function save_profile()
{
global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max;
$errors = 0;
// benjami: control added (2005-12-22)
$new_pass = false;
$messages = array();
$form_hash = md5($site_key . $user->id . $current_user->user_id);
if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) {
$old_user_login = $user->username;
$old_user_id = $user->id;
$user->disable(true);
Log::insert('user_delete', $old_user_id, $old_user_id);
syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} ");
$current_user->Logout(get_user_uri($user->username));
die;
}
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
array_push($messages, _('Falta la clave de control'));
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
$newname = trim($_POST['username']);
if (strlen($newname) < 3) {
array_push($messages, _('nombre demasiado corto'));
$errors++;
}
if (!check_username($newname)) {
array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos'));
$errors++;
} elseif (user_exists($newname, $user->id)) {
array_push($messages, _('el usuario ya existe'));
$errors++;
} else {
$user->username = $newname;
}
}
if (!empty($_POST['bio']) || $user->bio) {
$bio = clean_text($_POST['bio'], 0, false, $bio_max);
if ($bio != $user->bio) {
$user->bio = $bio;
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
array_push($messages, _('el correo electrónico no es correcto'));
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
array_push($messages, _('ya existe otro usuario con esa dirección de correo'));
$errors++;
} else {
$user->email = trim($_POST['email']);
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
// Check IM address
if (!empty($_POST['public_info'])) {
$_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
$public = $db->escape($_POST['public_info']);
$im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'"));
if ($im_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'));
$_POST['public_info'] = '';
$errors++;
}
}
$user->phone = $_POST['phone'];
$user->public_info = htmlspecialchars(clean_input_url($_POST['public_info']));
// End check IM address
if ($user->id == $current_user->user_id) {
// Check phone number
if (!empty($_POST['phone'])) {
if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) {
array_push($messages, _('número telefónico erróneo, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
} else {
$phone = $db->escape($_POST['phone']);
$phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'"));
if ($phone_count > 0) {
array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
}
}
}
$user->phone = $_POST['phone'];
// End check phone number
}
// Verifies adsense code
if ($globals['external_user_ads']) {
$_POST['adcode'] = trim($_POST['adcode']);
$_POST['adchannel'] = trim($_POST['adchannel']);
if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) {
array_push($messages, _('código AdSense incorrecto, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
} else {
$adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'"));
if ($adcode_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
}
}
}
if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
array_push($messages, _('canal AdSense incorrecto, no se ha grabado'));
$_POST['adchannel'] = '';
$errors++;
}
}
$user->adcode = $_POST['adcode'];
$user->adchannel = $_POST['adchannel'];
}
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números'));
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
array_push($messages, _('las claves no son iguales, no se ha modificado'));
$errors = 1;
} else {
$new_pass = trim($_POST['password']);
$user->pass = UserAuth::hash($new_pass);
array_push($messages, _('La clave se ha cambiado'));
$pass_changed = true;
}
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level = $db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma = $_POST['karma'];
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
array_push($messages, _('error guardando la imagen'));
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
array_push($messages, _('el tamaño de la imagen excede el límite'));
$errors = 1;
$user->avatar = 0;
}
} elseif ($_POST['avatar_delete']) {
$user->avatar = 0;
avatars_remove($user->id);
}
// Reset avatar for the logged user
if ($current_user->user_id == $user->id) {
$current_user->user_avatar = $user->avatar;
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) {
$current_user->Authenticate($user->username, $new_pass);
}
array_push($messages, _('datos actualizados'));
}
return $messages;
}
function disable($auto = false)
{
global $db;
require_once mnminclude . 'avatars.php';
require_once mnminclude . 'geo.php';
avatars_remove($this->id);
geo_delete('user', $this->id);
$this->username = '******' . $this->id . '--';
$this->email = "{$this->id}@disabled";
$this->url = '';
if ($auto) {
$this->level = 'autodisabled';
} else {
$this->level = 'disabled';
}
$this->names = 'disabled';
$this->public_info = '';
$this->adcode = '';
$this->adchannel = '';
$this->phone = '';
$this->avatar = 0;
$this->karma = 6;
$this->store();
syslog(LOG_INFO, "User disabled: {$this->id}");
// Delete relationships
$db->query("DELETE FROM friends WHERE friend_type='manual' and (friend_from = {$this->id} or friend_to = {$this->id})");
/*
// Delete posts' conversations
$db->query("delete from conversations where conversation_type = 'post' and conversation_user_to = $this->id");
$db->transaction();
$conv = $db->get_col("select post_id from posts where post_user_id = $this->id");
if ($conv) {
foreach ($conv as $id) {
$db->query("delete from conversations where conversation_type = 'post' and conversation_from = $id");
}
}
$db->commit();
*/
// Delete posts
$db->query("delete from posts where post_user_id = {$this->id}");
// Delete user's meta
$db->query("delete from annotations where annotation_key = 'user_meta-{$this->id}'");
// Delete preferences
$db->query("DELETE FROM prefs WHERE pref_user_id = {$this->id}");
return true;
}
function avatar_get_from_db($user, $size = 0)
{
global $db, $globals;
if (!in_array($size, $globals['avatars_allowed_sizes'])) {
return false;
}
$time = $db->get_var("select user_avatar from users where user_id={$user}");
if (!$globals['Amazon_S3_local_cache'] && $globals['Amazon_S3_media_bucket'] && is_writable('/tmp')) {
$subdir = '/tmp';
} else {
$chain = get_cache_dir_chain($user);
create_cache_dir_chain(get_avatars_dir(), $chain);
$subdir = get_avatars_dir() . '/' . $chain;
}
if (!is_writable($subdir)) {
return false;
}
$file_base = $subdir . "/{$user}-{$time}";
$delete = false;
$original = false;
if ($globals['Amazon_S3_media_bucket']) {
// Get avatar from S3
// Try up to 3 times to download from Amazon
$try = 0;
while ($original == false && $try < 3) {
if (Media::get("{$user}-{$time}-{$size}.jpg", 'avatars', "{$file_base}-{$size}.jpg")) {
return file_get_contents("{$file_base}-{$size}.jpg");
}
if (Media::get("{$user}-{$time}.jpg", 'avatars', "{$file_base}-orig.jpg")) {
$delete_it = true;
$original = "{$file_base}-orig.jpg";
} elseif (is_readable($file_base . '-80.jpg') && filesize($file_base . '-80.jpg') > 0 || Media::get("{$user}-{$time}-80.jpg", 'avatars', "{$file_base}-80.jpg")) {
$original = $file_base . '-80.jpg';
} else {
$try++;
usleep(rand(1, 20));
// Wait a little to minimize race-conditions
}
}
if (!$original) {
// The images were not found in S3
if (($buckets = Media::buckets(false)) && in_array($globals['Amazon_S3_media_bucket'], $buckets) && is_writable(mnmpath . '/' . $globals['cache_dir'])) {
// Double check
avatars_remove($user);
}
return false;
}
} else {
//Get from DB
if (!is_readable($file_base . '-80.jpg')) {
$img = $db->get_var("select avatar_image from avatars where avatar_id={$user}");
if (!strlen($img) > 0) {
if (is_writable(mnmpath . '/' . $globals['cache_dir'])) {
// Double check
avatars_remove($user);
}
return false;
}
file_put_contents($file_base . '-80.jpg', $img);
$original = $file_base . '-80.jpg';
}
}
if ($size > 0 && $size != 80) {
avatar_resize($original, "{$file_base}-{$size}.jpg", $size);
if ($delete_it) {
@unlink($original);
}
}
return file_get_contents("{$file_base}-{$size}.jpg");
}
function disable($auto = false) {
global $db;
require_once(mnminclude.'avatars.php');
require_once(mnminclude.'geo.php');
avatars_remove($this->id);
geo_delete('user', $this->id);
// Delete relationships
$db->query("DELETE FROM friends WHERE friend_type='manual' and (friend_from = $this->id or friend_to = $this->id)");
// Delete preferences
$db->query("DELETE FROM prefs WHERE pref_user_id = $this->id");
// Delete posts
$db->query("delete from posts where post_user_id = $this->id");
$this->username = '******'.$this->id.'--';
$this->email = "$this->id@disabled";
$this->url = '';
if ($auto) $this->level = 'autodisabled';
else $this->level = 'disabled';
$this->names = 'disabled';
$this->public_info = '';
$this->adcode = '';
$this->adchannel = '';
$this->phone = '';
$this->avatar = 0;
$this->karma = 6;
return $this->store();
}
function avatar_get_from_db($user, $size = 0)
{
global $db, $globals;
if (!in_array($size, $globals['avatars_allowed_sizes'])) {
return false;
}
$time = $db->get_var("select user_avatar from users where user_id={$user}");
if (!$time > 0) {
return false;
}
if (!$globals['Amazon_S3_local_cache'] && $globals['Amazon_S3_media_bucket'] && is_writable('/tmp')) {
$subdir = '/tmp';
} else {
if (!Upload::create_cache_dir($user)) {
return false;
}
$subdir = Upload::get_cache_dir($user);
}
if (!is_writable($subdir)) {
return false;
}
$file_base = $subdir . "/{$user}-{$time}";
$delete = false;
$original = false;
$http_code = 0;
if ($globals['Amazon_S3_media_bucket']) {
$original == false;
if (Media::get("{$user}-{$time}-{$size}.jpg", 'avatars', "{$file_base}-{$size}.jpg")) {
return file_get_contents("{$file_base}-{$size}.jpg");
}
if (Media::get("{$user}-{$time}.jpg", 'avatars', "{$file_base}-orig.jpg")) {
$delete_it = true;
$original = "{$file_base}-orig.jpg";
} else {
$http_code = Media::$lastHTTPCode;
if (is_readable($file_base . '-80.jpg') && filesize($file_base . '-80.jpg') > 0 || Media::get("{$user}-{$time}-80.jpg", 'avatars', "{$file_base}-80.jpg")) {
$original = $file_base . '-80.jpg';
}
}
if ($globals['Amazon_S3_delete_allowed'] && !$original && $http_code == 404 && Media::$lastHTTPCode == 404) {
// The images were not found in S3
if (is_writable(mnmpath . '/' . $globals['cache_dir'])) {
// Double check
syslog(LOG_INFO, "Meneame, removing avatars not found in S3 user {$user} time {$time}");
avatars_remove($user);
}
return false;
}
} else {
//Get from DB
if (!is_readable($file_base . '-80.jpg')) {
$img = $db->get_var("select avatar_image from avatars where avatar_id={$user}");
if (!strlen($img) > 0) {
if (is_writable(mnmpath . '/' . $globals['cache_dir'])) {
// Double check
avatars_remove($user);
}
return false;
}
file_put_contents($file_base . '-80.jpg', $img);
$original = $file_base . '-80.jpg';
}
}
if ($original && $size > 0 && $size != 80) {
avatar_resize($original, "{$file_base}-{$size}.jpg", $size);
if ($delete_it) {
@unlink($original);
}
}
return @file_get_contents("{$file_base}-{$size}.jpg");
}
