Issues in edituser.php - New Issues - Inspection of "updates" - XoopsModules25x/suico - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#81)

by Michael

created 2020-04-28 19:40 UTC

edituser.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php 

declare(strict_types=1);

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/**
 * Extended User Profile
 *
 * @copyright   XOOPS Project https://xoops.org/
 * @license     GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
 * @author       Jan Pedersen
 * @author       Taiwen Jiang <[email protected]>
 * @author       Marcello Brandão aka  Suico, Mamba, LioMJ  <https://xoops.org>
 */

use Xmf\Request;
use XoopsModules\Yogurt;
use XoopsModules\Yogurt\IndexController;

$GLOBALS['xoopsOption']['template_main'] = 'yogurt_editprofile.tpl';
require __DIR__ . '/header.php';

/**
 * Fetching numbers of groups friends videos pictures etc...
 */
$controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule);
$nbSections = $controller->getNumbersSections();

require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');

// If not a user, redirect
if (!is_object($GLOBALS['xoopsUser'])) {
    redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
}

$myts = MyTextSanitizer::getInstance();
$op = Request::getCmd('op', editprofile);
/* @var XoopsConfigHandler $config_handler */
$config_handler             = xoops_getHandler('config');
$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);

if ($op === 'save') {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
        exit();
        }
    $uid      = $GLOBALS['xoopsUser']->getVar('uid');
    $errors   = array();
    $edituser =& $GLOBALS['xoopsUser'];
    if ($GLOBALS['xoopsUser']->isAdmin()) {
        $edituser->setVar('uname', trim($_POST['uname']));
        $edituser->setVar('email', trim($_POST['email']));
        }
    xoops_load('XoopsUserUtility');
    $stop = XoopsUserUtility::validate($edituser);

    if (!empty($stop)) {
        $op = 'editprofile';
    } else {

        // Dynamic fields
        $profile_handler = xoops_getModuleHandler('profile');
        // Get fields
        $fields = $profile_handler->loadFields();
        // Get ids of fields that can be edited
        /* @var  XoopsGroupPermHandler $gperm_handler */
        $gperm_handler   = xoops_getHandler('groupperm');
        $editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));

        if (!$profile = $profile_handler->get($edituser->getVar('uid'))) {
            $profile = $profile_handler->create();
            $profile->setVar('profile_id', $edituser->getVar('uid'));
        }

        foreach (array_keys($fields) as $i) {
            $fieldname = $fields[$i]->getVar('field_name');
            if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) {
                $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
                if (in_array($fieldname, $profile_handler->getUserVars())) {
                    $edituser->setVar($fieldname, $value);
                } else {
                    $profile->setVar($fieldname, $value);
        }
    }
        }
        if (!$memberHandler->insertUser($edituser)) {
            $stop = $edituser->getHtmlErrors();
        $op = 'editprofile';
    } else {
            $profile->setVar('profile_id', $edituser->getVar('uid'));
            $profile_handler->insert($profile);
            unset($_SESSION['xoopsUserTheme']);
            redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
        }
        }
    }

if ($op === 'editprofile') {
    require_once $GLOBALS['xoops']->path('header.php');
    require_once __DIR__ . '/include/forms.php';
    $form = yogurt_getUserForm($GLOBALS['xoopsUser']);
    $form->assign($GLOBALS['xoopsTpl']);
    if (!empty($stop)) {
        $GLOBALS['xoopsTpl']->assign('stop', $stop);
}

    $xoBreadcrumbs[] = array('title' => _US_EDITPROFILE);
    }

if ($op === 'avatarform') {
    $GLOBALS['xoopsOption']['template_main'] = 'yogurt_avatar.tpl';
    require $GLOBALS['xoops']->path('header.php');
    $xoBreadcrumbs[] = array('title' => _US_MYAVATAR);

    $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
    if (!empty($oldavatar) && $oldavatar !== 'blank.gif') {
        $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
    }
    if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
        require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
        $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
        $form->setExtra('enctype="multipart/form-data"');
        $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
        $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']));
        $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
        $form->addElement(new XoopsFormHidden('op', 'avatarupload'));
        $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
        $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
        $form->assign($GLOBALS['xoopsTpl']);
    }
    $avatar_handler  = xoops_getHandler('avatar');
    $form2           = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
    $avatar_select   = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
    $avatar_list     = $avatar_handler->getList('S', true);
    $avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E');
    //    $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif";
    $avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif';
    $avatar_select->addOptionArray($avatar_list);
    $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
    $avatar_tray = new XoopsFormElementTray(_US_AVATAR, '&nbsp;');
    $avatar_tray->addElement($avatar_select);
    $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&amp;type=avatars','avatars',600,400);\">" . _LIST . '</a><br>'));
    $avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />"));
    $form2->addElement($avatar_tray);
    $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
    $form2->addElement(new XoopsFormHidden('op', 'avatarchoose'));
    $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
    $form2->assign($GLOBALS['xoopsTpl']);
}

if ($op === 'avatarupload') {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));

    }
    $xoops_upload_file = [];
    $uid               = 0;
    if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) {
        $xoops_upload_file = $_POST['xoops_upload_file'];
    }
    if (!empty($_POST['uid'])) {
        $uid = Request::getInt('uid', 0, 'POST');
    }
    if (empty($uid) || $xoopsUser->getVar('uid') !== $uid) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT);
    }
    $uploadDir         = XOOPS_UPLOAD_PATH . '/';
    $allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'];
    if (1 === $xoopsConfigUser['avatar_allow_upload']
        && $xoopsUser->getVar(
            'posts'
        ) >= $xoopsConfigUser['avatar_minposts']) {
        require_once XOOPS_ROOT_PATH . '/class/uploader.php';
        $uploader = new XoopsMediaUploader(
            XOOPS_UPLOAD_PATH . '/avatars,
            $allowed_mimetypes,
            $xoopsConfigUser['avatar_maxsize'],

            $xoopsConfigUser['avatar_width'],
            $xoopsConfigUser['avatar_height']
        );
        if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
            $uploader->setPrefix('cavt');
            if ($uploader->upload()) {
                /* @var XoopsAvatarHandler $avtHandler */
                $avtHandler = xoops_getHandler('avatar');
                $avatar      = $avtHandler->create();
                $avatar->setVar('avatar_file', 'avatars/' . $uploader->getSavedFileName());
                $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
                $avatar->setVar('avatar_mimetype', $uploader->getMediaType());
                $avatar->setVar('avatar_display', 1);
                $avatar->setVar('avatar_type', 'C');
                if (!$avtHandler->insert($avatar)) {
                    @unlink($uploader->getSavedDestination());
                } else {
                    $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
                    if (!empty($oldavatar) && false !== strpos(strtolower($oldavatar), 'cavt')) {
                        $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
                        if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
                            $avtHandler->delete($avatars[0]);
                            $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
                            if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
                                unlink($oldavatar_path);
                            }
                        }
                    }
                    $sql = sprintf('UPDATE %s SET user_avatar = %s WHERE uid = %u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars/' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid'));
                    $GLOBALS['xoopsDB']->query($sql);
                    $avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
                    redirect_header('index.php?t=' . time() . '&amp;uid=' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
                }
            }
        }
        redirect_header('edituser.php?op=avatarform', 3, $uploader->getErrors());
    }
}

if ($op === 'avatarchoose') {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));

    }
    $uid = 0;
    if (!empty($_POST['uid'])) {
        $uid = Request::getInt('uid', 0, 'POST');
    }
    if (empty($uid) || $xoopsUser->getVar('uid') != $uid) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT);
    }
    $user_avatar = '';
    $avtHandler = xoops_getHandler('avatar');
    if (!empty($_POST['user_avatar'])) {
        $user_avatar     = Request::getString('user_avatar', '', 'POST');
        $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
        $criteria_avatar->add(new Criteria('avatar_type', 'S'));
        $avatars = $avtHandler->getObjects($criteria_avatar);
        if (!is_array($avatars) || !count($avatars)) {
            $user_avatar = 'avatars/blank.gif';
        }
        unset($avatars, $criteria_avatar);
    }
    $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . '/' . $user_avatar);
    if (0 === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
        $oldavatar = $xoopsUser->getVar('user_avatar');
        $xoopsUser->setVar('user_avatar', $user_avatar);
        /* @var XoopsMemberHandler $memberHandler */
        $memberHandler = xoops_getHandler('member');
        if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) {
            require $GLOBALS['xoops']->path('header.php');
            echo $xoopsUser->getHtmlErrors();
            require XOOPS_ROOT_PATH . '/footer.php';
            exit();
        }
        //        if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) {
        if ($oldavatar && 0 === strpos(strtolower(substr($oldavatar, 8)), 'cavt')) {
            $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
            if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
                $avtHandler->delete($avatars[0]);
                $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
                if (0 === strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
                    unlink($oldavatar_path);
                }
            }
        }
        if ($user_avatar !== 'avatars/blank.gif') {
            $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar));
            if (is_object($avatars[0])) {
                $avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
            }
        }
    }
    redirect_header('index.php?uid=' . $uid, 0, _US_PROFUPDATED);
}


require __DIR__ . '/footer.php';
require dirname(__DIR__, 2) . '/footer.php';


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			You may not change or alter any portion of this comment or credits
7			of supporting developers from this source code or any supporting source code
8			which is considered copyrighted (c) material of the original comment or credit authors.
9
10			This program is distributed in the hope that it will be useful,
11			but WITHOUT ANY WARRANTY; without even the implied warranty of
12			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14			/**
15			* Extended User Profile
16			*
17			* @copyright XOOPS Project https://xoops.org/
18			* @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
19			* @author Jan Pedersen
20			* @author Taiwen Jiang <[email protected]>
21			* @author Marcello Brandão aka Suico, Mamba, LioMJ <https://xoops.org>
22			*/
23
24			use Xmf\Request;
25			use XoopsModules\Yogurt;
26			use XoopsModules\Yogurt\IndexController;
27
28			$GLOBALS['xoopsOption']['template_main'] = 'yogurt_editprofile.tpl';
29			require __DIR__ . '/header.php';
30
31			/**
32			* Fetching numbers of groups friends videos pictures etc...
33			*/
34			$controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule);
35			$nbSections = $controller->getNumbersSections();
36
37			require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
38
39			// If not a user, redirect
40			if (!is_object($GLOBALS['xoopsUser'])) {
41			redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
42			}
43
44			$myts = MyTextSanitizer::getInstance();
45			$op = Request::getCmd('op', editprofile);
46			/* @var XoopsConfigHandler $config_handler */
47			$config_handler = xoops_getHandler('config');
48			$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
49
50			if ($op === 'save') {
51			if (!$GLOBALS['xoopsSecurity']->check()) {
52			redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
53			exit();
54			}
55			$uid = $GLOBALS['xoopsUser']->getVar('uid');
56			$errors = array();
57			$edituser =& $GLOBALS['xoopsUser'];
58			if ($GLOBALS['xoopsUser']->isAdmin()) {
59			$edituser->setVar('uname', trim($_POST['uname']));
60			$edituser->setVar('email', trim($_POST['email']));
61			}
62			xoops_load('XoopsUserUtility');
63			$stop = XoopsUserUtility::validate($edituser);
64
65			if (!empty($stop)) {
66			$op = 'editprofile';
67			} else {
68
69			// Dynamic fields
70			$profile_handler = xoops_getModuleHandler('profile');
71			// Get fields
72			$fields = $profile_handler->loadFields();
73			// Get ids of fields that can be edited
74			/* @var XoopsGroupPermHandler $gperm_handler */
75			$gperm_handler = xoops_getHandler('groupperm');
76			$editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));
77
78			if (!$profile = $profile_handler->get($edituser->getVar('uid'))) {
79			$profile = $profile_handler->create();
80			$profile->setVar('profile_id', $edituser->getVar('uid'));
81			}
82
83			foreach (array_keys($fields) as $i) {
84			$fieldname = $fields[$i]->getVar('field_name');
85			if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) {
86			$value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
87			if (in_array($fieldname, $profile_handler->getUserVars())) {
88			$edituser->setVar($fieldname, $value);
89			} else {
90			$profile->setVar($fieldname, $value);
91			}
92			}
93			}
94			if (!$memberHandler->insertUser($edituser)) {
95			$stop = $edituser->getHtmlErrors();
96			$op = 'editprofile';
97			} else {
98			$profile->setVar('profile_id', $edituser->getVar('uid'));
99			$profile_handler->insert($profile);
100			unset($_SESSION['xoopsUserTheme']);
101			redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
102			}
103			}
104			}
105
106			if ($op === 'editprofile') {
107			require_once $GLOBALS['xoops']->path('header.php');
108			require_once __DIR__ . '/include/forms.php';
109			$form = yogurt_getUserForm($GLOBALS['xoopsUser']);
110			$form->assign($GLOBALS['xoopsTpl']);
111			if (!empty($stop)) {
112			$GLOBALS['xoopsTpl']->assign('stop', $stop);
113			}
114
115			$xoBreadcrumbs[] = array('title' => _US_EDITPROFILE);
116			}
117
118			if ($op === 'avatarform') {
119			$GLOBALS['xoopsOption']['template_main'] = 'yogurt_avatar.tpl';
120			require $GLOBALS['xoops']->path('header.php');
121			$xoBreadcrumbs[] = array('title' => _US_MYAVATAR);
122
123			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
124			if (!empty($oldavatar) && $oldavatar !== 'blank.gif') {
125			$GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
126			}
127			if ($GLOBALS['xoopsConfigUser']['avatar_allow_upload'] == 1 && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
128			require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
129			$form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
130			$form->setExtra('enctype="multipart/form-data"');
131			$form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
132			$form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']));
133			$form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
134			$form->addElement(new XoopsFormHidden('op', 'avatarupload'));
135			$form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
136			$form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
137			$form->assign($GLOBALS['xoopsTpl']);
138			}
139			$avatar_handler = xoops_getHandler('avatar');
140			$form2 = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
141			$avatar_select = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
142			$avatar_list = $avatar_handler->getList('S', true);
143			$avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E');
144			// $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif";
145			$avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif';
146			$avatar_select->addOptionArray($avatar_list);
147			$avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
148			$avatar_tray = new XoopsFormElementTray(_US_AVATAR, ' ');
149			$avatar_tray->addElement($avatar_select);
150			$avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&type=avatars','avatars',600,400);\">" . _LIST . '</a><br>'));
151			$avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt='' />"));
152			$form2->addElement($avatar_tray);
153			$form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
154			$form2->addElement(new XoopsFormHidden('op', 'avatarchoose'));
155			$form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
156			$form2->assign($GLOBALS['xoopsTpl']);
157			}
158
159			if ($op === 'avatarupload') {
160			if (!$GLOBALS['xoopsSecurity']->check()) {
161			redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
162
163			}
164			$xoops_upload_file = [];
165			$uid = 0;
166			if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) {
167			$xoops_upload_file = $_POST['xoops_upload_file'];
168			}
169			if (!empty($_POST['uid'])) {
170			$uid = Request::getInt('uid', 0, 'POST');
171			}
172			if (empty($uid) \|\| $xoopsUser->getVar('uid') !== $uid) {
173			redirect_header('index.php', 3, _US_NOEDITRIGHT);
174			}
175			$uploadDir = XOOPS_UPLOAD_PATH . '/';
176			$allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'];
177			if (1 === $xoopsConfigUser['avatar_allow_upload']
178			&& $xoopsUser->getVar(
179			'posts'
180			) >= $xoopsConfigUser['avatar_minposts']) {
181			require_once XOOPS_ROOT_PATH . '/class/uploader.php';
182			$uploader = new XoopsMediaUploader(
183			XOOPS_UPLOAD_PATH . '/avatars,
184			$allowed_mimetypes,
185			$xoopsConfigUser['avatar_maxsize'],
			0 ignored issues – show Bug introduced 2020-04-28 19:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this A parse error occurred: Syntax error, unexpected T_STRING, expecting ',' or ')' on line 185 at column 30 Loading history...
186			$xoopsConfigUser['avatar_width'],
187			$xoopsConfigUser['avatar_height']
188			);
189			if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
190			$uploader->setPrefix('cavt');
191			if ($uploader->upload()) {
192			/* @var XoopsAvatarHandler $avtHandler */
193			$avtHandler = xoops_getHandler('avatar');
194			$avatar = $avtHandler->create();
195			$avatar->setVar('avatar_file', 'avatars/' . $uploader->getSavedFileName());
196			$avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
197			$avatar->setVar('avatar_mimetype', $uploader->getMediaType());
198			$avatar->setVar('avatar_display', 1);
199			$avatar->setVar('avatar_type', 'C');
200			if (!$avtHandler->insert($avatar)) {
201			@unlink($uploader->getSavedDestination());
202			} else {
203			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
204			if (!empty($oldavatar) && false !== strpos(strtolower($oldavatar), 'cavt')) {
205			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
206			if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
207			$avtHandler->delete($avatars[0]);
208			$oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
209			if (0 === strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
210			unlink($oldavatar_path);
211			}
212			}
213			}
214			$sql = sprintf('UPDATE %s SET user_avatar = %s WHERE uid = %u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars/' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid'));
215			$GLOBALS['xoopsDB']->query($sql);
216			$avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
217			redirect_header('index.php?t=' . time() . '&uid=' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
218			}
219			}
220			}
221			redirect_header('edituser.php?op=avatarform', 3, $uploader->getErrors());
222			}
223			}
224
225			if ($op === 'avatarchoose') {
226			if (!$GLOBALS['xoopsSecurity']->check()) {
227			redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
228
229			}
230			$uid = 0;
231			if (!empty($_POST['uid'])) {
232			$uid = Request::getInt('uid', 0, 'POST');
233			}
234			if (empty($uid) \|\| $xoopsUser->getVar('uid') != $uid) {
235			redirect_header('index.php', 3, _US_NOEDITRIGHT);
236			}
237			$user_avatar = '';
238			$avtHandler = xoops_getHandler('avatar');
239			if (!empty($_POST['user_avatar'])) {
240			$user_avatar = Request::getString('user_avatar', '', 'POST');
241			$criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
242			$criteria_avatar->add(new Criteria('avatar_type', 'S'));
243			$avatars = $avtHandler->getObjects($criteria_avatar);
244			if (!is_array($avatars) \|\| !count($avatars)) {
245			$user_avatar = 'avatars/blank.gif';
246			}
247			unset($avatars, $criteria_avatar);
248			}
249			$user_avatarpath = realpath(XOOPS_UPLOAD_PATH . '/' . $user_avatar);
250			if (0 === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
251			$oldavatar = $xoopsUser->getVar('user_avatar');
252			$xoopsUser->setVar('user_avatar', $user_avatar);
253			/* @var XoopsMemberHandler $memberHandler */
254			$memberHandler = xoops_getHandler('member');
255			if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) {
256			require $GLOBALS['xoops']->path('header.php');
257			echo $xoopsUser->getHtmlErrors();
258			require XOOPS_ROOT_PATH . '/footer.php';
259			exit();
260			}
261			// if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) {
262			if ($oldavatar && 0 === strpos(strtolower(substr($oldavatar, 8)), 'cavt')) {
263			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
264			if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
265			$avtHandler->delete($avatars[0]);
266			$oldavatar_path = realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar);
267			if (0 === strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
268			unlink($oldavatar_path);
269			}
270			}
271			}
272			if ($user_avatar !== 'avatars/blank.gif') {
273			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar));
274			if (is_object($avatars[0])) {
275			$avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
276			}
277			}
278			}
279			redirect_header('index.php?uid=' . $uid, 0, _US_PROFUPDATED);
280			}
281
282
283			require __DIR__ . '/footer.php';
284			require dirname(__DIR__, 2) . '/footer.php';
285

XoopsModules25x / suico

Pull Request — master (#81)

edituser.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like