function phorum_htmlpurifier_migrate_sigs($offset)
{
global $PHORUM;
if (!$offset) {
return;
}
// bail out quick if $offset == 0
// theoretically, we could get rid of this multi-request
// doo-hickery if safe mode is off
@set_time_limit(0);
// attempt to let this run
$increment = $PHORUM['mod_htmlpurifier']['migrate-sigs-increment'];
require_once dirname(__FILE__) . '/../migrate.php';
// migrate signatures
// do this in batches so we don't run out of time/space
$end = $offset + $increment;
$user_ids = array();
for ($i = $offset; $i < $end; $i++) {
$user_ids[] = $i;
}
$userinfos = phorum_db_user_get_fields($user_ids, 'signature');
foreach ($userinfos as $i => $user) {
if (empty($user['signature'])) {
continue;
}
$sig = $user['signature'];
// perform standard Phorum processing on the sig
$sig = str_replace(array("&", "<", ">"), array("&", "<", ">"), $sig);
$sig = preg_replace("/<((http|https|ftp):\\/\\/[a-z0-9;\\/\\?:@=\\&\$\\-_\\.\\+!*'\\(\\),~%]+?)>/i", "\$1", $sig);
// prepare fake data to pass to migration function
$fake_data = array(array("author" => "", "email" => "", "subject" => "", 'body' => $sig));
list($fake_message) = phorum_htmlpurifier_migrate($fake_data);
$user['signature'] = $fake_message['body'];
if (!phorum_api_user_save($user)) {
exit('Error while saving user data');
}
}
unset($userinfos);
// free up memory
// query for highest ID in database
$type = $PHORUM['DBCONFIG']['type'];
$sql = "select MAX(user_id) from {$PHORUM['user_table']}";
$row = phorum_db_interact(DB_RETURN_ROW, $sql);
$top_id = (int) $row[0];
$offset += $increment;
if ($offset > $top_id) {
// test for end condition
echo 'Migration finished';
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = FALSE;
phorum_htmlpurifier_commit_settings();
return TRUE;
}
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'admin.php?module=modsettings&mod=htmlpurifier&migrate-sigs=' . $offset;
// relies on output buffering to work
header("Location: http://{$host}{$uri}/{$extra}");
exit;
}
echo "migrating users ...{$CONVERT['lbr']}";
flush();
$group_perms = phorum_convert_getUserGroups($oldlink);
$res = phorum_convert_selectUsers($oldlink);
if (!$res) {
echo "No users found, All done now.{$CONVERT['lbr']}";
flush();
exit;
}
// there are users...
$count = 0;
$userdata["date_added"] = time();
$cur_time = time();
while ($cur_user = phorum_convert_getNextUser($res)) {
if (isset($cur_user['user_id'])) {
phorum_api_user_save($cur_user, PHORUM_FLAG_RAW_PASSWORD);
$user_groups = array();
if (isset($group_perms[$cur_user['user_id']])) {
$user_groups = $group_perms[$cur_user['user_id']];
}
if (count($user_groups)) {
// setting the user's group-memberships
phorum_db_user_save_groups($cur_user['user_id'], $user_groups);
}
$count++;
}
}
unset($users);
print "{$count} users converted{$CONVERT['lbr']}";
}
echo "{$CONVERT['lbr']}Done.{$CONVERT['lbr']}";
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
// don't allow this page to be loaded directly
if (!defined("PHORUM_ADMIN")) {
exit;
}
if (count($_POST)) {
if (!empty($_POST['phorum_admin_token']) && $_POST['phorum_admin_token'] == $PHORUM["user"]['settings_data']['admin_token'] && time() - PHORUM_ADMIN_TOKEN_TIMEOUT < $PHORUM["user"]['settings_data']['admin_token_time']) {
if (!empty($_POST['cancel'])) {
$PHORUM["user"]['settings_data']['admin_token'] = "";
$tmp_user = array('user_id' => $PHORUM["user"]['user_id'], 'settings_data' => $PHORUM["user"]['settings_data']);
phorum_api_user_save($tmp_user);
phorum_api_redirect($PHORUM['http_path']);
} elseif (!empty($_POST['continue'])) {
if (!empty($_POST['target'])) {
$url = phorum_admin_build_url($_POST['target'], TRUE);
} else {
$url = phorum_admin_build_url(NULL, TRUE);
}
phorum_api_redirect($url);
}
exit;
}
}
// We have no token or our token expired.
// Generate a fresh token.
$admin_token_time = time();
// clean up
unset($user_data["module"]);
unset($user_data["section"]);
unset($user_data["password1"]);
unset($user_data["password2"]);
unset($user_data["submit"]);
unset($user_data["phorum_admin_token"]);
if (empty($error)) {
$user_data = phorum_hook("admin_users_form_save", $user_data);
if (isset($user_data["error"])) {
$error = $user_data["error"];
unset($user_data["error"]);
}
}
if (empty($error)) {
phorum_api_user_save($user_data);
phorum_admin_okmsg("User Saved");
}
}
}
if ($error) {
phorum_admin_error($error);
}
include_once "./include/admin/PhorumInputForm.php";
include_once "./include/profile_functions.php";
if (!defined("PHORUM_ORIGINAL_USER_CODE") || PHORUM_ORIGINAL_USER_CODE !== true) {
echo "Phorum User Admin only works with the Phorum User System.";
return;
}
if (!isset($_GET["edit"]) && !isset($_GET["add"]) && !isset($addUser_error) && !isset($_POST['section'])) {
$users_url = phorum_admin_build_url(array('module=users'));
}
}
// Authenticating the user failed? Let's check if the user
// already exists at all.
if (!$user_id) {
$user = phorum_api_user_search('username', $_POST['admin_user']);
if ($user) {
phorum_admin_error("That user already exists in the database.");
break;
}
}
// The user does not yet exist. Create it now.
if (!$user_id) {
// add the user
$user = array("user_id" => NULL, "username" => $_POST["admin_user"], "password" => $_POST["admin_pass"], "email" => $_POST["admin_email"], "active" => 1, "admin" => 1);
if (!phorum_api_user_save($user)) {
phorum_admin_error("There was an error adding the user.");
break;
}
}
// set the default http_path so we can continue.
if (!empty($_SERVER["HTTP_REFERER"])) {
$http_path = $_SERVER["HTTP_REFERER"];
} elseif (!empty($_SERVER['HTTP_HOST'])) {
$http_path = "http://" . $_SERVER['HTTP_HOST'];
$http_path .= $_SERVER['PHP_SELF'];
} else {
$http_path = "http://" . $_SERVER['SERVER_NAME'];
$http_path .= $_SERVER['PHP_SELF'];
}
$PHORUM['DB']->update_settings(array("http_path" => dirname($http_path)));
$mail_data['mailmessage'] = wordwrap(str_replace(array('%title%', '%username%', '%verify_url%', '%login_url%'), array($PHORUM['title'], $user['username'], $verify_url, phorum_api_url(PHORUM_LOGIN_URL)), $PHORUM['DATA']['LANG']['VerifyRegEmailBody']), 72);
} else {
// Hide the deprecated language strings from the
// amin language tool by not using the full syntax
// for those.
$lang = $PHORUM['DATA']['LANG'];
$mail_data['mailmessage'] = wordwrap($lang['VerifyRegEmailBody1'], 72) . "\n\n{$verify_url}\n\n" . wordwrap($lang['VerifyRegEmailBody2'], 72);
}
phorum_api_mail($user['email'], $mail_data);
$okmsg = $PHORUM['DATA']['LANG']['RegVerifyEmail'];
$template = 'message';
$hook_args = array('status' => 'new_verification', 'email' => $_POST['lostpass'], 'user' => $user, 'secret' => $regcode);
} else {
// Generate and store a new password for the user.
$newpass = phorum_api_generate_password();
phorum_api_user_save(array('user_id' => $uid, 'password_temp' => $newpass));
// Mail the new password.
$user = phorum_api_user_get($uid);
$mail_data = array();
// The mailmessage can be composed in two different ways.
// This was done for backward compatibility for the language
// files. Up to Phorum 5.2, we had LostPassEmailBody1 and
// LostPassEmailBody2 for defining the lost password mail body.
// In 5.3, we switched to a single variable LostPassEmailBody.
// Eventually, the variable replacements need to be handled
// by the mail API layer.
if (isset($PHORUM['DATA']['LANG']['LostPassEmailBody'])) {
$mail_data['mailmessage'] = wordwrap(str_replace(array('%title%', '%username%', '%password%', '%login_url%'), array($PHORUM['title'], $user['username'], $newpass, phorum_api_url(PHORUM_LOGIN_URL)), $PHORUM['DATA']['LANG']['LostPassEmailBody']), 72);
} else {
// Hide the deprecated language strings from the
// amin language tool by not using the full syntax
/**
* Check the authentication credentials for a user.
*
* @example user_login.php Handle a user forum login
*
* @param string $type
* The type of session for which authentication is run. This must be
* one of {@link PHORUM_FORUM_SESSION} or {@link PHORUM_ADMIN_SESSION}.
*
* This parameter is mostly used for logging purposes and for giving
* mods a chance to handle user authentication for only a certain type
* of session. It is not used for denying authentication if for example
* a standard user tries to authenticate for the admin interface. Those
* restrictions are handled in a different part of the user API.
*
* See the documentation for {@link phorum_api_user_session_create()}
* for more information on Phorum user sessions.
*
* @param string $username
* The username for the user.
*
* @param string $password
* The password for the user.
*
* @return mixed
* If the authentication credentials are correct, this function returns
* the user_id of the authenticated user. Otherwise, FALSE is returned.
*/
function phorum_api_user_authenticate($type, $username, $password)
{
$PHORUM = $GLOBALS['PHORUM'];
$user_id = NULL;
/**
* [hook]
* user_authenticate
*
* [description]
* This hooks gives modules a chance to handle the user
* authentication (for example to authenticate against an
* external source like an LDAP server).
*
* [category]
* User authentication and session handling
*
* [when]
* Just before Phorum runs its own user authentication.
*
* [input]
* An array containing the following fields:
* <ul>
* <li>type:
* either PHORUM_FORUM_SESSION or PHORUM_ADMIN_SESSION;</li>
* <li>username:
* the username of the user to authenticate;</li>
* <li>password:
* the password of the user to authenticate;</li>
* <li>user_id:
* Always NULL on input. This field implements the
* authentication state.</li>
* </ul>
*
* [output]
* The same array as the one that was used for the hook call
* argument, possibly with the user_id field updated. This field
* can be set to one of the following values by a module:
*
* <ul>
* <li>NULL: let Phorum handle the authentication</li>
* <li>FALSE: the authentication credentials are rejected</li>
* <li>1234: the numerical user_id of the authenticated user</li>
* </ul>
*
* [example]
* <hookcode>
* function phorum_mod_foo_user_authenticate($auth)
* {
* // Only trust admin logins from IP addresses in 10.1.2.0/24.
* if ($auth["type"] == PHORUM_ADMIN_SESSION) {
* if (substr($_SERVER['REMOTE_ADDR'],0,7) != '10.1.2.') {
* $auth["user_id"] = FALSE;
* return $auth;
* }
* }
*
* // Let Phorum handle autentication for all users that
* // have a username starting with "bar" (not a really
* // useful feature, but it shows the use of the NULL
* // return value ;-).
* if (substr($auth["username"], 0, 3) == "bar") {
* $auth["user_id"] = NULL;
* return $auth;
* }
*
* // Authenticate other logins against an external source. Here
* // we call some made up function for checking the password,
* // which returns the user_id for the authenticated user.
* $user_id = some_func_that_checks_pw(
* $auth["username"],
* $auth["password"]
* );
* $auth["user_id"] = empty($user_id) ? FALSE : $user_id;
* return $auth;
* }
* </hookcode>
*/
if (isset($PHORUM['hooks']['user_authenticate'])) {
// Run the hook.
$authinfo = phorum_hook('user_authenticate', array('type' => $type, 'username' => $username, 'password' => $password, 'user_id' => NULL));
// Authentication rejected by module.
if ($authinfo['user_id'] === FALSE) {
return FALSE;
}
// Check if the returned user_id is numerical, if the the module
// did return a user_id.
if ($authinfo['user_id'] !== NULL && !is_numeric($authinfo['user_id'])) {
trigger_error('Hook user_check_login returned a non-numerical user_id "' . htmlspecialchars($authinfo['user_id']) . '" for the authenticated user. Phorum only supports numerical ' . 'user_id values.', E_USER_ERROR);
return NULL;
}
$user_id = $authinfo['user_id'];
}
// No module handled the authentication?
// Then we have to run the Phorum authentication.
if ($user_id === NULL) {
// Check the password.
$user_id = phorum_db_user_check_login($username, md5($password));
// Password check failed? Then try the temporary password (used for
// the password reminder feature).
$temporary_matched = FALSE;
if ($user_id == 0) {
$user_id = phorum_db_user_check_login($username, md5($password), TRUE);
if ($user_id != 0) {
$temporary_matched = TRUE;
}
}
// If the temporary password matched, then synchronize the main
// password with the temporary password. The temporary password
// is kept the same. We also reset the long term session id, so
// sessions in other browsers are reset along with the pasword
// reset. For the active browser, a new session id will be generated
// by the {@link phorum_api_user_session_create()} function.
if ($temporary_matched) {
phorum_api_user_save(array('user_id' => $user_id, 'password' => $password, 'sessid_lt' => ''));
}
}
return $user_id ? $user_id : FALSE;
}
require_once dirname(__FILE__) . '/../include/api.php';
// Make sure that the output is not buffered.
phorum_api_buffer_clear();
if (!ini_get('safe_mode')) {
set_time_limit(0);
ini_set("memory_limit", "64M");
}
$count_total = $PHORUM['DB']->user_count();
$res = $PHORUM['DB']->user_get_all();
print "\nRebuilding display name information ...\n";
$size = strlen($count_total);
$count = 0;
while ($user = $PHORUM['DB']->fetch_row($res, DB_RETURN_ASSOC)) {
// We save an empty user, to make sure that the display name in the
// database is up-to-date. This will already run needed updates in
// case the display name changed ...
phorum_api_user_save(array("user_id" => $user["user_id"]));
// ... but still we run the name updates here, so inconsistencies
// are flattened out.
$user = phorum_api_user_get($user["user_id"]);
$PHORUM['DB']->user_display_name_updates(array("user_id" => $user["user_id"], "display_name" => $user["display_name"]));
$count++;
$perc = floor($count / $count_total * 100);
$barlen = floor(20 * ($perc / 100));
$bar = "[";
$bar .= str_repeat("=", $barlen);
$bar .= str_repeat(" ", 20 - $barlen);
$bar .= "]";
printf("updating %{$size}d / %{$size}d %s (%d%%)\r", $count, $count_total, $bar, $perc);
}
print "\n\n";
/**
* A common function which is used to save the userdata from the post-data.
* @param panel - The panel for which to save data.
* @return array - An array containing $error and $okmsg.
*/
function phorum_controlcenter_user_save($panel)
{
$PHORUM = $GLOBALS['PHORUM'];
$error = "";
$okmsg = "";
// Setup the default userdata fields that can be changed
// from the control panel interface.
$userdata = array('signature' => NULL, 'hide_email' => NULL, 'hide_activity' => NULL, 'password' => NULL, 'password_temp' => NULL, 'tz_offset' => NULL, 'is_dst' => NULL, 'user_language' => NULL, 'threaded_list' => NULL, 'threaded_read' => NULL, 'email_notify' => NULL, 'show_signature' => NULL, 'pm_email_notify' => NULL, 'email' => NULL, 'email_temp' => NULL, 'user_template' => NULL, 'moderation_email' => NULL, 'real_name' => NULL);
// Add custom profile fields as acceptable fields.
foreach ($PHORUM["PROFILE_FIELDS"] as $id => $field) {
if ($id === "num_fields" || !empty($field['deleted'])) {
continue;
}
$userdata[$field["name"]] = NULL;
}
// Update userdata with $_POST information.
foreach ($_POST as $key => $val) {
if (array_key_exists($key, $userdata)) {
$userdata[$key] = $val;
}
}
// Remove unused profile fields.
foreach ($userdata as $key => $val) {
if (is_null($val)) {
unset($userdata[$key]);
}
}
// Set static userdata.
$userdata["user_id"] = $PHORUM["user"]["user_id"];
/**
* [hook]
* cc_save_user
*
* [description]
* This hook works the same way as the <hook>before_register</hook>
* hook, so you can also use it for changing and checking the user data
* that will be saved in the database. There's one difference. If you
* want to check a custom field, you'll also need to check the panel
* which you are on, because this hook is called from multiple panels.
* The panel that you are on will be stored in the
* <literal>panel</literal> field of the user data.<sbr/>
* <sbr/>
* The example hook belows demonstrates code which could be used if you
* have added a custom field to the template for the option
* <literal>Edit My Profile</literal> in the control panel.
*
* [category]
* Control center
*
* [when]
* In <filename>control.php</filename>, right before data for a user is
* saved in the control panel.
*
* [input]
* An array containing the user data to save.
* <ul>
* <li>error:
* modules can fill this field with an error message to show.</li>
* </ul>
*
* [output]
* The same array as the one that was used for the hook call
* argument, possibly with the "error" field updated in it.
*
* [example]
* <hookcode>
* function phorum_mod_foo_cc_save_user ($data)
* {
* // Only check data for the panel "user".
* if ($data['panel'] != "user") return $data;
*
* $myfield = trim($data['your_custom_field']);
* if (empty($myfield)) {
* $data['error'] = 'You need to fill in my custom field';
* }
*
* return $data;
* }
* </hookcode>
*/
if (isset($PHORUM["hooks"]["cc_save_user"])) {
$userdata = phorum_hook("cc_save_user", $userdata);
}
// Set $error, in case the cc_save_user hook did set an error.
if (isset($userdata['error'])) {
$error = $userdata['error'];
unset($userdata['error']);
// Try to update the userdata in the database.
} elseif (!phorum_api_user_save($userdata)) {
// Updating the user failed.
$error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
} else {
// Updating the user was successful.
$okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];
// Let the userdata be reloaded.
phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $userdata["user_id"]);
// If a new password was set, then reset all session id(s), so
// other computers or browser will lose any active session that
// they are running.
if (isset($userdata["password"]) && $userdata["password"] != '') {
phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_ALL);
}
// Copy data from the updated user back into the user template data.
$formatted = phorum_api_user_format(array($GLOBALS['PHORUM']['user']));
foreach ($formatted[0] as $key => $val) {
$GLOBALS['PHORUM']['DATA']['USER'][$key] = $val;
}
// Copy data from the updated user back into the template data.
// Leave PANEL and forum_id alone (these are injected into the
// userdata in the template from this script).
foreach ($GLOBALS["PHORUM"]["DATA"]["PROFILE"] as $key => $val) {
if ($key == "PANEL" || $key == "forum_id") {
continue;
}
if (isset($GLOBALS["PHORUM"]["user"][$key])) {
$GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = $GLOBALS["PHORUM"]["user"][$key];
} else {
$GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = "";
}
}
}
return array($error, $okmsg);
}
$mcount = (int) trim(fgets(STDIN));
print "\nHow many newflags do you want to set per user?\n";
print "> ";
$ncount = (int) trim(fgets(STDIN));
print "\n";
// Create random users.
$randomuserprefixes = array("CBiLL", "Gummi", "tomaz", "Oliver", "Bastian", "rheo", "iamback");
if ($ucount > 0) {
print "Creating {$ucount} random user(s):\n\n";
for ($i = 0; $i < $ucount; $i++) {
$name = $randomuserprefixes[array_rand($randomuserprefixes)];
$name .= rand(1, 9999999);
$email = $name . '@example.com';
$pass = "******";
$user = array("user_id" => NULL, "username" => $name, "password" => $pass, "email" => $email, "active" => PHORUM_USER_ACTIVE);
phorum_api_user_save($user);
print ".";
}
print "\n";
}
// Retrieve users which we can use to post with.
$users = phorum_api_user_list(PHORUM_GET_ACTIVE);
$user_ids = array_keys($users);
if (!count($user_ids)) {
die("No users found that can be used for posting.\n");
}
// Retrieve forums to post in.
$forums = $PHORUM['DB']->get_forums(0, NULL, 0);
$forum_ids = array();
foreach ($forums as $id => $forum) {
if ($forum["folder_flag"]) {
function testUserApiSave()
{
$user_id = phorum_api_user_search('username', 'testuser' . $this->sharedFixture, '=');
$gotten_user = phorum_api_user_get($user_id, true);
// now for saving the user
$gotten_user['real_name'] = 'foo';
$ret = phorum_api_user_save($gotten_user);
$this->assertGreaterThan(0, $ret, 'Saved changed user.');
$mod_user2 = array('user_id' => $gotten_user['user_id'], 'real_name' => 'test');
// and saving it raw too
$ret = phorum_api_user_save_raw($mod_user2);
$this->assertTrue($ret, 'Saved changed user (raw).');
}
case "last_active_forum":
case "hide_activity":
case "show_signature":
case "email_notify":
case "pm_email_notify":
case "tz_offset":
case "is_dst":
case "moderation_email":
$new_user[$field] = (int) $value;
break;
}
}
if (isset($user->password)) {
phorum_api_user_save($new_user, PHORUM_FLAG_RAW_PASSWORD);
} else {
phorum_api_user_save($new_user);
}
if (!empty($permissions)) {
$perm = 0;
if (isset($permissions->read)) {
$perm = $perm | PHORUM_USER_ALLOW_READ;
}
if (isset($permissions->reply)) {
$perm = $perm | PHORUM_USER_ALLOW_REPLY;
}
if (isset($permissions->edit)) {
$perm = $perm | PHORUM_USER_ALLOW_EDIT;
}
if (isset($permissions->new)) {
$perm = $perm | PHORUM_USER_ALLOW_NEW_TOPIC;
}
/**
* A common function which is used to save the userdata from the post-data.
* @param panel - The panel for which to save data.
* @return array - An array containing $error and $okmsg.
*/
function phorum_controlcenter_user_save($panel)
{
global $PHORUM;
$error = "";
$okmsg = "";
// Setup the default userdata fields that can be changed
// from the control panel interface.
$userdata = array('signature' => NULL, 'hide_email' => NULL, 'hide_activity' => NULL, 'tz_offset' => NULL, 'is_dst' => NULL, 'user_language' => NULL, 'threaded_list' => NULL, 'threaded_read' => NULL, 'email_notify' => NULL, 'show_signature' => NULL, 'pm_email_notify' => NULL, 'user_template' => NULL, 'moderation_email' => NULL, 'real_name' => NULL);
// Password related fields can only be updated from the password panel.
if ($panel == 'password') {
$userdata['password'] = NULL;
$userdata['password_temp'] = NULL;
}
// E-mail address related fields can only be updated from the email panel.
if ($panel == 'email') {
$userdata['email'] = NULL;
$userdata['email_temp'] = NULL;
}
// E-mail address related fields can only be updated from the email panel.
if ($panel == 'email') {
$userdata['email'] = NULL;
$userdata['email_temp'] = NULL;
}
// Add custom profile fields as acceptable fields.
foreach ($PHORUM["CUSTOM_FIELDS"][PHORUM_CUSTOM_FIELD_USER] as $id => $field) {
if ($id === "num_fields" || !empty($field['deleted'])) {
continue;
}
$userdata[$field["name"]] = NULL;
}
// Update userdata with $_POST information.
foreach ($_POST as $key => $val) {
if (array_key_exists($key, $userdata)) {
$userdata[$key] = $val;
}
}
// Remove unused profile fields.
foreach ($userdata as $key => $val) {
if (is_null($val)) {
unset($userdata[$key]);
}
}
// Set static userdata.
$userdata["user_id"] = $PHORUM["user"]["user_id"];
// Run a hook, so module writers can update and check the userdata.
if (isset($PHORUM["hooks"]["cc_save_user"])) {
$userdata = phorum_api_hook("cc_save_user", $userdata);
}
// Set $error, in case the cc_save_user hook did set an error.
if (isset($userdata['error'])) {
$error = $userdata['error'];
unset($userdata['error']);
// Try to update the userdata in the database.
} elseif (!phorum_api_user_save($userdata)) {
// Updating the user failed.
$error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
} else {
// Updating the user was successful.
$okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];
// Let the userdata be reloaded.
phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $userdata["user_id"]);
// If a new password was set, then reset all session id(s), so
// other computers or browser will lose any active session that
// they are running.
if (isset($userdata["password"]) && $userdata["password"] != '') {
phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_ALL);
}
// Copy data from the updated user back into the user template data.
$formatted = phorum_api_format_users(array($PHORUM['user']));
foreach ($formatted[0] as $key => $val) {
$PHORUM['DATA']['USER'][$key] = $val;
}
// Copy data from the updated user back into the template data.
// Leave PANEL and forum_id alone (these are injected into the
// userdata in the template from this script).
foreach ($PHORUM["DATA"]["PROFILE"] as $key => $val) {
if ($key == "PANEL" || $key == "forum_id") {
continue;
}
if (isset($PHORUM["user"][$key])) {
if (is_array($val)) {
// array-data would be (most often) broken when html encoded
$PHORUM["DATA"]["PROFILE"][$key] = $PHORUM["user"][$key];
} elseif (substr($key, 0, 9) == 'signature') {
// the signature needs special care - e.g. for the formatted sig
// Fake a message here so we can run the sig through format_message.
$fake_messages = array(array("author" => "", "email" => "", "subject" => "", "body" => $PHORUM["user"]["signature"]));
$fake_messages = phorum_format_messages($fake_messages);
$PHORUM["DATA"]["PROFILE"]["signature_formatted"] = $fake_messages[0]["body"];
// Format the user signature using standard message body formatting
// or HTML escape it
$PHORUM["DATA"]["PROFILE"]["signature"] = htmlspecialchars($PHORUM["user"]["signature"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
} else {
// same handling as when loading the page for the first time
$PHORUM["DATA"]["PROFILE"][$key] = htmlspecialchars($PHORUM["user"][$key], ENT_COMPAT, $PHORUM['DATA']['HCHARSET']);
}
} else {
$PHORUM["DATA"]["PROFILE"][$key] = "";
}
}
}
return array($error, $okmsg);
}
* return $data;
* }
* </hookcode>
*/
if (isset($PHORUM["hooks"]["before_register"])) {
$userdata = phorum_hook("before_register", $userdata);
}
// Set $error, in case the before_register hook did set an error.
if (isset($userdata['error'])) {
$error = $userdata['error'];
unset($userdata['error']);
}
if (empty($error)) {
// Add the user to the database.
$userdata["user_id"] = NULL;
$user_id = phorum_api_user_save($userdata);
if ($user_id) {
// The user was added. Determine what message to show.
if ($PHORUM["registration_control"] == PHORUM_REGISTER_INSTANT_ACCESS) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["RegThanks"];
} elseif ($PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_EMAIL || $PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_BOTH) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["RegVerifyEmail"];
} elseif ($PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_MODERATOR) {
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["RegVerifyMod"];
}
// Send a message to the new user in case email verification is required.
if ($PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_BOTH || $PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_EMAIL) {
$verify_url = phorum_get_url(PHORUM_REGISTER_URL, "approve=" . $userdata["password_temp"] . "{$user_id}");
// make the link an anchor tag for AOL users
if (preg_match("!aol\\.com\$!i", $userdata["email"])) {
$verify_url = "<a href=\"{$verify_url}\">{$verify_url}</a>";
