plugins/admin/UserManager.php
changeset 1086 6a59951b70e4
parent 1081 745200a9cc2a
child 1089 16a1e8626dd9
equal deleted inserted replaced
1085:3343a05e7e5b 1086:6a59951b70e4
    86           $errors[] = $lang->get('acpum_err_illegal_email');
    86           $errors[] = $lang->get('acpum_err_illegal_email');
    87         
    87         
    88         $real_name = $_POST['real_name'];
    88         $real_name = $_POST['real_name'];
    89       }
    89       }
    90       
    90       
    91       $signature = RenderMan::preprocess_text($_POST['signature'], true, true);
    91       $signature = RenderMan::preprocess_text($_POST['signature'], true, false);
    92       
    92       
    93       $user_level = intval($_POST['user_level']);
    93       $user_level = intval($_POST['user_level']);
    94       if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN )
    94       if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN )
    95         $errors[] = 'Invalid user level';
    95         $errors[] = 'Invalid user level';
    96       
    96       
   126       if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
   126       if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
   127       {
   127       {
   128         $homepage = '';
   128         $homepage = '';
   129       }
   129       }
   130       
   130       
   131       if ( count($errors) < 1 )
   131       // true for quiet operation
       
   132       list(, , $avatar_post_fail) = avatar_post($user_id, true);
       
   133       
       
   134       if ( count($errors) < 1 && !$avatar_post_fail )
   132       {
   135       {
   133         $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
   136         $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
   134         if ( !$q )
   137         if ( !$q )
   135           $db->_die();
   138           $db->_die();
   136         
   139         
   172         }
   175         }
   173         else
   176         else
   174         {
   177         {
   175           $to_update_users['account_active'] = "0";
   178           $to_update_users['account_active'] = "0";
   176           $to_update_users['activation_key'] = sha1($session->dss_rand());
   179           $to_update_users['activation_key'] = sha1($session->dss_rand());
   177         }
       
   178         
       
   179         // Avatar validation
       
   180         $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
       
   181         $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
       
   182         switch($action)
       
   183         {
       
   184           case 'keep':
       
   185           default:
       
   186             break;
       
   187           case 'remove':
       
   188             if ( $has_avi )
       
   189             {
       
   190               // First switch the avatar off
       
   191               $to_update_users['user_has_avatar'] = '0';
       
   192               @unlink($avi_path);
       
   193             }
       
   194             break;
       
   195           case 'set_http':
       
   196           case 'set_file':
       
   197             // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
       
   198             if ( $action == 'set_http' )
       
   199             {
       
   200               // Check if this action is enabled
       
   201               if ( getConfig('avatar_upload_http', 1) !== 1 )
       
   202               {
       
   203                 // non-localized, only appears on hack attempt
       
   204                 $errors[] = 'Uploads over HTTP are disabled.';
       
   205                 break;
       
   206               }
       
   207               // Download the file
       
   208               require_once( ENANO_ROOT . '/includes/http.php' );
       
   209               
       
   210               if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
       
   211               {
       
   212                 $errors[] = $lang->get('usercp_avatar_invalid_url');
       
   213                 break;
       
   214               }
       
   215               
       
   216               $hostname = $match[1];
       
   217               $uri = '/' . $match[4];
       
   218               $port = ( $match[3] ) ? intval($match[3]) : 80;
       
   219               $max_size = intval(getConfig('avatar_max_size'));
       
   220               
       
   221               // Get temporary file
       
   222               $tempfile = tempnam(false, "enanoavatar_{$user_id}");
       
   223               if ( !$tempfile )
       
   224                 $errors[] = 'Error getting temp file.';
       
   225               
       
   226               @unlink($tempfile);
       
   227               $request = new Request_HTTP($hostname, $uri, 'GET', $port);
       
   228               $result = $request->write_response_to_file($tempfile, 50, $max_size);
       
   229               if ( !$result || $request->response_code != HTTP_OK )
       
   230               {
       
   231                 @unlink($tempfile);
       
   232                 $errors[] = $lang->get('usercp_avatar_bad_write');
       
   233                 break;
       
   234               }
       
   235               
       
   236               // Response written. Proceed to validation...
       
   237             }
       
   238             else
       
   239             {
       
   240               // Check if this action is enabled
       
   241               if ( getConfig('avatar_upload_file', 1) !== 1 )
       
   242               {
       
   243                 // non-localized, only appears on hack attempt
       
   244                 $errors[] = 'Uploads from the browser are disabled.';
       
   245                 break;
       
   246               }
       
   247               
       
   248               $max_size = intval(getConfig('avatar_max_size'));
       
   249               
       
   250               $file =& $_FILES['avatar_file'];
       
   251               $tempfile =& $file['tmp_name'];
       
   252               if ( filesize($tempfile) > $max_size )
       
   253               {
       
   254                 @unlink($tempfile);
       
   255                 $errors[] = $lang->get('usercp_avatar_file_too_large');
       
   256                 break;
       
   257               }
       
   258             }
       
   259             $file_type = get_image_filetype($tempfile);
       
   260             if ( !$file_type )
       
   261             {
       
   262               unlink($tempfile);
       
   263               $errors[] = $lang->get('usercp_avatar_bad_filetype');
       
   264               break;
       
   265             }
       
   266             
       
   267             $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
       
   268             
       
   269             // The file type is good - validate dimensions and animation
       
   270             switch($file_type)
       
   271             {
       
   272               case 'png':
       
   273                 $is_animated = is_png_animated($tempfile);
       
   274                 $dimensions = png_get_dimensions($tempfile);
       
   275                 break;
       
   276               case 'gif':
       
   277                 $is_animated = is_gif_animated($tempfile);
       
   278                 $dimensions = gif_get_dimensions($tempfile);
       
   279                 break;
       
   280               case 'jpg':
       
   281                 $is_animated = false;
       
   282                 $dimensions = jpg_get_dimensions($tempfile);
       
   283                 break;
       
   284               default:
       
   285                 $errors[] = 'API mismatch';
       
   286                 break 2;
       
   287             }
       
   288             // Did we get invalid size data? If so the image is probably corrupt.
       
   289             if ( !$dimensions )
       
   290             {
       
   291               @unlink($tempfile);
       
   292               $errors[] = $lang->get('usercp_avatar_corrupt_image');
       
   293               break;
       
   294             }
       
   295             // Is the image animated?
       
   296             if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
       
   297             {
       
   298               @unlink($tempfile);
       
   299               $errors[] = $lang->get('usercp_avatar_disallowed_animation');
       
   300               break;
       
   301             }
       
   302             // Check image dimensions
       
   303             list($image_x, $image_y) = $dimensions;
       
   304             $max_x = intval(getConfig('avatar_max_width'));
       
   305             $max_y = intval(getConfig('avatar_max_height'));
       
   306             if ( $image_x > $max_x || $image_y > $max_y )
       
   307             {
       
   308               @unlink($tempfile);
       
   309               $errors[] = $lang->get('usercp_avatar_too_large');
       
   310               break;
       
   311             }
       
   312             // All good!
       
   313             @unlink($avi_path);
       
   314             if ( rename($tempfile, $avi_path_new) )
       
   315             {
       
   316               $to_update_users['user_has_avatar'] = '1';
       
   317               $to_update_users['avatar_type'] = $file_type;
       
   318             }
       
   319             else
       
   320             {
       
   321               // move failed - turn avatar off
       
   322               $to_update_users['user_has_avatar'] = '0';
       
   323             }
       
   324             break;
       
   325           case 'set_gravatar':
       
   326             // set avatar to use Gravatar
       
   327             // first, remove old image
       
   328             if ( $has_avi )
       
   329             {
       
   330               @unlink($avi_path);
       
   331             }
       
   332             // set to gravatar mode
       
   333             $to_update_users['user_has_avatar'] = '1';
       
   334             $to_update_users['avatar_type'] = 'grv';
       
   335             
       
   336             $has_avi = 1;
       
   337             break;
       
   338         }
   180         }
   339         
   181         
   340         if ( count($errors) < 1 )
   182         if ( count($errors) < 1 )
   341         {
   183         {
   342           $to_update_users_extra = array();
   184           $to_update_users_extra = array();
   420           echo '<div class="info-box">' . $lang->get('acpum_msg_save_success') . '</div>';
   262           echo '<div class="info-box">' . $lang->get('acpum_msg_save_success') . '</div>';
   421         }
   263         }
   422       }
   264       }
   423     }
   265     }
   424     
   266     
   425     if ( count($errors) > 0 )
   267     if ( count($errors) > 0 || $avatar_post_fail )
   426     {
   268     {
   427       echo '<div class="error-box">
   269       if ( count($errors) > 0 )
   428               <b>' . $lang->get('acpum_err_validation_fail') . '</b>
   270       {
   429               <ul>
   271         echo '<div class="error-box">
   430                 <li>' . implode("</li>\n        <li>", $errors) . '</li>
   272                 <b>' . $lang->get('acpum_err_validation_fail') . '</b>
   431               </ul>
   273                 <ul>
   432             </div>';
   274                   <li>' . implode("</li>\n        <li>", $errors) . '</li>
       
   275                 </ul>
       
   276               </div>';
       
   277       }
   433       $form = new Admin_UserManager_SmartForm();
   278       $form = new Admin_UserManager_SmartForm();
   434       $form->user_id = $user_id;
   279       $form->user_id = $user_id;
   435       $form->username = $username;
   280       $form->username = $username;
   436       $form->email = $email;
   281       $form->email = $email;
   437       $form->real_name = $real_name;
   282       $form->real_name = $real_name;
  1088                 
   933                 
  1089                 <tr>
   934                 <tr>
  1090                   <td class="row2">
   935                   <td class="row2">
  1091                     {lang:acpum_avatar_lbl_change}
   936                     {lang:acpum_avatar_lbl_change}
  1092                   </td>
   937                   </td>
  1093                   <td class="row1">
   938                   <td class="row1" id="avatar_upload_btns_{UUID}">
  1094                     <script type="text/javascript">
   939                     <script type="text/javascript">
  1095                       function admincp_users_avatar_set_{UUID}(elParent)
   940                       function admincp_users_avatar_set_{UUID}(elParent)
  1096                       {
   941                       {
       
   942                         $('td#avatar_upload_btns_{UUID} > div:visible').hide('blind');
  1097                         switch(elParent.value)
   943                         switch(elParent.value)
  1098                         {
   944                         {
  1099                           case 'keep':
       
  1100                           case 'remove':
       
  1101                             \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
       
  1102                             \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
       
  1103                             \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
       
  1104                             break;
       
  1105                           case 'set_http':
   945                           case 'set_http':
  1106                             \$dynano('avatar_upload_http_{UUID}').object.style.display = 'block';
   946                             $('#avatar_upload_http_{UUID}').show('blind');
  1107                             \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
       
  1108                             \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
       
  1109                             break;
   947                             break;
  1110                           case 'set_file':
   948                           case 'set_file':
  1111                             \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
   949                             $('#avatar_upload_file_{UUID}').show('blind');
  1112                             \$dynano('avatar_upload_file_{UUID}').object.style.display = 'block';
       
  1113                             \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
       
  1114                             break;
   950                             break;
  1115                           case 'set_gravatar':
   951                           case 'set_gravatar':
  1116                             \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'block';
   952                             $('#avatar_upload_gravatar_{UUID}').show('blind');
  1117                             \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
       
  1118                             \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
       
  1119                             break;
   953                             break;
  1120                         }
   954                         }
  1121                       }
   955                       }
  1122                     </script>
   956                     </script>
  1123                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />
   957                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />