159 { |
164 { |
160 $to_update_users['account_active'] = "0"; |
165 $to_update_users['account_active'] = "0"; |
161 $to_update_users['activation_key'] = sha1($session->dss_rand()); |
166 $to_update_users['activation_key'] = sha1($session->dss_rand()); |
162 } |
167 } |
163 |
168 |
164 $to_update_users_extra = array(); |
169 // Avatar validation |
165 $to_update_users_extra['user_aim'] = $imaddr_aim; |
170 $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep'; |
166 $to_update_users_extra['user_msn'] = $imaddr_msn; |
171 $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type; |
167 $to_update_users_extra['user_yahoo'] = $imaddr_yahoo; |
172 switch($action) |
168 $to_update_users_extra['user_xmpp'] = $imaddr_xmpp; |
|
169 $to_update_users_extra['user_homepage'] = $homepage; |
|
170 $to_update_users_extra['user_location'] = $location; |
|
171 $to_update_users_extra['user_job'] = $occupation; |
|
172 $to_update_users_extra['user_hobbies'] = $hobbies; |
|
173 $to_update_users_extra['email_public'] = ( $email_public ) ? '1' : '0'; |
|
174 |
|
175 $update_sql = ''; |
|
176 |
|
177 foreach ( $to_update_users as $key => $unused_crap ) |
|
178 { |
173 { |
179 $value =& $to_update_users[$key]; |
174 case 'keep': |
180 $value = $db->escape($value); |
175 default: |
181 $update_sql .= ( empty($update_sql) ? '' : ',' ) . "$key='$value'"; |
176 break; |
|
177 case 'remove': |
|
178 if ( $has_avi ) |
|
179 { |
|
180 // First switch the avatar off |
|
181 $to_update_users['user_has_avatar'] = '0'; |
|
182 @unlink($avi_path); |
|
183 } |
|
184 break; |
|
185 case 'set_http': |
|
186 case 'set_file': |
|
187 // Hackish way to preserve the UNIX philosophy of reusing as much code as possible |
|
188 if ( $action == 'set_http' ) |
|
189 { |
|
190 // Check if this action is enabled |
|
191 if ( getConfig('avatar_upload_http') !== '1' ) |
|
192 { |
|
193 // non-localized, only appears on hack attempt |
|
194 $errors[] = 'Uploads over HTTP are disabled.'; |
|
195 break; |
|
196 } |
|
197 // Download the file |
|
198 require_once( ENANO_ROOT . '/includes/http.php' ); |
|
199 |
|
200 if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) ) |
|
201 { |
|
202 $errors[] = $lang->get('usercp_avatar_invalid_url'); |
|
203 break; |
|
204 } |
|
205 |
|
206 $hostname = $match[1]; |
|
207 $uri = '/' . $match[4]; |
|
208 $port = ( $match[3] ) ? intval($match[3]) : 80; |
|
209 $max_size = intval(getConfig('avatar_max_size')); |
|
210 |
|
211 // Get temporary file |
|
212 $tempfile = tempnam(false, "enanoavatar_{$user_id}"); |
|
213 if ( !$tempfile ) |
|
214 $errors[] = 'Error getting temp file.'; |
|
215 |
|
216 @unlink($tempfile); |
|
217 $request = new Request_HTTP($hostname, $uri, 'GET', $port); |
|
218 $result = $request->write_response_to_file($tempfile, 50, $max_size); |
|
219 if ( !$result || $request->response_code != HTTP_OK ) |
|
220 { |
|
221 @unlink($tempfile); |
|
222 $errors[] = $lang->get('usercp_avatar_bad_write'); |
|
223 break; |
|
224 } |
|
225 |
|
226 // Response written. Proceed to validation... |
|
227 } |
|
228 else |
|
229 { |
|
230 // Check if this action is enabled |
|
231 if ( getConfig('avatar_upload_file') !== '1' ) |
|
232 { |
|
233 // non-localized, only appears on hack attempt |
|
234 $errors[] = 'Uploads from the browser are disabled.'; |
|
235 break; |
|
236 } |
|
237 |
|
238 $max_size = intval(getConfig('avatar_max_size')); |
|
239 |
|
240 $file =& $_FILES['avatar_file']; |
|
241 $tempfile =& $file['tmp_name']; |
|
242 if ( filesize($tempfile) > $max_size ) |
|
243 { |
|
244 @unlink($tempfile); |
|
245 $errors[] = $lang->get('usercp_avatar_file_too_large'); |
|
246 break; |
|
247 } |
|
248 } |
|
249 $file_type = get_image_filetype($tempfile); |
|
250 if ( !$file_type ) |
|
251 { |
|
252 unlink($tempfile); |
|
253 $errors[] = $lang->get('usercp_avatar_bad_filetype'); |
|
254 break; |
|
255 } |
|
256 |
|
257 $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type; |
|
258 |
|
259 // The file type is good - validate dimensions and animation |
|
260 switch($file_type) |
|
261 { |
|
262 case 'png': |
|
263 $is_animated = is_png_animated($tempfile); |
|
264 $dimensions = png_get_dimensions($tempfile); |
|
265 break; |
|
266 case 'gif': |
|
267 $is_animated = is_gif_animated($tempfile); |
|
268 $dimensions = gif_get_dimensions($tempfile); |
|
269 break; |
|
270 case 'jpg': |
|
271 $is_animated = false; |
|
272 $dimensions = jpg_get_dimensions($tempfile); |
|
273 break; |
|
274 default: |
|
275 $errors[] = 'API mismatch'; |
|
276 break 2; |
|
277 } |
|
278 // Did we get invalid size data? If so the image is probably corrupt. |
|
279 if ( !$dimensions ) |
|
280 { |
|
281 @unlink($tempfile); |
|
282 $errors[] = $lang->get('usercp_avatar_corrupt_image'); |
|
283 break; |
|
284 } |
|
285 // Is the image animated? |
|
286 if ( $is_animated && getConfig('avatar_enable_anim') !== '1' ) |
|
287 { |
|
288 @unlink($tempfile); |
|
289 $errors[] = $lang->get('usercp_avatar_disallowed_animation'); |
|
290 break; |
|
291 } |
|
292 // Check image dimensions |
|
293 list($image_x, $image_y) = $dimensions; |
|
294 $max_x = intval(getConfig('avatar_max_width')); |
|
295 $max_y = intval(getConfig('avatar_max_height')); |
|
296 if ( $image_x > $max_x || $image_y > $max_y ) |
|
297 { |
|
298 @unlink($tempfile); |
|
299 $errors[] = $lang->get('usercp_avatar_too_large'); |
|
300 break; |
|
301 } |
|
302 // All good! |
|
303 @unlink($avi_path); |
|
304 if ( rename($tempfile, $avi_path_new) ) |
|
305 { |
|
306 $to_update_users['user_has_avatar'] = '1'; |
|
307 $to_update_users['avatar_type'] = $file_type; |
|
308 } |
|
309 else |
|
310 { |
|
311 // move failed - turn avatar off |
|
312 $to_update_users['user_has_avatar'] = '0'; |
|
313 } |
|
314 break; |
182 } |
315 } |
183 |
316 |
184 $update_sql = 'UPDATE '.table_prefix."users SET $update_sql WHERE user_id=$user_id;"; |
317 if ( count($errors) < 1 ) |
185 |
|
186 $update_sql_extra = ''; |
|
187 |
|
188 foreach ( $to_update_users_extra as $key => $unused_crap ) |
|
189 { |
318 { |
190 $value =& $to_update_users_extra[$key]; |
319 $to_update_users_extra = array(); |
191 $value = $db->escape($value); |
320 $to_update_users_extra['user_aim'] = $imaddr_aim; |
192 $update_sql_extra .= ( empty($update_sql_extra) ? '' : ',' ) . "$key='$value'"; |
321 $to_update_users_extra['user_msn'] = $imaddr_msn; |
193 } |
322 $to_update_users_extra['user_yahoo'] = $imaddr_yahoo; |
194 |
323 $to_update_users_extra['user_xmpp'] = $imaddr_xmpp; |
195 $update_sql_extra = 'UPDATE '.table_prefix."users_extra SET $update_sql_extra WHERE user_id=$user_id;"; |
324 $to_update_users_extra['user_homepage'] = $homepage; |
196 |
325 $to_update_users_extra['user_location'] = $location; |
197 if ( !$db->sql_query($update_sql) ) |
326 $to_update_users_extra['user_job'] = $occupation; |
198 $db->_die(); |
327 $to_update_users_extra['user_hobbies'] = $hobbies; |
199 |
328 $to_update_users_extra['email_public'] = ( $email_public ) ? '1' : '0'; |
200 if ( !$db->sql_query($update_sql_extra) ) |
329 |
201 $db->_die(); |
330 $update_sql = ''; |
202 |
331 |
203 if ( $existing_level != $user_level ) |
332 foreach ( $to_update_users as $key => $unused_crap ) |
204 { |
|
205 // We need to update group memberships |
|
206 if ( $existing_level == USER_LEVEL_ADMIN ) |
|
207 { |
333 { |
208 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
334 $value =& $to_update_users[$key]; |
209 if ( !$q ) |
335 $value = $db->escape($value); |
210 $db->_die(); |
336 $update_sql .= ( empty($update_sql) ? '' : ',' ) . "$key='$value'"; |
211 $session->remove_user_from_group($user_id, GROUP_ID_ADMIN); |
|
212 } |
|
213 else if ( $existing_level == USER_LEVEL_MOD ) |
|
214 { |
|
215 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
|
216 if ( !$q ) |
|
217 $db->_die(); |
|
218 $session->remove_user_from_group($user_id, GROUP_ID_MOD); |
|
219 } |
337 } |
220 |
338 |
221 if ( $user_level == USER_LEVEL_ADMIN ) |
339 $update_sql = 'UPDATE '.table_prefix."users SET $update_sql WHERE user_id=$user_id;"; |
|
340 |
|
341 $update_sql_extra = ''; |
|
342 |
|
343 foreach ( $to_update_users_extra as $key => $unused_crap ) |
222 { |
344 { |
223 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
345 $value =& $to_update_users_extra[$key]; |
224 if ( !$q ) |
346 $value = $db->escape($value); |
225 $db->_die(); |
347 $update_sql_extra .= ( empty($update_sql_extra) ? '' : ',' ) . "$key='$value'"; |
226 $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); |
|
227 } |
348 } |
228 else if ( $user_level == USER_LEVEL_MOD ) |
349 |
|
350 $update_sql_extra = 'UPDATE '.table_prefix."users_extra SET $update_sql_extra WHERE user_id=$user_id;"; |
|
351 |
|
352 if ( !$db->sql_query($update_sql) ) |
|
353 $db->_die(); |
|
354 |
|
355 if ( !$db->sql_query($update_sql_extra) ) |
|
356 $db->_die(); |
|
357 |
|
358 if ( $existing_level != $user_level ) |
229 { |
359 { |
230 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
360 // We need to update group memberships |
231 if ( !$q ) |
361 if ( $existing_level == USER_LEVEL_ADMIN ) |
232 $db->_die(); |
362 { |
233 $session->add_user_to_group($user_id, GROUP_ID_MOD, false); |
363 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
|
364 if ( !$q ) |
|
365 $db->_die(); |
|
366 $session->remove_user_from_group($user_id, GROUP_ID_ADMIN); |
|
367 } |
|
368 else if ( $existing_level == USER_LEVEL_MOD ) |
|
369 { |
|
370 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
|
371 if ( !$q ) |
|
372 $db->_die(); |
|
373 $session->remove_user_from_group($user_id, GROUP_ID_MOD); |
|
374 } |
|
375 |
|
376 if ( $user_level == USER_LEVEL_ADMIN ) |
|
377 { |
|
378 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
|
379 if ( !$q ) |
|
380 $db->_die(); |
|
381 $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); |
|
382 } |
|
383 else if ( $user_level == USER_LEVEL_MOD ) |
|
384 { |
|
385 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); |
|
386 if ( !$q ) |
|
387 $db->_die(); |
|
388 $session->add_user_to_group($user_id, GROUP_ID_MOD, false); |
|
389 } |
234 } |
390 } |
|
391 |
|
392 echo '<div class="info-box">Your changes have been saved.</div>'; |
235 } |
393 } |
236 |
|
237 echo '<div class="info-box">Your changes have been saved.</div>'; |
|
238 } |
394 } |
239 } |
395 } |
240 |
396 |
241 if ( count($errors) > 0 ) |
397 if ( count($errors) > 0 ) |
242 { |
398 { |
766 <td class="row1"><input type="checkbox" id="chk_email_public_{UUID}" name="email_public" <!-- BEGIN email_public -->checked="checked" <!-- END email_public -->size="30" /></td> |
939 <td class="row1"><input type="checkbox" id="chk_email_public_{UUID}" name="email_public" <!-- BEGIN email_public -->checked="checked" <!-- END email_public -->size="30" /></td> |
767 </tr> |
940 </tr> |
768 |
941 |
769 <!-- / Extended options --> |
942 <!-- / Extended options --> |
770 |
943 |
|
944 <!-- Avatar settings --> |
|
945 |
|
946 <tr> |
|
947 <th class="subhead" colspan="2"> |
|
948 {lang:adminusers_avatar_heading} |
|
949 </th> |
|
950 </tr> |
|
951 |
|
952 <tr> |
|
953 <td class="row2"> |
|
954 {lang:usercp_avatar_label_current} |
|
955 </td> |
|
956 <td class="row1"> |
|
957 <!-- BEGIN user_has_avatar --> |
|
958 <img alt="{AVATAR_ALT}" src="{AVATAR_SRC}" /> |
|
959 <!-- BEGINELSE user_has_avatar --> |
|
960 {lang:adminusers_avatar_image_none} |
|
961 <!-- END user_has_avatar --> |
|
962 </td> |
|
963 </tr> |
|
964 |
|
965 <tr> |
|
966 <td class="row2"> |
|
967 {lang:adminusers_avatar_lbl_change} |
|
968 </td> |
|
969 <td class="row1"> |
|
970 <script type="text/javascript"> |
|
971 function admincp_users_avatar_set_{UUID}(obj) |
|
972 { |
|
973 switch(obj.value) |
|
974 { |
|
975 case 'keep': |
|
976 case 'remove': |
|
977 $('avatar_upload_http_{UUID}').object.style.display = 'none'; |
|
978 $('avatar_upload_file_{UUID}').object.style.display = 'none'; |
|
979 break; |
|
980 case 'set_http': |
|
981 $('avatar_upload_http_{UUID}').object.style.display = 'block'; |
|
982 $('avatar_upload_file_{UUID}').object.style.display = 'none'; |
|
983 break; |
|
984 case 'set_file': |
|
985 $('avatar_upload_http_{UUID}').object.style.display = 'none'; |
|
986 $('avatar_upload_file_{UUID}').object.style.display = 'block'; |
|
987 break; |
|
988 } |
|
989 } |
|
990 </script> |
|
991 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:adminusers_avatar_lbl_keep}</label><br /> |
|
992 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="remove" /> {lang:adminusers_avatar_lbl_remove}</label><br /> |
|
993 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:adminusers_avatar_lbl_set_http}</label><br /> |
|
994 <div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;"> |
|
995 {lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br /> |
|
996 <small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small> |
|
997 </div> |
|
998 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:adminusers_avatar_lbl_set_file}</label> |
|
999 <div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;"> |
|
1000 {lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br /> |
|
1001 <small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small> |
|
1002 </div> |
|
1003 </td> |
|
1004 </tr> |
|
1005 |
|
1006 <!-- / Avatar settings --> |
|
1007 |
771 <!-- Administrator-only options --> |
1008 <!-- Administrator-only options --> |
772 |
1009 |
773 <tr> |
1010 <tr> |
774 <th class="subhead" colspan="2"> |
1011 <th class="subhead" colspan="2"> |
775 Administrator-only options |
1012 Administrator-only options |