28 # |
28 # |
29 # BEGIN VALIDATION |
29 # BEGIN VALIDATION |
30 # |
30 # |
31 |
31 |
32 $errors = array(); |
32 $errors = array(); |
|
33 |
|
34 if ( defined('ENANO_DEMO_MODE') ) |
|
35 { |
|
36 $errors[] = 'Users cannot be modified or deleted in demo mode.'; |
|
37 } |
|
38 |
33 $user_id = intval($_POST['user_id']); |
39 $user_id = intval($_POST['user_id']); |
34 if ( empty($user_id) ) |
40 if ( empty($user_id) || $user_id == 1 ) |
35 $errors[] = 'Invalid user ID.'; |
41 $errors[] = 'Invalid user ID.'; |
36 |
42 |
37 if ( isset($_POST['delete_account']) ) |
43 if ( isset($_POST['delete_account']) && count($errors) < 1 ) |
38 { |
44 { |
39 $q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;"); |
45 $q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;"); |
40 if ( !$q ) |
46 if ( !$q ) |
41 $db->_die(); |
47 $db->_die(); |
42 $q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;"); |
48 $q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;"); |
106 if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) ) |
112 if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) ) |
107 { |
113 { |
108 $homepage = ''; |
114 $homepage = ''; |
109 } |
115 } |
110 |
116 |
111 if ( count($errors) > 0 ) |
117 if ( count($errors) < 1 ) |
112 { |
|
113 echo '<div class="error-box"> |
|
114 <b>Your request could not be processed due to the following validation errors:</b> |
|
115 <ul> |
|
116 <li>' . implode("</li>\n <li>", $errors) . '</li> |
|
117 </ul> |
|
118 </div>'; |
|
119 $form = new Admin_UserManager_SmartForm(); |
|
120 $form->user_id = $user_id; |
|
121 $form->username = $username; |
|
122 $form->email = $email; |
|
123 $form->real_name = $real_name; |
|
124 $form->signature = $signature; |
|
125 $form->user_level = $user_level; |
|
126 $form->im = array( |
|
127 'aim' => $imaddr_aim, |
|
128 'yahoo' => $imaddr_yahoo, |
|
129 'msn' => $imaddr_msn, |
|
130 'xmpp' => $imaddr_xmpp |
|
131 ); |
|
132 $form->contact = array( |
|
133 'homepage' => $homepage, |
|
134 'location' => $location, |
|
135 'job' => $occupation, |
|
136 'hobbies' => $hobbies |
|
137 ); |
|
138 $form->email_public = ( isset($_POST['email_public']) ); |
|
139 $form->account_active = ( isset($_POST['account_active']) ); |
|
140 echo $form->render(); |
|
141 return false; |
|
142 } |
|
143 else |
|
144 { |
118 { |
145 $q = $db->sql_query('SELECT u.user_level FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';'); |
119 $q = $db->sql_query('SELECT u.user_level FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';'); |
146 if ( !$q ) |
120 if ( !$q ) |
147 $db->_die(); |
121 $db->_die(); |
148 |
122 |
255 |
229 |
256 echo '<div class="info-box">Your changes have been saved.</div>'; |
230 echo '<div class="info-box">Your changes have been saved.</div>'; |
257 } |
231 } |
258 } |
232 } |
259 |
233 |
|
234 if ( count($errors) > 0 ) |
|
235 { |
|
236 echo '<div class="error-box"> |
|
237 <b>Your request could not be processed due to the following validation errors:</b> |
|
238 <ul> |
|
239 <li>' . implode("</li>\n <li>", $errors) . '</li> |
|
240 </ul> |
|
241 </div>'; |
|
242 $form = new Admin_UserManager_SmartForm(); |
|
243 $form->user_id = $user_id; |
|
244 $form->username = $username; |
|
245 $form->email = $email; |
|
246 $form->real_name = $real_name; |
|
247 $form->signature = $signature; |
|
248 $form->user_level = $user_level; |
|
249 $form->im = array( |
|
250 'aim' => $imaddr_aim, |
|
251 'yahoo' => $imaddr_yahoo, |
|
252 'msn' => $imaddr_msn, |
|
253 'xmpp' => $imaddr_xmpp |
|
254 ); |
|
255 $form->contact = array( |
|
256 'homepage' => $homepage, |
|
257 'location' => $location, |
|
258 'job' => $occupation, |
|
259 'hobbies' => $hobbies |
|
260 ); |
|
261 $form->email_public = ( isset($_POST['email_public']) ); |
|
262 $form->account_active = ( isset($_POST['account_active']) ); |
|
263 echo $form->render(); |
|
264 return false; |
|
265 } |
|
266 |
260 # |
267 # |
261 # END VALIDATION |
268 # END VALIDATION |
262 # |
269 # |
263 } |
270 } |
264 else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) ) |
271 else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) ) |
277 return false; |
284 return false; |
278 } |
285 } |
279 $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, x.* FROM '.table_prefix.'users AS u |
286 $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, x.* FROM '.table_prefix.'users AS u |
280 LEFT JOIN '.table_prefix.'users_extra AS x |
287 LEFT JOIN '.table_prefix.'users_extra AS x |
281 ON ( u.user_id = x.user_id OR x.user_id IS NULL ) |
288 ON ( u.user_id = x.user_id OR x.user_id IS NULL ) |
282 WHERE lcase(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\';'); |
289 WHERE ( lcase(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\' ) AND user_id != 1;'); |
283 if ( !$q ) |
290 if ( !$q ) |
284 $db->_die(); |
291 $db->_die(); |
285 |
292 |
286 if ( $db->numrows() < 1 ) |
293 if ( $db->numrows() < 1 ) |
287 { |
294 { |