1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | /* |
||
5 | You may not change or alter any portion of this comment or credits |
||
6 | of supporting developers from this source code or any supporting source code |
||
7 | which is considered copyrighted (c) material of the original comment or credit authors. |
||
8 | |||
9 | This program is distributed in the hope that it will be useful, |
||
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
12 | */ |
||
13 | |||
14 | /** |
||
15 | * Extended User Profile |
||
16 | * |
||
17 | * @copyright XOOPS Project https://xoops.org/ |
||
18 | * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html) |
||
19 | * @author Jan Pedersen |
||
20 | * @author Taiwen Jiang <[email protected]> |
||
21 | * @author Marcello Brandão aka Suico, Mamba, LioMJ <https://xoops.org> |
||
22 | */ |
||
23 | |||
24 | use Xmf\Request; |
||
25 | use XoopsModules\Suico; |
||
26 | use XoopsModules\Suico\IndexController; |
||
27 | |||
28 | $GLOBALS['xoopsOption']['template_main'] = 'suico_editprofile.tpl'; |
||
29 | require __DIR__ . '/header.php'; |
||
30 | /** |
||
31 | * Fetching numbers of groups friends videos pictures etc... |
||
32 | */ |
||
33 | $controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule); |
||
0 ignored issues
–
show
|
|||
34 | $nbSections = $controller->getNumbersSections(); |
||
35 | require_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||
36 | // If not a user, redirect |
||
37 | if (!is_object($GLOBALS['xoopsUser'])) { |
||
38 | redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT); |
||
39 | } |
||
40 | $myts = MyTextSanitizer::getInstance(); |
||
41 | $op = Request::getCmd('op', 'editprofile'); |
||
42 | /* @var XoopsConfigHandler $configHandler */ |
||
43 | $configHandler = xoops_getHandler('config'); |
||
44 | $GLOBALS['xoopsConfigUser'] = $configHandler->getConfigsByCat(XOOPS_CONF_USER); |
||
45 | if ('save' === $op) { |
||
46 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||
47 | redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||
48 | exit(); |
||
49 | } |
||
50 | $uid = $GLOBALS['xoopsUser']->getVar('uid'); |
||
51 | $errors = []; |
||
52 | $edituser =& $GLOBALS['xoopsUser']; |
||
53 | if ($GLOBALS['xoopsUser']->isAdmin()) { |
||
54 | $edituser->setVar('uname', trim($_POST['uname'])); |
||
55 | $edituser->setVar('email', trim($_POST['email'])); |
||
56 | } |
||
57 | xoops_load('XoopsUserUtility'); |
||
58 | $stop = XoopsUserUtility::validate($edituser); |
||
59 | if (!empty($stop)) { |
||
60 | $op = 'editprofile'; |
||
61 | } else { |
||
62 | // Dynamic fields |
||
63 | $profileHandler = $helper->getHandler('Profile'); |
||
64 | // Get fields |
||
65 | $fields = $profileHandler->loadFields(); |
||
66 | // Get ids of fields that can be edited |
||
67 | /* @var XoopsGroupPermHandler $grouppermHandler */ |
||
68 | $grouppermHandler = xoops_getHandler('groupperm'); |
||
69 | $editable_fields = $grouppermHandler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid')); |
||
70 | if (!$profile = $profileHandler->get($edituser->getVar('uid'))) { |
||
71 | $profile = $profileHandler->create(); |
||
72 | $profile->setVar('profile_id', $edituser->getVar('uid')); |
||
73 | } |
||
74 | foreach (array_keys($fields) as $i) { |
||
75 | $fieldname = $fields[$i]->getVar('field_name'); |
||
76 | if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) { |
||
77 | $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]); |
||
78 | if (in_array($fieldname, $profileHandler->getUserVars())) { |
||
79 | $edituser->setVar($fieldname, $value); |
||
80 | } else { |
||
81 | $profile->setVar($fieldname, $value); |
||
82 | } |
||
83 | } |
||
84 | } |
||
85 | if (!$memberHandler->insertUser($edituser)) { |
||
86 | $stop = $edituser->getHtmlErrors(); |
||
87 | $op = 'editprofile'; |
||
88 | } else { |
||
89 | $profile->setVar('profile_id', $edituser->getVar('uid')); |
||
90 | $profileHandler->insert($profile); |
||
91 | unset($_SESSION['xoopsUserTheme']); |
||
92 | redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED); |
||
93 | } |
||
94 | } |
||
95 | } |
||
96 | if ('editprofile' === $op) { |
||
97 | require_once $GLOBALS['xoops']->path('header.php'); |
||
98 | require_once __DIR__ . '/include/forms.php'; |
||
99 | $form = suico_getUserForm($GLOBALS['xoopsUser']); |
||
100 | $form->assign($GLOBALS['xoopsTpl']); |
||
101 | if (!empty($stop)) { |
||
102 | $GLOBALS['xoopsTpl']->assign('stop', $stop); |
||
103 | } |
||
104 | $xoBreadcrumbs[] = ['title' => _US_EDITPROFILE]; |
||
105 | } |
||
106 | if ('avatarform' === $op) { |
||
107 | $GLOBALS['xoopsOption']['template_main'] = 'suico_avatar.tpl'; |
||
108 | require $GLOBALS['xoops']->path('header.php'); |
||
109 | $xoBreadcrumbs[] = ['title' => _US_MYAVATAR]; |
||
110 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||
111 | if (!empty($oldavatar) && 'blank.gif' !== $oldavatar) { |
||
112 | $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar); |
||
113 | } |
||
114 | if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) { |
||
115 | require_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||
116 | $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true); |
||
117 | $form->setExtra('enctype="multipart/form-data"'); |
||
118 | $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height'])); |
||
119 | $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize'])); |
||
120 | $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true); |
||
121 | $form->addElement(new XoopsFormHidden('op', 'avatarupload')); |
||
122 | $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid'))); |
||
123 | $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit')); |
||
124 | $form->assign($GLOBALS['xoopsTpl']); |
||
125 | } |
||
126 | $avatarHandler = xoops_getHandler('avatar'); |
||
127 | $form2 = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true); |
||
128 | $avatar_select = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar')); |
||
129 | $avatar_list = $avatarHandler->getList('S', true); |
||
130 | $avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E'); |
||
131 | // $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif"; |
||
132 | $avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif'; |
||
133 | $avatar_select->addOptionArray($avatar_list); |
||
134 | $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'"); |
||
135 | $avatar_tray = new XoopsFormElementTray(_US_AVATAR, ' '); |
||
136 | $avatar_tray->addElement($avatar_select); |
||
137 | $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&type=avatars','avatars',600,400);\">" . _LIST . '</a><br>')); |
||
138 | $avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />")); |
||
139 | $form2->addElement($avatar_tray); |
||
140 | $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid'))); |
||
141 | $form2->addElement(new XoopsFormHidden('op', 'avatarchoose')); |
||
142 | $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit')); |
||
143 | $form2->assign($GLOBALS['xoopsTpl']); |
||
144 | } |
||
145 | if ('avatarupload' === $op) { |
||
146 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||
147 | redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||
148 | } |
||
149 | $xoops_upload_file = []; |
||
150 | $uid = 0; |
||
151 | if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) { |
||
152 | $xoops_upload_file = $_POST['xoops_upload_file']; |
||
153 | } |
||
154 | if (!empty($_POST['uid'])) { |
||
155 | $uid = Request::getInt('uid', 0, 'POST'); |
||
156 | } |
||
157 | if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) { |
||
158 | redirect_header('index.php', 3, _US_NOEDITRIGHT); |
||
159 | } |
||
160 | $allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png']; |
||
161 | if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] |
||
162 | && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) { |
||
163 | require_once $GLOBALS['xoops']->path('class/uploader.php'); |
||
164 | $uploader = new XoopsMediaUploader( |
||
165 | XOOPS_UPLOAD_PATH . '/avatars', $allowed_mimetypes, $GLOBALS['xoopsConfigUser']['avatar_maxsize'], $GLOBALS['xoopsConfigUser']['avatar_width'], $GLOBALS['xoopsConfigUser']['avatar_height'] |
||
166 | ); |
||
167 | if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { |
||
168 | $uploader->setPrefix('cavt'); |
||
169 | if ($uploader->upload()) { |
||
170 | /* @var XoopsAvatarHandler $avtHandler */ |
||
171 | $avtHandler = xoops_getHandler('avatar'); |
||
172 | $avatar = $avtHandler->create(); |
||
173 | $avatar->setVar('avatar_file', 'avatars / ' . $uploader->getSavedFileName()); |
||
174 | $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname')); |
||
175 | $avatar->setVar('avatar_mimetype', $uploader->getMediaType()); |
||
176 | $avatar->setVar('avatar_display', 1); |
||
177 | $avatar->setVar('avatar_type', 'C'); |
||
178 | if (!$avtHandler->insert($avatar)) { |
||
179 | @unlink($uploader->getSavedDestination()); |
||
180 | } else { |
||
181 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||
182 | if (!empty($oldavatar) && false !== stripos($oldavatar, 'cavt')) { |
||
183 | $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar)); |
||
184 | if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) { |
||
185 | $avtHandler->delete($avatars[0]); |
||
186 | $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar); |
||
187 | if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) { |
||
188 | unlink($oldavatar_path); |
||
189 | } |
||
190 | } |
||
191 | } |
||
192 | $sql = sprintf('UPDATE % s SET user_avatar = % s WHERE uid = % u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars / ' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid')); |
||
193 | $GLOBALS['xoopsDB']->query($sql); |
||
194 | $avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid')); |
||
195 | redirect_header('index . php ? t = ' . time() . ' & amp;uid = ' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED); |
||
196 | } |
||
197 | } |
||
198 | } |
||
199 | redirect_header('edituser . php ? op = avatarform', 3, $uploader->getErrors()); |
||
200 | } |
||
201 | } |
||
202 | if ('avatarchoose' === $op) { |
||
203 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||
204 | redirect_header('index . php', 3, _US_NOEDITRIGHT . ' < br > ' . implode(' < br > ', $GLOBALS['xoopsSecurity']->getErrors())); |
||
205 | } |
||
206 | $uid = 0; |
||
207 | if (!empty($_POST['uid'])) { |
||
208 | $uid = Request::getInt('uid', 0, 'POST'); |
||
209 | } |
||
210 | if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) { |
||
211 | redirect_header('index . php', 3, _US_NOEDITRIGHT); |
||
212 | } |
||
213 | $user_avatar = ''; |
||
214 | $avtHandler = xoops_getHandler('avatar'); |
||
215 | if (!empty($_POST['user_avatar'])) { |
||
216 | $user_avatar = Request::getString('user_avatar', '', 'POST'); |
||
217 | $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar)); |
||
218 | $criteria_avatar->add(new Criteria('avatar_type', 'S')); |
||
219 | $avatars = $avtHandler->getObjects($criteria_avatar); |
||
220 | if (!is_array($avatars) || !count($avatars)) { |
||
221 | $user_avatar = 'avatars / blank . gif'; |
||
222 | } |
||
223 | unset($avatars, $criteria_avatar); |
||
224 | } |
||
225 | $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . ' / ' . $user_avatar); |
||
226 | if (0 === mb_strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) { |
||
227 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||
228 | $GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar); |
||
229 | /* @var XoopsMemberHandler $memberHandler */ |
||
230 | $memberHandler = xoops_getHandler('member'); |
||
231 | if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) { |
||
232 | require $GLOBALS['xoops']->path('header . php'); |
||
233 | echo $GLOBALS['xoopsUser']->getHtmlErrors(); |
||
234 | require $GLOBALS['xoops']->path('footer.php'); |
||
235 | exit(); |
||
236 | } |
||
237 | // if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) { |
||
238 | if ($oldavatar && 0 === mb_stripos(mb_substr($oldavatar, 8), 'cavt')) { |
||
239 | $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar)); |
||
240 | if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) { |
||
241 | $avtHandler->delete($avatars[0]); |
||
242 | $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar); |
||
243 | if (0 === mb_strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) { |
||
244 | unlink($oldavatar_path); |
||
245 | } |
||
246 | } |
||
247 | } |
||
248 | if ('avatars/blank.gif' !== $user_avatar) { |
||
249 | $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar)); |
||
250 | if (is_object($avatars[0])) { |
||
251 | $avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid')); |
||
252 | } |
||
253 | } |
||
254 | } |
||
255 | redirect_header('index . php ? uid = ' . $uid, 0, _US_PROFUPDATED); |
||
256 | } |
||
257 | require __DIR__ . '/footer.php'; |
||
258 | require dirname(__DIR__, 2) . '/footer.php'; |
||
259 |
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.