/** * This function delegates the task at issue to the respective function. */ function profile_main($caveID, $meineHoehlen) { global $params; // initialize return value $result = ''; // get current task $task = $params->POST->task; // connect to login db $db_login = db_connectToLoginDB(); if (!$db_login) { page_dberror(); } switch ($task) { // show main page default: $result = profile_show($db_login); break; // change cave page // change cave page case 'change': $result = profile_change($db_login); break; } return $result; }
function profile_photo_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); if (x($_POST, 'cropfinal') && $_POST['cropfinal'] == 1) { // unless proven otherwise $is_default_profile = 1; if ($_REQUEST['profile']) { $r = q("select id, `is-default` from profile where id = %d and uid = %d limit 1", intval($_REQUEST['profile']), intval(local_user())); if (count($r) && !intval($r[0]['is-default'])) { $is_default_profile = 0; } } // phase 2 - we have finished cropping if ($a->argc != 2) { notice(t('Image uploaded but image cropping failed.') . EOL); return; } $image_id = $a->argv[1]; if (substr($image_id, -2, 1) == '-') { $scale = substr($image_id, -1, 1); $image_id = substr($image_id, 0, -2); } $srcX = $_POST['xstart']; $srcY = $_POST['ystart']; $srcW = $_POST['xfinal'] - $srcX; $srcH = $_POST['yfinal'] - $srcY; $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", dbesc($image_id), dbesc(local_user()), intval($scale)); if (count($r)) { $base_image = $r[0]; $im = new Photo($base_image['data'], $base_image['type']); if ($im->is_valid()) { $im->cropImage(175, $srcX, $srcY, $srcW, $srcH); $r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 4, $is_default_profile); if ($r === false) { notice(sprintf(t('Image size reduction [%s] failed.'), "175") . EOL); } $im->scaleImage(80); $r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 5, $is_default_profile); if ($r === false) { notice(sprintf(t('Image size reduction [%s] failed.'), "80") . EOL); } $im->scaleImage(48); $r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 6, $is_default_profile); if ($r === false) { notice(sprintf(t('Image size reduction [%s] failed.'), "48") . EOL); } // If setting for the default profile, unset the profile photo flag from any other photos I own if ($is_default_profile) { $r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d", dbesc($base_image['resource-id']), intval(local_user())); $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `self` AND `uid` = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-4.' . $im->getExt()), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-5.' . $im->getExt()), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-6.' . $im->getExt()), intval(local_user())); } else { $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-4.' . $im->getExt()), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-5.' . $im->getExt()), intval($_REQUEST['profile']), intval(local_user())); } // we'll set the updated profile-photo timestamp even if it isn't the default profile, // so that browsers will do a cache update unconditionally $r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc(datetime_convert()), intval(local_user())); info(t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL); // Update global directory in background $url = $a->get_baseurl() . '/profile/' . $a->user['nickname']; if ($url && strlen(get_config('system', 'directory'))) { proc_run('php', "include/directory.php", "{$url}"); } require_once 'include/profile_update.php'; profile_change(); } else { notice(t('Unable to process image') . EOL); } } goaway($a->get_baseurl() . '/profiles'); return; // NOTREACHED } $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $filetype = $_FILES['userfile']['type']; if ($filetype == "") { $filetype = guess_image_type($filename); } $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { notice(sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize)) . EOL); @unlink($src); return; } $imagedata = @file_get_contents($src); $ph = new Photo($imagedata, $filetype); if (!$ph->is_valid()) { notice(t('Unable to process image.') . EOL); @unlink($src); return; } $ph->orient($src); @unlink($src); return profile_photo_crop_ui_head($a, $ph); }
function settings_post(&$a) { if (!local_user()) { return; } if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { notice(t('Permission denied.') . EOL); return; } $old_page_flags = $a->user['page-flags']; if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; if ($name == "" || $key == "" || $secret == "") { notice(t("Missing some important data!")); } else { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 1 && $a->argv[1] == 'addon') { check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon'); call_hooks('plugin_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] == 'connectors') { check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors'); if (x($_POST, 'imap-submit')) { $mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : ''; $mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : ''; $mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : ''; $mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : ''; $mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : ''; $mail_action = x($_POST, 'mail_action') ? trim($_POST['mail_action']) : ''; $mail_movetofolder = x($_POST, 'mail_movetofolder') ? trim($_POST['mail_movetofolder']) : ''; $mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : ''; $mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : ''; $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (get_config('system', 'dfrn_only')) { $mail_disabled = 1; } if (!$mail_disabled) { $failed = false; $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (!count($r)) { q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user())); } if (strlen($mail_pass)) { $pass = ''; openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']); q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d", dbesc(bin2hex($pass)), intval(local_user())); } $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`action` = %d, `movetofolder` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), intval($mail_action), dbesc($mail_movetofolder), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user())); logger("mail: updating mailaccount. Response: " . print_r($r, true)); $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (count($r)) { $eacct = $r[0]; require_once 'include/email.php'; $mb = construct_mailbox_name($eacct); if (strlen($eacct['server'])) { $dcrpass = ''; openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']); $mbox = email_connect($mb, $mail_user, $dcrpass); unset($dcrpass); if (!$mbox) { $failed = true; notice(t('Failed to connect with email account using the settings provided.') . EOL); } } } if (!$failed) { info(t('Email settings updated.') . EOL); } } } call_hooks('connector_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] === 'features') { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); foreach ($_POST as $k => $v) { if (strpos($k, 'feature_') === 0) { set_pconfig(local_user(), 'feature', substr($k, 8), intval($v) ? 1 : 0); } } info(t('Features updated') . EOL); return; } if ($a->argc > 1 && $a->argv[1] === 'display') { check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->user['theme']; $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $noinfo = x($_POST, 'noinfo') ? intval($_POST['noinfo']) : 0; $infinite_scroll = x($_POST, 'infinite_scroll') ? intval($_POST['infinite_scroll']) : 0; $no_auto_update = x($_POST, 'no_auto_update') ? intval($_POST['no_auto_update']) : 0; $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0; $browser_update = $browser_update * 1000; if ($browser_update < 10000) { $browser_update = 10000; } $itemspage_network = x($_POST, 'itemspage_network') ? intval($_POST['itemspage_network']) : 40; if ($itemspage_network > 100) { $itemspage_network = 100; } $itemspage_mobile_network = x($_POST, 'itemspage_mobile_network') ? intval($_POST['itemspage_mobile_network']) : 20; if ($itemspage_mobile_network > 100) { $itemspage_mobile_network = 100; } if ($mobile_theme !== '') { set_pconfig(local_user(), 'system', 'mobile_theme', $mobile_theme); } set_pconfig(local_user(), 'system', 'update_interval', $browser_update); set_pconfig(local_user(), 'system', 'itemspage_network', $itemspage_network); set_pconfig(local_user(), 'system', 'itemspage_mobile_network', $itemspage_mobile_network); set_pconfig(local_user(), 'system', 'no_smilies', $nosmile); set_pconfig(local_user(), 'system', 'ignore_info', $noinfo); set_pconfig(local_user(), 'system', 'infinite_scroll', $infinite_scroll); set_pconfig(local_user(), 'system', 'no_auto_update', $no_auto_update); if ($theme == $a->user['theme']) { // call theme_post only if theme has not been changed if (($themeconfigfile = get_theme_config_file($theme)) != null) { require_once $themeconfigfile; theme_post($a); } } $r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d", dbesc($theme), intval(local_user())); call_hooks('display_settings_post', $_POST); goaway($a->get_baseurl(true) . '/settings/display'); return; // NOTREACHED } check_form_security_token_redirectOnErr('/settings', 'settings'); if (x($_POST, 'resend_relocate')) { proc_run('php', 'include/notifier.php', 'relocate', local_user()); info(t("Relocate message has been send to your contacts")); goaway($a->get_baseurl(true) . '/settings'); } call_hooks('settings_post', $_POST); if (x($_POST, 'password') || x($_POST, 'confirm')) { $newpass = $_POST['password']; $confirm = $_POST['confirm']; $oldpass = hash('whirlpool', $_POST['opassword']); $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } // check if the old password was supplied correctly before // changing it to the new value $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); if ($oldpass != $r[0]['password']) { notice(t('Wrong password.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d", dbesc($password), intval(local_user())); if ($r) { info(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $email = x($_POST, 'email') ? notags(trim($_POST['email'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $def_gid = x($_POST, 'group-selection') ? intval($_POST['group-selection']) : 0; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0; $old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0; $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0; $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0; $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0; $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0; $email_textonly = $_POST['email_textonly'] == 1 ? 1 : 0; $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } if (x($_POST, 'notify6')) { $notify += intval($_POST['notify6']); } if (x($_POST, 'notify7')) { $notify += intval($_POST['notify7']); } if (x($_POST, 'notify8')) { $notify += intval($_POST['notify8']); } $email_changed = false; $err = ''; $name_change = false; if ($username != $a->user['username']) { $name_change = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; // check for the correct password $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $password = hash('whirlpool', $_POST['mpassword']); if ($password != $r[0]['password']) { $err .= t('Wrong Password') . EOL; $email = $a->user['email']; } // check the email is valid if (!valid_email($email)) { $err .= t(' Not valid email.'); } // ensure new email is not the admin mail //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) { if (x($a->config, 'admin_email')) { $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); if (in_array(strtolower($email), $adminlist)) { $err .= t(' Cannot change to that email.'); $email = $a->user['email']; } } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; $openid = normalise_openid($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) { $tmp_str = $openid; if (strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once 'library/openid.php'; $open_id_obj = new LightOpenID(); $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); } else { $openidserver = ''; } } set_pconfig(local_user(), 'expire', 'items', $expire_items); set_pconfig(local_user(), 'expire', 'notes', $expire_notes); set_pconfig(local_user(), 'expire', 'starred', $expire_starred); set_pconfig(local_user(), 'expire', 'photos', $expire_photos); set_pconfig(local_user(), 'expire', 'network_only', $expire_network_only); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); set_pconfig(local_user(), 'system', 'post_newfriend', $post_newfriend); set_pconfig(local_user(), 'system', 'post_joingroup', $post_joingroup); set_pconfig(local_user(), 'system', 'post_profilechange', $post_profilechange); set_pconfig(local_user(), 'system', 'email_textonly', $email_textonly); if ($page_flags == PAGE_PRVGROUP) { $hidewall = 1; if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) { if ($def_gid) { info(t('Private forum has no privacy permissions. Using default privacy group.') . EOL); $str_group_allow = '<' . $def_gid . '>'; } else { notice(t('Private forum has no privacy permissions and no default privacy group.') . EOL); } } } $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), intval($maxreq), intval($expire), dbesc($openidserver), intval($def_gid), intval($blockwall), intval($hidewall), intval($blocktags), intval($unkmail), intval($cntunkmail), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile`\n\t\tSET `publish` = %d,\n\t\t`name` = '%s',\n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d", intval($publish), dbesc($username), intval($net_publish), intval($hide_friends), intval(local_user())); if ($name_change) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1", dbesc($username), dbesc(datetime_convert()), intval(local_user())); } if ($old_visibility != $net_publish || $page_flags != $old_page_flags) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } } require_once 'include/profile_update.php'; profile_change(); //$_SESSION['theme'] = $theme; if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout // Why? Are we verifying people or email addresses? } goaway($a->get_baseurl(true) . '/settings'); return; // NOTREACHED }
function profiles_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } $namechanged = false; call_hooks('profile_post', $_POST); if ($a->argc > 1 && $a->argv[1] !== "new" && intval($a->argv[1])) { $orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user())); if (!count($orig)) { notice(t('Profile not found.') . EOL); return; } $is_default = $orig[0]['is-default'] ? 1 : 0; $profile_name = notags(trim($_POST['profile_name'])); if (!strlen($profile_name)) { notify(t('Profile Name is required.') . EOL); return; } $year = intval($_POST['year']); if ($year < 1900 || $year > 2100 || $year < 0) { $year = 0; } $month = intval($_POST['month']); if ($month > 12 || $month < 0) { $month = 0; } $mtab = array(0, 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31); $day = intval($_POST['day']); if ($day > $mtab[$month] || $day < 0) { $day = 0; } $dob = '0000-00-00'; $dob = sprintf('%04d-%02d-%02d', $year, $month, $day); $name = notags(trim($_POST['name'])); if ($orig[0]['name'] != $name) { $namechanged = true; } $pdesc = notags(trim($_POST['pdesc'])); $gender = notags(trim($_POST['gender'])); $address = notags(trim($_POST['address'])); $locality = notags(trim($_POST['locality'])); $region = notags(trim($_POST['region'])); $postal_code = notags(trim($_POST['postal_code'])); $country_name = notags(trim($_POST['country_name'])); $pub_keywords = notags(trim($_POST['pub_keywords'])); $prv_keywords = notags(trim($_POST['prv_keywords'])); $marital = notags(trim($_POST['marital'])); if ($marital != $orig[0]['marital']) { $maritalchanged = true; } $with = x($_POST, 'with') ? notags(trim($_POST['with'])) : ''; // linkify the relationship target if applicable if (strlen($with)) { if ($with != strip_tags($orig[0]['with'])) { $prf = ''; $lookup = $with; if (strpos($lookup, '@') === 0) { $lookup = substr($lookup, 1); } $lookup = str_replace('_', ' ', $lookup); if (strpos($lookup, '@') || strpos($lookup, 'http://')) { $newname = $lookup; $links = @lrdd($lookup); if (count($links)) { foreach ($links as $link) { if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') { $prf = $link['@attributes']['href']; } } } } else { $newname = $lookup; if (strstr($lookup, ' ')) { $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval(local_user())); } else { $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", dbesc($lookup), intval(local_user())); } if (count($r)) { $prf = $r[0]['url']; $newname = $r[0]['name']; } } if ($prf) { $with = str_replace($lookup, '<a href="' . $prf . '">' . $newname . '</a>', $with); if (strpos($with, '@') === 0) { $with = substr($with, 1); } } } else { $with = $orig[0]['with']; } } $sexual = notags(trim($_POST['sexual'])); $homepage = notags(trim($_POST['homepage'])); $politic = notags(trim($_POST['politic'])); $religion = notags(trim($_POST['religion'])); $about = escape_tags(trim($_POST['about'])); $interest = escape_tags(trim($_POST['interest'])); $contact = escape_tags(trim($_POST['contact'])); $music = escape_tags(trim($_POST['music'])); $book = escape_tags(trim($_POST['book'])); $tv = escape_tags(trim($_POST['tv'])); $film = escape_tags(trim($_POST['film'])); $romance = escape_tags(trim($_POST['romance'])); $work = escape_tags(trim($_POST['work'])); $education = escape_tags(trim($_POST['education'])); $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $r = q("UPDATE `profile` \n\t\t\tSET `profile-name` = '%s',\n\t\t\t`name` = '%s',\n\t\t\t`pdesc` = '%s',\n\t\t\t`gender` = '%s',\n\t\t\t`dob` = '%s',\n\t\t\t`address` = '%s',\n\t\t\t`locality` = '%s',\n\t\t\t`region` = '%s',\n\t\t\t`postal-code` = '%s',\n\t\t\t`country-name` = '%s',\n\t\t\t`marital` = '%s',\n\t\t\t`with` = '%s',\n\t\t\t`sexual` = '%s',\n\t\t\t`homepage` = '%s',\n\t\t\t`politic` = '%s',\n\t\t\t`religion` = '%s',\n\t\t\t`pub_keywords` = '%s',\n\t\t\t`prv_keywords` = '%s',\n\t\t\t`about` = '%s',\n\t\t\t`interest` = '%s',\n\t\t\t`contact` = '%s',\n\t\t\t`music` = '%s',\n\t\t\t`book` = '%s',\n\t\t\t`tv` = '%s',\n\t\t\t`film` = '%s',\n\t\t\t`romance` = '%s',\n\t\t\t`work` = '%s',\n\t\t\t`education` = '%s',\n\t\t\t`hide-friends` = %d\n\t\t\tWHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($profile_name), dbesc($name), dbesc($pdesc), dbesc($gender), dbesc($dob), dbesc($address), dbesc($locality), dbesc($region), dbesc($postal_code), dbesc($country_name), dbesc($marital), dbesc($with), dbesc($sexual), dbesc($homepage), dbesc($politic), dbesc($religion), dbesc($pub_keywords), dbesc($prv_keywords), dbesc($about), dbesc($interest), dbesc($contact), dbesc($music), dbesc($book), dbesc($tv), dbesc($film), dbesc($romance), dbesc($work), dbesc($education), intval($hide_friends), intval($a->argv[1]), intval($_SESSION['uid'])); if ($r) { info(t('Profile updated.') . EOL); } if ($namechanged && $is_default) { $r = q("UPDATE `contact` SET `name-date` = '%s' WHERE `self` = 1 AND `uid` = %d LIMIT 1", dbesc(datetime_convert()), intval(local_user())); } if ($is_default) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } require_once 'include/profile_update.php'; profile_change(); } } }
function profiles_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } $namechanged = false; call_hooks('profile_post', $_POST); if ($a->argc > 1 && $a->argv[1] !== "new" && intval($a->argv[1])) { $orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user())); if (!count($orig)) { notice(t('Profile not found.') . EOL); return; } check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); $is_default = $orig[0]['is-default'] ? 1 : 0; $profile_name = notags(trim($_POST['profile_name'])); if (!strlen($profile_name)) { notice(t('Profile Name is required.') . EOL); return; } $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; // FIXME: Needs to be validated? $y = substr($dob, 0, 4); if (!ctype_digit($y) || $y < 1900) { $ignore_year = true; } else { $ignore_year = false; } if ($dob != '0000-00-00') { if (strpos($dob, '0000-') === 0) { $ignore_year = true; $dob = substr($dob, 5); } $dob = datetime_convert('UTC', 'UTC', $ignore_year ? '1900-' . $dob : $dob, $ignore_year ? 'm-d' : 'Y-m-d'); if ($ignore_year) { $dob = '0000-' . $dob; } } $name = notags(trim($_POST['name'])); if (!strlen($name)) { $name = '[No Name]'; } if ($orig[0]['name'] != $name) { $namechanged = true; } $pdesc = notags(trim($_POST['pdesc'])); $gender = notags(trim($_POST['gender'])); $address = notags(trim($_POST['address'])); $locality = notags(trim($_POST['locality'])); $region = notags(trim($_POST['region'])); $postal_code = notags(trim($_POST['postal_code'])); $country_name = notags(trim($_POST['country_name'])); $pub_keywords = profile_clean_keywords(notags(trim($_POST['pub_keywords']))); $prv_keywords = profile_clean_keywords(notags(trim($_POST['prv_keywords']))); $marital = notags(trim($_POST['marital'])); $howlong = notags(trim($_POST['howlong'])); $with = x($_POST, 'with') ? notags(trim($_POST['with'])) : ''; if (!strlen($howlong)) { $howlong = '0000-00-00 00:00:00'; } else { $howlong = datetime_convert(date_default_timezone_get(), 'UTC', $howlong); } // linkify the relationship target if applicable $withchanged = false; if (strlen($with)) { if ($with != strip_tags($orig[0]['with'])) { $withchanged = true; $prf = ''; $lookup = $with; if (strpos($lookup, '@') === 0) { $lookup = substr($lookup, 1); } $lookup = str_replace('_', ' ', $lookup); if (strpos($lookup, '@') || strpos($lookup, 'http://')) { $newname = $lookup; $links = @lrdd($lookup); if (count($links)) { foreach ($links as $link) { if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') { $prf = $link['@attributes']['href']; } } } } else { $newname = $lookup; /* if(strstr($lookup,' ')) { $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval(local_user()) ); } else { $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", dbesc($lookup), intval(local_user()) ); }*/ $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval(local_user())); if (!$r) { $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", dbesc($lookup), intval(local_user())); } if (count($r)) { $prf = $r[0]['url']; $newname = $r[0]['name']; } } if ($prf) { $with = str_replace($lookup, '<a href="' . $prf . '">' . $newname . '</a>', $with); if (strpos($with, '@') === 0) { $with = substr($with, 1); } } } else { $with = $orig[0]['with']; } } $sexual = notags(trim($_POST['sexual'])); $homepage = notags(trim($_POST['homepage'])); if (strpos($homepage, 'http') !== 0 && strlen($homepage)) { // neither http nor https in URL, add them $homepage = 'http://' . $homepage; } $hometown = notags(trim($_POST['hometown'])); $politic = notags(trim($_POST['politic'])); $religion = notags(trim($_POST['religion'])); $likes = fix_mce_lf(escape_tags(trim($_POST['likes']))); $dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes']))); $about = fix_mce_lf(escape_tags(trim($_POST['about']))); $interest = fix_mce_lf(escape_tags(trim($_POST['interest']))); $contact = fix_mce_lf(escape_tags(trim($_POST['contact']))); $music = fix_mce_lf(escape_tags(trim($_POST['music']))); $book = fix_mce_lf(escape_tags(trim($_POST['book']))); $tv = fix_mce_lf(escape_tags(trim($_POST['tv']))); $film = fix_mce_lf(escape_tags(trim($_POST['film']))); $romance = fix_mce_lf(escape_tags(trim($_POST['romance']))); $work = fix_mce_lf(escape_tags(trim($_POST['work']))); $education = fix_mce_lf(escape_tags(trim($_POST['education']))); $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $changes = array(); $value = ''; if ($is_default) { if ($marital != $orig[0]['marital']) { $changes[] = '[color=#ff0000]♥[/color] ' . t('Marital Status'); $value = $marital; } if ($withchanged) { $changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner'); $value = strip_tags($with); } if ($likes != $orig[0]['likes']) { $changes[] = t('Likes'); $value = $likes; } if ($dislikes != $orig[0]['dislikes']) { $changes[] = t('Dislikes'); $value = $dislikes; } if ($work != $orig[0]['work']) { $changes[] = t('Work/Employment'); } if ($religion != $orig[0]['religion']) { $changes[] = t('Religion'); $value = $religion; } if ($politic != $orig[0]['politic']) { $changes[] = t('Political Views'); $value = $politic; } if ($gender != $orig[0]['gender']) { $changes[] = t('Gender'); $value = $gender; } if ($sexual != $orig[0]['sexual']) { $changes[] = t('Sexual Preference'); $value = $sexual; } if ($homepage != $orig[0]['homepage']) { $changes[] = t('Homepage'); $value = $homepage; } if ($interest != $orig[0]['interest']) { $changes[] = t('Interests'); $value = $interest; } if ($address != $orig[0]['address']) { $changes[] = t('Address'); // New address not sent in notifications, potential privacy issues // in case this leaks to unintended recipients. Yes, it's in the public // profile but that doesn't mean we have to broadcast it to everybody. } if ($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country-name']) { $changes[] = t('Location'); $comma1 = $locality && ($region || $country_name) ? ', ' : ' '; $comma2 = $region && $country_name ? ', ' : ''; $value = $locality . $comma1 . $region . $comma2 . $country_name; } profile_activity($changes, $value); } $r = q("UPDATE `profile`\n\t\t\tSET `profile-name` = '%s',\n\t\t\t`name` = '%s',\n\t\t\t`pdesc` = '%s',\n\t\t\t`gender` = '%s',\n\t\t\t`dob` = '%s',\n\t\t\t`address` = '%s',\n\t\t\t`locality` = '%s',\n\t\t\t`region` = '%s',\n\t\t\t`postal-code` = '%s',\n\t\t\t`country-name` = '%s',\n\t\t\t`marital` = '%s',\n\t\t\t`with` = '%s',\n\t\t\t`howlong` = '%s',\n\t\t\t`sexual` = '%s',\n\t\t\t`homepage` = '%s',\n\t\t\t`hometown` = '%s',\n\t\t\t`politic` = '%s',\n\t\t\t`religion` = '%s',\n\t\t\t`pub_keywords` = '%s',\n\t\t\t`prv_keywords` = '%s',\n\t\t\t`likes` = '%s',\n\t\t\t`dislikes` = '%s',\n\t\t\t`about` = '%s',\n\t\t\t`interest` = '%s',\n\t\t\t`contact` = '%s',\n\t\t\t`music` = '%s',\n\t\t\t`book` = '%s',\n\t\t\t`tv` = '%s',\n\t\t\t`film` = '%s',\n\t\t\t`romance` = '%s',\n\t\t\t`work` = '%s',\n\t\t\t`education` = '%s',\n\t\t\t`hide-friends` = %d\n\t\t\tWHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), dbesc($gender), dbesc($dob), dbesc($address), dbesc($locality), dbesc($region), dbesc($postal_code), dbesc($country_name), dbesc($marital), dbesc($with), dbesc($howlong), dbesc($sexual), dbesc($homepage), dbesc($hometown), dbesc($politic), dbesc($religion), dbesc($pub_keywords), dbesc($prv_keywords), dbesc($likes), dbesc($dislikes), dbesc($about), dbesc($interest), dbesc($contact), dbesc($music), dbesc($book), dbesc($tv), dbesc($film), dbesc($romance), dbesc($work), dbesc($education), intval($hide_friends), intval($a->argv[1]), intval(local_user())); if ($r) { info(t('Profile updated.') . EOL); } if ($namechanged && $is_default) { $r = q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc($name), dbesc(datetime_convert()), intval(local_user())); $r = q("UPDATE `user` set `username` = '%s' where `uid` = %d", dbesc($name), intval(local_user())); } if ($is_default) { $location = $locality; if ($region != "") { if ($location != "") { $location .= ", "; } $location .= $region; } if ($country_name != "") { if ($location != "") { $location .= ", "; } $location .= $country_name; } $r = q("UPDATE `contact` SET `about` = '%s', `location` = '%s', `keywords` = '%s', `gender` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc($about), dbesc($location), dbesc($pub_keywords), dbesc($gender), intval(local_user())); // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory'))) { proc_run('php', "include/directory.php", "{$url}"); } require_once 'include/profile_update.php'; profile_change(); } } }
function profile_photo_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); if (x($_POST, 'cropfinal') && $_POST['cropfinal'] == 1) { // phase 2 - we have finished cropping if ($a->argc != 2) { notice(t('Image uploaded but image cropping failed.') . EOL); return; } $image_id = $a->argv[1]; if (substr($image_id, -2, 1) == '-') { $scale = substr($image_id, -1, 1); $image_id = substr($image_id, 0, -2); } $srcX = $_POST['xstart']; $srcY = $_POST['ystart']; $srcW = $_POST['xfinal'] - $srcX; $srcH = $_POST['yfinal'] - $srcY; $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", dbesc($image_id), dbesc(local_user()), intval($scale)); if (count($r)) { $base_image = $r[0]; $im = new Photo($base_image['data']); if ($im->is_valid()) { $im->cropImage(175, $srcX, $srcY, $srcW, $srcH); $r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 4, 1); if ($r === false) { notice(sprintf(t('Image size reduction [%s] failed.'), "175") . EOL); } $im->scaleImage(80); $r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 5, 1); if ($r === false) { notice(sprintf(t('Image size reduction [%s] failed.'), "80") . EOL); } $im->scaleImage(48); $r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 6, 1); if ($r === false) { notice(sprintf(t('Image size reduction [%s] failed.'), "48") . EOL); } // Unset the profile photo flag from any other photos I own $r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d", dbesc($base_image['resource-id']), intval(local_user())); $r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d LIMIT 1", dbesc(datetime_convert()), intval(local_user())); info(t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL); // Update global directory in background $url = $a->get_baseurl() . '/profile/' . $a->user['nickname']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } require_once 'include/profile_update.php'; profile_change(); } else { notice(t('Unable to process image') . EOL); } } goaway($a->get_baseurl() . '/profiles'); return; // NOTREACHED } $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { notice(sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL); @unlink($src); return; } $imagedata = @file_get_contents($src); $ph = new Photo($imagedata); if (!$ph->is_valid()) { notice(t('Unable to process image.') . EOL); @unlink($src); return; } @unlink($src); return profile_photo_crop_ui_head($a, $ph); }
function settings_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { notice(t('Permission denied.') . EOL); return; } if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) { $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl() . "/settings/oauth/"); return; } if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) { $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; if ($name == "" || $key == "" || $secret == "") { notice(t("Missing some important data!")); } else { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl() . "/settings/oauth/"); return; } if ($a->argc > 1 && $a->argv[1] == 'addon') { call_hooks('plugin_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] == 'connectors') { if (x($_POST['imap-submit'])) { $mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : ''; $mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : ''; $mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : ''; $mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : ''; $mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : ''; $mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : ''; $mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : ''; $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (get_config('system', 'dfrn_only')) { $mail_disabled = 1; } if (!$mail_disabled) { $failed = false; $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (!count($r)) { q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user())); } if (strlen($mail_pass)) { $pass = ''; openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']); q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d LIMIT 1", dbesc(bin2hex($pass)), intval(local_user())); } $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d LIMIT 1", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user())); $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (count($r)) { $eacct = $r[0]; require_once 'include/email.php'; $mb = construct_mailbox_name($eacct); if (strlen($eacct['server'])) { $dcrpass = ''; openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']); $mbox = email_connect($mb, $mail_user, $dcrpass); unset($dcrpass); if (!$mbox) { $failed = true; notice(t('Failed to connect with email account using the settings provided.') . EOL); } } } if (!$failed) { info(t('Email settings updated.') . EOL); } } } call_hooks('connector_settings_post', $_POST); return; } call_hooks('settings_post', $_POST); if (x($_POST, 'npassword') || x($_POST, 'confirm')) { $newpass = $_POST['npassword']; $confirm = $_POST['confirm']; $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($password), intval(local_user())); if ($r) { info(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : ''; $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $email = x($_POST, 'email') ? notags(trim($_POST['email'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0; $old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } $email_changed = false; $err = ''; $name_change = false; if ($username != $a->user['username']) { $name_change = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; if (!valid_email($email)) { $err .= t(' Not valid email.'); } if (x($a->config, 'admin_email') && strcasecmp($email, $a->config['admin_email']) == 0) { $err .= t(' Cannot change to that email.'); $email = $a->user['email']; } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) { $tmp_str = $openid; if (strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once 'library/openid.php'; $open_id_obj = new LightOpenID(); $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); } else { $openidserver = ''; } } set_pconfig(local_user(), 'expire', 'items', $expire_items); set_pconfig(local_user(), 'expire', 'notes', $expire_notes); set_pconfig(local_user(), 'expire', 'starred', $expire_starred); set_pconfig(local_user(), 'expire', 'photos', $expire_photos); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), dbesc($theme), intval($maxreq), intval($expire), dbesc($openidserver), intval($blockwall), intval($hidewall), intval($blocktags), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile` \n\t\tSET `publish` = %d, \n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d LIMIT 1", intval($publish), intval($net_publish), intval($hide_friends), intval(local_user())); if ($name_change) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1 LIMIT 1", dbesc($username), dbesc(datetime_convert()), intval(local_user())); } if ($old_visibility != $net_publish) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } } require_once 'include/profile_update.php'; profile_change(); $_SESSION['theme'] = $theme; if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout } goaway($a->get_baseurl() . '/settings'); return; // NOTREACHED }