source: trunk/profile.php @ 4304

Last change on this file since 4304 was 4304, checked in by Eric, 14 years ago

Escape all login and username characters in database
Display correctly usernames

(I hope not to have made mistakes)

  • Property svn:eol-style set to LF
File size: 9.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// customize appearance of the site for a user
25// +-----------------------------------------------------------------------+
26// |                           initialization                              |
27// +-----------------------------------------------------------------------+
28
29if (!defined('PHPWG_ROOT_PATH'))
30{//direct script access
31  define('PHPWG_ROOT_PATH','./');
32  include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
33
34  // +-----------------------------------------------------------------------+
35  // | Check Access and exit when user status is not ok                      |
36  // +-----------------------------------------------------------------------+
37  check_status(ACCESS_CLASSIC);
38
39  $userdata = $user;
40
41  trigger_action('loc_begin_profile');
42
43// Reset to default (Guest) custom settings
44  if (isset($_POST['reset_to_default']))
45  {
46    $fields = array(
47      'nb_image_line', 'nb_line_page', 'maxwidth', 'maxheight', 'expand',
48      'show_nb_comments', 'show_nb_hits', 'recent_period', 'show_nb_hits'
49      );
50
51    // Get the Guest custom settings
52    $query = '
53SELECT '.implode(',', $fields).'
54  FROM '.USER_INFOS_TABLE.'
55  WHERE user_id = '.$conf['default_user_id'].'
56;';
57    $result = pwg_query($query);
58    $default_user = mysql_fetch_assoc($result);
59    $userdata = array_merge($userdata, $default_user);
60  }
61
62  save_profile_from_post($userdata, $errors);
63
64  $title= l10n('customize_page_title');
65  $page['body_id'] = 'theProfilePage';
66  include(PHPWG_ROOT_PATH.'include/page_header.php');
67
68  load_profile_in_template(
69    get_root_url().'profile.php', // action
70    make_index_url(), // for redirect
71    $userdata );
72
73  // +-----------------------------------------------------------------------+
74  // |                             errors display                            |
75  // +-----------------------------------------------------------------------+
76  if (count($errors) != 0)
77  {
78    $template->assign('errors', $errors);
79  }
80  $template->set_filename('profile', 'profile.tpl');
81  trigger_action('loc_end_profile');
82  $template->parse('profile');
83  include(PHPWG_ROOT_PATH.'include/page_tail.php');
84}
85
86//------------------------------------------------------ update & customization
87function save_profile_from_post($userdata, &$errors)
88{
89  global $conf;
90  $errors = array();
91
92  if (!isset($_POST['validate']))
93  {
94    return false;
95  }
96
97  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
98  if ($special_user)
99  {
100    unset($_POST['mail_address'],
101          $_POST['password'],
102          $_POST['use_new_pwd'],
103          $_POST['passwordConf']
104          );
105  }
106
107  $int_pattern = '/^\d+$/';
108  if (empty($_POST['nb_image_line'])
109      or (!preg_match($int_pattern, $_POST['nb_image_line'])))
110  {
111    $errors[] = l10n('nb_image_line_error');
112  }
113
114  if (empty($_POST['nb_line_page'])
115      or (!preg_match($int_pattern, $_POST['nb_line_page'])))
116  {
117    $errors[] = l10n('nb_line_page_error');
118  }
119
120  if ($_POST['maxwidth'] != ''
121      and (!preg_match($int_pattern, $_POST['maxwidth'])
122           or $_POST['maxwidth'] < 50))
123  {
124    $errors[] = l10n('maxwidth_error');
125  }
126  if ($_POST['maxheight']
127       and (!preg_match($int_pattern, $_POST['maxheight'])
128             or $_POST['maxheight'] < 50))
129  {
130    $errors[] = l10n('maxheight_error');
131  }
132  // periods must be integer values, they represents number of days
133  if (!preg_match($int_pattern, $_POST['recent_period'])
134      or $_POST['recent_period'] <= 0)
135  {
136    $errors[] = l10n('periods_error') ;
137  }
138
139  if (isset($_POST['mail_address']))
140  {
141    // if $_POST and $userdata have are same email
142    // validate_mail_address allows, however, to check email
143    $mail_error = validate_mail_address($userdata['id'], $_POST['mail_address']);
144    if (!empty($mail_error))
145    {
146      $errors[] = $mail_error;
147    }
148  }
149
150  if (!empty($_POST['use_new_pwd']))
151  {
152    // password must be the same as its confirmation
153    if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
154    {
155      $errors[] = l10n('New password confirmation does not correspond');
156    }
157
158    if ( !defined('IN_ADMIN') )
159    {// changing password requires old password
160      $query = '
161  SELECT '.$conf['user_fields']['password'].' AS password
162    FROM '.USERS_TABLE.'
163    WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
164  ;';
165      list($current_password) = mysql_fetch_row(pwg_query($query));
166 
167      if ($conf['pass_convert']($_POST['password']) != $current_password)
168      {
169        $errors[] = l10n('Current password is wrong');
170      }
171    }
172  }
173
174  if (count($errors) == 0)
175  {
176    // mass_updates function
177    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
178
179    if (isset($_POST['mail_address']))
180    {
181      // update common user informations
182      $fields = array($conf['user_fields']['email']);
183
184      $data = array();
185      $data{$conf['user_fields']['id']} = $userdata['id'];
186      $data{$conf['user_fields']['email']} = $_POST['mail_address'];
187
188      // password is updated only if filled
189      if (!empty($_POST['use_new_pwd']))
190      {
191        array_push($fields, $conf['user_fields']['password']);
192        // password is encrpyted with function $conf['pass_convert']
193        $data{$conf['user_fields']['password']} =
194          $conf['pass_convert']($_POST['use_new_pwd']);
195      }
196      mass_updates(USERS_TABLE,
197                   array('primary' => array($conf['user_fields']['id']),
198                         'update' => $fields),
199                   array($data));
200    }
201
202    // update user "additional" informations (specific to Piwigo)
203    $fields = array(
204      'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight',
205      'expand', 'show_nb_comments', 'show_nb_hits', 'recent_period', 'template'
206      );
207
208    $data = array();
209    $data['user_id'] = $userdata['id'];
210
211    foreach ($fields as $field)
212    {
213      if (isset($_POST[$field]))
214      {
215        $data[$field] = $_POST[$field];
216      }
217    }
218    mass_updates(USER_INFOS_TABLE,
219                 array('primary' => array('user_id'), 'update' => $fields),
220                 array($data));
221
222    trigger_action( 'save_profile_from_post', $userdata['id'] );
223   
224    if (!empty($_POST['redirect']))
225    {
226      redirect($_POST['redirect']);
227    }
228  }
229  return true;
230}
231
232
233function load_profile_in_template($url_action, $url_redirect, $userdata)
234{
235  global $template, $conf;
236
237  $template->set_filename('profile_content', 'profile_content.tpl');
238
239  $template->assign('radio_options',
240    array(
241      'true' => l10n('Yes'),
242      'false' => l10n('No')));
243
244  $template->assign(
245    array(
246      'USERNAME'=>stripslashes($userdata['username']),
247      'EMAIL'=>get_email_address_as_display_text(@$userdata['email']),
248      'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
249      'NB_ROW_PAGE'=>$userdata['nb_line_page'],
250      'RECENT_PERIOD'=>$userdata['recent_period'],
251      'MAXWIDTH'=>@$userdata['maxwidth'],
252      'MAXHEIGHT'=>@$userdata['maxheight'],
253      'EXPAND' =>$userdata['expand'] ? 'true' : 'false',
254      'NB_COMMENTS'=>$userdata['show_nb_comments'] ? 'true' : 'false',
255      'NB_HITS'=>$userdata['show_nb_hits'] ? 'true' : 'false',
256      'REDIRECT' => $url_redirect,
257      'F_ACTION'=>$url_action,
258      ));
259
260  foreach (get_pwg_themes() as $pwg_template)
261  {
262    if (isset($_POST['submit'])
263      or $userdata['template'].'/'.$userdata['theme'] == $pwg_template)
264    {
265      $template->assign('template_selection', $pwg_template);
266    }
267    $template_options[$pwg_template] = $pwg_template;
268  }
269  $template->assign('template_options', $template_options);
270
271  foreach (get_languages() as $language_code => $language_name)
272  {
273    if (isset($_POST['submit']) or $userdata['language'] == $language_code)
274    {
275      $template->assign('language_selection', $language_code);
276    }
277    $language_options[$language_code] = $language_name;
278  }
279
280  $template->assign('language_options', $language_options);
281
282  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
283  $template->assign('SPECIAL_USER', $special_user);
284  $template->assign('IN_ADMIN', defined('IN_ADMIN'));
285
286  // allow plugins to add their own form data to content
287  trigger_action( 'load_profile_in_template', $userdata );
288 
289  $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
290}
291?>
Note: See TracBrowser for help on using the repository browser.