Location: PHPKode > projects > QuickTicket > quickticket/qti_usr_img.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTicket
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.3 build:20091102
*/

session_start();
require_once('bin/qti_init.php');
if ( $_SESSION[QT]['avatar']=='0' ) die(Error(10));
if ( !$oVIP->CanView('U') ) die(Error(11));

// INITIALISE

include('bin/qt_lib_smtp.php');
include(GetLang().'qti_reg.php');

$id = -1; QThttpvar('id','int');
if ( $id<0 ) die('Missing parameters');
if ( $oVIP->id!=$id && !$oVIP->IsStaff() ) die(Error(11));

$oVIP->selfurl = 'qti_usr_img.php';
$oVIP->selfname = $L['Change_avatar'];
$oVIP->exiturl = 'qti_usr.php?id='.$id;
$oVIP->exitname = $L['Profile'];

$oDB->Query('SELECT name,photo,children,parentmail,role FROM '.TABUSER.' WHERE id='.$id);
$row = $oDB->Getrow();

  // staff cannot edit other staff
  if ( $row['role']=='M' && $oVIP->role=='M' && $oVIP->id!=$id ) die(Error(13));

// check folder

$b=false;
if ( is_dir(QTI_DIR_PIC) ) {
if ( is_readable(QTI_DIR_PIC) ) {
if ( is_writable(QTI_DIR_PIC) ) {
  $b=true;
}}}
if ( !$b ) $oVIP->EndMessage(NULL,'The directory ['.QTI_DIR_PIC.'] is not writable (or missing). Please, contact the webmaster to fix the problem.',$_SESSION[QT]['skin_dir'],0);

// --------
// SUBMITTED FOR DELETE
// --------

if ( isset($_POST['del']) )
{
  $oDB->Query('UPDATE '.TABUSER.' SET photo="0" WHERE id='.$id);
  if ( file_exists(QTI_DIR_PIC.$row['photo']) ) unlink(QTI_DIR_PIC.$row['photo']);
  $oVIP->EndMessage(NULL,$L['S_delete'],$_SESSION[QT]['skin_dir'],2);
}

// --------
// SUBMITTED FOR UPLOAD
// --------

if ( isset($_POST['ok']) )
{
  // Check uploaded document

  if ( !isset($_SESSION[QT]['avatar_width']) ) $_SESSION[QT]['avatar_width']=120;
  if ( !isset($_SESSION[QT]['avatar_height']) ) $_SESSION[QT]['avatar_height']=120;
  if ( !isset($_SESSION[QT]['avatar_size']) ) $_SESSION[QT]['avatar_size']=20;

  $error = InvalidUpload($_FILES['title'],$_SESSION[QT]['avatar'],'',intval($_SESSION[QT]['avatar_size']),intval($_SESSION[QT]['avatar_width']),intval($_SESSION[QT]['avatar_height']));

  // Copy file

  if ( empty($error) )
  {
    $strDir = TargetDir(QTI_DIR_PIC,$id); if ( !is_writable(QTI_DIR_PIC.$strDir) ) $oVIP->EndMessage(NULL,'The directory ['.QTI_DIR_PIC.$strDir.'] is not writable (or missing). Please, contact the webmaster to fix the problem.',$_SESSION[QT]['skin_dir'],0);
    $strExt = strtolower(substr(strrchr($_FILES['title']['name'],'.'),1));
    if ( !copy($_FILES['title']['tmp_name'],QTI_DIR_PIC.$strDir.$id.'.'.$strExt) ) $error = 'Cannot copy the file ['.QTI_DIR_PIC.$strDir.$id.'.'.$strExt.']. Possible cause: this directory is readonly.';
    unlink($_FILES['title']['tmp_name']);
  }

  // Save and notify (if coppa)
    
  if ( empty($error) )
  {
    $oDB->Query('UPDATE '.TABUSER.' SET photo="'.$strDir.$id.'.'.$strExt.'" WHERE id='.$id);

    if ( $row['children']=='1' ) {
    if ( $_SESSION[QT]['register_coppa']=='1') {
      $oDB->Query('SELECT parentmail FROM '.TABCHILD.' WHERE id='.$id);
      $row = $oDB->Getrow();
      $strSubject = $_SESSION[QT]['site_name'].' - New picture';
      $strMessage = "We inform you that your children has changed his/her picture on the board {$_SESSION[QT]['site_name']}.\nLogin: %s\nPassword: %s";
      $strFile = GetLang().'mail_img_coppa.php';
      if ( file_exists($strFile) ) include($strFile);
      $strMessage = sprintf($strMessage,$_POST['username']);
      QTmail($row['parentmail'],QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
    }}

    // Exit

    $oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
  }
}

// --------
// HTML START
// --------

if ( $id<0 ) die('Missing parameters');
if ( $oVIP->role!='A' ) { if ($oVIP->id!=$id) die($L['R_member']); }

$bJava=false;
$strHeadScript = '
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
  if (theForm.title.value.length==0) { alert("'.$L['E_mandatory'].': File"); return false; }
  return null;
}
-->
</script>
';

include('qti_p_header.php');

echo '<br/>',N;
echo '<table class="hidden" cellspacing="0">',N;
echo '<tr class="hidden">',N;
echo '<td class="hidden" style="width:175px;"><br/>',AsImgBox(AsImg( (!empty($row['photo']) ? QTI_DIR_PIC.$row['photo'] : ''),'',$row['name'],'member'),'picbox','',$row['name']),'</td>',N;
echo '<td class="hidden">',N;

HtmlMsg(0,'400px','',$oVIP->selfname);

echo '<form method="post" action="',$oVIP->selfurl,'" enctype="multipart/form-data" onsubmit="return ValidateForm(this);">',N;

if ( !empty($error) ) echo '<span class="error">',$error,'</span>',N;
echo '<p class="small" style="text-align:right">',$L['H_Change_avatar'],'</p>
<p style="text-align:right">
<input type="hidden" name="max_file_size" value="',($avatar_size*1024),'"/>
<input type="hidden" name="name" value="',$row['name'],'"/>
<input type="hidden" name="id" value="',$id,'"/>
<input type="hidden" name="child" value="',$row['children'],'"/>
<input type="hidden" name="parentmail" value="',$row['parentmail'],'"/>
<input type="file" id="title" name="title" size="32"/>
<input type="submit" name="ok" value="',$L['Save'],'"/></p>
</form>
';

HtmlMsg(1);

if ( !empty($row['photo']) )
{
  HtmlMsg(0,'400px','',$L['Delete_avatar']);
  echo '<form method="post" action="',$oVIP->selfurl,'">
  <p style="text-align:right">
  <input type="hidden" name="id" value="',$id,'"/>
  <input type="submit" name="del" value="',$L['Delete'],'"/></p>
  </form>
  ';
  HtmlMsg(1);
}

echo '
</td>
</tr>
</table>
<p><a href="',$oVIP->exiturl,'">&laquo; ',$oVIP->exitname,'</a></p>
';

// HTML END

include('qti_p_footer.php');

?>
Return current item: QuickTicket