/** * disables user (if not disabled), removes all licensed content from db and * replaces every picture with a dummy one * * @return string error message, if anything went wrong, true otherwise * * old_disabled: the user was disabled already before license transition * and therefore could not accept/decline the license */ function disduelicense($old_disabled = false) { // get translation-object global $translate; // check if disabled, disable if not if (!$this->canDisableDueLicense()) { return 'this user must not be disabled'; } if (!$old_disabled) { if ($this->canDisable()) { if (!$this->disable()) { return 'disable user failed'; } } } // remember that data license was declined sql("UPDATE user SET data_license='&2' WHERE user_id='&1'", $this->getUserId(), $old_disabled ? NEW_DATA_LICENSE_PASSIVELY_DECLINED : NEW_DATA_LICENSE_ACTIVELY_DECLINED); /* * set all cache_desc and hint to '', save old texts */ // check if there are caches $num_caches = sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1'", 0, $this->getUserId()); if ($num_caches > 0) { $cache_descs = array(); $rs = sql("SELECT `id`, `language`, `desc`, `hint` " . "FROM `cache_desc`,`caches` " . "WHERE `caches`.`cache_id`=`cache_desc`.`cache_id` " . "AND `caches`.`user_id`='&1'", $this->getUserId()); while ($cache_desc = sql_fetch_array($rs, MYSQL_ASSOC)) { $cache_descs[] = $cache_desc; } sql_free_result($rs); // walk through cache_descs and set message for each language foreach ($cache_descs as $desc) { // save text - added 2013/03/18 to be enable restoring data on reactivation // of accounts that were disabled before license transition if ($desc['desc'] != "") { sql("INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)\n\t\t\t\t\t VALUES ('&1', '&2', '&3', '&4')", OBJECT_CACHEDESC, $desc['id'], 1, $desc['desc']); } if ($desc['hint'] != "") { sql("INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)\n\t\t\t\t\t VALUES ('&1', '&2', '&3', '&4')", OBJECT_CACHEDESC, $desc['id'], 2, $desc['hint']); } if ($desc['desc'] != "") { if ($old_disabled) { $descmsg = $translate->t("cache description was removed because the owner's account was inactive when the <a href='articles.php?page=impressum#datalicense'>new content license</a> was launched", '', basename(__FILE__), __LINE__, '', 1, $desc['language']); } else { $descmsg = $translate->t('cache description was removed because owner declined content license', '', basename(__FILE__), __LINE__, '', 1, $desc['language']); } } else { $descmsg = ""; } sql("UPDATE `cache_desc` " . "SET `desc`='&1',`hint`='&2' " . "WHERE `id`='&3'", "<em>" . $descmsg . "</em>", '', $desc['id']); } // replace pictures $errmesg = $this->replace_pictures(OBJECT_CACHE); if ($errmesg !== true) { return "removing cache pictures: {$errmesg}"; } } // delete additional waypoint texts $rs = sql("SELECT `id`, `description` FROM `coordinates`\n\t\t WHERE `type`='&1'\n\t AND `cache_id` IN (SELECT `cache_id` FROM `caches` WHERE `user_id`='&2')", COORDINATE_WAYPOINT, $this->getUserId()); while ($wp = sql_fetch_assoc($rs)) { if ($wp['description'] != "") { sql("INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)\n\t\t\t\t VALUES ('&1', '&2', '&3', '&4')", OBJECT_WAYPOINT, $wp['id'], 0, $wp['description']); } sql("UPDATE `coordinates` SET `description`=''\n\t\t WHERE `id`='&1'", $wp['id']); } sql_free_result($rs); /* * set all cache_logs '', save old texts and delete pictures */ $rs = sql("SELECT `id`, `text`\n\t\t\t\t\t\t\t FROM `cache_logs`\n\t\t\t\t\t\t\t WHERE `user_id`='&1'", $this->getUserId()); while ($log = sql_fetch_array($rs, MYSQL_ASSOC)) { // save text - added 2013/03/18 to be enable restoring data on reactivation // of accounts that were disabled before license transition sql("INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)\n\t\t\t VALUES ('&1', '&2', '&3', '&4')", OBJECT_CACHELOG, $log['id'], 0, $log['text']); // set text '' sql("UPDATE `cache_logs` SET `text`='' WHERE `id`='&1'", $log['id']); /* // replace pictures $errmesg = $this->replace_pictures(OBJECT_CACHELOG); if ($errmesg !== true) return "removing log pictures: $errmesg"; */ // delete log pictures $rsp = sql("SELECT `id` FROM `pictures`\n\t\t\t WHERE `object_type`='&1' AND `object_id`='&2'", OBJECT_CACHELOG, $log['id']); while ($pic = sql_fetch_assoc($rsp)) { $picture = new picture($pic['id']); $picture->delete(); } sql_free_result($rsp); } sql_free_result($rs); // discard achived logs' texts sql("UPDATE `cache_logs_archived` SET `text`='' WHERE `user_id`='&1'", $this->getUserId()); // success return true; }
//nom_adh and prenom_adh is not sent when form is used by a simple user //dblog('Member card updated:',strtoupper($_POST["nom_adh"]).' '.$_POST["prenom_adh"], $requete); dblog('Member card updated:', strtoupper($_POST["login_adh"]), $requete); } // picture upload if (isset($_FILES['photo'])) { if ($_FILES['photo']['tmp_name'] != '') { if (is_uploaded_file($_FILES['photo']['tmp_name'])) { if (!picture::store($adherent['id_adh'], $_FILES['photo']['tmp_name'], $_FILES['photo']['name'])) { $error_detected[] = _T("- Only .jpg, .gif and .png files are allowed."); } } } } if (isset($_POST['del_photo'])) { if (!picture::delete($adherent['id_adh'])) { $error_detected[] = _T("Delete failed"); } } if (isset($_POST["mail_confirm"])) { if ($_POST["mail_confirm"] == "1" && PREF_MAIL_METHOD > 0) { if (isset($adherent['email_adh']) && $adherent['email_adh'] != "") { $mail_subject = _T("Your Galette identifiers"); $mail_text = _T("Hello,") . "\n"; $mail_text .= "\n"; $mail_text .= _T("You've just been subscribed on the members management system of the association.") . "\n"; $mail_text .= _T("It is now possible to follow in real time the state of your subscription") . "\n"; $mail_text .= _T("and to update your preferences from the web interface.") . "\n"; $mail_text .= "\n"; $mail_text .= _T("Please login at this address:") . "\n"; $mail_text .= "http://" . $_SERVER["SERVER_NAME"] . dirname($_SERVER["REQUEST_URI"]) . "\n";
function store($id, $tmpfile, $name) { // TODO : error codes // TODO : check file size global $DB; $bad_chars = array('\\.', '\\\\', "'", ' ', '\\/', ':', '\\*', '\\?', '"', '<', '>', '|'); $allowed_extensions = array('jpeg', 'jpg', 'png', 'gif'); $allowed_mimes = array('image/jpeg', 'image/png', 'image/gif'); $format_ok = false; //First, does the file have valid name ? $reg = "/^(.[^" . implode('', $bad_chars) . "]+)\\.(" . implode('|', $allowed_extensions) . ")\$/i"; if (preg_match($reg, $name, $matches)) { $format_ok = true; $extension = $matches[2]; } else { return false; } //Second, let's see if the mime-type is allowed - if gd is aivailable if (function_exists("gd_info")) { $current = getimagesize($tmpfile); if (!in_array($current['mime'], $allowed_mimes)) { return false; } } $sql = "DELETE FROM " . PREFIX_DB . "pictures\n\t\t\t\tWHERE id_adh='" . $id . "'"; $DB->Execute($sql); picture::delete($id); $new_file = dirname(__FILE__) . '/../photos/' . $id . '.' . $extension; move_uploaded_file($tmpfile, $new_file); // resize (if gd available) if (function_exists("gd_info")) { resizeimage($new_file, $new_file, 200, 200); } $f = fopen($new_file, 'r'); $picture = ''; while ($r = fread($f, 8192)) { $picture .= $r; } fclose($f); $sql = "INSERT INTO " . PREFIX_DB . "pictures\n\t\t\t\t(id_adh, picture, format)\n\t\t\t\tVALUES ('" . $id . "',''," . $DB->Qstr($extension) . ")"; if (!$DB->Execute($sql)) { return false; } if (!$DB->UpdateBlob(PREFIX_DB . 'pictures', 'picture', $picture, 'id_adh=' . $id)) { return false; } return true; }
function restore_listings($cacheids, $rdate, $roptions, $simulate) { global $opt, $login; sql("SET @restoredby='&1'", $login->userid); // is evaluated by trigger functions sql_slave("SET @restoredby='&1'", $login->userid); $restored = array(); foreach ($cacheids as $cacheid) { $modified = false; // get current cache data $rs = sql("SELECT * FROM `caches` WHERE `cache_id`='&1'", $cacheid); $cache = sql_fetch_assoc($rs); sql_free_result($rs); $wp = $cache['wp_oc']; $user_id = $cache['user_id']; // coordinates if (in_array("coords", $roptions) && sql_value("SELECT `cache_id` FROM `cache_coordinates`\n WHERE `cache_id`='&1' AND `date_created`>='&2'", 0, $cacheid, $rdate)) { $rs = sql("SELECT `latitude`, `longitude` FROM `cache_coordinates`\n WHERE `cache_id`='&1' AND `date_created` < '&2'\n ORDER BY `date_created` DESC\n LIMIT 1", $cacheid, $rdate); if ($r = sql_fetch_assoc($rs)) { // should always be true ... if (!$simulate) { sql("UPDATE `caches` SET `latitude`='&1', `longitude`='&2' WHERE `cache_id`='&3'", $r['latitude'], $r['longitude'], $cacheid); } $restored[$wp]['coords'] = true; } sql_free_result($rs); } // country if (in_array("coords", $roptions) && sql_value("SELECT `cache_id` FROM `cache_countries`\n WHERE `cache_id`='&1' AND `date_created`>='&2'", 0, $cacheid, $rdate)) { $rs = sql("SELECT `country` FROM `cache_countries`\n WHERE `cache_id`='&1' AND `date_created` < '&2'\n ORDER BY `date_created` DESC\n LIMIT 1", $cacheid, $rdate); if ($r = sql_fetch_assoc($rs)) { // should always be true ... if (!$simulate) { sql("UPDATE `caches` SET `country`='&1' WHERE `cache_id`='&2'", $r['country'], $cacheid); } $restored[$wp]['country'] = true; } sql_free_result($rs); } // other cache data $rs = sql("SELECT * FROM `caches_modified`\n WHERE `cache_id`='&1' AND `date_modified` >='&2'\n ORDER BY `date_modified` ASC\n LIMIT 1", $cacheid, $rdate); $fields = ['name' => 'settings', 'type' => 'settings', 'size' => 'settings', 'date_hidden' => 'settings', 'difficulty' => 'settings', 'terrain' => 'settings', 'search_time' => 'settings', 'way_length' => 'settings', 'wp_gc' => 'waypoints', 'wp_nc' => 'waypoints']; if ($r = sql_fetch_assoc($rs)) { // can be false $setfields = ""; foreach ($fields as $field => $ropt) { if (in_array($ropt, $roptions) && $r[$field] != $cache[$field]) { if ($setfields != "") { $setfields .= ","; } $setfields .= "`{$field}`='" . sql_escape($r[$field]) . "'"; $restored[$wp][$field] = true; } } if ($setfields != "" && !$simulate) { sql("UPDATE `caches` SET " . $setfields . " WHERE `cache_id`='&1'", $cacheid); } } sql_free_result($rs); // attributes if (in_array('settings', $roptions)) { $rs = sql("SELECT * FROM `caches_attributes_modified`\n WHERE `cache_id`='&1' AND `date_modified`>='&2' AND `attrib_id` != 6 /* OConly */\n ORDER BY `date_modified` DESC", $cacheid, $rdate); // revert all attribute changes in reverse order. // recording limit of one change per attribute, cache and day ensures that no exponentially // growing list of recording entries can emerge from multiple reverts. while ($r = sql_fetch_assoc($rs)) { if (!$simulate) { if ($r['was_set']) { sql("INSERT IGNORE INTO `caches_attributes` (`cache_id`,`attrib_id`)\n VALUES ('&1','&2')", $cacheid, $r['attrib_id']); } else { sql("DELETE FROM `caches_attributes` WHERE `cache_id`='&1' AND `attrib_id`='&2'", $cacheid, $r['attrib_id']); } } $restored[$wp]['attributes'] = true; } sql_free_result($rs); } // descriptions if (in_array('desc', $roptions)) { $rs = sql("SELECT * FROM `cache_desc_modified`\n WHERE `cache_id`='&1' AND `date_modified`>='&2'\n ORDER BY `date_modified` DESC", $cacheid, $rdate); // revert all desc changes in reverse order. // recording limit of one change per language, cache and day ensures that no exponentially // growing list of recording entries can emerge from restore-reverts. while ($r = sql_fetch_assoc($rs)) { if (!$simulate) { if ($r['desc'] === null) { // was newly created -> delete sql("DELETE FROM `cache_desc` WHERE `cache_id`='&1' AND `language`='&2'", $cacheid, $r['language']); } else { // id, uuid, date_created and last_modified are set automatically sql("INSERT INTO `cache_desc`\n (`node`, `cache_id`, `language`, `desc`, `desc_html`, `desc_htmledit`, `hint`, `short_desc`)\n VALUES ('&1','&2','&3','&4','&5','&6','&7','&8')\n ON DUPLICATE KEY UPDATE\n `desc`='&4', `desc_html`='&5', `desc_htmledit`='&6', `hint`='&7', `short_desc`='&8'", $opt['logic']['node']['id'], $cacheid, $r['language'], $r['desc'], $r['desc_html'], $r['desc_htmledit'], $r['hint'], $r['short_desc']); } } $restored[$wp]['description(s)'] = true; } sql_free_result($rs); } // logs // ... before pictures, so that restored logpics have a parent if (in_array('logs', $roptions)) { $rs = sql("\n SELECT * FROM (\n SELECT\n `id`,\n -1 AS `node`,\n `date_modified`,\n `cache_id`,\n 0 AS `user_id`,\n 0 AS `type`,\n '0' AS `oc_team_comment`,\n '0' AS `date`,\n '' AS `text`,\n 0 AS `text_html`,\n 0 AS `text_htmledit`,\n 0 AS `needs_maintenance`,\n 0 AS `listing_outdated`,\n `original_id`\n FROM `cache_logs_restored`\n WHERE `cache_id`='&1' AND `date_modified` >= '&2'\n UNION\n SELECT\n `id`,\n `node`,\n `deletion_date`,\n `cache_id`,\n `user_id`,\n `type`,\n `oc_team_comment`,\n `date`,\n `text`,\n `text_html`,\n `text_htmledit`,\n `needs_maintenance`,\n `listing_outdated`,\n 0 AS `original_id`\n FROM `cache_logs_archived`\n WHERE\n `cache_id`='&1'\n AND `deletion_date` >= '&2'\n AND `deleted_by`='&3'\n AND `user_id` != '&3'\n ) `logs`\n ORDER BY `date_modified` ASC", $cacheid, $rdate, $user_id); // We start with the oldest entry and will touch each log ony once: // After restoring its state, it is added to $logs_processed (by its last known id), // and all further operations on the same log are ignored. This prevents unnecessary // operations and flooding pictures_modified on restore-reverts. $logs_processed = array(); while ($r = sql_fetch_assoc($rs)) { $error = ""; $logs_restored = false; // the log's id may have changed by multiple delete-and-restores $revert_logid = get_current_logid($r['id']); if (!in_array($revert_logid, $logs_processed)) { if ($r['node'] == -1) { // if it was not already deleted by a later restore operation ... if (sql_value("SELECT `id` FROM `cache_logs` WHERE `id`='&1'", 0, $revert_logid) != 0) { if (!$simulate) { sql("INSERT INTO `cache_logs_archived`\n SELECT *, '0', '&2', '&3' FROM `cache_logs` WHERE `id`='&1'", $revert_logid, $user_id, $login->userid); sql("DELETE FROM `cache_logs` WHERE `id`='&1'", $revert_logid); // This triggers an okapi_syncbase update, if OKAPI is installed: sql("UPDATE `cache_logs_archived` SET `deletion_date`=NOW() WHERE `id`='&1'", $revert_logid); } $logs_restored = true; } // if it was not already restored by a later restore operation ... } elseif (sql_value("SELECT `id` FROM `cache_logs` WHERE `id`='&1'", 0, $revert_logid) == 0) { // id, uuid, date_created and last_modified are set automatically; // picture will be updated automatically on picture-restore $log = new cachelog(); $log->setNode($r['node']); // cachelog class currently does not initialize node field $log->setCacheId($r['cache_id']); $log->setUserId($r['user_id']); $log->setType($r['type'], true); $log->setOcTeamComment($r['oc_team_comment']); $log->setDate($r['date']); $log->setText($r['text']); $log->setTextHtml($r['text_html']); $log->setTextHtmlEdit($r['text_htmledit']); $log->setNeedsMaintenance($r['needs_maintenance']); $log->setListingOutdated($r['listing_outdated']); $log->setOwnerNotified(1); if ($simulate) { $logs_restored = true; } else { if (!$log->save()) { $error = "restore"; } else { sql("INSERT IGNORE INTO `cache_logs_restored`\n (`id`, `date_modified`, `cache_id`, `original_id`, `restored_by`)\n VALUES ('&1', NOW(), '&2', '&3', '&4')", $log->getLogId(), $log->getCacheId(), $revert_logid, $login->userid); sql("DELETE FROM `watches_logqueue` WHERE `log_id`='&1'", $log->getLogId()); // watches_logqueue entry was created by trigger $logs_processed[] = $log->getLogId(); /* no longer needed after implementing picture deletion in removelog.php // log pic deleting is not completely implemented, orphan pictures are [*p] // left over when directly deleting the log. We try to recover them ... sql("UPDATE `pictures` SET `object_id`='&1' WHERE `object_type`=1 AND `object_id`='&2'", $log->getLogId(), $revert_logid); // ... and then update the stats: $log->updatePictureStat(); */ $logs_restored = true; } } } // restore deleted $logs_processed[] = $revert_logid; } // not already processed if ($error != "") { $restored[$wp]['internal error - could not $error log ' + $r['id'] + "/" + $logid]; } if ($logs_restored) { $restored[$wp]['logs'] = true; } } // while (all relevant log records) sql_free_result($rs); } // if logs enabled per roptions // pictures if (in_array("desc", $roptions) || in_array("logs", $roptions)) { $rs = sql("SELECT * FROM `pictures_modified`\n WHERE ((`object_type`=2 AND '&2' AND `object_id`='&3') OR\n (`object_type`=1 AND '&1'\n AND IFNULL((SELECT `user_id` FROM `cache_logs` WHERE `id`=`object_id`),(SELECT `user_id` FROM `cache_logs_archived` WHERE `id`=`object_id`)) != '&5'\n /* ^^ ignore changes of own log pics (shouldnt be in pictures_modified, anyway) */\n AND IFNULL((SELECT `cache_id` FROM `cache_logs` WHERE `id`=`object_id`),(SELECT `cache_id` FROM `cache_logs_archived` WHERE `id`=`object_id`)) = '&3'))\n AND `date_modified`>='&4'\n ORDER BY `date_modified` ASC", in_array("logs", $roptions) ? 1 : 0, in_array("desc", $roptions) ? 1 : 0, $cacheid, $rdate, $user_id); // We start with the oldest entry and will touch each picture ony once: // After restoring its state, it is added to $pics_processed (by its last known id), // and all further operations on the same pic are ignored. This prevents unnecessary // operations and flooding the _modified table on restore-reverts. $pics_processed = array(); while ($r = sql_fetch_assoc($rs)) { $pics_restored = false; // the picture id may have changed by multiple delete-and-restores $revert_picid = get_current_picid($r['id']); if (!in_array($revert_picid, $pics_processed)) { // .. as may have its uuid-based url $revert_url = sql_value("SELECT `url` FROM `pictures_modified` WHERE `id`='&1'", $r['url'], $revert_picid); $error = ""; switch ($r['operation']) { case 'I': if (sql_value("SELECT `id` FROM `pictures` WHERE `id`='&1'", 0, $revert_picid) != 0) { // if it was not already deleted by a later restore operation: // delete added (cache) picture $pic = new picture($revert_picid); if ($simulate) { $pics_restored = true; } else { if ($pic->delete(true)) { $pics_restored = true; } else { $error = "delete"; } } } break; case 'U': if (sql_value("SELECT `id` FROM `pictures` WHERE `id`='&1'", 0, $revert_picid) != 0) { // if it was not deleted by a later restore operation: // restore modified (cache) picture properties $pic = new picture($revert_picid); $pic->setTitle($r['title']); $pic->setSpoiler($r['spoiler']); $pic->setDisplay($r['display']); // mappreview flag is not restored, because it seems unappropriate to // advertise for the listing of a vandalizing owner if ($simulate) { $pics_restored = true; } else { if ($pic->save(true)) { $pics_restored = true; } else { $error = "update"; } } } break; case 'D': if (sql_value("SELECT `id` FROM `pictures` WHERE `id`='&1'", 0, $revert_picid) == 0) { // if it was not already restored by a later restore operation: // restore deleted picture // id, uuid, date_created and last_modified are set automatically // the referring log's id may have changed by [multiple] delete-and-restore if ($r['object_type'] == 1) { $r['object_id'] = get_current_logid($r['object_id']); } // id, uuid, node, date_created, date_modified are automatically set; // url will be set on save; // last_url_check and thumb_last_generated stay at defaults until checked; // thumb_url will be set on thumb creation (old thumb was deleted) $pic = new picture(); $pic->setTitle($r['title']); $pic->setObjectId($r['object_id']); $pic->setObjectType($r['object_type']); $pic->setSpoiler($r['spoiler']); $pic->setLocal(1); $pic->setUnknownFormat($r['unknown_format']); $pic->setDisplay($r['display']); // mappreview flag is not restored, because it seems unappropriate to // advertise for the listing of a vandalizing owner if ($simulate) { $pics_restored = true; } else { if ($pic->save(true, $revert_picid, $revert_url)) { $pics_restored = true; $pics_processed[] = $pic->getPictureId(); } else { $error = "restore"; } } } break; } // switch $pics_processed[] = $revert_picid; } // not already processed if ($error != "") { $restored[$wp]['internal error - could not $error picture ' . $r['id'] + "/" + $picid] = true; } if ($pics_restored) { $restored[$wp]['pictures'] = true; } } // while (all relevant pic records) sql_free_result($rs); } // if pics enabled per roptions } // foreach cache(id) sql("SET @restoredby=0"); sql_slave("SET @restoredby=0"); return $restored; }
// picture upload if (isset($_FILES['logo'])) { if ($_FILES['logo']['tmp_name'] != '') { $pic =& new picture(0); if (is_uploaded_file($_FILES['logo']['tmp_name'])) { if (!$pic->store(0, $_FILES['logo']['tmp_name'], $_FILES['logo']['name'])) { $error_detected[] = _T("- Only .jpg, .gif and .png files are allowed."); } else { $_SESSION["customLogoFormat"] = $pic->FORMAT; $_SESSION["customLogo"] = true; } } } } if (isset($_POST['del_logo'])) { if (!picture::delete(0)) { $error_detected[] = _T("Delete failed"); } else { $_SESSION["customLogo"] = false; } } } } else { // collect data $requete = "SELECT *\n\t\t\t FROM " . PREFIX_DB . "preferences"; $result =& $DB->Execute($requete); if ($result->EOF) { header("location: index.php"); } else { while (!$result->EOF) { $pref[$result->fields['nom_pref']] = htmlentities(stripslashes(addslashes($result->fields['val_pref'])), ENT_QUOTES);