function userAvatar( $option, $uid, $submitvalue) { global $_CB_database, $_CB_framework, $_REQUEST, $ueConfig, $_PLUGINS, $_FILES; if ( ! $uid ) { $uid = $_CB_framework->myId(); } if ( ! $uid ) { echo _UE_NOT_AUTHORIZED; return; } $msg = cbCheckIfUserCanPerformUserTask( $uid, 'allowModeratorsUserEdit'); if ( $msg ) { echo $msg; return; } $row = new moscomprofilerUser( $_CB_database ); if ( ! $row->load( (int) $uid ) ) { echo _UE_NOSUCHPROFILE; return; } $do = cbGetParam( $_REQUEST, 'do', 'init' ); if ( $do == 'init' ) { HTML_comprofiler::userAvatar( $row, $option, $submitvalue); } elseif ( $do == 'validate' ) { // simple spoof check security cbSpoofCheck( 'userAvatar' ); if ( ! $ueConfig['allowAvatarUpload'] ) { cbNotAuth(); return; } $isModerator=isModerator( $_CB_framework->myId() ); if ( ( ! isset( $_FILES['avatar']['tmp_name'] ) ) || empty( $_FILES['avatar']['tmp_name'] ) || ( $_FILES['avatar']['error'] != 0 ) || ( ! is_uploaded_file( $_FILES['avatar']['tmp_name'] ) ) ) { cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_EMPTY, 'userAvatar' ); } $_PLUGINS->loadPluginGroup( 'user' ); $_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$row, &$row, $isModerator, &$_FILES['avatar']['tmp_name'] ) ); if ($_PLUGINS->is_errors()) { cbRedirectToProfile( $row->id, $_PLUGINS->getErrorMSG(), 'userAvatar' ); } $imgToolBox = new imgToolBox(); $imgToolBox->_conversiontype = $ueConfig['conversiontype']; $imgToolBox->_IM_path = $ueConfig['im_path']; $imgToolBox->_NETPBM_path = $ueConfig['netpbm_path']; $imgToolBox->_maxsize = $ueConfig['avatarSize']; $imgToolBox->_maxwidth = $ueConfig['avatarWidth']; $imgToolBox->_maxheight = $ueConfig['avatarHeight']; $imgToolBox->_thumbwidth = $ueConfig['thumbWidth']; $imgToolBox->_thumbheight = $ueConfig['thumbHeight']; $imgToolBox->_debug = 0; $allwaysResize = ( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 ); $newFileName = $imgToolBox->processImage( $_FILES['avatar'], uniqid($row->id."_"), $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/', 0, 0, 1, $allwaysResize ); if ( ! $newFileName ) { cbRedirectToProfile( $row->id, $imgToolBox->_errMSG, 'userAvatar' ); } if ($row->avatar != null && $row->avatar!="") { deleteAvatar($row->avatar); } if ($ueConfig['avatarUploadApproval']==1 && $isModerator==0) { $cbNotification = new cbNotification(); $cbNotification->sendToModerators(_UE_IMAGE_ADMIN_SUB,_UE_IMAGE_ADMIN_MSG); $_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=0 WHERE id=" . (int) $row->id); $redMsg = _UE_UPLOAD_PEND_APPROVAL; } else { $_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=1, lastupdatedate=". $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id); $redMsg = _UE_UPLOAD_SUCCESSFUL; } $_CB_database->query(); $_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array(&$row,&$row,$isModerator,$newFileName) ); cbRedirectToProfile( $row->id, $redMsg ); } elseif ( $do == 'fromgallery' ) { // simple spoof check security cbSpoofCheck( 'userAvatar' ); if( ! $ueConfig['allowAvatarGallery'] ) { cbNotAuth(); return; } $newAvatar = cbGetParam( $_POST, 'newavatar', null ); if ( ( $newAvatar == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $newAvatar ) || ( strpos( $newAvatar, '..' ) !== false ) ) { cbRedirectToProfile( $row->id, _UE_UPLOAD_ERROR_CHOOSE, 'userAvatar' ); } $_CB_database->setQuery( "UPDATE #__comprofiler SET avatar = " . $_CB_database->Quote( 'gallery/' . $newAvatar ) . ", avatarapproved=1, lastupdatedate = " . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id = " . (int) $row->id); if( ! $_CB_database->query() ) { $msg = _UE_USER_PROFILE_NOT; }else { // delete old avatar: deleteAvatar( $row->avatar ); $msg = _UE_USER_PROFILE_UPDATED; } cbRedirectToProfile( $row->id, $msg ); } elseif ( $do == 'deleteavatar' ) { if ( $row->avatar != null && $row->avatar != "" ) { deleteAvatar( $row->avatar ); $_CB_database->setQuery("UPDATE #__comprofiler SET avatar=null, avatarapproved=1, lastupdatedate=" . $_CB_database->Quote( $_CB_framework->dateDbOfNow() ) . " WHERE id=" . (int) $row->id); $_CB_database->query(); } cbRedirectToProfile( $row->id, _USER_DETAILS_SAVE ); } }
function saveConnections($connectionids) { global $_CB_framework, $ueConfig, $_PLUGINS; // simple spoof check security cbSpoofCheck('manageconnections'); if (!$ueConfig['allowConnections']) { $msg = CBTxt::Th('UE_FUNCTIONALITY_DISABLED', 'This functionality is currently disabled.'); } elseif (!($_CB_framework->myId() > 0)) { $msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); } else { $msg = null; } $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger('onBeforeSaveConnectionsRequest', array($connectionids, &$msg)); if ($msg) { $_CB_framework->enqueueMessage($msg, 'error'); return; } $cbCon = new cbConnection($_CB_framework->myId()); if (is_array($connectionids)) { foreach ($connectionids as $cid) { $connectionTypes = cbGetParam($_POST, $cid . 'connectiontype', array()); $cbCon->saveConnection($cid, stripslashes(cbGetParam($_POST, $cid . 'description', '')), implode('|*|', $connectionTypes)); } } cbRedirectToProfile(null, is_array($connectionids) ? CBTxt::T('UE_CONNECTIONSUPDATEDSUCCESSFULL', 'Your connections are successfully updated!') : null, 'manageconnections', '1'); }