function save_profile() { global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max; $errors = 0; // benjami: control added (2005-12-22) $new_pass = false; $messages = array(); $form_hash = md5($site_key . $user->id . $current_user->user_id); if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) { $old_user_login = $user->username; $old_user_id = $user->id; $user->disable(true); Log::insert('user_delete', $old_user_id, $old_user_id); syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} "); $current_user->Logout(get_user_uri($user->username)); die; } if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) { return; } if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) { array_push($messages, _('Falta la clave de control')); $errors++; } if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) { $newname = trim($_POST['username']); if (strlen($newname) < 3) { array_push($messages, _('nombre demasiado corto')); $errors++; } if (!check_username($newname)) { array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos')); $errors++; } elseif (user_exists($newname, $user->id)) { array_push($messages, _('el usuario ya existe')); $errors++; } else { $user->username = $newname; } } if (!empty($_POST['bio']) || $user->bio) { $bio = clean_text($_POST['bio'], 0, false, $bio_max); if ($bio != $user->bio) { $user->bio = $bio; } } if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) { array_push($messages, _('el correo electrónico no es correcto')); $errors++; } elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) { array_push($messages, _('ya existe otro usuario con esa dirección de correo')); $errors++; } else { $user->email = trim($_POST['email']); } $user->url = htmlspecialchars(clean_input_url($_POST['url'])); // Check IM address if (!empty($_POST['public_info'])) { $_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info'])); $public = $db->escape($_POST['public_info']); $im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'")); if ($im_count > 0) { array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado')); $_POST['public_info'] = ''; $errors++; } } $user->phone = $_POST['phone']; $user->public_info = htmlspecialchars(clean_input_url($_POST['public_info'])); // End check IM address if ($user->id == $current_user->user_id) { // Check phone number if (!empty($_POST['phone'])) { if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) { array_push($messages, _('número telefónico erróneo, no se ha grabado')); $_POST['phone'] = ''; $errors++; } else { $phone = $db->escape($_POST['phone']); $phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'")); if ($phone_count > 0) { array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado')); $_POST['phone'] = ''; $errors++; } } } $user->phone = $_POST['phone']; // End check phone number } // Verifies adsense code if ($globals['external_user_ads']) { $_POST['adcode'] = trim($_POST['adcode']); $_POST['adchannel'] = trim($_POST['adchannel']); if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) { if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) { array_push($messages, _('código AdSense incorrecto, no se ha grabado')); $_POST['adcode'] = ''; $errors++; } else { $adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'")); if ($adcode_count > 0) { array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado')); $_POST['adcode'] = ''; $errors++; } } } if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) { if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) { array_push($messages, _('canal AdSense incorrecto, no se ha grabado')); $_POST['adchannel'] = ''; $errors++; } } $user->adcode = $_POST['adcode']; $user->adchannel = $_POST['adchannel']; } $user->names = clean_text($_POST['names']); if (!empty($_POST['password']) || !empty($_POST['password2'])) { if (!check_password($_POST["password"])) { array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números')); $errors = 1; } else { if (trim($_POST['password']) !== trim($_POST['password2'])) { array_push($messages, _('las claves no son iguales, no se ha modificado')); $errors = 1; } else { $new_pass = trim($_POST['password']); $user->pass = UserAuth::hash($new_pass); array_push($messages, _('La clave se ha cambiado')); $pass_changed = true; } } } if ($admin_mode && !empty($_POST['user_level'])) { $user->level = $db->escape($_POST['user_level']); } if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) { $user->karma = $_POST['karma']; } $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4; // Manage avatars upload if (!empty($_FILES['image']['tmp_name'])) { if (avatars_check_upload_size('image')) { $avatar_mtime = avatars_manage_upload($user->id, 'image'); if (!$avatar_mtime) { array_push($messages, _('error guardando la imagen')); $errors = 1; $user->avatar = 0; } else { $user->avatar = $avatar_mtime; } } else { array_push($messages, _('el tamaño de la imagen excede el límite')); $errors = 1; $user->avatar = 0; } } elseif ($_POST['avatar_delete']) { $user->avatar = 0; avatars_remove($user->id); } // Reset avatar for the logged user if ($current_user->user_id == $user->id) { $current_user->user_avatar = $user->avatar; } if (!$errors) { if (empty($user->ip)) { $user->ip = $globals['user_ip']; } $user->store(); $user->read(); if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) { $current_user->Authenticate($user->username, $new_pass); } array_push($messages, _('datos actualizados')); } return $messages; }
function disable($auto = false) { global $db; require_once mnminclude . 'avatars.php'; require_once mnminclude . 'geo.php'; avatars_remove($this->id); geo_delete('user', $this->id); $this->username = '******' . $this->id . '--'; $this->email = "{$this->id}@disabled"; $this->url = ''; if ($auto) { $this->level = 'autodisabled'; } else { $this->level = 'disabled'; } $this->names = 'disabled'; $this->public_info = ''; $this->adcode = ''; $this->adchannel = ''; $this->phone = ''; $this->avatar = 0; $this->karma = 6; $this->store(); syslog(LOG_INFO, "User disabled: {$this->id}"); // Delete relationships $db->query("DELETE FROM friends WHERE friend_type='manual' and (friend_from = {$this->id} or friend_to = {$this->id})"); /* // Delete posts' conversations $db->query("delete from conversations where conversation_type = 'post' and conversation_user_to = $this->id"); $db->transaction(); $conv = $db->get_col("select post_id from posts where post_user_id = $this->id"); if ($conv) { foreach ($conv as $id) { $db->query("delete from conversations where conversation_type = 'post' and conversation_from = $id"); } } $db->commit(); */ // Delete posts $db->query("delete from posts where post_user_id = {$this->id}"); // Delete user's meta $db->query("delete from annotations where annotation_key = 'user_meta-{$this->id}'"); // Delete preferences $db->query("DELETE FROM prefs WHERE pref_user_id = {$this->id}"); return true; }
function avatar_get_from_db($user, $size = 0) { global $db, $globals; if (!in_array($size, $globals['avatars_allowed_sizes'])) { return false; } $time = $db->get_var("select user_avatar from users where user_id={$user}"); if (!$globals['Amazon_S3_local_cache'] && $globals['Amazon_S3_media_bucket'] && is_writable('/tmp')) { $subdir = '/tmp'; } else { $chain = get_cache_dir_chain($user); create_cache_dir_chain(get_avatars_dir(), $chain); $subdir = get_avatars_dir() . '/' . $chain; } if (!is_writable($subdir)) { return false; } $file_base = $subdir . "/{$user}-{$time}"; $delete = false; $original = false; if ($globals['Amazon_S3_media_bucket']) { // Get avatar from S3 // Try up to 3 times to download from Amazon $try = 0; while ($original == false && $try < 3) { if (Media::get("{$user}-{$time}-{$size}.jpg", 'avatars', "{$file_base}-{$size}.jpg")) { return file_get_contents("{$file_base}-{$size}.jpg"); } if (Media::get("{$user}-{$time}.jpg", 'avatars', "{$file_base}-orig.jpg")) { $delete_it = true; $original = "{$file_base}-orig.jpg"; } elseif (is_readable($file_base . '-80.jpg') && filesize($file_base . '-80.jpg') > 0 || Media::get("{$user}-{$time}-80.jpg", 'avatars', "{$file_base}-80.jpg")) { $original = $file_base . '-80.jpg'; } else { $try++; usleep(rand(1, 20)); // Wait a little to minimize race-conditions } } if (!$original) { // The images were not found in S3 if (($buckets = Media::buckets(false)) && in_array($globals['Amazon_S3_media_bucket'], $buckets) && is_writable(mnmpath . '/' . $globals['cache_dir'])) { // Double check avatars_remove($user); } return false; } } else { //Get from DB if (!is_readable($file_base . '-80.jpg')) { $img = $db->get_var("select avatar_image from avatars where avatar_id={$user}"); if (!strlen($img) > 0) { if (is_writable(mnmpath . '/' . $globals['cache_dir'])) { // Double check avatars_remove($user); } return false; } file_put_contents($file_base . '-80.jpg', $img); $original = $file_base . '-80.jpg'; } } if ($size > 0 && $size != 80) { avatar_resize($original, "{$file_base}-{$size}.jpg", $size); if ($delete_it) { @unlink($original); } } return file_get_contents("{$file_base}-{$size}.jpg"); }
function disable($auto = false) { global $db; require_once(mnminclude.'avatars.php'); require_once(mnminclude.'geo.php'); avatars_remove($this->id); geo_delete('user', $this->id); // Delete relationships $db->query("DELETE FROM friends WHERE friend_type='manual' and (friend_from = $this->id or friend_to = $this->id)"); // Delete preferences $db->query("DELETE FROM prefs WHERE pref_user_id = $this->id"); // Delete posts $db->query("delete from posts where post_user_id = $this->id"); $this->username = '******'.$this->id.'--'; $this->email = "$this->id@disabled"; $this->url = ''; if ($auto) $this->level = 'autodisabled'; else $this->level = 'disabled'; $this->names = 'disabled'; $this->public_info = ''; $this->adcode = ''; $this->adchannel = ''; $this->phone = ''; $this->avatar = 0; $this->karma = 6; return $this->store(); }
function avatar_get_from_db($user, $size = 0) { global $db, $globals; if (!in_array($size, $globals['avatars_allowed_sizes'])) { return false; } $time = $db->get_var("select user_avatar from users where user_id={$user}"); if (!$time > 0) { return false; } if (!$globals['Amazon_S3_local_cache'] && $globals['Amazon_S3_media_bucket'] && is_writable('/tmp')) { $subdir = '/tmp'; } else { if (!Upload::create_cache_dir($user)) { return false; } $subdir = Upload::get_cache_dir($user); } if (!is_writable($subdir)) { return false; } $file_base = $subdir . "/{$user}-{$time}"; $delete = false; $original = false; $http_code = 0; if ($globals['Amazon_S3_media_bucket']) { $original == false; if (Media::get("{$user}-{$time}-{$size}.jpg", 'avatars', "{$file_base}-{$size}.jpg")) { return file_get_contents("{$file_base}-{$size}.jpg"); } if (Media::get("{$user}-{$time}.jpg", 'avatars', "{$file_base}-orig.jpg")) { $delete_it = true; $original = "{$file_base}-orig.jpg"; } else { $http_code = Media::$lastHTTPCode; if (is_readable($file_base . '-80.jpg') && filesize($file_base . '-80.jpg') > 0 || Media::get("{$user}-{$time}-80.jpg", 'avatars', "{$file_base}-80.jpg")) { $original = $file_base . '-80.jpg'; } } if ($globals['Amazon_S3_delete_allowed'] && !$original && $http_code == 404 && Media::$lastHTTPCode == 404) { // The images were not found in S3 if (is_writable(mnmpath . '/' . $globals['cache_dir'])) { // Double check syslog(LOG_INFO, "Meneame, removing avatars not found in S3 user {$user} time {$time}"); avatars_remove($user); } return false; } } else { //Get from DB if (!is_readable($file_base . '-80.jpg')) { $img = $db->get_var("select avatar_image from avatars where avatar_id={$user}"); if (!strlen($img) > 0) { if (is_writable(mnmpath . '/' . $globals['cache_dir'])) { // Double check avatars_remove($user); } return false; } file_put_contents($file_base . '-80.jpg', $img); $original = $file_base . '-80.jpg'; } } if ($original && $size > 0 && $size != 80) { avatar_resize($original, "{$file_base}-{$size}.jpg", $size); if ($delete_it) { @unlink($original); } } return @file_get_contents("{$file_base}-{$size}.jpg"); }