/** ---------------------------------------- /** Email Update /** ----------------------------------------*/ function update_email() { // Safety. if (!isset($_POST['email'])) { return ee()->output->show_user_error('general', array(ee()->lang->line('invalid_action'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } /** ------------------------------------- /** Validate submitted data /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $query = ee()->db->query("SELECT email, password FROM exp_members WHERE member_id = '" . ee()->session->userdata('member_id') . "'"); $VAL = new EE_Validate(array('member_id' => ee()->session->userdata('member_id'), 'val_type' => 'update', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'email' => $_POST['email'], 'cur_email' => $query->row('email'), 'cur_password' => $_POST['password'])); $VAL->validate_email(); if ($_POST['email'] != $query->row('email')) { $VAL->password_safety_check(); } if (count($VAL->errors) > 0) { return ee()->output->show_user_error('submission', $VAL->errors); } /** ------------------------------------- /** Assign the query data /** -------------------------------------*/ $data = array('email' => $_POST['email'], 'accept_admin_email' => isset($_POST['accept_admin_email']) ? 'y' : 'n', 'accept_user_email' => isset($_POST['accept_user_email']) ? 'y' : 'n', 'notify_by_default' => isset($_POST['notify_by_default']) ? 'y' : 'n', 'notify_of_pm' => isset($_POST['notify_of_pm']) ? 'y' : 'n', 'smart_notifications' => isset($_POST['smart_notifications']) ? 'y' : 'n'); ee()->db->query(ee()->db->update_string('exp_members', $data, "member_id = '" . ee()->session->userdata('member_id') . "'")); /** ------------------------------------- /** Update comments and log email change /** -------------------------------------*/ if ($query->row('email') != $_POST['email']) { ee()->db->query(ee()->db->update_string('exp_comments', array('email' => $_POST['email']), "author_id = '" . ee()->session->userdata('member_id') . "'")); } /** ------------------------------------- /** Success message /** -------------------------------------*/ return $this->_var_swap($this->_load_element('success'), array('lang:heading' => ee()->lang->line('mbr_email_updated'), 'lang:message' => ee()->lang->line('mbr_email_has_been_updated'))); }
private function _member_delete() { // No sneakiness - we'll do this in case the site administrator // has foolishly turned off secure forms and some monkey is // trying to delete their account from an off-site form or // after logging out. if ($this->EE->session->userdata('member_id') == 0 or $this->EE->session->userdata('can_delete_self') !== 'y') { return array('error' => $this->EE->lang->line('not_authorized')); } // If the user is a SuperAdmin, then no deletion if ($this->EE->session->userdata('group_id') == 1) { return array('error' => $this->EE->lang->line('cannot_delete_super_admin')); } // Is IP and User Agent required for login? Then, same here. if ($this->EE->config->item('require_ip_for_login') == 'y') { if ($this->EE->session->userdata('ip_address') == '' or $this->EE->session->userdata('user_agent') == '') { return array('error' => $this->EE->lang->line('unauthorized_request')); } } // Check password lockout status if ($this->EE->session->check_password_lockout($this->EE->session->userdata('username')) === TRUE) { $this->EE->lang->loadfile('login'); return array('error' => sprintf(lang('password_lockout_in_effect'), $this->EE->config->item('password_lockout_interval'))); } /** ------------------------------------- /** Validate submitted password /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => $this->EE->session->userdata('member_id'), 'cur_password' => $_POST['password'])); $VAL->password_safety_check(); if (isset($VAL->errors) && count($VAL->errors) > 0) { $this->EE->session->save_password_lockout($this->EE->session->userdata('username')); return array('error' => $this->EE->lang->line('invalid_pw')); } // Are you who you say you are, or someone sitting at someone // else's computer being mean?! // $query = $this->EE->db->select('password') // ->where('member_id', $this->EE->session->userdata('member_id')) // ->get('members'); // // $password = $this->EE->functions->hash(stripslashes($_POST['password'])); // echo '<br/>'.$query->row('password') .'<br/>'. $password; // if ($query->row('password') != $password) // { // $this->EE->session->save_password_lockout($this->EE->session->userdata('username')); // // return array('error' => $this->EE->lang->line('invalid_pw')); // } // No turning back, get to deletin'! $id = $this->EE->session->userdata('member_id'); $this->EE->db->where('member_id', (int) $id)->delete('members'); $this->EE->db->where('member_id', (int) $id)->delete('member_data'); $this->EE->db->where('member_id', (int) $id)->delete('member_homepage'); $this->EE->db->where('sender_id', (int) $id)->delete('message_copies'); $this->EE->db->where('sender_id', (int) $id)->delete('message_data'); $this->EE->db->where('member_id', (int) $id)->delete('message_folders'); $this->EE->db->where('member_id', (int) $id)->delete('message_listed'); $message_query = $this->EE->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $this->EE->db->query($this->EE->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'")); } } // Delete Forum Posts if ($this->EE->config->item('forum_is_installed') == "y") { $this->EE->db->where('member_id', (int) $id)->delete('forum_subscriptions'); $this->EE->db->where('member_id', (int) $id)->delete('forum_pollvotes'); $this->EE->db->where('author_id', (int) $id)->delete('forum_topics'); $this->EE->db->where('admin_member_id', (int) $id)->delete('forum_administrators'); $this->EE->db->where('mod_member_id', (int) $id)->delete('forum_moderators'); // Snag the affected topic id's before deleting the member for the update afterwards $query = $this->EE->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $this->EE->db->where('author_id', (int) $id)->delete('forum_posts'); $this->EE->db->where('author_id', (int) $id)->delete('forum_polls'); // Kill any attachments $query = $this->EE->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE member_id = '{$id}'"); if ($query->num_rows() > 0) { // Grab the upload path $res = $this->EE->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result_array() as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result_array() as $row) { if (!isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']] . $row['filehash'] . $row['extension']; $thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension']; @unlink($file); @unlink($thumb); $this->EE->db->where('attachment_id', (int) $row['attachment_id'])->delete('forum_attachments'); } } // Update the forum stats $query = $this->EE->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum.php'; require PATH_MOD . 'forum/mod.forum_core.php'; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } // Va-poo-rize Channel Entries and Comments $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then delete $query = $this->EE->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $this->EE->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); $this->EE->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } // Find the affected entries AND channel ids for author's comments $query = $this->EE->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member $this->EE->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = $this->EE->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->EE->db->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); $this->EE->db->query("UPDATE exp_channel_titles SET comment_total = '" . $this->EE->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } } if (count($channel_ids) > 0) { foreach (array_unique($channel_ids) as $channel_id) { $this->EE->stats->update_channel_stats($channel_id); $this->EE->stats->update_comment_stats($channel_id); } } // Email notification recipients if ($this->EE->session->userdata('mbr_delete_notify_emails') != '') { $notify_address = $this->EE->session->userdata('mbr_delete_notify_emails'); $swap = array('name' => $this->EE->session->userdata('screen_name'), 'email' => $this->EE->session->userdata('email'), 'site_name' => stripslashes($this->EE->config->item('site_name'))); $email_tit = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_title'), $swap); $email_msg = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, $this->EE->session->userdata('email')) !== FALSE) { $notify_address = str_replace($this->EE->session->userdata('email'), "", $notify_address); } $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { // Send email $this->EE->load->library('email'); // Load the text helper $this->EE->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { $this->EE->email->EE_initialize(); $this->EE->email->wordwrap = FALSE; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($addy); $this->EE->email->reply_to($this->EE->config->item('webmaster_email')); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->send(); } } } // Trash the Session and cookies $this->EE->db->where('site_id', $this->EE->config->item('site_id'))->where('ip_address', $this->EE->input->ip_address())->where('member_id', (int) $id)->delete('online_users'); $this->EE->db->where('session_id', $this->EE->session->userdata('session_id'))->delete('sessions'); $this->EE->functions->set_cookie($this->EE->session->c_session); $this->EE->functions->set_cookie($this->EE->session->c_expire); $this->EE->functions->set_cookie($this->EE->session->c_anon); $this->EE->functions->set_cookie('read_topics'); $this->EE->functions->set_cookie('tracker'); // Update $this->EE->stats->update_member_stats(); // Build Success Message $url = $this->EE->config->item('site_url'); $name = stripslashes($this->EE->config->item('site_name')); $data = array('title' => $this->EE->lang->line('mbr_delete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name)); return array('success' => $data); }