1 | <?php |
||||||
2 | |||||||
3 | declare(strict_types=1); |
||||||
4 | /* |
||||||
5 | You may not change or alter any portion of this comment or credits |
||||||
6 | of supporting developers from this source code or any supporting source code |
||||||
7 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||||
8 | |||||||
9 | This program is distributed in the hope that it will be useful, |
||||||
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||||
12 | */ |
||||||
13 | |||||||
14 | /** |
||||||
15 | * Extended User Profile |
||||||
16 | * |
||||||
17 | * @copyright XOOPS Project https://xoops.org/ |
||||||
18 | * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html) |
||||||
19 | * @author Jan Pedersen |
||||||
20 | * @author Taiwen Jiang <[email protected]> |
||||||
21 | * @author Marcello Brandão aka Suico, Mamba, LioMJ <https://xoops.org> |
||||||
22 | */ |
||||||
23 | |||||||
24 | use Xmf\Request; |
||||||
25 | use XoopsModules\Suico; |
||||||
26 | use XoopsModules\Suico\IndexController; |
||||||
27 | |||||||
28 | $GLOBALS['xoopsOption']['template_main'] = 'suico_editprofile.tpl'; |
||||||
29 | require __DIR__ . '/header.php'; |
||||||
30 | /** |
||||||
31 | * Fetching numbers of groups friends videos pictures etc... |
||||||
32 | */ |
||||||
33 | $controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule); |
||||||
34 | $nbSections = $controller->getNumbersSections(); |
||||||
35 | require_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||||||
36 | // If not a user, redirect |
||||||
37 | if (!is_object($GLOBALS['xoopsUser'])) { |
||||||
38 | redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT); |
||||||
39 | } |
||||||
40 | $myts = MyTextSanitizer::getInstance(); |
||||||
41 | $op = Request::getCmd('op', 'editprofile'); |
||||||
42 | /* @var XoopsConfigHandler $configHandler */ |
||||||
43 | $configHandler = xoops_getHandler('config'); |
||||||
44 | $GLOBALS['xoopsConfigUser'] = $configHandler->getConfigsByCat(XOOPS_CONF_USER); |
||||||
45 | if ('save' === $op) { |
||||||
46 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
47 | redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
48 | exit(); |
||||||
49 | } |
||||||
50 | $uid = $GLOBALS['xoopsUser']->getVar('uid'); |
||||||
51 | $errors = []; |
||||||
52 | $edituser =& $GLOBALS['xoopsUser']; |
||||||
53 | if ($GLOBALS['xoopsUser']->isAdmin()) { |
||||||
54 | $edituser->setVar('uname', trim($_POST['uname'])); |
||||||
55 | $edituser->setVar('email', trim($_POST['email'])); |
||||||
56 | } |
||||||
57 | xoops_load('XoopsUserUtility'); |
||||||
58 | $stop = XoopsUserUtility::validate($edituser); |
||||||
59 | if (!empty($stop)) { |
||||||
60 | $op = 'editprofile'; |
||||||
61 | } else { |
||||||
62 | // Dynamic fields |
||||||
63 | $profileHandler = $helper->getHandler('Profile'); |
||||||
64 | // Get fields |
||||||
65 | $fields = $profileHandler->loadFields(); |
||||||
66 | // Get ids of fields that can be edited |
||||||
67 | /* @var XoopsGroupPermHandler $grouppermHandler */ |
||||||
68 | $grouppermHandler = xoops_getHandler('groupperm'); |
||||||
69 | $editable_fields = $grouppermHandler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid')); |
||||||
70 | if (!$profile = $profileHandler->get($edituser->getVar('uid'))) { |
||||||
71 | $profile = $profileHandler->create(); |
||||||
72 | $profile->setVar('profile_id', $edituser->getVar('uid')); |
||||||
73 | } |
||||||
74 | foreach (array_keys($fields) as $i) { |
||||||
75 | $fieldname = $fields[$i]->getVar('field_name'); |
||||||
76 | if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) { |
||||||
77 | $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]); |
||||||
78 | if (in_array($fieldname, $profileHandler->getUserVars())) { |
||||||
79 | $edituser->setVar($fieldname, $value); |
||||||
80 | } else { |
||||||
81 | $profile->setVar($fieldname, $value); |
||||||
82 | } |
||||||
83 | } |
||||||
84 | } |
||||||
85 | if (!$memberHandler->insertUser($edituser)) { |
||||||
86 | $stop = $edituser->getHtmlErrors(); |
||||||
87 | $op = 'editprofile'; |
||||||
88 | } else { |
||||||
89 | $profile->setVar('profile_id', $edituser->getVar('uid')); |
||||||
90 | $profileHandler->insert($profile); |
||||||
91 | unset($_SESSION['xoopsUserTheme']); |
||||||
92 | redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED); |
||||||
93 | } |
||||||
94 | } |
||||||
95 | } |
||||||
96 | if ('editprofile' === $op) { |
||||||
97 | require_once $GLOBALS['xoops']->path('header.php'); |
||||||
98 | require_once __DIR__ . '/include/forms.php'; |
||||||
99 | $form = suico_getUserForm($GLOBALS['xoopsUser']); |
||||||
100 | $form->assign($GLOBALS['xoopsTpl']); |
||||||
101 | if (!empty($stop)) { |
||||||
102 | $GLOBALS['xoopsTpl']->assign('stop', $stop); |
||||||
103 | } |
||||||
104 | $xoBreadcrumbs[] = ['title' => _US_EDITPROFILE]; |
||||||
105 | } |
||||||
106 | if ('avatarform' === $op) { |
||||||
107 | $GLOBALS['xoopsOption']['template_main'] = 'suico_avatar.tpl'; |
||||||
108 | require $GLOBALS['xoops']->path('header.php'); |
||||||
109 | $xoBreadcrumbs[] = ['title' => _US_MYAVATAR]; |
||||||
110 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||||||
111 | if (!empty($oldavatar) && 'blank.gif' !== $oldavatar) { |
||||||
112 | $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar); |
||||||
113 | } |
||||||
114 | if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) { |
||||||
115 | require_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||||||
116 | $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true); |
||||||
117 | $form->setExtra('enctype="multipart/form-data"'); |
||||||
118 | $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height'])); |
||||||
119 | $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize'])); |
||||||
120 | $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true); |
||||||
121 | $form->addElement(new XoopsFormHidden('op', 'avatarupload')); |
||||||
122 | $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid'))); |
||||||
123 | $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit')); |
||||||
124 | $form->assign($GLOBALS['xoopsTpl']); |
||||||
125 | } |
||||||
126 | $avatarHandler = xoops_getHandler('avatar'); |
||||||
127 | $form2 = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true); |
||||||
128 | $avatar_select = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar')); |
||||||
129 | $avatar_list = $avatarHandler->getList('S', true); |
||||||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||||||
130 | $avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E'); |
||||||
131 | // $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif"; |
||||||
132 | $avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif'; |
||||||
133 | $avatar_select->addOptionArray($avatar_list); |
||||||
134 | $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'"); |
||||||
135 | $avatar_tray = new XoopsFormElementTray(_US_AVATAR, ' '); |
||||||
136 | $avatar_tray->addElement($avatar_select); |
||||||
137 | $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&type=avatars','avatars',600,400);\">" . _LIST . '</a><br>')); |
||||||
138 | $avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />")); |
||||||
139 | $form2->addElement($avatar_tray); |
||||||
140 | $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid'))); |
||||||
141 | $form2->addElement(new XoopsFormHidden('op', 'avatarchoose')); |
||||||
142 | $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit')); |
||||||
143 | $form2->assign($GLOBALS['xoopsTpl']); |
||||||
144 | } |
||||||
145 | if ('avatarupload' === $op) { |
||||||
146 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
147 | redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
148 | } |
||||||
149 | $xoops_upload_file = []; |
||||||
150 | $uid = 0; |
||||||
151 | if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) { |
||||||
152 | $xoops_upload_file = $_POST['xoops_upload_file']; |
||||||
153 | } |
||||||
154 | if (!empty($_POST['uid'])) { |
||||||
155 | $uid = Request::getInt('uid', 0, 'POST'); |
||||||
156 | } |
||||||
157 | if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) { |
||||||
158 | redirect_header('index.php', 3, _US_NOEDITRIGHT); |
||||||
159 | } |
||||||
160 | $allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png']; |
||||||
161 | if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] |
||||||
162 | && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) { |
||||||
163 | require_once $GLOBALS['xoops']->path('class/uploader.php'); |
||||||
164 | $uploader = new XoopsMediaUploader( |
||||||
165 | XOOPS_UPLOAD_PATH . '/avatars', $allowed_mimetypes, $GLOBALS['xoopsConfigUser']['avatar_maxsize'], $GLOBALS['xoopsConfigUser']['avatar_width'], $GLOBALS['xoopsConfigUser']['avatar_height'] |
||||||
166 | ); |
||||||
167 | if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { |
||||||
168 | $uploader->setPrefix('cavt'); |
||||||
169 | if ($uploader->upload()) { |
||||||
170 | /* @var XoopsAvatarHandler $avtHandler */ |
||||||
171 | $avtHandler = xoops_getHandler('avatar'); |
||||||
172 | $avatar = $avtHandler->create(); |
||||||
173 | $avatar->setVar('avatar_file', 'avatars / ' . $uploader->getSavedFileName()); |
||||||
174 | $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname')); |
||||||
175 | $avatar->setVar('avatar_mimetype', $uploader->getMediaType()); |
||||||
176 | $avatar->setVar('avatar_display', 1); |
||||||
177 | $avatar->setVar('avatar_type', 'C'); |
||||||
178 | if (!$avtHandler->insert($avatar)) { |
||||||
179 | @unlink($uploader->getSavedDestination()); |
||||||
180 | } else { |
||||||
181 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||||||
182 | if (!empty($oldavatar) && false !== stripos($oldavatar, 'cavt')) { |
||||||
183 | $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar)); |
||||||
184 | if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) { |
||||||
185 | $avtHandler->delete($avatars[0]); |
||||||
186 | $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar); |
||||||
187 | if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) { |
||||||
188 | unlink($oldavatar_path); |
||||||
189 | } |
||||||
190 | } |
||||||
191 | } |
||||||
192 | $sql = sprintf('UPDATE % s SET user_avatar = % s WHERE uid = % u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars / ' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid')); |
||||||
193 | $GLOBALS['xoopsDB']->query($sql); |
||||||
194 | $avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid')); |
||||||
195 | redirect_header('index . php ? t = ' . time() . ' & amp;uid = ' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED); |
||||||
196 | } |
||||||
197 | } |
||||||
198 | } |
||||||
199 | redirect_header('edituser . php ? op = avatarform', 3, $uploader->getErrors()); |
||||||
200 | } |
||||||
201 | } |
||||||
202 | if ('avatarchoose' === $op) { |
||||||
203 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
204 | redirect_header('index . php', 3, _US_NOEDITRIGHT . ' < br > ' . implode(' < br > ', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
205 | } |
||||||
206 | $uid = 0; |
||||||
207 | if (!empty($_POST['uid'])) { |
||||||
208 | $uid = Request::getInt('uid', 0, 'POST'); |
||||||
209 | } |
||||||
210 | if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) { |
||||||
211 | redirect_header('index . php', 3, _US_NOEDITRIGHT); |
||||||
212 | } |
||||||
213 | $user_avatar = ''; |
||||||
214 | $avtHandler = xoops_getHandler('avatar'); |
||||||
215 | if (!empty($_POST['user_avatar'])) { |
||||||
216 | $user_avatar = Request::getString('user_avatar', '', 'POST'); |
||||||
217 | $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar)); |
||||||
218 | $criteria_avatar->add(new Criteria('avatar_type', 'S')); |
||||||
219 | $avatars = $avtHandler->getObjects($criteria_avatar); |
||||||
0 ignored issues
–
show
The method
getObjects() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of said class. However, the method does not exist in XoopsRankHandler or XoUserHandler . Are you sure you never get one of those?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||||
220 | if (!is_array($avatars) || !count($avatars)) { |
||||||
221 | $user_avatar = 'avatars / blank . gif'; |
||||||
222 | } |
||||||
223 | unset($avatars, $criteria_avatar); |
||||||
224 | } |
||||||
225 | $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . ' / ' . $user_avatar); |
||||||
226 | if (0 === mb_strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) { |
||||||
227 | $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar'); |
||||||
228 | $GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar); |
||||||
229 | /* @var XoopsMemberHandler $memberHandler */ |
||||||
230 | $memberHandler = xoops_getHandler('member'); |
||||||
231 | if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) { |
||||||
232 | require $GLOBALS['xoops']->path('header . php'); |
||||||
233 | echo $GLOBALS['xoopsUser']->getHtmlErrors(); |
||||||
234 | require $GLOBALS['xoops']->path('footer.php'); |
||||||
235 | exit(); |
||||||
236 | } |
||||||
237 | // if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) { |
||||||
238 | if ($oldavatar && 0 === mb_stripos(mb_substr($oldavatar, 8), 'cavt')) { |
||||||
239 | $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar)); |
||||||
240 | if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) { |
||||||
241 | $avtHandler->delete($avatars[0]); |
||||||
242 | $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar); |
||||||
243 | if (0 === mb_strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) { |
||||||
244 | unlink($oldavatar_path); |
||||||
245 | } |
||||||
246 | } |
||||||
247 | } |
||||||
248 | if ('avatars/blank.gif' !== $user_avatar) { |
||||||
249 | $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar)); |
||||||
250 | if (is_object($avatars[0])) { |
||||||
251 | $avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid')); |
||||||
0 ignored issues
–
show
The method
addUser() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of XoopsObjectHandler such as XoopsAvatarHandler or XoopsPersistableObjectHandler .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||||
252 | } |
||||||
253 | } |
||||||
254 | } |
||||||
255 | redirect_header('index . php ? uid = ' . $uid, 0, _US_PROFUPDATED); |
||||||
256 | } |
||||||
257 | require __DIR__ . '/footer.php'; |
||||||
258 | require dirname(__DIR__, 2) . '/footer.php'; |
||||||
259 |