API tools faq
paste
Guest User

Untitled

a guest
Apr 29th, 2015
350
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 91.36 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /**
  4. * Copyright (C) 2008-2012 FluxBB
  5. * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  6. * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
  7. */
  8.  
  9. define('PUN_ROOT', dirname(__FILE__).'/');
  10. require PUN_ROOT.'include/common.php';
  11.  
  12. // Include UTF-8 function
  13. require PUN_ROOT.'include/utf8/substr_replace.php';
  14. require PUN_ROOT.'include/utf8/ucwords.php'; // utf8_ucwords needs utf8_substr_replace
  15. require PUN_ROOT.'include/utf8/strcasecmp.php';
  16.  
  17. $action = isset($_GET['action']) ? $_GET['action'] : null;
  18. $section = isset($_GET['section']) ? $_GET['section'] : null;
  19. $id = isset($_GET['id']) ? intval($_GET['id']) : 0;
  20. if ($id < 2)
  21. message($lang_common['Bad request'], false, '404 Not Found');
  22.  
  23. if ($action != 'change_pass' || !isset($_GET['key']))
  24. {
  25. if ($pun_user['g_read_board'] == '0')
  26. message($lang_common['No view'], false, '403 Forbidden');
  27. else if ($pun_user['g_view_users'] == '0' && ($pun_user['is_guest'] || $pun_user['id'] != $id))
  28. message($lang_common['No permission'], false, '403 Forbidden');
  29. }
  30.  
  31. // Load the prof_reg.php language file
  32. require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
  33.  
  34. // Load the profile.php language file
  35. require PUN_ROOT.'lang/'.$pun_user['language'].'/profile.php';
  36.  
  37. // Load the language file for the mod Easy Avatar
  38. if (file_exists(PUN_ROOT.'lang/'.$pun_user['language'].'/EZavatar.php'))
  39. require PUN_ROOT.'lang/'.$pun_user['language'].'/EZavatar.php';
  40. else
  41. require PUN_ROOT.'lang/English/EZavatar.php';
  42.  
  43. // Easy Avatar : check image types supported by the GD library (if it's loaded...)
  44. $gd_image_types_ability = FALSE;
  45. if (extension_loaded('gd'))
  46. {
  47. $supported_image_types = array();
  48. $possible_image_types = array(
  49. IMG_GIF => '.gif',
  50. IMG_JPG => '.jpg',
  51. IMG_PNG => '.png'
  52. );
  53.  
  54. foreach ($possible_image_types as $cur_image_type => $cur_extension)
  55. {
  56. if (imagetypes() & $cur_image_type)
  57. {
  58. $supported_image_types[] = $cur_extension;
  59. $gd_image_types_ability = TRUE;
  60. }
  61. else
  62. $supported_image_types[] = NULL;
  63. }
  64. }
  65.  
  66. // Easy Avatar : make sure avatars_upload_size doesn't exceed post_max_size set in config.ini and decrease it if needed (default : 1Mb)
  67. if ($max = trim(@ini_get('post_max_size')));
  68. {
  69. preg_match('#([0-9]+)[\s]*([a-z]+)#i', $max, $matches);
  70. $last = '';
  71. if(isset($matches[2]))
  72. $last = $matches[2];
  73. if(isset($matches[1]))
  74. $max = (int) $matches[1];
  75. switch (strtolower($last))
  76. {
  77. case 'g':
  78. case 'gb':
  79. $max *= 1024;
  80. case 'm':
  81. case 'mb':
  82. $max *= 1024;
  83. case 'k':
  84. case 'kb':
  85. $max *= 1024;
  86. }
  87. else
  88. $max = 1048576;
  89.  
  90. if (intval($pun_config['avatars_upload_size']) > $max)
  91. {
  92. $pun_config['avatars_upload_size'] = $max;
  93. $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$max.' WHERE conf_name=o_avatars_upload_size') or error('Unable to set avatars_upload_size', __FILE__, __LINE__, $db->error());
  94. }
  95.  
  96. // Easy Avatar : reducing image function
  97. function reduce_image($image_to_reduce)
  98. {
  99. global $pun_config, $lang_EZavatar, $width, $height, $size;
  100.  
  101. if ($pun_config['o_avatars_width'] < 1 || $pun_config['o_avatars_height'] < 1 || $pun_config['o_avatars_size'] < 1)
  102. message($lang_EZavatar['Zero set'].'<a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
  103.  
  104. $ratio = max($width/$pun_config['o_avatars_width'], $height/$pun_config['o_avatars_height'], sqrt($size/$pun_config['o_avatars_size']));
  105. $reduced_width = intval($width/$ratio);
  106. $reduced_height = intval($height/$ratio);
  107.  
  108. if ($reduced_width < 1 || $reduced_height < 1)
  109. message ($lang_EZavatar['Ratio too high'].'<a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
  110.  
  111. if (!($reduced_image = @imagecreatetruecolor($reduced_width, $reduced_height)))
  112. message($lang_EZavatar['Create image problem']);
  113.  
  114. if (@imagecopyresampled($reduced_image, $image_to_reduce, 0, 0, 0, 0, $reduced_width, $reduced_height, $width, $height))
  115. return $reduced_image;
  116. else
  117. message($lang_EZavatar['Reduction problem']);
  118. }
  119.  
  120. if ($action == 'change_pass')
  121. {
  122. if (isset($_GET['key']))
  123. {
  124. // If the user is already logged in we shouldn't be here :)
  125. if (!$pun_user['is_guest'])
  126. {
  127. header('Location: index.php');
  128. exit;
  129. }
  130.  
  131. $key = $_GET['key'];
  132.  
  133. $result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error());
  134. $cur_user = $db->fetch_assoc($result);
  135.  
  136. if ($key == '' || $key != $cur_user['activate_key'])
  137. message($lang_profile['Pass key bad'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.');
  138. else
  139. {
  140. $db->query('UPDATE '.$db->prefix.'users SET password=\''.$db->escape($cur_user['activate_string']).'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error());
  141.  
  142. message($lang_profile['Pass updated'], true);
  143. }
  144. }
  145.  
  146. // Make sure we are allowed to change this user's password
  147. if ($pun_user['id'] != $id)
  148. {
  149. if (!$pun_user['is_admmod']) // A regular user trying to change another user's password?
  150. message($lang_common['No permission'], false, '403 Forbidden');
  151. else if ($pun_user['g_moderator'] == '1') // A moderator trying to change a user's password?
  152. {
  153. $result = $db->query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  154. if (!$db->num_rows($result))
  155. message($lang_common['Bad request'], false, '404 Not Found');
  156.  
  157. list($group_id, $is_moderator) = $db->fetch_row($result);
  158.  
  159. if ($pun_user['g_mod_edit_users'] == '0' || $pun_user['g_mod_change_passwords'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1')
  160. message($lang_common['No permission'], false, '403 Forbidden');
  161. }
  162. }
  163.  
  164. if (isset($_POST['form_sent']))
  165. {
  166. // Make sure they got here from the site
  167. confirm_referrer('profile.php');
  168.  
  169. $old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : '';
  170. $new_password1 = pun_trim($_POST['req_new_password1']);
  171. $new_password2 = pun_trim($_POST['req_new_password2']);
  172.  
  173. if ($new_password1 != $new_password2)
  174. message($lang_prof_reg['Pass not match']);
  175. if (pun_strlen($new_password1) < 6)
  176. message($lang_prof_reg['Pass too short']);
  177.  
  178. $result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch password', __FILE__, __LINE__, $db->error());
  179. $cur_user = $db->fetch_assoc($result);
  180.  
  181. $authorized = false;
  182.  
  183. if (!empty($cur_user['password']))
  184. {
  185. $old_password_hash = pun_hash($old_password);
  186.  
  187. if ($cur_user['password'] == $old_password_hash || $pun_user['is_admmod'])
  188. $authorized = true;
  189. }
  190.  
  191. if (!$authorized)
  192. message($lang_profile['Wrong pass']);
  193.  
  194. $new_password_hash = pun_hash($new_password1);
  195.  
  196. $db->query('UPDATE '.$db->prefix.'users SET password=\''.$new_password_hash.'\''.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error());
  197.  
  198. if ($pun_user['id'] == $id)
  199. pun_setcookie($pun_user['id'], $new_password_hash, time() + $pun_config['o_timeout_visit']);
  200.  
  201. redirect('profile.php?section=essentials&amp;id='.$id, $lang_profile['Pass updated redirect']);
  202. }
  203.  
  204. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Change pass']);
  205. $required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']);
  206. $focus_element = array('change_pass', ((!$pun_user['is_admmod']) ? 'req_old_password' : 'req_new_password1'));
  207. define('PUN_ACTIVE_PAGE', 'profile');
  208. require PUN_ROOT.'header.php';
  209.  
  210. ?>
  211. <div class="blockform">
  212. <h2><span><?php echo $lang_profile['Change pass'] ?></span></h2>
  213. <div class="box">
  214. <form id="change_pass" method="post" action="profile.php?action=change_pass&amp;id=<?php echo $id ?>" onsubmit="return process_form(this)">
  215. <div class="inform">
  216. <input type="hidden" name="form_sent" value="1" />
  217. <fieldset>
  218. <legend><?php echo $lang_profile['Change pass legend'] ?></legend>
  219. <div class="infldset">
  220. <?php if (!$pun_user['is_admmod']): ?> <label class="required"><strong><?php echo $lang_profile['Old pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
  221. <input type="password" name="req_old_password" size="16" /><br /></label>
  222. <?php endif; ?> <label class="conl required"><strong><?php echo $lang_profile['New pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
  223. <input type="password" name="req_new_password1" size="16" /><br /></label>
  224. <label class="conl required"><strong><?php echo $lang_profile['Confirm new pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
  225. <input type="password" name="req_new_password2" size="16" /><br /></label>
  226. <p class="clearb"><?php echo $lang_profile['Pass info'] ?></p>
  227. </div>
  228. </fieldset>
  229. </div>
  230. <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  231. </form>
  232. </div>
  233. </div>
  234. <?php
  235.  
  236. require PUN_ROOT.'footer.php';
  237. }
  238.  
  239.  
  240. else if ($action == 'change_email')
  241. {
  242. // Make sure we are allowed to change this user's email
  243. if ($pun_user['id'] != $id)
  244. {
  245. if (!$pun_user['is_admmod']) // A regular user trying to change another user's email?
  246. message($lang_common['No permission'], false, '403 Forbidden');
  247. else if ($pun_user['g_moderator'] == '1') // A moderator trying to change a user's email?
  248. {
  249. $result = $db->query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  250. if (!$db->num_rows($result))
  251. message($lang_common['Bad request'], false, '404 Not Found');
  252.  
  253. list($group_id, $is_moderator) = $db->fetch_row($result);
  254.  
  255. if ($pun_user['g_mod_edit_users'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1')
  256. message($lang_common['No permission'], false, '403 Forbidden');
  257. }
  258. }
  259.  
  260. if (isset($_GET['key']))
  261. {
  262. $key = $_GET['key'];
  263.  
  264. $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error());
  265. list($new_email, $new_email_key) = $db->fetch_row($result);
  266.  
  267. if ($key == '' || $key != $new_email_key)
  268. message($lang_profile['Email key bad'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.');
  269. else
  270. {
  271. $db->query('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update email address', __FILE__, __LINE__, $db->error());
  272.  
  273. message($lang_profile['Email updated'], true);
  274. }
  275. }
  276. else if (isset($_POST['form_sent']))
  277. {
  278. if (pun_hash($_POST['req_password']) !== $pun_user['password'])
  279. message($lang_profile['Wrong pass']);
  280.  
  281. // Make sure they got here from the site
  282. confirm_referrer('profile.php');
  283.  
  284. require PUN_ROOT.'include/email.php';
  285.  
  286. // Validate the email address
  287. $new_email = strtolower(pun_trim($_POST['req_new_email']));
  288. if (!is_valid_email($new_email))
  289. message($lang_common['Invalid email']);
  290.  
  291. // Check if it's a banned email address
  292. if (is_banned_email($new_email))
  293. {
  294. if ($pun_config['p_allow_banned_email'] == '0')
  295. message($lang_prof_reg['Banned email']);
  296. else if ($pun_config['o_mailing_list'] != '')
  297. {
  298. // Load the "banned email change" template
  299. $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/banned_email_change.tpl'));
  300.  
  301. // The first row contains the subject
  302. $first_crlf = strpos($mail_tpl, "\n");
  303. $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
  304. $mail_message = trim(substr($mail_tpl, $first_crlf));
  305.  
  306. $mail_message = str_replace('<username>', $pun_user['username'], $mail_message);
  307. $mail_message = str_replace('<email>', $new_email, $mail_message);
  308. $mail_message = str_replace('<profile_url>', get_base_url().'/profile.php?id='.$id, $mail_message);
  309. $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'], $mail_message);
  310.  
  311. pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
  312. }
  313. }
  314.  
  315. // Check if someone else already has registered with that email address
  316. $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($new_email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  317. if ($db->num_rows($result))
  318. {
  319. if ($pun_config['p_allow_dupe_email'] == '0')
  320. message($lang_prof_reg['Dupe email']);
  321. else if ($pun_config['o_mailing_list'] != '')
  322. {
  323. while ($cur_dupe = $db->fetch_assoc($result))
  324. $dupe_list[] = $cur_dupe['username'];
  325.  
  326. // Load the "dupe email change" template
  327. $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/dupe_email_change.tpl'));
  328.  
  329. // The first row contains the subject
  330. $first_crlf = strpos($mail_tpl, "\n");
  331. $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
  332. $mail_message = trim(substr($mail_tpl, $first_crlf));
  333.  
  334. $mail_message = str_replace('<username>', $pun_user['username'], $mail_message);
  335. $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
  336. $mail_message = str_replace('<profile_url>', get_base_url().'/profile.php?id='.$id, $mail_message);
  337. $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'], $mail_message);
  338.  
  339. pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
  340. }
  341. }
  342.  
  343.  
  344. $new_email_key = random_pass(8);
  345.  
  346. $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$db->escape($new_email).'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
  347.  
  348. // Load the "activate email" template
  349. $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl'));
  350.  
  351. // The first row contains the subject
  352. $first_crlf = strpos($mail_tpl, "\n");
  353. $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
  354. $mail_message = trim(substr($mail_tpl, $first_crlf));
  355.  
  356. $mail_message = str_replace('<username>', $pun_user['username'], $mail_message);
  357. $mail_message = str_replace('<base_url>', get_base_url(), $mail_message);
  358. $mail_message = str_replace('<activation_url>', get_base_url().'/profile.php?action=change_email&id='.$id.'&key='.$new_email_key, $mail_message);
  359. $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'], $mail_message);
  360.  
  361. pun_mail($new_email, $mail_subject, $mail_message);
  362.  
  363. message($lang_profile['Activate email sent'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true);
  364. }
  365.  
  366. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Change email']);
  367. $required_fields = array('req_new_email' => $lang_profile['New email'], 'req_password' => $lang_common['Password']);
  368. $focus_element = array('change_email', 'req_new_email');
  369. define('PUN_ACTIVE_PAGE', 'profile');
  370. require PUN_ROOT.'header.php';
  371.  
  372. ?>
  373. <div class="blockform">
  374. <h2><span><?php echo $lang_profile['Change email'] ?></span></h2>
  375. <div class="box">
  376. <form id="change_email" method="post" action="profile.php?action=change_email&amp;id=<?php echo $id ?>" onsubmit="return process_form(this)">
  377. <div class="inform">
  378. <fieldset>
  379. <legend><?php echo $lang_profile['Email legend'] ?></legend>
  380. <div class="infldset">
  381. <input type="hidden" name="form_sent" value="1" />
  382. <label class="required"><strong><?php echo $lang_profile['New email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_new_email" size="50" maxlength="80" /><br /></label>
  383. <label class="required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password" size="16" /><br /></label>
  384. <p><?php echo $lang_profile['Email instructions'] ?></p>
  385. </div>
  386. </fieldset>
  387. </div>
  388. <p class="buttons"><input type="submit" name="new_email" value="<?php echo $lang_common['Submit'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  389. </form>
  390. </div>
  391. </div>
  392. <?php
  393.  
  394. require PUN_ROOT.'footer.php';
  395. }
  396.  
  397.  
  398. else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
  399. {
  400. if ($pun_config['o_avatars'] == '0')
  401. message($lang_profile['Avatars disabled']);
  402.  
  403. if ($pun_user['id'] != $id && !$pun_user['is_admmod'])
  404. message($lang_common['No permission'], false, '403 Forbidden');
  405.  
  406. if (isset($_POST['form_sent']))
  407. {
  408. // Easy avatar : an URL was posted
  409. if ($_POST['req_url'] != '')
  410. {
  411. // Verify GD library ability to manage images (if user attempt to reach this part directly)
  412. if (!$gd_image_types_ability)
  413. message ($lang_EZavatar['Gd library unset']);
  414.  
  415. // Try to retrieve the extension somewhere in the URL if it corresponds to a manageable type (not necessary, it's just to respect the source as much as possible), else the avatar will be gif type.
  416. $extension = '.gif';
  417. foreach ($possible_image_types as $cur_type => $cur_ext)
  418. {
  419. if (strpos(strtolower($_POST['req_url']), $extension = $cur_ext))
  420. break;
  421. }
  422.  
  423. // Read the file in streaming to avoid loading too large images (for security reasons)
  424. $open_file = @fopen($_POST['req_url'], 'rb');
  425. $image_bytes = '';
  426. if ($open_file)
  427. {
  428. while (!feof($open_file))
  429. {
  430. $image_bytes .= fread($open_file, 8192);
  431. if (strlen($image_bytes) > $pun_config['o_avatars_upload_size'])
  432. {
  433. fclose($open_file);
  434. message($lang_EZavatar['Too large remote file'].$pun_config['o_avatars_upload_size']);
  435. }
  436. }
  437. }
  438. else
  439. message($lang_EZavatar['Open file error']);
  440. fclose($open_file);
  441.  
  442. // Try to create an image with the bytes previously read
  443. if (!$image_tmp = @imagecreatefromstring($image_bytes))
  444. message($lang_EZavatar['Create from string error']);
  445.  
  446. // Deal with width, height and final size: reduce image if necessary
  447. $width = imagesx($image_tmp);
  448. $height = imagesy($image_tmp);
  449. $size = strlen($image_bytes);
  450. if ($width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height'] || $size > $pun_config['o_avatars_size'])
  451. $image_tmp = reduce_image($image_tmp);
  452.  
  453. // Record the reduced image in the temporary file (to respect the source as much as possible, make it with the type corresponding to the extension possibly found in the url)
  454. if (!(($extension == '.gif' && @imagegif($image_tmp, PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp')) || ($extension == '.jpg' && @imagejpeg($image_tmp, PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp', 100)) || ($extension == '.png' && @imagepng($image_tmp, PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp', 0))))
  455. {
  456. imagedestroy($image_tmp);
  457. message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
  458. }
  459.  
  460. }
  461.  
  462. // A file was posted
  463. else
  464. {
  465. if (!isset($_FILES['req_file']))
  466. message($lang_profile['No file']);
  467.  
  468. // Make sure they got here from the site
  469. confirm_referrer('profile.php');
  470.  
  471. $uploaded_file = $_FILES['req_file'];
  472.  
  473. // Make sure the upload went smooth
  474. if (isset($uploaded_file['error']))
  475. {
  476. switch ($uploaded_file['error'])
  477. {
  478. case 1: // UPLOAD_ERR_INI_SIZE
  479. case 2: // UPLOAD_ERR_FORM_SIZE
  480. message($lang_profile['Too large ini']);
  481. break;
  482.  
  483. case 3: // UPLOAD_ERR_PARTIAL
  484. message($lang_profile['Partial upload']);
  485. break;
  486.  
  487. case 4: // UPLOAD_ERR_NO_FILE
  488. message($lang_profile['No file']);
  489. break;
  490.  
  491. case 6: // UPLOAD_ERR_NO_TMP_DIR
  492. message($lang_profile['No tmp directory']);
  493. break;
  494.  
  495. default:
  496. // No error occured, but was something actually uploaded?
  497. if ($uploaded_file['size'] == 0)
  498. message($lang_profile['No file']);
  499. break;
  500. }
  501. }
  502.  
  503. if (is_uploaded_file($uploaded_file['tmp_name']))
  504. {
  505. // Preliminary file check, adequate in most cases
  506. $allowed_types = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png');
  507. if (!in_array($uploaded_file['type'], $allowed_types))
  508. message($lang_profile['Bad type']);
  509.  
  510. // Make sure the temporary file isn't too big before moving it to the avatar directory
  511. if (($size = $uploaded_file['size']) > $pun_config['o_avatars_upload_size'])
  512. message($lang_profile['Too large'].' '.forum_number_format($pun_config['o_avatars_size']).' '.$lang_profile['bytes'].'.');
  513.  
  514. // Move the file to the avatar directory. We do this before dealing with width, height and final size, to circumvent open_basedir restrictions
  515. if (!@move_uploaded_file($uploaded_file['tmp_name'], PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp'))
  516. message($lang_profile['Move failed'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.');
  517.  
  518. list($width, $height, $type,) = @getimagesize(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp');
  519.  
  520. // Determine type
  521. if ($type == IMAGETYPE_GIF)
  522. $extension = '.gif';
  523. else if ($type == IMAGETYPE_JPEG)
  524. $extension = '.jpg';
  525. else if ($type == IMAGETYPE_PNG)
  526. $extension = '.png';
  527. else
  528. {
  529. // Invalid type
  530. @unlink(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp');
  531. message($lang_profile['Bad type']);
  532. }
  533.  
  534.  
  535. // Easy avatar : now deal with width, height and final size: reduce image if too wide, high or large :
  536. if ($width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height'] || $size > $pun_config['o_avatars_size'])
  537. {
  538. // Verify if the GD library is able to manage the image type
  539. if (!(in_array($extension, $supported_image_types)))
  540. message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.<br />'.($lang_profile['Too large'].' '.forum_number_format($pun_config['o_avatars_size']).' '.$lang_profile['bytes'].'.'));
  541.  
  542. // Create image from file
  543. if (!(($extension == '.gif' && ($image_tmp = @imagecreatefromgif(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp'))) || ($extension == '.jpg' && ($image_tmp = @imagecreatefromjpeg(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp'))) || ($extension == '.png' && ($image_tmp = @imagecreatefrompng(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp')))))
  544. message($lang_EZavatar['Create image problem']);
  545.  
  546. // Reduce image
  547. $image_tmp = reduce_image($image_tmp);
  548.  
  549. // Record the reduced image in the temporary file with the right type
  550. if (!(($extension == '.gif' && @imagegif($image_tmp, PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp')) || ($extension == '.jpg' && @imagejpeg($image_tmp, PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp', 100)) || ($extension == '.png' && @imagepng($image_tmp, PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp', 0))))
  551. {
  552. imagedestroy($image_tmp);
  553. message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
  554. }
  555. }
  556. }
  557. else
  558. message($lang_profile['Unknown failure']);
  559. }
  560.  
  561. // Delete any old avatars and put the new one in place
  562. delete_avatar($id);
  563. @rename(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.'.tmp', PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.$extension);
  564. @chmod(PUN_ROOT.$pun_config['o_avatars_dir'].'/'.$id.$extension, 0644);
  565.  
  566. redirect('profile.php?section=personality&amp;id='.$id, $lang_profile['Avatar upload redirect']);
  567.  
  568. }
  569.  
  570. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Upload avatar']);
  571. if ($gd_image_types_ability)
  572. {
  573. $required_fields = array();
  574. $focus_element = array('upload_avatar', 'req_file', 'req_url');
  575. }
  576. else
  577. {
  578. $required_fields = array('req_file' => $lang_profile['File']);
  579. $focus_element = array('upload_avatar', 'req_file');
  580. }
  581. define('PUN_ACTIVE_PAGE', 'profile');
  582. require PUN_ROOT.'header.php';
  583.  
  584. ?>
  585. <div class="blockform">
  586. <h2><span><?php echo $lang_profile['Upload avatar'] ?></span></h2>
  587. <div class="box">
  588. <form id="upload_avatar" method="post" enctype="multipart/form-data" action="profile.php?action=upload_avatar2&amp;id=<?php echo $id ?>" onsubmit="return process_form(this)">
  589. <div class="inform">
  590. <fieldset>
  591. <legend><?php echo $lang_EZavatar['Upload avatar legend'] ?></legend>
  592. <div class="infldset">
  593. <input type="hidden" name="form_sent" value="1" />
  594. <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $pun_config['o_avatars_upload_size'] ?>" />
  595. <?php if ($gd_image_types_ability): ?>
  596. <label><strong><?php echo $lang_profile['File'].'...' ?></strong><br /><input name="req_file" type="file" size="40" /><br /></label>
  597. <label><strong><?php echo $lang_EZavatar['URL'] ?></strong><br /><input name="req_url" type="text" size="40" /><br /></label>
  598. <?php else: ?>
  599. <label class="required"><strong><?php echo $lang_profile['File'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input name="req_file" type="file" size="40" /><br /></label>
  600. <?php endif; ?>
  601. <p><?php echo $lang_profile['Avatar desc'].' '.forum_number_format($pun_config['o_avatars_upload_size']).' '.$lang_profile['bytes'].' ('.file_size($pun_config['o_avatars_upload_size']).'). <br />'.$lang_EZavatar['Avatar desc'].$pun_config['o_avatars_width'].' x '.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].' '.$lang_common['and'].' '.forum_number_format($pun_config['o_avatars_size']).' '.$lang_profile['bytes'].' ('.file_size($pun_config['o_avatars_size']).').' ?></p>
  602. </div>
  603. </fieldset>
  604. </div>
  605. <p class="buttons"><input type="submit" name="upload" value="<?php echo $lang_profile['Upload'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  606. </form>
  607. </div>
  608. </div>
  609. <?php
  610.  
  611. require PUN_ROOT.'footer.php';
  612. }
  613.  
  614.  
  615. else if ($action == 'delete_avatar')
  616. {
  617. if ($pun_user['id'] != $id && !$pun_user['is_admmod'])
  618. message($lang_common['No permission'], false, '403 Forbidden');
  619.  
  620. confirm_referrer('profile.php');
  621.  
  622. delete_avatar($id);
  623.  
  624. redirect('profile.php?section=personality&amp;id='.$id, $lang_profile['Avatar deleted redirect']);
  625. }
  626.  
  627.  
  628. else if (isset($_POST['update_group_membership']))
  629. {
  630. if ($pun_user['g_id'] > PUN_ADMIN)
  631. message($lang_common['No permission'], false, '403 Forbidden');
  632.  
  633. confirm_referrer('profile.php');
  634.  
  635. $new_group_id = intval($_POST['group_id']);
  636.  
  637. $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user group', __FILE__, __LINE__, $db->error());
  638. $old_group_id = $db->result($result);
  639.  
  640. $db->query('UPDATE '.$db->prefix.'users SET group_id='.$new_group_id.' WHERE id='.$id) or error('Unable to change user group', __FILE__, __LINE__, $db->error());
  641.  
  642. // Regenerate the users info cache
  643. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  644. require PUN_ROOT.'include/cache.php';
  645.  
  646. generate_users_info_cache();
  647.  
  648. if ($old_group_id == PUN_ADMIN || $new_group_id == PUN_ADMIN)
  649. generate_admins_cache();
  650.  
  651. $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$new_group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
  652. $new_group_mod = $db->result($result);
  653.  
  654. // If the user was a moderator or an administrator, we remove him/her from the moderator list in all forums as well
  655. if ($new_group_id != PUN_ADMIN && $new_group_mod != '1')
  656. {
  657. $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  658.  
  659. while ($cur_forum = $db->fetch_assoc($result))
  660. {
  661. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  662.  
  663. if (in_array($id, $cur_moderators))
  664. {
  665. $username = array_search($id, $cur_moderators);
  666. unset($cur_moderators[$username]);
  667. $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
  668.  
  669. $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  670. }
  671. }
  672. }
  673.  
  674. redirect('profile.php?section=admin&amp;id='.$id, $lang_profile['Group membership redirect']);
  675. }
  676.  
  677.  
  678. else if (isset($_POST['update_forums']))
  679. {
  680. if ($pun_user['g_id'] > PUN_ADMIN)
  681. message($lang_common['No permission'], false, '403 Forbidden');
  682.  
  683. confirm_referrer('profile.php');
  684.  
  685. // Get the username of the user we are processing
  686. $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  687. $username = $db->result($result);
  688.  
  689. $moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array();
  690.  
  691. // Loop through all forums
  692. $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  693.  
  694. while ($cur_forum = $db->fetch_assoc($result))
  695. {
  696. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  697. // If the user should have moderator access (and he/she doesn't already have it)
  698. if (in_array($cur_forum['id'], $moderator_in) && !in_array($id, $cur_moderators))
  699. {
  700. $cur_moderators[$username] = $id;
  701. uksort($cur_moderators, 'utf8_strcasecmp');
  702.  
  703. $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  704. }
  705. // If the user shouldn't have moderator access (and he/she already has it)
  706. else if (!in_array($cur_forum['id'], $moderator_in) && in_array($id, $cur_moderators))
  707. {
  708. unset($cur_moderators[$username]);
  709. $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
  710.  
  711. $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  712. }
  713. }
  714.  
  715. redirect('profile.php?section=admin&amp;id='.$id, $lang_profile['Update forums redirect']);
  716. }
  717.  
  718.  
  719. else if (isset($_POST['ban']))
  720. {
  721. if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))
  722. message($lang_common['No permission'], false, '403 Forbidden');
  723.  
  724. // Get the username of the user we are banning
  725. $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch username', __FILE__, __LINE__, $db->error());
  726. $username = $db->result($result);
  727.  
  728. // Check whether user is already banned
  729. $result = $db->query('SELECT id FROM '.$db->prefix.'bans WHERE username = \''.$db->escape($username).'\' ORDER BY expire IS NULL DESC, expire DESC LIMIT 1') or error('Unable to fetch ban ID', __FILE__, __LINE__, $db->error());
  730. if ($db->num_rows($result))
  731. {
  732. $ban_id = $db->result($result);
  733. redirect('admin_bans.php?edit_ban='.$ban_id.'&amp;exists', $lang_profile['Ban redirect']);
  734. }
  735. else
  736. redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']);
  737. }
  738.  
  739.  
  740. else if ($action == 'promote')
  741. {
  742. if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_promote_users'] == '0'))
  743. message($lang_common['No permission'], false, '403 Forbidden');
  744.  
  745. confirm_referrer('viewtopic.php');
  746.  
  747. $pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
  748.  
  749. $sql = 'SELECT g.g_promote_next_group FROM '.$db->prefix.'groups AS g INNER JOIN '.$db->prefix.'users AS u ON u.group_id=g.g_id WHERE u.id='.$id.' AND g.g_promote_next_group>0';
  750. $result = $db->query($sql) or error('Unable to fetch promotion information', __FILE__, __LINE__, $db->error());
  751.  
  752. if (!$db->num_rows($result))
  753. message($lang_common['Bad request'], false, '404 Not Found');
  754.  
  755. $next_group_id = $db->result($result);
  756. $db->query('UPDATE '.$db->prefix.'users SET group_id='.$next_group_id.' WHERE id='.$id) or error('Unable to promote user', __FILE__, __LINE__, $db->error());
  757.  
  758. redirect('viewtopic.php?pid='.$pid.'#p'.$pid, $lang_profile['User promote redirect']);
  759. }
  760.  
  761.  
  762. else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
  763. {
  764. if ($pun_user['g_id'] > PUN_ADMIN)
  765. message($lang_common['No permission'], false, '403 Forbidden');
  766.  
  767. confirm_referrer('profile.php');
  768.  
  769. // Get the username and group of the user we are deleting
  770. $result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  771. list($group_id, $username) = $db->fetch_row($result);
  772.  
  773. if ($group_id == PUN_ADMIN)
  774. message($lang_profile['No delete admin message']);
  775.  
  776. if (isset($_POST['delete_user_comply']))
  777. {
  778. // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
  779. $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
  780. $group_mod = $db->result($result);
  781.  
  782. if ($group_id == PUN_ADMIN || $group_mod == '1')
  783. {
  784. $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  785.  
  786. while ($cur_forum = $db->fetch_assoc($result))
  787. {
  788. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  789.  
  790. if (in_array($id, $cur_moderators))
  791. {
  792. unset($cur_moderators[$username]);
  793. $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
  794.  
  795. $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  796. }
  797. }
  798. }
  799.  
  800. // Delete any subscriptions
  801. $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$id) or error('Unable to delete topic subscriptions', __FILE__, __LINE__, $db->error());
  802. $db->query('DELETE FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$id) or error('Unable to delete forum subscriptions', __FILE__, __LINE__, $db->error());
  803.  
  804. // Remove him/her from the online list (if they happen to be logged in)
  805. $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$id) or error('Unable to remove user from online list', __FILE__, __LINE__, $db->error());
  806.  
  807. // Should we delete all posts made by this user?
  808. if (isset($_POST['delete_posts']))
  809. {
  810. require PUN_ROOT.'include/search_idx.php';
  811. @set_time_limit(0);
  812.  
  813. // Find all posts made by this user
  814. $result = $db->query('SELECT p.id, p.topic_id, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id WHERE p.poster_id='.$id) or error('Unable to fetch posts', __FILE__, __LINE__, $db->error());
  815. if ($db->num_rows($result))
  816. {
  817. while ($cur_post = $db->fetch_assoc($result))
  818. {
  819. // Determine whether this post is the "topic post" or not
  820. $result2 = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['topic_id'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
  821.  
  822. if ($db->result($result2) == $cur_post['id'])
  823. delete_topic($cur_post['topic_id']);
  824. else
  825. delete_post($cur_post['id'], $cur_post['topic_id']);
  826.  
  827. update_forum($cur_post['forum_id']);
  828. }
  829. }
  830. }
  831. else
  832. // Set all his/her posts to guest
  833. $db->query('UPDATE '.$db->prefix.'posts SET poster_id=1 WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error());
  834.  
  835. // Delete the user
  836. $db->query('DELETE FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to delete user', __FILE__, __LINE__, $db->error());
  837.  
  838. // Delete user avatar
  839. delete_avatar($id);
  840.  
  841. // Regenerate the users info cache
  842. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  843. require PUN_ROOT.'include/cache.php';
  844.  
  845. generate_users_info_cache();
  846.  
  847. if ($group_id == PUN_ADMIN)
  848. generate_admins_cache();
  849.  
  850. redirect('index.php', $lang_profile['User delete redirect']);
  851. }
  852.  
  853. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Confirm delete user']);
  854. define('PUN_ACTIVE_PAGE', 'profile');
  855. require PUN_ROOT.'header.php';
  856.  
  857. ?>
  858. <div class="blockform">
  859. <h2><span><?php echo $lang_profile['Confirm delete user'] ?></span></h2>
  860. <div class="box">
  861. <form id="confirm_del_user" method="post" action="profile.php?id=<?php echo $id ?>">
  862. <div class="inform">
  863. <fieldset>
  864. <legend><?php echo $lang_profile['Confirm delete legend'] ?></legend>
  865. <div class="infldset">
  866. <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($username).'</strong>.' ?></p>
  867. <div class="rbox">
  868. <label><input type="checkbox" name="delete_posts" value="1" checked="checked" /><?php echo $lang_profile['Delete posts'] ?><br /></label>
  869. </div>
  870. <p class="warntext"><strong><?php echo $lang_profile['Delete warning'] ?></strong></p>
  871. </div>
  872. </fieldset>
  873. </div>
  874. <p class="buttons"><input type="submit" name="delete_user_comply" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  875. </form>
  876. </div>
  877. </div>
  878. <?php
  879.  
  880. require PUN_ROOT.'footer.php';
  881. }
  882.  
  883.  
  884. else if (isset($_POST['form_sent']))
  885. {
  886. // Fetch the user group of the user we are editing
  887. $result = $db->query('SELECT u.username, u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  888. if (!$db->num_rows($result))
  889. message($lang_common['Bad request'], false, '404 Not Found');
  890.  
  891. list($old_username, $group_id, $is_moderator) = $db->fetch_row($result);
  892.  
  893. if ($pun_user['id'] != $id && // If we aren't the user (i.e. editing your own profile)
  894. (!$pun_user['is_admmod'] || // and we are not an admin or mod
  895. ($pun_user['g_id'] != PUN_ADMIN && // or we aren't an admin and ...
  896. ($pun_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users
  897. $group_id == PUN_ADMIN || // or the user is an admin
  898. $is_moderator)))) // or the user is another mod
  899. message($lang_common['No permission'], false, '403 Forbidden');
  900.  
  901. // Make sure they got here from the site
  902. confirm_referrer('profile.php');
  903.  
  904. $username_updated = false;
  905.  
  906. // Validate input depending on section
  907. switch ($section)
  908. {
  909. case 'essentials':
  910. {
  911. $form = array(
  912. 'timezone' => floatval($_POST['form']['timezone']),
  913. 'dst' => isset($_POST['form']['dst']) ? '1' : '0',
  914. 'time_format' => intval($_POST['form']['time_format']),
  915. 'date_format' => intval($_POST['form']['date_format']),
  916. );
  917.  
  918. // Make sure we got a valid language string
  919. if (isset($_POST['form']['language']))
  920. {
  921. $languages = forum_list_langs();
  922. $form['language'] = pun_trim($_POST['form']['language']);
  923. if (!in_array($form['language'], $languages))
  924. message($lang_common['Bad request'], false, '404 Not Found');
  925. }
  926.  
  927. if ($pun_user['is_admmod'])
  928. {
  929. $form['admin_note'] = pun_trim($_POST['admin_note']);
  930.  
  931. // Are we allowed to change usernames?
  932. if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_rename_users'] == '1'))
  933. {
  934. $form['username'] = pun_trim($_POST['req_username']);
  935.  
  936. if ($form['username'] != $old_username)
  937. {
  938. // Check username
  939. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
  940.  
  941. $errors = array();
  942. check_username($form['username'], $id);
  943. if (!empty($errors))
  944. message($errors[0]);
  945.  
  946. $username_updated = true;
  947. }
  948. }
  949.  
  950. // We only allow administrators to update the post count
  951. if ($pun_user['g_id'] == PUN_ADMIN)
  952. $form['num_posts'] = intval($_POST['num_posts']);
  953. }
  954.  
  955. if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod'])
  956. {
  957. require PUN_ROOT.'include/email.php';
  958.  
  959. // Validate the email address
  960. $form['email'] = strtolower(pun_trim($_POST['req_email']));
  961. if (!is_valid_email($form['email']))
  962. message($lang_common['Invalid email']);
  963. }
  964.  
  965. break;
  966. }
  967.  
  968. case 'personal':
  969. {
  970. $form = array(
  971. 'realname' => isset($_POST['form']['realname']) ? pun_trim($_POST['form']['realname']) : '',
  972. 'url' => isset($_POST['form']['url']) ? pun_trim($_POST['form']['url']) : '',
  973. 'location' => isset($_POST['form']['location']) ? pun_trim($_POST['form']['location']) : '',
  974. );
  975.  
  976. // Add http:// if the URL doesn't contain it already (while allowing https://, too)
  977. if ($pun_user['g_post_links'] == '1')
  978. {
  979. if ($form['url'] != '')
  980. {
  981. $url = url_valid($form['url']);
  982.  
  983. if ($url === false)
  984. message($lang_profile['Invalid website URL']);
  985.  
  986. $form['url'] = $url['url'];
  987. }
  988. }
  989. else
  990. {
  991. if (!empty($form['url']))
  992. message($lang_profile['Website not allowed']);
  993.  
  994. $form['url'] = '';
  995. }
  996.  
  997. if ($pun_user['g_id'] == PUN_ADMIN)
  998. $form['title'] = pun_trim($_POST['title']);
  999. else if ($pun_user['g_set_title'] == '1')
  1000. {
  1001. $form['title'] = pun_trim($_POST['title']);
  1002.  
  1003. if ($form['title'] != '')
  1004. {
  1005. // A list of words that the title may not contain
  1006. // If the language is English, there will be some duplicates, but it's not the end of the world
  1007. $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower($lang_common['Member']), utf8_strtolower($lang_common['Moderator']), utf8_strtolower($lang_common['Administrator']), utf8_strtolower($lang_common['Banned']), utf8_strtolower($lang_common['Guest']));
  1008.  
  1009. if (in_array(utf8_strtolower($form['title']), $forbidden))
  1010. message($lang_profile['Forbidden title']);
  1011. }
  1012. }
  1013.  
  1014. break;
  1015. }
  1016.  
  1017. case 'messaging':
  1018. {
  1019. $form = array(
  1020. 'jabber' => pun_trim($_POST['form']['jabber']),
  1021. 'icq' => pun_trim($_POST['form']['icq']),
  1022. 'msn' => pun_trim($_POST['form']['msn']),
  1023. 'aim' => pun_trim($_POST['form']['aim']),
  1024. 'yahoo' => pun_trim($_POST['form']['yahoo']),
  1025. );
  1026.  
  1027. // If the ICQ UIN contains anything other than digits it's invalid
  1028. if (preg_match('%[^0-9]%', $form['icq']))
  1029. message($lang_prof_reg['Bad ICQ']);
  1030.  
  1031. break;
  1032. }
  1033.  
  1034. case 'personality':
  1035. {
  1036. $form = array();
  1037.  
  1038. // Clean up signature from POST
  1039. if ($pun_config['o_signatures'] == '1')
  1040. {
  1041. $form['signature'] = pun_linebreaks(pun_trim($_POST['signature']));
  1042.  
  1043. // Validate signature
  1044. if (pun_strlen($form['signature']) > $pun_config['p_sig_length'])
  1045. message(sprintf($lang_prof_reg['Sig too long'], $pun_config['p_sig_length'], pun_strlen($form['signature']) - $pun_config['p_sig_length']));
  1046. else if (substr_count($form['signature'], "\n") > ($pun_config['p_sig_lines']-1))
  1047. message(sprintf($lang_prof_reg['Sig too many lines'], $pun_config['p_sig_lines']));
  1048. else if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$pun_user['is_admmod'])
  1049. $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
  1050.  
  1051. // Validate BBCode syntax
  1052. if ($pun_config['p_sig_bbcode'] == '1')
  1053. {
  1054. require PUN_ROOT.'include/parser.php';
  1055.  
  1056. $errors = array();
  1057.  
  1058. $form['signature'] = preparse_bbcode($form['signature'], $errors, true);
  1059.  
  1060. if(count($errors) > 0)
  1061. message('<ul><li>'.implode('</li><li>', $errors).'</li></ul>');
  1062. }
  1063. }
  1064.  
  1065. break;
  1066. }
  1067.  
  1068. case 'display':
  1069. {
  1070. $form = array(
  1071. 'disp_topics' => pun_trim($_POST['form']['disp_topics']),
  1072. 'disp_posts' => pun_trim($_POST['form']['disp_posts']),
  1073. 'show_smilies' => isset($_POST['form']['show_smilies']) ? '1' : '0',
  1074. 'show_img' => isset($_POST['form']['show_img']) ? '1' : '0',
  1075. 'show_img_sig' => isset($_POST['form']['show_img_sig']) ? '1' : '0',
  1076. 'show_avatars' => isset($_POST['form']['show_avatars']) ? '1' : '0',
  1077. 'show_sig' => isset($_POST['form']['show_sig']) ? '1' : '0',
  1078. );
  1079.  
  1080. if ($form['disp_topics'] != '')
  1081. {
  1082. $form['disp_topics'] = intval($form['disp_topics']);
  1083. if ($form['disp_topics'] < 3)
  1084. $form['disp_topics'] = 3;
  1085. else if ($form['disp_topics'] > 75)
  1086. $form['disp_topics'] = 75;
  1087. }
  1088.  
  1089. if ($form['disp_posts'] != '')
  1090. {
  1091. $form['disp_posts'] = intval($form['disp_posts']);
  1092. if ($form['disp_posts'] < 3)
  1093. $form['disp_posts'] = 3;
  1094. else if ($form['disp_posts'] > 75)
  1095. $form['disp_posts'] = 75;
  1096. }
  1097.  
  1098. // Make sure we got a valid style string
  1099. if (isset($_POST['form']['style']))
  1100. {
  1101. $styles = forum_list_styles();
  1102. $form['style'] = pun_trim($_POST['form']['style']);
  1103. if (!in_array($form['style'], $styles))
  1104. message($lang_common['Bad request'], false, '404 Not Found');
  1105. }
  1106.  
  1107. break;
  1108. }
  1109.  
  1110. case 'privacy':
  1111. {
  1112. $form = array(
  1113. 'email_setting' => intval($_POST['form']['email_setting']),
  1114. 'notify_with_post' => isset($_POST['form']['notify_with_post']) ? '1' : '0',
  1115. 'auto_notify' => isset($_POST['form']['auto_notify']) ? '1' : '0',
  1116. );
  1117.  
  1118. if ($form['email_setting'] < 0 || $form['email_setting'] > 2)
  1119. $form['email_setting'] = $pun_config['o_default_email_setting'];
  1120.  
  1121. break;
  1122. }
  1123.  
  1124. default:
  1125. message($lang_common['Bad request'], false, '404 Not Found');
  1126. }
  1127.  
  1128.  
  1129. // Single quotes around non-empty values and NULL for empty values
  1130. $temp = array();
  1131. foreach ($form as $key => $input)
  1132. {
  1133. $value = ($input !== '') ? '\''.$db->escape($input).'\'' : 'NULL';
  1134.  
  1135. $temp[] = $key.'='.$value;
  1136. }
  1137.  
  1138. if (empty($temp))
  1139. message($lang_common['Bad request'], false, '404 Not Found');
  1140.  
  1141.  
  1142. $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error());
  1143.  
  1144. // If we changed the username we have to update some stuff
  1145. if ($username_updated)
  1146. {
  1147. $db->query('UPDATE '.$db->prefix.'bans SET username=\''.$db->escape($form['username']).'\' WHERE username=\''.$db->escape($old_username).'\'') or error('Unable to update bans', __FILE__, __LINE__, $db->error());
  1148. // If any bans were updated, we will need to know because the cache will need to be regenerated.
  1149. if ($db->affected_rows() > 0)
  1150. $bans_updated = true;
  1151. $db->query('UPDATE '.$db->prefix.'posts SET poster=\''.$db->escape($form['username']).'\' WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error());
  1152. $db->query('UPDATE '.$db->prefix.'posts SET edited_by=\''.$db->escape($form['username']).'\' WHERE edited_by=\''.$db->escape($old_username).'\'') or error('Unable to update posts', __FILE__, __LINE__, $db->error());
  1153. $db->query('UPDATE '.$db->prefix.'topics SET poster=\''.$db->escape($form['username']).'\' WHERE poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error());
  1154. $db->query('UPDATE '.$db->prefix.'topics SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error());
  1155. $db->query('UPDATE '.$db->prefix.'forums SET last_poster=\''.$db->escape($form['username']).'\' WHERE last_poster=\''.$db->escape($old_username).'\'') or error('Unable to update forums', __FILE__, __LINE__, $db->error());
  1156. $db->query('UPDATE '.$db->prefix.'online SET ident=\''.$db->escape($form['username']).'\' WHERE ident=\''.$db->escape($old_username).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error());
  1157.  
  1158. // If the user is a moderator or an administrator we have to update the moderator lists
  1159. $result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  1160. $group_id = $db->result($result);
  1161.  
  1162. $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
  1163. $group_mod = $db->result($result);
  1164.  
  1165. if ($group_id == PUN_ADMIN || $group_mod == '1')
  1166. {
  1167. $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  1168.  
  1169. while ($cur_forum = $db->fetch_assoc($result))
  1170. {
  1171. $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  1172.  
  1173. if (in_array($id, $cur_moderators))
  1174. {
  1175. unset($cur_moderators[$old_username]);
  1176. $cur_moderators[$form['username']] = $id;
  1177. uksort($cur_moderators, 'utf8_strcasecmp');
  1178.  
  1179. $db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.$db->escape(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  1180. }
  1181. }
  1182. }
  1183.  
  1184. // Regenerate the users info cache
  1185. if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
  1186. require PUN_ROOT.'include/cache.php';
  1187.  
  1188. generate_users_info_cache();
  1189.  
  1190. // Check if the bans table was updated and regenerate the bans cache when needed
  1191. if (isset($bans_updated))
  1192. generate_bans_cache();
  1193. }
  1194.  
  1195. redirect('profile.php?section='.$section.'&amp;id='.$id, $lang_profile['Profile redirect']);
  1196. }
  1197.  
  1198. flux_hook('profile_after_form_handling');
  1199.  
  1200.  
  1201. $result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.notify_with_post, u.auto_notify, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.dst, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, u.date_format, u.time_format, u.last_visit, g.g_id, g.g_user_title, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  1202. if (!$db->num_rows($result))
  1203. message($lang_common['Bad request'], false, '404 Not Found');
  1204.  
  1205. $user = $db->fetch_assoc($result);
  1206.  
  1207. $last_post = format_time($user['last_post']);
  1208.  
  1209. if ($user['signature'] != '')
  1210. {
  1211. require PUN_ROOT.'include/parser.php';
  1212. $parsed_signature = parse_signature($user['signature']);
  1213. }
  1214.  
  1215.  
  1216. // View or edit?
  1217. if ($pun_user['id'] != $id && // If we aren't the user (i.e. editing your own profile)
  1218. (!$pun_user['is_admmod'] || // and we are not an admin or mod
  1219. ($pun_user['g_id'] != PUN_ADMIN && // or we aren't an admin and ...
  1220. ($pun_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users
  1221. $user['g_id'] == PUN_ADMIN || // or the user is an admin
  1222. $user['g_moderator'] == '1')))) // or the user is another mod
  1223. {
  1224. $user_personal = array();
  1225.  
  1226. $user_personal[] = '<dt>'.$lang_common['Username'].'</dt>';
  1227. $user_personal[] = '<dd>'.pun_htmlspecialchars($user['username']).'</dd>';
  1228.  
  1229. $user_title_field = get_title($user);
  1230. $user_personal[] = '<dt>'.$lang_common['Title'].'</dt>';
  1231. $user_personal[] = '<dd>'.(($pun_config['o_censoring'] == '1') ? censor_words($user_title_field) : $user_title_field).'</dd>';
  1232.  
  1233. if ($user['realname'] != '')
  1234. {
  1235. $user_personal[] = '<dt>'.$lang_profile['Realname'].'</dt>';
  1236. $user_personal[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['realname']) : $user['realname']).'</dd>';
  1237. }
  1238.  
  1239. if ($user['location'] != '')
  1240. {
  1241. $user_personal[] = '<dt>'.$lang_profile['Location'].'</dt>';
  1242. $user_personal[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['location']) : $user['location']).'</dd>';
  1243. }
  1244.  
  1245. if ($user['url'] != '')
  1246. {
  1247. $user['url'] = pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['url']) : $user['url']);
  1248. $user_personal[] = '<dt>'.$lang_profile['Website'].'</dt>';
  1249. $user_personal[] = '<dd><span class="website"><a href="'.$user['url'].'" rel="nofollow">'.$user['url'].'</a></span></dd>';
  1250. }
  1251.  
  1252. if ($user['email_setting'] == '0' && !$pun_user['is_guest'] && $pun_user['g_send_email'] == '1')
  1253. $email_field = '<a href="mailto:'.pun_htmlspecialchars($user['email']).'">'.pun_htmlspecialchars($user['email']).'</a>';
  1254. else if ($user['email_setting'] == '1' && !$pun_user['is_guest'] && $pun_user['g_send_email'] == '1')
  1255. $email_field = '<a href="misc.php?email='.$id.'">'.$lang_common['Send email'].'</a>';
  1256. else
  1257. $email_field = '';
  1258. if ($email_field != '')
  1259. {
  1260. $user_personal[] = '<dt>'.$lang_common['Email'].'</dt>';
  1261. $user_personal[] = '<dd><span class="email">'.$email_field.'</span></dd>';
  1262. }
  1263.  
  1264. $user_messaging = array();
  1265.  
  1266. if ($user['jabber'] != '')
  1267. {
  1268. $user_messaging[] = '<dt>'.$lang_profile['Jabber'].'</dt>';
  1269. $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['jabber']) : $user['jabber']).'</dd>';
  1270. }
  1271.  
  1272. if ($user['icq'] != '')
  1273. {
  1274. $user_messaging[] = '<dt>'.$lang_profile['ICQ'].'</dt>';
  1275. $user_messaging[] = '<dd>'.$user['icq'].'</dd>';
  1276. }
  1277.  
  1278. if ($user['msn'] != '')
  1279. {
  1280. $user_messaging[] = '<dt>'.$lang_profile['MSN'].'</dt>';
  1281. $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['msn']) : $user['msn']).'</dd>';
  1282. }
  1283.  
  1284. if ($user['aim'] != '')
  1285. {
  1286. $user_messaging[] = '<dt>'.$lang_profile['AOL IM'].'</dt>';
  1287. $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['aim']) : $user['aim']).'</dd>';
  1288. }
  1289.  
  1290. if ($user['yahoo'] != '')
  1291. {
  1292. $user_messaging[] = '<dt>'.$lang_profile['Yahoo'].'</dt>';
  1293. $user_messaging[] = '<dd>'.pun_htmlspecialchars(($pun_config['o_censoring'] == '1') ? censor_words($user['yahoo']) : $user['yahoo']).'</dd>';
  1294. }
  1295.  
  1296. $user_personality = array();
  1297.  
  1298. if ($pun_config['o_avatars'] == '1')
  1299. {
  1300. $avatar_field = generate_avatar_markup($id);
  1301. if ($avatar_field != '')
  1302. {
  1303. $user_personality[] = '<dt>'.$lang_profile['Avatar'].'</dt>';
  1304. $user_personality[] = '<dd>'.$avatar_field.'</dd>';
  1305. }
  1306. }
  1307.  
  1308. if ($pun_config['o_signatures'] == '1')
  1309. {
  1310. if (isset($parsed_signature))
  1311. {
  1312. $user_personality[] = '<dt>'.$lang_profile['Signature'].'</dt>';
  1313. $user_personality[] = '<dd><div class="postsignature postmsg">'.$parsed_signature.'</div></dd>';
  1314. }
  1315. }
  1316.  
  1317. $user_activity = array();
  1318.  
  1319. $posts_field = '';
  1320. if ($pun_config['o_show_post_count'] == '1' || $pun_user['is_admmod'])
  1321. $posts_field = forum_number_format($user['num_posts']);
  1322. if ($pun_user['g_search'] == '1')
  1323. {
  1324. $quick_searches = array();
  1325. if ($user['num_posts'] > 0)
  1326. {
  1327. $quick_searches[] = '<a href="search.php?action=show_user_topics&amp;user_id='.$id.'">'.$lang_profile['Show topics'].'</a>';
  1328. $quick_searches[] = '<a href="search.php?action=show_user_posts&amp;user_id='.$id.'">'.$lang_profile['Show posts'].'</a>';
  1329. }
  1330. if ($pun_user['is_admmod'] && $pun_config['o_topic_subscriptions'] == '1')
  1331. $quick_searches[] = '<a href="search.php?action=show_subscriptions&amp;user_id='.$id.'">'.$lang_profile['Show subscriptions'].'</a>';
  1332.  
  1333. if (!empty($quick_searches))
  1334. $posts_field .= (($posts_field != '') ? ' - ' : '').implode(' - ', $quick_searches);
  1335. }
  1336. if ($posts_field != '')
  1337. {
  1338. $user_activity[] = '<dt>'.$lang_common['Posts'].'</dt>';
  1339. $user_activity[] = '<dd>'.$posts_field.'</dd>';
  1340. }
  1341.  
  1342. if ($user['num_posts'] > 0)
  1343. {
  1344. $user_activity[] = '<dt>'.$lang_common['Last post'].'</dt>';
  1345. $user_activity[] = '<dd>'.$last_post.'</dd>';
  1346. }
  1347.  
  1348. $user_activity[] = '<dt>'.$lang_common['Registered'].'</dt>';
  1349. $user_activity[] = '<dd>'.format_time($user['registered'], true).'</dd>';
  1350.  
  1351. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), sprintf($lang_profile['Users profile'], pun_htmlspecialchars($user['username'])));
  1352. define('PUN_ALLOW_INDEX', 1);
  1353. define('PUN_ACTIVE_PAGE', 'index');
  1354. require PUN_ROOT.'header.php';
  1355.  
  1356. ?>
  1357. <div id="viewprofile" class="block">
  1358. <h2><span><?php echo $lang_common['Profile'] ?></span></h2>
  1359. <div class="box">
  1360. <div class="fakeform">
  1361. <div class="inform">
  1362. <fieldset>
  1363. <legend><?php echo $lang_profile['Section personal'] ?></legend>
  1364. <div class="infldset">
  1365. <dl>
  1366. <?php echo implode("\n\t\t\t\t\t\t\t", $user_personal)."\n" ?>
  1367. </dl>
  1368. <div class="clearer"></div>
  1369. </div>
  1370. </fieldset>
  1371. </div>
  1372. <?php if (!empty($user_messaging)): ?> <div class="inform">
  1373. <fieldset>
  1374. <legend><?php echo $lang_profile['Section messaging'] ?></legend>
  1375. <div class="infldset">
  1376. <dl>
  1377. <?php echo implode("\n\t\t\t\t\t\t\t", $user_messaging)."\n" ?>
  1378. </dl>
  1379. <div class="clearer"></div>
  1380. </div>
  1381. </fieldset>
  1382. </div>
  1383. <?php endif; if (!empty($user_personality)): ?> <div class="inform">
  1384. <fieldset>
  1385. <legend><?php echo $lang_profile['Section personality'] ?></legend>
  1386. <div class="infldset">
  1387. <dl>
  1388. <?php echo implode("\n\t\t\t\t\t\t\t", $user_personality)."\n" ?>
  1389. </dl>
  1390. <div class="clearer"></div>
  1391. </div>
  1392. </fieldset>
  1393. </div>
  1394. <?php endif; ?> <div class="inform">
  1395. <fieldset>
  1396. <legend><?php echo $lang_profile['User activity'] ?></legend>
  1397. <div class="infldset">
  1398. <dl>
  1399. <?php echo implode("\n\t\t\t\t\t\t\t", $user_activity)."\n" ?>
  1400. </dl>
  1401. <div class="clearer"></div>
  1402. </div>
  1403. </fieldset>
  1404. </div>
  1405. </div>
  1406. </div>
  1407. </div>
  1408.  
  1409. <?php
  1410.  
  1411. require PUN_ROOT.'footer.php';
  1412. }
  1413. else
  1414. {
  1415. if (!$section || $section == 'essentials')
  1416. {
  1417. if ($pun_user['is_admmod'])
  1418. {
  1419. if ($pun_user['g_id'] == PUN_ADMIN || $pun_user['g_mod_rename_users'] == '1')
  1420. $username_field = '<label class="required"><strong>'.$lang_common['Username'].' <span>'.$lang_common['Required'].'</span></strong><br /><input type="text" name="req_username" value="'.pun_htmlspecialchars($user['username']).'" size="25" maxlength="25" /><br /></label>'."\n";
  1421. else
  1422. $username_field = '<p>'.sprintf($lang_profile['Username info'], pun_htmlspecialchars($user['username'])).'</p>'."\n";
  1423.  
  1424. $email_field = '<label class="required"><strong>'.$lang_common['Email'].' <span>'.$lang_common['Required'].'</span></strong><br /><input type="text" name="req_email" value="'.pun_htmlspecialchars($user['email']).'" size="40" maxlength="80" /><br /></label><p><span class="email"><a href="misc.php?email='.$id.'">'.$lang_common['Send email'].'</a></span></p>'."\n";
  1425. }
  1426. else
  1427. {
  1428. $username_field = '<p>'.$lang_common['Username'].': '.pun_htmlspecialchars($user['username']).'</p>'."\n";
  1429.  
  1430. if ($pun_config['o_regs_verify'] == '1')
  1431. $email_field = '<p>'.sprintf($lang_profile['Email info'], pun_htmlspecialchars($user['email']).' - <a href="profile.php?action=change_email&amp;id='.$id.'">'.$lang_profile['Change email'].'</a>').'</p>'."\n";
  1432. else
  1433. $email_field = '<label class="required"><strong>'.$lang_common['Email'].' <span>'.$lang_common['Required'].'</span></strong><br /><input type="text" name="req_email" value="'.$user['email'].'" size="40" maxlength="80" /><br /></label>'."\n";
  1434. }
  1435.  
  1436. $posts_field = '';
  1437. $posts_actions = array();
  1438.  
  1439. if ($pun_user['g_id'] == PUN_ADMIN)
  1440. $posts_field .= '<label>'.$lang_common['Posts'].'<br /><input type="text" name="num_posts" value="'.$user['num_posts'].'" size="8" maxlength="8" /><br /></label>';
  1441. else if ($pun_config['o_show_post_count'] == '1' || $pun_user['is_admmod'])
  1442. $posts_actions[] = sprintf($lang_profile['Posts info'], forum_number_format($user['num_posts']));
  1443.  
  1444. if ($pun_user['g_search'] == '1' || $pun_user['g_id'] == PUN_ADMIN)
  1445. {
  1446. $posts_actions[] = '<a href="search.php?action=show_user_topics&amp;user_id='.$id.'">'.$lang_profile['Show topics'].'</a>';
  1447. $posts_actions[] = '<a href="search.php?action=show_user_posts&amp;user_id='.$id.'">'.$lang_profile['Show posts'].'</a>';
  1448.  
  1449. if ($pun_config['o_topic_subscriptions'] == '1')
  1450. $posts_actions[] = '<a href="search.php?action=show_subscriptions&amp;user_id='.$id.'">'.$lang_profile['Show subscriptions'].'</a>';
  1451. }
  1452.  
  1453. $posts_field .= (!empty($posts_actions) ? '<p class="actions">'.implode(' - ', $posts_actions).'</p>' : '')."\n";
  1454.  
  1455.  
  1456. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section essentials']);
  1457. $required_fields = array('req_username' => $lang_common['Username'], 'req_email' => $lang_common['Email']);
  1458. define('PUN_ACTIVE_PAGE', 'profile');
  1459. require PUN_ROOT.'header.php';
  1460.  
  1461. generate_profile_menu('essentials');
  1462.  
  1463. ?>
  1464. <div class="blockform">
  1465. <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section essentials'] ?></span></h2>
  1466. <div class="box">
  1467. <form id="profile1" method="post" action="profile.php?section=essentials&amp;id=<?php echo $id ?>" onsubmit="return process_form(this)">
  1468. <div class="inform">
  1469. <fieldset>
  1470. <legend><?php echo $lang_profile['Username and pass legend'] ?></legend>
  1471. <div class="infldset">
  1472. <input type="hidden" name="form_sent" value="1" />
  1473. <?php echo $username_field ?>
  1474. <?php if ($pun_user['id'] == $id || $pun_user['g_id'] == PUN_ADMIN || ($user['g_moderator'] == '0' && $pun_user['g_mod_change_passwords'] == '1')): ?> <p class="actions"><span><a href="profile.php?action=change_pass&amp;id=<?php echo $id ?>"><?php echo $lang_profile['Change pass'] ?></a></span></p>
  1475. <?php endif; ?> </div>
  1476. </fieldset>
  1477. </div>
  1478. <div class="inform">
  1479. <fieldset>
  1480. <legend><?php echo $lang_prof_reg['Email legend'] ?></legend>
  1481. <div class="infldset">
  1482. <?php echo $email_field ?>
  1483. </div>
  1484. </fieldset>
  1485. </div>
  1486. <div class="inform">
  1487. <fieldset>
  1488. <legend><?php echo $lang_prof_reg['Localisation legend'] ?></legend>
  1489. <div class="infldset">
  1490. <p><?php echo $lang_prof_reg['Time zone info'] ?></p>
  1491. <label><?php echo $lang_prof_reg['Time zone']."\n" ?>
  1492. <br /><select name="form[timezone]">
  1493. <option value="-12"<?php if ($user['timezone'] == -12) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-12:00'] ?></option>
  1494. <option value="-11"<?php if ($user['timezone'] == -11) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-11:00'] ?></option>
  1495. <option value="-10"<?php if ($user['timezone'] == -10) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-10:00'] ?></option>
  1496. <option value="-9.5"<?php if ($user['timezone'] == -9.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-09:30'] ?></option>
  1497. <option value="-9"<?php if ($user['timezone'] == -9) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-09:00'] ?></option>
  1498. <option value="-8.5"<?php if ($user['timezone'] == -8.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-08:30'] ?></option>
  1499. <option value="-8"<?php if ($user['timezone'] == -8) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-08:00'] ?></option>
  1500. <option value="-7"<?php if ($user['timezone'] == -7) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-07:00'] ?></option>
  1501. <option value="-6"<?php if ($user['timezone'] == -6) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-06:00'] ?></option>
  1502. <option value="-5"<?php if ($user['timezone'] == -5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-05:00'] ?></option>
  1503. <option value="-4"<?php if ($user['timezone'] == -4) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-04:00'] ?></option>
  1504. <option value="-3.5"<?php if ($user['timezone'] == -3.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-03:30'] ?></option>
  1505. <option value="-3"<?php if ($user['timezone'] == -3) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-03:00'] ?></option>
  1506. <option value="-2"<?php if ($user['timezone'] == -2) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-02:00'] ?></option>
  1507. <option value="-1"<?php if ($user['timezone'] == -1) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC-01:00'] ?></option>
  1508. <option value="0"<?php if ($user['timezone'] == 0) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC'] ?></option>
  1509. <option value="1"<?php if ($user['timezone'] == 1) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+01:00'] ?></option>
  1510. <option value="2"<?php if ($user['timezone'] == 2) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+02:00'] ?></option>
  1511. <option value="3"<?php if ($user['timezone'] == 3) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+03:00'] ?></option>
  1512. <option value="3.5"<?php if ($user['timezone'] == 3.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+03:30'] ?></option>
  1513. <option value="4"<?php if ($user['timezone'] == 4) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+04:00'] ?></option>
  1514. <option value="4.5"<?php if ($user['timezone'] == 4.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+04:30'] ?></option>
  1515. <option value="5"<?php if ($user['timezone'] == 5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+05:00'] ?></option>
  1516. <option value="5.5"<?php if ($user['timezone'] == 5.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+05:30'] ?></option>
  1517. <option value="5.75"<?php if ($user['timezone'] == 5.75) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+05:45'] ?></option>
  1518. <option value="6"<?php if ($user['timezone'] == 6) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+06:00'] ?></option>
  1519. <option value="6.5"<?php if ($user['timezone'] == 6.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+06:30'] ?></option>
  1520. <option value="7"<?php if ($user['timezone'] == 7) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+07:00'] ?></option>
  1521. <option value="8"<?php if ($user['timezone'] == 8) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+08:00'] ?></option>
  1522. <option value="8.75"<?php if ($user['timezone'] == 8.75) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+08:45'] ?></option>
  1523. <option value="9"<?php if ($user['timezone'] == 9) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+09:00'] ?></option>
  1524. <option value="9.5"<?php if ($user['timezone'] == 9.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+09:30'] ?></option>
  1525. <option value="10"<?php if ($user['timezone'] == 10) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+10:00'] ?></option>
  1526. <option value="10.5"<?php if ($user['timezone'] == 10.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+10:30'] ?></option>
  1527. <option value="11"<?php if ($user['timezone'] == 11) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+11:00'] ?></option>
  1528. <option value="11.5"<?php if ($user['timezone'] == 11.5) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+11:30'] ?></option>
  1529. <option value="12"<?php if ($user['timezone'] == 12) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+12:00'] ?></option>
  1530. <option value="12.75"<?php if ($user['timezone'] == 12.75) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+12:45'] ?></option>
  1531. <option value="13"<?php if ($user['timezone'] == 13) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+13:00'] ?></option>
  1532. <option value="14"<?php if ($user['timezone'] == 14) echo ' selected="selected"' ?>><?php echo $lang_prof_reg['UTC+14:00'] ?></option>
  1533. </select>
  1534. <br /></label>
  1535. <div class="rbox">
  1536. <label><input type="checkbox" name="form[dst]" value="1"<?php if ($user['dst'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['DST'] ?><br /></label>
  1537. </div>
  1538. <label><?php echo $lang_prof_reg['Time format'] ?>
  1539.  
  1540. <br /><select name="form[time_format]">
  1541. <?php
  1542. foreach (array_unique($forum_time_formats) as $key => $time_format)
  1543. {
  1544. echo "\t\t\t\t\t\t\t\t".'<option value="'.$key.'"';
  1545. if ($user['time_format'] == $key)
  1546. echo ' selected="selected"';
  1547. echo '>'. format_time(time(), false, null, $time_format, true, true);
  1548. if ($key == 0)
  1549. echo ' ('.$lang_prof_reg['Default'].')';
  1550. echo "</option>\n";
  1551. }
  1552. ?>
  1553. </select>
  1554. <br /></label>
  1555. <label><?php echo $lang_prof_reg['Date format'] ?>
  1556.  
  1557. <br /><select name="form[date_format]">
  1558. <?php
  1559. foreach (array_unique($forum_date_formats) as $key => $date_format)
  1560. {
  1561. echo "\t\t\t\t\t\t\t\t".'<option value="'.$key.'"';
  1562. if ($user['date_format'] == $key)
  1563. echo ' selected="selected"';
  1564. echo '>'. format_time(time(), true, $date_format, null, false, true);
  1565. if ($key == 0)
  1566. echo ' ('.$lang_prof_reg['Default'].')';
  1567. echo "</option>\n";
  1568. }
  1569. ?>
  1570. </select>
  1571. <br /></label>
  1572.  
  1573. <?php
  1574.  
  1575. $languages = forum_list_langs();
  1576.  
  1577. // Only display the language selection box if there's more than one language available
  1578. if (count($languages) > 1)
  1579. {
  1580.  
  1581. ?>
  1582. <label><?php echo $lang_prof_reg['Language'] ?>
  1583. <br /><select name="form[language]">
  1584. <?php
  1585.  
  1586. foreach ($languages as $temp)
  1587. {
  1588. if ($user['language'] == $temp)
  1589. echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'" selected="selected">'.$temp.'</option>'."\n";
  1590. else
  1591. echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'">'.$temp.'</option>'."\n";
  1592. }
  1593.  
  1594. ?>
  1595. </select>
  1596. <br /></label>
  1597. <?php
  1598.  
  1599. }
  1600.  
  1601. ?>
  1602. </div>
  1603. </fieldset>
  1604. </div>
  1605. <div class="inform">
  1606. <fieldset>
  1607. <legend><?php echo $lang_profile['User activity'] ?></legend>
  1608. <div class="infldset">
  1609. <p><?php printf($lang_profile['Registered info'], format_time($user['registered'], true).(($pun_user['is_admmod']) ? ' (<a href="moderate.php?get_host='.pun_htmlspecialchars($user['registration_ip']).'">'.pun_htmlspecialchars($user['registration_ip']).'</a>)' : '')) ?></p>
  1610. <p><?php printf($lang_profile['Last post info'], $last_post) ?></p>
  1611. <p><?php printf($lang_profile['Last visit info'], format_time($user['last_visit'])) ?></p>
  1612. <?php echo $posts_field ?>
  1613. <?php if ($pun_user['is_admmod']): ?> <label><?php echo $lang_profile['Admin note'] ?><br />
  1614. <input id="admin_note" type="text" name="admin_note" value="<?php echo pun_htmlspecialchars($user['admin_note']) ?>" size="30" maxlength="30" /><br /></label>
  1615. <?php endif; ?> </div>
  1616. </fieldset>
  1617. </div>
  1618. <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p>
  1619. </form>
  1620. </div>
  1621. </div>
  1622. <?php
  1623.  
  1624. }
  1625. else if ($section == 'personal')
  1626. {
  1627. if ($pun_user['g_set_title'] == '1')
  1628. $title_field = '<label>'.$lang_common['Title'].' <em>('.$lang_profile['Leave blank'].')</em><br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n";
  1629.  
  1630. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section personal']);
  1631. define('PUN_ACTIVE_PAGE', 'profile');
  1632. require PUN_ROOT.'header.php';
  1633.  
  1634. generate_profile_menu('personal');
  1635.  
  1636. ?>
  1637. <div class="blockform">
  1638. <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section personal'] ?></span></h2>
  1639. <div class="box">
  1640. <form id="profile2" method="post" action="profile.php?section=personal&amp;id=<?php echo $id ?>">
  1641. <div class="inform">
  1642. <fieldset>
  1643. <legend><?php echo $lang_profile['Personal details legend'] ?></legend>
  1644. <div class="infldset">
  1645. <input type="hidden" name="form_sent" value="1" />
  1646. <label><?php echo $lang_profile['Realname'] ?><br /><input type="text" name="form[realname]" value="<?php echo pun_htmlspecialchars($user['realname']) ?>" size="40" maxlength="40" /><br /></label>
  1647. <?php if (isset($title_field)): ?> <?php echo $title_field ?>
  1648. <?php endif; ?> <label><?php echo $lang_profile['Location'] ?><br /><input type="text" name="form[location]" value="<?php echo pun_htmlspecialchars($user['location']) ?>" size="30" maxlength="30" /><br /></label>
  1649. <?php if ($pun_user['g_post_links'] == '1' || $pun_user['g_id'] == PUN_ADMIN) : ?> <label><?php echo $lang_profile['Website'] ?><br /><input type="text" name="form[url]" value="<?php echo pun_htmlspecialchars($user['url']) ?>" size="50" maxlength="80" /><br /></label>
  1650. <?php endif; ?>
  1651. </div>
  1652. </fieldset>
  1653. </div>
  1654. <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p>
  1655. </form>
  1656. </div>
  1657. </div>
  1658. <?php
  1659.  
  1660. }
  1661. else if ($section == 'messaging')
  1662. {
  1663.  
  1664. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section messaging']);
  1665. define('PUN_ACTIVE_PAGE', 'profile');
  1666. require PUN_ROOT.'header.php';
  1667.  
  1668. generate_profile_menu('messaging');
  1669.  
  1670. ?>
  1671. <div class="blockform">
  1672. <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section messaging'] ?></span></h2>
  1673. <div class="box">
  1674. <form id="profile3" method="post" action="profile.php?section=messaging&amp;id=<?php echo $id ?>">
  1675. <div class="inform">
  1676. <fieldset>
  1677. <legend><?php echo $lang_profile['Contact details legend'] ?></legend>
  1678. <div class="infldset">
  1679. <input type="hidden" name="form_sent" value="1" />
  1680. <label><?php echo $lang_profile['Jabber'] ?><br /><input id="jabber" type="text" name="form[jabber]" value="<?php echo pun_htmlspecialchars($user['jabber']) ?>" size="40" maxlength="75" /><br /></label>
  1681. <label><?php echo $lang_profile['ICQ'] ?><br /><input id="icq" type="text" name="form[icq]" value="<?php echo $user['icq'] ?>" size="12" maxlength="12" /><br /></label>
  1682. <label><?php echo $lang_profile['MSN'] ?><br /><input id="msn" type="text" name="form[msn]" value="<?php echo pun_htmlspecialchars($user['msn']) ?>" size="40" maxlength="50" /><br /></label>
  1683. <label><?php echo $lang_profile['AOL IM'] ?><br /><input id="aim" type="text" name="form[aim]" value="<?php echo pun_htmlspecialchars($user['aim']) ?>" size="20" maxlength="30" /><br /></label>
  1684. <label><?php echo $lang_profile['Yahoo'] ?><br /><input id="yahoo" type="text" name="form[yahoo]" value="<?php echo pun_htmlspecialchars($user['yahoo']) ?>" size="20" maxlength="30" /><br /></label>
  1685. </div>
  1686. </fieldset>
  1687. </div>
  1688. <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p>
  1689. </form>
  1690. </div>
  1691. </div>
  1692. <?php
  1693.  
  1694. }
  1695. else if ($section == 'personality')
  1696. {
  1697. if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0')
  1698. message($lang_common['Bad request'], false, '404 Not Found');
  1699.  
  1700. $avatar_field = '<span><a href="profile.php?action=upload_avatar&amp;id='.$id.'">'.$lang_profile['Change avatar'].'</a></span>';
  1701.  
  1702. $user_avatar = generate_avatar_markup($id);
  1703. if ($user_avatar)
  1704. $avatar_field .= ' <span><a href="profile.php?action=delete_avatar&amp;id='.$id.'">'.$lang_profile['Delete avatar'].'</a></span>';
  1705. else
  1706. $avatar_field = '<span><a href="profile.php?action=upload_avatar&amp;id='.$id.'">'.$lang_profile['Upload avatar'].'</a></span>';
  1707.  
  1708. if ($user['signature'] != '')
  1709. $signature_preview = '<p>'.$lang_profile['Sig preview'].'</p>'."\n\t\t\t\t\t\t\t".'<div class="postsignature postmsg">'."\n\t\t\t\t\t\t\t\t".'<hr />'."\n\t\t\t\t\t\t\t\t".$parsed_signature."\n\t\t\t\t\t\t\t".'</div>'."\n";
  1710. else
  1711. $signature_preview = '<p>'.$lang_profile['No sig'].'</p>'."\n";
  1712.  
  1713. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section personality']);
  1714. define('PUN_ACTIVE_PAGE', 'profile');
  1715. require PUN_ROOT.'header.php';
  1716.  
  1717. generate_profile_menu('personality');
  1718.  
  1719.  
  1720. ?>
  1721. <div class="blockform">
  1722. <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section personality'] ?></span></h2>
  1723. <div class="box">
  1724. <form id="profile4" method="post" action="profile.php?section=personality&amp;id=<?php echo $id ?>">
  1725. <div><input type="hidden" name="form_sent" value="1" /></div>
  1726. <?php if ($pun_config['o_avatars'] == '1'): ?> <div class="inform">
  1727. <fieldset id="profileavatar">
  1728. <legend><?php echo $lang_profile['Avatar legend'] ?></legend>
  1729. <div class="infldset">
  1730. <?php if ($user_avatar): ?> <div class="useravatar"><?php echo $user_avatar ?></div>
  1731. <?php endif; ?> <p><?php echo $lang_profile['Avatar info'] ?></p>
  1732. <p class="clearb actions"><?php echo $avatar_field ?></p>
  1733. </div>
  1734. </fieldset>
  1735. </div>
  1736. <?php endif; if ($pun_config['o_signatures'] == '1'): ?> <div class="inform">
  1737. <fieldset>
  1738. <legend><?php echo $lang_profile['Signature legend'] ?></legend>
  1739. <div class="infldset">
  1740. <p><?php echo $lang_profile['Signature info'] ?></p>
  1741. <div class="txtarea">
  1742. <label><?php printf($lang_profile['Sig max size'], forum_number_format($pun_config['p_sig_length']), $pun_config['p_sig_lines']) ?><br />
  1743. <textarea name="signature" rows="4" cols="65"><?php echo pun_htmlspecialchars($user['signature']) ?></textarea><br /></label>
  1744. </div>
  1745. <ul class="bblinks">
  1746. <li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_sig_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
  1747. <li><span><a href="help.php#url" onclick="window.open(this.href); return false;"><?php echo $lang_common['url tag'] ?></a> <?php echo ($pun_config['p_sig_bbcode'] == '1' && $pun_user['g_post_links'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
  1748. <li><span><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a> <?php echo ($pun_config['p_sig_bbcode'] == '1' && $pun_config['p_sig_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
  1749. <li><span><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a> <?php echo ($pun_config['o_smilies_sig'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
  1750. </ul>
  1751. <?php echo $signature_preview ?>
  1752. </div>
  1753. </fieldset>
  1754. </div>
  1755. <?php endif; ?> <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p>
  1756. </form>
  1757. </div>
  1758. </div>
  1759. <?php
  1760.  
  1761. }
  1762. else if ($section == 'display')
  1763. {
  1764. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section display']);
  1765. define('PUN_ACTIVE_PAGE', 'profile');
  1766. require PUN_ROOT.'header.php';
  1767.  
  1768. generate_profile_menu('display');
  1769.  
  1770. ?>
  1771. <div class="blockform">
  1772. <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section display'] ?></span></h2>
  1773. <div class="box">
  1774. <form id="profile5" method="post" action="profile.php?section=display&amp;id=<?php echo $id ?>">
  1775. <div><input type="hidden" name="form_sent" value="1" /></div>
  1776. <?php
  1777.  
  1778. $styles = forum_list_styles();
  1779.  
  1780. // Only display the style selection box if there's more than one style available
  1781. if (count($styles) == 1)
  1782. echo "\t\t\t".'<div><input type="hidden" name="form[style]" value="'.$styles[0].'" /></div>'."\n";
  1783. else if (count($styles) > 1)
  1784. {
  1785.  
  1786. ?>
  1787. <div class="inform">
  1788. <fieldset>
  1789. <legend><?php echo $lang_profile['Style legend'] ?></legend>
  1790. <div class="infldset">
  1791. <label><?php echo $lang_profile['Styles'] ?><br />
  1792. <select name="form[style]">
  1793. <?php
  1794.  
  1795. foreach ($styles as $temp)
  1796. {
  1797. if ($user['style'] == $temp)
  1798. echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'" selected="selected">'.str_replace('_', ' ', $temp).'</option>'."\n";
  1799. else
  1800. echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'">'.str_replace('_', ' ', $temp).'</option>'."\n";
  1801. }
  1802.  
  1803. ?>
  1804. </select>
  1805. <br /></label>
  1806. </div>
  1807. </fieldset>
  1808. </div>
  1809. <?php
  1810.  
  1811. }
  1812.  
  1813. ?>
  1814. <?php if ($pun_config['o_smilies'] == '1' || $pun_config['o_smilies_sig'] == '1' || $pun_config['o_signatures'] == '1' || $pun_config['o_avatars'] == '1' || ($pun_config['p_message_bbcode'] == '1' && $pun_config['p_message_img_tag'] == '1')): ?>
  1815. <div class="inform">
  1816. <fieldset>
  1817. <legend><?php echo $lang_profile['Post display legend'] ?></legend>
  1818. <div class="infldset">
  1819. <p><?php echo $lang_profile['Post display info'] ?></p>
  1820. <div class="rbox">
  1821. <?php if ($pun_config['o_smilies'] == '1' || $pun_config['o_smilies_sig'] == '1'): ?> <label><input type="checkbox" name="form[show_smilies]" value="1"<?php if ($user['show_smilies'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show smilies'] ?><br /></label>
  1822. <?php endif; if ($pun_config['o_signatures'] == '1'): ?> <label><input type="checkbox" name="form[show_sig]" value="1"<?php if ($user['show_sig'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show sigs'] ?><br /></label>
  1823. <?php endif; if ($pun_config['o_avatars'] == '1'): ?> <label><input type="checkbox" name="form[show_avatars]" value="1"<?php if ($user['show_avatars'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show avatars'] ?><br /></label>
  1824. <?php endif; if ($pun_config['p_message_bbcode'] == '1' && $pun_config['p_message_img_tag'] == '1'): ?> <label><input type="checkbox" name="form[show_img]" value="1"<?php if ($user['show_img'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show images'] ?><br /></label>
  1825. <?php endif; if ($pun_config['o_signatures'] == '1' && $pun_config['p_sig_bbcode'] == '1' && $pun_config['p_sig_img_tag'] == '1'): ?> <label><input type="checkbox" name="form[show_img_sig]" value="1"<?php if ($user['show_img_sig'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Show images sigs'] ?><br /></label>
  1826. <?php endif; ?>
  1827. </div>
  1828. </div>
  1829. </fieldset>
  1830. </div>
  1831. <?php endif; ?>
  1832. <div class="inform">
  1833. <fieldset>
  1834. <legend><?php echo $lang_profile['Pagination legend'] ?></legend>
  1835. <div class="infldset">
  1836. <label class="conl"><?php echo $lang_profile['Topics per page'] ?><br /><input type="text" name="form[disp_topics]" value="<?php echo $user['disp_topics'] ?>" size="6" maxlength="2" /><br /></label>
  1837. <label class="conl"><?php echo $lang_profile['Posts per page'] ?><br /><input type="text" name="form[disp_posts]" value="<?php echo $user['disp_posts'] ?>" size="6" maxlength="2" /><br /></label>
  1838. <p class="clearb"><?php echo $lang_profile['Paginate info'] ?> <?php echo $lang_profile['Leave blank'] ?></p>
  1839. </div>
  1840. </fieldset>
  1841. </div>
  1842. <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p>
  1843. </form>
  1844. </div>
  1845. </div>
  1846. <?php
  1847.  
  1848. }
  1849. else if ($section == 'privacy')
  1850. {
  1851. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section privacy']);
  1852. define('PUN_ACTIVE_PAGE', 'profile');
  1853. require PUN_ROOT.'header.php';
  1854.  
  1855. generate_profile_menu('privacy');
  1856.  
  1857. ?>
  1858. <div class="blockform">
  1859. <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section privacy'] ?></span></h2>
  1860. <div class="box">
  1861. <form id="profile6" method="post" action="profile.php?section=privacy&amp;id=<?php echo $id ?>">
  1862. <div class="inform">
  1863. <fieldset>
  1864. <legend><?php echo $lang_prof_reg['Privacy options legend'] ?></legend>
  1865. <div class="infldset">
  1866. <input type="hidden" name="form_sent" value="1" />
  1867. <p><?php echo $lang_prof_reg['Email setting info'] ?></p>
  1868. <div class="rbox">
  1869. <label><input type="radio" name="form[email_setting]" value="0"<?php if ($user['email_setting'] == '0') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Email setting 1'] ?><br /></label>
  1870. <label><input type="radio" name="form[email_setting]" value="1"<?php if ($user['email_setting'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Email setting 2'] ?><br /></label>
  1871. <label><input type="radio" name="form[email_setting]" value="2"<?php if ($user['email_setting'] == '2') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Email setting 3'] ?><br /></label>
  1872. </div>
  1873. </div>
  1874. </fieldset>
  1875. </div>
  1876. <?php if ($pun_config['o_forum_subscriptions'] == '1' || $pun_config['o_topic_subscriptions'] == '1'): ?> <div class="inform">
  1877. <fieldset>
  1878. <legend><?php echo $lang_profile['Subscription legend'] ?></legend>
  1879. <div class="infldset">
  1880. <div class="rbox">
  1881. <label><input type="checkbox" name="form[notify_with_post]" value="1"<?php if ($user['notify_with_post'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Notify full'] ?><br /></label>
  1882. <?php if ($pun_config['o_topic_subscriptions'] == '1'): ?> <label><input type="checkbox" name="form[auto_notify]" value="1"<?php if ($user['auto_notify'] == '1') echo ' checked="checked"' ?> /><?php echo $lang_profile['Auto notify full'] ?><br /></label>
  1883. <?php endif; ?>
  1884. </div>
  1885. </div>
  1886. </fieldset>
  1887. </div>
  1888. <?php endif; ?> <p class="buttons"><input type="submit" name="update" value="<?php echo $lang_common['Submit'] ?>" /> <?php echo $lang_profile['Instructions'] ?></p>
  1889. </form>
  1890. </div>
  1891. </div>
  1892. <?php
  1893.  
  1894. }
  1895. else if ($section == 'admin')
  1896. {
  1897. if (!$pun_user['is_admmod'] || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '0'))
  1898. message($lang_common['Bad request'], false, '403 Forbidden');
  1899.  
  1900. $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section admin']);
  1901.  
  1902. flux_hook('profile_admin_before_header');
  1903.  
  1904. define('PUN_ACTIVE_PAGE', 'profile');
  1905. require PUN_ROOT.'header.php';
  1906.  
  1907. generate_profile_menu('admin');
  1908.  
  1909. ?>
  1910. <div class="blockform">
  1911. <h2><span><?php echo pun_htmlspecialchars($user['username']).' - '.$lang_profile['Section admin'] ?></span></h2>
  1912. <div class="box">
  1913. <form id="profile7" method="post" action="profile.php?section=admin&amp;id=<?php echo $id ?>">
  1914. <div class="inform">
  1915. <input type="hidden" name="form_sent" value="1" />
  1916. <fieldset>
  1917. <?php
  1918.  
  1919. if ($pun_user['g_moderator'] == '1')
  1920. {
  1921.  
  1922. ?>
  1923. <legend><?php echo $lang_profile['Delete ban legend'] ?></legend>
  1924. <div class="infldset">
  1925. <p><input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" /></p>
  1926. </div>
  1927. </fieldset>
  1928. </div>
  1929. <?php
  1930.  
  1931. }
  1932. else
  1933. {
  1934. if ($pun_user['id'] != $id)
  1935. {
  1936.  
  1937. ?>
  1938. <legend><?php echo $lang_profile['Group membership legend'] ?></legend>
  1939. <div class="infldset">
  1940. <select id="group_id" name="group_id">
  1941. <?php
  1942.  
  1943. $result = $db->query('SELECT g_id, g_title FROM '.$db->prefix.'groups WHERE g_id!='.PUN_GUEST.' ORDER BY g_title') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
  1944.  
  1945. while ($cur_group = $db->fetch_assoc($result))
  1946. {
  1947. if ($cur_group['g_id'] == $user['g_id'] || ($cur_group['g_id'] == $pun_config['o_default_user_group'] && $user['g_id'] == ''))
  1948. echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'" selected="selected">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
  1949. else
  1950. echo "\t\t\t\t\t\t\t\t".'<option value="'.$cur_group['g_id'].'">'.pun_htmlspecialchars($cur_group['g_title']).'</option>'."\n";
  1951. }
  1952.  
  1953. ?>
  1954. </select>
  1955. <input type="submit" name="update_group_membership" value="<?php echo $lang_profile['Save'] ?>" />
  1956. </div>
  1957. </fieldset>
  1958. </div>
  1959. <div class="inform">
  1960. <fieldset>
  1961. <?php
  1962.  
  1963. }
  1964.  
  1965. ?>
  1966. <legend><?php echo $lang_profile['Delete ban legend'] ?></legend>
  1967. <div class="infldset">
  1968. <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
  1969. </div>
  1970. </fieldset>
  1971. </div>
  1972. <?php
  1973.  
  1974. if ($user['g_moderator'] == '1' || $user['g_id'] == PUN_ADMIN)
  1975. {
  1976.  
  1977. ?>
  1978. <div class="inform">
  1979. <fieldset>
  1980. <legend><?php echo $lang_profile['Set mods legend'] ?></legend>
  1981. <div class="infldset">
  1982. <p><?php echo $lang_profile['Moderator in info'] ?></p>
  1983. <?php
  1984.  
  1985. $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.moderators FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
  1986.  
  1987. $cur_category = 0;
  1988. while ($cur_forum = $db->fetch_assoc($result))
  1989. {
  1990. if ($cur_forum['cid'] != $cur_category) // A new category since last iteration?
  1991. {
  1992. if ($cur_category)
  1993. echo "\n\t\t\t\t\t\t\t\t".'</div>';
  1994.  
  1995. if ($cur_category != 0)
  1996. echo "\n\t\t\t\t\t\t\t".'</div>'."\n";
  1997.  
  1998. echo "\t\t\t\t\t\t\t".'<div class="conl">'."\n\t\t\t\t\t\t\t\t".'<p><strong>'.pun_htmlspecialchars($cur_forum['cat_name']).'</strong></p>'."\n\t\t\t\t\t\t\t\t".'<div class="rbox">';
  1999. $cur_category = $cur_forum['cid'];
  2000. }
  2001.  
  2002. $moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
  2003.  
  2004. echo "\n\t\t\t\t\t\t\t\t\t".'<label><input type="checkbox" name="moderator_in['.$cur_forum['fid'].']" value="1"'.((in_array($id, $moderators)) ? ' checked="checked"' : '').' />'.pun_htmlspecialchars($cur_forum['forum_name']).'<br /></label>'."\n";
  2005. }
  2006.  
  2007. ?>
  2008. </div>
  2009. </div>
  2010. <br class="clearb" /><input type="submit" name="update_forums" value="<?php echo $lang_profile['Update forums'] ?>" />
  2011. </div>
  2012. </fieldset>
  2013. </div>
  2014. <?php
  2015.  
  2016. }
  2017. }
  2018.  
  2019. ?>
  2020. </form>
  2021. <?php flux_hook('profile_admin_after_form') ?>
  2022. </div>
  2023. </div>
  2024. <?php
  2025.  
  2026. }
  2027. else
  2028. message($lang_common['Bad request'], false, '404 Not Found');
  2029.  
  2030. ?>
  2031. <div class="clearer"></div>
  2032. </div>
  2033. <?php
  2034.  
  2035. require PUN_ROOT.'footer.php';
  2036. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!