Changeset 662 for trunk/profile.php
- Timestamp:
- Dec 28, 2004, 8:12:57 PM (19 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/profile.php
r631 r662 31 31 // +-----------------------------------------------------------------------+ 32 32 $userdata = array(); 33 if ( defined('IN_ADMIN') && isset( $_POST['submituser'] ))33 if (defined('IN_ADMIN') and isset($_POST['submituser'])) 34 34 { 35 35 $userdata = getuserdata($_POST['username']); 36 36 } 37 elseif (defined('IN_ADMIN') && isset( $_POST['submit']))37 elseif (defined('IN_ADMIN') and isset($_POST['submit'])) 38 38 { 39 39 $userdata = getuserdata(intval($_POST['userid'])); 40 40 } 41 elseif (!defined('IN_ADMIN') )41 elseif (!defined('IN_ADMIN') or !IN_ADMIN) 42 42 { 43 43 define('PHPWG_ROOT_PATH','./'); 44 44 include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); 45 45 check_login_authorization(false); 46 $userdata =$user;46 $userdata = $user; 47 47 } 48 48 //------------------------------------------------------ update & customization 49 $infos = array( 'nb_image_line', 'nb_line_page', 'language', 50 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', 51 'recent_period', 'template', 'mail_address'); 52 // mise à jour dans la base de données des valeurs 53 // des paramètres pour l'utilisateur courant 54 // - on teste si chacune des variables est passée en argument à la page 55 // - ce qui signifie que l'on doit venir de la page de personnalisation 49 $infos = array('nb_image_line', 'nb_line_page', 'language', 50 'maxwidth', 'maxheight', 'expand', 'show_nb_comments', 51 'recent_period', 'template', 'mail_address'); 52 56 53 $errors = array(); 57 if ( isset( $_POST['submit'] ))54 if (isset($_POST['submit'])) 58 55 { 59 56 $int_pattern = '/^\d+$/'; 60 if ( $_POST['maxwidth'] != '' 61 and ( !preg_match( $int_pattern, $_POST['maxwidth'] ) 62 or $_POST['maxwidth'] < 50 ) ) 63 { 64 array_push( $errors, $lang['maxwidth_error'] ); 65 } 66 if ( $_POST['maxheight'] 67 and ( !preg_match( $int_pattern, $_POST['maxheight'] ) 68 or $_POST['maxheight'] < 50 ) ) 69 { 70 array_push( $errors, $lang['maxheight_error'] ); 57 58 if ($_POST['maxwidth'] != '' 59 and (!preg_match($int_pattern, $_POST['maxwidth']) 60 or $_POST['maxwidth'] < 50)) 61 { 62 array_push($errors, $lang['maxwidth_error']); 63 } 64 if ($_POST['maxheight'] 65 and (!preg_match($int_pattern, $_POST['maxheight']) 66 or $_POST['maxheight'] < 50)) 67 { 68 array_push($errors, $lang['maxheight_error']); 71 69 } 72 70 // periods must be integer values, they represents number of days … … 74 72 or $_POST['recent_period'] <= 0) 75 73 { 76 array_push( $errors, $lang['periods_error'] ); 77 } 78 79 if ( $_POST['mail_address']!= $userdata['mail_address']) 80 { 81 if ($user['status'] == 'admin') 82 { 83 $mail_error = validate_mail_address( $_POST['mail_address'] ); 84 if ( !empty($mail_error)) array_push( $errors, $mail_error ); 85 } 86 elseif (!empty($_POST['password'])) 87 array_push( $errors, $lang['reg_err_pass'] ); 74 array_push($errors, $lang['periods_error']); 75 } 76 77 // if mail_address has changed 78 if (!isset($userdata['mail_address'])) 79 { 80 $userdata['mail_address'] = ''; 81 } 82 83 if ($_POST['mail_address'] != @$userdata['mail_address']) 84 { 85 if ($user['status'] == 'admin') 86 { 87 $mail_error = validate_mail_address($_POST['mail_address']); 88 if (!empty($mail_error)) 89 { 90 array_push($errors, $mail_error); 91 } 92 } 93 else if (!empty($_POST['password'])) 94 { 95 array_push($errors, $lang['reg_err_pass']); 96 } 88 97 else 89 98 { 90 // retrieving the encrypted password of the login submitted 91 $query = 'SELECT password FROM '.USERS_TABLE.' 92 WHERE username = \''.$userdata['username'].'\';'; 93 $row = mysql_fetch_array(pwg_query($query)); 94 if ($row['password'] == md5($_POST['password'])) 95 { 96 $mail_error = validate_mail_address( $_POST['mail_address'] ); 97 if ( !empty($mail_error)) array_push( $errors, $mail_error ); 99 // retrieving the encrypted password of the login submitted 100 $query = ' 101 SELECT password 102 FROM '.USERS_TABLE.' 103 WHERE id = \''.$userdata['id'].'\' 104 ;'; 105 $row = mysql_fetch_array(pwg_query($query)); 106 if ($row['password'] == md5($_POST['password'])) 107 { 108 $mail_error = validate_mail_address($_POST['mail_address']); 109 if (!empty($mail_error)) 110 { 111 array_push($errors, $mail_error); 112 } 113 } 114 else 115 { 116 array_push($errors, $lang['reg_err_pass']); 117 } 118 } 119 } 120 121 // password must be the same as its confirmation 122 if (!empty($_POST['use_new_pwd']) 123 and $_POST['use_new_pwd'] != $_POST['passwordConf']) 124 { 125 array_push($errors, $lang['reg_err_pass']); 126 } 127 128 // We check if we are in the admin level 129 if (isset($_POST['user_delete'])) 130 { 131 if ($_POST['userid'] > 2) // gallery founder + guest 132 { 133 delete_user($_POST['userid']); 98 134 } 99 135 else 100 array_push( $errors, $lang['reg_err_pass'] ); 136 { 137 array_push($errors, $lang['user_err_modify']); 138 } 139 } 140 141 // We check if we are in the admin level 142 if (isset($_POST['status']) and $_POST['status'] <> $userdata['status']) 143 { 144 if ($_POST['userid'] > 2) // gallery founder + guest 145 { 146 array_push($infos, 'status'); 147 } 148 else 149 { 150 array_push($errors, $lang['user_err_modify']); 151 } 152 } 153 154 if (count($errors) == 0) 155 { 156 $query = ' 157 UPDATE '.USERS_TABLE.' 158 SET '; 159 $is_first = true; 160 foreach ($infos as $i => $info) 161 { 162 if (!$is_first) 163 { 164 $query.= ' 165 , '; 166 } 167 $is_first = false; 101 168 102 }103 }104 105 // password must be the same as its confirmation106 if ( !empty( $_POST['use_new_pwd'] )107 and $_POST['use_new_pwd'] != $_POST['passwordConf'] )108 array_push( $errors, $lang['reg_err_pass'] );109 110 // We check if we are in the admin level111 if (isset ($_POST['user_delete']))112 {113 if ($_POST['userid'] > 2) // gallery founder + guest114 {115 delete_user($_POST['userid']);116 }117 else118 array_push( $errors, $lang['user_err_modify'] );119 }120 121 // We check if we are in the admin level122 if (isset ($_POST['status']) && $_POST['status'] <> $userdata['status'])123 {124 if ($_POST['userid'] > 2) // gallery founder + guest125 {126 array_push($infos, 'status');127 }128 else129 array_push( $errors, $lang['user_err_modify'] );130 }131 132 if ( count( $errors ) == 0 )133 {134 $query = 'UPDATE '.USERS_TABLE;135 $query.= ' SET ';136 foreach ( $infos as $i => $info ) {137 if ( $i > 0 ) $query.= ',';138 169 $query.= $info; 139 170 $query.= ' = '; 140 if ( $_POST[$info] == '' ) $query.= 'NULL'; 141 else $query.= "'".$_POST[$info]."'"; 142 } 143 $query.= ' WHERE id = '.$_POST['userid']; 144 $query.= ';'; 145 pwg_query( $query ); 146 147 if ( !empty( $_POST['use_new_pwd'] ) ) 148 { 149 $query = 'UPDATE '.USERS_TABLE; 150 $query.= " SET password = '".md5( $_POST['use_new_pwd'] )."'"; 151 $query.= ' WHERE id = '.$_POST['userid']; 152 $query.= ';'; 153 pwg_query( $query ); 171 if ($_POST[$info] == '') 172 { 173 $query.= 'NULL'; 174 } 175 else 176 { 177 $query.= "'".$_POST[$info]."'"; 178 } 179 } 180 $query.= ' 181 WHERE id = '.$_POST['userid'].' 182 ;'; 183 pwg_query($query); 184 185 if (!empty($_POST['use_new_pwd'])) 186 { 187 $query = ' 188 UPDATE '.USERS_TABLE.' 189 SET password = \''.md5($_POST['use_new_pwd']).'\' 190 WHERE id = '.$_POST['userid'].' 191 ;'; 192 pwg_query($query); 154 193 } 155 194 156 195 // redirection 157 if (!defined('IN_ADMIN')) 158 { 159 redirect(add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])); 160 } 161 else 162 { 196 if (!defined('IN_ADMIN') or !IN_ADMIN) 197 { 198 $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; 199 redirect(add_session_id($url)); 200 } 201 else 202 { 163 203 redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile')); 164 204 } 165 205 } 166 206 } 167 168 207 // +-----------------------------------------------------------------------+ 169 208 // | page header and options | … … 181 220 } 182 221 //----------------------------------------------------- template initialization 183 184 222 $template->set_filenames(array('profile_body'=>'profile.tpl')); 185 if ( defined('IN_ADMIN') && empty($userdata)) 223 224 if (defined('IN_ADMIN') and IN_ADMIN and empty($userdata)) 186 225 { 187 226 $template->assign_block_vars('select_user',array()); 188 $template->assign_vars(array( 189 'L_SELECT_USERNAME'=>$lang['Select_username'], 190 'L_LOOKUP_USER'=>$lang['Look_up_user'], 191 'L_FIND_USERNAME'=>$lang['Find_username'], 192 'L_AUTH_USER'=>$lang['permuser_only_private'], 193 'L_SUBMIT'=>$lang['submit'], 194 195 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'), 196 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') 197 )); 227 228 $admin_profile = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'); 229 230 $template->assign_vars( 231 array( 232 'L_SELECT_USERNAME'=>$lang['Select_username'], 233 'L_LOOKUP_USER'=>$lang['Look_up_user'], 234 'L_FIND_USERNAME'=>$lang['Find_username'], 235 'L_AUTH_USER'=>$lang['permuser_only_private'], 236 'L_SUBMIT'=>$lang['submit'], 237 238 'F_SEARCH_USER_ACTION' => $admin_profile, 239 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') 240 )); 198 241 } 199 242 else 200 243 { 201 $expand = ($userdata['expand']=='true')?'EXPAND_TREE_YES':'EXPAND_TREE_NO'; 202 $nb_comments = ($userdata['show_nb_comments']=='true')?'NB_COMMENTS_YES':'NB_COMMENTS_NO'; 203 204 $template->assign_block_vars('modify',array()); 205 $template->assign_vars(array( 206 'USERNAME'=>$userdata['username'], 207 'USERID'=>$userdata['id'], 208 'EMAIL'=>$userdata['mail_address'], 209 'LANG_SELECT'=>language_select($userdata['language'], 'language'), 210 'NB_IMAGE_LINE'=>$userdata['nb_image_line'], 211 'NB_ROW_PAGE'=>$userdata['nb_line_page'], 212 'STYLE_SELECT'=>style_select($userdata['template'], 'template'), 213 'RECENT_PERIOD'=>$userdata['recent_period'], 214 'MAXWIDTH'=>$userdata['maxwidth'], 215 'MAXHEIGHT'=>$userdata['maxheight'], 216 217 $expand=>'checked="checked"', 218 $nb_comments=>'checked="checked"', 219 220 'L_TITLE' => $lang['customize_title'], 221 'L_REGISTRATION_INFO' => $lang['register_title'], 222 'L_PREFERENCES' => $lang['preferences'], 223 'L_USERNAME' => $lang['login'], 224 'L_EMAIL' => $lang['mail_address'], 225 'L_CURRENT_PASSWORD' => $lang['password'], 226 'L_CURRENT_PASSWORD_HINT' => $lang['password_hint'], 227 'L_NEW_PASSWORD' => $lang['new_password'], 228 'L_NEW_PASSWORD_HINT' => $lang['new_password_hint'], 229 'L_CONFIRM_PASSWORD' => $lang['reg_confirm'], 230 'L_CONFIRM_PASSWORD_HINT' => $lang['confirm_password_hint'], 231 'L_LANG_SELECT'=>$lang['language'], 232 'L_NB_IMAGE_LINE'=>$lang['nb_image_per_row'], 233 'L_NB_ROW_PAGE'=>$lang['nb_row_per_page'], 234 'L_STYLE_SELECT'=>$lang['theme'], 235 'L_RECENT_PERIOD'=>$lang['recent_period'], 236 'L_EXPAND_TREE'=>$lang['auto_expand'], 237 'L_NB_COMMENTS'=>$lang['show_nb_comments'], 238 'L_MAXWIDTH'=>$lang['maxwidth'], 239 'L_MAXHEIGHT'=>$lang['maxheight'], 240 'L_YES'=>$lang['yes'], 241 'L_NO'=>$lang['no'], 242 'L_SUBMIT'=>$lang['submit'], 243 'L_RETURN' => $lang['home'], 244 'L_RETURN_HINT' => $lang['home_hint'], 245 246 'F_ACTION'=>add_session_id($url_action), 247 248 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']) 249 )); 250 244 $expand = 245 ($userdata['expand']=='true')? 246 'EXPAND_TREE_YES':'EXPAND_TREE_NO'; 247 248 $nb_comments = 249 ($userdata['show_nb_comments']=='true')? 250 'NB_COMMENTS_YES':'NB_COMMENTS_NO'; 251 252 $template->assign_block_vars('modify',array()); 253 $template->assign_vars( 254 array( 255 'USERNAME'=>$userdata['username'], 256 'USERID'=>$userdata['id'], 257 'EMAIL'=>@$userdata['mail_address'], 258 'LANG_SELECT'=>language_select($userdata['language'], 'language'), 259 'NB_IMAGE_LINE'=>$userdata['nb_image_line'], 260 'NB_ROW_PAGE'=>$userdata['nb_line_page'], 261 'STYLE_SELECT'=>style_select($userdata['template'], 'template'), 262 'RECENT_PERIOD'=>$userdata['recent_period'], 263 'MAXWIDTH'=>@$userdata['maxwidth'], 264 'MAXHEIGHT'=>@$userdata['maxheight'], 265 266 $expand=>'checked="checked"', 267 $nb_comments=>'checked="checked"', 268 269 'L_TITLE' => $lang['customize_title'], 270 'L_REGISTRATION_INFO' => $lang['register_title'], 271 'L_PREFERENCES' => $lang['preferences'], 272 'L_USERNAME' => $lang['login'], 273 'L_EMAIL' => $lang['mail_address'], 274 'L_CURRENT_PASSWORD' => $lang['password'], 275 'L_CURRENT_PASSWORD_HINT' => $lang['password_hint'], 276 'L_NEW_PASSWORD' => $lang['new_password'], 277 'L_NEW_PASSWORD_HINT' => $lang['new_password_hint'], 278 'L_CONFIRM_PASSWORD' => $lang['reg_confirm'], 279 'L_CONFIRM_PASSWORD_HINT' => $lang['confirm_password_hint'], 280 'L_LANG_SELECT'=>$lang['language'], 281 'L_NB_IMAGE_LINE'=>$lang['nb_image_per_row'], 282 'L_NB_ROW_PAGE'=>$lang['nb_row_per_page'], 283 'L_STYLE_SELECT'=>$lang['theme'], 284 'L_RECENT_PERIOD'=>$lang['recent_period'], 285 'L_EXPAND_TREE'=>$lang['auto_expand'], 286 'L_NB_COMMENTS'=>$lang['show_nb_comments'], 287 'L_MAXWIDTH'=>$lang['maxwidth'], 288 'L_MAXHEIGHT'=>$lang['maxheight'], 289 'L_YES'=>$lang['yes'], 290 'L_NO'=>$lang['no'], 291 'L_SUBMIT'=>$lang['submit'], 292 'L_RETURN' => $lang['home'], 293 'L_RETURN_HINT' => $lang['home_hint'], 294 295 'F_ACTION'=>add_session_id($url_action), 296 )); 297 298 if (!defined('IN_ADMIN') or !IN_ADMIN) 299 { 300 $url_return = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; 301 $template->assign_vars(array('U_RETURN' => add_session_id($url_return))); 302 } 251 303 //-------------------------------------------------------------- errors display 252 if ( sizeof( $errors ) != 0 ) 253 { 254 $template->assign_block_vars('modify.errors',array()); 255 for ( $i = 0; $i < sizeof( $errors ); $i++ ) 256 { 257 $template->assign_block_vars('modify.errors.error',array('ERROR'=>$errors[$i])); 258 } 259 } 304 if (count($errors) != 0) 305 { 306 $template->assign_block_vars('modify.errors',array()); 307 foreach ($errors as $error) 308 { 309 $template->assign_block_vars('modify.errors.error', 310 array('ERROR'=>$error)); 311 } 312 } 260 313 //------------------------------------------------------------- user management 261 if (defined('IN_ADMIN')) 262 { 263 $status_select = '<select name="status">'; 264 $status_select .='<option value = "guest" '; 265 if ($userdata['status'] == 'guest') $status_select .= 'selected="selected"'; 266 $status_select .='>'.$lang['user_status_guest'] .'</option>'; 267 $status_select .='<option value = "admin" '; 268 if ($userdata['status'] == 'admin') $status_select .= 'selected="selected"'; 269 $status_select .='>'.$lang['user_status_admin'] .'</option>'; 270 $status_select .='</select>'; 271 $template->assign_block_vars('modify.admin',array( 272 'L_ADMIN_USER'=>$lang['user_management'], 273 'L_STATUS'=>$lang['user_status'], 274 'L_DELETE'=>$lang['user_delete'], 275 'L_DELETE_HINT'=>$lang['user_delete_hint'], 276 'STATUS'=>$status_select 277 )); 278 } 314 if (defined('IN_ADMIN') and IN_ADMIN) 315 { 316 $status_select = '<select name="status">'; 317 $status_select .='<option value = "guest" '; 318 if ($userdata['status'] == 'guest') 319 { 320 $status_select .= 'selected="selected"'; 321 } 322 $status_select .='>'.$lang['user_status_guest'] .'</option>'; 323 $status_select .='<option value = "admin" '; 324 if ($userdata['status'] == 'admin') 325 { 326 $status_select .= 'selected="selected"'; 327 } 328 $status_select .='>'.$lang['user_status_admin'] .'</option>'; 329 $status_select .='</select>'; 330 $template->assign_block_vars( 331 'modify.admin', 332 array( 333 'L_ADMIN_USER'=>$lang['user_management'], 334 'L_STATUS'=>$lang['user_status'], 335 'L_DELETE'=>$lang['user_delete'], 336 'L_DELETE_HINT'=>$lang['user_delete_hint'], 337 'STATUS'=>$status_select 338 )); 339 } 279 340 } 280 341 // +-----------------------------------------------------------------------+ 281 342 // | html code display | 282 343 // +-----------------------------------------------------------------------+ 283 if (defined('IN_ADMIN') )344 if (defined('IN_ADMIN') and IN_ADMIN) 284 345 { 285 346 $template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body');
Note: See TracChangeset
for help on using the changeset viewer.