XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
edituser.php
Go to the documentation of this file.
1 <?php
21 $xoopsOption['pagetype'] = 'user';
22 include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'header.php';
23 include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
24 
25 // If not a user, redirect
26 if ( !is_object($GLOBALS['xoopsUser']) ) {
27  redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
28  exit();
29 }
30 
31 $myts =& MyTextSanitizer::getInstance();
32 $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'editprofile';
33 $config_handler =& xoops_gethandler('config');
34 $GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
35 
36 if ($op == 'save') {
37  if (!$GLOBALS['xoopsSecurity']->check()) {
38  redirect_header(XOOPS_URL . "/modules/" . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . "/", 3, _US_NOEDITRIGHT . "<br />" . implode('<br />', $GLOBALS['xoopsSecurity']->getErrors() ));
39  exit();
40  }
41  $uid = $GLOBALS['xoopsUser']->getVar('uid');
42  $errors = array();
43  $edituser =& $GLOBALS['xoopsUser'];
44  if ($GLOBALS['xoopsUser']->isAdmin()) {
45  $edituser->setVar('uname', trim($_POST['uname']) );
46  $edituser->setVar('email', trim($_POST['email']) );
47  }
48  xoops_load('XoopsUserUtility');
49  $stop = XoopsUserUtility::validate($edituser);
50 
51  if (!empty($stop)) {
52  $op = 'editprofile';
53  } else {
54 
55  // Dynamic fields
56  $profile_handler =& xoops_getmodulehandler('profile');
57  // Get fields
58  $fields = $profile_handler->loadFields();
59  // Get ids of fields that can be edited
60  $gperm_handler =& xoops_gethandler('groupperm');
61  $editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid') );
62 
63  if (!$profile = $profile_handler->get($edituser->getVar('uid'))) {
64  $profile = $profile_handler->create();
65  $profile->setVar('profile_id', $edituser->getVar('uid'));
66  }
67 
68  foreach (array_keys($fields) as $i) {
69  $fieldname = $fields[$i]->getVar('field_name');
70  if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) {
71  $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
72  if (in_array($fieldname, $profile_handler->getUserVars())) {
73  $edituser->setVar($fieldname, $value);
74  } else {
75  $profile->setVar($fieldname, $value);
76  }
77  }
78  }
79  if (!$member_handler->insertUser($edituser)) {
80  $stop = $edituser->getHtmlErrors();
81  $op = 'editprofile';
82  } else {
83  $profile->setVar('profile_id', $edituser->getVar('uid'));
84  $profile_handler->insert($profile);
85  unset($_SESSION['xoopsUserTheme']);
86  redirect_header(XOOPS_URL.'/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/userinfo.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
87  }
88  }
89 }
90 
91 
92 if ($op == 'editprofile') {
93  $xoopsOption['template_main'] = 'profile_editprofile.html';
94  include_once $GLOBALS['xoops']->path('header.php');
95  include_once dirname(__FILE__) . '/include/forms.php';
96  $form = profile_getUserForm($GLOBALS['xoopsUser']);
97  $form->assign($GLOBALS['xoopsTpl']);
98  if (!empty($stop)) {
99  $GLOBALS['xoopsTpl']->assign('stop', $stop);
100  }
101 
102  $xoBreadcrumbs[] = array('title' => _US_EDITPROFILE);
103 }
104 
105 if ($op == 'avatarform') {
106  $xoopsOption['template_main'] = 'profile_avatar.html';
107  include $GLOBALS['xoops']->path('header.php');
108  $xoBreadcrumbs[] = array('title' => _US_MYAVATAR);
109 
110  $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
111  if (!empty($oldavatar) && $oldavatar != 'blank.gif') {
112  $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
113  }
114  if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
115  include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
116  $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
117  $form->setExtra('enctype="multipart/form-data"');
118  $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
119  $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']) );
120  $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
121  $form->addElement(new XoopsFormHidden('op', 'avatarupload'));
122  $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
123  $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
124  $form->assign($GLOBALS['xoopsTpl']);
125  }
126  $avatar_handler =& xoops_gethandler('avatar');
127  $form2 = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
128  $avatar_select = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
129  $avatar_list = $avatar_handler->getList('S', true);
130  $avatar_selected = $GLOBALS['xoopsUser']->getVar("user_avatar", "E");
131  $avatar_selected = in_array($avatar_selected, array_keys($avatar_list) ) ? $avatar_selected : "blank.gif";
132  $avatar_select->addOptionArray($avatar_list);
133  $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
134  $avatar_tray = new XoopsFormElementTray(_US_AVATAR, '&nbsp;');
135  $avatar_tray->addElement($avatar_select);
136  $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&amp;type=avatars','avatars',600,400);\">"._LIST."</a><br />"));
137  $avatar_tray->addElement(new XoopsFormLabel('', "<br /><img src='" . XOOPS_UPLOAD_URL . "/" . $avatar_selected . "' name='avatar' id='avatar' alt='' />"));
138  $form2->addElement($avatar_tray);
139  $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
140  $form2->addElement(new XoopsFormHidden('op', 'avatarchoose') );
141  $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
142  $form2->assign($GLOBALS['xoopsTpl']);
143 }
144 
145 if ($op == 'avatarupload') {
146  if (!$GLOBALS['xoopsSecurity']->check()) {
147  redirect_header('index.php', 3, _US_NOEDITRIGHT . "<br />" . implode('<br />', $GLOBALS['xoopsSecurity']->getErrors() ));
148  exit;
149  }
150  $xoops_upload_file = array();
151  $uid = 0;
152  if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])){
153  $xoops_upload_file = $_POST['xoops_upload_file'];
154  }
155  if (!empty($_POST['uid']) ) {
156  $uid = intval($_POST['uid']);
157  }
158  if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
159  redirect_header('index.php', 3, _US_NOEDITRIGHT);
160  exit();
161  }
162  if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
163  include_once $GLOBALS['xoops']->path('class/uploader.php');
164  $uploader = new XoopsMediaUploader( XOOPS_UPLOAD_PATH . '/avatars', array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), $GLOBALS['xoopsConfigUser']['avatar_maxsize'], $GLOBALS['xoopsConfigUser']['avatar_width'], $GLOBALS['xoopsConfigUser']['avatar_height']);
165  if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
166  $uploader->setPrefix('cavt');
167  if ($uploader->upload()) {
168  $avt_handler =& xoops_gethandler('avatar');
169  $avatar =& $avt_handler->create();
170  $avatar->setVar('avatar_file', 'avatars/' . $uploader->getSavedFileName());
171  $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
172  $avatar->setVar('avatar_mimetype', $uploader->getMediaType());
173  $avatar->setVar('avatar_display', 1);
174  $avatar->setVar('avatar_type', 'C');
175  if (!$avt_handler->insert($avatar)) {
176  @unlink($uploader->getSavedDestination());
177  } else {
178  $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
179  if (!empty($oldavatar) && false !== strpos(strtolower($oldavatar), "cavt")) {
180  $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar));
181  if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
182  $avt_handler->delete($avatars[0]);
183  $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
184  if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
185  unlink($oldavatar_path);
186  }
187  }
188  }
189  $sql = sprintf("UPDATE %s SET user_avatar = %s WHERE uid = %u", $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString( 'avatars/' . $uploader->getSavedFileName() ), $GLOBALS['xoopsUser']->getVar('uid'));
190  $GLOBALS['xoopsDB']->query($sql);
191  $avt_handler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
192  redirect_header('userinfo.php?t=' . time() . '&amp;uid=' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
193  }
194  }
195  }
196  redirect_header("edituser.php?op=avatarform", 3, $uploader->getErrors() );
197  }
198 }
199 
200 if ($op == 'avatarchoose') {
201  if (!$GLOBALS['xoopsSecurity']->check()) {
202  redirect_header('index.php',3,_US_NOEDITRIGHT."<br />".implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()));
203  exit;
204  }
205  $uid = 0;
206  if (!empty($_POST['uid'])) {
207  $uid = intval($_POST['uid']);
208  }
209  if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
210  redirect_header('index.php', 3, _US_NOEDITRIGHT);
211  exit();
212  }
213  $user_avatar = '';
214  $avt_handler =& xoops_gethandler('avatar');
215  if (!empty($_POST['user_avatar'])) {
216  $user_avatar = $myts->addSlashes(trim($_POST['user_avatar']));
217  $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
218  $criteria_avatar->add(new Criteria('avatar_type', "S") );
219  $avatars = $avt_handler->getObjects($criteria_avatar);
220  if (!is_array($avatars) || !count($avatars)) {
221  $user_avatar = 'avatars/blank.gif';
222  }
223  unset($avatars, $criteria_avatar);
224  }
225  $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . '/' . $user_avatar);
226  if (0 === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
227  $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
228  $GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar);
229  $member_handler =& xoops_gethandler('member');
230  if (!$member_handler->insertUser($GLOBALS['xoopsUser'])) {
231  include $GLOBALS['xoops']->path('header.php');
232  echo $GLOBALS['xoopsUser']->getHtmlErrors();
233  include $GLOBALS['xoops']->path('footer.php');
234  exit();
235  }
236  if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar,8)))) {
237  $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar));
238  if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
239  $avt_handler->delete($avatars[0]);
240  $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
241  if (0 === strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
242  unlink($oldavatar_path);
243  }
244  }
245  }
246  if ($user_avatar != 'avatars/blank.gif') {
247  $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $user_avatar));
248  if (is_object($avatars[0])) {
249  $avt_handler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
250  }
251  }
252  }
253  redirect_header('userinfo.php?uid=' . $uid, 0, _US_PROFUPDATED);
254 }
255 include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'footer.php';
256 ?>