changeset 2 | a8a21e1c7afa |
parent 0 | f9ffdbd96607 |
child 3 | c0c445d4a13e |
1:8f6143115bf5 | 2:a8a21e1c7afa |
---|---|
21 MA 02111-1307 USA |
21 MA 02111-1307 USA |
22 |
22 |
23 ************************************************************************/ |
23 ************************************************************************/ |
24 |
24 |
25 |
25 |
26 define('PUN_ROOT', './'); |
26 //define('PUN_ROOT', './'); |
27 require PUN_ROOT.'include/common.php'; |
27 //require PUN_ROOT.'include/common.php'; |
28 |
28 |
29 global $pun_db, $pun_user, $pun_config, $lang_common; |
|
30 |
|
31 $GLOBALS['id'] = 0; |
|
32 $id =& $GLOBALS['id']; |
|
29 |
33 |
30 $action = isset($_GET['action']) ? $_GET['action'] : null; |
34 $action = isset($_GET['action']) ? $_GET['action'] : null; |
31 $section = isset($_GET['section']) ? $_GET['section'] : null; |
35 $section = isset($_GET['section']) ? $_GET['section'] : null; |
32 $id = isset($_GET['id']) ? intval($_GET['id']) : 0; |
36 $id = isset($_GET['id']) ? intval($_GET['id']) : 0; |
33 if ($id < 2) |
37 if ($id < 2) |
34 message($lang_common['Bad request']); |
38 message($lang_common['Bad request']); |
35 |
39 |
36 if ($pun_user['g_read_board'] == '0' && ($action != 'change_pass' || !isset($_GET['key']))) |
40 if ($pun_user['g_read_board'] == '0' && ($action != 'change_pass' || !isset($_GET['key']))) |
37 message($lang_common['No view']); |
41 message($lang_common['No view']); |
38 |
42 |
43 $GLOBALS['lang_profile'] = array(); |
|
44 $lang_profile =& $GLOBALS['lang_profile']; |
|
45 |
|
39 // Load the profile.php/register.php language file |
46 // Load the profile.php/register.php language file |
40 require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php'; |
47 require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php'; |
41 |
48 |
42 // Load the profile.php language file |
49 // Load the profile.php language file |
43 require PUN_ROOT.'lang/'.$pun_user['language'].'/profile.php'; |
50 require PUN_ROOT.'lang/'.$pun_user['language'].'/profile.php'; |
54 exit; |
61 exit; |
55 } |
62 } |
56 |
63 |
57 $key = $_GET['key']; |
64 $key = $_GET['key']; |
58 |
65 |
59 $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error()); |
66 $result = $pun_db->query('SELECT activate_string, activate_key FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $pun_db->error()); |
60 list($new_password_hash, $new_password_key) = $db->fetch_row($result); |
67 list($new_password_hash, $new_password_key) = $pun_db->fetch_row($result); |
61 |
68 |
62 if ($key == '' || $key != $new_password_key) |
69 if ($key == '' || $key != $new_password_key) |
63 message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
70 message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
64 else |
71 else |
65 { |
72 { |
66 $db->query('UPDATE '.$db->prefix.'users SET password=\''.$new_password_hash.'\', activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); |
73 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET password=\''.$new_password_hash.'\', activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $pun_db->error()); |
67 |
74 |
68 message($lang_profile['Pass updated'], true); |
75 message($lang_profile['Pass updated'], true); |
69 } |
76 } |
70 } |
77 } |
71 |
78 |
72 // Make sure we are allowed to change this users password |
79 // Make sure we are allowed to change this users password |
73 if ($pun_user['id'] != $id) |
80 if ($pun_user['id'] != $id) |
74 { |
81 { |
75 if ($pun_user['g_id'] > PUN_MOD) // A regular user trying to change another users password? |
82 if ($pun_user['g_id'] < USER_LEVEL_MOD) // A regular user trying to change another users password? |
76 message($lang_common['No permission']); |
83 message($lang_common['No permission']); |
77 else if ($pun_user['g_id'] == PUN_MOD) // A moderator trying to change a users password? |
84 else if ($pun_user['g_id'] == USER_LEVEL_MOD) // A moderator trying to change a users password? |
78 { |
85 { |
79 $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
86 $result = $pun_db->query('SELECT group_id FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
80 if (!$db->num_rows($result)) |
87 if (!$pun_db->num_rows($result)) |
81 message($lang_common['Bad request']); |
88 message($lang_common['Bad request']); |
82 |
89 |
83 if ($pun_config['p_mod_edit_users'] == '0' || $pun_config['p_mod_change_passwords'] == '0' || $db->result($result) < PUN_GUEST) |
90 if ($pun_config['p_mod_edit_users'] == '0' || $pun_config['p_mod_change_passwords'] == '0' || $pun_db->result($result) < PUN_GUEST) |
84 message($lang_common['No permission']); |
91 message($lang_common['No permission']); |
85 } |
92 } |
86 } |
93 } |
87 |
94 |
88 if (isset($_POST['form_sent'])) |
95 if (isset($_POST['form_sent'])) |
94 if ($new_password1 != $new_password2) |
101 if ($new_password1 != $new_password2) |
95 message($lang_prof_reg['Pass not match']); |
102 message($lang_prof_reg['Pass not match']); |
96 if (strlen($new_password1) < 4) |
103 if (strlen($new_password1) < 4) |
97 message($lang_prof_reg['Pass too short']); |
104 message($lang_prof_reg['Pass too short']); |
98 |
105 |
99 $result = $db->query('SELECT password, save_pass FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch password', __FILE__, __LINE__, $db->error()); |
106 $result = $pun_db->query('SELECT password, save_pass FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch password', __FILE__, __LINE__, $pun_db->error()); |
100 list($db_password_hash, $save_pass) = $db->fetch_row($result); |
107 list($db_password_hash, $save_pass) = $pun_db->fetch_row($result); |
101 |
108 |
102 $authorized = false; |
109 $authorized = false; |
103 |
110 |
104 if (!empty($db_password_hash)) |
111 if (!empty($db_password_hash)) |
105 { |
112 { |
108 |
115 |
109 $old_password_hash = pun_hash($old_password); // This could result in either an SHA-1 or an MD5 hash |
116 $old_password_hash = pun_hash($old_password); // This could result in either an SHA-1 or an MD5 hash |
110 |
117 |
111 if (($sha1_in_db && $sha1_available && $db_password_hash == $old_password_hash) || |
118 if (($sha1_in_db && $sha1_available && $db_password_hash == $old_password_hash) || |
112 (!$sha1_in_db && $db_password_hash == md5($old_password)) || |
119 (!$sha1_in_db && $db_password_hash == md5($old_password)) || |
113 $pun_user['g_id'] < PUN_GUEST) |
120 $pun_user['g_id'] >= USER_LEVEL_MEMBER) |
114 $authorized = true; |
121 $authorized = true; |
115 } |
122 } |
116 |
123 |
117 if (!$authorized) |
124 if (!$authorized) |
118 message($lang_profile['Wrong pass']); |
125 message($lang_profile['Wrong pass']); |
119 |
126 |
120 $new_password_hash = pun_hash($new_password1); |
127 $new_password_hash = pun_hash($new_password1); |
121 |
128 |
122 $db->query('UPDATE '.$db->prefix.'users SET password=\''.$new_password_hash.'\' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); |
129 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET password=\''.$new_password_hash.'\' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $pun_db->error()); |
123 |
130 |
124 if ($pun_user['id'] == $id) |
131 if ($pun_user['id'] == $id) |
125 { |
132 { |
126 $expire = ($save_pass == '1') ? time() + 31536000 : 0; |
133 $expire = ($save_pass == '1') ? time() + 31536000 : 0; |
127 pun_setcookie($pun_user['id'], $new_password_hash, $expire); |
134 pun_setcookie($pun_user['id'], $new_password_hash, $expire); |
128 } |
135 } |
129 |
136 |
130 redirect('profile.php?section=essentials&id='.$id, $lang_profile['Pass updated redirect']); |
137 pun_redirect('profile.php?section=essentials&id='.$id, $lang_profile['Pass updated redirect']); |
131 } |
138 } |
132 |
139 |
133 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
140 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
134 $required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']); |
141 $required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']); |
135 $focus_element = array('change_pass', (($pun_user['g_id'] > PUN_MOD) ? 'req_old_password' : 'req_new_password1')); |
142 $focus_element = array('change_pass', (($pun_user['g_id'] < USER_LEVEL_MOD) ? 'req_old_password' : 'req_new_password1')); |
136 require PUN_ROOT.'header.php'; |
143 require PUN_ROOT.'header.php'; |
137 |
144 |
138 ?> |
145 ?> |
139 <div class="blockform"> |
146 <div class="blockform"> |
140 <h2><span><?php echo $lang_profile['Change pass'] ?></span></h2> |
147 <h2><span><?php echo $lang_profile['Change pass'] ?></span></h2> |
141 <div class="box"> |
148 <div class="box"> |
142 <form id="change_pass" method="post" action="profile.php?action=change_pass&id=<?php echo $id ?>" onsubmit="return process_form(this)"> |
149 <form id="change_pass" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'action=change_pass&id=' . $id . '', true); ?>" onsubmit="return process_form(this)"> |
143 <div class="inform"> |
150 <div class="inform"> |
144 <input type="hidden" name="form_sent" value="1" /> |
151 <input type="hidden" name="form_sent" value="1" /> |
145 <fieldset> |
152 <fieldset> |
146 <legend><?php echo $lang_profile['Change pass legend'] ?></legend> |
153 <legend><?php echo $lang_profile['Change pass legend'] ?></legend> |
147 <div class="infldset"> |
154 <div class="infldset"> |
148 <?php if ($pun_user['g_id'] > PUN_MOD): ?> <label><strong><?php echo $lang_profile['Old pass'] ?></strong><br /> |
155 <?php if ($pun_user['g_id'] < USER_LEVEL_MOD): ?> <label><strong><?php echo $lang_profile['Old pass'] ?></strong><br /> |
149 <input type="password" name="req_old_password" size="16" maxlength="16" /><br /></label> |
156 <input type="password" name="req_old_password" size="16" maxlength="16" /><br /></label> |
150 <?php endif; ?> <label class="conl"><strong><?php echo $lang_profile['New pass'] ?></strong><br /> |
157 <?php endif; ?> <label class="conl"><strong><?php echo $lang_profile['New pass'] ?></strong><br /> |
151 <input type="password" name="req_new_password1" size="16" maxlength="16" /><br /></label> |
158 <input type="password" name="req_new_password1" size="16" maxlength="16" /><br /></label> |
152 <label class="conl"><strong><?php echo $lang_profile['Confirm new pass'] ?></strong><br /> |
159 <label class="conl"><strong><?php echo $lang_profile['Confirm new pass'] ?></strong><br /> |
153 <input type="password" name="req_new_password2" size="16" maxlength="16" /><br /></label> |
160 <input type="password" name="req_new_password2" size="16" maxlength="16" /><br /></label> |
168 else if ($action == 'change_email') |
175 else if ($action == 'change_email') |
169 { |
176 { |
170 // Make sure we are allowed to change this users e-mail |
177 // Make sure we are allowed to change this users e-mail |
171 if ($pun_user['id'] != $id) |
178 if ($pun_user['id'] != $id) |
172 { |
179 { |
173 if ($pun_user['g_id'] > PUN_MOD) // A regular user trying to change another users e-mail? |
180 if ($pun_user['g_id'] < USER_LEVEL_MOD) // A regular user trying to change another users e-mail? |
174 message($lang_common['No permission']); |
181 message($lang_common['No permission']); |
175 else if ($pun_user['g_id'] == PUN_MOD) // A moderator trying to change a users e-mail? |
182 else if ($pun_user['g_id'] == USER_LEVEL_MOD) // A moderator trying to change a users e-mail? |
176 { |
183 { |
177 $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
184 $result = $pun_db->query('SELECT group_id FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
178 if (!$db->num_rows($result)) |
185 if (!$pun_db->num_rows($result)) |
179 message($lang_common['Bad request']); |
186 message($lang_common['Bad request']); |
180 |
187 |
181 if ($pun_config['p_mod_edit_users'] == '0' || $db->result($result) < PUN_GUEST) |
188 if ($pun_config['p_mod_edit_users'] == '0' || $pun_db->result($result) < PUN_GUEST) |
182 message($lang_common['No permission']); |
189 message($lang_common['No permission']); |
183 } |
190 } |
184 } |
191 } |
185 |
192 |
186 if (isset($_GET['key'])) |
193 if (isset($_GET['key'])) |
187 { |
194 { |
188 $key = $_GET['key']; |
195 $key = $_GET['key']; |
189 |
196 |
190 $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error()); |
197 $result = $pun_db->query('SELECT activate_string, activate_key FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $pun_db->error()); |
191 list($new_email, $new_email_key) = $db->fetch_row($result); |
198 list($new_email, $new_email_key) = $pun_db->fetch_row($result); |
192 |
199 |
193 if ($key == '' || $key != $new_email_key) |
200 if ($key == '' || $key != $new_email_key) |
194 message($lang_profile['E-mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
201 message($lang_profile['E-mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
195 else |
202 else |
196 { |
203 { |
197 $db->query('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $db->error()); |
204 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $pun_db->error()); |
198 |
205 |
199 message($lang_profile['E-mail updated'], true); |
206 message($lang_profile['E-mail updated'], true); |
200 } |
207 } |
201 } |
208 } |
202 else if (isset($_POST['form_sent'])) |
209 else if (isset($_POST['form_sent'])) |
224 pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); |
231 pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); |
225 } |
232 } |
226 } |
233 } |
227 |
234 |
228 // Check if someone else already has registered with that e-mail address |
235 // Check if someone else already has registered with that e-mail address |
229 $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($new_email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
236 $result = $pun_db->query('SELECT id, username FROM '.$pun_db->prefix.'users WHERE email=\''.$pun_db->escape($new_email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
230 if ($db->num_rows($result)) |
237 if ($pun_db->num_rows($result)) |
231 { |
238 { |
232 if ($pun_config['p_allow_dupe_email'] == '0') |
239 if ($pun_config['p_allow_dupe_email'] == '0') |
233 message($lang_prof_reg['Dupe e-mail']); |
240 message($lang_prof_reg['Dupe e-mail']); |
234 else if ($pun_config['o_mailing_list'] != '') |
241 else if ($pun_config['o_mailing_list'] != '') |
235 { |
242 { |
236 while ($cur_dupe = $db->fetch_assoc($result)) |
243 while ($cur_dupe = $pun_db->fetch_assoc($result)) |
237 $dupe_list[] = $cur_dupe['username']; |
244 $dupe_list[] = $cur_dupe['username']; |
238 |
245 |
239 $mail_subject = 'Alert - Duplicate e-mail detected'; |
246 $mail_subject = 'Alert - Duplicate e-mail detected'; |
240 $mail_message = 'User \''.$pun_user['username'].'\' changed to an e-mail address that also belongs to: '.implode(', ', $dupe_list)."\n\n".'User profile: '.$pun_config['o_base_url'].'/profile.php?id='.$id."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)'; |
247 $mail_message = 'User \''.$pun_user['username'].'\' changed to an e-mail address that also belongs to: '.implode(', ', $dupe_list)."\n\n".'User profile: '.$pun_config['o_base_url'].'/profile.php?id='.$id."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)'; |
241 |
248 |
244 } |
251 } |
245 |
252 |
246 |
253 |
247 $new_email_key = random_pass(8); |
254 $new_email_key = random_pass(8); |
248 |
255 |
249 $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$db->escape($new_email).'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error()); |
256 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET activate_string=\''.$pun_db->escape($new_email).'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $pun_db->error()); |
250 |
257 |
251 // Load the "activate e-mail" template |
258 // Load the "activate e-mail" template |
252 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl')); |
259 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl')); |
253 |
260 |
254 // The first row contains the subject |
261 // The first row contains the subject |
273 |
280 |
274 ?> |
281 ?> |
275 <div class="blockform"> |
282 <div class="blockform"> |
276 <h2><span><?php echo $lang_profile['Change e-mail'] ?></span></h2> |
283 <h2><span><?php echo $lang_profile['Change e-mail'] ?></span></h2> |
277 <div class="box"> |
284 <div class="box"> |
278 <form id="change_email" method="post" action="profile.php?action=change_email&id=<?php echo $id ?>" id="change_email" onsubmit="return process_form(this)"> |
285 <form id="change_email" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'action=change_email&id=' . $id . '', true); ?>" id="change_email" onsubmit="return process_form(this)"> |
279 <div class="inform"> |
286 <div class="inform"> |
280 <fieldset> |
287 <fieldset> |
281 <legend><?php echo $lang_profile['E-mail legend'] ?></legend> |
288 <legend><?php echo $lang_profile['E-mail legend'] ?></legend> |
282 <div class="infldset"> |
289 <div class="infldset"> |
283 <input type="hidden" name="form_sent" value="1" /> |
290 <input type="hidden" name="form_sent" value="1" /> |
300 else if ($action == 'upload_avatar' || $action == 'upload_avatar2') |
307 else if ($action == 'upload_avatar' || $action == 'upload_avatar2') |
301 { |
308 { |
302 if ($pun_config['o_avatars'] == '0') |
309 if ($pun_config['o_avatars'] == '0') |
303 message($lang_profile['Avatars disabled']); |
310 message($lang_profile['Avatars disabled']); |
304 |
311 |
305 if ($pun_user['id'] != $id && $pun_user['g_id'] > PUN_MOD) |
312 if ($pun_user['id'] != $id && $pun_user['g_id'] < USER_LEVEL_MOD) |
306 message($lang_common['No permission']); |
313 message($lang_common['No permission']); |
307 |
314 |
308 if (isset($_POST['form_sent'])) |
315 if (isset($_POST['form_sent'])) |
309 { |
316 { |
310 if (!isset($_FILES['req_file'])) |
317 if (!isset($_FILES['req_file'])) |
387 } |
394 } |
388 else |
395 else |
389 message($lang_profile['Unknown failure']); |
396 message($lang_profile['Unknown failure']); |
390 |
397 |
391 // Enable use_avatar (seems sane since the user just uploaded an avatar) |
398 // Enable use_avatar (seems sane since the user just uploaded an avatar) |
392 $db->query('UPDATE '.$db->prefix.'users SET use_avatar=1 WHERE id='.$id) or error('Unable to update avatar state', __FILE__, __LINE__, $db->error()); |
399 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET use_avatar=1 WHERE id='.$id) or error('Unable to update avatar state', __FILE__, __LINE__, $pun_db->error()); |
393 |
400 |
394 redirect('profile.php?section=personality&id='.$id, $lang_profile['Avatar upload redirect']); |
401 pun_redirect('profile.php?section=personality&id='.$id, $lang_profile['Avatar upload redirect']); |
395 } |
402 } |
396 |
403 |
397 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
404 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
398 $required_fields = array('req_file' => $lang_profile['File']); |
405 $required_fields = array('req_file' => $lang_profile['File']); |
399 $focus_element = array('upload_avatar', 'req_file'); |
406 $focus_element = array('upload_avatar', 'req_file'); |
401 |
408 |
402 ?> |
409 ?> |
403 <div class="blockform"> |
410 <div class="blockform"> |
404 <h2><span><?php echo $lang_profile['Upload avatar'] ?></span></h2> |
411 <h2><span><?php echo $lang_profile['Upload avatar'] ?></span></h2> |
405 <div class="box"> |
412 <div class="box"> |
406 <form id="upload_avatar" method="post" enctype="multipart/form-data" action="profile.php?action=upload_avatar2&id=<?php echo $id ?>" onsubmit="return process_form(this)"> |
413 <form id="upload_avatar" method="post" enctype="multipart/form-data" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'action=upload_avatar2&id=' . $id . '', true); ?>" onsubmit="return process_form(this)"> |
407 <div class="inform"> |
414 <div class="inform"> |
408 <fieldset> |
415 <fieldset> |
409 <legend><?php echo $lang_profile['Upload avatar legend'] ?></legend> |
416 <legend><?php echo $lang_profile['Upload avatar legend'] ?></legend> |
410 <div class="infldset"> |
417 <div class="infldset"> |
411 <input type="hidden" name="form_sent" value="1" /> |
418 <input type="hidden" name="form_sent" value="1" /> |
425 } |
432 } |
426 |
433 |
427 |
434 |
428 else if ($action == 'delete_avatar') |
435 else if ($action == 'delete_avatar') |
429 { |
436 { |
430 if ($pun_user['id'] != $id && $pun_user['g_id'] > PUN_MOD) |
437 if ($pun_user['id'] != $id && $pun_user['g_id'] < USER_LEVEL_MOD) |
431 message($lang_common['No permission']); |
438 message($lang_common['No permission']); |
432 |
439 |
433 confirm_referrer('profile.php'); |
440 confirm_referrer('profile.php'); |
434 |
441 |
435 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.jpg'); |
442 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.jpg'); |
436 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.png'); |
443 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.png'); |
437 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.gif'); |
444 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.gif'); |
438 |
445 |
439 // Disable use_avatar |
446 // Disable use_avatar |
440 $db->query('UPDATE '.$db->prefix.'users SET use_avatar=0 WHERE id='.$id) or error('Unable to update avatar state', __FILE__, __LINE__, $db->error()); |
447 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET use_avatar=0 WHERE id='.$id) or error('Unable to update avatar state', __FILE__, __LINE__, $pun_db->error()); |
441 |
448 |
442 redirect('profile.php?section=personality&id='.$id, $lang_profile['Avatar deleted redirect']); |
449 pun_redirect('profile.php?section=personality&id='.$id, $lang_profile['Avatar deleted redirect']); |
443 } |
450 } |
444 |
451 |
445 |
452 |
446 else if (isset($_POST['update_group_membership'])) |
453 else if (isset($_POST['update_group_membership'])) |
447 { |
454 { |
448 if ($pun_user['g_id'] > PUN_ADMIN) |
455 if ($pun_user['g_id'] < USER_LEVEL_ADMIN) |
449 message($lang_common['No permission']); |
456 message($lang_common['No permission']); |
450 |
457 |
451 confirm_referrer('profile.php'); |
458 confirm_referrer('profile.php'); |
452 |
459 |
453 $new_group_id = intval($_POST['group_id']); |
460 $new_group_id = intval($_POST['group_id']); |
454 |
461 |
455 $db->query('UPDATE '.$db->prefix.'users SET group_id='.$new_group_id.' WHERE id='.$id) or error('Unable to change user group', __FILE__, __LINE__, $db->error()); |
462 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET group_id='.$new_group_id.' WHERE id='.$id) or error('Unable to change user group', __FILE__, __LINE__, $pun_db->error()); |
456 |
463 |
457 // If the user was a moderator or an administrator, we remove him/her from the moderator list in all forums as well |
464 // If the user was a moderator or an administrator, we remove him/her from the moderator list in all forums as well |
458 if ($new_group_id > PUN_MOD) |
465 if ($new_group_id > PUN_MOD) |
459 { |
466 { |
460 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); |
467 $result = $pun_db->query('SELECT id, moderators FROM '.$pun_db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $pun_db->error()); |
461 |
468 |
462 while ($cur_forum = $db->fetch_assoc($result)) |
469 while ($cur_forum = $pun_db->fetch_assoc($result)) |
463 { |
470 { |
464 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
471 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
465 |
472 |
466 if (in_array($id, $cur_moderators)) |
473 if (in_array($id, $cur_moderators)) |
467 { |
474 { |
468 $username = array_search($id, $cur_moderators); |
475 $username = array_search($id, $cur_moderators); |
469 unset($cur_moderators[$username]); |
476 unset($cur_moderators[$username]); |
470 $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL'; |
477 $cur_moderators = (!empty($cur_moderators)) ? '\''.$pun_db->escape(serialize($cur_moderators)).'\'' : 'NULL'; |
471 |
478 |
472 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
479 $pun_db->query('UPDATE '.$pun_db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $pun_db->error()); |
473 } |
480 } |
474 } |
481 } |
475 } |
482 } |
476 |
483 |
477 redirect('profile.php?section=admin&id='.$id, $lang_profile['Group membership redirect']); |
484 pun_redirect('profile.php?section=admin&id='.$id, $lang_profile['Group membership redirect']); |
478 } |
485 } |
479 |
486 |
480 |
487 |
481 else if (isset($_POST['update_forums'])) |
488 else if (isset($_POST['update_forums'])) |
482 { |
489 { |
483 if ($pun_user['g_id'] > PUN_ADMIN) |
490 if ($pun_user['g_id'] < USER_LEVEL_ADMIN) |
484 message($lang_common['No permission']); |
491 message($lang_common['No permission']); |
485 |
492 |
486 confirm_referrer('profile.php'); |
493 confirm_referrer('profile.php'); |
487 |
494 |
488 // Get the username of the user we are processing |
495 // Get the username of the user we are processing |
489 $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
496 $result = $pun_db->query('SELECT eu.username FROM '.$pun_db->prefix.'users AS u LEFT JOIN '.table_prefix.'users AS eu ON eu.user_id=u.id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
490 $username = $db->result($result); |
497 $username = $pun_db->result($result); |
491 |
498 |
492 $moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array(); |
499 $moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array(); |
493 |
500 |
494 // Loop through all forums |
501 // Loop through all forums |
495 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); |
502 $result = $pun_db->query('SELECT id, moderators FROM '.$pun_db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $pun_db->error()); |
496 |
503 |
497 while ($cur_forum = $db->fetch_assoc($result)) |
504 while ($cur_forum = $pun_db->fetch_assoc($result)) |
498 { |
505 { |
499 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
506 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
500 // If the user should have moderator access (and he/she doesn't already have it) |
507 // If the user should have moderator access (and he/she doesn't already have it) |
501 if (in_array($cur_forum['id'], $moderator_in) && !in_array($id, $cur_moderators)) |
508 if (in_array($cur_forum['id'], $moderator_in) && !in_array($id, $cur_moderators)) |
502 { |
509 { |
503 $cur_moderators[$username] = $id; |
510 $cur_moderators[$username] = $id; |
504 ksort($cur_moderators); |
511 ksort($cur_moderators); |
505 |
512 |
506 $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
513 $pun_db->query('UPDATE '.$pun_db->prefix.'forums SET moderators=\''.$pun_db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $pun_db->error()); |
507 } |
514 } |
508 // If the user shouldn't have moderator access (and he/she already has it) |
515 // If the user shouldn't have moderator access (and he/she already has it) |
509 else if (!in_array($cur_forum['id'], $moderator_in) && in_array($id, $cur_moderators)) |
516 else if (!in_array($cur_forum['id'], $moderator_in) && in_array($id, $cur_moderators)) |
510 { |
517 { |
511 unset($cur_moderators[$username]); |
518 unset($cur_moderators[$username]); |
512 $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL'; |
519 $cur_moderators = (!empty($cur_moderators)) ? '\''.$pun_db->escape(serialize($cur_moderators)).'\'' : 'NULL'; |
513 |
520 |
514 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
521 $pun_db->query('UPDATE '.$pun_db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $pun_db->error()); |
515 } |
522 } |
516 } |
523 } |
517 |
524 |
518 redirect('profile.php?section=admin&id='.$id, $lang_profile['Update forums redirect']); |
525 pun_redirect('profile.php?section=admin&id='.$id, $lang_profile['Update forums redirect']); |
519 } |
526 } |
520 |
527 |
521 |
528 |
522 else if (isset($_POST['ban'])) |
529 else if (isset($_POST['ban'])) |
523 { |
530 { |
524 if ($pun_user['g_id'] > PUN_MOD || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '0')) |
531 if ($pun_user['g_id'] < USER_LEVEL_MOD || ($pun_user['g_id'] == USER_LEVEL_MOD && $pun_config['p_mod_ban_users'] == '0')) |
525 message($lang_common['No permission']); |
532 message($lang_common['No permission']); |
526 |
533 |
527 redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']); |
534 pun_redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']); |
528 } |
535 } |
529 |
536 |
530 |
537 |
531 else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply'])) |
538 else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply'])) |
532 { |
539 { |
533 if ($pun_user['g_id'] > PUN_ADMIN) |
540 if ($pun_user['g_id'] < USER_LEVEL_ADMIN) |
534 message($lang_common['No permission']); |
541 message($lang_common['No permission']); |
535 |
542 |
536 confirm_referrer('profile.php'); |
543 confirm_referrer('profile.php'); |
537 |
544 |
538 // Get the username and group of the user we are deleting |
545 // Get the username and group of the user we are deleting |
539 $result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
546 $result = $pun_db->query('SELECT group_id, username FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
540 list($group_id, $username) = $db->fetch_row($result); |
547 list($group_id, $username) = $pun_db->fetch_row($result); |
541 |
548 |
542 if ($group_id == PUN_ADMIN) |
549 if ($group_id == PUN_ADMIN) |
543 message('Administrators cannot be deleted. In order to delete this user, you must first move him/her to a different user group.'); |
550 message('Administrators cannot be deleted. In order to delete this user, you must first move him/her to a different user group.'); |
544 |
551 |
545 if (isset($_POST['delete_user_comply'])) |
552 if (isset($_POST['delete_user_comply'])) |
546 { |
553 { |
547 // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well |
554 // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well |
548 if ($group_id < PUN_GUEST) |
555 if ($group_id < PUN_GUEST) |
549 { |
556 { |
550 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); |
557 $result = $pun_db->query('SELECT id, moderators FROM '.$pun_db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $pun_db->error()); |
551 |
558 |
552 while ($cur_forum = $db->fetch_assoc($result)) |
559 while ($cur_forum = $pun_db->fetch_assoc($result)) |
553 { |
560 { |
554 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
561 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
555 |
562 |
556 if (in_array($id, $cur_moderators)) |
563 if (in_array($id, $cur_moderators)) |
557 { |
564 { |
558 unset($cur_moderators[$username]); |
565 unset($cur_moderators[$username]); |
559 $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL'; |
566 $cur_moderators = (!empty($cur_moderators)) ? '\''.$pun_db->escape(serialize($cur_moderators)).'\'' : 'NULL'; |
560 |
567 |
561 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
568 $pun_db->query('UPDATE '.$pun_db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $pun_db->error()); |
562 } |
569 } |
563 } |
570 } |
564 } |
571 } |
565 |
572 |
566 // Delete any subscriptions |
573 // Delete any subscriptions |
567 $db->query('DELETE FROM '.$db->prefix.'subscriptions WHERE user_id='.$id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error()); |
574 $pun_db->query('DELETE FROM '.$pun_db->prefix.'subscriptions WHERE user_id='.$id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $pun_db->error()); |
568 |
575 |
569 // Remove him/her from the online list (if they happen to be logged in) |
576 // Remove him/her from the online list (if they happen to be logged in) |
570 $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$id) or error('Unable to remove user from online list', __FILE__, __LINE__, $db->error()); |
577 $pun_db->query('DELETE FROM '.$pun_db->prefix.'online WHERE user_id='.$id) or error('Unable to remove user from online list', __FILE__, __LINE__, $pun_db->error()); |
571 |
578 |
572 // Should we delete all posts made by this user? |
579 // Should we delete all posts made by this user? |
573 if (isset($_POST['delete_posts'])) |
580 if (isset($_POST['delete_posts'])) |
574 { |
581 { |
575 require PUN_ROOT.'include/search_idx.php'; |
582 require PUN_ROOT.'include/search_idx.php'; |
576 @set_time_limit(0); |
583 @set_time_limit(0); |
577 |
584 |
578 // Find all posts made by this user |
585 // Find all posts made by this user |
579 $result = $db->query('SELECT p.id, p.topic_id, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id='.$id) or error('Unable to fetch posts', __FILE__, __LINE__, $db->error()); |
586 $result = $pun_db->query('SELECT p.id, p.topic_id, t.forum_id FROM '.$pun_db->prefix.'posts AS p INNER JOIN '.$pun_db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$pun_db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id='.$id) or error('Unable to fetch posts', __FILE__, __LINE__, $pun_db->error()); |
580 if ($db->num_rows($result)) |
587 if ($pun_db->num_rows($result)) |
581 { |
588 { |
582 while ($cur_post = $db->fetch_assoc($result)) |
589 while ($cur_post = $pun_db->fetch_assoc($result)) |
583 { |
590 { |
584 // Determine whether this post is the "topic post" or not |
591 // Determine whether this post is the "topic post" or not |
585 $result2 = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); |
592 $result2 = $pun_db->query('SELECT id FROM '.$pun_db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
586 |
593 |
587 if ($db->result($result2) == $cur_post['id']) |
594 if ($pun_db->result($result2) == $cur_post['id']) |
588 delete_topic($cur_post['topic_id']); |
595 delete_topic($cur_post['topic_id']); |
589 else |
596 else |
590 delete_post($cur_post['id'], $cur_post['topic_id']); |
597 delete_post($cur_post['id'], $cur_post['topic_id']); |
591 |
598 |
592 update_forum($cur_post['forum_id']); |
599 update_forum($cur_post['forum_id']); |
593 } |
600 } |
594 } |
601 } |
595 } |
602 } |
596 else |
603 else |
597 // Set all his/her posts to guest |
604 // Set all his/her posts to guest |
598 $db->query('UPDATE '.$db->prefix.'posts SET poster_id=1 WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error()); |
605 $pun_db->query('UPDATE '.$pun_db->prefix.'posts SET poster_id=1 WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $pun_db->error()); |
599 |
606 |
600 // Delete the user |
607 // Delete the user |
601 $db->query('DELETE FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to delete user', __FILE__, __LINE__, $db->error()); |
608 $pun_db->query('DELETE FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to delete user', __FILE__, __LINE__, $pun_db->error()); |
602 |
609 |
603 redirect('index.php', $lang_profile['User delete redirect']); |
610 pun_redirect('index.php', $lang_profile['User delete redirect']); |
604 } |
611 } |
605 |
612 |
606 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
613 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
607 require PUN_ROOT.'header.php'; |
614 require PUN_ROOT.'header.php'; |
608 |
615 |
609 ?> |
616 ?> |
610 <div class="blockform"> |
617 <div class="blockform"> |
611 <h2><span><?php echo $lang_profile['Confirm delete user'] ?></span></h2> |
618 <h2><span><?php echo $lang_profile['Confirm delete user'] ?></span></h2> |
612 <div class="box"> |
619 <div class="box"> |
613 <form id="confirm_del_user" method="post" action="profile.php?id=<?php echo $id ?>"> |
620 <form id="confirm_del_user" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'id=' . $id . '', true); ?>"> |
614 <div class="inform"> |
621 <div class="inform"> |
615 <fieldset> |
622 <fieldset> |
616 <legend><?php echo $lang_profile['Confirm delete legend'] ?></legend> |
623 <legend><?php echo $lang_profile['Confirm delete legend'] ?></legend> |
617 <div class="infldset"> |
624 <div class="infldset"> |
618 <p><?php echo $lang_profile['Confirmation info'].' '.pun_htmlspecialchars($username).'.' ?></p> |
625 <p><?php echo $lang_profile['Confirmation info'].' '.pun_htmlspecialchars($username).'.' ?></p> |
634 |
641 |
635 |
642 |
636 else if (isset($_POST['form_sent'])) |
643 else if (isset($_POST['form_sent'])) |
637 { |
644 { |
638 // Fetch the user group of the user we are editing |
645 // Fetch the user group of the user we are editing |
639 $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
646 $result = $pun_db->query('SELECT group_id FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
640 if (!$db->num_rows($result)) |
647 if (!$pun_db->num_rows($result)) |
641 message($lang_common['Bad request']); |
648 message($lang_common['Bad request']); |
642 |
649 |
643 $group_id = $db->result($result); |
650 $group_id = $pun_db->result($result); |
644 |
651 |
645 if ($pun_user['id'] != $id && |
652 if ($pun_user['id'] != $id && |
646 ($pun_user['g_id'] > PUN_MOD || |
653 ($pun_user['g_id'] < USER_LEVEL_MOD || |
647 ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_edit_users'] == '0') || |
654 ($pun_user['g_id'] == USER_LEVEL_MOD && $pun_config['p_mod_edit_users'] == '0') || |
648 ($pun_user['g_id'] == PUN_MOD && $group_id < PUN_GUEST))) |
655 ($pun_user['g_id'] == USER_LEVEL_MOD && $group_id < PUN_GUEST))) |
649 message($lang_common['No permission']); |
656 message($lang_common['No permission']); |
650 |
657 |
651 if ($pun_user['g_id'] < PUN_GUEST) |
658 if ($pun_user['g_id'] >= USER_LEVEL_MEMBER) |
652 confirm_referrer('profile.php'); |
659 confirm_referrer('profile.php'); |
653 |
660 |
654 // Extract allowed elements from $_POST['form'] |
661 // Extract allowed elements from $_POST['form'] |
655 function extract_elements($allowed_elements) |
662 function extract_elements($allowed_elements) |
656 { |
663 { |
672 { |
679 { |
673 case 'essentials': |
680 case 'essentials': |
674 { |
681 { |
675 $form = extract_elements(array('timezone', 'language')); |
682 $form = extract_elements(array('timezone', 'language')); |
676 |
683 |
677 if ($pun_user['g_id'] < PUN_GUEST) |
684 if ($pun_user['g_id'] >= USER_LEVEL_MEMBER) |
678 { |
685 { |
679 $form['admin_note'] = trim($_POST['admin_note']); |
686 $form['admin_note'] = trim($_POST['admin_note']); |
680 |
687 |
681 // Are we allowed to change usernames? |
688 // Are we allowed to change usernames? |
682 if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_rename_users'] == '1')) |
689 if ($pun_user['g_id'] == USER_LEVEL_ADMIN || ($pun_user['g_id'] == USER_LEVEL_MOD && $pun_config['p_mod_rename_users'] == '1')) |
683 { |
690 { |
684 $form['username'] = trim($_POST['req_username']); |
691 $form['username'] = trim($_POST['req_username']); |
685 $old_username = trim($_POST['old_username']); |
692 $old_username = trim($_POST['old_username']); |
686 |
693 |
687 if (strlen($form['username']) < 2) |
694 if (strlen($form['username']) < 2) |
694 message($lang_prof_reg['Username IP']); |
701 message($lang_prof_reg['Username IP']); |
695 else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $form['username'])) |
702 else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $form['username'])) |
696 message($lang_prof_reg['Username BBCode']); |
703 message($lang_prof_reg['Username BBCode']); |
697 |
704 |
698 // Check that the username is not already registered |
705 // Check that the username is not already registered |
699 $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE username=\''.$db->escape($form['username']).'\' AND id!='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
706 $result = $pun_db->query('SELECT 1 FROM '.$pun_db->prefix.'users WHERE username=\''.$pun_db->escape($form['username']).'\' AND id!='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
700 if ($db->num_rows($result)) |
707 if ($pun_db->num_rows($result)) |
701 message($lang_profile['Dupe username']); |
708 message($lang_profile['Dupe username']); |
702 |
709 |
703 if ($form['username'] != $old_username) |
710 if ($form['username'] != $old_username) |
704 $username_updated = true; |
711 $username_updated = true; |
705 } |
712 } |
706 |
713 |
707 // We only allow administrators to update the post count |
714 // We only allow administrators to update the post count |
708 if ($pun_user['g_id'] == PUN_ADMIN) |
715 if ($pun_user['g_id'] == USER_LEVEL_ADMIN) |
709 $form['num_posts'] = intval($_POST['num_posts']); |
716 $form['num_posts'] = intval($_POST['num_posts']); |
710 } |
717 } |
711 |
718 |
712 if ($pun_config['o_regs_verify'] == '0' || $pun_user['g_id'] < PUN_GUEST) |
719 /* |
720 // Don't update e-mail address in Enano |
|
721 if ($pun_config['o_regs_verify'] == '0' || $pun_user['g_id'] >= USER_LEVEL_MEMBER) |
|
713 { |
722 { |
714 require PUN_ROOT.'include/email.php'; |
723 require PUN_ROOT.'include/email.php'; |
715 |
724 |
716 // Validate the email-address |
725 // Validate the email-address |
717 $form['email'] = strtolower(trim($_POST['req_email'])); |
726 $form['email'] = strtolower(trim($_POST['req_email'])); |
718 if (!is_valid_email($form['email'])) |
727 if (!is_valid_email($form['email'])) |
719 message($lang_common['Invalid e-mail']); |
728 message($lang_common['Invalid e-mail']); |
720 } |
729 } |
730 */ |
|
721 |
731 |
722 // Make sure we got a valid language string |
732 // Make sure we got a valid language string |
723 if (isset($form['language'])) |
733 if (isset($form['language'])) |
724 { |
734 { |
725 $form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']); |
735 $form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']); |
732 |
742 |
733 case 'personal': |
743 case 'personal': |
734 { |
744 { |
735 $form = extract_elements(array('realname', 'url', 'location')); |
745 $form = extract_elements(array('realname', 'url', 'location')); |
736 |
746 |
737 if ($pun_user['g_id'] == PUN_ADMIN) |
747 if ($pun_user['g_id'] == USER_LEVEL_ADMIN) |
738 $form['title'] = trim($_POST['title']); |
748 $form['title'] = trim($_POST['title']); |
739 else if ($pun_user['g_set_title'] == '1') |
749 else if ($pun_user['g_set_title'] == '1') |
740 { |
750 { |
741 $form['title'] = trim($_POST['title']); |
751 $form['title'] = trim($_POST['title']); |
742 |
752 |
779 // Validate signature |
789 // Validate signature |
780 if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) |
790 if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) |
781 message($lang_prof_reg['Sig too long'].' '.$pun_config['p_sig_length'].' '.$lang_prof_reg['characters'].'.'); |
791 message($lang_prof_reg['Sig too long'].' '.$pun_config['p_sig_length'].' '.$lang_prof_reg['characters'].'.'); |
782 else if (substr_count($form['signature'], "\n") > ($pun_config['p_sig_lines']-1)) |
792 else if (substr_count($form['signature'], "\n") > ($pun_config['p_sig_lines']-1)) |
783 message($lang_prof_reg['Sig too many lines'].' '.$pun_config['p_sig_lines'].' '.$lang_prof_reg['lines'].'.'); |
793 message($lang_prof_reg['Sig too many lines'].' '.$pun_config['p_sig_lines'].' '.$lang_prof_reg['lines'].'.'); |
784 else if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && strtoupper($form['signature']) == $form['signature'] && $pun_user['g_id'] > PUN_MOD) |
794 else if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && strtoupper($form['signature']) == $form['signature'] && $pun_user['g_id'] < USER_LEVEL_MOD) |
785 $form['signature'] = ucwords(strtolower($form['signature'])); |
795 $form['signature'] = ucwords(strtolower($form['signature'])); |
786 |
796 |
787 // Validate BBCode syntax |
797 // Validate BBCode syntax |
788 if ($pun_config['p_sig_bbcode'] == '1' && strpos($form['signature'], '[') !== false && strpos($form['signature'], ']') !== false) |
798 if ($pun_config['p_sig_bbcode'] == '1' && strpos($form['signature'], '[') !== false && strpos($form['signature'], ']') !== false) |
789 { |
799 { |
825 if (!isset($form['notify_with_post']) || $form['notify_with_post'] != '1') $form['notify_with_post'] = '0'; |
835 if (!isset($form['notify_with_post']) || $form['notify_with_post'] != '1') $form['notify_with_post'] = '0'; |
826 |
836 |
827 // If the save_pass setting has changed, we need to set a new cookie with the appropriate expire date |
837 // If the save_pass setting has changed, we need to set a new cookie with the appropriate expire date |
828 if ($pun_user['id'] == $id && $form['save_pass'] != $pun_user['save_pass']) |
838 if ($pun_user['id'] == $id && $form['save_pass'] != $pun_user['save_pass']) |
829 { |
839 { |
830 $result = $db->query('SELECT password FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user password hash', __FILE__, __LINE__, $db->error()); |
840 $result = $pun_db->query('SELECT password FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch user password hash', __FILE__, __LINE__, $pun_db->error()); |
831 pun_setcookie($id, $db->result($result), ($form['save_pass'] == '1') ? time() + 31536000 : 0); |
841 pun_setcookie($id, $pun_db->result($result), ($form['save_pass'] == '1') ? time() + 31536000 : 0); |
832 } |
842 } |
833 |
843 |
834 break; |
844 break; |
835 } |
845 } |
836 |
846 |
841 |
851 |
842 // Singlequotes around non-empty values and NULL for empty values |
852 // Singlequotes around non-empty values and NULL for empty values |
843 $temp = array(); |
853 $temp = array(); |
844 while (list($key, $input) = @each($form)) |
854 while (list($key, $input) = @each($form)) |
845 { |
855 { |
846 $value = ($input !== '') ? '\''.$db->escape($input).'\'' : 'NULL'; |
856 $value = ($input !== '') ? '\''.$pun_db->escape($input).'\'' : 'NULL'; |
847 |
857 |
848 $temp[] = $key.'='.$value; |
858 $temp[] = $key.'='.$value; |
849 } |
859 } |
850 |
860 |
851 if (empty($temp)) |
861 if (empty($temp)) |
852 message($lang_common['Bad request']); |
862 message($lang_common['Bad request']); |
853 |
863 |
854 |
864 |
855 $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error()); |
865 $pun_db->query('UPDATE '.$pun_db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $pun_db->error()); |
856 |
866 |
857 // If we changed the username we have to update some stuff |
867 // If we changed the username we have to update some stuff |
858 if ($username_updated) |
868 if ($username_updated) |
859 { |
869 { |
860 $db->query('UPDATE '.$db->prefix.'posts SET poster=\''.$db->escape($form['username']).'\' WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error()); |
870 $pun_db->query('UPDATE '.$pun_db->prefix.'posts SET poster=\''.$pun_db->escape($form['username']).'\' WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $pun_db->error()); |
861 $db->query('UPDATE '.$db->prefix.'topics SET poster=\''.$db->escape($form['username']).'\' WHERE poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error()); |
871 $pun_db->query('UPDATE '.$pun_db->prefix.'topics SET poster=\''.$pun_db->escape($form['username']).'\' WHERE poster=\''.$pun_db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $pun_db->error()); |
862 $db->query('UPDATE '.$db->prefix.'topics SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error()); |
872 $pun_db->query('UPDATE '.$pun_db->prefix.'topics SET last_poster=\''.$pun_db->escape($form['username']).'\' WHERE last_poster=\''.$pun_db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $pun_db->error()); |
863 $db->query('UPDATE '.$db->prefix.'forums SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Unable to update forums', __FILE__, __LINE__, $db->error()); |
873 $pun_db->query('UPDATE '.$pun_db->prefix.'forums SET last_poster=\''.$pun_db->escape($form['username']).'\' WHERE last_poster=\''.$pun_db->escape($old_username).'\'') or error('Unable to update forums', __FILE__, __LINE__, $pun_db->error()); |
864 $db->query('UPDATE '.$db->prefix.'online SET ident=\''.$db->escape($form['username']).'\' WHERE ident=\''.$db->escape($old_username).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error()); |
874 $pun_db->query('UPDATE '.$pun_db->prefix.'online SET ident=\''.$pun_db->escape($form['username']).'\' WHERE ident=\''.$pun_db->escape($old_username).'\'') or error('Unable to update online list', __FILE__, __LINE__, $pun_db->error()); |
865 |
875 |
866 // If the user is a moderator or an administrator we have to update the moderator lists |
876 // If the user is a moderator or an administrator we have to update the moderator lists |
867 $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
877 $result = $pun_db->query('SELECT group_id FROM '.$pun_db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
868 $group_id = $db->result($result); |
878 $group_id = $pun_db->result($result); |
869 |
879 |
870 if ($group_id < PUN_GUEST) |
880 if ($group_id < PUN_GUEST) |
871 { |
881 { |
872 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); |
882 $result = $pun_db->query('SELECT id, moderators FROM '.$pun_db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $pun_db->error()); |
873 |
883 |
874 while ($cur_forum = $db->fetch_assoc($result)) |
884 while ($cur_forum = $pun_db->fetch_assoc($result)) |
875 { |
885 { |
876 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
886 $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); |
877 |
887 |
878 if (in_array($id, $cur_moderators)) |
888 if (in_array($id, $cur_moderators)) |
879 { |
889 { |
880 unset($cur_moderators[$old_username]); |
890 unset($cur_moderators[$old_username]); |
881 $cur_moderators[$form['username']] = $id; |
891 $cur_moderators[$form['username']] = $id; |
882 ksort($cur_moderators); |
892 ksort($cur_moderators); |
883 |
893 |
884 $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
894 $pun_db->query('UPDATE '.$pun_db->prefix.'forums SET moderators=\''.$pun_db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $pun_db->error()); |
885 } |
895 } |
886 } |
896 } |
887 } |
897 } |
888 } |
898 } |
889 |
899 |
890 redirect('profile.php?section='.$section.'&id='.$id, $lang_profile['Profile redirect']); |
900 pun_redirect('profile.php?section='.$section.'&id='.$id, $lang_profile['Profile redirect']); |
891 } |
901 } |
892 |
902 |
893 |
903 |
894 $result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.use_avatar, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.save_pass, u.notify_with_post, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
904 $result = $pun_db->query('SELECT eu.username, eu.email, u.title, eu.real_name AS realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.use_avatar, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.save_pass, u.notify_with_post, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, g.g_id, g.g_user_title FROM '.$pun_db->prefix.'users AS u LEFT JOIN '.table_prefix.'users AS eu ON eu.user_id=u.id LEFT JOIN '.$pun_db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
895 if (!$db->num_rows($result)) |
905 if (!$pun_db->num_rows($result)) |
896 message($lang_common['Bad request']); |
906 message($lang_common['Bad request']); |
897 |
907 |
898 $user = $db->fetch_assoc($result); |
908 $user = $pun_db->fetch_assoc($result); |
899 |
909 |
900 $last_post = format_time($user['last_post']); |
910 $last_post = format_time($user['last_post']); |
901 |
911 |
902 if ($user['signature'] != '') |
912 if ($user['signature'] != '') |
903 { |
913 { |
906 } |
916 } |
907 |
917 |
908 |
918 |
909 // View or edit? |
919 // View or edit? |
910 if ($pun_user['id'] != $id && |
920 if ($pun_user['id'] != $id && |
911 ($pun_user['g_id'] > PUN_MOD || |
921 ($pun_user['g_id'] > USER_LEVEL_MOD || |
912 ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_edit_users'] == '0') || |
922 ($pun_user['g_id'] == USER_LEVEL_MOD && $pun_config['p_mod_edit_users'] == '0') || |
913 ($pun_user['g_id'] == PUN_MOD && $user['g_id'] < PUN_GUEST))) |
923 ($pun_user['g_id'] == USER_LEVEL_MOD && $user['g_id'] < PUN_GUEST))) |
914 { |
924 { |
915 if ($user['email_setting'] == '0' && !$pun_user['is_guest']) |
925 if ($user['email_setting'] == '0' && !$pun_user['is_guest']) |
916 $email_field = '<a href="mailto:'.$user['email'].'">'.$user['email'].'</a>'; |
926 $email_field = '<a href="mailto:'.$user['email'].'">'.$user['email'].'</a>'; |
917 else if ($user['email_setting'] == '1' && !$pun_user['is_guest']) |
927 else if ($user['email_setting'] == '1' && !$pun_user['is_guest']) |
918 $email_field = '<a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a>'; |
928 $email_field = '<a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a>'; |
949 else |
959 else |
950 $avatar_field = $lang_profile['No avatar']; |
960 $avatar_field = $lang_profile['No avatar']; |
951 } |
961 } |
952 |
962 |
953 $posts_field = ''; |
963 $posts_field = ''; |
954 if ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST) |
964 if ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] >= USER_LEVEL_MEMBER) |
955 $posts_field = $user['num_posts']; |
965 $posts_field = $user['num_posts']; |
956 if ($pun_user['g_search'] == '1') |
966 if ($pun_user['g_search'] == '1') |
957 $posts_field .= (($posts_field != '') ? ' - ' : '').'<a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a>'; |
967 $posts_field .= (($posts_field != '') ? ' - ' : '').'<a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a>'; |
958 |
968 |
959 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
969 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
1047 } |
1057 } |
1048 else |
1058 else |
1049 { |
1059 { |
1050 if (!$section || $section == 'essentials') |
1060 if (!$section || $section == 'essentials') |
1051 { |
1061 { |
1052 if ($pun_user['g_id'] < PUN_GUEST) |
1062 if ($pun_user['g_id'] >= USER_LEVEL_MEMBER) |
1053 { |
1063 { |
1054 if ($pun_user['g_id'] == PUN_ADMIN || $pun_config['p_mod_rename_users'] == '1') |
1064 if ($pun_user['g_id'] == USER_LEVEL_ADMIN || $pun_config['p_mod_rename_users'] == '1') |
1055 $username_field = '<input type="hidden" name="old_username" value="'.pun_htmlspecialchars($user['username']).'" /><label><strong>'.$lang_common['Username'].'</strong><br /><input type="text" name="req_username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25" /><br /></label>'."\n"; |
1065 $username_field = '<input type="hidden" name="old_username" value="'.pun_htmlspecialchars($user['username']).'" /><label><strong>'.$lang_common['Username'].'</strong><br /><input type="text" name="req_username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25" /><br /></label>'."\n"; |
1056 else |
1066 else |
1057 $username_field = '<p>'.$lang_common['Username'].': '.pun_htmlspecialchars($user['username']).'</p>'."\n"; |
1067 $username_field = '<p>'.$lang_common['Username'].': '.pun_htmlspecialchars($user['username']).'</p>'."\n"; |
1058 |
1068 |
1059 $email_field = '<label><strong>'.$lang_common['E-mail'].'</strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50" /><br /></label><p><a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a></p>'."\n"; |
1069 $email_field = '<label><strong>'.$lang_common['E-mail'].'</strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50" /><br /></label><p><a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a></p>'."\n"; |
1066 $email_field = '<p>'.$lang_common['E-mail'].': '.$user['email'].' - <a href="profile.php?action=change_email&id='.$id.'">'.$lang_profile['Change e-mail'].'</a></p>'."\n"; |
1076 $email_field = '<p>'.$lang_common['E-mail'].': '.$user['email'].' - <a href="profile.php?action=change_email&id='.$id.'">'.$lang_profile['Change e-mail'].'</a></p>'."\n"; |
1067 else |
1077 else |
1068 $email_field = '<label><strong>'.$lang_common['E-mail'].'</strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50" /><br /></label>'."\n"; |
1078 $email_field = '<label><strong>'.$lang_common['E-mail'].'</strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50" /><br /></label>'."\n"; |
1069 } |
1079 } |
1070 |
1080 |
1071 if ($pun_user['g_id'] == PUN_ADMIN) |
1081 if ($pun_user['g_id'] == USER_LEVEL_ADMIN) |
1082 { |
|
1072 $posts_field = '<label>'.$lang_common['Posts'].'<br /><input type="text" name="num_posts" value="'.$user['num_posts'].'" size="8" maxlength="8" /><br /></label><p><a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; |
1083 $posts_field = '<label>'.$lang_common['Posts'].'<br /><input type="text" name="num_posts" value="'.$user['num_posts'].'" size="8" maxlength="8" /><br /></label><p><a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; |
1073 else if ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST) |
1084 } |
1085 else if ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] >= USER_LEVEL_MEMBER) |
|
1086 { |
|
1074 $posts_field = '<p>'.$lang_common['Posts'].': '.$user['num_posts'].' - <a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; |
1087 $posts_field = '<p>'.$lang_common['Posts'].': '.$user['num_posts'].' - <a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; |
1088 } |
|
1075 else |
1089 else |
1090 { |
|
1076 $posts_field = '<p><a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; |
1091 $posts_field = '<p><a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; |
1092 } |
|
1077 |
1093 |
1078 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
1094 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
1079 $required_fields = array('req_username' => $lang_common['Username'], 'req_email' => $lang_common['E-mail']); |
1095 $required_fields = array('req_username' => $lang_common['Username'], 'req_email' => $lang_common['E-mail']); |
1080 require PUN_ROOT.'header.php'; |
1096 require PUN_ROOT.'header.php'; |
1081 |
1097 |
1083 |
1099 |
1084 ?> |
1100 ?> |
1085 <div class="blockform"> |
1101 <div class="blockform"> |
1086 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section essentials'] ?></span></h2> |
1102 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section essentials'] ?></span></h2> |
1087 <div class="box"> |
1103 <div class="box"> |
1088 <form id="profile1" method="post" action="profile.php?section=essentials&id=<?php echo $id ?>" onsubmit="return process_form(this)"> |
1104 <form id="profile1" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'section=essentials&id=' . $id . '', true); ?>" onsubmit="return process_form(this)"> |
1089 <div class="inform"> |
1105 <div class="inform"> |
1090 <fieldset> |
1106 <fieldset> |
1091 <legend><?php echo $lang_profile['Username and pass legend'] ?></legend> |
1107 <legend><?php echo $lang_profile['Username and pass legend'] ?></legend> |
1092 <div class="infldset"> |
1108 <div class="infldset"> |
1093 <input type="hidden" name="form_sent" value="1" /> |
1109 <input type="hidden" name="form_sent" value="1" /> |
1094 <?php echo $username_field ?> |
1110 <?php echo $username_field ?> |
1095 <?php if ($pun_user['id'] == $id || $pun_user['g_id'] == PUN_ADMIN || ($user['g_id'] > PUN_MOD && $pun_config['p_mod_change_passwords'] == '1')): ?><p><a href="profile.php?action=change_pass&id=<?php echo $id ?>"><?php echo $lang_profile['Change pass'] ?></a></p> |
1111 <?php if ($pun_user['id'] == $id || $pun_user['g_id'] == USER_LEVEL_ADMIN || ($user['g_id'] > PUN_MOD && $pun_config['p_mod_change_passwords'] == '1')): ?><p><a href="profile.php?action=change_pass&id=<?php echo $id ?>"><?php echo $lang_profile['Change pass'] ?></a></p> |
1096 <?php endif; ?> </div> |
1112 <?php endif; ?> </div> |
1097 </fieldset> |
|
1098 </div> |
|
1099 <div class="inform"> |
|
1100 <fieldset> |
|
1101 <legend><?php echo $lang_prof_reg['E-mail legend'] ?></legend> |
|
1102 <div class="infldset"> |
|
1103 <?php echo $email_field ?> |
|
1104 </div> |
|
1105 </fieldset> |
1113 </fieldset> |
1106 </div> |
1114 </div> |
1107 <div class="inform"> |
1115 <div class="inform"> |
1108 <fieldset> |
1116 <fieldset> |
1109 <legend><?php echo $lang_prof_reg['Localisation legend'] ?></legend> |
1117 <legend><?php echo $lang_prof_reg['Localisation legend'] ?></legend> |
1191 </div> |
1199 </div> |
1192 <div class="inform"> |
1200 <div class="inform"> |
1193 <fieldset> |
1201 <fieldset> |
1194 <legend><?php echo $lang_profile['User activity'] ?></legend> |
1202 <legend><?php echo $lang_profile['User activity'] ?></legend> |
1195 <div class="infldset"> |
1203 <div class="infldset"> |
1196 <p><?php echo $lang_common['Registered'] ?>: <?php echo format_time($user['registered'], true); if ($pun_user['g_id'] < PUN_GUEST) echo ' (<a href="moderate.php?get_host='.pun_htmlspecialchars($user['registration_ip']).'">'.pun_htmlspecialchars($user['registration_ip']).'</a>)'; ?></p> |
1204 <p><?php echo $lang_common['Registered'] ?>: <?php echo format_time($user['registered'], true); if ($pun_user['g_id'] >= USER_LEVEL_MEMBER) echo ' (<a href="moderate.php?get_host='.pun_htmlspecialchars($user['registration_ip']).'">'.pun_htmlspecialchars($user['registration_ip']).'</a>)'; ?></p> |
1197 <p><?php echo $lang_common['Last post'] ?>: <?php echo $last_post ?></p> |
1205 <p><?php echo $lang_common['Last post'] ?>: <?php echo $last_post ?></p> |
1198 <?php echo $posts_field ?> |
1206 <?php echo $posts_field ?> |
1199 <?php if ($pun_user['g_id'] < PUN_GUEST): ?> <label><?php echo $lang_profile['Admin note'] ?><br /> |
1207 <?php if ($pun_user['g_id'] >= USER_LEVEL_MEMBER): ?> <label><?php echo $lang_profile['Admin note'] ?><br /> |
1200 <input id="admin_note" type="text" name="admin_note" value="<?php echo pun_htmlspecialchars($user['admin_note']) ?>" size="30" maxlength="30" /><br /></label> |
1208 <input id="admin_note" type="text" name="admin_note" value="<?php echo pun_htmlspecialchars($user['admin_note']) ?>" size="30" maxlength="30" /><br /></label> |
1201 </div> |
1209 </div> |
1202 <?php endif; ?> </fieldset> |
1210 <?php endif; ?> </fieldset> |
1203 </div> |
1211 </div> |
1204 <p><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p> |
1212 <p><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p> |
1220 |
1228 |
1221 ?> |
1229 ?> |
1222 <div class="blockform"> |
1230 <div class="blockform"> |
1223 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section personal'] ?></span></h2> |
1231 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section personal'] ?></span></h2> |
1224 <div class="box"> |
1232 <div class="box"> |
1225 <form id="profile2" method="post" action="profile.php?section=personal&id=<?php echo $id ?>"> |
1233 <form id="profile2" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'section=personal&id=' . $id . '', true); ?>"> |
1226 <div class="inform"> |
1234 <div class="inform"> |
1227 <fieldset> |
1235 <fieldset> |
1228 <legend><?php echo $lang_profile['Personal details legend'] ?></legend> |
1236 <legend><?php echo $lang_profile['Personal details legend'] ?></legend> |
1229 <div class="infldset"> |
1237 <div class="infldset"> |
1230 <input type="hidden" name="form_sent" value="1" /> |
1238 <input type="hidden" name="form_sent" value="1" /> |
1252 |
1260 |
1253 ?> |
1261 ?> |
1254 <div class="blockform"> |
1262 <div class="blockform"> |
1255 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section messaging'] ?></span></h2> |
1263 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section messaging'] ?></span></h2> |
1256 <div class="box"> |
1264 <div class="box"> |
1257 <form id="profile3" method="post" action="profile.php?section=messaging&id=<?php echo $id ?>"> |
1265 <form id="profile3" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'section=messaging&id=' . $id . '', true); ?>"> |
1258 <div class="inform"> |
1266 <div class="inform"> |
1259 <fieldset> |
1267 <fieldset> |
1260 <legend><?php echo $lang_profile['Contact details legend'] ?></legend> |
1268 <legend><?php echo $lang_profile['Contact details legend'] ?></legend> |
1261 <div class="infldset"> |
1269 <div class="infldset"> |
1262 <input type="hidden" name="form_sent" value="1" /> |
1270 <input type="hidden" name="form_sent" value="1" /> |
1304 |
1312 |
1305 ?> |
1313 ?> |
1306 <div class="blockform"> |
1314 <div class="blockform"> |
1307 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section personality'] ?></span></h2> |
1315 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section personality'] ?></span></h2> |
1308 <div class="box"> |
1316 <div class="box"> |
1309 <form id="profile4" method="post" action="profile.php?section=personality&id=<?php echo $id ?>"> |
1317 <form id="profile4" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'section=personality&id=' . $id . '', true); ?>"> |
1310 <div><input type="hidden" name="form_sent" value="1" /></div> |
1318 <div><input type="hidden" name="form_sent" value="1" /></div> |
1311 <?php if ($pun_config['o_avatars'] == '1'): ?> <div class="inform"> |
1319 <?php if ($pun_config['o_avatars'] == '1'): ?> <div class="inform"> |
1312 <fieldset id="profileavatar"> |
1320 <fieldset id="profileavatar"> |
1313 <legend><?php echo $lang_profile['Avatar legend'] ?></legend> |
1321 <legend><?php echo $lang_profile['Avatar legend'] ?></legend> |
1314 <div class="infldset"> |
1322 <div class="infldset"> |
1355 |
1363 |
1356 ?> |
1364 ?> |
1357 <div class="blockform"> |
1365 <div class="blockform"> |
1358 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section display'] ?></span></h2> |
1366 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section display'] ?></span></h2> |
1359 <div class="box"> |
1367 <div class="box"> |
1360 <form id="profile5" method="post" action="profile.php?section=display&id=<?php echo $id ?>"> |
1368 <form id="profile5" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'section=display&id=' . $id . '', true); ?>"> |
1361 <div><input type="hidden" name="form_sent" value="1" /></div> |
1369 <div><input type="hidden" name="form_sent" value="1" /></div> |
1362 <?php |
1370 <?php |
1363 |
1371 |
1364 $styles = array(); |
1372 $styles = array(); |
1365 $d = dir(PUN_ROOT.'style'); |
1373 $d = dir(PUN_ROOT.'style'); |
1447 |
1455 |
1448 ?> |
1456 ?> |
1449 <div class="blockform"> |
1457 <div class="blockform"> |
1450 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section privacy'] ?></span></h2> |
1458 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section privacy'] ?></span></h2> |
1451 <div class="box"> |
1459 <div class="box"> |
1452 <form id="profile6" method="post" action="profile.php?section=privacy&id=<?php echo $id ?>"> |
1460 <form id="profile6" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'section=privacy&id=' . $id . '', true); ?>"> |
1453 <div class="inform"> |
1461 <div class="inform"> |
1454 <fieldset> |
1462 <fieldset> |
1455 <legend><?php echo $lang_prof_reg['Privacy options legend'] ?></legend> |
1463 <legend><?php echo $lang_prof_reg['Privacy options legend'] ?></legend> |
1456 <div class="infldset"> |
1464 <div class="infldset"> |
1457 <input type="hidden" name="form_sent" value="1" /> |
1465 <input type="hidden" name="form_sent" value="1" /> |
1479 <?php |
1487 <?php |
1480 |
1488 |
1481 } |
1489 } |
1482 else if ($section == 'admin') |
1490 else if ($section == 'admin') |
1483 { |
1491 { |
1484 if ($pun_user['g_id'] > PUN_MOD || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '0')) |
1492 if ($pun_user['g_id'] < USER_LEVEL_MOD || ($pun_user['g_id'] == USER_LEVEL_MOD && $pun_config['p_mod_ban_users'] == '0')) |
1485 message($lang_common['Bad request']); |
1493 message($lang_common['Bad request']); |
1486 |
1494 |
1487 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
1495 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
1488 require PUN_ROOT.'header.php'; |
1496 require PUN_ROOT.'header.php'; |
1489 |
1497 |
1491 |
1499 |
1492 ?> |
1500 ?> |
1493 <div class="blockform"> |
1501 <div class="blockform"> |
1494 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section admin'] ?></span></h2> |
1502 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section admin'] ?></span></h2> |
1495 <div class="box"> |
1503 <div class="box"> |
1496 <form id="profile7" method="post" action="profile.php?section=admin&id=<?php echo $id ?>&action=foo"> |
1504 <form id="profile7" method="post" action="<?php echo makeUrlNS('Special', 'Forum/Profile', 'section=admin&id=' . $id . '&action=foo', true); ?>"> |
1497 <div class="inform"> |
1505 <div class="inform"> |
1498 <input type="hidden" name="form_sent" value="1" /> |
1506 <input type="hidden" name="form_sent" value="1" /> |
1499 <fieldset> |
1507 <fieldset> |
1500 <?php |
1508 <?php |
1501 |
1509 |
1502 if ($pun_user['g_id'] == PUN_MOD) |
1510 if ($pun_user['g_id'] == USER_LEVEL_MOD) |
1503 { |
1511 { |
1504 |
1512 |
1505 ?> |
1513 ?> |
1506 <legend><?php echo $lang_profile['Delete ban legend'] ?></legend> |
1514 <legend><?php echo $lang_profile['Delete ban legend'] ?></legend> |
1507 <div class="infldset"> |
1515 <div class="infldset"> |
1521 <legend><?php echo $lang_profile['Group membership legend'] ?></legend> |
1529 <legend><?php echo $lang_profile['Group membership legend'] ?></legend> |
1522 <div class="infldset"> |
1530 <div class="infldset"> |
1523 <select id="group_id" name="group_id"> |
1531 <select id="group_id" name="group_id"> |
1524 <?php |
1532 <?php |
1525 |
1533 |
1526 $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); |
1534 $result = $pun_db->query('SELECT g_id, g_title FROM '.$pun_db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $pun_db->error()); |
1527 |
1535 |
1528 while ($cur_group = $db->fetch_assoc($result)) |
1536 while ($cur_group = $pun_db->fetch_assoc($result)) |
1529 { |
1537 { |
1530 if ($cur_group['g_id'] == $user['g_id'] || ($cur_group['g_id'] == $pun_config['o_default_user_group'] && $user['g_id'] == '')) |
1538 if ($cur_group['g_id'] == $user['g_id'] || ($cur_group['g_id'] == $pun_config['o_default_user_group'] && $user['g_id'] == '')) |
1531 echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
1539 echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
1532 else |
1540 else |
1533 echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
1541 echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; |
1563 <legend><?php echo $lang_profile['Set mods legend'] ?></legend> |
1571 <legend><?php echo $lang_profile['Set mods legend'] ?></legend> |
1564 <div class="infldset"> |
1572 <div class="infldset"> |
1565 <p><?php echo $lang_profile['Moderator in info'] ?></p> |
1573 <p><?php echo $lang_profile['Moderator in info'] ?></p> |
1566 <?php |
1574 <?php |
1567 |
1575 |
1568 $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.moderators FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); |
1576 $result = $pun_db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.moderators FROM '.$pun_db->prefix.'categories AS c INNER JOIN '.$pun_db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $pun_db->error()); |
1569 |
1577 |
1570 $cur_category = 0; |
1578 $cur_category = 0; |
1571 while ($cur_forum = $db->fetch_assoc($result)) |
1579 while ($cur_forum = $pun_db->fetch_assoc($result)) |
1572 { |
1580 { |
1573 if ($cur_forum['cid'] != $cur_category) // A new category since last iteration? |
1581 if ($cur_forum['cid'] != $cur_category) // A new category since last iteration? |
1574 { |
1582 { |
1575 if ($cur_category) |
1583 if ($cur_category) |
1576 echo "\n\t\t\t\t\t\t\t\t".'</div>'; |
1584 echo "\n\t\t\t\t\t\t\t\t".'</div>'; |