aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/ucp/ucp_profile.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/ucp/ucp_profile.php')
-rw-r--r--phpBB/includes/ucp/ucp_profile.php199
1 files changed, 97 insertions, 102 deletions
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 537b47b5a4..516e57e8b3 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -33,20 +33,20 @@ class ucp_profile
{
case 'reg_details':
+ $data = array(
+ 'username' => $user->data['username'],
+ 'email' => $user->data['user_email'],
+ 'email_confirm' => (string) '',
+ 'new_password' => (string) '',
+ 'cur_password' => (string) '',
+ 'password_confirm' => (string) '',
+ );
+
if ($submit)
{
- $var_ary = array(
- 'username' => $user->data['username'],
- 'email' => $user->data['user_email'],
- 'email_confirm' => (string) '',
- 'new_password' => (string) '',
- 'cur_password' => (string) '',
- 'password_confirm' => (string) '',
- );
-
- foreach ($var_ary as $var => $default)
+ foreach ($data as $var => $default)
{
- $data[$var] = request_var($var, $default);
+ $data[$var] = ($var == 'username') ? request_var($var, $default, true) : request_var($var, $default);
}
// Do not check cur_password, it is the old one.
@@ -70,26 +70,24 @@ class ucp_profile
}
$error = validate_data($data, $var_ary);
- extract($data);
- unset($data);
- if ($auth->acl_get('u_chgpasswd') && $new_password && $password_confirm != $new_password)
+ if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
{
$error[] = 'NEW_PASSWORD_ERROR';
}
- if (($new_password || ($auth->acl_get('u_chgemail') && $email != $user->data['user_email']) || ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($cur_password) != $user->data['user_password'])
+ if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($data['cur_password']) != $user->data['user_password'])
{
$error[] = 'CUR_PASSWORD_ERROR';
}
// Only check the new password against the previous password if there have been no errors
- if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) == $user->data['user_password'])
+ if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) == $user->data['user_password'])
{
$error[] = 'SAME_PASSWORD_ERROR';
}
- if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'] && $email_confirm != $email)
+ if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])
{
$error[] = 'NEW_EMAIL_ERROR';
}
@@ -97,31 +95,31 @@ class ucp_profile
if (!sizeof($error))
{
$sql_ary = array(
- 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $username : $user->data['username'],
- 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($username) : $user->data['username_clean'],
- 'user_email' => ($auth->acl_get('u_chgemail')) ? $email : $user->data['user_email'],
- 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32(strtolower($email)) . strlen($email) : $user->data['user_email_hash'],
- 'user_password' => ($auth->acl_get('u_chgpasswd') && $new_password) ? md5($new_password) : $user->data['user_password'],
- 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $new_password) ? time() : 0,
+ 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
+ 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
+ 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
+ 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32(strtolower($data['email'])) . strlen($data['email']) : $user->data['user_email_hash'],
+ 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['user_password'],
+ 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
- if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $username != $user->data['username'])
+ if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
{
- add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $username);
+ add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
}
- if ($auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) != $user->data['user_password'])
+ if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) != $user->data['user_password'])
{
$user->reset_login_keys();
- add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $username);
+ add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
}
- if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'])
+ if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
{
- add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $username, $user->data['user_email'], $email);
+ add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
}
- if ($config['email_enable'] && $email != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
+ if ($config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
{
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
@@ -138,7 +136,7 @@ class ucp_profile
$messenger->template($template_file, $user->data['user_lang']);
$messenger->replyto($config['board_contact']);
- $messenger->to($email, $username);
+ $messenger->to($data['email'], $data['username']);
$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
@@ -147,7 +145,7 @@ class ucp_profile
$messenger->assign_vars(array(
'SITENAME' => $config['sitename'],
- 'USERNAME' => html_entity_decode($username),
+ 'USERNAME' => html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
@@ -157,12 +155,21 @@ class ucp_profile
if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
{
- // Grab an array of user_id's with a_user permissions
+ // Grab an array of user_id's with a_user permissions ... these users can activate a user
$admin_ary = $auth->acl_get_list(false, 'a_user', false);
+ $admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();
+
+ // Also include founders
+ $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
+
+ if (sizeof($admin_ary))
+ {
+ $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
+ }
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
- FROM ' . USERS_TABLE . '
- WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
+ FROM ' . USERS_TABLE . ' ' .
+ $where_sql;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@@ -173,7 +180,7 @@ class ucp_profile
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array(
- 'USERNAME' => html_entity_decode($username),
+ 'USERNAME' => html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
@@ -202,9 +209,9 @@ class ucp_profile
}
// Need to update config, forum, topic, posting, messages, etc.
- if ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
+ if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
{
- user_update_name($user->data['username'], $username);
+ user_update_name($user->data['username'], $data['username']);
}
meta_refresh(3, $this->u_action);
@@ -222,10 +229,10 @@ class ucp_profile
$template->assign_vars(array(
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
- 'USERNAME' => (isset($username)) ? $username : $user->data['username'],
- 'EMAIL' => (isset($email)) ? $email : $user->data['user_email'],
- 'PASSWORD_CONFIRM' => (isset($password_confirm)) ? $password_confirm : '',
- 'NEW_PASSWORD' => (isset($new_password)) ? $new_password : '',
+ 'USERNAME' => $data['username'],
+ 'EMAIL' => $data['email'],
+ 'PASSWORD_CONFIRM' => $data['password_confirm'],
+ 'NEW_PASSWORD' => $data['new_password'],
'CUR_PASSWORD' => '',
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
@@ -246,24 +253,29 @@ class ucp_profile
$cp_data = $cp_error = array();
- if ($submit)
+ $data = array(
+ 'icq' => (string) $user->data['user_icq'],
+ 'aim' => (string) $user->data['user_aim'],
+ 'msn' => (string) $user->data['user_msnm'],
+ 'yim' => (string) $user->data['user_yim'],
+ 'jabber' => (string) $user->data['user_jabber'],
+ 'website' => (string) $user->data['user_website'],
+ 'location' => (string) $user->data['user_from'],
+ 'occupation' => (string) $user->data['user_occ'],
+ 'interests' => (string) $user->data['user_interests'],
+ 'bday_day' => 0,
+ 'bday_month' => 0,
+ 'bday_year' => 0,
+ );
+
+ if ($user->data['user_birthday'])
{
- $var_ary = array(
- 'icq' => (string) '',
- 'aim' => (string) '',
- 'msn' => (string) '',
- 'yim' => (string) '',
- 'jabber' => (string) '',
- 'website' => (string) '',
- 'location' => (string) '',
- 'occupation' => (string) '',
- 'interests' => (string) '',
- 'bday_day' => 0,
- 'bday_month' => 0,
- 'bday_year' => 0,
- );
+ list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
+ }
- foreach ($var_ary as $var => $default)
+ if ($submit)
+ {
+ foreach ($data as $var => $default)
{
$data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : request_var($var, $default);
}
@@ -290,8 +302,6 @@ class ucp_profile
);
$error = validate_data($data, $var_ary);
- extract($data);
- unset($data);
// validate custom profile fields
$cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
@@ -304,16 +314,16 @@ class ucp_profile
if (!sizeof($error))
{
$sql_ary = array(
- 'user_icq' => $icq,
- 'user_aim' => $aim,
- 'user_msnm' => $msn,
- 'user_yim' => $yim,
- 'user_jabber' => $jabber,
- 'user_website' => $website,
- 'user_from' => $location,
- 'user_occ' => $occupation,
- 'user_interests'=> $interests,
- 'user_birthday' => sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year),
+ 'user_icq' => $data['icq'],
+ 'user_aim' => $data['aim'],
+ 'user_msnm' => $data['msn'],
+ 'user_yim' => $data['yim'],
+ 'user_jabber' => $data['jabber'],
+ 'user_website' => $data['website'],
+ 'user_from' => $data['location'],
+ 'user_occ' => $data['occupation'],
+ 'user_interests'=> $data['interests'],
+ 'user_birthday' => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
);
$sql = 'UPDATE ' . USERS_TABLE . '
@@ -351,38 +361,26 @@ class ucp_profile
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}
- if (!isset($bday_day))
- {
- if ($user->data['user_birthday'])
- {
- list($bday_day, $bday_month, $bday_year) = explode('-', $user->data['user_birthday']);
- }
- else
- {
- $bday_day = $bday_month = $bday_year = 0;
- }
- }
-
- $s_birthday_day_options = '<option value="0"' . ((!$bday_day) ? ' selected="selected"' : '') . '>--</option>';
+ $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
for ($i = 1; $i < 32; $i++)
{
- $selected = ($i == $bday_day) ? ' selected="selected"' : '';
+ $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
}
- $s_birthday_month_options = '<option value="0"' . ((!$bday_month) ? ' selected="selected"' : '') . '>--</option>';
+ $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
for ($i = 1; $i < 13; $i++)
{
- $selected = ($i == $bday_month) ? ' selected="selected"' : '';
+ $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
}
$s_birthday_year_options = '';
$now = getdate();
- $s_birthday_year_options = '<option value="0"' . ((!$bday_year) ? ' selected="selected"' : '') . '>--</option>';
+ $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
for ($i = $now['year'] - 100; $i < $now['year']; $i++)
{
- $selected = ($i == $bday_year) ? ' selected="selected"' : '';
+ $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
}
unset($now);
@@ -390,15 +388,15 @@ class ucp_profile
$template->assign_vars(array(
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
- 'ICQ' => (isset($icq)) ? $icq : $user->data['user_icq'],
- 'YIM' => (isset($yim)) ? $yim : $user->data['user_yim'],
- 'AIM' => (isset($aim)) ? $aim : $user->data['user_aim'],
- 'MSN' => (isset($msn)) ? $msn : $user->data['user_msnm'],
- 'JABBER' => (isset($jabber)) ? $jabber : $user->data['user_jabber'],
- 'WEBSITE' => (isset($website)) ? $website : $user->data['user_website'],
- 'LOCATION' => (isset($location)) ? $location : $user->data['user_from'],
- 'OCCUPATION'=> (isset($occupation)) ? $occupation : $user->data['user_occ'],
- 'INTERESTS' => (isset($interests)) ? $interests : $user->data['user_interests'],
+ 'ICQ' => $data['icq'],
+ 'YIM' => $data['yim'],
+ 'AIM' => $data['aim'],
+ 'MSN' => $data['msn'],
+ 'JABBER' => $data['jabber'],
+ 'WEBSITE' => $data['website'],
+ 'LOCATION' => $data['location'],
+ 'OCCUPATION'=> $data['occupation'],
+ 'INTERESTS' => $data['interests'],
'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
@@ -607,9 +605,6 @@ class ucp_profile
trigger_error($message);
}
- extract($data);
- unset($data);
-
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}
@@ -653,8 +648,8 @@ class ucp_profile
$template->assign_vars(array(
'AVATAR' => $avatar_img,
'AVATAR_SIZE' => $config['avatar_filesize'],
- 'WIDTH' => (isset($width)) ? $width : $user->data['user_avatar_width'],
- 'HEIGHT' => (isset($height)) ? $height : $user->data['user_avatar_height'],
+ 'WIDTH' => (isset($data['width'])) ? $data['width'] : $user->data['user_avatar_width'],
+ 'HEIGHT' => (isset($data['height'])) ? $data['height'] : $user->data['user_avatar_height'],
'S_UPLOAD_AVATAR_FILE' => $can_upload,
'S_UPLOAD_AVATAR_URL' => $can_upload,
generated by cgit v1.2.1 (git 2.21.0) at 2025-04-02 20:22:37 +0000