XMB PHP Cross Reference Discussion Forums

Source: /editprofile.php - 349 lines - 12884 bytes - Summary - Text - Print

Description: eXtreme Message Board XMB 1.9.11

   1  <?php
   2  /**
   3   * eXtreme Message Board
   4   * XMB 1.9.11
   5   *
   6   * Developed And Maintained By The XMB Group
   7   * Copyright (c) 2001-2012, The XMB Group
   8   * http://www.xmbforum2.com/
   9   *
  10   * This program is free software; you can redistribute it and/or
  11   * modify it under the terms of the GNU General Public License
  12   * as published by the Free Software Foundation; either version 2
  13   * of the License, or (at your option) any later version.
  14   *
  15   * This program is distributed in the hope that it will be useful,
  16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18   * GNU General Public License for more details.
  19   *
  20   * You should have received a copy of the GNU General Public License
  21   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22   *
  23   **/
  24  
  25  define('X_SCRIPT', 'editprofile.php');
  26  
  27  require  'header.php';
  28  
  29  loadtemplates(
  30  'memcp_profile_avatarurl',
  31  'memcp_profile_avatarlist',
  32  'admintool_editprofile'
  33  );
  34  
  35  nav('<a href="./cp.php">'.$lang['textcp'].'</a>');
  36  nav($lang['texteditpro']);
  37  
  38  eval('$css = "'.template('css').'";');
  39  
  40  eval('$header = "'.template('header').'";');
  41  
  42  if (X_GUEST) {
  43      redirect("{$full_url}misc.php?action=login", 0);
  44      exit;
  45  }
  46  
  47  if (!X_SADMIN) {
  48      error($lang['superadminonly']);
  49  }
  50  
  51  $user = postedVar('user', '', TRUE, TRUE, FALSE, 'g');
  52  
  53  $query = $db->query("SELECT * FROM ".X_PREFIX."members WHERE username='$user'");
  54  if ($db->num_rows($query) != 1) {
  55      error($lang['nomember']);
  56  }
  57  $member = $db->fetch_array($query);
  58  
  59  if (noSubmit('editsubmit')) {
  60      $sadminselect = $adminselect = $smodselect = '';
  61      $modselect = $memselect = $banselect = '';
  62      switch($member['status']) {
  63      case 'Super Administrator':
  64          $sadminselect = $selHTML;
  65          break;
  66      case 'Administrator':
  67          $adminselect = $selHTML;
  68          break;
  69      case 'Super Moderator':
  70          $smodselect = $selHTML;
  71          break;
  72      case 'Moderator':
  73          $modselect = $selHTML;
  74          break;
  75      case 'Member':
  76          $memselect = $selHTML;
  77          break;
  78      case 'Banned':
  79          $banselect = $selHTML;
  80          break;
  81      default:
  82          $memselect = $selHTML;
  83          break;
  84      }
  85  
  86      $custout = attrOut($member['customstatus']);
  87  
  88      $checked = '';
  89      if ($member['showemail'] == 'yes') {
  90          $checked = $cheHTML;
  91      }
  92  
  93      $newschecked = '';
  94      if ($member['newsletter'] == 'yes') {
  95          $newschecked = $cheHTML;
  96      }
  97  
  98      $uou2uchecked = '';
  99      if ($member['useoldu2u'] == 'yes') {
 100          $uou2uchecked = $cheHTML;
 101      }
 102  
 103      $ogu2uchecked = '';
 104      if ($member['saveogu2u'] == 'yes') {
 105          $ogu2uchecked = $cheHTML;
 106      }
 107  
 108      $eouchecked = '';
 109      if ($member['emailonu2u'] == 'yes') {
 110          $eouchecked = $cheHTML;
 111      }
 112  
 113      $invchecked = '';
 114      if ($member['invisible'] == 1) {
 115          $invchecked = $cheHTML;
 116      }
 117  
 118      $registerdate = gmdate($dateformat, $member['regdate'] + ($addtime * 3600) + ($timeoffset * 3600));
 119  
 120      if (!($member['lastvisit'] > 0)) {
 121          $lastlogdate = $lang['textpendinglogin'];
 122      } else {
 123          $lastvisitdate = gmdate($dateformat, $member['lastvisit'] + ($timeoffset * 3600) + ($addtime * 3600));
 124          $lastvisittime = gmdate($timecode, $member['lastvisit'] + ($timeoffset * 3600) + ($addtime * 3600));
 125          $lastlogdate = $lastvisitdate.' '.$lang['textat'].' '.$lastvisittime;
 126      }
 127  
 128      $currdate = gmdate($timecode, $onlinetime + ($addtime * 3600));
 129      eval($lang['evaloffset']);
 130  
 131      $themelist = array();
 132      $themelist[] = '<select name="thememem">';
 133      $themelist[] = '<option value="0">'.$lang['textusedefault'].'</option>';
 134      $query = $db->query("SELECT themeid, name FROM ".X_PREFIX."themes ORDER BY name ASC");
 135      while($themeinfo = $db->fetch_array($query)) {
 136          if ($themeinfo['themeid'] == $member['theme']) {
 137              $themelist[] = '<option value="'.intval($themeinfo['themeid']).'" '.$selHTML.'>'.$themeinfo['name'].'</option>';
 138          } else {
 139              $themelist[] = '<option value="'.intval($themeinfo['themeid']).'">'.$themeinfo['name'].'</option>';
 140          }
 141      }
 142      $themelist[] = '</select>';
 143      $themelist = implode("\n", $themelist);
 144      $db->free_result($query);
 145  
 146      $langfileselect = createLangFileSelect($member['langfile']);
 147  
 148      $day = intval(substr($member['bday'], 8, 2));
 149      $month = intval(substr($member['bday'], 5, 2));
 150      $year = substr($member['bday'], 0, 4);
 151  
 152      for($i = 0; $i <= 12; $i++) {
 153          $sel[$i] = '';
 154      }
 155      $sel[$month] = $selHTML;
 156  
 157      $dayselect = array();
 158      $dayselect[] = '<select name="day">';
 159      $dayselect[] = '<option value="">&nbsp;</option>';
 160      for($num = 1; $num <= 31; $num++) {
 161          if ($day == $num) {
 162              $dayselect[] = '<option value="'.$num.'" '.$selHTML.'>'.$num.'</option>';
 163          } else {
 164              $dayselect[] = '<option value="'.$num.'">'.$num.'</option>';
 165          }
 166      }
 167      $dayselect[] = '</select>';
 168      $dayselect = implode("\n", $dayselect);
 169  
 170      $u2uasel0 = $u2uasel1 = $u2uasel2 = '';
 171      switch($member['u2ualert']) {
 172          case 2:
 173              $u2uasel2 = $selHTML;
 174              break;
 175          case 1:
 176              $u2uasel1 = $selHTML;
 177              break;
 178          case 0:
 179          default:
 180              $u2uasel0 = $selHTML;
 181              break;
 182      }
 183  
 184      $check12 = $check24 = '';
 185      if ($member['timeformat'] == 24) {
 186          $check24 = $cheHTML;
 187      } else {
 188          $check12 = $cheHTML;
 189      }
 190  
 191      if ($SETTINGS['sigbbcode'] == 'on') {
 192          $bbcodeis = $lang['texton'];
 193      } else {
 194          $bbcodeis = $lang['textoff'];
 195      }
 196  
 197      if ($SETTINGS['sightml'] == 'on') {
 198          $htmlis = $lang['texton'];
 199      } else {
 200          $htmlis = $lang['textoff'];
 201      }
 202  
 203      $avatar = '';
 204      if ($SETTINGS['avastatus'] == 'on') {
 205          eval('$avatar = "'.template('memcp_profile_avatarurl').'";');
 206      }
 207  
 208      if ($SETTINGS['avastatus'] == 'list')  {
 209          $avatars = '<option value="" />'.$lang['textnone'].'</option>';
 210          $dir1 = opendir(ROOT.'images/avatars');
 211          while($avFile = readdir($dir1)) {
 212              if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') {
 213                  $avatars .= '<option value="./images/avatars/'.$avFile.'" />'.$avFile.'</option>';
 214              }
 215          }
 216          $avatars = str_replace('value="'.$member['avatar'].'"', 'value="'.$member['avatar'].'" selected="selected"', $avatars);
 217          $avatarbox = '<select name="newavatar" onchange="document.images.avatarpic.src=this[this.selectedIndex].value;">'.$avatars.'</select>';
 218          eval('$avatar = "'.template('memcp_profile_avatarlist').'";');
 219          closedir($dir1);
 220      }
 221  
 222      $lang['searchusermsg'] = str_replace('*USER*', $member['username'], $lang['searchusermsg']);
 223  
 224      $member['icq'] = ($member['icq'] > 0) ? $member['icq'] : '';
 225      $member['bio'] = decimalEntityDecode($member['bio']);
 226      $member['location'] = decimalEntityDecode($member['location']);
 227      $member['mood'] = decimalEntityDecode($member['mood']);
 228      $member['sig'] = decimalEntityDecode($member['sig']);
 229  
 230      $userrecode = recodeOut($member['username']);
 231  
 232      $template = template_secure('admintool_editprofile', 'edpro', $member['uid']);
 233      eval('$editpage = "'.$template.'";');
 234  } else {
 235      request_secure('edpro', $member['uid'], X_NONCE_FORM_EXP);
 236      $status = postedVar('status');
 237      $origstatus = $member['status'];
 238      $query = $db->query("SELECT COUNT(uid) FROM ".X_PREFIX."members WHERE status='Super Administrator'");
 239      $sa_count = $db->result($query, 0);
 240      $db->free_result($query);
 241      if ($origstatus == 'Super Administrator' And $status != 'Super Administrator' And $sa_count == 1) {
 242          error($lang['lastsadmin']);
 243      }
 244      $cusstatus = postedVar('cusstatus', '', FALSE);
 245      $langfilenew = postedVar('langfilenew');
 246      $result = $db->query("SELECT devname FROM ".X_PREFIX."lang_base WHERE devname='$langfilenew'");
 247      if ($db->num_rows($result) == 0) {
 248          $langfilenew = $SETTINGS['langfile'];
 249      }
 250  
 251      $timeoffset1 = isset($_POST['timeoffset1']) && is_numeric($_POST['timeoffset1']) ? $_POST['timeoffset1'] : 0;
 252      $thememem = formInt('thememem');
 253      $tppnew = isset($_POST['tppnew']) ? (int) $_POST['tppnew'] : $SETTINGS['topicperpage'];
 254      $pppnew = isset($_POST['pppnew']) ? (int) $_POST['pppnew'] : $SETTINGS['postperpage'];
 255  
 256      $dateformatnew = postedVar('dateformatnew', '', FALSE, TRUE);
 257      $dateformattest = attrOut($dateformatnew, 'javascript');  // NEVER allow attribute-special data in the date format because it can be unescaped using the date() parser.
 258      if (strlen($dateformatnew) == 0 Or $dateformatnew != $dateformattest) {
 259          $dateformatnew = $SETTINGS['dateformat'];
 260      }
 261      unset($dateformattest);
 262  
 263      $timeformatnew = formInt('timeformatnew');
 264      if ($timeformatnew != 12 And $timeformatnew != 24) {
 265          $timeformatnew = $SETTINGS['timeformat'];
 266      }
 267  
 268      $saveogu2u = formYesNo('saveogu2u');
 269      $emailonu2u = formYesNo('emailonu2u');
 270      $useoldu2u = formYesNo('useoldu2u');
 271      $invisible = formInt('newinv');
 272      $showemail = formYesNo('newshowemail');
 273      $newsletter = formYesNo('newnewsletter');
 274      $u2ualert = formInt('u2ualert');
 275      $year = formInt('year');
 276      $month = formInt('month');
 277      $day = formInt('day');
 278      $bday = iso8601_date($year, $month, $day);
 279      $location = postedVar('newlocation', 'javascript', TRUE, TRUE, TRUE);
 280      $icq = postedVar('newicq', '', FALSE, FALSE);
 281      $icq = ($icq && is_numeric($icq) && $icq > 0) ? $icq : 0;
 282      $yahoo = postedVar('newyahoo', 'javascript', TRUE, TRUE, TRUE);
 283      $aim = postedVar('newaim', 'javascript', TRUE, TRUE, TRUE);
 284      $msn = postedVar('newmsn', 'javascript', TRUE, TRUE, TRUE);
 285      $email = postedVar('newemail', 'javascript', TRUE, TRUE, TRUE);
 286      $site = postedVar('newsite', 'javascript', TRUE, TRUE, TRUE);
 287      $bio = postedVar('newbio', 'javascript', TRUE, TRUE, TRUE);
 288      $mood = postedVar('newmood', 'javascript', TRUE, TRUE, TRUE);
 289      $sig = postedVar('newsig', 'javascript', ($SETTINGS['sightml']=='off'), TRUE, TRUE);
 290  
 291      if ($SETTINGS['avastatus'] == 'on') {
 292          $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE);
 293          $rawavatar = postedVar('newavatar', '', FALSE, FALSE);
 294  
 295          $newavatarcheck = postedVar('newavatarcheck');
 296  
 297          $max_size = explode('x', $SETTINGS['max_avatar_size']);
 298  
 299          if (preg_match('#^(http|ftp)://[:a-z\\./_\-0-9%~]+(\?[a-z=0-9&_\-;~]*)?$#Smi', $rawavatar) == 0) {
 300              $avatar = '';
 301          } elseif (ini_get('allow_url_fopen')) {
 302              if ($max_size[0] > 0 And $max_size[1] > 0 And strlen($rawavatar) > 0) {
 303                  $size = @getimagesize($rawavatar);
 304                  if ($size === FALSE) {
 305                      $avatar = '';
 306                  } elseif ((($size[0] > $max_size[0] && $max_size[0] > 0) || ($size[1] > $max_size[1] && $max_size[1] > 0)) && !X_SADMIN) {
 307                      error($lang['avatar_too_big'] . $SETTINGS['max_avatar_size'] . 'px');
 308                  }
 309              }
 310          } elseif ($newavatarcheck == "no") {
 311              $avatar = '';
 312          }
 313          unset($rawavatar);
 314      } elseif ($SETTINGS['avastatus'] == 'list') {
 315          $rawavatar = postedVar('newavatar', '', FALSE, FALSE);
 316          $dirHandle = opendir(ROOT.'images/avatars');
 317          $filefound = FALSE;
 318          while($avFile = readdir($dirHandle)) {
 319              if ($rawavatar == './images/avatars/'.$avFile) {
 320                  if (is_file(ROOT.'images/avatars/'.$avFile) && $avFile != '.' && $avFile != '..' && $avFile != 'index.html') {
 321                      $filefound = TRUE;
 322                  }
 323              }
 324          }
 325          closedir($dirHandle);
 326          unset($rawavatar);
 327          if ($filefound) {
 328              $avatar = postedVar('newavatar', 'javascript', TRUE, TRUE, TRUE);
 329          } else {
 330              $avatar = '';
 331          }
 332      } else {
 333          $avatar = '';
 334      }
 335  
 336      $db->query("UPDATE ".X_PREFIX."members SET status='$status', customstatus='$cusstatus', email='$email', site='$site', aim='$aim', location='$location', bio='$bio', sig='$sig', showemail='$showemail', timeoffset='$timeoffset1', icq='$icq', avatar='$avatar', yahoo='$yahoo', theme='$thememem', bday='$bday', langfile='$langfilenew', tpp='$tppnew', ppp='$pppnew', newsletter='$newsletter', timeformat='$timeformatnew', msn='$msn', dateformat='$dateformatnew', mood='$mood', invisible='$invisible', saveogu2u='$saveogu2u', emailonu2u='$emailonu2u', useoldu2u='$useoldu2u', u2ualert=$u2ualert WHERE username='$user'");
 337      $newpassword = $_POST['newpassword'];
 338      if ($newpassword) {
 339          $newpassword = md5($newpassword);
 340          $db->query("UPDATE ".X_PREFIX."members SET password='$newpassword' WHERE username='$user'");
 341      }
 342  
 343      message($lang['adminprofilechange'], TRUE, '', '', $full_url.'cp.php', true, false, true);
 344  }
 345  
 346  end_time();
 347  eval('$footer = "'.template('footer').'";');
 348  echo $header, $editpage, $footer;
 349  ?>

title

Description

title

Description

title

Description

title

title

Body