/** * Mutator: * Prepares field data rollback * Override * * @param FieldTable $field * @param UserTable $user RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit) * @param array $postdata Typically $_POST (but not necessarily), filtering required. * @param string $reason 'edit' for save user edit, 'register' for save registration */ public function rollbackFieldDataSave(&$field, &$user, &$postdata, $reason) { global $_FILES; $col = $field->name; $col_choice = $col . '__choice'; $col_file = $col . '__file'; $choice = stripslashes(cbGetParam($postdata, $col_choice)); switch ($choice) { case 'upload': $value = isset($_FILES[$col_file]) ? $_FILES[$col_file] : null; if ($this->validate($field, $user, $choice, $value, $postdata, $reason)) { deleteAvatar($user->{$col}); } break; } }
nv_deletefile(NV_ROOTDIR . '/' . $oldAvatar); } $stmt = $db->prepare("UPDATE " . NV_USERS_GLOBALTABLE . " SET photo='' WHERE userid=" . $user_info['userid']); $stmt->execute(); } } $page_title = $lang_module['avatar_pagetitle']; $array = array(); $array['success'] = 0; $array['error'] = ''; $array['u'] = (isset($array_op[1]) and ($array_op[1] == "upd" or $array_op[1] == "opener" or $array_op[1] == "src")) ? $array_op[1] : ""; $array['checkss'] = md5($client_info['session_id'] . $global_config['sitekey']); $checkss = $nv_Request->get_title('checkss', 'post', ''); //Xoa avatar if ($checkss == $array['checkss'] && $nv_Request->isset_request("del", "post")) { deleteAvatar(); die(json_encode(array('status' => 'ok', 'input' => 'ok', 'mess' => $lang_module['editinfo_ok']))); } //global config $sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='avatar_width'"; $result = $db->query($sql); $global_config['avatar_width'] = $result->fetchColumn(); $result->closeCursor(); $sql = "SELECT content FROM " . NV_USERS_GLOBALTABLE . "_config WHERE config='avatar_height'"; $result = $db->query($sql); $global_config['avatar_height'] = $result->fetchColumn(); $result->closeCursor(); if (isset($_FILES['image_file']) and is_uploaded_file($_FILES['image_file']['tmp_name']) and !empty($array['u'])) { // Get post data $array['x1'] = $nv_Request->get_int('x1', 'post', 0); $array['y1'] = $nv_Request->get_int('y1', 'post', 0);
function userAvatar( $option, $uid, $submitvalue) { global $_CB_database, $_CB_framework, $_REQUEST, $ueConfig, $_PLUGINS, $_FILES; if ( ! $uid ) { $uid = $_CB_framework->myId(); } if ( ! $uid ) { echo _UE_NOT_AUTHORIZED; return; } $msg = cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit'); if ( $msg ) { echo $msg; return; } $row = new moscomprofilerUser( $_CB_database ); if ( ! $row->load( (int) $uid ) ) { echo _UE_NOSUCHPROFILE; return; } $do = cbGetParam( $_REQUEST, 'do', 'init' ); if ( $do == 'init' ) { HTML_comprofiler::userAvatar( $row, $option, $submitvalue); } elseif ( $do == 'validate' ) { // simple spoof check security cbSpoofCheck( 'userAvatar' ); if ( ! $ueConfig['allowAvatarUpload'] ) { cbNotAuth(); return; } $isModerator=isModerator( $_CB_framework->myId() ); if ( ( ! isset( $_FILES['avatar']['tmp_name'] ) ) || empty( $_FILES['avatar']['tmp_name'] ) || ( $_FILES['avatar']['error'] != 0 ) || ( ! is_uploaded_file( $_FILES['avatar']['tmp_name'] ) ) ) { cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_EMPTY, 'userAvatar' ); } $_PLUGINS->loadPluginGroup( 'user' ); $_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$row, &$row, $isModerator, &$_FILES['avatar']['tmp_name'] ) ); if ($_PLUGINS->is_errors()) { cbRedirectToProfile( $row->id, $_PLUGINS->getErrorMSG(), 'userAvatar' ); } $imgToolBox = new imgToolBox(); $imgToolBox->_conversiontype = $ueConfig['conversiontype']; $imgToolBox->_IM_path = $ueConfig['im_path']; $imgToolBox->_NETPBM_path = $ueConfig['netpbm_path']; $imgToolBox->_maxsize = $ueConfig['avatarSize']; $imgToolBox->_maxwidth = $ueConfig['avatarWidth']; $imgToolBox->_maxheight = $ueConfig['avatarHeight']; $imgToolBox->_thumbwidth = $ueConfig['thumbWidth']; $imgToolBox->_thumbheight = $ueConfig['thumbHeight']; $imgToolBox->_debug = 0; $allwaysResize = ( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 ); $newFileName = $imgToolBox->processImage( $_FILES['avatar'], uniqid($row->id."_"), $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/', 0, 0, 1, $allwaysResize ); if ( ! $newFileName ) { cbRedirectToProfile( $row->id, $imgToolBox->_errMSG, 'userAvatar' ); } if ($row->avatar != null && $row->avatar!="") { deleteAvatar($row->avatar); } if ($ueConfig['avatarUploadApproval']==1 && $isModerator==0) { $cbNotification = new cbNotification(); $cbNotification->sendToModerators(_UE_IMAGE_ADMIN_SUB,_UE_IMAGE_ADMIN_MSG); $_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=0 WHERE id=" . (int) $row->id); $redMsg = _UE_UPLOAD_PEND_APPROVAL; } else { $_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=1, lastupdatedate=". $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id); $redMsg = _UE_UPLOAD_SUCCESSFUL; } $_CB_database->query(); $_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array(&$row,&$row,$isModerator,$newFileName) ); cbRedirectToProfile( $row->id, $redMsg ); } elseif ( $do == 'fromgallery' ) { // simple spoof check security cbSpoofCheck( 'userAvatar' ); if( ! $ueConfig['allowAvatarGallery'] ) { cbNotAuth(); return; } $newAvatar = cbGetParam( $_POST, 'newavatar', null ); if ( ( $newAvatar == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $newAvatar ) || ( strpos( $newAvatar, '..' ) !== false ) ) { cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_CHOOSE, 'userAvatar' ); } $_CB_database->setQuery( "UPDATE #__comprofiler SET avatar = " . $_CB_database->Quote( 'gallery/' . $newAvatar ) . ", avatarapproved=1, lastupdatedate = " . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id = " . (int) $row->id); if( ! $_CB_database->query() ) { $msg = _UE_USER_PROFILE_NOT; }else { // delete old avatar: deleteAvatar( $row->avatar ); $msg = _UE_USER_PROFILE_UPDATED; } cbRedirectToProfile( $row->id, $msg ); } elseif ( $do == 'deleteavatar' ) { if ( $row->avatar != null && $row->avatar != "" ) { deleteAvatar( $row->avatar ); $_CB_database->setQuery("UPDATE #__comprofiler SET avatar=null, avatarapproved=1, lastupdatedate=" . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id); $_CB_database->query(); } cbRedirectToProfile( $row->id, _USER_DETAILS_SAVE ); } }
/** * Deletes a user without any check or warning * * @param int $id userid * @param string $condition php condition string on $user e.g. "return (\$user->block == 1);" * @param string $inComprofilerOnly deletes user only in CB, not in Mambo/Joomla * @return mixed : "" if user deleted and found ok, null if user not found, false if condition was not met, string error in case of error raised by plugin */ function cbDeleteUser($id, $condition = null, $inComprofilerOnly = false) { global $_CB_framework, $_CB_database, $_PLUGINS; $msg = null; $obj2 = new moscomprofiler($_CB_database); $query = "SELECT * FROM #__comprofiler c LEFT JOIN #__users u ON c.id = u.id WHERE c.id = " . (int) $id; $_CB_database->setQuery($query); $user = $_CB_database->loadObjectList(); if ($_CB_database->getErrorNum() || count($user) == 0) { $query = "SELECT * FROM #__users u LEFT JOIN #__comprofiler c ON c.id = u.id WHERE u.id = " . (int) $id; $_CB_database->setQuery($query); $user = $_CB_database->loadObjectList(); } if (!$_CB_database->getErrorNum() && count($user) > 0) { $user = $user[0]; if ($condition == null || eval($condition)) { $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeDeleteUser', array($user)); if ($_PLUGINS->is_errors()) { $msg = $_PLUGINS->getErrorMSG(); } else { deleteAvatar($user->avatar); $reports = new moscomprofilerUserReport($_CB_database); $reports->deleteUserReports($user->id); _cbdeleteUserViews($user->id); if (!$inComprofilerOnly) { $obj =& $_CB_framework->_getCmsUserObject($id); $obj->delete($id); $msg .= $obj->getError(); } $obj2->delete($id); $msg .= $obj2->getError(); // delete user acounts active sessions $query = "DELETE FROM #__session" . "\n WHERE userid = " . (int) $id; $_CB_database->setQuery($query); $_CB_database->query(); $_PLUGINS->trigger('onAfterDeleteUser', array($user, true)); } } else { $msg = false; } } return $msg; }
/** * Prepares field data for saving to database (safe transfer from $postdata to $user) * Override * * @param moscomprofilerFields $field * @param moscomprofilerUser $user RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit) * @param array $postdata Typically $_POST (but not necessarily), filtering required. * @param string $reason 'edit' for save profile edit, 'register' for registration, 'search' for searches */ function prepareFieldDataSave( &$field, &$user, &$postdata, $reason ) { global $_CB_framework, $ueConfig, $_PLUGINS, $_FILES; $this->_prepareFieldMetaSave( $field, $user, $postdata, $reason ); $col = $field->name; $colapproved = $col . 'approved'; $col_choice = $col . '__choice'; $col_file = $col . '__file'; $col_gallery = $col . '__gallery'; $choice = stripslashes( cbGetParam( $postdata, $col_choice ) ); switch ( $choice ) { case 'upload': $value = ( isset( $_FILES[$col_file] ) ? $_FILES[$col_file] : null ); if ( $this->validate( $field, $user, $choice, $value, $postdata, $reason ) ) { $_PLUGINS->loadPluginGroup( 'user' ); $isModerator = isModerator( $_CB_framework->myId() ); $_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$user, &$user, $isModerator, &$value['tmp_name'] ) ); if ( $_PLUGINS->is_errors() ) { $this->_setErrorMSG( $_PLUGINS->getErrorMSG() ); } $imgToolBox = new imgToolBox(); $imgToolBox->_conversiontype = $ueConfig['conversiontype']; $imgToolBox->_IM_path = $ueConfig['im_path']; $imgToolBox->_NETPBM_path = $ueConfig['netpbm_path']; $imgToolBox->_maxsize = $this->_getImageFieldParam( $field, 'avatarSize' ); $imgToolBox->_maxwidth = $this->_getImageFieldParam( $field, 'avatarWidth' ); $imgToolBox->_maxheight = $this->_getImageFieldParam( $field, 'avatarHeight' ); $imgToolBox->_thumbwidth = $this->_getImageFieldParam( $field, 'thumbWidth' ); $imgToolBox->_thumbheight = $this->_getImageFieldParam( $field, 'thumbHeight' ); $imgToolBox->_debug = 0; $allwaysResize = ( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 ); $fileNameInDir = ( $col == 'avatar' ? '' : $col . '_' ) . uniqid( $user->id . '_' ); $newFileName = $imgToolBox->processImage( $value, $fileNameInDir, $_CB_framework->getCfg( 'absolute_path' ) . '/images/comprofiler/', 0, 0, 1, $allwaysResize ); if ( ! $newFileName ) { $this->_setValidationError( $field, $user, $reason, $imgToolBox->_errMSG ); // needed if uploaded file fails in imgToolbox //BB: maybe this needed instead ? : // $this->_setErrorMSG( $imgToolBox->_errMSG ); return; } if ( isset( $user->$col ) && ! ( ( $col == 'avatar' ) && ( $ueConfig['avatarUploadApproval'] == 1 ) && ( $isModerator == 0 ) ) ) { // if auto-approved: //TBD: else need to log update on image approval ! $this->_logFieldUpdate( $field, $user, $reason, $user->$col, $newFileName ); } if ( isset( $user->$col ) && ( $user->$col != '' ) ) { deleteAvatar( $user->$col ); } if ( ( $col == 'avatar' ) && ( $ueConfig['avatarUploadApproval'] == 1 ) && ( $isModerator == 0 ) ) { $cbNotification = new cbNotification(); $cbNotification->sendToModerators( _UE_IMAGE_ADMIN_SUB, _UE_IMAGE_ADMIN_MSG ); $user->$col = $newFileName; $user->$colapproved = 0; } else { $user->$col = $newFileName; $user->$colapproved = 1; } $_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array( &$user, &$user, $isModerator, $newFileName ) ); } break; case 'gallery': $newAvatar = stripslashes( cbGetParam( $postdata, $col_gallery ) ); if ( $this->validate( $field, $user, $choice, $newAvatar, $postdata, $reason ) ) { $value = 'gallery/' . $newAvatar; if ( isset( $user->$col ) ) { $this->_logFieldUpdate( $field, $user, $reason, $user->$col, $value ); } deleteAvatar( $user->$col ); // delete old avatar $user->$col = $value; $user->$colapproved = 1; } break; case 'delete': if ( $user->id && ( $user->$col != null ) && ( $user->$col != '' ) ) { global $_CB_database; if ( isset( $user->$col ) ) { $this->_logFieldUpdate( $field, $user, $reason, $user->$col, '' ); } deleteAvatar( $user->$col ); // delete old avatar $user->$col = null; // this will not update, so we do query below: $user->$colapproved = 1; $query = 'UPDATE ' . $_CB_database->NameQuote( $field->table ) . "\n SET " . $_CB_database->NameQuote( $col ) . ' = NULL' . ', ' . $_CB_database->NameQuote( $col . 'approved' ) . ' = 1' . ', ' . $_CB_database->NameQuote( 'lastupdatedate' ) . ' = ' . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . "\n WHERE " . $_CB_database->NameQuote( 'id' ) . ' = ' . (int) $user->id; $_CB_database->setQuery( $query ); $_CB_database->query(); } break; case 'approve': if ( isset( $user->$col ) && ( $_CB_framework->getUi() == 2 ) && $user->id && ( $user->$col != null ) && ( $user->$colapproved == 0 ) ) { $this->_logFieldUpdate( $field, $user, $reason, '', $user->$col ); // here we are missing the old value, so can't give it... $user->$colapproved = 1; $user->lastupdatedate = $_CB_framework->dateDbOfNow(); $cbNotification = new cbNotification(); $cbNotification->sendFromSystem( $user, _UE_IMAGEAPPROVED_SUB, _UE_IMAGEAPPROVED_MSG ); } break; case '': default: $this->validate( $field, $user, $choice, $newAvatar, $postdata, $reason ); break; } }
/** * Deletes this record (no checks) * * @param int $oid Key id of row to delete (otherwise it's the one of $this) * @param bool $cbUserOnly True: delete CB user only, False: delete CB and CMS user * @return boolean */ public function delete($oid = null, $cbUserOnly = false) { global $_CB_framework, $_PLUGINS; $k = $this->_tbl_key; if ($oid) { $this->{$k} = (int) $oid; } $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeDeleteUser', array($this)); if ($_PLUGINS->is_errors()) { $this->setError($_PLUGINS->getErrorMSG()); return false; } else { deleteAvatar($this->avatar); $reports = new UserReportTable(); $reports->deleteUserReports($this->id); $views = new UserViewTable(); $views->deleteUserViews($this->id); if (!$cbUserOnly) { $cmsUser = $_CB_framework->_getCmsUserObject($this->id); try { $cmsUser->delete($this->id); } catch (\RuntimeException $e) { $this->setError($e->getMessage()); return false; } } if (!parent::delete($oid)) { return false; } $query = 'DELETE' . "\n FROM " . $this->_db->NameQuote('#__session') . "\n WHERE " . $this->_db->NameQuote('userid') . " = " . (int) $this->id; $this->_db->setQuery($query); $this->_db->query(); $_PLUGINS->trigger('onAfterDeleteUser', array($this, true)); } return true; }
if ($avatar->canEdit()) { $subtype = $avatar->getSubtype(); $container = get_entity($avatar->container_guid); if ($subtype != 'avatar') { forward(get_input('forward_url', $_SERVER['HTTP_REFERER'])); } //back off if not an avatar $images = array($avatar); //loop through all avatar's images and delete them foreach ($images as $im) { deleteAvatar($im->large, $im->getOwner()); deleteAvatar($im->medium, $im->getOwner()); deleteAvatar($im->small, $im->getOwner()); deleteAvatar($im->tiny, $im->getOwner()); deleteAvatar($im->topbar, $im->getOwner()); deleteAvatar($im->master, $im->getOwner()); if ($im) { //delete actual image file $delfile = new ElggFile($im->getGUID()); $delfile->owner_guid = $im->getOwner(); //$delfile->setFilename($im->originalfilename); if (!$delfile->delete()) { register_error(elgg_echo("avatar:notdeleted")); } else { system_message(elgg_echo("avatar:deleted")); } } //end delete actual image file } //end looping through each image to delete it } else {