1 | <?php |
||||||
2 | /** |
||||||
3 | * Extended User Profile |
||||||
4 | * |
||||||
5 | * You may not change or alter any portion of this comment or credits |
||||||
6 | * of supporting developers from this source code or any supporting source code |
||||||
7 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||||||
8 | * This program is distributed in the hope that it will be useful, |
||||||
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||||
11 | * |
||||||
12 | * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) |
||||||
13 | * @license GNU GPL 2 (http://www.gnu.org/licenses/gpl-2.0.html) |
||||||
14 | * @package profile |
||||||
15 | * @since 2.3.0 |
||||||
16 | * @author Jan Pedersen |
||||||
17 | * @author Taiwen Jiang <[email protected]> |
||||||
18 | */ |
||||||
19 | |||||||
20 | use Xmf\Request; |
||||||
21 | use XoopsModules\Yogurt; |
||||||
22 | use XoopsModules\Yogurt\IndexController; |
||||||
23 | |||||||
24 | $GLOBALS['xoopsOption']['template_main'] = 'yogurt_editprofile.tpl'; |
||||||
25 | require __DIR__ . '/header.php'; |
||||||
26 | |||||||
27 | /** |
||||||
28 | * Fetching numbers of groups friends videos pictures etc... |
||||||
29 | */ |
||||||
30 | $controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule); |
||||||
0 ignored issues
–
show
|
|||||||
31 | $nbSections = $controller->getNumbersSections(); |
||||||
32 | |||||||
33 | include_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||||||
34 | |||||||
35 | // If not a user, redirect |
||||||
36 | if (!is_object($GLOBALS['xoopsUser'])) { |
||||||
37 | redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT); |
||||||
38 | } |
||||||
39 | |||||||
40 | $myts = MyTextSanitizer::getInstance(); |
||||||
41 | $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'editprofile'; |
||||||
42 | /* @var XoopsConfigHandler $config_handler */ |
||||||
43 | $config_handler = xoops_getHandler('config'); |
||||||
44 | $GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER); |
||||||
45 | |||||||
46 | if ($op === 'save') { |
||||||
47 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
48 | redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
49 | exit(); |
||||||
50 | } |
||||||
51 | $uid = $GLOBALS['xoopsUser']->getVar('uid'); |
||||||
52 | $errors = array(); |
||||||
53 | $edituser =& $GLOBALS['xoopsUser']; |
||||||
54 | if ($GLOBALS['xoopsUser']->isAdmin()) { |
||||||
55 | $edituser->setVar('uname', trim($_POST['uname'])); |
||||||
56 | $edituser->setVar('email', trim($_POST['email'])); |
||||||
57 | } |
||||||
58 | xoops_load('XoopsUserUtility'); |
||||||
59 | $stop = XoopsUserUtility::validate($edituser); |
||||||
60 | |||||||
61 | if (!empty($stop)) { |
||||||
62 | $op = 'editprofile'; |
||||||
63 | } else { |
||||||
64 | |||||||
65 | // Dynamic fields |
||||||
66 | $profile_handler = xoops_getModuleHandler('profile'); |
||||||
67 | // Get fields |
||||||
68 | $fields = $profile_handler->loadFields(); |
||||||
0 ignored issues
–
show
The method
loadFields() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of XoopsObjectHandler such as XoopsPersistableObjectHandler .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||||
69 | // Get ids of fields that can be edited |
||||||
70 | /* @var XoopsGroupPermHandler $gperm_handler */ |
||||||
71 | $gperm_handler = xoops_getHandler('groupperm'); |
||||||
72 | $editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid')); |
||||||
73 | |||||||
74 | if (!$profile = $profile_handler->get($edituser->getVar('uid'))) { |
||||||
75 | $profile = $profile_handler->create(); |
||||||
76 | $profile->setVar('profile_id', $edituser->getVar('uid')); |
||||||
77 | } |
||||||
78 | |||||||
79 | foreach (array_keys($fields) as $i) { |
||||||
80 | $fieldname = $fields[$i]->getVar('field_name'); |
||||||
81 | if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) { |
||||||
82 | $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]); |
||||||
83 | if (in_array($fieldname, $profile_handler->getUserVars())) { |
||||||
0 ignored issues
–
show
The method
getUserVars() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of XoopsObjectHandler such as XoopsPersistableObjectHandler .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||||
84 | $edituser->setVar($fieldname, $value); |
||||||
85 | } else { |
||||||
86 | $profile->setVar($fieldname, $value); |
||||||
87 | } |
||||||
88 | } |
||||||
89 | } |
||||||
90 | if (!$member_handler->insertUser($edituser)) { |
||||||
91 | $stop = $edituser->getHtmlErrors(); |
||||||
92 | $op = 'editprofile'; |
||||||
93 | } else { |
||||||
94 | $profile->setVar('profile_id', $edituser->getVar('uid')); |
||||||
95 | $profile_handler->insert($profile); |
||||||
96 | unset($_SESSION['xoopsUserTheme']); |
||||||
97 | redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED); |
||||||
98 | } |
||||||
99 | } |
||||||
100 | } |
||||||
101 | |||||||
102 | if ($op === 'editprofile') { |
||||||
103 | include_once $GLOBALS['xoops']->path('header.php'); |
||||||
104 | include_once __DIR__ . '/include/forms.php'; |
||||||
105 | $form = yogurt_getUserForm($GLOBALS['xoopsUser']); |
||||||
106 | $form->assign($GLOBALS['xoopsTpl']); |
||||||
107 | if (!empty($stop)) { |
||||||
108 | $GLOBALS['xoopsTpl']->assign('stop', $stop); |
||||||
109 | } |
||||||
110 | |||||||
111 | $xoBreadcrumbs[] = array('title' => _US_EDITPROFILE); |
||||||
112 | } |
||||||
113 | |||||||
114 | if ($op === 'avatarform') { |
||||||
115 | $GLOBALS['xoopsOption']['template_main'] = 'yogurt_avatar.tpl'; |
||||||
116 | include $GLOBALS['xoops']->path('header.php'); |
||||||
117 | $xoBreadcrumbs[] = array('title' => _US_MYAVATAR); |
||||||
118 | |||||||
119 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||||||
120 | if (!empty($oldavatar) && $oldavatar !== 'blank.gif') { |
||||||
121 | $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar); |
||||||
122 | } |
||||||
123 | if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) { |
||||||
124 | include_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||||||
125 | $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true); |
||||||
126 | $form->setExtra('enctype="multipart/form-data"'); |
||||||
127 | $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height'])); |
||||||
128 | $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize'])); |
||||||
129 | $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true); |
||||||
130 | $form->addElement(new XoopsFormHidden('op', 'avatarupload')); |
||||||
131 | $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid'))); |
||||||
132 | $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit')); |
||||||
133 | $form->assign($GLOBALS['xoopsTpl']); |
||||||
134 | } |
||||||
135 | $avatar_handler = xoops_getHandler('avatar'); |
||||||
136 | $form2 = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true); |
||||||
137 | $avatar_select = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar')); |
||||||
138 | $avatar_list = $avatar_handler->getList('S', true); |
||||||
0 ignored issues
–
show
The method
getList() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of XoopsObjectHandler such as XoopsModuleHandler or XoopsImageHandler or XoopsRankHandler or XoopsCommentHandler or XoopsTplsetHandler or XoopsAvatarHandler or XoopsBlockHandler or XoopsImagesetHandler or XoopsPersistableObjectHandler or XoopsImagecategoryHandler .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||||
139 | $avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E'); |
||||||
140 | // $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif"; |
||||||
141 | $avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif'; |
||||||
142 | $avatar_select->addOptionArray($avatar_list); |
||||||
143 | $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'"); |
||||||
144 | $avatar_tray = new XoopsFormElementTray(_US_AVATAR, ' '); |
||||||
145 | $avatar_tray->addElement($avatar_select); |
||||||
146 | $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&type=avatars','avatars',600,400);\">" . _LIST . '</a><br>')); |
||||||
147 | $avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />")); |
||||||
148 | $form2->addElement($avatar_tray); |
||||||
149 | $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid'))); |
||||||
150 | $form2->addElement(new XoopsFormHidden('op', 'avatarchoose')); |
||||||
151 | $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit')); |
||||||
152 | $form2->assign($GLOBALS['xoopsTpl']); |
||||||
153 | } |
||||||
154 | |||||||
155 | if ($op === 'avatarupload') { |
||||||
156 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
157 | redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
158 | exit; |
||||||
159 | } |
||||||
160 | $xoops_upload_file = array(); |
||||||
161 | $uid = 0; |
||||||
162 | if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) { |
||||||
163 | $xoops_upload_file = $_POST['xoops_upload_file']; |
||||||
164 | } |
||||||
165 | if (!empty($_POST['uid'])) { |
||||||
166 | $uid = (int)$_POST['uid']; |
||||||
167 | } |
||||||
168 | if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) { |
||||||
169 | redirect_header('index.php', 3, _US_NOEDITRIGHT); |
||||||
170 | } |
||||||
171 | if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) { |
||||||
172 | include_once $GLOBALS['xoops']->path('class/uploader.php'); |
||||||
173 | $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH . '/avatars', array( |
||||||
174 | 'image/gif', |
||||||
175 | 'image/jpeg', |
||||||
176 | 'image/pjpeg', |
||||||
177 | 'image/x-png', |
||||||
178 | 'image/png'), $GLOBALS['xoopsConfigUser']['avatar_maxsize'], $GLOBALS['xoopsConfigUser']['avatar_width'], $GLOBALS['xoopsConfigUser']['avatar_height']); |
||||||
179 | if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { |
||||||
180 | $uploader->setPrefix('cavt'); |
||||||
181 | if ($uploader->upload()) { |
||||||
182 | /* @var XoopsAvatarHandler $avt_handler */ |
||||||
183 | $avt_handler = xoops_getHandler('avatar'); |
||||||
184 | $avatar = $avt_handler->create(); |
||||||
185 | $avatar->setVar('avatar_file', 'avatars/' . $uploader->getSavedFileName()); |
||||||
186 | $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname')); |
||||||
187 | $avatar->setVar('avatar_mimetype', $uploader->getMediaType()); |
||||||
188 | $avatar->setVar('avatar_display', 1); |
||||||
189 | $avatar->setVar('avatar_type', 'C'); |
||||||
190 | if (!$avt_handler->insert($avatar)) { |
||||||
191 | @unlink($uploader->getSavedDestination()); |
||||||
192 | } else { |
||||||
193 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||||||
194 | if (!empty($oldavatar) && false !== strpos(strtolower($oldavatar), 'cavt')) { |
||||||
195 | $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar)); |
||||||
196 | if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) { |
||||||
197 | $avt_handler->delete($avatars[0]); |
||||||
198 | $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar); |
||||||
199 | if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) { |
||||||
200 | unlink($oldavatar_path); |
||||||
201 | } |
||||||
202 | } |
||||||
203 | } |
||||||
204 | $sql = sprintf('UPDATE %s SET user_avatar = %s WHERE uid = %u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars/' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid')); |
||||||
205 | $GLOBALS['xoopsDB']->query($sql); |
||||||
206 | $avt_handler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid')); |
||||||
207 | redirect_header('index.php?t=' . time() . '&uid=' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED); |
||||||
208 | } |
||||||
209 | } |
||||||
210 | } |
||||||
211 | redirect_header('edituser.php?op=avatarform', 3, $uploader->getErrors()); |
||||||
212 | } |
||||||
213 | } |
||||||
214 | |||||||
215 | if ($op === 'avatarchoose') { |
||||||
216 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
217 | redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
218 | exit; |
||||||
219 | } |
||||||
220 | $uid = 0; |
||||||
221 | if (!empty($_POST['uid'])) { |
||||||
222 | $uid = (int)$_POST['uid']; |
||||||
223 | } |
||||||
224 | if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) { |
||||||
225 | redirect_header('index.php', 3, _US_NOEDITRIGHT); |
||||||
226 | } |
||||||
227 | $user_avatar = ''; |
||||||
228 | $avt_handler = xoops_getHandler('avatar'); |
||||||
229 | if (!empty($_POST['user_avatar'])) { |
||||||
230 | $user_avatar = $myts->addSlashes(trim($_POST['user_avatar'])); |
||||||
231 | $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar)); |
||||||
232 | $criteria_avatar->add(new Criteria('avatar_type', 'S')); |
||||||
233 | $avatars = $avt_handler->getObjects($criteria_avatar); |
||||||
0 ignored issues
–
show
The method
getObjects() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of said class. However, the method does not exist in XoopsRankHandler or XoUserHandler . Are you sure you never get one of those?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||||
234 | if (!is_array($avatars) || !count($avatars)) { |
||||||
235 | $user_avatar = 'avatars/blank.gif'; |
||||||
236 | } |
||||||
237 | unset($avatars, $criteria_avatar); |
||||||
238 | } |
||||||
239 | $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . '/' . $user_avatar); |
||||||
240 | if (0 === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) { |
||||||
241 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||||||
242 | $GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar); |
||||||
243 | /* @var XoopsMemberHandler $member_handler */ |
||||||
244 | $member_handler = xoops_getHandler('member'); |
||||||
245 | if (!$member_handler->insertUser($GLOBALS['xoopsUser'])) { |
||||||
246 | include $GLOBALS['xoops']->path('header.php'); |
||||||
247 | echo $GLOBALS['xoopsUser']->getHtmlErrors(); |
||||||
248 | include $GLOBALS['xoops']->path('footer.php'); |
||||||
249 | exit(); |
||||||
250 | } |
||||||
251 | // if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) { |
||||||
252 | if ($oldavatar && 0 === strpos(strtolower(substr($oldavatar, 8)), 'cavt')) { |
||||||
253 | $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar)); |
||||||
254 | if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) { |
||||||
255 | $avt_handler->delete($avatars[0]); |
||||||
256 | $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar); |
||||||
257 | if (0 === strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) { |
||||||
258 | unlink($oldavatar_path); |
||||||
259 | } |
||||||
260 | } |
||||||
261 | } |
||||||
262 | if ($user_avatar !== 'avatars/blank.gif') { |
||||||
263 | $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $user_avatar)); |
||||||
264 | if (is_object($avatars[0])) { |
||||||
265 | $avt_handler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid')); |
||||||
0 ignored issues
–
show
The method
addUser() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of XoopsObjectHandler such as XoopsAvatarHandler or XoopsPersistableObjectHandler .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||||
266 | } |
||||||
267 | } |
||||||
268 | } |
||||||
269 | redirect_header('index.php?uid=' . $uid, 0, _US_PROFUPDATED); |
||||||
270 | } |
||||||
271 | |||||||
272 | |||||||
273 | require __DIR__ . '/footer.php'; |
||||||
274 | require dirname(__DIR__, 2) . '/footer.php'; |
||||||
275 |
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.