/** * Store edited / new userfields */ function userfields_editsave() { global $Pivot_Vars, $Cfg; // check against unauthorised direct access. check_csrf(); $ufield_arr = userfields_array(); $fts = GetUserFields(); if ($Pivot_Vars['confirmed'] != 1 && $Pivot_Vars['delete'] == 1) { $vars = array('intname', $Pivot_Vars['intname'], 'delete', 1); ConfirmPage(lang('ufield_main', 'del_title'), $vars, sprintf(lang('ufield_main', 'del_desc'), $Pivot_Vars['disp'])); } elseif ($Pivot_Vars['confirmed'] == 1 && $Pivot_Vars['delete'] == 1) { //go through deleting it. unset($Cfg['uf-' . $Pivot_Vars['intname']]); foreach (explode("|", $Cfg['userfields']) as $val) { if ($val != $Pivot_Vars['intname']) { $spoon[] = $val; } } $Cfg['userfields'] = implode("|", $spoon); //first from the master list userfields_main(); } else { if ($errout > 0) { //forget error checking for now.. } else { foreach ($ufield_arr as $val) { if ($val[0] != 'intname') { $fts[$Pivot_Vars['intname']][$val[0]] = $Pivot_Vars[$val[0]]; } } $Pivot_Vars['field'] = $Pivot_Vars['intname']; PutUserFields($fts); userfields_main(); } } }
/** * Saves the user settings. * * @param int $admin */ function libsave_change_user($admin = 0) { global $Pivot_Vars, $Users, $Cfg, $Paths; // Sanitize passed variables to prevent people from inserting characters that // could be interpreted as dividers. foreach ($Pivot_Vars as $key => $val) { $Pivot_Vars[$key] = preg_replace("/[!|\n]/i", "", $Pivot_Vars[$key]); } $userfields = get_userfields($admin); $ufields = GetUserFields(); if ($admin == 1) { $theuser = $Pivot_Vars['username']; } else { $theuser = $Pivot_Vars['user']; } if ($Pivot_Vars['delete_user'] == 1 && $Users[$Pivot_Vars['user']]['userlevel'] >= 3) { if ($Pivot_Vars['confirmed'] == 1) { //delete him from the config file, nothing else. $tmp_arr = explode("|", $Cfg['users']); foreach ($tmp_arr as $candidate) { if ($candidate != $Pivot_Vars['username']) { $tmp_arr2[] = $candidate; } } $Cfg['users'] = implode("|", $tmp_arr2); unset($Users[$Pivot_Vars['username']]); unset($Cfg['user-' . $Pivot_Vars['username']]); see_users(); } else { $vars = array('username', $Pivot_Vars['username'], 'delete_user', 1); ConfirmPage(lang('ufield_main', 'del_title'), $vars, sprintf(lang('config', 'delete_user_confirm'), $Pivot_Vars['username'])); } } else { foreach ($ufields as $keyname => $intarr) { // Skipping fields that we aren't allowed to change if ($admin != 1 && $Users[$theuser]['userlevel'] < $ufields[$keyname]['minlevel']) { continue; } array_push($userfields, array($keyname, $ufields[$keyname]['disp'], '', $ufields[$keyname]['type'], $Users[$theuser][$keyname], $ufields[$keyname]['size'], $maxl)); if ($ufields[$keyname]['filter'] != '' && strlen($Pivot_Vars[$keyname]) > 0) { $tfunk = 'is' . $ufields[$keyname]['filter']; if (!$tfunk($Pivot_Vars[$keyname])) { $userfields[count($userfields) - 1][2] = 'hey, that input doesn\'t go along with the filter in place'; $Piverr++; } } } $arraycount = Count($userfields); if (strlen($Pivot_Vars['pass1']) + strlen($Pivot_Vars['pass2']) >= 1) { if (trim($Pivot_Vars['pass1']) != trim($Pivot_Vars['pass2'])) { $userfields[2][2] = lang('userinfo', 'pass_dont_match'); $Piverr++; } if (strlen($Pivot_Vars['pass1']) < 4) { $userfields[1][2] = lang('userinfo', 'pass_too_short'); $Piverr++; } if ($Pivot_Vars['pass1'] == $Pivot_Vars['username']) { $userfields[1][2] = lang('userinfo', 'pass_equal_name'); $Piverr++; } } if ($Piverr == 0) { // make sure the superadmin doesn't demote himsef/herself.. if ($Users[$theuser]['userlevel'] == 4) { $Pivot_Vars['userlevel'] = 4; } // get confirmation if user gets admin rights if ($Pivot_Vars['userlevel'] == 3 && $Users[$theuser]['userlevel'] < 3 && $Pivot_Vars['confirmed'] != 1) { $vars = array(); $arraycount = Count($userfields); for ($i = 0; $i < $arraycount; $i++) { array_push($vars, $userfields[$i][0], $Pivot_Vars[$userfields[$i][0]]); } ConfirmPage(lang('userinfo', 'c_admin_title'), $vars, sprintf(lang('userinfo', 'c_admin_message'), $theuser)); } else { //it's all good. if (strlen($Pivot_Vars['pass1']) >= 6) { $Users[$theuser]['pass'] = md5($Pivot_Vars['pass1']); if ($_COOKIE['mode'] == 'stayloggedin' && $Pivot_Vars['user'] == $theuser) { setcookie('pass', md5($Pivot_Vars['pass1']), time() + $Cfg['cookie_length'], $Paths['cookie_url']); } //change the session key too.. $Cfg['tempsessions'][$Pivot_Vars['session']][1] = md5($Pivot_Vars['pass1']); } for ($i = 0; $i < $arraycount; $i++) { if ($userfields[$i][0] != 'heading' && $userfields[$i][0] != 'pass1' && $userfields[$i][0] != 'pass2') { $Users[$theuser][$userfields[$i][0]] = $Pivot_Vars[$userfields[$i][0]]; } } // set the categories.. if ($Users[$Pivot_Vars['user']]['userlevel'] > 2) { foreach (explode("|", $Cfg['cats']) as $category) { $allowed_users = explode("|", $Cfg['cat-' . $category]); if (isset($Pivot_Vars['allowed'][urlencode($category)])) { // add the user.. if (!in_array($theuser, $allowed_users)) { $allowed_users[] = $theuser; } } else { // remove the user.. if (in_array($theuser, $allowed_users)) { foreach ($allowed_users as $key => $user) { if ($user == $theuser) { unset($allowed_users[$key]); } } } } $Cfg['cat-' . $category] = implode("|", $allowed_users); } } /** * Rather crude check to prevent corrupting the file: * if $Users[$theuser]['username'] is empty, we refuse to save. */ if ($Users[$theuser]['username'] != "") { debug("changes saved for " . $theuser); SaveSettings(); } else { // not right.. debug("Changes not saved.."); } //so we can reload the languages and such if ($admin == 1) { redirect('index.php?session=' . $Pivot_Vars['session'] . '&menu=admin&func=admin&do=seeusers'); die; } else { redirect('index.php?session=' . $Pivot_Vars['session'] . '&menu=userinfo&func=u_settings'); die; } } } else { //reshow the spage $Pivot_Vars['edituser'] = $Pivot_Vars['username']; //regroup the old settings. for ($i = 0; $i < $arraycount; $i++) { if ($userfields[$i][3] == 0) { $userfields[$i][4] = $Pivot_Vars[$userfields[$i][0]]; } elseif ($userfields[$i][3] == 3) { $userfields[$i][6] = $Pivot_Vars[$userfields[$i][0]]; } } } if ($Users[$theuser]['userlevel'] > 3) { //ARGHH!!!!!! $unf[0] = $userfields[4][6]; $unf[1] = 'disabled'; unset($userfields[4][6]); $userfields[4][6] = $unf; } if ($admin == 1) { change_user(1, $userfields); } else { u_settings_screen(1, $userfields); } } PutUserInfo(); }