| [ PHPXref.com ] | [ Generated: Sun Jul 20 16:22:48 2008 ] | [ 4images 1.7.4 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************** 3 * * 4 * 4images - A Web Based Image Gallery Management System * 5 * ---------------------------------------------------------------- * 6 * * 7 * File: member.php * 8 * Copyright: (C) 2002 Jan Sorgalla * 9 * Email: jan@4homepages.de * 10 * Web: http://www.4homepages.de * 11 * Scriptversion: 1.7.4 * 12 * * 13 * Never released without support from: Nicky (http://www.nicky.net) * 14 * * 15 ************************************************************************** 16 * * 17 * Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- * 18 * bedingungen (Lizenz.txt) für weitere Informationen. * 19 * --------------------------------------------------------------- * 20 * This script is NOT freeware! Please read the Copyright Notice * 21 * (Licence.txt) for further information. * 22 * * 23 *************************************************************************/ 24 25 $main_template = "member"; 26 27 define('GET_CACHES', 1); 28 define('ROOT_PATH', './'); 29 include (ROOT_PATH.'global.php'); 30 require (ROOT_PATH.'includes/sessions.php'); 31 $user_access = get_permission(); 32 include (ROOT_PATH.'includes/page_header.php'); 33 34 if ($action == "") { 35 $action = "lostpassword"; 36 } 37 $content = ""; 38 $txt_clickstream = ""; 39 40 $sendprocess = 0; 41 42 if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) { 43 $comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]); 44 } 45 else { 46 $comment_id = 0; 47 } 48 49 if ($action == "deletecomment") { 50 if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) { 51 show_error_page($lang['no_permission']); 52 exit; 53 } 54 55 $sql = "SELECT c.comment_id, c.user_id AS comment_user_id, i.image_id, i.cat_id, i.user_id, i.image_name 56 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i) 57 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id"; 58 $comment_row = $site_db->query_firstrow($sql); 59 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) { 60 show_error_page($lang['no_permission']); 61 exit; 62 } 63 64 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator']; 65 $txt_clickstream .= $lang['comment_delete']; 66 67 $sql = "UPDATE ".IMAGES_TABLE." 68 SET image_comments = image_comments - 1 69 WHERE image_id = ".$comment_row['image_id']; 70 $site_db->query($sql); 71 72 if ($comment_row['comment_user_id'] != GUEST) { 73 $sql = "UPDATE ".USERS_TABLE." 74 SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1 75 WHERE ".get_user_table_field("", "user_id")." = ".$comment_row['comment_user_id']; 76 $site_db->query($sql); 77 } 78 79 $sql = "DELETE FROM ".COMMENTS_TABLE." 80 WHERE comment_id = $comment_id"; 81 $result = $site_db->query($sql); 82 $msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error']; 83 } 84 85 if ($action == "removecomment") { 86 if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) { 87 redirect($url); 88 } 89 90 $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")." 91 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i) 92 LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id) 93 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id"; 94 $comment_row = $site_db->query_firstrow($sql); 95 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) { 96 redirect($url); 97 } 98 99 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator']; 100 $txt_clickstream .= $lang['comment_delete']; 101 102 if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) { 103 $user_name = $comment_row[$user_table_fields['user_name']]; 104 } 105 else { 106 $user_name = $comment_row['comment_user_name']; 107 } 108 109 $site_template->register_vars(array( 110 "comment_id" => $comment_id, 111 "image_name" => format_text($comment_row['image_name']), 112 "user_name" => format_text($user_name), 113 "comment_headline" => format_text($comment_row['comment_headline'], 0, $config['wordwrap_comments'], 0, 0), 114 "comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']), 115 "lang_delete_comment" => $lang['comment_delete'], 116 "lang_delete_comment_confirm" => $lang['comment_delete_confirm'], 117 "lang_image_name" => $lang['image_name'], 118 "lang_name" => $lang['name'], 119 "lang_headline" => $lang['headline'], 120 "lang_comment" => $lang['comment'], 121 "lang_submit" => $lang['submit'], 122 "lang_reset" => $lang['reset'], 123 "lang_yes" => $lang['yes'], 124 "lang_no" => $lang['no'] 125 )); 126 $content = $site_template->parse_template("member_deletecomment"); 127 } 128 129 if ($action == "updatecomment") { 130 if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) { 131 show_error_page($lang['no_permission']); 132 exit; 133 } 134 $sql = "SELECT c.comment_id, c.image_id, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")." 135 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i) 136 LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id) 137 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id"; 138 $comment_row = $site_db->query_firstrow($sql); 139 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) { 140 show_error_page($lang['no_permission']); 141 exit; 142 } 143 144 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator']; 145 $txt_clickstream .= $lang['comment_edit']; 146 147 $error = 0; 148 149 $comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline'])); 150 $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text'])); 151 152 if ($comment_headline == "") { 153 $error = 1; 154 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['headline']), $lang['field_required']); 155 $msg .= (($msg != "") ? "<br />" : "").$field_error; 156 } 157 if ($comment_text == "") { 158 $error = 1; 159 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['comment']), $lang['field_required']); 160 $msg .= (($msg != "") ? "<br />" : "").$field_error; 161 } 162 163 if (!$error) { 164 $sql = "UPDATE ".COMMENTS_TABLE." 165 SET comment_headline = '$comment_headline', comment_text = '$comment_text' 166 WHERE comment_id = $comment_id"; 167 $result = $site_db->query($sql); 168 $msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error']; 169 } 170 else { 171 $action = "editcomment"; 172 $sendprocess = 1; 173 } 174 } 175 176 if ($action == "editcomment") { 177 if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) { 178 redirect($url); 179 } 180 181 $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")." 182 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i) 183 LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id) 184 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id"; 185 $comment_row = $site_db->query_firstrow($sql); 186 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) { 187 header("Location: ".$site_sess->url($url, "&")); 188 exit; 189 } 190 191 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator']; 192 $txt_clickstream .= $lang['comment_edit']; 193 194 $comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline']; 195 $comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text']; 196 197 if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) { 198 $user_name = $comment_row[$user_table_fields['user_name']]; 199 } 200 else { 201 $user_name = $comment_row['comment_user_name']; 202 } 203 204 $bbcode = ""; 205 if ($config['bb_comments'] == 1) { 206 $site_template->register_vars(array( 207 "lang_bbcode" => $lang['bbcode'], 208 "lang_tag_prompt" => $lang['tag_prompt'], 209 "lang_link_text_prompt" => $lang['link_text_prompt'], 210 "lang_link_url_prompt" => $lang['link_url_prompt'], 211 "lang_link_email_prompt" => $lang['link_email_prompt'], 212 "lang_list_type_prompt" => $lang['list_type_prompt'], 213 "lang_list_item_prompt" => $lang['list_item_prompt'] 214 )); 215 $bbcode = $site_template->parse_template("bbcode"); 216 } 217 218 $site_template->register_vars(array( 219 "bbcode" => $bbcode, 220 "comment_id" => $comment_id, 221 "image_name" => format_text($comment_row['image_name'], 2), 222 "user_name" => format_text($user_name, 2), 223 "comment_headline" => format_text($comment_headline, 2), 224 "comment_text" => format_text($comment_text, 2), 225 "lang_edit_comment" => $lang['comment_edit'], 226 "lang_image_name" => $lang['image_name'], 227 "lang_name" => $lang['name'], 228 "lang_headline" => $lang['headline'], 229 "lang_comment" => $lang['comment'], 230 "lang_submit" => $lang['submit'], 231 "lang_reset" => $lang['reset'], 232 "lang_yes" => $lang['yes'], 233 "lang_no" => $lang['no'] 234 )); 235 $content = $site_template->parse_template("member_editcomment"); 236 } 237 238 if ($action == "deleteimage") { 239 if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) { 240 show_error_page($lang['no_permission']); 241 exit; 242 } 243 $sql = "SELECT image_id, cat_id, user_id, image_name, image_media_file, image_thumb_file 244 FROM ".IMAGES_TABLE." 245 WHERE image_id = $image_id"; 246 $image_row = $site_db->query_firstrow($sql); 247 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) { 248 show_error_page($lang['no_permission']); 249 exit; 250 } 251 252 $txt_clickstream = $lang['image_delete']; 253 254 $sql = "DELETE FROM ".IMAGES_TABLE." 255 WHERE image_id = $image_id"; 256 $del_img = $site_db->query($sql); 257 258 if (!is_remote($image_row['image_media_file']) && !is_local_file($image_row['image_media_file'])) { 259 @unlink(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']); 260 } 261 if (!empty($image_row['image_thumb_file']) && !is_remote($image_row['image_thumb_file']) && !is_local_file($image_row['image_thumb_file'])) { 262 @unlink(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']); 263 } 264 265 include (ROOT_PATH.'includes/search_utils.php'); 266 remove_searchwords($image_id); 267 268 if (!empty($user_table_fields['user_comments'])) { 269 $sql = "SELECT user_id 270 FROM ".COMMENTS_TABLE." 271 WHERE image_id = $image_id"; 272 $result = $site_db->query($sql); 273 $user_id_sql = ""; 274 while ($row = $site_db->fetch_array($result)) { 275 if ($row['user_id'] != GUEST) { 276 $sql = "UPDATE ".USERS_TABLE." 277 SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1 278 WHERE ".get_user_table_field("", "user_id")." = ".$row['user_id']; 279 $site_db->query($sql); 280 } 281 } 282 } 283 284 $sql = "DELETE FROM ".COMMENTS_TABLE." 285 WHERE image_id = $image_id"; 286 $del_com = $site_db->query($sql); 287 288 if ($del_img) { 289 $msg = $lang['image_delete_success']; 290 } 291 else { 292 $msg = $lang['image_delete_error']; 293 } 294 } 295 296 if ($action == "removeimage") { 297 if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) { 298 redirect($url); 299 } 300 $sql = "SELECT image_id, cat_id, user_id, image_name 301 FROM ".IMAGES_TABLE." 302 WHERE image_id = $image_id"; 303 $image_row = $site_db->query_firstrow($sql); 304 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) { 305 show_error_page($lang['no_permission']); 306 exit; 307 } 308 309 $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator']; 310 $txt_clickstream .= $lang['image_delete']; 311 312 $site_template->register_vars(array( 313 "image_id" => $image_id, 314 "image_name" => format_text($image_row['image_name'], 2), 315 "lang_delete_image" => $lang['image_delete'], 316 "lang_delete_image_confirm" => $lang['image_delete_confirm'], 317 "lang_submit" => $lang['submit'], 318 "lang_reset" => $lang['reset'], 319 "lang_yes" => $lang['yes'], 320 "lang_no" => $lang['no'] 321 )); 322 $content = $site_template->parse_template("member_deleteimage"); 323 } 324 325 if ($action == "updateimage") { 326 if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) { 327 show_error_page($lang['no_permission']); 328 } 329 $sql = "SELECT image_id, cat_id, user_id, image_name 330 FROM ".IMAGES_TABLE." 331 WHERE image_id = $image_id"; 332 $image_row = $site_db->query_firstrow($sql); 333 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) { 334 show_error_page($lang['no_permission']); 335 exit; 336 } 337 338 $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator']; 339 $txt_clickstream .= $lang['image_edit']; 340 341 $error = 0; 342 343 $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name'])); 344 $image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description'])); 345 $image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords'])); 346 $image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords); 347 $image_keywords = str_replace(","," ",$image_keywords); 348 $image_keywords = ereg_replace("( ){2,}", " ", $image_keywords); 349 350 if ($image_name == "") { 351 $error = 1; 352 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']); 353 $msg .= (($msg != "") ? "<br />" : "").$field_error; 354 } 355 356 if (!empty($additional_image_fields)) { 357 foreach ($additional_image_fields as $key => $val) { 358 if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") { 359 $error = 1; 360 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']); 361 $msg .= (($msg != "") ? "<br />" : "").$field_error; 362 } 363 } 364 } 365 366 if (!$error) { 367 $additional_sql = ""; 368 369 if (isset($HTTP_POST_VARS['image_allow_comments'])) { 370 $additional_sql .= ", image_allow_comments = ".intval($HTTP_POST_VARS['image_allow_comments']); 371 } 372 373 if (!empty($additional_image_fields)) { 374 $table_fields = $site_db->get_table_fields(IMAGES_TABLE); 375 foreach ($additional_image_fields as $key => $val) { 376 if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) { 377 $additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'"; 378 } 379 } 380 } 381 382 $sql = "UPDATE ".IMAGES_TABLE." 383 SET image_name = '$image_name', image_description = '$image_description', image_keywords = '$image_keywords'".$additional_sql." 384 WHERE image_id = $image_id"; 385 $result = $site_db->query($sql); 386 if ($result) { 387 include (ROOT_PATH.'includes/search_utils.php'); 388 $search_words = array(); 389 foreach ($search_match_fields as $image_column => $match_column) { 390 if (isset($HTTP_POST_VARS[$image_column])) { 391 $search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]); 392 } 393 } 394 remove_searchwords($image_id); 395 add_searchwords($image_id, $search_words); 396 $msg = $lang['image_edit_success']; 397 } 398 else { 399 $msg = $lang['image_edit_error']; 400 } 401 } 402 else { 403 $action = "editimage"; 404 $sendprocess = 1; 405 } 406 } 407 408 if ($action == "editimage") { 409 if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) { 410 redirect($url); 411 } 412 413 $additional_sql = ""; 414 if (!empty($additional_image_fields)) { 415 foreach ($additional_image_fields as $key => $val) { 416 $additional_sql .= ", ".$key; 417 } 418 } 419 $sql = "SELECT image_id, cat_id, user_id, image_name, image_description, image_keywords, image_allow_comments".$additional_sql." 420 FROM ".IMAGES_TABLE." 421 WHERE image_id = $image_id"; 422 $image_row = $site_db->query_firstrow($sql); 423 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) { 424 redirect($url); 425 } 426 427 $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator']; 428 $txt_clickstream .= $lang['image_edit']; 429 430 $image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_name']))) : $image_row['image_name']; 431 $image_description = (isset($HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_description']))) : $image_row['image_description']; 432 $image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_keywords']))) : $image_row['image_keywords']; 433 $image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments'])) ? intval($HTTP_POST_VARS['image_allow_comments']) : $image_row['image_allow_comments']; 434 435 $site_template->register_vars(array( 436 "image_id" => $image_id, 437 "image_name" => format_text($image_name, 2), 438 "image_description" => format_text($image_description, 2), 439 "image_keywords" => format_text($image_keywords, 2), 440 "image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "", 441 "image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "", 442 "lang_edit_image" => $lang['image_edit'], 443 "lang_image_name" => $lang['image_name'], 444 "lang_description" => $lang['description'], 445 "lang_keywords" => $lang['keywords_ext'], 446 "lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "", 447 "lang_submit" => $lang['submit'], 448 "lang_reset" => $lang['reset'], 449 "lang_yes" => $lang['yes'], 450 "lang_no" => $lang['no'] 451 )); 452 453 if (!empty($additional_image_fields)) { 454 $additional_field_array = array(); 455 foreach ($additional_image_fields as $key => $val) { 456 if ($val[1] == "radio") { 457 $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : $image_row[$key]; 458 if ($value == 1) { 459 $additional_field_array[$key.'_yes'] = " checked=\"checked\""; 460 $additional_field_array[$key.'_no'] = ""; 461 } 462 else { 463 $additional_field_array[$key.'_yes'] = ""; 464 $additional_field_array[$key.'_no'] = " checked=\"checked\""; 465 } 466 } 467 else { 468 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(stripslashes(trim($HTTP_POST_VARS[$key]))) : $image_row[$key]; 469 } 470 $additional_field_array[$key] = $value; 471 $additional_field_array['lang_'.$key] = $val[0]; 472 } 473 if (!empty($additional_field_array)) { 474 $site_template->register_vars($additional_field_array); 475 } 476 } 477 $content = $site_template->parse_template("member_editimage"); 478 } 479 480 if ($action == "uploadimage") { 481 if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) { 482 show_error_page($lang['no_permission']); 483 exit; 484 } 485 486 $txt_clickstream = ""; 487 if ($cat_id && isset($cat_cache[$cat_id])) { 488 $txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator']; 489 } 490 $txt_clickstream .= $lang['user_upload']; 491 492 $remote_media_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_media_file']))); 493 $remote_thumb_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_thumb_file']))); 494 495 $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name'])); 496 $image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description'])); 497 $image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords'])); 498 $image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords); 499 $image_keywords = str_replace(","," ",$image_keywords); 500 $image_keywords = ereg_replace("( ){2,}", " ", $image_keywords); 501 502 $image_active = (isset($HTTP_POST_VARS['image_active']) && $HTTP_POST_VARS['image_active'] == 0) ? 0 : 1; 503 $image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments']) && $HTTP_POST_VARS['image_allow_comments'] == 0) ? 0 : 1; 504 $image_download_url = (isset($HTTP_POST_VARS['image_download_url'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['image_download_url']))) : ""; 505 506 $captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : ""; 507 508 $direct_upload = (check_permission("auth_directupload", $cat_id)) ? 1 : 0; 509 $upload_cat = ($direct_upload) ? $cat_id : 0; 510 511 $error = 0; 512 $uploaderror = 0; 513 514 if ($cat_id == 0) { 515 $error = 1; 516 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['category']), $lang['field_required']); 517 $msg .= (($msg != "") ? "<br />" : "").$field_error; 518 } 519 if ((empty($HTTP_POST_FILES['media_file']['tmp_name']) || $HTTP_POST_FILES['media_file']['tmp_name'] == "none") && ($remote_media_file == "" || !check_remote_media($remote_media_file))) { 520 $error = 1; 521 $msg .= (($msg != "") ? "<br />" : "").$lang['image_file_required']; 522 } 523 if ($image_name == "") { 524 $error = 1; 525 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']); 526 $msg .= (($msg != "") ? "<br />" : "").$field_error; 527 } 528 529 if ($captcha_enable_upload && !captcha_validate($captcha)) { 530 $msg .= (($msg != "") ? "<br />" : "").$lang['captcha_required']; 531 $error = 1; 532 } 533 534 if (!empty($additional_image_fields)) { 535 foreach ($additional_image_fields as $key => $val) { 536 if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") { 537 $error = 1; 538 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']); 539 $msg .= (($msg != "") ? "<br />" : "").$field_error; 540 } 541 } 542 } 543 544 if (!$error) { 545 // Start Upload 546 include (ROOT_PATH.'includes/upload.php'); 547 $site_upload = new Upload(); 548 549 // Upload Media file 550 if (!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") { 551 $new_name = $site_upload->upload_file("media_file", "media", $upload_cat); 552 if (!$new_name) { 553 $msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['file_upload_error'].": ".$new_name."</b><br />".$site_upload->get_upload_errors(); 554 $uploaderror = 1; 555 } 556 } 557 else { 558 $new_name = $remote_media_file; 559 } 560 561 // Uplad thumb file 562 $new_thumb_name = ""; 563 if (!empty($HTTP_POST_FILES['thumb_file']['tmp_name']) && $HTTP_POST_FILES['thumb_file']['tmp_name'] != "none" && !$uploaderror) { 564 $new_thumb_name = $site_upload->upload_file("thumb_file", "thumb", $upload_cat, get_basefile($new_name)); 565 if (!$new_thumb_name) { 566 $msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['thumb_upload_error'].": ".$new_thumb_name."</b><br />".$site_upload->get_upload_errors(); 567 @unlink(MEDIA_TEMP_PATH."/".$new_name); 568 $uploaderror = 1; 569 } 570 } 571 elseif (check_remote_thumb($remote_thumb_file)) { 572 $new_thumb_name = $remote_thumb_file; 573 } 574 elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) { 575 if ($direct_upload) { 576 $src = MEDIA_PATH."/".$cat_id."/".$new_name; 577 $dest = THUMB_PATH."/".$cat_id."/".$new_name; 578 } 579 else { 580 $src = MEDIA_TEMP_PATH."/".$new_name; 581 $dest = THUMB_TEMP_PATH."/".$new_name; 582 } 583 $do_create = 0; 584 if ($image_info = @getimagesize($src)) { 585 if ($image_info[2] == 1 || $image_info[2] == 2 || $image_info[2] == 3) { 586 $do_create = 1; 587 } 588 } 589 if ($do_create) { 590 require (ROOT_PATH.'includes/image_utils.php'); 591 $convert_options = init_convert_options(); 592 if (!$convert_options['convert_error']) { 593 $dimension = (intval($config['auto_thumbnail_dimension'])) ? intval($config['auto_thumbnail_dimension']) : 100; 594 $resize_type = (intval($config['auto_thumbnail_resize_type'])) ? intval($config['auto_thumbnail_resize_type']) : 1; 595 $quality = (intval($config['auto_thumbnail_quality']) && intval($config['auto_thumbnail_quality']) <= 100) ? intval($config['auto_thumbnail_quality']) : 100; 596 597 if (create_thumbnail($src, $dest, $quality, $dimension, $resize_type)) { 598 $new_thumb_name = $new_name; 599 } 600 } 601 } 602 } 603 604 if (!$uploaderror) { 605 $additional_field_sql = ""; 606 $additional_value_sql = ""; 607 if (!empty($additional_image_fields)) { 608 $table = ($direct_upload) ? IMAGES_TABLE : IMAGES_TEMP_TABLE; 609 $table_fields = $site_db->get_table_fields($table); 610 foreach ($additional_image_fields as $key => $val) { 611 if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) { 612 $additional_field_sql .= ", $key"; 613 $additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'"; 614 } 615 } 616 } 617 618 $current_time = time(); 619 if ($direct_upload) { 620 $sql = "INSERT INTO ".IMAGES_TABLE." 621 (cat_id, user_id, image_name, image_description, image_keywords, image_date, image_active, image_media_file, image_thumb_file, image_download_url, image_allow_comments".$additional_field_sql.") 622 VALUES 623 ($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, $image_active, '$new_name', '$new_thumb_name', '$image_download_url', $image_allow_comments".$additional_value_sql.")"; 624 $result = $site_db->query($sql); 625 $image_id = $site_db->get_insert_id(); 626 if ($result) { 627 include (ROOT_PATH.'includes/search_utils.php'); 628 $search_words = array(); 629 foreach ($search_match_fields as $image_column => $match_column) { 630 if (isset($HTTP_POST_VARS[$image_column])) { 631 $search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]); 632 } 633 } 634 add_searchwords($image_id, $search_words); 635 } 636 } 637 else { 638 $sql = "INSERT INTO ".IMAGES_TEMP_TABLE." 639 (cat_id, user_id, image_name, image_description, image_keywords, image_date, image_media_file, image_thumb_file, image_download_url".$additional_field_sql.") 640 VALUES 641 ($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, '$new_name', '$new_thumb_name', '$image_download_url'".$additional_value_sql.")"; 642 $result = $site_db->query($sql); 643 } 644 645 if ($config['upload_notify'] == 1 && !$direct_upload) { 646 include (ROOT_PATH.'includes/email.php'); 647 $site_email = new Email(); 648 649 $config['upload_emails'] = str_replace(" ", "", $config['upload_emails']); 650 $emails = explode(",", $config['upload_emails']); 651 652 $validation_url = $script_url."/admin/index.php?goto=".urlencode("validateimages.php?action=validateimages"); 653 654 $site_email->set_to($config['site_email']); 655 $site_email->set_subject($lang['new_upload_emailsubject']); 656 $site_email->register_vars(array( 657 "image_name" => stripslashes($image_name), 658 "file_name" => $new_name, 659 "cat_name" => $cat_cache[$cat_id]['cat_name'], 660 "validation_url" => $validation_url, 661 "site_name" => $config['site_name'] 662 )); 663 $site_email->set_body("upload_notify", $config['language_dir_default']); 664 $site_email->set_bcc($emails); 665 $site_email->send_email(); 666 } 667 668 $msg .= $lang['image_add_success'].": <b>".format_text(stripslashes($image_name))."</b> (".$new_name.")"; 669 $msg .= (!$direct_upload) ? "<br />".$lang['new_upload_validate_desc'] : ""; 670 671 $file_extension = get_file_extension($new_name); 672 $file = (is_remote($new_name)) ? $new_name : (($direct_upload) ? MEDIA_PATH."/".$cat_id."/".$new_name : MEDIA_TEMP_PATH."/".$new_name); 673 $width_height = ""; 674 if (!is_remote($file) && $imageinfo = @getimagesize($file)) { 675 $width_height = " ".$imageinfo[3]; 676 } 677 $media_icon = "<img src=\"".ICON_PATH."/".$file_extension.".gif\" border=\"0\" alt=\"\" />"; 678 $site_template->register_vars(array( 679 "media_src" => $file, 680 "media_icon" => $media_icon, 681 "image_name" => format_text(stripslashes($image_name)), 682 "width_height" => $width_height 683 )); 684 $media = $site_template->parse_template("media/".$file_extension); 685 $content .= "<table border=\"0\" align=\"center\">\n<tr>\n<td>\n".$media."\n</td>\n</tr>\n</table>\n"; 686 } 687 else { 688 $action = "uploadform"; 689 $sendprocess = 1; 690 } 691 } 692 else { 693 $action = "uploadform"; 694 $sendprocess = 1; 695 } 696 } 697 698 if ($action == "uploadform") { 699 if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) { 700 show_error_page($lang['no_permission']); 701 exit; 702 } 703 704 $txt_clickstream = ""; 705 if ($cat_id && isset($cat_cache[$cat_id])) { 706 $txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator']; 707 } 708 $txt_clickstream .= $lang['user_upload']; 709 710 if (!$sendprocess) { 711 $remote_media_file = ""; 712 $remote_thumb_file = ""; 713 $image_name = ""; 714 $image_description = ""; 715 $image_keywords = ""; 716 $image_download_url = ""; 717 $image_allow_comments = 1; 718 } 719 720 $site_template->register_vars(array( 721 "cat_id" => $cat_id, 722 "cat_name" => ($cat_id != 0) ? format_text($cat_cache[$cat_id]['cat_name'], 2) : get_category_dropdown($cat_id), 723 "remote_media_file" => format_text(stripslashes($remote_media_file), 2), 724 "remote_thumb_file" => format_text(stripslashes($remote_thumb_file), 2), 725 "image_name" => format_text(stripslashes($image_name), 2), 726 "image_description" => format_text(stripslashes($image_description), 2), 727 "image_keywords" => format_text(stripslashes($image_keywords), 2), 728 "image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "", 729 "image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "", 730 "image_download_url" => format_text(stripslashes($image_download_url), 2), 731 "lang_category" => $lang['category'], 732 "lang_user_upload" => $lang['user_upload'], 733 "lang_media_file" => $lang['media_file'], 734 "lang_thumb_file" => $lang['thumb_file'], 735 "lang_allowed_file_types" => $lang['allowed_mediatypes_desc'], 736 "allowed_media_types" => str_replace(",",", ",$config['allowed_mediatypes']), 737 "allowed_thumb_types" => "jpg, gif, png", 738 "lang_max_filesize" => $lang['max_filesize'], 739 "lang_max_imagewidth" => $lang['max_imagewidth'], 740 "lang_max_imageheight" => $lang['max_imageheight'], 741 "max_thumb_filsize" => $config['max_thumb_size']." ".$lang['kb'], 742 "max_thumb_imagewidth" => $config['max_thumb_width']." ".$lang['px'], 743 "max_thumb_imageheight" => $config['max_thumb_height']." ".$lang['px'], 744 "max_media_filsize" => $config['max_media_size']." ".$lang['kb'], 745 "max_media_imagewidth" => $config['max_image_width']." ".$lang['px'], 746 "max_media_imageheight" => $config['max_image_height']." ".$lang['px'], 747 "lang_image_name" => $lang['image_name'], 748 "lang_description" => $lang['description'], 749 "lang_keywords" => $lang['keywords_ext'], 750 "lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "", 751 "lang_submit" => $lang['submit'], 752 "lang_reset" => $lang['reset'], 753 "lang_yes" => $lang['yes'], 754 "lang_no" => $lang['no'], 755 "lang_captcha" => $lang['captcha'], 756 "lang_captcha_desc" => $lang['captcha_desc'], 757 "captcha_upload" => (bool)$captcha_enable_upload 758 )); 759 760 if (!empty($additional_image_fields)) { 761 $additional_field_array = array(); 762 foreach ($additional_image_fields as $key => $val) { 763 if ($val[1] == "radio") { 764 $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1; 765 if ($value == 1) { 766 $additional_field_array[$key.'_yes'] = " checked=\"checked\""; 767 $additional_field_array[$key.'_no'] = ""; 768 } 769 else { 770 $additional_field_array[$key.'_yes'] = ""; 771 $additional_field_array[$key.'_no'] = " checked=\"checked\""; 772 } 773 } 774 else { 775 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(stripslashes(trim($HTTP_POST_VARS[$key]))) : ""; 776 } 777 $additional_field_array[$key] = $value; 778 $additional_field_array['lang_'.$key] = $val[0]; 779 } 780 if (!empty($additional_field_array)) { 781 $site_template->register_vars($additional_field_array); 782 } 783 } 784 $content = $site_template->parse_template("member_uploadform"); 785 } 786 787 if ($action == "emailuser") { 788 $txt_clickstream = $lang['profile']; 789 $user_id = (isset($HTTP_POST_VARS[URL_USER_ID])) ? intval($HTTP_POST_VARS[URL_USER_ID]) : GUEST; 790 $error = 0; 791 792 if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) { 793 show_error_page($lang['no_permission']); 794 exit; 795 } 796 $subject = stripslashes(trim($HTTP_POST_VARS['subject'])); 797 $message = stripslashes(trim($HTTP_POST_VARS['message'])); 798 799 if ($subject == "" || $message == "") { 800 $msg = $lang['lostfield_error']; 801 $sendprocess = 1; 802 $error = 1; 803 } 804 805 if (!$error) { 806 if ($user_row = get_user_info($user_id)) { 807 if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) { 808 $content = $lang['invalid_user_id']; 809 } 810 else { 811 $sender_user_name = ($user_info['user_level'] != GUEST) ? (isset($user_info['user_name']) ? $user_info['user_name'] : $lang['userlevel_user']) : $lang['userlevel_guest']; 812 $sender_user_email = ($user_info['user_level'] != GUEST && isset($user_info['user_email'])) ? $user_info['user_email'] : $config['site_email']; 813 814 // Start Emailer 815 include (ROOT_PATH.'includes/email.php'); 816 $site_email = new Email(); 817 $site_email->set_from($sender_user_email, $sender_user_name); 818 $site_email->set_to($user_row['user_email']); 819 $site_email->set_subject($subject); 820 $site_email->register_vars(array( 821 "sender_user_name" => $sender_user_name, 822 "sender_user_email" => $sender_user_email, 823 "message" => $message, 824 "site_name" => $config['site_name'] 825 )); 826 $site_email->set_body("mailform_message", $config['language_dir']); 827 $site_email->send_email(); 828 $msg = $lang['emailuser_success']; 829 } 830 } 831 else { 832 $content = $lang['invalid_user_id']; 833 } 834 } 835 else { 836 $action = "mailform"; 837 } 838 } 839 840 if ($action == "mailform") { 841 $txt_clickstream = $lang['profile']; 842 if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) { 843 $user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]); 844 if (!$user_id) { 845 $user_id = GUEST; 846 } 847 } 848 else { 849 $user_id = GUEST; 850 } 851 852 if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) { 853 show_error_page($lang['no_permission']); 854 exit; 855 } 856 857 if (!$sendprocess) { 858 $subject = ""; 859 $message = ""; 860 } 861 862 if ($user_row = get_user_info($user_id)) { 863 if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) { 864 $content = $lang['invalid_user_id']; 865 } 866 else { 867 $site_template->register_vars(array( 868 "user_id" => $user_row['user_id'], 869 "user_name" => format_text($user_row['user_name'], 2), 870 "subject" => format_text($subject, 2), 871 "message" => format_text($message, 2), 872 "lang_send_email_to" => $lang['send_email_to'], 873 "lang_subject" => $lang['subject'], 874 "lang_message" => $lang['message'], 875 "lang_submit" => $lang['submit'], 876 "lang_reset" => $lang['reset'] 877 )); 878 $content = $site_template->parse_template("member_mailform"); 879 } 880 } 881 else { 882 $content = $lang['invalid_user_id']; 883 } 884 } 885 886 //----------------------------------------------------- 887 //--- Show Profile ------------------------------------ 888 //----------------------------------------------------- 889 if ($action == "showprofile") { 890 $txt_clickstream = $lang['profile']; 891 if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) { 892 $user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]); 893 if (!$user_id) { 894 $user_id = GUEST; 895 } 896 } 897 else { 898 $user_id = GUEST; 899 } 900 901 if ($user_row = get_user_info($user_id)) { 902 $user_homepage = (isset($user_row['user_homepage'])) ? format_url($user_row['user_homepage']) : REPLACE_EMPTY; 903 if (!empty($user_homepage) && $user_homepage != REPLACE_EMPTY) { 904 $user_homepage_button = "<a href=\"".$user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$user_homepage."\" /></a>"; 905 } 906 else { 907 $user_homepage_button = REPLACE_EMPTY; 908 } 909 910 $user_icq = (isset($user_row['user_icq'])) ? $user_row['user_icq'] : REPLACE_EMPTY; 911 if (!empty($user_icq) && $user_icq != REPLACE_EMPTY) { 912 $user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$user_icq."\" target=\"_blank\"><img src=\"http://web.icq.com/whitepages/online?icq=".$user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$user_icq."\" /></a>"; 913 } 914 else { 915 $user_icq_button = REPLACE_EMPTY; 916 } 917 918 if (!empty($user_row['user_email']) && (!isset($user_row['user_showemail']) || (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 1))) { 919 $user_email = $user_row['user_email']; 920 $user_email_save = str_replace("@", " at ", $user_row['user_email']); 921 if (!empty($url_mailform)) { 922 $user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $user_row['user_id'], $url_mailform)); 923 } 924 else { 925 $user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$user_row['user_id']); 926 } 927 $user_email_button = "<a href=\"".$user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$user_email_save."\" /></a>"; 928 } 929 else { 930 $user_email = REPLACE_EMPTY; 931 $user_email_save = REPLACE_EMPTY; 932 $user_mailform_link = REPLACE_EMPTY; 933 $user_email_button = REPLACE_EMPTY; 934 } 935 $site_template->register_vars(array( 936 "user_id" => $user_row['user_id'], 937 "user_name" => (isset($user_row['user_name'])) ? format_text($user_row['user_name'], 2) : REPLACE_EMPTY, 938 "user_email" => $user_email, 939 "user_email_save" => $user_email_save, 940 "user_mailform_link" => $user_mailform_link, 941 "user_email_button" => $user_email_button, 942 "user_join_date" => (isset($user_row['user_joindate'])) ? format_date($config['date_format'], $user_row['user_joindate']) : REPLACE_EMPTY, 943 "user_last_action" => (isset($user_row['user_lastaction'])) ? format_date($config['date_format']." ".$config['time_format'], $user_row['user_lastaction']) : REPLACE_EMPTY, 944 "user_homepage" => $user_homepage, 945 "user_homepage_button" => $user_homepage_button, 946 "user_icq" => $user_icq, 947 "user_icq_button" => $user_icq_button, 948 "user_icq_status" => (isset($user_row['user_icq'])) ? get_icq_status($user_row['user_icq']) : REPLACE_EMPTY, 949 "user_comments" => (isset($user_row['user_comments'])) ? $user_row['user_comments'] : REPLACE_EMPTY, 950 "lang_profile_of" => $lang['profile_of'], 951 "lang_show_user_images" => preg_replace("/".$site_template->start."user_name".$site_template->end."/siU", format_text($user_row['user_name'], 2), $lang['show_user_images']), 952 "url_show_user_images" => $site_sess->url(ROOT_PATH."search.php?search_user=".urlencode($user_row['user_name'])), 953 "lang_join_date" => $lang['join_date'], 954 "lang_last_action" => $lang['last_action'], 955 "lang_comments" => $lang['comments'], 956 "lang_email" => $lang['email'], 957 "lang_homepage" => $lang['homepage'], 958 "lang_icq" => $lang['icq'] 959 )); 960 961 if (!empty($additional_user_fields)) { 962 $additional_field_array = array(); 963 foreach ($additional_user_fields as $key => $val) { 964 $additional_field_array[$key] = (!empty($user_row[$key])) ? format_text($user_row[$key], 1) : REPLACE_EMPTY; 965 $additional_field_array['lang_'.$key] = $val[0]; 966 } 967 if (!empty($additional_field_array)) { 968 $site_template->register_vars($additional_field_array); 969 } 970 } 971 $content = $site_template->parse_template("member_profile"); 972 } 973 else { 974 $content = $lang['invalid_user_id']; 975 } 976 } 977 978 //----------------------------------------------------- 979 //--- Send Password ----------------------------------- 980 //----------------------------------------------------- 981 if ($action == "sendpassword") { 982 $txt_clickstream = $lang['lost_password']; 983 $user_email = un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])); 984 985 if ($user_email != "") { 986 $sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password")." 987 FROM ".USERS_TABLE." 988 WHERE ".get_user_table_field("", "user_email")." = '$user_email'"; 989 if ($checkuser = $site_db->query_firstrow($sql)) { 990 mt_srand((double) microtime() * 1000000); 991 $puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; 992 $user_password = ""; 993 for ($i = 0; $i < 8; $i++) { 994 $user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1); 995 } 996 997 $sql = "UPDATE ".USERS_TABLE." 998 SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."' 999 WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']]; 1000 $site_db->query($sql); 1001 1002 // Start Emailer 1003 include (ROOT_PATH.'includes/email.php'); 1004 $site_email = new Email(); 1005 $site_email->set_to($user_email); 1006 $site_email->set_subject($lang['send_password_emailsubject']); 1007 $site_email->register_vars(array( 1008 "user_name" => $checkuser[$user_table_fields['user_name']], 1009 "user_password" => stripslashes($user_password), 1010 "site_name" => $config['site_name'] 1011 )); 1012 $site_email->set_body("lost_password", $config['language_dir']); 1013 $site_email->send_email(); 1014 1015 $msg = $lang['send_password_success']; 1016 $HTTP_POST_VARS['user_email'] = ""; 1017 } 1018 else { 1019 $msg = $lang['invalid_email']; 1020 } 1021 } 1022 1023 $action = "lostpassword"; 1024 } 1025 1026 if ($action == "lostpassword") { 1027 $txt_clickstream = $lang['lost_password']; 1028 $user_email = (isset($HTTP_POST_VARS['user_email'])) ? format_text(stripslashes($HTTP_POST_VARS['user_email'])) : ""; 1029 $site_template->register_vars(array( 1030 "lang_email" => $lang['email'], 1031 "lang_lost_password" => $lang['lost_password'], 1032 "lang_lost_password_msg" => $lang['lost_password_msg'], 1033 "lang_submit" => $lang['submit'], 1034 "user_email" => format_text($user_email, 2) 1035 )); 1036 $content = $site_template->parse_template("member_lostpassword"); 1037 } 1038 1039 //----------------------------------------------------- 1040 //--- Edit Profile ------------------------------------ 1041 //----------------------------------------------------- 1042 $update_process = 0; 1043 $new_email_msg = ""; 1044 if ($action == "updateprofile") { 1045 $txt_clickstream = $lang['control_panel']; 1046 if ($user_info['user_level'] == GUEST) { 1047 show_error_page($lang['no_permission']); 1048 exit; 1049 } 1050 $user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : ""; 1051 $user_email2 = (isset($HTTP_POST_VARS['user_email2'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email2'])) : ""; 1052 $user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage']))) : ""; 1053 $user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : ""; 1054 $user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0; 1055 $user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 0; 1056 $user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0; 1057 1058 $error = 0; 1059 if ($user_info['user_email'] != $user_email && $checkuser = $site_db->query_firstrow("SELECT ".get_user_table_field("", "user_id")." FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_email")." = '$user_email' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) { 1060 if ($checkuser[$user_table_fields['user_id']] != $user_info['user_id']) { 1061 $msg .= (($msg != "") ? "<br />" : "").$lang['email_exists']; 1062 $error = 1; 1063 } 1064 } 1065 if ($user_email != $user_email2) { 1066 $msg .= (($msg != "") ? "<br />" : "").$lang['update_email_confirm_error']; 1067 $error = 1; 1068 } 1069 if ($user_email == "" || $user_email2 == "") { 1070 $msg .= (($msg != "") ? "<br />" : "").$lang['update_email_error']; 1071 $error = 1; 1072 } 1073 if (!check_email($user_email)) { 1074 $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_email_format']; 1075 $error = 1; 1076 } 1077 1078 if (!empty($additional_user_fields)) { 1079 foreach ($additional_user_fields as $key => $val) { 1080 if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") { 1081 $error = 1; 1082 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']); 1083 $msg .= (($msg != "") ? "<br />" : "").$field_error; 1084 } 1085 } 1086 } 1087 1088 if (!$error && $user_email != $user_info['user_email'] && $user_info['user_level'] != ADMIN && $config['account_activation'] != 0) { 1089 $activationkey = get_random_key(USERS_TABLE, $user_table_fields['user_activationkey']); 1090 1091 $sql = "UPDATE ".USERS_TABLE." 1092 SET ".get_user_table_field("", "user_level")." = ".USER_AWAITING.", ".get_user_table_field("", "user_activationkey")." = '$activationkey' 1093 WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id']; 1094 $result = $site_db->query($sql); 1095 1096 if ($result) { 1097 $activation_url = $script_url."/register.php?action=activate&activationkey=".$activationkey; 1098 1099 include (ROOT_PATH.'includes/email.php'); 1100 $site_email = new Email(); 1101 1102 switch($config['account_activation']) { 1103 case 2: 1104 $user_details_url = $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_info['user_id']."&activation=1"); 1105 $email_to = $config['site_email']; 1106 $email_subject = $lang['admin_activation_emailsubject']; 1107 $email_template = "admin_activation"; 1108 $new_email_msg = $lang['update_email_instruction_admin']; 1109 break; 1110 case 1: 1111 if ($config['language_dir_default'] != $config['language_dir']) { 1112 $activation_url .= "&l=".$config['language_dir']; 1113 } 1114 $user_details_url = ""; 1115 $email_to = $user_email; 1116 $email_subject = $lang['update_email_emailsubject']; 1117 $email_template = "newemail_activation"; 1118 $new_email_msg = $lang['update_email_instruction']; 1119 break; 1120 case 0: 1121 default: 1122 break; 1123 } 1124 1125 if (!empty($email_to)) { 1126 $site_email->set_to($email_to); 1127 $site_email->set_subject($email_subject); 1128 $site_email->register_vars(array( 1129 "user_details_url" => $user_details_url, 1130 "activation_url" => $activation_url, 1131 "user_name" => $user_info['user_name'], 1132 "site_name" => $config['site_name'] 1133 )); 1134 $site_email->set_body($email_template, $config['language_dir']); 1135 $site_email->send_email(); 1136 } 1137 } 1138 else { 1139 $msg = $lang['general_error']; 1140 $error = 1; 1141 } 1142 } 1143 1144 if (!$error) { 1145 $additional_sql = ""; 1146 if (!empty($additional_user_fields)) { 1147 $table_fields = $site_db->get_table_fields(USERS_TABLE); 1148 foreach ($additional_user_fields as $key => $val) { 1149 if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) { 1150 $additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'"; 1151 } 1152 } 1153 } 1154 1155 $sql = "UPDATE ".USERS_TABLE." 1156 SET ".get_user_table_field("", "user_email")." = '$user_email', ".get_user_table_field("", "user_showemail")." = $user_showemail, ".get_user_table_field("", "user_allowemails")." = $user_allowemails, ".get_user_table_field("", "user_invisible")." = $user_invisible, ".get_user_table_field("", "user_homepage")." = '$user_homepage', ".get_user_table_field("", "user_icq")." = '$user_icq'".$additional_sql." 1157 WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id']; 1158 $site_db->query($sql); 1159 1160 $msg = $lang['update_profile_success']; 1161 if (!empty($new_email_msg)) { 1162 $msg .= "<br />".$new_email_msg; 1163 } 1164 $user_info = $site_sess->load_user_info($user_info['user_id']); 1165 } 1166 else { 1167 $update_process = 1; 1168 } 1169 $action = "editprofile"; 1170 } 1171 1172 if ($action == "updatepassword") { 1173 $txt_clickstream = $lang['control_panel']; 1174 if ($user_info['user_level'] == GUEST) { 1175 show_error_page($lang['no_permission']); 1176 exit; 1177 } 1178 $error = 0; 1179 $current_user_password = md5(trim($HTTP_POST_VARS['current_user_password'])); 1180 $user_password = md5(trim($HTTP_POST_VARS['user_password'])); 1181 $user_password2 = md5(trim($HTTP_POST_VARS['user_password2'])); 1182 if ($current_user_password != $user_info['user_password']) { 1183 $msg .= (($msg != "") ? "<br />" : "").$lang['update_password_error']; 1184 $error = 1; 1185 } 1186 if ($user_password != $user_password2 || $user_password == "") { 1187 $msg .= (($msg != "") ? "<br />" : "").$lang['update_password_confirm_error']; 1188 $error = 1; 1189 } 1190 if (!$error) { 1191 $sql = "UPDATE ".USERS_TABLE." 1192 SET ".get_user_table_field("", "user_password")." = '$user_password' 1193 WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id']; 1194 $site_db->query($sql); 1195 1196 $msg = $lang['update_password_success']; 1197 $user_info = $site_sess->load_user_info($user_info['user_id']); 1198 } 1199 $action = "editprofile"; 1200 } 1201 1202 if ($action == "editprofile") { 1203 $txt_clickstream = $lang['control_panel']; 1204 if ($user_info['user_level'] == GUEST) { 1205 show_error_page($lang['no_permission']); 1206 exit; 1207 } 1208 $user_name = $user_info['user_name']; 1209 if (!$update_process) { 1210 $user_email = $user_info['user_email']; 1211 $user_email2 = $user_info['user_email']; 1212 $user_showemail = $user_info['user_showemail']; 1213 $user_allowemails = $user_info['user_allowemails']; 1214 $user_invisible = $user_info['user_invisible']; 1215 $user_homepage = $user_info['user_homepage']; 1216 $user_icq = $user_info['user_icq']; 1217 } 1218 1219 if ($user_showemail == 1) { 1220 $user_showemail_yes = " checked=\"checked\""; 1221 $user_showemail_no = ""; 1222 } 1223 else { 1224 $user_showemail_yes = ""; 1225 $user_showemail_no = " checked=\"checked\""; 1226 } 1227 if ($user_allowemails == 1) { 1228 $user_allowemails_yes = " checked=\"checked\""; 1229 $user_allowemails_no = ""; 1230 } 1231 else { 1232 $user_allowemails_yes = ""; 1233 $user_allowemails_no = " checked=\"checked\""; 1234 } 1235 if ($user_invisible == 1) { 1236 $user_invisible_yes = " checked=\"checked\""; 1237 $user_invisible_no = ""; 1238 } 1239 else { 1240 $user_invisible_yes = ""; 1241 $user_invisible_no = " checked=\"checked\""; 1242 } 1243 1244 $edit_profile_msg = $lang['edit_profile_msg']; 1245 if ($config['account_activation'] == 1 && $user_info['user_level'] != ADMIN) { 1246 $edit_profile_msg .= $lang['edit_profile_email_msg']; 1247 } 1248 if ($config['account_activation'] == 2 && $user_info['user_level'] != ADMIN) { 1249 $edit_profile_msg .= $lang['edit_profile_email_msg_admin']; 1250 } 1251 1252 $site_template->register_vars(array( 1253 "user_name" => format_text(stripslashes($user_name), 2), 1254 "user_email" => format_text(stripslashes($user_email), 2), 1255 "user_email2" => format_text(stripslashes($user_email2), 2), 1256 "user_homepage" => format_text(stripslashes($user_homepage), 2), 1257 "user_icq" => $user_icq, 1258 "user_showemail_yes" => $user_showemail_yes, 1259 "user_showemail_no" => $user_showemail_no, 1260 "user_allowemails_yes" => $user_allowemails_yes, 1261 "user_allowemails_no" => $user_allowemails_no, 1262 "user_invisible_yes" => $user_invisible_yes, 1263 "user_invisible_no" => $user_invisible_no, 1264 "lang_profile_of" => $lang['profile_of'], 1265 "lang_email" => $lang['email'], 1266 "lang_email_confirm" => $lang['email_confirm'], 1267 "lang_show_email" => $lang['show_email'], 1268 "lang_allow_emails" => $lang['allow_emails'], 1269 "lang_invisible" => $lang['invisible'], 1270 "lang_optional_infos" => $lang['optional_infos'], 1271 "lang_homepage" => $lang['homepage'], 1272 "lang_icq" => $lang['icq'], 1273 "lang_save" => $lang['save'], 1274 "lang_reset" => $lang['reset'], 1275 "lang_change_password" => $lang['change_password'], 1276 "lang_old_password" => $lang['old_password'], 1277 "lang_new_password" => $lang['new_password'], 1278 "lang_new_password_confirm" => $lang['new_password_confirm'], 1279 "lang_edit_profile_msg" => $edit_profile_msg, 1280 "lang_yes" => $lang['yes'], 1281 "lang_no" => $lang['no'] 1282 )); 1283 1284 if (!empty($additional_user_fields)) { 1285 $additional_field_array = array(); 1286 foreach ($additional_user_fields as $key => $val) { 1287 if ($val[1] == "radio") { 1288 $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : intval($user_info[$key]); 1289 if ($value == 1) { 1290 $additional_field_array[$key.'_yes'] = " checked=\"checked\""; 1291 $additional_field_array[$key.'_no'] = ""; 1292 } 1293 else { 1294 $additional_field_array[$key.'_yes'] = ""; 1295 $additional_field_array[$key.'_no'] = " checked=\"checked\""; 1296 } 1297 } 1298 else { 1299 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : $user_info[$key]; 1300 } 1301 $additional_field_array[$key] = $value; 1302 $additional_field_array['lang_'.$key] = $val[0]; 1303 } 1304 if (!empty($additional_field_array)) { 1305 $site_template->register_vars($additional_field_array); 1306 } 1307 } 1308 1309 $content = $site_template->parse_template("member_editprofile"); 1310 if (!empty($new_email_msg)) { 1311 $site_sess->logout($user_info['user_id']); 1312 } 1313 } 1314 1315 //----------------------------------------------------- 1316 //--- Clickstream ------------------------------------- 1317 //----------------------------------------------------- 1318 $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$txt_clickstream."</span>"; 1319 1320 //----------------------------------------------------- 1321 //--- Print Out --------------------------------------- 1322 //----------------------------------------------------- 1323 $site_template->register_vars(array( 1324 "content" => $content, 1325 "msg" => $msg, 1326 "clickstream" => $clickstream, 1327 "lang_control_panel" => $lang['control_panel'] 1328 )); 1329 $site_template->print_template($site_template->parse_template($main_template)); 1330 include (ROOT_PATH.'includes/page_footer.php'); 1331 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| [ Powered by PHPXref - Served by Debian GNU/Linux ] |