Example #1
0
 /**
  * Mutator:
  * Prepares field data rollback
  * Override
  *
  * @param  FieldTable  $field
  * @param  UserTable   $user      RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit)
  * @param  array       $postdata  Typically $_POST (but not necessarily), filtering required.
  * @param  string      $reason    'edit' for save user edit, 'register' for save registration
  */
 public function rollbackFieldDataSave(&$field, &$user, &$postdata, $reason)
 {
     global $_FILES;
     $col = $field->name;
     $col_choice = $col . '__choice';
     $col_file = $col . '__file';
     $choice = stripslashes(cbGetParam($postdata, $col_choice));
     switch ($choice) {
         case 'upload':
             $value = isset($_FILES[$col_file]) ? $_FILES[$col_file] : null;
             if ($this->validate($field, $user, $choice, $value, $postdata, $reason)) {
                 deleteAvatar($user->{$col});
             }
             break;
     }
 }
Example #2
0
            nv_deletefile(NV_ROOTDIR . '/' . $oldAvatar);
        }
        $stmt = $db->prepare("UPDATE " . NV_USERS_GLOBALTABLE . " SET photo='' WHERE userid=" . $user_info['userid']);
        $stmt->execute();
    }
}
$page_title = $lang_module['avatar_pagetitle'];
$array = array();
$array['success'] = 0;
$array['error'] = '';
$array['u'] = (isset($array_op[1]) and ($array_op[1] == "upd" or $array_op[1] == "opener" or $array_op[1] == "src")) ? $array_op[1] : "";
$array['checkss'] = md5($client_info['session_id'] . $global_config['sitekey']);
$checkss = $nv_Request->get_title('checkss', 'post', '');
//Xoa avatar
if ($checkss == $array['checkss'] && $nv_Request->isset_request("del", "post")) {
    deleteAvatar();
    die(json_encode(array('status' => 'ok', 'input' => 'ok', 'mess' => $lang_module['editinfo_ok'])));
}
//global config
$sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='avatar_width'";
$result = $db->query($sql);
$global_config['avatar_width'] = $result->fetchColumn();
$result->closeCursor();
$sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='avatar_height'";
$result = $db->query($sql);
$global_config['avatar_height'] = $result->fetchColumn();
$result->closeCursor();
if (isset($_FILES['image_file']) and is_uploaded_file($_FILES['image_file']['tmp_name']) and !empty($array['u'])) {
    // Get post data
    $array['x1'] = $nv_Request->get_int('x1', 'post', 0);
    $array['y1'] = $nv_Request->get_int('y1', 'post', 0);
Example #3
0
function userAvatar( $option, $uid, $submitvalue) {
	global $_CB_database, $_CB_framework, $_REQUEST, $ueConfig, $_PLUGINS, $_FILES;

	if ( ! $uid ) {
		$uid	=	$_CB_framework->myId();
	}
	if ( ! $uid ) {
		echo _UE_NOT_AUTHORIZED;
		return;
	}
	$msg	=	cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit');
	if ( $msg ) {
		echo $msg;
		return;
	}
	$row = new moscomprofilerUser( $_CB_database );
	if ( ! $row->load( (int) $uid ) ) {
		echo _UE_NOSUCHPROFILE;
		return;
	}

	$do		=	cbGetParam( $_REQUEST, 'do', 'init' );
	if ( $do == 'init' ) {

		HTML_comprofiler::userAvatar( $row, $option, $submitvalue);

	} elseif ( $do == 'validate' ) {

		// simple spoof check security
		cbSpoofCheck( 'userAvatar' );

		if ( ! $ueConfig['allowAvatarUpload'] ) {
			cbNotAuth();
			return;
		}

		$isModerator=isModerator( $_CB_framework->myId() );

		if (	( ! isset( $_FILES['avatar']['tmp_name'] ) )
			||	empty( $_FILES['avatar']['tmp_name'] )
			||	( $_FILES['avatar']['error'] != 0 )
			||	( ! is_uploaded_file( $_FILES['avatar']['tmp_name'] ) )
		) {
			cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_EMPTY, 'userAvatar' );
		}

		$_PLUGINS->loadPluginGroup( 'user' );
		$_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$row, &$row, $isModerator, &$_FILES['avatar']['tmp_name'] ) );
		if ($_PLUGINS->is_errors()) {
			cbRedirectToProfile( $row->id, $_PLUGINS->getErrorMSG(), 'userAvatar' );
		}

		$imgToolBox						=	new imgToolBox();
		$imgToolBox->_conversiontype	=	$ueConfig['conversiontype'];
		$imgToolBox->_IM_path			=	$ueConfig['im_path'];
		$imgToolBox->_NETPBM_path		=	$ueConfig['netpbm_path'];
		$imgToolBox->_maxsize			=	$ueConfig['avatarSize'];
		$imgToolBox->_maxwidth			=	$ueConfig['avatarWidth'];
		$imgToolBox->_maxheight			=	$ueConfig['avatarHeight'];
		$imgToolBox->_thumbwidth		=	$ueConfig['thumbWidth'];
		$imgToolBox->_thumbheight		=	$ueConfig['thumbHeight'];
		$imgToolBox->_debug				=	0;
		$allwaysResize					=	( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 );

		$newFileName		=	$imgToolBox->processImage( $_FILES['avatar'], uniqid($row->id."_"), $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/', 0, 0, 1, $allwaysResize );
		if ( ! $newFileName ) {
			cbRedirectToProfile( $row->id, $imgToolBox->_errMSG, 'userAvatar' );
		}

		if ($row->avatar != null && $row->avatar!="") {
			deleteAvatar($row->avatar);
		}

		if ($ueConfig['avatarUploadApproval']==1 && $isModerator==0) {

			$cbNotification	=	new cbNotification();
			$cbNotification->sendToModerators(_UE_IMAGE_ADMIN_SUB,_UE_IMAGE_ADMIN_MSG);

			$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=0 WHERE id=" . (int) $row->id);
			$redMsg			=	_UE_UPLOAD_PEND_APPROVAL;
		} else {
			$_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=1, lastupdatedate=". $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
			$redMsg			=	_UE_UPLOAD_SUCCESSFUL;
		}

		$_CB_database->query();

		$_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array(&$row,&$row,$isModerator,$newFileName) );
		cbRedirectToProfile( $row->id, $redMsg );

	} elseif ( $do == 'fromgallery' ) {

		// simple spoof check security
		cbSpoofCheck( 'userAvatar' );

		if( ! $ueConfig['allowAvatarGallery'] ) {
			cbNotAuth();
			return;
		}

		$newAvatar = cbGetParam( $_POST, 'newavatar', null );
		if ( ( $newAvatar == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $newAvatar ) || ( strpos( $newAvatar, '..' ) !== false ) ) {
			cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_CHOOSE, 'userAvatar' );
		}
		$_CB_database->setQuery( "UPDATE #__comprofiler SET avatar = " . $_CB_database->Quote( 'gallery/' . $newAvatar )
								. ", avatarapproved=1, lastupdatedate = " . $_CB_database->Quote( $_CB_framework->dateDbOfNow() )
								. " WHERE id = " . (int) $row->id);
		if( ! $_CB_database->query() ) {
			$msg	=	_UE_USER_PROFILE_NOT;
		}else {
			// delete old avatar:
			deleteAvatar( $row->avatar );
			$msg	=	_UE_USER_PROFILE_UPDATED;
		}
		cbRedirectToProfile( $row->id, $msg );

	} elseif ( $do == 'deleteavatar' ) {

		if ( $row->avatar != null && $row->avatar != "" ) {
			deleteAvatar( $row->avatar );
			$_CB_database->setQuery("UPDATE  #__comprofiler SET avatar=null, avatarapproved=1, lastupdatedate=" . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id);
			$_CB_database->query();
		}

		cbRedirectToProfile( $row->id, _USER_DETAILS_SAVE );
	}
}
/**
 * Deletes a user without any check or warning
 *
 * @param int $id userid
 * @param string $condition php condition string on $user e.g. "return (\$user->block == 1);"
 * @param string $inComprofilerOnly deletes user only in CB, not in Mambo/Joomla
 * @return mixed : "" if user deleted and found ok, null if user not found, false if condition was not met, string error in case of error raised by plugin
 */
function cbDeleteUser($id, $condition = null, $inComprofilerOnly = false)
{
    global $_CB_framework, $_CB_database, $_PLUGINS;
    $msg = null;
    $obj2 = new moscomprofiler($_CB_database);
    $query = "SELECT * FROM #__comprofiler c LEFT JOIN #__users u ON c.id = u.id WHERE c.id = " . (int) $id;
    $_CB_database->setQuery($query);
    $user = $_CB_database->loadObjectList();
    if ($_CB_database->getErrorNum() || count($user) == 0) {
        $query = "SELECT * FROM #__users u LEFT JOIN #__comprofiler c ON c.id = u.id WHERE u.id = " . (int) $id;
        $_CB_database->setQuery($query);
        $user = $_CB_database->loadObjectList();
    }
    if (!$_CB_database->getErrorNum() && count($user) > 0) {
        $user = $user[0];
        if ($condition == null || eval($condition)) {
            $_PLUGINS->loadPluginGroup('user');
            $_PLUGINS->trigger('onBeforeDeleteUser', array($user));
            if ($_PLUGINS->is_errors()) {
                $msg = $_PLUGINS->getErrorMSG();
            } else {
                deleteAvatar($user->avatar);
                $reports = new moscomprofilerUserReport($_CB_database);
                $reports->deleteUserReports($user->id);
                _cbdeleteUserViews($user->id);
                if (!$inComprofilerOnly) {
                    $obj =& $_CB_framework->_getCmsUserObject($id);
                    $obj->delete($id);
                    $msg .= $obj->getError();
                }
                $obj2->delete($id);
                $msg .= $obj2->getError();
                // delete user acounts active sessions
                $query = "DELETE FROM #__session" . "\n WHERE userid = " . (int) $id;
                $_CB_database->setQuery($query);
                $_CB_database->query();
                $_PLUGINS->trigger('onAfterDeleteUser', array($user, true));
            }
        } else {
            $msg = false;
        }
    }
    return $msg;
}
Example #5
0
	/**
	 * Prepares field data for saving to database (safe transfer from $postdata to $user)
	 * Override
	 *
	 * @param  moscomprofilerFields  $field
	 * @param  moscomprofilerUser    $user      RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit)
	 * @param  array                 $postdata  Typically $_POST (but not necessarily), filtering required.
	 * @param  string                $reason    'edit' for save profile edit, 'register' for registration, 'search' for searches
	 */
	function prepareFieldDataSave( &$field, &$user, &$postdata, $reason ) {
		global $_CB_framework, $ueConfig, $_PLUGINS, $_FILES;

		$this->_prepareFieldMetaSave( $field, $user, $postdata, $reason );

		$col										=	$field->name;
		$colapproved								=	$col . 'approved';
		$col_choice									=	$col . '__choice';
		$col_file									=	$col . '__file';
		$col_gallery								=	$col . '__gallery';

		$choice										=	stripslashes( cbGetParam( $postdata, $col_choice ) );

		switch ( $choice ) {
			case 'upload':
				$value								=	( isset( $_FILES[$col_file] ) ? $_FILES[$col_file] : null );
		
				if ( $this->validate( $field, $user, $choice, $value, $postdata, $reason ) ) {
					$_PLUGINS->loadPluginGroup( 'user' );
		
					$isModerator					=	isModerator( $_CB_framework->myId() );
		
					$_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$user, &$user, $isModerator, &$value['tmp_name'] ) );
					if ( $_PLUGINS->is_errors() ) {
						$this->_setErrorMSG( $_PLUGINS->getErrorMSG() );
					}
					$imgToolBox						=	new imgToolBox();
					$imgToolBox->_conversiontype	=	$ueConfig['conversiontype'];
					$imgToolBox->_IM_path			=	$ueConfig['im_path'];
					$imgToolBox->_NETPBM_path		=	$ueConfig['netpbm_path'];
					$imgToolBox->_maxsize			=	$this->_getImageFieldParam( $field, 'avatarSize' );
					$imgToolBox->_maxwidth			=	$this->_getImageFieldParam( $field, 'avatarWidth' );
					$imgToolBox->_maxheight			=	$this->_getImageFieldParam( $field, 'avatarHeight' );
					$imgToolBox->_thumbwidth		=	$this->_getImageFieldParam( $field, 'thumbWidth' );
					$imgToolBox->_thumbheight		=	$this->_getImageFieldParam( $field, 'thumbHeight' );
					$imgToolBox->_debug				=	0;
	
					$allwaysResize					=	( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 );

					$fileNameInDir					=	( $col == 'avatar' ? '' : $col . '_' ) . uniqid( $user->id . '_' );
					$newFileName					=	$imgToolBox->processImage( $value, $fileNameInDir, $_CB_framework->getCfg( 'absolute_path' ) . '/images/comprofiler/', 0, 0, 1, $allwaysResize );
					if ( ! $newFileName ) {
						$this->_setValidationError( $field, $user, $reason, $imgToolBox->_errMSG ); // needed if uploaded file fails in imgToolbox
						//BB: maybe this needed instead ? :
						// $this->_setErrorMSG( $imgToolBox->_errMSG );
						return;
					}
	
					if ( isset( $user->$col ) && ! ( ( $col == 'avatar' ) && ( $ueConfig['avatarUploadApproval'] == 1 ) && ( $isModerator == 0 ) ) ) {
						// if auto-approved:				//TBD: else need to log update on image approval !
						$this->_logFieldUpdate( $field, $user, $reason, $user->$col, $newFileName );
					}
	
					if ( isset( $user->$col ) && ( $user->$col != '' ) ) {
						deleteAvatar( $user->$col );
					}
	
					if ( ( $col == 'avatar' ) && ( $ueConfig['avatarUploadApproval'] == 1 ) && ( $isModerator == 0 ) ) {
						$cbNotification				=	new cbNotification();
						$cbNotification->sendToModerators( _UE_IMAGE_ADMIN_SUB, _UE_IMAGE_ADMIN_MSG );
			
						$user->$col					=	$newFileName;
						$user->$colapproved			=	0;
					} else {
						$user->$col					=	$newFileName;
						$user->$colapproved			=	1;
					}
		
					$_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array( &$user, &$user, $isModerator, $newFileName ) );
				}
				break;
			case 'gallery':
				$newAvatar							=	stripslashes( cbGetParam( $postdata, $col_gallery ) );
		
				if ( $this->validate( $field, $user, $choice, $newAvatar, $postdata, $reason ) ) {
					$value							=	'gallery/' . $newAvatar;

					if ( isset( $user->$col ) ) {
						$this->_logFieldUpdate( $field, $user, $reason, $user->$col, $value );
					}
					
					deleteAvatar( $user->$col ); // delete old avatar
	
					$user->$col							=	$value;
					$user->$colapproved					=	1;
				}
				break;
			case 'delete':
				if ( $user->id && ( $user->$col != null ) && ( $user->$col != '' ) ) {
					global $_CB_database;

					if ( isset( $user->$col ) ) {
						$this->_logFieldUpdate( $field, $user, $reason, $user->$col, '' );
					}
					
					deleteAvatar( $user->$col ); // delete old avatar

					$user->$col						=	null; // this will not update, so we do query below:
					$user->$colapproved				=	1;

					$query							=	'UPDATE ' . $_CB_database->NameQuote( $field->table )
													.	"\n SET " . $_CB_database->NameQuote( $col )			  . ' = NULL'
													.	', '	  . $_CB_database->NameQuote( $col . 'approved' ) . ' = 1'
													.	', '	  . $_CB_database->NameQuote( 'lastupdatedate' )  . ' = ' . $_CB_database->Quote( $_CB_framework->dateDbOfNow() )
													.	"\n WHERE " . $_CB_database->NameQuote( 'id' )			  . ' = ' . (int) $user->id;
					$_CB_database->setQuery( $query );
					$_CB_database->query();
				}
				break;
			case 'approve':
				if ( isset( $user->$col ) && ( $_CB_framework->getUi() == 2 ) && $user->id && ( $user->$col != null ) && ( $user->$colapproved == 0 ) ) {
					$this->_logFieldUpdate( $field, $user, $reason, '', $user->$col );	// here we are missing the old value, so can't give it...

					$user->$colapproved				=	1;
					$user->lastupdatedate			=	$_CB_framework->dateDbOfNow();

					$cbNotification					=	new cbNotification();
					$cbNotification->sendFromSystem( $user, _UE_IMAGEAPPROVED_SUB, _UE_IMAGEAPPROVED_MSG );
				}
				break;
			case '':
			default:
				$this->validate( $field, $user, $choice, $newAvatar, $postdata, $reason );
				break;
		}
	}
Example #6
0
 /**
  * Deletes this record (no checks)
  *
  * @param  int   $oid         Key id of row to delete (otherwise it's the one of $this)
  * @param  bool  $cbUserOnly  True: delete CB user only, False: delete CB and CMS user
  * @return boolean
  */
 public function delete($oid = null, $cbUserOnly = false)
 {
     global $_CB_framework, $_PLUGINS;
     $k = $this->_tbl_key;
     if ($oid) {
         $this->{$k} = (int) $oid;
     }
     $_PLUGINS->loadPluginGroup('user');
     $_PLUGINS->trigger('onBeforeDeleteUser', array($this));
     if ($_PLUGINS->is_errors()) {
         $this->setError($_PLUGINS->getErrorMSG());
         return false;
     } else {
         deleteAvatar($this->avatar);
         $reports = new UserReportTable();
         $reports->deleteUserReports($this->id);
         $views = new UserViewTable();
         $views->deleteUserViews($this->id);
         if (!$cbUserOnly) {
             $cmsUser = $_CB_framework->_getCmsUserObject($this->id);
             try {
                 $cmsUser->delete($this->id);
             } catch (\RuntimeException $e) {
                 $this->setError($e->getMessage());
                 return false;
             }
         }
         if (!parent::delete($oid)) {
             return false;
         }
         $query = 'DELETE' . "\n FROM " . $this->_db->NameQuote('#__session') . "\n WHERE " . $this->_db->NameQuote('userid') . " = " . (int) $this->id;
         $this->_db->setQuery($query);
         $this->_db->query();
         $_PLUGINS->trigger('onAfterDeleteUser', array($this, true));
     }
     return true;
 }
 if ($avatar->canEdit()) {
     $subtype = $avatar->getSubtype();
     $container = get_entity($avatar->container_guid);
     if ($subtype != 'avatar') {
         forward(get_input('forward_url', $_SERVER['HTTP_REFERER']));
     }
     //back off if not an avatar
     $images = array($avatar);
     //loop through all avatar's images and delete them
     foreach ($images as $im) {
         deleteAvatar($im->large, $im->getOwner());
         deleteAvatar($im->medium, $im->getOwner());
         deleteAvatar($im->small, $im->getOwner());
         deleteAvatar($im->tiny, $im->getOwner());
         deleteAvatar($im->topbar, $im->getOwner());
         deleteAvatar($im->master, $im->getOwner());
         if ($im) {
             //delete actual image file
             $delfile = new ElggFile($im->getGUID());
             $delfile->owner_guid = $im->getOwner();
             //$delfile->setFilename($im->originalfilename);
             if (!$delfile->delete()) {
                 register_error(elgg_echo("avatar:notdeleted"));
             } else {
                 system_message(elgg_echo("avatar:deleted"));
             }
         }
         //end delete actual image file
     }
     //end looping through each image to delete it
 } else {