Location: PHPKode > projects > QuickTicket > quickticket/qti_user.php
<?php

/**
* PHP versions 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTicket
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.5 build:20101222
*/

session_start();
require_once('bin/qti_init.php');
if ( !$oVIP->CanView('V4') ) HtmlPage(11);

$id = -1; QThttpvar('id','int'); if ( $id<0 ) die('Wrong id');

if ( isset($_GET['edit']) ) $_SESSION[QT]['editing']=($_GET['edit']=='1' ? true : false);
if ( isset($_POST['edit']) ) $_SESSION[QT]['editing']=($_POST['edit']=='1' ? true : false);

// --------
// FUNCTION
// --------

function show_ban($strRole='V',$intBan=0)
{
  if ( $intBan<1 ) return '';
  if ( $strRole=='A' || $strRole=='M' )
  {
    global $L;
    if ( $intBan>1 ) $intBan=($intBan-1)*10;
    Return '<p class="small error">'.$L['Is_banned'].' '.strtolower(LangS('Day',$intBan)).' '.$L['Since'].' '.strtolower($L['Last_message']).'</p>';
  }
}

// --------
// INITIALISE
// --------

include('bin/qt_lib_smtp.php');
include(GetLang().'qti_reg.php');

$bCanEdit = false;
if ( $oVIP->id==$id ) $bCanEdit=true;
if ( $oVIP->IsStaff() ) $bCanEdit=true;
if ( $id==0 ) $bCanEdit=false;
if ( !isset($_SESSION[QT]['editing']) || !$bCanEdit) $_SESSION[QT]['editing']=false;

$oVIP->selfurl = 'qti_user.php';
$oVIP->selfname = $L['Profile'];

// MAP MODULE

if ( UseModule('map') ) { $strCheck='U'; include('qtim_map_ini.php'); } else { $bMap=false; }

// --------
// SUBMITTED
// --------

if ( isset($_POST['ok']) )
{
  // check form
  $strLoca = trim($_POST['location']); if ( get_magic_quotes_gpc() ) $strLoca = stripslashes($strLoca);
  $strLoca = QTconv($strLoca,'3',QTI_CONVERT_AMP);

  if ( empty($error) )
  {
    $strMail = trim($_POST['mail']);
    $strMail = str_replace(';',' ; ',$strMail);
    $strMail = str_replace('  ',' ',$strMail);
    if ( !empty($strMail) && !QTismail($strMail) ) $error=$L['Email'].' '.$strMail.' '.$L['E_invalid'];
  }

  if ( empty($error) )
  {
    $strPhone = QTconv($_POST['phone'],'2');
  }

  if ( empty($error) )
  {
    $strChild='0';
    $strParentmail = '';
    if ( QTI_USE_COPPA )
    {
    $strChild=$_POST['child'];
    if ( $id=='1' && $strChild!='0' ) $error='user id[1] is admin and child status cannot be changed...';
    if ( $id=='0' && $strChild!='0' ) $error='user id[0] is visitor and child status cannot be changed...';
    $strParentmail = trim($_POST['parentmail']);
      if ( !empty($strParentmail) )
      {
      if ( !QTismail($strParentmail) ) $error=$L['Parent_mail'].' '.$L['E_invalid'];
      }
    }
  }

  if ( empty($error) )
  {
    $strWww = QTconv($_POST['www'],'2');
    if ( !empty($strWww) && substr($strWww,0,4)!='http' ) $error=$L['Website'].' '.$L['E_invalid'];
    if ( $strWww=='http://' || $strWww=='https://' ) $strWww='';
  }

  // save

  if ( empty($error) )
  {
    $oDB->Query('UPDATE '.TABUSER.' SET location="'.addslashes($strLoca).'", mail="'.$strMail.'", phone="'.addslashes($strPhone).'", www="'.addslashes($strWww).'", privacy="'.$_POST['privacy'].'", children="'.$strChild.'", parentmail="'.$strParentmail.'" WHERE id='.$id);
    if ( isset($_POST['m_map_gcenter']) )
    {
      if ( empty($_POST['m_map_gcenter']) )
      {
      QTgpointdelete(TABUSER,$id);
      }
      else
      {
      QTgpoint(TABUSER,$id,QTgety($_POST['m_map_gcenter']),QTgetx($_POST['m_map_gcenter']));
      }
    }

    // parent warning if coppa

    if ( QTI_USE_COPPA && $strChild!='0' )
    {
    $strSubject = $_SESSION[QT]['site_name'].' - Profile updated';
    $strMessage = "Your children (login: %s) has modified his/her profile on the board {$_SESSION[QT]['site_name']}.";
    $strFile = GetLang().'mail_profile_coppa.php';
    if ( file_exists($strFile) ) include($strFile);
    $strMessage = sprintf($strMessage, $_POST['name']);
    QTmail($_POST['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
    }

    // exit

    unset($_SESSION[QT]['sys_sections']);
    $oVIP->exiturl = "qti_user.php?id=$id";
    $oVIP->exitname = $L['Profile'];
    $oVIP->EndMessage(NULL,$L['S_save'],$_SESSION[QT]['skin_dir'],2);
  }
}

// --------
// STATS AND USER
// --------

// -- COUNT TOPICS --

$oDB->Query('SELECT count(id) as countid FROM '.TABTOPIC.' WHERE firstpostuser='.$id);
$row = $oDB->Getrow();
$counttopics = $row['countid'];

// -- COUNT MESSAGES --

$oDB->Query('SELECT count(id) as countid FROM '.TABPOST.' WHERE userid='.$id);
$row = $oDB->Getrow();
$countmessages = $row['countid'];

// -- QUERY USER --

$oDB->Query('SELECT * FROM '.TABUSER.' WHERE id='.$id);
$row = $oDB->Getrow();

  // check privacy
  if ( $oVIP->IsPrivate($row['privacy'],$id) ) { $row['y']=null; $row['x']=null; }

  // staff cannot edit other staff nor admin
  if ( $row['role']=='M' && $oVIP->role=='M' && $oVIP->id!=$id ) { $bCanEdit=false; $_SESSION[QT]['editing']=false; }
  if ( $row['role']=='A' && $oVIP->role=='M' ) { $bCanEdit=false; $_SESSION[QT]['editing']=false; }

if ( $bMap )
{
  if ( !empty($row['x']) && !empty($row['y']) )
  {
    $strPname = QTconv($row['name'],'U');
    $strPlink = '<a class="small" href="http://maps.google.com?q='.floatval($row['y']).','.floatval($row['x']).'+('.urlencode($strPname).')&z='.$_SESSION[QT]['m_map_gzoom'].'" title="'.$L['map']['In_google'].'" target="_blank">[G]</a>';
    $strPinfo = '<span class="bold">Lat: '.QTdd2dms(floatval($row['y'])).' <br />Lon: '.QTdd2dms(floatval($row['x'])).'</span><br /><span class="small">DD: '.round(floatval($row['y']),8).', '.round(floatval($row['x']),8).'</span> '.$strPlink;
    $oMapPoint = new cMapPoint(floatval($row['y']),floatval($row['x']),$strPname,$strPinfo);
    if ( isset($_SESSION[QT]['m_map']['U']['icon']) )        $oMapPoint->icon        = $_SESSION[QT]['m_map']['U']['icon'];
    if ( isset($_SESSION[QT]['m_map']['U']['shadow']) )      $oMapPoint->shadow      = $_SESSION[QT]['m_map']['U']['shadow'];
    if ( isset($_SESSION[QT]['m_map']['U']['printicon']) )   $oMapPoint->printicon   = $_SESSION[QT]['m_map']['U']['printicon'];
    if ( isset($_SESSION[QT]['m_map']['U']['printshadow']) ) $oMapPoint->printshadow = $_SESSION[QT]['m_map']['U']['printshadow'];
    $arrExtData[] = $oMapPoint;
  }
}

// -- sitework limitation --
if ( $_SESSION[QT]['editing'] && !empty($_SESSION[QT]['m_sitework']) )
{
  echo '<p class="small">SiteWork module:<br />Profile cannot be changed from a remote computer.</p>';  
  $_SESSION[QT]['editing'] = false;
}
// -- sitework limitation --

// --------
// HTML START
// --------

include('qti_p_header.php');

// -- PARTICIPATION INFO --

$strParticip = '';
if ( $counttopics>0 )
{
$strParticip .= '<a href="'.Href('qti_find.php').'?a=user&amp;k1='.$id.'&amp;k2='.urlencode($row['name']).'">'.LangS('Topic',$counttopics).'</a>, ';
}
if ( $countmessages>0 )
{
  $strParticip .= '<span class="small">'.LangS('Message',$countmessages).', '.strtolower($L['Last_message']).' '.QTdatestr($row['lastdate'],'$','$',true,true);
  $oDB->Query( 'SELECT p.id,p.topic FROM '.TABPOST.' p WHERE p.userid='.$id.' ORDER BY p.issuedate DESC' );
  $row2 = $oDB->Getrow();
  $strParticip .= ' <a class="small" href="'.Href('qti_topic.php').'?t='.$row2['topic'].'&amp;tt=messages#p'.$row2['id'].'" title="'.$L['H_Goto_message'].'">'.$L['Goto_message'].'</a></span>';
}

// -- STAFF MENU --

if ( $oVIP->role=='A' )
{
echo '<form method="get" action="',Href('qti_change.php'),'" id="modaction">
<div class="modboard">
<span class="modboard">',$L['Userrole']['A'],'
<select name="a" class="small" onchange="if (this.value!=\'\') { document.getElementById(\'modaction\').submit(); }">
<option value="">&nbsp;</option>
<option value="pwdreset">',$L['Reset_pwd'],'...</option>',
($id>1 ? '<option value="userrole">'.$L['Change_role'].'...</option>
<option value="user_ban">'.$L['Ban_user'].'...</option>
<option value="user_del">'.$L['Delete'].' '.strtolower($L['User']).'...</option>
' :''),'</select>
<input type="submit" name="Mok" value="',$L['Ok'],'" class="small" id="action_ok" />
<input type="hidden" name="s" value="',$id,'" />
</span>
</div>
</form>
<script type="text/javascript">document.getElementById("action_ok").style.display="none";</script>
';
}

// -- DISPLAY PROFILE --

$strMail = '';  if ( !empty($row['mail']) && !$oVIP->IsPrivate($row['privacy'],$id) ) $strMail = AsEmails($row['mail'],$id,0,'txt'.(QTI_JAVA_MAIL ? 'java' : ''),false,$_SESSION[QT]['skin_dir'],$L['E_javamail']);
$strPhone = ''; if ( !empty($row['phone']) && !$oVIP->IsPrivate($row['privacy'],$id) ) $strPhone = $row['phone'];
$strCoord = ''; if ( $bMap && !empty($row['x']) && !empty($row['y']) ) { if ( !$oVIP->IsPrivate($row['privacy'],$id) ) $strCoord = QTdd2dms(floatval($row['y'])).', '.QTdd2dms(floatval($row['x'])).' '.$L['Coord_latlon'].' <span class="small disabled">DD '.round(floatval($row['y']),8).','.round(floatval($row['x']),8).'</span>'; }
$strPriv = '';  if ( $row['privacy']!=2 && ($oVIP->IsStaff() || $oVIP->id==$id) ) $strPriv=' <img class="ico" src="admin/private'.$row['privacy'].'.gif" title="'.$L['Privacy_visible'][$row['privacy']].'" />';

if ( $bCanEdit )
{
echo '<p style="float:right;margin:2px">',( $_SESSION[QT]['editing'] ? '<a href="'.Href().'?id='.$id.'&amp;edit=0">'.$L['Edit_stop'].'</a>' : '<a href="'.Href().'?id='.$id.'&amp;edit=1">'.$L['Edit_start'].'</a>'),'</p>';
}
echo '<h2>',$oVIP->selfname,'</h2>
<table class="hidden" cellspacing="0" summary="profile layout">
<colgroup span="2"><col width="175"></col><col></col></colgroup>
<tr class="hidden">
<td class="hidden">',AsImgBox(AsImg( AsAvatarScr($row['photo']),'',$row['name'],'member'),'picbox','',$row['name']),show_ban($oVIP->role,$row['closed']);

if ( $bCanEdit )
{
  if ( $_SESSION[QT]['avatar']!='0' )
  {
  echo '<p class="profile menu"><a href="',Href('qti_user_img.php'),'?id=',$id,'">',$L['Change_picture'],'</a></p>';
  }
  echo '<p class="profile menu"><a href="',Href('qti_user_sign.php'),'?id=',$id,'">',$L['Change_signature'],'</a></p>';
  echo '<p class="profile menu"><a href="',Href('qti_user_pwd.php'),'?id=',$id,'">',$L['Change_password'],'</a></p>';
  echo '<p class="profile menu"><a href="',Href('qti_user_question.php'),'?id=',$id,'">',$L['Secret_question'],'</a></p>';
  if ( $id>1 )
  {
  if ( $oVIP->role=='A' || ($oVIP->id==$id && QTI_CHANGE_USERNAME) ) echo '<p class="profile menu"><a href="',Href('qti_user_rename.php'),'?id=',$id,'">',$L['Change_name'],'</a></p>';
  if ( $oVIP->id==$id ) echo '<p class="profile menu"><a href="',Href('qti_unregister.php'),'?id=',$id,'">',$L['Unregister'],'</a></p>';
  }
}

if ( $_SESSION[QT]['editing'] && $oVIP->id!=$id ) echo '<div class="profile warning">',$L['W_Somebody_else'],'</div>';

echo '
</td>
<td class="hidden">
';

// --------
if ( !$_SESSION[QT]['editing'] ) {
// --------

echo '
<table class="data_o" cellspacing="0" summary="profile">
<colgroup span="2"><col width="150"></col><col></col></colgroup>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Username'],'</td><td class="colct"><b>',$row['name'],'</b></td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Role'],'</td><td class="colct">',$L['Userrole'][$row['role']],'</td></tr>
';
if ( $oVIP->id==$id || $oVIP->IsStaff() ) echo '<tr class="data_o"><td class="colhd colhdfirst">',$L['Privacy'],'</td><td class="colct">',$L['Email'],'/',$L['Phone'],($bMap ? '/'.$L['map']['position'] : ''),$strPriv,' ',$L['Privacy_visible'][$row['privacy']],'</td></tr>';
echo '
<tr class="data_o"><td class="colhd colhdfirst">',$L['Location'],'</td><td class="colct">',$row['location'],'&nbsp;</td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Email'],$strPriv,'</td><td class="colct">',$strMail,'</td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Phone'],$strPriv,'</td><td class="colct">',$strPhone,'</td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Website'],'</td><td class="colct">',(empty($row['www']) ? S : '<a class="small" href="'.$row['www'].'" target="_blank">'.$row['www'].'</a>'),'</td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Joined'],'</td><td class="colct">',QTdatestr($row['firstdate'],'$',''),'&nbsp;</td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Topics'],'</td><td class="colct">',(empty($strParticip) ? $L['None'] : $strParticip),'</td></tr>
';
if ( $bMap ) {
if ( $oVIP->id==$id || $oVIP->IsStaff() ) {
if ( !empty($row['x']) && !empty($row['y']) ) {

  if ( $bMapGoogle )
  {
    $strPosition = '<div id="map_canvas" style="width:100%; height:350px;"></div>';
    if ( $row['privacy']=='0' && !$oVIP->IsStaff() ) $strPosition = '&nbsp;';
    if ( $row['privacy']=='1' && $oVIP->role=='V' ) $strPosition = '&nbsp;';
    echo '<tr class="data_o"><td class="colhd colhdfirst">',$L['map']['position'],$strPriv,'</td><td class="colct">',$strPosition,'</td></tr>';
  }
  if ( $bMapSitework )
  {
    echo '<tr class="data_o"><td class="colhd colhdfirst">',$L['map']['position'],$strPriv,'</td><td class="colct">';
    include('qtim_sitework/mapapi.php');
    echo '</td></tr>';
  }

  echo '<tr class="data_o">
  <td class="colhd colhdfirst">',$L['Coord'],$strPriv,'</td>
  <td class="colct">'.$strCoord.(isset($strPlink) ? S.$strPlink : S).'</td>
  </tr>
  ';
}}}
echo '</table>';

// --------
}
else
{
// --------

echo '
<form method="post" action="',Href('qti_user.php'),'?id=',$id,'">
<table class="data_o" cellspacing="0" summary="profile">
<colgroup span="2"><col width="150"></col><col></col></colgroup>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Username'],'</td><td class="colct"><b>',$row['name'],'</b></td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Role'],'</td><td class="colct">',$L['Userrole'][$row['role']],'</td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Privacy'],'</td><td class="colct">',$L['Email'],'/',$L['Phone'],($bMap ? '/'.$L['map']['position'] : ''),' <select size="1" name="privacy" class="small"><option value="0"',($row['privacy']=='0' ? QSEL : ''),'>',$L['Privacy_visible'][0],'</option><option value="1"',($row['privacy']=='1' ? QSEL : ''),'>',$L['Privacy_visible'][1],'</option><option value="2"',($row['privacy']=='2' ? QSEL : ''),'>',$L['Privacy_visible'][2],'</option></select></td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Location'],'</td><td class="colct"><input type="text" name="location" size="35" maxlength="24" value="',(empty($row['location']) ? '' : QTconv($row['location'],'I')),'" /></td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Email'],'</td><td class="colct"><input type="text" name="mail" size="35" maxlength="64" value="',$row['mail'],'" /></td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Phone'],'</td><td class="colct"><input type="text" name="phone" size="35" maxlength="64" value="',(empty($row['phone']) ? '' : QTconv($row['phone'],'I')),'" /></td></tr>
<tr class="data_o"><td class="colhd colhdfirst">',$L['Website'],'</td><td class="colct"><input type="text" name="www" size="35" maxlength="64" value="',(!empty($row['www']) ? $row['www'] : 'http://'),'" title="',$L['H_Website'],'" /></td>
</tr>
';
if ( $oVIP->role=='A' )
{
  if ( QTI_USE_COPPA )
  {
  echo '<tr class="data_o">';
  echo '<td class="colhd colhdfirst">',$L['Child'],'</td>';
  echo '<td class="colct">';
  echo '<select size="1" name="child">';
  echo '<option value="0"',($row['children']=='0' ? QSEL : ''),'>',$L['N'],'</option>';
  echo '<option value="1"',($row['children']=='1' ? QSEL : ''),'>',$L['Y'],' ',$L['With_parent_agree'],'</option>';
  echo '<option value="2"',($row['children']=='2' ? QSEL : ''),'>',$L['Y'],' ',$L['Without_parent_agree'],'</option>';
  echo '</select>';
  echo '</td>';
  echo '</tr>',N;
  echo '<tr class="data_o">';
  echo '<td class="colhd colhdfirst">',$L['Parent_mail'],'</td>';
  echo '<td class="colct"><input type="text" name="parentmail" size="32" maxlength="64" value="',$row['parentmail'],'" /></td>';
  echo '</tr>',N;
  }
}

if ( $bMap )
{
  $strPosition = '<p class="small" style="margin:2px 0 4px 2px;text-align:right">'.$L['map']['cancreate'];
  $strPosition .= ' | <a class="small" href="javascript:void(0)" onclick="createMarker(); return false;" title="'.$L['map']['H_pntadd'].'" />'.$L['map']['pntadd'].'</a>';
  if ( !empty($row['x']) || !empty($row['y']) )
  {
    $strPosition = '<p class="small" style="margin:2px 0 4px 2px;text-align:right">'.$L['map']['canmove'];
    $strPosition .= ' | <a class="small" href="javascript:void(0)" onclick="deleteMarker(); return false;" />'.$L['map']['pntdelete'].'</a>';
  }
  $strPosition .= ' | <a class="small" href="javascript:void(0)" onclick="undoChanges(); return false;" />'.$L['map']['undo'].'</a></p>';
  $strPosition .= '
  <div id="map_canvas" style="width:100%; height:345px;"></div>
  <input type="hidden" id="m_map_gcenter" name="m_map_gcenter" value="'.(!empty($row['y']) ? $row['y'].','.$row['x'] : '').'" />
  ';
  $strPosition .= '<p class="small" style="margin:4px 0 2px 2px;text-align:right">'.$L['map']['addrlatlng'].' <input type="text" size="24" id="find" name="find" class="small" value="'.$_SESSION[QT]['m_map_gfind'].'" onkeyup="qtKeypress(event,\'findit\')" title="'.$L['map']['H_addrlatlng'].'" /> <input type="submit" id="findit" class="small" onclick="showLocation(document.getElementById(\'find\').value); return false;" value="'.$L['Search'].'" /></p>';
  echo '<tr><td class="colhd colhdfirst">',$L['map']['position'],'</td><td class="colct">',$strPosition,'</td></tr>';

  echo '<tr class="data_o">
  <td class="colhd colhdfirst">',$L['Coord'],'</td>
  <td class="colct"><input type="text" id="m_map_coord" name="coord" size="32" value="'.(!empty($row['y']) ? $row['y'].','.$row['x'] : '').'" /> <span class="small">',$L['Coord_latlon'],'</span></td>
  </tr>
  ';
}

echo '
<tr class="data_o">
<td class="colhd colhdfirst"><input type="hidden" name="id" value="',$id,'" /><input type="hidden" name="name" value="',$row['name'],'" /></td>
<td class="colct"><input type="submit" name="ok" value="',$L['Save'],'" />',( !empty($error) ? ' <span class="error">'.$error.'</span>' : '' ),'</td>
</tr>
</table>
</form>
';

// --------
}
// --------

echo '
</td>
</tr>
</table>
';

// --------
// HTML END
// --------

// MAP MODULE

if ( $bMap ) { $bEdit=$_SESSION[QT]['editing']; include('qtim_map_load.php'); }

include('qti_p_footer.php');

?>
Return current item: QuickTicket