function execute(&$action, &$request) { if ($request['event'] == 'register_user') { /* Create the ancestors bar (if we run into any trouble */ k4_bread_crumbs($request['template'], $request['dba'], 'L_REGISTER'); if (intval($request['template']->getVar('allowregistration')) == 0) { if (!USE_XMLHTTP) { no_perms_error($request); return TRUE; } else { xmlhttp_message('L_YOUNEEDPERMS'); } } if (!$request['user']->isMember()) { global $_PROFILEFIELDS, $_SETTINGS, $_URL, $_DATASTORE; /* If we are not allowed to register */ if (isset($_SETTINGS['allowregistration']) && $_SETTINGS['allowregistration'] == 0) { $action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERADMIN'), 'content', FALSE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_CANTREGISTERADMIN'); } /* Collect the custom profile fields to display */ $query_fields = ''; $query_params = ''; foreach ($_PROFILEFIELDS as $field) { if ($field['display_register'] == 1) { /* This insures that we only put in what we need to */ if (isset($_REQUEST[$field['name']])) { switch ($field['inputtype']) { default: case 'text': case 'textarea': case 'select': if ($_REQUEST[$field['name']] != '') { $query_fields .= ', ' . $field['name']; $query_params .= ", '" . $request['dba']->quote(k4_htmlentities($_REQUEST[$field['name']], ENT_QUOTES)) . "'"; } break; case 'multiselect': case 'radio': case 'check': if (is_array($_REQUEST[$field['name']]) && !empty($_REQUEST[$field['name']])) { $query_fields .= ', ' . $field['name']; $query_params .= ", '" . $request['dba']->quote(serialize($_REQUEST[$field['name']])) . "'"; } break; } } } } /** * Error checking */ /* Username checks */ if (!$this->runPostFilter('username', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME'); } if (!$this->runPostFilter('username', new FARegexFilter('~^[a-zA-Z]([a-zA-Z0-9]*[-_ ]?)*[a-zA-Z0-9]*$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME'); } if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOLONG', intval($_SETTINGS['maxuserlength'])), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETOOSHORT'); } if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength']), intval($_SETTINGS['minuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength']))); } if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETAKEN'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETAKEN'); } if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4BADUSERNAMES . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMENOTGOOD'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMENOTGOOD'); } /* Check the appropriatness of the username */ $name = $_REQUEST['username']; replace_censors($name); if ($name != $_REQUEST['username']) { $action = new K4InformationAction(new K4LanguageElement('L_INNAPROPRIATEUNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_INNAPROPRIATEUNAME'); } /* Password checks */ if (!$this->runPostFilter('password', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSWORD'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSWORD'); } if (!$this->runPostFilter('password2', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSCHECK'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSCHECK'); } if (!$this->runPostFilter('password', new FACompareFilter('password2'))) { $action = new K4InformationAction(new K4LanguageElement('L_PASSESDONTMATCH'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_PASSESDONTMATCH'); } /* Email checks */ if (!$this->runPostFilter('email', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAIL'); } if (!$this->runPostFilter('email2', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAILCHECK'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAILCHECK'); } if (!$this->runPostFilter('email', new FACompareFilter('email2'))) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILSDONTMATCH'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILSDONTMATCH'); } if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDVALIDEMAIL'); } if ($_SETTINGS['requireuniqueemail'] == 1) { if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE email = '" . $request['dba']->quote($_REQUEST['email']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILTAKEN'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILTAKEN'); } } /* Exit right here to send no content to the browser if ajax is enabled */ if (USE_XMLHTTP) { exit; } /** * Do the database inserting */ $name = k4_htmlentities(strip_tags($_REQUEST['username']), ENT_QUOTES); $reg_key = md5(uniqid(rand(), TRUE)); $insert_a = $request['dba']->prepareStatement("INSERT INTO " . K4USERS . " (name,email,pass,perms,reg_key,usergroups,created) VALUES (?,?,?,?,?,?,?)"); $insert_a->setString(1, $name); $insert_a->setString(2, $_REQUEST['email']); $insert_a->setString(3, md5($_REQUEST['password'])); $insert_a->setInt(4, PENDING_MEMBER); $insert_a->setString(5, $reg_key); $insert_a->setString(6, '|1|'); $insert_a->setInt(7, time()); $insert_a->executeUpdate(); $user_id = intval($request['dba']->getInsertId(K4USERS, 'id')); $insert_b = $request['dba']->prepareStatement("INSERT INTO " . K4USERINFO . " (user_id,timezone" . $query_fields . ") VALUES (?,?" . $query_params . ")"); $insert_b->setInt(1, $user_id); $insert_b->setInt(2, intval(@$_REQUEST['timezone'])); $request['dba']->executeUpdate("INSERT INTO " . K4USERSETTINGS . " (user_id) VALUES (" . $user_id . ")"); $insert_b->executeUpdate(); $datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?"); /* Set the datastore values */ $datastore = $_DATASTORE['forumstats']; $datastore['num_members'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS); $datastore['newest_user_id'] = $user_id; $datastore['newest_user_name'] = $name; $datastore_update->setString(1, serialize($datastore)); $datastore_update->setString(2, 'forumstats'); $datastore_update->executeUpdate(); reset_cache('datastore'); /* Do we need to validate their email by having them follow a url? */ if (intval($_SETTINGS['verifyemail']) == 1) { $verify_url = $_URL; $verify_url->args = array('act' => 'activate_accnt', 'key' => $reg_key); $verify_url->file = 'member.php'; $url = str_replace('&', '&', $verify_url->__toString()); $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET usergroups = '1' WHERE id = " . intval($user_id)); $email = sprintf($request['template']->getVar('L_REGISTEREMAILRMSG'), $name, $_SETTINGS['bbtitle'], $url, $_SETTINGS['bbtitle']); $action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTEREMAIL', $_SETTINGS['bbtitle'], $_REQUEST['email']), 'content', FALSE, 'index.php', 5); //return $action->execute($request); } else { $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET perms = " . MEMBER . ", priv_key = '', reg_key = '' WHERE id = " . intval($user_id)); $action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTER', $_SETTINGS['bbtitle']), 'content', FALSE, 'index.php', 5); //return $action->execute($request); $email = sprintf($request['template']->getVar('L_REGISTEREMAILMSG'), $name, $_SETTINGS['bbtitle'], $_SETTINGS['bbtitle']); } /* Finally, mail our user */ email_user($_REQUEST['email'], sprintf($request['template']->getVar('L_REGISTEREMAILTITLE'), $_SETTINGS['bbtitle']), $email); return TRUE; } else { $action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERLOGGEDIN'), 'content', FALSE, 'index.php', 3); return TRUE; } return FALSE; } }
function current() { $temp = parent::current(); $temp['posticon'] = @$temp['posticon'] != '' ? file_exists(BB_BASE_DIR . '/tmp/upload/posticons/' . @$temp['posticon']) ? @$temp['posticon'] : 'clear.gif' : 'clear.gif'; $temp['post_id'] = 't' . $temp['post_id']; if ($temp['poster_id'] > 0) { $temp['post_display_user_ddmenu'] = 1; if (!isset($this->users[$temp['poster_id']])) { $user = $this->dba->getRow("SELECT " . $this->qp['user'] . $this->qp['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id=ui.user_id WHERE u.id=" . intval($temp['poster_id'])); if (is_array($user) && !empty($user)) { $group = get_user_max_group($user, $this->groups); $user['group_color'] = !isset($group['color']) || $group['color'] == '' ? '000000' : $group['color']; $user['group_nicename'] = isset($group['nicename']) ? $group['nicename'] : ''; $user['group_avatar'] = isset($group['avatar']) ? $group['avatar'] : ''; $user['online'] = time() - ini_get('session.gc_maxlifetime') > $user['seen'] ? 'offline' : 'online'; $this->users[$user['id']] = $user; } } else { $user = $this->users[$temp['poster_id']]; } if (is_array($user) && !empty($user)) { if ($user['flag_level'] > 0 && $_SESSION['user']->get('perms') >= MODERATOR) { $temp['post_user_background'] = 'background-color: #FFFF00;'; } foreach ($user as $key => $val) { $temp['post_user_' . $key] = $val; } $temp['profilefields'] =& new FAArrayIterator(get_profile_fields($this->fields, $temp)); $temp['post_user_title'] = $user['user_title']; $temp['post_user_user_title'] = get_user_title($user['user_title'], $user['num_posts']); } if (!isset($temp['post_user_online'])) { $temp['post_user_online'] = 'offline'; } /* This array holds all of the userinfo for users that post to this topic */ $this->users[$user['id']] = $user; } else { $temp['post_user_id'] = 0; $temp['post_user_name'] = $temp['poster_name']; } /* Deal with acronyms */ replace_acronyms($temp['body_text']); /* word censors */ replace_censors($temp['body_text']); replace_censors($temp['name']); /* Do any polls if they exist */ do_post_polls($temp, $this->dba); /* do we have any attachments? */ if (isset($temp['attachments']) && $temp['attachments'] > 0) { $temp['attachment_files'] = new K4AttachmentsIterator($this->dba, $this->user, $temp['post_id'], 0); } // url's $temp['U_TOPICURL'] = K4Url::getTopicUrl($temp['post_id']); $temp['U_POSTURL'] = K4Url::getPostUrl($temp['post_id']); $temp['U_MEMBERURL'] = K4Url::getMemberUrl($temp['poster_id']); if ($this->sr && $temp['num_replies'] > 0) { $this->result = $this->dba->executeQuery("SELECT * FROM " . K4POSTS . " WHERE parent_id = " . intval($temp['post_id']) . " AND row_type=" . REPLY . " " . ($this->post_id ? "AND post_id = " . $this->post_id : "") . " AND created >= " . 3600 * 24 * intval($temp['daysprune']) . " ORDER BY " . $temp['sortedby'] . " " . $temp['sortorder'] . " LIMIT " . intval($temp['start']) . "," . intval($temp['postsperpage'])); $temp['replies'] = new RepliesIterator($this->user, $this->dba, $this->result, $this->qp, $this->users, $this->groups, $this->fields); } return $temp; }
function current() { $temp = parent::current(); $temp['posticon'] = isset($temp['posticon']) && @$temp['posticon'] != '' ? iif(file_exists(BB_BASE_DIR . '/tmp/upload/posticons/' . @$temp['posticon']), @$temp['posticon'], 'clear.gif') : 'clear.gif'; $temp['post_id'] = 'r' . $temp['post_id']; if ($temp['poster_id'] > 0) { if (!isset($this->users[$temp['poster_id']])) { $temp['post_display_user_ddmenu'] = 1; // display a ddmenu $user = $this->dba->getRow("SELECT " . $this->qp['user'] . $this->qp['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id=ui.user_id WHERE u.id=" . intval($temp['poster_id'])); if (is_array($user) && !empty($user)) { $group = get_user_max_group($user, $this->groups); $user['group_color'] = !isset($group['color']) || $group['color'] == '' ? '000000' : $group['color']; $user['group_nicename'] = $group['nicename']; $user['group_avatar'] = $group['avatar']; $user['online'] = time() - ini_get('session.gc_maxlifetime') > $user['seen'] ? 'offline' : 'online'; $this->users[$user['id']] = $user; } } else { $temp['post_display_user_ddmenu'] = $this->result->hasPrev() ? 0 : 1; // use a different ddmenu $user = $this->users[$temp['poster_id']]; } if (is_array($user) && !empty($user)) { if ($user['flag_level'] > 0 && $_SESSION['user']->get('perms') >= MODERATOR) { $temp['post_user_background'] = 'background-color: #FFFF00;'; } foreach ($user as $key => $val) { $temp['post_user_' . $key] = $val; } $temp['profilefields'] = new FAArrayIterator(get_profile_fields($this->fields, $temp)); $temp['post_user_title'] = $user['user_title']; $temp['post_user_user_title'] = get_user_title($user['user_title'], $user['num_posts']); } if (!isset($temp['post_user_online'])) { $temp['post_user_online'] = 'offline'; } } else { $temp['post_user_id'] = 0; $temp['post_user_name'] = $temp['poster_name']; } /* do we have any attachments? */ if (isset($temp['attachments']) && $temp['attachments'] > 0) { $temp['attachment_files'] = new K4AttachmentsIterator($this->dba, $this->user, $temp['post_id'], $temp['post_id']); } /* Deal with acronyms */ replace_acronyms($temp['body_text']); /* word censors!! */ replace_censors($temp['body_text']); replace_censors($temp['name']); /* Do any polls if they exist */ do_post_polls($temp, $this->dba); /* Should we free the result? */ if (!$this->hasNext()) { $this->result->free(); } return $temp; }
function current() { $temp = parent::current(); /* Cache this forum in the session */ cache_forum($temp); /** * Do the icon */ switch ($temp['row_type']) { case FORUM: $temp['forum_icon'] = 'forum_off'; forum_icon($temp, $temp['forum_icon']); break; case GALLERY: $temp['forum_icon'] = 'forum_gallery'; break; case METAFORUM: $temp['forum_icon'] = 'forum_meta'; break; case ARCHIVEFORUM: $temp['forum_icon'] = 'forum_archive'; break; } /* Set a nice representation of what level we're on */ $temp['level'] = @str_repeat(' ', $this->level); /* Should we query down to the next level of forums? */ if ($temp['row_type'] & CATEGORY) { $temp['forums'] =& new K4ForumsIterator($this->dba, "SELECT * FROM " . K4FORUMS . " WHERE parent_id = " . $temp['forum_id'] . " ORDER BY row_order ASC", TRUE, $this->level + 1); } if ($this->do_recurse) { if ($temp['subforums'] > 0 && $this->settings['showsubforums'] == 1) { $it = new K4ForumsIterator($this->dba, "SELECT * FROM " . K4FORUMS . " WHERE parent_id = " . intval($temp['forum_id']) . " ORDER BY row_order ASC", FALSE, $this->level + 1); if ($it->hasNext()) { // add the iterator $temp['subforums_list'] = $it; } else { // if this forum doesn't actually have subforums, fix it $this->dba->executeUpdate("UPDATE " . K4FORUMS . " SET subforums=0 WHERE forum_id = " . intval($temp['forum_id'])); } } } /** * Get the moderators */ $temp['moderators'] = array(); $temp['are_moderators'] = 0; if ($temp['moderating_groups'] != '') { $groups = explode('|', $temp['moderating_groups']); if (is_array($groups)) { foreach ($groups as $g) { if (isset($this->usergroups[$g])) { $temp['U_USERGROUPURL'] = K4Url::getUserGroupUrl($g); $temp['moderators'][] = $this->usergroups[$g]; } } $temp['are_moderators'] = 1; } } if ($temp['moderating_users'] != '') { $users = force_unserialize($temp['moderating_users']); if (is_array($users) && !empty($users)) { foreach ($users as $user_id => $username) { $temp['U_GMEMBERURL'] = K4Url::getMemberUrl($user_id); $temp['moderators'][] = array('user_id' => $user_id, 'name' => $username); } $temp['are_moderators'] = 1; } } $temp['moderators'] =& new FAArrayIterator($temp['moderators']); /* Replace topic/post names with censors */ replace_censors($temp['topic_name']); replace_censors($temp['post_name']); $temp['topics'] = number_format($temp['topics']); $temp['replies'] = number_format($temp['replies']); $temp['posts'] = number_format($temp['posts']); // /* Set cookies for all of the topics */ // bb_settopic_cache_item('forums', serialize($this->forums), time() + 3600 * 25 * 5); $temp['safe_description'] = strip_tags($temp['description']); $temp['forum'] = $temp['row_type'] == CATEGORY ? 0 : 1; // custom url's $temp['U_FORUMURL'] = K4Url::getForumUrl($temp['forum_id']); $temp['U_TOPICURL'] = K4Url::getTopicUrl($temp['post_id']); $temp['U_POSTURL'] = K4Url::getPostUrl($temp['post_id']); $temp['U_FINDPOSTURL'] = K4Url::getPostUrl($temp['post_id']); $temp['U_MEMBERURL'] = K4Url::getMemberUrl($temp['post_uid']); $temp['U_REDIRECTURL'] = K4Url::getRedirectUrl($temp['forum_id']); /* Return the formatted forum info */ return $temp; }
function current() { $temp = parent::current(); /* Set the topic icons */ $temp['posticon'] = $temp['posticon'] != '' ? iif(file_exists(BB_BASE_DIR . '/tmp/upload/posticons/' . $temp['posticon']), $temp['posticon'], 'clear.gif') : 'clear.gif'; $new = $temp['member_has_read'] == 0 ? TRUE : FALSE; $temp['use_pager'] = 0; if ($this->repliesperpage < $temp['num_replies']) { /* Create a pager */ $temp['use_pager'] = 1; $temp['num_pages'] = @ceil($temp['num_replies'] / $this->repliesperpage); $temp['pager'] = paginate($temp['num_replies'], '«', '<', '', '>', '»', $this->repliesperpage, $temp['pm_id']); } if ($temp['poster_id'] > 0) { if (in_array($temp['poster_id'], $this->flagged_users) && $_SESSION['user']->get('perms') >= MODERATOR) { $temp['post_user_background'] = 'background-color: #FFFF00;'; } } if ($temp['is_draft'] == 1) { $temp['url'] = 'member.php?act=usercp&view=pmnewmessage&draft=' . $temp['pm_id']; } else { $temp['url'] = 'member.php?act=usercp&view=pmsg&pm=' . $temp['pm_id']; } if ($new) { $temp['is_new'] = 1; } /* Censor subjects if necessary */ replace_censors($temp['name']); /* Should we free the result? */ if (!$this->hasNext()) { $this->result->free(); } return $temp; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { global $_PROFILEFIELDS, $_SETTINGS; k4_bread_crumbs($request['template'], $request['dba'], 'L_USERS'); $request['template']->setVar('users_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/users.html'); if (!isset($_REQUEST['user_id']) || intval($_REQUEST['user_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE); return $action->execute($request); } $user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE id=" . intval($_REQUEST['user_id']) . " LIMIT 1"); if (!is_array($user) || empty($user)) { $action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE); return $action->execute($request); } /* Collect the custom profile fields */ $query_fields = ''; foreach ($_PROFILEFIELDS as $field) { /* This insures that we only put in what we need to */ if (isset($_REQUEST[$field['name']])) { switch ($field['inputtype']) { default: case 'text': case 'textarea': case 'select': if ($_REQUEST[$field['name']] != '') { $query_fields .= ', ' . $field['name'] . "='" . $request['dba']->quote(k4_htmlentities($_REQUEST[$field['name']], ENT_QUOTES)) . "'"; } break; case 'multiselect': case 'radio': case 'check': if (is_array($_REQUEST[$field['name']]) && !empty($_REQUEST[$field['name']])) { $query_fields .= ',' . $field['name'] . "='" . $request['dba']->quote(serialize($_REQUEST[$field['name']])) . "'"; } break; } } } /** * Error checking */ /* Username checks */ if (!$this->runPostFilter('uname', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); } if (!$this->runPostFilter('uname', new FARegexFilter('~^[a-zA-Z]([a-zA-Z0-9]*[-_ ]?)*[a-zA-Z0-9]*$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); } if (!$this->runPostFilter('uname', new FALengthFilter(intval($_SETTINGS['maxuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOLONG', intval($_SETTINGS['maxuserlength'])), 'content', TRUE); } if (!$this->runPostFilter('uname', new FALengthFilter(intval($_SETTINGS['maxuserlength']), intval($_SETTINGS['minuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])), 'content', TRUE); } if ($_REQUEST['uname'] != $user['name']) { if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['uname']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETAKEN'), 'content', TRUE); } } if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4BADUSERNAMES . " WHERE name = '" . $request['dba']->quote($_REQUEST['uname']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMENOTGOOD'), 'content', TRUE); } if (isset($action)) { return $action->execute($request); } /* Check the appropriatness of the username */ $name = $_REQUEST['uname']; replace_censors($name); if ($name != $_REQUEST['uname']) { $action = new K4InformationAction(new K4LanguageElement('L_INNAPROPRIATEUNAME'), 'content', TRUE); } /* Email checks */ if (!$this->runPostFilter('email', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE); } if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE); } if ($_SETTINGS['requireuniqueemail'] == 1 && $_REQUEST['email'] != $user['email']) { if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE email = '" . $request['dba']->quote($_REQUEST['email']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILTAKEN'), 'content', TRUE); } } if (isset($action)) { return $action->execute($request); } /** * * Update User * */ $usergroups = isset($_REQUEST['usergroups']) && is_array($_REQUEST['usergroups']) ? $_REQUEST['usergroups'] : array(2); $name = k4_htmlentities(strip_tags($_REQUEST['uname']), ENT_QUOTES); $reg_key = md5(uniqid(rand(), TRUE)); $insert_a = $request['dba']->prepareStatement("UPDATE " . K4USERS . " SET name=?,email=?,perms=?,usergroups=? WHERE id=?"); $insert_a->setString(1, $name); $insert_a->setString(2, $_REQUEST['email']); $insert_a->setInt(3, $_REQUEST['permissions']); $insert_a->setString(4, '|' . implode('|', $usergroups) . '|'); // Registered Users $insert_a->setInt(5, $user['id']); $insert_a->executeUpdate(); $insert_b = $request['dba']->prepareStatement("UPDATE " . K4USERINFO . " SET timezone=? " . $query_fields . " WHERE user_id=?"); $insert_b->setInt(1, intval(@$_REQUEST['timezone'])); $insert_b->setInt(2, $user['id']); $insert_b->executeUpdate(); /** * * User Profile * */ $query = "UPDATE " . K4USERINFO . " SET "; $error = ''; $fields = array('fullname', 'icq', 'aim', 'msn', 'yahoo', 'jabber', 'googletalk'); foreach ($fields as $field) { if (isset($_REQUEST[$field]) && $_REQUEST[$field] != '') { $query .= $field . "='" . $request['dba']->quote($_REQUEST[$field]) . "', "; } } // deal with the timezone if (isset($_REQUEST['timezone']) && $_REQUEST['timezone'] != '') { $query .= "timezone = " . intval($_REQUEST['timezone']) . ", "; } // could this check get any uglier/more stupid? $birthday = ''; if (isset($_REQUEST['month']) && isset($_REQUEST['day']) && isset($_REQUEST['year'])) { if (intval($_REQUEST['month']) != 0 && ctype_digit($_REQUEST['month']) && (intval($_REQUEST['day']) != 0 && ctype_digit($_REQUEST['day'])) && (intval($_REQUEST['year']) != 0 && ctype_digit($_REQUEST['year']))) { $birthday = $request['dba']->quote($_REQUEST['month'] . '/' . $_REQUEST['day'] . '/' . $_REQUEST['year']); $birthday = strlen($birthday) == 10 ? $birthday : ''; } } // finish off this query $query .= "birthday = '" . $birthday . "' WHERE user_id = " . intval($user['id']); /* Update the user */ $request['dba']->executeUpdate($query); /** * * User Options * */ /* Do half-checks on the styles/language stuff */ $language = !in_array($_REQUEST['language'], get_files(K4_BASE_DIR . '/lang/', TRUE, TRUE)) ? $request['user']->get('language') : $_REQUEST['language']; $imageset = !in_array($_REQUEST['imageset'], get_files(BB_BASE_DIR . '/Images/', TRUE, TRUE)) ? $request['user']->get('imageset') : $_REQUEST['imageset']; $templateset = !in_array($_REQUEST['templateset'], get_files(BB_BASE_DIR . '/templates/', TRUE, TRUE)) ? $request['user']->get('templateset') : $_REQUEST['templateset']; $styleset = $request['dba']->getRow("SELECT * FROM " . K4STYLES . " WHERE id = " . intval($_REQUEST['styleset']) . " LIMIT 1"); $styleset = is_array($styleset) && !empty($styleset) ? $styleset['name'] : $request['user']->get('styleset'); /* Change the users' invisible mode */ if (isset($_REQUEST['invisible']) && (intval($_REQUEST['invisible']) == 0 || intval($_REQUEST['invisible']) == 1) && intval($_REQUEST['invisible']) != $request['user']->get('invisible')) { $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET invisible = " . intval($_REQUEST['invisible']) . " WHERE id = " . intval($request['user']->get('id'))); } /** * Prepare the big query */ $query = $request['dba']->prepareStatement("UPDATE " . K4USERSETTINGS . " SET templateset=?,styleset=?,imageset=?,language=?,topic_display=?,notify_pm=?,popup_pm=?,topicsperpage=?,postsperpage=?,viewimages=?,viewavatars=?,viewsigs=?,viewflash=?,viewemoticons=?,viewcensors=?,topic_threaded=? WHERE user_id = ?"); $query->setString(1, $templateset); $query->setString(2, $styleset); $query->setString(3, $imageset); $query->setString(4, $language); $query->setInt(5, $_REQUEST['topic_display']); $query->setInt(6, $_REQUEST['notify_pm']); $query->setInt(7, $_REQUEST['popup_pm']); $query->setInt(8, $_REQUEST['topicsperpage']); $query->setInt(9, $_REQUEST['postsperpage']); $query->setInt(10, $_REQUEST['viewimages']); $query->setInt(11, $_REQUEST['viewavatars']); $query->setInt(12, $_REQUEST['viewsigs']); $query->setInt(13, $_REQUEST['viewflash']); $query->setInt(14, $_REQUEST['viewemoticons']); $query->setInt(15, $_REQUEST['viewcensors']); $query->setInt(16, $_REQUEST['topic_threaded']); $query->setInt(17, $user['id']); $query->executeUpdate(); /** * * Datastore * */ if ($_DATASTORE['forumstats']['newest_user_id'] == $user['id']) { $datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?"); $datastore = $_DATASTORE['forumstats']; $datastore['newest_user_name'] = $name; $datastore_update->setString(1, serialize($datastore)); $datastore_update->setString(2, 'forumstats'); $datastore_update->executeUpdate(); reset_cache('datastore'); } /** * * User Name * */ if ($name != $user['name']) { $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET edited_username='******'dba']->quote($name) . "' WHERE edited_userid=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET lastpost_uname='" . $request['dba']->quote($name) . "' WHERE lastpost_uid=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4FORUMS . " SET post_uname='" . $request['dba']->quote($name) . "' WHERE post_uid=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4POLLVOTES . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4RATINGS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4USERGROUPS . " SET mod_name='" . $request['dba']->quote($name) . "' WHERE mod_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4BADPOSTREPORTS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4BADPOSTREPORTS . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4BANNEDUSERS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id'])); $request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET member_name='" . $request['dba']->quote($name) . "' WHERE member_id=" . intval($user['id'])); } /** * * DONE * */ $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDUSER', $name), 'content', FALSE, 'admin.php?act=users', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }