function saveuser(&$userinfo)
{
global $db, $user_prefix, $MAIN_CFG, $allowusertheme, $CPG_SESS, $SESS;
$mode = isset($_POST['save']) ? $_POST['save'] : 'profile';
if ($mode == 'admin' && !defined('ADMIN_PAGES')) {
$mode = 'profile';
}
if ($mode == 'profile') {
$section = 'section=1 OR section=2';
} elseif ($mode == 'private') {
$section = 'section=3';
} elseif ($mode == 'prefs') {
$section = 'section=5';
}
$sql = $pass_change = false;
if ($mode == 'reg_details') {
global $allowmailchange;
$current_password = isset($_POST['current_password']) ? md5($_POST['current_password']) : '';
if (isset($_POST['new_password'])) {
$new_password = $_POST['new_password'];
$verify_password = isset($_POST['verify_password']) ? $_POST['verify_password'] : '';
if ($new_password != $verify_password) {
cpg_error(_PASSDIFFERENT, 'ERROR: Password mismatch');
} elseif ($new_password != '') {
if (strlen($new_password) < $MAIN_CFG['member']['minpass']) {
cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG, 'ERROR: Password too short');
}
$new_password = md5($new_password);
if ($new_password != $userinfo['user_password']) {
if (!defined('ADMIN_PAGES') && $current_password != $userinfo['user_password']) {
cpg_error('Password incorrect');
}
$sql = " user_password='******'";
$pass_change = true;
}
}
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : $userinfo['user_email'];
if (($allowmailchange || defined('ADMIN_PAGES')) && $user_email != $userinfo['user_email']) {
if ($current_password != $userinfo['user_password'] && !defined('ADMIN_PAGES')) {
cpg_error('Password incorrect');
}
if (is_email($user_email) < 1) {
cpg_error(_ERRORINVEMAIL);
}
if ($sql) {
$sql .= ', ';
}
$sql .= "user_email='{$user_email}'";
}
if (defined('ADMIN_PAGES') && isset($_POST['username']) && $_POST['username'] != $userinfo['username']) {
if (preg_match('#(\\ |\\*|#|\\\\|%|"|\'|`|&|\\^|@)', $_POST['username'])) {
cpg_error(_ERRORINVNICK);
}
if ($db->sql_count($user_prefix . '_users u, ' . $user_prefix . '_users_temp t', "u.username='******'username']}' OR t.username='******'username']}' LIMIT 1") > 0) {
cpg_error(_NICKTAKEN);
}
if ($sql) {
$sql .= ', ';
}
$sql .= "username='******'username']}'";
}
} elseif ($mode == 'avatar') {
require_once 'modules/' . basename(dirname(__FILE__)) . '/avatars.php';
// Local avatar?
$avatar_local = isset($_POST['user_avatar']) ? $_POST['user_avatar'] : '';
// Remote avatar?
$avatar_remoteurl = !empty($_POST['avatarremoteurl']) ? htmlprepare($_POST['avatarremoteurl']) : '';
// Upload avatar thru remote or upload?
$avatar_upload = !empty($_POST['avatarurl']) ? trim($_POST['avatarurl']) : (!empty($_FILES['avatar']) && $_FILES['avatar']['tmp_name'] != "none" ? $_FILES['avatar']['tmp_name'] : '');
$avatar_name = !empty($_FILES['avatar']['name']) ? $_FILES['avatar']['name'] : '';
// 0 = USER_AVATAR_NONE
if (isset($_POST['avatardel']) || $avatar_local == '') {
$sql = avatar_delete($userinfo);
}
// 1 = USER_AVATAR_UPLOAD
if ((!empty($avatar_upload) || !empty($avatar_name)) && $MAIN_CFG['avatar']['allow_upload']) {
if (!empty($avatar_upload)) {
$sql = avatar_upload(empty($avatar_name), $userinfo, $avatar_upload, $_FILES['avatar']);
} elseif (!empty($avatar_name)) {
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)), 'ERROR: Filesize');
}
} elseif ($avatar_remoteurl != $userinfo['user_avatar'] && $avatar_remoteurl != '' && $MAIN_CFG['avatar']['allow_remote']) {
if (!preg_match('#^(http)|(ftp):\\/\\/#i', $avatar_remoteurl)) {
$avatar_remoteurl = 'http://' . $avatar_remoteurl;
}
if (preg_match('#^((http)|(ftp):\\/\\/[\\w\\-]+?\\.([\\w\\-]+\\.)+[\\w]+(:[0-9]+)*\\/.*?\\.(gif|jpg|jpeg|png)$)#is', $avatar_remoteurl)) {
if (in_array('getimagesize', explode(',', ini_get('disable_functions'))) || ini_get('disable_functions') == 'getimagesize') {
cpg_error('getimagesize is disabled', _AVATAR_ERR_URL);
} elseif (!getimagesize($avatar_remoteurl)) {
cpg_error('Image has wrong filetype', _AVATAR_ERR_URL);
} elseif (!($file_data = get_fileinfo($avatar_remoteurl, !$MAIN_CFG['avatar']['animated']))) {
cpg_error(_AVATAR_ERR_URL);
} elseif ($file_data['size'] > $MAIN_CFG['avatar']['filesize']) {
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)));
} elseif (!$MAIN_CFG['avatar']['animated'] && $file_data['animation']) {
cpg_error('Animated avatar not allowed');
}
if (avatar_size($avatar_remoteurl)) {
avatar_delete($userinfo);
$sql = "user_avatar='{$avatar_remoteurl}', user_avatar_type=2";
}
} else {
cpg_error('Image has wrong filetype', 'ERROR: Image filetype');
}
} elseif ($avatar_local != $userinfo['user_avatar'] && $avatar_local != '' && $MAIN_CFG['avatar']['allow_local'] && file_exists($MAIN_CFG['avatar']['gallery_path'] . '/' . $avatar_local)) {
avatar_delete($userinfo);
$sql = "user_avatar='{$avatar_local}', user_avatar_type=3";
}
} elseif ($mode == 'admin') {
$sql = 'user_allow_pm=' . intval($_POST['user_allow_pm']) . ', user_allowavatar=' . intval($_POST['user_allowavatar']) . ', user_rank=' . intval($_POST['user_rank']);
$suspendreason = isset($_POST['suspendreason']) ? $_POST['suspendreason'] : 'no reason';
if ($_POST['suspendreason'] != $userinfo['susdel_reason']) {
$sql .= ', susdel_reason=\'' . Fix_Quotes($suspendreason) . "'";
}
if (intval($_POST['user_suspend']) == 0 && $userinfo['user_level'] == 0) {
$sql .= ', user_level=1';
} elseif (intval($_POST['user_suspend']) > 0 && $userinfo['user_level'] > 0) {
$message = _SORRYTO . ' ' . $MAIN_CFG['global']['sitename'] . ' ' . _HASSUSPEND;
if ($suspendreason > '') {
$message .= "\n\n" . _SUSPENDREASON . "\n{$suspendreason}";
}
$from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
if (!send_mail($mailer_message, $message, 0, _ACCTSUSPEND, $userinfo['user_email'], $userinfo['username'], $from)) {
trigger_error($mailer_message, E_USER_WARNING);
}
$sql .= ', user_level=0, susdel_reason=\'' . Fix_Quotes($suspendreason) . "'";
}
} else {
$result = $db->sql_query('SELECT field, type FROM ' . $user_prefix . '_users_fields WHERE ' . $section);
if ($db->sql_numrows($result) > 0) {
while ($row = $db->sql_fetchrow($result)) {
$field = $row['field'] == 'name' ? 'realname' : $row['field'];
$value = Fix_Quotes($_POST[$field], 1);
if ($row['field'] == 'user_lang' && !$MAIN_CFG['global']['multilingual']) {
continue;
}
if ($row['type'] == 1 || $row['type'] == 4) {
$value = intval($value);
} else {
if ($field == 'user_website') {
if (!preg_match('#^http[s]?:\\/\\/#i', $value)) {
$value = 'http://' . $value;
}
if (!preg_match('#^(http[s]?\\:\\/\\/)?([a-z0-9\\-\\.]+)?[a-z0-9\\-]+\\.[a-z]{2,4}$#i', $value)) {
$value = '';
}
}
}
if ($row['type'] == 7 && !$allowusertheme) {
$value = $MAIN_CFG['global']['Default_Theme'];
}
if ($row['type'] == 6) {
$value = date_raw($value);
if (checkdate(substr($value, 4, 2), substr($value, 6, 2), substr($value, 0, 4))) {
$sql .= ", {$row['field']}='{$value}'";
}
} elseif (array_key_exists($row['field'], $userinfo) && $userinfo[$row['field']] != $value) {
$sql .= ", {$row['field']}='{$value}'";
}
if ($field == 'user_timezone') {
$sql .= ', user_dst=' . intval($_POST['user_dst']);
}
}
if ($sql) {
$sql = substr($sql, 2);
}
}
}
if ($sql) {
$db->sql_query('UPDATE ' . $user_prefix . '_users SET ' . $sql . " WHERE user_id=" . intval($userinfo['user_id']));
$_SESSION['CPG_USER'] = false;
unset($_SESSION['CPG_USER']);
if (!defined('ADMIN_PAGES')) {
if ($pass_change) {
global $CLASS;
$CLASS['member']->setmemcookie($userinfo['user_id'], $userinfo['username'], $new_password);
}
if (isset($_POST['theme']) && $allowusertheme) {
$CPG_SESS['theme'] = $_POST['theme'];
unset($CPG_SESS['prevtheme']);
}
cpg_error(_TASK_COMPLETED, _TB_INFO, URL::index('&edit=' . $mode));
} else {
cpg_error(_TASK_COMPLETED, _TB_INFO, URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id']));
}
}
if (!defined('ADMIN_PAGES')) {
URL::redirect(URL::index('&edit=' . $mode));
} else {
cpg_error('Nothing changed', 'No update', URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id']));
}
}
/**
* Get avatar path
* if the avatar does not exist, default avatar will be retrieved
*
* @param int $size Get avatar with exist size
*
* @return string Path to avatar
*/
function get_avatar($size = false)
{
$avatars = [];
foreach (['big', 'medium', 'small'] as $one) {
$avatars[$one] = avatar_default($one);
if (avatar_size($one) !== false) {
$avatars[$one] = avatar_size($one);
}
}
return $size && isset($avatars[$size]) ? $avatars[$size] : false;
}
function avatar_upload($remote, &$userinfo, $avatar_filename, $avatar)
{
require_once CORE_PATH . 'classes/cpg_file.php';
global $MAIN_CFG, $db, $lang;
if ($remote) {
if (!preg_match('/^(http:\\/\\/)?([\\w\\-\\.]+)\\:?([0-9]*)\\/(.*)$/', $avatar_filename, $url_ary) || empty($url_ary[4])) {
cpg_error('The URL you entered is incomplete');
}
$avatar = get_fileinfo($avatar_filename, !$MAIN_CFG['avatar']['animated'], true);
if (!isset($avatar['size'])) {
cpg_error(_AVATAR_ERR_DATA);
} elseif ($avatar['animation'] && !$MAIN_CFG['avatar']['animated']) {
cpg_error('Animated avatar not allowed');
}
$avatar_filesize = $avatar['size'];
$avatar_filetype = $avatar['type'];
$imgtype = check_image_type($avatar_filetype);
if ($avatar['size'] > 0 && $avatar['size'] < $MAIN_CFG['avatar']['filesize']) {
$new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype;
$avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}";
if (CPG_File::write($avatar_filename, $avatar['data']) != $avatar['size']) {
trigger_error('Could not write avatar to local storage', E_USER_ERROR);
}
}
} else {
$avatar_filesize = $avatar['size'];
$avatar_filetype = $avatar['type'];
$imgtype = check_image_type($avatar_filetype);
$new_filename = $userinfo['user_id'] . '_' . uniqid(rand()) . $imgtype;
$avatar_filename = $MAIN_CFG['avatar']['path'] . "/{$new_filename}";
if (!CPG_File::move_upload($avatar, $avatar_filename)) {
trigger_error('Could not copy avatar to local storage', E_USER_ERROR);
}
if (!$MAIN_CFG['avatar']['animated'] && ($fp = fopen($avatar_filename, 'rb'))) {
$data = fread($fp, $avatar_filesize);
fclose($fp);
$data = preg_split('/\\x00[\\x00-\\xFF]\\x00\\x2C/', $data);
// split GIF frames
if (count($data) > 2) {
unlink($avatar_filename);
cpg_error('Animated avatar not allowed');
}
unset($data);
}
}
if ($avatar_filesize < 40 || $avatar_filesize > $MAIN_CFG['avatar']['filesize']) {
unlink($avatar_filename);
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)));
}
avatar_size($avatar_filename, true);
avatar_delete($userinfo);
return "user_avatar='{$new_filename}', user_avatar_type=1";
}