1091 lines
No EOL
38 KiB
PHP
1091 lines
No EOL
38 KiB
PHP
<?php
|
|
|
|
/**
|
|
* This file has the primary job of showing and editing people's profiles.
|
|
* It also allows the user to change some of their or another's preferences,
|
|
* and such things.
|
|
*
|
|
* Simple Machines Forum (SMF)
|
|
*
|
|
* @package SMF
|
|
* @author Simple Machines https://www.simplemachines.org
|
|
* @copyright 2023 Simple Machines and individual contributors
|
|
* @license https://www.simplemachines.org/about/smf/license.php BSD
|
|
*
|
|
* @version 2.1.4
|
|
*/
|
|
|
|
if (!defined('SMF'))
|
|
die('No direct access...');
|
|
|
|
/**
|
|
* The main designating function for modifying profiles. Loads up info, determins what to do, etc.
|
|
*
|
|
* @param array $post_errors Any errors that occurred
|
|
*/
|
|
function ModifyProfile($post_errors = array())
|
|
{
|
|
global $txt, $scripturl, $user_info, $context, $sourcedir, $user_profile, $cur_profile;
|
|
global $modSettings, $memberContext, $profile_vars, $post_errors, $smcFunc;
|
|
|
|
// Don't reload this as we may have processed error strings.
|
|
if (empty($post_errors))
|
|
loadLanguage('Profile+Drafts');
|
|
loadTemplate('Profile');
|
|
|
|
require_once($sourcedir . '/Subs-Menu.php');
|
|
|
|
// Did we get the user by name...
|
|
if (isset($_REQUEST['user']))
|
|
$memberResult = loadMemberData($_REQUEST['user'], true, 'profile');
|
|
// ... or by id_member?
|
|
elseif (!empty($_REQUEST['u']))
|
|
$memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile');
|
|
// If it was just ?action=profile, edit your own profile, but only if you're not a guest.
|
|
else
|
|
{
|
|
// Members only...
|
|
is_not_guest();
|
|
$memberResult = loadMemberData($user_info['id'], false, 'profile');
|
|
}
|
|
|
|
// Check if loadMemberData() has returned a valid result.
|
|
if (!$memberResult)
|
|
fatal_lang_error('not_a_user', false, 404);
|
|
|
|
// If all went well, we have a valid member ID!
|
|
list ($memID) = $memberResult;
|
|
$memID = (int) $memID;
|
|
$context['id_member'] = $memID;
|
|
$cur_profile = $user_profile[$memID];
|
|
|
|
// Let's have some information about this member ready, too.
|
|
loadMemberContext($memID);
|
|
$context['member'] = $memberContext[$memID];
|
|
|
|
// Is this the profile of the user himself or herself?
|
|
$context['user']['is_owner'] = $memID == $user_info['id'];
|
|
|
|
// Group management isn't actually a permission. But we need it to be for this, so we need a phantom permission.
|
|
// And we care about what the current user can do, not what the user whose profile it is.
|
|
if ($user_info['mod_cache']['gq'] != '0=1')
|
|
$user_info['permissions'][] = 'approve_group_requests';
|
|
|
|
// If paid subscriptions are enabled, make sure we actually have at least one subscription available...
|
|
$context['subs_available'] = false;
|
|
|
|
if (!empty($modSettings['paid_enabled']))
|
|
{
|
|
$get_active_subs = $smcFunc['db_query']('', '
|
|
SELECT COUNT(*)
|
|
FROM {db_prefix}subscriptions
|
|
WHERE active = {int:active}', array(
|
|
'active' => 1,
|
|
)
|
|
);
|
|
|
|
list ($num_subs) = $smcFunc['db_fetch_row']($get_active_subs);
|
|
|
|
$context['subs_available'] = ($num_subs > 0);
|
|
|
|
$smcFunc['db_free_result']($get_active_subs);
|
|
}
|
|
|
|
/* Define all the sections within the profile area!
|
|
We start by defining the permission required - then SMF takes this and turns it into the relevant context ;)
|
|
Possible fields:
|
|
For Section:
|
|
string $title: Section title.
|
|
array $areas: Array of areas within this section.
|
|
|
|
For Areas:
|
|
string $label: Text string that will be used to show the area in the menu.
|
|
string $file: Optional text string that may contain a file name that's needed for inclusion in order to display the area properly.
|
|
string $custom_url: Optional href for area.
|
|
string $function: Function to execute for this section. Can be a call to an static method: class::method
|
|
string $class If your function is a method, set the class field with your class's name and SMF will create a new instance for it.
|
|
bool $enabled: Should area be shown?
|
|
string $sc: Session check validation to do on save - note without this save will get unset - if set.
|
|
bool $hidden: Does this not actually appear on the menu?
|
|
bool $password: Whether to require the user's password in order to save the data in the area.
|
|
array $subsections: Array of subsections, in order of appearance.
|
|
array $permission: Array of permissions to determine who can access this area. Should contain arrays $own and $any.
|
|
*/
|
|
$profile_areas = array(
|
|
'info' => array(
|
|
'title' => $txt['profileInfo'],
|
|
'areas' => array(
|
|
'summary' => array(
|
|
'label' => $txt['summary'],
|
|
'file' => 'Profile-View.php',
|
|
'function' => 'summary',
|
|
'icon' => 'administration',
|
|
'permission' => array(
|
|
'own' => 'is_not_guest',
|
|
'any' => 'profile_view',
|
|
),
|
|
),
|
|
'popup' => array(
|
|
'function' => 'profile_popup',
|
|
'permission' => array(
|
|
'own' => 'is_not_guest',
|
|
'any' => array(),
|
|
),
|
|
'select' => 'summary',
|
|
),
|
|
'alerts_popup' => array(
|
|
'function' => 'alerts_popup',
|
|
'permission' => array(
|
|
'own' => 'is_not_guest',
|
|
'any' => array(),
|
|
),
|
|
'select' => 'summary',
|
|
),
|
|
'statistics' => array(
|
|
'label' => $txt['statPanel'],
|
|
'file' => 'Profile-View.php',
|
|
'function' => 'statPanel',
|
|
'icon' => 'stats',
|
|
'permission' => array(
|
|
'own' => 'is_not_guest',
|
|
'any' => 'profile_view',
|
|
),
|
|
),
|
|
'showposts' => array(
|
|
'label' => $txt['showPosts'],
|
|
'file' => 'Profile-View.php',
|
|
'function' => 'showPosts',
|
|
'icon' => 'posts',
|
|
'subsections' => array(
|
|
'messages' => array($txt['showMessages'], array('is_not_guest', 'profile_view')),
|
|
'topics' => array($txt['showTopics'], array('is_not_guest', 'profile_view')),
|
|
'unwatchedtopics' => array($txt['showUnwatched'], array('is_not_guest', 'profile_view'), 'enabled' => $context['user']['is_owner']),
|
|
'attach' => array($txt['showAttachments'], array('is_not_guest', 'profile_view')),
|
|
),
|
|
'permission' => array(
|
|
'own' => 'is_not_guest',
|
|
'any' => 'profile_view',
|
|
),
|
|
),
|
|
'showdrafts' => array(
|
|
'label' => $txt['drafts_show'],
|
|
'file' => 'Drafts.php',
|
|
'function' => 'showProfileDrafts',
|
|
'icon' => 'drafts',
|
|
'enabled' => !empty($modSettings['drafts_post_enabled']) && $context['user']['is_owner'],
|
|
'permission' => array(
|
|
'own' => 'is_not_guest',
|
|
'any' => array(),
|
|
),
|
|
),
|
|
'showalerts' => array(
|
|
'label' => $txt['alerts_show'],
|
|
'file' => 'Profile-View.php',
|
|
'function' => 'showAlerts',
|
|
'icon' => 'alerts',
|
|
'permission' => array(
|
|
'own' => 'is_not_guest',
|
|
'any' => array(),
|
|
),
|
|
),
|
|
'permissions' => array(
|
|
'label' => $txt['showPermissions'],
|
|
'file' => 'Profile-View.php',
|
|
'function' => 'showPermissions',
|
|
'icon' => 'permissions',
|
|
'permission' => array(
|
|
'own' => 'manage_permissions',
|
|
'any' => 'manage_permissions',
|
|
),
|
|
),
|
|
'tracking' => array(
|
|
'label' => $txt['trackUser'],
|
|
'file' => 'Profile-View.php',
|
|
'function' => 'tracking',
|
|
'icon' => 'logs',
|
|
'subsections' => array(
|
|
'activity' => array($txt['trackActivity'], 'moderate_forum'),
|
|
'ip' => array($txt['trackIP'], 'moderate_forum'),
|
|
'edits' => array($txt['trackEdits'], 'moderate_forum', 'enabled' => !empty($modSettings['userlog_enabled'])),
|
|
'groupreq' => array($txt['trackGroupRequests'], 'approve_group_requests', 'enabled' => !empty($modSettings['show_group_membership'])),
|
|
'logins' => array($txt['trackLogins'], 'moderate_forum', 'enabled' => !empty($modSettings['loginHistoryDays'])),
|
|
),
|
|
'permission' => array(
|
|
'own' => array('moderate_forum', 'approve_group_requests'),
|
|
'any' => array('moderate_forum', 'approve_group_requests'),
|
|
),
|
|
),
|
|
'viewwarning' => array(
|
|
'label' => $txt['profile_view_warnings'],
|
|
'enabled' => $modSettings['warning_settings'][0] == 1 && $cur_profile['warning'],
|
|
'file' => 'Profile-View.php',
|
|
'function' => 'viewWarning',
|
|
'icon' => 'warning',
|
|
'permission' => array(
|
|
'own' => array('view_warning_own', 'view_warning_any', 'issue_warning', 'moderate_forum'),
|
|
'any' => array('view_warning_any', 'issue_warning', 'moderate_forum'),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
'edit_profile' => array(
|
|
'title' => $txt['forumprofile'],
|
|
'areas' => array(
|
|
'account' => array(
|
|
'label' => $txt['account'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'account',
|
|
'icon' => 'maintain',
|
|
'enabled' => $context['user']['is_admin'] || ($cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups']))),
|
|
'sc' => 'post',
|
|
'token' => 'profile-ac%u',
|
|
'password' => true,
|
|
'permission' => array(
|
|
'own' => array('profile_identity_any', 'profile_identity_own', 'profile_password_any', 'profile_password_own', 'manage_membergroups'),
|
|
'any' => array('profile_identity_any', 'profile_password_any', 'manage_membergroups'),
|
|
),
|
|
),
|
|
'tfasetup' => array(
|
|
'label' => $txt['account'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'tfasetup',
|
|
'token' => 'profile-tfa%u',
|
|
'enabled' => !empty($modSettings['tfa_mode']),
|
|
'hidden' => true,
|
|
'select' => 'account',
|
|
'permission' => array(
|
|
'own' => array('profile_password_own'),
|
|
'any' => array('profile_password_any'),
|
|
),
|
|
),
|
|
'tfadisable' => array(
|
|
'label' => $txt['account'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'tfadisable',
|
|
'token' => 'profile-tfa%u',
|
|
'sc' => 'post',
|
|
'password' => true,
|
|
'enabled' => !empty($modSettings['tfa_mode']),
|
|
'hidden' => true,
|
|
'select' => 'account',
|
|
'permission' => array(
|
|
'own' => array('profile_password_own'),
|
|
'any' => array('profile_password_any'),
|
|
),
|
|
),
|
|
'forumprofile' => array(
|
|
'label' => $txt['forumprofile'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'forumProfile',
|
|
'icon' => 'members',
|
|
'sc' => 'post',
|
|
'token' => 'profile-fp%u',
|
|
'permission' => array(
|
|
'own' => array('profile_forum_any', 'profile_forum_own'),
|
|
'any' => array('profile_forum_any'),
|
|
),
|
|
),
|
|
'theme' => array(
|
|
'label' => $txt['theme'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'theme',
|
|
'icon' => 'features',
|
|
'sc' => 'post',
|
|
'token' => 'profile-th%u',
|
|
'permission' => array(
|
|
'own' => array('profile_extra_any', 'profile_extra_own'),
|
|
'any' => array('profile_extra_any'),
|
|
),
|
|
),
|
|
'notification' => array(
|
|
'label' => $txt['notification'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'notification',
|
|
'icon' => 'alerts',
|
|
'sc' => 'post',
|
|
//'token' => 'profile-nt%u', This is not checked here. We do it in the function itself - but if it was checked, this is what it'd be.
|
|
'subsections' => array(
|
|
'alerts' => array($txt['alert_prefs'], array('is_not_guest', 'profile_extra_any')),
|
|
'topics' => array($txt['watched_topics'], array('is_not_guest', 'profile_extra_any')),
|
|
'boards' => array($txt['watched_boards'], array('is_not_guest', 'profile_extra_any')),
|
|
),
|
|
'permission' => array(
|
|
'own' => array('is_not_guest'),
|
|
'any' => array('profile_extra_any'), // If you change this, update it in the functions themselves; we delegate all saving checks there.
|
|
),
|
|
),
|
|
'ignoreboards' => array(
|
|
'label' => $txt['ignoreboards'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'ignoreboards',
|
|
'icon' => 'boards',
|
|
'enabled' => !empty($modSettings['allow_ignore_boards']),
|
|
'sc' => 'post',
|
|
'token' => 'profile-ib%u',
|
|
'permission' => array(
|
|
'own' => array('profile_extra_any', 'profile_extra_own'),
|
|
'any' => array('profile_extra_any'),
|
|
),
|
|
),
|
|
'lists' => array(
|
|
'label' => $txt['editBuddyIgnoreLists'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'editBuddyIgnoreLists',
|
|
'icon' => 'frenemy',
|
|
'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'],
|
|
'sc' => 'post',
|
|
'subsections' => array(
|
|
'buddies' => array($txt['editBuddies']),
|
|
'ignore' => array($txt['editIgnoreList']),
|
|
),
|
|
'permission' => array(
|
|
'own' => array('profile_extra_any', 'profile_extra_own'),
|
|
'any' => array(),
|
|
),
|
|
),
|
|
'groupmembership' => array(
|
|
'label' => $txt['groupmembership'],
|
|
'file' => 'Profile-Modify.php',
|
|
'function' => 'groupMembership',
|
|
'icon' => 'people',
|
|
'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'],
|
|
'sc' => 'request',
|
|
'token' => 'profile-gm%u',
|
|
'token_type' => 'request',
|
|
'permission' => array(
|
|
'own' => array('is_not_guest'),
|
|
'any' => array('manage_membergroups'),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
'profile_action' => array(
|
|
'title' => $txt['profileAction'],
|
|
'areas' => array(
|
|
'sendpm' => array(
|
|
'label' => $txt['profileSendIm'],
|
|
'custom_url' => $scripturl . '?action=pm;sa=send',
|
|
'icon' => 'personal_message',
|
|
'enabled' => allowedTo('profile_view'),
|
|
'permission' => array(
|
|
'own' => array(),
|
|
'any' => array('pm_send'),
|
|
),
|
|
),
|
|
'report' => array(
|
|
'label' => $txt['report_profile'],
|
|
'custom_url' => $scripturl . '?action=reporttm;' . $context['session_var'] . '=' . $context['session_id'],
|
|
'icon' => 'warning',
|
|
'enabled' => allowedTo('profile_view'),
|
|
'permission' => array(
|
|
'own' => array(),
|
|
'any' => array('report_user'),
|
|
),
|
|
),
|
|
'issuewarning' => array(
|
|
'label' => $txt['profile_issue_warning'],
|
|
'enabled' => $modSettings['warning_settings'][0] == 1,
|
|
'file' => 'Profile-Actions.php',
|
|
'function' => 'issueWarning',
|
|
'icon' => 'warning',
|
|
'token' => 'profile-iw%u',
|
|
'permission' => array(
|
|
'own' => array(),
|
|
'any' => array('issue_warning'),
|
|
),
|
|
),
|
|
'banuser' => array(
|
|
'label' => $txt['profileBanUser'],
|
|
'custom_url' => $scripturl . '?action=admin;area=ban;sa=add',
|
|
'icon' => 'ban',
|
|
'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])),
|
|
'permission' => array(
|
|
'own' => array(),
|
|
'any' => array('manage_bans'),
|
|
),
|
|
),
|
|
'subscriptions' => array(
|
|
'label' => $txt['subscriptions'],
|
|
'file' => 'Profile-Actions.php',
|
|
'function' => 'subscriptions',
|
|
'icon' => 'paid',
|
|
'enabled' => !empty($modSettings['paid_enabled']) && $context['subs_available'],
|
|
'permission' => array(
|
|
'own' => array('is_not_guest'),
|
|
'any' => array('moderate_forum'),
|
|
),
|
|
),
|
|
'getprofiledata' => array(
|
|
'label' => $txt['export_profile_data'],
|
|
'file' => 'Profile-Export.php',
|
|
'function' => 'export_profile_data',
|
|
'icon' => 'packages',
|
|
// 'token' => 'profile-ex%u', // This is not checked here. We do it in the function itself - but if it was checked, this is what it'd be.
|
|
'permission' => array(
|
|
'own' => array('profile_view_own'),
|
|
'any' => array('moderate_forum'),
|
|
),
|
|
),
|
|
'download' => array(
|
|
'label' => $txt['export_profile_data'],
|
|
'file' => 'Profile-Export.php',
|
|
'function' => 'download_export_file',
|
|
'icon' => 'packages',
|
|
'hidden' => true,
|
|
'select' => 'getprofiledata',
|
|
'permission' => array(
|
|
'own' => array('profile_view_own'),
|
|
'any' => array('moderate_forum'),
|
|
),
|
|
),
|
|
'dlattach' => array(
|
|
'label' => $txt['export_profile_data'],
|
|
'file' => 'Profile-Export.php',
|
|
'function' => 'export_attachment',
|
|
'icon' => 'packages',
|
|
'hidden' => true,
|
|
'select' => 'getprofiledata',
|
|
'permission' => array(
|
|
'own' => array('profile_view_own'),
|
|
'any' => array(),
|
|
),
|
|
),
|
|
'deleteaccount' => array(
|
|
'label' => $txt['deleteAccount'],
|
|
'file' => 'Profile-Actions.php',
|
|
'function' => 'deleteAccount',
|
|
'icon' => 'members_delete',
|
|
'sc' => 'post',
|
|
'token' => 'profile-da%u',
|
|
'password' => true,
|
|
'permission' => array(
|
|
'own' => array('profile_remove_any', 'profile_remove_own'),
|
|
'any' => array('profile_remove_any'),
|
|
),
|
|
),
|
|
'activateaccount' => array(
|
|
'file' => 'Profile-Actions.php',
|
|
'function' => 'activateAccount',
|
|
'icon' => 'regcenter',
|
|
'sc' => 'get',
|
|
'token' => 'profile-aa%u',
|
|
'token_type' => 'get',
|
|
'permission' => array(
|
|
'own' => array(),
|
|
'any' => array('moderate_forum'),
|
|
),
|
|
),
|
|
// A logout link just for the popup menu.
|
|
'logout' => array(
|
|
'label' => $txt['logout'],
|
|
'custom_url' => $scripturl . '?action=logout;%1$s=%2$s',
|
|
'icon' => 'logout',
|
|
'enabled' => !empty($_REQUEST['area']) && $_REQUEST['area'] === 'popup',
|
|
'permission' => array(
|
|
'own' => array('is_not_guest'),
|
|
'any' => array(),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
);
|
|
|
|
// Let them modify profile areas easily.
|
|
call_integration_hook('integrate_profile_areas', array(&$profile_areas));
|
|
|
|
// Deprecated since 2.1.4 and will be removed in 3.0.0. Kept for compatibility with early versions of 2.1.
|
|
// @todo add runtime warnings.
|
|
call_integration_hook('integrate_pre_profile_areas', array(&$profile_areas));
|
|
|
|
// Do some cleaning ready for the menu function.
|
|
$context['password_areas'] = array();
|
|
$current_area = isset($_REQUEST['area']) ? $_REQUEST['area'] : '';
|
|
|
|
foreach ($profile_areas as $section_id => $section)
|
|
{
|
|
// Do a bit of spring cleaning so to speak.
|
|
foreach ($section['areas'] as $area_id => $area)
|
|
{
|
|
// If it said no permissions that meant it wasn't valid!
|
|
if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any']))
|
|
$profile_areas[$section_id]['areas'][$area_id]['enabled'] = false;
|
|
// Otherwise pick the right set.
|
|
else
|
|
$profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any'];
|
|
|
|
// Password required in most cases
|
|
if (!empty($area['password']))
|
|
$context['password_areas'][] = $area_id;
|
|
}
|
|
}
|
|
|
|
// Is there an updated message to show?
|
|
if (isset($_GET['updated']))
|
|
$context['profile_updated'] = $txt['profile_updated_own'];
|
|
|
|
// Set a few options for the menu.
|
|
$menuOptions = array(
|
|
'disable_hook_call' => true,
|
|
'disable_url_session_check' => true,
|
|
'current_area' => $current_area,
|
|
'extra_url_parameters' => array(
|
|
'u' => $context['id_member'],
|
|
),
|
|
);
|
|
|
|
// Logging out requires the session id in the url.
|
|
$profile_areas['profile_action']['areas']['logout']['custom_url'] = sprintf($profile_areas['profile_action']['areas']['logout']['custom_url'], $context['session_var'], $context['session_id']);
|
|
|
|
// Actually create the menu!
|
|
$profile_include_data = createMenu($profile_areas, $menuOptions);
|
|
|
|
// No menu means no access.
|
|
if (!$profile_include_data && (!$user_info['is_guest'] || validateSession()))
|
|
fatal_lang_error('no_access', false);
|
|
|
|
// Make a note of the Unique ID for this menu.
|
|
$context['profile_menu_id'] = $context['max_menu_id'];
|
|
$context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id'];
|
|
|
|
// Set the selected item - now it's been validated.
|
|
$current_area = $profile_include_data['current_area'];
|
|
$current_sa = $profile_include_data['current_subsection'];
|
|
$context['menu_item_selected'] = $current_area;
|
|
|
|
// Before we go any further, let's work on the area we've said is valid. Note this is done here just in case we ever compromise the menu function in error!
|
|
$context['completed_save'] = false;
|
|
$context['do_preview'] = isset($_REQUEST['preview_signature']);
|
|
|
|
$security_checks = array();
|
|
$found_area = false;
|
|
foreach ($profile_areas as $section_id => $section)
|
|
{
|
|
// Do a bit of spring cleaning so to speak.
|
|
foreach ($section['areas'] as $area_id => $area)
|
|
{
|
|
// Is this our area?
|
|
if ($current_area == $area_id)
|
|
{
|
|
// This can't happen - but is a security check.
|
|
if ((isset($section['enabled']) && $section['enabled'] == false) || (isset($area['enabled']) && $area['enabled'] == false))
|
|
fatal_lang_error('no_access', false);
|
|
|
|
// Are we saving data in a valid area?
|
|
if (isset($area['sc']) && (isset($_REQUEST['save']) || $context['do_preview']))
|
|
{
|
|
$security_checks['session'] = $area['sc'];
|
|
$context['completed_save'] = true;
|
|
}
|
|
|
|
// Do we need to perform a token check?
|
|
if (!empty($area['token']))
|
|
{
|
|
$security_checks[isset($_REQUEST['save']) ? 'validateToken' : 'needsToken'] = $area['token'];
|
|
$token_name = $area['token'] !== true ? str_replace('%u', $context['id_member'], $area['token']) : 'profile-u' . $context['id_member'];
|
|
|
|
$token_type = isset($area['token_type']) && in_array($area['token_type'], array('request', 'post', 'get')) ? $area['token_type'] : 'post';
|
|
}
|
|
|
|
// Does this require session validating?
|
|
if (!empty($area['validate']) || (isset($_REQUEST['save']) && !$context['user']['is_owner'] && ($area_id != 'issuewarning' || empty($modSettings['securityDisable_moderate']))))
|
|
$security_checks['validate'] = true;
|
|
|
|
// Permissions for good measure.
|
|
if (!empty($profile_include_data['permission']))
|
|
$security_checks['permission'] = $profile_include_data['permission'];
|
|
|
|
// Either way got something.
|
|
$found_area = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Oh dear, some serious security lapse is going on here... we'll put a stop to that!
|
|
if (!$found_area)
|
|
fatal_lang_error('no_access', false);
|
|
|
|
// Release this now.
|
|
unset($profile_areas);
|
|
|
|
// Now the context is setup have we got any security checks to carry out additional to that above?
|
|
if (isset($security_checks['session']))
|
|
checkSession($security_checks['session']);
|
|
if (isset($security_checks['validate']))
|
|
validateSession();
|
|
if (isset($security_checks['validateToken']))
|
|
validateToken($token_name, $token_type);
|
|
if (isset($security_checks['permission']))
|
|
isAllowedTo($security_checks['permission']);
|
|
|
|
// Create a token if needed.
|
|
if (isset($security_checks['needsToken']) || isset($security_checks['validateToken']))
|
|
{
|
|
createToken($token_name, $token_type);
|
|
$context['token_check'] = $token_name;
|
|
}
|
|
|
|
// File to include?
|
|
if (isset($profile_include_data['file']))
|
|
require_once($sourcedir . '/' . $profile_include_data['file']);
|
|
|
|
// Build the link tree.
|
|
$context['linktree'][] = array(
|
|
'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''),
|
|
'name' => sprintf($txt['profile_of_username'], $context['member']['name']),
|
|
);
|
|
|
|
if (!empty($profile_include_data['label']))
|
|
$context['linktree'][] = array(
|
|
'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'],
|
|
'name' => $profile_include_data['label'],
|
|
);
|
|
|
|
if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label'])
|
|
$context['linktree'][] = array(
|
|
'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'],
|
|
'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0],
|
|
);
|
|
|
|
// Set the template for this area and add the profile layer.
|
|
$context['sub_template'] = $profile_include_data['function'];
|
|
$context['template_layers'][] = 'profile';
|
|
|
|
// All the subactions that require a user password in order to validate.
|
|
$check_password = $context['user']['is_owner'] && in_array($profile_include_data['current_area'], $context['password_areas']);
|
|
$context['require_password'] = $check_password;
|
|
|
|
loadJavaScriptFile('profile.js', array('defer' => false, 'minimize' => true), 'smf_profile');
|
|
|
|
// These will get populated soon!
|
|
$post_errors = array();
|
|
$profile_vars = array();
|
|
|
|
// Right - are we saving - if so let's save the old data first.
|
|
if ($context['completed_save'])
|
|
{
|
|
// Clean up the POST variables.
|
|
$_POST = htmltrim__recursive($_POST);
|
|
$_POST = htmlspecialchars__recursive($_POST);
|
|
|
|
if ($check_password)
|
|
{
|
|
// Check to ensure we're forcing SSL for authentication
|
|
if (!empty($modSettings['force_ssl']) && empty($maintenance) && !httpsOn())
|
|
fatal_lang_error('login_ssl_required', false);
|
|
|
|
$password = isset($_POST['oldpasswrd']) ? $_POST['oldpasswrd'] : '';
|
|
|
|
// You didn't even enter a password!
|
|
if (trim($password) == '')
|
|
$post_errors[] = 'no_password';
|
|
|
|
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
|
|
$password = un_htmlspecialchars($password);
|
|
|
|
// Does the integration want to check passwords?
|
|
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $password, false)), true);
|
|
|
|
// Bad password!!!
|
|
if (!$good_password && !hash_verify_password($user_profile[$memID]['member_name'], $password, $user_info['passwd']))
|
|
$post_errors[] = 'bad_password';
|
|
|
|
// Warn other elements not to jump the gun and do custom changes!
|
|
if (in_array('bad_password', $post_errors))
|
|
$context['password_auth_failed'] = true;
|
|
}
|
|
|
|
// Change the IP address in the database.
|
|
if ($context['user']['is_owner'] && $menuOptions['current_area'] != 'tfasetup')
|
|
$profile_vars['member_ip'] = $user_info['ip'];
|
|
|
|
// Now call the sub-action function...
|
|
if ($current_area == 'activateaccount')
|
|
{
|
|
if (empty($post_errors))
|
|
activateAccount($memID);
|
|
}
|
|
elseif ($current_area == 'deleteaccount')
|
|
{
|
|
if (empty($post_errors))
|
|
{
|
|
deleteAccount2($memID);
|
|
redirectexit();
|
|
}
|
|
}
|
|
elseif ($menuOptions['current_area'] == 'tfadisable')
|
|
{
|
|
// Already checked the password, token, permissions, and session.
|
|
$profile_vars += array(
|
|
'tfa_secret' => '',
|
|
'tfa_backup' => '',
|
|
);
|
|
}
|
|
elseif ($current_area == 'groupmembership' && empty($post_errors))
|
|
{
|
|
$msg = groupMembership2($profile_vars, $post_errors, $memID);
|
|
|
|
// Whatever we've done, we have nothing else to do here...
|
|
redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : ''));
|
|
}
|
|
elseif (in_array($current_area, array('account', 'forumprofile', 'theme')))
|
|
saveProfileFields();
|
|
else
|
|
{
|
|
$force_redirect = true;
|
|
// Ensure we include this.
|
|
require_once($sourcedir . '/Profile-Modify.php');
|
|
saveProfileChanges($profile_vars, $post_errors, $memID);
|
|
}
|
|
|
|
call_integration_hook('integrate_profile_save', array(&$profile_vars, &$post_errors, $memID, $cur_profile, $current_area));
|
|
|
|
// There was a problem, let them try to re-enter.
|
|
if (!empty($post_errors))
|
|
{
|
|
// Load the language file so we can give a nice explanation of the errors.
|
|
loadLanguage('Errors');
|
|
$context['post_errors'] = $post_errors;
|
|
}
|
|
elseif (!empty($profile_vars))
|
|
{
|
|
// If we've changed the password, notify any integration that may be listening in.
|
|
if (isset($profile_vars['passwd']))
|
|
call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
|
|
|
|
updateMemberData($memID, $profile_vars);
|
|
|
|
// What if this is the newest member?
|
|
if ($modSettings['latestMember'] == $memID)
|
|
updateStats('member');
|
|
elseif (isset($profile_vars['real_name']))
|
|
updateSettings(array('memberlist_updated' => time()));
|
|
|
|
// If the member changed his/her birthdate, update calendar statistics.
|
|
if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name']))
|
|
updateSettings(array(
|
|
'calendar_updated' => time(),
|
|
));
|
|
|
|
// Anything worth logging?
|
|
if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled']))
|
|
{
|
|
$log_changes = array();
|
|
require_once($sourcedir . '/Logging.php');
|
|
foreach ($context['log_changes'] as $k => $v)
|
|
$log_changes[] = array(
|
|
'action' => $k,
|
|
'log_type' => 'user',
|
|
'extra' => array_merge($v, array(
|
|
'applicator' => $user_info['id'],
|
|
'member_affected' => $memID,
|
|
)),
|
|
);
|
|
|
|
logActions($log_changes);
|
|
}
|
|
|
|
// Have we got any post save functions to execute?
|
|
if (!empty($context['profile_execute_on_save']))
|
|
foreach ($context['profile_execute_on_save'] as $saveFunc)
|
|
$saveFunc();
|
|
|
|
// Let them know it worked!
|
|
$context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']);
|
|
|
|
// Invalidate any cached data.
|
|
cache_put_data('member_data-profile-' . $memID, null, 0);
|
|
}
|
|
}
|
|
|
|
// Have some errors for some reason?
|
|
if (!empty($post_errors))
|
|
{
|
|
// Set all the errors so the template knows what went wrong.
|
|
foreach ($post_errors as $error_type)
|
|
$context['modify_error'][$error_type] = true;
|
|
}
|
|
// If it's you then we should redirect upon save.
|
|
elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview'])
|
|
redirectexit('action=profile;area=' . $current_area . (!empty($current_sa) ? ';sa=' . $current_sa : '') . ';updated');
|
|
elseif (!empty($force_redirect))
|
|
redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
|
|
|
|
// Get the right callable.
|
|
$call = call_helper($profile_include_data['function'], true);
|
|
|
|
// Is it valid?
|
|
if (!empty($call))
|
|
call_user_func($call, $memID);
|
|
|
|
// Set the page title if it's not already set...
|
|
if (!isset($context['page_title']))
|
|
$context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
|
|
}
|
|
|
|
/**
|
|
* Set up the requirements for the profile popup - the area that is shown as the popup menu for the current user.
|
|
*
|
|
* @param int $memID The ID of the member
|
|
*/
|
|
function profile_popup($memID)
|
|
{
|
|
global $context, $scripturl, $txt, $db_show_debug;
|
|
|
|
// We do not want to output debug information here.
|
|
$db_show_debug = false;
|
|
|
|
// We only want to output our little layer here.
|
|
$context['template_layers'] = array();
|
|
|
|
// This list will pull from the master list wherever possible. Hopefully it should be clear what does what.
|
|
$profile_items = array(
|
|
array(
|
|
'menu' => 'edit_profile',
|
|
'area' => 'account',
|
|
),
|
|
array(
|
|
'menu' => 'edit_profile',
|
|
'area' => 'forumprofile',
|
|
'title' => $txt['popup_forumprofile'],
|
|
),
|
|
array(
|
|
'menu' => 'edit_profile',
|
|
'area' => 'theme',
|
|
'title' => $txt['theme'],
|
|
),
|
|
array(
|
|
'menu' => 'edit_profile',
|
|
'area' => 'notification',
|
|
),
|
|
array(
|
|
'menu' => 'edit_profile',
|
|
'area' => 'ignoreboards',
|
|
),
|
|
array(
|
|
'menu' => 'edit_profile',
|
|
'area' => 'lists',
|
|
'url' => $scripturl . '?action=profile;area=lists;sa=ignore',
|
|
'title' => $txt['popup_ignore'],
|
|
),
|
|
array(
|
|
'menu' => 'info',
|
|
'area' => 'showposts',
|
|
'title' => $txt['popup_showposts'],
|
|
),
|
|
array(
|
|
'menu' => 'info',
|
|
'area' => 'showdrafts',
|
|
'title' => $txt['popup_showdrafts'],
|
|
),
|
|
array(
|
|
'menu' => 'edit_profile',
|
|
'area' => 'groupmembership',
|
|
'title' => $txt['popup_groupmembership'],
|
|
),
|
|
array(
|
|
'menu' => 'profile_action',
|
|
'area' => 'subscriptions',
|
|
'title' => $txt['popup_subscriptions'],
|
|
),
|
|
array(
|
|
'menu' => 'profile_action',
|
|
'area' => 'logout',
|
|
),
|
|
);
|
|
|
|
call_integration_hook('integrate_profile_popup', array(&$profile_items));
|
|
|
|
// Now check if these items are available
|
|
$context['profile_items'] = array();
|
|
$menu_context = &$context[$context['profile_menu_name']]['sections'];
|
|
foreach ($profile_items as $item)
|
|
{
|
|
if (isset($menu_context[$item['menu']]['areas'][$item['area']]))
|
|
{
|
|
$context['profile_items'][] = $item;
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Set up the requirements for the alerts popup - the area that shows all the alerts just quickly for the current user.
|
|
*
|
|
* @param int $memID The ID of the member
|
|
*/
|
|
function alerts_popup($memID)
|
|
{
|
|
global $context, $sourcedir, $db_show_debug, $cur_profile, $modSettings;
|
|
|
|
// Load the Alerts language file.
|
|
loadLanguage('Alerts');
|
|
|
|
// We do not want to output debug information here.
|
|
$db_show_debug = false;
|
|
|
|
// We only want to output our little layer here.
|
|
$context['template_layers'] = array();
|
|
|
|
// No funny business allowed
|
|
$counter = isset($_REQUEST['counter']) ? max(0, (int) $_REQUEST['counter']) : 0;
|
|
$limit = !empty($modSettings['alerts_per_page']) && (int) $modSettings['alerts_per_page'] < 1000 ? min((int) $modSettings['alerts_per_page'], 1000) : 25;
|
|
|
|
$context['unread_alerts'] = array();
|
|
if ($counter < $cur_profile['alerts'])
|
|
{
|
|
// Now fetch me my unread alerts, pronto!
|
|
require_once($sourcedir . '/Profile-View.php');
|
|
$context['unread_alerts'] = fetch_alerts($memID, false, !empty($counter) ? $cur_profile['alerts'] - $counter : $limit, 0, !isset($_REQUEST['counter']));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Load any custom fields for this area... no area means load all, 'summary' loads all public ones.
|
|
*
|
|
* @param int $memID The ID of the member
|
|
* @param string $area Which area to load fields for
|
|
*/
|
|
function loadCustomFields($memID, $area = 'summary')
|
|
{
|
|
global $context, $txt, $user_profile, $smcFunc, $user_info, $settings, $scripturl;
|
|
|
|
// Get the right restrictions in place...
|
|
$where = 'active = 1';
|
|
if (!allowedTo('admin_forum') && $area != 'register')
|
|
{
|
|
// If it's the owner they can see two types of private fields, regardless.
|
|
if ($memID == $user_info['id'])
|
|
$where .= $area == 'summary' ? ' AND private < 3' : ' AND (private = 0 OR private = 2)';
|
|
else
|
|
$where .= $area == 'summary' ? ' AND private < 2' : ' AND private = 0';
|
|
}
|
|
|
|
if ($area == 'register')
|
|
$where .= ' AND show_reg != 0';
|
|
elseif ($area != 'summary')
|
|
$where .= ' AND show_profile = {string:area}';
|
|
|
|
// Load all the relevant fields - and data.
|
|
$request = $smcFunc['db_query']('', '
|
|
SELECT
|
|
col_name, field_name, field_desc, field_type, field_order, show_reg, field_length, field_options,
|
|
default_value, bbc, enclose, placement
|
|
FROM {db_prefix}custom_fields
|
|
WHERE ' . $where . '
|
|
ORDER BY field_order',
|
|
array(
|
|
'area' => $area,
|
|
)
|
|
);
|
|
$context['custom_fields'] = array();
|
|
$context['custom_fields_required'] = false;
|
|
while ($row = $smcFunc['db_fetch_assoc']($request))
|
|
{
|
|
// Shortcut.
|
|
$exists = $memID && isset($user_profile[$memID], $user_profile[$memID]['options'][$row['col_name']]);
|
|
$value = $exists ? $user_profile[$memID]['options'][$row['col_name']] : '';
|
|
|
|
$currentKey = 0;
|
|
if (!empty($row['field_options']))
|
|
{
|
|
$fieldOptions = explode(',', $row['field_options']);
|
|
foreach ($fieldOptions as $k => $v)
|
|
{
|
|
if (empty($currentKey))
|
|
$currentKey = $v === $value ? $k : 0;
|
|
}
|
|
}
|
|
|
|
// If this was submitted already then make the value the posted version.
|
|
if (isset($_POST['customfield']) && isset($_POST['customfield'][$row['col_name']]))
|
|
{
|
|
$value = $smcFunc['htmlspecialchars']($_POST['customfield'][$row['col_name']]);
|
|
if (in_array($row['field_type'], array('select', 'radio')))
|
|
$value = ($options = explode(',', $row['field_options'])) && isset($options[$value]) ? $options[$value] : '';
|
|
}
|
|
|
|
// Don't show the "disabled" option for the "gender" field if we are on the "summary" area.
|
|
if ($area == 'summary' && $row['col_name'] == 'cust_gender' && $value == '{gender_0}')
|
|
continue;
|
|
|
|
// HTML for the input form.
|
|
$output_html = $value;
|
|
if ($row['field_type'] == 'check')
|
|
{
|
|
$true = (!$exists && $row['default_value']) || $value;
|
|
$input_html = '<input type="checkbox" name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . ($true ? ' checked' : '') . '>';
|
|
$output_html = $true ? $txt['yes'] : $txt['no'];
|
|
}
|
|
elseif ($row['field_type'] == 'select')
|
|
{
|
|
$input_html = '<select name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"><option value="-1"></option>';
|
|
$options = explode(',', $row['field_options']);
|
|
foreach ($options as $k => $v)
|
|
{
|
|
$true = (!$exists && $row['default_value'] == $v) || $value == $v;
|
|
$input_html .= '<option value="' . $k . '"' . ($true ? ' selected' : '') . '>' . tokenTxtReplace($v) . '</option>';
|
|
if ($true)
|
|
$output_html = $v;
|
|
}
|
|
|
|
$input_html .= '</select>';
|
|
}
|
|
elseif ($row['field_type'] == 'radio')
|
|
{
|
|
$input_html = '<fieldset>';
|
|
$options = explode(',', $row['field_options']);
|
|
foreach ($options as $k => $v)
|
|
{
|
|
$true = (!$exists && $row['default_value'] == $v) || $value == $v;
|
|
$input_html .= '<label for="customfield_' . $row['col_name'] . '_' . $k . '"><input type="radio" name="customfield[' . $row['col_name'] . ']" id="customfield_' . $row['col_name'] . '_' . $k . '" value="' . $k . '"' . ($true ? ' checked' : '') . '>' . tokenTxtReplace($v) . '</label><br>';
|
|
if ($true)
|
|
$output_html = $v;
|
|
}
|
|
$input_html .= '</fieldset>';
|
|
}
|
|
elseif ($row['field_type'] == 'text')
|
|
{
|
|
$input_html = '<input type="text" name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . ($row['field_length'] != 0 ? ' maxlength="' . $row['field_length'] . '"' : '') . ' size="' . ($row['field_length'] == 0 || $row['field_length'] >= 50 ? 50 : ($row['field_length'] > 30 ? 30 : ($row['field_length'] > 10 ? 20 : 10))) . '" value="' . un_htmlspecialchars($value) . '"' . ($row['show_reg'] == 2 ? ' required' : '') . '>';
|
|
}
|
|
else
|
|
{
|
|
@list ($rows, $cols) = @explode(',', $row['default_value']);
|
|
$input_html = '<textarea name="customfield[' . $row['col_name'] . ']" id="customfield[' . $row['col_name'] . ']"' . ($row['field_length'] != 0 ? ' maxlength="' . $row['field_length'] . '"' : '') . (!empty($rows) ? ' rows="' . $rows . '"' : '') . (!empty($cols) ? ' cols="' . $cols . '"' : '') . ($row['show_reg'] == 2 ? ' required' : '') . '>' . un_htmlspecialchars($value) . '</textarea>';
|
|
}
|
|
|
|
// Parse BBCode
|
|
if ($row['bbc'])
|
|
$output_html = parse_bbc($output_html);
|
|
elseif ($row['field_type'] == 'textarea')
|
|
// Allow for newlines at least
|
|
$output_html = strtr($output_html, array("\n" => '<br>'));
|
|
|
|
// Enclosing the user input within some other text?
|
|
if (!empty($row['enclose']) && !empty($output_html))
|
|
$output_html = strtr($row['enclose'], array(
|
|
'{SCRIPTURL}' => $scripturl,
|
|
'{IMAGES_URL}' => $settings['images_url'],
|
|
'{DEFAULT_IMAGES_URL}' => $settings['default_images_url'],
|
|
'{INPUT}' => un_htmlspecialchars($output_html),
|
|
'{KEY}' => $currentKey
|
|
));
|
|
|
|
$context['custom_fields'][] = array(
|
|
'name' => tokenTxtReplace($row['field_name']),
|
|
'desc' => tokenTxtReplace($row['field_desc']),
|
|
'type' => $row['field_type'],
|
|
'order' => $row['field_order'],
|
|
'input_html' => $input_html,
|
|
'output_html' => tokenTxtReplace($output_html),
|
|
'placement' => $row['placement'],
|
|
'colname' => $row['col_name'],
|
|
'value' => $value,
|
|
'show_reg' => $row['show_reg'],
|
|
);
|
|
$context['custom_fields_required'] = $context['custom_fields_required'] || $row['show_reg'] == 2;
|
|
}
|
|
$smcFunc['db_free_result']($request);
|
|
|
|
call_integration_hook('integrate_load_custom_profile_fields', array($memID, $area));
|
|
}
|
|
|
|
?>
|