Changeset 808 for trunk/profile.php
- Timestamp:
- Aug 8, 2005, 10:52:19 PM (19 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/profile.php
r772 r808 30 30 // | initialization | 31 31 // +-----------------------------------------------------------------------+ 32 $userdata = array(); 33 if (defined('IN_ADMIN') and IN_ADMIN and isset($_GET['user_id'])) 34 { 35 $userdata = getuserdata(intval($_GET['user_id'])); 36 } 37 elseif (defined('IN_ADMIN') and (isset($_POST['validate'])) ) 38 { 39 $userdata = getuserdata(intval($_POST['userid'])); 40 } 41 elseif (!defined('IN_ADMIN') or !IN_ADMIN) 42 { 43 define('PHPWG_ROOT_PATH','./'); 44 include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); 45 check_login_authorization(false); 46 $userdata = $user; 47 } 32 33 define('PHPWG_ROOT_PATH','./'); 34 include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); 35 check_login_authorization(false); 36 $userdata = $user; 37 48 38 //------------------------------------------------------ update & customization 49 $infos = array('nb_image_line', 'nb_line_page', 'language',50 'maxwidth', 'maxheight', 'expand', 'show_nb_comments',51 'recent_period', 'template', 'mail_address');52 53 39 $errors = array(); 54 if (isset($_POST[' username']) && !isset($_POST['reset']))40 if (isset($_POST['validate'])) 55 41 { 56 42 $int_pattern = '/^\d+$/'; … … 75 61 } 76 62 77 // if mail_address has changed 78 if (!isset($userdata['mail_address'])) 79 { 80 $userdata['mail_address'] = ''; 81 } 82 83 if ($_POST['mail_address'] != @$userdata['mail_address']) 84 { 85 if ($user['status'] == 'admin') 86 { 87 $mail_error = validate_mail_address($_POST['mail_address']); 88 if (!empty($mail_error)) 89 { 90 array_push($errors, $mail_error); 91 } 92 } 93 else if (!empty($_POST['password'])) 94 { 95 array_push($errors, $lang['reg_err_pass']); 96 } 97 else 98 { 99 // retrieving the encrypted password of the login submitted 100 $query = ' 63 $mail_error = validate_mail_address($_POST['mail_address']); 64 if (!empty($mail_error)) 65 { 66 array_push($errors, $mail_error); 67 } 68 69 if (!empty($_POST['use_new_pwd'])) 70 { 71 // password must be the same as its confirmation 72 if ($_POST['use_new_pwd'] != $_POST['passwordConf']) 73 { 74 array_push($errors, 75 l10n('New password confirmation does not correspond')); 76 } 77 78 // changing password requires old password 79 $query = ' 101 80 SELECT password 102 81 FROM '.USERS_TABLE.' 103 WHERE id= \''.$userdata['id'].'\'82 WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\' 104 83 ;'; 105 $row = mysql_fetch_array(pwg_query($query)); 106 if ($row['password'] == md5($_POST['password'])) 84 list($current_password) = mysql_fetch_row(pwg_query($query)); 85 86 if ($conf['pass_convert']($_POST['password']) != $current_password) 87 { 88 array_push($errors, l10n('Current password is wrong')); 89 } 90 } 91 92 if (count($errors) == 0) 93 { 94 // mass_updates function 95 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 96 97 // update common user informations 98 $fields = array($conf['user_fields']['email']); 99 100 $data = array(); 101 $data{$conf['user_fields']['id']} = $_POST['userid']; 102 $data{$conf['user_fields']['email']} = $_POST['mail_address']; 103 104 // password is updated only if filled 105 if (!empty($_POST['use_new_pwd'])) 106 { 107 array_push($fields, $conf['user_fields']['password']); 108 // password is encrpyted with function $conf['pass_convert'] 109 $data{$conf['user_fields']['password']} = 110 $conf['pass_convert']($_POST['use_new_pwd']); 111 } 112 mass_updates(USERS_TABLE, 113 array('primary' => array($conf['user_fields']['id']), 114 'update' => $fields), 115 array($data)); 116 117 // update user "additional" informations (specific to PhpWebGallery) 118 $fields = array( 119 'nb_image_line', 'nb_line_page', 'language', 'maxwidth', 'maxheight', 120 'expand', 'show_nb_comments', 'recent_period', 'template' 121 ); 122 123 $data = array(); 124 $data{'user_id'} = $_POST['userid']; 125 126 foreach ($fields as $field) 127 { 128 if (isset($_POST[$field])) 107 129 { 108 $mail_error = validate_mail_address($_POST['mail_address']); 109 if (!empty($mail_error)) 110 { 111 array_push($errors, $mail_error); 112 } 130 $data{$field} = $_POST[$field]; 113 131 } 114 else 115 { 116 array_push($errors, $lang['reg_err_pass']); 117 } 118 } 119 } 120 121 // password must be the same as its confirmation 122 if (!empty($_POST['use_new_pwd']) 123 and $_POST['use_new_pwd'] != $_POST['passwordConf']) 124 { 125 array_push($errors, $lang['reg_err_pass']); 126 } 127 128 // We check if we are in the admin level 129 if (isset($_POST['user_delete'])) 130 { 131 if ($_POST['userid'] > 2) // gallery founder + guest 132 { 133 delete_user($_POST['userid']); 134 } 135 else 136 { 137 array_push($errors, $lang['user_err_modify']); 138 } 139 } 140 141 // We check if we are in the admin level 142 if (isset($_POST['status']) and $_POST['status'] <> $userdata['status']) 143 { 144 if ($_POST['userid'] > 2) // gallery founder + guest 145 { 146 array_push($infos, 'status'); 147 } 148 else 149 { 150 array_push($errors, $lang['user_err_modify']); 151 } 152 } 153 154 if (count($errors) == 0) 155 { 156 $query = ' 157 UPDATE '.USERS_TABLE.' 158 SET '; 159 $is_first = true; 160 foreach ($infos as $i => $info) 161 { 162 if (!$is_first) 163 { 164 $query.= ' 165 , '; 166 } 167 $is_first = false; 168 169 $query.= $info; 170 $query.= ' = '; 171 if ($_POST[$info] == '') 172 { 173 $query.= 'NULL'; 174 } 175 else 176 { 177 $query.= "'".$_POST[$info]."'"; 178 } 179 } 180 $query.= ' 181 WHERE id = '.$_POST['userid'].' 182 ;'; 183 pwg_query($query); 184 185 if (!empty($_POST['use_new_pwd'])) 186 { 187 $query = ' 188 UPDATE '.USERS_TABLE.' 189 SET password = \''.md5($_POST['use_new_pwd']).'\' 190 WHERE id = '.$_POST['userid'].' 191 ;'; 192 pwg_query($query); 193 } 132 } 133 mass_updates(USER_INFOS_TABLE, 134 array('primary' => array('user_id'), 'update' => $fields), 135 array($data)); 194 136 195 137 // redirection 196 if (isset($_POST['validate'])) 197 { 198 if (!defined('IN_ADMIN') or !IN_ADMIN) 199 { 200 $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; 201 redirect(add_session_id($url)); 202 } 203 else 204 { 205 redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile')); 206 } 207 } 138 $url = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']; 139 redirect(add_session_id($url)); 208 140 } 209 141 } … … 211 143 // | page header and options | 212 144 // +-----------------------------------------------------------------------+ 213 $url_action = PHPWG_ROOT_PATH; 214 if (!defined('IN_ADMIN')) 215 { 216 $title= $lang['customize_page_title']; 217 include(PHPWG_ROOT_PATH.'include/page_header.php'); 218 $url_action .='profile.php'; 219 } 220 else 221 { 222 $url_action .='admin.php?page=profile'; 223 } 145 $title= $lang['customize_page_title']; 146 include(PHPWG_ROOT_PATH.'include/page_header.php'); 147 148 $url_action = PHPWG_ROOT_PATH.'profile.php'; 224 149 //----------------------------------------------------- template initialization 225 150 $template->set_filenames(array('profile_body'=>'profile.tpl')); … … 234 159 'USERNAME'=>$userdata['username'], 235 160 'USERID'=>$userdata['id'], 236 'EMAIL'=>@$userdata[' mail_address'],161 'EMAIL'=>@$userdata['email'], 237 162 'LANG_SELECT'=>language_select($userdata['language'], 'language'), 238 163 'NB_IMAGE_LINE'=>$userdata['nb_image_line'], … … 271 196 'L_RESET'=>$lang['reset'], 272 197 'L_RETURN' => $lang['home'], 273 'L_RETURN_HINT' => $lang['home_hint'], 198 'L_RETURN_HINT' => $lang['home_hint'], 199 200 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php'), 274 201 275 202 'F_ACTION'=>add_session_id($url_action), 276 203 )); 277 278 if (!defined('IN_ADMIN') or !IN_ADMIN)279 {280 $url_return = PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'];281 $template->assign_vars(array('U_RETURN' => add_session_id($url_return)));282 }283 //------------------------------------------------------------- user management284 if (defined('IN_ADMIN') and IN_ADMIN)285 {286 $status_select = '<select name="status">';287 $status_select .='<option value = "guest" ';288 if ($userdata['status'] == 'guest')289 {290 $status_select .= 'selected="selected"';291 }292 $status_select .='>'.$lang['user_status_guest'] .'</option>';293 $status_select .='<option value = "admin" ';294 if ($userdata['status'] == 'admin')295 {296 $status_select .= 'selected="selected"';297 }298 $status_select .='>'.$lang['user_status_admin'] .'</option>';299 $status_select .='</select>';300 $template->assign_block_vars(301 'admin',302 array(303 'L_ADMIN_USER'=>$lang['user_management'],304 'L_STATUS'=>$lang['user_status'],305 'L_DELETE'=>$lang['user_delete'],306 'L_DELETE_HINT'=>$lang['user_delete_hint'],307 'STATUS'=>$status_select308 ));309 }310 204 // +-----------------------------------------------------------------------+ 311 205 // | errors display | … … 322 216 // | html code display | 323 217 // +-----------------------------------------------------------------------+ 324 if (defined('IN_ADMIN') and IN_ADMIN) 325 { 326 $template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body'); 327 } 328 else 329 { 330 $template->assign_block_vars('profile',array()); 331 $template->parse('profile_body'); 332 include(PHPWG_ROOT_PATH.'include/page_tail.php'); 333 } 218 $template->assign_block_vars('profile',array()); 219 $template->parse('profile_body'); 220 include(PHPWG_ROOT_PATH.'include/page_tail.php'); 334 221 ?>
Note: See TracChangeset
for help on using the changeset viewer.