/** ----------------------------------------
/** Email Update
/** ----------------------------------------*/
function update_email()
{
// Safety.
if (!isset($_POST['email'])) {
return ee()->output->show_user_error('general', array(ee()->lang->line('invalid_action')));
}
/** ----------------------------------------
/** Blacklist/Whitelist Check
/** ----------------------------------------*/
if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') {
return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized')));
}
/** -------------------------------------
/** Validate submitted data
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate.php';
}
$query = ee()->db->query("SELECT email, password FROM exp_members WHERE member_id = '" . ee()->session->userdata('member_id') . "'");
$VAL = new EE_Validate(array('member_id' => ee()->session->userdata('member_id'), 'val_type' => 'update', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'email' => $_POST['email'], 'cur_email' => $query->row('email'), 'cur_password' => $_POST['password']));
$VAL->validate_email();
if ($_POST['email'] != $query->row('email')) {
$VAL->password_safety_check();
}
if (count($VAL->errors) > 0) {
return ee()->output->show_user_error('submission', $VAL->errors);
}
/** -------------------------------------
/** Assign the query data
/** -------------------------------------*/
$data = array('email' => $_POST['email'], 'accept_admin_email' => isset($_POST['accept_admin_email']) ? 'y' : 'n', 'accept_user_email' => isset($_POST['accept_user_email']) ? 'y' : 'n', 'notify_by_default' => isset($_POST['notify_by_default']) ? 'y' : 'n', 'notify_of_pm' => isset($_POST['notify_of_pm']) ? 'y' : 'n', 'smart_notifications' => isset($_POST['smart_notifications']) ? 'y' : 'n');
ee()->db->query(ee()->db->update_string('exp_members', $data, "member_id = '" . ee()->session->userdata('member_id') . "'"));
/** -------------------------------------
/** Update comments and log email change
/** -------------------------------------*/
if ($query->row('email') != $_POST['email']) {
ee()->db->query(ee()->db->update_string('exp_comments', array('email' => $_POST['email']), "author_id = '" . ee()->session->userdata('member_id') . "'"));
}
/** -------------------------------------
/** Success message
/** -------------------------------------*/
return $this->_var_swap($this->_load_element('success'), array('lang:heading' => ee()->lang->line('mbr_email_updated'), 'lang:message' => ee()->lang->line('mbr_email_has_been_updated')));
}
private function _member_delete()
{
// No sneakiness - we'll do this in case the site administrator
// has foolishly turned off secure forms and some monkey is
// trying to delete their account from an off-site form or
// after logging out.
if ($this->EE->session->userdata('member_id') == 0 or $this->EE->session->userdata('can_delete_self') !== 'y') {
return array('error' => $this->EE->lang->line('not_authorized'));
}
// If the user is a SuperAdmin, then no deletion
if ($this->EE->session->userdata('group_id') == 1) {
return array('error' => $this->EE->lang->line('cannot_delete_super_admin'));
}
// Is IP and User Agent required for login? Then, same here.
if ($this->EE->config->item('require_ip_for_login') == 'y') {
if ($this->EE->session->userdata('ip_address') == '' or $this->EE->session->userdata('user_agent') == '') {
return array('error' => $this->EE->lang->line('unauthorized_request'));
}
}
// Check password lockout status
if ($this->EE->session->check_password_lockout($this->EE->session->userdata('username')) === TRUE) {
$this->EE->lang->loadfile('login');
return array('error' => sprintf(lang('password_lockout_in_effect'), $this->EE->config->item('password_lockout_interval')));
}
/** -------------------------------------
/** Validate submitted password
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate' . EXT;
}
$VAL = new EE_Validate(array('member_id' => $this->EE->session->userdata('member_id'), 'cur_password' => $_POST['password']));
$VAL->password_safety_check();
if (isset($VAL->errors) && count($VAL->errors) > 0) {
$this->EE->session->save_password_lockout($this->EE->session->userdata('username'));
return array('error' => $this->EE->lang->line('invalid_pw'));
}
// Are you who you say you are, or someone sitting at someone
// else's computer being mean?!
// $query = $this->EE->db->select('password')
// ->where('member_id', $this->EE->session->userdata('member_id'))
// ->get('members');
//
// $password = $this->EE->functions->hash(stripslashes($_POST['password']));
// echo '<br/>'.$query->row('password') .'<br/>'. $password;
// if ($query->row('password') != $password)
// {
// $this->EE->session->save_password_lockout($this->EE->session->userdata('username'));
//
// return array('error' => $this->EE->lang->line('invalid_pw'));
// }
// No turning back, get to deletin'!
$id = $this->EE->session->userdata('member_id');
$this->EE->db->where('member_id', (int) $id)->delete('members');
$this->EE->db->where('member_id', (int) $id)->delete('member_data');
$this->EE->db->where('member_id', (int) $id)->delete('member_homepage');
$this->EE->db->where('sender_id', (int) $id)->delete('message_copies');
$this->EE->db->where('sender_id', (int) $id)->delete('message_data');
$this->EE->db->where('member_id', (int) $id)->delete('message_folders');
$this->EE->db->where('member_id', (int) $id)->delete('message_listed');
$message_query = $this->EE->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'");
if ($message_query->num_rows() > 0) {
foreach ($message_query->result_array() as $row) {
$count_query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$this->EE->db->query($this->EE->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'"));
}
}
// Delete Forum Posts
if ($this->EE->config->item('forum_is_installed') == "y") {
$this->EE->db->where('member_id', (int) $id)->delete('forum_subscriptions');
$this->EE->db->where('member_id', (int) $id)->delete('forum_pollvotes');
$this->EE->db->where('author_id', (int) $id)->delete('forum_topics');
$this->EE->db->where('admin_member_id', (int) $id)->delete('forum_administrators');
$this->EE->db->where('mod_member_id', (int) $id)->delete('forum_moderators');
// Snag the affected topic id's before deleting the member for the update afterwards
$query = $this->EE->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
$topic_ids = array();
foreach ($query->result_array() as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$this->EE->db->where('author_id', (int) $id)->delete('forum_posts');
$this->EE->db->where('author_id', (int) $id)->delete('forum_polls');
// Kill any attachments
$query = $this->EE->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE member_id = '{$id}'");
if ($query->num_rows() > 0) {
// Grab the upload path
$res = $this->EE->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
$paths = array();
foreach ($res->result_array() as $row) {
$paths[$row['board_id']] = $row['board_upload_path'];
}
foreach ($query->result_array() as $row) {
if (!isset($paths[$row['board_id']])) {
continue;
}
$file = $paths[$row['board_id']] . $row['filehash'] . $row['extension'];
$thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension'];
@unlink($file);
@unlink($thumb);
$this->EE->db->where('attachment_id', (int) $row['attachment_id'])->delete('forum_attachments');
}
}
// Update the forum stats
$query = $this->EE->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum.php';
require PATH_MOD . 'forum/mod.forum_core.php';
}
$FRM = new Forum_Core();
foreach ($query->result_array() as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
// Va-poo-rize Channel Entries and Comments
$entry_ids = array();
$channel_ids = array();
$recount_ids = array();
// Find Entry IDs and Channel IDs, then delete
$query = $this->EE->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$entry_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$this->EE->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'");
$this->EE->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
$this->EE->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
}
// Find the affected entries AND channel ids for author's comments
$query = $this->EE->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$recount_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
$this->EE->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
// Update stats on channel entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0) {
foreach (array_unique($recount_ids) as $entry_id) {
$query = $this->EE->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->EE->db->escape_str($entry_id) . "'");
$comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date');
$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
$this->EE->db->query("UPDATE exp_channel_titles SET comment_total = '" . $this->EE->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'");
}
}
if (count($channel_ids) > 0) {
foreach (array_unique($channel_ids) as $channel_id) {
$this->EE->stats->update_channel_stats($channel_id);
$this->EE->stats->update_comment_stats($channel_id);
}
}
// Email notification recipients
if ($this->EE->session->userdata('mbr_delete_notify_emails') != '') {
$notify_address = $this->EE->session->userdata('mbr_delete_notify_emails');
$swap = array('name' => $this->EE->session->userdata('screen_name'), 'email' => $this->EE->session->userdata('email'), 'site_name' => stripslashes($this->EE->config->item('site_name')));
$email_tit = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_title'), $swap);
$email_msg = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (strpos($notify_address, $this->EE->session->userdata('email')) !== FALSE) {
$notify_address = str_replace($this->EE->session->userdata('email'), "", $notify_address);
}
$this->EE->load->helper('string');
// Remove multiple commas
$notify_address = reduce_multiples($notify_address, ',', TRUE);
if ($notify_address != '') {
// Send email
$this->EE->load->library('email');
// Load the text helper
$this->EE->load->helper('text');
foreach (explode(',', $notify_address) as $addy) {
$this->EE->email->EE_initialize();
$this->EE->email->wordwrap = FALSE;
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($addy);
$this->EE->email->reply_to($this->EE->config->item('webmaster_email'));
$this->EE->email->subject($email_tit);
$this->EE->email->message(entities_to_ascii($email_msg));
$this->EE->email->send();
}
}
}
// Trash the Session and cookies
$this->EE->db->where('site_id', $this->EE->config->item('site_id'))->where('ip_address', $this->EE->input->ip_address())->where('member_id', (int) $id)->delete('online_users');
$this->EE->db->where('session_id', $this->EE->session->userdata('session_id'))->delete('sessions');
$this->EE->functions->set_cookie($this->EE->session->c_session);
$this->EE->functions->set_cookie($this->EE->session->c_expire);
$this->EE->functions->set_cookie($this->EE->session->c_anon);
$this->EE->functions->set_cookie('read_topics');
$this->EE->functions->set_cookie('tracker');
// Update
$this->EE->stats->update_member_stats();
// Build Success Message
$url = $this->EE->config->item('site_url');
$name = stripslashes($this->EE->config->item('site_name'));
$data = array('title' => $this->EE->lang->line('mbr_delete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name));
return array('success' => $data);
}
