Context Navigation

source: branches/1.7/profile.php @ 23028

Last change on this file since 23028 was 2267, checked in by rvelices, 17 years ago
security fix in profile
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 9.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: profile.php 2267 2008-03-08 12:27:08Z rvelices $
8	// \| last update : $Date: 2008-03-08 12:27:08 +0000 (Sat, 08 Mar 2008) $
9	// \| last modifier : $Author: rvelices $
10	// \| revision : $Revision: 2267 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26
27	// customize appearance of the site for a user
28	// +-----------------------------------------------------------------------+
29	// \| initialization \|
30	// +-----------------------------------------------------------------------+
31
32	if (!defined('PHPWG_ROOT_PATH'))
33	{//direct script access
34	define('PHPWG_ROOT_PATH','./');
35	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
36
37	// +-----------------------------------------------------------------------+
38	// \| Check Access and exit when user status is not ok \|
39	// +-----------------------------------------------------------------------+
40	check_status(ACCESS_CLASSIC);
41
42	$userdata = $user;
43
44	trigger_action('loc_begin_profile');
45
46	save_profile_from_post($userdata, $errors);
47
48	$title= l10n('customize_page_title');
49	$page['body_id'] = 'theProfilePage';
50	include(PHPWG_ROOT_PATH.'include/page_header.php');
51
52	load_profile_in_template(
53	get_root_url().'profile.php', // action
54	make_index_url(), // for redirect
55	$userdata );
56
57	$template->assign_var('U_HOME', make_index_url() );
58
59	// +-----------------------------------------------------------------------+
60	// \| errors display \|
61	// +-----------------------------------------------------------------------+
62	if (count($errors) != 0)
63	{
64	$template->assign_block_vars('errors',array());
65	foreach ($errors as $error)
66	{
67	$template->assign_block_vars('errors.error', array('ERROR'=>$error));
68	}
69	}
70	$template->set_filename('profile', 'profile.tpl');
71	trigger_action('loc_end_profile');
72	$template->parse('profile');
73	include(PHPWG_ROOT_PATH.'include/page_tail.php');
74	}
75
76	//------------------------------------------------------ update & customization
77	function save_profile_from_post(&$userdata, &$errors)
78	{
79	global $conf;
80	$errors = array();
81
82	if (!isset($_POST['validate']))
83	{
84	return false;
85	}
86
87	$int_pattern = '/^\d+$/';
88	if (empty($_POST['nb_image_line'])
89	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
90	{
91	$errors[] = l10n('nb_image_line_error');
92	}
93
94	if (empty($_POST['nb_line_page'])
95	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
96	{
97	$errors[] = l10n('nb_line_page_error');
98	}
99
100	if ($_POST['maxwidth'] != ''
101	and (!preg_match($int_pattern, $_POST['maxwidth'])
102	or $_POST['maxwidth'] < 50))
103	{
104	$errors[] = l10n('maxwidth_error');
105	}
106	if ($_POST['maxheight']
107	and (!preg_match($int_pattern, $_POST['maxheight'])
108	or $_POST['maxheight'] < 50))
109	{
110	$errors[] = l10n('maxheight_error');
111	}
112	// periods must be integer values, they represents number of days
113	if (!preg_match($int_pattern, $_POST['recent_period'])
114	or $_POST['recent_period'] <= 0)
115	{
116	$errors[] = l10n('periods_error') ;
117	}
118
119	if (isset($_POST['mail_address']))
120	{
121	$mail_error = validate_mail_address($_POST['mail_address']);
122	if (!empty($mail_error))
123	{
124	$errors[] = $mail_error;
125	}
126	}
127
128	if (!empty($_POST['use_new_pwd']))
129	{
130	// password must be the same as its confirmation
131	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
132	{
133	$errors[] = l10n('New password confirmation does not correspond');
134	}
135
136	if ( !defined('IN_ADMIN') )
137	{// changing password requires old password
138	$query = '
139	SELECT '.$conf['user_fields']['password'].' AS password
140	FROM '.USERS_TABLE.'
141	WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
142	;';
143	list($current_password) = mysql_fetch_row(pwg_query($query));
144
145	if ($conf['pass_convert']($_POST['password']) != $current_password)
146	{
147	$errors[] = l10n('Current password is wrong');
148	}
149	}
150	}
151
152	if (count($errors) == 0)
153	{
154	// mass_updates function
155	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
156
157	if (isset($_POST['mail_address']))
158	{
159	// update common user informations
160	$fields = array($conf['user_fields']['email']);
161
162	$data = array();
163	$data{$conf['user_fields']['id']} = $userdata['id'];
164	$data{$conf['user_fields']['email']} = $_POST['mail_address'];
165
166	// password is updated only if filled
167	if (!empty($_POST['use_new_pwd']))
168	{
169	array_push($fields, $conf['user_fields']['password']);
170	// password is encrpyted with function $conf['pass_convert']
171	$data{$conf['user_fields']['password']} =
172	$conf['pass_convert']($_POST['use_new_pwd']);
173	}
174	mass_updates(USERS_TABLE,
175	array('primary' => array($conf['user_fields']['id']),
176	'update' => $fields),
177	array($data));
178	}
179
180	// update user "additional" informations (specific to PhpWebGallery)
181	$fields = array(
182	'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight',
183	'expand', 'show_nb_comments', 'show_nb_hits', 'recent_period', 'template'
184	);
185
186	$data = array();
187	$data['user_id'] = $userdata['id'];
188
189	foreach ($fields as $field)
190	{
191	if (isset($_POST[$field]))
192	{
193	$data[$field] = $_POST[$field];
194	}
195	}
196	mass_updates(USER_INFOS_TABLE,
197	array('primary' => array('user_id'), 'update' => $fields),
198	array($data));
199
200	// redirection
201	if (!empty($_POST['redirect']))
202	{
203	redirect($_POST['redirect']);
204	}
205	}
206	return true;
207	}
208
209
210	function load_profile_in_template($url_action, $url_redirect, $userdata)
211	{
212	global $template;
213
214	$template->set_filename('profile_content', 'profile_content.tpl');
215
216	$expand = ($userdata['expand'] == 'true') ?
217	'EXPAND_TREE_YES':'EXPAND_TREE_NO';
218
219	$nb_comments =
220	($userdata['show_nb_comments'] == 'true') ?
221	'NB_COMMENTS_YES':'NB_COMMENTS_NO';
222
223	$nb_hits =
224	($userdata['show_nb_hits'] == 'true') ?
225	'NB_HITS_YES':'NB_HITS_NO';
226
227	$template->assign_vars(
228	array(
229	'USERNAME'=>$userdata['username'],
230	'USERID'=>$userdata['id'],
231	'EMAIL'=>get_email_address_as_display_text(@$userdata['email']),
232	'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
233	'NB_ROW_PAGE'=>$userdata['nb_line_page'],
234	'RECENT_PERIOD'=>$userdata['recent_period'],
235	'MAXWIDTH'=>@$userdata['maxwidth'],
236	'MAXHEIGHT'=>@$userdata['maxheight'],
237
238	$expand=>'checked="checked"',
239	$nb_comments=>'checked="checked"',
240	$nb_hits=>'checked="checked"',
241
242	'REDIRECT' => $url_redirect,
243
244	'F_ACTION'=>$url_action,
245	));
246
247	$blockname = 'template_option';
248
249	foreach (get_pwg_themes() as $pwg_template)
250	{
251	if (isset($_POST['submit']))
252	{
253	$selected = $_POST['template']==$pwg_template ? 'selected="selected"' : '';
254	}
255	else if ($userdata['template'].'/'.$userdata['theme'] == $pwg_template)
256	{
257	$selected = 'selected="selected"';
258	}
259	else
260	{
261	$selected = '';
262	}
263
264	$template->assign_block_vars(
265	$blockname,
266	array(
267	'VALUE'=> $pwg_template,
268	'CONTENT' => $pwg_template,
269	'SELECTED' => $selected
270	));
271	}
272
273	$blockname = 'language_option';
274
275	foreach (get_languages() as $language_code => $language_name)
276	{
277	if (isset($_POST['submit']))
278	{
279	$selected = $_POST['language']==$language_code ? 'selected="selected"':'';
280	}
281	else if ($userdata['language'] == $language_code)
282	{
283	$selected = 'selected="selected"';
284	}
285	else
286	{
287	$selected = '';
288	}
289
290	$template->assign_block_vars(
291	$blockname,
292	array(
293	'VALUE'=> $language_code,
294	'CONTENT' => $language_name,
295	'SELECTED' => $selected
296	));
297	}
298
299	if (!($userdata['is_the_guest'] or $userdata['is_the_default']))
300	{
301	$template->assign_block_vars('not_special_user', array());
302	if ( !defined('IN_ADMIN') )
303	{
304	$template->assign_block_vars( 'not_special_user.not_admin', array() );
305	}
306	}
307
308	$template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
309	}
310	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: