}
$login_name = isset($_POST['login_name']) ? trim($_POST['login_name']) : '';
$uname = isset($_POST['uname']) ? trim($_POST['uname']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$pass = isset($_POST['password']) ? icms_core_DataFilter::stripSlashesGPC($_POST['password']) : '';
$vpass = isset($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC($_POST['vpass']) : '';
icms_loadLanguageFile('core', 'user');
$user_handler = icms::handler('icms_member_user');
if (icms::$user->isAdmin()) {
$stop = $user_handler->userCheck($login_name, $uname, $email, $pass == '' ? false : $pass, $vpass, $uid);
} elseif ($icmsConfigUser['allow_chguname'] == 1) {
// a normal user can only change his username on this screen (and only if this is allowed in the settings)
$stop = $user_handler->userCheck(false, $uname, false, false, false, $uid);
}
if (!empty($stop)) {
redirect_header(icms_getPreviousPage('edituser.php?uid=' . $uid), 3, $stop);
}
$member_handler = icms::handler('icms_member');
$edituser = $member_handler->getUser($uid);
if (icms::$user->isAdmin()) {
$edituser->setVar('login_name', $login_name);
$edituser->setVar('uname', $uname);
$edituser->setVar('email', $email);
if ($edituser->getVar('uid') != icms::$user->getVar('uid')) {
if ($pass != '') {
$icmspass = new icms_core_Password();
$salt = icms_core_Password::createSalt();
$pass = $icmspass->encryptPass($pass, $salt, $icmsConfigUser['enc_type']);
$edituser->setVar('pass', $pass);
$edituser->setVar('pass_expired', 0);
$edituser->setVar('enc_type', $icmsConfigUser['enc_type']);
}
editvideos($videosObj);
break;
case "addvideos":
if (!icms::$security->check()) {
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors()));
}
$controller = new icms_ipf_Controller($profile_videos_handler);
$controller->storeFromDefaultForm(_MD_PROFILE_VIDEOS_CREATED, _MD_PROFILE_VIDEOS_MODIFIED, PROFILE_URL . basename(__FILE__));
break;
case "del":
if (!$videosObj->userCanEditAndDelete()) {
redirect_header($videosObj->getItemLink(true), 3, _NOPERM);
}
if (isset($_POST['confirm']) && !icms::$security->check()) {
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors()));
}
$controller = new icms_ipf_Controller($profile_videos_handler);
$controller->handleObjectDeletionFromUserSide();
break;
default:
$clean_start = isset($_GET['start']) ? (int) $_GET['start'] : 0;
if ($real_uid && $real_uid == $uid) {
editvideos($videosObj, true);
}
if ($clean_uid > 0 || $real_uid > 0) {
$uid = $clean_uid > 0 ? $clean_uid : $real_uid;
$videosArray = $profile_videos_handler->getVideos($clean_start, icms::$module->config['videosperpage'], $clean_uid);
if (count($videosArray) == 0) {
$icmsTpl->assign('lang_nocontent', _MD_PROFILE_VIDEOS_NOCONTENT);
} else {
/**
* check if user is allowed to access a given section
*
* @param str $item the section (e.g. audio)
* @param int $uid user id
* @return bool
*/
public function userCanAccessSection($item, $uid)
{
global $profile_isAdmin;
if ($profile_isAdmin) {
return true;
}
$module = icms::handler("icms_module")->getByDirname(basename(dirname(dirname(__FILE__))), TRUE);
if (!$module->config["profile_social"]) {
redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM);
}
$configsObj = $this->getConfigPerUser($uid);
if (is_object($configsObj)) {
$status = $configsObj->getVar($item, 'e');
if ($profile_isAdmin) {
return true;
}
if (is_object(icms::$user) && icms::$user->getVar('uid') == $uid) {
return true;
}
if ($status == PROFILE_CONFIG_STATUS_EVERYBODY) {
return true;
}
if ($status == PROFILE_CONFIG_STATUS_MEMBERS && is_object(icms::$user)) {
return true;
}
if ($status == PROFILE_CONFIG_STATUS_FRIENDS && is_object(icms::$user) && icms::$user->getVar('uid') != $uid) {
$profile_friendship_handler = icms_getModuleHandler('friendship', basename(dirname(dirname(__FILE__))), 'profile');
$friendships = $profile_friendship_handler->getFriendships(0, 1, icms::$user->getVar('uid'), $uid, PROFILE_FRIENDSHIP_STATUS_ACCEPTED);
return count($friendships) != 0;
}
if ($status == PROFILE_CONFIG_STATUS_PRIVATE && is_object(icms::$user)) {
return $uid == icms::$user->getVar('uid');
}
}
return false;
}
$isOwner = is_object(icms::$user) && icms::$user->getVar('uid') == $uid ? true : false;
if (icms::$module->config['index_real_name'] == 'real' && trim($thisUser->getVar('name'))) {
$owner_name = is_object($thisUser) ? trim($thisUser->getVar('name')) : _GUESTS;
} elseif (icms::$module->config['index_real_name'] == 'both' && trim($thisUser->getVar('name'))) {
$owner_name = is_object($thisUser) ? trim($thisUser->getVar('name')) . ' (' . trim($thisUser->getVar('uname')) . ')' : _GUESTS;
} else {
$owner_name = is_object($thisUser) ? trim($thisUser->getVar('uname')) : _GUESTS;
}
// check whether icms::$user is allowed to view profile of thisUser
if (!is_object(icms::$user)) {
if (array_intersect($thisUser->getGroups(), icms::$module->config['view_group_' . ICMS_GROUP_ANONYMOUS]) != $thisUser->getGroups()) {
redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM);
}
} elseif (!icms::$user->isAdmin(0)) {
if (array_intersect($thisUser->getGroups(), icms::$module->config['view_group_' . ICMS_GROUP_USERS]) != $thisUser->getGroups()) {
redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM);
}
}
icms_loadLanguageFile('core', 'user');
$module_name = icms::$module->getVar('name');
$xoTheme->addStylesheet(PROFILE_URL . 'assets/css/profile' . (@_ADM_USE_RTL == 1 ? '_rtl' : '') . '.css');
icms_makeSmarty(array('module_name' => $module_name, 'icms_pagetitle' => sprintf(_MD_PROFILE_PAGETITLE, $owner_name), 'profile_image' => '<img src="' . PROFILE_URL . 'images/profile-start.gif" alt="' . $module_name . '"/>', 'profile_content' => _MI_PROFILE_MODULEDESC, 'module_is_socialmode' => icms::$module->config['profile_social'], 'profile_module_home' => '<a href="' . PROFILE_URL . 'index.php?uid=' . $uid . '">' . sprintf(_MD_PROFILE_PAGETITLE, $owner_name) . '</a>'));
if (icms::$module->config['profile_social']) {
$permissions = array();
$items = array('audio', 'pictures', 'friendship', 'videos', 'tribes', 'profile_usercontributions');
foreach ($items as $item) {
$permissions = array_merge($permissions, array($item => $profile_configs_handler->userCanAccessSection($item, $uid)));
}
foreach ($permissions as $permission => $value) {
if (in_array($permission, array('audio', 'pictures', 'friendship', 'videos', 'tribes'))) {
$icmsTpl->assign('allow_' . $permission, icms::$module->config['enable_' . $permission] && $value);
$valid_op = array('del', '');
$isAllowed = $profile_configs_handler->userCanAccessSection('friendship', $clean_uid);
if (!$isAllowed || !icms::$module->config['enable_friendship']) {
redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM);
}
/* Only proceed if the supplied operation is a valid operation */
if (in_array($clean_op, $valid_op, true)) {
switch ($clean_op) {
case 'del':
$friendshipObj = $profile_friendship_handler->get($clean_friendship_id);
if (!$friendshipObj->userCanEditAndDelete()) {
redirect_header(icms_getPreviousPage('friendship.php?uid=' . $clean_uid), 3, _NOPERM);
}
if (isset($_POST['confirm'])) {
if (!icms::$security->check()) {
redirect_header(icms_getPreviousPage('friendship.php?uid=' . $clean_uid), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors()));
}
}
$controller = new icms_ipf_Controller($profile_friendship_handler);
$controller->handleObjectDeletionFromUserSide();
break;
default:
if ($clean_uid > 0 || $real_uid > 0) {
$uid = $clean_uid > 0 ? $clean_uid : $real_uid;
$friendshipsArray = $profile_friendship_handler->getFriendshipsSorted($uid, $isOwner);
if (count($friendshipsArray[PROFILE_FRIENDSHIP_STATUS_PENDING]) + count($friendshipsArray[PROFILE_FRIENDSHIP_STATUS_ACCEPTED]) + count($friendshipsArray[PROFILE_FRIENDSHIP_STATUS_REJECTED]) == 0) {
$icmsTpl->assign('lang_nocontent', _MD_PROFILE_FRIENDSHIPS_NOCONTENT);
} else {
$icmsTpl->assign('profile_friendships', $friendshipsArray);
}
} else {
$controller = new icms_ipf_Controller($profile_friendship_handler);
$controller->storeFromDefaultForm(_MD_PROFILE_FRIENDSHIP_CREATED, _MD_PROFILE_FRIENDSHIP_MODIFIED, PROFILE_URL . "/index.php?uid=" . $uid);
break;
case "editfriendship":
if (!icms::$security->check()) {
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors()));
}
$clean_friendship_id = isset($_POST['friendship_id']) ? (int) $_POST['friendship_id'] : 0;
$friendshipObj = $profile_friendship_handler->get($clean_friendship_id);
if (!$friendshipObj->isNew() && $friendshipObj->getVar('friend2_uid') == $uid) {
$clean_status = isset($_POST['status']) ? (int) $_POST['status'] : '';
$valid_status = array(PROFILE_FRIENDSHIP_STATUS_ACCEPTED, PROFILE_FRIENDSHIP_STATUS_REJECTED);
if (in_array($clean_status, $valid_status, true)) {
$friendshipObj->setVar('status', $clean_status);
$friendshipObj->store(true);
if (strpos(icms_getPreviousPage(), $friendshipObj->handler->_moduleUrl . $friendshipObj->handler->_page) !== false) {
header('Location: ' . $friendshipObj->handler->_moduleUrl . $friendshipObj->handler->_page . '?uid=' . $uid);
}
}
}
default:
if (icms::$user->getVar('uid') != $uid) {
$friendships = $profile_friendship_handler->getFriendships(0, 1, icms::$user->getVar('uid'), $uid);
if (count($friendships) == 0) {
$friendshipObj = $profile_friendship_handler->get($clean_friendship_id);
editfriendship($friendshipObj, $uid, true);
}
}
break;
}
}
/**
* Resize a picture and save it to $path_upload
*
* @param int $pictures_id the id of the picture to set as avatar
* @global array $icmsConfigUser user configuration
* @return void
*/
public function makeAvatar($pictures_id)
{
global $icmsConfigUser;
$picturesObj = $this->get($pictures_id);
// check if picture exists
if ($picturesObj->isNew()) {
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_NOTEDITED);
}
// the current user must be the owner of this picture, users must be allowed to upload avatars and we check for user posts
if (!is_object(icms::$user) || icms::$user->getVar('uid') != $picturesObj->getVar('uid_owner') || $icmsConfigUser['avatar_allow_upload'] == 0 || icms::$user->getVar('posts') < $icmsConfigUser['avatar_minposts']) {
redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM);
}
$image = $this->getImagePath() . $picturesObj->getVar('url');
if (($ext = strrpos($picturesObj->getVar('url'), '.')) !== false) {
$ext = strtolower(substr($picturesObj->getVar('url'), $ext + 1));
} else {
$ext = 'jpg';
}
$avatar = 'cavt_' . time() . '.' . $ext;
$imageAvatar = ICMS_UPLOAD_PATH . '/' . $avatar;
// resize picture and store as avatar
$imgObj = WideImage::load($image);
$imgObj->resizeDown($icmsConfigUser['avatar_width'], $icmsConfigUser['avatar_height'])->saveToFile($imageAvatar);
// retrieve the mime type for the avatar
if (function_exists('exif_imagetype')) {
$avatar_mimetype = image_type_to_mime_type(exif_imagetype($imageAvatar));
} else {
$size = getimagesize($imageAvatar);
$avatar_mimetype = isset($size['mime']) ? $size['mime'] : image_type_to_mime_type($size[2]);
}
// create new avatar object and delete the old one
$avt_handler = icms::handler('icms_data_avatar');
$avatarObj = $avt_handler->create();
$avatarObj->setVar('avatar_file', $avatar);
$avatarObj->setVar('avatar_name', icms::$user->getVar('uname'));
$avatarObj->setVar('avatar_mimetype', $avatar_mimetype);
$avatarObj->setVar('avatar_display', 1);
$avatarObj->setVar('avatar_type', 'C');
if (!$avt_handler->insert($avatarObj)) {
unlink($imageAvatar);
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_NOTEDITED);
} else {
$oldavatar = icms::$user->getVar('user_avatar');
if (!empty($oldavatar) && preg_match("/^cavt/", strtolower($oldavatar))) {
$avatars = $avt_handler->getObjects(new icms_db_criteria_Item('avatar_file', $oldavatar));
if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
$avt_handler->delete($avatars[0]);
$oldavatar_path = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . $oldavatar));
if (0 === strpos($oldavatar_path, ICMS_UPLOAD_PATH) && is_file($oldavatar_path)) {
unlink($oldavatar_path);
}
}
}
icms::$user->setVar('user_avatar', $avatar);
if (icms::handler('icms_member_user')->insert(icms::$user)) {
$avt_handler->addUser($avatarObj->getVar('avatar_id'), (int) icms::$user->getVar('uid'));
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_EDITED);
} else {
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_NOTEDITED);
}
}
}
/**
* Edit a tribe topic
*
* @param int $tribetopic_id id of tribe topic
* @param int $tribepost_id id of tribe post to be edited
* @param object $tribesObj mod_profile_Tribes object
* @param bool $hideForm
* @global mod_profile_TribetopicHandler $profile_tribetopic_handler tribetopic handler
* @global mod_profile_TribepostHandler $profile_tribepost_handler tribepost handler
* @global obj $icmsTpl template object
* @global bool $isOwner true if current user is owner of this tribe
* @return void
*/
function edittribepost($tribetopic_id, $tribepost_id, $tribesObj, $hideForm = false)
{
global $profile_tribetopic_handler, $profile_tribepost_handler, $icmsTpl, $isOwner;
if (!is_object(icms::$user)) {
return false;
}
$icmsTpl->assign('hideForm', $hideForm);
$tribepostObj = $profile_tribepost_handler->get($tribepost_id);
if ($tribepostObj->isNew()) {
if ($tribetopic_id > 0) {
$formtitle = _MD_PROFILE_TRIBEPOST_SUBMIT;
$tribepostObj->setFieldAsRequired('title', false);
$tribepostObj->setVar('topic_id', $tribetopic_id);
} else {
$formtitle = _MD_PROFILE_TRIBETOPIC_SUBMIT;
}
$tribepostObj->setVar('tribes_id', $tribesObj->getVar('tribes_id'));
$tribepostObj->setVar('poster_uid', icms::$user->getVar('uid'));
$tribepostObj->setVar('post_time', date(_DATESTRING));
$tribepostObj->hideFieldFromForm(array('meta_keywords', 'meta_description', 'short_url'));
if (icms::$user->getVar('attachsig')) {
$tribepostObj->hideFieldFromForm('attachsig');
} else {
$tribepostObj->setVar('attachsig', 0);
}
$sform = $tribepostObj->getSecureForm($hideForm ? '' : $formtitle, 'addtribepost');
$sform->assign($icmsTpl, 'profile_addpostform');
$icmsTpl->assign('lang_addpostform_title', $formtitle);
} else {
$tribetopicObj = $profile_tribetopic_handler->get($tribetopic_id);
// check permissions
if (!($tribepostObj->userCanEditAndDelete() || $isOwner)) {
redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM);
}
// set topic or post specific options
if ($tribetopicObj->getVar('post_id') == $tribepost_id) {
$formtitle = _MD_PROFILE_TRIBETOPIC_EDIT;
} else {
$formtitle = _MD_PROFILE_TRIBEPOST_EDIT;
$tribepostObj->setFieldAsRequired('title', false);
}
$tribepostObj->hideFieldFromForm(array('meta_keywords', 'meta_description', 'short_url'));
if (icms::$user->getVar('attachsig')) {
$tribepostObj->hideFieldFromForm('attachsig');
} else {
$tribepostObj->setVar('attachsig', 0);
}
$sform = $tribepostObj->getSecureForm($hideForm ? '' : $formtitle, 'addtribepost');
$sform->assign($icmsTpl, 'profile_editpostform');
$icmsTpl->assign('lang_editpostform', $formtitle);
}
}
editcontent($contentObj);
break;
case "addcontent":
if (!icms::$security->check()) {
redirect_header(icms_getPreviousPage('index.php'), 3, _MD_CONTENT_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors()));
}
$controller = new icms_ipf_Controller($content_content_handler);
$controller->storeFromDefaultForm(_MD_CONTENT_CONTENT_CREATED, _MD_CONTENT_CONTENT_MODIFIED);
break;
case "del":
if (!$contentObj->userCanEditAndDelete()) {
redirect_header($contentObj->getItemLink(true), 3, _NOPERM);
}
if (isset($_POST['confirm'])) {
if (!icms::$security->check()) {
redirect_header(icms_getPreviousPage(), 3, _MD_CONTENT_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors()));
}
}
$controller = new icms_ipf_Controller($content_content_handler);
$controller->handleObjectDeletionFromUserSide();
$icmsTpl->assign('content_category_path', $content_content_handler->getBreadcrumbForPid($contentObj->getVar('content_id', 'e'), 1) . ' > ' . _DELETE);
break;
default:
if (is_object($contentObj) && $contentObj->accessGranted()) {
$content_content_handler->updateCounter($clean_content_id);
$content = $contentObj->toArray();
$icmsTpl->assign('content_content', $content);
$icmsTpl->assign('showInfo', $contentConfig['show_contentinfo']);
$showSubs = $contentConfig['show_relateds'] && $content['content_showsubs'] ? true : false;
$icmsTpl->assign('showSubs', $showSubs);
if ($contentConfig['show_breadcrumb']) {
