function execute(&$action, &$request)
{
if ($request['event'] == 'register_user') {
/* Create the ancestors bar (if we run into any trouble */
k4_bread_crumbs($request['template'], $request['dba'], 'L_REGISTER');
if (intval($request['template']->getVar('allowregistration')) == 0) {
if (!USE_XMLHTTP) {
no_perms_error($request);
return TRUE;
} else {
xmlhttp_message('L_YOUNEEDPERMS');
}
}
if (!$request['user']->isMember()) {
global $_PROFILEFIELDS, $_SETTINGS, $_URL, $_DATASTORE;
/* If we are not allowed to register */
if (isset($_SETTINGS['allowregistration']) && $_SETTINGS['allowregistration'] == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERADMIN'), 'content', FALSE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_CANTREGISTERADMIN');
}
/* Collect the custom profile fields to display */
$query_fields = '';
$query_params = '';
foreach ($_PROFILEFIELDS as $field) {
if ($field['display_register'] == 1) {
/* This insures that we only put in what we need to */
if (isset($_REQUEST[$field['name']])) {
switch ($field['inputtype']) {
default:
case 'text':
case 'textarea':
case 'select':
if ($_REQUEST[$field['name']] != '') {
$query_fields .= ', ' . $field['name'];
$query_params .= ", '" . $request['dba']->quote(k4_htmlentities($_REQUEST[$field['name']], ENT_QUOTES)) . "'";
}
break;
case 'multiselect':
case 'radio':
case 'check':
if (is_array($_REQUEST[$field['name']]) && !empty($_REQUEST[$field['name']])) {
$query_fields .= ', ' . $field['name'];
$query_params .= ", '" . $request['dba']->quote(serialize($_REQUEST[$field['name']])) . "'";
}
break;
}
}
}
}
/**
* Error checking
*/
/* Username checks */
if (!$this->runPostFilter('username', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME');
}
if (!$this->runPostFilter('username', new FARegexFilter('~^[a-zA-Z]([a-zA-Z0-9]*[-_ ]?)*[a-zA-Z0-9]*$~'))) {
$action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME');
}
if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOLONG', intval($_SETTINGS['maxuserlength'])), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETOOSHORT');
}
if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength']), intval($_SETTINGS['minuserlength'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])));
}
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETAKEN'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETAKEN');
}
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4BADUSERNAMES . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMENOTGOOD'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMENOTGOOD');
}
/* Check the appropriatness of the username */
$name = $_REQUEST['username'];
replace_censors($name);
if ($name != $_REQUEST['username']) {
$action = new K4InformationAction(new K4LanguageElement('L_INNAPROPRIATEUNAME'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_INNAPROPRIATEUNAME');
}
/* Password checks */
if (!$this->runPostFilter('password', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSWORD'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSWORD');
}
if (!$this->runPostFilter('password2', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSCHECK'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSCHECK');
}
if (!$this->runPostFilter('password', new FACompareFilter('password2'))) {
$action = new K4InformationAction(new K4LanguageElement('L_PASSESDONTMATCH'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_PASSESDONTMATCH');
}
/* Email checks */
if (!$this->runPostFilter('email', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAIL');
}
if (!$this->runPostFilter('email2', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAILCHECK'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAILCHECK');
}
if (!$this->runPostFilter('email', new FACompareFilter('email2'))) {
$action = new K4InformationAction(new K4LanguageElement('L_EMAILSDONTMATCH'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILSDONTMATCH');
}
if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) {
$action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDVALIDEMAIL');
}
if ($_SETTINGS['requireuniqueemail'] == 1) {
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE email = '" . $request['dba']->quote($_REQUEST['email']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_EMAILTAKEN'), 'content', TRUE);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILTAKEN');
}
}
/* Exit right here to send no content to the browser if ajax is enabled */
if (USE_XMLHTTP) {
exit;
}
/**
* Do the database inserting
*/
$name = k4_htmlentities(strip_tags($_REQUEST['username']), ENT_QUOTES);
$reg_key = md5(uniqid(rand(), TRUE));
$insert_a = $request['dba']->prepareStatement("INSERT INTO " . K4USERS . " (name,email,pass,perms,reg_key,usergroups,created) VALUES (?,?,?,?,?,?,?)");
$insert_a->setString(1, $name);
$insert_a->setString(2, $_REQUEST['email']);
$insert_a->setString(3, md5($_REQUEST['password']));
$insert_a->setInt(4, PENDING_MEMBER);
$insert_a->setString(5, $reg_key);
$insert_a->setString(6, '|1|');
$insert_a->setInt(7, time());
$insert_a->executeUpdate();
$user_id = intval($request['dba']->getInsertId(K4USERS, 'id'));
$insert_b = $request['dba']->prepareStatement("INSERT INTO " . K4USERINFO . " (user_id,timezone" . $query_fields . ") VALUES (?,?" . $query_params . ")");
$insert_b->setInt(1, $user_id);
$insert_b->setInt(2, intval(@$_REQUEST['timezone']));
$request['dba']->executeUpdate("INSERT INTO " . K4USERSETTINGS . " (user_id) VALUES (" . $user_id . ")");
$insert_b->executeUpdate();
$datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?");
/* Set the datastore values */
$datastore = $_DATASTORE['forumstats'];
$datastore['num_members'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS);
$datastore['newest_user_id'] = $user_id;
$datastore['newest_user_name'] = $name;
$datastore_update->setString(1, serialize($datastore));
$datastore_update->setString(2, 'forumstats');
$datastore_update->executeUpdate();
reset_cache('datastore');
/* Do we need to validate their email by having them follow a url? */
if (intval($_SETTINGS['verifyemail']) == 1) {
$verify_url = $_URL;
$verify_url->args = array('act' => 'activate_accnt', 'key' => $reg_key);
$verify_url->file = 'member.php';
$url = str_replace('&', '&', $verify_url->__toString());
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET usergroups = '1' WHERE id = " . intval($user_id));
$email = sprintf($request['template']->getVar('L_REGISTEREMAILRMSG'), $name, $_SETTINGS['bbtitle'], $url, $_SETTINGS['bbtitle']);
$action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTEREMAIL', $_SETTINGS['bbtitle'], $_REQUEST['email']), 'content', FALSE, 'index.php', 5);
//return $action->execute($request);
} else {
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET perms = " . MEMBER . ", priv_key = '', reg_key = '' WHERE id = " . intval($user_id));
$action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTER', $_SETTINGS['bbtitle']), 'content', FALSE, 'index.php', 5);
//return $action->execute($request);
$email = sprintf($request['template']->getVar('L_REGISTEREMAILMSG'), $name, $_SETTINGS['bbtitle'], $_SETTINGS['bbtitle']);
}
/* Finally, mail our user */
email_user($_REQUEST['email'], sprintf($request['template']->getVar('L_REGISTEREMAILTITLE'), $_SETTINGS['bbtitle']), $email);
return TRUE;
} else {
$action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERLOGGEDIN'), 'content', FALSE, 'index.php', 3);
return TRUE;
}
return FALSE;
}
}
function current()
{
$temp = parent::current();
$temp['posticon'] = @$temp['posticon'] != '' ? file_exists(BB_BASE_DIR . '/tmp/upload/posticons/' . @$temp['posticon']) ? @$temp['posticon'] : 'clear.gif' : 'clear.gif';
$temp['post_id'] = 't' . $temp['post_id'];
if ($temp['poster_id'] > 0) {
$temp['post_display_user_ddmenu'] = 1;
if (!isset($this->users[$temp['poster_id']])) {
$user = $this->dba->getRow("SELECT " . $this->qp['user'] . $this->qp['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id=ui.user_id WHERE u.id=" . intval($temp['poster_id']));
if (is_array($user) && !empty($user)) {
$group = get_user_max_group($user, $this->groups);
$user['group_color'] = !isset($group['color']) || $group['color'] == '' ? '000000' : $group['color'];
$user['group_nicename'] = isset($group['nicename']) ? $group['nicename'] : '';
$user['group_avatar'] = isset($group['avatar']) ? $group['avatar'] : '';
$user['online'] = time() - ini_get('session.gc_maxlifetime') > $user['seen'] ? 'offline' : 'online';
$this->users[$user['id']] = $user;
}
} else {
$user = $this->users[$temp['poster_id']];
}
if (is_array($user) && !empty($user)) {
if ($user['flag_level'] > 0 && $_SESSION['user']->get('perms') >= MODERATOR) {
$temp['post_user_background'] = 'background-color: #FFFF00;';
}
foreach ($user as $key => $val) {
$temp['post_user_' . $key] = $val;
}
$temp['profilefields'] =& new FAArrayIterator(get_profile_fields($this->fields, $temp));
$temp['post_user_title'] = $user['user_title'];
$temp['post_user_user_title'] = get_user_title($user['user_title'], $user['num_posts']);
}
if (!isset($temp['post_user_online'])) {
$temp['post_user_online'] = 'offline';
}
/* This array holds all of the userinfo for users that post to this topic */
$this->users[$user['id']] = $user;
} else {
$temp['post_user_id'] = 0;
$temp['post_user_name'] = $temp['poster_name'];
}
/* Deal with acronyms */
replace_acronyms($temp['body_text']);
/* word censors */
replace_censors($temp['body_text']);
replace_censors($temp['name']);
/* Do any polls if they exist */
do_post_polls($temp, $this->dba);
/* do we have any attachments? */
if (isset($temp['attachments']) && $temp['attachments'] > 0) {
$temp['attachment_files'] = new K4AttachmentsIterator($this->dba, $this->user, $temp['post_id'], 0);
}
// url's
$temp['U_TOPICURL'] = K4Url::getTopicUrl($temp['post_id']);
$temp['U_POSTURL'] = K4Url::getPostUrl($temp['post_id']);
$temp['U_MEMBERURL'] = K4Url::getMemberUrl($temp['poster_id']);
if ($this->sr && $temp['num_replies'] > 0) {
$this->result = $this->dba->executeQuery("SELECT * FROM " . K4POSTS . " WHERE parent_id = " . intval($temp['post_id']) . " AND row_type=" . REPLY . " " . ($this->post_id ? "AND post_id = " . $this->post_id : "") . " AND created >= " . 3600 * 24 * intval($temp['daysprune']) . " ORDER BY " . $temp['sortedby'] . " " . $temp['sortorder'] . " LIMIT " . intval($temp['start']) . "," . intval($temp['postsperpage']));
$temp['replies'] = new RepliesIterator($this->user, $this->dba, $this->result, $this->qp, $this->users, $this->groups, $this->fields);
}
return $temp;
}
function current()
{
$temp = parent::current();
$temp['posticon'] = isset($temp['posticon']) && @$temp['posticon'] != '' ? iif(file_exists(BB_BASE_DIR . '/tmp/upload/posticons/' . @$temp['posticon']), @$temp['posticon'], 'clear.gif') : 'clear.gif';
$temp['post_id'] = 'r' . $temp['post_id'];
if ($temp['poster_id'] > 0) {
if (!isset($this->users[$temp['poster_id']])) {
$temp['post_display_user_ddmenu'] = 1;
// display a ddmenu
$user = $this->dba->getRow("SELECT " . $this->qp['user'] . $this->qp['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id=ui.user_id WHERE u.id=" . intval($temp['poster_id']));
if (is_array($user) && !empty($user)) {
$group = get_user_max_group($user, $this->groups);
$user['group_color'] = !isset($group['color']) || $group['color'] == '' ? '000000' : $group['color'];
$user['group_nicename'] = $group['nicename'];
$user['group_avatar'] = $group['avatar'];
$user['online'] = time() - ini_get('session.gc_maxlifetime') > $user['seen'] ? 'offline' : 'online';
$this->users[$user['id']] = $user;
}
} else {
$temp['post_display_user_ddmenu'] = $this->result->hasPrev() ? 0 : 1;
// use a different ddmenu
$user = $this->users[$temp['poster_id']];
}
if (is_array($user) && !empty($user)) {
if ($user['flag_level'] > 0 && $_SESSION['user']->get('perms') >= MODERATOR) {
$temp['post_user_background'] = 'background-color: #FFFF00;';
}
foreach ($user as $key => $val) {
$temp['post_user_' . $key] = $val;
}
$temp['profilefields'] = new FAArrayIterator(get_profile_fields($this->fields, $temp));
$temp['post_user_title'] = $user['user_title'];
$temp['post_user_user_title'] = get_user_title($user['user_title'], $user['num_posts']);
}
if (!isset($temp['post_user_online'])) {
$temp['post_user_online'] = 'offline';
}
} else {
$temp['post_user_id'] = 0;
$temp['post_user_name'] = $temp['poster_name'];
}
/* do we have any attachments? */
if (isset($temp['attachments']) && $temp['attachments'] > 0) {
$temp['attachment_files'] = new K4AttachmentsIterator($this->dba, $this->user, $temp['post_id'], $temp['post_id']);
}
/* Deal with acronyms */
replace_acronyms($temp['body_text']);
/* word censors!! */
replace_censors($temp['body_text']);
replace_censors($temp['name']);
/* Do any polls if they exist */
do_post_polls($temp, $this->dba);
/* Should we free the result? */
if (!$this->hasNext()) {
$this->result->free();
}
return $temp;
}
function current()
{
$temp = parent::current();
/* Cache this forum in the session */
cache_forum($temp);
/**
* Do the icon
*/
switch ($temp['row_type']) {
case FORUM:
$temp['forum_icon'] = 'forum_off';
forum_icon($temp, $temp['forum_icon']);
break;
case GALLERY:
$temp['forum_icon'] = 'forum_gallery';
break;
case METAFORUM:
$temp['forum_icon'] = 'forum_meta';
break;
case ARCHIVEFORUM:
$temp['forum_icon'] = 'forum_archive';
break;
}
/* Set a nice representation of what level we're on */
$temp['level'] = @str_repeat(' ', $this->level);
/* Should we query down to the next level of forums? */
if ($temp['row_type'] & CATEGORY) {
$temp['forums'] =& new K4ForumsIterator($this->dba, "SELECT * FROM " . K4FORUMS . " WHERE parent_id = " . $temp['forum_id'] . " ORDER BY row_order ASC", TRUE, $this->level + 1);
}
if ($this->do_recurse) {
if ($temp['subforums'] > 0 && $this->settings['showsubforums'] == 1) {
$it = new K4ForumsIterator($this->dba, "SELECT * FROM " . K4FORUMS . " WHERE parent_id = " . intval($temp['forum_id']) . " ORDER BY row_order ASC", FALSE, $this->level + 1);
if ($it->hasNext()) {
// add the iterator
$temp['subforums_list'] = $it;
} else {
// if this forum doesn't actually have subforums, fix it
$this->dba->executeUpdate("UPDATE " . K4FORUMS . " SET subforums=0 WHERE forum_id = " . intval($temp['forum_id']));
}
}
}
/**
* Get the moderators
*/
$temp['moderators'] = array();
$temp['are_moderators'] = 0;
if ($temp['moderating_groups'] != '') {
$groups = explode('|', $temp['moderating_groups']);
if (is_array($groups)) {
foreach ($groups as $g) {
if (isset($this->usergroups[$g])) {
$temp['U_USERGROUPURL'] = K4Url::getUserGroupUrl($g);
$temp['moderators'][] = $this->usergroups[$g];
}
}
$temp['are_moderators'] = 1;
}
}
if ($temp['moderating_users'] != '') {
$users = force_unserialize($temp['moderating_users']);
if (is_array($users) && !empty($users)) {
foreach ($users as $user_id => $username) {
$temp['U_GMEMBERURL'] = K4Url::getMemberUrl($user_id);
$temp['moderators'][] = array('user_id' => $user_id, 'name' => $username);
}
$temp['are_moderators'] = 1;
}
}
$temp['moderators'] =& new FAArrayIterator($temp['moderators']);
/* Replace topic/post names with censors */
replace_censors($temp['topic_name']);
replace_censors($temp['post_name']);
$temp['topics'] = number_format($temp['topics']);
$temp['replies'] = number_format($temp['replies']);
$temp['posts'] = number_format($temp['posts']);
// /* Set cookies for all of the topics */
// bb_settopic_cache_item('forums', serialize($this->forums), time() + 3600 * 25 * 5);
$temp['safe_description'] = strip_tags($temp['description']);
$temp['forum'] = $temp['row_type'] == CATEGORY ? 0 : 1;
// custom url's
$temp['U_FORUMURL'] = K4Url::getForumUrl($temp['forum_id']);
$temp['U_TOPICURL'] = K4Url::getTopicUrl($temp['post_id']);
$temp['U_POSTURL'] = K4Url::getPostUrl($temp['post_id']);
$temp['U_FINDPOSTURL'] = K4Url::getPostUrl($temp['post_id']);
$temp['U_MEMBERURL'] = K4Url::getMemberUrl($temp['post_uid']);
$temp['U_REDIRECTURL'] = K4Url::getRedirectUrl($temp['forum_id']);
/* Return the formatted forum info */
return $temp;
}
function current()
{
$temp = parent::current();
/* Set the topic icons */
$temp['posticon'] = $temp['posticon'] != '' ? iif(file_exists(BB_BASE_DIR . '/tmp/upload/posticons/' . $temp['posticon']), $temp['posticon'], 'clear.gif') : 'clear.gif';
$new = $temp['member_has_read'] == 0 ? TRUE : FALSE;
$temp['use_pager'] = 0;
if ($this->repliesperpage < $temp['num_replies']) {
/* Create a pager */
$temp['use_pager'] = 1;
$temp['num_pages'] = @ceil($temp['num_replies'] / $this->repliesperpage);
$temp['pager'] = paginate($temp['num_replies'], '«', '<', '', '>', '»', $this->repliesperpage, $temp['pm_id']);
}
if ($temp['poster_id'] > 0) {
if (in_array($temp['poster_id'], $this->flagged_users) && $_SESSION['user']->get('perms') >= MODERATOR) {
$temp['post_user_background'] = 'background-color: #FFFF00;';
}
}
if ($temp['is_draft'] == 1) {
$temp['url'] = 'member.php?act=usercp&view=pmnewmessage&draft=' . $temp['pm_id'];
} else {
$temp['url'] = 'member.php?act=usercp&view=pmsg&pm=' . $temp['pm_id'];
}
if ($new) {
$temp['is_new'] = 1;
}
/* Censor subjects if necessary */
replace_censors($temp['name']);
/* Should we free the result? */
if (!$this->hasNext()) {
$this->result->free();
}
return $temp;
}
function execute(&$request)
{
if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) {
global $_PROFILEFIELDS, $_SETTINGS;
k4_bread_crumbs($request['template'], $request['dba'], 'L_USERS');
$request['template']->setVar('users_on', '_on');
$request['template']->setFile('sidebar_menu', 'menus/users.html');
if (!isset($_REQUEST['user_id']) || intval($_REQUEST['user_id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
$user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE id=" . intval($_REQUEST['user_id']) . " LIMIT 1");
if (!is_array($user) || empty($user)) {
$action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
/* Collect the custom profile fields */
$query_fields = '';
foreach ($_PROFILEFIELDS as $field) {
/* This insures that we only put in what we need to */
if (isset($_REQUEST[$field['name']])) {
switch ($field['inputtype']) {
default:
case 'text':
case 'textarea':
case 'select':
if ($_REQUEST[$field['name']] != '') {
$query_fields .= ', ' . $field['name'] . "='" . $request['dba']->quote(k4_htmlentities($_REQUEST[$field['name']], ENT_QUOTES)) . "'";
}
break;
case 'multiselect':
case 'radio':
case 'check':
if (is_array($_REQUEST[$field['name']]) && !empty($_REQUEST[$field['name']])) {
$query_fields .= ',' . $field['name'] . "='" . $request['dba']->quote(serialize($_REQUEST[$field['name']])) . "'";
}
break;
}
}
}
/**
* Error checking
*/
/* Username checks */
if (!$this->runPostFilter('uname', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE);
}
if (!$this->runPostFilter('uname', new FARegexFilter('~^[a-zA-Z]([a-zA-Z0-9]*[-_ ]?)*[a-zA-Z0-9]*$~'))) {
$action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE);
}
if (!$this->runPostFilter('uname', new FALengthFilter(intval($_SETTINGS['maxuserlength'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOLONG', intval($_SETTINGS['maxuserlength'])), 'content', TRUE);
}
if (!$this->runPostFilter('uname', new FALengthFilter(intval($_SETTINGS['maxuserlength']), intval($_SETTINGS['minuserlength'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])), 'content', TRUE);
}
if ($_REQUEST['uname'] != $user['name']) {
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['uname']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETAKEN'), 'content', TRUE);
}
}
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4BADUSERNAMES . " WHERE name = '" . $request['dba']->quote($_REQUEST['uname']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMENOTGOOD'), 'content', TRUE);
}
if (isset($action)) {
return $action->execute($request);
}
/* Check the appropriatness of the username */
$name = $_REQUEST['uname'];
replace_censors($name);
if ($name != $_REQUEST['uname']) {
$action = new K4InformationAction(new K4LanguageElement('L_INNAPROPRIATEUNAME'), 'content', TRUE);
}
/* Email checks */
if (!$this->runPostFilter('email', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE);
}
if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) {
$action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE);
}
if ($_SETTINGS['requireuniqueemail'] == 1 && $_REQUEST['email'] != $user['email']) {
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE email = '" . $request['dba']->quote($_REQUEST['email']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_EMAILTAKEN'), 'content', TRUE);
}
}
if (isset($action)) {
return $action->execute($request);
}
/**
*
* Update User
*
*/
$usergroups = isset($_REQUEST['usergroups']) && is_array($_REQUEST['usergroups']) ? $_REQUEST['usergroups'] : array(2);
$name = k4_htmlentities(strip_tags($_REQUEST['uname']), ENT_QUOTES);
$reg_key = md5(uniqid(rand(), TRUE));
$insert_a = $request['dba']->prepareStatement("UPDATE " . K4USERS . " SET name=?,email=?,perms=?,usergroups=? WHERE id=?");
$insert_a->setString(1, $name);
$insert_a->setString(2, $_REQUEST['email']);
$insert_a->setInt(3, $_REQUEST['permissions']);
$insert_a->setString(4, '|' . implode('|', $usergroups) . '|');
// Registered Users
$insert_a->setInt(5, $user['id']);
$insert_a->executeUpdate();
$insert_b = $request['dba']->prepareStatement("UPDATE " . K4USERINFO . " SET timezone=? " . $query_fields . " WHERE user_id=?");
$insert_b->setInt(1, intval(@$_REQUEST['timezone']));
$insert_b->setInt(2, $user['id']);
$insert_b->executeUpdate();
/**
*
* User Profile
*
*/
$query = "UPDATE " . K4USERINFO . " SET ";
$error = '';
$fields = array('fullname', 'icq', 'aim', 'msn', 'yahoo', 'jabber', 'googletalk');
foreach ($fields as $field) {
if (isset($_REQUEST[$field]) && $_REQUEST[$field] != '') {
$query .= $field . "='" . $request['dba']->quote($_REQUEST[$field]) . "', ";
}
}
// deal with the timezone
if (isset($_REQUEST['timezone']) && $_REQUEST['timezone'] != '') {
$query .= "timezone = " . intval($_REQUEST['timezone']) . ", ";
}
// could this check get any uglier/more stupid?
$birthday = '';
if (isset($_REQUEST['month']) && isset($_REQUEST['day']) && isset($_REQUEST['year'])) {
if (intval($_REQUEST['month']) != 0 && ctype_digit($_REQUEST['month']) && (intval($_REQUEST['day']) != 0 && ctype_digit($_REQUEST['day'])) && (intval($_REQUEST['year']) != 0 && ctype_digit($_REQUEST['year']))) {
$birthday = $request['dba']->quote($_REQUEST['month'] . '/' . $_REQUEST['day'] . '/' . $_REQUEST['year']);
$birthday = strlen($birthday) == 10 ? $birthday : '';
}
}
// finish off this query
$query .= "birthday = '" . $birthday . "' WHERE user_id = " . intval($user['id']);
/* Update the user */
$request['dba']->executeUpdate($query);
/**
*
* User Options
*
*/
/* Do half-checks on the styles/language stuff */
$language = !in_array($_REQUEST['language'], get_files(K4_BASE_DIR . '/lang/', TRUE, TRUE)) ? $request['user']->get('language') : $_REQUEST['language'];
$imageset = !in_array($_REQUEST['imageset'], get_files(BB_BASE_DIR . '/Images/', TRUE, TRUE)) ? $request['user']->get('imageset') : $_REQUEST['imageset'];
$templateset = !in_array($_REQUEST['templateset'], get_files(BB_BASE_DIR . '/templates/', TRUE, TRUE)) ? $request['user']->get('templateset') : $_REQUEST['templateset'];
$styleset = $request['dba']->getRow("SELECT * FROM " . K4STYLES . " WHERE id = " . intval($_REQUEST['styleset']) . " LIMIT 1");
$styleset = is_array($styleset) && !empty($styleset) ? $styleset['name'] : $request['user']->get('styleset');
/* Change the users' invisible mode */
if (isset($_REQUEST['invisible']) && (intval($_REQUEST['invisible']) == 0 || intval($_REQUEST['invisible']) == 1) && intval($_REQUEST['invisible']) != $request['user']->get('invisible')) {
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET invisible = " . intval($_REQUEST['invisible']) . " WHERE id = " . intval($request['user']->get('id')));
}
/**
* Prepare the big query
*/
$query = $request['dba']->prepareStatement("UPDATE " . K4USERSETTINGS . " SET templateset=?,styleset=?,imageset=?,language=?,topic_display=?,notify_pm=?,popup_pm=?,topicsperpage=?,postsperpage=?,viewimages=?,viewavatars=?,viewsigs=?,viewflash=?,viewemoticons=?,viewcensors=?,topic_threaded=? WHERE user_id = ?");
$query->setString(1, $templateset);
$query->setString(2, $styleset);
$query->setString(3, $imageset);
$query->setString(4, $language);
$query->setInt(5, $_REQUEST['topic_display']);
$query->setInt(6, $_REQUEST['notify_pm']);
$query->setInt(7, $_REQUEST['popup_pm']);
$query->setInt(8, $_REQUEST['topicsperpage']);
$query->setInt(9, $_REQUEST['postsperpage']);
$query->setInt(10, $_REQUEST['viewimages']);
$query->setInt(11, $_REQUEST['viewavatars']);
$query->setInt(12, $_REQUEST['viewsigs']);
$query->setInt(13, $_REQUEST['viewflash']);
$query->setInt(14, $_REQUEST['viewemoticons']);
$query->setInt(15, $_REQUEST['viewcensors']);
$query->setInt(16, $_REQUEST['topic_threaded']);
$query->setInt(17, $user['id']);
$query->executeUpdate();
/**
*
* Datastore
*
*/
if ($_DATASTORE['forumstats']['newest_user_id'] == $user['id']) {
$datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?");
$datastore = $_DATASTORE['forumstats'];
$datastore['newest_user_name'] = $name;
$datastore_update->setString(1, serialize($datastore));
$datastore_update->setString(2, 'forumstats');
$datastore_update->executeUpdate();
reset_cache('datastore');
}
/**
*
* User Name
*
*/
if ($name != $user['name']) {
$request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET edited_username='******'dba']->quote($name) . "' WHERE edited_userid=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET lastpost_uname='" . $request['dba']->quote($name) . "' WHERE lastpost_uid=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4FORUMS . " SET post_uname='" . $request['dba']->quote($name) . "' WHERE post_uid=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4POLLVOTES . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4RATINGS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4USERGROUPS . " SET mod_name='" . $request['dba']->quote($name) . "' WHERE mod_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4BADPOSTREPORTS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4BADPOSTREPORTS . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4BANNEDUSERS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET member_name='" . $request['dba']->quote($name) . "' WHERE member_id=" . intval($user['id']));
}
/**
*
* DONE
*
*/
$action = new K4InformationAction(new K4LanguageElement('L_UPDATEDUSER', $name), 'content', FALSE, 'admin.php?act=users', 3);
return $action->execute($request);
} else {
no_perms_error($request);
}
return TRUE;
}
