function saveProfileChanges(&$profile_vars, &$post_errors, $memID)
{
global $db_prefix, $user_info, $txt, $modSettings, $user_profile;
global $newpassemail, $validationCode, $context, $settings, $sourcedir;
global $func;
// These make life easier....
$old_profile =& $user_profile[$memID];
// Permissions...
if ($context['user']['is_owner']) {
$changeIdentity = allowedTo(array('profile_identity_any', 'profile_identity_own'));
$changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
} else {
$changeIdentity = allowedTo('profile_identity_any');
$changeOther = allowedTo('profile_extra_any');
}
// Arrays of all the changes - makes things easier.
$profile_bools = array('notifyAnnouncements', 'notifyOnce', 'notifySendBody');
$profile_ints = array('pm_email_notify', 'notifyTypes', 'ICQ', 'gender', 'ID_THEME');
$profile_floats = array('timeOffset');
$profile_strings = array('websiteUrl', 'websiteTitle', 'AIM', 'YIM', 'location', 'birthdate', 'timeFormat', 'buddy_list', 'pm_ignore_list', 'smileySet', 'signature', 'personalText', 'avatar');
// Fix the spaces in messenger screennames...
$fix_spaces = array('MSN', 'AIM', 'YIM');
foreach ($fix_spaces as $var) {
// !!! Why?
if (isset($_POST[$var])) {
$_POST[$var] = strtr($_POST[$var], ' ', '+');
}
}
// Make sure the MSN one is an email address, not something like 'none' :P.
if (isset($_POST['MSN']) && ($_POST['MSN'] == '' || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['MSN']) != 0)) {
$profile_strings[] = 'MSN';
}
// Validate the title...
if (!empty($modSettings['titlesEnable']) && (allowedTo('profile_title_any') || allowedTo('profile_title_own') && $context['user']['is_owner'])) {
$profile_strings[] = 'usertitle';
}
// Validate the timeOffset...
if (isset($_POST['timeOffset'])) {
$_POST['timeOffset'] = strtr($_POST['timeOffset'], ',', '.');
if ($_POST['timeOffset'] < -23.5 || $_POST['timeOffset'] > 23.5) {
$post_errors[] = 'bad_offset';
}
}
// Fix the URL...
if (isset($_POST['websiteUrl'])) {
if (strlen(trim($_POST['websiteUrl'])) > 0 && strpos($_POST['websiteUrl'], '://') === false) {
$_POST['websiteUrl'] = 'http://' . $_POST['websiteUrl'];
}
if (strlen($_POST['websiteUrl']) < 8) {
$_POST['websiteUrl'] = '';
}
}
// !!! Should we check for this year and tell them they made a mistake :P? (based on coppa at least?)
if (isset($_POST['birthdate'])) {
if (preg_match('/(\\d{4})[\\-\\., ](\\d{2})[\\-\\., ](\\d{2})/', $_POST['birthdate'], $dates) === 1) {
$_POST['birthdate'] = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf('%04d-%02d-%02d', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : '0001-01-01';
} else {
unset($_POST['birthdate']);
}
} elseif (isset($_POST['bday1'], $_POST['bday2'], $_POST['bday3']) && $_POST['bday1'] > 0 && $_POST['bday2'] > 0) {
$_POST['birthdate'] = checkdate($_POST['bday1'], $_POST['bday2'], $_POST['bday3'] < 4 ? 4 : $_POST['bday3']) ? sprintf('%04d-%02d-%02d', $_POST['bday3'] < 4 ? 4 : $_POST['bday3'], $_POST['bday1'], $_POST['bday2']) : '0001-01-01';
} elseif (isset($_POST['bday1']) || isset($_POST['bday2']) || isset($_POST['bday3'])) {
$_POST['birthdate'] = '0001-01-01';
}
if (isset($_POST['im_email_notify'])) {
$_POST['pm_email_notify'] = $_POST['im_email_notify'];
}
// Validate and set the ignorelist...
if (isset($_POST['pm_ignore_list']) || isset($_POST['im_ignore_list'])) {
if (!isset($_POST['pm_ignore_list'])) {
$_POST['pm_ignore_list'] = $_POST['im_ignore_list'];
}
$_POST['pm_ignore_list'] = strtr($func['htmltrim']($_POST['pm_ignore_list']), array('\\\'' => ''', "\n" => "', '", "\r" => '', '"' => ''));
if (preg_match('~(\\A|,)\\*(\\Z|,)~s', $_POST['pm_ignore_list']) == 0) {
$result = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE memberName IN ('{$_POST['pm_ignore_list']}') OR realName IN ('{$_POST['pm_ignore_list']}')\n\t\t\t\tLIMIT " . (substr_count($_POST['pm_ignore_list'], '\', \'') + 1), __FILE__, __LINE__);
$_POST['pm_ignore_list'] = '';
while ($row = mysql_fetch_assoc($result)) {
$_POST['pm_ignore_list'] .= $row['ID_MEMBER'] . ',';
}
mysql_free_result($result);
// !!! Did we find all the members?
$_POST['pm_ignore_list'] = substr($_POST['pm_ignore_list'], 0, -1);
} else {
$_POST['pm_ignore_list'] = '*';
}
}
// Similarly, do the same for the buddy list
if (isset($_POST['buddy_list'])) {
$_POST['buddy_list'] = strtr(trim($_POST['buddy_list']), array('\\\'' => ''', "\n" => "', '", "\r" => '', '"' => ''));
if (trim($_POST['buddy_list']) != '') {
$result = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE memberName IN ('{$_POST['buddy_list']}') OR realName IN ('{$_POST['buddy_list']}')\n\t\t\t\tLIMIT " . (substr_count($_POST['buddy_list'], '\', \'') + 1), __FILE__, __LINE__);
$_POST['buddy_list'] = '';
while ($row = mysql_fetch_assoc($result)) {
$_POST['buddy_list'] .= $row['ID_MEMBER'] . ',';
}
mysql_free_result($result);
// !!! Did we find all the members?
$_POST['buddy_list'] = substr($_POST['buddy_list'], 0, -1);
}
}
// Validate the smiley set.
if (isset($_POST['smileySet'])) {
$smiley_sets = explode(',', $modSettings['smiley_sets_known']);
if (!in_array($_POST['smileySet'], $smiley_sets) && $_POST['smileySet'] != 'none') {
$_POST['smileySet'] = '';
}
}
// Make sure the signature isn't too long.
if (isset($_POST['signature'])) {
require_once $sourcedir . '/Subs-Post.php';
if (!empty($modSettings['max_signatureLength']) && $func['strlen']($_POST['signature']) > $modSettings['max_signatureLength']) {
$_POST['signature'] = addslashes($func['substr'](stripslashes($_POST['signature']), 0, $modSettings['max_signatureLength']));
}
if (strlen($_POST['signature']) > 65534) {
$_POST['signature'] = addslashes($func['truncate'](stripslashes($_POST['signature']), 65534));
}
$_POST['signature'] = strtr($_POST['signature'], array('"' => '\\"', ''' => '\\'', ''' => '\\''));
preparsecode($_POST['signature']);
}
// Identity-only changes...
if ($changeIdentity) {
// This block is only concerned with display name validation.
if (isset($_POST['realName']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum')) && trim($_POST['realName']) != $old_profile['realName']) {
$_POST['realName'] = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['realName']));
if (trim($_POST['realName']) == '') {
$post_errors[] = 'no_name';
} elseif ($func['strlen']($_POST['realName']) > 60) {
$post_errors[] = 'name_too_long';
} else {
require_once $sourcedir . '/Subs-Members.php';
if (isReservedName($_POST['realName'], $memID)) {
$post_errors[] = 'name_taken';
}
}
if (isset($_POST['realName'])) {
$profile_vars['realName'] = '\'' . $_POST['realName'] . '\'';
}
}
// Change the registration date.
if (!empty($_POST['dateRegistered']) && allowedTo('admin_forum')) {
// Bad date! Go try again - please?
if (($_POST['dateRegistered'] = strtotime($_POST['dateRegistered'])) === -1) {
fatal_error($txt['smf233'] . ' ' . strftime('%d %b %Y ' . (strpos($user_info['time_format'], '%H') !== false ? '%I:%M:%S %p' : '%H:%M:%S'), forum_time(false)), false);
} elseif ($_POST['dateRegistered'] != $txt[470] && $_POST['dateRegistered'] != strtotime(strftime('%Y-%m-%d', $user_profile[$memID]['dateRegistered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600))) {
$profile_vars['dateRegistered'] = $_POST['dateRegistered'] - ($user_info['time_offset'] + $modSettings['time_offset']) * 3600;
}
}
// Change the number of posts.
if (isset($_POST['posts']) && allowedTo('moderate_forum')) {
$profile_vars['posts'] = $_POST['posts'] != '' ? (int) strtr($_POST['posts'], array(',' => '', '.' => '', ' ' => '')) : '\'\'';
}
// This block is only concerned with email address validation..
if (isset($_POST['emailAddress']) && strtolower($_POST['emailAddress']) != strtolower($old_profile['emailAddress'])) {
$_POST['emailAddress'] = strtr($_POST['emailAddress'], array(''' => '\\\''));
// Prepare the new password, or check if they want to change their own.
if (!empty($modSettings['send_validation_onChange']) && !allowedTo('moderate_forum')) {
require_once $sourcedir . '/Subs-Members.php';
$validationCode = generateValidationCode();
$profile_vars['validation_code'] = '\'' . $validationCode . '\'';
$profile_vars['is_activated'] = '2';
$newpassemail = true;
}
// Check the name and email for validity.
if (trim($_POST['emailAddress']) == '') {
$post_errors[] = 'no_email';
}
if (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', stripslashes($_POST['emailAddress'])) == 0) {
$post_errors[] = 'bad_email';
}
// Email addresses should be and stay unique.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE ID_MEMBER != {$memID}\n\t\t\t\t\tAND emailAddress = '{$_POST['emailAddress']}'\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
if (mysql_num_rows($request) > 0) {
$post_errors[] = 'email_taken';
}
mysql_free_result($request);
$profile_vars['emailAddress'] = '\'' . $_POST['emailAddress'] . '\'';
}
// Hide email address?
if (isset($_POST['hideEmail']) && (!empty($modSettings['allow_hideEmail']) || allowedTo('moderate_forum'))) {
$profile_vars['hideEmail'] = empty($_POST['hideEmail']) ? '0' : '1';
}
// Are they allowed to change their hide status?
if (isset($_POST['showOnline']) && (!empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum'))) {
$profile_vars['showOnline'] = empty($_POST['showOnline']) ? '0' : '1';
}
// If they're trying to change the password, let's check they pick a sensible one.
if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '') {
// Do the two entries for the password even match?
if ($_POST['passwrd1'] != $_POST['passwrd2']) {
$post_errors[] = 'bad_new_password';
}
// Let's get the validation function into play...
require_once $sourcedir . '/Subs-Auth.php';
$passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email']));
// Were there errors?
if ($passwordErrors != null) {
$post_errors[] = 'password_' . $passwordErrors;
}
// Set up the new password variable... ready for storage.
$profile_vars['passwd'] = '\'' . sha1(strtolower($old_profile['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\'';
}
if (isset($_POST['secretQuestion'])) {
$profile_vars['secretQuestion'] = '\'' . $_POST['secretQuestion'] . '\'';
}
// Do you have a *secret* password?
if (isset($_POST['secretAnswer']) && $_POST['secretAnswer'] != '') {
$profile_vars['secretAnswer'] = '\'' . md5($_POST['secretAnswer']) . '\'';
}
}
// Things they can do if they are a forum moderator.
if (allowedTo('moderate_forum')) {
if (($_REQUEST['sa'] == 'activateAccount' || !empty($_POST['is_activated'])) && isset($old_profile['is_activated']) && $old_profile['is_activated'] != 1) {
// If we are approving the deletion of an account, we do something special ;)
if ($old_profile['is_activated'] == 4) {
require_once $sourcedir . '/Subs-Members.php';
deleteMembers($memID);
redirectexit();
}
if (isset($modSettings['integrate_activate']) && function_exists($modSettings['integrate_activate'])) {
call_user_func($modSettings['integrate_activate'], $old_profile['memberName']);
}
// Actually update this member now, as it guarantees the unapproved count can't get corrupted.
updateMemberData($memID, array('is_activated' => $old_profile['is_activated'] >= 10 ? '11' : '1', 'validation_code' => '\'\''));
// If we are doing approval, update the stats for the member just incase.
if (in_array($old_profile['is_activated'], array(3, 4, 13, 14))) {
updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0));
}
// Make sure we update the stats too.
updateStats('member', false);
}
if (isset($_POST['karmaGood'])) {
$profile_vars['karmaGood'] = $_POST['karmaGood'] != '' ? (int) $_POST['karmaGood'] : '\'\'';
}
if (isset($_POST['karmaBad'])) {
$profile_vars['karmaBad'] = $_POST['karmaBad'] != '' ? (int) $_POST['karmaBad'] : '\'\'';
}
}
// Assigning membergroups (you need admin_forum permissions to change an admins' membergroups).
if (allowedTo('manage_membergroups')) {
// The account page allows the change of your ID_GROUP - but not to admin!.
if (isset($_POST['ID_GROUP']) && (allowedTo('admin_forum') || (int) $_POST['ID_GROUP'] != 1 && $old_profile['ID_GROUP'] != 1)) {
$profile_vars['ID_GROUP'] = (int) $_POST['ID_GROUP'];
}
// Find the additional membergroups (if any)
if (isset($_POST['additionalGroups']) && is_array($_POST['additionalGroups'])) {
foreach ($_POST['additionalGroups'] as $i => $group_id) {
if ((int) $group_id == 0 || !allowedTo('admin_forum') && (int) $group_id == 1) {
unset($_POST['additionalGroups'][$i], $_POST['additionalGroups'][$i]);
} else {
$_POST['additionalGroups'][$i] = (int) $group_id;
}
}
// Put admin back in there if you don't have permission to take it away.
if (!allowedTo('admin_forum') && in_array(1, explode(',', $old_profile['additionalGroups']))) {
$_POST['additionalGroups'][] = 1;
}
$profile_vars['additionalGroups'] = '\'' . implode(',', $_POST['additionalGroups']) . '\'';
}
// Too often, people remove delete their own account, or something.
if (in_array(1, explode(',', $old_profile['additionalGroups'])) || $old_profile['ID_GROUP'] == 1) {
$stillAdmin = !isset($profile_vars['ID_GROUP']) || $profile_vars['ID_GROUP'] == 1 || isset($_POST['additionalGroups']) && in_array(1, $_POST['additionalGroups']);
// If they would no longer be an admin, look for any other...
if (!$stillAdmin) {
$request = db_query("\n\t\t\t\t\tSELECT ID_MEMBER\n\t\t\t\t\tFROM {$db_prefix}members\n\t\t\t\t\tWHERE (ID_GROUP = 1 OR FIND_IN_SET(1, additionalGroups))\n\t\t\t\t\t\tAND ID_MEMBER != {$memID}\n\t\t\t\t\tLIMIT 1", __FILE__, __LINE__);
list($another) = mysql_fetch_row($request);
mysql_free_result($request);
if (empty($another)) {
fatal_lang_error('at_least_one_admin');
}
}
}
}
// Validate the language file...
if (($changeIdentity || $changeOther) && isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
$language_directories = array($settings['default_theme_dir'] . '/languages', $settings['actual_theme_dir'] . '/languages');
if (!empty($settings['base_theme_dir'])) {
$language_directories[] = $settings['base_theme_dir'] . '/languages';
}
$language_directories = array_unique($language_directories);
foreach ($language_directories as $language_dir) {
if (!file_exists($language_dir)) {
continue;
}
$dir = dir($language_dir);
while ($entry = $dir->read()) {
if (preg_match('~^index\\.(.+)\\.php$~', $entry, $matches) && $matches[1] == $_POST['lngfile']) {
$profile_vars['lngfile'] = "'{$_POST['lngfile']}'";
// If they are the owner, make this persist even after they log out.
if ($context['user']['is_owner']) {
$_SESSION['language'] = $_POST['lngfile'];
}
}
}
$dir->close();
}
}
// Here's where we sort out all the 'other' values...
if ($changeOther) {
makeThemeChanges($memID, isset($_POST['ID_THEME']) ? (int) $_POST['ID_THEME'] : $old_profile['ID_THEME']);
makeAvatarChanges($memID, $post_errors);
makeNotificationChanges($memID);
foreach ($profile_bools as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = empty($_POST[$var]) ? '0' : '1';
}
}
foreach ($profile_ints as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = $_POST[$var] != '' ? (int) $_POST[$var] : '\'\'';
}
}
foreach ($profile_floats as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = (double) $_POST[$var];
}
}
foreach ($profile_strings as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = '\'' . $_POST[$var] . '\'';
}
}
}
if (isset($profile_vars['ICQ']) && $profile_vars['ICQ'] == '0') {
$profile_vars['ICQ'] = '\'\'';
}
}
function saveProfileChanges(&$profile_vars, &$post_errors, $memID)
{
global $user_info, $txt, $modSettings, $user_profile;
global $context, $settings, $sourcedir;
global $smcFunc;
// These make life easier....
$old_profile =& $user_profile[$memID];
// Permissions...
if ($context['user']['is_owner']) {
$changeIdentity = allowedTo(array('profile_identity_any', 'profile_identity_own'));
$changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
} else {
$changeIdentity = allowedTo('profile_identity_any');
$changeOther = allowedTo('profile_extra_any');
}
// Arrays of all the changes - makes things easier.
$profile_bools = array('notify_announcements', 'notify_send_body');
$profile_ints = array('notify_regularity', 'notify_types');
$profile_floats = array();
$profile_strings = array('buddy_list', 'ignore_boards');
if (isset($_POST['sa']) && $_POST['sa'] == 'ignoreboards' && empty($_POST['ignore_brd'])) {
$_POST['ignore_brd'] = array();
}
unset($_POST['ignore_boards']);
// Whatever it is set to is a dirty fithy thing. Kinda like our minds.
if (isset($_POST['ignore_brd'])) {
if (!is_array($_POST['ignore_brd'])) {
$_POST['ignore_brd'] = array($_POST['ignore_brd']);
}
foreach ($_POST['ignore_brd'] as $k => $d) {
$d = (int) $d;
if ($d != 0) {
$_POST['ignore_brd'][$k] = $d;
} else {
unset($_POST['ignore_brd'][$k]);
}
}
$_POST['ignore_boards'] = implode(',', $_POST['ignore_brd']);
unset($_POST['ignore_brd']);
}
// Here's where we sort out all the 'other' values...
if ($changeOther) {
makeThemeChanges($memID, isset($_POST['id_theme']) ? (int) $_POST['id_theme'] : $old_profile['id_theme']);
//makeAvatarChanges($memID, $post_errors);
makeNotificationChanges($memID);
if (!empty($_REQUEST['sa'])) {
makeCustomFieldChanges($memID, $_REQUEST['sa'], false);
}
foreach ($profile_bools as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = empty($_POST[$var]) ? '0' : '1';
}
}
foreach ($profile_ints as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = $_POST[$var] != '' ? (int) $_POST[$var] : '';
}
}
foreach ($profile_floats as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = (double) $_POST[$var];
}
}
foreach ($profile_strings as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = $_POST[$var];
}
}
}
}
