            break;
        case 'edit-global-options':
            # save global options
            $options = sp_get_member_item($thisUser, 'user_options');
            $options['hidestatus'] = isset($_POST['hidestatus']) ? true : false;
            $update = apply_filters('sph_ProfileUserSyncNameUpdate', true);
            if ($update) {
                $options['namesync'] = isset($_POST['namesync']) ? true : false;
            }
            sp_update_member_item($thisUser, 'user_options', $options);
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileGlobalOptions', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Global options updated');
            }
            break;
        case 'edit-posting-options':
            # save posting options
            $update = apply_filters('sph_ProfileUserEditorUpdate', true);
            if ($update) {
                $options = sp_get_member_item($thisUser, 'user_options');
                if (isset($_POST['editor'])) {
                    $options['editor'] = sp_esc_int($_POST['editor']);
                }
                sp_update_member_item($thisUser, 'user_options', $options);
            }
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfilePostingOptions', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Posting options updated');
            }
            break;
        case 'edit-display-options':
            # save display options
            $options = sp_get_member_item($thisUser, 'user_options');
            if (isset($_POST['timezone'])) {
                if (preg_match('/^UTC[+-]/', $_POST['timezone'])) {
                    # correct for manual UTC offets
                    $userOffset = preg_replace('/UTC\\+?/', '', $_POST['timezone']) * 3600;
                } else {
                    # get timezone offset for user
                    $date_time_zone_selected = new DateTimeZone(sp_esc_str($_POST['timezone']));
                    $userOffset = timezone_offset_get($date_time_zone_selected, date_create());
                }
                # get timezone offset for server based on wp settings
                $wptz = get_option('timezone_string');
                if (empty($wptz)) {
                    $serverOffset = get_option('gmt_offset');
                } else {
                    $date_time_zone_selected = new DateTimeZone($wptz);
                    $serverOffset = timezone_offset_get($date_time_zone_selected, date_create());
                }
                # calculate time offset between user and server
                $options['timezone'] = (int) round(($userOffset - $serverOffset) / 3600, 2);
                $options['timezone_string'] = sp_esc_str($_POST['timezone']);
            } else {
                $options['timezone'] = 0;
                $options['timezone_string'] = 'UTC';
            }
            if (isset($_POST['unreadposts'])) {
                $sfcontrols = sp_get_option('sfcontrols');
                $options['unreadposts'] = is_numeric($_POST['unreadposts']) ? max(min(sp_esc_int($_POST['unreadposts']), $sfcontrols['sfmaxunreadposts']), 0) : $sfcontrols['sfdefunreadposts'];
            }
            $options['topicASC'] = isset($_POST['topicASC']);
            $options['postDESC'] = isset($_POST['postDESC']);
            sp_update_member_item($thisUser, 'user_options', $options);
            # fire action for plugins
            $message = apply_filters('sph_UpdateProfileDisplayOptions', $message, $thisUser);
            # output profile save status
            if (empty($message)) {
                $message['type'] = 'success';
                $message['text'] = sp_text('Display options updated');
            }
            break;
        default:
            break;
    }
    # let plugins do their thing on success
    $message = apply_filters('sph_ProfileFormSave_' . $thisForm, $message, $thisUser, $thisForm);
    do_action('sph_UpdateProfile', $thisUser, $thisForm);
    # reset the plugin_data just in case
    sp_reset_member_plugindata($thisUser);
    # done saving - return the messages
    return $message;
}
    echo '</fieldset>';
}
if ($action == 'delsmiley') {
    $file = sp_esc_str($_GET['file']);
    $path = SF_STORE_DIR . '/' . $spPaths['smileys'] . '/' . $file;
    @unlink($path);
    # load smiles from sfmeta
    $meta = sp_get_sfmeta('smileys', 'smileys');
    # now cycle through to remove this entry and resave
    if (!empty($meta[0]['meta_value'])) {
        $newsmileys = array();
        foreach ($meta[0]['meta_value'] as $name => $info) {
            if ($info[0] != $file) {
                $newsmileys[$name][0] = sp_filter_title_save($info[0]);
                $newsmileys[$name][1] = sp_filter_name_save($info[1]);
                $newsmileys[$name][2] = sp_filter_name_save($info[2]);
                $newsmileys[$name][3] = $info[3];
                $newsmileys[$name][4] = $info[4];
            }
        }
        sp_update_sfmeta('smileys', 'smileys', $newsmileys, $meta[0]['meta_id'], true);
    }
    echo '1';
}
if ($action == 'delbadge') {
    $file = sp_esc_str($_GET['file']);
    $path = SF_STORE_DIR . '/' . $spPaths['ranks'] . '/' . $file;
    @unlink($path);
    echo '1';
}
die;
Beispiel #3
0
function sp_save_edited_post()
{
    global $spThisUser, $spVars, $spGlobals;
    # post id of edited post
    $newpost = array();
    $newpost['postid'] = sp_esc_int($_POST['pid']);
    # no post editng if guest, in post edit mode or lockdwon
    if ($spVars['displaymode'] == 'edit' && $spVars['postedit'] == $newpost['postid']) {
        return;
    }
    if ($spGlobals['lockdown']) {
        return;
    }
    # data for the post - want to ensure absolute forum id plus used for notifications later
    $post = spdb_table(SFPOSTS, "post_id={$newpost['postid']}", 'row');
    $topic = spdb_table(SFTOPICS, "topic_id={$post->topic_id}", 'row');
    # verify we can edit this post
    $canEdit = false;
    if (sp_get_auth('edit_any_post', $post->forum_id)) {
        $canEdit = true;
    } else {
        if ($post->user_id == $spThisUser->ID) {
            $last_post = $newpost['postid'] == $topic->post_id || $post->post_status == 1 && $newpost['postid'] == $topic->post_id_held;
            $edit_days = sp_get_option('editpostdays');
            $post_date = strtotime(sp_date('d', $post->post_date));
            $date_diff = floor((time() - $post_date) / (60 * 60 * 24));
            if (sp_get_auth('edit_own_posts_forever', $post->forum_id) || sp_get_auth('edit_own_posts_reply', $post->forum_id) && $last_post || sp_get_auth('edit_own_posts_for_time', $post->forum_id) && $date_diff <= $edit_days) {
                $canEdit = true;
            }
        }
    }
    if (!$canEdit) {
        sp_notify(SPFAILURE, sp_text('Edit failed - you do not have permission'));
        return;
    }
    # post info
    $newpost['postcontent'] = $_POST['postitem'];
    $newpost['postcontent'] = sp_filter_content_save($newpost['postcontent'], 'edit', true, SFPOSTS, 'post_content');
    $newpost['forumid'] = sp_esc_int($_POST['forumid']);
    $newpost['forumslug'] = sp_esc_str($_POST['forumslug']);
    $newpost['topicid'] = sp_esc_int($_POST['topicid']);
    $newpostt['topicslug'] = sp_esc_str($_POST['topicslug']);
    # post edit array
    $history = spdb_select('var', 'SELECT post_edit FROM ' . SFPOSTS . " WHERE post_id='{$newpost['postid']}'", ARRAY_A);
    $postedits = !empty($history) ? unserialize($history) : array();
    $x = count($postedits);
    $edittime = current_time('mysql');
    $postedits[$x]['by'] = sp_filter_name_save($spThisUser->display_name);
    $postedits[$x]['at'] = strtotime($edittime);
    $newpost['postedits'] = serialize($postedits);
    $newpost['postcontent'] = apply_filters('sph_post_edit_data', $newpost['postcontent'], $newpost['postid'], $spThisUser->ID);
    $date_update = '';
    if (!empty($_POST['editTimestamp'])) {
        $yy = sp_esc_int($_POST['tsYear']);
        $mm = sp_esc_int($_POST['tsMonth']);
        $dd = sp_esc_int($_POST['tsDay']);
        $hh = sp_esc_int($_POST['tsHour']);
        $mn = sp_esc_int($_POST['tsMinute']);
        $ss = sp_esc_int($_POST['tsSecond']);
        $dd = $dd > 31 ? 31 : $dd;
        $hh = $hh > 23 ? $hh - 24 : $hh;
        $mn = $mn > 59 ? $mn - 60 : $mn;
        $ss = $ss > 59 ? $ss - 60 : $ss;
        $newpost['postdate'] = sprintf('%04d-%02d-%02d %02d:%02d:%02d', $yy, $mm, $dd, $hh, $mn, $ss);
        $date_update = ', post_date = "' . $newpost['postdate'] . '"';
    }
    $sql = 'UPDATE ' . SFPOSTS . " SET post_content='{$newpost['postcontent']}', post_edit='{$newpost['postedits']}'{$date_update} WHERE post_id={$newpost['postid']}";
    if (spdb_query($sql) == false) {
        sp_notify(SPFAILURE, sp_text('Update failed'));
    } else {
        sp_notify(SPSUCCESS, sp_text('Updated post saved'));
        # set up some data for notifications
        $link = sp_permalink_from_postid($newpost['postid']);
        # notify admins/mods of edit
        $users = spdb_select('set', 'SELECT user_id, admin_options FROM ' . SFMEMBERS . " WHERE admin=1 OR moderator=1");
        if ($users) {
            $time = time() + 7 * 24 * 60 * 60;
            $text = sp_text('A user has edited the post');
            foreach ($users as $user) {
                $options = unserialize($user->admin_options);
                if ($options['notify-edited'] && $spThisUser->ID != $user->user_id) {
                    # dont notify self
                    $nData = array();
                    $nData['user_id'] = $user->user_id;
                    $nData['guest_email'] = '';
                    $nData['post_id'] = $newpost['postid'];
                    $nData['link'] = $link;
                    $nData['link_text'] = $topic->topic_name;
                    $nData['message'] = $text;
                    $nData['expires'] = $time;
                    # 7 days; 24 hours; 60 mins; 60secs
                    sp_add_notice($nData);
                }
            }
        }
        # notify author of change
        $sfadminsettings = sp_get_option('sfadminsettings');
        if ($sfadminsettings['editnotice'] && $spThisUser->ID != $post->user_id) {
            $nData = array();
            $nData['user_id'] = $post->user_id;
            $nData['guest_email'] = $post->guest_email;
            $nData['post_id'] = $newpost['postid'];
            $nData['link'] = $link;
            $nData['link_text'] = $topic->topic_name;
            $nData['message'] = sp_text('An edit has been made to your post');
            $nData['expires'] = time() + 30 * 24 * 60 * 60;
            # 30 days; 24 hours; 60 mins; 60secs
            sp_add_notice($nData);
        }
    }
    $newpost['userid'] = $spThisUser->ID;
    $newpost['action'] = 'edit';
    do_action('sph_post_edit_after_save', $newpost);
}
function spa_save_email_data()
{
    check_admin_referer('forum-adminform_email', 'forum-adminform_email');
    $mess = spa_text('Options updated');
    # Save Email Options
    # Thanks to Andrew Hamilton for these routines (mail-from plugion)
    # Remove any illegal characters and convert to lowercase both the user name and domain name
    $domain_input_errors = array('http://', 'https://', 'ftp://', 'www.');
    $domainname = strtolower(sp_filter_title_save(trim($_POST['sfmaildomain'])));
    $domainname = str_replace($domain_input_errors, '', $domainname);
    $domainname = preg_replace('/[^0-9a-z\\-\\.]/i', '', $domainname);
    $illegal_chars_username = array('(', ')', '<', '>', ',', ';', ':', '\\', '"', '[', ']', '@', ' ');
    $username = strtolower(sp_filter_name_save(trim($_POST['sfmailfrom'])));
    $username = str_replace($illegal_chars_username, '', $username);
    $sfmail = array();
    $sfmail['sfmailsender'] = sp_filter_name_save(trim($_POST['sfmailsender']));
    $sfmail['sfmailfrom'] = $username;
    $sfmail['sfmaildomain'] = $domainname;
    $sfmail['sfmailuse'] = isset($_POST['sfmailuse']);
    sp_update_option('sfmail', $sfmail);
    # Save new user mail options
    $sfmail = array();
    $sfmail['sfusespfreg'] = isset($_POST['sfusespfreg']);
    $sfmail['sfnewusersubject'] = sp_filter_title_save(trim($_POST['sfnewusersubject']));
    $sfmail['sfnewusertext'] = sp_filter_title_save(trim($_POST['sfnewusertext']));
    sp_update_option('sfnewusermail', $sfmail);
    do_action('sph_option_email_save');
    return $mess;
}
Beispiel #5
0
function sp_rpx_create_wp_user($auth_info)
{
    $p = $auth_info['profile'];
    $rid = $p['identifier'];
    $provider_name = $p['providerName'];
    $username = $p['preferredUsername'];
    if (!$username || sp_rpx_username_taken($username)) {
        $username = sp_rpx_get_user_login_name($rid);
    }
    $last_name = null;
    $first_name = null;
    if (!empty($p['name'])) {
        $first_name = $p['name']['givenName'];
        $last_name = $p['name']['familyName'];
    }
    $email = '*****@*****.**';
    if (!empty($p['email'])) {
        $email = sp_filter_email_save($p['email']);
    }
    $userdata = array('user_pass' => wp_generate_password(), 'user_login' => $username, 'display_name' => sp_filter_name_save($p['displayName']), 'user_url' => $p['url'], 'user_email' => $email, 'first_name' => $first_name, 'last_name' => $last_name, 'nickname' => $p['displayName']);
    # try to create new user
    $wpuid = wp_insert_user($userdata);
    if ($wpuid && !is_wp_error($wpuid)) {
        update_user_meta($wpuid, 'rpx_identifier', $rid);
        # remove temp email?
        if ($email == '*****@*****.**') {
            spdb_query('UPDATE ' . SFUSERS . " SET user_email='' WHERE ID={$wpuid}");
        }
    }
    return $wpuid;
}
 function validateData()
 {
     $this->abort = false;
     $this->newpost['action'] = $this->action;
     # Check flood control (done here vice validatePermission() so we can use the return to post feature)
     if (!sp_get_auth('bypass_flood_control', $this->newpost['forumid'], $this->userid)) {
         $flood = sp_get_cache('floodcontrol');
         if (!empty($flood) && time() < $flood) {
             $this->abort = true;
             $this->message = sp_text('Flood control exceeded, please slow down - Post cannot be saved yet');
             return;
         }
     }
     # Check topic name
     if (empty($this->newpost['topicname'])) {
         $this->abort = true;
         $this->message = sp_text('No topic name has been entered and post cannot be saved');
         return;
     } else {
         $this->newpost['topicname'] = sp_filter_title_save($this->newpost['topicname'], SFTOPICS, 'topic_name');
     }
     # Check Post Content
     if (empty($this->newpost['postcontent'])) {
         $this->abort = true;
         $this->message = sp_text('No topic post has been entered and post cannot be saved');
         return;
     } else {
         $this->newpost['postcontent_unescaped'] = sp_filter_content_save($this->newpost['postcontent'], 'new', false, SFPOSTS, 'post_content');
         $this->newpost['postcontent'] = sp_filter_content_save($this->newpost['postcontent'], 'new', true, SFPOSTS, 'post_content');
     }
     # Check and set user names/ids etc
     if ($this->guest) {
         $sfguests = sp_get_option('sfguests');
         if (empty($this->newpost['guestname']) || (empty($this->newpost['guestemail']) || !is_email($this->newpost['guestemail'])) && $sfguests['reqemail']) {
             $this->abort = true;
             $this->message = sp_text('Guest name and valid email address required');
             return;
         }
         # force maximum lengths
         $this->newpost['guestname'] = substr(sp_filter_name_save($this->newpost['guestname']), 0, 20);
         $this->newpost['guestemail'] = substr(sp_filter_email_save($this->newpost['guestemail']), 0, 50);
         $this->newpost['postername'] = $this->newpost['guestname'];
         $this->newpost['posteremail'] = $this->newpost['guestemail'];
         # check for blacklisted guest name
         $blockedGuest = sp_get_option('guest-name');
         if (!empty($blockedGuest)) {
             $names = explode(',', $blockedGuest);
             foreach ($names as $name) {
                 if (strtolower(trim($name)) == strtolower($this->newpost['guestname'])) {
                     $this->abort = true;
                     $this->message = sp_text('The guest name you have chosen is not allowed on this site');
                     return;
                 }
             }
         }
         # check that the guest name is not the same as a current user
         $checkdupe = spdb_table(SFMEMBERS, "display_name='" . $this->newpost['guestname'] . "'", 'display_name');
         if (!empty($checkdupe)) {
             $this->abort = true;
             $this->message = sp_text('This user name already belongs to a forum member');
             return;
         }
     }
     # Check if links allowed or if maxmium links have been exceeded
     $sffilters = sp_get_option('sffilters');
     if (!$this->admin) {
         $links = $this->count_links();
         if (sp_get_auth('create_links', $this->newpost['forumid'], $this->userid)) {
             if ($sffilters['sfmaxlinks'] > 0 && $links > $sffilters['sfmaxlinks']) {
                 $this->abort = true;
                 $this->message = sp_text('Maximum number of allowed links exceeded') . ': ' . $sffilters['sfmaxlinks'] . ' ' . sp_text('allowed');
                 return;
             }
         } else {
             if ($links > 0) {
                 $this->abort = true;
                 $this->message = sp_text('You are not allowed to put links in post content');
                 return;
             }
         }
     }
     # Check if maxmium smileys have been exceeded
     if (!$this->admin) {
         if (isset($sffilters['sfmaxsmileys']) && $sffilters['sfmaxsmileys'] > 0 && $this->count_smileys() > $sffilters['sfmaxsmileys']) {
             $this->abort = true;
             $this->message = sp_text('Maximum number of allowed smileys exceeded') . ': ' . $sffilters['sfmaxsmileys'] . ' ' . sp_text('allowed');
             return;
         }
     }
     # Check for duplicate post of option is set
     if ($this->member && $sffilters['sfdupemember'] == true || $this->guest && $sffilters['sfdupeguest'] == true) {
         # But not admin or moderator
         if (!$this->admin && !$this->moderator) {
             $dupecheck = spdb_table(SFPOSTS, 'forum_id = ' . $this->newpost['forumid'] . ' AND topic_id=' . $this->newpost['topicid'] . " AND post_content='" . $this->newpost['postcontent'] . "' AND poster_ip='" . $this->newpost['posterip'] . "'", 'row', '', '', ARRAY_A);
             if ($dupecheck) {
                 $this->abort = true;
                 $this->message = sp_text('Duplicate post refused');
                 return;
             }
         }
     }
     # Establish moderation status
     $bypassAll = sp_get_auth('bypass_moderation', $this->newpost['forumid'], $this->userid);
     $bypassOnce = sp_get_auth('bypass_moderation_once', $this->newpost['forumid'], $this->userid);
     if ($bypassAll == true && $bypassOnce == true) {
         $this->newpost['poststatus'] = 0;
     } else {
         if ($bypassAll == false && $bypassOnce == false) {
             $this->newpost['poststatus'] = 1;
         } else {
             if ($bypassAll == true && $bypassOnce == false) {
                 $this->newpost['poststatus'] = 1;
                 if ($this->member) {
                     $prior = spdb_table(SFPOSTS, 'user_id=' . $this->newpost['userid'] . ' AND post_status=0', 'row', '', '1');
                     if ($prior) {
                         $this->newpost['poststatus'] = 0;
                     }
                 } else {
                     if ($this->guest) {
                         $prior = spdb_table(SFPOSTS, "guest_name='" . $this->newpost['guestname'] . "' AND guest_email='" . $this->newpost['guestemail'] . "' AND post_status=0", 'row', '', '1');
                         if ($prior) {
                             $this->newpost['poststatus'] = 0;
                         }
                     }
                 }
             } else {
                 $this->newpost['poststatus'] = 1;
             }
         }
     }
     # Finally one or two other data items
     if ($this->action == 'topic') {
         $this->newpost['topicslug'] = sp_create_slug($this->newpost['topicname'], true, SFTOPICS, 'topic_slug');
     } else {
         $this->newpost['emailprefix'] = 'Re: ';
     }
     $this->newpost['groupname'] = sp_get_group_name_from_forum($this->newpost['forumid']);
     if (empty($this->newpost['forumname'])) {
         $this->newpost['forumname'] = spdb_table(SFFORUMS, "forum_slug='" . $this->newpost['forumslug'] . "'", 'forum_name');
     }
     $this->newpost = apply_filters('sph_post_data_validation', $this->newpost);
     do_action('sph_pre_post_create', $this->newpost);
     $this->newpost = apply_filters('sph_new_forum_post', $this->newpost);
 }
function sp_delete_member_data($userid, $blog_id = '')
{
    if (!$userid) {
        return '';
    }
    global $wpdb;
    # if removing user from network site, make sure sp installed on that network site
    if (!empty($blog_id)) {
        $optionstable = $wpdb->get_var("SHOW TABLES LIKE '" . $wpdb->prefix . "sfoptions'");
        if (empty($optionstable)) {
            return;
        }
    }
    # 1: get users email address
    $user_email = sp_filter_email_save($wpdb->get_var('SELECT user_email from ' . $wpdb->prefix . "users WHERE ID={$userid}"));
    # 2: get the users display name from members table
    $display_name = $wpdb->get_var('SELECT display_name FROM ' . $wpdb->prefix . "sfmembers WHERE user_id = {$userid}");
    $display_name = sp_filter_name_save(maybe_unserialize($display_name));
    # 3: Set user name and email to guest name and meail in all of their posts
    $wpdb->query('UPDATE ' . $wpdb->prefix . "sfposts SET user_id=NULL, guest_name='{$display_name}', guest_email='{$user_email}' WHERE user_id={$userid}");
    # 7: Remove from recent members list if present
    sp_remove_newuser($userid);
    # 8: Remove from Members table
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmembers WHERE user_id={$userid}");
    # 9: Remove user group memberships
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmemberships WHERE user_id={$userid}");
    #10 check if forum moderator list needs updating
    sp_update_forum_moderators();
    do_action('sph_member_deleted', $userid);
}
function spa_save_plugin_list_actions()
{
    check_admin_referer('forum-adminform_plugins', 'forum-adminform_plugins');
    if (!sp_current_user_can('SPF Manage Plugins')) {
        spa_etext('Access denied - you do not have permission');
        die;
    }
    if (empty($_POST['checked'])) {
        return spa_text('Error - no plugins selected');
    }
    $action = '';
    if (isset($_POST['action']) && $_POST['action'] != -1) {
        $action = $_POST['action'];
    }
    if (isset($_POST['action2']) && $_POST['action2'] != -1) {
        $action = $_POST['action2'];
    }
    switch ($action) {
        case 'activate-selected':
            $activate = false;
            foreach ($_POST['checked'] as $plugin) {
                $plugin = sp_filter_name_save($plugin);
                if (!sp_is_plugin_active($plugin)) {
                    $activate = true;
                    sp_activate_sp_plugin($plugin);
                }
            }
            if ($activate) {
                $msg = spa_text('Selected plugins activated');
            } else {
                $msg = spa_text('All selected plugins already active');
            }
            break;
        case 'deactivate-selected':
            $deactivate = false;
            foreach ($_POST['checked'] as $plugin) {
                $plugin = sp_filter_name_save($plugin);
                if (sp_is_plugin_active($plugin)) {
                    $deactivate = true;
                    sp_deactivate_sp_plugin($plugin);
                }
            }
            if ($deactivate) {
                $msg = spa_text('Selected plugins deactivated');
            } else {
                $msg = spa_text('All selected plugins already deactived');
            }
            break;
        case 'delete-selected':
            $active = false;
            foreach ($_POST['checked'] as $plugin) {
                $plugin = sp_filter_name_save($plugin);
                if (!sp_is_plugin_active($plugin)) {
                    sp_delete_sp_plugin($plugin);
                } else {
                    $active = true;
                }
            }
            if ($active) {
                $msg = spa_text('Selected plugins deleted but any active plugins were not deleted');
            } else {
                $msg = spa_text('Selected plugins deleted');
            }
            break;
        default:
            $msg = spa_text('Error - no action selected');
            break;
    }
    return $msg;
}
$p->userid = $spThisUser->ID;
$p->admin = $spThisUser->admin;
$p->moderator = $spThisUser->moderator;
$p->member = $spThisUser->member;
$p->guest = $spThisUser->guest;
$p->action = 'post';
$p->call = 'quickreply';
$p->newpost['topicid'] = sp_esc_int($_GET['tid']);
$p->newpost['forumid'] = sp_esc_int($_GET['fid']);
$p->newpost['forumslug'] = spdb_table(SFFORUMS, 'forum_id=' . $p->newpost['forumid'], 'forum_slug');
$t = spdb_table(SFTOPICS, 'topic_id=' . $p->newpost['topicid'], 'row');
$p->newpost['topicslug'] = $t->topic_slug;
$p->newpost['topicname'] = $t->topic_name;
$p->newpost['postcontent'] = urldecode($_GET['postitem']);
$p->newpost['userid'] = $spThisUser->ID;
$p->newpost['postername'] = sp_filter_name_save($spThisUser->display_name);
$p->newpost['posteremail'] = sp_filter_email_save($spThisUser->user_email);
$p->newpost['poserip'] = sp_get_ip();
$p->validateData();
if ($p->abort) {
    trigger_error('Quick Reply - Validation: ' . $p->message, E_USER_WARNING);
    die;
}
$p->saveData();
if ($p->abort) {
    trigger_error('Quick Reply - Save: ' . $p->message, E_USER_WARNING);
    die;
}
# let plugins act on quick reply
do_action('sph_quick_reply', $p->newpost);
echo __('Quick reply saved', 'spab');
function sp_delete_member_data($userid, $blog_id = '', $delete_option = 'spguest', $reassign = 0)
{
    if (!$userid) {
        return '';
    }
    global $wpdb;
    # if removing user from network site, make sure sp installed on that network site
    if (!empty($blog_id)) {
        $optionstable = $wpdb->get_var("SHOW TABLES LIKE '" . $wpdb->prefix . "sfoptions'");
        if (empty($optionstable)) {
            return;
        }
    }
    # let plugins clean up from member removal first
    do_action('sph_member_deleted', $userid);
    # remove member from core
    $option = isset($_POST['sp_delete_option']) ? sp_esc_str($_POST['sp_delete_option']) : $delete_option;
    switch ($option) {
        case 'spreassign':
            $newuser = isset($_POST['sp_reassign_user']) ? sp_esc_int($_POST['sp_reassign_user']) : $reassign;
            # Set poster ID to the new user id
            $wpdb->query('UPDATE ' . $wpdb->prefix . "sfposts SET user_id={$newuser} WHERE user_id={$userid}");
            $wpdb->query('UPDATE ' . $wpdb->prefix . "sftopics SET user_id={$newuser} WHERE user_id={$userid}");
            break;
        case 'spdelete':
            # need to get topics for user posts to see if topic will be empty after deleting posts
            $topics = spdb_select('set', 'SELECT DISTINCT topic_id, forum_id FROM ' . SFPOSTS . " WHERE user_id={$userid}");
            # delete all the user posts
            spdb_query('DELETE FROM ' . SFPOSTS . " WHERE user_id={$userid}");
            # if any topics are now empty of posts, lets remove the topic and update the forum
            if (!empty($topics)) {
                foreach ($topics as $topic) {
                    $posts = spdb_table(SFPOSTS, "topic_id={$topic->topic_id}");
                    if (empty($posts)) {
                        spdb_query('DELETE FROM ' . SFTOPICS . " WHERE topic_id={$topic->topic_id}");
                    } else {
                        sp_build_post_index($topic->topic_id);
                    }
                    sp_build_forum_index($topic->forum_id);
                }
            }
            break;
        case 'spguest':
        default:
            # get users email address
            $user_email = sp_filter_email_save($wpdb->get_var('SELECT user_email from ' . $wpdb->prefix . "users WHERE ID={$userid}"));
            # get the users display name from members table
            $display_name = $wpdb->get_var('SELECT display_name FROM ' . $wpdb->prefix . "sfmembers WHERE user_id = {$userid}");
            $display_name = sp_filter_name_save(maybe_unserialize($display_name));
            # Set user name and email to guest name and meail in all of their posts
            $wpdb->query('UPDATE ' . $wpdb->prefix . "sfposts SET user_id=0, guest_name='{$display_name}', guest_email='{$user_email}' WHERE user_id={$userid}");
            $wpdb->query('UPDATE ' . $wpdb->prefix . "sftopics SET user_id=0 WHERE user_id={$userid}");
    }
    # flush and rebuild topic cache
    sp_rebuild_topic_cache();
    # remove from various core tables
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmembers WHERE user_id={$userid}");
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmemberships WHERE user_id={$userid}");
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfspecialranks WHERE user_id={$userid}");
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sftrack WHERE trackuserid={$userid}");
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfnotices WHERE user_id={$userid}");
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfuseractivity WHERE user_id={$userid}");
    $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfwaiting WHERE user_id={$userid}");
    # eemove from recent members list if present
    sp_remove_newuser($userid);
    # check if forum moderator list needs updating
    sp_update_forum_moderators();
}
function spa_save_options_data()
{
    check_admin_referer('forum-adminform_options', 'forum-adminform_options');
    $mess = spa_text('Profile options updated');
    $sfprofile = sp_get_option('sfprofile');
    $old_sfprofile = $sfprofile;
    $sfprofile['nameformat'] = isset($_POST['nameformat']);
    $sfprofile['fixeddisplayformat'] = sp_esc_int($_POST['fixeddisplayformat']);
    $sfprofile['displaymode'] = sp_esc_int($_POST['displaymode']);
    $sfprofile['displaypage'] = sp_filter_save_cleanurl($_POST['displaypage']);
    $sfprofile['displayquery'] = sp_filter_title_save(trim($_POST['displayquery']));
    $sfprofile['formmode'] = sp_esc_int($_POST['formmode']);
    $sfprofile['formpage'] = sp_filter_save_cleanurl($_POST['formpage']);
    $sfprofile['formquery'] = sp_filter_title_save(trim($_POST['formquery']));
    $sfprofile['photosmax'] = sp_esc_int($_POST['photosmax']);
    $sfprofile['photoswidth'] = sp_esc_int($_POST['photoswidth']);
    $sfprofile['photosheight'] = sp_esc_int($_POST['photosheight']);
    if ($sfprofile['photosmax'] && $sfprofile['photoswidth'] == 0) {
        $sfprofile['photoswidth'] = 300;
    }
    $sfsigimagesize = array();
    $sfsigimagesize['sfsigwidth'] = sp_esc_int($_POST['sfsigwidth']);
    $sfsigimagesize['sfsigheight'] = sp_esc_int($_POST['sfsigheight']);
    sp_update_option('sfsigimagesize', $sfsigimagesize);
    $sfprofile['firstvisit'] = isset($_POST['firstvisit']);
    $sfprofile['forcepw'] = isset($_POST['forcepw']);
    $sfprofile['sfprofiletext'] = sp_filter_text_save(trim($_POST['sfprofiletext']));
    sp_update_option('sfprofile', $sfprofile);
    # if changed force pw from true to false, remove any users waiting for pw change
    if ($old_sfprofile['forcepw'] && !$sfprofile['forcepw']) {
        delete_metadata('user', 0, 'sp_change_pw', '', true);
    }
    # If the name format changes from dynamic to fixed, we need to update
    # the display_name field for all users based on the selection from the dropdown
    # If there is a conflict between display names, a numeric value will be added to the
    # end of the display name to make them unique.
    # ----------------------------------------------------------------------------------
    if ($old_sfprofile['nameformat'] != $sfprofile['nameformat'] && empty($sfprofile['nameformat']) || $old_sfprofile['fixeddisplayformat'] != $sfprofile['fixeddisplayformat'] && empty($sfprofile['nameformat'])) {
        # The display format determines the WHERE clause and the tables to join.
        # ----------------------------------------------------------------------
        $fields = '';
        $user_join = SFUSERS . ' ON ' . SFMEMBERS . '.user_id = ' . SFUSERS . '.ID';
        $first_name_join = SFUSERMETA . ' a ON (' . SFUSERS . '.ID = a.user_id AND a.meta_key = \'first_name\')';
        $last_name_join = SFUSERMETA . ' b ON (' . SFUSERS . '.ID = b.user_id AND b.meta_key = \'last_name\')';
        # Determine how many passes its going to take to update all users in the system
        # based on 100 users per pass.
        # -----------------------------------------------------------------------------
        $num_records = spdb_count(SFMEMBERS, '');
        $passes = ceil($num_records / 100);
        $dupes = array();
        for ($i = 0; $i <= $passes; $i++) {
            $limit = 100;
            $offset = $i * $limit;
            $fields = SFMEMBERS . '.user_id, ' . SFUSERS . '.user_login, ' . SFUSERS . '.display_name, a.meta_value as first_name, b.meta_value as last_name';
            $join = array($user_join, $first_name_join, $last_name_join);
            $spdb = new spdbComplex();
            $spdb->table = SFMEMBERS;
            $spdb->fields = $fields;
            $spdb->left_join = $join;
            $spdb->limits = $limit . ' OFFSET ' . $offset;
            $spdb->order = SFMEMBERS . '.user_id';
            $spdb = apply_filters('sph_fixeddisplayformat_query', $spdb);
            $records = $spdb->select();
            foreach ($records as $r) {
                switch ($sfprofile['fixeddisplayformat']) {
                    default:
                    case '0':
                        $display_name = $r->display_name;
                        break;
                    case '1':
                        $display_name = $r->user_login;
                        break;
                    case '2':
                        $display_name = $r->first_name;
                        break;
                    case '3':
                        $display_name = $r->last_name;
                        break;
                    case '4':
                        $display_name = $r->first_name . ' ' . $r->last_name;
                        break;
                    case '5':
                        $display_name = $r->last_name . ', ' . $r->first_name;
                        break;
                    case '6':
                        $display_name = $r->first_name[0] . ' ' . $r->last_name;
                        break;
                    case '7':
                        $display_name = $r->first_name . ' ' . $r->last_name[0];
                        break;
                    case '8':
                        $display_name = $r->first_name[0] . $r->last_name[0];
                        break;
                }
                # If the display name is empty for any reason, default to the user login name
                $display_name = trim($display_name);
                if (empty($display_name)) {
                    $display_name = $r->user_login;
                }
                # Check to see if there are any matching users with this display name.  If so
                # assign a random number to the end to eliminate the duplicate
                # ----------------------------------------------------------------------------
                $conflict = spdb_count(SFMEMBERS, 'display_name = "' . $display_name . '" AND user_id <> ' . $r->user_id);
                if ($conflict > 0) {
                    if (array_key_exists($display_name, $dupes)) {
                        $dupes[$display_name]++;
                    } else {
                        $dupes[$display_name] = 1;
                    }
                    $display_name = $display_name . $dupes[$display_name];
                }
                # Now Update the member record
                # ----------------------------
                $display_name = sp_filter_name_save($display_name);
                $query = 'UPDATE ' . SFMEMBERS . ' SET display_name = "' . $display_name . '" WHERE user_id = ' . $r->user_id;
                $result = spdb_query($query);
            }
        }
        # update the recent members in stats too
        sp_update_recent_members();
    }
    do_action('sph_profiles_options_save');
    return $mess;
}