albertlast /
SMF2.1
| Conditions | 104 |
| Paths | 0 |
| Total Lines | 714 |
| Code Lines | 438 |
| Lines | 9 |
| Ratio | 1.26 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 26 | function ModifyProfile($post_errors = array()) |
||
| 27 | { |
||
| 28 | global $txt, $scripturl, $user_info, $context, $sourcedir, $user_profile, $cur_profile; |
||
| 29 | global $modSettings, $memberContext, $profile_vars, $post_errors, $smcFunc; |
||
| 30 | |||
| 31 | // Don't reload this as we may have processed error strings. |
||
| 32 | if (empty($post_errors)) |
||
| 33 | loadLanguage('Profile+Drafts'); |
||
| 34 | loadTemplate('Profile'); |
||
| 35 | |||
| 36 | require_once($sourcedir . '/Subs-Menu.php'); |
||
| 37 | |||
| 38 | // Did we get the user by name... |
||
| 39 | if (isset($_REQUEST['user'])) |
||
| 40 | $memberResult = loadMemberData($_REQUEST['user'], true, 'profile'); |
||
| 41 | // ... or by id_member? |
||
| 42 | elseif (!empty($_REQUEST['u'])) |
||
| 43 | $memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile'); |
||
| 44 | // If it was just ?action=profile, edit your own profile, but only if you're not a guest. |
||
| 45 | else |
||
| 46 | { |
||
| 47 | // Members only... |
||
| 48 | is_not_guest(); |
||
| 49 | $memberResult = loadMemberData($user_info['id'], false, 'profile'); |
||
| 50 | } |
||
| 51 | |||
| 52 | // Check if loadMemberData() has returned a valid result. |
||
| 53 | if (!$memberResult) |
||
|
|
|||
| 54 | fatal_lang_error('not_a_user', false, 404); |
||
| 55 | |||
| 56 | // If all went well, we have a valid member ID! |
||
| 57 | list ($memID) = $memberResult; |
||
| 58 | $context['id_member'] = $memID; |
||
| 59 | $cur_profile = $user_profile[$memID]; |
||
| 60 | |||
| 61 | // Let's have some information about this member ready, too. |
||
| 62 | loadMemberContext($memID); |
||
| 63 | $context['member'] = $memberContext[$memID]; |
||
| 64 | |||
| 65 | // Is this the profile of the user himself or herself? |
||
| 66 | $context['user']['is_owner'] = $memID == $user_info['id']; |
||
| 67 | |||
| 68 | // Group management isn't actually a permission. But we need it to be for this, so we need a phantom permission. |
||
| 69 | // And we care about what the current user can do, not what the user whose profile it is. |
||
| 70 | if ($user_info['mod_cache']['gq'] != '0=1') |
||
| 71 | $user_info['permissions'][] = 'approve_group_requests'; |
||
| 72 | |||
| 73 | // If paid subscriptions are enabled, make sure we actually have at least one subscription available... |
||
| 74 | $context['subs_available'] = false; |
||
| 75 | |||
| 76 | if (!empty($modSettings['paid_enabled'])) |
||
| 77 | { |
||
| 78 | $get_active_subs = $smcFunc['db_query']('', ' |
||
| 79 | SELECT COUNT(*) |
||
| 80 | FROM {db_prefix}subscriptions |
||
| 81 | WHERE active = {int:active}', array( |
||
| 82 | 'active' => 1, |
||
| 83 | ) |
||
| 84 | ); |
||
| 85 | |||
| 86 | list ($num_subs) = $smcFunc['db_fetch_row']($get_active_subs); |
||
| 87 | |||
| 88 | $context['subs_available'] = ($num_subs > 0); |
||
| 89 | |||
| 90 | $smcFunc['db_free_result']($get_active_subs); |
||
| 91 | } |
||
| 92 | |||
| 93 | /* Define all the sections within the profile area! |
||
| 94 | We start by defining the permission required - then SMF takes this and turns it into the relevant context ;) |
||
| 95 | Possible fields: |
||
| 96 | For Section: |
||
| 97 | string $title: Section title. |
||
| 98 | array $areas: Array of areas within this section. |
||
| 99 | |||
| 100 | For Areas: |
||
| 101 | string $label: Text string that will be used to show the area in the menu. |
||
| 102 | string $file: Optional text string that may contain a file name that's needed for inclusion in order to display the area properly. |
||
| 103 | string $custom_url: Optional href for area. |
||
| 104 | string $function: Function to execute for this section. Can be a call to an static method: class::method |
||
| 105 | string $class If your function is a method, set the class field with your class's name and SMF will create a new instance for it. |
||
| 106 | bool $enabled: Should area be shown? |
||
| 107 | string $sc: Session check validation to do on save - note without this save will get unset - if set. |
||
| 108 | bool $hidden: Does this not actually appear on the menu? |
||
| 109 | bool $password: Whether to require the user's password in order to save the data in the area. |
||
| 110 | array $subsections: Array of subsections, in order of appearance. |
||
| 111 | array $permission: Array of permissions to determine who can access this area. Should contain arrays $own and $any. |
||
| 112 | */ |
||
| 113 | $profile_areas = array( |
||
| 114 | 'info' => array( |
||
| 115 | 'title' => $txt['profileInfo'], |
||
| 116 | 'areas' => array( |
||
| 117 | 'summary' => array( |
||
| 118 | 'label' => $txt['summary'], |
||
| 119 | 'file' => 'Profile-View.php', |
||
| 120 | 'function' => 'summary', |
||
| 121 | 'icon' => 'administration', |
||
| 122 | 'permission' => array( |
||
| 123 | 'own' => 'is_not_guest', |
||
| 124 | 'any' => 'profile_view', |
||
| 125 | ), |
||
| 126 | ), |
||
| 127 | 'popup' => array( |
||
| 128 | 'function' => 'profile_popup', |
||
| 129 | 'permission' => array( |
||
| 130 | 'own' => 'is_not_guest', |
||
| 131 | 'any' => array(), |
||
| 132 | ), |
||
| 133 | 'select' => 'summary', |
||
| 134 | ), |
||
| 135 | 'alerts_popup' => array( |
||
| 136 | 'function' => 'alerts_popup', |
||
| 137 | 'permission' => array( |
||
| 138 | 'own' => 'is_not_guest', |
||
| 139 | 'any' => array(), |
||
| 140 | ), |
||
| 141 | 'select' => 'summary', |
||
| 142 | ), |
||
| 143 | 'statistics' => array( |
||
| 144 | 'label' => $txt['statPanel'], |
||
| 145 | 'file' => 'Profile-View.php', |
||
| 146 | 'function' => 'statPanel', |
||
| 147 | 'icon' => 'stats', |
||
| 148 | 'permission' => array( |
||
| 149 | 'own' => 'is_not_guest', |
||
| 150 | 'any' => 'profile_view', |
||
| 151 | ), |
||
| 152 | ), |
||
| 153 | 'showposts' => array( |
||
| 154 | 'label' => $txt['showPosts'], |
||
| 155 | 'file' => 'Profile-View.php', |
||
| 156 | 'function' => 'showPosts', |
||
| 157 | 'icon' => 'posts', |
||
| 158 | 'subsections' => array( |
||
| 159 | 'messages' => array($txt['showMessages'], array('is_not_guest', 'profile_view')), |
||
| 160 | 'topics' => array($txt['showTopics'], array('is_not_guest', 'profile_view')), |
||
| 161 | 'unwatchedtopics' => array($txt['showUnwatched'], array('is_not_guest', 'profile_view'), 'enabled' => $context['user']['is_owner']), |
||
| 162 | 'attach' => array($txt['showAttachments'], array('is_not_guest', 'profile_view')), |
||
| 163 | ), |
||
| 164 | 'permission' => array( |
||
| 165 | 'own' => 'is_not_guest', |
||
| 166 | 'any' => 'profile_view', |
||
| 167 | ), |
||
| 168 | ), |
||
| 169 | 'showdrafts' => array( |
||
| 170 | 'label' => $txt['drafts_show'], |
||
| 171 | 'file' => 'Drafts.php', |
||
| 172 | 'function' => 'showProfileDrafts', |
||
| 173 | 'icon' => 'drafts', |
||
| 174 | 'enabled' => !empty($modSettings['drafts_post_enabled']) && $context['user']['is_owner'], |
||
| 175 | 'permission' => array( |
||
| 176 | 'own' => 'is_not_guest', |
||
| 177 | 'any' => array(), |
||
| 178 | ), |
||
| 179 | ), |
||
| 180 | 'showalerts' => array( |
||
| 181 | 'label' => $txt['alerts_show'], |
||
| 182 | 'file' => 'Profile-View.php', |
||
| 183 | 'function' => 'showAlerts', |
||
| 184 | 'icon' => 'alerts', |
||
| 185 | 'permission' => array( |
||
| 186 | 'own' => 'is_not_guest', |
||
| 187 | 'any' => array(), |
||
| 188 | ), |
||
| 189 | ), |
||
| 190 | 'permissions' => array( |
||
| 191 | 'label' => $txt['showPermissions'], |
||
| 192 | 'file' => 'Profile-View.php', |
||
| 193 | 'function' => 'showPermissions', |
||
| 194 | 'icon' => 'permissions', |
||
| 195 | 'permission' => array( |
||
| 196 | 'own' => 'manage_permissions', |
||
| 197 | 'any' => 'manage_permissions', |
||
| 198 | ), |
||
| 199 | ), |
||
| 200 | 'tracking' => array( |
||
| 201 | 'label' => $txt['trackUser'], |
||
| 202 | 'file' => 'Profile-View.php', |
||
| 203 | 'function' => 'tracking', |
||
| 204 | 'icon' => 'logs', |
||
| 205 | 'subsections' => array( |
||
| 206 | 'activity' => array($txt['trackActivity'], 'moderate_forum'), |
||
| 207 | 'ip' => array($txt['trackIP'], 'moderate_forum'), |
||
| 208 | 'edits' => array($txt['trackEdits'], 'moderate_forum', 'enabled' => !empty($modSettings['userlog_enabled'])), |
||
| 209 | 'groupreq' => array($txt['trackGroupRequests'], 'approve_group_requests', 'enabled' => !empty($modSettings['show_group_membership'])), |
||
| 210 | 'logins' => array($txt['trackLogins'], 'moderate_forum', 'enabled' => !empty($modSettings['loginHistoryDays'])), |
||
| 211 | ), |
||
| 212 | 'permission' => array( |
||
| 213 | 'own' => array('moderate_forum', 'approve_group_requests'), |
||
| 214 | 'any' => array('moderate_forum', 'approve_group_requests'), |
||
| 215 | ), |
||
| 216 | ), |
||
| 217 | 'viewwarning' => array( |
||
| 218 | 'label' => $txt['profile_view_warnings'], |
||
| 219 | 'enabled' => $modSettings['warning_settings'][0] == 1 && $cur_profile['warning'], |
||
| 220 | 'file' => 'Profile-View.php', |
||
| 221 | 'function' => 'viewWarning', |
||
| 222 | 'icon' => 'warning', |
||
| 223 | 'permission' => array( |
||
| 224 | 'own' => array('profile_warning_own', 'profile_warning_any', 'issue_warning', 'moderate_forum'), |
||
| 225 | 'any' => array('profile_warning_any', 'issue_warning', 'moderate_forum'), |
||
| 226 | ), |
||
| 227 | ), |
||
| 228 | ), |
||
| 229 | ), |
||
| 230 | 'edit_profile' => array( |
||
| 231 | 'title' => $txt['forumprofile'], |
||
| 232 | 'areas' => array( |
||
| 233 | 'account' => array( |
||
| 234 | 'label' => $txt['account'], |
||
| 235 | 'file' => 'Profile-Modify.php', |
||
| 236 | 'function' => 'account', |
||
| 237 | 'icon' => 'maintain', |
||
| 238 | 'enabled' => $context['user']['is_admin'] || ($cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups']))), |
||
| 239 | 'sc' => 'post', |
||
| 240 | 'token' => 'profile-ac%u', |
||
| 241 | 'password' => true, |
||
| 242 | 'permission' => array( |
||
| 243 | 'own' => array('profile_identity_any', 'profile_identity_own', 'profile_password_any', 'profile_password_own', 'manage_membergroups'), |
||
| 244 | 'any' => array('profile_identity_any', 'profile_password_any', 'manage_membergroups'), |
||
| 245 | ), |
||
| 246 | ), |
||
| 247 | 'tfasetup' => array( |
||
| 248 | 'file' => 'Profile-Modify.php', |
||
| 249 | 'function' => 'tfasetup', |
||
| 250 | 'token' => 'profile-tfa%u', |
||
| 251 | 'enabled' => !empty($modSettings['tfa_mode']), |
||
| 252 | 'permission' => array( |
||
| 253 | 'own' => array('profile_password_own'), |
||
| 254 | 'any' => array('profile_password_any'), |
||
| 255 | ), |
||
| 256 | ), |
||
| 257 | 'forumprofile' => array( |
||
| 258 | 'label' => $txt['forumprofile'], |
||
| 259 | 'file' => 'Profile-Modify.php', |
||
| 260 | 'function' => 'forumProfile', |
||
| 261 | 'icon' => 'members', |
||
| 262 | 'sc' => 'post', |
||
| 263 | 'token' => 'profile-fp%u', |
||
| 264 | 'permission' => array( |
||
| 265 | 'own' => array('profile_forum_any', 'profile_forum_own'), |
||
| 266 | 'any' => array('profile_forum_any'), |
||
| 267 | ), |
||
| 268 | ), |
||
| 269 | 'theme' => array( |
||
| 270 | 'label' => $txt['theme'], |
||
| 271 | 'file' => 'Profile-Modify.php', |
||
| 272 | 'function' => 'theme', |
||
| 273 | 'icon' => 'features', |
||
| 274 | 'sc' => 'post', |
||
| 275 | 'token' => 'profile-th%u', |
||
| 276 | 'permission' => array( |
||
| 277 | 'own' => array('profile_extra_any', 'profile_extra_own'), |
||
| 278 | 'any' => array('profile_extra_any'), |
||
| 279 | ), |
||
| 280 | ), |
||
| 281 | 'notification' => array( |
||
| 282 | 'label' => $txt['notification'], |
||
| 283 | 'file' => 'Profile-Modify.php', |
||
| 284 | 'function' => 'notification', |
||
| 285 | 'icon' => 'mail', |
||
| 286 | 'sc' => 'post', |
||
| 287 | //'token' => 'profile-nt%u', This is not checked here. We do it in the function itself - but if it was checked, this is what it'd be. |
||
| 288 | 'subsections' => array( |
||
| 289 | 'alerts' => array($txt['alert_prefs'], array('is_not_guest', 'profile_extra_any')), |
||
| 290 | 'topics' => array($txt['watched_topics'], array('is_not_guest', 'profile_extra_any')), |
||
| 291 | 'boards' => array($txt['watched_boards'], array('is_not_guest', 'profile_extra_any')), |
||
| 292 | ), |
||
| 293 | 'permission' => array( |
||
| 294 | 'own' => array('is_not_guest'), |
||
| 295 | 'any' => array('profile_extra_any'), // If you change this, update it in the functions themselves; we delegate all saving checks there. |
||
| 296 | ), |
||
| 297 | ), |
||
| 298 | 'ignoreboards' => array( |
||
| 299 | 'label' => $txt['ignoreboards'], |
||
| 300 | 'file' => 'Profile-Modify.php', |
||
| 301 | 'function' => 'ignoreboards', |
||
| 302 | 'icon' => 'boards', |
||
| 303 | 'enabled' => !empty($modSettings['allow_ignore_boards']), |
||
| 304 | 'sc' => 'post', |
||
| 305 | 'token' => 'profile-ib%u', |
||
| 306 | 'permission' => array( |
||
| 307 | 'own' => array('profile_extra_any', 'profile_extra_own'), |
||
| 308 | 'any' => array('profile_extra_any'), |
||
| 309 | ), |
||
| 310 | ), |
||
| 311 | 'lists' => array( |
||
| 312 | 'label' => $txt['editBuddyIgnoreLists'], |
||
| 313 | 'file' => 'Profile-Modify.php', |
||
| 314 | 'function' => 'editBuddyIgnoreLists', |
||
| 315 | 'icon' => 'frenemy', |
||
| 316 | 'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'], |
||
| 317 | 'sc' => 'post', |
||
| 318 | 'subsections' => array( |
||
| 319 | 'buddies' => array($txt['editBuddies']), |
||
| 320 | 'ignore' => array($txt['editIgnoreList']), |
||
| 321 | ), |
||
| 322 | 'permission' => array( |
||
| 323 | 'own' => array('profile_extra_any', 'profile_extra_own'), |
||
| 324 | 'any' => array(), |
||
| 325 | ), |
||
| 326 | ), |
||
| 327 | 'groupmembership' => array( |
||
| 328 | 'label' => $txt['groupmembership'], |
||
| 329 | 'file' => 'Profile-Modify.php', |
||
| 330 | 'function' => 'groupMembership', |
||
| 331 | 'icon' => 'people', |
||
| 332 | 'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'], |
||
| 333 | 'sc' => 'request', |
||
| 334 | 'token' => 'profile-gm%u', |
||
| 335 | 'token_type' => 'request', |
||
| 336 | 'permission' => array( |
||
| 337 | 'own' => array('is_not_guest'), |
||
| 338 | 'any' => array('manage_membergroups'), |
||
| 339 | ), |
||
| 340 | ), |
||
| 341 | ), |
||
| 342 | ), |
||
| 343 | 'profile_action' => array( |
||
| 344 | 'title' => $txt['profileAction'], |
||
| 345 | 'areas' => array( |
||
| 346 | 'sendpm' => array( |
||
| 347 | 'label' => $txt['profileSendIm'], |
||
| 348 | 'custom_url' => $scripturl . '?action=pm;sa=send', |
||
| 349 | 'icon' => 'personal_message', |
||
| 350 | 'permission' => array( |
||
| 351 | 'own' => array(), |
||
| 352 | 'any' => array('pm_send'), |
||
| 353 | ), |
||
| 354 | ), |
||
| 355 | 'report' => array( |
||
| 356 | 'label' => $txt['report_profile'], |
||
| 357 | 'custom_url' => $scripturl . '?action=reporttm;' . $context['session_var'] . '=' . $context['session_id'], |
||
| 358 | 'icon' => 'warning', |
||
| 359 | 'permission' => array( |
||
| 360 | 'own' => array(), |
||
| 361 | 'any' => array('report_user'), |
||
| 362 | ), |
||
| 363 | ), |
||
| 364 | 'issuewarning' => array( |
||
| 365 | 'label' => $txt['profile_issue_warning'], |
||
| 366 | 'enabled' => $modSettings['warning_settings'][0] == 1, |
||
| 367 | 'file' => 'Profile-Actions.php', |
||
| 368 | 'function' => 'issueWarning', |
||
| 369 | 'icon' => 'warning', |
||
| 370 | 'token' => 'profile-iw%u', |
||
| 371 | 'permission' => array( |
||
| 372 | 'own' => array(), |
||
| 373 | 'any' => array('issue_warning'), |
||
| 374 | ), |
||
| 375 | ), |
||
| 376 | 'banuser' => array( |
||
| 377 | 'label' => $txt['profileBanUser'], |
||
| 378 | 'custom_url' => $scripturl . '?action=admin;area=ban;sa=add', |
||
| 379 | 'icon' => 'ban', |
||
| 380 | 'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), |
||
| 381 | 'permission' => array( |
||
| 382 | 'own' => array(), |
||
| 383 | 'any' => array('manage_bans'), |
||
| 384 | ), |
||
| 385 | ), |
||
| 386 | 'subscriptions' => array( |
||
| 387 | 'label' => $txt['subscriptions'], |
||
| 388 | 'file' => 'Profile-Actions.php', |
||
| 389 | 'function' => 'subscriptions', |
||
| 390 | 'icon' => 'paid', |
||
| 391 | 'enabled' => !empty($modSettings['paid_enabled']) && $context['subs_available'], |
||
| 392 | 'permission' => array( |
||
| 393 | 'own' => array('is_not_guest'), |
||
| 394 | 'any' => array('moderate_forum'), |
||
| 395 | ), |
||
| 396 | ), |
||
| 397 | 'deleteaccount' => array( |
||
| 398 | 'label' => $txt['deleteAccount'], |
||
| 399 | 'file' => 'Profile-Actions.php', |
||
| 400 | 'function' => 'deleteAccount', |
||
| 401 | 'icon' => 'members_delete', |
||
| 402 | 'sc' => 'post', |
||
| 403 | 'token' => 'profile-da%u', |
||
| 404 | 'password' => true, |
||
| 405 | 'permission' => array( |
||
| 406 | 'own' => array('profile_remove_any', 'profile_remove_own'), |
||
| 407 | 'any' => array('profile_remove_any'), |
||
| 408 | ), |
||
| 409 | ), |
||
| 410 | 'activateaccount' => array( |
||
| 411 | 'file' => 'Profile-Actions.php', |
||
| 412 | 'function' => 'activateAccount', |
||
| 413 | 'icon' => 'regcenter', |
||
| 414 | 'sc' => 'get', |
||
| 415 | 'token' => 'profile-aa%u', |
||
| 416 | 'token_type' => 'get', |
||
| 417 | 'permission' => array( |
||
| 418 | 'own' => array(), |
||
| 419 | 'any' => array('moderate_forum'), |
||
| 420 | ), |
||
| 421 | ), |
||
| 422 | ), |
||
| 423 | ), |
||
| 424 | ); |
||
| 425 | |||
| 426 | // Let them modify profile areas easily. |
||
| 427 | call_integration_hook('integrate_pre_profile_areas', array(&$profile_areas)); |
||
| 428 | |||
| 429 | // Do some cleaning ready for the menu function. |
||
| 430 | $context['password_areas'] = array(); |
||
| 431 | $current_area = isset($_REQUEST['area']) ? $_REQUEST['area'] : ''; |
||
| 432 | |||
| 433 | foreach ($profile_areas as $section_id => $section) |
||
| 434 | { |
||
| 435 | // Do a bit of spring cleaning so to speak. |
||
| 436 | foreach ($section['areas'] as $area_id => $area) |
||
| 437 | { |
||
| 438 | // If it said no permissions that meant it wasn't valid! |
||
| 439 | if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any'])) |
||
| 440 | $profile_areas[$section_id]['areas'][$area_id]['enabled'] = false; |
||
| 441 | // Otherwise pick the right set. |
||
| 442 | else |
||
| 443 | $profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any']; |
||
| 444 | |||
| 445 | // Password required in most cases |
||
| 446 | if (!empty($area['password'])) |
||
| 447 | $context['password_areas'][] = $area_id; |
||
| 448 | } |
||
| 449 | } |
||
| 450 | |||
| 451 | // Is there an updated message to show? |
||
| 452 | if (isset($_GET['updated'])) |
||
| 453 | $context['profile_updated'] = $txt['profile_updated_own']; |
||
| 454 | |||
| 455 | // Set a few options for the menu. |
||
| 456 | $menuOptions = array( |
||
| 457 | 'disable_url_session_check' => true, |
||
| 458 | 'current_area' => $current_area, |
||
| 459 | 'extra_url_parameters' => array( |
||
| 460 | 'u' => $context['id_member'], |
||
| 461 | ), |
||
| 462 | ); |
||
| 463 | |||
| 464 | // Actually create the menu! |
||
| 465 | $profile_include_data = createMenu($profile_areas, $menuOptions); |
||
| 466 | |||
| 467 | // No menu means no access. |
||
| 468 | View Code Duplication | if (!$profile_include_data && (!$user_info['is_guest'] || validateSession())) |
|
| 469 | fatal_lang_error('no_access', false); |
||
| 470 | |||
| 471 | // Make a note of the Unique ID for this menu. |
||
| 472 | $context['profile_menu_id'] = $context['max_menu_id']; |
||
| 473 | $context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id']; |
||
| 474 | |||
| 475 | // Set the selected item - now it's been validated. |
||
| 476 | $current_area = $profile_include_data['current_area']; |
||
| 477 | $current_sa = $profile_include_data['current_subsection']; |
||
| 478 | $context['menu_item_selected'] = $current_area; |
||
| 479 | |||
| 480 | // Before we go any further, let's work on the area we've said is valid. Note this is done here just in case we ever compromise the menu function in error! |
||
| 481 | $context['completed_save'] = false; |
||
| 482 | $context['do_preview'] = isset($_REQUEST['preview_signature']); |
||
| 483 | |||
| 484 | $security_checks = array(); |
||
| 485 | $found_area = false; |
||
| 486 | foreach ($profile_areas as $section_id => $section) |
||
| 487 | { |
||
| 488 | // Do a bit of spring cleaning so to speak. |
||
| 489 | foreach ($section['areas'] as $area_id => $area) |
||
| 490 | { |
||
| 491 | // Is this our area? |
||
| 492 | if ($current_area == $area_id) |
||
| 493 | { |
||
| 494 | // This can't happen - but is a security check. |
||
| 495 | if ((isset($section['enabled']) && $section['enabled'] == false) || (isset($area['enabled']) && $area['enabled'] == false)) |
||
| 496 | fatal_lang_error('no_access', false); |
||
| 497 | |||
| 498 | // Are we saving data in a valid area? |
||
| 499 | if (isset($area['sc']) && (isset($_REQUEST['save']) || $context['do_preview'])) |
||
| 500 | { |
||
| 501 | $security_checks['session'] = $area['sc']; |
||
| 502 | $context['completed_save'] = true; |
||
| 503 | } |
||
| 504 | |||
| 505 | // Do we need to perform a token check? |
||
| 506 | if (!empty($area['token'])) |
||
| 507 | { |
||
| 508 | $security_checks[isset($_REQUEST['save']) ? 'validateToken' : 'needsToken'] = $area['token']; |
||
| 509 | $token_name = $area['token'] !== true ? str_replace('%u', $context['id_member'], $area['token']) : 'profile-u' . $context['id_member']; |
||
| 510 | |||
| 511 | $token_type = isset($area['token_type']) && in_array($area['token_type'], array('request', 'post', 'get')) ? $area['token_type'] : 'post'; |
||
| 512 | } |
||
| 513 | |||
| 514 | // Does this require session validating? |
||
| 515 | if (!empty($area['validate']) || (isset($_REQUEST['save']) && !$context['user']['is_owner'])) |
||
| 516 | $security_checks['validate'] = true; |
||
| 517 | |||
| 518 | // Permissions for good measure. |
||
| 519 | if (!empty($profile_include_data['permission'])) |
||
| 520 | $security_checks['permission'] = $profile_include_data['permission']; |
||
| 521 | |||
| 522 | // Either way got something. |
||
| 523 | $found_area = true; |
||
| 524 | } |
||
| 525 | } |
||
| 526 | } |
||
| 527 | |||
| 528 | // Oh dear, some serious security lapse is going on here... we'll put a stop to that! |
||
| 529 | if (!$found_area) |
||
| 530 | fatal_lang_error('no_access', false); |
||
| 531 | |||
| 532 | // Release this now. |
||
| 533 | unset($profile_areas); |
||
| 534 | |||
| 535 | // Now the context is setup have we got any security checks to carry out additional to that above? |
||
| 536 | if (isset($security_checks['session'])) |
||
| 537 | checkSession($security_checks['session']); |
||
| 538 | if (isset($security_checks['validate'])) |
||
| 539 | validateSession(); |
||
| 540 | if (isset($security_checks['validateToken'])) |
||
| 541 | validateToken($token_name, $token_type); |
||
| 542 | if (isset($security_checks['permission'])) |
||
| 543 | isAllowedTo($security_checks['permission']); |
||
| 544 | |||
| 545 | // Create a token if needed. |
||
| 546 | if (isset($security_checks['needsToken']) || isset($security_checks['validateToken'])) |
||
| 547 | { |
||
| 548 | createToken($token_name, $token_type); |
||
| 549 | $context['token_check'] = $token_name; |
||
| 550 | } |
||
| 551 | |||
| 552 | // File to include? |
||
| 553 | if (isset($profile_include_data['file'])) |
||
| 554 | require_once($sourcedir . '/' . $profile_include_data['file']); |
||
| 555 | |||
| 556 | // Build the link tree. |
||
| 557 | $context['linktree'][] = array( |
||
| 558 | 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''), |
||
| 559 | 'name' => sprintf($txt['profile_of_username'], $context['member']['name']), |
||
| 560 | ); |
||
| 561 | |||
| 562 | if (!empty($profile_include_data['label'])) |
||
| 563 | $context['linktree'][] = array( |
||
| 564 | 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'], |
||
| 565 | 'name' => $profile_include_data['label'], |
||
| 566 | ); |
||
| 567 | |||
| 568 | View Code Duplication | if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) |
|
| 569 | $context['linktree'][] = array( |
||
| 570 | 'url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'], |
||
| 571 | 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0], |
||
| 572 | ); |
||
| 573 | |||
| 574 | // Set the template for this area and add the profile layer. |
||
| 575 | $context['sub_template'] = $profile_include_data['function']; |
||
| 576 | $context['template_layers'][] = 'profile'; |
||
| 577 | |||
| 578 | // All the subactions that require a user password in order to validate. |
||
| 579 | $check_password = $context['user']['is_owner'] && in_array($profile_include_data['current_area'], $context['password_areas']); |
||
| 580 | $context['require_password'] = $check_password; |
||
| 581 | |||
| 582 | loadJavaScriptFile('profile.js', array('defer' => false), 'smf_profile'); |
||
| 583 | |||
| 584 | // These will get populated soon! |
||
| 585 | $post_errors = array(); |
||
| 586 | $profile_vars = array(); |
||
| 587 | |||
| 588 | // Right - are we saving - if so let's save the old data first. |
||
| 589 | if ($context['completed_save']) |
||
| 590 | { |
||
| 591 | // Clean up the POST variables. |
||
| 592 | $_POST = htmltrim__recursive($_POST); |
||
| 593 | $_POST = htmlspecialchars__recursive($_POST); |
||
| 594 | |||
| 595 | if ($check_password) |
||
| 596 | { |
||
| 597 | // Check to ensure we're forcing SSL for authentication |
||
| 598 | View Code Duplication | if (!empty($modSettings['force_ssl']) && empty($maintenance) && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on')) |
|
| 599 | fatal_lang_error('login_ssl_required'); |
||
| 600 | |||
| 601 | // You didn't even enter a password! |
||
| 602 | if (trim($_POST['oldpasswrd']) == '') |
||
| 603 | $post_errors[] = 'no_password'; |
||
| 604 | |||
| 605 | // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password |
||
| 606 | $_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']); |
||
| 607 | |||
| 608 | // Does the integration want to check passwords? |
||
| 609 | $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true); |
||
| 610 | |||
| 611 | // Bad password!!! |
||
| 612 | if (!$good_password && !hash_verify_password($user_profile[$memID]['member_name'], un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])), $user_info['passwd'])) |
||
| 613 | $post_errors[] = 'bad_password'; |
||
| 614 | |||
| 615 | // Warn other elements not to jump the gun and do custom changes! |
||
| 616 | if (in_array('bad_password', $post_errors)) |
||
| 617 | $context['password_auth_failed'] = true; |
||
| 618 | } |
||
| 619 | |||
| 620 | // Change the IP address in the database. |
||
| 621 | if ($context['user']['is_owner']) |
||
| 622 | $profile_vars['member_ip'] = $user_info['ip']; |
||
| 623 | |||
| 624 | // Now call the sub-action function... |
||
| 625 | if ($current_area == 'activateaccount') |
||
| 626 | { |
||
| 627 | if (empty($post_errors)) |
||
| 628 | activateAccount($memID); |
||
| 629 | } |
||
| 630 | elseif ($current_area == 'deleteaccount') |
||
| 631 | { |
||
| 632 | if (empty($post_errors)) |
||
| 633 | { |
||
| 634 | deleteAccount2($memID); |
||
| 635 | redirectexit(); |
||
| 636 | } |
||
| 637 | } |
||
| 638 | elseif ($current_area == 'groupmembership' && empty($post_errors)) |
||
| 639 | { |
||
| 640 | $msg = groupMembership2($profile_vars, $post_errors, $memID); |
||
| 641 | |||
| 642 | // Whatever we've done, we have nothing else to do here... |
||
| 643 | redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : '')); |
||
| 644 | } |
||
| 645 | elseif (in_array($current_area, array('account', 'forumprofile', 'theme'))) |
||
| 646 | saveProfileFields(); |
||
| 647 | else |
||
| 648 | { |
||
| 649 | $force_redirect = true; |
||
| 650 | // Ensure we include this. |
||
| 651 | require_once($sourcedir . '/Profile-Modify.php'); |
||
| 652 | saveProfileChanges($profile_vars, $post_errors, $memID); |
||
| 653 | } |
||
| 654 | |||
| 655 | call_integration_hook('integrate_profile_save', array(&$profile_vars, &$post_errors, $memID, $cur_profile, $current_area)); |
||
| 656 | |||
| 657 | // There was a problem, let them try to re-enter. |
||
| 658 | if (!empty($post_errors)) |
||
| 659 | { |
||
| 660 | // Load the language file so we can give a nice explanation of the errors. |
||
| 661 | loadLanguage('Errors'); |
||
| 662 | $context['post_errors'] = $post_errors; |
||
| 663 | } |
||
| 664 | elseif (!empty($profile_vars)) |
||
| 665 | { |
||
| 666 | // If we've changed the password, notify any integration that may be listening in. |
||
| 667 | if (isset($profile_vars['passwd'])) |
||
| 668 | call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2'])); |
||
| 669 | |||
| 670 | updateMemberData($memID, $profile_vars); |
||
| 671 | |||
| 672 | // What if this is the newest member? |
||
| 673 | if ($modSettings['latestMember'] == $memID) |
||
| 674 | updateStats('member'); |
||
| 675 | elseif (isset($profile_vars['real_name'])) |
||
| 676 | updateSettings(array('memberlist_updated' => time())); |
||
| 677 | |||
| 678 | // If the member changed his/her birthdate, update calendar statistics. |
||
| 679 | if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name'])) |
||
| 680 | updateSettings(array( |
||
| 681 | 'calendar_updated' => time(), |
||
| 682 | )); |
||
| 683 | |||
| 684 | // Anything worth logging? |
||
| 685 | if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled'])) |
||
| 686 | { |
||
| 687 | $log_changes = array(); |
||
| 688 | require_once($sourcedir . '/Logging.php'); |
||
| 689 | foreach ($context['log_changes'] as $k => $v) |
||
| 690 | $log_changes[] = array( |
||
| 691 | 'action' => $k, |
||
| 692 | 'log_type' => 'user', |
||
| 693 | 'extra' => array_merge($v, array( |
||
| 694 | 'applicator' => $user_info['id'], |
||
| 695 | 'member_affected' => $memID, |
||
| 696 | )), |
||
| 697 | ); |
||
| 698 | |||
| 699 | logActions($log_changes); |
||
| 700 | } |
||
| 701 | |||
| 702 | // Have we got any post save functions to execute? |
||
| 703 | if (!empty($context['profile_execute_on_save'])) |
||
| 704 | foreach ($context['profile_execute_on_save'] as $saveFunc) |
||
| 705 | $saveFunc(); |
||
| 706 | |||
| 707 | // Let them know it worked! |
||
| 708 | $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']); |
||
| 709 | |||
| 710 | // Invalidate any cached data. |
||
| 711 | cache_put_data('member_data-profile-' . $memID, null, 0); |
||
| 712 | } |
||
| 713 | } |
||
| 714 | |||
| 715 | // Have some errors for some reason? |
||
| 716 | if (!empty($post_errors)) |
||
| 717 | { |
||
| 718 | // Set all the errors so the template knows what went wrong. |
||
| 719 | foreach ($post_errors as $error_type) |
||
| 720 | $context['modify_error'][$error_type] = true; |
||
| 721 | } |
||
| 722 | // If it's you then we should redirect upon save. |
||
| 723 | elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview']) |
||
| 724 | redirectexit('action=profile;area=' . $current_area . (!empty($current_sa) ? ';sa=' . $current_sa : '') . ';updated'); |
||
| 725 | elseif (!empty($force_redirect)) |
||
| 726 | redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area); |
||
| 727 | |||
| 728 | |||
| 729 | // Get the right callable. |
||
| 730 | $call = call_helper($profile_include_data['function'], true); |
||
| 731 | |||
| 732 | // Is it valid? |
||
| 733 | if (!empty($call)) |
||
| 734 | call_user_func($call, $memID); |
||
| 735 | |||
| 736 | // Set the page title if it's not already set... |
||
| 737 | if (!isset($context['page_title'])) |
||
| 738 | $context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : ''); |
||
| 739 | } |
||
| 740 | |||
| 985 | ?> |
||
Loading history...
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)or! empty(...)instead.