phpBB/includes/ucp/ucp_profile.php

   1 <?php
   2 /**
   3 *
   4 * @package ucp
   5 * @version $Id$
   6 * @copyright (c) 2005 phpBB Group
   7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
   8 *
   9 */
  10
  11 /**
  12 * ucp_profile
  13 * Changing profile settings
  14 * @package ucp
  15 */
  16 class ucp_profile
  17 {
  18         var $u_action;
  19
  20         function main($id, $mode)
  21         {
  22                 global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
  23
  24                 $user->add_lang('posting');
  25
  26                 $preview        = (!empty($_POST['preview'])) ? true : false;
  27                 $submit         = (!empty($_POST['submit'])) ? true : false;
  28                 $delete         = (!empty($_POST['delete'])) ? true : false;
  29                 $error = $data = array();
  30                 $s_hidden_fields = '';
  31
  32                 switch ($mode)
  33                 {
  34                         case 'reg_details':
  35
  36                                 $data = array(
  37                                         'username'                      => request_var('username', $user->data['username'], true),
  38                                         'email'                         => request_var('email', $user->data['user_email']),
  39                                         'email_confirm'         => request_var('email_confirm', ''),
  40                                         'new_password'          => request_var('new_password', '', true),
  41                                         'cur_password'          => request_var('cur_password', '', true),
  42                                         'password_confirm'      => request_var('password_confirm', '', true),
  43                                 );
  44
  45                                 if ($submit)
  46                                 {
  47                                         // Do not check cur_password, it is the old one.
  48                                         $check_ary = array(
  49                                                 'new_password'          => array(
  50                                                         array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
  51                                                         array('password')),
  52                                                 'password_confirm'      => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
  53                                                 'email'                         => array(
  54                                                         array('string', false, 6, 60),
  55                                                         array('email', $data['email'])),
  56                                                 'email_confirm'         => array('string', true, 6, 60),
  57                                         );
  58
  59                                         if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
  60                                         {
  61                                                 $check_ary['username'] = array(
  62                                                         array('string', false, $config['min_name_chars'], $config['max_name_chars']),
  63                                                         array('username', $data['username']),
  64                                                 );
  65                                         }
  66
  67                                         $error = validate_data($data, $check_ary);
  68
  69                                         if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
  70                                         {
  71                                                 $error[] = 'NEW_PASSWORD_ERROR';
  72                                         }
  73
  74                                         if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($data['cur_password']) != $user->data['user_password'])
  75                                         {
  76                                                 $error[] = 'CUR_PASSWORD_ERROR';
  77                                         }
  78
  79                                         // Only check the new password against the previous password if there have been no errors
  80                                         if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) == $user->data['user_password'])
  81                                         {
  82                                                 $error[] = 'SAME_PASSWORD_ERROR';
  83                                         }
  84
  85                                         if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])
  86                                         {
  87                                                 $error[] = 'NEW_EMAIL_ERROR';
  88                                         }
  89
  90                                         if (!sizeof($error))
  91                                         {
  92                                                 $sql_ary = array(
  93                                                         'username'                      => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
  94                                                         'username_clean'        => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
  95                                                         'user_email'            => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
  96                                                         'user_email_hash'       => ($auth->acl_get('u_chgemail')) ? crc32(strtolower($data['email'])) . strlen($data['email']) : $user->data['user_email_hash'],
  97                                                         'user_password'         => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['user_password'],
  98                                                         'user_passchg'          => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
  99                                                 );
 100
 101                                                 if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
 102                                                 {
 103                                                         add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
 104                                                 }
 105
 106                                                 if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) != $user->data['user_password'])
 107                                                 {
 108                                                         $user->reset_login_keys();
 109                                                         add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
 110                                                 }
 111
 112                                                 if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
 113                                                 {
 114                                                         add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
 115                                                 }
 116
 117                                                 if ($config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
 118                                                 {
 119                                                         include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 120
 121                                                         $server_url = generate_board_url();
 122
 123                                                         $user_actkey = gen_rand_string(10);
 124                                                         $key_len = 54 - (strlen($server_url));
 125                                                         $key_len = ($key_len > 6) ? $key_len : 6;
 126                                                         $user_actkey = substr($user_actkey, 0, $key_len);
 127
 128                                                         $messenger = new messenger();
 129
 130                                                         $template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
 131                                                         $messenger->template($template_file, $user->data['user_lang']);
 132
 133                                                         $messenger->replyto($config['board_contact']);
 134                                                         $messenger->to($data['email'], $data['username']);
 135
 136                                                         $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
 137                                                         $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
 138                                                         $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
 139                                                         $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
 140
 141                                                         $messenger->assign_vars(array(
 142                                                                 'USERNAME'              => htmlspecialchars_decode($username),
 143                                                                 'U_ACTIVATE'    => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
 144                                                         );
 145
 146                                                         $messenger->send(NOTIFY_EMAIL);
 147
 148                                                         if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
 149                                                         {
 150                                                                 // Grab an array of user_id's with a_user permissions ... these users can activate a user
 151                                                                 $admin_ary = $auth->acl_get_list(false, 'a_user', false);
 152                                                                 $admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();
 153
 154                                                                 // Also include founders
 155                                                                 $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
 156
 157                                                                 if (sizeof($admin_ary))
 158                                                                 {
 159                                                                         $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
 160                                                                 }
 161
 162                                                                 $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
 163                                                                         FROM ' . USERS_TABLE . ' ' .
 164                                                                         $where_sql;
 165                                                                 $result = $db->sql_query($sql);
 166
 167                                                                 while ($row = $db->sql_fetchrow($result))
 168                                                                 {
 169                                                                         $messenger->template('admin_activate', $row['user_lang']);
 170                                                                         $messenger->replyto($config['board_contact']);
 171                                                                         $messenger->to($row['user_email'], $row['username']);
 172                                                                         $messenger->im($row['user_jabber'], $row['username']);
 173
 174                                                                         $messenger->assign_vars(array(
 175                                                                                 'USERNAME'              => htmlspecialchars_decode($username),
 176                                                                                 'U_ACTIVATE'    => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
 177                                                                         );
 178
 179                                                                         $messenger->send($row['user_notify_type']);
 180                                                                 }
 181                                                                 $db->sql_freeresult($result);
 182                                                         }
 183
 184                                                         $messenger->save_queue();
 185
 186                                                         user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
 187
 188                                                         $sql_ary += array(
 189                                                                 'user_actkey'                   => $user_actkey,
 190                                                         );
 191                                                 }
 192
 193                                                 if (sizeof($sql_ary))
 194                                                 {
 195                                                         $sql = 'UPDATE ' . USERS_TABLE . '
 196                                                                 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 197                                                                 WHERE user_id = ' . $user->data['user_id'];
 198                                                         $db->sql_query($sql);
 199                                                 }
 200
 201                                                 // Need to update config, forum, topic, posting, messages, etc.
 202                                                 if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
 203                                                 {
 204                                                         user_update_name($user->data['username'], $data['username']);
 205                                                 }
 206
 207                                                 meta_refresh(3, $this->u_action);
 208                                                 $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
 209                                                 trigger_error($message);
 210                                         }
 211
 212                                         // Replace "error" strings with their real, localised form
 213                                         $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 214                                 }
 215
 216                                 $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
 217                                 $pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
 218
 219                                 $template->assign_vars(array(
 220                                         'ERROR'                         => (sizeof($error)) ? implode('<br />', $error) : '',
 221
 222                                         'USERNAME'                      => $data['username'],
 223                                         'EMAIL'                         => $data['email'],
 224                                         'PASSWORD_CONFIRM'      => $data['password_confirm'],
 225                                         'NEW_PASSWORD'          => $data['new_password'],
 226                                         'CUR_PASSWORD'          => '',
 227
 228                                         'L_USERNAME_EXPLAIN'            => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
 229                                         'L_CHANGE_PASSWORD_EXPLAIN'     => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
 230
 231                                         'S_FORCE_PASSWORD'      => ($config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce']) ? true : false,
 232                                         'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
 233                                         'S_CHANGE_EMAIL'        => ($auth->acl_get('u_chgemail')) ? true : false,
 234                                         'S_CHANGE_PASSWORD'     => ($auth->acl_get('u_chgpasswd')) ? true : false)
 235                                 );
 236                         break;
 237
 238                         case 'profile_info':
 239
 240                                 include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
 241
 242                                 $cp = new custom_profile();
 243
 244                                 $cp_data = $cp_error = array();
 245
 246                                 $data = array(
 247                                         'icq'                   => request_var('icq', $user->data['user_icq']),
 248                                         'aim'                   => request_var('aim', $user->data['user_aim']),
 249                                         'msn'                   => request_var('msn', $user->data['user_msnm']),
 250                                         'yim'                   => request_var('yim', $user->data['user_yim']),
 251                                         'jabber'                => request_var('jabber', $user->data['user_jabber']),
 252                                         'website'               => request_var('website', $user->data['user_website']),
 253                                         'location'              => request_var('location', $user->data['user_from'], true),
 254                                         'occupation'    => request_var('occupation', $user->data['user_occ'], true),
 255                                         'interests'             => request_var('interests', $user->data['user_interests'], true),
 256                                         'bday_day'              => 0,
 257                                         'bday_month'    => 0,
 258                                         'bday_year'             => 0,
 259                                 );
 260
 261                                 utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests']))
 262
 263                                 if ($user->data['user_birthday'])
 264                                 {
 265                                         list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
 266                                 }
 267
 268                                 $data['bday_day'] = request_var('bday_day', $data['bday_day']);
 269                                 $data['bday_month'] = request_var('bday_month', $data['bday_month']);
 270                                 $data['bday_year'] = request_var('bday_year', $data['bday_year']);
 271
 272                                 if ($submit)
 273                                 {
 274                                         $error = validate_data($data, array(
 275                                                 'icq'                   => array(
 276                                                         array('string', true, 3, 15),
 277                                                         array('match', true, '#^[0-9]+$#i')),
 278                                                 'aim'                   => array('string', true, 3, 17),
 279                                                 'msn'                   => array('string', true, 5, 255),
 280                                                 'jabber'                => array(
 281                                                         array('string', true, 5, 255),
 282                                                         array('match', true, '#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}(/.*)?$#i')),
 283                                                 'yim'                   => array('string', true, 5, 255),
 284                                                 'website'               => array(
 285                                                         array('string', true, 12, 255),
 286                                                         array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')),
 287                                                 'location'              => array('string', true, 2, 255),
 288                                                 'occupation'    => array('string', true, 2, 500),
 289                                                 'interests'             => array('string', true, 2, 500),
 290                                                 'bday_day'              => array('num', true, 1, 31),
 291                                                 'bday_month'    => array('num', true, 1, 12),
 292                                                 'bday_year'             => array('num', true, 1901, gmdate('Y', time())),
 293                                         ));
 294
 295                                         // validate custom profile fields
 296                                         $cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
 297
 298                                         if (sizeof($cp_error))
 299                                         {
 300                                                 $error = array_merge($error, $cp_error);
 301                                         }
 302
 303                                         if (!sizeof($error))
 304                                         {
 305                                                 $sql_ary = array(
 306                                                         'user_icq'              => $data['icq'],
 307                                                         'user_aim'              => $data['aim'],
 308                                                         'user_msnm'             => $data['msn'],
 309                                                         'user_yim'              => $data['yim'],
 310                                                         'user_jabber'   => $data['jabber'],
 311                                                         'user_website'  => $data['website'],
 312                                                         'user_from'             => $data['location'],
 313                                                         'user_occ'              => $data['occupation'],
 314                                                         'user_interests'=> $data['interests'],
 315                                                         'user_birthday' => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
 316                                                 );
 317
 318                                                 $sql = 'UPDATE ' . USERS_TABLE . '
 319                                                         SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 320                                                         WHERE user_id = ' . $user->data['user_id'];
 321                                                 $db->sql_query($sql);
 322
 323                                                 // Update Custom Fields
 324                                                 if (sizeof($cp_data))
 325                                                 {
 326                                                         $sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . '
 327                                                                 SET ' . $db->sql_build_array('UPDATE', $cp_data) . '
 328                                                                 WHERE user_id = ' . $user->data['user_id'];
 329                                                         $db->sql_query($sql);
 330
 331                                                         if (!$db->sql_affectedrows())
 332                                                         {
 333                                                                 $cp_data['user_id'] = (int) $user->data['user_id'];
 334
 335                                                                 $db->return_on_error = true;
 336
 337                                                                 $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $cp_data);
 338                                                                 $db->sql_query($sql);
 339
 340                                                                 $db->return_on_error = false;
 341                                                         }
 342                                                 }
 343
 344                                                 meta_refresh(3, $this->u_action);
 345                                                 $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
 346                                                 trigger_error($message);
 347                                         }
 348
 349                                         // Replace "error" strings with their real, localised form
 350                                         $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 351                                 }
 352
 353                                 $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
 354                                 for ($i = 1; $i < 32; $i++)
 355                                 {
 356                                         $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
 357                                         $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
 358                                 }
 359
 360                                 $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
 361                                 for ($i = 1; $i < 13; $i++)
 362                                 {
 363                                         $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
 364                                         $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
 365                                 }
 366                                 $s_birthday_year_options = '';
 367
 368                                 $now = getdate();
 369                                 $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
 370                                 for ($i = $now['year'] - 100; $i < $now['year']; $i++)
 371                                 {
 372                                         $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
 373                                         $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
 374                                 }
 375                                 unset($now);
 376
 377                                 $template->assign_vars(array(
 378                                         'ERROR'         => (sizeof($error)) ? implode('<br />', $error) : '',
 379
 380                                         'ICQ'           => $data['icq'],
 381                                         'YIM'           => $data['yim'],
 382                                         'AIM'           => $data['aim'],
 383                                         'MSN'           => $data['msn'],
 384                                         'JABBER'        => $data['jabber'],
 385                                         'WEBSITE'       => $data['website'],
 386                                         'LOCATION'      => $data['location'],
 387                                         'OCCUPATION'=> $data['occupation'],
 388                                         'INTERESTS'     => $data['interests'],
 389
 390                                         'S_BIRTHDAY_DAY_OPTIONS'        => $s_birthday_day_options,
 391                                         'S_BIRTHDAY_MONTH_OPTIONS'      => $s_birthday_month_options,
 392                                         'S_BIRTHDAY_YEAR_OPTIONS'       => $s_birthday_year_options,)
 393                                 );
 394
 395                                 // Get additional profile fields and assign them to the template block var 'profile_fields'
 396                                 $user->get_profile_fields($user->data['user_id']);
 397
 398                                 $cp->generate_profile_fields('profile', $user->get_iso_lang_id());
 399
 400                         break;
 401
 402                         case 'signature':
 403
 404                                 if (!$auth->acl_get('u_sig'))
 405                                 {
 406                                         trigger_error('NO_AUTH_SIGNATURE');
 407                                 }
 408
 409                                 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 410                                 include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 411
 412                                 $enable_bbcode  = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $user->optionget('bbcode')) : false;
 413                                 $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smilies')) : false;
 414                                 $enable_urls    = request_var('enable_urls', true);
 415                                 $signature              = request_var('signature', (string) $user->data['user_sig'], true);
 416
 417                                 utf8_normalize_nfc(&$signature);
 418
 419                                 if ($submit || $preview)
 420                                 {
 421                                         include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
 422
 423                                         if (!sizeof($error))
 424                                         {
 425                                                 $message_parser = new parse_message($signature);
 426
 427                                                 // Allowing Quote BBCode
 428                                                 $message_parser->parse($enable_bbcode, ($config['allow_sig_links']) ? $enable_urls : false, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
 429
 430                                                 if (sizeof($message_parser->warn_msg))
 431                                                 {
 432                                                         $error[] = implode('<br />', $message_parser->warn_msg);
 433                                                 }
 434
 435                                                 if (!sizeof($error) && $submit)
 436                                                 {
 437                                                         $sql_ary = array(
 438                                                                 'user_sig'                                      => (string) $message_parser->message,
 439                                                                 'user_sig_bbcode_uid'           => (string) $message_parser->bbcode_uid,
 440                                                                 'user_sig_bbcode_bitfield'      => $message_parser->bbcode_bitfield
 441                                                         );
 442
 443                                                         $sql = 'UPDATE ' . USERS_TABLE . '
 444                                                                 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 445                                                                 WHERE user_id = ' . $user->data['user_id'];
 446                                                         $db->sql_query($sql);
 447
 448                                                         $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
 449                                                         trigger_error($message);
 450                                                 }
 451                                         }
 452
 453                                         // Replace "error" strings with their real, localised form
 454                                         $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 455                                 }
 456
 457                                 $signature_preview = '';
 458                                 if ($preview)
 459                                 {
 460                                         // Now parse it for displaying
 461                                         $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false);
 462                                         unset($message_parser);
 463                                 }
 464
 465                                 decode_message($signature, $user->data['user_sig_bbcode_uid']);
 466
 467                                 $template->assign_vars(array(
 468                                         'ERROR'                         => (sizeof($error)) ? implode('<br />', $error) : '',
 469                                         'SIGNATURE'                     => $signature,
 470                                         'SIGNATURE_PREVIEW'     => $signature_preview,
 471
 472                                         'S_BBCODE_CHECKED'              => (!$enable_bbcode) ? 'checked="checked"' : '',
 473                                         'S_SMILIES_CHECKED'     => (!$enable_smilies) ? 'checked="checked"' : '',
 474                                         'S_MAGIC_URL_CHECKED'   => (!$enable_urls) ? 'checked="checked"' : '',
 475
 476                                         'BBCODE_STATUS'                 => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
 477                                         'SMILIES_STATUS'                => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
 478                                         'IMG_STATUS'                    => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
 479                                         'FLASH_STATUS'                  => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
 480                                         'URL_STATUS'                    => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
 481
 482                                         'L_SIGNATURE_EXPLAIN'   => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
 483
 484                                         'S_BBCODE_ALLOWED'              => $config['allow_sig_bbcode'],
 485                                         'S_SMILIES_ALLOWED'             => $config['allow_sig_smilies'],
 486                                         'S_BBCODE_IMG'                  => ($config['allow_sig_img']) ? true : false,
 487                                         'S_BBCODE_FLASH'                => ($config['allow_sig_flash']) ? true : false,
 488                                         'S_LINKS_ALLOWED'               => ($config['allow_sig_links']) ? true : false)
 489                                 );
 490
 491                                 // Build custom bbcodes array
 492                                 display_custom_bbcodes();
 493
 494                         break;
 495
 496                         case 'avatar':
 497
 498                                 $display_gallery = (isset($_POST['display_gallery'])) ? true : false;
 499                                 $delete = (isset($_POST['delete'])) ? true : false;
 500
 501                                 $avatar_select = basename(request_var('avatar_select', ''));
 502                                 $category = basename(request_var('category', ''));
 503
 504                                 // Can we upload?
 505                                 $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
 506
 507                                 if ($submit)
 508                                 {
 509                                         $data = array(
 510                                                 'uploadurl'             => request_var('uploadurl', ''),
 511                                                 'remotelink'    => request_var('remotelink', ''),
 512                                                 'width'                 => request_var('width', ''),
 513                                                 'height'                => request_var('height', ''),
 514                                         );
 515
 516                                         $error = validate_data($data, array(
 517                                                 'uploadurl'             => array('string', true, 5, 255),
 518                                                 'remotelink'    => array('string', true, 5, 255),
 519                                                 'width'                 => array('string', true, 1, 3),
 520                                                 'height'                => array('string', true, 1, 3),
 521                                         ));
 522
 523                                         if (!sizeof($error))
 524                                         {
 525                                                 $data['user_id'] = $user->data['user_id'];
 526
 527                                                 if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
 528                                                 {
 529                                                         list($type, $filename, $width, $height) = avatar_upload($data, $error);
 530                                                 }
 531                                                 else if ($data['remotelink'] && $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote'])
 532                                                 {
 533                                                         list($type, $filename, $width, $height) = avatar_remote($data, $error);
 534                                                 }
 535                                                 else if ($avatar_select && $auth->acl_get('u_chgavatar') && $config['allow_avatar_local'])
 536                                                 {
 537                                                         $type = AVATAR_GALLERY;
 538                                                         $filename = $avatar_select;
 539
 540                                                         // check avatar gallery
 541                                                         if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
 542                                                         {
 543                                                                 $filename = '';
 544                                                                 $type = $width = $height = 0;
 545                                                         }
 546                                                         else
 547                                                         {
 548                                                                 list($width, $height) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $filename);
 549                                                                 $filename = $category . '/' . $filename;
 550                                                         }
 551                                                 }
 552                                                 else if ($delete && $auth->acl_get('u_chgavatar'))
 553                                                 {
 554                                                         $filename = '';
 555                                                         $type = $width = $height = 0;
 556                                                 }
 557                                                 else
 558                                                 {
 559                                                         $data = array();
 560                                                 }
 561                                         }
 562
 563                                         if (!sizeof($error))
 564                                         {
 565                                                 // Do we actually have any data to update?
 566                                                 if (sizeof($data))
 567                                                 {
 568                                                         $sql_ary = array(
 569                                                                 'user_avatar'                   => $filename,
 570                                                                 'user_avatar_type'              => $type,
 571                                                                 'user_avatar_width'             => $width,
 572                                                                 'user_avatar_height'    => $height,
 573                                                         );
 574
 575                                                         $sql = 'UPDATE ' . USERS_TABLE . '
 576                                                                 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 577                                                                 WHERE user_id = ' . $user->data['user_id'];
 578                                                         $db->sql_query($sql);
 579
 580                                                         // Delete old avatar if present
 581                                                         if ($user->data['user_avatar'] && $filename != $user->data['user_avatar'] && $user->data['user_avatar_type'] != AVATAR_GALLERY)
 582                                                         {
 583                                                                 avatar_delete('user', $user->data);
 584                                                         }
 585                                                 }
 586
 587                                                 meta_refresh(3, $this->u_action);
 588                                                 $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
 589                                                 trigger_error($message);
 590                                         }
 591
 592                                         // Replace "error" strings with their real, localised form
 593                                         $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 594                                 }
 595
 596                                 // Generate users avatar
 597                                 $avatar_img = '';
 598
 599                                 if ($user->data['user_avatar'])
 600                                 {
 601                                         switch ($user->data['user_avatar_type'])
 602                                         {
 603                                                 case AVATAR_UPLOAD:
 604                                                         $avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
 605                                                 break;
 606
 607                                                 case AVATAR_GALLERY:
 608                                                         $avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/';
 609                                                 break;
 610                                         }
 611                                         $avatar_img .= $user->data['user_avatar'];
 612
 613                                         $avatar_img = '<img src="' . $avatar_img . '" width="' . $user->data['user_avatar_width'] . '" height="' . $user->data['user_avatar_height'] . '" alt="" />';
 614                                 }
 615
 616                                 $template->assign_vars(array(
 617                                         'ERROR'                 => (sizeof($error)) ? implode('<br />', $error) : '',
 618                                         'AVATAR'                => $avatar_img,
 619                                         'AVATAR_SIZE'   => $config['avatar_filesize'],
 620
 621                                         'S_FORM_ENCTYPE'        => ($can_upload) ? ' enctype="multipart/form-data"' : '',
 622
 623                                         'L_AVATAR_EXPLAIN'      => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)),)
 624                                 );
 625
 626                                 if ($display_gallery && $auth->acl_get('u_chgavatar') && $config['allow_avatar_local'])
 627                                 {
 628                                         avatar_gallery($category, $avatar_select, 4);
 629                                 }
 630                                 else
 631                                 {
 632                                         $template->assign_vars(array(
 633                                                 'AVATAR'                => $avatar_img,
 634                                                 'AVATAR_SIZE'   => $config['avatar_filesize'],
 635                                                 'WIDTH'                 => (isset($data['width'])) ? $data['width'] : $user->data['user_avatar_width'],
 636                                                 'HEIGHT'                => (isset($data['height'])) ? $data['height'] : $user->data['user_avatar_height'],
 637
 638                                                 'S_UPLOAD_AVATAR_FILE'  => $can_upload,
 639                                                 'S_UPLOAD_AVATAR_URL'   => $can_upload,
 640                                                 'S_LINK_AVATAR'                 => ($auth->acl_get('u_chgavatar') && $config['allow_avatar_remote']) ? true : false,
 641                                                 'S_GALLERY_AVATAR'              => ($auth->acl_get('u_chgavatar') && $config['allow_avatar_local']) ? true : false)
 642                                         );
 643                                 }
 644
 645                         break;
 646                 }
 647
 648                 $template->assign_vars(array(
 649                         'L_TITLE'       => $user->lang['UCP_PROFILE_' . strtoupper($mode)],
 650
 651                         'S_HIDDEN_FIELDS'       => $s_hidden_fields,
 652                         'S_UCP_ACTION'          => $this->u_action)
 653                 );
 654
 655                 // Set desired template
 656                 $this->tpl_name = 'ucp_profile_' . $mode;
 657                 $this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
 658         }
 659 }
 660
 661 ?>