Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 388 lines (339 sloc) 15.908 kb
4775e82 # more line-ending properties
ts77 authored
1 <?php
2 ////////////////////////////////////////////////////////////////////////////////
3 // //
06e0fdb # Updated copyright notices to 2010.
mmakaay authored
4 // Copyright (C) 2010 Phorum Development Team //
779a941 Updated and straightened out the copyright notices in the Phorum files.
mmakaay authored
5 // http://www.phorum.org //
4775e82 # more line-ending properties
ts77 authored
6 // //
779a941 Updated and straightened out the copyright notices in the Phorum files.
mmakaay authored
7 // This program is free software. You can redistribute it and/or modify //
8 // it under the terms of either the current Phorum License (viewable at //
9 // phorum.org) or the Phorum License that was distributed with this file //
4775e82 # more line-ending properties
ts77 authored
10 // //
779a941 Updated and straightened out the copyright notices in the Phorum files.
mmakaay authored
11 // This program is distributed in the hope that it will be useful, //
12 // but WITHOUT ANY WARRANTY, without even the implied warranty of //
13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
4775e82 # more line-ending properties
ts77 authored
14 // //
779a941 Updated and straightened out the copyright notices in the Phorum files.
mmakaay authored
15 // You should have received a copy of the Phorum License //
16 // along with this program. //
30964b6 # It's a dirty job, but someone got to do it (-: copyright upgraded to 2...
mmakaay authored
17 // //
4775e82 # more line-ending properties
ts77 authored
18 ////////////////////////////////////////////////////////////////////////////////
19
30964b6 # It's a dirty job, but someone got to do it (-: copyright upgraded to 2...
mmakaay authored
20 define('phorum_page','control');
7d1a745 Modified common.php and the API layer files to make use of absolute path...
mmakaay authored
21 require_once './common.php';
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
22 require_once PHORUM_PATH.'/include/api/format/users.php';
23 require_once PHORUM_PATH.'/include/api/format/messages.php';
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
24
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
25 phorum_api_request_require_login(TRUE);
4775e82 # more line-ending properties
ts77 authored
26
82b97cc Added a layer of protection against CSRF (Cross Site Request Forgery) at...
mmakaay authored
27 // CSRF protection: we do not accept posting to this script,
28 // when the browser does not include a Phorum signed token
29 // in the request.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
30 phorum_api_request_check_token();
82b97cc Added a layer of protection against CSRF (Cross Site Request Forgery) at...
mmakaay authored
31
03efec2 # Include strict security checking in phorum_api_request_require_login()...
mmakaay authored
32 define("PHORUM_CONTROL_CENTER", 1);
ba5300d New security feature! Users must confirm their login before posting or ...
brian authored
33
4775e82 # more line-ending properties
ts77 authored
34 $error_msg = false;
b0b0faa MFB: Fixed possible XSS issues, exploitable with register_globals = on; ...
ts77 authored
35 $error = "";
e404a2a Fixed bug: when changing the password twice in a row from the control ce...
mmakaay authored
36 $okmsg = isset($PHORUM['args']['okmsg']) ? htmlspecialchars($PHORUM['args']['okmsg'], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) : "";
da9b6ea MFB: initializing and checking template-var
mmakaay authored
37 $template = "";
4775e82 # more line-ending properties
ts77 authored
38
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
39 // Generating the panel id of the page to use.
65a9dd1 # change urls in template to new standard. fixed pm read style. other m...
brian authored
40 if(isset($PHORUM['args']['panel'])){
41 $panel = $PHORUM['args']['panel'];
4775e82 # more line-ending properties
ts77 authored
42
65a9dd1 # change urls in template to new standard. fixed pm read style. other m...
brian authored
43 } elseif(isset($_POST["panel"])){
44 $panel = $_POST["panel"];
45
46 } else {
47 $panel = PHORUM_CC_SUMMARY;
4775e82 # more line-ending properties
ts77 authored
48 }
49
3968679 # Make $panel safe for all instances that are used in the control.php sc...
mmakaay authored
50 $panel = htmlspecialchars(
51 basename($panel), ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]
52 );
65a9dd1 # change urls in template to new standard. fixed pm read style. other m...
brian authored
53
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
54 // Set all our URLs.
4775e82 # more line-ending properties
ts77 authored
55 phorum_build_common_urls();
56
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
57 // Generate the control panel URLs.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
58 $PHORUM['DATA']['URL']['CC0'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SUMMARY);
59 $PHORUM['DATA']['URL']['CC1'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SUBSCRIPTION_THREADS);
60 $PHORUM['DATA']['URL']['CC2'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SUBSCRIPTION_FORUMS);
61 $PHORUM['DATA']['URL']['CC3'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_USERINFO);
62 $PHORUM['DATA']['URL']['CC4'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SIGNATURE);
63 $PHORUM['DATA']['URL']['CC5'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_MAIL);
64 $PHORUM['DATA']['URL']['CC6'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_BOARD);
65 $PHORUM['DATA']['URL']['CC7'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PASSWORD);
66 $PHORUM['DATA']['URL']['CC8'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_UNAPPROVED);
67 $PHORUM['DATA']['URL']['CC9'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_FILES);
68 $PHORUM['DATA']['URL']['CC10'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_USERS);
69 $PHORUM['DATA']['URL']['CC14'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PRIVACY);
70 $PHORUM['DATA']['URL']['CC15'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MODERATION);
71 $PHORUM['DATA']['URL']['CC16'] = phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MEMBERSHIP);
4775e82 # more line-ending properties
ts77 authored
72
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
73 // Determine if the user files functionality is available.
74 $PHORUM["DATA"]["MYFILES"] = ($PHORUM["file_uploads"] || $PHORUM["user"]["admin"]);
4775e82 # more line-ending properties
ts77 authored
75
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
76 // Determine if the user is a moderator.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
77 $PHORUM["DATA"]["MESSAGE_MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, PHORUM_ACCESS_ANY);
78 $PHORUM["DATA"]["USER_MODERATOR"] = phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_USERS, PHORUM_ACCESS_ANY);
79 $PHORUM["DATA"]["GROUP_MODERATOR"] = phorum_api_user_check_group_access(PHORUM_USER_GROUP_MODERATOR, PHORUM_ACCESS_ANY);
4775e82 # more line-ending properties
ts77 authored
80 $PHORUM["DATA"]["MODERATOR"] = ($PHORUM["DATA"]["USER_MODERATOR"] + $PHORUM["DATA"]["MESSAGE_MODERATOR"] + $PHORUM["DATA"]["GROUP_MODERATOR"]) > 0;
81
6889943 # Implemented option "allow_pm_email_notify" and added in-program
mmakaay authored
82 // If global email hiding is not enabled, then give the user a chance
83 // to choose for hiding himself.
84 $PHORUM['DATA']['SHOW_EMAIL_HIDE'] = empty($PHORUM['hide_email_addr']) ? 1 : 0;
85
86 // If pm email notifications are enabled, then give the user a chance
87 // to disable it.
88 $PHORUM['DATA']['SHOW_PM_EMAIL_NOTIFY'] = !empty($PHORUM["allow_pm_email_notify"]);
c2a9997 added global option to hide email-addresses (#559)
ts77 authored
89
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
90 // The form action for the common form.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
91 $PHORUM["DATA"]["URL"]["ACTION"] = phorum_api_url(PHORUM_CONTROLCENTER_ACTION_URL);
4775e82 # more line-ending properties
ts77 authored
92
31fde34 MFB: breadcrumbs in template are now generated from the forum-path store...
ts77 authored
93 // fill the breadcrumbs-info
417d8dc # Some additions to the breadcrumb generation code and the root node
mmakaay authored
94 $PHORUM['DATA']['BREADCRUMBS'][]=array(
95 'URL'=>$PHORUM['DATA']['URL']['REGISTERPROFILE'],
96 'TEXT'=>$PHORUM['DATA']['LANG']['MyProfile'],
97 'TYPE'=>'control'
98 );
31fde34 MFB: breadcrumbs in template are now generated from the forum-path store...
ts77 authored
99
4775e82 # more line-ending properties
ts77 authored
100 $user = $PHORUM['user'];
101
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
102 // Security messures.
4775e82 # more line-ending properties
ts77 authored
103 unset($user["password"]);
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
104 unset($user["password_temp"]);
4775e82 # more line-ending properties
ts77 authored
105 unset($user["permissions"]);
106
8a68ecc made two different variables for signature in control panel. one for for...
ts77 authored
107 // Fake a message here so we can run the sig through format_message.
108 $fake_messages = array(array("author"=>"", "email"=>"", "subject"=>"", "body"=>$user["signature"]));
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
109 $fake_messages = phorum_api_format_messages($fake_messages);
8a68ecc made two different variables for signature in control panel. one for for...
ts77 authored
110 $user["signature_formatted"] = $fake_messages[0]["body"];
6e867ab MFB: User's signatures were not being escaped.
brian authored
111
67fbecc # Prevent duplicate escaping of the signature in the control panel.
mmakaay authored
112 // Format the user signature using standard message body formatting
113 // or HTML escape it
114 $user["signature"] = htmlspecialchars($user["signature"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
115
2746b52 Various fixes for (minor) security related issues.
mmakaay authored
116 // HTML escape all other fields that are used in the control center.
117 foreach ($user as $key => $val) {
118 if (is_array($val) || substr($key, 0, 9) == 'signature') continue;
119 $user[$key] = htmlspecialchars($user[$key], ENT_COMPAT, $PHORUM['DATA']['HCHARSET']);
120 }
121
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
122 // Initialize any custom profile fields that are not present.
14506cf added more general custom field api (just a port from custom profile fie...
ts77 authored
123 if (!empty($PHORUM["PROFILE_FIELDS"][PHORUM_CUSTOM_FIELD_USER])) {
124 foreach($PHORUM["PROFILE_FIELDS"][PHORUM_CUSTOM_FIELD_USER] as $id => $field) {
a84aba9 # Updates for handling custom profile fields that are flagged "deleted".
mmakaay authored
125 if ($id === 'num_fields' || !empty($field['deleted'])) continue;
4775e82 # more line-ending properties
ts77 authored
126 if (!isset($user[$field['name']])) $user[$field['name']] = "";
127 }
128 }
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
129
130 // Setup template data.
4775e82 # more line-ending properties
ts77 authored
131 $PHORUM["DATA"]["PROFILE"] = $user;
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
132 $PHORUM["DATA"]["PROFILE"]["forum_id"] = isset($PHORUM["forum_id"]) ? $PHORUM['forum_id'] : 0;
133 $PHORUM["DATA"]["PROFILE"]["PANEL"] = $panel;
25d2b98 # moved a couple of hidden-fields from templates into php (#557)
ts77 authored
134 // used in nearly all or all cc-panels
3968679 # Make $panel safe for all instances that are used in the control.php sc...
mmakaay authored
135 $PHORUM['DATA']['POST_VARS'].="<input type=\"hidden\" name=\"panel\" value=\"$panel\" />\n";
4775e82 # more line-ending properties
ts77 authored
136
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
137 // Set the back-URL and -message.
138 if ($PHORUM['forum_id'] > 0 && $PHORUM['folder_flag'] == 0) {
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
139 $PHORUM['DATA']['URL']['BACK'] = phorum_api_url(PHORUM_LIST_URL);
4775e82 # more line-ending properties
ts77 authored
140 $PHORUM['DATA']['URL']['BACKTITLE'] = $PHORUM['DATA']['LANG']['BacktoForum'];
141 } else {
142 if(isset($PHORUM['forum_id'])) {
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
143 $PHORUM['DATA']['URL']['BACK'] = phorum_api_url(PHORUM_INDEX_URL,$PHORUM['forum_id']);
4775e82 # more line-ending properties
ts77 authored
144 } else {
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
145 $PHORUM['DATA']['URL']['BACK'] = phorum_api_url(PHORUM_INDEX_URL);
4775e82 # more line-ending properties
ts77 authored
146 }
147 $PHORUM['DATA']['URL']['BACKTITLE'] = $PHORUM['DATA']['LANG']['BackToForumList'];
148 }
149
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
150 // Load the code for the current panel.
151 /**
152 * [hook]
153 * cc_panel
154 *
155 * [description]
156 * This hook can be used to implement an extra control center panel
157 * or to override an existing panel if you like.
158 *
159 * [category]
160 * Control center
161 *
162 * [when]
163 * Right before loading a standard panel's include file.
164 *
165 * [input]
166 * An array containing the following fields:
167 * <ul>
168 * <li>panel:
169 * the name of the panel that has to be loaded. The module will
170 * have to check this field to see if it should handle the
1d36fea # Documentation updates.
mmakaay authored
171 * panel or not.</li>
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
172 * <li>template:
173 * the name of the template that has to be loaded. This field should
1d36fea # Documentation updates.
mmakaay authored
174 * be filled by the module if it wants to load a specific
175 * template.</li>
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
176 * <li>handled:
177 * if a module does handle the panel, then it can set this field
178 * to a true value, to prevent Phorum from running the standard
1d36fea # Documentation updates.
mmakaay authored
179 * panel code.</li>
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
180 * <li>error:
1d36fea # Documentation updates.
mmakaay authored
181 * modules can fill this field with an error message to show.</li>
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
182 * <li>okmsg:
1d36fea # Documentation updates.
mmakaay authored
183 * modules can fill this field with an ok message to show.</li>
1ee5876 MFB: added force_{okmsg|error} to hook_info in control.php to allow over...
ts77 authored
184 * <li>force_okmsg:
185 * modules can fill this field if their okmsg should take precedence
186 * over the okmsg set from the core controlcenter panel.</li>
187 * <li>force_error:
188 * modules can fill this field if their error should take precedence
189 * over the error set from the core controlcenter panel.</li>
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
190 * </ul>
191 *
192 * [output]
193 * The same array as the one that was used for the hook call
ee2545f Implemented a new hook "login_custom_action", that can be used to overri...
mmakaay authored
194 * argument, possibly with the "template", "handled", "error",
195 * "okmsg", "force_okmsg" and "force_error" fields updated in it.
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
196 */
197 $hook_info = array(
ee2545f Implemented a new hook "login_custom_action", that can be used to overri...
mmakaay authored
198 'panel' => $panel,
199 'template' => NULL,
200 'handled' => FALSE,
201 'error' => NULL,
202 'okmsg' => NULL,
1ee5876 MFB: added force_{okmsg|error} to hook_info in control.php to allow over...
ts77 authored
203 'force_okmsg' => FALSE,
204 'force_error' => FALSE,
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
205 );
206 if (isset($PHORUM['hooks']['cc_panel'])) {
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
207 $hook_info = phorum_api_hook('cc_panel', $hook_info);
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
208 }
209
210 // Retrieve template, error and okmsg info from the module info.
211 if ($hook_info['template'] !== NULL) { $template = $hook_info['template']; }
ee2545f Implemented a new hook "login_custom_action", that can be used to overri...
mmakaay authored
212 if ($hook_info['okmsg'] !== NULL) { $okmsg = $hook_info['okmsg']; }
213 if ($hook_info['error'] !== NULL) { $error = $hook_info['error']; }
13c8647 Implemented a new hook "cc_panel", which can be used to build extra cc p...
mmakaay authored
214
215 // If no module did handle the control center panel, then try to load
216 // a standard control center panel file.
217 if (!$hook_info['handled']) {
218 if (file_exists("./include/controlcenter/$panel.php")) {
219 include "./include/controlcenter/$panel.php";
220 } else {
221 include "./include/controlcenter/summary.php";
222 }
4775e82 # more line-ending properties
ts77 authored
223 }
224
dc896a1 MFB: show the current controlcenter panel also in the breadcrumbs and th...
ts77 authored
225 // set the page title correctly
226 $PHORUM['DATA']['HTML_TITLE'].=PHORUM_SEPARATOR.$PHORUM["DATA"]["LANG"]["MyProfile"];
227
449a669 new templates working on CC now
brian authored
228 if(empty($PHORUM["DATA"]["HEADING"])){
bc1da40 # Fixed default HEADING for control.php.
mmakaay authored
229 $PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["MyProfile"];
dc896a1 MFB: show the current controlcenter panel also in the breadcrumbs and th...
ts77 authored
230 } else {
231 // set the breadcrumb with the heading
232 $PHORUM['DATA']['BREADCRUMBS'][]=array(
233 'URL'=>phorum_api_url(PHORUM_CONTROLCENTER_URL, "panel=$panel"),
234 'TEXT'=>$PHORUM['DATA']['HEADING'],
235 'TYPE'=>'control'
236 );
237 $PHORUM['DATA']['HTML_TITLE'].=PHORUM_SEPARATOR.$PHORUM['DATA']['HEADING'];
449a669 new templates working on CC now
brian authored
238 }
239
240 // unset default description
bcd2e35 Fixed #692: the control center and private message pages no longer show ...
mmakaay authored
241 $PHORUM['DATA']['DESCRIPTION'] = '';
242 $PHORUM['DATA']['HTML_DESCRIPTION'] = '';
449a669 new templates working on CC now
brian authored
243
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
244 // The include file can set the template we have to use for
245 // displaying the main part of the control panel screen
246 // in the $template variable.
da9b6ea MFB: initializing and checking template-var
mmakaay authored
247 if (isset($template) && !empty($template)) {
4775e82 # more line-ending properties
ts77 authored
248 $PHORUM['DATA']['content_template'] = $template;
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
249 }
4775e82 # more line-ending properties
ts77 authored
250
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
251 // The include file can also set an error message to show
252 // in the $error variable and a success message in $okmsg.
1ee5876 MFB: added force_{okmsg|error} to hook_info in control.php to allow over...
ts77 authored
253 if (!$hook_info['force_error'] && isset($error) && !empty($error)) $PHORUM['DATA']['ERROR'] = $error;
254 if (!$hook_info['force_okmsg'] && isset($okmsg) && !empty($okmsg)) $PHORUM['DATA']['OKMSG'] = $okmsg;
4775e82 # more line-ending properties
ts77 authored
255
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
256 if ($error_msg) { // Possibly set from the panel include file.
293da1e Moved all template output to common function for control. Added new sta...
brian authored
257 $template = "message";
4775e82 # more line-ending properties
ts77 authored
258 } else {
293da1e Moved all template output to common function for control. Added new sta...
brian authored
259 $template = "cc_index";
4775e82 # more line-ending properties
ts77 authored
260 }
293da1e Moved all template output to common function for control. Added new sta...
brian authored
261
262 // Display the control panel page.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
263 phorum_api_output($template);
4775e82 # more line-ending properties
ts77 authored
264
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
265 // ============================================================================
4775e82 # more line-ending properties
ts77 authored
266
267 /**
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
268 * A common function which is used to save the userdata from the post-data.
269 * @param panel - The panel for which to save data.
270 * @return array - An array containing $error and $okmsg.
4775e82 # more line-ending properties
ts77 authored
271 */
272 function phorum_controlcenter_user_save($panel)
273 {
032d188 #Initial commit for ticket #698. Just did the files in the base dir in ...
brian authored
274 global $PHORUM;
c131993 Moved calling of hooks from phorum_hook() to phorum_api_modules_hook()
mmakaay authored
275
4775e82 # more line-ending properties
ts77 authored
276 $error = "";
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
277 $okmsg = "";
278
e8dc690 Moved real_name from a custom profile field to a real user table field.
mmakaay authored
279 // Setup the default userdata fields that can be changed
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
280 // from the control panel interface.
281 $userdata = array(
282 'signature' => NULL,
283 'hide_email' => NULL,
284 'hide_activity' => NULL,
285 'tz_offset' => NULL,
286 'is_dst' => NULL,
287 'user_language' => NULL,
288 'threaded_list' => NULL,
289 'threaded_read' => NULL,
290 'email_notify' => NULL,
291 'show_signature' => NULL,
292 'pm_email_notify' => NULL,
e8d7541 MFB: # user_template could not be changed from the control center panels
mmakaay authored
293 'user_template' => NULL,
c403121 added options for moderators to avoid getting moderation-emails, impleme...
ts77 authored
294 'moderation_email'=> NULL,
e8dc690 Moved real_name from a custom profile field to a real user table field.
mmakaay authored
295 'real_name' => NULL,
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
296 );
2746b52 Various fixes for (minor) security related issues.
mmakaay authored
297 // Password related fields can only be updated from the password panel.
298 if ($panel == 'password') {
299 $userdata['password'] = NULL;
300 $userdata['password_temp'] = NULL;
301 }
302 // E-mail address related fields can only be updated from the email panel.
303 if ($panel == 'email') {
304 $userdata['email'] = NULL;
305 $userdata['email_temp'] = NULL;
306 }
307 // E-mail address related fields can only be updated from the email panel.
308 if ($panel == 'email') {
309 $userdata['email'] = NULL;
310 $userdata['email_temp'] = NULL;
311 }
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
312 // Add custom profile fields as acceptable fields.
14506cf added more general custom field api (just a port from custom profile fie...
ts77 authored
313 foreach ($PHORUM["PROFILE_FIELDS"][PHORUM_CUSTOM_FIELD_USER] as $id => $field) {
a84aba9 # Updates for handling custom profile fields that are flagged "deleted".
mmakaay authored
314 if ($id === "num_fields" || !empty($field['deleted'])) continue;
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
315 $userdata[$field["name"]] = NULL;
316 }
317 // Update userdata with $_POST information.
318 foreach ($_POST as $key => $val) {
319 if (array_key_exists($key, $userdata)) {
320 $userdata[$key] = $val;
321 }
322 }
323 // Remove unused profile fields.
324 foreach ($userdata as $key => $val) {
325 if (is_null($val)) {
326 unset($userdata[$key]);
327 }
328 }
4775e82 # more line-ending properties
ts77 authored
329
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
330 // Set static userdata.
4775e82 # more line-ending properties
ts77 authored
331 $userdata["user_id"] = $PHORUM["user"]["user_id"];
332
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
333 // Run a hook, so module writers can update and check the userdata.
5ad1de1 Made the phorum_hook calls conditional, which should speed up execution
mmakaay authored
334 if (isset($PHORUM["hooks"]["cc_save_user"]))
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
335 $userdata = phorum_api_hook("cc_save_user", $userdata);
4775e82 # more line-ending properties
ts77 authored
336
a2e0aab Improved switching between user selected templates. The new template is ...
mmakaay authored
337 // Set $error, in case the cc_save_user hook did set an error.
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
338 if (isset($userdata['error'])) {
6e867ab MFB: User's signatures were not being escaped.
brian authored
339 $error=$userdata['error'];
340 unset($userdata['error']);
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
341 // Try to update the userdata in the database.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
342 } elseif (!phorum_api_user_save($userdata)) {
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
343 // Updating the user failed.
6e867ab MFB: User's signatures were not being escaped.
brian authored
344 $error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
4775e82 # more line-ending properties
ts77 authored
345 } else {
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
346 // Updating the user was successful.
347 $okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];
348
349 // Let the userdata be reloaded.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
350 phorum_api_user_set_active_user(
76affa0 # Implemented various new API call options in the core code.
mmakaay authored
351 PHORUM_FORUM_SESSION,
352 $userdata["user_id"]
353 );
6e867ab MFB: User's signatures were not being escaped.
brian authored
354
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
355 // If a new password was set, then reset all session id(s), so
d30c7bb # Fixing some typo errors. What a looser^H^H^H^Hser ;-)
mmakaay authored
356 // other computers or browser will lose any active session that
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
357 // they are running.
c9b26ea # Fully replaced phorum_user_save/phorum_user_add with the new
mmakaay authored
358 if (isset($userdata["password"]) && $userdata["password"] != '') {
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
359 phorum_api_user_session_create(
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
360 PHORUM_FORUM_SESSION,
361 PHORUM_SESSID_RESET_ALL
362 );
c403121 added options for moderators to avoid getting moderation-emails, impleme...
ts77 authored
363 }
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
364
2d2c1b8 Fixed #717: User data doesn't get reloaded after profile edit.
mmakaay authored
365 // Copy data from the updated user back into the user template data.
1a7e31c # Massive refactoring for going back to pure function calls for the core
mmakaay authored
366 $formatted = phorum_api_format_users(array($PHORUM['user']));
2d2c1b8 Fixed #717: User data doesn't get reloaded after profile edit.
mmakaay authored
367 foreach ($formatted[0] as $key => $val) {
bf5b0d2 # Additional commit for ticket #698. missed these in the earlier commit
brian authored
368 $PHORUM['DATA']['USER'][$key] = $val;
2d2c1b8 Fixed #717: User data doesn't get reloaded after profile edit.
mmakaay authored
369 }
370
371 // Copy data from the updated user back into the profile template data.
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
372 // Leave PANEL and forum_id alone (these are injected into the
373 // userdata in the template from this script).
bf5b0d2 # Additional commit for ticket #698. missed these in the earlier commit
brian authored
374 foreach ($PHORUM["DATA"]["PROFILE"] as $key => $val) {
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
375 if ($key == "PANEL" || $key == "forum_id") continue;
bf5b0d2 # Additional commit for ticket #698. missed these in the earlier commit
brian authored
376 if (isset($PHORUM["user"][$key])) {
377 $PHORUM["DATA"]["PROFILE"][$key] = $PHORUM["user"][$key];
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
378 } else {
bf5b0d2 # Additional commit for ticket #698. missed these in the earlier commit
brian authored
379 $PHORUM["DATA"]["PROFILE"][$key] = "";
6e867ab MFB: User's signatures were not being escaped.
brian authored
380 }
381 }
4775e82 # more line-ending properties
ts77 authored
382 }
383
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
384 return array($error, $okmsg);
4775e82 # more line-ending properties
ts77 authored
385 }
386
387 ?>
Something went wrong with that request. Please try again.