} $login_name = isset($_POST['login_name']) ? trim($_POST['login_name']) : ''; $uname = isset($_POST['uname']) ? trim($_POST['uname']) : ''; $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $pass = isset($_POST['password']) ? icms_core_DataFilter::stripSlashesGPC($_POST['password']) : ''; $vpass = isset($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC($_POST['vpass']) : ''; icms_loadLanguageFile('core', 'user'); $user_handler = icms::handler('icms_member_user'); if (icms::$user->isAdmin()) { $stop = $user_handler->userCheck($login_name, $uname, $email, $pass == '' ? false : $pass, $vpass, $uid); } elseif ($icmsConfigUser['allow_chguname'] == 1) { // a normal user can only change his username on this screen (and only if this is allowed in the settings) $stop = $user_handler->userCheck(false, $uname, false, false, false, $uid); } if (!empty($stop)) { redirect_header(icms_getPreviousPage('edituser.php?uid=' . $uid), 3, $stop); } $member_handler = icms::handler('icms_member'); $edituser = $member_handler->getUser($uid); if (icms::$user->isAdmin()) { $edituser->setVar('login_name', $login_name); $edituser->setVar('uname', $uname); $edituser->setVar('email', $email); if ($edituser->getVar('uid') != icms::$user->getVar('uid')) { if ($pass != '') { $icmspass = new icms_core_Password(); $salt = icms_core_Password::createSalt(); $pass = $icmspass->encryptPass($pass, $salt, $icmsConfigUser['enc_type']); $edituser->setVar('pass', $pass); $edituser->setVar('pass_expired', 0); $edituser->setVar('enc_type', $icmsConfigUser['enc_type']);
} editvideos($videosObj); break; case "addvideos": if (!icms::$security->check()) { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } $controller = new icms_ipf_Controller($profile_videos_handler); $controller->storeFromDefaultForm(_MD_PROFILE_VIDEOS_CREATED, _MD_PROFILE_VIDEOS_MODIFIED, PROFILE_URL . basename(__FILE__)); break; case "del": if (!$videosObj->userCanEditAndDelete()) { redirect_header($videosObj->getItemLink(true), 3, _NOPERM); } if (isset($_POST['confirm']) && !icms::$security->check()) { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } $controller = new icms_ipf_Controller($profile_videos_handler); $controller->handleObjectDeletionFromUserSide(); break; default: $clean_start = isset($_GET['start']) ? (int) $_GET['start'] : 0; if ($real_uid && $real_uid == $uid) { editvideos($videosObj, true); } if ($clean_uid > 0 || $real_uid > 0) { $uid = $clean_uid > 0 ? $clean_uid : $real_uid; $videosArray = $profile_videos_handler->getVideos($clean_start, icms::$module->config['videosperpage'], $clean_uid); if (count($videosArray) == 0) { $icmsTpl->assign('lang_nocontent', _MD_PROFILE_VIDEOS_NOCONTENT); } else {
/** * check if user is allowed to access a given section * * @param str $item the section (e.g. audio) * @param int $uid user id * @return bool */ public function userCanAccessSection($item, $uid) { global $profile_isAdmin; if ($profile_isAdmin) { return true; } $module = icms::handler("icms_module")->getByDirname(basename(dirname(dirname(__FILE__))), TRUE); if (!$module->config["profile_social"]) { redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM); } $configsObj = $this->getConfigPerUser($uid); if (is_object($configsObj)) { $status = $configsObj->getVar($item, 'e'); if ($profile_isAdmin) { return true; } if (is_object(icms::$user) && icms::$user->getVar('uid') == $uid) { return true; } if ($status == PROFILE_CONFIG_STATUS_EVERYBODY) { return true; } if ($status == PROFILE_CONFIG_STATUS_MEMBERS && is_object(icms::$user)) { return true; } if ($status == PROFILE_CONFIG_STATUS_FRIENDS && is_object(icms::$user) && icms::$user->getVar('uid') != $uid) { $profile_friendship_handler = icms_getModuleHandler('friendship', basename(dirname(dirname(__FILE__))), 'profile'); $friendships = $profile_friendship_handler->getFriendships(0, 1, icms::$user->getVar('uid'), $uid, PROFILE_FRIENDSHIP_STATUS_ACCEPTED); return count($friendships) != 0; } if ($status == PROFILE_CONFIG_STATUS_PRIVATE && is_object(icms::$user)) { return $uid == icms::$user->getVar('uid'); } } return false; }
$isOwner = is_object(icms::$user) && icms::$user->getVar('uid') == $uid ? true : false; if (icms::$module->config['index_real_name'] == 'real' && trim($thisUser->getVar('name'))) { $owner_name = is_object($thisUser) ? trim($thisUser->getVar('name')) : _GUESTS; } elseif (icms::$module->config['index_real_name'] == 'both' && trim($thisUser->getVar('name'))) { $owner_name = is_object($thisUser) ? trim($thisUser->getVar('name')) . ' (' . trim($thisUser->getVar('uname')) . ')' : _GUESTS; } else { $owner_name = is_object($thisUser) ? trim($thisUser->getVar('uname')) : _GUESTS; } // check whether icms::$user is allowed to view profile of thisUser if (!is_object(icms::$user)) { if (array_intersect($thisUser->getGroups(), icms::$module->config['view_group_' . ICMS_GROUP_ANONYMOUS]) != $thisUser->getGroups()) { redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM); } } elseif (!icms::$user->isAdmin(0)) { if (array_intersect($thisUser->getGroups(), icms::$module->config['view_group_' . ICMS_GROUP_USERS]) != $thisUser->getGroups()) { redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM); } } icms_loadLanguageFile('core', 'user'); $module_name = icms::$module->getVar('name'); $xoTheme->addStylesheet(PROFILE_URL . 'assets/css/profile' . (@_ADM_USE_RTL == 1 ? '_rtl' : '') . '.css'); icms_makeSmarty(array('module_name' => $module_name, 'icms_pagetitle' => sprintf(_MD_PROFILE_PAGETITLE, $owner_name), 'profile_image' => '<img src="' . PROFILE_URL . 'images/profile-start.gif" alt="' . $module_name . '"/>', 'profile_content' => _MI_PROFILE_MODULEDESC, 'module_is_socialmode' => icms::$module->config['profile_social'], 'profile_module_home' => '<a href="' . PROFILE_URL . 'index.php?uid=' . $uid . '">' . sprintf(_MD_PROFILE_PAGETITLE, $owner_name) . '</a>')); if (icms::$module->config['profile_social']) { $permissions = array(); $items = array('audio', 'pictures', 'friendship', 'videos', 'tribes', 'profile_usercontributions'); foreach ($items as $item) { $permissions = array_merge($permissions, array($item => $profile_configs_handler->userCanAccessSection($item, $uid))); } foreach ($permissions as $permission => $value) { if (in_array($permission, array('audio', 'pictures', 'friendship', 'videos', 'tribes'))) { $icmsTpl->assign('allow_' . $permission, icms::$module->config['enable_' . $permission] && $value);
$valid_op = array('del', ''); $isAllowed = $profile_configs_handler->userCanAccessSection('friendship', $clean_uid); if (!$isAllowed || !icms::$module->config['enable_friendship']) { redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM); } /* Only proceed if the supplied operation is a valid operation */ if (in_array($clean_op, $valid_op, true)) { switch ($clean_op) { case 'del': $friendshipObj = $profile_friendship_handler->get($clean_friendship_id); if (!$friendshipObj->userCanEditAndDelete()) { redirect_header(icms_getPreviousPage('friendship.php?uid=' . $clean_uid), 3, _NOPERM); } if (isset($_POST['confirm'])) { if (!icms::$security->check()) { redirect_header(icms_getPreviousPage('friendship.php?uid=' . $clean_uid), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } } $controller = new icms_ipf_Controller($profile_friendship_handler); $controller->handleObjectDeletionFromUserSide(); break; default: if ($clean_uid > 0 || $real_uid > 0) { $uid = $clean_uid > 0 ? $clean_uid : $real_uid; $friendshipsArray = $profile_friendship_handler->getFriendshipsSorted($uid, $isOwner); if (count($friendshipsArray[PROFILE_FRIENDSHIP_STATUS_PENDING]) + count($friendshipsArray[PROFILE_FRIENDSHIP_STATUS_ACCEPTED]) + count($friendshipsArray[PROFILE_FRIENDSHIP_STATUS_REJECTED]) == 0) { $icmsTpl->assign('lang_nocontent', _MD_PROFILE_FRIENDSHIPS_NOCONTENT); } else { $icmsTpl->assign('profile_friendships', $friendshipsArray); } } else {
$controller = new icms_ipf_Controller($profile_friendship_handler); $controller->storeFromDefaultForm(_MD_PROFILE_FRIENDSHIP_CREATED, _MD_PROFILE_FRIENDSHIP_MODIFIED, PROFILE_URL . "/index.php?uid=" . $uid); break; case "editfriendship": if (!icms::$security->check()) { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } $clean_friendship_id = isset($_POST['friendship_id']) ? (int) $_POST['friendship_id'] : 0; $friendshipObj = $profile_friendship_handler->get($clean_friendship_id); if (!$friendshipObj->isNew() && $friendshipObj->getVar('friend2_uid') == $uid) { $clean_status = isset($_POST['status']) ? (int) $_POST['status'] : ''; $valid_status = array(PROFILE_FRIENDSHIP_STATUS_ACCEPTED, PROFILE_FRIENDSHIP_STATUS_REJECTED); if (in_array($clean_status, $valid_status, true)) { $friendshipObj->setVar('status', $clean_status); $friendshipObj->store(true); if (strpos(icms_getPreviousPage(), $friendshipObj->handler->_moduleUrl . $friendshipObj->handler->_page) !== false) { header('Location: ' . $friendshipObj->handler->_moduleUrl . $friendshipObj->handler->_page . '?uid=' . $uid); } } } default: if (icms::$user->getVar('uid') != $uid) { $friendships = $profile_friendship_handler->getFriendships(0, 1, icms::$user->getVar('uid'), $uid); if (count($friendships) == 0) { $friendshipObj = $profile_friendship_handler->get($clean_friendship_id); editfriendship($friendshipObj, $uid, true); } } break; } }
/** * Resize a picture and save it to $path_upload * * @param int $pictures_id the id of the picture to set as avatar * @global array $icmsConfigUser user configuration * @return void */ public function makeAvatar($pictures_id) { global $icmsConfigUser; $picturesObj = $this->get($pictures_id); // check if picture exists if ($picturesObj->isNew()) { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_NOTEDITED); } // the current user must be the owner of this picture, users must be allowed to upload avatars and we check for user posts if (!is_object(icms::$user) || icms::$user->getVar('uid') != $picturesObj->getVar('uid_owner') || $icmsConfigUser['avatar_allow_upload'] == 0 || icms::$user->getVar('posts') < $icmsConfigUser['avatar_minposts']) { redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM); } $image = $this->getImagePath() . $picturesObj->getVar('url'); if (($ext = strrpos($picturesObj->getVar('url'), '.')) !== false) { $ext = strtolower(substr($picturesObj->getVar('url'), $ext + 1)); } else { $ext = 'jpg'; } $avatar = 'cavt_' . time() . '.' . $ext; $imageAvatar = ICMS_UPLOAD_PATH . '/' . $avatar; // resize picture and store as avatar $imgObj = WideImage::load($image); $imgObj->resizeDown($icmsConfigUser['avatar_width'], $icmsConfigUser['avatar_height'])->saveToFile($imageAvatar); // retrieve the mime type for the avatar if (function_exists('exif_imagetype')) { $avatar_mimetype = image_type_to_mime_type(exif_imagetype($imageAvatar)); } else { $size = getimagesize($imageAvatar); $avatar_mimetype = isset($size['mime']) ? $size['mime'] : image_type_to_mime_type($size[2]); } // create new avatar object and delete the old one $avt_handler = icms::handler('icms_data_avatar'); $avatarObj = $avt_handler->create(); $avatarObj->setVar('avatar_file', $avatar); $avatarObj->setVar('avatar_name', icms::$user->getVar('uname')); $avatarObj->setVar('avatar_mimetype', $avatar_mimetype); $avatarObj->setVar('avatar_display', 1); $avatarObj->setVar('avatar_type', 'C'); if (!$avt_handler->insert($avatarObj)) { unlink($imageAvatar); redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_NOTEDITED); } else { $oldavatar = icms::$user->getVar('user_avatar'); if (!empty($oldavatar) && preg_match("/^cavt/", strtolower($oldavatar))) { $avatars = $avt_handler->getObjects(new icms_db_criteria_Item('avatar_file', $oldavatar)); if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) { $avt_handler->delete($avatars[0]); $oldavatar_path = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . $oldavatar)); if (0 === strpos($oldavatar_path, ICMS_UPLOAD_PATH) && is_file($oldavatar_path)) { unlink($oldavatar_path); } } } icms::$user->setVar('user_avatar', $avatar); if (icms::handler('icms_member_user')->insert(icms::$user)) { $avt_handler->addUser($avatarObj->getVar('avatar_id'), (int) icms::$user->getVar('uid')); redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_EDITED); } else { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_PICTURES_AVATAR_NOTEDITED); } } }
/** * Edit a tribe topic * * @param int $tribetopic_id id of tribe topic * @param int $tribepost_id id of tribe post to be edited * @param object $tribesObj mod_profile_Tribes object * @param bool $hideForm * @global mod_profile_TribetopicHandler $profile_tribetopic_handler tribetopic handler * @global mod_profile_TribepostHandler $profile_tribepost_handler tribepost handler * @global obj $icmsTpl template object * @global bool $isOwner true if current user is owner of this tribe * @return void */ function edittribepost($tribetopic_id, $tribepost_id, $tribesObj, $hideForm = false) { global $profile_tribetopic_handler, $profile_tribepost_handler, $icmsTpl, $isOwner; if (!is_object(icms::$user)) { return false; } $icmsTpl->assign('hideForm', $hideForm); $tribepostObj = $profile_tribepost_handler->get($tribepost_id); if ($tribepostObj->isNew()) { if ($tribetopic_id > 0) { $formtitle = _MD_PROFILE_TRIBEPOST_SUBMIT; $tribepostObj->setFieldAsRequired('title', false); $tribepostObj->setVar('topic_id', $tribetopic_id); } else { $formtitle = _MD_PROFILE_TRIBETOPIC_SUBMIT; } $tribepostObj->setVar('tribes_id', $tribesObj->getVar('tribes_id')); $tribepostObj->setVar('poster_uid', icms::$user->getVar('uid')); $tribepostObj->setVar('post_time', date(_DATESTRING)); $tribepostObj->hideFieldFromForm(array('meta_keywords', 'meta_description', 'short_url')); if (icms::$user->getVar('attachsig')) { $tribepostObj->hideFieldFromForm('attachsig'); } else { $tribepostObj->setVar('attachsig', 0); } $sform = $tribepostObj->getSecureForm($hideForm ? '' : $formtitle, 'addtribepost'); $sform->assign($icmsTpl, 'profile_addpostform'); $icmsTpl->assign('lang_addpostform_title', $formtitle); } else { $tribetopicObj = $profile_tribetopic_handler->get($tribetopic_id); // check permissions if (!($tribepostObj->userCanEditAndDelete() || $isOwner)) { redirect_header(icms_getPreviousPage('index.php'), 3, _NOPERM); } // set topic or post specific options if ($tribetopicObj->getVar('post_id') == $tribepost_id) { $formtitle = _MD_PROFILE_TRIBETOPIC_EDIT; } else { $formtitle = _MD_PROFILE_TRIBEPOST_EDIT; $tribepostObj->setFieldAsRequired('title', false); } $tribepostObj->hideFieldFromForm(array('meta_keywords', 'meta_description', 'short_url')); if (icms::$user->getVar('attachsig')) { $tribepostObj->hideFieldFromForm('attachsig'); } else { $tribepostObj->setVar('attachsig', 0); } $sform = $tribepostObj->getSecureForm($hideForm ? '' : $formtitle, 'addtribepost'); $sform->assign($icmsTpl, 'profile_editpostform'); $icmsTpl->assign('lang_editpostform', $formtitle); } }
editcontent($contentObj); break; case "addcontent": if (!icms::$security->check()) { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_CONTENT_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } $controller = new icms_ipf_Controller($content_content_handler); $controller->storeFromDefaultForm(_MD_CONTENT_CONTENT_CREATED, _MD_CONTENT_CONTENT_MODIFIED); break; case "del": if (!$contentObj->userCanEditAndDelete()) { redirect_header($contentObj->getItemLink(true), 3, _NOPERM); } if (isset($_POST['confirm'])) { if (!icms::$security->check()) { redirect_header(icms_getPreviousPage(), 3, _MD_CONTENT_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } } $controller = new icms_ipf_Controller($content_content_handler); $controller->handleObjectDeletionFromUserSide(); $icmsTpl->assign('content_category_path', $content_content_handler->getBreadcrumbForPid($contentObj->getVar('content_id', 'e'), 1) . ' > ' . _DELETE); break; default: if (is_object($contentObj) && $contentObj->accessGranted()) { $content_content_handler->updateCounter($clean_content_id); $content = $contentObj->toArray(); $icmsTpl->assign('content_content', $content); $icmsTpl->assign('showInfo', $contentConfig['show_contentinfo']); $showSubs = $contentConfig['show_relateds'] && $content['content_showsubs'] ? true : false; $icmsTpl->assign('showSubs', $showSubs); if ($contentConfig['show_breadcrumb']) {