Changeset 3 for branches/rsr.v5.1.dev/web/punbb/profile.php
- Timestamp:
- Nov 14, 2011, 11:17:15 PM (13 years ago)
- File:
-
- 1 edited
-
branches/rsr.v5.1.dev/web/punbb/profile.php (modified) (89 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/rsr.v5.1.dev/web/punbb/profile.php
r1 r3 1 1 <?php 2 2 3 /*********************************************************************** 4 5 Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) 6 7 This file is part of PunBB. 8 9 PunBB is free software; you can redistribute it and/or modify it 10 under the terms of the GNU General Public License as published 11 by the Free Software Foundation; either version 2 of the License, 12 or (at your option) any later version. 13 14 PunBB is distributed in the hope that it will be useful, but 15 WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 You should have received a copy of the GNU General Public License 20 along with this program; if not, write to the Free Software 21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, 22 MA 02111-1307 USA 23 24 ************************************************************************/ 25 26 27 define('PUN_ROOT', './'); 3 /** 4 * Copyright (C) 2008-2011 FluxBB 5 * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB 6 * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher 7 */ 8 9 define('PUN_ROOT', dirname(__FILE__).'/'); 28 10 require PUN_ROOT.'include/common.php'; 11 12 // Include UTF-8 function 13 require PUN_ROOT.'include/utf8/substr_replace.php'; 14 require PUN_ROOT.'include/utf8/ucwords.php'; // utf8_ucwords needs utf8_substr_replace 15 require PUN_ROOT.'include/utf8/strcasecmp.php'; 29 16 30 17 $action = isset($_GET['action']) ? $_GET['action'] : null; … … 34 21 message($lang_common['Bad request']); 35 22 36 if ($pun_user['g_read_board'] == '0' && ($action != 'change_pass' || !isset($_GET['key']))) 37 message($lang_common['No view']); 23 if ($action != 'change_pass' || !isset($_GET['key'])) 24 { 25 if ($pun_user['g_read_board'] == '0') 26 message($lang_common['No view']); 27 else if ($pun_user['g_view_users'] == '0' && ($pun_user['is_guest'] || $pun_user['id'] != $id)) 28 message($lang_common['No permission']); 29 } 38 30 39 31 // Load the profile.php/register.php language file … … 57 49 $key = $_GET['key']; 58 50 59 $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Impossible de retrouver le nouveau mot de passe', __FILE__, __LINE__, $db->error());60 list($new_password_hash, $new_password_key) = $db->fetch_row($result);61 62 if ($key == '' || $key != $ new_password_key)51 $result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error()); 52 $cur_user = $db->fetch_assoc($result); 53 54 if ($key == '' || $key != $cur_user['activate_key']) 63 55 message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); 64 56 else 65 57 { 66 $db->query('UPDATE '.$db->prefix.'users SET password=\''.$ new_password_hash.'\', activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Impossible de modifier le mot de passe', __FILE__, __LINE__, $db->error());58 $db->query('UPDATE '.$db->prefix.'users SET password=\''.$cur_user['activate_string'].'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); 67 59 68 60 message($lang_profile['Pass updated'], true); … … 73 65 if ($pun_user['id'] != $id) 74 66 { 75 if ( $pun_user['g_id'] > PUN_MOD)// A regular user trying to change another users password?67 if (!$pun_user['is_admmod']) // A regular user trying to change another users password? 76 68 message($lang_common['No permission']); 77 else if ($pun_user['g_ id'] == PUN_MOD)// A moderator trying to change a users password?78 { 79 $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());69 else if ($pun_user['g_moderator'] == '1') // A moderator trying to change a users password? 70 { 71 $result = $db->query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); 80 72 if (!$db->num_rows($result)) 81 73 message($lang_common['Bad request']); 82 74 83 if ($pun_config['p_mod_edit_users'] == '0' || $pun_config['p_mod_change_passwords'] == '0' || $db->result($result) < PUN_GUEST) 75 list($group_id, $is_moderator) = $db->fetch_row($result); 76 77 if ($pun_user['g_mod_edit_users'] == '0' || $pun_user['g_mod_change_passwords'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1') 84 78 message($lang_common['No permission']); 85 79 } … … 88 82 if (isset($_POST['form_sent'])) 89 83 { 90 $old_password = isset($_POST['req_old_password']) ? trim($_POST['req_old_password']) : ''; 91 $new_password1 = trim($_POST['req_new_password1']); 92 $new_password2 = trim($_POST['req_new_password2']); 84 if ($pun_user['is_admmod']) 85 confirm_referrer('profile.php'); 86 87 $old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : ''; 88 $new_password1 = pun_trim($_POST['req_new_password1']); 89 $new_password2 = pun_trim($_POST['req_new_password2']); 93 90 94 91 if ($new_password1 != $new_password2) 95 92 message($lang_prof_reg['Pass not match']); 96 if ( strlen($new_password1) < 4)93 if (pun_strlen($new_password1) < 4) 97 94 message($lang_prof_reg['Pass too short']); 98 95 99 $result = $db->query('SELECT password, save_pass FROM '.$db->prefix.'users WHERE id='.$id) or error('Impossible de retrouver le mot de passe', __FILE__, __LINE__, $db->error());100 list($db_password_hash, $save_pass) = $db->fetch_row($result);96 $result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch password', __FILE__, __LINE__, $db->error()); 97 $cur_user = $db->fetch_assoc($result); 101 98 102 99 $authorized = false; 103 100 104 if (!empty($db_password_hash)) 105 { 106 $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false; 107 $sha1_available = (function_exists('sha1') || function_exists('mhash')) ? true : false; 108 109 $old_password_hash = pun_hash($old_password); // This could result in either an SHA-1 or an MD5 hash 110 111 if (($sha1_in_db && $sha1_available && $db_password_hash == $old_password_hash) || 112 (!$sha1_in_db && $db_password_hash == md5($old_password)) || 113 $pun_user['g_id'] < PUN_GUEST) 101 if (!empty($cur_user['password'])) 102 { 103 $old_password_hash = pun_hash($old_password); 104 105 if ($cur_user['password'] == $old_password_hash || $pun_user['is_admmod']) 114 106 $authorized = true; 115 107 } … … 120 112 $new_password_hash = pun_hash($new_password1); 121 113 122 $db->query('UPDATE '.$db->prefix.'users SET password=\''.$new_password_hash.'\' WHERE id='.$id) or error('Impossible de modifier le mot de passe', __FILE__, __LINE__, $db->error());114 $db->query('UPDATE '.$db->prefix.'users SET password=\''.$new_password_hash.'\''.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error()); 123 115 124 116 if ($pun_user['id'] == $id) 125 { 126 $expire = ($save_pass == '1') ? time() + 31536000 : 0; 127 pun_setcookie($pun_user['id'], $new_password_hash, $expire); 128 } 117 pun_setcookie($pun_user['id'], $new_password_hash, time() + $pun_config['o_timeout_visit']); 129 118 130 119 redirect('profile.php?section=essentials&id='.$id, $lang_profile['Pass updated redirect']); 131 120 } 132 121 133 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];122 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Change pass']); 134 123 $required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']); 135 $focus_element = array('change_pass', (($pun_user['g_id'] > PUN_MOD) ? 'req_old_password' : 'req_new_password1')); 124 $focus_element = array('change_pass', ((!$pun_user['is_admmod']) ? 'req_old_password' : 'req_new_password1')); 125 define('PUN_ACTIVE_PAGE', 'profile'); 136 126 require PUN_ROOT.'header.php'; 137 127 … … 146 136 <legend><?php echo $lang_profile['Change pass legend'] ?></legend> 147 137 <div class="infldset"> 148 <?php if ( $pun_user['g_id'] > PUN_MOD): ?> <label><strong><?php echo $lang_profile['Old pass'] ?></strong><br />149 <input type="password" name="req_old_password" size="16" maxlength="16"/><br /></label>150 <?php endif; ?> <label class="conl "><strong><?php echo $lang_profile['New pass'] ?></strong><br />151 <input type="password" name="req_new_password1" size="16" maxlength="16"/><br /></label>152 <label class="conl "><strong><?php echo $lang_profile['Confirm new pass'] ?></strong><br />153 <input type="password" name="req_new_password2" size="16" maxlength="16"/><br /></label>154 < div class="clearb"></div>138 <?php if (!$pun_user['is_admmod']): ?> <label class="required"><strong><?php echo $lang_profile['Old pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /> 139 <input type="password" name="req_old_password" size="16" /><br /></label> 140 <?php endif; ?> <label class="conl required"><strong><?php echo $lang_profile['New pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /> 141 <input type="password" name="req_new_password1" size="16" /><br /></label> 142 <label class="conl required"><strong><?php echo $lang_profile['Confirm new pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /> 143 <input type="password" name="req_new_password2" size="16" /><br /></label> 144 <p class="clearb"><?php echo $lang_profile['Pass info'] ?></p> 155 145 </div> 156 146 </fieldset> 157 147 </div> 158 <p ><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>148 <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> 159 149 </form> 160 150 </div> … … 168 158 else if ($action == 'change_email') 169 159 { 170 // Make sure we are allowed to change this users e -mail160 // Make sure we are allowed to change this users email 171 161 if ($pun_user['id'] != $id) 172 162 { 173 if ( $pun_user['g_id'] > PUN_MOD) // A regular user trying to change another users e-mail?163 if (!$pun_user['is_admmod']) // A regular user trying to change another users email? 174 164 message($lang_common['No permission']); 175 else if ($pun_user['g_ id'] == PUN_MOD) // A moderator trying to change a users e-mail?176 { 177 $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());165 else if ($pun_user['g_moderator'] == '1') // A moderator trying to change a users email? 166 { 167 $result = $db->query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); 178 168 if (!$db->num_rows($result)) 179 169 message($lang_common['Bad request']); 180 170 181 if ($pun_config['p_mod_edit_users'] == '0' || $db->result($result) < PUN_GUEST) 171 list($group_id, $is_moderator) = $db->fetch_row($result); 172 173 if ($pun_user['g_mod_edit_users'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1') 182 174 message($lang_common['No permission']); 183 175 } … … 188 180 $key = $_GET['key']; 189 181 190 $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error(' Impossible de retrouver les données d\'activation', __FILE__, __LINE__, $db->error());182 $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error()); 191 183 list($new_email, $new_email_key) = $db->fetch_row($result); 192 184 193 if ($key != $new_email_key)194 message($lang_profile['E -mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');185 if ($key == '' || $key != $new_email_key) 186 message($lang_profile['Email key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); 195 187 else 196 188 { 197 $db->query('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error(' Impossible de modifier l\'adresse e-mail', __FILE__, __LINE__, $db->error());198 199 message($lang_profile['E -mail updated'], true);189 $db->query('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update email address', __FILE__, __LINE__, $db->error()); 190 191 message($lang_profile['Email updated'], true); 200 192 } 201 193 } … … 207 199 require PUN_ROOT.'include/email.php'; 208 200 209 // Validate the email -address201 // Validate the email address 210 202 $new_email = strtolower(trim($_POST['req_new_email'])); 211 203 if (!is_valid_email($new_email)) 212 message($lang_common['Invalid e -mail']);213 214 // Check i t it's a banned e-mail address204 message($lang_common['Invalid email']); 205 206 // Check if it's a banned email address 215 207 if (is_banned_email($new_email)) 216 208 { 217 209 if ($pun_config['p_allow_banned_email'] == '0') 218 message($lang_prof_reg['Banned e -mail']);210 message($lang_prof_reg['Banned email']); 219 211 else if ($pun_config['o_mailing_list'] != '') 220 212 { 221 $mail_subject = 'Alerte - Adresse e-mail bannis détectée'; 222 $mail_message = 'L\'utilisateur \''.$pun_user['username'].'\' a changé son e-mail en une adresse interdite : '.$new_email."\n\n".'Profil utilisateur : '.$pun_config['o_base_url'].'/profile.php?id='.$id."\n\n".'-- '."\n".'E-mail automatique'."\n".'(Ne répondez pas à ce message)'; 213 // Load the "banned email change" template 214 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/banned_email_change.tpl')); 215 216 // The first row contains the subject 217 $first_crlf = strpos($mail_tpl, "\n"); 218 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); 219 $mail_message = trim(substr($mail_tpl, $first_crlf)); 220 221 $mail_message = str_replace('<username>', $pun_user['username'], $mail_message); 222 $mail_message = str_replace('<email>', $new_email, $mail_message); 223 $mail_message = str_replace('<profile_url>', get_base_url().'/profile.php?id='.$id, $mail_message); 224 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'], $mail_message); 223 225 224 226 pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); … … 226 228 } 227 229 228 // Check if someone else already has registered with that e -mail address229 $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($new_email).'\'') or error(' Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());230 // Check if someone else already has registered with that email address 231 $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($new_email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); 230 232 if ($db->num_rows($result)) 231 233 { 232 234 if ($pun_config['p_allow_dupe_email'] == '0') 233 message($lang_prof_reg['Dupe e -mail']);235 message($lang_prof_reg['Dupe email']); 234 236 else if ($pun_config['o_mailing_list'] != '') 235 237 { … … 237 239 $dupe_list[] = $cur_dupe['username']; 238 240 239 $mail_subject = 'Alerte - Adresse e-mail en doublon détectée'; 240 $mail_message = 'L\'utilisateur \''.$pun_user['username'].'\' a changé son e-mail pour une adresse qui appartient déjà à : '.implode(', ', $dupe_list)."\n\n".'Profil utilisateur : '.$pun_config['o_base_url'].'/profile.php?id='.$id."\n\n".'-- '."\n".'E-mail automatique'."\n".'(Ne répondez pas à ce message)'; 241 // Load the "dupe email change" template 242 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/dupe_email_change.tpl')); 243 244 // The first row contains the subject 245 $first_crlf = strpos($mail_tpl, "\n"); 246 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); 247 $mail_message = trim(substr($mail_tpl, $first_crlf)); 248 249 $mail_message = str_replace('<username>', $pun_user['username'], $mail_message); 250 $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message); 251 $mail_message = str_replace('<profile_url>', get_base_url().'/profile.php?id='.$id, $mail_message); 252 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'], $mail_message); 241 253 242 254 pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); … … 247 259 $new_email_key = random_pass(8); 248 260 249 $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$db->escape($new_email).'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error(' Impossible de modifier les données d\'activation', __FILE__, __LINE__, $db->error());250 251 // Load the "activate e -mail" template261 $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$db->escape($new_email).'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error()); 262 263 // Load the "activate email" template 252 264 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl')); 253 265 … … 258 270 259 271 $mail_message = str_replace('<username>', $pun_user['username'], $mail_message); 260 $mail_message = str_replace('<base_url>', $pun_config['o_base_url'], $mail_message);261 $mail_message = str_replace('<activation_url>', $pun_config['o_base_url'].'/profile.php?action=change_email&id='.$id.'&key='.$new_email_key, $mail_message);262 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] .' '.$lang_common['Mailer'], $mail_message);272 $mail_message = str_replace('<base_url>', get_base_url(), $mail_message); 273 $mail_message = str_replace('<activation_url>', get_base_url().'/profile.php?action=change_email&id='.$id.'&key='.$new_email_key, $mail_message); 274 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'], $mail_message); 263 275 264 276 pun_mail($new_email, $mail_subject, $mail_message); 265 277 266 message($lang_profile['Activate e -mail sent'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);267 } 268 269 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];270 $required_fields = array('req_new_email' => $lang_profile['New e -mail'], 'req_password' => $lang_common['Password']);278 message($lang_profile['Activate email sent'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true); 279 } 280 281 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Change email']); 282 $required_fields = array('req_new_email' => $lang_profile['New email'], 'req_password' => $lang_common['Password']); 271 283 $focus_element = array('change_email', 'req_new_email'); 284 define('PUN_ACTIVE_PAGE', 'profile'); 272 285 require PUN_ROOT.'header.php'; 273 286 274 287 ?> 275 288 <div class="blockform"> 276 <h2><span><?php echo $lang_profile['Change e -mail'] ?></span></h2>289 <h2><span><?php echo $lang_profile['Change email'] ?></span></h2> 277 290 <div class="box"> 278 291 <form id="change_email" method="post" action="profile.php?action=change_email&id=<?php echo $id ?>" id="change_email" onsubmit="return process_form(this)"> 279 292 <div class="inform"> 280 293 <fieldset> 281 <legend><?php echo $lang_profile['E -mail legend'] ?></legend>294 <legend><?php echo $lang_profile['Email legend'] ?></legend> 282 295 <div class="infldset"> 283 296 <input type="hidden" name="form_sent" value="1" /> 284 <label ><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label>285 <label ><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password" size="16" maxlength="16" /><br /></label>286 <p><?php echo $lang_profile['E -mail instructions'] ?></p>297 <label class="required"><strong><?php echo $lang_profile['New email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_new_email" size="50" maxlength="80" /><br /></label> 298 <label class="required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password" size="16" /><br /></label> 299 <p><?php echo $lang_profile['Email instructions'] ?></p> 287 300 </div> 288 301 </fieldset> 289 302 </div> 290 <p ><input type="submit" name="new_email" value="<?php echo $lang_common['Submit'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>303 <p class="buttons"><input type="submit" name="new_email" value="<?php echo $lang_common['Submit'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> 291 304 </form> 292 305 </div> … … 303 316 message($lang_profile['Avatars disabled']); 304 317 305 if ($pun_user['id'] != $id && $pun_user['g_id'] > PUN_MOD)318 if ($pun_user['id'] != $id && !$pun_user['is_admmod']) 306 319 message($lang_common['No permission']); 307 320 … … 310 323 if (!isset($_FILES['req_file'])) 311 324 message($lang_profile['No file']); 312 325 313 326 $uploaded_file = $_FILES['req_file']; 314 327 … … 318 331 switch ($uploaded_file['error']) 319 332 { 320 case 1: 321 case 2: 333 case 1: // UPLOAD_ERR_INI_SIZE 334 case 2: // UPLOAD_ERR_FORM_SIZE 322 335 message($lang_profile['Too large ini']); 323 336 break; 324 337 325 case 3: 338 case 3: // UPLOAD_ERR_PARTIAL 326 339 message($lang_profile['Partial upload']); 327 340 break; 328 341 329 case 4: 342 case 4: // UPLOAD_ERR_NO_FILE 330 343 message($lang_profile['No file']); 331 344 break; 332 345 333 case 6: 346 case 6: // UPLOAD_ERR_NO_TMP_DIR 334 347 message($lang_profile['No tmp directory']); 335 348 break; … … 345 358 if (is_uploaded_file($uploaded_file['tmp_name'])) 346 359 { 360 // Preliminary file check, adequate in most cases 347 361 $allowed_types = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png'); 348 362 if (!in_array($uploaded_file['type'], $allowed_types)) … … 351 365 // Make sure the file isn't too big 352 366 if ($uploaded_file['size'] > $pun_config['o_avatars_size']) 353 message($lang_profile['Too large'].' '.$pun_config['o_avatars_size'].' '.$lang_profile['bytes'].'.'); 367 message($lang_profile['Too large'].' '.forum_number_format($pun_config['o_avatars_size']).' '.$lang_profile['bytes'].'.'); 368 369 // Move the file to the avatar directory. We do this before checking the width/height to circumvent open_basedir restrictions 370 if (!@move_uploaded_file($uploaded_file['tmp_name'], PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp')) 371 message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); 372 373 list($width, $height, $type,) = @getimagesize(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp'); 354 374 355 375 // Determine type 356 $extensions = null; 357 if ($uploaded_file['type'] == 'image/gif') 358 $extensions = array('.gif', '.jpg', '.png'); 359 else if ($uploaded_file['type'] == 'image/jpeg' || $uploaded_file['type'] == 'image/pjpeg') 360 $extensions = array('.jpg', '.gif', '.png'); 376 if ($type == IMAGETYPE_GIF) 377 $extension = '.gif'; 378 else if ($type == IMAGETYPE_JPEG) 379 $extension = '.jpg'; 380 else if ($type == IMAGETYPE_PNG) 381 $extension = '.png'; 361 382 else 362 $extensions = array('.png', '.gif', '.jpg');363 364 // Move the file to the avatar directory. We do this before checking the width/height to circumvent open_basedir restrictions.365 if (!@move_uploaded_file($uploaded_file['tmp_name'], $pun_config['o_avatars_dir'].'/'.$id.'.tmp'))366 message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');383 { 384 // Invalid type 385 @unlink(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp'); 386 message($lang_profile['Bad type']); 387 } 367 388 368 389 // Now check the width/height 369 list($width, $height, $type,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp');370 390 if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) 371 391 { 372 @unlink( $pun_config['o_avatars_dir'].'/'.$id.'.tmp');392 @unlink(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp'); 373 393 message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.'); 374 394 } 375 else if ($type == 1 && $uploaded_file['type'] != 'image/gif') // Prevent dodgy uploads376 {377 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');378 message($lang_profile['Bad type']);379 }380 395 381 396 // Delete any old avatars and put the new one in place 382 @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); 383 @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[1]); 384 @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[2]); 385 @rename($pun_config['o_avatars_dir'].'/'.$id.'.tmp', $pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); 386 @chmod($pun_config['o_avatars_dir'].'/'.$id.$extensions[0], 0644); 397 delete_avatar($id); 398 @rename(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp', PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.$extension); 399 @chmod(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.$extension, 0644); 387 400 } 388 401 else 389 402 message($lang_profile['Unknown failure']); 390 403 391 // Enable use_avatar (seems sane since the user just uploaded an avatar)392 $db->query('UPDATE '.$db->prefix.'users SET use_avatar=1 WHERE id='.$id) or error('Impossible de modifier l\'état de l\'avatar', __FILE__, __LINE__, $db->error());393 394 404 redirect('profile.php?section=personality&id='.$id, $lang_profile['Avatar upload redirect']); 395 405 } 396 406 397 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];407 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Upload avatar']); 398 408 $required_fields = array('req_file' => $lang_profile['File']); 399 409 $focus_element = array('upload_avatar', 'req_file'); 410 define('PUN_ACTIVE_PAGE', 'profile'); 400 411 require PUN_ROOT.'header.php'; 401 412 … … 411 422 <input type="hidden" name="form_sent" value="1" /> 412 423 <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $pun_config['o_avatars_size'] ?>" /> 413 <label ><strong><?php echo $lang_profile['File'] ?></strong><br /><input name="req_file" type="file" size="40" /><br /></label>414 <p><?php echo $lang_profile['Avatar desc'].' '.$pun_config['o_avatars_width'].' x '.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].' '.$lang_common['and'].' '. $pun_config['o_avatars_size'].' '.$lang_profile['bytes'].' ('.ceil($pun_config['o_avatars_size'] / 1024) ?> KB).</p>424 <label class="required"><strong><?php echo $lang_profile['File'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input name="req_file" type="file" size="40" /><br /></label> 425 <p><?php echo $lang_profile['Avatar desc'].' '.$pun_config['o_avatars_width'].' x '.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].' '.$lang_common['and'].' '.forum_number_format($pun_config['o_avatars_size']).' '.$lang_profile['bytes'].' ('.file_size($pun_config['o_avatars_size']).').' ?></p> 415 426 </div> 416 427 </fieldset> 417 428 </div> 418 <p ><input type="submit" name="upload" value="<?php echo $lang_profile['Upload'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>429 <p class="buttons"><input type="submit" name="upload" value="<?php echo $lang_profile['Upload'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> 419 430 </form> 420 431 </div> … … 428 439 else if ($action == 'delete_avatar') 429 440 { 430 if ($pun_user['id'] != $id && $pun_user['g_id'] > PUN_MOD)441 if ($pun_user['id'] != $id && !$pun_user['is_admmod']) 431 442 message($lang_common['No permission']); 432 443 433 444 confirm_referrer('profile.php'); 434 445 435 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.jpg'); 436 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.png'); 437 @unlink($pun_config['o_avatars_dir'].'/'.$id.'.gif'); 438 439 // Disable use_avatar 440 $db->query('UPDATE '.$db->prefix.'users SET use_avatar=0 WHERE id='.$id) or error('Impossible de modifier l\'état de l\'avatar', __FILE__, __LINE__, $db->error()); 446 delete_avatar($id); 441 447 442 448 redirect('profile.php?section=personality&id='.$id, $lang_profile['Avatar deleted redirect']); … … 453 459 $new_group_id = intval($_POST['group_id']); 454 460 455 $db->query('UPDATE '.$db->prefix.'users SET group_id='.$new_group_id.' WHERE id='.$id) or error('Impossible de change de groupe', __FILE__, __LINE__, $db->error()); 461 $db->query('UPDATE '.$db->prefix.'users SET group_id='.$new_group_id.' WHERE id='.$id) or error('Unable to change user group', __FILE__, __LINE__, $db->error()); 462 463 // Regenerate the users info cache 464 if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) 465 require PUN_ROOT.'include/cache.php'; 466 467 generate_users_info_cache(); 468 469 $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$new_group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error()); 470 $new_group_mod = $db->result($result); 456 471 457 472 // If the user was a moderator or an administrator, we remove him/her from the moderator list in all forums as well 458 if ($new_group_id > PUN_MOD)459 { 460 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error(' Impossible de retrouver la liste des forums', __FILE__, __LINE__, $db->error());473 if ($new_group_id != PUN_ADMIN && $new_group_mod != '1') 474 { 475 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); 461 476 462 477 while ($cur_forum = $db->fetch_assoc($result)) … … 470 485 $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL'; 471 486 472 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error(' Impossible de modifier le forum', __FILE__, __LINE__, $db->error());487 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); 473 488 } 474 489 } … … 487 502 488 503 // Get the username of the user we are processing 489 $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error(' Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());504 $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); 490 505 $username = $db->result($result); 491 506 … … 493 508 494 509 // Loop through all forums 495 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error(' Impossible de retrouver la liste des forums', __FILE__, __LINE__, $db->error());510 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); 496 511 497 512 while ($cur_forum = $db->fetch_assoc($result)) … … 502 517 { 503 518 $cur_moderators[$username] = $id; 504 ksort($cur_moderators);505 506 $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error(' Impossible de modifier les forums', __FILE__, __LINE__, $db->error());519 uksort($cur_moderators, 'utf8_strcasecmp'); 520 521 $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); 507 522 } 508 523 // If the user shouldn't have moderator access (and he/she already has it) … … 512 527 $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL'; 513 528 514 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error(' Impossible de modifier les forums', __FILE__, __LINE__, $db->error());529 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); 515 530 } 516 531 } … … 522 537 else if (isset($_POST['ban'])) 523 538 { 524 if ($pun_user['g_id'] > PUN_MOD || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '0'))539 if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0')) 525 540 message($lang_common['No permission']); 526 541 527 redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']); 542 // Get the username of the user we are banning 543 $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch username', __FILE__, __LINE__, $db->error()); 544 $username = $db->result($result); 545 546 // Check whether user is already banned 547 $result = $db->query('SELECT id FROM '.$db->prefix.'bans WHERE username = \''.$db->escape($username).'\' ORDER BY expire IS NULL DESC, expire DESC LIMIT 1') or error('Unable to fetch ban ID', __FILE__, __LINE__, $db->error()); 548 if ($db->num_rows($result)) 549 { 550 $ban_id = $db->result($result); 551 redirect('admin_bans.php?edit_ban='.$ban_id.'&exists', $lang_profile['Ban redirect']); 552 } 553 else 554 redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']); 528 555 } 529 556 … … 537 564 538 565 // Get the username and group of the user we are deleting 539 $result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error(' Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());566 $result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); 540 567 list($group_id, $username) = $db->fetch_row($result); 541 542 if ($group_id == PUN_ADMIN) 543 message( 'Les administrateurs ne peuvent êtres supprimés. Afin de supprimer cet utilisateur vous devez d\'abord le déplacer dans un autre groupe.');568 569 if ($group_id == PUN_ADMIN) 570 message($lang_profile['No delete admin message']); 544 571 545 572 if (isset($_POST['delete_user_comply'])) 546 573 { 547 574 // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well 548 if ($group_id < PUN_GUEST) 549 { 550 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Impossible de retrouver la liste des forums', __FILE__, __LINE__, $db->error()); 575 $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error()); 576 $group_mod = $db->result($result); 577 578 if ($group_id == PUN_ADMIN || $group_mod == '1') 579 { 580 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); 551 581 552 582 while ($cur_forum = $db->fetch_assoc($result)) … … 559 589 $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL'; 560 590 561 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error(' Impossible de modifier les forums', __FILE__, __LINE__, $db->error());591 $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); 562 592 } 563 593 } … … 565 595 566 596 // Delete any subscriptions 567 $db->query('DELETE FROM '.$db->prefix.'subscriptions WHERE user_id='.$id) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error()); 597 $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$id) or error('Unable to delete topic subscriptions', __FILE__, __LINE__, $db->error()); 598 $db->query('DELETE FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$id) or error('Unable to delete forum subscriptions', __FILE__, __LINE__, $db->error()); 568 599 569 600 // Remove him/her from the online list (if they happen to be logged in) 570 $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$id) or error(' Impossible de retirer l\'utilisateur de la liste des utilisateurs en ligne', __FILE__, __LINE__, $db->error());601 $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$id) or error('Unable to remove user from online list', __FILE__, __LINE__, $db->error()); 571 602 572 603 // Should we delete all posts made by this user? … … 577 608 578 609 // Find all posts made by this user 579 $result = $db->query('SELECT p.id, p.topic_id, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id='.$id) or error(' Impossible de retrouver les messages', __FILE__, __LINE__, $db->error());610 $result = $db->query('SELECT p.id, p.topic_id, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id='.$id) or error('Unable to fetch posts', __FILE__, __LINE__, $db->error()); 580 611 if ($db->num_rows($result)) 581 612 { … … 583 614 { 584 615 // Determine whether this post is the "topic post" or not 585 $result2 = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error(' Impossible de retrouver les informations des messages', __FILE__, __LINE__, $db->error());616 $result2 = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); 586 617 587 618 if ($db->result($result2) == $cur_post['id']) … … 596 627 else 597 628 // Set all his/her posts to guest 598 $db->query('UPDATE '.$db->prefix.'posts SET poster_id=1 WHERE poster_id='.$id) or error(' Impossible de modifier les messages', __FILE__, __LINE__, $db->error());629 $db->query('UPDATE '.$db->prefix.'posts SET poster_id=1 WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error()); 599 630 600 631 // Delete the user 601 $db->query('DELETE FROM '.$db->prefix.'users WHERE id='.$id) or error('Impossible de supprimer l\'utilisateur', __FILE__, __LINE__, $db->error()); 632 $db->query('DELETE FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to delete user', __FILE__, __LINE__, $db->error()); 633 634 // Delete user avatar 635 delete_avatar($id); 636 637 // Regenerate the users info cache 638 if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) 639 require PUN_ROOT.'include/cache.php'; 640 641 generate_users_info_cache(); 602 642 603 643 redirect('index.php', $lang_profile['User delete redirect']); 604 644 } 605 645 606 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 646 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Confirm delete user']); 647 define('PUN_ACTIVE_PAGE', 'profile'); 607 648 require PUN_ROOT.'header.php'; 608 649 … … 616 657 <legend><?php echo $lang_profile['Confirm delete legend'] ?></legend> 617 658 <div class="infldset"> 618 <p><?php echo $lang_profile['Confirmation info'].' '.pun_htmlspecialchars($username).'.' ?></p>659 <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($username).'</strong>.' ?></p> 619 660 <div class="rbox"> 620 661 <label><input type="checkbox" name="delete_posts" value="1" checked="checked" /><?php echo $lang_profile['Delete posts'] ?><br /></label> … … 624 665 </fieldset> 625 666 </div> 626 <p ><input type="submit" name="delete_user_comply" value="<?php echo $lang_profile['Delete'] ?>" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>667 <p class="buttons"><input type="submit" name="delete_user_comply" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p> 627 668 </form> 628 669 </div> … … 637 678 { 638 679 // Fetch the user group of the user we are editing 639 $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());680 $result = $db->query('SELECT u.username, u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); 640 681 if (!$db->num_rows($result)) 641 682 message($lang_common['Bad request']); 642 683 643 $group_id = $db->result($result); 644 645 if ($pun_user['id'] != $id && 646 ($pun_user['g_id'] > PUN_MOD || 647 ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_edit_users'] == '0') || 648 ($pun_user['g_id'] == PUN_MOD && $group_id < PUN_GUEST))) 684 list($old_username, $group_id, $is_moderator) = $db->fetch_row($result); 685 686 if ($pun_user['id'] != $id && // If we arent the user (i.e. editing your own profile) 687 (!$pun_user['is_admmod'] || // and we are not an admin or mod 688 ($pun_user['g_id'] != PUN_ADMIN && // or we aren't an admin and ... 689 ($pun_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users 690 $group_id == PUN_ADMIN || // or the user is an admin 691 $is_moderator)))) // or the user is another mod 649 692 message($lang_common['No permission']); 650 693 651 if ($pun_user[' g_id'] < PUN_GUEST)694 if ($pun_user['is_admmod']) 652 695 confirm_referrer('profile.php'); 653 654 // Extract allowed elements from $_POST['form']655 function extract_elements($allowed_elements)656 {657 $form = array();658 659 while (list($key, $value) = @each($_POST['form']))660 {661 if (in_array($key, $allowed_elements))662 $form[$key] = $value;663 }664 665 return $form;666 }667 696 668 697 $username_updated = false; … … 673 702 case 'essentials': 674 703 { 675 $form = extract_elements(array('timezone', 'language')); 676 677 if ($pun_user['g_id'] < PUN_GUEST) 678 { 679 $form['admin_note'] = trim($_POST['admin_note']); 704 $form = array( 705 'timezone' => floatval($_POST['form']['timezone']), 706 'dst' => isset($_POST['form']['dst']) ? '1' : '0', 707 'time_format' => intval($_POST['form']['time_format']), 708 'date_format' => intval($_POST['form']['date_format']), 709 ); 710 711 // Make sure we got a valid language string 712 if (isset($_POST['form']['language'])) 713 { 714 $languages = forum_list_langs(); 715 $form['language'] = pun_trim($_POST['form']['language']); 716 if (!in_array($form['language'], $languages)) 717 message($lang_common['Bad request']); 718 } 719 720 if ($pun_user['is_admmod']) 721 { 722 $form['admin_note'] = pun_trim($_POST['admin_note']); 680 723 681 724 // Are we allowed to change usernames? 682 if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_ id'] == PUN_MOD && $pun_config['p_mod_rename_users'] == '1'))725 if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_rename_users'] == '1')) 683 726 { 684 $form['username'] = trim($_POST['req_username']); 685 $old_username = trim($_POST['old_username']); 686 687 if (strlen($form['username']) < 2) 688 message($lang_prof_reg['Username too short']); 689 else if (pun_strlen($form['username']) > 25) // This usually doesn't happen since the form element only accepts 25 characters 690 message($lang_common['Bad request']); 691 else if (!strcasecmp($form['username'], 'invité') || !strcasecmp($form['username'], $lang_common['Guest'])) 692 message($lang_prof_reg['Username guest']); 693 else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $form['username'])) 694 message($lang_prof_reg['Username IP']); 695 else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $form['username'])) 696 message($lang_prof_reg['Username BBCode']); 697 698 // Check that the username is not already registered 699 $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE username=\''.$db->escape($form['username']).'\' AND id!='.$id) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error()); 700 if ($db->num_rows($result)) 701 message($lang_profile['Dupe username']); 727 $form['username'] = pun_trim($_POST['req_username']); 702 728 703 729 if ($form['username'] != $old_username) 730 { 731 // Check username 732 require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php'; 733 734 $errors = array(); 735 check_username($form['username'], $id); 736 if (!empty($errors)) 737 message($errors[0]); 738 704 739 $username_updated = true; 740 } 705 741 } 706 742 … … 710 746 } 711 747 712 if ($pun_config['o_regs_verify'] == '0' || $pun_user[' g_id'] < PUN_GUEST)748 if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod']) 713 749 { 714 750 require PUN_ROOT.'include/email.php'; 715 751 716 // Validate the email -address752 // Validate the email address 717 753 $form['email'] = strtolower(trim($_POST['req_email'])); 718 754 if (!is_valid_email($form['email'])) 719 message($lang_common['Invalid e-mail']); 720 } 721 722 // Make sure we got a valid language string 723 $form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']); 724 if (!file_exists(PUN_ROOT.'lang/'.$form['language'].'/common.php')) 725 message($lang_common['Bad request']); 726 755 message($lang_common['Invalid email']); 756 } 757 727 758 break; 728 759 } … … 730 761 case 'personal': 731 762 { 732 $form = extract_elements(array('realname', 'url', 'location')); 763 $form = array( 764 'realname' => pun_trim($_POST['form']['realname']), 765 'url' => pun_trim($_POST['form']['url']), 766 'location' => pun_trim($_POST['form']['location']), 767 ); 768 769 // Add http:// if the URL doesn't contain it already (while allowing https://, too) 770 if ($form['url'] != '') 771 { 772 $url = url_valid($form['url']); 773 774 if ($url === false) 775 message($lang_profile['Invalid website URL']); 776 777 $form['url'] = $url['url']; 778 } 733 779 734 780 if ($pun_user['g_id'] == PUN_ADMIN) 735 $form['title'] = trim($_POST['title']);781 $form['title'] = pun_trim($_POST['title']); 736 782 else if ($pun_user['g_set_title'] == '1') 737 783 { 738 $form['title'] = trim($_POST['title']);784 $form['title'] = pun_trim($_POST['title']); 739 785 740 786 if ($form['title'] != '') … … 742 788 // A list of words that the title may not contain 743 789 // If the language is English, there will be some duplicates, but it's not the end of the world 744 $forbidden = array(' Member', 'Moderator', 'Administrator', 'Banned', 'Guest', $lang_common['Member'], $lang_common['Moderator'], $lang_common['Administrator'], $lang_common['Banned'], $lang_common['Guest']);745 746 if (in_array( $form['title'], $forbidden))790 $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower($lang_common['Member']), utf8_strtolower($lang_common['Moderator']), utf8_strtolower($lang_common['Administrator']), utf8_strtolower($lang_common['Banned']), utf8_strtolower($lang_common['Guest'])); 791 792 if (in_array(utf8_strtolower($form['title']), $forbidden)) 747 793 message($lang_profile['Forbidden title']); 748 794 } 749 795 } 750 796 751 // Add http:// if the URL doesn't contain it already752 if ($form['url'] != '' && !stristr($form['url'], 'http://'))753 $form['url'] = 'http://'.$form['url'];754 755 797 break; 756 798 } … … 758 800 case 'messaging': 759 801 { 760 $form = extract_elements(array('jabber', 'icq', 'msn', 'aim', 'yahoo')); 802 $form = array( 803 'jabber' => pun_trim($_POST['form']['jabber']), 804 'icq' => pun_trim($_POST['form']['icq']), 805 'msn' => pun_trim($_POST['form']['msn']), 806 'aim' => pun_trim($_POST['form']['aim']), 807 'yahoo' => pun_trim($_POST['form']['yahoo']), 808 ); 761 809 762 810 // If the ICQ UIN contains anything other than digits it's invalid 763 if ( $form['icq'] != '' && preg_match('/[^0-9]/', $form['icq']))811 if (preg_match('%[^0-9]%', $form['icq'])) 764 812 message($lang_prof_reg['Bad ICQ']); 765 813 … … 769 817 case 'personality': 770 818 { 771 $form = extract_elements(array('use_avatar'));819 $form = array(); 772 820 773 821 // Clean up signature from POST 774 $form['signature'] = pun_linebreaks(trim($_POST['signature'])); 775 776 // Validate signature 777 if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) 778 message($lang_prof_reg['Sig too long'].' '.$pun_config['p_sig_length'].' '.$lang_prof_reg['characters'].'.'); 779 else if (substr_count($form['signature'], "\n") > ($pun_config['p_sig_lines']-1)) 780 message($lang_prof_reg['Sig too many lines'].' '.$pun_config['p_sig_lines'].' '.$lang_prof_reg['lines'].'.'); 781 else if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && strtoupper($form['signature']) == $form['signature'] && $pun_user['g_id'] > PUN_MOD) 782 $form['signature'] = ucwords(strtolower($form['signature'])); 783 784 // Validate BBCode syntax 785 if ($pun_config['p_sig_bbcode'] == '1' && strpos($form['signature'], '[') !== false && strpos($form['signature'], ']') !== false) 786 { 787 require PUN_ROOT.'include/parser.php'; 788 $form['signature'] = preparse_bbcode($form['signature'], $foo, true); 789 } 790 791 if (!isset($form['use_avatar']) || $form['use_avatar'] != '1') $form['use_avatar'] = '0'; 822 if ($pun_config['o_signatures'] == '1') 823 { 824 $form['signature'] = pun_linebreaks(pun_trim($_POST['signature'])); 825 826 // Validate signature 827 if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) 828 message(sprintf($lang_prof_reg['Sig too long'], $pun_config['p_sig_length'], pun_strlen($form['signature']) - $pun_config['p_sig_length'])); 829 else if (substr_count($form['signature'], "\n") > ($pun_config['p_sig_lines']-1)) 830 message(sprintf($lang_prof_reg['Sig too many lines'], $pun_config['p_sig_lines'])); 831 else if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$pun_user['is_admmod']) 832 $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); 833 834 // Validate BBCode syntax 835 if ($pun_config['p_sig_bbcode'] == '1') 836 { 837 require PUN_ROOT.'include/parser.php'; 838 839 $errors = array(); 840 841 $form['signature'] = preparse_bbcode($form['signature'], $errors, true); 842 843 if(count($errors) > 0) 844 message('<ul><li>'.implode('</li><li>', $errors).'</li></ul>'); 845 } 846 } 792 847 793 848 break; … … 796 851 case 'display': 797 852 { 798 $form = extract_elements(array('disp_topics', 'disp_posts', 'show_smilies', 'show_img', 'show_img_sig', 'show_avatars', 'show_sig', 'style')); 799 800 if ($form['disp_topics'] != '' && intval($form['disp_topics']) < 3) $form['disp_topics'] = 3; 801 if ($form['disp_topics'] != '' && intval($form['disp_topics']) > 75) $form['disp_topics'] = 75; 802 if ($form['disp_posts'] != '' && intval($form['disp_posts']) < 3) $form['disp_posts'] = 3; 803 if ($form['disp_posts'] != '' && intval($form['disp_posts']) > 75) $form['disp_posts'] = 75; 804 805 if (!isset($form['show_smilies']) || $form['show_smilies'] != '1') $form['show_smilies'] = '0'; 806 if (!isset($form['show_img']) || $form['show_img'] != '1') $form['show_img'] = '0'; 807 if (!isset($form['show_img_sig']) || $form['show_img_sig'] != '1') $form['show_img_sig'] = '0'; 808 if (!isset($form['show_avatars']) || $form['show_avatars'] != '1') $form['show_avatars'] = '0'; 809 if (!isset($form['show_sig']) || $form['show_sig'] != '1') $form['show_sig'] = '0'; 853 $form = array( 854 'disp_topics' => pun_trim($_POST['form']['disp_topics']), 855 'disp_posts' => pun_trim($_POST['form']['disp_posts']), 856 'show_smilies' => isset($_POST['form']['show_smilies']) ? '1' : '0', 857 'show_img' => isset($_POST['form']['show_img']) ? '1' : '0', 858 'show_img_sig' => isset($_POST['form']['show_img_sig']) ? '1' : '0', 859 'show_avatars' => isset($_POST['form']['show_avatars']) ? '1' : '0', 860 'show_sig' => isset($_POST['form']['show_sig']) ? '1' : '0', 861 ); 862 863 if ($form['disp_topics'] != '') 864 { 865 $form['disp_topics'] = intval($form['disp_topics']); 866 if ($form['disp_topics'] < 3) 867 $form['disp_topics'] = 3; 868 else if ($form['disp_topics'] > 75) 869 $form['disp_topics'] = 75; 870 } 871 872 if ($form['disp_posts'] != '') 873 { 874 $form['disp_posts'] = intval($form['disp_posts']); 875 if ($form['disp_posts'] < 3) 876 $form['disp_posts'] = 3; 877 else if ($form['disp_posts'] > 75) 878 $form['disp_posts'] = 75; 879 } 880 881 // Make sure we got a valid style string 882 if (isset($_POST['form']['style'])) 883 { 884 $styles = forum_list_styles(); 885 $form['style'] = pun_trim($_POST['form']['style']); 886 if (!in_array($form['style'], $styles)) 887 message($lang_common['Bad request']); 888 } 810 889 811 890 break; … … 814 893 case 'privacy': 815 894 { 816 $form = extract_elements(array('email_setting', 'save_pass', 'notify_with_post')); 817 818 $form['email_setting'] = intval($form['email_setting']); 819 if ($form['email_setting'] < 0 && $form['email_setting'] > 2) $form['email_setting'] = 1; 820 821 if (!isset($form['save_pass']) || $form['save_pass'] != '1') $form['save_pass'] = '0'; 822 if (!isset($form['notify_with_post']) || $form['notify_with_post'] != '1') $form['notify_with_post'] = '0'; 823 824 // If the save_pass setting has changed, we need to set a new cookie with the appropriate expire date 825 if ($pun_user['id'] == $id && $form['save_pass'] != $pun_user['save_pass']) 826 { 827 $result = $db->query('SELECT password FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user password hash', __FILE__, __LINE__, $db->error()); 828 pun_setcookie($id, $db->result($result), ($form['save_pass'] == '1') ? time() + 31536000 : 0); 829 } 895 $form = array( 896 'email_setting' => intval($_POST['form']['email_setting']), 897 'notify_with_post' => isset($_POST['form']['notify_with_post']) ? '1' : '0', 898 'auto_notify' => isset($_POST['form']['auto_notify']) ? '1' : '0', 899 ); 900 901 if ($form['email_setting'] < 0 || $form['email_setting'] > 2) 902 $form['email_setting'] = $pun_config['o_default_email_setting']; 830 903 831 904 break; … … 837 910 838 911 839 // Single quotes around non-empty values and NULL for empty values912 // Single quotes around non-empty values and NULL for empty values 840 913 $temp = array(); 841 while (list($key, $input) = @each($form))914 foreach ($form as $key => $input) 842 915 { 843 916 $value = ($input !== '') ? '\''.$db->escape($input).'\'' : 'NULL'; … … 848 921 if (empty($temp)) 849 922 message($lang_common['Bad request']); 850 851 $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Impossible de modifier le profil utilisateur', __FILE__, __LINE__, $db->error()); 923 924 925 $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error()); 852 926 853 927 // If we changed the username we have to update some stuff … … 855 929 { 856 930 $db->query('UPDATE '.$db->prefix.'posts SET poster=\''.$db->escape($form['username']).'\' WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error()); 857 $db->query('UPDATE '.$db->prefix.'topics SET poster=\''.$db->escape($form['username']).'\' WHERE poster=\''.$db->escape($old_username).'\'') or error('Impossible de modifier les discussions', __FILE__, __LINE__, $db->error()); 858 $db->query('UPDATE '.$db->prefix.'topics SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Impossible de modifier les discussions', __FILE__, __LINE__, $db->error()); 859 $db->query('UPDATE '.$db->prefix.'forums SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Impossible de modifier les forums', __FILE__, __LINE__, $db->error()); 860 $db->query('UPDATE '.$db->prefix.'online SET ident=\''.$db->escape($form['username']).'\' WHERE ident=\''.$db->escape($old_username).'\'') or error('Impossible de modifier la liste des utilisateurs en ligne', __FILE__, __LINE__, $db->error()); 931 $db->query('UPDATE '.$db->prefix.'posts SET edited_by=\''.$db->escape($form['username']).'\' WHERE edited_by=\''.$db->escape($old_username).'\'') or error('Unable to update posts', __FILE__, __LINE__, $db->error()); 932 $db->query('UPDATE '.$db->prefix.'topics SET poster=\''.$db->escape($form['username']).'\' WHERE poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error()); 933 $db->query('UPDATE '.$db->prefix.'topics SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error()); 934 $db->query('UPDATE '.$db->prefix.'forums SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Unable to update forums', __FILE__, __LINE__, $db->error()); 935 $db->query('UPDATE '.$db->prefix.'online SET ident=\''.$db->escape($form['username']).'\' WHERE ident=\''.$db->escape($old_username).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error()); 861 936 862 937 // If the user is a moderator or an administrator we have to update the moderator lists … … 864 939 $group_id = $db->result($result); 865 940 866 if ($group_id < PUN_GUEST) 867 { 868 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Impossible de retrouver la liste des forums', __FILE__, __LINE__, $db->error()); 941 $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error()); 942 $group_mod = $db->result($result); 943 944 if ($group_id == PUN_ADMIN || $group_mod == '1') 945 { 946 $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error()); 869 947 870 948 while ($cur_forum = $db->fetch_assoc($result)) … … 876 954 unset($cur_moderators[$old_username]); 877 955 $cur_moderators[$form['username']] = $id; 878 ksort($cur_moderators);879 880 $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error(' Impossible de modifier les forums', __FILE__, __LINE__, $db->error());956 uksort($cur_moderators, 'utf8_strcasecmp'); 957 958 $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); 881 959 } 882 960 } 883 961 } 962 963 // Regenerate the users info cache 964 if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) 965 require PUN_ROOT.'include/cache.php'; 966 967 generate_users_info_cache(); 884 968 } 885 969 … … 888 972 889 973 890 891 $result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.use_avatar, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.save_pass, u.notify_with_post, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error()); 974 $result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.notify_with_post, u.auto_notify, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.dst, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, u.date_format, u.time_format, u.last_visit, g.g_id, g.g_user_title, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); 892 975 if (!$db->num_rows($result)) 893 976 message($lang_common['Bad request']); … … 905 988 906 989 // View or edit? 907 if ($pun_user['id'] != $id && 908 ($pun_user['g_id'] > PUN_MOD || 909 ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_edit_users'] == '0') || 910 ($pun_user['g_id'] == PUN_MOD && $user['g_id'] < PUN_GUEST))) 990 if ($pun_user['id'] != $id && // If we arent the user (i.e. editing your own profile) 991 (!$pun_user['is_admmod'] || // and we are not an admin or mod 992 ($pun_user['g_id'] != PUN_ADMIN && // or we aren't an admin and ... 993 ($pun_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users 994 $user['g_id'] == PUN_ADMIN || // or the user is an admin 995 $user['g_moderator'] == '1')))) // or the user is another mod 911 996 { 912 if ($user['email_setting'] == '0' && !$pun_user['is_guest']) 997 $user_personal = array(); 998 999 $user_personal[] = '<dt>'.$lang_common['Username'].'</dt>'; 1000 $user_personal[] = '<dd>'.pun_htmlspecialchars($user['username']).'</dd>'; 1001 1002 $user_title_field = get_title($user); 1003 $user_personal[] = '<dt>'.$lang_common['Title'].'</dt>'; 1004 $user_personal[] = '<dd>'.(($pun_config['o_censoring'] == '1') ? censor_words($user_title_field) : $user_title_field).'</dd>'; 1005 1006 if ($user['realname'] != '') 1007 { 1008 $user_personal[] = '<dt>'.$lang_profile['Realname'].'</dt>'; 1009 $user_personal[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['realname']) : $user['realname']).'</dd>'; 1010 } 1011 1012 if ($user['location'] != '') 1013 { 1014 $user_personal[] = '<dt>'.$lang_profile['Location'].'</dt>'; 1015 $user_personal[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['location']) : $user['location']).'</dd>'; 1016 } 1017 1018 if ($user['url'] != '') 1019 { 1020 $user['url'] = pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['url']) : $user['url']); 1021 $user_personal[] = '<dt>'.$lang_profile['Website'].'</dt>'; 1022 $user_personal[] = '<dd><span class="website"><a href="'.$user['url'].'">'.$user['url'].'</a></span></dd>'; 1023 } 1024 1025 if ($user['email_setting'] == '0' && !$pun_user['is_guest'] && $pun_user['g_send_email'] == '1') 913 1026 $email_field = '<a href="mailto:'.$user['email'].'">'.$user['email'].'</a>'; 914 else if ($user['email_setting'] == '1' && !$pun_user['is_guest'] )915 $email_field = '<a href="misc.php?email='.$id.'">'.$lang_common['Send e -mail'].'</a>';1027 else if ($user['email_setting'] == '1' && !$pun_user['is_guest'] && $pun_user['g_send_email'] == '1') 1028 $email_field = '<a href="misc.php?email='.$id.'">'.$lang_common['Send email'].'</a>'; 916 1029 else 917 $email_field = $lang_profile['Private']; 918 919 $user_title_field = get_title($user); 920 921 if ($user['url'] != '') 922 { 923 $user['url'] = pun_htmlspecialchars($user['url']); 924 925 if ($pun_config['o_censoring'] == '1') 926 $user['url'] = censor_words($user['url']); 927 928 $url = '<a href="'.$user['url'].'">'.$user['url'].'</a>'; 929 } 930 else 931 $url = $lang_profile['Unknown']; 1030 $email_field = ''; 1031 if ($email_field != '') 1032 { 1033 $user_personal[] = '<dt>'.$lang_common['Email'].'</dt>'; 1034 $user_personal[] = '<dd><span class="email">'.$email_field.'</span></dd>'; 1035 } 1036 1037 $user_messaging = array(); 1038 1039 if ($user['jabber'] != '') 1040 { 1041 $user_messaging[] = '<dt>'.$lang_profile['Jabber'].'</dt>'; 1042 $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['jabber']) : $user['jabber']).'</dd>'; 1043 } 1044 1045 if ($user['icq'] != '') 1046 { 1047 $user_messaging[] = '<dt>'.$lang_profile['ICQ'].'</dt>'; 1048 $user_messaging[] = '<dd>'.$user['icq'].'</dd>'; 1049 } 1050 1051 if ($user['msn'] != '') 1052 { 1053 $user_messaging[] = '<dt>'.$lang_profile['MSN'].'</dt>'; 1054 $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['msn']) : $user['msn']).'</dd>'; 1055 } 1056 1057 if ($user['aim'] != '') 1058 { 1059 $user_messaging[] = '<dt>'.$lang_profile['AOL IM'].'</dt>'; 1060 $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['aim']) : $user['aim']).'</dd>'; 1061 } 1062 1063 if ($user['yahoo'] != '') 1064 { 1065 $user_messaging[] = '<dt>'.$lang_profile['Yahoo'].'</dt>'; 1066 $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['yahoo']) : $user['yahoo']).'</dd>'; 1067 } 1068 1069 $user_personality = array(); 932 1070 933 1071 if ($pun_config['o_avatars'] == '1') 934 1072 { 935 if ($user['use_avatar'] == '1') 936 { 937 if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.gif')) 938 $avatar_field = '<img src="'.$pun_config['o_avatars_dir'].'/'.$id.'.gif" '.$img_size[3].' alt="" />'; 939 else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.jpg')) 940 $avatar_field = '<img src="'.$pun_config['o_avatars_dir'].'/'.$id.'.jpg" '.$img_size[3].' alt="" />'; 941 else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.png')) 942 $avatar_field = '<img src="'.$pun_config['o_avatars_dir'].'/'.$id.'.png" '.$img_size[3].' alt="" />'; 943 else 944 $avatar_field = $lang_profile['No avatar']; 945 } 946 else 947 $avatar_field = $lang_profile['No avatar']; 948 } 1073 $avatar_field = generate_avatar_markup($id); 1074 if ($avatar_field != '') 1075 { 1076 $user_personality[] = '<dt>'.$lang_profile['Avatar'].'</dt>'; 1077 $user_personality[] = '<dd>'.$avatar_field.'</dd>'; 1078 } 1079 } 1080 1081 if ($pun_config['o_signatures'] == '1') 1082 { 1083 if (isset($parsed_signature)) 1084 { 1085 $user_personality[] = '<dt>'.$lang_profile['Signature'].'</dt>'; 1086 $user_personality[] = '<dd><div class="postsignature postmsg">'.$parsed_signature.'</div></dd>'; 1087 } 1088 } 1089 1090 $user_activity = array(); 949 1091 950 1092 $posts_field = ''; 951 if ($pun_config['o_show_post_count'] == '1' || $pun_user[' g_id'] < PUN_GUEST)952 $posts_field = $user['num_posts'];1093 if ($pun_config['o_show_post_count'] == '1' || $pun_user['is_admmod']) 1094 $posts_field = forum_number_format($user['num_posts']); 953 1095 if ($pun_user['g_search'] == '1') 954 $posts_field .= (($posts_field != '') ? ' - ' : '').'<a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a>'; 955 956 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1096 { 1097 $quick_searches = array(); 1098 if ($user['num_posts'] > 0) 1099 { 1100 $quick_searches[] = '<a href="search.php?action=show_user_topics&user_id='.$id.'">'.$lang_profile['Show topics'].'</a>'; 1101 $quick_searches[] = '<a href="search.php?action=show_user_posts&user_id='.$id.'">'.$lang_profile['Show posts'].'</a>'; 1102 } 1103 if ($pun_user['is_admmod'] && $pun_config['o_topic_subscriptions'] == '1') 1104 $quick_searches[] = '<a href="search.php?action=show_subscriptions&user_id='.$id.'">'.$lang_profile['Show subscriptions'].'</a>'; 1105 1106 if (!empty($quick_searches)) 1107 $posts_field .= (($posts_field != '') ? ' - ' : '').implode(' - ', $quick_searches); 1108 } 1109 if ($posts_field != '') 1110 { 1111 $user_activity[] = '<dt>'.$lang_common['Posts'].'</dt>'; 1112 $user_activity[] = '<dd>'.$posts_field.'</dd>'; 1113 } 1114 1115 if ($user['num_posts'] > 0) 1116 { 1117 $user_activity[] = '<dt>'.$lang_common['Last post'].'</dt>'; 1118 $user_activity[] = '<dd>'.$last_post.'</dd>'; 1119 } 1120 1121 $user_activity[] = '<dt>'.$lang_common['Registered'].'</dt>'; 1122 $user_activity[] = '<dd>'.format_time($user['registered'], true).'</dd>'; 1123 1124 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), sprintf($lang_profile['Users profile'], pun_htmlspecialchars($user['username']))); 957 1125 define('PUN_ALLOW_INDEX', 1); 1126 define('PUN_ACTIVE_PAGE', 'index'); 958 1127 require PUN_ROOT.'header.php'; 959 1128 … … 968 1137 <div class="infldset"> 969 1138 <dl> 970 <dt><?php echo $lang_common['Username'] ?>: </dt> 971 <dd><?php echo pun_htmlspecialchars($user['username']) ?></dd> 972 <dt><?php echo $lang_common['Title'] ?>: </dt> 973 <dd><?php echo ($pun_config['o_censoring'] == '1') ? censor_words($user_title_field) : $user_title_field; ?></dd> 974 <dt><?php echo $lang_profile['Realname'] ?>: </dt> 975 <dd><?php echo ($user['realname'] !='') ? pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['realname']) : $user['realname']) : $lang_profile['Unknown']; ?></dd> 976 <dt><?php echo $lang_profile['Location'] ?>: </dt> 977 <dd><?php echo ($user['location'] !='') ? pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['location']) : $user['location']) : $lang_profile['Unknown']; ?></dd> 978 <dt><?php echo $lang_profile['Website'] ?>: </dt> 979 <dd><?php echo $url ?> </dd> 980 <dt><?php echo $lang_common['E-mail'] ?>: </dt> 981 <dd><?php echo $email_field ?></dd> 1139 <?php echo implode("\n\t\t\t\t\t\t\t", $user_personal)."\n" ?> 982 1140 </dl> 983 1141 <div class="clearer"></div> … … 985 1143 </fieldset> 986 1144 </div> 987 <div class="inform">1145 <?php if (!empty($user_messaging)): ?> <div class="inform"> 988 1146 <fieldset> 989 1147 <legend><?php echo $lang_profile['Section messaging'] ?></legend> 990 1148 <div class="infldset"> 991 1149 <dl> 992 <dt><?php echo $lang_profile['Jabber'] ?>: </dt> 993 <dd><?php echo ($user['jabber'] !='') ? pun_htmlspecialchars($user['jabber']) : $lang_profile['Unknown']; ?></dd> 994 <dt><?php echo $lang_profile['ICQ'] ?>: </dt> 995 <dd><?php echo ($user['icq'] !='') ? $user['icq'] : $lang_profile['Unknown']; ?></dd> 996 <dt><?php echo $lang_profile['MSN'] ?>: </dt> 997 <dd><?php echo ($user['msn'] !='') ? pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['msn']) : $user['msn']) : $lang_profile['Unknown']; ?></dd> 998 <dt><?php echo $lang_profile['AOL IM'] ?>: </dt> 999 <dd><?php echo ($user['aim'] !='') ? pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['aim']) : $user['aim']) : $lang_profile['Unknown']; ?></dd> 1000 <dt><?php echo $lang_profile['Yahoo'] ?>: </dt> 1001 <dd><?php echo ($user['yahoo'] !='') ? pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['yahoo']) : $user['yahoo']) : $lang_profile['Unknown']; ?></dd> 1150 <?php echo implode("\n\t\t\t\t\t\t\t", $user_messaging)."\n" ?> 1002 1151 </dl> 1003 1152 <div class="clearer"></div> … … 1005 1154 </fieldset> 1006 1155 </div> 1007 <div class="inform">1156 <?php endif; if (!empty($user_personality)): ?> <div class="inform"> 1008 1157 <fieldset> 1009 1158 <legend><?php echo $lang_profile['Section personality'] ?></legend> 1010 1159 <div class="infldset"> 1011 1160 <dl> 1012 <?php if ($pun_config['o_avatars'] == '1'): ?> <dt><?php echo $lang_profile['Avatar'] ?>: </dt> 1013 <dd><?php echo $avatar_field ?></dd> 1014 <?php endif; ?> <dt><?php echo $lang_profile['Signature'] ?>: </dt> 1015 <dd><div><?php echo isset($parsed_signature) ? $parsed_signature : $lang_profile['No sig']; ?></div></dd> 1161 <?php echo implode("\n\t\t\t\t\t\t\t", $user_personality)."\n" ?> 1016 1162 </dl> 1017 1163 <div class="clearer"></div> … … 1019 1165 </fieldset> 1020 1166 </div> 1021 <div class="inform">1167 <?php endif; ?> <div class="inform"> 1022 1168 <fieldset> 1023 1169 <legend><?php echo $lang_profile['User activity'] ?></legend> 1024 1170 <div class="infldset"> 1025 1171 <dl> 1026 <?php if ($posts_field != ''): ?> <dt><?php echo $lang_common['Posts'] ?>: </dt> 1027 <dd><?php echo $posts_field ?></dd> 1028 <?php endif; ?> <dt><?php echo $lang_common['Last post'] ?>: </dt> 1029 <dd><?php echo $last_post ?></dd> 1030 <dt><?php echo $lang_common['Registered'] ?>: </dt> 1031 <dd><?php echo format_time($user['registered'], true) ?></dd> 1172 <?php echo implode("\n\t\t\t\t\t\t\t", $user_activity)."\n" ?> 1032 1173 </dl> 1033 1174 <div class="clearer"></div> … … 1047 1188 if (!$section || $section == 'essentials') 1048 1189 { 1049 if ($pun_user[' g_id'] < PUN_GUEST)1050 { 1051 if ($pun_user['g_id'] == PUN_ADMIN || $pun_ config['p_mod_rename_users'] == '1')1052 $username_field = '< input type="hidden" name="old_username" value="'.pun_htmlspecialchars($user['username']).'" /><label><strong>'.$lang_common['Username'].'</strong><br /><input type="text" name="req_username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25" /><br /></label>'."\n";1190 if ($pun_user['is_admmod']) 1191 { 1192 if ($pun_user['g_id'] == PUN_ADMIN || $pun_user['g_mod_rename_users'] == '1') 1193 $username_field = '<label class="required"><strong>'.$lang_common['Username'].' <span>'.$lang_common['Required'].'</span></strong><br /><input type="text" name="req_username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25" /><br /></label>'."\n"; 1053 1194 else 1054 $username_field = '<p>'. $lang_common['Username'].': '.pun_htmlspecialchars($user['username']).'</p>'."\n";1055 1056 $email_field = '<label ><strong>'.$lang_common['E-mail'].'</strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50" /><br /></label><p><a href="misc.php?email='.$id.'">'.$lang_common['Send e-mail'].'</a></p>'."\n";1195 $username_field = '<p>'.sprintf($lang_profile['Username info'], pun_htmlspecialchars($user['username'])).'</p>'."\n"; 1196 1197 $email_field = '<label class="required"><strong>'.$lang_common['Email'].' <span>'.$lang_common['Required'].'</span></strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="80" /><br /></label><p><span class="email"><a href="misc.php?email='.$id.'">'.$lang_common['Send email'].'</a></span></p>'."\n"; 1057 1198 } 1058 1199 else … … 1061 1202 1062 1203 if ($pun_config['o_regs_verify'] == '1') 1063 $email_field = '<p>'. $lang_common['E-mail'].': '.$user['email'].' - <a href="profile.php?action=change_email&id='.$id.'">'.$lang_profile['Change e-mail'].'</a></p>'."\n";1204 $email_field = '<p>'.sprintf($lang_profile['Email info'], $user['email'].' - <a href="profile.php?action=change_email&id='.$id.'">'.$lang_profile['Change email'].'</a>').'</p>'."\n"; 1064 1205 else 1065 $email_field = '<label><strong>'.$lang_common['E-mail'].'</strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="50" /><br /></label>'."\n"; 1066 } 1206 $email_field = '<label class="required"><strong>'.$lang_common['Email'].' <span>'.$lang_common['Required'].'</span></strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="80" /><br /></label>'."\n"; 1207 } 1208 1209 $posts_field = ''; 1210 $posts_actions = array(); 1067 1211 1068 1212 if ($pun_user['g_id'] == PUN_ADMIN) 1069 $posts_field = '<label>'.$lang_common['Posts'].'<br /><input type="text" name="num_posts" value="'.$user['num_posts'].'" size="8" maxlength="8" /><br /></label><p><a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; 1070 else if ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST) 1071 $posts_field = '<p>'.$lang_common['Posts'].': '.$user['num_posts'].' - <a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; 1072 else 1073 $posts_field = '<p><a href="search.php?action=show_user&user_id='.$id.'">'.$lang_profile['Show posts'].'</a></p>'."\n"; 1074 1075 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1076 $required_fields = array('req_username' => $lang_common['Username'], 'req_email' => $lang_common['E-mail']); 1213 $posts_field .= '<label>'.$lang_common['Posts'].'<br /><input type="text" name="num_posts" value="'.$user['num_posts'].'" size="8" maxlength="8" /><br /></label>'; 1214 else if ($pun_config['o_show_post_count'] == '1' || $pun_user['is_admmod']) 1215 $posts_actions[] = sprintf($lang_profile['Posts info'], forum_number_format($user['num_posts'])); 1216 1217 if ($pun_user['g_search'] == '1' || $pun_user['g_id'] == PUN_ADMIN) 1218 { 1219 $posts_actions[] = '<a href="search.php?action=show_user_topics&user_id='.$id.'">'.$lang_profile['Show topics'].'</a>'; 1220 $posts_actions[] = '<a href="search.php?action=show_user_posts&user_id='.$id.'">'.$lang_profile['Show posts'].'</a>'; 1221 1222 if ($pun_config['o_topic_subscriptions'] == '1') 1223 $posts_actions[] = '<a href="search.php?action=show_subscriptions&user_id='.$id.'">'.$lang_profile['Show subscriptions'].'</a>'; 1224 } 1225 1226 $posts_field .= (!empty($posts_actions) ? '<p class="actions">'.implode(' - ', $posts_actions).'</p>' : '')."\n"; 1227 1228 1229 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section essentials']); 1230 $required_fields = array('req_username' => $lang_common['Username'], 'req_email' => $lang_common['Email']); 1231 define('PUN_ACTIVE_PAGE', 'profile'); 1077 1232 require PUN_ROOT.'header.php'; 1078 1233 … … 1090 1245 <input type="hidden" name="form_sent" value="1" /> 1091 1246 <?php echo $username_field ?> 1092 <?php if ($pun_user['id'] == $id || $pun_user['g_id'] == PUN_ADMIN || ($user['g_ id'] > PUN_MOD && $pun_config['p_mod_change_passwords'] == '1')): ?><p><a href="profile.php?action=change_pass&id=<?php echo $id ?>"><?php echo $lang_profile['Change pass'] ?></a></p>1093 <?php endif; ?> </div>1247 <?php if ($pun_user['id'] == $id || $pun_user['g_id'] == PUN_ADMIN || ($user['g_moderator'] == '0' && $pun_user['g_mod_change_passwords'] == '1')): ?> <p class="actions"><span><a href="profile.php?action=change_pass&id=<?php echo $id ?>"><?php echo $lang_profile['Change pass'] ?></a></span></p> 1248 <?php endif; ?> </div> 1094 1249 </fieldset> 1095 1250 </div> 1096 1251 <div class="inform"> 1097 1252 <fieldset> 1098 <legend><?php echo $lang_prof_reg['E -mail legend'] ?></legend>1253 <legend><?php echo $lang_prof_reg['Email legend'] ?></legend> 1099 1254 <div class="infldset"> 1100 1255 <?php echo $email_field ?> … … 1106 1261 <legend><?php echo $lang_prof_reg['Localisation legend'] ?></legend> 1107 1262 <div class="infldset"> 1108 <label><?php echo $lang_prof_reg['Timezone'] ?>: <?php echo $lang_prof_reg['Timezone info'] ?> 1263 <p><?php echo $lang_prof_reg['Time zone info'] ?></p> 1264 <label><?php echo $lang_prof_reg['Time zone']."\n" ?> 1109 1265 <br /><select name="form[timezone]"> 1110 <option value="-12"<?php if ($user['timezone'] == -12) echo ' selected="selected"' ?>>-12</option> 1111 <option value="-11"<?php if ($user['timezone'] == -11) echo ' selected="selected"' ?>>-11</option> 1112 <option value="-10"<?php if ($user['timezone'] == -10) echo ' selected="selected"' ?>>-10</option> 1113 <option value="-9.5"<?php if ($user['timezone'] == -9.5) echo ' selected="selected"' ?>>-09.5</option> 1114 <option value="-9"<?php if ($user['timezone'] == -9) echo ' selected="selected"' ?>>-09</option> 1115 <option value="-8.5"<?php if ($user['timezone'] == -8.5) echo ' selected="selected"' ?>>-08.5</option> 1116 <option value="-8"<?php if ($user['timezone'] == -8) echo ' selected="selected"' ?>>-08 PST</option> 1117 <option value="-7"<?php if ($user['timezone'] == -7) echo ' selected="selected"' ?>>-07 MST</option> 1118 <option value="-6"<?php if ($user['timezone'] == -6) echo ' selected="selected"' ?>>-06 CST</option> 1119 <option value="-5"<?php if ($user['timezone'] == -5) echo ' selected="selected"' ?>>-05 EST</option> 1120 <option value="-4"<?php if ($user['timezone'] == -4) echo ' selected="selected"' ?>>-04 AST</option> 1121 <option value="-3.5"<?php if ($user['timezone'] == -3.5) echo ' selected="selected"' ?>>-03.5</option> 1122 <option value="-3"<?php if ($user['timezone'] == -3) echo ' selected="selected"' ?>>-03 ADT</option> 1123 <option value="-2"<?php if ($user['timezone'] == -2) echo ' selected="selected"' ?>>-02</option> 1124 <option value="-1"<?php if ($user['timezone'] == -1) echo ' selected="selected"' ?>>-01</option> 1125 <option value="0"<?php if ($user['timezone'] == 0) echo ' selected="selected"' ?>>00 GMT</option> 1126 <option value="1"<?php if ($user['timezone'] == 1) echo ' selected="selected"' ?>>+01 CET</option> 1127 <option value="2"<?php if ($user['timezone'] == 2) echo ' selected="selected"' ?>>+02</option> 1128 <option value="3"<?php if ($user['timezone'] == 3) echo ' selected="selected"' ?>>+03</option> 1129 <option value="3.5"<?php if ($user['timezone'] == 3.5) echo ' selected="selected"' ?>>+03.5</option> 1130 <option value="4"<?php if ($user['timezone'] == 4) echo ' selected="selected"' ?>>+04</option> 1131 <option value="4.5"<?php if ($user['timezone'] == 4.5) echo ' selected="selected"' ?>>+04.5</option> 1132 <option value="5"<?php if ($user['timezone'] == 5) echo ' selected="selected"' ?>>+05</option> 1133 <option value="5.5"<?php if ($user['timezone'] == 5.5) echo ' selected="selected"' ?>>+05.5</option> 1134 <option value="6"<?php if ($user['timezone'] == 6) echo ' selected="selected"' ?>>+06</option> 1135 <option value="6.5"<?php if ($user['timezone'] == 6.5) echo ' selected="selected"' ?>>+06.5</option> 1136 <option value="7"<?php if ($user['timezone'] == 7) echo ' selected="selected"' ?>>+07</option> 1137 <option value="8"<?php if ($user['timezone'] == 8) echo ' selected="selected"' ?>>+08</option> 1138 <option value="9"<?php if ($user['timezone'] == 9) echo ' selected="selected"' ?>>+09</option> 1139 <option value="9.5"<?php if ($user['timezone'] == 9.5) echo ' selected="selected"' ?>>+09.5</option> 1140 <option value="10"<?php if ($user['timezone'] == 10) echo ' selected="selected"' ?>>+10</option> 1141 <option value="10.5"<?php if ($user['timezone'] == 10.5) echo ' selected="selected"' ?>>+10.5</option> 1142 <option value="11"<?php if ($user['timezone'] == 11) echo ' selected="selected"' ?>>+11</option> 1143 <option value="11.5"<?php if ($user['timezone'] == 11.5) echo ' selected="selected"' ?>>+11.5</option> 1144 <option value="12"<?php if ($user['timezone'] == 12) echo ' selected="selected"' ?>>+12</option> 1145 <option value="13"<?php if ($user['timezone'] == 13) echo ' selected="selected"' ?>>+13</option> 1146 <option value="14"<?php if ($user['timezone'] == 14) echo ' selected="selected"' ?>>+14</option> 1266 <option value="-12"<?php if ($user['timezone'] == -12) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-12:00'] ?></option> 1267 <option value="-11"<?php if ($user['timezone'] == -11) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-11:00'] ?></option> 1268 <option value="-10"<?php if ($user['timezone'] == -10) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-10:00'] ?></option> 1269 <option value="-9.5"<?php if ($user['timezone'] == -9.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-09:30'] ?></option> 1270 <option value="-9"<?php if ($user['timezone'] == -9) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-09:00'] ?></option> 1271 <option value="-8.5"<?php if ($user['timezone'] == -8.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-08:30'] ?></option> 1272 <option value="-8"<?php if ($user['timezone'] == -8) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-08:00'] ?></option> 1273 <option value="-7"<?php if ($user['timezone'] == -7) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-07:00'] ?></option> 1274 <option value="-6"<?php if ($user['timezone'] == -6) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-06:00'] ?></option> 1275 <option value="-5"<?php if ($user['timezone'] == -5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-05:00'] ?></option> 1276 <option value="-4"<?php if ($user['timezone'] == -4) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-04:00'] ?></option> 1277 <option value="-3.5"<?php if ($user['timezone'] == -3.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-03:30'] ?></option> 1278 <option value="-3"<?php if ($user['timezone'] == -3) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-03:00'] ?></option> 1279 <option value="-2"<?php if ($user['timezone'] == -2) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-02:00'] ?></option> 1280 <option value="-1"<?php if ($user['timezone'] == -1) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-01:00'] ?></option> 1281 <option value="0"<?php if ($user['timezone'] == 0) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC'] ?></option> 1282 <option value="1"<?php if ($user['timezone'] == 1) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+01:00'] ?></option> 1283 <option value="2"<?php if ($user['timezone'] == 2) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+02:00'] ?></option> 1284 <option value="3"<?php if ($user['timezone'] == 3) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+03:00'] ?></option> 1285 <option value="3.5"<?php if ($user['timezone'] == 3.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+03:30'] ?></option> 1286 <option value="4"<?php if ($user['timezone'] == 4) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+04:00'] ?></option> 1287 <option value="4.5"<?php if ($user['timezone'] == 4.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+04:30'] ?></option> 1288 <option value="5"<?php if ($user['timezone'] == 5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+05:00'] ?></option> 1289 <option value="5.5"<?php if ($user['timezone'] == 5.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+05:30'] ?></option> 1290 <option value="5.75"<?php if ($user['timezone'] == 5.75) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+05:45'] ?></option> 1291 <option value="6"<?php if ($user['timezone'] == 6) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+06:00'] ?></option> 1292 <option value="6.5"<?php if ($user['timezone'] == 6.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+06:30'] ?></option> 1293 <option value="7"<?php if ($user['timezone'] == 7) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+07:00'] ?></option> 1294 <option value="8"<?php if ($user['timezone'] == 8) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+08:00'] ?></option> 1295 <option value="8.75"<?php if ($user['timezone'] == 8.75) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+08:45'] ?></option> 1296 <option value="9"<?php if ($user['timezone'] == 9) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+09:00'] ?></option> 1297 <option value="9.5"<?php if ($user['timezone'] == 9.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+09:30'] ?></option> 1298 <option value="10"<?php if ($user['timezone'] == 10) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+10:00'] ?></option> 1299 <option value="10.5"<?php if ($user['timezone'] == 10.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+10:30'] ?></option> 1300 <option value="11"<?php if ($user['timezone'] == 11) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+11:00'] ?></option> 1301 <option value="11.5"<?php if ($user['timezone'] == 11.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+11:30'] ?></option> 1302 <option value="12"<?php if ($user['timezone'] == 12) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+12:00'] ?></option> 1303 <option value="12.75"<?php if ($user['timezone'] == 12.75) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+12:45'] ?></option> 1304 <option value="13"<?php if ($user['timezone'] == 13) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+13:00'] ?></option> 1305 <option value="14"<?php if ($user['timezone'] == 14) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+14:00'] ?></option> 1147 1306 </select> 1148 1307 <br /></label> 1149 <?php 1150 1151 $languages = array(); 1152 $d = dir(PUN_ROOT.'lang'); 1153 while (($entry = $d->read()) !== false) 1154 { 1155 if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php')) 1156 $languages[] = $entry; 1157 } 1158 $d->close(); 1308 <div class="rbox"> 1309 <label><input type="checkbox" name="form[dst]" value="1"<?php if ($user['dst'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['DST'] ?><br /></label> 1310 </div> 1311 <label><?php echo $lang_prof_reg['Time format'] ?> 1312 1313 <br /><select name="form[time_format]"> 1314 <?php 1315 foreach (array_unique($forum_time_formats) as $key => $time_format) 1316 { 1317 echo "\t\t\t\t\t\t\t\t".'<option value="'.$key.'"'; 1318 if ($user['time_format'] == $key) 1319 echo ' selected="selected"'; 1320 echo '>'. format_time(time(), false, null, $time_format, true, true); 1321 if ($key == 0) 1322 echo ' ('.$lang_prof_reg['Default'].')'; 1323 echo "</option>\n"; 1324 } 1325 ?> 1326 </select> 1327 <br /></label> 1328 <label><?php echo $lang_prof_reg['Date format'] ?> 1329 1330 <br /><select name="form[date_format]"> 1331 <?php 1332 foreach (array_unique($forum_date_formats) as $key => $date_format) 1333 { 1334 echo "\t\t\t\t\t\t\t\t".'<option value="'.$key.'"'; 1335 if ($user['date_format'] == $key) 1336 echo ' selected="selected"'; 1337 echo '>'. format_time(time(), true, $date_format, null, false, true); 1338 if ($key == 0) 1339 echo ' ('.$lang_prof_reg['Default'].')'; 1340 echo "</option>\n"; 1341 } 1342 ?> 1343 </select> 1344 <br /></label> 1345 1346 <?php 1347 1348 $languages = forum_list_langs(); 1159 1349 1160 1350 // Only display the language selection box if there's more than one language available 1161 1351 if (count($languages) > 1) 1162 1352 { 1163 natsort($languages); 1164 1165 ?> 1166 <label><?php echo $lang_prof_reg['Language'] ?>: <?php echo $lang_prof_reg['Language info'] ?> 1353 1354 ?> 1355 <label><?php echo $lang_prof_reg['Language'] ?> 1167 1356 <br /><select name="form[language]"> 1168 1357 <?php 1169 1358 1170 while (list(, $temp) = @each($languages))1359 foreach ($languages as $temp) 1171 1360 { 1172 1361 if ($user['language'] == $temp) … … 1191 1380 <legend><?php echo $lang_profile['User activity'] ?></legend> 1192 1381 <div class="infldset"> 1193 <p><?php echo $lang_common['Registered'] ?>: <?php echo format_time($user['registered'], true); if ($pun_user['g_id'] < PUN_GUEST) echo ' (<a href="moderate.php?get_host='.pun_htmlspecialchars($user['registration_ip']).'">'.pun_htmlspecialchars($user['registration_ip']).'</a>)'; ?></p> 1194 <p><?php echo $lang_common['Last post'] ?>: <?php echo $last_post ?></p> 1195 <?php echo $posts_field ?> 1196 <?php if ($pun_user['g_id'] < PUN_GUEST): ?> <label><?php echo $lang_profile['Admin note'] ?><br /> 1382 <p><?php printf($lang_profile['Registered info'], format_time($user['registered'], true).(($pun_user['is_admmod']) ? ' (<a href="moderate.php?get_host='.pun_htmlspecialchars($user['registration_ip']).'">'.pun_htmlspecialchars($user['registration_ip']).'</a>)' : '')) ?></p> 1383 <p><?php printf($lang_profile['Last post info'], $last_post) ?></p> 1384 <p><?php printf($lang_profile['Last visit info'], format_time($user['last_visit'])) ?></p> 1385 <?php echo $posts_field ?> 1386 <?php if ($pun_user['is_admmod']): ?> <label><?php echo $lang_profile['Admin note'] ?><br /> 1197 1387 <input id="admin_note" type="text" name="admin_note" value="<?php echo pun_htmlspecialchars($user['admin_note']) ?>" size="30" maxlength="30" /><br /></label> 1198 </div>1199 <?php endif; ?></fieldset>1388 <?php endif; ?> </div> 1389 </fieldset> 1200 1390 </div> 1201 <p ><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p>1391 <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p> 1202 1392 </form> 1203 1393 </div> … … 1209 1399 { 1210 1400 if ($pun_user['g_set_title'] == '1') 1211 $title_field = '<label>'.$lang_common['Title'].'  (<em>'.$lang_profile['Leave blank'].'</em>)<br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n"; 1212 1213 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1401 $title_field = '<label>'.$lang_common['Title'].' <em>('.$lang_profile['Leave blank'].')</em><br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n"; 1402 1403 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section personal']); 1404 define('PUN_ACTIVE_PAGE', 'profile'); 1214 1405 require PUN_ROOT.'header.php'; 1215 1406 … … 1227 1418 <input type="hidden" name="form_sent" value="1" /> 1228 1419 <label><?php echo $lang_profile['Realname'] ?><br /><input type="text" name="form[realname]" value="<?php echo pun_htmlspecialchars($user['realname']) ?>" size="40" maxlength="40" /><br /></label> 1229 <?php if (isset($title_field)): ?> <?php echo $title_field ?>1420 <?php if (isset($title_field)): ?> <?php echo $title_field ?> 1230 1421 <?php endif; ?> <label><?php echo $lang_profile['Location'] ?><br /><input type="text" name="form[location]" value="<?php echo pun_htmlspecialchars($user['location']) ?>" size="30" maxlength="30" /><br /></label> 1231 1422 <label><?php echo $lang_profile['Website'] ?><br /><input type="text" name="form[url]" value="<?php echo pun_htmlspecialchars($user['url']) ?>" size="50" maxlength="80" /><br /></label> … … 1233 1424 </fieldset> 1234 1425 </div> 1235 <p ><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p>1426 <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p> 1236 1427 </form> 1237 1428 </div> … … 1243 1434 { 1244 1435 1245 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1436 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section messaging']); 1437 define('PUN_ACTIVE_PAGE', 'profile'); 1246 1438 require PUN_ROOT.'header.php'; 1247 1439 … … 1266 1458 </fieldset> 1267 1459 </div> 1268 <p ><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p>1460 <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p> 1269 1461 </form> 1270 1462 </div> … … 1275 1467 else if ($section == 'personality') 1276 1468 { 1277 $avatar_field = '<a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Change avatar'].'</a>'; 1278 if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.gif')) 1279 $avatar_format = 'gif'; 1280 else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.jpg')) 1281 $avatar_format = 'jpg'; 1282 else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.png')) 1283 $avatar_format = 'png'; 1469 if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0') 1470 message($lang_common['Bad request']); 1471 1472 $avatar_field = '<span><a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Change avatar'].'</a></span>'; 1473 1474 $user_avatar = generate_avatar_markup($id); 1475 if ($user_avatar) 1476 $avatar_field .= ' <span><a href="profile.php?action=delete_avatar&id='.$id.'">'.$lang_profile['Delete avatar'].'</a></span>'; 1284 1477 else 1285 $avatar_field = '<a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Upload avatar'].'</a>'; 1286 1287 // Display the delete avatar link? 1288 if ($img_size) 1289 $avatar_field .= '   <a href="profile.php?action=delete_avatar&id='.$id.'">'.$lang_profile['Delete avatar'].'</a>'; 1478 $avatar_field = '<span><a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Upload avatar'].'</a></span>'; 1290 1479 1291 1480 if ($user['signature'] != '') 1292 $signature_preview = '<p>'.$lang_profile['Sig preview'].'</p>'."\n\t\t\t\t\t ".'<div class="postsignature">'."\n\t\t\t\t\t\t".'<hr />'."\n\t\t\t\t\t\t".$parsed_signature."\n\t\t\t\t\t".'</div>'."\n";1481 $signature_preview = '<p>'.$lang_profile['Sig preview'].'</p>'."\n\t\t\t\t\t\t\t".'<div class="postsignature postmsg">'."\n\t\t\t\t\t\t\t\t".'<hr />'."\n\t\t\t\t\t\t\t\t".$parsed_signature."\n\t\t\t\t\t\t\t".'</div>'."\n"; 1293 1482 else 1294 1483 $signature_preview = '<p>'.$lang_profile['No sig'].'</p>'."\n"; 1295 1484 1296 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1485 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section personality']); 1486 define('PUN_ACTIVE_PAGE', 'profile'); 1297 1487 require PUN_ROOT.'header.php'; 1298 1488 … … 1310 1500 <legend><?php echo $lang_profile['Avatar legend'] ?></legend> 1311 1501 <div class="infldset"> 1312 <?php if (isset($avatar_format)): ?> <img src="<?php echo $pun_config['o_avatars_dir'].'/'.$id.'.'.$avatar_format ?>" <?php echo $img_size[3] ?> alt="" /> 1313 <?php endif; ?> <p><?php echo $lang_profile['Avatar info'] ?></p> 1314 <div class="rbox"> 1315 <label><input type="checkbox" name="form[use_avatar]" value="1"<?php if ($user['use_avatar'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Use avatar'] ?><br /></label> 1316 </div> 1317 <p class="clearb"><?php echo $avatar_field ?></p> 1502 <?php if ($user_avatar): ?> <div class="useravatar"><?php echo $user_avatar ?></div> 1503 <?php endif; ?> <p><?php echo $lang_profile['Avatar info'] ?></p> 1504 <p class="clearb actions"><?php echo $avatar_field ?></p> 1318 1505 </div> 1319 1506 </fieldset> 1320 1507 </div> 1321 <?php endif; ?> <div class="inform">1508 <?php endif; if ($pun_config['o_signatures'] == '1'): ?> <div class="inform"> 1322 1509 <fieldset> 1323 1510 <legend><?php echo $lang_profile['Signature legend'] ?></legend> … … 1325 1512 <p><?php echo $lang_profile['Signature info'] ?></p> 1326 1513 <div class="txtarea"> 1327 <label><?php echo $lang_profile['Sig max length'] ?>: <?php echo $pun_config['p_sig_length'] ?> / <?php echo $lang_profile['Sig max lines'] ?>: <?php echo $pun_config['p_sig_lines']?><br />1514 <label><?php printf($lang_profile['Sig max size'], forum_number_format($pun_config['p_sig_length']), $pun_config['p_sig_lines']) ?><br /> 1328 1515 <textarea name="signature" rows="4" cols="65"><?php echo pun_htmlspecialchars($user['signature']) ?></textarea><br /></label> 1329 1516 </div> 1330 1517 <ul class="bblinks"> 1331 <li>< a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_sig_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>1332 <li>< a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_sig_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>1333 <li>< a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a>: <?php echo ($pun_config['o_smilies_sig'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>1518 <li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_sig_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li> 1519 <li><span><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a> <?php echo ($pun_config['p_sig_bbcode'] == '1' && $pun_config['p_sig_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li> 1520 <li><span><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a> <?php echo ($pun_config['o_smilies_sig'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li> 1334 1521 </ul> 1335 1522 <?php echo $signature_preview ?> … … 1337 1524 </fieldset> 1338 1525 </div> 1339 <p><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p>1526 <?php endif; ?> <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p> 1340 1527 </form> 1341 1528 </div> … … 1346 1533 else if ($section == 'display') 1347 1534 { 1348 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1535 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section display']); 1536 define('PUN_ACTIVE_PAGE', 'profile'); 1349 1537 require PUN_ROOT.'header.php'; 1350 1538 … … 1359 1547 <?php 1360 1548 1361 $styles = array(); 1362 $d = dir(PUN_ROOT.'style'); 1363 while (($entry = $d->read()) !== false) 1364 { 1365 if (substr($entry, strlen($entry)-4) == '.css') 1366 $styles[] = substr($entry, 0, strlen($entry)-4); 1367 } 1368 $d->close(); 1549 $styles = forum_list_styles(); 1369 1550 1370 1551 // Only display the style selection box if there's more than one style available … … 1373 1554 else if (count($styles) > 1) 1374 1555 { 1375 natsort($styles); 1556 1376 1557 ?> 1377 1558 <div class="inform"> … … 1379 1560 <legend><?php echo $lang_profile['Style legend'] ?></legend> 1380 1561 <div class="infldset"> 1381 <label><?php echo $lang_profile['Style info'] ?><br /> 1382 1562 <label><?php echo $lang_profile['Styles'] ?><br /> 1383 1563 <select name="form[style]"> 1384 1564 <?php 1385 1565 1386 while (list(, $temp) = @each($styles))1566 foreach ($styles as $temp) 1387 1567 { 1388 1568 if ($user['style'] == $temp) … … 1403 1583 1404 1584 ?> 1585 <?php if ($pun_config['o_smilies'] == '1' || $pun_config['o_smilies_sig'] == '1' || $pun_config['o_signatures'] == '1' || $pun_config['o_avatars'] == '1' || ($pun_config['p_message_bbcode'] == '1' && $pun_config['p_message_img_tag'] == '1')): ?> 1405 1586 <div class="inform"> 1406 1587 <fieldset> … … 1409 1590 <p><?php echo $lang_profile['Post display info'] ?></p> 1410 1591 <div class="rbox"> 1411 <label><input type="checkbox" name="form[show_smilies]" value="1"<?php if ($user['show_smilies'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show smilies'] ?><br /></label> 1412 <label><input type="checkbox" name="form[show_sig]" value="1"<?php if ($user['show_sig'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show sigs'] ?><br /></label> 1413 <?php if ($pun_config['o_avatars'] == '1'): ?> <label><input type="checkbox" name="form[show_avatars]" value="1"<?php if ($user['show_avatars'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show avatars'] ?><br /></label> 1414 <?php endif; ?> <label><input type="checkbox" name="form[show_img]" value="1"<?php if ($user['show_img'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show images'] ?><br /></label> 1415 <label><input type="checkbox" name="form[show_img_sig]" value="1"<?php if ($user['show_img_sig'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show images sigs'] ?><br /></label> 1592 <?php if ($pun_config['o_smilies'] == '1' || $pun_config['o_smilies_sig'] == '1'): ?> <label><input type="checkbox" name="form[show_smilies]" value="1"<?php if ($user['show_smilies'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show smilies'] ?><br /></label> 1593 <?php endif; if ($pun_config['o_signatures'] == '1'): ?> <label><input type="checkbox" name="form[show_sig]" value="1"<?php if ($user['show_sig'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show sigs'] ?><br /></label> 1594 <?php endif; if ($pun_config['o_avatars'] == '1'): ?> <label><input type="checkbox" name="form[show_avatars]" value="1"<?php if ($user['show_avatars'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show avatars'] ?><br /></label> 1595 <?php endif; if ($pun_config['p_message_bbcode'] == '1' && $pun_config['p_message_img_tag'] == '1'): ?> <label><input type="checkbox" name="form[show_img]" value="1"<?php if ($user['show_img'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show images'] ?><br /></label> 1596 <?php endif; if ($pun_config['o_signatures'] == '1' && $pun_config['p_sig_bbcode'] == '1' && $pun_config['p_sig_img_tag'] == '1'): ?> <label><input type="checkbox" name="form[show_img_sig]" value="1"<?php if ($user['show_img_sig'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show images sigs'] ?><br /></label> 1597 <?php endif; ?> 1416 1598 </div> 1417 1599 </div> 1418 1600 </fieldset> 1419 1601 </div> 1602 <?php endif; ?> 1420 1603 <div class="inform"> 1421 1604 <fieldset> … … 1428 1611 </fieldset> 1429 1612 </div> 1430 <p ><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p>1613 <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p> 1431 1614 </form> 1432 1615 </div> … … 1437 1620 else if ($section == 'privacy') 1438 1621 { 1439 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1622 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section privacy']); 1623 define('PUN_ACTIVE_PAGE', 'profile'); 1440 1624 require PUN_ROOT.'header.php'; 1441 1625 … … 1452 1636 <div class="infldset"> 1453 1637 <input type="hidden" name="form_sent" value="1" /> 1454 <p><?php echo $lang_prof_reg['E -mail setting info'] ?></p>1638 <p><?php echo $lang_prof_reg['Email setting info'] ?></p> 1455 1639 <div class="rbox"> 1456 <label><input type="radio" name="form[email_setting]" value="0"<?php if ($user['email_setting'] == '0') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['E-mail setting 1'] ?><br /></label> 1457 <label><input type="radio" name="form[email_setting]" value="1"<?php if ($user['email_setting'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['E-mail setting 2'] ?><br /></label> 1458 <label><input type="radio" name="form[email_setting]" value="2"<?php if ($user['email_setting'] == '2') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['E-mail setting 3'] ?><br /></label> 1459 </div> 1460 <p><?php echo $lang_prof_reg['Save user/pass info'] ?></p> 1461 <div class="rbox"> 1462 <label><input type="checkbox" name="form[save_pass]" value="1"<?php if ($user['save_pass'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Save user/pass'] ?><br /></label> 1463 </div> 1464 <p><?php echo $lang_profile['Notify full info'] ?></p> 1465 <div class="rbox"> 1466 <label><input type="checkbox" name="form[notify_with_post]" value="1"<?php if ($user['notify_with_post'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Notify full'] ?><br /></label> 1640 <label><input type="radio" name="form[email_setting]" value="0"<?php if ($user['email_setting'] == '0') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Email setting 1'] ?><br /></label> 1641 <label><input type="radio" name="form[email_setting]" value="1"<?php if ($user['email_setting'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Email setting 2'] ?><br /></label> 1642 <label><input type="radio" name="form[email_setting]" value="2"<?php if ($user['email_setting'] == '2') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Email setting 3'] ?><br /></label> 1467 1643 </div> 1468 1644 </div> 1469 1645 </fieldset> 1470 1646 </div> 1471 <p><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /><?php echo $lang_profile['Instructions'] ?></p> 1647 <?php if ($pun_config['o_forum_subscriptions'] == '1' || $pun_config['o_topic_subscriptions'] == '1'): ?> <div class="inform"> 1648 <fieldset> 1649 <legend><?php echo $lang_profile['Subscription legend'] ?></legend> 1650 <div class="infldset"> 1651 <div class="rbox"> 1652 <label><input type="checkbox" name="form[notify_with_post]" value="1"<?php if ($user['notify_with_post'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Notify full'] ?><br /></label> 1653 <?php if ($pun_config['o_topic_subscriptions'] == '1'): ?> <label><input type="checkbox" name="form[auto_notify]" value="1"<?php if ($user['auto_notify'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Auto notify full'] ?><br /></label> 1654 <?php endif; ?> 1655 </div> 1656 </div> 1657 </fieldset> 1658 </div> 1659 <?php endif; ?> <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p> 1472 1660 </form> 1473 1661 </div> … … 1478 1666 else if ($section == 'admin') 1479 1667 { 1480 if ( $pun_user['g_id'] > PUN_MOD || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '0'))1668 if (!$pun_user['is_admmod'] || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '0')) 1481 1669 message($lang_common['Bad request']); 1482 1670 1483 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; 1671 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section admin']); 1672 define('PUN_ACTIVE_PAGE', 'profile'); 1484 1673 require PUN_ROOT.'header.php'; 1485 1674 … … 1490 1679 <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section admin'] ?></span></h2> 1491 1680 <div class="box"> 1492 <form id="profile7" method="post" action="profile.php?section=admin&id=<?php echo $id ?> &action=foo">1681 <form id="profile7" method="post" action="profile.php?section=admin&id=<?php echo $id ?>"> 1493 1682 <div class="inform"> 1494 1683 <input type="hidden" name="form_sent" value="1" /> … … 1496 1685 <?php 1497 1686 1498 if ($pun_user['g_ id'] == PUN_MOD)1687 if ($pun_user['g_moderator'] == '1') 1499 1688 { 1500 1689 … … 1511 1700 else 1512 1701 { 1513 if ($pun_user['id'] != $id) 1514 { 1702 if ($pun_user['id'] != $id) 1703 { 1515 1704 1516 1705 ?> … … 1520 1709 <?php 1521 1710 1522 $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Impossible de retrouver la liste des groupes utilisateurs', __FILE__, __LINE__, $db->error());1523 1524 while ($cur_group = $db->fetch_assoc($result))1525 {1526 1527 1528 else1529 1530 }1711 $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); 1712 1713 while ($cur_group = $db->fetch_assoc($result)) 1714 { 1715 if ($cur_group['g_id'] == $user['g_id'] || ($cur_group['g_id'] == $pun_config['o_default_user_group'] && $user['g_id'] == '')) 1716 echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; 1717 else 1718 echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n"; 1719 } 1531 1720 1532 1721 ?> … … 1538 1727 <div class="inform"> 1539 1728 <fieldset> 1540 <?php 1729 <?php 1541 1730 1542 1731 } … … 1545 1734 <legend><?php echo $lang_profile['Delete ban legend'] ?></legend> 1546 1735 <div class="infldset"> 1547 <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" />   <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />1736 <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" /> 1548 1737 </div> 1549 1738 </fieldset> … … 1551 1740 <?php 1552 1741 1553 if ($user['g_ id'] == PUN_MOD|| $user['g_id'] == PUN_ADMIN)1742 if ($user['g_moderator'] == '1' || $user['g_id'] == PUN_ADMIN) 1554 1743 { 1555 1744 … … 1562 1751 <?php 1563 1752 1564 $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.moderators FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error(' Impossible de retrouver la liste des catégories et des forums', __FILE__, __LINE__, $db->error());1753 $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.moderators FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); 1565 1754 1566 1755 $cur_category = 0; 1567 1756 while ($cur_forum = $db->fetch_assoc($result)) 1568 1757 { 1569 if ($cur_forum['cid'] != $cur_category) 1758 if ($cur_forum['cid'] != $cur_category) // A new category since last iteration? 1570 1759 { 1571 1760 if ($cur_category) … … 1603 1792 1604 1793 } 1794 else 1795 message($lang_common['Bad request']); 1605 1796 1606 1797 ?>
Note: See TracChangeset
for help on using the changeset viewer.
