[ PHPXref.com ] [ Generated: Sun Jul 20 16:22:48 2008 ] [ 4images 1.7.4 ]
[ Index ]     [ Variables ]     [ Functions ]     [ Classes ]     [ Constants ]     [ Statistics ]

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**************************************************************************

   3   *                                                                        *

   4   *    4images - A Web Based Image Gallery Management System               *

   5   *    ----------------------------------------------------------------    *

   6   *                                                                        *

   7   *             File: member.php                                           *

   8   *        Copyright: (C) 2002 Jan Sorgalla                                *

   9   *            Email: jan@4homepages.de                                    *

  10   *              Web: http://www.4homepages.de                             *

  11   *    Scriptversion: 1.7.4                                                *

  12   *                                                                        *

  13   *    Never released without support from: Nicky (http://www.nicky.net)   *

  14   *                                                                        *

  15   **************************************************************************

  16   *                                                                        *

  17   *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *

  18   *    bedingungen (Lizenz.txt) für weitere Informationen.                 *

  19   *    ---------------------------------------------------------------     *

  20   *    This script is NOT freeware! Please read the Copyright Notice       *

  21   *    (Licence.txt) for further information.                              *

  22   *                                                                        *

  23   *************************************************************************/
  24  
  25  $main_template = "member";
  26  
  27  define('GET_CACHES', 1);
  28  define('ROOT_PATH', './');
  29  include (ROOT_PATH.'global.php');
  30  require (ROOT_PATH.'includes/sessions.php');
  31  $user_access = get_permission();
  32  include (ROOT_PATH.'includes/page_header.php');
  33  
  34  if ($action == "") {
  35    $action = "lostpassword";
  36  }
  37  $content = "";
  38  $txt_clickstream = "";
  39  
  40  $sendprocess = 0;
  41  
  42  if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) {
  43    $comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]);
  44  }
  45  else {
  46    $comment_id = 0;
  47  }
  48  
  49  if ($action == "deletecomment") {
  50    if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
  51      show_error_page($lang['no_permission']);
  52      exit;
  53    }
  54  
  55    $sql = "SELECT c.comment_id, c.user_id AS comment_user_id, i.image_id, i.cat_id, i.user_id, i.image_name
  56            FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
  57            WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  58    $comment_row = $site_db->query_firstrow($sql);
  59    if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
  60      show_error_page($lang['no_permission']);
  61      exit;
  62    }
  63  
  64    $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
  65    $txt_clickstream .= $lang['comment_delete'];
  66  
  67    $sql = "UPDATE ".IMAGES_TABLE."
  68            SET image_comments = image_comments - 1
  69            WHERE image_id = ".$comment_row['image_id'];
  70    $site_db->query($sql);
  71  
  72    if ($comment_row['comment_user_id'] != GUEST) {
  73      $sql = "UPDATE ".USERS_TABLE."
  74              SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
  75              WHERE ".get_user_table_field("", "user_id")." = ".$comment_row['comment_user_id'];
  76      $site_db->query($sql);
  77    }
  78  
  79    $sql = "DELETE FROM ".COMMENTS_TABLE."
  80            WHERE comment_id = $comment_id";
  81    $result = $site_db->query($sql);
  82    $msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
  83  }
  84  
  85  if ($action == "removecomment") {
  86    if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
  87      redirect($url);
  88    }
  89  
  90    $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
  91            FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
  92            LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
  93            WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
  94    $comment_row = $site_db->query_firstrow($sql);
  95    if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
  96      redirect($url);
  97    }
  98  
  99    $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
 100    $txt_clickstream .= $lang['comment_delete'];
 101  
 102    if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
 103      $user_name = $comment_row[$user_table_fields['user_name']];
 104    }
 105    else {
 106      $user_name = $comment_row['comment_user_name'];
 107    }
 108  
 109    $site_template->register_vars(array(
 110      "comment_id" => $comment_id,
 111      "image_name" => format_text($comment_row['image_name']),
 112      "user_name" => format_text($user_name),
 113      "comment_headline" => format_text($comment_row['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
 114      "comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
 115      "lang_delete_comment" => $lang['comment_delete'],
 116      "lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
 117      "lang_image_name" => $lang['image_name'],
 118      "lang_name" => $lang['name'],
 119      "lang_headline" => $lang['headline'],
 120      "lang_comment" => $lang['comment'],
 121      "lang_submit" => $lang['submit'],
 122      "lang_reset" => $lang['reset'],
 123      "lang_yes" => $lang['yes'],
 124      "lang_no" => $lang['no']
 125    ));
 126    $content = $site_template->parse_template("member_deletecomment");
 127  }
 128  
 129  if ($action == "updatecomment") {
 130    if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
 131      show_error_page($lang['no_permission']);
 132      exit;
 133    }
 134    $sql = "SELECT c.comment_id, c.image_id, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
 135            FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
 136            LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
 137            WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
 138    $comment_row = $site_db->query_firstrow($sql);
 139    if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 140      show_error_page($lang['no_permission']);
 141      exit;
 142    }
 143  
 144    $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
 145    $txt_clickstream .= $lang['comment_edit'];
 146  
 147    $error = 0;
 148  
 149    $comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
 150    $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
 151  
 152    if ($comment_headline == "")  {
 153      $error = 1;
 154      $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['headline']), $lang['field_required']);
 155      $msg .= (($msg != "") ? "<br />" : "").$field_error;
 156    }
 157    if ($comment_text == "")  {
 158      $error = 1;
 159      $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['comment']), $lang['field_required']);
 160      $msg .= (($msg != "") ? "<br />" : "").$field_error;
 161    }
 162  
 163    if (!$error) {
 164      $sql = "UPDATE ".COMMENTS_TABLE."
 165              SET comment_headline = '$comment_headline', comment_text = '$comment_text'
 166              WHERE comment_id = $comment_id";
 167      $result = $site_db->query($sql);
 168      $msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
 169    }
 170    else {
 171      $action = "editcomment";
 172      $sendprocess = 1;
 173    }
 174  }
 175  
 176  if ($action == "editcomment") {
 177    if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
 178      redirect($url);
 179    }
 180  
 181    $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
 182            FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
 183            LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
 184            WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
 185    $comment_row = $site_db->query_firstrow($sql);
 186    if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 187      header("Location: ".$site_sess->url($url, "&"));
 188      exit;
 189    }
 190  
 191    $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
 192    $txt_clickstream .= $lang['comment_edit'];
 193  
 194    $comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline'];
 195    $comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];
 196  
 197    if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
 198      $user_name = $comment_row[$user_table_fields['user_name']];
 199    }
 200    else {
 201      $user_name = $comment_row['comment_user_name'];
 202    }
 203  
 204    $bbcode = "";
 205    if ($config['bb_comments'] == 1) {
 206      $site_template->register_vars(array(
 207        "lang_bbcode" => $lang['bbcode'],
 208        "lang_tag_prompt" => $lang['tag_prompt'],
 209        "lang_link_text_prompt" => $lang['link_text_prompt'],
 210        "lang_link_url_prompt" => $lang['link_url_prompt'],
 211        "lang_link_email_prompt" => $lang['link_email_prompt'],
 212        "lang_list_type_prompt" => $lang['list_type_prompt'],
 213        "lang_list_item_prompt" => $lang['list_item_prompt']
 214      ));
 215      $bbcode = $site_template->parse_template("bbcode");
 216    }
 217  
 218    $site_template->register_vars(array(
 219      "bbcode" => $bbcode,
 220      "comment_id" => $comment_id,
 221      "image_name" => format_text($comment_row['image_name'], 2),
 222      "user_name" => format_text($user_name, 2),
 223      "comment_headline" => format_text($comment_headline, 2),
 224      "comment_text" => format_text($comment_text, 2),
 225      "lang_edit_comment" => $lang['comment_edit'],
 226      "lang_image_name" => $lang['image_name'],
 227      "lang_name" => $lang['name'],
 228      "lang_headline" => $lang['headline'],
 229      "lang_comment" => $lang['comment'],
 230      "lang_submit" => $lang['submit'],
 231      "lang_reset" => $lang['reset'],
 232      "lang_yes" => $lang['yes'],
 233      "lang_no" => $lang['no']
 234    ));
 235    $content = $site_template->parse_template("member_editcomment");
 236  }
 237  
 238  if ($action == "deleteimage") {
 239    if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 240      show_error_page($lang['no_permission']);
 241      exit;
 242    }
 243    $sql = "SELECT image_id, cat_id, user_id, image_name, image_media_file, image_thumb_file
 244            FROM ".IMAGES_TABLE."
 245            WHERE image_id = $image_id";
 246    $image_row = $site_db->query_firstrow($sql);
 247    if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 248      show_error_page($lang['no_permission']);
 249      exit;
 250    }
 251  
 252    $txt_clickstream = $lang['image_delete'];
 253  
 254    $sql = "DELETE FROM ".IMAGES_TABLE."
 255            WHERE image_id = $image_id";
 256    $del_img = $site_db->query($sql);
 257  
 258    if (!is_remote($image_row['image_media_file']) && !is_local_file($image_row['image_media_file'])) {
 259      @unlink(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
 260    }
 261    if (!empty($image_row['image_thumb_file']) && !is_remote($image_row['image_thumb_file']) && !is_local_file($image_row['image_thumb_file'])) {
 262      @unlink(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);
 263    }
 264  
 265    include (ROOT_PATH.'includes/search_utils.php');
 266    remove_searchwords($image_id);
 267  
 268    if (!empty($user_table_fields['user_comments'])) {
 269      $sql = "SELECT user_id
 270              FROM ".COMMENTS_TABLE."
 271              WHERE image_id = $image_id";
 272      $result = $site_db->query($sql);
 273      $user_id_sql = "";
 274      while ($row = $site_db->fetch_array($result)) {
 275        if ($row['user_id'] != GUEST) {
 276          $sql = "UPDATE ".USERS_TABLE."
 277                  SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
 278                  WHERE ".get_user_table_field("", "user_id")." = ".$row['user_id'];
 279          $site_db->query($sql);
 280        }
 281      }
 282    }
 283  
 284    $sql = "DELETE FROM ".COMMENTS_TABLE."
 285            WHERE image_id = $image_id";
 286    $del_com = $site_db->query($sql);
 287  
 288    if ($del_img) {
 289      $msg = $lang['image_delete_success'];
 290    }
 291    else {
 292      $msg = $lang['image_delete_error'];
 293    }
 294  }
 295  
 296  if ($action == "removeimage") {
 297    if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 298      redirect($url);
 299    }
 300    $sql = "SELECT image_id, cat_id, user_id, image_name
 301            FROM ".IMAGES_TABLE."
 302            WHERE image_id = $image_id";
 303    $image_row = $site_db->query_firstrow($sql);
 304    if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 305      show_error_page($lang['no_permission']);
 306      exit;
 307    }
 308  
 309    $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator'];
 310    $txt_clickstream .= $lang['image_delete'];
 311  
 312    $site_template->register_vars(array(
 313      "image_id" => $image_id,
 314      "image_name" => format_text($image_row['image_name'], 2),
 315      "lang_delete_image" => $lang['image_delete'],
 316      "lang_delete_image_confirm" => $lang['image_delete_confirm'],
 317      "lang_submit" => $lang['submit'],
 318      "lang_reset" => $lang['reset'],
 319      "lang_yes" => $lang['yes'],
 320      "lang_no" => $lang['no']
 321    ));
 322    $content = $site_template->parse_template("member_deleteimage");
 323  }
 324  
 325  if ($action == "updateimage") {
 326    if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 327      show_error_page($lang['no_permission']);
 328    }
 329    $sql = "SELECT image_id, cat_id, user_id, image_name
 330            FROM ".IMAGES_TABLE."
 331            WHERE image_id = $image_id";
 332    $image_row = $site_db->query_firstrow($sql);
 333    if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 334      show_error_page($lang['no_permission']);
 335      exit;
 336    }
 337  
 338    $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator'];
 339    $txt_clickstream .= $lang['image_edit'];
 340  
 341    $error = 0;
 342  
 343    $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
 344    $image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
 345    $image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
 346    $image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
 347    $image_keywords = str_replace(","," ",$image_keywords);
 348    $image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);
 349  
 350    if ($image_name == "")  {
 351      $error = 1;
 352      $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
 353      $msg .= (($msg != "") ? "<br />" : "").$field_error;
 354    }
 355  
 356    if (!empty($additional_image_fields)) {
 357      foreach ($additional_image_fields as $key => $val) {
 358        if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
 359          $error = 1;
 360          $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
 361          $msg .= (($msg != "") ? "<br />" : "").$field_error;
 362        }
 363      }
 364    }
 365  
 366    if (!$error) {
 367      $additional_sql = "";
 368  
 369      if (isset($HTTP_POST_VARS['image_allow_comments'])) {
 370        $additional_sql .= ", image_allow_comments = ".intval($HTTP_POST_VARS['image_allow_comments']);
 371      }
 372  
 373      if (!empty($additional_image_fields)) {
 374        $table_fields = $site_db->get_table_fields(IMAGES_TABLE);
 375        foreach ($additional_image_fields as $key => $val) {
 376          if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
 377            $additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
 378          }
 379        }
 380      }
 381  
 382      $sql = "UPDATE ".IMAGES_TABLE."
 383              SET image_name = '$image_name', image_description = '$image_description', image_keywords = '$image_keywords'".$additional_sql."
 384              WHERE image_id = $image_id";
 385      $result = $site_db->query($sql);
 386      if ($result) {
 387        include (ROOT_PATH.'includes/search_utils.php');
 388        $search_words = array();
 389        foreach ($search_match_fields as $image_column => $match_column) {
 390          if (isset($HTTP_POST_VARS[$image_column])) {
 391            $search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
 392          }
 393        }
 394        remove_searchwords($image_id);
 395        add_searchwords($image_id, $search_words);
 396        $msg = $lang['image_edit_success'];
 397      }
 398      else {
 399        $msg = $lang['image_edit_error'];
 400      }
 401    }
 402    else {
 403      $action = "editimage";
 404      $sendprocess = 1;
 405    }
 406  }
 407  
 408  if ($action == "editimage") {
 409    if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 410      redirect($url);
 411    }
 412  
 413    $additional_sql = "";
 414    if (!empty($additional_image_fields)) {
 415      foreach ($additional_image_fields as $key => $val) {
 416        $additional_sql .= ", ".$key;
 417      }
 418    }
 419    $sql = "SELECT image_id, cat_id, user_id, image_name, image_description, image_keywords, image_allow_comments".$additional_sql."
 420            FROM ".IMAGES_TABLE."
 421            WHERE image_id = $image_id";
 422    $image_row = $site_db->query_firstrow($sql);
 423    if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 424      redirect($url);
 425    }
 426  
 427    $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator'];
 428    $txt_clickstream .= $lang['image_edit'];
 429  
 430    $image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_name']))) : $image_row['image_name'];
 431    $image_description = (isset($HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_description']))) : $image_row['image_description'];
 432    $image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_keywords']))) : $image_row['image_keywords'];
 433    $image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments'])) ? intval($HTTP_POST_VARS['image_allow_comments']) : $image_row['image_allow_comments'];
 434  
 435    $site_template->register_vars(array(
 436      "image_id" => $image_id,
 437      "image_name" => format_text($image_name, 2),
 438      "image_description" => format_text($image_description, 2),
 439      "image_keywords" => format_text($image_keywords, 2),
 440      "image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
 441      "image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
 442      "lang_edit_image" => $lang['image_edit'],
 443      "lang_image_name" => $lang['image_name'],
 444      "lang_description" => $lang['description'],
 445      "lang_keywords" => $lang['keywords_ext'],
 446      "lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
 447      "lang_submit" => $lang['submit'],
 448      "lang_reset" => $lang['reset'],
 449      "lang_yes" => $lang['yes'],
 450      "lang_no" => $lang['no']
 451    ));
 452  
 453    if (!empty($additional_image_fields)) {
 454      $additional_field_array = array();
 455      foreach ($additional_image_fields as $key => $val) {
 456        if ($val[1] == "radio") {
 457          $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : $image_row[$key];
 458          if ($value == 1) {
 459            $additional_field_array[$key.'_yes'] = " checked=\"checked\"";
 460            $additional_field_array[$key.'_no'] = "";
 461          }
 462          else {
 463            $additional_field_array[$key.'_yes'] = "";
 464            $additional_field_array[$key.'_no'] = " checked=\"checked\"";
 465          }
 466        }
 467        else {
 468          $value = (isset($HTTP_POST_VARS[$key])) ? format_text(stripslashes(trim($HTTP_POST_VARS[$key]))) : $image_row[$key];
 469        }
 470        $additional_field_array[$key] = $value;
 471        $additional_field_array['lang_'.$key] = $val[0];
 472      }
 473      if (!empty($additional_field_array)) {
 474        $site_template->register_vars($additional_field_array);
 475      }
 476    }
 477    $content = $site_template->parse_template("member_editimage");
 478  }
 479  
 480  if ($action == "uploadimage") {
 481    if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
 482      show_error_page($lang['no_permission']);
 483      exit;
 484    }
 485  
 486    $txt_clickstream = "";
 487    if ($cat_id && isset($cat_cache[$cat_id])) {
 488      $txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
 489    }
 490    $txt_clickstream .= $lang['user_upload'];
 491  
 492    $remote_media_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_media_file'])));
 493    $remote_thumb_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_thumb_file'])));
 494  
 495    $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
 496    $image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
 497    $image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
 498    $image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
 499    $image_keywords = str_replace(","," ",$image_keywords);
 500    $image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);
 501  
 502    $image_active = (isset($HTTP_POST_VARS['image_active']) && $HTTP_POST_VARS['image_active'] == 0) ? 0 : 1;
 503    $image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments']) && $HTTP_POST_VARS['image_allow_comments'] == 0) ? 0 : 1;
 504    $image_download_url = (isset($HTTP_POST_VARS['image_download_url'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['image_download_url']))) : "";
 505  
 506    $captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
 507  
 508    $direct_upload = (check_permission("auth_directupload", $cat_id)) ? 1 : 0;
 509    $upload_cat = ($direct_upload) ? $cat_id : 0;
 510  
 511    $error = 0;
 512    $uploaderror = 0;
 513  
 514    if ($cat_id == 0)  {
 515      $error = 1;
 516      $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['category']), $lang['field_required']);
 517      $msg .= (($msg != "") ? "<br />" : "").$field_error;
 518    }
 519    if ((empty($HTTP_POST_FILES['media_file']['tmp_name']) || $HTTP_POST_FILES['media_file']['tmp_name'] == "none") && ($remote_media_file == "" || !check_remote_media($remote_media_file))) {
 520      $error = 1;
 521      $msg .= (($msg != "") ? "<br />" : "").$lang['image_file_required'];
 522    }
 523    if ($image_name == "")  {
 524      $error = 1;
 525      $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
 526      $msg .= (($msg != "") ? "<br />" : "").$field_error;
 527    }
 528  
 529    if ($captcha_enable_upload && !captcha_validate($captcha)) {
 530      $msg .= (($msg != "") ? "<br />" : "").$lang['captcha_required'];
 531      $error = 1;
 532    }
 533  
 534    if (!empty($additional_image_fields)) {
 535      foreach ($additional_image_fields as $key => $val) {
 536        if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
 537          $error = 1;
 538          $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
 539          $msg .= (($msg != "") ? "<br />" : "").$field_error;
 540        }
 541      }
 542    }
 543  
 544    if (!$error) {
 545      // Start Upload

 546      include (ROOT_PATH.'includes/upload.php');
 547      $site_upload = new Upload();
 548  
 549      // Upload Media file

 550      if (!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") {
 551        $new_name = $site_upload->upload_file("media_file", "media", $upload_cat);
 552        if (!$new_name) {
 553          $msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['file_upload_error'].": ".$new_name."</b><br />".$site_upload->get_upload_errors();
 554          $uploaderror = 1;
 555        }
 556      }
 557      else {
 558        $new_name = $remote_media_file;
 559      }
 560  
 561      // Uplad thumb file

 562      $new_thumb_name = "";
 563      if (!empty($HTTP_POST_FILES['thumb_file']['tmp_name']) && $HTTP_POST_FILES['thumb_file']['tmp_name'] != "none" && !$uploaderror) {
 564        $new_thumb_name = $site_upload->upload_file("thumb_file", "thumb", $upload_cat, get_basefile($new_name));
 565        if (!$new_thumb_name) {
 566          $msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['thumb_upload_error'].": ".$new_thumb_name."</b><br />".$site_upload->get_upload_errors();
 567          @unlink(MEDIA_TEMP_PATH."/".$new_name);
 568          $uploaderror = 1;
 569        }
 570      }
 571      elseif (check_remote_thumb($remote_thumb_file)) {
 572        $new_thumb_name = $remote_thumb_file;
 573      }
 574      elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) {
 575        if ($direct_upload) {
 576          $src = MEDIA_PATH."/".$cat_id."/".$new_name;
 577          $dest = THUMB_PATH."/".$cat_id."/".$new_name;
 578        }
 579        else {
 580          $src = MEDIA_TEMP_PATH."/".$new_name;
 581          $dest = THUMB_TEMP_PATH."/".$new_name;
 582        }
 583        $do_create = 0;
 584        if ($image_info = @getimagesize($src)) {
 585          if ($image_info[2] == 1 || $image_info[2] == 2 || $image_info[2] == 3) {
 586            $do_create = 1;
 587          }
 588        }
 589        if ($do_create) {
 590          require (ROOT_PATH.'includes/image_utils.php');
 591          $convert_options = init_convert_options();
 592          if (!$convert_options['convert_error']) {
 593            $dimension = (intval($config['auto_thumbnail_dimension'])) ? intval($config['auto_thumbnail_dimension']) : 100;
 594            $resize_type = (intval($config['auto_thumbnail_resize_type'])) ? intval($config['auto_thumbnail_resize_type']) : 1;
 595            $quality = (intval($config['auto_thumbnail_quality']) && intval($config['auto_thumbnail_quality']) <= 100) ? intval($config['auto_thumbnail_quality']) : 100;
 596  
 597            if (create_thumbnail($src, $dest, $quality, $dimension, $resize_type)) {
 598              $new_thumb_name = $new_name;
 599            }
 600          }
 601        }
 602      }
 603  
 604      if (!$uploaderror) {
 605        $additional_field_sql = "";
 606        $additional_value_sql = "";
 607        if (!empty($additional_image_fields)) {
 608          $table = ($direct_upload) ? IMAGES_TABLE : IMAGES_TEMP_TABLE;
 609          $table_fields = $site_db->get_table_fields($table);
 610          foreach ($additional_image_fields as $key => $val) {
 611            if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
 612              $additional_field_sql .= ", $key";
 613              $additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
 614            }
 615          }
 616        }
 617  
 618        $current_time = time();
 619        if ($direct_upload) {
 620          $sql = "INSERT INTO ".IMAGES_TABLE."
 621                  (cat_id, user_id, image_name, image_description, image_keywords, image_date, image_active, image_media_file, image_thumb_file, image_download_url, image_allow_comments".$additional_field_sql.")
 622                  VALUES
 623                  ($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, $image_active, '$new_name', '$new_thumb_name', '$image_download_url', $image_allow_comments".$additional_value_sql.")";
 624          $result = $site_db->query($sql);
 625          $image_id = $site_db->get_insert_id();
 626          if ($result) {
 627            include (ROOT_PATH.'includes/search_utils.php');
 628            $search_words = array();
 629            foreach ($search_match_fields as $image_column => $match_column) {
 630              if (isset($HTTP_POST_VARS[$image_column])) {
 631                $search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
 632              }
 633            }
 634            add_searchwords($image_id, $search_words);
 635          }
 636        }
 637        else {
 638          $sql = "INSERT INTO ".IMAGES_TEMP_TABLE."
 639                  (cat_id, user_id, image_name, image_description, image_keywords, image_date, image_media_file, image_thumb_file, image_download_url".$additional_field_sql.")
 640                  VALUES
 641                  ($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, '$new_name', '$new_thumb_name', '$image_download_url'".$additional_value_sql.")";
 642          $result = $site_db->query($sql);
 643        }
 644  
 645        if ($config['upload_notify'] == 1 && !$direct_upload) {
 646          include (ROOT_PATH.'includes/email.php');
 647          $site_email = new Email();
 648  
 649          $config['upload_emails'] = str_replace(" ", "", $config['upload_emails']);
 650          $emails = explode(",", $config['upload_emails']);
 651  
 652          $validation_url = $script_url."/admin/index.php?goto=".urlencode("validateimages.php?action=validateimages");
 653  
 654          $site_email->set_to($config['site_email']);
 655          $site_email->set_subject($lang['new_upload_emailsubject']);
 656          $site_email->register_vars(array(
 657            "image_name" => stripslashes($image_name),
 658            "file_name" => $new_name,
 659            "cat_name" => $cat_cache[$cat_id]['cat_name'],
 660            "validation_url" => $validation_url,
 661            "site_name" => $config['site_name']
 662          ));
 663          $site_email->set_body("upload_notify", $config['language_dir_default']);
 664          $site_email->set_bcc($emails);
 665          $site_email->send_email();
 666        }
 667  
 668        $msg .= $lang['image_add_success'].": <b>".format_text(stripslashes($image_name))."</b> (".$new_name.")";
 669        $msg .= (!$direct_upload) ? "<br />".$lang['new_upload_validate_desc'] : "";
 670  
 671        $file_extension = get_file_extension($new_name);
 672        $file = (is_remote($new_name)) ? $new_name : (($direct_upload) ? MEDIA_PATH."/".$cat_id."/".$new_name : MEDIA_TEMP_PATH."/".$new_name);
 673        $width_height = "";
 674        if (!is_remote($file) && $imageinfo = @getimagesize($file)) {
 675          $width_height = " ".$imageinfo[3];
 676        }
 677        $media_icon = "<img src=\"".ICON_PATH."/".$file_extension.".gif\" border=\"0\" alt=\"\" />";
 678        $site_template->register_vars(array(
 679          "media_src" => $file,
 680          "media_icon" => $media_icon,
 681          "image_name" => format_text(stripslashes($image_name)),
 682          "width_height" => $width_height
 683        ));
 684        $media = $site_template->parse_template("media/".$file_extension);
 685        $content .= "<table border=\"0\" align=\"center\">\n<tr>\n<td>\n".$media."\n</td>\n</tr>\n</table>\n";
 686      }
 687      else {
 688        $action = "uploadform";
 689        $sendprocess = 1;
 690      }
 691    }
 692    else {
 693      $action = "uploadform";
 694      $sendprocess = 1;
 695    }
 696  }
 697  
 698  if ($action == "uploadform") {
 699    if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
 700      show_error_page($lang['no_permission']);
 701      exit;
 702    }
 703  
 704    $txt_clickstream = "";
 705    if ($cat_id && isset($cat_cache[$cat_id])) {
 706      $txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
 707    }
 708    $txt_clickstream .= $lang['user_upload'];
 709  
 710    if (!$sendprocess) {
 711      $remote_media_file = "";
 712      $remote_thumb_file = "";
 713      $image_name = "";
 714      $image_description = "";
 715      $image_keywords = "";
 716      $image_download_url = "";
 717      $image_allow_comments = 1;
 718    }
 719  
 720    $site_template->register_vars(array(
 721      "cat_id" => $cat_id,
 722      "cat_name" => ($cat_id != 0) ? format_text($cat_cache[$cat_id]['cat_name'], 2) : get_category_dropdown($cat_id),
 723      "remote_media_file" => format_text(stripslashes($remote_media_file), 2),
 724      "remote_thumb_file" => format_text(stripslashes($remote_thumb_file), 2),
 725      "image_name" => format_text(stripslashes($image_name), 2),
 726      "image_description" => format_text(stripslashes($image_description), 2),
 727      "image_keywords" => format_text(stripslashes($image_keywords), 2),
 728      "image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
 729      "image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
 730      "image_download_url" => format_text(stripslashes($image_download_url), 2),
 731      "lang_category" => $lang['category'],
 732      "lang_user_upload" => $lang['user_upload'],
 733      "lang_media_file" => $lang['media_file'],
 734      "lang_thumb_file" => $lang['thumb_file'],
 735      "lang_allowed_file_types" => $lang['allowed_mediatypes_desc'],
 736      "allowed_media_types" => str_replace(",",", ",$config['allowed_mediatypes']),
 737      "allowed_thumb_types" => "jpg, gif, png",
 738      "lang_max_filesize" => $lang['max_filesize'],
 739      "lang_max_imagewidth" => $lang['max_imagewidth'],
 740      "lang_max_imageheight" => $lang['max_imageheight'],
 741      "max_thumb_filsize" => $config['max_thumb_size']."&nbsp;".$lang['kb'],
 742      "max_thumb_imagewidth" => $config['max_thumb_width']."&nbsp;".$lang['px'],
 743      "max_thumb_imageheight" => $config['max_thumb_height']."&nbsp;".$lang['px'],
 744      "max_media_filsize" => $config['max_media_size']."&nbsp;".$lang['kb'],
 745      "max_media_imagewidth" => $config['max_image_width']."&nbsp;".$lang['px'],
 746      "max_media_imageheight" => $config['max_image_height']."&nbsp;".$lang['px'],
 747      "lang_image_name" => $lang['image_name'],
 748      "lang_description" => $lang['description'],
 749      "lang_keywords" => $lang['keywords_ext'],
 750      "lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
 751      "lang_submit" => $lang['submit'],
 752      "lang_reset" => $lang['reset'],
 753      "lang_yes" => $lang['yes'],
 754      "lang_no" => $lang['no'],
 755      "lang_captcha" => $lang['captcha'],
 756      "lang_captcha_desc" => $lang['captcha_desc'],
 757      "captcha_upload" => (bool)$captcha_enable_upload
 758    ));
 759  
 760    if (!empty($additional_image_fields)) {
 761      $additional_field_array = array();
 762      foreach ($additional_image_fields as $key => $val) {
 763        if ($val[1] == "radio") {
 764          $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
 765          if ($value == 1) {
 766            $additional_field_array[$key.'_yes'] = " checked=\"checked\"";
 767            $additional_field_array[$key.'_no'] = "";
 768          }
 769          else {
 770            $additional_field_array[$key.'_yes'] = "";
 771            $additional_field_array[$key.'_no'] = " checked=\"checked\"";
 772          }
 773        }
 774        else {
 775          $value = (isset($HTTP_POST_VARS[$key])) ? format_text(stripslashes(trim($HTTP_POST_VARS[$key]))) : "";
 776        }
 777        $additional_field_array[$key] = $value;
 778        $additional_field_array['lang_'.$key] = $val[0];
 779      }
 780      if (!empty($additional_field_array)) {
 781        $site_template->register_vars($additional_field_array);
 782      }
 783    }
 784    $content = $site_template->parse_template("member_uploadform");
 785  }
 786  
 787  if ($action == "emailuser") {
 788    $txt_clickstream = $lang['profile'];
 789    $user_id = (isset($HTTP_POST_VARS[URL_USER_ID])) ? intval($HTTP_POST_VARS[URL_USER_ID]) : GUEST;
 790    $error = 0;
 791  
 792    if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
 793      show_error_page($lang['no_permission']);
 794      exit;
 795    }
 796    $subject = stripslashes(trim($HTTP_POST_VARS['subject']));
 797    $message = stripslashes(trim($HTTP_POST_VARS['message']));
 798  
 799    if ($subject == "" || $message == "") {
 800      $msg = $lang['lostfield_error'];
 801      $sendprocess = 1;
 802      $error = 1;
 803    }
 804  
 805    if (!$error) {
 806      if ($user_row = get_user_info($user_id)) {
 807        if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) {
 808          $content = $lang['invalid_user_id'];
 809        }
 810        else {
 811          $sender_user_name = ($user_info['user_level'] != GUEST) ? (isset($user_info['user_name']) ? $user_info['user_name'] : $lang['userlevel_user']) : $lang['userlevel_guest'];
 812          $sender_user_email = ($user_info['user_level'] != GUEST && isset($user_info['user_email'])) ? $user_info['user_email'] : $config['site_email'];
 813  
 814          // Start Emailer

 815          include (ROOT_PATH.'includes/email.php');
 816          $site_email = new Email();
 817          $site_email->set_from($sender_user_email, $sender_user_name);
 818          $site_email->set_to($user_row['user_email']);
 819          $site_email->set_subject($subject);
 820          $site_email->register_vars(array(
 821            "sender_user_name" => $sender_user_name,
 822            "sender_user_email" => $sender_user_email,
 823            "message" => $message,
 824            "site_name" => $config['site_name']
 825          ));
 826          $site_email->set_body("mailform_message", $config['language_dir']);
 827          $site_email->send_email();
 828          $msg = $lang['emailuser_success'];
 829        }
 830      }
 831      else {
 832        $content = $lang['invalid_user_id'];
 833      }
 834    }
 835    else {
 836      $action = "mailform";
 837    }
 838  }
 839  
 840  if ($action == "mailform") {
 841    $txt_clickstream = $lang['profile'];
 842    if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) {
 843      $user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]);
 844      if (!$user_id) {
 845        $user_id = GUEST;
 846      }
 847    }
 848    else {
 849      $user_id = GUEST;
 850    }
 851  
 852    if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
 853      show_error_page($lang['no_permission']);
 854      exit;
 855    }
 856  
 857    if (!$sendprocess) {
 858      $subject = "";
 859      $message = "";
 860    }
 861  
 862    if ($user_row = get_user_info($user_id)) {
 863      if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) {
 864        $content = $lang['invalid_user_id'];
 865      }
 866      else {
 867        $site_template->register_vars(array(
 868          "user_id" => $user_row['user_id'],
 869          "user_name" => format_text($user_row['user_name'], 2),
 870          "subject" => format_text($subject, 2),
 871          "message" => format_text($message, 2),
 872          "lang_send_email_to" => $lang['send_email_to'],
 873          "lang_subject" => $lang['subject'],
 874          "lang_message" => $lang['message'],
 875          "lang_submit" => $lang['submit'],
 876          "lang_reset" => $lang['reset']
 877        ));
 878        $content = $site_template->parse_template("member_mailform");
 879      }
 880    }
 881    else {
 882      $content = $lang['invalid_user_id'];
 883    }
 884  }
 885  
 886  //-----------------------------------------------------

 887  //--- Show Profile ------------------------------------

 888  //-----------------------------------------------------

 889  if ($action == "showprofile") {
 890    $txt_clickstream = $lang['profile'];
 891    if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) {
 892      $user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]);
 893      if (!$user_id) {
 894        $user_id = GUEST;
 895      }
 896    }
 897    else {
 898      $user_id = GUEST;
 899    }
 900  
 901    if ($user_row = get_user_info($user_id)) {
 902      $user_homepage = (isset($user_row['user_homepage'])) ? format_url($user_row['user_homepage']) : REPLACE_EMPTY;
 903      if (!empty($user_homepage) && $user_homepage != REPLACE_EMPTY) {
 904        $user_homepage_button = "<a href=\"".$user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$user_homepage."\" /></a>";
 905      }
 906      else {
 907        $user_homepage_button = REPLACE_EMPTY;
 908      }
 909  
 910      $user_icq = (isset($user_row['user_icq'])) ? $user_row['user_icq'] : REPLACE_EMPTY;
 911      if (!empty($user_icq) && $user_icq != REPLACE_EMPTY) {
 912        $user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$user_icq."\" target=\"_blank\"><img src=\"http://web.icq.com/whitepages/online?icq=".$user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$user_icq."\" /></a>";
 913      }
 914      else {
 915        $user_icq_button = REPLACE_EMPTY;
 916      }
 917  
 918      if (!empty($user_row['user_email']) && (!isset($user_row['user_showemail']) || (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 1))) {
 919        $user_email = $user_row['user_email'];
 920        $user_email_save = str_replace("@", " at ", $user_row['user_email']);
 921        if (!empty($url_mailform)) {
 922          $user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $user_row['user_id'], $url_mailform));
 923        }
 924        else {
 925          $user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&amp;".URL_USER_ID."=".$user_row['user_id']);
 926        }
 927        $user_email_button = "<a href=\"".$user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$user_email_save."\" /></a>";
 928      }
 929      else {
 930        $user_email = REPLACE_EMPTY;
 931        $user_email_save = REPLACE_EMPTY;
 932        $user_mailform_link = REPLACE_EMPTY;
 933        $user_email_button = REPLACE_EMPTY;
 934      }
 935      $site_template->register_vars(array(
 936        "user_id" => $user_row['user_id'],
 937        "user_name" => (isset($user_row['user_name'])) ? format_text($user_row['user_name'], 2) : REPLACE_EMPTY,
 938        "user_email" => $user_email,
 939        "user_email_save" => $user_email_save,
 940        "user_mailform_link" => $user_mailform_link,
 941        "user_email_button" => $user_email_button,
 942        "user_join_date" => (isset($user_row['user_joindate'])) ? format_date($config['date_format'], $user_row['user_joindate']) : REPLACE_EMPTY,
 943        "user_last_action" => (isset($user_row['user_lastaction'])) ? format_date($config['date_format']." ".$config['time_format'], $user_row['user_lastaction']) : REPLACE_EMPTY,
 944        "user_homepage" => $user_homepage,
 945        "user_homepage_button" => $user_homepage_button,
 946        "user_icq" => $user_icq,
 947        "user_icq_button" => $user_icq_button,
 948        "user_icq_status" => (isset($user_row['user_icq'])) ? get_icq_status($user_row['user_icq']) : REPLACE_EMPTY,
 949        "user_comments" => (isset($user_row['user_comments'])) ? $user_row['user_comments'] : REPLACE_EMPTY,
 950        "lang_profile_of" => $lang['profile_of'],
 951        "lang_show_user_images" => preg_replace("/".$site_template->start."user_name".$site_template->end."/siU", format_text($user_row['user_name'], 2), $lang['show_user_images']),
 952        "url_show_user_images" => $site_sess->url(ROOT_PATH."search.php?search_user=".urlencode($user_row['user_name'])),
 953        "lang_join_date" => $lang['join_date'],
 954        "lang_last_action" => $lang['last_action'],
 955        "lang_comments" => $lang['comments'],
 956        "lang_email" => $lang['email'],
 957        "lang_homepage" => $lang['homepage'],
 958        "lang_icq" => $lang['icq']
 959      ));
 960  
 961      if (!empty($additional_user_fields)) {
 962        $additional_field_array = array();
 963        foreach ($additional_user_fields as $key => $val) {
 964          $additional_field_array[$key] = (!empty($user_row[$key])) ? format_text($user_row[$key], 1) : REPLACE_EMPTY;
 965          $additional_field_array['lang_'.$key] = $val[0];
 966        }
 967        if (!empty($additional_field_array)) {
 968          $site_template->register_vars($additional_field_array);
 969        }
 970      }
 971      $content = $site_template->parse_template("member_profile");
 972    }
 973    else {
 974      $content = $lang['invalid_user_id'];
 975    }
 976  }
 977  
 978  //-----------------------------------------------------

 979  //--- Send Password -----------------------------------

 980  //-----------------------------------------------------

 981  if ($action == "sendpassword") {
 982    $txt_clickstream = $lang['lost_password'];
 983    $user_email = un_htmlspecialchars(trim($HTTP_POST_VARS['user_email']));
 984  
 985    if ($user_email != "") {
 986      $sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password")."
 987              FROM ".USERS_TABLE."
 988              WHERE ".get_user_table_field("", "user_email")." = '$user_email'";
 989      if ($checkuser = $site_db->query_firstrow($sql)) {
 990        mt_srand((double) microtime() * 1000000);
 991        $puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 992        $user_password = "";
 993        for ($i = 0; $i < 8; $i++) {
 994          $user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1);
 995        }
 996  
 997        $sql = "UPDATE ".USERS_TABLE."
 998                SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
 999                WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];
1000        $site_db->query($sql);
1001  
1002        // Start Emailer

1003        include (ROOT_PATH.'includes/email.php');
1004        $site_email = new Email();
1005        $site_email->set_to($user_email);
1006        $site_email->set_subject($lang['send_password_emailsubject']);
1007        $site_email->register_vars(array(
1008          "user_name" => $checkuser[$user_table_fields['user_name']],
1009          "user_password" => stripslashes($user_password),
1010          "site_name" => $config['site_name']
1011        ));
1012        $site_email->set_body("lost_password", $config['language_dir']);
1013        $site_email->send_email();
1014  
1015        $msg = $lang['send_password_success'];
1016        $HTTP_POST_VARS['user_email'] = "";
1017      }
1018      else {
1019        $msg = $lang['invalid_email'];
1020      }
1021    }
1022  
1023    $action = "lostpassword";
1024  }
1025  
1026  if ($action == "lostpassword") {
1027    $txt_clickstream = $lang['lost_password'];
1028    $user_email = (isset($HTTP_POST_VARS['user_email'])) ? format_text(stripslashes($HTTP_POST_VARS['user_email'])) : "";
1029    $site_template->register_vars(array(
1030      "lang_email" => $lang['email'],
1031      "lang_lost_password" => $lang['lost_password'],
1032      "lang_lost_password_msg" => $lang['lost_password_msg'],
1033      "lang_submit" => $lang['submit'],
1034      "user_email" => format_text($user_email, 2)
1035    ));
1036    $content = $site_template->parse_template("member_lostpassword");
1037  }
1038  
1039  //-----------------------------------------------------

1040  //--- Edit Profile ------------------------------------

1041  //-----------------------------------------------------

1042  $update_process = 0;
1043  $new_email_msg = "";
1044  if ($action == "updateprofile") {
1045    $txt_clickstream = $lang['control_panel'];
1046    if ($user_info['user_level'] == GUEST) {
1047      show_error_page($lang['no_permission']);
1048      exit;
1049    }
1050    $user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
1051    $user_email2 = (isset($HTTP_POST_VARS['user_email2'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email2'])) : "";
1052    $user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage']))) : "";
1053    $user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";
1054    $user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
1055    $user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 0;
1056    $user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
1057  
1058    $error = 0;
1059    if ($user_info['user_email'] != $user_email && $checkuser = $site_db->query_firstrow("SELECT ".get_user_table_field("", "user_id")." FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_email")." = '$user_email' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
1060      if ($checkuser[$user_table_fields['user_id']] != $user_info['user_id']) {
1061        $msg .= (($msg != "") ? "<br />" : "").$lang['email_exists'];
1062        $error = 1;
1063      }
1064    }
1065    if ($user_email != $user_email2) {
1066      $msg .= (($msg != "") ? "<br />" : "").$lang['update_email_confirm_error'];
1067      $error = 1;
1068    }
1069    if ($user_email == "" || $user_email2 == "") {
1070      $msg .= (($msg != "") ? "<br />" : "").$lang['update_email_error'];
1071      $error = 1;
1072    }
1073    if (!check_email($user_email)) {
1074      $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_email_format'];
1075      $error = 1;
1076    }
1077  
1078    if (!empty($additional_user_fields)) {
1079      foreach ($additional_user_fields as $key => $val) {
1080        if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
1081          $error = 1;
1082          $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
1083          $msg .= (($msg != "") ? "<br />" : "").$field_error;
1084        }
1085      }
1086    }
1087  
1088    if (!$error && $user_email != $user_info['user_email'] && $user_info['user_level'] != ADMIN && $config['account_activation'] != 0) {
1089      $activationkey = get_random_key(USERS_TABLE, $user_table_fields['user_activationkey']);
1090  
1091      $sql = "UPDATE ".USERS_TABLE."
1092              SET ".get_user_table_field("", "user_level")." = ".USER_AWAITING.", ".get_user_table_field("", "user_activationkey")." = '$activationkey'
1093              WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
1094      $result = $site_db->query($sql);
1095  
1096      if ($result) {
1097        $activation_url = $script_url."/register.php?action=activate&activationkey=".$activationkey;
1098  
1099        include (ROOT_PATH.'includes/email.php');
1100        $site_email = new Email();
1101  
1102        switch($config['account_activation']) {
1103        case 2:
1104          $user_details_url = $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_info['user_id']."&activation=1");
1105          $email_to = $config['site_email'];
1106          $email_subject = $lang['admin_activation_emailsubject'];
1107          $email_template = "admin_activation";
1108          $new_email_msg = $lang['update_email_instruction_admin'];
1109          break;
1110        case 1:
1111          if ($config['language_dir_default'] != $config['language_dir']) {
1112            $activation_url .= "&l=".$config['language_dir'];
1113          }
1114          $user_details_url = "";
1115          $email_to = $user_email;
1116          $email_subject = $lang['update_email_emailsubject'];
1117          $email_template = "newemail_activation";
1118          $new_email_msg = $lang['update_email_instruction'];
1119          break;
1120        case 0:
1121        default:
1122          break;
1123        }
1124  
1125        if (!empty($email_to)) {
1126          $site_email->set_to($email_to);
1127          $site_email->set_subject($email_subject);
1128          $site_email->register_vars(array(
1129            "user_details_url" => $user_details_url,
1130            "activation_url" => $activation_url,
1131            "user_name" => $user_info['user_name'],
1132            "site_name" => $config['site_name']
1133          ));
1134          $site_email->set_body($email_template, $config['language_dir']);
1135          $site_email->send_email();
1136        }
1137      }
1138      else {
1139        $msg = $lang['general_error'];
1140        $error = 1;
1141      }
1142    }
1143  
1144    if (!$error) {
1145      $additional_sql = "";
1146      if (!empty($additional_user_fields)) {
1147        $table_fields = $site_db->get_table_fields(USERS_TABLE);
1148        foreach ($additional_user_fields as $key => $val) {
1149          if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
1150            $additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
1151          }
1152        }
1153      }
1154  
1155      $sql = "UPDATE ".USERS_TABLE."
1156              SET ".get_user_table_field("", "user_email")." = '$user_email', ".get_user_table_field("", "user_showemail")." = $user_showemail, ".get_user_table_field("", "user_allowemails")." = $user_allowemails, ".get_user_table_field("", "user_invisible")." = $user_invisible, ".get_user_table_field("", "user_homepage")." = '$user_homepage', ".get_user_table_field("", "user_icq")." = '$user_icq'".$additional_sql."
1157              WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
1158      $site_db->query($sql);
1159  
1160      $msg = $lang['update_profile_success'];
1161      if (!empty($new_email_msg)) {
1162        $msg .= "<br />".$new_email_msg;
1163      }
1164      $user_info = $site_sess->load_user_info($user_info['user_id']);
1165    }
1166    else {
1167      $update_process = 1;
1168    }
1169    $action = "editprofile";
1170  }
1171  
1172  if ($action == "updatepassword") {
1173    $txt_clickstream = $lang['control_panel'];
1174    if ($user_info['user_level'] == GUEST) {
1175      show_error_page($lang['no_permission']);
1176      exit;
1177    }
1178    $error = 0;
1179    $current_user_password = md5(trim($HTTP_POST_VARS['current_user_password']));
1180    $user_password = md5(trim($HTTP_POST_VARS['user_password']));
1181    $user_password2 = md5(trim($HTTP_POST_VARS['user_password2']));
1182    if ($current_user_password != $user_info['user_password']) {
1183      $msg .= (($msg != "") ? "<br />" : "").$lang['update_password_error'];
1184      $error = 1;
1185    }
1186    if ($user_password != $user_password2 || $user_password == "") {
1187      $msg .= (($msg != "") ? "<br />" : "").$lang['update_password_confirm_error'];
1188      $error = 1;
1189    }
1190    if (!$error) {
1191      $sql = "UPDATE ".USERS_TABLE."
1192              SET ".get_user_table_field("", "user_password")." = '$user_password'
1193              WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
1194      $site_db->query($sql);
1195  
1196      $msg = $lang['update_password_success'];
1197      $user_info = $site_sess->load_user_info($user_info['user_id']);
1198    }
1199    $action = "editprofile";
1200  }
1201  
1202  if ($action == "editprofile") {
1203    $txt_clickstream = $lang['control_panel'];
1204    if ($user_info['user_level'] == GUEST) {
1205      show_error_page($lang['no_permission']);
1206      exit;
1207    }
1208    $user_name = $user_info['user_name'];
1209    if (!$update_process) {
1210      $user_email = $user_info['user_email'];
1211      $user_email2 = $user_info['user_email'];
1212      $user_showemail = $user_info['user_showemail'];
1213      $user_allowemails = $user_info['user_allowemails'];
1214      $user_invisible = $user_info['user_invisible'];
1215      $user_homepage = $user_info['user_homepage'];
1216      $user_icq = $user_info['user_icq'];
1217    }
1218  
1219    if ($user_showemail == 1) {
1220      $user_showemail_yes = " checked=\"checked\"";
1221      $user_showemail_no = "";
1222    }
1223    else {
1224      $user_showemail_yes = "";
1225      $user_showemail_no = " checked=\"checked\"";
1226    }
1227    if ($user_allowemails == 1) {
1228      $user_allowemails_yes = " checked=\"checked\"";
1229      $user_allowemails_no = "";
1230    }
1231    else {
1232      $user_allowemails_yes = "";
1233      $user_allowemails_no = " checked=\"checked\"";
1234    }
1235    if ($user_invisible == 1) {
1236      $user_invisible_yes = " checked=\"checked\"";
1237      $user_invisible_no = "";
1238    }
1239    else {
1240      $user_invisible_yes = "";
1241      $user_invisible_no = " checked=\"checked\"";
1242    }
1243  
1244    $edit_profile_msg = $lang['edit_profile_msg'];
1245    if ($config['account_activation'] == 1 && $user_info['user_level'] != ADMIN) {
1246      $edit_profile_msg .= $lang['edit_profile_email_msg'];
1247    }
1248    if ($config['account_activation'] == 2 && $user_info['user_level'] != ADMIN) {
1249      $edit_profile_msg .= $lang['edit_profile_email_msg_admin'];
1250    }
1251  
1252    $site_template->register_vars(array(
1253      "user_name" => format_text(stripslashes($user_name), 2),
1254      "user_email" => format_text(stripslashes($user_email), 2),
1255      "user_email2" => format_text(stripslashes($user_email2), 2),
1256      "user_homepage" => format_text(stripslashes($user_homepage), 2),
1257      "user_icq" => $user_icq,
1258      "user_showemail_yes" => $user_showemail_yes,
1259      "user_showemail_no" => $user_showemail_no,
1260      "user_allowemails_yes" => $user_allowemails_yes,
1261      "user_allowemails_no" => $user_allowemails_no,
1262      "user_invisible_yes" => $user_invisible_yes,
1263      "user_invisible_no" => $user_invisible_no,
1264      "lang_profile_of" => $lang['profile_of'],
1265      "lang_email" => $lang['email'],
1266      "lang_email_confirm" => $lang['email_confirm'],
1267      "lang_show_email" => $lang['show_email'],
1268      "lang_allow_emails" => $lang['allow_emails'],
1269      "lang_invisible" => $lang['invisible'],
1270      "lang_optional_infos" => $lang['optional_infos'],
1271      "lang_homepage" => $lang['homepage'],
1272      "lang_icq" => $lang['icq'],
1273      "lang_save" => $lang['save'],
1274      "lang_reset" => $lang['reset'],
1275      "lang_change_password" => $lang['change_password'],
1276      "lang_old_password" => $lang['old_password'],
1277      "lang_new_password" => $lang['new_password'],
1278      "lang_new_password_confirm" => $lang['new_password_confirm'],
1279      "lang_edit_profile_msg" => $edit_profile_msg,
1280      "lang_yes" => $lang['yes'],
1281      "lang_no" => $lang['no']
1282    ));
1283  
1284    if (!empty($additional_user_fields)) {
1285      $additional_field_array = array();
1286      foreach ($additional_user_fields as $key => $val) {
1287        if ($val[1] == "radio") {
1288          $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : intval($user_info[$key]);
1289          if ($value == 1) {
1290            $additional_field_array[$key.'_yes'] = " checked=\"checked\"";
1291            $additional_field_array[$key.'_no'] = "";
1292          }
1293          else {
1294            $additional_field_array[$key.'_yes'] = "";
1295            $additional_field_array[$key.'_no'] = " checked=\"checked\"";
1296          }
1297        }
1298        else {
1299          $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : $user_info[$key];
1300        }
1301        $additional_field_array[$key] = $value;
1302        $additional_field_array['lang_'.$key] = $val[0];
1303      }
1304      if (!empty($additional_field_array)) {
1305        $site_template->register_vars($additional_field_array);
1306      }
1307    }
1308  
1309    $content = $site_template->parse_template("member_editprofile");
1310    if (!empty($new_email_msg)) {
1311      $site_sess->logout($user_info['user_id']);
1312    }
1313  }
1314  
1315  //-----------------------------------------------------

1316  //--- Clickstream -------------------------------------

1317  //-----------------------------------------------------

1318  $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$txt_clickstream."</span>";
1319  
1320  //-----------------------------------------------------

1321  //--- Print Out ---------------------------------------

1322  //-----------------------------------------------------

1323  $site_template->register_vars(array(
1324    "content" => $content,
1325    "msg" => $msg,
1326    "clickstream" => $clickstream,
1327    "lang_control_panel" => $lang['control_panel']
1328  ));
1329  $site_template->print_template($site_template->parse_template($main_template));
1330  include (ROOT_PATH.'includes/page_footer.php');
1331  ?>


[ Powered by PHPXref - Served by Debian GNU/Linux ]