Esempio n. 1
0
function save_profile()
{
    global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max;
    $errors = 0;
    // benjami: control added (2005-12-22)
    $new_pass = false;
    $messages = array();
    $form_hash = md5($site_key . $user->id . $current_user->user_id);
    if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) {
        $old_user_login = $user->username;
        $old_user_id = $user->id;
        $user->disable(true);
        Log::insert('user_delete', $old_user_id, $old_user_id);
        syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} ");
        $current_user->Logout(get_user_uri($user->username));
        die;
    }
    if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
        return;
    }
    if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
        array_push($messages, _('Falta la clave de control'));
        $errors++;
    }
    if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
        $newname = trim($_POST['username']);
        if (strlen($newname) < 3) {
            array_push($messages, _('nombre demasiado corto'));
            $errors++;
        }
        if (!check_username($newname)) {
            array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos'));
            $errors++;
        } elseif (user_exists($newname, $user->id)) {
            array_push($messages, _('el usuario ya existe'));
            $errors++;
        } else {
            $user->username = $newname;
        }
    }
    if (!empty($_POST['bio']) || $user->bio) {
        $bio = clean_text($_POST['bio'], 0, false, $bio_max);
        if ($bio != $user->bio) {
            $user->bio = $bio;
        }
    }
    if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
        array_push($messages, _('el correo electrónico no es correcto'));
        $errors++;
    } elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
        array_push($messages, _('ya existe otro usuario con esa dirección de correo'));
        $errors++;
    } else {
        $user->email = trim($_POST['email']);
    }
    $user->url = htmlspecialchars(clean_input_url($_POST['url']));
    // Check IM address
    if (!empty($_POST['public_info'])) {
        $_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
        $public = $db->escape($_POST['public_info']);
        $im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'"));
        if ($im_count > 0) {
            array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'));
            $_POST['public_info'] = '';
            $errors++;
        }
    }
    $user->phone = $_POST['phone'];
    $user->public_info = htmlspecialchars(clean_input_url($_POST['public_info']));
    // End check IM address
    if ($user->id == $current_user->user_id) {
        // Check phone number
        if (!empty($_POST['phone'])) {
            if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) {
                array_push($messages, _('número telefónico erróneo, no se ha grabado'));
                $_POST['phone'] = '';
                $errors++;
            } else {
                $phone = $db->escape($_POST['phone']);
                $phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'"));
                if ($phone_count > 0) {
                    array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado'));
                    $_POST['phone'] = '';
                    $errors++;
                }
            }
        }
        $user->phone = $_POST['phone'];
        // End check phone number
    }
    // Verifies adsense code
    if ($globals['external_user_ads']) {
        $_POST['adcode'] = trim($_POST['adcode']);
        $_POST['adchannel'] = trim($_POST['adchannel']);
        if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
            if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) {
                array_push($messages, _('código AdSense incorrecto, no se ha grabado'));
                $_POST['adcode'] = '';
                $errors++;
            } else {
                $adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'"));
                if ($adcode_count > 0) {
                    array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado'));
                    $_POST['adcode'] = '';
                    $errors++;
                }
            }
        }
        if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
            if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
                array_push($messages, _('canal AdSense incorrecto, no se ha grabado'));
                $_POST['adchannel'] = '';
                $errors++;
            }
        }
        $user->adcode = $_POST['adcode'];
        $user->adchannel = $_POST['adchannel'];
    }
    $user->names = clean_text($_POST['names']);
    if (!empty($_POST['password']) || !empty($_POST['password2'])) {
        if (!check_password($_POST["password"])) {
            array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números'));
            $errors = 1;
        } else {
            if (trim($_POST['password']) !== trim($_POST['password2'])) {
                array_push($messages, _('las claves no son iguales, no se ha modificado'));
                $errors = 1;
            } else {
                $new_pass = trim($_POST['password']);
                $user->pass = UserAuth::hash($new_pass);
                array_push($messages, _('La clave se ha cambiado'));
                $pass_changed = true;
            }
        }
    }
    if ($admin_mode && !empty($_POST['user_level'])) {
        $user->level = $db->escape($_POST['user_level']);
    }
    if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
        $user->karma = $_POST['karma'];
    }
    $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
    // Manage avatars upload
    if (!empty($_FILES['image']['tmp_name'])) {
        if (avatars_check_upload_size('image')) {
            $avatar_mtime = avatars_manage_upload($user->id, 'image');
            if (!$avatar_mtime) {
                array_push($messages, _('error guardando la imagen'));
                $errors = 1;
                $user->avatar = 0;
            } else {
                $user->avatar = $avatar_mtime;
            }
        } else {
            array_push($messages, _('el tamaño de la imagen excede el límite'));
            $errors = 1;
            $user->avatar = 0;
        }
    } elseif ($_POST['avatar_delete']) {
        $user->avatar = 0;
        avatars_remove($user->id);
    }
    // Reset avatar for the logged user
    if ($current_user->user_id == $user->id) {
        $current_user->user_avatar = $user->avatar;
    }
    if (!$errors) {
        if (empty($user->ip)) {
            $user->ip = $globals['user_ip'];
        }
        $user->store();
        $user->read();
        if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) {
            $current_user->Authenticate($user->username, $new_pass);
        }
        array_push($messages, _('datos actualizados'));
    }
    return $messages;
}
Esempio n. 2
0
 function disable($auto = false)
 {
     global $db;
     require_once mnminclude . 'avatars.php';
     require_once mnminclude . 'geo.php';
     avatars_remove($this->id);
     geo_delete('user', $this->id);
     $this->username = '******' . $this->id . '--';
     $this->email = "{$this->id}@disabled";
     $this->url = '';
     if ($auto) {
         $this->level = 'autodisabled';
     } else {
         $this->level = 'disabled';
     }
     $this->names = 'disabled';
     $this->public_info = '';
     $this->adcode = '';
     $this->adchannel = '';
     $this->phone = '';
     $this->avatar = 0;
     $this->karma = 6;
     $this->store();
     syslog(LOG_INFO, "User disabled: {$this->id}");
     // Delete relationships
     $db->query("DELETE FROM friends WHERE friend_type='manual' and (friend_from = {$this->id} or friend_to = {$this->id})");
     /*
     // Delete posts' conversations
     $db->query("delete from conversations where conversation_type = 'post' and conversation_user_to = $this->id");
     
     $db->transaction();
     $conv = $db->get_col("select post_id from posts where post_user_id = $this->id");
     if ($conv) {
     	foreach ($conv as $id) {
     		$db->query("delete from conversations where conversation_type = 'post' and conversation_from = $id");
     	}
     }
     $db->commit();
     */
     // Delete posts
     $db->query("delete from posts where post_user_id = {$this->id}");
     // Delete user's meta
     $db->query("delete from annotations where annotation_key = 'user_meta-{$this->id}'");
     // Delete preferences
     $db->query("DELETE FROM prefs WHERE pref_user_id = {$this->id}");
     return true;
 }
Esempio n. 3
0
function avatar_get_from_db($user, $size = 0)
{
    global $db, $globals;
    if (!in_array($size, $globals['avatars_allowed_sizes'])) {
        return false;
    }
    $time = $db->get_var("select user_avatar from users where user_id={$user}");
    if (!$globals['Amazon_S3_local_cache'] && $globals['Amazon_S3_media_bucket'] && is_writable('/tmp')) {
        $subdir = '/tmp';
    } else {
        $chain = get_cache_dir_chain($user);
        create_cache_dir_chain(get_avatars_dir(), $chain);
        $subdir = get_avatars_dir() . '/' . $chain;
    }
    if (!is_writable($subdir)) {
        return false;
    }
    $file_base = $subdir . "/{$user}-{$time}";
    $delete = false;
    $original = false;
    if ($globals['Amazon_S3_media_bucket']) {
        // Get avatar from S3
        // Try up to 3 times to download from Amazon
        $try = 0;
        while ($original == false && $try < 3) {
            if (Media::get("{$user}-{$time}-{$size}.jpg", 'avatars', "{$file_base}-{$size}.jpg")) {
                return file_get_contents("{$file_base}-{$size}.jpg");
            }
            if (Media::get("{$user}-{$time}.jpg", 'avatars', "{$file_base}-orig.jpg")) {
                $delete_it = true;
                $original = "{$file_base}-orig.jpg";
            } elseif (is_readable($file_base . '-80.jpg') && filesize($file_base . '-80.jpg') > 0 || Media::get("{$user}-{$time}-80.jpg", 'avatars', "{$file_base}-80.jpg")) {
                $original = $file_base . '-80.jpg';
            } else {
                $try++;
                usleep(rand(1, 20));
                // Wait a little to minimize race-conditions
            }
        }
        if (!$original) {
            // The images were not found in S3
            if (($buckets = Media::buckets(false)) && in_array($globals['Amazon_S3_media_bucket'], $buckets) && is_writable(mnmpath . '/' . $globals['cache_dir'])) {
                // Double check
                avatars_remove($user);
            }
            return false;
        }
    } else {
        //Get from DB
        if (!is_readable($file_base . '-80.jpg')) {
            $img = $db->get_var("select avatar_image from avatars where avatar_id={$user}");
            if (!strlen($img) > 0) {
                if (is_writable(mnmpath . '/' . $globals['cache_dir'])) {
                    // Double check
                    avatars_remove($user);
                }
                return false;
            }
            file_put_contents($file_base . '-80.jpg', $img);
            $original = $file_base . '-80.jpg';
        }
    }
    if ($size > 0 && $size != 80) {
        avatar_resize($original, "{$file_base}-{$size}.jpg", $size);
        if ($delete_it) {
            @unlink($original);
        }
    }
    return file_get_contents("{$file_base}-{$size}.jpg");
}
Esempio n. 4
0
	function disable($auto = false) {
		global $db;

		require_once(mnminclude.'avatars.php');
		require_once(mnminclude.'geo.php');
		avatars_remove($this->id);
		geo_delete('user', $this->id);

		// Delete relationships
		$db->query("DELETE FROM friends WHERE friend_type='manual' and (friend_from = $this->id or friend_to = $this->id)");
		// Delete preferences
		$db->query("DELETE FROM prefs WHERE pref_user_id = $this->id");
		// Delete posts
		$db->query("delete from posts where post_user_id = $this->id");

		$this->username = '******'.$this->id.'--';
		$this->email = "$this->id@disabled";
		$this->url = '';
		if ($auto) $this->level = 'autodisabled';
		else $this->level = 'disabled';
		$this->names = 'disabled';
		$this->public_info = '';
		$this->adcode = '';
		$this->adchannel = '';
		$this->phone = '';
		$this->avatar = 0;
		$this->karma = 6;
		return $this->store();
	}
Esempio n. 5
0
function avatar_get_from_db($user, $size = 0)
{
    global $db, $globals;
    if (!in_array($size, $globals['avatars_allowed_sizes'])) {
        return false;
    }
    $time = $db->get_var("select user_avatar from users where user_id={$user}");
    if (!$time > 0) {
        return false;
    }
    if (!$globals['Amazon_S3_local_cache'] && $globals['Amazon_S3_media_bucket'] && is_writable('/tmp')) {
        $subdir = '/tmp';
    } else {
        if (!Upload::create_cache_dir($user)) {
            return false;
        }
        $subdir = Upload::get_cache_dir($user);
    }
    if (!is_writable($subdir)) {
        return false;
    }
    $file_base = $subdir . "/{$user}-{$time}";
    $delete = false;
    $original = false;
    $http_code = 0;
    if ($globals['Amazon_S3_media_bucket']) {
        $original == false;
        if (Media::get("{$user}-{$time}-{$size}.jpg", 'avatars', "{$file_base}-{$size}.jpg")) {
            return file_get_contents("{$file_base}-{$size}.jpg");
        }
        if (Media::get("{$user}-{$time}.jpg", 'avatars', "{$file_base}-orig.jpg")) {
            $delete_it = true;
            $original = "{$file_base}-orig.jpg";
        } else {
            $http_code = Media::$lastHTTPCode;
            if (is_readable($file_base . '-80.jpg') && filesize($file_base . '-80.jpg') > 0 || Media::get("{$user}-{$time}-80.jpg", 'avatars', "{$file_base}-80.jpg")) {
                $original = $file_base . '-80.jpg';
            }
        }
        if ($globals['Amazon_S3_delete_allowed'] && !$original && $http_code == 404 && Media::$lastHTTPCode == 404) {
            // The images were not found in S3
            if (is_writable(mnmpath . '/' . $globals['cache_dir'])) {
                // Double check
                syslog(LOG_INFO, "Meneame, removing avatars not found in S3 user {$user} time {$time}");
                avatars_remove($user);
            }
            return false;
        }
    } else {
        //Get from DB
        if (!is_readable($file_base . '-80.jpg')) {
            $img = $db->get_var("select avatar_image from avatars where avatar_id={$user}");
            if (!strlen($img) > 0) {
                if (is_writable(mnmpath . '/' . $globals['cache_dir'])) {
                    // Double check
                    avatars_remove($user);
                }
                return false;
            }
            file_put_contents($file_base . '-80.jpg', $img);
            $original = $file_base . '-80.jpg';
        }
    }
    if ($original && $size > 0 && $size != 80) {
        avatar_resize($original, "{$file_base}-{$size}.jpg", $size);
        if ($delete_it) {
            @unlink($original);
        }
    }
    return @file_get_contents("{$file_base}-{$size}.jpg");
}