Пример #1
0
/**
* Shows the user edit form
*
* @param    int     $uid    User to edit
* @param    int     $msg    Error message to display
* @return   string          HTML for user edit form
*
*/
function edituser($uid = '', $msg = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
    require_once $_CONF['path_system'] . 'lib-admin.php';
    $retval = '';
    if (!empty($msg)) {
        $retval .= COM_showMessageText($MESSAGE[$msg], $LANG28[22]);
    }
    if (!empty($msg) && !empty($uid) && $uid > 1) {
        // an error occured while editing a user - if it was a new account,
        // don't bother trying to read the user's data from the database ...
        $cnt = DB_count($_TABLES['users'], 'uid', $uid);
        if ($cnt == 0) {
            $uid = '';
        }
    }
    if (!empty($uid) && $uid > 1) {
        $result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid = '{$uid}'");
        $A = DB_fetchArray($result);
        if (empty($A['uid'])) {
            return COM_refresh($_CONF['site_admin_url'] . '/user.php');
        }
        if (SEC_inGroup('Root', $uid) and !SEC_inGroup('Root')) {
            // the current admin user isn't Root but is trying to change
            // a root account.  Deny them and log it.
            $retval .= COM_showMessageText($LANG_ACCESS['editrootmsg'], $LANG28[1]);
            COM_accessLog("User {$_USER['username']} tried to edit a Root account with insufficient privileges.");
            return $retval;
        }
        $curtime = COM_getUserDateTimeFormat($A['regdate']);
        $lastlogin = DB_getItem($_TABLES['userinfo'], 'lastlogin', "uid = '{$uid}'");
        $lasttime = COM_getUserDateTimeFormat($lastlogin);
    } else {
        $A['uid'] = '';
        $uid = '';
        $curtime = COM_getUserDateTimeFormat();
        $lastlogin = '';
        $lasttime = '';
        $A['status'] = USER_ACCOUNT_ACTIVE;
    }
    // POST data can override, in case there was an error while editing a user
    if (isset($_POST['username'])) {
        $A['username'] = strip_tags($_POST['username']);
    }
    if (isset($_POST['fullname'])) {
        $A['fullname'] = strip_tags($_POST['fullname']);
    }
    if (isset($_POST['email'])) {
        $A['email'] = strip_tags($_POST['email']);
    }
    if (isset($_POST['homepage'])) {
        $A['homepage'] = strip_tags($_POST['homepage']);
    }
    if (isset($_POST['userstatus'])) {
        $A['status'] = COM_applyFilter($_POST['userstatus'], true);
    }
    $token = SEC_createToken();
    $retval .= COM_startBlock($LANG28[1], '', COM_getBlockTemplate('_admin_block', 'header'));
    $retval .= SEC_getTokenExpiryNotice($token);
    $user_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/user');
    $user_templates->set_file(array('form' => 'edituser.thtml', 'password' => 'password.thtml', 'groupedit' => 'groupedit.thtml'));
    $user_templates->set_var('lang_save', $LANG_ADMIN['save']);
    if (!empty($uid) && $A['uid'] != $_USER['uid'] && SEC_hasRights('user.delete')) {
        $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
        $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
        $user_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
        $user_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
    }
    $user_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $user_templates->set_var('lang_userid', $LANG28[2]);
    if (empty($A['uid'])) {
        $user_templates->set_var('user_id', $LANG_ADMIN['na']);
    } else {
        $user_templates->set_var('user_id', $A['uid']);
    }
    $user_templates->set_var('lang_regdate', $LANG28[14]);
    $user_templates->set_var('regdate_timestamp', $curtime[1]);
    $user_templates->set_var('user_regdate', $curtime[0]);
    $user_templates->set_var('lang_lastlogin', $LANG28[35]);
    if (empty($lastlogin)) {
        $user_templates->set_var('user_lastlogin', $LANG28[36]);
    } else {
        $user_templates->set_var('user_lastlogin', $lasttime[0]);
    }
    $user_templates->set_var('lang_username', $LANG28[3]);
    if (isset($A['username'])) {
        $user_templates->set_var('username', $A['username']);
    } else {
        $user_templates->set_var('username', '');
    }
    $remoteservice = '';
    if ($_CONF['show_servicename']) {
        if (!empty($A['remoteservice'])) {
            $remoteservice = '@' . $A['remoteservice'];
        }
    }
    $user_templates->set_var('remoteservice', $remoteservice);
    if ($_CONF['allow_user_photo'] && $A['uid'] > 0) {
        $photo = USER_getPhoto($A['uid'], $A['photo'], $A['email'], -1);
        $user_templates->set_var('user_photo', $photo);
        if (empty($A['photo'])) {
            $user_templates->set_var('lang_delete_photo', '');
            $user_templates->set_var('delete_photo_option', '');
        } else {
            $user_templates->set_var('lang_delete_photo', $LANG28[28]);
            $user_templates->set_var('delete_photo_option', '<input type="checkbox" name="delete_photo"' . XHTML . '>');
        }
    } else {
        $user_templates->set_var('user_photo', '');
        $user_templates->set_var('lang_delete_photo', '');
        $user_templates->set_var('delete_photo_option', '');
    }
    $user_templates->set_var('lang_fullname', $LANG28[4]);
    if (isset($A['fullname'])) {
        $user_templates->set_var('user_fullname', htmlspecialchars($A['fullname']));
    } else {
        $user_templates->set_var('user_fullname', '');
    }
    if (empty($A['remoteservice'])) {
        $user_templates->set_var('lang_password', $LANG28[5]);
        $user_templates->set_var('lang_password_conf', $LANG28[39]);
        $user_templates->parse('password_option', 'password', true);
    } else {
        $user_templates->set_var('password_option', '');
    }
    $user_templates->set_var('lang_emailaddress', $LANG28[7]);
    if (isset($A['email'])) {
        $user_templates->set_var('user_email', htmlspecialchars($A['email']));
    } else {
        $user_templates->set_var('user_email', '');
    }
    $user_templates->set_var('lang_homepage', $LANG28[8]);
    if (isset($A['homepage'])) {
        $user_templates->set_var('user_homepage', htmlspecialchars($A['homepage']));
    } else {
        $user_templates->set_var('user_homepage', '');
    }
    $user_templates->set_var('do_not_use_spaces', '');
    $statusarray = array(USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43], USER_ACCOUNT_ACTIVE => $LANG28[45]);
    $allow_ban = true;
    if (!empty($uid)) {
        if ($A['uid'] == $_USER['uid']) {
            $allow_ban = false;
            // do not allow to ban yourself
        } elseif (SEC_inGroup('Root', $A['uid'])) {
            // editing a Root user?
            $count_root_sql = "SELECT COUNT(ug_uid) AS root_count FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = 1 GROUP BY ug_uid;";
            $count_root_result = DB_query($count_root_sql);
            $C = DB_fetchArray($count_root_result);
            // how many are left?
            if ($C['root_count'] < 2) {
                $allow_ban = false;
                // prevent banning the last root user
            }
        }
    }
    if ($allow_ban) {
        $statusarray[USER_ACCOUNT_DISABLED] = $LANG28[42];
    }
    if ($_CONF['usersubmission'] == 1 && !empty($uid)) {
        $statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44];
    }
    asort($statusarray);
    $statusselect = '<select name="userstatus">';
    foreach ($statusarray as $key => $value) {
        $statusselect .= '<option value="' . $key . '"';
        if ($key == $A['status']) {
            $statusselect .= ' selected="selected"';
        }
        $statusselect .= '>' . $value . '</option>' . LB;
    }
    $statusselect .= '</select><input type="hidden" name="oldstatus" value="' . $A['status'] . '"' . XHTML . '>';
    $user_templates->set_var('user_status', $statusselect);
    $user_templates->set_var('lang_user_status', $LANG28[46]);
    if ($_CONF['custom_registration'] and function_exists('CUSTOM_userEdit')) {
        if (!empty($uid) && $uid > 1) {
            $user_templates->set_var('customfields', CUSTOM_userEdit($uid));
        } else {
            $user_templates->set_var('customfields', CUSTOM_userEdit($A['uid']));
        }
    }
    if (SEC_hasRights('group.assign')) {
        $user_templates->set_var('lang_securitygroups', $LANG_ACCESS['securitygroups']);
        $user_templates->set_var('lang_groupinstructions', $LANG_ACCESS['securitygroupsmsg']);
        if (!empty($uid)) {
            $usergroups = SEC_getUserGroups($uid);
            if (is_array($usergroups) && !empty($uid)) {
                $selected = implode(' ', $usergroups);
            } else {
                $selected = '';
            }
        } else {
            $selected = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'") . ' ';
            $selected .= DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            // add default groups, if any
            $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1");
            $num_defaults = DB_numRows($result);
            for ($i = 0; $i < $num_defaults; $i++) {
                list($def_grp) = DB_fetchArray($result);
                $selected .= ' ' . $def_grp;
            }
        }
        // in case of an error we may have previously selected a different
        // mix of groups already - reconstruct those from the POST data
        if (isset($_POST['groups']) && count($_POST['groups']) > 0) {
            $selected = implode(' ', $_POST['groups']);
        }
        $thisUsersGroups = SEC_getUserGroups();
        $remoteGroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
        if (!empty($remoteGroup)) {
            $thisUsersGroups[] = $remoteGroup;
        }
        $whereGroups = 'grp_id IN (' . implode(',', $thisUsersGroups) . ')';
        $header_arr = array(array('text' => $LANG28[86], 'field' => 'checkbox', 'sort' => false), array('text' => $LANG_ACCESS['groupname'], 'field' => 'grp_name', 'sort' => true), array('text' => $LANG_ACCESS['description'], 'field' => 'grp_descr', 'sort' => true));
        $defsort_arr = array('field' => 'grp_name', 'direction' => 'asc');
        $form_url = $_CONF['site_admin_url'] . '/user.php?mode=edit&amp;uid=' . $uid;
        $text_arr = array('has_menu' => false, 'title' => '', 'instructions' => '', 'icon' => '', 'form_url' => $form_url, 'inline' => true);
        $sql = "SELECT grp_id, grp_name, grp_descr FROM {$_TABLES['groups']} WHERE " . $whereGroups;
        $query_arr = array('table' => 'groups', 'sql' => $sql, 'query_fields' => array('grp_name'), 'default_filter' => '', 'query' => '', 'query_limit' => 0);
        $groupoptions = ADMIN_list('usergroups', 'ADMIN_getListField_usergroups', $header_arr, $text_arr, $query_arr, $defsort_arr, '', explode(' ', $selected));
        $user_templates->set_var('group_options', $groupoptions);
        $user_templates->parse('group_edit', 'groupedit', true);
    } else {
        // user doesn't have the rights to edit a user's groups so set to -1
        // so we know not to handle the groups array when we save
        $user_templates->set_var('group_edit', '<input type="hidden" name="groups" value="-1"' . XHTML . '>');
    }
    $user_templates->set_var('gltoken_name', CSRF_TOKEN);
    $user_templates->set_var('gltoken', $token);
    $user_templates->parse('output', 'form');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
Пример #2
0
/**
* Shows the user's current settings
*
*/
function edituser()
{
    global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN;
    $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}");
    $A = DB_fetchArray($result);
    $preferences = new Template($_CONF['path_layout'] . 'preferences');
    $preferences->set_file(array('profile' => 'profile.thtml', 'photo' => 'userphoto.thtml', 'username' => 'username.thtml', 'deleteaccount' => 'deleteaccount.thtml'));
    include $_CONF['path_system'] . 'classes/navbar.class.php';
    $navbar = new navbar();
    $cnt = 0;
    foreach ($LANG_MYACCOUNT as $id => $label) {
        $navbar->add_menuitem($label, 'showhideProfileEditorDiv("' . $id . '",' . $cnt . ');return false;', true);
        $cnt++;
    }
    $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
    $preferences->set_var('xhtml', XHTML);
    $preferences->set_var('navbar', $navbar->generate());
    $preferences->set_var('site_url', $_CONF['site_url']);
    $preferences->set_var('layout_url', $_CONF['layout_url']);
    $preferences->set_var('no_javascript_warning', $LANG04[150]);
    $preferences->set_var('cssid1', 1);
    $preferences->set_var('cssid2', 2);
    $preferences->set_var('preview', userprofile($_USER['uid']));
    $preferences->set_var('prefs', editpreferences());
    // some trickery to ensure alternating colors with the available options ...
    if ($_CONF['allow_username_change'] == 1) {
        $first = 1;
        $second = 2;
    } else {
        $first = 2;
        $second = 1;
    }
    $preferences->set_var('cssid1u', $first);
    $preferences->set_var('cssid2u', $second);
    if ($_CONF['allow_user_photo'] == 1) {
        $tmp = $first;
        $first = $second;
        $second = $tmp;
    }
    $preferences->set_var('cssid1p', $first);
    $preferences->set_var('cssid2p', $second);
    $preferences->set_var('lang_fullname', $LANG04[3]);
    $preferences->set_var('lang_fullname_text', $LANG04[34]);
    $preferences->set_var('lang_username', $LANG04[2]);
    $preferences->set_var('lang_username_text', $LANG04[87]);
    $preferences->set_var('lang_password_help_title', $LANG04[146]);
    $preferences->set_var('lang_password_help', $LANG04[147]);
    $preferences->set_var('lang_password', $LANG04[4]);
    $preferences->set_var('lang_password_text', $LANG04[35]);
    $preferences->set_var('lang_password_conf', $LANG04[108]);
    $preferences->set_var('lang_password_text_conf', $LANG04[109]);
    $preferences->set_var('lang_old_password', $LANG04[110]);
    $preferences->set_var('lang_old_password_text', $LANG04[111]);
    $preferences->set_var('lang_cooktime', $LANG04[68]);
    $preferences->set_var('lang_cooktime_text', $LANG04[69]);
    $preferences->set_var('lang_email', $LANG04[5]);
    $preferences->set_var('lang_email_text', $LANG04[33]);
    $preferences->set_var('lang_email_conf', $LANG04[124]);
    $preferences->set_var('lang_email_conf_text', $LANG04[126]);
    $preferences->set_var('lang_userinfo_help_title', $LANG04[148]);
    $preferences->set_var('lang_userinfo_help', $LANG04[149]);
    $preferences->set_var('lang_homepage', $LANG04[6]);
    $preferences->set_var('lang_homepage_text', $LANG04[36]);
    $preferences->set_var('lang_location', $LANG04[106]);
    $preferences->set_var('lang_location_text', $LANG04[107]);
    $preferences->set_var('lang_signature', $LANG04[32]);
    $preferences->set_var('lang_signature_text', $LANG04[37]);
    $preferences->set_var('lang_userphoto', $LANG04[77]);
    $preferences->set_var('lang_userphoto_text', $LANG04[78]);
    $preferences->set_var('lang_about', $LANG04[7]);
    $preferences->set_var('lang_about_text', $LANG04[38]);
    $preferences->set_var('lang_pgpkey', $LANG04[8]);
    $preferences->set_var('lang_pgpkey_text', $LANG04[39]);
    $preferences->set_var('lang_submit', $LANG04[9]);
    $preferences->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $preferences->set_var('lang_preview_title', $LANG04[145]);
    $preferences->set_var('lang_enter_current_password', $LANG04[127]);
    $preferences->set_var('lang_name_legend', $LANG04[128]);
    $preferences->set_var('lang_password_email_legend', $LANG04[129]);
    $preferences->set_var('lang_personal_info_legend', $LANG04[130]);
    $display_name = COM_getDisplayName($_USER['uid']);
    //$preferences->set_var ('start_block_profile',
    //        COM_startBlock ($LANG04[1] . ' ' . $display_name));
    //$preferences->set_var ('end_block', COM_endBlock ());
    $preferences->set_var('profile_headline', $LANG04[1] . ' ' . $display_name);
    if ($_CONF['allow_user_photo'] == 1) {
        $preferences->set_var('enctype', 'enctype="multipart/form-data"');
    } else {
        $preferences->set_var('enctype', '');
    }
    $preferences->set_var('fullname_value', htmlspecialchars($A['fullname']));
    $preferences->set_var('new_username_value', htmlspecialchars($_USER['username']));
    $preferences->set_var('password_value', '');
    if ($_CONF['allow_username_change'] == 1) {
        $preferences->parse('username_option', 'username', true);
    } else {
        $preferences->set_var('username_option', '');
    }
    $selection = '<select id="cooktime" name="cooktime">' . LB;
    $selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $A['cookietimeout'], 0);
    $selection .= '</select>';
    $preferences->set_var('cooktime_selector', $selection);
    $preferences->set_var('email_value', htmlspecialchars($A['email']));
    $preferences->set_var('homepage_value', htmlspecialchars(COM_killJS($A['homepage'])));
    $preferences->set_var('location_value', htmlspecialchars(strip_tags($A['location'])));
    $preferences->set_var('signature_value', htmlspecialchars($A['sig']));
    if ($_CONF['allow_user_photo'] == 1) {
        $photo = USER_getPhoto($_USER['uid'], $A['photo'], $A['email'], -1);
        if (empty($photo)) {
            $preferences->set_var('display_photo', '');
        } else {
            if (empty($A['photo'])) {
                // external avatar
                $photo = '<br' . XHTML . '>' . $photo;
            } else {
                // uploaded photo - add delete option
                $photo = '<br' . XHTML . '>' . $photo . '<br' . XHTML . '>' . $LANG04[79] . '&nbsp;<input type="checkbox" name="delete_photo"' . XHTML . '>' . LB;
            }
            $preferences->set_var('display_photo', $photo);
        }
        if (empty($_CONF['image_lib'])) {
            $scaling = $LANG04[162];
        } else {
            $scaling = $LANG04[161];
        }
        $preferences->set_var('photo_max_dimensions', sprintf($LANG04[160], $_CONF['max_photo_width'], $_CONF['max_photo_height'], $_CONF['max_photo_size'], $scaling));
        $preferences->parse('userphoto_option', 'photo', true);
    } else {
        $preferences->set_var('userphoto_option', '');
    }
    $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}");
    $A = DB_fetchArray($result);
    $reqid = substr(md5(uniqid(rand(), 1)), 1, 16);
    DB_change($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']);
    $preferences->set_var('about_value', htmlspecialchars($A['about']));
    $preferences->set_var('pgpkey_value', htmlspecialchars($A['pgpkey']));
    $preferences->set_var('uid_value', $reqid);
    $preferences->set_var('username_value', htmlspecialchars($_USER['username']));
    if ($_CONF['allow_account_delete'] == 1) {
        $preferences->set_var('lang_deleteaccount', $LANG04[156]);
        $preferences->set_var('delete_text', $LANG04[95]);
        $preferences->set_var('lang_button_delete', $LANG04[96]);
        $preferences->set_var('delete_mode', 'confirmdelete');
        $preferences->set_var('account_id', $reqid);
        if (isset($LANG04[157])) {
            $preferences->set_var('lang_deleteoption', $LANG04[157]);
        } else {
            $preferences->set_var('lang_deleteoption', $LANG04[156]);
        }
        $preferences->parse('delete_account_option', 'deleteaccount', false);
    } else {
        $preferences->set_var('delete_account_option', '');
    }
    // Call custom account form and edit function if enabled and exists
    if ($_CONF['custom_registration'] and function_exists('CUSTOM_userEdit')) {
        $preferences->set_var('customfields', CUSTOM_userEdit($_USER['uid']));
    }
    PLG_profileVariablesEdit($_USER['uid'], $preferences);
    $retval = $preferences->finish($preferences->parse('output', 'profile'));
    $retval .= PLG_profileBlocksEdit($_USER['uid']);
    return $retval;
}
Пример #3
0
function USER_userinfoPanel($U, $newuser = 0)
{
    global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04;
    $uid = $U['uid'];
    // set template
    $userform = new Template($_CONF['path_layout'] . 'admin/user/');
    $userform->set_file('user', 'userinfopanel.thtml');
    $userform->set_var(array('lang_personal_info_legend' => $LANG04[130], 'lang_userinfo_help_title' => $LANG04[148], 'lang_userinfo_help' => $LANG04[149], 'lang_homepage' => $LANG04[6], 'lang_location' => $LANG04[106], 'lang_signature' => $LANG04[32], 'lang_about' => $LANG04[7], 'lang_pgpkey' => $LANG04[8], 'lang_social_follow' => $LANG04[198], 'lang_social_info' => $LANG04[199], 'lang_social_service' => $LANG04[200], 'lang_social_username' => $LANG04[201]));
    $follow_me = SOC_followMeProfile($uid);
    if (is_array($follow_me) && count($follow_me) > 0) {
        $userform->set_block('user', 'social_links', 'sl');
        $userform->set_var('social_followme_enabled', true);
        foreach ($follow_me as $service) {
            $userform->set_var('service_display_name', $service['service_display_name']);
            $userform->set_var('service', $service['service']);
            $userform->set_var('service_username', $service['service_username']);
            $userform->parse('sl', 'social_links', true);
        }
    } else {
        $userform->unset_var('social_followme_enabled');
    }
    if ($_CONF['allow_user_photo'] == 1) {
        $userform->set_var('lang_userphoto', $LANG04[77]);
    }
    $userform->set_var('homepage_value', @htmlspecialchars(COM_killJS($U['homepage']), ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('location_value', @htmlspecialchars(strip_tags($U['location']), ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('signature_value', @htmlspecialchars($U['sig'], ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('about_value', @htmlspecialchars($U['about'], ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('pgpkey_value', @htmlspecialchars($U['pgpkey'], ENT_NOQUOTES, COM_getEncodingt()));
    if ($_CONF['allow_user_photo'] == 1) {
        if (!empty($uid) && $uid > 1) {
            $photo = USER_getPhoto($uid, $U['photo'], $U['email'], -1);
            if (empty($photo)) {
                $userform->set_var('display_photo', '');
            } else {
                if (empty($U['photo'])) {
                    // external avatar
                    $photo = '<br/>' . $photo;
                } else {
                    // uploaded photo - add delete option
                    $photo = '<br/>' . $photo . '<br/>' . $LANG04[79] . '&nbsp;<input type="checkbox" name="delete_photo"/>' . LB;
                }
                $userform->set_var('display_photo', $photo);
            }
        } else {
            $userform->set_var('display_photo', '');
        }
    }
    if (!empty($uid) && $uid > 1) {
        $userform->set_var('plugin_userinfo_personalinfo', PLG_profileEdit($uid, 'userinfo', 'personalinfo'));
        $userform->set_var('plugin_userinfo', PLG_profileEdit($uid, 'userinfo'));
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userEdit')) {
            $userform->set_var('customfields', CUSTOM_userEdit($uid));
        }
    }
    $retval = $userform->finish($userform->parse('output', 'user'));
    return $retval;
}
Пример #4
0
/**
* Shows the user's current settings
*
*/
function edituser()
{
    global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN, $_SCRIPTS;
    $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo,remoteservice FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}");
    $A = DB_fetchArray($result);
    $preferences = COM_newTemplate($_CONF['path_layout'] . 'preferences');
    $preferences->set_file(array('profile' => 'profile.thtml', 'photo' => 'userphoto.thtml', 'username' => 'username.thtml', 'password' => 'password.thtml', 'current_password' => 'current_password.thtml', 'resynch' => 'resynch.thtml', 'deleteaccount' => 'deleteaccount.thtml'));
    include $_CONF['path_system'] . 'classes/navbar.class.php';
    $navbar = new navbar();
    $cnt = 0;
    foreach ($LANG_MYACCOUNT as $id => $label) {
        $navbar->add_menuitem($label, 'showhideProfileEditorDiv("' . $id . '",' . $cnt . ');return false;', true);
        $cnt++;
    }
    $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
    $preferences->set_var('navbar', $navbar->generate());
    //$preferences->set_var ('no_javascript_warning', $LANG04[150]);
    $preferences->set_var('noscript', COM_getNoScript());
    $preferences->set_var('cssid1', 1);
    $preferences->set_var('cssid2', 2);
    $preferences->set_var('preview', USER_showProfile($_USER['uid'], true));
    $preferences->set_var('prefs', editpreferences());
    // Add JavaScript
    $_SCRIPTS->setJavaScriptFile('profile_editor', '/javascript/profile_editor.js');
    $js = '<!-- JS Functions which will execute only if JS enabled will un-hide the special features that enhance the profile editor -->
    <script type="text/JavaScript">
    //<![CDATA[
        /* Initially the navbar is hidden - in case JS is disabled. Enable it now */
        document.getElementById("pe_navbar").style.display="";

        /* Now cycle through the profile tabs as the number in the template could have been modified (personalized)
           If you add custom panels, just ensure you use the class jsenabled_hide or jsenabled_show
           Build an object that can then be referenced in the functon showhideProfileEditorDiv
        */

        var profilepanels = new Object;
        var el;
        el=document.getElementsByTagName("div");
        for(i=0;i<el.length;i++) {
            var divname = el[i].id
            if(el[i].className == "jsenabled_show"){
                el[i].style.display = "";
                profilepanels[divname] = "show";
            } else if(el[i].className == "jsenabled_hide"){
                el[i].style.display = "none";
                profilepanels[divname] = "hidden";
            }
        }
    //]]>
    </script>';
    $_SCRIPTS->setJavaScript($js);
    // some trickery to ensure alternating colors with the available options ...
    if ($_CONF['allow_username_change'] == 1) {
        $first = 1;
        $second = 2;
    } else {
        $first = 2;
        $second = 1;
    }
    $preferences->set_var('cssid1u', $first);
    $preferences->set_var('cssid2u', $second);
    if ($_CONF['allow_user_photo'] == 1) {
        $tmp = $first;
        $first = $second;
        $second = $tmp;
    }
    $preferences->set_var('cssid1p', $first);
    $preferences->set_var('cssid2p', $second);
    $preferences->set_var('lang_fullname', $LANG04[3]);
    $preferences->set_var('lang_fullname_text', $LANG04[34]);
    $preferences->set_var('lang_username', $LANG04[2]);
    $preferences->set_var('lang_username_text', $LANG04[87]);
    $preferences->set_var('lang_password_help_title', $LANG04[146]);
    $preferences->set_var('lang_password_help', $LANG04[147]);
    $preferences->set_var('lang_password', $LANG04[4]);
    $preferences->set_var('lang_password_text', $LANG04[35]);
    $preferences->set_var('lang_password_conf', $LANG04[108]);
    $preferences->set_var('lang_password_text_conf', $LANG04[109]);
    $preferences->set_var('lang_old_password', $LANG04[110]);
    $preferences->set_var('lang_old_password_text', $LANG04[111]);
    $preferences->set_var('lang_cooktime', $LANG04[68]);
    $preferences->set_var('lang_cooktime_text', $LANG04[69]);
    $preferences->set_var('lang_email', $LANG04[5]);
    $preferences->set_var('lang_email_text', $LANG04[33]);
    $preferences->set_var('lang_email_conf', $LANG04[124]);
    $preferences->set_var('lang_email_conf_text', $LANG04[126]);
    $preferences->set_var('lang_userinfo_help_title', $LANG04[148]);
    $preferences->set_var('lang_userinfo_help', $LANG04[149]);
    $preferences->set_var('lang_homepage', $LANG04[6]);
    $preferences->set_var('lang_homepage_text', $LANG04[36]);
    $preferences->set_var('lang_location', $LANG04[106]);
    $preferences->set_var('lang_location_text', $LANG04[107]);
    $preferences->set_var('lang_signature', $LANG04[32]);
    $preferences->set_var('lang_signature_text', $LANG04[37]);
    $preferences->set_var('lang_userphoto', $LANG04[77]);
    $preferences->set_var('lang_userphoto_text', $LANG04[78]);
    $preferences->set_var('lang_about', $LANG04[7]);
    $preferences->set_var('lang_about_text', $LANG04[38]);
    $preferences->set_var('lang_pgpkey', $LANG04[8]);
    $preferences->set_var('lang_pgpkey_text', $LANG04[39]);
    $preferences->set_var('lang_submit', $LANG04[9]);
    $preferences->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $preferences->set_var('lang_preview_title', $LANG04[145]);
    $preferences->set_var('lang_enter_current_password', $LANG04[127]);
    $preferences->set_var('lang_name_legend', $LANG04[128]);
    $preferences->set_var('lang_password_email_legend', $LANG04[129]);
    $preferences->set_var('lang_personal_info_legend', $LANG04[130]);
    $preferences->set_var('lang_resynch', $LANG04[166]);
    $display_name = COM_getDisplayName($_USER['uid']);
    //$preferences->set_var ('start_block_profile',
    //        COM_startBlock ($LANG04[1] . ' ' . $display_name));
    //$preferences->set_var ('end_block', COM_endBlock ());
    $preferences->set_var('profile_headline', $LANG04[1] . ' ' . $display_name);
    if ($_CONF['allow_user_photo'] == 1) {
        $preferences->set_var('enctype', 'enctype="multipart/form-data"');
    } else {
        $preferences->set_var('enctype', '');
    }
    $preferences->set_var('fullname_value', htmlspecialchars($A['fullname']));
    $preferences->set_var('new_username_value', htmlspecialchars($_USER['username']));
    if ($A['remoteservice'] == '') {
        $preferences->set_var('password_value', '');
        $preferences->parse('password_option', 'password', true);
        $preferences->parse('current_password_option', 'current_password', true);
        $preferences->set_var('resynch_option', '');
    } else {
        $preferences->set_var('password_option', '');
        $preferences->set_var('current_password_option', '');
        if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
            // OAuth only supports re-synch at the moment
            $preferences->set_var('resynch_checked', '');
            $preferences->parse('resynch_option', 'resynch', true);
        } else {
            $preferences->set_var('resynch_option', '');
        }
    }
    if ($_CONF['allow_username_change'] == 1) {
        $preferences->parse('username_option', 'username', true);
    } else {
        $preferences->set_var('username_option', '');
    }
    $selection = '<select id="cooktime" name="cooktime">' . LB;
    $selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $A['cookietimeout'], 0);
    $selection .= '</select>';
    $preferences->set_var('cooktime_selector', $selection);
    $preferences->set_var('email_value', htmlspecialchars($A['email']));
    $preferences->set_var('homepage_value', htmlspecialchars(COM_killJS($A['homepage'])));
    $preferences->set_var('location_value', htmlspecialchars(strip_tags($A['location'])));
    $preferences->set_var('signature_value', htmlspecialchars($A['sig']));
    if ($_CONF['allow_user_photo'] == 1) {
        $photo = USER_getPhoto($_USER['uid'], $A['photo'], $A['email'], -1);
        if (empty($photo)) {
            $preferences->set_var('display_photo', '');
        } else {
            if (empty($A['photo'])) {
                // external avatar
                $photo = '<br' . XHTML . '>' . $photo;
            } else {
                // uploaded photo - add delete option
                $photo = '<br' . XHTML . '>' . $photo . '<br' . XHTML . '>' . $LANG04[79] . '&nbsp;<input type="checkbox" name="delete_photo"' . XHTML . '>' . LB;
            }
            $preferences->set_var('display_photo', $photo);
        }
        if (empty($_CONF['image_lib'])) {
            $scaling = $LANG04[162];
        } else {
            $scaling = $LANG04[161];
        }
        $preferences->set_var('photo_max_dimensions', sprintf($LANG04[160], $_CONF['max_photo_width'], $_CONF['max_photo_height'], $_CONF['max_photo_size'], $scaling));
        $preferences->parse('userphoto_option', 'photo', true);
    } else {
        $preferences->set_var('userphoto_option', '');
    }
    $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}");
    $A = DB_fetchArray($result);
    $reqid = substr(md5(uniqid(rand(), 1)), 1, 16);
    DB_change($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']);
    $preferences->set_var('about_value', htmlspecialchars($A['about']));
    $preferences->set_var('pgpkey_value', htmlspecialchars($A['pgpkey']));
    $preferences->set_var('uid_value', $reqid);
    $preferences->set_var('username_value', htmlspecialchars($_USER['username']));
    if ($_CONF['allow_account_delete'] == 1) {
        $preferences->set_var('lang_deleteaccount', $LANG04[156]);
        $preferences->set_var('delete_text', $LANG04[95]);
        $preferences->set_var('lang_button_delete', $LANG04[96]);
        $preferences->set_var('delete_mode', 'confirmdelete');
        $preferences->set_var('account_id', $reqid);
        if (isset($LANG04[157])) {
            $preferences->set_var('lang_deleteoption', $LANG04[157]);
        } else {
            $preferences->set_var('lang_deleteoption', $LANG04[156]);
        }
        $preferences->parse('delete_account_option', 'deleteaccount', false);
    } else {
        $preferences->set_var('delete_account_option', '');
    }
    // Call custom account form and edit function if enabled and exists
    if ($_CONF['custom_registration'] and function_exists('CUSTOM_userEdit')) {
        $preferences->set_var('customfields', CUSTOM_userEdit($_USER['uid']));
    }
    PLG_profileVariablesEdit($_USER['uid'], $preferences);
    $retval = $preferences->finish($preferences->parse('output', 'profile'));
    $retval .= PLG_profileBlocksEdit($_USER['uid']);
    return $retval;
}
Пример #5
0
/**
* Shows the user's current settings
*
*/
function edituser()
{
    global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN;
    $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo,remoteservice,account_type FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid=" . (int) $_USER['uid']);
    $A = DB_fetchArray($result);
    $preferences = new Template($_CONF['path_layout'] . 'preferences');
    $preferences->set_file(array('profile' => 'profile.thtml', 'photo' => 'userphoto.thtml', 'username' => 'username.thtml', 'current_password' => 'current_password.thtml', 'password' => 'password.thtml', 'resynch' => 'resynch.thtml', 'deleteaccount' => 'deleteaccount.thtml'));
    include $_CONF['path_system'] . 'classes/navbar.class.php';
    $navbar = new navbar();
    $cnt = 0;
    if (is_array($LANG_MYACCOUNT)) {
        foreach ($LANG_MYACCOUNT as $id => $label) {
            if ($id == 'pe_content' && $_CONF['hide_exclude_content'] == 1 && $_CONF['emailstories'] == 0) {
                continue;
            } else {
                $navbar->add_menuitem($label, 'showhideProfileEditorDiv("' . $id . '",' . $cnt . ');return false;', true);
                $cnt++;
            }
        }
        $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
    }
    $preferences->set_var('navbar', $navbar->generate());
    $preferences->set_var('no_javascript_warning', $LANG04[150]);
    $preferences->set_var('cssid1', 1);
    $preferences->set_var('cssid2', 2);
    $preferences->set_var('preview', userprofile($_USER['uid']));
    $preferences->set_var('prefs', editpreferences());
    // some trickery to ensure alternating colors with the available options ...
    if ($_CONF['allow_username_change'] == 1) {
        $first = 1;
        $second = 2;
    } else {
        $first = 2;
        $second = 1;
    }
    $preferences->set_var('cssid1u', $first);
    $preferences->set_var('cssid2u', $second);
    if ($_CONF['allow_user_photo'] == 1) {
        $tmp = $first;
        $first = $second;
        $second = $tmp;
    }
    $preferences->set_var('cssid1p', $first);
    $preferences->set_var('cssid2p', $second);
    $preferences->set_var('lang_fullname', $LANG04[3]);
    $preferences->set_var('lang_fullname_text', $LANG04[34]);
    $preferences->set_var('lang_username', $LANG04[2]);
    $preferences->set_var('lang_username_text', $LANG04[87]);
    $preferences->set_var('lang_password_help_title', $LANG04[146]);
    $preferences->set_var('lang_password_help', $LANG04[147]);
    $preferences->set_var('lang_password', $LANG04[4]);
    $preferences->set_var('lang_password_text', $LANG04[35]);
    $preferences->set_var('lang_password_conf', $LANG04[108]);
    $preferences->set_var('lang_password_text_conf', $LANG04[109]);
    $preferences->set_var('lang_old_password', $LANG04[110]);
    $preferences->set_var('lang_old_password_text', $LANG04[111]);
    $preferences->set_var('lang_cooktime', $LANG04[68]);
    $preferences->set_var('lang_cooktime_text', $LANG04[69]);
    $preferences->set_var('lang_email', $LANG04[5]);
    $preferences->set_var('lang_email_text', $LANG04[33]);
    $preferences->set_var('lang_email_conf', $LANG04[124]);
    $preferences->set_var('lang_email_conf_text', $LANG04[126]);
    $preferences->set_var('lang_userinfo_help_title', $LANG04[148]);
    $preferences->set_var('lang_userinfo_help', $LANG04[149]);
    $preferences->set_var('lang_homepage', $LANG04[6]);
    $preferences->set_var('lang_homepage_text', $LANG04[36]);
    $preferences->set_var('lang_location', $LANG04[106]);
    $preferences->set_var('lang_location_text', $LANG04[107]);
    $preferences->set_var('lang_signature', $LANG04[32]);
    $preferences->set_var('lang_signature_text', $LANG04[37]);
    $preferences->set_var('lang_userphoto', $LANG04[77]);
    $preferences->set_var('lang_userphoto_text', $LANG04[78]);
    $preferences->set_var('lang_about', $LANG04[7]);
    $preferences->set_var('lang_about_text', $LANG04[38]);
    $preferences->set_var('lang_pgpkey', $LANG04[8]);
    $preferences->set_var('lang_pgpkey_text', $LANG04[39]);
    $preferences->set_var('lang_submit', $LANG04[9]);
    $preferences->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $preferences->set_var('lang_preview_title', $LANG04[145]);
    $preferences->set_var('lang_enter_current_password', $LANG04[127]);
    $preferences->set_var('lang_name_legend', $LANG04[128]);
    $preferences->set_var('lang_password_email_legend', $LANG04[129]);
    $preferences->set_var('lang_personal_info_legend', $LANG04[130]);
    $preferences->set_var('lang_resynch', $LANG04[178]);
    $display_name = COM_getDisplayName($_USER['uid']);
    $preferences->set_var('profile_headline', $LANG04[1] . ' ' . $display_name);
    if ($_CONF['allow_user_photo'] == 1) {
        $preferences->set_var('enctype', 'enctype="multipart/form-data"');
    } else {
        $preferences->set_var('enctype', '');
    }
    $preferences->set_var('fullname_value', htmlspecialchars($A['fullname']));
    $preferences->set_var('new_username_value', htmlspecialchars($_USER['username']));
    if ($A['account_type'] & LOCAL_USER) {
        //    if ($A['remoteservice'] == '') {
        $preferences->set_var('password_value', '');
        $preferences->parse('current_password_option', 'current_password', true);
        $preferences->parse('password_option', 'password', true);
        $preferences->set_var('resynch_option', '');
    } else {
        $preferences->set_var('current_password_option', '');
        $preferences->set_var('password_option', '');
    }
    if ($A['account_type'] & REMOTE_USER) {
        if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
            // OAuth only supports re-synch at the moment
            $preferences->set_var('resynch_checked', '');
            $sql = "SELECT * FROM {$_TABLES['users']} WHERE email='" . DB_escapeString($A['email']) . "' AND account_type = " . LOCAL_USER;
            $mergeResult = DB_query($sql);
            if (DB_numRows($mergeResult) == 1) {
                $localAccountData = DB_fetchArray($mergeResult);
                $preferences->set_var('merge_account', true);
                $preferences->set_var('localuid', $localAccountData['uid']);
                $preferences->set_var('local_username', $localAccountData['username']);
                $preferences->set_var('remoteuid', $_USER['uid']);
            }
            $preferences->parse('resynch_option', 'resynch', true);
        } else {
            $preferences->set_var('resynch_option', '');
        }
    }
    $preferences->set_var('plugin_namepass_name', PLG_profileEdit($_USER['uid'], 'namepass', 'name'));
    if ($_CONF['allow_username_change'] == 1) {
        $preferences->parse('username_option', 'username', true);
    } else {
        $preferences->set_var('username_option', '');
    }
    $selection = '<select id="cooktime" name="cooktime">' . LB;
    $selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $A['cookietimeout'], 0);
    $selection .= '</select>';
    $preferences->set_var('cooktime_selector', $selection);
    $preferences->set_var('email_value', htmlspecialchars($A['email']));
    $preferences->set_var('homepage_value', htmlspecialchars(COM_killJS($A['homepage'])));
    $preferences->set_var('location_value', htmlspecialchars(strip_tags($A['location'])));
    $preferences->set_var('signature_value', htmlspecialchars($A['sig']));
    if ($_CONF['allow_user_photo'] == 1) {
        $photo = USER_getPhoto($_USER['uid'], $A['photo'], $A['email'], -1);
        if (empty($photo)) {
            $preferences->set_var('display_photo', '');
        } else {
            if (empty($A['photo'])) {
                // external avatar
                $photo = '<br />' . $photo;
            } else {
                // uploaded photo - add delete option
                $photo = '<br />' . $photo . '<br />' . $LANG04[79] . '&nbsp;<input type="checkbox" name="delete_photo" />' . LB;
            }
            $preferences->set_var('display_photo', $photo);
        }
        $preferences->parse('userphoto_option', 'photo', true);
    } else {
        $preferences->set_var('userphoto_option', '');
    }
    $preferences->set_var('plugin_namepass_pwdemail', PLG_profileEdit($_USER['uid'], 'namepass', 'pwdemail'));
    $preferences->set_var('plugin_namepass', PLG_profileEdit($_USER['uid'], 'namepass'));
    $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid=" . (int) $_USER['uid']);
    $A = DB_fetchArray($result);
    $reqid = substr(md5(uniqid(rand(), 1)), 1, 16);
    DB_change($_TABLES['users'], 'pwrequestid', DB_escapeString($reqid), 'uid', (int) $_USER['uid']);
    $preferences->set_var('about_value', htmlspecialchars($A['about']));
    $preferences->set_var('pgpkey_value', htmlspecialchars($A['pgpkey']));
    $preferences->set_var('uid_value', $reqid);
    $preferences->set_var('username_value', htmlspecialchars($_USER['username']));
    if ($_CONF['allow_account_delete'] == 1) {
        $preferences->set_var('lang_deleteaccount', $LANG04[156]);
        $preferences->set_var('delete_text', $LANG04[95]);
        $preferences->set_var('lang_button_delete', $LANG04[96]);
        $preferences->set_var('delete_mode', 'confirmdelete');
        $preferences->set_var('account_id', $reqid);
        if (isset($LANG04[157])) {
            $preferences->set_var('lang_deleteoption', $LANG04[157]);
        } else {
            $preferences->set_var('lang_deleteoption', $LANG04[156]);
        }
        $preferences->parse('delete_account_option', 'deleteaccount', false);
    } else {
        $preferences->set_var('delete_account_option', '');
    }
    // Call custom account form and edit function if enabled and exists
    if ($_CONF['custom_registration'] and function_exists('CUSTOM_userEdit')) {
        $preferences->set_var('customfields', CUSTOM_userEdit($_USER['uid']));
    }
    $preferences->set_var('plugin_userinfo_personalinfo', PLG_profileEdit($_USER['uid'], 'userinfo', 'personalinfo'));
    $preferences->set_var('plugin_userinfo', PLG_profileEdit($_USER['uid'], 'userinfo'));
    $preferences->set_var('plugin_panel', PLG_profileEdit($_USER['uid']));
    PLG_profileVariablesEdit($_USER['uid'], $preferences);
    $retval = $preferences->finish($preferences->parse('output', 'profile'));
    $retval .= PLG_profileBlocksEdit($_USER['uid']);
    return $retval;
}