function save_profile() { global $db, $user, $current_user, $globals, $site_key; $errors = 0; // benjami: control added (2005-12-22) $new_pass = false; $messages = ''; $form_hash = md5($site_key . $user->id . mnminclude); if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) { return; } if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) { $messages .= '<p class="form-error">' . _('Falta la clave de control') . '</p>'; $errors++; } if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) { if (strlen(trim($_POST['username'])) < 3) { $messages .= '<p class="form-error">' . _('nombre demasiado corto') . '</p>'; $errors++; } if (!check_username($_POST['username'])) { $messages .= '<p class="form-error">' . _('nombre de usuario erróneo, caracteres no admitidos') . '</p>'; $errors++; } elseif (user_exists(trim($_POST['username']))) { $messages .= '<p class="form-error">' . _('el usuario ya existe') . '</p>'; $errors++; } else { $user->username = trim($_POST['username']); } } if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) { $messages .= '<p class="form-error">' . _('el correo electrónico no es correcto') . '</p>'; $errors++; } elseif (trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) { $messages .= '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>'; $errors++; } $user->url = htmlspecialchars(clean_input_url($_POST['url'])); $user->names = clean_text($_POST['names']); if (!empty($_POST['password']) || !empty($_POST['password2'])) { if (!check_password($_POST["password"])) { $messages .= '<p class="form-error">' . _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números') . '</p>'; $errors = 1; } else { if (trim($_POST['password']) !== trim($_POST['password2'])) { $messages .= '<p class="form-error">' . _('las claves no son iguales, no se ha modificado') . '</p>'; $errors = 1; } else { $new_pass = trim($_POST['password']); $user->pass = UserAuth::hash($new_pass); $messages .= '<p class="form-error">' . _('La clave se ha cambiado') . '</p>'; $new_pass = true; } } } $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4; // Manage avatars upload if (!empty($_FILES['image']['tmp_name'])) { if (avatars_check_upload_size('image')) { $avatar_mtime = avatars_manage_upload($user->id, 'image'); if (!$avatar_mtime) { $messages .= '<p class="form-error">' . _('error guardando la imagen') . '</p>'; $errors = 1; $user->avatar = 0; } else { $user->avatar = $avatar_mtime; } } else { $messages .= '<p class="form-error">' . _('el tamaño de la imagen excede el límite') . '</p>'; $errors = 1; $user->avatar = 0; } } if (!$errors) { if (empty($user->ip)) { $user->ip = $globals['user_ip']; } $user->store(); $user->read(); if ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass) { $current_user->Authenticate($user->username, $new_pass); } $messages .= '<p class="form-error">' . _('datos actualizados') . '</p>'; } return $messages; }
function save_profile() { global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max; $errors = 0; // benjami: control added (2005-12-22) $new_pass = false; $messages = array(); $form_hash = md5($site_key . $user->id . $current_user->user_id); if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) { $old_user_login = $user->username; $old_user_id = $user->id; $user->disable(true); Log::insert('user_delete', $old_user_id, $old_user_id); syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} "); $current_user->Logout(get_user_uri($user->username)); die; } if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) { return; } if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) { array_push($messages, _('Falta la clave de control')); $errors++; } if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) { $newname = trim($_POST['username']); if (strlen($newname) < 3) { array_push($messages, _('nombre demasiado corto')); $errors++; } if (!check_username($newname)) { array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos')); $errors++; } elseif (user_exists($newname, $user->id)) { array_push($messages, _('el usuario ya existe')); $errors++; } else { $user->username = $newname; } } if (!empty($_POST['bio']) || $user->bio) { $bio = clean_text($_POST['bio'], 0, false, $bio_max); if ($bio != $user->bio) { $user->bio = $bio; } } if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) { array_push($messages, _('el correo electrónico no es correcto')); $errors++; } elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) { array_push($messages, _('ya existe otro usuario con esa dirección de correo')); $errors++; } else { $user->email = trim($_POST['email']); } $user->url = htmlspecialchars(clean_input_url($_POST['url'])); // Check IM address if (!empty($_POST['public_info'])) { $_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info'])); $public = $db->escape($_POST['public_info']); $im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'")); if ($im_count > 0) { array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado')); $_POST['public_info'] = ''; $errors++; } } $user->phone = $_POST['phone']; $user->public_info = htmlspecialchars(clean_input_url($_POST['public_info'])); // End check IM address if ($user->id == $current_user->user_id) { // Check phone number if (!empty($_POST['phone'])) { if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) { array_push($messages, _('número telefónico erróneo, no se ha grabado')); $_POST['phone'] = ''; $errors++; } else { $phone = $db->escape($_POST['phone']); $phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'")); if ($phone_count > 0) { array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado')); $_POST['phone'] = ''; $errors++; } } } $user->phone = $_POST['phone']; // End check phone number } // Verifies adsense code if ($globals['external_user_ads']) { $_POST['adcode'] = trim($_POST['adcode']); $_POST['adchannel'] = trim($_POST['adchannel']); if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) { if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) { array_push($messages, _('código AdSense incorrecto, no se ha grabado')); $_POST['adcode'] = ''; $errors++; } else { $adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'")); if ($adcode_count > 0) { array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado')); $_POST['adcode'] = ''; $errors++; } } } if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) { if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) { array_push($messages, _('canal AdSense incorrecto, no se ha grabado')); $_POST['adchannel'] = ''; $errors++; } } $user->adcode = $_POST['adcode']; $user->adchannel = $_POST['adchannel']; } $user->names = clean_text($_POST['names']); if (!empty($_POST['password']) || !empty($_POST['password2'])) { if (!check_password($_POST["password"])) { array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números')); $errors = 1; } else { if (trim($_POST['password']) !== trim($_POST['password2'])) { array_push($messages, _('las claves no son iguales, no se ha modificado')); $errors = 1; } else { $new_pass = trim($_POST['password']); $user->pass = UserAuth::hash($new_pass); array_push($messages, _('La clave se ha cambiado')); $pass_changed = true; } } } if ($admin_mode && !empty($_POST['user_level'])) { $user->level = $db->escape($_POST['user_level']); } if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) { $user->karma = $_POST['karma']; } $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4; // Manage avatars upload if (!empty($_FILES['image']['tmp_name'])) { if (avatars_check_upload_size('image')) { $avatar_mtime = avatars_manage_upload($user->id, 'image'); if (!$avatar_mtime) { array_push($messages, _('error guardando la imagen')); $errors = 1; $user->avatar = 0; } else { $user->avatar = $avatar_mtime; } } else { array_push($messages, _('el tamaño de la imagen excede el límite')); $errors = 1; $user->avatar = 0; } } elseif ($_POST['avatar_delete']) { $user->avatar = 0; avatars_remove($user->id); } // Reset avatar for the logged user if ($current_user->user_id == $user->id) { $current_user->user_avatar = $user->avatar; } if (!$errors) { if (empty($user->ip)) { $user->ip = $globals['user_ip']; } $user->store(); $user->read(); if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) { $current_user->Authenticate($user->username, $new_pass); } array_push($messages, _('datos actualizados')); } return $messages; }
function do_register2() { global $db, $current_user, $globals; if (!ts_is_human()) { register_error(_('el código de seguridad no es correcto')); return; } if (!check_user_fields()) { return; } $username = clean_input_string(trim($_POST['username'])); // sanity check $dbusername = $db->escape($username); // sanity check $password = UserAuth::hash(trim($_POST['password'])); $email = clean_input_string(trim($_POST['email'])); // sanity check $dbemail = $db->escape($email); // sanity check $user_ip = $globals['form_user_ip']; if (!user_exists($username)) { if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) { echo '<fieldset>' . "\n"; echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n"; $user = new User(); $user->username = $username; if (!$user->read()) { register_error(_('error insertando usuario en la base de datos')); } else { require_once mnminclude . 'mail.php'; $sent = send_recover_mail($user); $globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form Log::insert('user_new', $user->id, $user->id); } echo '</fieldset>' . "\n"; } else { register_error(_("error insertando usuario en la base de datos")); } } else { register_error(_("el usuario ya existe")); } }