view_profile($superCage->get->getInt('uid')); $icon_array = array( 'ok' => cpg_fetch_icon('ok', 0), 'password' => cpg_fetch_icon('key_enter', 0), 'delete' => cpg_fetch_icon('delete', 0), 'edit' => cpg_fetch_icon('edit', 2), ); function cpgUserPicCount($uid) { global $CONFIG; $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE owner_id = $uid"); list($pic_count) = $result->fetchRow(true); return $pic_count; } function cpgUserThumb($uid) { global $CONFIG, $FORBIDDEN_SET; $query = "SELECT COUNT(*), MAX(pid) FROM {$CONFIG['TABLE_PICTURES']} AS p WHERE owner_id = '$uid' AND approved = 'YES' $FORBIDDEN_SET"; $result = cpg_db_query($query); list($picture_count, $thumb_pid) = $result->fetchRow(true); $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_ALBUMS']} AS p WHERE category = '" . (FIRST_USER_CAT + $uid) . "' $FORBIDDEN_SET"); list($album_count) = $result->fetchRow(true); $user_thumb = ''; if ($picture_count) { $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = $thumb_pid"; $result = cpg_db_query($sql); if ($result->numRows()) { $picture = $result->fetchAssoc(); $pic_url = get_pic_url($picture, 'thumb'); if (!is_image($picture['filename'])) { $image_info = cpg_getimagesize(urldecode($pic_url)); $picture['pwidth'] = $image_info[0]; $picture['pheight'] = $image_info[1]; } $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['thumb_width']); $user_thumb = '

'; } $result->free(); } return $user_thumb; } function cpgUserLastComment($uid) { global $CONFIG, $FORBIDDEN_SET; $result = cpg_db_query("SELECT COUNT(*), MAX(msg_id) FROM {$CONFIG['TABLE_COMMENTS']} AS c INNER JOIN {$CONFIG['TABLE_PICTURES']} AS p ON p.pid = c.pid WHERE approval = 'YES' AND author_id = '$uid' $FORBIDDEN_SET"); list($comment_count, $lastcom_id) = $result->fetchRow(true); $lastComArray = array( 'count' => 0, 'thumb' => '' ); if ($comment_count) { $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight, msg_author, UNIX_TIMESTAMP(msg_date) as msg_date, msg_body FROM {$CONFIG['TABLE_COMMENTS']} AS c INNER JOIN {$CONFIG['TABLE_PICTURES']} AS p ON p.pid = c.pid WHERE msg_id = $lastcom_id"; $result = cpg_db_query($sql); if ($result->numRows()) { $row = $result->fetchAssoc(); $pic_url = get_pic_url($row, 'thumb'); if (!is_image($row['filename'])) { $image_info = cpg_getimagesize(urldecode($pic_url)); $row['pwidth'] = $image_info[0]; $row['pheight'] = $image_info[1]; } $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']); $lastcom = '

'; $lastComArray = array( 'thumb' => $lastcom, 'comment' => $row['msg_body'], 'msg_date' => $row['msg_date'], 'count' => $comment_count, ); } $result->free(); } return $lastComArray; } $edit_profile_form_param = array( array('text', 'username', cpg_fetch_icon('my_profile', 2) . $lang_register_php['username']), array('text', 'status', cpg_fetch_icon('online', 2) . $lang_usermgr_php['status']), array('text', 'reg_date', cpg_fetch_icon('calendar', 2) . $lang_register_php['reg_date']), array('text', 'group', cpg_fetch_icon('groups_mgr', 2) . $lang_register_php['group']) ); if ($CONFIG['allow_email_change'] == 1 || GALLERY_ADMIN_MODE) { $edit_profile_form_param[] = array('input', 'email', cpg_fetch_icon('mail', 2) . $lang_register_php['email'],255); } else { $edit_profile_form_param[] = array('text', 'email', cpg_fetch_icon('mail', 2) . $lang_register_php['email'],255); } if ($CONFIG['user_profile1_name'] != '') { $edit_profile_form_param[] = array('input', 'user_profile1', $CONFIG['user_profile1_name'], 255); } if ($CONFIG['user_profile2_name'] != '') { $edit_profile_form_param[] = array('input', 'user_profile2', $CONFIG['user_profile2_name'], 255); } if ($CONFIG['user_profile3_name'] != '') { $edit_profile_form_param[] = array('input', 'user_profile3', $CONFIG['user_profile3_name'], 255); } if ($CONFIG['user_profile4_name'] != '') { $edit_profile_form_param[] = array('input', 'user_profile4', $CONFIG['user_profile4_name'], 255); } if ($CONFIG['user_profile5_name'] != '') { $edit_profile_form_param[] = array('input', 'user_profile5', $CONFIG['user_profile5_name'], 255); } if ($CONFIG['user_profile6_name'] != '') { $edit_profile_form_param[] = array('textarea', 'user_profile6', $CONFIG['user_profile6_name'], 255); } $edit_profile_form_param[] = array('text', 'disk_usage', cpg_fetch_icon('disk_usage', 2) . $lang_register_php['disk_usage']); $display_profile_form_param = array( array('text', 'username', $lang_register_php['username']), array('text', 'status', $lang_usermgr_php['status']), array('text', 'reg_date', $lang_register_php['reg_date']), array('text', 'group', $lang_register_php['group']) ); if ($CONFIG['user_profile1_name'] != '') { $display_profile_form_param[] = array('text', 'user_profile1', $CONFIG['user_profile1_name']); } if ($CONFIG['user_profile2_name'] != '') { $display_profile_form_param[] = array('text', 'user_profile2', $CONFIG['user_profile2_name']); } if ($CONFIG['user_profile3_name'] != '') { $display_profile_form_param[] = array('text', 'user_profile3', $CONFIG['user_profile3_name']); } if ($CONFIG['user_profile4_name'] != '') { $display_profile_form_param[] = array('text', 'user_profile4', $CONFIG['user_profile4_name']); } if ($CONFIG['user_profile5_name'] != '') { $display_profile_form_param[] = array('text', 'user_profile5', $CONFIG['user_profile5_name']); } if ($CONFIG['user_profile6_name'] != '') { $display_profile_form_param[] = array('text', 'user_profile6', $CONFIG['user_profile6_name']); } $display_profile_form_param[] = array('text', 'pic_count', $lang_register_php['pic_count']); $display_profile_form_param[] = array('thumb', 'user_thumb'); $display_profile_form_param[] = array('text', 'admin_link', ''); $change_password_form_param = array( array('password', 'current_pass', $lang_register_php['current_pass']), array('password', 'new_pass', $lang_register_php['new_pass']), array('password', 'new_pass_again', $lang_register_php['new_pass_again']), ); function make_form($form_param, $form_data) { global $CONFIG, $lang_register_php; $loopCounter = 0; foreach ($form_param as $element) { if ($loopCounter / 2 == floor($loopCounter / 2)) { $cellStyle = 'tableb'; } else { $cellStyle = 'tableb tableb_alternate'; } switch ($element[0]) { case 'label': echo << {$element[1]} EOT; break; case 'text': if ($form_data[$element[1]] == '') { break; } echo << {$element[2]} {$form_data[$element[1]]} EOT; break; case 'input': $value = $form_data[$element[1]]; if ($element[2]) { echo <<< EOT {$element[2]} EOT; } break; case 'textarea': $value = $form_data[$element[1]]; if ($element[2]) { echo <<< EOT {$element[2]} EOT; } break; case 'password': echo <<< EOT {$element[2]} EOT; break; case 'thumb': $value = $form_data[$element[1]]; if ($value) { echo <<< EOT

$value

EOT; } break; default: cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__); } $loopCounter++; } } function get_post_var($var) { global $lang_errors; $superCage = Inspekt::makeSuperCage(); if (!$superCage->post->keyExists($var)) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ($var)", __FILE__, __LINE__); } return $superCage->post->getEscaped($var); } if ($superCage->get->keyExists('op') && ($matches = $superCage->get->getMatched('op', '/^[a-z_]+$/'))) { $op = $matches[0]; } else { $op = ''; } if ($superCage->get->keyExists('uid')) { $uid = $superCage->get->getInt('uid'); } else { $uid = -1; } if ($superCage->post->keyExists('change_pass')) { $op = 'change_pass'; } if ($superCage->post->keyExists('change_profile') && USER_ID && UDB_INTEGRATION == 'coppermine') { //!defined('UDB_INTEGRATION')) { //Check if the form token is valid if(!checkFormToken()){ cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $error = false; if ($CONFIG['allow_email_change'] || GALLERY_ADMIN_MODE) { $email = $superCage->post->getEscaped('email'); if (!Inspekt::isEmail($email)) { $error = $lang_register_php['email_warning2'] . ' [' . $email .']'; //preg_match('#' . $adminDataValue['regex'] . '#i', $evaluate_value) == FALSE } elseif (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '$email' AND user_id <> " . USER_ID; $result = cpg_db_query($sql); if ($result->numRows()) { $error = $lang_register_php['err_duplicate_email']; } } } $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_profile1 = '$profile1', user_profile2 = '$profile2', user_profile3 = '$profile3', user_profile4 = '$profile4', user_profile5 = '$profile5', user_profile6 = '$profile6'" . (($CONFIG['allow_email_change'] || GALLERY_ADMIN_MODE) && !$error ? ", user_email = '$email'" : "") . " WHERE user_id = '" . USER_ID . "'"; $result = cpg_db_query($sql); CPGPluginAPI::action('profile_submit_form', null); $title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME)); if (!$error) { $redirect = "index.php"; pageheader($title, ""); msg_box($lang_common['information'], $lang_register_php['update_success'], $lang_common['continue'], $redirect); } else { $redirect = 'profile.php?op=edit_profile'; pageheader($title, ""); msg_box($lang_common['error'], $error, $lang_common['back'], $redirect); } pagefooter(); exit; } if ($superCage->post->keyExists('change_password') && USER_ID && UDB_INTEGRATION == 'coppermine') { //!defined('UDB_INTEGRATION')) { //Check if the form token is valid if(!checkFormToken()){ cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $current_pass = get_post_var('current_pass'); $new_pass = get_post_var('new_pass'); $new_pass_again = get_post_var('new_pass_again'); if (utf_strlen($new_pass) < 2) { cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__); } if ($new_pass != $new_pass_again) { cpg_die(ERROR, $lang_register_php['password_verification_warning1'], __FILE__, __LINE__); } require 'include/passwordhash.inc.php'; $sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '" . USER_ID . "' LIMIT 1"; $result = cpg_db_query($sql); $password_params = $result->fetchAssoc(true); $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET ".cpg_password_create_update_string($new_pass)." WHERE user_id = '" . USER_ID . "' "; if (!$password_params['user_password_salt']) { $sql .= "AND BINARY user_password = '".md5($current_pass)."'"; } elseif (!cpg_password_validate($current_pass, $password_params)) { cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__); } $result = cpg_db_query($sql); if (!cpg_db_affected_rows()) { cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__); } $title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME)); $redirect = $CPG_PHP_SELF . "?op=edit_profile"; cpgRedirectPage($redirect, $title, $lang_register_php['pass_chg_success'], 3, 'success'); exit; } switch ($op) { case 'edit_profile' : if (!USER_ID) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $cpg_udb->edit_profile(USER_ID); $sql = "SELECT user_name, user_email, user_group, user_active, UNIX_TIMESTAMP(user_regdate) AS user_regdate, group_name, " . "user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_group_list, " . "COUNT(pid) AS pic_count, SUM(total_filesize) AS disk_usage, group_quota " . "FROM {$CONFIG['TABLE_USERS']} AS u " . "INNER JOIN {$CONFIG['TABLE_USERGROUPS']} AS g ON user_group = group_id " . "LEFT JOIN {$CONFIG['TABLE_PICTURES']} AS p ON p.owner_id = u.user_id " . "WHERE user_id ='" . USER_ID . "' " . "GROUP BY user_id "; $result = cpg_db_query($sql); if (!$result->numRows()) { cpg_die(ERROR, $lang_register_php['err_unk_user'], __FILE__, __LINE__); } $user_data = $result->fetchAssoc(true); $group_list = ''; if ($user_data['user_group_list'] != '') { $sql = "SELECT group_name " . "FROM {$CONFIG['TABLE_USERGROUPS']} " . "WHERE group_id IN ({$user_data['user_group_list']}) AND group_id != {$user_data['user_group']} " . "ORDER BY group_name"; $result = cpg_db_query($sql); while ($row = $result->fetchArray()) { $group_list .= $row['group_name'] . ', '; } $result->free(); if ($group_list) { $group_list = '
(' . substr($group_list, 0, -2) . ')'; } } if ($user_data['user_active'] == 'YES') { $user_status = $lang_usermgr_php['status_active']; } else { $user_status = $lang_usermgr_php['status_inactive']; } if ($user_data['disk_usage'] != '') { $disk_usage = $user_data['disk_usage']; } else { $disk_usage = 0; } $group_quota = '0'; $group_quota_separator = ''; if ($USER_DATA['group_quota']) { $group_quota = $USER_DATA['group_quota']; $group_quota_separator = '/'; } if (!GALLERY_ADMIN_MODE && $group_quota > 0) { $disk_usage = ceil($disk_usage / 1024); $disk_usage_output = theme_display_bar($disk_usage, $group_quota, 300, '', '', $group_quota_separator . $group_quota . $lang_byte_units[1], 'red', 'green'); } else { $disk_usage_output = cpg_format_bytes($disk_usage); } $form_data = array( 'username' => $user_data['user_name'], 'reg_date' => localised_date($user_data['user_regdate'], $lang_date['register']), 'status' => $user_status, 'group' => $user_data['group_name'] . $group_list, 'email' => $user_data['user_email'], 'disk_usage' => $disk_usage_output, 'user_profile1' => $user_data['user_profile1'], 'user_profile2' => $user_data['user_profile2'], 'user_profile3' => $user_data['user_profile3'], 'user_profile4' => $user_data['user_profile4'], 'user_profile5' => $user_data['user_profile5'], 'user_profile6' => $user_data['user_profile6'], ); $title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME)); pageheader($title); echo << EOT; starttable(-1, cpg_fetch_icon('my_profile', 2) . $title, 2); make_form($edit_profile_form_param, $form_data); $pic_count = cpgUserPicCount(USER_ID); $user_thumb = cpgUserThumb(USER_ID); $userID = USER_ID; $lastComArray = cpgUserLastComment(USER_ID); if ($lastComArray['count'] > 0) { $lastComByText = ' '. cpg_fetch_icon('comment_approval', 0, sprintf($lang_register_php['last_comments_detail'], $lang_register_php['you'])). ''; $lastComDate = '
'. ''. localised_date($lastComArray['msg_date'], $lang_date['lastcom']). ''; $lastComText = '
'. ''. bb_decode(process_smilies($lastComArray['comment'])). ''; } else { $lastComByText = ''; $lastComDate = ''; $lastComText = $lang_register_php['none']; } if ($pic_count > 0) { $lastUploadByText = ' '. cpg_fetch_icon('last_uploads', 0, sprintf($lang_register_php['last_uploads_detail'], $lang_register_php['you'])). ''; $lastUploadText = ''. ''. $user_thumb. ''. ''; } else { $lastUploadByText = ''; $lastUploadText = $lang_register_php['none']; } echo <<< EOT {$lang_register_php['pic_count']} {$pic_count} {$lang_register_php['last_comments']} {$lastComByText} {$lastComArray['thumb']} {$lastComDate} {$lastComText} {$lang_register_php['last_uploads']} {$lastUploadByText} {$lastUploadText} EOT; CPGPluginAPI::action('profile_display_form', null); echo <<< EOT EOT; endtable(); list($timestamp, $form_token) = getFormToken(); echo " "; if ($CONFIG['allow_user_account_delete'] != 0) { // user is allowed to delete his account --- start print <<< EOT
"; } // user is allowed to delete his account --- end pagefooter(); break; case 'change_pass' : if (!USER_ID) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } // Just a sanity check (should get caught when user clicks 'My Profile') if (UDB_INTEGRATION != 'coppermine') { $cpg_udb->edit_profile(USER_ID); } $title = $lang_register_php['change_pass']; pageheader($title); echo << EOT; starttable(-1, cpg_fetch_icon('my_profile', 2) . $title, 2); make_form($change_password_form_param, ''); echo << EOT; endtable(); //echo '

3

'; list($timestamp, $form_token) = getFormToken(); echo " "; pagefooter(); break; default: $user_data = $cpg_udb->get_user_infos($uid); $user_thumb = cpgUserThumb($uid); $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_id = '$uid' AND brute_force = 0 LIMIT 1"); if ($result->numRows()) { $user_status = $lang_register_php['banned']; } elseif (isset($user_data['user_active']) && $user_data['user_active'] == 'YES') { $user_status = $lang_usermgr_php['status_active']; } elseif (isset($user_data['user_active']) && $user_data['user_active'] == 'NO') { $user_status = $lang_usermgr_php['status_inactive']; } else { $user_status = ''; } if ($user_thumb != '') { $user_thumb = '' . '' . '' . $lang_register_php['last_uploads']. '
'. sprintf($lang_register_php['last_uploads_detail'], $user_data['user_name']) . '
' . $user_thumb . ''; } $lastComArray = cpgUserLastComment($uid); if ($lastComArray['count'] != 0) { $lastcom = '' . '' . '' . $lang_register_php['last_comments'] . '
' . sprintf($lang_register_php['last_comments_detail'], $user_data['user_name']) . '
' . $lastComArray['thumb'] . '
'; $lastcom .= "" . localised_date($lastComArray['msg_date'], $lang_date['lastcom']) . '' . "" . bb_decode(process_smilies($lastComArray['comment'])) . ''; } $quick_jump = ($user_thumb . $lastcom) ? '' . $user_thumb . $lastcom . '

' : ''; list($timestamp, $form_token) = getFormToken(); if ($uid == USER_ID) { $adminLink = ''.$lang_register_php['edit_my_profile'].''; } elseif (GALLERY_ADMIN_MODE) { $adminLink = '' . $icon_array['edit'] . sprintf($lang_register_php['edit_xs_profile'], $user_data['user_name']).''; } else { $adminLink = ''; } $form_data = array( 'username' => $user_data['user_name'], 'status' => $user_status, 'reg_date' => localised_date($user_data['user_regdate'], $lang_date['register']), 'group' => $user_data['group_name'], 'user_profile1' => $user_data['user_profile1'], 'user_profile2' => $user_data['user_profile2'], 'user_profile3' => $user_data['user_profile3'], 'user_profile4' => $user_data['user_profile4'], 'user_profile5' => $user_data['user_profile5'], 'user_profile6' => bb_decode($user_data['user_profile6']), 'user_thumb' => $quick_jump, 'pic_count' => cpgUserPicCount($uid), 'admin_link' => $adminLink, ); $title = sprintf($lang_register_php['x_s_profile'], $user_data['user_name']); pageheader($title); // Displays the profile of any user starttable(-1, cpg_fetch_icon('my_profile', 2) . $title, 2); $profile_data = CPGPluginAPI::filter('profile_add_data', array ( 0 => $display_profile_form_param, 1 => $form_data )); make_form($display_profile_form_param, $form_data); endtable(); pagefooter(); break; } //EOF