Issues in edituser.php - New Issues - Inspection of "Update language admin.php" - XoopsModules25x/suico - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#192)

by Lio

created 2025-06-26 12:09 UTC

edituser.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php declare(strict_types=1);
/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
 * Extended User Profile
 *
 * @copyright    XOOPS Project (https://xoops.org)
 * @license      GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
 * @author       Jan Pedersen
 * @author       Taiwen Jiang <[email protected]>
 * @author       Marcello Brandão aka  Suico, Mamba, LioMJ  <https://xoops.org>
 */

use Xmf\Request;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php
use XoopsModules\Suico\{
    Form\UserForm,
    IndexController
};


$GLOBALS['xoopsOption']['template_main'] = 'suico_editprofile.tpl';
require __DIR__ . '/header.php';
/**
 * Fetching numbers of groups friends videos pictures etc...
 */
$controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule);
/** @var XoopsMemberHandler $memberHandler */
$memberHandler = xoops_getHandler('member');
$nbSections    = $controller->getNumbersSections();
require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
// If not a user, redirect
if (!is_object($GLOBALS['xoopsUser'])) {
    redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
}
$myts = \MyTextSanitizer::getInstance();
$op   = Request::getCmd('op', 'editprofile');
/** @var \XoopsConfigHandler $configHandler */
$configHandler              = xoops_getHandler('config');
$GLOBALS['xoopsConfigUser'] = $configHandler->getConfigsByCat(XOOPS_CONF_USER);
if ('save' === $op) {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
        exit();
    }
    $uid      = $GLOBALS['xoopsUser']->getVar('uid');
    $errors   = [];
    $edituser = &$GLOBALS['xoopsUser'];
    if ($GLOBALS['xoopsUser']->isAdmin()) {
        $edituser->setVar('uname', trim($_POST['uname']));
        $edituser->setVar('email', trim($_POST['email']));
    }
    xoops_load('XoopsUserUtility');
    $stop = XoopsUserUtility::validate($edituser);
    if (!empty($stop)) {
        $op = 'editprofile';
    } else {
        // Dynamic fields
        $profileHandler = $helper->getHandler('Profile');
        // Get fields
        $fields = $profileHandler->loadFields();
        // Get ids of fields that can be edited
        /** @var \XoopsGroupPermHandler $grouppermHandler */
        $grouppermHandler = xoops_getHandler('groupperm');
        $editable_fields  = $grouppermHandler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));
        if (!$profile = $profileHandler->get($edituser->getVar('uid'))) {
            $profile = $profileHandler->create();
            $profile->setVar('profile_id', $edituser->getVar('uid'));
        }
        foreach (array_keys($fields) as $i) {
            $fieldname = $fields[$i]->getVar('field_name');
            if (in_array($fields[$i]->getVar('field_id'), $editable_fields, true) && isset($_REQUEST[$fieldname])) {
                $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
                if (in_array($fieldname, $profileHandler->getUserVars(), true)) {
                    $edituser->setVar($fieldname, $value);
                } else {
                    $profile->setVar($fieldname, $value);
                }
            }
        }
        if ($memberHandler->insertUser($edituser)) {
            $profile->setVar('profile_id', $edituser->getVar('uid'));
            $profileHandler->insert($profile);
            unset($_SESSION['xoopsUserTheme']);
            redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
        } else {
            $stop = $edituser->getHtmlErrors();
            $op   = 'editprofile';
        }
    }
}
if ('editprofile' === $op) {
    require_once $GLOBALS['xoops']->path('header.php');
    $form = new UserForm($GLOBALS['xoopsUser']);
    $form->assign($GLOBALS['xoopsTpl']);
    if (!empty($stop)) {
        $GLOBALS['xoopsTpl']->assign('stop', $stop);
    }
    $xoBreadcrumbs[] = ['title' => _US_EDITPROFILE];
}
if ('avatarform' === $op) {
    $GLOBALS['xoopsOption']['template_main'] = 'suico_avatar.tpl';
    require $GLOBALS['xoops']->path('header.php');
    $xoBreadcrumbs[] = ['title' => _US_MYAVATAR];
    $oldavatar       = $GLOBALS['xoopsUser']->getVar('user_avatar');
    if (!empty($oldavatar) && 'blank.gif' !== $oldavatar) {
        $GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
    }
    if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
        require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
        $form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
        $form->setExtra('enctype="multipart/form-data"');
        $form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
        $form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']));
        $form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
        $form->addElement(new XoopsFormHidden('op', 'avatarupload'));
        $form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
        $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
        $form->assign($GLOBALS['xoopsTpl']);
    }
    $avatarHandler   = xoops_getHandler('avatar');
    $form2           = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
    $avatar_select   = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
    $avatar_list     = $avatarHandler->getList('S', true);
    $avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E');
    //    $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif";
    $avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif';
    $avatar_select->addOptionArray($avatar_list);
    $avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
    $avatar_tray = new XoopsFormElementTray(_US_AVATAR, '&nbsp;');
    $avatar_tray->addElement($avatar_select);
    $avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&amp;type=avatars','avatars',600,400);\">" . _LIST . '</a><br>'));
    $avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt=''>"));
    $form2->addElement($avatar_tray);
    $form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
    $form2->addElement(new XoopsFormHidden('op', 'avatarchoose'));
    $form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
    $form2->assign($GLOBALS['xoopsTpl']);
}
if ('avatarupload' === $op) {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
    }
    $xoops_upload_file = [];
    $uid               = 0;
    if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) {
        $xoops_upload_file = $_POST['xoops_upload_file'];
    }
    if (!empty($_POST['uid'])) {
        $uid = Request::getInt('uid', 0, 'POST');
    }
    if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT);
    }
    $allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'];
    if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload']
        && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
        require_once $GLOBALS['xoops']->path('class/uploader.php');
        $uploader = new XoopsMediaUploader(
            XOOPS_UPLOAD_PATH . '/avatars',
            $allowed_mimetypes,
            $GLOBALS['xoopsConfigUser']['avatar_maxsize'],
            $GLOBALS['xoopsConfigUser']['avatar_width'],
            $GLOBALS['xoopsConfigUser']['avatar_height']
        );
        if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
            $uploader->setPrefix('cavt');
            if ($uploader->upload()) {
                /** @var XoopsAvatarHandler $avtHandler */
                $avtHandler = xoops_getHandler('avatar');
                $avatar     = $avtHandler->create();
                $avatar->setVar('avatar_file', 'avatars / ' . $uploader->getSavedFileName());
                $avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
                $avatar->setVar('avatar_mimetype', $uploader->getMediaType());
                $avatar->setVar('avatar_display', 1);
                $avatar->setVar('avatar_type', 'C');
                if ($avtHandler->insert($avatar)) {
                    $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
                    if (!empty($oldavatar) && false !== \mb_stripos($oldavatar, 'cavt')) {
                        $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
                        if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
                            $avtHandler->delete($avatars[0]);
                            $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);
                            if (0 === \mb_strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
                                if (false === @\unlink($oldavatar_path)) {
                                    throw new \RuntimeException('The file ' . $oldavatar_path . ' could not be deleted.');
                                }
                            }
                        }
                    }
                    $sql = sprintf('UPDATE % s SET user_avatar = % s WHERE uid = % u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars / ' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid'));
                    $GLOBALS['xoopsDB']->query($sql);
                    $avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
                    redirect_header('index.php?t=' . time() . '&uid=' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
                } else {
                    $file = $uploader->getSavedDestination();
                    if (false === @\unlink($file)) {
                        throw new \RuntimeException('The file ' . $file . ' could not be deleted.');
                    }
                }
            }
        }
        redirect_header('edituser.php?op=avatarform', 3, $uploader->getErrors());
    }
}
if ('avatarchoose' === $op) {
    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT . ' <br> ' . implode(' <br> ', $GLOBALS['xoopsSecurity']->getErrors()));
    }
    $uid = 0;
    if (!empty($_POST['uid'])) {
        $uid = Request::getInt('uid', 0, 'POST');
    }
    if (empty($uid) || $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
        redirect_header('index.php', 3, _US_NOEDITRIGHT);
    }
    $user_avatar = '';
    $avtHandler  = xoops_getHandler('avatar');
    if (!empty($_POST['user_avatar'])) {
        $user_avatar     = Request::getString('user_avatar', '', 'POST');
        $criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
        $criteria_avatar->add(new Criteria('avatar_type', 'S'));
        $avatars = $avtHandler->getObjects($criteria_avatar);
        if (!is_array($avatars) || !count($avatars)) {
            $user_avatar = 'avatars / blank . gif';
        }
        unset($avatars, $criteria_avatar);
    }
    $user_avatarpath = realpath(XOOPS_UPLOAD_PATH . ' / ' . $user_avatar);
    if (0 === mb_strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
        $oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
        $GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar);
        if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) {
            require $GLOBALS['xoops']->path('header . php');
            echo $GLOBALS['xoopsUser']->getHtmlErrors();
            require $GLOBALS['xoops']->path('footer.php');
            exit();
        }
        //        if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) {
        if ($oldavatar && 0 === mb_stripos(mb_substr($oldavatar, 8), 'cavt')) {
            $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
            if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
                $avtHandler->delete($avatars[0]);
                $oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);
                if (0 === mb_strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
                    if (false === @\unlink($oldavatar_path)) {
                        throw new \RuntimeException('The file ' . $oldavatar_path . ' could not be deleted.');
                    }
                }
            }
        }
        if ('avatars/blank.gif' !== $user_avatar) {
            $avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar));
            if (is_object($avatars[0])) {
                $avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
            }
        }
    }
    redirect_header('index.php?uid=' . $uid, 0, _US_PROFUPDATED);
}
require __DIR__ . '/footer.php';
require \dirname(__DIR__, 2) . '/footer.php';


1			<?php declare(strict_types=1);
2			/*
3			You may not change or alter any portion of this comment or credits
4			of supporting developers from this source code or any supporting source code
5			which is considered copyrighted (c) material of the original comment or credit authors.
6
7			This program is distributed in the hope that it will be useful,
8			but WITHOUT ANY WARRANTY; without even the implied warranty of
9			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* Extended User Profile
14			*
15			* @copyright XOOPS Project (https://xoops.org)
16			* @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
17			* @author Jan Pedersen
18			* @author Taiwen Jiang <[email protected]>
19			* @author Marcello Brandão aka Suico, Mamba, LioMJ <https://xoops.org>
20			*/
21
22			use Xmf\Request;
			0 ignored issues – show Bug introduced 2025-06-25 13:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `Request`. Consider defining an alias. Let?s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let?s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
23			use XoopsModules\Suico\{
24			Form\UserForm,
25			IndexController
26			};
27
28
29			$GLOBALS['xoopsOption']['template_main'] = 'suico_editprofile.tpl';
30			require __DIR__ . '/header.php';
31			/**
32			* Fetching numbers of groups friends videos pictures etc...
33			*/
34			$controller = new IndexController($xoopsDB, $xoopsUser, $xoopsModule);
35			/** @var XoopsMemberHandler $memberHandler */
36			$memberHandler = xoops_getHandler('member');
37			$nbSections = $controller->getNumbersSections();
38			require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
39			// If not a user, redirect
40			if (!is_object($GLOBALS['xoopsUser'])) {
41			redirect_header(XOOPS_URL, 3, _US_NOEDITRIGHT);
42			}
43			$myts = \MyTextSanitizer::getInstance();
44			$op = Request::getCmd('op', 'editprofile');
45			/** @var \XoopsConfigHandler $configHandler */
46			$configHandler = xoops_getHandler('config');
47			$GLOBALS['xoopsConfigUser'] = $configHandler->getConfigsByCat(XOOPS_CONF_USER);
48			if ('save' === $op) {
49			if (!$GLOBALS['xoopsSecurity']->check()) {
50			redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
51			exit();
52			}
53			$uid = $GLOBALS['xoopsUser']->getVar('uid');
54			$errors = [];
55			$edituser = &$GLOBALS['xoopsUser'];
56			if ($GLOBALS['xoopsUser']->isAdmin()) {
57			$edituser->setVar('uname', trim($_POST['uname']));
58			$edituser->setVar('email', trim($_POST['email']));
59			}
60			xoops_load('XoopsUserUtility');
61			$stop = XoopsUserUtility::validate($edituser);
62			if (!empty($stop)) {
63			$op = 'editprofile';
64			} else {
65			// Dynamic fields
66			$profileHandler = $helper->getHandler('Profile');
67			// Get fields
68			$fields = $profileHandler->loadFields();
69			// Get ids of fields that can be edited
70			/** @var \XoopsGroupPermHandler $grouppermHandler */
71			$grouppermHandler = xoops_getHandler('groupperm');
72			$editable_fields = $grouppermHandler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));
73			if (!$profile = $profileHandler->get($edituser->getVar('uid'))) {
74			$profile = $profileHandler->create();
75			$profile->setVar('profile_id', $edituser->getVar('uid'));
76			}
77			foreach (array_keys($fields) as $i) {
78			$fieldname = $fields[$i]->getVar('field_name');
79			if (in_array($fields[$i]->getVar('field_id'), $editable_fields, true) && isset($_REQUEST[$fieldname])) {
80			$value = $fields[$i]->getValueForSave($_REQUEST[$fieldname]);
81			if (in_array($fieldname, $profileHandler->getUserVars(), true)) {
82			$edituser->setVar($fieldname, $value);
83			} else {
84			$profile->setVar($fieldname, $value);
85			}
86			}
87			}
88			if ($memberHandler->insertUser($edituser)) {
89			$profile->setVar('profile_id', $edituser->getVar('uid'));
90			$profileHandler->insert($profile);
91			unset($_SESSION['xoopsUserTheme']);
92			redirect_header(XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/index.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
93			} else {
94			$stop = $edituser->getHtmlErrors();
95			$op = 'editprofile';
96			}
97			}
98			}
99			if ('editprofile' === $op) {
100			require_once $GLOBALS['xoops']->path('header.php');
101			$form = new UserForm($GLOBALS['xoopsUser']);
102			$form->assign($GLOBALS['xoopsTpl']);
103			if (!empty($stop)) {
104			$GLOBALS['xoopsTpl']->assign('stop', $stop);
105			}
106			$xoBreadcrumbs[] = ['title' => _US_EDITPROFILE];
107			}
108			if ('avatarform' === $op) {
109			$GLOBALS['xoopsOption']['template_main'] = 'suico_avatar.tpl';
110			require $GLOBALS['xoops']->path('header.php');
111			$xoBreadcrumbs[] = ['title' => _US_MYAVATAR];
112			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
113			if (!empty($oldavatar) && 'blank.gif' !== $oldavatar) {
114			$GLOBALS['xoopsTpl']->assign('old_avatar', XOOPS_UPLOAD_URL . '/' . $oldavatar);
115			}
116			if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload'] && $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
117			require_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
118			$form = new XoopsThemeForm(_US_UPLOADMYAVATAR, 'uploadavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
119			$form->setExtra('enctype="multipart/form-data"');
120			$form->addElement(new XoopsFormLabel(_US_MAXPIXEL, $GLOBALS['xoopsConfigUser']['avatar_width'] . ' x ' . $GLOBALS['xoopsConfigUser']['avatar_height']));
121			$form->addElement(new XoopsFormLabel(_US_MAXIMGSZ, $GLOBALS['xoopsConfigUser']['avatar_maxsize']));
122			$form->addElement(new XoopsFormFile(_US_SELFILE, 'avatarfile', $GLOBALS['xoopsConfigUser']['avatar_maxsize']), true);
123			$form->addElement(new XoopsFormHidden('op', 'avatarupload'));
124			$form->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
125			$form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
126			$form->assign($GLOBALS['xoopsTpl']);
127			}
128			$avatarHandler = xoops_getHandler('avatar');
129			$form2 = new XoopsThemeForm(_US_CHOOSEAVT, 'chooseavatar', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/edituser.php', 'post', true);
130			$avatar_select = new XoopsFormSelect('', 'user_avatar', $GLOBALS['xoopsUser']->getVar('user_avatar'));
131			$avatar_list = $avatarHandler->getList('S', true);
132			$avatar_selected = $GLOBALS['xoopsUser']->getVar('user_avatar', 'E');
133			// $avatar_selected = in_array($avatar_selected, array_keys($avatar_list)) ? $avatar_selected : "blank.gif";
134			$avatar_selected = array_key_exists($avatar_selected, $avatar_list) ? $avatar_selected : 'blank.gif';
135			$avatar_select->addOptionArray($avatar_list);
136			$avatar_select->setExtra("onchange='showImgSelected(\"avatar\", \"user_avatar\", \"uploads\", \"\", \"" . XOOPS_URL . "\")'");
137			$avatar_tray = new XoopsFormElementTray(_US_AVATAR, ' ');
138			$avatar_tray->addElement($avatar_select);
139			$avatar_tray->addElement(new XoopsFormLabel('', "<a href=\"javascript:openWithSelfMain('" . XOOPS_URL . "/misc.php?action=showpopups&type=avatars','avatars',600,400);\">" . _LIST . '</a><br>'));
140			$avatar_tray->addElement(new XoopsFormLabel('', "<br><img src='" . XOOPS_UPLOAD_URL . '/' . $avatar_selected . "' name='avatar' id='avatar' alt=''>"));
141			$form2->addElement($avatar_tray);
142			$form2->addElement(new XoopsFormHidden('uid', $GLOBALS['xoopsUser']->getVar('uid')));
143			$form2->addElement(new XoopsFormHidden('op', 'avatarchoose'));
144			$form2->addElement(new XoopsFormButton('', 'submit2', _SUBMIT, 'submit'));
145			$form2->assign($GLOBALS['xoopsTpl']);
146			}
147			if ('avatarupload' === $op) {
148			if (!$GLOBALS['xoopsSecurity']->check()) {
149			redirect_header('index.php', 3, _US_NOEDITRIGHT . '<br>' . implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
150			}
151			$xoops_upload_file = [];
152			$uid = 0;
153			if (!empty($_POST['xoops_upload_file']) && is_array($_POST['xoops_upload_file'])) {
154			$xoops_upload_file = $_POST['xoops_upload_file'];
155			}
156			if (!empty($_POST['uid'])) {
157			$uid = Request::getInt('uid', 0, 'POST');
158			}
159			if (empty($uid) \|\| $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
160			redirect_header('index.php', 3, _US_NOEDITRIGHT);
161			}
162			$allowed_mimetypes = ['image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'];
163			if (1 == $GLOBALS['xoopsConfigUser']['avatar_allow_upload']
164			&& $GLOBALS['xoopsUser']->getVar('posts') >= $GLOBALS['xoopsConfigUser']['avatar_minposts']) {
165			require_once $GLOBALS['xoops']->path('class/uploader.php');
166			$uploader = new XoopsMediaUploader(
167			XOOPS_UPLOAD_PATH . '/avatars',
168			$allowed_mimetypes,
169			$GLOBALS['xoopsConfigUser']['avatar_maxsize'],
170			$GLOBALS['xoopsConfigUser']['avatar_width'],
171			$GLOBALS['xoopsConfigUser']['avatar_height']
172			);
173			if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
174			$uploader->setPrefix('cavt');
175			if ($uploader->upload()) {
176			/** @var XoopsAvatarHandler $avtHandler */
177			$avtHandler = xoops_getHandler('avatar');
178			$avatar = $avtHandler->create();
179			$avatar->setVar('avatar_file', 'avatars / ' . $uploader->getSavedFileName());
180			$avatar->setVar('avatar_name', $GLOBALS['xoopsUser']->getVar('uname'));
181			$avatar->setVar('avatar_mimetype', $uploader->getMediaType());
182			$avatar->setVar('avatar_display', 1);
183			$avatar->setVar('avatar_type', 'C');
184			if ($avtHandler->insert($avatar)) {
185			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
186			if (!empty($oldavatar) && false !== \mb_stripos($oldavatar, 'cavt')) {
187			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
188			if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
189			$avtHandler->delete($avatars[0]);
190			$oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);
191			if (0 === \mb_strpos($oldavatar_path, XOOPS_UPLOAD_PATH) && is_file($oldavatar_path)) {
192			if (false === @\unlink($oldavatar_path)) {
193			throw new \RuntimeException('The file ' . $oldavatar_path . ' could not be deleted.');
194			}
195			}
196			}
197			}
198			$sql = sprintf('UPDATE % s SET user_avatar = % s WHERE uid = % u', $GLOBALS['xoopsDB']->prefix('users'), $GLOBALS['xoopsDB']->quoteString('avatars / ' . $uploader->getSavedFileName()), $GLOBALS['xoopsUser']->getVar('uid'));
199			$GLOBALS['xoopsDB']->query($sql);
200			$avtHandler->addUser($avatar->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
201			redirect_header('index.php?t=' . time() . '&uid=' . $GLOBALS['xoopsUser']->getVar('uid'), 3, _US_PROFUPDATED);
202			} else {
203			$file = $uploader->getSavedDestination();
204			if (false === @\unlink($file)) {
205			throw new \RuntimeException('The file ' . $file . ' could not be deleted.');
206			}
207			}
208			}
209			}
210			redirect_header('edituser.php?op=avatarform', 3, $uploader->getErrors());
211			}
212			}
213			if ('avatarchoose' === $op) {
214			if (!$GLOBALS['xoopsSecurity']->check()) {
215			redirect_header('index.php', 3, _US_NOEDITRIGHT . ' <br> ' . implode(' <br> ', $GLOBALS['xoopsSecurity']->getErrors()));
216			}
217			$uid = 0;
218			if (!empty($_POST['uid'])) {
219			$uid = Request::getInt('uid', 0, 'POST');
220			}
221			if (empty($uid) \|\| $GLOBALS['xoopsUser']->getVar('uid') != $uid) {
222			redirect_header('index.php', 3, _US_NOEDITRIGHT);
223			}
224			$user_avatar = '';
225			$avtHandler = xoops_getHandler('avatar');
226			if (!empty($_POST['user_avatar'])) {
227			$user_avatar = Request::getString('user_avatar', '', 'POST');
228			$criteria_avatar = new CriteriaCompo(new Criteria('avatar_file', $user_avatar));
229			$criteria_avatar->add(new Criteria('avatar_type', 'S'));
230			$avatars = $avtHandler->getObjects($criteria_avatar);
231			if (!is_array($avatars) \|\| !count($avatars)) {
232			$user_avatar = 'avatars / blank . gif';
233			}
234			unset($avatars, $criteria_avatar);
235			}
236			$user_avatarpath = realpath(XOOPS_UPLOAD_PATH . ' / ' . $user_avatar);
237			if (0 === mb_strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
238			$oldavatar = $GLOBALS['xoopsUser']->getVar('user_avatar');
239			$GLOBALS['xoopsUser']->setVar('user_avatar', $user_avatar);
240			if (!$memberHandler->insertUser($GLOBALS['xoopsUser'])) {
241			require $GLOBALS['xoops']->path('header . php');
242			echo $GLOBALS['xoopsUser']->getHtmlErrors();
243			require $GLOBALS['xoops']->path('footer.php');
244			exit();
245			}
246			// if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar, 8)))) {
247			if ($oldavatar && 0 === mb_stripos(mb_substr($oldavatar, 8), 'cavt')) {
248			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $oldavatar));
249			if (!empty($avatars) && 1 == count($avatars) && is_object($avatars[0])) {
250			$avtHandler->delete($avatars[0]);
251			$oldavatar_path = realpath(XOOPS_UPLOAD_PATH . ' / ' . $oldavatar);
252			if (0 === mb_strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
253			if (false === @\unlink($oldavatar_path)) {
254			throw new \RuntimeException('The file ' . $oldavatar_path . ' could not be deleted.');
255			}
256			}
257			}
258			}
259			if ('avatars/blank.gif' !== $user_avatar) {
260			$avatars = $avtHandler->getObjects(new Criteria('avatar_file', $user_avatar));
261			if (is_object($avatars[0])) {
262			$avtHandler->addUser($avatars[0]->getVar('avatar_id'), $GLOBALS['xoopsUser']->getVar('uid'));
263			}
264			}
265			}
266			redirect_header('index.php?uid=' . $uid, 0, _US_PROFUPDATED);
267			}
268			require __DIR__ . '/footer.php';
269			require \dirname(__DIR__, 2) . '/footer.php';
270

XoopsModules25x / suico

Pull Request — master (#192)

edituser.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like