<?php

/**!info**

{

  "Plugin Name"  : "plugin_specialuserprefs_title",

  "Plugin URI"   : "http://enanocms.org/",

  "Description"  : "plugin_specialuserprefs_desc",

  "Author"       : "Dan Fuhry",

  "Version"      : "1.1.4",

  "Author URI"   : "http://enanocms.org/"

}

**!*/

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.4 (Caoineag alpha 4)

 * Copyright (C) 2006-2008 Dan Fuhry

 *

 * This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

$userprefs_menu = Array();

$userprefs_menu_links = Array();

function userprefs_menu_add($section, $text, $link)

{

  global $userprefs_menu;

  if ( isset($userprefs_menu[$section]) && is_array($userprefs_menu[$section]) )

  {

    $userprefs_menu[$section][] = Array(

      'text' => $text,

      'link' => $link

      );

  }

  else

  {

    $userprefs_menu[$section] = Array(Array(

      'text' => $text,

      'link' => $link

      ));

  }

}

$plugins->attachHook('compile_template', 'userprefs_jbox_setup($button, $tb, $menubtn);');

function userprefs_jbox_setup(&$button, &$tb, &$menubtn)

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $lang;

  if ( $paths->namespace != 'Special' || $paths->page_id != 'Preferences' )

    return false;

  $tb .= "<ul>$template->toolbar_menu</ul>";

  $template->toolbar_menu = '';

  $button->assign_vars(array(

      'TEXT' => $lang->get('usercp_btn_memberlist'),

      'FLAGS' => '',

      'PARENTFLAGS' => '',

      'HREF' => makeUrlNS('Special', 'Memberlist')

    ));

  $tb .= $button->run();

}

function userprefs_menu_html()

{

  global $userprefs_menu;

  global $userprefs_menu_links;

  global $lang;

  $html = '';

  $quot = '"';

  foreach ( $userprefs_menu as $section => $buttons )

  {

    $section_name = $section;

    if ( preg_match('/^[a-z]+_[a-z_]+$/', $section) )

    {

      $section_name = $lang->get($section_name);

    }

    $html .= ( isset($userprefs_menu_links[$section]) ) ? "<a href={$quot}{$userprefs_menu_links[$section]}{$quot}>{$section_name}</a>\n        " : "<a>{$section_name}</a>\n        ";

    $html .= "<ul>\n          ";

    foreach ( $buttons as $button )

    {

      $buttontext = $button['text'];

      if ( preg_match('/^[a-z]+_[a-z_]+$/', $buttontext) )

      {

        $buttontext = $lang->get($buttontext);

      }

      $html .= "  <li><a href={$quot}{$button['link']}{$quot}>{$buttontext}</a></li>\n          ";

    }

    $html .= "</ul>\n        ";

  }

  return $html;

}

function userprefs_show_menu()

{

  echo '<div class="menu_nojs">

          ' . userprefs_menu_html() . '

          <span class="menuclear"></span>

        </div>

        <br />

        ';

}

function userprefs_menu_init()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $userprefs_menu_links;

  userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_emailpassword', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');

  userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_signature', makeUrlNS('Special', 'Preferences/Signature'));

  userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_publicinfo', makeUrlNS('Special', 'Preferences/Profile'));

  userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_usergroups', makeUrlNS('Special', 'Usergroups'));

  if ( getConfig('avatar_enable') == '1' )

  {

    userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_avatar', makeUrlNS('Special', 'Preferences/Avatar'));

  }

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_sent', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));

  /*

  // Reserved for Enano's Next Big Innovation.(TM)

  userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special',      'Private_Messages#folder:inbox'));

  userprefs_menu_add('Private messages', 'Starred', makeUrlNS('Special',     'Private_Messages#folder:starred'));

  userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'Private_Messages#folder:sent'));

  userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special',     'Private_Messages#folder:drafts'));

  userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special',    'Private_Messages#folder:archive'));

  userprefs_menu_add('Private messages', 'Trash', makeUrlNS('Special',    'Private_Messages#folder:trash'));

  */

  $userprefs_menu_links['Profile/membership'] = makeUrlNS('Special', 'Preferences');

  $userprefs_menu_links['Private messages']  = makeUrlNS('Special', 'PrivateMessages');

  $code = $plugins->setHook('userprefs_jbox');

  foreach ( $code as $cmd )

  {

    eval($cmd);

  }

}

$plugins->attachHook('common_post', 'userprefs_menu_init();');

function page_Special_Preferences()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $lang;

  global $timezone;

  // We need a login to continue

  if ( !$session->user_logged_in )

    redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');

  // User ID - later this will be specified on the URL, but hardcoded for now

  $uid = intval($session->user_id);

  // Instanciate the AES encryptor

  $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);

  // Basic user info

  $q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');

  if ( !$q )

    $db->_die();

  $row = $db->fetchrow();

  $db->free_result();

  $section = $paths->getParam(0);

  if ( !$section )

  {

    $section = 'Home';

  }

  $errors = '';

  switch ( $section )

  {

    case 'EmailPassword':

      // Require elevated privileges (well sortof)

      if ( $session->auth_level < USER_LEVEL_CHPREF )

      {

        redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);

      }

      if ( isset($_POST['submit']) )

      {

        $email_changed = false;

        // First do the e-mail address

        if ( strlen($_POST['newemail']) > 0 )

        {

          switch('foo') // Same reason as in the password code...

          {

            case 'foo':

              if ( $_POST['newemail'] != $_POST['newemail_conf'] )

              {

                $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_email_no_match') . '</div>';

                break;

              }

          }

          $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');

          if ( !$q )

            $db->_die();

          $row = $db->fetchrow();

          $db->free_result();

          $old_pass = $aes->decrypt($row['password'], $session->private_key, ENC_HEX);

          $new_email = $_POST['newemail'];

          $result = $session->update_user($session->user_id, false, $old_pass, false, $new_email);

          if ( $result != 'success' )

          {

            $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>';

            $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';

            die_friendly($lang->get('usercp_emailpassword_err_title'), $message);

          }

          $email_changed = true;

        }

        // Obtain password

        if ( $_POST['use_crypt'] == 'yes' && !empty($_POST['crypt_data']) )

        {

          $key = $session->fetch_public_key($_POST['crypt_key']);

          if ( !$key )

            die('Can\'t lookup key');

          $key = hexdecode($key);

          $newpass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);

          // At this point we know if we _want_ to change the password...

          // We can't check the password to see if it matches the confirmation

          // because the confirmation was destroyed during the encryption. I figured

          // this wasn't a big deal because if the encryption worked, then either

          // the Javascript validated it or the user hacked the form. In the latter

          // case, if he's smart enough to hack the encryption code, he's probably

          // smart enough to remember his password.

          if ( strlen($newpass) > 0 )

          {

            if ( defined('ENANO_DEMO_MODE') )

              $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_demo') . '</div>';

            // Perform checks

            if ( strlen($newpass) < 6 )

              $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_short') . '</div>';

            if ( getConfig('pw_strength_enable') == '1' )

            {

              $score_inp = password_score($newpass);

              if ( $score_inp < $score_min )

                $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '</div>';

            }

            // Encrypt new password

            if ( empty($errors) )

            {

              $newpass_enc = $aes->encrypt($newpass, $session->private_key, ENC_HEX);

              // Perform the swap

              $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $newpass_enc . '\' WHERE user_id=' . $session->user_id . ';');

              if ( !$q )

                $db->_die();

              // Log out and back in

              $username = $session->username;

              $session->logout();

              if ( $email_changed )

              {

                if ( getConfig('account_activation') == 'user' )

                {

                  redirect(makeUrl(getConfig('main_page')), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);

                }

                else if ( getConfig('account_activation') == 'admin' )

                {

                  redirect(makeUrl(getConfig('main_page')), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);

                }

              }

              $session->login_without_crypto($session->username, $newpass);

              redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);

            }

          }

        }

        else

        {

          switch('foo') // allow breaking out of our section...i can't wait until PHP6 (goto support!)

          {

            case 'foo':

              $pass = $_POST['newpass'];

              if ( $pass != $_POST['newpass_conf'] )

              {

                $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>';

                break;

              }

              $session->logout();

              if ( $email_changed )

              {

                if ( getConfig('account_activation') == 'user' )

                {

                  redirect(makeUrl(getConfig('main_page')), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);

                }

                else if ( getConfig('account_activation') == 'admin' )

                {

                  redirect(makeUrl(getConfig('main_page')), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);

                }

              }

              else

              {

                $session->login_without_crypto($session->username, $newpass);

                redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);

              }

              return;

          }

        }

      }

      $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');

      break;

    case 'Signature':

      $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');

      break;

    case 'Profile':

      $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');

      break;

  }

  $template->header();

  // Output the menu

  // This is not templatized because it conforms to the jBox menu standard.

  userprefs_show_menu();

  switch ( $section )

  {

    case 'Home':

      global $email;

      $userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);

      $userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';

      $user_page = makeUrlNS('User', sanitize_page_id($session->username));

      $site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('usercp_intro_para3_admin_link'));

      echo '<h3 style="margin-top: 0;">' . $lang->get('usercp_intro_heading_main', array('username' => $session->username)) . '</h3>';

      echo '<p>' . $lang->get('usercp_intro_para1') . '</p>

            <p>' . $lang->get('usercp_intro_para2', array('userpage_link' => $user_page)) . '</p>

            <p>' . $lang->get('usercp_intro_para3', array('admin_contact_link' => $site_admin)) . '</p>';

      break;

    case 'EmailPassword':

      $errors = trim($errors);

      if ( !empty($errors) )

      {

        echo $errors;

      }

      echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';

      // Password change form

      $pubkey = $session->rijndael_genkey();

      echo '<fieldset>

        <legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>

        ' . $lang->get('usercp_emailpassword_field_newpass') . '<br />

          <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '

        <br />

        <br />

        ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />

        <input type="password" name="newpass_conf" size="30" tabindex="2" />

        ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>

        <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ) . '

      </fieldset><br />

      <fieldset>

        <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend>

        ' . $lang->get('usercp_emailpassword_field_newemail') . '<br />

          <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />

        <br />

        <br />

        ' . $lang->get('usercp_emailpassword_field_newemail_confirm') . '<br />

          <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />

      </fieldset>

      <input type="hidden" name="use_crypt" value="no" />

      <input type="hidden" name="crypt_key" value="' . $pubkey . '" />

      <input type="hidden" name="crypt_data" value="" />

      <br />

      <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';

      echo '</form>';

      // ENCRYPTION CODE

      ?>

      <script type="text/javascript">

      <?php if ( getConfig('pw_strength_enable') == '1' ): ?>

        {

        function runEncryption()

        {

          var frm = document.forms.empwform;

          if ( frm.newpass.value.length < 1 )

            return true;

          pass1 = frm.newpass.value;

          pass2 = frm.newpass_conf.value;

          if ( pass1 != pass2 )

          {

            alert($lang.get('usercp_emailpassword_err_password_no_match'));

            return false;

          }

          if ( pass1.length < 6 && pass1.length > 0 )

          {

            alert($lang.get('usercp_emailpassword_err_password_too_short'));

            return false;

          }

          if(aes_testpassed)

          {

            frm.use_crypt.value = 'yes';

            var cryptkey = frm.crypt_key.value;

            frm.crypt_key.value = hex_md5(cryptkey);

            cryptkey = hexToByteArray(cryptkey);

            if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )

            {

              frm.submit.disabled = true;

              len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';

              alert('The key is messed up\nType: '+typeof(cryptkey)+len);

            }

            pass = frm.newpass.value;

            pass = stringToByteArray(pass);

            cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');

            if(!cryptstring)

            {

              return false;

            }

            cryptstring = byteArrayToHex(cryptstring);

            frm.crypt_data.value = cryptstring;

            frm.newpass.value = "";

            frm.newpass_conf.value = "";

          }

          return true;

        }

      </script>

      <?php

      break;

    case 'Signature':

      if ( isset($_POST['new_sig']) )

      {

        $sig = $_POST['new_sig'];

        $sig = RenderMan::preprocess_text($sig, true, false);

        $sql_sig = $db->escape($sig);

        $q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');

        if ( !$q )

          $db->_die();

        $session->signature = $sig;

        echo '<div class="info-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_signature_msg_saved') . '</div>';

      }

      echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';

      echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));

      echo '<input type="submit" value="' . $lang->get('usercp_signature_btn_save') . '" />';

      echo '</form>';

      break;

    case "Profile":

      if ( isset($_POST['submit']) )

      {

        $real_name = htmlspecialchars($_POST['real_name']);

        $real_name = $db->escape($real_name);

        $timezone = intval($_POST['timezone']);

        $tz_local = $timezone + 1440;

        $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);

        $imaddr_aim = $db->escape($imaddr_aim);

        $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);

        $imaddr_msn = $db->escape($imaddr_msn);

        $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);

        $imaddr_yahoo = $db->escape($imaddr_yahoo);

        $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);

        $imaddr_xmpp = $db->escape($imaddr_xmpp);

        $homepage = htmlspecialchars($_POST['homepage']);

        $homepage = $db->escape($homepage);

        $location = htmlspecialchars($_POST['location']);

        $location = $db->escape($location);

        $occupation = htmlspecialchars($_POST['occupation']);

        $occupation = $db->escape($occupation);

        $hobbies = htmlspecialchars($_POST['hobbies']);

        $hobbies = $db->escape($hobbies);

        $email_public = ( isset($_POST['email_public']) ) ? '1' : '0';

        $disable_js_fx = ( isset($_POST['disable_js_fx']) ) ? '1' : '0';

        $session->real_name = $real_name;