Location: PHPKode > projects > Gnew > Gnew-2013.1/users/profile.php
<?php
// -----------------------------------------------------------------------------
// $Id: profile.php 682 2013-03-28 14:17:41Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['USERS_PROFILE']);

// User logged?
if ($_SESSION['user_id'] > 0)
{
    // http://www.php.net/post-max-size
    // If the size of POST data is greater than post_max_size, the $_POST and $_FILES superglobals will be empty
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0)
    {
        $valid_size = return_bytes(ini_get('post_max_size'));
        error_template(sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size));
    }
    // From profile form?
    elseif (isset($_POST['profile']))
    {
        $error = '';
        $max_avatars_pixels = $settings['max_avatars_pixels'];
        $tmp_name = $_FILES['user_avatar2']['tmp_name'];
        $upload_dir = './../images/avatars/';
        // http://bugs.php.net/bug.php?id=47096
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
        {
            $upload_name = preg_replace(array('`[^a-z0-9-_.\s]`i', '`\s+`'), array(' ', '_'), $_FILES['user_avatar2']['name']);
        }
        else
        {
            $upload_name = preg_replace('`["!#$%&\'*+/=?^\`{|}~()<>\[\]:;@\\\\,\s\t]+`', '_', $_FILES['user_avatar2']['name']);
        }
        $upload_file = $upload_dir . $upload_name;
        $upload_ext = substr($upload_name, strrpos($upload_name, '.'));
        $valid_ext = array('.gif', '.GIF', '.jpg', '.JPG', '.jpeg', '.JPEG', '.png', '.PNG');
        // New password?
        if (!empty($_POST['user_password']))
        {
            // Password too short?
            if (utf8_strlen(trim($_POST['user_password'])) < $settings['min_passwords_length'])
            {
                $error .= sprintf($lang['ERROR_PASSWORD_LENGTH'], $settings['min_passwords_length']);
            }
            // Passwords OK?
            if (trim($_POST['user_password2']) != trim($_POST['user_password']))
            {
                $error .= $lang['ERROR_PASSWORD_MATCH'];
            }
            if (trim($_POST['user_password2']) == trim($_POST['user_password']))
            {
                $new_password = true;
            }
        }
        if (!trim($_POST['user_email']))
        {
            $error .= $lang['ERROR_NO_EMAIL'];
        }
        else
        {
            if (check_email($_POST['user_email']))
            {
                $user_email = $_POST['user_email'];
            }
            else
            {
                $error .= $lang['ERROR_INVALID_USER_EMAIL'];
            }
        }
        if (!trim($_POST['user_date_format']))
        {
            $error .= $lang['ERROR_NO_DATE_FORMAT'];
        }
        if (!preg_match('`^-?[0-9]{1,2}$`', $_POST['user_date_offset']))
        {
            $error .= $lang['ERROR_NO_DATE_OFFSET'];
        }
        // Check new avatar
        if (!empty($upload_name))
        {
            // Check directory permissions
            if (!is_writable($upload_dir))
            {
                $error .= sprintf($lang['ERROR_DIR_NOT_WRITABLE'], $upload_dir);
            }
            // Check duplicate images
            if (file_exists($upload_file))
            {
                $error .= $lang['ERROR_IMAGE_EXISTS'];
            }
            // Check image format
            if (!in_array($upload_ext, $valid_ext))
            {
                $error .= $lang['ERROR_INVALID_IMAGE_FILE'];
            }
            // Check image size
            $size = getimagesize($tmp_name);
            if ($size[0] > $max_avatars_pixels || $size[1] > $max_avatars_pixels)
            {
                $error .= sprintf($lang['ERROR_IMAGE_DIMENSION'], $max_avatars_pixels);
            }
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            if (isset($new_password))
            {
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_date_format = \'' . utf8_entities($_POST['user_date_format']) . '\', user_date_offset = \'' . $_POST['user_date_offset'] . '\', user_day = \'' . $_POST['user_day'] . '\', user_email = \'' . $user_email . '\', user_language = \'' . $_POST['user_language'] . '\', user_location = \'' . utf8_entities($_POST['user_location']) . '\', user_month = \'' . $_POST['user_month'] . '\', user_occupation = \'' . utf8_entities($_POST['user_occupation']) . '\', user_password = \'' . sha1(utf8_entities($_POST['user_password'])) . '\', user_show_email = \'' . $_POST['user_show_email'] . '\', user_signature = \'' . utf8_entities($_POST['user_signature']) . '\', user_template = \'' . $_POST['user_template'] . '\', user_website = \'' . utf8_entities($_POST['user_website']) . '\', user_year = \'' . $_POST['user_year'] . '\'
                             WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
            }
            else
            {
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_date_format = \'' . utf8_entities($_POST['user_date_format']) . '\', user_date_offset = \'' . $_POST['user_date_offset'] . '\', user_day = \'' . $_POST['user_day'] . '\', user_email = \'' . $user_email . '\', user_language = \'' . $_POST['user_language'] . '\', user_location = \'' . utf8_entities($_POST['user_location']) . '\', user_month = \'' . $_POST['user_month'] . '\', user_occupation = \'' . utf8_entities($_POST['user_occupation']) . '\', user_show_email = \'' . $_POST['user_show_email'] . '\', user_signature = \'' . utf8_entities($_POST['user_signature']) . '\', user_template = \'' . $_POST['user_template'] . '\', user_website = \'' . utf8_entities($_POST['user_website']) . '\', user_year = \'' . $_POST['user_year'] . '\'
                             WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
            }
            // New avatar?
            if (!empty($upload_name))
            {
                if (move_uploaded_file($tmp_name, $upload_file))
                {
                    // Delete old avatar
                    if ($_POST['user_avatar'] != './../images/avatars/empty.png')
                    {
                        unlink($_POST['user_avatar']);
                    }
                    $sql->query('UPDATE ' . TABLE_USERS . '
                                 SET user_avatar = \'' . utf8_entities($upload_file) . '\'
                                 WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
                }
                else
                {
                    error_template($lang['ERROR_INVALID_UPLOADED_FILE']);
                }
            }
            else
            {
                if (isset($_POST['empty_avatar']))
                {
                    $user_avatar = './../images/avatars/empty.png';
                    if ($_POST['user_avatar'] != $user_avatar)
                    {
                        unlink($_POST['user_avatar']);
                    }
                }
                else
                {
                    $user_avatar = $_POST['user_avatar'];
                }
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_avatar = \'' . utf8_entities($user_avatar) . '\'
                             WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
            }
            $GLOBALS['cache']->clean(TABLE_USERS);
            success_template($lang['USER_UPDATED'], './../index.php');
        }
    }
    // Profile form
    else
    {
        $user_avatar = utf8_chars($users['user_avatar']);
        if ($user_avatar != './../images/avatars/empty.png')
        {
            $empty_avatar = ' <input type="checkbox" name="empty_avatar" value="1" /> ' . $lang['DELETE'];
        }
        else
        {
            $empty_avatar = '';
        }

        $user_day_options = $user_month_options = $user_year_options = '';
        for ($i = 1; $i <= 31; $i++)
        {
            if ($i != $users['user_day'])
            {
                $user_day_options .= '<option value="' . $i . '">' . $i . '</option>';
            }
            else
            {
                $user_day_options .= '<option value="' . $i . '" selected="selected">' . $i . '</option>';
            }
        }
        for ($j = 1; $j <= 12; $j++)
        {
            if ($j != $users['user_month'])
            {
                $user_month_options .= '<option value="' . $j . '">' . $j . '</option>';
            }
            else
            {
                $user_month_options .= '<option value="' . $j . '" selected="selected">' . $j . '</option>';
            }
        }
        // http://en.wikipedia.org/wiki/Oldest_people#Ten_verified_oldest_people_living
        for ($k = date('Y', time()); $k >= 1897; $k--)
        {
            if ($k != $users['user_year'])
            {
                $user_year_options .= '<option value="' . $k . '">' . $k . '</option>';
            }
            else
            {
                $user_year_options .= '<option value="' . $k . '" selected="selected">' . $k . '</option>';
            }
        }

        $languages = get_languages_list();
        $user_language_options = '';
        if ($settings['language_unique'])
        {
            $user_language_options = '<option value="' . $settings['language'] . '">' . $lang['' . strtoupper($settings['language']) . ''] . '</option>';
        }
        else
        {
            $num_languages = count($languages);
            for ($i = 0; $i < $num_languages; $i++)
            {
                if ($languages[$i] != $users['user_language'])
                {
                    $user_language_options .= '<option value="' . $languages[$i] . '">' . $lang['' . strtoupper($languages[$i]) . ''] . '</option>';
                }
                else
                {
                    $user_language_options .= '<option value="' . $languages[$i] . '" selected="selected">' . $lang['' . strtoupper($languages[$i]) . ''] . '</option>';
                }
            }
        }

        if ($users['user_show_email'])
        {
            $user_show_email_options = '<option value="0">' . $lang['NO'] . '</option><option value="1" selected="selected">' . $lang['YES'] . '</option>';
        }
        else
        {
            $user_show_email_options = '<option value="0" selected="selected">' . $lang['NO'] . '</option><option value="1">' . $lang['YES'] . '</option>';
        }

        $templates = get_templates_list();
        $user_template_options = '';
        if ($settings['template_unique'])
        {
            $user_template_options = '<option value="' . $settings['template'] . '">' . $settings['template'] . '</option>';
        }
        else
        {
            $num_templates = count($templates);
            for ($i = 0; $i < $num_templates; $i++)
            {
                if ($templates[$i] != $users['user_template'])
                {
                    $user_template_options .= '<option value="' . $templates[$i] . '">' . $templates[$i] . '</option>';
                }
                else
                {
                    $user_template_options .= '<option value="' . $templates[$i] . '" selected="selected">' . $templates[$i] . '</option>';
                }
            }
        }
        $template->set_file('profile', 'users/profile.htpl');
        $template->set_var(array('EMPTY_AVATAR' => $empty_avatar,
                                 'MAX_AVATARS_PIXELS' => sprintf($lang['PIXELS_MAX'], $settings['max_avatars_pixels']),
                                 'USER_AVATAR' => $user_avatar,
                                 'USER_DATE_FORMAT' => $users['user_date_format'],
                                 'USER_DATE_OFFSET' => $users['user_date_offset'],
                                 'USER_DAY_OPTIONS' => $user_day_options,
                                 'USER_EMAIL' => $users['user_email'],
                                 'USER_LANGUAGE_OPTIONS' => $user_language_options,
                                 'USER_LOCATION' => $users['user_location'],
                                 'USER_MONTH_OPTIONS' => $user_month_options,
                                 'USER_NAME' => $users['user_name'],
                                 'USER_OCCUPATION' => $users['user_occupation'],
                                 'USER_SHOW_EMAIL_OPTIONS' => $user_show_email_options,
                                 'USER_SIGNATURE' => $users['user_signature'],
                                 'USER_TEMPLATE_OPTIONS' => $user_template_options,
                                 'USER_WEBSITE' => $users['user_website'],
                                 'USER_YEAR_OPTIONS' => $user_year_options));
        $template->parse('profile');
    }
}
else
{
    error_template($lang['ERROR_USER_OFFLINE']);
}

page_footer();

?>
Return current item: Gnew