Passed
Push — master ( 6209eb...36ba5e )
by Michael
51s queued 14s
created

edituser.php (6 issues)

1
<?php
2
/**
3
 * Extended User Profile
4
 *
5
 * You may not change or alter any portion of this comment or credits
6
 * of supporting developers from this source code or any supporting source code
7
 * which is considered copyrighted (c) material of the original comment or credit authors.
8
 * This program is distributed in the hope that it will be useful,
9
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11
 *
12
 * @copyright       (c) 2000-2016 XOOPS Project (www.xoops.org)
13
 * @license             GNU GPL 2 (http://www.gnu.org/licenses/gpl-2.0.html)
14
 * @package             profile
15
 * @since               2.3.0
16
 * @author              Jan Pedersen
17
 * @author              Taiwen Jiang <[email protected]>
18
 */
19
20
use Xmf\Request;
21
use XoopsModules\Yogurt;
22
use XoopsModules\Yogurt\IndexController;
23
24
$GLOBALS['xoopsOption']['template_main'] = 'yogurt_editprofile.tpl';
25
require __DIR__ . '/header.php';
26
27
/**
28
 * Fetching numbers of groups friends videos pictures etc...
29
 */
30
$controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule);
0 ignored issues
show
The call to XoopsModules\Yogurt\IndexController::__construct() has too many arguments starting with $xoopsModule. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

30
$controller = /** @scrutinizer ignore-call */ new IndexController($xoopsDB, $xoopsUser, $xoopsModule);

This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.

If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.

Loading history...
31
$nbSections = $controller->getNumbersSections();
32
33
include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
34
35
// If not a user, redirect
36
if (!is_object($GLOBALS['xoopsUser'])) {
37
    redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
38
}
39
40
$myts                       = MyTextSanitizer::getInstance();
41
$op                         = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'editprofile';
42
/* @var XoopsConfigHandler $config_handler */
43
$config_handler             = xoops_getHandler('config');
44
$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
45
46
if ($op === 'save') {
47
    if (!$GLOBALS['xoopsSecurity']->check()) {
48
        redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
49
        exit();
50
    }
51
    $uid      = $GLOBALS['xoopsUser']->getVar('uid');
52
    $errors   = array();
53
    $edituser =& $GLOBALS['xoopsUser'];
54
    if ($GLOBALS['xoopsUser']->isAdmin()) {
55
        $edituser->setVar('uname', trim($_POST['uname']));
56
        $edituser->setVar('email', trim($_POST['email']));
57
    }
58
    xoops_load('XoopsUserUtility');
59
    $stop = XoopsUserUtility::validate($edituser);
60
61
    if (!empty($stop)) {
62
        $op = 'editprofile';
63
    } else {
64
65
        // Dynamic fields
66
        $profile_handler = xoops_getModuleHandler('profile');
67
        // Get fields
68
        $fields = $profile_handler->loadFields();
0 ignored issues
show
The method loadFields() does not exist on XoopsObjectHandler. It seems like you code against a sub-type of XoopsObjectHandler such as XoopsPersistableObjectHandler. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

68
        /** @scrutinizer ignore-call */ 
69
        $fields = $profile_handler->loadFields();
Loading history...
69
        // Get ids of fields that can be edited
70
        /* @var  XoopsGroupPermHandler $gperm_handler */
71
        $gperm_handler   = xoops_getHandler('groupperm');
72
        $editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));
73
74
        if (!$profile = $profile_handler->get($edituser->getVar('uid'))) {
75
            $profile = $profile_handler->create();
76
            $profile->setVar('profile_id', $edituser->getVar('uid'));
77
        }
78
79
        foreach (array_keys($fields) as $i) {
80
            $fieldname = $fields[$i]->getVar('field_name');
81
            if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) {
82
                $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
83
                if (in_array($fieldname, $profile_handler->getUserVars())) {
0 ignored issues
show
The method getUserVars() does not exist on XoopsObjectHandler. It seems like you code against a sub-type of XoopsObjectHandler such as XoopsPersistableObjectHandler. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

83
                if (in_array($fieldname, $profile_handler->/** @scrutinizer ignore-call */ getUserVars())) {
Loading history...
84
                    $edituser->setVar($fieldname, $value);
85
                } else {
86
                    $profile->setVar($fieldname, $value);
87
                }
88
            }
89
        }
90
        if (!$member_handler->insertUser($edituser)) {
91
            $stop = $edituser->getHtmlErrors();
92
            $op   = 'editprofile';
93
        } else {
94
            $profile->setVar('profile_id', $edituser->getVar('uid'));
95
            $profile_handler->insert($profile);
96
            unset($_SESSION['xoopsUserTheme']);
97
            redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
98
        }
99
    }
100
}
101
102
if ($op === 'editprofile') {
103
    include_once $GLOBALS['xoops']->path('header.php');
104
    include_once __DIR__ . '/include/forms.php';
105
    $form = yogurt_getUserForm($GLOBALS['xoopsUser']);
106
    $form->assign($GLOBALS['xoopsTpl']);
107
    if (!empty($stop)) {
108
        $GLOBALS['xoopsTpl']->assign('stop', $stop);
109
    }
110
111
    $xoBreadcrumbs[] = array('title' => _US_EDITPROFILE);
112
}
113
114
if ($op === 'avatarform') {
115
    $GLOBALS['xoopsOption']['template_main'] = 'yogurt_avatar.tpl';
116
    include $GLOBALS['xoops']->path('header.php');
117
    $xoBreadcrumbs[] = array('title' => _US_MYAVATAR);
118
119
    $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
120
    if (!empty($oldavatar) && $oldavatar !== 'blank.gif') {
121
        $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
122
    }
123
    if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
124
        include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
125
        $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
126
        $form->setExtra('enctype="multipart/form-data"');
127
        $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
128
        $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']));
129
        $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
130
        $form->addElement(new XoopsFormHidden('op', 'avatarupload'));
131
        $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
132
        $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
133
        $form->assign($GLOBALS['xoopsTpl']);
134
    }
135
    $avatar_handler  = xoops_getHandler('avatar');
136
    $form2           = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
137
    $avatar_select   = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
138
    $avatar_list     = $avatar_handler->getList('S', true);
0 ignored issues
show
The method getList() does not exist on XoopsObjectHandler. It seems like you code against a sub-type of XoopsObjectHandler such as XoopsModuleHandler or XoopsImageHandler or XoopsRankHandler or XoopsCommentHandler or XoopsTplsetHandler or XoopsAvatarHandler or XoopsBlockHandler or XoopsImagesetHandler or XoopsPersistableObjectHandler or XoopsImagecategoryHandler. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

138
    /** @scrutinizer ignore-call */ 
139
    $avatar_list     = $avatar_handler->getList('S', true);
Loading history...
139
    $avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E');
140
    //    $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif";
141
    $avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif';
142
    $avatar_select->addOptionArray($avatar_list);
143
    $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
144
    $avatar_tray = new XoopsFormElementTray(_US_AVATAR, '&nbsp;');
145
    $avatar_tray->addElement($avatar_select);
146
    $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&amp;type=avatars','avatars',600,400);\">" . _LIST . '</a><br>'));
147
    $avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />"));
148
    $form2->addElement($avatar_tray);
149
    $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
150
    $form2->addElement(new XoopsFormHidden('op', 'avatarchoose'));
151
    $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
152
    $form2->assign($GLOBALS['xoopsTpl']);
153
}
154
155
if ($op === 'avatarupload') {
156
    if (!$GLOBALS['xoopsSecurity']->check()) {
157
        redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
158
        exit;
159
    }
160
    $xoops_upload_file = array();
161
    $uid               = 0;
162
    if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) {
163
        $xoops_upload_file = $_POST['xoops_upload_file'];
164
    }
165
    if (!empty($_POST['uid'])) {
166
        $uid = (int)$_POST['uid'];
167
    }
168
    if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
169
        redirect_header('index.php', 3, _US_NOEDITRIGHT);
170
    }
171
    if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
172
        include_once $GLOBALS['xoops']->path('class/uploader.php');
173
        $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH . '/avatars', array(
174
            'image/gif',
175
            'image/jpeg',
176
            'image/pjpeg',
177
            'image/x-png',
178
            'image/png'), $GLOBALS['xoopsConfigUser']['avatar_maxsize'], $GLOBALS['xoopsConfigUser']['avatar_width'], $GLOBALS['xoopsConfigUser']['avatar_height']);
179
        if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
180
            $uploader->setPrefix('cavt');
181
            if ($uploader->upload()) {
182
                /* @var XoopsAvatarHandler $avt_handler */
183
                $avt_handler = xoops_getHandler('avatar');
184
                $avatar      = $avt_handler->create();
185
                $avatar->setVar('avatar_file', 'avatars/' . $uploader->getSavedFileName());
186
                $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
187
                $avatar->setVar('avatar_mimetype', $uploader->getMediaType());
188
                $avatar->setVar('avatar_display', 1);
189
                $avatar->setVar('avatar_type', 'C');
190
                if (!$avt_handler->insert($avatar)) {
191
                    @unlink($uploader->getSavedDestination());
192
                } else {
193
                    $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
194
                    if (!empty($oldavatar) && false !== strpos(strtolower($oldavatar), 'cavt')) {
195
                        $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar));
196
                        if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
197
                            $avt_handler->delete($avatars[0]);
198
                            $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
199
                            if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
200
                                unlink($oldavatar_path);
201
                            }
202
                        }
203
                    }
204
                    $sql = sprintf('UPDATE %s SET user_avatar = %s WHERE uid = %u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars/' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid'));
205
                    $GLOBALS['xoopsDB']->query($sql);
206
                    $avt_handler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
207
                    redirect_header('index.php?t=' . time() . '&amp;uid=' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
208
                }
209
            }
210
        }
211
        redirect_header('edituser.php?op=avatarform', 3, $uploader->getErrors());
212
    }
213
}
214
215
if ($op === 'avatarchoose') {
216
    if (!$GLOBALS['xoopsSecurity']->check()) {
217
        redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
218
        exit;
219
    }
220
    $uid = 0;
221
    if (!empty($_POST['uid'])) {
222
        $uid = (int)$_POST['uid'];
223
    }
224
    if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
225
        redirect_header('index.php', 3, _US_NOEDITRIGHT);
226
    }
227
    $user_avatar = '';
228
    $avt_handler = xoops_getHandler('avatar');
229
    if (!empty($_POST['user_avatar'])) {
230
        $user_avatar     = $myts->addSlashes(trim($_POST['user_avatar']));
231
        $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
232
        $criteria_avatar->add(new Criteria('avatar_type', 'S'));
233
        $avatars = $avt_handler->getObjects($criteria_avatar);
0 ignored issues
show
The method getObjects() does not exist on XoopsObjectHandler. It seems like you code against a sub-type of said class. However, the method does not exist in XoopsRankHandler or XoUserHandler. Are you sure you never get one of those? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

233
        /** @scrutinizer ignore-call */ 
234
        $avatars = $avt_handler->getObjects($criteria_avatar);
Loading history...
234
        if (!is_array($avatars) || !count($avatars)) {
235
            $user_avatar = 'avatars/blank.gif';
236
        }
237
        unset($avatars, $criteria_avatar);
238
    }
239
    $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . '/' . $user_avatar);
240
    if (0 === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
241
        $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
242
        $GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar);
243
        /* @var XoopsMemberHandler $member_handler */
244
        $member_handler = xoops_getHandler('member');
245
        if (!$member_handler->insertUser($GLOBALS['xoopsUser'])) {
246
            include $GLOBALS['xoops']->path('header.php');
247
            echo $GLOBALS['xoopsUser']->getHtmlErrors();
248
            include $GLOBALS['xoops']->path('footer.php');
249
            exit();
250
        }
251
        //        if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) {
252
        if ($oldavatar && 0 === strpos(strtolower(substr($oldavatar, 8)), 'cavt')) {
253
            $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar));
254
            if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
255
                $avt_handler->delete($avatars[0]);
256
                $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
257
                if (0 === strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
258
                    unlink($oldavatar_path);
259
                }
260
            }
261
        }
262
        if ($user_avatar !== 'avatars/blank.gif') {
263
            $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $user_avatar));
264
            if (is_object($avatars[0])) {
265
                $avt_handler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
0 ignored issues
show
The method addUser() does not exist on XoopsObjectHandler. It seems like you code against a sub-type of XoopsObjectHandler such as XoopsAvatarHandler or XoopsPersistableObjectHandler. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

265
                $avt_handler->/** @scrutinizer ignore-call */ 
266
                              addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
Loading history...
266
            }
267
        }
268
    }
269
    redirect_header('index.php?uid=' . $uid, 0, _US_PROFUPDATED);
270
}
271
272
273
require __DIR__ . '/footer.php';
274
require dirname(__DIR__, 2) . '/footer.php';
275