0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: User control panel
36
+ − 4
Plugin URI: http://enanocms.org/
0
+ − 5
Description: Provides the page Special:Preferences.
+ − 6
Author: Dan Fuhry
317
+ − 7
Version: 1.0.3
36
+ − 8
Author URI: http://enanocms.org/
0
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
317
+ − 13
* Version 1.0.3
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
$userprefs_menu = Array();
+ − 24
$userprefs_menu_links = Array();
+ − 25
function userprefs_menu_add($section, $text, $link)
+ − 26
{
+ − 27
global $userprefs_menu;
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 28
if ( isset($userprefs_menu[$section]) && is_array($userprefs_menu[$section]) )
0
+ − 29
{
+ − 30
$userprefs_menu[$section][] = Array(
+ − 31
'text' => $text,
+ − 32
'link' => $link
+ − 33
);
+ − 34
}
+ − 35
else
+ − 36
{
+ − 37
$userprefs_menu[$section] = Array(Array(
+ − 38
'text' => $text,
+ − 39
'link' => $link
+ − 40
));
+ − 41
}
+ − 42
}
+ − 43
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 44
$plugins->attachHook('compile_template', 'userprefs_jbox_setup($button, $tb, $menubtn);');
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 45
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 46
function userprefs_jbox_setup(&$button, &$tb, &$menubtn)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 47
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 48
global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 49
322
+ − 50
if ( $paths->namespace != 'Special' || $paths->page_id != 'Preferences' )
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 51
return false;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 52
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 53
$tb .= "<ul>$template->toolbar_menu</ul>";
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 54
$template->toolbar_menu = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 55
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 56
$button->assign_vars(array(
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 57
'TEXT' => 'list of registered members',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 58
'FLAGS' => '',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 59
'PARENTFLAGS' => '',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 60
'HREF' => makeUrlNS('Special', 'Memberlist')
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 61
));
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 62
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 63
$tb .= $button->run();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 64
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 65
0
+ − 66
function userprefs_menu_html()
+ − 67
{
+ − 68
global $userprefs_menu;
+ − 69
global $userprefs_menu_links;
+ − 70
+ − 71
$html = '';
+ − 72
$quot = '"';
+ − 73
+ − 74
foreach ( $userprefs_menu as $section => $buttons )
+ − 75
{
+ − 76
$html .= ( isset($userprefs_menu_links[$section]) ) ? "<a href={$quot}{$userprefs_menu_links[$section]}{$quot}>{$section}</a>\n " : "<a>{$section}</a>\n ";
+ − 77
$html .= "<ul>\n ";
+ − 78
foreach ( $buttons as $button )
+ − 79
{
+ − 80
$html .= " <li><a href={$quot}{$button['link']}{$quot}>{$button['text']}</a></li>\n ";
+ − 81
}
+ − 82
$html .= "</ul>\n ";
+ − 83
}
+ − 84
+ − 85
return $html;
+ − 86
}
+ − 87
+ − 88
function userprefs_show_menu()
+ − 89
{
+ − 90
echo '<div class="menu_nojs">
+ − 91
' . userprefs_menu_html() . '
+ − 92
<span class="menuclear"></span>
+ − 93
</div>
+ − 94
<br />
+ − 95
';
+ − 96
}
+ − 97
+ − 98
function userprefs_menu_init()
+ − 99
{
+ − 100
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 101
global $userprefs_menu_links;
+ − 102
175
1465f48faba0
AJAX login box is now used in userprefs panel; Spry shake effect and general UX on auth fail is smoother now; added ajaxLoginNavTo() JS function
Dan
diff
changeset
+ − 103
userprefs_menu_add('Profile/membership', 'Edit e-mail address and password', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');
0
+ − 104
userprefs_menu_add('Profile/membership', 'Edit signature', makeUrlNS('Special', 'Preferences/Signature'));
+ − 105
userprefs_menu_add('Profile/membership', 'Edit public profile', makeUrlNS('Special', 'Preferences/Profile'));
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 106
if ( getConfig('avatar_enable') == '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 107
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 108
userprefs_menu_add('Profile/membership', 'Avatar settings', makeUrlNS('Special', 'Preferences/Avatar'));
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 109
}
0
+ − 110
userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
+ − 111
userprefs_menu_add('Private messages', 'Outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));
+ − 112
userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));
+ − 113
userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));
+ − 114
userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));
+ − 115
+ − 116
$userprefs_menu_links['Profile/membership'] = makeUrlNS('Special', 'Preferences');
+ − 117
$userprefs_menu_links['Private messages'] = makeUrlNS('Special', 'PrivateMessages');
+ − 118
+ − 119
$code = $plugins->setHook('userprefs_jbox');
+ − 120
foreach ( $code as $cmd )
+ − 121
{
+ − 122
eval($cmd);
+ − 123
}
+ − 124
}
+ − 125
+ − 126
$plugins->attachHook('session_started', 'userprefs_menu_init();');
+ − 127
+ − 128
function page_Special_Preferences()
+ − 129
{
+ − 130
global $db, $session, $paths, $template, $plugins; // Common objects
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 131
global $lang;
0
+ − 132
+ − 133
// We need a login to continue
+ − 134
if ( !$session->user_logged_in )
+ − 135
redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');
+ − 136
+ − 137
// User ID - later this will be specified on the URL, but hardcoded for now
+ − 138
$uid = intval($session->user_id);
+ − 139
+ − 140
// Instanciate the AES encryptor
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 141
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
0
+ − 142
+ − 143
// Basic user info
+ − 144
$q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');
+ − 145
if ( !$q )
+ − 146
$db->_die();
+ − 147
+ − 148
$row = $db->fetchrow();
+ − 149
$db->free_result();
+ − 150
+ − 151
$section = $paths->getParam(0);
+ − 152
if ( !$section )
+ − 153
{
+ − 154
$section = 'Home';
+ − 155
}
+ − 156
+ − 157
$errors = '';
+ − 158
+ − 159
switch ( $section )
+ − 160
{
+ − 161
case 'EmailPassword':
+ − 162
// Require elevated privileges (well sortof)
+ − 163
if ( $session->auth_level < USER_LEVEL_CHPREF )
+ − 164
{
+ − 165
redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);
+ − 166
}
+ − 167
+ − 168
if ( isset($_POST['submit']) )
+ − 169
{
+ − 170
$email_changed = false;
+ − 171
// First do the e-mail address
+ − 172
if ( strlen($_POST['newemail']) > 0 )
+ − 173
{
+ − 174
switch('foo') // Same reason as in the password code...
+ − 175
{
+ − 176
case 'foo':
+ − 177
if ( $_POST['newemail'] != $_POST['newemail_conf'] )
+ − 178
{
+ − 179
$errors .= '<div class="error-box">The e-mail addresses you entered did not match.</div>';
+ − 180
break;
+ − 181
}
+ − 182
}
+ − 183
$q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
+ − 184
if ( !$q )
+ − 185
$db->_die();
+ − 186
$row = $db->fetchrow();
+ − 187
$db->free_result();
+ − 188
$old_pass = $aes->decrypt($row['password'], $session->private_key, ENC_HEX);
+ − 189
+ − 190
$new_email = $_POST['newemail'];
+ − 191
+ − 192
$result = $session->update_user($session->user_id, false, $old_pass, false, $new_email);
+ − 193
if ( $result != 'success' )
+ − 194
{
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 195
$message = '<p>The following errors were encountered while saving your e-mail address:</p>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 196
$message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 197
die_friendly('Error updating e-mail address', $message);
0
+ − 198
}
+ − 199
$email_changed = true;
+ − 200
}
+ − 201
// Obtain password
+ − 202
if ( $_POST['use_crypt'] == 'yes' && !empty($_POST['crypt_data']) )
+ − 203
{
+ − 204
$key = $session->fetch_public_key($_POST['crypt_key']);
+ − 205
if ( !$key )
+ − 206
die('Can\'t lookup key');
+ − 207
$key = hexdecode($key);
+ − 208
$newpass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+ − 209
// At this point we know if we _want_ to change the password...
+ − 210
+ − 211
// We can't check the password to see if it matches the confirmation
+ − 212
// because the confirmation was destroyed during the encryption. I figured
+ − 213
// this wasn't a big deal because if the encryption worked, then either
+ − 214
// the Javascript validated it or the user hacked the form. In the latter
+ − 215
// case, if he's smart enough to hack the encryption code, he's probably
+ − 216
// smart enough to remember his password.
+ − 217
+ − 218
if ( strlen($newpass) > 0 )
+ − 219
{
224
6a4573507ff8
Fixed: invalid smartform input to Admin:UserManager when errors present and changing own account; [demo mode] default user can no longer change password
Dan
diff
changeset
+ − 220
if ( defined('ENANO_DEMO_MODE') )
6a4573507ff8
Fixed: invalid smartform input to Admin:UserManager when errors present and changing own account; [demo mode] default user can no longer change password
Dan
diff
changeset
+ − 221
$errors .= '<div class="error-box" style="margin: 0 0 10px 0;">You can\'t change your password in demo mode.</div>';
0
+ − 222
// Perform checks
+ − 223
if ( strlen($newpass) < 6 )
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 224
$errors .= '<div class="error-box" style="margin: 0 0 10px 0;">Password must be at least 6 characters. You hacked my script, darn you!</div>';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 225
if ( getConfig('pw_strength_enable') == '1' )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 226
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 227
$score_inp = password_score($newpass);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 228
$score_min = intval( getConfig('pw_strength_minimum') );
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 229
if ( $score_inp < $score_min )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 230
$errors .= '<div class="error-box" style="margin: 0 0 10px 0;">Your password did not meet the complexity score requirement for this site. Your password scored '. $score_inp .', while a score of at least '. $score_min .' is needed.</div>';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 231
}
0
+ − 232
// Encrypt new password
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 233
if ( empty($errors) )
0
+ − 234
{
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 235
$newpass_enc = $aes->encrypt($newpass, $session->private_key, ENC_HEX);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 236
// Perform the swap
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 237
$q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $newpass_enc . '\' WHERE user_id=' . $session->user_id . ';');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 238
if ( !$q )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 239
$db->_die();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 240
// Log out and back in
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 241
$username = $session->username;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 242
$session->logout();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 243
if ( $email_changed )
0
+ − 244
{
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 245
if ( getConfig('account_activation') == 'user' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 246
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 247
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since e-mail activation is required on this site, you will need to re-activate your account to continue. An e-mail has been sent to the new e-mail address with an activation link. You must click that link in order to log in again.', 19);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 248
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 249
else if ( getConfig('account_activation') == 'admin' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 250
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 251
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since administrative activation is requires on this site, a request has been sent to the administrators to activate your account for you. You will not be able to use your account until it is activated by an administrator.', 19);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 252
}
0
+ − 253
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 254
$session->login_without_crypto($session->username, $newpass);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 255
redirect(makeUrlNS('Special', 'Preferences'), 'Password changed', 'Your password has been changed, and you will now be redirected back to the user control panel.', 4);
0
+ − 256
}
+ − 257
}
+ − 258
}
+ − 259
else
+ − 260
{
+ − 261
switch('foo') // allow breaking out of our section...i can't wait until PHP6 (goto support!)
+ − 262
{
+ − 263
case 'foo':
+ − 264
$pass = $_POST['newpass'];
+ − 265
if ( $pass != $_POST['newpass_conf'] )
+ − 266
{
+ − 267
$errors .= '<div class="error-box">The passwords you entered did not match</div>';
+ − 268
break;
+ − 269
}
+ − 270
+ − 271
if ( $email_changed )
+ − 272
{
+ − 273
if ( getConfig('account_activation') == 'user' )
+ − 274
{
+ − 275
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your e-mail address has been changed. Since e-mail activation is required on this site, you will need to re-activate your account to continue. An e-mail has been sent to the new e-mail address with an activation link. You must click that link in order to log in again.', 19);
+ − 276
}
+ − 277
else if ( getConfig('account_activation') == 'admin' )
+ − 278
{
+ − 279
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your e-mail address has been changed. Since administrative activation is requires on this site, a request has been sent to the administrators to activate your account for you. You will not be able to use your account until it is activated by an administrator.', 19);
+ − 280
}
+ − 281
else
+ − 282
{
+ − 283
redirect(makeUrlNS('Special', 'Preferences'), 'Password changed', 'Your e-mail address has been changed, and you will now be redirected back to the user control panel.', 4);
+ − 284
}
+ − 285
}
+ − 286
+ − 287
return;
+ − 288
}
+ − 289
}
+ − 290
}
+ − 291
$template->tpl_strings['PAGE_NAME'] = 'Change E-mail Address or Password';
+ − 292
break;
+ − 293
case 'Signature':
+ − 294
$template->tpl_strings['PAGE_NAME'] = 'Editing signature';
+ − 295
break;
+ − 296
case 'Profile':
+ − 297
$template->tpl_strings['PAGE_NAME'] = 'Editing public profile';
+ − 298
break;
+ − 299
}
+ − 300
+ − 301
$template->header();
+ − 302
+ − 303
// Output the menu
+ − 304
// This is not templatized because it conforms to the jBox menu standard.
+ − 305
+ − 306
userprefs_show_menu();
+ − 307
+ − 308
switch ( $section )
+ − 309
{
+ − 310
case 'Home':
+ − 311
global $email;
175
1465f48faba0
AJAX login box is now used in userprefs panel; Spry shake effect and general UX on auth fail is smoother now; added ajaxLoginNavTo() JS function
Dan
diff
changeset
+ − 312
$userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);
1465f48faba0
AJAX login box is now used in userprefs panel; Spry shake effect and general UX on auth fail is smoother now; added ajaxLoginNavTo() JS function
Dan
diff
changeset
+ − 313
$userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';
1465f48faba0
AJAX login box is now used in userprefs panel; Spry shake effect and general UX on auth fail is smoother now; added ajaxLoginNavTo() JS function
Dan
diff
changeset
+ − 314
$user_page = '<a href="' . makeUrlNS('User', sanitize_page_id($session->username)) . '"' . $userpage_exists . '>user page</a> <sup>(<a href="' . makeUrlNS('User', str_replace(' ', '_', $session->username)) . '#do:comments">comments</a>)</sup>';
0
+ − 315
$site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', 'administrator');
175
1465f48faba0
AJAX login box is now used in userprefs panel; Spry shake effect and general UX on auth fail is smoother now; added ajaxLoginNavTo() JS function
Dan
diff
changeset
+ − 316
$make_one_now = '<a href="' . makeUrlNS('User', sanitize_page_id($session->username)) . '">make one now</a>';
0
+ − 317
echo "<h3 style='margin-top: 0;'>$session->username, welcome to your control panel</h3>";
+ − 318
echo "<p>Here you can make changes to your profile, view statistics on yourself on this site, and set your preferences.</p>
175
1465f48faba0
AJAX login box is now used in userprefs panel; Spry shake effect and general UX on auth fail is smoother now; added ajaxLoginNavTo() JS function
Dan
diff
changeset
+ − 319
<p>Your $user_page is your free writing space. You can use it to tell the other members of this site a little bit about yourself. If you haven't already made a user page, why not $make_one_now?</p>
0
+ − 320
<p>Use the menu at the top to navigate around. If you have any questions, you may contact the $site_admin.";
+ − 321
break;
+ − 322
case 'EmailPassword':
+ − 323
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 324
$errors = trim($errors);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 325
if ( !empty($errors) )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 326
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 327
echo $errors;
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 328
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 329
0
+ − 330
echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
+ − 331
+ − 332
// Password change form
+ − 333
$pubkey = $session->rijndael_genkey();
+ − 334
+ − 335
echo '<fieldset>
+ − 336
<legend>Change password</legend>
+ − 337
Type a new password:<br />
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 338
<input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '
0
+ − 339
<br />
+ − 340
<br />
+ − 341
Type the password again to confirm:<br />
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 342
<input type="password" name="newpass_conf" size="30" tabindex="2" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 343
' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 344
<small>Your password needs to score at least <b>'.getConfig('pw_strength_minimum').'</b> in order to be accepted.</small>' : '' ) . '
0
+ − 345
</fieldset><br />
+ − 346
<fieldset>
+ − 347
<legend>Change e-mail address</legend>
+ − 348
New e-mail address:<br />
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 349
<input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />
0
+ − 350
<br />
+ − 351
<br />
+ − 352
Confirm e-mail address:<br />
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 353
<input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />
0
+ − 354
</fieldset>
+ − 355
<input type="hidden" name="use_crypt" value="no" />
+ − 356
<input type="hidden" name="crypt_key" value="' . $pubkey . '" />
+ − 357
<input type="hidden" name="crypt_data" value="" />
+ − 358
<br />
+ − 359
<div style="text-align: right;"><input type="submit" name="submit" value="Save Changes" tabindex="5" /></div>';
+ − 360
+ − 361
echo '</form>';
+ − 362
+ − 363
// ENCRYPTION CODE
+ − 364
?>
+ − 365
<script type="text/javascript">
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 366
<?php if ( getConfig('pw_strength_enable') == '1' ): ?>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 367
password_score_field(document.forms.empwform.newpass);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 368
<?php endif; ?>
0
+ − 369
disableJSONExts();
+ − 370
str = '';
+ − 371
for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 372
var key = hexToByteArray(str);
+ − 373
var pt = hexToByteArray(str);
+ − 374
var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 375
var ct = byteArrayToHex(ct);
+ − 376
switch(keySizeInBits)
+ − 377
{
+ − 378
case 128:
+ − 379
v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 380
break;
+ − 381
case 192:
+ − 382
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 383
break;
+ − 384
case 256:
+ − 385
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 386
break;
+ − 387
}
+ − 388
var aes_testpassed = ( ct == v && md5_vm_test() );
+ − 389
function runEncryption()
+ − 390
{
+ − 391
var frm = document.forms.empwform;
+ − 392
if ( frm.newpass.value.length < 1 )
+ − 393
return true;
+ − 394
if(aes_testpassed)
+ − 395
{
+ − 396
frm.use_crypt.value = 'yes';
+ − 397
var cryptkey = frm.crypt_key.value;
+ − 398
frm.crypt_key.value = hex_md5(cryptkey);
+ − 399
cryptkey = hexToByteArray(cryptkey);
+ − 400
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 401
{
+ − 402
frm.submit.disabled = true;
+ − 403
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 404
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 405
}
+ − 406
}
+ − 407
pass1 = frm.newpass.value;
+ − 408
pass2 = frm.newpass_conf.value;
+ − 409
if ( pass1 != pass2 )
+ − 410
{
+ − 411
alert('The passwords you entered do not match.');
+ − 412
return false;
+ − 413
}
+ − 414
if ( pass1.length < 6 && pass1.length > 0 )
+ − 415
{
+ − 416
alert('The new password must be 6 characters or greater in length.');
+ − 417
return false;
+ − 418
}
+ − 419
if(aes_testpassed)
+ − 420
{
+ − 421
pass = frm.newpass.value;
+ − 422
pass = stringToByteArray(pass);
+ − 423
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 424
if(!cryptstring)
+ − 425
{
+ − 426
return false;
+ − 427
}
+ − 428
cryptstring = byteArrayToHex(cryptstring);
+ − 429
frm.crypt_data.value = cryptstring;
+ − 430
frm.newpass.value = "";
+ − 431
frm.newpass_conf.value = "";
+ − 432
}
+ − 433
return true;
+ − 434
}
+ − 435
</script>
+ − 436
<?php
+ − 437
+ − 438
break;
+ − 439
case 'Signature':
+ − 440
if ( isset($_POST['new_sig']) )
+ − 441
{
+ − 442
$sig = $_POST['new_sig'];
+ − 443
$sig = RenderMan::preprocess_text($sig, true, false);
+ − 444
$sql_sig = $db->escape($sig);
+ − 445
$q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');
+ − 446
if ( !$q )
+ − 447
$db->_die();
+ − 448
$session->signature = $sig;
+ − 449
echo '<div class="info-box" style="margin: 0 0 10px 0;">Your signature has been saved.</div>';
+ − 450
}
+ − 451
echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 452
echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));
0
+ − 453
echo '<input type="submit" value="Save signature" />';
+ − 454
echo '</form>';
+ − 455
break;
+ − 456
case "Profile":
+ − 457
if ( isset($_POST['submit']) )
+ − 458
{
+ − 459
$real_name = htmlspecialchars($_POST['real_name']);
+ − 460
$real_name = $db->escape($real_name);
31
+ − 461
+ − 462
$imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);
+ − 463
$imaddr_aim = $db->escape($imaddr_aim);
+ − 464
+ − 465
$imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);
+ − 466
$imaddr_msn = $db->escape($imaddr_msn);
+ − 467
+ − 468
$imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);
+ − 469
$imaddr_yahoo = $db->escape($imaddr_yahoo);
+ − 470
+ − 471
$imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);
+ − 472
$imaddr_xmpp = $db->escape($imaddr_xmpp);
+ − 473
+ − 474
$homepage = htmlspecialchars($_POST['homepage']);
+ − 475
$homepage = $db->escape($homepage);
+ − 476
+ − 477
$location = htmlspecialchars($_POST['location']);
+ − 478
$location = $db->escape($location);
+ − 479
+ − 480
$occupation = htmlspecialchars($_POST['occupation']);
+ − 481
$occupation = $db->escape($occupation);
+ − 482
+ − 483
$hobbies = htmlspecialchars($_POST['hobbies']);
+ − 484
$hobbies = $db->escape($hobbies);
+ − 485
+ − 486
$email_public = ( isset($_POST['email_public']) ) ? '1' : '0';
+ − 487
+ − 488
$session->real_name = $real_name;
+ − 489
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 490
if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )
31
+ − 491
{
+ − 492
$imaddr_msn = "$imaddr_msn@hotmail.com";
+ − 493
}
+ − 494
+ − 495
if ( substr($homepage, 0, 7) != 'http://' )
+ − 496
{
+ − 497
$homepage = "http://$homepage";
+ − 498
}
+ − 499
+ − 500
if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
+ − 501
{
+ − 502
$homepage = '';
+ − 503
}
+ − 504
+ − 505
$session->user_extra['user_aim'] = $imaddr_aim;
+ − 506
$session->user_extra['user_msn'] = $imaddr_msn;
+ − 507
$session->user_extra['user_xmpp'] = $imaddr_xmpp;
+ − 508
$session->user_extra['user_yahoo'] = $imaddr_yahoo;
+ − 509
$session->user_extra['user_homepage'] = $homepage;
+ − 510
$session->user_extra['user_location'] = $location;
+ − 511
$session->user_extra['user_job'] = $occupation;
+ − 512
$session->user_extra['user_hobbies'] = $hobbies;
+ − 513
$session->user_extra['email_public'] = intval($email_public);
+ − 514
0
+ − 515
$q = $db->sql_query('UPDATE '.table_prefix."users SET real_name='$real_name' WHERE user_id=$session->user_id;");
+ − 516
if ( !$q )
+ − 517
$db->_die();
+ − 518
31
+ − 519
$q = $db->sql_query('UPDATE '.table_prefix."users_extra SET user_aim='$imaddr_aim',user_yahoo='$imaddr_yahoo',user_msn='$imaddr_msn',
+ − 520
user_xmpp='$imaddr_xmpp',user_homepage='$homepage',user_location='$location',user_job='$occupation',
+ − 521
user_hobbies='$hobbies',email_public=$email_public
+ − 522
WHERE user_id=$session->user_id;");
+ − 523
+ − 524
if ( !$q )
+ − 525
$db->_die();
+ − 526
0
+ − 527
echo '<div class="info-box" style="margin: 0 0 10px 0;">Your profile has been updated.</div>';
+ − 528
}
+ − 529
echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
+ − 530
?>
+ − 531
<div class="tblholder">
+ − 532
<table border="0" cellspacing="1" cellpadding="4">
+ − 533
<tr>
+ − 534
<th colspan="2">Your public profile</th>
+ − 535
</tr>
+ − 536
<tr>
+ − 537
<td colspan="2" class="row3">Please note that all of the information you enter here will be <b>publicly viewable.</b> All of the fields on this page are optional and may be left blank if you so desire.</td>
+ − 538
</tr>
+ − 539
<tr>
+ − 540
<td class="row2" style="width: 50%;">Real name:</td>
+ − 541
<td class="row1" style="width: 50%;"><input type="text" name="real_name" value="<?php echo $session->real_name; ?>" size="30" /></td>
+ − 542
</tr>
+ − 543
<tr>
+ − 544
<td class="row2">Change theme:</td>
+ − 545
<td class="row1">If you don't like the look of the site, need a visual break, or are just curious, we might have some different themes for you to try out! <a href="<?php echo makeUrlNS('Special', 'ChangeStyle/' . $paths->page); ?>" onclick="ajaxChangeStyle(); return false;">Change my theme...</a></td>
+ − 546
</tr>
+ − 547
<tr>
31
+ − 548
<th class="subhead" colspan="2">
+ − 549
Instant messenger contact information
+ − 550
</th>
+ − 551
<tr>
+ − 552
<td class="row2" style="width: 50%;">AIM handle:</td>
+ − 553
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_aim" value="<?php echo $session->user_extra['user_aim']; ?>" size="30" /></td>
+ − 554
</tr>
+ − 555
<tr>
+ − 556
<td class="row2" style="width: 50%;"><acronym title="Windows™ Live Messenger">WLM</acronym> handle:<br /><small>If you don't specify the domain (@whatever.com), "@hotmail.com" will be assumed.</small></td>
+ − 557
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_msn" value="<?php echo $session->user_extra['user_msn']; ?>" size="30" /></td>
+ − 558
</tr>
+ − 559
<tr>
+ − 560
<td class="row2" style="width: 50%;">Yahoo! IM handle:</td>
+ − 561
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_yahoo" value="<?php echo $session->user_extra['user_yahoo']; ?>" size="30" /></td>
+ − 562
</tr>
+ − 563
<tr>
+ − 564
<td class="row2" style="width: 50%;">Jabber/XMPP handle:</td>
+ − 565
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_xmpp" value="<?php echo $session->user_extra['user_xmpp']; ?>" size="30" /></td>
+ − 566
</tr>
+ − 567
<tr>
+ − 568
<th class="subhead" colspan="2">
+ − 569
Extra contact information
+ − 570
</th>
+ − 571
</tr>
+ − 572
<tr>
+ − 573
<td class="row2" style="width: 50%;">Your homepage:<br /><small>Please remember the http:// prefix.</small></td>
+ − 574
<td class="row1" style="width: 50%;"><input type="text" name="homepage" value="<?php echo $session->user_extra['user_homepage']; ?>" size="30" /></td>
+ − 575
</tr>
+ − 576
<tr>
+ − 577
<td class="row2" style="width: 50%;">Your location:</td>
+ − 578
<td class="row1" style="width: 50%;"><input type="text" name="location" value="<?php echo $session->user_extra['user_location']; ?>" size="30" /></td>
+ − 579
</tr>
+ − 580
<tr>
+ − 581
<td class="row2" style="width: 50%;">Your job:</td>
+ − 582
<td class="row1" style="width: 50%;"><input type="text" name="occupation" value="<?php echo $session->user_extra['user_job']; ?>" size="30" /></td>
+ − 583
</tr>
+ − 584
<tr>
+ − 585
<td class="row2" style="width: 50%;">Your hobbies:</td>
+ − 586
<td class="row1" style="width: 50%;"><input type="text" name="hobbies" value="<?php echo $session->user_extra['user_hobbies']; ?>" size="30" /></td>
+ − 587
</tr>
+ − 588
<tr>
+ − 589
<td class="row2" style="width: 50%;"><label for="chk_email_public">E-mail address is public</label><br /><small>If this is checked, your e-mail address will be displayed on your user page. To protect your address from spambots, your e-mail address will be encrypted.</small></td>
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 590
<td class="row1" style="width: 50%;"><input type="checkbox" id="chk_email_public" name="email_public" <?php if ($session->user_extra['email_public'] == 1) echo 'checked="checked"'; ?> size="30" /></td>
0
+ − 591
</tr>
+ − 592
<tr>
+ − 593
<th class="subhead" colspan="2">
+ − 594
<input type="submit" name="submit" value="Save profile" />
+ − 595
</th>
+ − 596
</tr>
+ − 597
</table>
+ − 598
</div>
+ − 599
<?php
+ − 600
echo '</form>';
+ − 601
break;
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 602
case 'Avatar':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 603
if ( getConfig('avatar_enable') != '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 604
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 605
echo '<div class="error-box"><b>' . $lang->get('usercp_avatar_err_disabled_title') . '</b><br />' . $lang->get('usercp_avatar_err_disabled_body') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 606
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 607
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 608
// Determine current avatar
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 609
$q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 610
if ( !$q )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 611
$db->_die('Avatar CP selecting user\'s avatar data');
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 612
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 613
list($has_avi, $avi_type) = $db->fetchrow_num();
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 614
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 615
if ( isset($_POST['submit']) )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 616
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 617
$action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 618
$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $session->user_id . '.' . $avi_type;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 619
switch($action)
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 620
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 621
case 'keep':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 622
default:
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 623
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 624
case 'remove':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 625
if ( $has_avi )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 626
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 627
// First switch the avatar off
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 628
$q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $session->user_id . ';');
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 629
if ( !$q )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 630
$db->_die('Avatar CP switching user avatar off');
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 631
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 632
if ( @unlink($avi_path) )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 633
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 634
echo '<div class="info-box">' . $lang->get('usercp_avatar_delete_success') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 635
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 636
$has_avi = 0;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 637
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 638
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 639
case 'set_http':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 640
case 'set_file':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 641
// Hackish way to preserve the UNIX philosophy of reusing as much code as possible
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 642
if ( $action == 'set_http' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 643
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 644
// Check if this action is enabled
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 645
if ( getConfig('avatar_upload_http') !== '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 646
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 647
// non-localized, only appears on hack attempt
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 648
echo '<div class="error-box">Uploads over HTTP are disabled.</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 649
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 650
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 651
// Download the file
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 652
require_once( ENANO_ROOT . '/includes/http.php' );
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 653
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 654
if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 655
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 656
echo '<div class="error-box">' . $lang->get('usercp_avatar_invalid_url') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 657
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 658
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 659
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 660
$hostname = $match[1];
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 661
$uri = '/' . $match[4];
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 662
$port = ( $match[3] ) ? intval($match[3]) : 80;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 663
$max_size = intval(getConfig('avatar_max_size'));
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 664
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 665
// Get temporary file
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 666
$tempfile = tempnam(false, "enanoavatar_{$session->user_id}");
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 667
if ( !$tempfile )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 668
echo '<div class="error-box">Error getting temp file.</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 669
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 670
@unlink($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 671
$request = new Request_HTTP($hostname, $uri, 'GET', $port);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 672
$result = $request->write_response_to_file($tempfile, 50, $max_size);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 673
if ( !$result || $request->response_code != HTTP_OK )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 674
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 675
@unlink($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 676
echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_write') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 677
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 678
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 679
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 680
// Response written. Proceed to validation...
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 681
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 682
else
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 683
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 684
// Check if this action is enabled
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 685
if ( getConfig('avatar_upload_file') !== '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 686
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 687
// non-localized, only appears on hack attempt
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 688
echo '<div class="error-box">Uploads from the browser are disabled.</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 689
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 690
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 691
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 692
$max_size = intval(getConfig('avatar_max_size'));
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 693
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 694
$file =& $_FILES['avatar_file'];
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 695
$tempfile =& $file['tmp_name'];
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 696
if ( filesize($tempfile) > $max_size )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 697
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 698
@unlink($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 699
echo '<div class="error-box">' . $lang->get('usercp_avatar_file_too_large') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 700
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 701
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 702
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 703
$file_type = get_image_filetype($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 704
if ( !$file_type )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 705
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 706
unlink($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 707
echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_filetype') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 708
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 709
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 710
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 711
$avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $session->user_id . '.' . $file_type;
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 712
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 713
// The file type is good - validate dimensions and animation
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 714
switch($file_type)
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 715
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 716
case 'png':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 717
$is_animated = is_png_animated($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 718
$dimensions = png_get_dimensions($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 719
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 720
case 'gif':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 721
$is_animated = is_gif_animated($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 722
$dimensions = gif_get_dimensions($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 723
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 724
case 'jpg':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 725
$is_animated = false;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 726
$dimensions = jpg_get_dimensions($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 727
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 728
default:
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 729
echo '<div class="error-box">API mismatch</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 730
break 2;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 731
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 732
// Did we get invalid size data? If so the image is probably corrupt.
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 733
if ( !$dimensions )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 734
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 735
@unlink($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 736
echo '<div class="error-box">' . $lang->get('usercp_avatar_corrupt_image') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 737
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 738
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 739
// Is the image animated?
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 740
if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 741
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 742
@unlink($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 743
echo '<div class="error-box">' . $lang->get('usercp_avatar_disallowed_animation') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 744
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 745
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 746
// Check image dimensions
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 747
list($image_x, $image_y) = $dimensions;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 748
$max_x = intval(getConfig('avatar_max_width'));
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 749
$max_y = intval(getConfig('avatar_max_height'));
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 750
if ( $image_x > $max_x || $image_y > $max_y )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 751
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 752
@unlink($tempfile);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 753
echo '<div class="error-box">' . $lang->get('usercp_avatar_too_large') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 754
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 755
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 756
// All good!
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 757
@unlink($avi_path);
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 758
if ( rename($tempfile, $avi_path_new) )
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 759
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 760
$q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$session->user_id};");
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 761
if ( !$q )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 762
$db->_die('Avatar CP updating users table after successful avatar upload');
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 763
$has_avi = 1;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 764
$avi_type = $file_type;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 765
echo '<div class="info-box">' . $lang->get('usercp_avatar_upload_success') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 766
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 767
else
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 768
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 769
echo '<div class="error-box">' . $lang->get('usercp_avatar_move_failed') . '</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 770
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 771
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 772
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 773
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 774
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 775
?>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 776
<script type="text/javascript">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 777
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 778
function avatar_select_field(elParent)
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 779
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 780
switch(elParent.value)
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 781
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 782
case 'keep':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 783
case 'remove':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 784
$('avatar_upload_http').object.style.display = 'none';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 785
$('avatar_upload_file').object.style.display = 'none';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 786
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 787
case 'set_http':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 788
$('avatar_upload_http').object.style.display = 'block';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 789
$('avatar_upload_file').object.style.display = 'none';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 790
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 791
case 'set_file':
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 792
$('avatar_upload_http').object.style.display = 'none';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 793
$('avatar_upload_file').object.style.display = 'block';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 794
break;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 795
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 796
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 797
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 798
</script>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 799
<?php
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 800
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 801
echo '<form action="' . makeUrl($paths->fullpage) . '" method="post" enctype="multipart/form-data">';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 802
echo '<div class="tblholder">';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 803
echo '<table border="0" cellspacing="1" cellpadding="4">';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 804
echo '<tr>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 805
<th colspan="2">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 806
' . $lang->get('usercp_avatar_table_title') . '
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 807
</th>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 808
</tr>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 809
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 810
echo '<tr>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 811
<td class="row2" style="width: 50%;">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 812
' . $lang->get('usercp_avatar_label_current') . '
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 813
</td>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 814
<td class="row1" style="text-align: center;">';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 815
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 816
if ( $has_avi == 1 )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 817
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 818
echo '<img alt="' . $lang->get('usercp_avatar_image_alt', array('username' => $session->username)) . '" src="' . make_avatar_url($session->user_id, $avi_type) . '" />';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 819
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 820
else
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 821
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 822
echo $lang->get('usercp_avatar_image_none');
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 823
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 824
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 825
echo ' </td>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 826
</tr>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 827
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 828
echo ' <tr>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 829
<td class="row2">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 830
' . $lang->get('usercp_avatar_lbl_change') . '
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 831
</td>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 832
<td class="row1">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 833
<label><input type="radio" name="avatar_action" value="keep" onclick="avatar_select_field(this);" checked="checked" /> ' . $lang->get('usercp_avatar_lbl_keep') . '</label><br />
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 834
<label><input type="radio" name="avatar_action" value="remove" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_remove') . '</label><br />';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 835
if ( getConfig('avatar_upload_http') == '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 836
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 837
echo ' <label><input type="radio" name="avatar_action" value="set_http" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_http') . '</label><br />
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 838
<div id="avatar_upload_http" style="display: none; margin: 10px 0 0 2.2em;">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 839
' . $lang->get('usercp_avatar_lbl_url') . ' <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 840
<small>' . $lang->get('usercp_avatar_lbl_url_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 841
</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 842
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 843
else
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 844
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 845
echo ' <div id="avatar_upload_http" style="display: none;"></div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 846
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 847
if ( getConfig('avatar_upload_file') == '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 848
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 849
echo ' <label><input type="radio" name="avatar_action" value="set_file" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_file') . '</label>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 850
<div id="avatar_upload_file" style="display: none; margin: 10px 0 0 2.2em;">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 851
' . $lang->get('usercp_avatar_lbl_file') . ' <input type="file" name="avatar_file" size="40" /><br />
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 852
<small>' . $lang->get('usercp_avatar_lbl_file_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 853
</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 854
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 855
else
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 856
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 857
echo ' <div id="avatar_upload_file" style="display: none;"></div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 858
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 859
echo ' </td>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 860
</tr>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 861
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 862
echo ' <tr>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 863
<th class="subhead" colspan="2">
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 864
<input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" />
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 865
</th>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 866
</tr>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 867
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 868
echo '</table>
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 869
</div>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 870
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 871
break;
0
+ − 872
default:
+ − 873
$good = false;
+ − 874
$code = $plugins->setHook('userprefs_body');
+ − 875
foreach ( $code as $cmd )
+ − 876
{
315
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 877
if ( eval($cmd) )
0
+ − 878
$good = true;
+ − 879
}
+ − 880
if ( !$good )
+ − 881
{
+ − 882
echo '<h3>Invalid module</h3>
+ − 883
<p>Userprefs module "'.$section.'" not found.</p>';
+ − 884
}
+ − 885
break;
+ − 886
}
+ − 887
+ − 888
$template->footer();
+ − 889
}
+ − 890
+ − 891
?>