Issues in edituser.php - New Issues - Inspection of "updates" - XoopsModules25x/suico - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#81)

by Michael

created 2020-04-29 04:50 UTC

edituser.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

declare(strict_types=1);

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
 * Extended User Profile
 *
 * @copyright    XOOPS Project https://xoops.org/
 * @license      GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
 * @author       Jan Pedersen
 * @author       Taiwen Jiang <[email protected]>
 * @author       Marcello Brandão aka  Suico, Mamba, LioMJ  <https://xoops.org>
 */

use Xmf\Request;
use XoopsModules\Yogurt;
use XoopsModules\Yogurt\IndexController;

$GLOBALS['xoopsOption']['template_main'] = 'yogurt_editprofile.tpl';
require __DIR__ . '/header.php';

/**
 * Fetching numbers of groups friends videos pictures etc...
 */
$controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule);
$nbSections = $controller->getNumbersSections();

require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');

// If not a user, redirect
if (!is_object($GLOBALS['xoopsUser'])) {
    redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
}

$myts = MyTextSanitizer::getInstance();
$op   = Request::getCmd('op', editprofile);

/* @var XoopsConfigHandler $configHandler */
$configHandler             = xoops_getHandler('config');
$GLOBALS['xoopsConfigUser'] = $configHandler->getConfigsByCat(XOOPS_CONF_USER);

if ('save' === $op) {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
        exit();
    }
    $uid      = $GLOBALS['xoopsUser']->getVar('uid');
    $errors   = [];
    $edituser =& $GLOBALS['xoopsUser'];
    if ($GLOBALS['xoopsUser']->isAdmin()) {
        $edituser->setVar('uname', trim($_POST['uname']));
        $edituser->setVar('email', trim($_POST['email']));
    }
    xoops_load('XoopsUserUtility');
    $stop = XoopsUserUtility::validate($edituser);

    if (!empty($stop)) {
        $op = 'editprofile';
    } else {
        // Dynamic fields
        $profileHandler = $helper->getHandler('Profile');
        // Get fields
        $fields = $profileHandler->loadFields();
        // Get ids of fields that can be edited
        /* @var  XoopsGroupPermHandler $grouppermHandler */
        $grouppermHandler = xoops_getHandler('groupperm');
        $editable_fields  = $grouppermHandler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));

        if (!$profile = $profileHandler->get($edituser->getVar('uid'))) {
            $profile = $profileHandler->create();
            $profile->setVar('profile_id', $edituser->getVar('uid'));
        }

        foreach (array_keys($fields) as $i) {
            $fieldname = $fields[$i]->getVar('field_name');
            if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) {
                $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
                if (in_array($fieldname, $profileHandler->getUserVars())) {
                    $edituser->setVar($fieldname, $value);
                } else {
                    $profile->setVar($fieldname, $value);
                }
            }
        }
        if (!$memberHandler->insertUser($edituser)) {
            $stop = $edituser->getHtmlErrors();
            $op   = 'editprofile';
        } else {
            $profile->setVar('profile_id', $edituser->getVar('uid'));
            $profileHandler->insert($profile);
            unset($_SESSION['xoopsUserTheme']);
            redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
        }
    }
}

if ('editprofile' === $op) {
    require_once $GLOBALS['xoops']->path('header.php');
    require_once __DIR__ . '/include/forms.php';
    $form = yogurt_getUserForm($GLOBALS['xoopsUser']);
    $form->assign($GLOBALS['xoopsTpl']);
    if (!empty($stop)) {
        $GLOBALS['xoopsTpl']->assign('stop', $stop);
    }

    $xoBreadcrumbs[] = ['title' => _US_EDITPROFILE];
}

if ('avatarform' === $op) {
    $GLOBALS['xoopsOption']['template_main'] = 'yogurt_avatar.tpl';
    require $GLOBALS['xoops']->path('header.php');
    $xoBreadcrumbs[] = ['title' => _US_MYAVATAR];

    $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');

    if (!empty($oldavatar) && 'blank.gif' !== $oldavatar) {
        $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
    }

    if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
        require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
        $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
        $form->setExtra('enctype="multipart/form-data"');
        $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
        $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']));
        $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
        $form->addElement(new XoopsFormHidden('op', 'avatarupload'));
        $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
        $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
        $form->assign($GLOBALS['xoopsTpl']);
    }
    $avatarHandler  = xoops_getHandler('avatar');
    $form2           = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
    $avatar_select   = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
    $avatar_list     = $avatarHandler->getList('S', true);
    $avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E');
    //    $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif";
    $avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif';
    $avatar_select->addOptionArray($avatar_list);
    $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
    $avatar_tray = new XoopsFormElementTray(_US_AVATAR, '&nbsp;');
    $avatar_tray->addElement($avatar_select);
    $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&amp;type=avatars','avatars',600,400);\">" . _LIST . '</a><br>'));
    $avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />"));
    $form2->addElement($avatar_tray);
    $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
    $form2->addElement(new XoopsFormHidden('op', 'avatarchoose'));
    $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
    $form2->assign($GLOBALS['xoopsTpl']);
}

if ('avatarupload' === $op) {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
    }
    $xoops_upload_file = [];
    $uid               = 0;
    if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) {
        $xoops_upload_file = $_POST['xoops_upload_file'];
    }
    if (!empty($_POST['uid'])) {
        $uid = Request::getInt('uid', 0, 'POST');
    }

    if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT);
    }
    $allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'];
    if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload']
        && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
        require_once $GLOBALS['xoops']->path('class/uploader.php');
        $uploader = new XoopsMediaUploader(
            XOOPS_UPLOAD_PATH . '/avatars', $allowed_mimetypes, $GLOBALS['xoopsConfigUser']['avatar_maxsize'], $GLOBALS['xoopsConfigUser']['avatar_width'], $GLOBALS['xoopsConfigUser']['avatar_height']
        );
        if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
            $uploader->setPrefix('cavt');
            if ($uploader->upload()) {
                /* @var XoopsAvatarHandler $avtHandler */
                $avtHandler = xoops_getHandler('avatar');
                $avatar     = $avtHandler->create();
                $avatar->setVar('avatar_file', 'avatars / ' . $uploader->getSavedFileName());
                $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
                $avatar->setVar('avatar_mimetype', $uploader->getMediaType());
                $avatar->setVar('avatar_display', 1);
                $avatar->setVar('avatar_type', 'C');
                if (!$avtHandler->insert($avatar)) {
                    @unlink($uploader->getSavedDestination());
                } else {
                    $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
                    if (!empty($oldavatar) && false !== stripos($oldavatar, 'cavt')) {
                        $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
                        if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
                            $avtHandler->delete($avatars[0]);
                            $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);
                            if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
                                unlink($oldavatar_path);
                            }
                        }
                    }
                    $sql = sprintf('UPDATE % s SET user_avatar = % s WHERE uid = % u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars / ' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid'));
                    $GLOBALS['xoopsDB']->query($sql);
                    $avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
                    redirect_header('index . php ? t = ' . time() . ' & amp;uid = ' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
                }
            }
        }
        redirect_header('edituser . php ? op = avatarform', 3, $uploader->getErrors());
    }
}

if ('avatarchoose' === $op) {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header('index . php', 3, _US_NOEDITRIGHT . ' < br > ' . implode(' < br > ', $GLOBALS['xoopsSecurity']->getErrors()));
    }
    $uid = 0;
    if (!empty($_POST['uid'])) {
        $uid = Request::getInt('uid', 0, 'POST');
    }
    if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
        redirect_header('index . php', 3, _US_NOEDITRIGHT);
    }
    $user_avatar = '';
    $avtHandler  = xoops_getHandler('avatar');
    if (!empty($_POST['user_avatar'])) {
        $user_avatar     = Request::getString('user_avatar', '', 'POST');
        $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
        $criteria_avatar->add(new Criteria('avatar_type', 'S'));
        $avatars = $avtHandler->getObjects($criteria_avatar);
        if (!is_array($avatars) || !count($avatars)) {
            $user_avatar = 'avatars / blank . gif';
        }
        unset($avatars, $criteria_avatar);
    }
    $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . ' / ' . $user_avatar);

    if (0 === mb_strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
        $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
        $GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar);
        /* @var XoopsMemberHandler $memberHandler */
        $memberHandler = xoops_getHandler('member');
        if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) {
            require $GLOBALS['xoops']->path('header . php');
            echo $GLOBALS['xoopsUser']->getHtmlErrors();
            require $GLOBALS['xoops']->path('footer.php');

            exit();
        }
        //        if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) {

        if ($oldavatar && 0 === mb_stripos(mb_substr($oldavatar, 8), 'cavt')) {
            $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));

            if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
                $avtHandler->delete($avatars[0]);
                $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);

                if (0 === mb_strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
                    unlink($oldavatar_path);
                }
            }
        }

        if ('avatars/blank.gif' !== $user_avatar) {
            $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar));
            if (is_object($avatars[0])) {
                $avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
            }
        }
    }
    redirect_header('index . php ? uid = ' . $uid, 0, _US_PROFUPDATED);
}

require __DIR__ . '/footer.php';
require dirname(__DIR__, 2) . '/footer.php';


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			You may not change or alter any portion of this comment or credits
7			of supporting developers from this source code or any supporting source code
8			which is considered copyrighted (c) material of the original comment or credit authors.
9
10			This program is distributed in the hope that it will be useful,
11			but WITHOUT ANY WARRANTY; without even the implied warranty of
12			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			/**
16			* Extended User Profile
17			*
18			* @copyright XOOPS Project https://xoops.org/
19			* @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
20			* @author Jan Pedersen
21			* @author Taiwen Jiang <[email protected]>
22			* @author Marcello Brandão aka Suico, Mamba, LioMJ <https://xoops.org>
23			*/
24
25			use Xmf\Request;
26			use XoopsModules\Yogurt;
27			use XoopsModules\Yogurt\IndexController;
28
29			$GLOBALS['xoopsOption']['template_main'] = 'yogurt_editprofile.tpl';
30			require __DIR__ . '/header.php';
31
32			/**
33			* Fetching numbers of groups friends videos pictures etc...
34			*/
35			$controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule);
36			$nbSections = $controller->getNumbersSections();
37
38			require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
39
40			// If not a user, redirect
41			if (!is_object($GLOBALS['xoopsUser'])) {
42			redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
43			}
44
45			$myts = MyTextSanitizer::getInstance();
46			$op = Request::getCmd('op', editprofile);
			0 ignored issues – show Bug introduced 2020-04-26 14:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `editprofile` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
47			/* @var XoopsConfigHandler $configHandler */
48			$configHandler = xoops_getHandler('config');
49			$GLOBALS['xoopsConfigUser'] = $configHandler->getConfigsByCat(XOOPS_CONF_USER);
50
51			if ('save' === $op) {
52			if (!$GLOBALS['xoopsSecurity']->check()) {
53			redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
54			exit();
55			}
56			$uid = $GLOBALS['xoopsUser']->getVar('uid');
57			$errors = [];
58			$edituser =& $GLOBALS['xoopsUser'];
59			if ($GLOBALS['xoopsUser']->isAdmin()) {
60			$edituser->setVar('uname', trim($_POST['uname']));
61			$edituser->setVar('email', trim($_POST['email']));
62			}
63			xoops_load('XoopsUserUtility');
64			$stop = XoopsUserUtility::validate($edituser);
65
66			if (!empty($stop)) {
67			$op = 'editprofile';
68			} else {
69			// Dynamic fields
70			$profileHandler = $helper->getHandler('Profile');
71			// Get fields
72			$fields = $profileHandler->loadFields();
73			// Get ids of fields that can be edited
74			/* @var XoopsGroupPermHandler $grouppermHandler */
75			$grouppermHandler = xoops_getHandler('groupperm');
76			$editable_fields = $grouppermHandler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));
77
78			if (!$profile = $profileHandler->get($edituser->getVar('uid'))) {
79			$profile = $profileHandler->create();
80			$profile->setVar('profile_id', $edituser->getVar('uid'));
81			}
82
83			foreach (array_keys($fields) as $i) {
84			$fieldname = $fields[$i]->getVar('field_name');
85			if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) {
86			$value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
87			if (in_array($fieldname, $profileHandler->getUserVars())) {
88			$edituser->setVar($fieldname, $value);
89			} else {
90			$profile->setVar($fieldname, $value);
91			}
92			}
93			}
94			if (!$memberHandler->insertUser($edituser)) {
95			$stop = $edituser->getHtmlErrors();
96			$op = 'editprofile';
97			} else {
98			$profile->setVar('profile_id', $edituser->getVar('uid'));
99			$profileHandler->insert($profile);
100			unset($_SESSION['xoopsUserTheme']);
101			redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
102			}
103			}
104			}
105
106			if ('editprofile' === $op) {
107			require_once $GLOBALS['xoops']->path('header.php');
108			require_once __DIR__ . '/include/forms.php';
109			$form = yogurt_getUserForm($GLOBALS['xoopsUser']);
110			$form->assign($GLOBALS['xoopsTpl']);
111			if (!empty($stop)) {
112			$GLOBALS['xoopsTpl']->assign('stop', $stop);
113			}
114
115			$xoBreadcrumbs[] = ['title' => _US_EDITPROFILE];
116			}
117
118			if ('avatarform' === $op) {
119			$GLOBALS['xoopsOption']['template_main'] = 'yogurt_avatar.tpl';
120			require $GLOBALS['xoops']->path('header.php');
121			$xoBreadcrumbs[] = ['title' => _US_MYAVATAR];
122
123			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
124
125			if (!empty($oldavatar) && 'blank.gif' !== $oldavatar) {
126			$GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
127			}
128
129			if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
130			require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
131			$form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
132			$form->setExtra('enctype="multipart/form-data"');
133			$form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
134			$form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']));
135			$form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
136			$form->addElement(new XoopsFormHidden('op', 'avatarupload'));
137			$form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
138			$form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
139			$form->assign($GLOBALS['xoopsTpl']);
140			}
141			$avatarHandler = xoops_getHandler('avatar');
142			$form2 = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
143			$avatar_select = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
144			$avatar_list = $avatarHandler->getList('S', true);
145			$avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E');
146			// $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif";
147			$avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif';
148			$avatar_select->addOptionArray($avatar_list);
149			$avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
150			$avatar_tray = new XoopsFormElementTray(_US_AVATAR, ' ');
151			$avatar_tray->addElement($avatar_select);
152			$avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&type=avatars','avatars',600,400);\">" . _LIST . '</a><br>'));
153			$avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />"));
154			$form2->addElement($avatar_tray);
155			$form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
156			$form2->addElement(new XoopsFormHidden('op', 'avatarchoose'));
157			$form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
158			$form2->assign($GLOBALS['xoopsTpl']);
159			}
160
161			if ('avatarupload' === $op) {
162			if (!$GLOBALS['xoopsSecurity']->check()) {
163			redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
164			}
165			$xoops_upload_file = [];
166			$uid = 0;
167			if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) {
168			$xoops_upload_file = $_POST['xoops_upload_file'];
169			}
170			if (!empty($_POST['uid'])) {
171			$uid = Request::getInt('uid', 0, 'POST');
172			}
173
174			if (empty($uid) \|\| $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
175			redirect_header('index.php', 3, _US_NOEDITRIGHT);
176			}
177			$allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'];
178			if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload']
179			&& $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
180			require_once $GLOBALS['xoops']->path('class/uploader.php');
181			$uploader = new XoopsMediaUploader(
182			XOOPS_UPLOAD_PATH . '/avatars', $allowed_mimetypes, $GLOBALS['xoopsConfigUser']['avatar_maxsize'], $GLOBALS['xoopsConfigUser']['avatar_width'], $GLOBALS['xoopsConfigUser']['avatar_height']
183			);
184			if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
185			$uploader->setPrefix('cavt');
186			if ($uploader->upload()) {
187			/* @var XoopsAvatarHandler $avtHandler */
188			$avtHandler = xoops_getHandler('avatar');
189			$avatar = $avtHandler->create();
190			$avatar->setVar('avatar_file', 'avatars / ' . $uploader->getSavedFileName());
191			$avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
192			$avatar->setVar('avatar_mimetype', $uploader->getMediaType());
193			$avatar->setVar('avatar_display', 1);
194			$avatar->setVar('avatar_type', 'C');
195			if (!$avtHandler->insert($avatar)) {
196			@unlink($uploader->getSavedDestination());
197			} else {
198			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
199			if (!empty($oldavatar) && false !== stripos($oldavatar, 'cavt')) {
200			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
201			if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
202			$avtHandler->delete($avatars[0]);
203			$oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);
204			if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
205			unlink($oldavatar_path);
206			}
207			}
208			}
209			$sql = sprintf('UPDATE % s SET user_avatar = % s WHERE uid = % u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars / ' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid'));
210			$GLOBALS['xoopsDB']->query($sql);
211			$avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
212			redirect_header('index . php ? t = ' . time() . ' & amp;uid = ' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
213			}
214			}
215			}
216			redirect_header('edituser . php ? op = avatarform', 3, $uploader->getErrors());
217			}
218			}
219
220			if ('avatarchoose' === $op) {
221			if (!$GLOBALS['xoopsSecurity']->check()) {
222			redirect_header('index . php', 3, _US_NOEDITRIGHT . ' < br > ' . implode(' < br > ', $GLOBALS['xoopsSecurity']->getErrors()));
223			}
224			$uid = 0;
225			if (!empty($_POST['uid'])) {
226			$uid = Request::getInt('uid', 0, 'POST');
227			}
228			if (empty($uid) \|\| $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
229			redirect_header('index . php', 3, _US_NOEDITRIGHT);
230			}
231			$user_avatar = '';
232			$avtHandler = xoops_getHandler('avatar');
233			if (!empty($_POST['user_avatar'])) {
234			$user_avatar = Request::getString('user_avatar', '', 'POST');
235			$criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
236			$criteria_avatar->add(new Criteria('avatar_type', 'S'));
237			$avatars = $avtHandler->getObjects($criteria_avatar);
238			if (!is_array($avatars) \|\| !count($avatars)) {
239			$user_avatar = 'avatars / blank . gif';
240			}
241			unset($avatars, $criteria_avatar);
242			}
243			$user_avatarpath = realpath(XOOPS_UPLOAD_PATH . ' / ' . $user_avatar);
244
245			if (0 === mb_strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
246			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
247			$GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar);
248			/* @var XoopsMemberHandler $memberHandler */
249			$memberHandler = xoops_getHandler('member');
250			if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) {
251			require $GLOBALS['xoops']->path('header . php');
252			echo $GLOBALS['xoopsUser']->getHtmlErrors();
253			require $GLOBALS['xoops']->path('footer.php');
254
255			exit();
256			}
257			// if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) {
258
259			if ($oldavatar && 0 === mb_stripos(mb_substr($oldavatar, 8), 'cavt')) {
260			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
261
262			if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
263			$avtHandler->delete($avatars[0]);
264			$oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);
265
266			if (0 === mb_strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
267			unlink($oldavatar_path);
268			}
269			}
270			}
271
272			if ('avatars/blank.gif' !== $user_avatar) {
273			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar));
274			if (is_object($avatars[0])) {
275			$avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
276			}
277			}
278			}
279			redirect_header('index . php ? uid = ' . $uid, 0, _US_PROFUPDATED);
280			}
281
282			require __DIR__ . '/footer.php';
283			require dirname(__DIR__, 2) . '/footer.php';
284

XoopsModules25x / suico

Pull Request — master (#81)

edituser.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like