[2] | 1 | <?php |
---|
[351] | 2 | // +-----------------------------------------------------------------------+ |
---|
[593] | 3 | // | PhpWebGallery - a PHP based picture gallery | |
---|
| 4 | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | |
---|
[675] | 5 | // | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | |
---|
[351] | 6 | // +-----------------------------------------------------------------------+ |
---|
[593] | 7 | // | branch : BSF (Best So Far) |
---|
[351] | 8 | // | file : $RCSfile$ |
---|
| 9 | // | last update : $Date: 2005-01-07 23:10:51 +0000 (Fri, 07 Jan 2005) $ |
---|
| 10 | // | last modifier : $Author: plg $ |
---|
| 11 | // | revision : $Revision: 675 $ |
---|
| 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 14 | // | it under the terms of the GNU General Public License as published by | |
---|
[354] | 15 | // | the Free Software Foundation | |
---|
| 16 | // | | |
---|
| 17 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 20 | // | General Public License for more details. | |
---|
| 21 | // | | |
---|
| 22 | // | You should have received a copy of the GNU General Public License | |
---|
| 23 | // | along with this program; if not, write to the Free Software | |
---|
| 24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 25 | // | USA. | |
---|
[351] | 26 | // +-----------------------------------------------------------------------+ |
---|
[2] | 27 | |
---|
| 28 | // customize appearance of the site for a user |
---|
[631] | 29 | // +-----------------------------------------------------------------------+ |
---|
| 30 | // | initialization | |
---|
| 31 | // +-----------------------------------------------------------------------+ |
---|
| 32 | $userdata = array(); |
---|
[662] | 33 | if (defined('IN_ADMIN') and isset($_POST['submituser'])) |
---|
[2] | 34 | { |
---|
[631] | 35 | $userdata = getuserdata($_POST['username']); |
---|
[2] | 36 | } |
---|
[662] | 37 | elseif (defined('IN_ADMIN') and isset($_POST['submit'])) |
---|
[631] | 38 | { |
---|
| 39 | $userdata = getuserdata(intval($_POST['userid'])); |
---|
| 40 | } |
---|
[662] | 41 | elseif (!defined('IN_ADMIN') or !IN_ADMIN) |
---|
[631] | 42 | { |
---|
| 43 | define('PHPWG_ROOT_PATH','./'); |
---|
| 44 | include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); |
---|
| 45 | check_login_authorization(false); |
---|
[662] | 46 | $userdata = $user; |
---|
[631] | 47 | } |
---|
[2] | 48 | //------------------------------------------------------ update & customization |
---|
[662] | 49 | $infos = array('nb_image_line', 'nb_line_page', 'language', |
---|
| 50 | 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', |
---|
| 51 | 'recent_period', 'template', 'mail_address'); |
---|
| 52 | |
---|
[26] | 53 | $errors = array(); |
---|
[662] | 54 | if (isset($_POST['submit'])) |
---|
[2] | 55 | { |
---|
[26] | 56 | $int_pattern = '/^\d+$/'; |
---|
[662] | 57 | |
---|
| 58 | if ($_POST['maxwidth'] != '' |
---|
| 59 | and (!preg_match($int_pattern, $_POST['maxwidth']) |
---|
| 60 | or $_POST['maxwidth'] < 50)) |
---|
[2] | 61 | { |
---|
[662] | 62 | array_push($errors, $lang['maxwidth_error']); |
---|
[2] | 63 | } |
---|
[662] | 64 | if ($_POST['maxheight'] |
---|
| 65 | and (!preg_match($int_pattern, $_POST['maxheight']) |
---|
| 66 | or $_POST['maxheight'] < 50)) |
---|
[2] | 67 | { |
---|
[662] | 68 | array_push($errors, $lang['maxheight_error']); |
---|
[2] | 69 | } |
---|
[26] | 70 | // periods must be integer values, they represents number of days |
---|
[452] | 71 | if (!preg_match($int_pattern, $_POST['recent_period']) |
---|
| 72 | or $_POST['recent_period'] <= 0) |
---|
[2] | 73 | { |
---|
[662] | 74 | array_push($errors, $lang['periods_error']); |
---|
[2] | 75 | } |
---|
[662] | 76 | |
---|
| 77 | // if mail_address has changed |
---|
| 78 | if (!isset($userdata['mail_address'])) |
---|
| 79 | { |
---|
| 80 | $userdata['mail_address'] = ''; |
---|
| 81 | } |
---|
[631] | 82 | |
---|
[662] | 83 | if ($_POST['mail_address'] != @$userdata['mail_address']) |
---|
[630] | 84 | { |
---|
[662] | 85 | if ($user['status'] == 'admin') |
---|
[631] | 86 | { |
---|
[662] | 87 | $mail_error = validate_mail_address($_POST['mail_address']); |
---|
| 88 | if (!empty($mail_error)) |
---|
| 89 | { |
---|
| 90 | array_push($errors, $mail_error); |
---|
| 91 | } |
---|
| 92 | } |
---|
| 93 | else if (!empty($_POST['password'])) |
---|
[630] | 94 | { |
---|
[662] | 95 | array_push($errors, $lang['reg_err_pass']); |
---|
[630] | 96 | } |
---|
| 97 | else |
---|
[662] | 98 | { |
---|
| 99 | // retrieving the encrypted password of the login submitted |
---|
| 100 | $query = ' |
---|
| 101 | SELECT password |
---|
| 102 | FROM '.USERS_TABLE.' |
---|
| 103 | WHERE id = \''.$userdata['id'].'\' |
---|
| 104 | ;'; |
---|
| 105 | $row = mysql_fetch_array(pwg_query($query)); |
---|
| 106 | if ($row['password'] == md5($_POST['password'])) |
---|
| 107 | { |
---|
| 108 | $mail_error = validate_mail_address($_POST['mail_address']); |
---|
| 109 | if (!empty($mail_error)) |
---|
| 110 | { |
---|
| 111 | array_push($errors, $mail_error); |
---|
| 112 | } |
---|
| 113 | } |
---|
| 114 | else |
---|
| 115 | { |
---|
| 116 | array_push($errors, $lang['reg_err_pass']); |
---|
| 117 | } |
---|
[631] | 118 | } |
---|
[630] | 119 | } |
---|
| 120 | |
---|
[345] | 121 | // password must be the same as its confirmation |
---|
[662] | 122 | if (!empty($_POST['use_new_pwd']) |
---|
| 123 | and $_POST['use_new_pwd'] != $_POST['passwordConf']) |
---|
| 124 | { |
---|
| 125 | array_push($errors, $lang['reg_err_pass']); |
---|
| 126 | } |
---|
| 127 | |
---|
[631] | 128 | // We check if we are in the admin level |
---|
[662] | 129 | if (isset($_POST['user_delete'])) |
---|
[631] | 130 | { |
---|
| 131 | if ($_POST['userid'] > 2) // gallery founder + guest |
---|
| 132 | { |
---|
| 133 | delete_user($_POST['userid']); |
---|
| 134 | } |
---|
| 135 | else |
---|
[662] | 136 | { |
---|
| 137 | array_push($errors, $lang['user_err_modify']); |
---|
| 138 | } |
---|
[631] | 139 | } |
---|
| 140 | |
---|
[662] | 141 | // We check if we are in the admin level |
---|
| 142 | if (isset($_POST['status']) and $_POST['status'] <> $userdata['status']) |
---|
[631] | 143 | { |
---|
[662] | 144 | if ($_POST['userid'] > 2) // gallery founder + guest |
---|
[631] | 145 | { |
---|
| 146 | array_push($infos, 'status'); |
---|
| 147 | } |
---|
| 148 | else |
---|
[662] | 149 | { |
---|
| 150 | array_push($errors, $lang['user_err_modify']); |
---|
| 151 | } |
---|
[631] | 152 | } |
---|
[662] | 153 | |
---|
| 154 | if (count($errors) == 0) |
---|
[2] | 155 | { |
---|
[662] | 156 | $query = ' |
---|
| 157 | UPDATE '.USERS_TABLE.' |
---|
| 158 | SET '; |
---|
| 159 | $is_first = true; |
---|
| 160 | foreach ($infos as $i => $info) |
---|
| 161 | { |
---|
| 162 | if (!$is_first) |
---|
| 163 | { |
---|
| 164 | $query.= ' |
---|
| 165 | , '; |
---|
| 166 | } |
---|
| 167 | $is_first = false; |
---|
| 168 | |
---|
[26] | 169 | $query.= $info; |
---|
[2] | 170 | $query.= ' = '; |
---|
[662] | 171 | if ($_POST[$info] == '') |
---|
| 172 | { |
---|
| 173 | $query.= 'NULL'; |
---|
| 174 | } |
---|
| 175 | else |
---|
| 176 | { |
---|
| 177 | $query.= "'".$_POST[$info]."'"; |
---|
| 178 | } |
---|
[2] | 179 | } |
---|
[662] | 180 | $query.= ' |
---|
| 181 | WHERE id = '.$_POST['userid'].' |
---|
| 182 | ;'; |
---|
| 183 | pwg_query($query); |
---|
[2] | 184 | |
---|
[662] | 185 | if (!empty($_POST['use_new_pwd'])) |
---|
[2] | 186 | { |
---|
[662] | 187 | $query = ' |
---|
| 188 | UPDATE '.USERS_TABLE.' |
---|
| 189 | SET password = \''.md5($_POST['use_new_pwd']).'\' |
---|
| 190 | WHERE id = '.$_POST['userid'].' |
---|
| 191 | ;'; |
---|
| 192 | pwg_query($query); |
---|
[2] | 193 | } |
---|
[631] | 194 | |
---|
[2] | 195 | // redirection |
---|
[662] | 196 | if (!defined('IN_ADMIN') or !IN_ADMIN) |
---|
[631] | 197 | { |
---|
[662] | 198 | $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; |
---|
| 199 | redirect(add_session_id($url)); |
---|
[631] | 200 | } |
---|
[662] | 201 | else |
---|
| 202 | { |
---|
[631] | 203 | redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile')); |
---|
| 204 | } |
---|
[2] | 205 | } |
---|
| 206 | } |
---|
[631] | 207 | // +-----------------------------------------------------------------------+ |
---|
| 208 | // | page header and options | |
---|
| 209 | // +-----------------------------------------------------------------------+ |
---|
| 210 | $url_action = PHPWG_ROOT_PATH; |
---|
| 211 | if (!defined('IN_ADMIN')) |
---|
| 212 | { |
---|
| 213 | $title= $lang['customize_page_title']; |
---|
| 214 | include(PHPWG_ROOT_PATH.'include/page_header.php'); |
---|
| 215 | $url_action .='profile.php'; |
---|
| 216 | } |
---|
| 217 | else |
---|
| 218 | { |
---|
| 219 | $url_action .='admin.php?page=profile'; |
---|
| 220 | } |
---|
[2] | 221 | //----------------------------------------------------- template initialization |
---|
[662] | 222 | $template->set_filenames(array('profile_body'=>'profile.tpl')); |
---|
[393] | 223 | |
---|
[662] | 224 | if (defined('IN_ADMIN') and IN_ADMIN and empty($userdata)) |
---|
[631] | 225 | { |
---|
| 226 | $template->assign_block_vars('select_user',array()); |
---|
[345] | 227 | |
---|
[662] | 228 | $admin_profile = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'); |
---|
| 229 | |
---|
| 230 | $template->assign_vars( |
---|
| 231 | array( |
---|
| 232 | 'L_SELECT_USERNAME'=>$lang['Select_username'], |
---|
| 233 | 'L_LOOKUP_USER'=>$lang['Look_up_user'], |
---|
| 234 | 'L_FIND_USERNAME'=>$lang['Find_username'], |
---|
| 235 | 'L_AUTH_USER'=>$lang['permuser_only_private'], |
---|
| 236 | 'L_SUBMIT'=>$lang['submit'], |
---|
| 237 | |
---|
| 238 | 'F_SEARCH_USER_ACTION' => $admin_profile, |
---|
| 239 | 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') |
---|
| 240 | )); |
---|
[631] | 241 | } |
---|
| 242 | else |
---|
| 243 | { |
---|
[662] | 244 | $expand = |
---|
| 245 | ($userdata['expand']=='true')? |
---|
| 246 | 'EXPAND_TREE_YES':'EXPAND_TREE_NO'; |
---|
[393] | 247 | |
---|
[662] | 248 | $nb_comments = |
---|
| 249 | ($userdata['show_nb_comments']=='true')? |
---|
| 250 | 'NB_COMMENTS_YES':'NB_COMMENTS_NO'; |
---|
[393] | 251 | |
---|
[662] | 252 | $template->assign_block_vars('modify',array()); |
---|
| 253 | $template->assign_vars( |
---|
| 254 | array( |
---|
| 255 | 'USERNAME'=>$userdata['username'], |
---|
| 256 | 'USERID'=>$userdata['id'], |
---|
| 257 | 'EMAIL'=>@$userdata['mail_address'], |
---|
| 258 | 'LANG_SELECT'=>language_select($userdata['language'], 'language'), |
---|
| 259 | 'NB_IMAGE_LINE'=>$userdata['nb_image_line'], |
---|
| 260 | 'NB_ROW_PAGE'=>$userdata['nb_line_page'], |
---|
| 261 | 'STYLE_SELECT'=>style_select($userdata['template'], 'template'), |
---|
| 262 | 'RECENT_PERIOD'=>$userdata['recent_period'], |
---|
| 263 | 'MAXWIDTH'=>@$userdata['maxwidth'], |
---|
| 264 | 'MAXHEIGHT'=>@$userdata['maxheight'], |
---|
[393] | 265 | |
---|
[662] | 266 | $expand=>'checked="checked"', |
---|
| 267 | $nb_comments=>'checked="checked"', |
---|
| 268 | |
---|
| 269 | 'L_TITLE' => $lang['customize_title'], |
---|
| 270 | 'L_REGISTRATION_INFO' => $lang['register_title'], |
---|
| 271 | 'L_PREFERENCES' => $lang['preferences'], |
---|
| 272 | 'L_USERNAME' => $lang['login'], |
---|
| 273 | 'L_EMAIL' => $lang['mail_address'], |
---|
| 274 | 'L_CURRENT_PASSWORD' => $lang['password'], |
---|
| 275 | 'L_CURRENT_PASSWORD_HINT' => $lang['password_hint'], |
---|
| 276 | 'L_NEW_PASSWORD' => $lang['new_password'], |
---|
| 277 | 'L_NEW_PASSWORD_HINT' => $lang['new_password_hint'], |
---|
| 278 | 'L_CONFIRM_PASSWORD' => $lang['reg_confirm'], |
---|
| 279 | 'L_CONFIRM_PASSWORD_HINT' => $lang['confirm_password_hint'], |
---|
| 280 | 'L_LANG_SELECT'=>$lang['language'], |
---|
| 281 | 'L_NB_IMAGE_LINE'=>$lang['nb_image_per_row'], |
---|
| 282 | 'L_NB_ROW_PAGE'=>$lang['nb_row_per_page'], |
---|
| 283 | 'L_STYLE_SELECT'=>$lang['theme'], |
---|
| 284 | 'L_RECENT_PERIOD'=>$lang['recent_period'], |
---|
| 285 | 'L_EXPAND_TREE'=>$lang['auto_expand'], |
---|
| 286 | 'L_NB_COMMENTS'=>$lang['show_nb_comments'], |
---|
| 287 | 'L_MAXWIDTH'=>$lang['maxwidth'], |
---|
| 288 | 'L_MAXHEIGHT'=>$lang['maxheight'], |
---|
| 289 | 'L_YES'=>$lang['yes'], |
---|
| 290 | 'L_NO'=>$lang['no'], |
---|
| 291 | 'L_SUBMIT'=>$lang['submit'], |
---|
| 292 | 'L_RETURN' => $lang['home'], |
---|
| 293 | 'L_RETURN_HINT' => $lang['home_hint'], |
---|
| 294 | |
---|
| 295 | 'F_ACTION'=>add_session_id($url_action), |
---|
| 296 | )); |
---|
| 297 | |
---|
| 298 | if (!defined('IN_ADMIN') or !IN_ADMIN) |
---|
| 299 | { |
---|
| 300 | $url_return = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; |
---|
| 301 | $template->assign_vars(array('U_RETURN' => add_session_id($url_return))); |
---|
| 302 | } |
---|
[2] | 303 | //-------------------------------------------------------------- errors display |
---|
[662] | 304 | if (count($errors) != 0) |
---|
[2] | 305 | { |
---|
[662] | 306 | $template->assign_block_vars('modify.errors',array()); |
---|
| 307 | foreach ($errors as $error) |
---|
| 308 | { |
---|
| 309 | $template->assign_block_vars('modify.errors.error', |
---|
| 310 | array('ERROR'=>$error)); |
---|
| 311 | } |
---|
[2] | 312 | } |
---|
[631] | 313 | //------------------------------------------------------------- user management |
---|
[662] | 314 | if (defined('IN_ADMIN') and IN_ADMIN) |
---|
| 315 | { |
---|
| 316 | $status_select = '<select name="status">'; |
---|
| 317 | $status_select .='<option value = "guest" '; |
---|
| 318 | if ($userdata['status'] == 'guest') |
---|
| 319 | { |
---|
| 320 | $status_select .= 'selected="selected"'; |
---|
| 321 | } |
---|
| 322 | $status_select .='>'.$lang['user_status_guest'] .'</option>'; |
---|
| 323 | $status_select .='<option value = "admin" '; |
---|
| 324 | if ($userdata['status'] == 'admin') |
---|
| 325 | { |
---|
| 326 | $status_select .= 'selected="selected"'; |
---|
| 327 | } |
---|
| 328 | $status_select .='>'.$lang['user_status_admin'] .'</option>'; |
---|
| 329 | $status_select .='</select>'; |
---|
| 330 | $template->assign_block_vars( |
---|
| 331 | 'modify.admin', |
---|
| 332 | array( |
---|
| 333 | 'L_ADMIN_USER'=>$lang['user_management'], |
---|
| 334 | 'L_STATUS'=>$lang['user_status'], |
---|
| 335 | 'L_DELETE'=>$lang['user_delete'], |
---|
| 336 | 'L_DELETE_HINT'=>$lang['user_delete_hint'], |
---|
| 337 | 'STATUS'=>$status_select |
---|
| 338 | )); |
---|
| 339 | } |
---|
[631] | 340 | } |
---|
| 341 | // +-----------------------------------------------------------------------+ |
---|
| 342 | // | html code display | |
---|
| 343 | // +-----------------------------------------------------------------------+ |
---|
[662] | 344 | if (defined('IN_ADMIN') and IN_ADMIN) |
---|
[631] | 345 | { |
---|
| 346 | $template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body'); |
---|
| 347 | } |
---|
| 348 | else |
---|
| 349 | { |
---|
| 350 | $template->assign_block_vars('modify.profile',array()); |
---|
| 351 | $template->pparse('profile_body'); |
---|
| 352 | include(PHPWG_ROOT_PATH.'include/page_tail.php'); |
---|
| 353 | } |
---|
[362] | 354 | ?> |
---|