source: trunk/profile.php @ 20076

Last change on this file since 20076 was 19703, checked in by plg, 12 years ago

update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)

  • Property svn:eol-style set to LF
File size: 11.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// customize appearance of the site for a user
25// +-----------------------------------------------------------------------+
26// |                           initialization                              |
27// +-----------------------------------------------------------------------+
28
29if (!defined('PHPWG_ROOT_PATH'))
30{//direct script access
31  define('PHPWG_ROOT_PATH','./');
32  include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
33
34  // +-----------------------------------------------------------------------+
35  // | Check Access and exit when user status is not ok                      |
36  // +-----------------------------------------------------------------------+
37  check_status(ACCESS_CLASSIC);
38
39  if (!empty($_POST))
40  {
41    check_pwg_token();
42  }
43
44  $userdata = $user;
45
46  trigger_action('loc_begin_profile');
47
48// Reset to default (Guest) custom settings
49  if (isset($_POST['reset_to_default']))
50  {
51    $fields = array(
52      'nb_image_page', 'expand',
53      'show_nb_comments', 'show_nb_hits', 'recent_period', 'show_nb_hits'
54      );
55
56    // Get the Guest custom settings
57    $query = '
58SELECT '.implode(',', $fields).'
59  FROM '.USER_INFOS_TABLE.'
60  WHERE user_id = '.$conf['default_user_id'].'
61;';
62    $result = pwg_query($query);
63    $default_user = pwg_db_fetch_assoc($result);
64    $userdata = array_merge($userdata, $default_user);
65  }
66
67  save_profile_from_post($userdata, $page['errors']);
68
69  $title= l10n('Your Gallery Customization');
70  $page['body_id'] = 'theProfilePage';
71  $template->set_filename('profile', 'profile.tpl');
72
73  load_profile_in_template(
74    get_root_url().'profile.php', // action
75    make_index_url(), // for redirect
76    $userdata );
77
78 
79  // include menubar
80  $themeconf = $template->get_template_vars('themeconf');
81  if (!isset($themeconf['hide_menu_on']) OR !in_array('theProfilePage', $themeconf['hide_menu_on']))
82  {
83    include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
84  }
85 
86  include(PHPWG_ROOT_PATH.'include/page_header.php');
87  trigger_action('loc_end_profile');
88  include(PHPWG_ROOT_PATH.'include/page_messages.php');
89  $template->pparse('profile');
90  include(PHPWG_ROOT_PATH.'include/page_tail.php');
91}
92
93//------------------------------------------------------ update & customization
94function save_profile_from_post($userdata, &$errors)
95{
96  global $conf, $page;
97  $errors = array();
98
99  if (!isset($_POST['validate']))
100  {
101    return false;
102  }
103
104  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
105  if ($special_user)
106  {
107    unset(
108      $_POST['username'],
109      $_POST['mail_address'],
110      $_POST['password'],
111      $_POST['use_new_pwd'],
112      $_POST['passwordConf'],
113      $_POST['theme'],
114      $_POST['language']
115      );
116    $_POST['theme'] = get_default_theme();
117    $_POST['language'] = get_default_language();
118  }
119 
120  if (!defined('IN_ADMIN'))
121  {
122    unset($_POST['username']);
123  }
124
125  if ($conf['allow_user_customization'] or defined('IN_ADMIN'))
126  {
127    $int_pattern = '/^\d+$/';
128    if (empty($_POST['nb_image_page'])
129        or (!preg_match($int_pattern, $_POST['nb_image_page'])))
130    {
131      $errors[] = l10n('The number of photos per page must be a not null scalar');
132    }
133
134    // periods must be integer values, they represents number of days
135    if (!preg_match($int_pattern, $_POST['recent_period'])
136        or $_POST['recent_period'] <= 0)
137    {
138      $errors[] = l10n('Recent period must be a positive integer value') ;
139    }
140
141    if (!in_array($_POST['language'], array_keys(get_languages())))
142    {
143      die('Hacking attempt, incorrect language value');
144    }
145
146    if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
147    {
148      die('Hacking attempt, incorrect theme value');
149    }
150  }
151
152  if (isset($_POST['mail_address']))
153  {
154    // if $_POST and $userdata have are same email
155    // validate_mail_address allows, however, to check email
156    $mail_error = validate_mail_address($userdata['id'], $_POST['mail_address']);
157    if (!empty($mail_error))
158    {
159      $errors[] = $mail_error;
160    }
161  }
162
163  if (!empty($_POST['use_new_pwd']))
164  {
165    // password must be the same as its confirmation
166    if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
167    {
168      $errors[] = l10n('The passwords do not match');
169    }
170
171    if ( !defined('IN_ADMIN') )
172    {// changing password requires old password
173      $query = '
174  SELECT '.$conf['user_fields']['password'].' AS password
175    FROM '.USERS_TABLE.'
176    WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
177  ;';
178      list($current_password) = pwg_db_fetch_row(pwg_query($query));
179
180      if (!$conf['password_verify']($_POST['password'], $current_password))
181      {
182        $errors[] = l10n('Current password is wrong');
183      }
184    }
185  }
186
187  if (count($errors) == 0)
188  {
189    // mass_updates function
190    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
191
192    if (isset($_POST['mail_address']))
193    {
194      // update common user informations
195      $fields = array($conf['user_fields']['email']);
196
197      $data = array();
198      $data{$conf['user_fields']['id']} = $userdata['id'];
199      $data{$conf['user_fields']['email']} = $_POST['mail_address'];
200
201      // password is updated only if filled
202      if (!empty($_POST['use_new_pwd']))
203      {
204        array_push($fields, $conf['user_fields']['password']);
205        // password is hashed with function $conf['password_hash']
206        $data{$conf['user_fields']['password']} = $conf['password_hash']($_POST['use_new_pwd']);
207      }
208     
209      // username is updated only if allowed
210      if (!empty($_POST['username']))
211      {
212        if ($_POST['username'] != $userdata['username'] and get_userid($_POST['username']))
213        {
214          array_push($page['errors'], l10n('this login is already used'));
215          unset($_POST['redirect']);
216        }
217        else
218        {
219          array_push($fields, $conf['user_fields']['username']);
220          $data{$conf['user_fields']['username']} = $_POST['username'];
221         
222          // send email to the user
223          if ($_POST['username'] != $userdata['username'])
224          {
225            include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
226            switch_lang_to($userdata['language']);
227           
228            $keyargs_content = array(
229              get_l10n_args('Hello', ''),
230              get_l10n_args('Your username has been successfully changed to : %s', $_POST['username']),
231              );
232             
233            pwg_mail(
234              $_POST['mail_address'],
235              array(
236                'subject' => '['.$conf['gallery_title'].'] '.l10n('Username modification'),
237                'content' => l10n_args($keyargs_content),
238                'content_format' => 'text/plain',
239                )
240              );
241             
242            switch_lang_back();
243          }
244        }
245      }
246     
247      mass_updates(USERS_TABLE,
248                   array(
249                    'primary' => array($conf['user_fields']['id']),
250                    'update' => $fields
251                    ),
252                   array($data));
253    }
254
255    if ($conf['allow_user_customization'] or defined('IN_ADMIN'))
256    {
257      // update user "additional" informations (specific to Piwigo)
258      $fields = array(
259        'nb_image_page', 'language',
260        'expand', 'show_nb_hits', 'recent_period', 'theme'
261        );
262       
263      if ($conf['activate_comments'])
264      {
265        array_push($fields, 'show_nb_comments');
266      }
267
268      $data = array();
269      $data['user_id'] = $userdata['id'];
270
271      foreach ($fields as $field)
272      {
273        if (isset($_POST[$field]))
274        {
275          $data[$field] = $_POST[$field];
276        }
277      }
278      mass_updates(USER_INFOS_TABLE,
279                   array('primary' => array('user_id'), 'update' => $fields),
280                   array($data));
281    }
282    trigger_action( 'save_profile_from_post', $userdata['id'] );
283
284    if (!empty($_POST['redirect']))
285    {
286      redirect($_POST['redirect']);
287    }
288  }
289  return true;
290}
291
292
293function load_profile_in_template($url_action, $url_redirect, $userdata)
294{
295  global $template, $conf;
296
297  $template->set_filename('profile_content', 'profile_content.tpl');
298
299  $template->assign('radio_options',
300    array(
301      'true' => l10n('Yes'),
302      'false' => l10n('No')));
303
304  $template->assign(
305    array(
306      'USERNAME'=>stripslashes($userdata['username']),
307      'EMAIL'=>get_email_address_as_display_text(@$userdata['email']),
308      'ALLOW_USER_CUSTOMIZATION'=>$conf['allow_user_customization'],
309      'ACTIVATE_COMMENTS'=>$conf['activate_comments'],
310      'NB_IMAGE_PAGE'=>$userdata['nb_image_page'],
311      'RECENT_PERIOD'=>$userdata['recent_period'],
312      'EXPAND' =>$userdata['expand'] ? 'true' : 'false',
313      'NB_COMMENTS'=>$userdata['show_nb_comments'] ? 'true' : 'false',
314      'NB_HITS'=>$userdata['show_nb_hits'] ? 'true' : 'false',
315      'REDIRECT' => $url_redirect,
316      'F_ACTION'=>$url_action,
317      ));
318
319  $template->assign('template_selection', $userdata['theme']);
320  $template->assign('template_options', get_pwg_themes());
321
322  foreach (get_languages() as $language_code => $language_name)
323  {
324    if (isset($_POST['submit']) or $userdata['language'] == $language_code)
325    {
326      $template->assign('language_selection', $language_code);
327    }
328    $language_options[$language_code] = $language_name;
329  }
330
331  $template->assign('language_options', $language_options);
332
333  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
334  $template->assign('SPECIAL_USER', $special_user);
335  $template->assign('IN_ADMIN', defined('IN_ADMIN'));
336
337  // allow plugins to add their own form data to content
338  trigger_action( 'load_profile_in_template', $userdata );
339
340  $template->assign('PWG_TOKEN', get_pwg_token());
341  $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
342}
343?>
Note: See TracBrowser for help on using the repository browser.