source: trunk/profile.php @ 20384

Last change on this file since 20384 was 19703, checked in by plg, 11 years ago

update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)

  • Property svn:eol-style set to LF
File size: 11.2 KB
RevLine 
[2]1<?php
[351]2// +-----------------------------------------------------------------------+
[8728]3// | Piwigo - a PHP based photo gallery                                    |
[2297]4// +-----------------------------------------------------------------------+
[19703]5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
[2297]6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
[2]23
24// customize appearance of the site for a user
[631]25// +-----------------------------------------------------------------------+
26// |                           initialization                              |
27// +-----------------------------------------------------------------------+
[808]28
[1753]29if (!defined('PHPWG_ROOT_PATH'))
30{//direct script access
31  define('PHPWG_ROOT_PATH','./');
32  include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
[1036]33
[1753]34  // +-----------------------------------------------------------------------+
35  // | Check Access and exit when user status is not ok                      |
36  // +-----------------------------------------------------------------------+
37  check_status(ACCESS_CLASSIC);
[1072]38
[6897]39  if (!empty($_POST))
40  {
41    check_pwg_token();
42  }
43
[1753]44  $userdata = $user;
[808]45
[2237]46  trigger_action('loc_begin_profile');
47
[4003]48// Reset to default (Guest) custom settings
[3995]49  if (isset($_POST['reset_to_default']))
50  {
[4003]51    $fields = array(
[12877]52      'nb_image_page', 'expand',
[4003]53      'show_nb_comments', 'show_nb_hits', 'recent_period', 'show_nb_hits'
54      );
55
[3995]56    // Get the Guest custom settings
[4001]57    $query = '
[4003]58SELECT '.implode(',', $fields).'
59  FROM '.USER_INFOS_TABLE.'
60  WHERE user_id = '.$conf['default_user_id'].'
61;';
62    $result = pwg_query($query);
[4325]63    $default_user = pwg_db_fetch_assoc($result);
[4003]64    $userdata = array_merge($userdata, $default_user);
65  }
66
[12764]67  save_profile_from_post($userdata, $page['errors']);
[1753]68
[5206]69  $title= l10n('Your Gallery Customization');
[1753]70  $page['body_id'] = 'theProfilePage';
[10812]71  $template->set_filename('profile', 'profile.tpl');
[1753]72
73  load_profile_in_template(
74    get_root_url().'profile.php', // action
75    make_index_url(), // for redirect
76    $userdata );
77
[10812]78 
79  // include menubar
80  $themeconf = $template->get_template_vars('themeconf');
[10824]81  if (!isset($themeconf['hide_menu_on']) OR !in_array('theProfilePage', $themeconf['hide_menu_on']))
[10812]82  {
83    include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
84  }
85 
86  include(PHPWG_ROOT_PATH.'include/page_header.php');
[2237]87  trigger_action('loc_end_profile');
[15578]88  include(PHPWG_ROOT_PATH.'include/page_messages.php');
[7995]89  $template->pparse('profile');
[1753]90  include(PHPWG_ROOT_PATH.'include/page_tail.php');
91}
92
[2]93//------------------------------------------------------ update & customization
[2268]94function save_profile_from_post($userdata, &$errors)
[2]95{
[12884]96  global $conf, $page;
[1753]97  $errors = array();
[2268]98
[1753]99  if (!isset($_POST['validate']))
100  {
[1926]101    return false;
[1753]102  }
103
[2268]104  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
105  if ($special_user)
106  {
[5996]107    unset(
[12882]108      $_POST['username'],
[5996]109      $_POST['mail_address'],
110      $_POST['password'],
111      $_POST['use_new_pwd'],
112      $_POST['passwordConf'],
113      $_POST['theme'],
114      $_POST['language']
115      );
[6314]116    $_POST['theme'] = get_default_theme();
117    $_POST['language'] = get_default_language();
[2268]118  }
[12882]119 
120  if (!defined('IN_ADMIN'))
121  {
122    unset($_POST['username']);
123  }
[2268]124
[5328]125  if ($conf['allow_user_customization'] or defined('IN_ADMIN'))
[1043]126  {
[5328]127    $int_pattern = '/^\d+$/';
[10198]128    if (empty($_POST['nb_image_page'])
129        or (!preg_match($int_pattern, $_POST['nb_image_page'])))
[5328]130    {
[10198]131      $errors[] = l10n('The number of photos per page must be a not null scalar');
[5328]132    }
[1043]133
[5328]134    // periods must be integer values, they represents number of days
135    if (!preg_match($int_pattern, $_POST['recent_period'])
136        or $_POST['recent_period'] <= 0)
137    {
138      $errors[] = l10n('Recent period must be a positive integer value') ;
139    }
[11159]140
141    if (!in_array($_POST['language'], array_keys(get_languages())))
142    {
143      die('Hacking attempt, incorrect language value');
144    }
145
146    if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
147    {
148      die('Hacking attempt, incorrect theme value');
149    }
[2]150  }
[662]151
[1926]152  if (isset($_POST['mail_address']))
[662]153  {
[2124]154    // if $_POST and $userdata have are same email
155    // validate_mail_address allows, however, to check email
156    $mail_error = validate_mail_address($userdata['id'], $_POST['mail_address']);
[1926]157    if (!empty($mail_error))
158    {
159      $errors[] = $mail_error;
160    }
[662]161  }
[1620]162
[808]163  if (!empty($_POST['use_new_pwd']))
[630]164  {
[808]165    // password must be the same as its confirmation
166    if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
[631]167    {
[12672]168      $errors[] = l10n('The passwords do not match');
[662]169    }
[1620]170
[1753]171    if ( !defined('IN_ADMIN') )
172    {// changing password requires old password
173      $query = '
174  SELECT '.$conf['user_fields']['password'].' AS password
175    FROM '.USERS_TABLE.'
176    WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
177  ;';
[4325]178      list($current_password) = pwg_db_fetch_row(pwg_query($query));
[5206]179
[18889]180      if (!$conf['password_verify']($_POST['password'], $current_password))
[1753]181      {
182        $errors[] = l10n('Current password is wrong');
183      }
[631]184    }
185  }
[1620]186
[662]187  if (count($errors) == 0)
[2]188  {
[808]189    // mass_updates function
190    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
[1620]191
[1926]192    if (isset($_POST['mail_address']))
193    {
194      // update common user informations
195      $fields = array($conf['user_fields']['email']);
[2]196
[1926]197      $data = array();
[2268]198      $data{$conf['user_fields']['id']} = $userdata['id'];
[1926]199      $data{$conf['user_fields']['email']} = $_POST['mail_address'];
[808]200
[1926]201      // password is updated only if filled
202      if (!empty($_POST['use_new_pwd']))
203      {
204        array_push($fields, $conf['user_fields']['password']);
[18889]205        // password is hashed with function $conf['password_hash']
206        $data{$conf['user_fields']['password']} = $conf['password_hash']($_POST['use_new_pwd']);
[1926]207      }
[12882]208     
209      // username is updated only if allowed
210      if (!empty($_POST['username']))
211      {
[12884]212        if ($_POST['username'] != $userdata['username'] and get_userid($_POST['username']))
[12882]213        {
[12884]214          array_push($page['errors'], l10n('this login is already used'));
215          unset($_POST['redirect']);
216        }
217        else
218        {
219          array_push($fields, $conf['user_fields']['username']);
220          $data{$conf['user_fields']['username']} = $_POST['username'];
[12882]221         
[12884]222          // send email to the user
223          if ($_POST['username'] != $userdata['username'])
224          {
225            include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
226            switch_lang_to($userdata['language']);
[12882]227           
[12884]228            $keyargs_content = array(
229              get_l10n_args('Hello', ''),
230              get_l10n_args('Your username has been successfully changed to : %s', $_POST['username']),
231              );
232             
233            pwg_mail(
234              $_POST['mail_address'],
235              array(
236                'subject' => '['.$conf['gallery_title'].'] '.l10n('Username modification'),
237                'content' => l10n_args($keyargs_content),
238                'content_format' => 'text/plain',
239                )
240              );
241             
242            switch_lang_back();
243          }
[12882]244        }
245      }
246     
[1926]247      mass_updates(USERS_TABLE,
[12882]248                   array(
249                    'primary' => array($conf['user_fields']['id']),
250                    'update' => $fields
251                    ),
[1926]252                   array($data));
[2]253    }
[1620]254
[5328]255    if ($conf['allow_user_customization'] or defined('IN_ADMIN'))
256    {
257      // update user "additional" informations (specific to Piwigo)
258      $fields = array(
[12877]259        'nb_image_page', 'language',
[12887]260        'expand', 'show_nb_hits', 'recent_period', 'theme'
[5328]261        );
[12887]262       
263      if ($conf['activate_comments'])
264      {
265        array_push($fields, 'show_nb_comments');
266      }
[1620]267
[5328]268      $data = array();
269      $data['user_id'] = $userdata['id'];
[1620]270
[5328]271      foreach ($fields as $field)
[772]272      {
[5328]273        if (isset($_POST[$field]))
274        {
275          $data[$field] = $_POST[$field];
276        }
[772]277      }
[5328]278      mass_updates(USER_INFOS_TABLE,
279                   array('primary' => array('user_id'), 'update' => $fields),
280                   array($data));
[631]281    }
[2268]282    trigger_action( 'save_profile_from_post', $userdata['id'] );
[5206]283
[1926]284    if (!empty($_POST['redirect']))
285    {
286      redirect($_POST['redirect']);
287    }
[2]288  }
[1926]289  return true;
[2]290}
[850]291
[808]292
[1753]293function load_profile_in_template($url_action, $url_redirect, $userdata)
294{
[2029]295  global $template, $conf;
[850]296
[1753]297  $template->set_filename('profile_content', 'profile_content.tpl');
[393]298
[2246]299  $template->assign('radio_options',
300    array(
[2268]301      'true' => l10n('Yes'),
302      'false' => l10n('No')));
[1620]303
[2246]304  $template->assign(
[1753]305    array(
[4304]306      'USERNAME'=>stripslashes($userdata['username']),
[2229]307      'EMAIL'=>get_email_address_as_display_text(@$userdata['email']),
[5328]308      'ALLOW_USER_CUSTOMIZATION'=>$conf['allow_user_customization'],
[12887]309      'ACTIVATE_COMMENTS'=>$conf['activate_comments'],
[10198]310      'NB_IMAGE_PAGE'=>$userdata['nb_image_page'],
[1753]311      'RECENT_PERIOD'=>$userdata['recent_period'],
[2246]312      'EXPAND' =>$userdata['expand'] ? 'true' : 'false',
313      'NB_COMMENTS'=>$userdata['show_nb_comments'] ? 'true' : 'false',
314      'NB_HITS'=>$userdata['show_nb_hits'] ? 'true' : 'false',
[1753]315      'REDIRECT' => $url_redirect,
316      'F_ACTION'=>$url_action,
317      ));
[1620]318
[5153]319  $template->assign('template_selection', $userdata['theme']);
320  $template->assign('template_options', get_pwg_themes());
[1620]321
[1753]322  foreach (get_languages() as $language_code => $language_name)
[854]323  {
[2246]324    if (isset($_POST['submit']) or $userdata['language'] == $language_code)
[1753]325    {
[2246]326      $template->assign('language_selection', $language_code);
[1753]327    }
[2246]328    $language_options[$language_code] = $language_name;
[854]329  }
[3995]330
[2246]331  $template->assign('language_options', $language_options);
[1926]332
[2268]333  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
334  $template->assign('SPECIAL_USER', $special_user);
335  $template->assign('IN_ADMIN', defined('IN_ADMIN'));
[1926]336
[2268]337  // allow plugins to add their own form data to content
338  trigger_action( 'load_profile_in_template', $userdata );
[5206]339
[6897]340  $template->assign('PWG_TOKEN', get_pwg_token());
[1753]341  $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
[854]342}
[362]343?>
Note: See TracBrowser for help on using the repository browser.