Exemple #1
0
/**
* Saves user's preferences back to the database
*
* @param    array   $A  User's data to save
* @return   void
*
*/
function savepreferences($A)
{
    global $_CONF, $_TABLES, $_USER;
    if (isset($A['noicons']) && $A['noicons'] == 'on') {
        $A['noicons'] = 1;
    } else {
        $A['noicons'] = 0;
    }
    if (isset($A['willing']) && $A['willing'] == 'on') {
        $A['willing'] = 1;
    } else {
        $A['willing'] = 0;
    }
    if (isset($A['noboxes']) && $A['noboxes'] == 'on') {
        $A['noboxes'] = 1;
    } else {
        $A['noboxes'] = 0;
    }
    if (isset($A['emailfromadmin']) && $A['emailfromadmin'] == 'on') {
        $A['emailfromadmin'] = 1;
    } else {
        $A['emailfromadmin'] = 0;
    }
    if (isset($A['emailfromuser']) && $A['emailfromuser'] == 'on') {
        $A['emailfromuser'] = 1;
    } else {
        $A['emailfromuser'] = 0;
    }
    if (isset($A['showonline']) && $A['showonline'] == 'on') {
        $A['showonline'] = 1;
    } else {
        $A['showonline'] = 0;
    }
    $A['maxstories'] = COM_applyFilter($A['maxstories'], true);
    if (empty($A['maxstories'])) {
        $A['maxstories'] = 0;
    } else {
        if ($A['maxstories'] > 0) {
            if ($A['maxstories'] < $_CONF['minnews']) {
                $A['maxstories'] = $_CONF['minnews'];
            }
        }
    }
    $TIDS = @array_values($A['topics']);
    // array of strings
    $AIDS = @array_values($A['selauthors']);
    // array of integers
    $BOXES = @array_values($A['blocks']);
    // array of integers
    $ETIDS = @array_values($A['etids']);
    // array of strings
    $AETIDS = USER_getAllowedTopics();
    // array of strings (fetched, needed to "clean" $TIDS and $ETIDS)
    $tids = '';
    if (count($TIDS) > 0) {
        // the array_intersect mitigates the need to scrub the TIDS input
        $tids = addslashes(implode(' ', array_intersect($AETIDS, $TIDS)));
    }
    $aids = '';
    if (count($AIDS) > 0) {
        // Scrub the AIDS array to prevent SQL injection and bad values
        foreach ($AIDS as $key => $val) {
            $AIDS[$key] = COM_applyFilter($val, true);
        }
        $aids = addslashes(implode(' ', $AIDS));
    }
    $selectedblocks = '';
    if (count($BOXES) > 0) {
        // Scrub the BOXES array to prevent SQL injection and bad values
        foreach ($BOXES as $key => $val) {
            $BOXES[$key] = COM_applyFilter($val, true);
        }
        $boxes = addslashes(implode(',', $BOXES));
        $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
        $numRows = DB_numRows($blockresult);
        for ($x = 1; $x <= $numRows; $x++) {
            $row = DB_fetchArray($blockresult);
            if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
                $selectedblocks .= $row['bid'];
                if ($x != $numRows) {
                    $selectedblocks .= ' ';
                }
            }
        }
    }
    $selectedblocks = trim($selectedblocks);
    $etids = '';
    if ($_CONF['emailstories'] == 1 && count($ETIDS) > 0) {
        // the array_intersect mitigates the need to scrub the ETIDS input
        $etids = addslashes(implode(' ', array_intersect($AETIDS, $ETIDS)));
    }
    if (isset($A['tzid'])) {
        $A['tzid'] = COM_applyFilter($A['tzid']);
    } else {
        $A['tzid'] = '';
    }
    if (isset($A['theme'])) {
        $A['theme'] = COM_applyFilter($A['theme']);
    }
    if (empty($A['theme'])) {
        $A['theme'] = $_CONF['theme'];
    }
    if (isset($A['language'])) {
        $A['language'] = COM_applyFilter($A['language']);
    }
    if (empty($A['language'])) {
        $A['language'] = $_CONF['language'];
    }
    // Save theme, when doing so, put in cookie so we can set the user's theme
    // even when they aren't logged in
    $theme = addslashes($A['theme']);
    $language = addslashes($A['language']);
    DB_query("UPDATE {$_TABLES['users']} SET theme='{$theme}',language='{$language}' WHERE uid = '{$_USER['uid']}'");
    setcookie($_CONF['cookie_theme'], $A['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
    setcookie($_CONF['cookie_language'], $A['language'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
    setcookie($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
    $A['dfid'] = COM_applyFilter($A['dfid'], true);
    DB_query("UPDATE {$_TABLES['userprefs']} SET noicons='{$A['noicons']}', willing='{$A['willing']}', dfid='{$A['dfid']}', tzid='{$A['tzid']}', emailfromadmin='{$A['emailfromadmin']}', emailfromuser='******'emailfromuser']}', showonline='{$A['showonline']}' WHERE uid='{$_USER['uid']}'");
    if (empty($etids)) {
        $etids = '-';
    }
    DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "'{$_USER['uid']}','{$tids}','{$aids}','{$selectedblocks}','{$A['noboxes']}',{$A['maxstories']},'{$etids}'");
    $A['commentmode'] = COM_applyFilter($A['commentmode']);
    if (empty($A['commentmode'])) {
        $A['commentmode'] = $_CONF['comment_mode'];
    }
    $A['commentmode'] = addslashes($A['commentmode']);
    $A['commentorder'] = COM_applyFilter($A['commentorder']);
    if (empty($A['commentorder'])) {
        $A['commentorder'] = 'ASC';
    }
    $A['commentorder'] = addslashes($A['commentorder']);
    $A['commentlimit'] = COM_applyFilter($A['commentlimit'], true);
    if ($A['commentlimit'] <= 0) {
        $A['commentlimit'] = $_CONF['comment_limit'];
    }
    DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "'{$_USER['uid']}','{$A['commentmode']}','{$A['commentorder']}','{$A['commentlimit']}'");
    PLG_userInfoChanged($_USER['uid']);
}
Exemple #2
0
/**
* Unsubscribe user from a topic (for the Daily Digest)
*
* @param    string  $tid    Topic ID
*
*/
function USER_unsubscribeFromTopic($tid)
{
    global $_CONF, $_TABLES, $_USER;
    if ($_CONF['emailstories'] == 0) {
        return;
    }
    if (COM_isAnonUser()) {
        return;
    }
    // no check for SEC_hasTopicAccess here to unsubscribe user "just in case"
    $user_etids = DB_getItem($_TABLES['userindex'], 'etids', "uid = {$_USER['uid']}");
    if ($user_etids == '-') {
        return;
        // not subscribed to any topics
    }
    if (empty($user_etids)) {
        // subscribed to all topics - get list
        $etids = USER_getAllowedTopics();
    } else {
        $etids = explode(' ', $user_etids);
    }
    $key = array_search($tid, $etids);
    if ($key === false) {
        return;
        // not subscribed to this topic
    }
    unset($etids[$key]);
    if (count($etids) == 0) {
        $user_etids = '-';
    } else {
        $user_etids = implode(' ', $etids);
    }
    $user_etids = addslashes($user_etids);
    DB_query("UPDATE {$_TABLES['userindex']} SET etids = '{$user_etids}' WHERE uid = {$_USER['uid']}");
}