A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

292 lines
8.9 KiB

  1. <?php
  2. /**
  3. * @package uForum
  4. * @file eprofile.php
  5. * @version $Id$
  6. * @copyright 2009(c) PioDer <pioder@wp.pl>
  7. * @link http://pioder.gim2przemysl.int.pl/
  8. * @license GNU GPL v3
  9. **/
  10. define('IN_uF', true);
  11. //include files
  12. include('./config.php');
  13. include('./includes/constants.php');
  14. include('./includes/db.php');
  15. include('./includes/errors.php');
  16. //connect to database
  17. DataBase::db_connect();
  18. include('./includes/sessions.php');
  19. include('./includes/classes/class_user.php');
  20. include('./common.php');
  21. include('./includes/misc_functions.php');
  22. include('./includes/classes/class_posting.php');
  23. include('./includes/classes/class_forum.php');
  24. include('./includes/classes/class_topic.php');
  25. include('./includes/classes/secure.php');
  26. $default_skin = ViewSkinName();
  27. $default_lang = DefaultLang();
  28. include('./lngs/'.$default_lang.'/main.php');
  29. $start = TimeGeneration();
  30. SessDelInvalid();
  31. SessRegister();
  32. SessDeleteOld();
  33. if ($_SESSION['uid']==0)
  34. {
  35. $stop = TimeGeneration();
  36. message_forum($lng['youarenotlogd'],'login.php?mode=login');
  37. }
  38. foreach ($_POST as $name => $value)
  39. {
  40. if ($forum_config['use_censorlist'])
  41. {
  42. $_POST[$name] = Secure::UseCensorlist($value);
  43. }
  44. }
  45. $msg='';
  46. $errors = true;
  47. if (isset($_POST['email']))
  48. {
  49. if ( ereg ("^.+@.+\..+$", $_POST['email']))
  50. {
  51. //if user changing password...
  52. if ($_POST['password']!='')
  53. {
  54. if (md5($_POST['password'])==User::UserInformation($_SESSION['uid'],'pass'))
  55. {
  56. if ($_POST['newpassword']==$_POST['confirmpassword'])
  57. {
  58. User::UpdatePassword($_SESSION['uid'], md5(strip_tags($_POST['newpassword'])));
  59. $errors = false;
  60. }
  61. else
  62. {
  63. $message=$lng['incorrect_password2'];
  64. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  65. }
  66. }
  67. else
  68. {
  69. $message=$lng['incorrect_password'];
  70. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  71. }
  72. }
  73. else
  74. {
  75. if ($_POST['default_skin']!='-1')
  76. {
  77. if ($_POST['default_lang']!='-1')
  78. {
  79. if ($_POST['limit_tpid']!='-1')
  80. {
  81. if ($_POST['limit_ftid']!='-1')
  82. {
  83. if ($_POST['limit_users']!='-1')
  84. {
  85. if (strlen(trim($_POST['sig']))<$forum_config['sig_len'])
  86. {
  87. $errors = false;
  88. }
  89. else
  90. {
  91. $message = $lng['signature_too_long'];
  92. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  93. }
  94. }
  95. else
  96. {
  97. $message = $lng['no_limit_users'];
  98. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  99. }
  100. }
  101. else
  102. {
  103. $message = $lng['no_limit_ftid'];
  104. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  105. }
  106. }
  107. else
  108. {
  109. $message = $lng['no_limit_tpid'];
  110. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  111. }
  112. }
  113. else
  114. {
  115. $message=$lng['invalid_lang'];
  116. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  117. }
  118. }
  119. else
  120. {
  121. $message=$lng['invalid_skin'];
  122. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  123. }
  124. }
  125. if (!$errors)
  126. {
  127. $_POST['ggnumber']=intval($_POST['ggnumber']);
  128. $_POST['interests']=strip_tags($_POST['interests']);
  129. $_POST['sig']=Secure::TagsReplace($_POST['sig']);
  130. $allow_shoutbox = (isset($_POST['allow_shoutbox'])) ? '1' : 0;
  131. if (isset($_FILES['avatar_file']['tmp_name']))
  132. {
  133. $extension = substr($_FILES['avatar_file']['name'],(strlen($_FILES['avatar_file']['name'])-3));
  134. if (($extension == 'jpg') or ($extension == 'gif'))
  135. {
  136. if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg'))
  137. {
  138. unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg');
  139. }
  140. if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif'))
  141. {
  142. unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif');
  143. }
  144. move_uploaded_file($_FILES['avatar_file']['tmp_name'], AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension);
  145. $imagesize = @getimagesize(AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension);
  146. if (($imagesize[0]<$forum_config['max_av_x']) && ($imagesize[1]<$forum_config['max_av_y']))
  147. {
  148. $_POST['avatar'] = AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension;
  149. }
  150. else
  151. {
  152. $_POST['avatar'] = 'images/av-to-big.jpg';
  153. }
  154. }
  155. else
  156. {
  157. $_POST['avatar'] = htmlspecialchars($_POST['avatar']);
  158. if (!preg_match('#^(http)|(ftp):\/\/#i', $_POST['avatar']) && $_POST['avatar'] != 'images/av-to-big.jpg')
  159. {
  160. $_POST['avatar'] = 'http://' . $_POST['avatar'];
  161. }
  162. if (!preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|gif))$)#is", $_POST['avatar']) && $_POST['avatar'] != 'images/av-to-big.jpg')
  163. {
  164. $_POST['avatar'] = '';
  165. }
  166. else
  167. {
  168. $imagesize = getimagesize($_POST['avatar']);
  169. if (($imagesize[0]<$forum_config['max_av_x']) && ($imagesize[1]<$forum_config['max_av_y']))
  170. {
  171. $_POST['avatar'] = $_POST['avatar'];
  172. }
  173. else
  174. {
  175. $_POST['avatar'] = 'images/av-to-big.jpg';
  176. }
  177. }
  178. }
  179. }
  180. else
  181. {
  182. $_POST['avatar'] = htmlspecialchars($_POST['avatar']);
  183. if (!preg_match('#^(http)|(ftp):\/\/#i', $_POST['avatar']) && $_POST['avatar'] != 'images/av-to-big.jpg')
  184. {
  185. $_POST['avatar'] = 'http://' . $_POST['avatar'];
  186. }
  187. if (!preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|gif))$)#is", $_POST['avatar']) && $_POST['avatar'] != 'images/av-to-big.jpg')
  188. {
  189. $_POST['avatar'] = '';
  190. }
  191. else
  192. {
  193. $imagesize = getimagesize($_POST['avatar']);
  194. if (($imagesize[0]<$forum_config['max_av_x']) && ($imagesize[1]<$forum_config['max_av_y']))
  195. {
  196. $_POST['avatar'] = $_POST['avatar'];
  197. }
  198. else
  199. {
  200. $_POST['avatar'] = 'images/av-to-big.jpg';
  201. }
  202. }
  203. }
  204. User::UpdateProfile($_SESSION['uid'],$_POST['ggnumber'],strip_tags($_POST['email']),$_POST['interests'], $_POST['sig'],$_POST['avatar'],$_POST['allow_qr'],$_POST['allow_email'],$_POST['allow_gg'],$_POST['default_skin'],$_POST['default_lang'], $_POST['limit_tpid'],$_POST['limit_ftid'], $_POST['limit_users'], $allow_shoutbox);
  205. message_forum($lng['profile_modernized'],'eprofile.php');
  206. }
  207. }
  208. else
  209. {
  210. $message=$lng['invalid_email'];
  211. $msg = './skins/'.$default_skin.'/post_error_body.tpl';
  212. }
  213. }
  214. //add skin variables
  215. $skin = array(
  216. //labels profile
  217. 'lnick'=>$lng['user_name'],
  218. 'lpass'=>$lng['lpassw'],
  219. 'lnewpass'=>$lng['new_password'],
  220. 'lcpass'=>$lng['confirm_password'],
  221. 'lemail'=>'E-mail',
  222. 'lgg'=>$lng['gg_number'],
  223. 'lallow_gg'=>$lng['allow_gg'],
  224. 'lallow_email'=>$lng['allow_email'],
  225. 'lallow_qr'=>$lng['allow_qr'],
  226. 'linterests'=>$lng['luinterests'],
  227. 'lsig'=>$lng['sig'],
  228. 'lavaddr'=>$lng['picture_adress'],
  229. 'lovpr'=>$lng['general_settings'],
  230. 'L.select_value'=>$lng['select_value'],
  231. 'L.limit_users'=>$lng['limit_users'],
  232. 'OPTIONS.limit_users'=>AddPages2($userdata['limit_users']),
  233. 'L.posts_in_topic'=>$lng['limit_posts'],
  234. 'OPTIONS.limit_tpid'=>AddPages2($userdata['limit_tpid']),
  235. 'L.topics_in_forum'=>$lng['limit_topics'],
  236. 'OPTIONS.limit_ftid'=>AddPages2($userdata['limit_ftid']),
  237. 'lupr'=>$lng['profile_settings'],
  238. 'lspr'=>$lng['signature_settings'],
  239. 'ldefault_lang'=>$lng['default_lang'],
  240. 'default_lang'=>AddLangs(),
  241. 'l2default_lang'=>$lng['select_lang'],
  242. 'ldefault_skin'=>$lng['default_skin'],
  243. 'default_skin'=>AddSkins(),
  244. 'l2default_skin'=>$lng['select_skin'],
  245. 'lapr'=>$lng['avatar_settings'],
  246. 'lsubmit'=>$lng['save'],
  247. 'lreset'=>$lng['reset'],
  248. 'nick'=>$userdata['nick'],
  249. //options profile
  250. 'sig'=>$userdata['sig'],
  251. 'allow'=>$lng['allow'],
  252. 'allow_shoutbox'=>($userdata['view_shoutbox']==1) ? 'checked="checked"' : '',
  253. 'avatar'=>$userdata['avatar'],
  254. 'interests'=>$userdata['interests'],
  255. 'email'=>$userdata['email'],
  256. 'gg'=>$userdata['gg'],
  257. //options values
  258. 'option_no_gg'=>($userdata['allow_gg']==0) ? 'checked="checked"' : '',
  259. 'option_no_email'=>($userdata['allow_email']==0) ? 'checked="checked"' : '',
  260. 'option_no_qr'=>($userdata['allow_qr']==0) ? 'checked="checked"' : '',
  261. 'option_yes_gg'=>($userdata['allow_gg']==1) ? 'checked="checked"' : '',
  262. 'option_yes_email'=>($userdata['allow_email']==1) ? 'checked="checked"' : '',
  263. 'option_yes_qr'=>($userdata['allow_qr']==1) ? 'checked="checked"' : '',
  264. 'no'=>$lng['no'],
  265. 'lallow_shoutbox'=>$lng['allow_shoutbox'],
  266. 'lavfile'=>$lng['avatar_file'],
  267. 'yes'=>$lng['yes']
  268. );
  269. $skin = array_push_assoc($skin,GenerateHeader($lng['leprofile'],'</a>&gt; <a href="eprofile.php" class="navigator">'.$lng['leprofile']));
  270. if ($msg=='')
  271. {
  272. $msg = './skins/'.$default_skin.'/blank.tpl';
  273. }
  274. //do it!
  275. include('./skins/'.$default_skin.'/overall_header.tpl');
  276. include('./skins/'.$default_skin.'/eprofile_body.tpl');
  277. if(RANK=='2')
  278. {
  279. $skin['pa_link']='<a href="admin/index.php" class="fsmall"><b>'.$lng['pa_link'].'</b></a>';
  280. }
  281. else
  282. {
  283. $skin['pa_link']='';
  284. }
  285. $stop = TimeGeneration();
  286. $skin['queries'] = ShowQueries($start, $stop);
  287. include('./skins/'.$default_skin.'/overall_footer.tpl');
  288. ?>