function prepareInputForUpdate($input) { global $CFG_GLPI; //picture manually uploaded by user if (isset($input["_blank_picture"]) && $input["_blank_picture"]) { self::dropPictureFiles($this->fields['picture']); $input['picture'] = 'NULL'; } else { if (isset($_FILES['picture'])) { if (!count($_FILES['picture']) || empty($_FILES['picture']['name']) || !is_file($_FILES['picture']['tmp_name'])) { switch ($_FILES['picture']['error']) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: Session::addMessageAfterRedirect(__('File too large to be added.'), false, ERROR); break; case UPLOAD_ERR_NO_FILE: // Session::addMessageAfterRedirect(__('No file specified.'),false,ERROR); break; } } else { if (toolbox::getMime($_FILES['picture']['tmp_name'], 'image')) { // Unlink old picture (clean on changing format) self::dropPictureFiles($this->fields['picture']); // Move uploaded file $filename = uniqid($this->fields['id'] . '_'); $sub = substr($filename, -2); /* 2 hex digit */ $tmp = explode(".", $_FILES['picture']['name']); $extension = array_pop($tmp); @mkdir(GLPI_PICTURE_DIR . "/{$sub}"); $picture_path = GLPI_PICTURE_DIR . "/{$sub}/{$filename}.{$extension}"; self::dropPictureFiles($filename . "." . $extension); if (in_array($extension, array('jpg', 'jpeg', 'png', 'bmp', 'gif')) && Document::renameForce($_FILES['picture']['tmp_name'], $picture_path)) { Session::addMessageAfterRedirect(__('The file is valid. Upload is successful.')); // For display $input['picture'] = "{$sub}/{$filename}.{$extension}"; //prepare a thumbnail $thumb_path = GLPI_PICTURE_DIR . "/{$sub}/{$filename}_min.{$extension}"; Toolbox::resizePicture($picture_path, $thumb_path); } else { Session::addMessageAfterRedirect(__('Potential upload attack or file too large. Moving temporary file failed.'), false, ERROR); } } else { Session::addMessageAfterRedirect(__('The file is not an image file.'), false, ERROR); } } } else { //ldap jpegphoto synchronisation. if (isset($this->fields["authtype"]) && ($this->fields["authtype"] == Auth::LDAP || Auth::isAlternateAuth($this->fields['authtype'])) && ($picture = $this->syncLdapPhoto())) { if (!empty($picture)) { $input['picture'] = $picture; } } } } if (isset($input["password2"])) { // Empty : do not update if (empty($input["password"])) { unset($input["password"]); } else { if ($input["password"] == $input["password2"]) { // Check right : my password of user with lesser rights if (isset($input['id']) && Config::validatePassword($input["password"]) && ($input['id'] == Session::getLoginUserID() || $this->currentUserHaveMoreRightThan($input['id']) || $input['password_forget_token'] == $this->fields['password_forget_token'] && abs(strtotime($_SESSION["glpi_currenttime"]) - strtotime($this->fields['password_forget_token_date'])) < DAY_TIMESTAMP && $this->isEmail($input['email']))) { $input["password"] = Auth::getPasswordHash(Toolbox::unclean_cross_side_scripting_deep(stripslashes($input["password"]))); } else { unset($input["password"]); } unset($input["password2"]); } else { Session::addMessageAfterRedirect(__('Error: the two passwords do not match'), false, ERROR); return false; } } } else { if (isset($input["password"])) { // From login unset($input["password"]); } } // Update User in the database if (!isset($input["id"]) && isset($input["name"])) { if ($this->getFromDBbyName($input["name"])) { $input["id"] = $this->fields["id"]; } } if (isset($input["entities_id"]) && Session::getLoginUserID() === $input['id']) { $_SESSION["glpidefault_entity"] = $input["entities_id"]; } // Security on default profile update if (isset($input['profiles_id'])) { if (!in_array($input['profiles_id'], Profile_User::getUserProfiles($input['id']))) { unset($input['profiles_id']); } } // Security on default entity update if (isset($input['entities_id'])) { if (!in_array($input['entities_id'], Profile_User::getUserEntities($input['id']))) { unset($input['entities_id']); } } if (isset($input['_reset_personal_token'])) { $input['personal_token'] = self::getUniquePersonalToken(); $input['personal_token_date'] = $_SESSION['glpi_currenttime']; } // Manage preferences fields if (Session::getLoginUserID() === $input['id']) { if (isset($input['use_mode']) && $_SESSION['glpi_use_mode'] != $input['use_mode']) { $_SESSION['glpi_use_mode'] = $input['use_mode']; //Session::loadLanguage(); } } foreach ($CFG_GLPI['user_pref_field'] as $f) { if (isset($input[$f])) { if (Session::getLoginUserID() === $input['id']) { if ($_SESSION["glpi{$f}"] != $input[$f]) { $_SESSION["glpi{$f}"] = $input[$f]; // reinit translations if ($f == 'language') { $_SESSION['glpi_dropdowntranslations'] = DropdownTranslation::getAvailableTranslations($_SESSION["glpilanguage"]); unset($_SESSION['glpimenu']); } } } if ($input[$f] == $CFG_GLPI[$f]) { $input[$f] = "NULL"; } } } return $input; }