0) { $useronline_result = mysqli_query($connid, "SELECT ".$db_settings['userdata_table'].".user_name COLLATE utf8mb4_general_ci AS user_name, ".$db_settings['useronline_table'].".user_id FROM ".$db_settings['useronline_table']." LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id = ".$db_settings['useronline_table'].".user_id WHERE ".$db_settings['useronline_table'].".user_id > 0 ORDER BY user_name ASC") or raise_error('database_error', mysqli_error($connid)); $i = 0; while($uid_field = mysqli_fetch_array($useronline_result)) { $useronline_array[] = intval($uid_field['user_id']); $users_online[$i]['id'] = intval($uid_field['user_id']); $users_online[$i]['name'] = htmlspecialchars($uid_field['user_name']); ++$i; } mysqli_free_result($useronline_result); } if (isset($users_online)) $smarty->assign('users_online', $users_online); if (isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1; if ($page > $total_pages) $page = $total_pages; if ($page < 1) $page = 1; if (isset($_GET['order'])) $order = $_GET['order']; else $order='user_name'; if ($order != 'user_id' && $order != 'user_name' && $order != 'user_email' && $order != 'user_type' && $order != 'registered' && $order != 'logins' && $order != 'last_login' && $order != 'user_lock' && $order != 'user_hp' && $order != 'email_contact' && $order != 'online') $order = 'user_name'; if ($order == 'user_lock' && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] < 1)) $order = 'user_name'; if (isset($_GET['descasc'])) $descasc = $_GET['descasc']; else $descasc = "ASC"; if ($descasc != 'DESC' && $descasc != 'ASC') $descasc = 'ASC'; $ul = ($page - 1) * $settings['users_per_page']; // get userdata: $category_query_add = ''; if (isset($search_user)) { $result = @mysqli_query($connid, "SELECT ".$db_settings['userdata_table'].".user_id, user_name COLLATE utf8mb4_general_ci AS user_name, user_type, user_email, email_contact, user_hp, user_lock FROM ".$db_settings['userdata_table']." WHERE activate_code = ''". $category_query_add ." AND lower(user_name) LIKE '%". mysqli_real_escape_string($connid, my_strtolower($search_user, $lang['charset'])) ."%' ORDER BY ". $order ." ". $descasc ." LIMIT ". intval($ul) .", ". intval($settings['users_per_page'])) or raise_error('database_error', mysqli_error($connid)); } else { $result = @mysqli_query($connid, "SELECT ".$db_settings['userdata_table'].".user_id, user_name COLLATE utf8mb4_general_ci AS user_name, user_type, user_email, email_contact, user_hp, user_lock FROM ".$db_settings['userdata_table']." WHERE activate_code = ''". $category_query_add ." ORDER BY ". $order ." ". $descasc ." LIMIT ". intval($ul) .", ". intval($settings['users_per_page'])) or raise_error('database_error', mysqli_error($connid)); } $i = 0; while ($row = mysqli_fetch_array($result)) { $userdata[$i]['user_id'] = intval($row['user_id']); $userdata[$i]['user_name'] = htmlspecialchars($row['user_name']); if ($isModOrAdmin || $isUser && $row['email_contact'] > 0 || $row['email_contact'] == 2) $userdata[$i]['user_email'] = TRUE; $userdata[$i]['user_hp'] = htmlspecialchars($row['user_hp']); if (!empty($userdata[$i]['user_hp']) && trim($userdata[$i]['user_hp']) != '') { $userdata[$i]['user_hp'] = add_http_if_no_protocol($userdata[$i]['user_hp']); } $userdata[$i]['user_type'] = intval($row['user_type']); $userdata[$i]['user_lock'] = $row['user_lock']; $i++; } mysqli_free_result($result); $smarty->assign('pagination', pagination($total_pages, $page, 3)); if (isset($userdata)) $smarty->assign('userdata', $userdata); $smarty->assign('total_users',$total_users); if (isset($search_user)) { $smarty->assign('search_user', htmlspecialchars($search_user)); $smarty->assign('search_user_encoded', urlencode($search_user)); } $smarty->assign('order', $order); $smarty->assign('descasc', $descasc); $smarty->assign('ul', $ul); $smarty->assign('page', $page); $smarty->assign('subnav_location', 'subnav_userarea'); $smarty->assign('subtemplate', 'user.inc.tpl'); $template = 'main.tpl'; break; case 'user_lock': if (isset($_GET['page'])) { $page = intval($_GET['page']); if ($page < 1) $page = 1; $order = urlencode($_GET['order']); $descasc = urlencode($_GET['descasc']); if (isset($_GET['search_user'])) $search_user_q = '&search_user='.urlencode($_GET['search_user']); else $search_user_q = ''; } if (isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type'] == 1 || $_SESSION[$settings['session_prefix'].'user_type'] == 2)) { $lock_result = @mysqli_query($connid, "SELECT user_type, user_lock FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_GET['user_lock']) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); $field = mysqli_fetch_array($lock_result); mysqli_free_result($lock_result); if ($field['user_type'] == 0) { if ($field['user_lock'] == 0) $new_lock = 1; else $new_lock = 0; @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET user_lock = ".$new_lock.", last_login = last_login, registered = registered WHERE user_id = ". intval($_GET['user_lock']) ." LIMIT 1"); } } if (isset($_GET['page'])) header('Location: index.php?mode=user'.$search_user_q.'&page='.$page.'&order='.$order.'&descasc='.$descasc); else header('Location: index.php?mode=user&show_user='.intval($_GET['user_lock'])); exit; break; case 'show_user': $id = intval($_GET['show_user']); $result = mysqli_query($connid, "SELECT user_id, user_type, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, profile, cache_profile, logins, UNIX_TIMESTAMP(registered) AS registered, UNIX_TIMESTAMP(registered + INTERVAL ".$time_difference." MINUTE) AS user_registered, UNIX_TIMESTAMP(last_login + INTERVAL ".$time_difference." MINUTE) AS user_last_login, user_lock FROM ".$db_settings['userdata_table']." LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id = ".$db_settings['userdata_table'].".user_id WHERE user_id = ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); if (mysqli_num_rows($result) == 1) { $row = mysqli_fetch_array($result); $user_name = $row['user_name']; // count postings: $count_postings_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id)); list($postings) = mysqli_fetch_row($count_postings_result); mysqli_free_result($count_postings_result); // last posting: if ($categories == false) $result = mysqli_query($connid, "SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." ORDER BY time DESC LIMIT 1") or raise_error('database_error', mysqli_error($connid)); else $result = mysqli_query($connid, "SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." AND category IN (". $category_ids_query .") ORDER BY time DESC LIMIT 1") or raise_error('database_error', mysqli_error($connid)); $last_posting = mysqli_fetch_array($result); mysqli_free_result($result); $year = my_substr($row['birthday'], 0, 4, $lang['charset']); $month = my_substr($row['birthday'], 5, 2, $lang['charset']); $day = my_substr($row['birthday'], 8, 2, $lang['charset']); $ystr = strrev(intval(date("Ymd")) - intval($year.$month.$day)); $years = intval(strrev(my_substr($ystr, 4, my_strlen($ystr, $lang['charset']), $lang['charset']))); $smarty->assign('p_user_id', intval($row['user_id'])); $smarty->assign('user_name', htmlspecialchars($user_name)); $smarty->assign('p_user_type', intval($row['user_type'])); $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name'])); $smarty->assign('gender', $row['gender']); if ($day != 0 && $month != 0 && $year != 0) { $birthdate['day'] = $day; $birthdate['month'] = $month; $birthdate['year'] = $year; $smarty->assign('birthdate', $birthdate); $smarty->assign('years', $years); } if ($isModOrAdmin || $isUser && $row['email_contact'] > 0 || $row['email_contact'] == 2) $smarty->assign('user_email', TRUE); if (!empty($row['user_hp']) && trim($row['user_hp']) != '') { $row['user_hp'] = add_http_if_no_protocol($row['user_hp']); } $smarty->assign('user_hp', htmlspecialchars($row['user_hp'])); $smarty->assign('user_location', htmlspecialchars($row['user_location'])); $smarty->assign('user_registered', format_time($lang['time_format'], $row['user_registered'])); if ($row['user_registered'] != $row['user_last_login']) $smarty->assign('user_last_login', format_time($lang['time_format'],$row['user_last_login'])); $smarty->assign('postings', $postings); if ($postings > 0) $smarty->assign('postings_percent', number_format($postings / $total_postings * 100, 1)); else $smarty->assign('postings_percent', 0); $smarty->assign('logins', intval($row['logins'])); $days_registered = (TIMESTAMP - $row['registered']) / 86400; if ($days_registered < 1) $days_registered = 1; $smarty->assign('logins_per_day', number_format($row['logins'] / $days_registered, 2)); $smarty->assign('postings_per_day', number_format($postings / $days_registered, 2)); $smarty->assign('last_posting_id', intval($last_posting['id'])); $smarty->assign('last_posting_formated_time', htmlspecialchars(format_time($lang['time_format_full'], $last_posting['disp_time']))); $smarty->assign('last_posting_time', $last_posting['disp_time']); $smarty->assign('last_posting_subject', htmlspecialchars($last_posting['subject'])); if ($settings['avatars']>0) { $avatarInfo = getAvatar($id); $avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2]; if (isset($avatar) && $avatar['image'] !== false) { $image_info = getimagesize($avatar['image']); $avatar['width'] = $image_info[0]; $avatar['height'] = $image_info[1]; $smarty->assign('avatar', $avatar); } } if ($row['profile'] != '' && $row['cache_profile'] == '') { // no cached profile so parse it and cache it: $profile = html_format($row['profile']); // check if there's already a cached record for this user_id list($row_count) = @mysqli_fetch_row(mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id = ". intval($row['user_id']))); if ($row_count == 1) { // there's already a record (cached signature) so update it: @mysqli_query($connid, "UPDATE ".$db_settings['userdata_cache_table']." SET cache_profile = '". mysqli_real_escape_string($connid, $profile) ."' WHERE cache_id = ". intval($row['user_id'])); } else { // prevent double entries (probably not really necessary because we already counted the records): @mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id = ". intval($row['user_id'])); // insert cached profile: @mysqli_query($connid, "INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (". intval($row['user_id']) .",'','". mysqli_real_escape_string($connid, $profile) ."')"); } } elseif($row['profile'] == '') { $profile = ''; } else { // there's already a cached profile so just take it without any parsing: $profile = $row['cache_profile']; } $smarty->assign('profile', $profile); if ($row['user_lock'] == 1) $smarty->assign('user_is_locked', true); else $smarty->assign('user_is_locked', false); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_show_user'); $smarty->assign('subnav_location_var', htmlspecialchars($user_name)); } else { $subnav_link = array('mode'=>'index', 'title'=>'forum_index_link_title', 'name'=>'forum_index_link'); $smarty->assign('subnav_link', $subnav_link); } $smarty->assign('subtemplate', 'user_profile.inc.tpl'); $template = 'main.tpl'; break; case 'show_posts': $id = intval($_GET['id']); $result = mysqli_query($connid, "SELECT user_id, user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); $row = mysqli_fetch_array($result); mysqli_free_result($result); $user_name = $row['user_name']; // count postings: if ($categories == false) $count_postings_result = @mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id)); else $count_postings_result = @mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ". intval($id) ." AND category IN (". $category_ids_query .")"); list($user_postings_count) = mysqli_fetch_row($count_postings_result); mysqli_free_result($count_postings_result); $total_pages = ceil($user_postings_count / $settings['search_results_per_page']); if (isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1; if ($page < 1) $page = 1; if ($page > $total_pages) $page = $total_pages; $ul = ($page - 1) * $settings['search_results_per_page']; $smarty->assign('pagination', pagination($total_pages, $page, 3)); if ($user_postings_count > 0) { $categories_restriction = $categories == false ? "" : " AND category IN (". $category_ids_query .") "; $spam_restriction = $isModOrAdmin ? "" : " AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['b8_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) AND `id` NOT IN (SELECT `eid` FROM `" . $db_settings['akismet_rating_table'] . "` WHERE `spam` = 1 AND `eid` = `id`) "; $result = @mysqli_query($connid, "SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM `" . $db_settings['forum_table'] . "` WHERE user_id = ". intval($id) . " " . $categories_restriction . " " . $spam_restriction . " ORDER BY time DESC LIMIT ". intval($ul) .", ". intval($settings['search_results_per_page'])); $i = 0; while ($row = mysqli_fetch_array($result)) { $user_postings_data[$i]['id'] = intval($row['id']); $user_postings_data[$i]['pid'] = intval($row['pid']); $user_postings_data[$i]['name'] = htmlspecialchars($user_name); $user_postings_data[$i]['subject'] = htmlspecialchars($row['subject']); $user_postings_data[$i]['disp_time'] = format_time($lang['time_format_full'], $row['disp_time']); if (isset($categories[$row['category']]) && $categories[$row['category']] != '') { $user_postings_data[$i]['category'] = $row["category"]; $user_postings_data[$i]['category_name'] = $categories[$row["category"]]; } $i++; } mysqli_free_result($result); } if (isset($user_postings_data)) $smarty->assign('user_postings_data', $user_postings_data); $smarty->assign('user_postings_count', $user_postings_count); $smarty->assign('action', 'show_posts'); $smarty->assign('id', $id); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_show_posts'); $smarty->assign('subnav_location_var', htmlspecialchars($user_name)); $smarty->assign('subtemplate', 'user_postings.inc.tpl'); $template = 'main.tpl'; break; case 'edit_profile': if (isset($_SESSION[$settings['session_prefix'].'user_id'])) { $id = $_SESSION[$settings['session_prefix'].'user_id']; $result = mysqli_query($connid, "SELECT user_id, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, signature, profile, new_posting_notification, new_user_notification, browser_window_target, auto_login_code, language, time_zone, time_difference, theme FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); $row = mysqli_fetch_array($result); mysqli_free_result($result); if (!empty($row['birthday'])) { if (trim($row['birthday']) == '' || $row['birthday'] == '0000-00-00') $user_birthday = ''; else { $year = my_substr($row['birthday'], 0, 4, $lang['charset']); $month = my_substr($row['birthday'], 5, 2, $lang['charset']); $day = my_substr($row['birthday'], 8, 2, $lang['charset']); $user_birthday = $year.'-'.$month.'-'.$day; } } else { $user_birthday = ''; } if (isset($category_selection)) $smarty->assign('category_selection', $category_selection); // time zones: if (function_exists('date_default_timezone_set') && $time_zones = get_timezones()) { $smarty->assign('user_time_zone', htmlspecialchars($row['time_zone'])); $smarty->assign('time_zones', $time_zones); if (!empty($settings['time_zone'])) $smarty->assign('default_time_zone', $settings['time_zone']); } $languages = get_languages(true); if (isset($languages) && count($languages) > 1) { $smarty->assign('user_language', htmlspecialchars($row['language'])); $smarty->assign('languages', $languages); foreach ($languages as $l) { if ($l['identifier'] == $settings['language_file']) { $default_language = $l['title']; $smarty->assign('default_language', $default_language); break; } } } $themes = get_themes(true); if (isset($themes) && count($themes) > 1) { $smarty->assign('user_theme', htmlspecialchars($row['theme'])); $smarty->assign('themes', $themes); foreach ($themes as $t) { if ($t['identifier'] == $settings['theme']) { $default_theme = $t['title']; $smarty->assign('default_theme', $default_theme); break; } } } if ($row['time_difference'] < 0) $time_difference_hours = ceil($row['time_difference'] / 60); else $time_difference_hours = floor($row['time_difference'] / 60); $time_difference_minutes = abs($row['time_difference'] - $time_difference_hours * 60); if ($time_difference_minutes < 10) $time_difference_minutes = '0'.$time_difference_minutes; if (intval($row['time_difference']) > 0) $user_time_difference = '+'.$time_difference_hours; else $user_time_difference = $time_difference_hours; if ($time_difference_minutes > 0) $user_time_difference .= ':'.$time_difference_minutes; $smarty->assign('user_time_difference', $user_time_difference); if (isset($_GET['msg'])) $smarty->assign('msg', htmlspecialchars($_GET['msg'])); $smarty->assign('user_name', htmlspecialchars($row['user_name'])); $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name'])); $smarty->assign('user_gender', $row['gender']); $smarty->assign('user_birthday', $user_birthday); $smarty->assign('user_email', htmlspecialchars($row['user_email'])); $smarty->assign('email_contact', $row['email_contact']); $smarty->assign('user_hp', htmlspecialchars($row['user_hp'])); $smarty->assign('user_location', htmlspecialchars($row['user_location'])); $profile = htmlspecialchars($row['profile']); $smarty->assign('profile', htmlspecialchars($row['profile'])); $smarty->assign('signature', htmlspecialchars($row['signature'])); if (intval($row['browser_window_target']) == 1) $smarty->assign('browser_link_open', 1); elseif (intval($row['browser_window_target']) == 2) $smarty->assign('browser_link_open', 2); elseif (intval($row['browser_window_target']) == 3) $smarty->assign('browser_link_open', 3); else $smarty->assign('browser_link_open', 0); if ($row['auto_login_code'] != '') $smarty->assign('auto_login', 1); else $smarty->assign('auto_login', 0); if($settings['avatars'] > 0) { $avatarInfo = getAvatar($_SESSION[$settings['session_prefix'].'user_id']); $avatar['image'] = $avatarInfo === false ? false : $avatarInfo[2]; if (isset($avatar) && $avatar['image'] !== false) { $image_info = getimagesize($avatar['image']); $avatar['width'] = $image_info[0]; $avatar['height'] = $image_info[1]; $smarty->assign('avatar', $avatar); } } if ($_SESSION[$settings['session_prefix'].'user_type'] == 1 || $_SESSION[$settings['session_prefix'].'user_type'] == 2) { $smarty->assign('new_posting_notification', $row['new_posting_notification']); $smarty->assign('new_user_notification', $row['new_user_notification']); } $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_edit_user'); $smarty->assign('subtemplate', 'user_edit.inc.tpl'); $template = 'main.tpl'; } break; case 'edit_userdata': if (isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']){ $id = $_SESSION[$settings['session_prefix'].'user_id']; if (isset($_POST['email_contact'])) $email_contact = intval($_POST['email_contact']); else $email_contact = 0; if ($email_contact < 0 || $email_contact > 2) $email_contact = 0; $user_hp = (!empty($_POST['user_hp'])) ? trim($_POST['user_hp']) : ''; $user_real_name = (!empty($_POST['user_real_name'])) ? trim($_POST['user_real_name']) : ''; $user_birthday = (!empty($_POST['user_birthday'])) ? trim($_POST['user_birthday']) : ''; if (isset($_POST['user_gender'])) $gender = intval($_POST['user_gender']); else $gender = 0; if ($gender != 0 && $gender !=1 && $gender != 2) $gender = 0; $user_location = (!empty($_POST['user_location'])) ? trim($_POST['user_location']) : ''; $profile = (!empty($_POST['profile'])) ? trim($_POST['profile']) : ''; $signature = (!empty($_POST['signature'])) ? trim($_POST['signature']) : ''; // time zone: $user_time_zone = ''; if (isset($_POST['user_time_zone']) && $_POST['user_time_zone'] != '' && function_exists('date_default_timezone_set') && $time_zones = get_timezones()) { if (in_array($_POST['user_time_zone'], $time_zones)) $user_time_zone = $_POST['user_time_zone']; } // time difference: $user_time_difference = isset($_POST['user_time_difference']) ? trim($_POST['user_time_difference']) : ''; if (isset($user_time_difference[0]) && $user_time_difference[0] == '-') $negative = true; $user_time_difference_array = explode(':', $_POST['user_time_difference']); $hours_difference = abs(intval($user_time_difference_array[0])); if ($hours_difference < -24 || $hours_difference > 24) $hours_difference = 0; if (isset($user_time_difference_array[1])) $minutes_difference = intval($user_time_difference_array[1]); if (isset($minutes_difference)) { if ($minutes_difference < 0 || $minutes_difference > 59) $minutes_difference = 0; } else { $minutes_difference = 0; } if (isset($negative)) { $user_time_difference = 0 - ($hours_difference * 60 + $minutes_difference); } else $user_time_difference = $hours_difference * 60 + $minutes_difference; // language: $user_language = ''; if (isset($_POST['user_language']) && trim($_POST['user_language']) != '') { $languages = get_languages(); if (isset($languages) && count($languages) > 1) { if (in_array($_POST['user_language'], $languages)) { $user_language = $_POST['user_language']; } } } // theme: $user_theme = ''; if (isset($_POST['user_theme']) && trim($_POST['user_theme']) != '') { $themes = get_themes(); if (isset($themes) && count($themes) > 1) { if (in_array($_POST['user_theme'], $themes)) { $user_theme = $_POST['user_theme']; } } } if (isset($_POST['user_view'])) $user_view = intval($_POST['user_view']); else $user_view = 0; if ($user_view != 0 && $user_view != 1 && $user_view != 2) $user_view = 0; if ($_SESSION[$settings['session_prefix'].'user_type'] == 1 || $_SESSION[$settings['session_prefix'].'user_type'] == 2) { if (isset($_POST['new_posting_notification']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) $new_posting_notification = intval($_POST['new_posting_notification']); else $new_posting_notification = 0; if ($new_posting_notification != 0 && $new_posting_notification != 1) $new_posting_notification = 0; if (isset($_POST['new_user_notification']) && $_SESSION[$settings['session_prefix'].'user_type'] > 0) $new_user_notification = intval($_POST['new_user_notification']); else $new_user_notification = 0; if ($new_user_notification != 0 && $new_user_notification != 1) $new_user_notification = 0; } else { $new_posting_notification = 0; $new_user_notification = 0; } if ($settings['autologin'] == 1 && isset($_POST['auto_login']) && intval($_POST['auto_login']) == 1) { $auto_login = 1; } else { $auto_login = 0; } if (isset($_POST['browser_link_open']) and in_array($_POST['browser_link_open'], array(0, 1, 2, 3))) $browser_target = $_POST['browser_link_open']; else $browser_target = 0; // check posted data: if (my_strlen($user_hp, $lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long'; if (my_strlen($user_real_name, $lang['charset']) > $settings['name_maxlength']) $errors[] = 'error_name_too_long'; if (isset($user_hp) && $user_hp != '' && !is_valid_url($user_hp)) $errors[] = 'error_hp_wrong'; if (isset($_POST['category_selection']) && is_array($_POST['category_selection'])) { $filtered_category_selection = filter_category_selection($_POST['category_selection'], $category_ids); if (count($filtered_category_selection) > 0) $category_selection_db = implode(',', $filtered_category_selection); } // birthday check: if ($user_birthday != '') { if (is_valid_birthday($user_birthday)) { $year = intval(my_substr($user_birthday, 0, 4, $lang['charset'])); $month = intval(my_substr($user_birthday, 5, 2, $lang['charset'])); $day = intval(my_substr($user_birthday, 8, 2, $lang['charset'])); $birthday = $year.'-'.$month.'-'.$day; } else $errors[] = 'error_invalid_date'; } else $birthday = NULL; if (my_strlen($user_hp, $lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long'; if (my_strlen($user_location, $lang['charset']) > $settings['location_maxlength']) $errors[] = 'error_location_too_long'; $smarty->assign('profil_length', my_strlen($profile, $lang['charset'])); if (my_strlen($profile, $lang['charset']) > $settings['profile_maxlength']) $errors[] = 'error_profile_too_long'; $smarty->assign('signature_length', my_strlen($signature, $lang['charset'])); if (my_strlen($signature, $lang['charset']) > $settings['signature_maxlength']) $errors[] = 'error_signature_too_long'; // check for too long words: $too_long_word = too_long_word($user_real_name, $settings['name_word_maxlength']); if ($too_long_word) $errors[] = 'error_word_too_long'; if (empty($too_long_word)) { $too_long_word = too_long_word($user_location, $settings['location_word_maxlength']); if ($too_long_word) $errors[] = 'error_word_too_long'; } $profile_check = html_format($profile); $profile_check = strip_tags($profile_check); if (empty($too_long_word)) { $too_long_word = too_long_word($profile_check, $settings['text_word_maxlength']); if ($too_long_word) $errors[] = 'error_word_too_long'; } $signature_check = signature_format($signature); $signature_check = strip_tags($signature_check); if (empty($too_long_word)) { $too_long_word = too_long_word($signature_check, $settings['text_word_maxlength']); if ($too_long_word) $errors[] = 'error_word_too_long'; } // check for not accepted words: $joined_message = my_strtolower($user_real_name.' '.$user_hp.' '.$profile.' '.$signature, $lang['charset']); $not_accepted_words = get_not_accepted_words($joined_message); if ($not_accepted_words != false) { $not_accepted_words_listing = implode(', ', $not_accepted_words); if (count($not_accepted_words) == 1) { $smarty->assign('not_accepted_word', htmlspecialchars($not_accepted_words_listing)); $errors[] = 'error_not_accepted_word'; } else { $smarty->assign('not_accepted_words', htmlspecialchars($not_accepted_words_listing)); $errors[] = 'error_not_accepted_words'; } } if (isset($errors)) { $smarty->assign('errors', $errors); $result = mysqli_query($connid, "SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); $row = mysqli_fetch_array($result); mysqli_free_result($result); // timezones: if (function_exists('date_default_timezone_set') && $time_zones = get_timezones()) { $smarty->assign('time_zones', $time_zones); $smarty->assign('user_time_zone', htmlspecialchars($user_time_zone)); } // languages: $languages = get_languages(true); if (isset($languages) && count($languages) > 1) { $smarty->assign('languages', $languages); $smarty->assign('user_language', htmlspecialchars($user_language)); } // themes: $themes = get_themes(true); if(isset($themes) && count($themes) > 1) { $smarty->assign('themes', $themes); $smarty->assign('user_theme', htmlspecialchars($user_theme)); } if (isset($too_long_word)) $smarty->assign('word', $too_long_word); $smarty->assign('user_name', htmlspecialchars($row['user_name'])); $smarty->assign('user_email', htmlspecialchars($row['user_email'])); $smarty->assign('email_contact', $email_contact); $smarty->assign('user_hp', htmlspecialchars($user_hp)); $smarty->assign('user_real_name', htmlspecialchars($user_real_name)); $smarty->assign('user_gender', $gender); $smarty->assign('user_birthday', htmlspecialchars($user_birthday)); $smarty->assign('user_location', htmlspecialchars($user_location)); $smarty->assign('profile', htmlspecialchars($profile)); $smarty->assign('signature', htmlspecialchars($signature)); if (isset($_POST['user_time_difference'])) $smarty->assign('user_time_difference', htmlspecialchars($_POST['user_time_difference'])); $smarty->assign('auto_login', $auto_login); $smarty->assign('new_posting_notification', $new_posting_notification); $smarty->assign('new_user_notification', $new_user_notification); if (isset($_POST['category_selection']) && is_array($_POST['category_selection'])) $smarty->assign('category_selection', $_POST['category_selection']); $smarty->assign('time_difference_array', $user_time_difference_array); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_edit_user'); $smarty->assign('subtemplate', 'user_edit.inc.tpl'); $template = 'main.tpl'; } else { if (isset($category_selection_db)) { $queryUserDataEdit = "UPDATE ".$db_settings['userdata_table']." SET email_contact = ". intval($email_contact) .", user_hp = '". mysqli_real_escape_string($connid, $user_hp) ."', user_real_name = '". mysqli_real_escape_string($connid, $user_real_name) ."', gender = ". intval($gender) .", birthday = "; $queryUserDataEdit .= ($birthday !== NULL) ? "'". mysqli_real_escape_string($connid, $birthday) ."'" : "NULL"; $queryUserDataEdit .= ", user_location = '". mysqli_real_escape_string($connid, $user_location) ."', profile = '". mysqli_real_escape_string($connid, $profile) ."', signature = '". mysqli_real_escape_string($connid, $signature) ."', user_view = ".intval($user_view) .", new_posting_notification = ". intval($new_posting_notification) .", new_user_notification = ". intval($new_user_notification) .", browser_window_target = ". intval($browser_target) .", category_selection = '". mysqli_real_escape_string($connid, $category_selection_db) ."', language = '". mysqli_real_escape_string($connid, $user_language) ."', time_zone = '". mysqli_real_escape_string($connid, $user_time_zone) ."', time_difference = ". intval($user_time_difference) .", theme = '". mysqli_real_escape_string($connid, $user_theme) ."', last_login = last_login, last_logout = last_logout, registered = registered WHERE user_id = ". intval($id); $_SESSION[$settings['session_prefix'].'usersettings']['category_selection'] = $filtered_category_selection; } else { $queryUserDataEdit = "UPDATE ".$db_settings['userdata_table']." SET email_contact = ". intval($email_contact) .", user_hp = '". mysqli_real_escape_string($connid, $user_hp) ."', user_real_name = '". mysqli_real_escape_string($connid, $user_real_name) ."', gender = ". intval($gender) .", birthday = "; $queryUserDataEdit .= ($birthday !== NULL) ? "'". mysqli_real_escape_string($connid, $birthday) ."'" : "NULL"; $queryUserDataEdit .= ", user_location = '". mysqli_real_escape_string($connid, $user_location) ."', profile = '". mysqli_real_escape_string($connid, $profile) ."', signature = '". mysqli_real_escape_string($connid, $signature) ."', user_view = ". intval($user_view) .", new_posting_notification = ". intval($new_posting_notification) .", new_user_notification = ". intval($new_user_notification) .", browser_window_target = ". intval($browser_target) .", category_selection = NULL, language = '". mysqli_real_escape_string($connid, $user_language) ."', time_zone = '". mysqli_real_escape_string($connid, $user_time_zone) ."', time_difference = ". intval($user_time_difference) .", theme = '". mysqli_real_escape_string($connid, $user_theme) ."', last_login = last_login, last_logout = last_logout, registered = registered WHERE user_id = ". intval($id); unset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection']); } @mysqli_query($connid, $queryUserDataEdit); // auto login: if ($auto_login == 1) { $result = mysqli_query($connid, "SELECT auto_login_code FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($id) ." LIMIT 1") or raise_error('database_error',mysqli_error($connid)); $row = mysqli_fetch_array($result); mysqli_free_result($result); if (strlen($row['auto_login_code']) != 50) { $auto_login_code = random_string(50); } else { $auto_login_code = $row['auto_login_code']; } $auto_login_code_cookie = $auto_login_code . intval($id); setcookie($settings['session_prefix'].'auto_login', $auto_login_code_cookie, cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days']))); @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, auto_login_code = '". mysqli_real_escape_string($connid, $auto_login_code) ."' WHERE user_id = ". intval($id)); } else { setcookie($settings['session_prefix'].'auto_login', '', cookie_options(0)); @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, auto_login_code = '' WHERE user_id = ". intval($id)); } @mysqli_query($connid, "DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id = ". intval($id)); if (!empty($user_language)) $_SESSION[$settings['session_prefix'].'usersettings']['language'] = $user_language; else unset($_SESSION[$settings['session_prefix'].'usersettings']['language']); if (!empty($user_time_zone)) $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'] = $user_time_zone; else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']); if (!empty($user_time_difference)) $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] = intval($user_time_difference); else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']); if (!empty($user_theme)) $_SESSION[$settings['session_prefix'].'usersettings']['theme'] = $user_theme; else unset($_SESSION[$settings['session_prefix'].'usersettings']['theme']); if (!empty($browser_target)) $_SESSION[$settings['session_prefix'].'usersettings']['browser_window_target'] = $browser_target; else unset($_SESSION[$settings['session_prefix'].'usersettings']['browser_window_target']); header('Location: index.php?mode=user&action=edit_profile&msg=profile_saved'); exit; } } break; case 'remove_account': if (isset($_SESSION[$settings['session_prefix'].'user_id'])) { $user_id = $_SESSION[$settings['session_prefix'].'user_id']; $result = mysqli_query($connid, "SELECT `user_name` FROM `".$db_settings['userdata_table']."` WHERE `user_id` = ". intval($user_id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); if (mysqli_num_rows($result) == 1) { $row = mysqli_fetch_array($result); mysqli_free_result($result); $smarty->assign('user_name', htmlspecialchars($row['user_name'])); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_remove_account'); $smarty->assign('subtemplate', 'user_remove_account.inc.tpl'); $template = 'main.tpl'; } } break; case 'remove_account_submitted': if (isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) { $user_id = $_SESSION[$settings['session_prefix'].'user_id']; $result = @mysqli_query($connid, "SELECT `user_name`, `user_pw` FROM `".$db_settings['userdata_table']."` WHERE `user_id` = ". intval($user_id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); if (mysqli_num_rows($result) == 1) { $row = mysqli_fetch_array($result); mysqli_free_result($result); $user_name = $row['user_name']; // checking password if (isset($_POST['user_password']) && is_pw_correct($_POST['user_password'], $row['user_pw'])) { // delete user, remove avatar, etc. deleteUser($user_id, $user_name); $_SESSION[$settings['session_prefix'].'user_id'] = false; $_SESSION[$settings['session_prefix'].'user_name'] = ''; $_SESSION[$settings['session_prefix'].'user_type'] = 0; $_SESSION['csrf_token'] = Null; setcookie($settings['session_prefix'].'userdata', '', cookie_options(0)); header('location: index.php?mode=index'); exit; } else { $errors[] = 'error_pw_wrong'; $smarty->assign('errors', $errors); $smarty->assign('user_name', htmlspecialchars($user_name)); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_remove_account'); $smarty->assign('subtemplate', 'user_remove_account.inc.tpl'); $template = 'main.tpl'; } } } break; case 'edit_pw': if (isset($_SESSION[$settings['session_prefix'].'user_id'])) { $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_edit_pw'); $smarty->assign('subtemplate', 'user_edit_pw.inc.tpl'); $template = 'main.tpl'; } break; case 'edit_pw_submitted': if (isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) { $user_id = $_SESSION[$settings['session_prefix'].'user_id']; $pw_result = mysqli_query($connid, "SELECT user_pw FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($user_id) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); $field = mysqli_fetch_array($pw_result); mysqli_free_result($pw_result); if (!isset($_POST['old_pw']) || !isset($_POST['new_pw']) || trim($_POST['old_pw']) == '' || trim($_POST['new_pw']) == '') $errors[] = 'error_form_uncomplete'; else { $old_pw = $_POST['old_pw']; $new_pw = $_POST['new_pw']; $min_new_password_length_by_restrictions = intval($settings['min_pw_digits']) + intval($settings['min_pw_lowercase_letters']) + intval($settings['min_pw_uppercase_letters']) + intval($settings['min_pw_special_characters']); // old password is wrong? if (!is_pw_correct($old_pw, $field['user_pw'])) $errors[] = 'error_old_pw_wrong'; // new password too short? if ($min_new_password_length_by_restrictions < intval($settings['min_pw_length']) && my_strlen($new_pw, $lang['charset']) < intval($settings['min_pw_length'])) $errors[] = 'error_new_pw_too_short'; // see: http://php.net/manual/en/regexp.reference.unicode.php // \p{N} == numbers // [\p{Ll}\p{Lm}\p{Lo}] == lowercase, modifier, other letters // [\p{Lu}\p{Lt}] == uppercase, titlecase letters // [\p{S}\p{P}\p{Z}] == symbols, punctuations, separator // new password contains numbers? if ($settings['min_pw_digits'] > 0 && !preg_match("/(?=(.*\p{N}){" . intval($settings['min_pw_digits']) . ",})/u", $new_pw)) $errors[] = 'error_new_pw_needs_digit'; // password contains lowercase letter? if ($settings['min_pw_lowercase_letters'] > 0 && !preg_match("/(?=(.*[\p{Ll}\p{Lm}\p{Lo}]){" . intval($settings['min_pw_lowercase_letters']) . ",})/u", $new_pw)) $errors[] = 'error_new_pw_needs_lowercase_letter'; // password contains uppercase letter? if ($settings['min_pw_uppercase_letters'] > 0 && !preg_match("/(?=(.*[\p{Lu}\p{Lt}]){" . intval($settings['min_pw_uppercase_letters']) . ",})/u", $new_pw)) $errors[] = 'error_new_pw_needs_uppercase_letter'; // password contains special character? if ($settings['min_pw_special_characters'] > 0 && !preg_match("/(?=(.*[\p{S}\p{P}\p{Z}]){" . intval($settings['min_pw_special_characters']) . ",})/u", $new_pw)) $errors[] = 'error_new_pw_needs_special_character'; } // Update, if no errors: if(empty($errors)) { $pw_hash = generate_pw_hash($new_pw); $pw_update_result = mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET user_pw = '". mysqli_real_escape_string($connid, $pw_hash) ."', last_login = last_login, registered = registered WHERE user_id = ". intval($user_id)); header('location: index.php?mode=user&action=edit_profile&msg=pw_changed'); exit; } else { $smarty->assign('errors', $errors); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_edit_pw'); $smarty->assign('subtemplate', 'user_edit_pw.inc.tpl'); $template = 'main.tpl'; } } break; case 'edit_email': if (isset($_SESSION[$settings['session_prefix'].'user_id'])) { $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs', $breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_edit_mail'); $smarty->assign('subtemplate', 'user_edit_email.inc.tpl'); $template = 'main.tpl'; } break; case 'edit_email_submit': if (isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) { $new_email = (!empty($_POST['new_email'])) ? trim($_POST['new_email']) : ''; $new_email_confirm = (!empty($_POST['new_email_confirm'])) ? trim($_POST['new_email_confirm']) : ''; $pw_new_email = $_POST['pw_new_email']; // Check data: $email_result = mysqli_query($connid, "SELECT `user_id`, `user_name`, `user_pw`, `user_email`, (SELECT COUNT(*) FROM `".$db_settings['userdata_table']."` WHERE `user_email` = '". mysqli_real_escape_string($connid, $new_email) ."') > 0 AS `email_collision` FROM `".$db_settings['userdata_table']."` WHERE `user_id` = ". intval($_SESSION[$settings['session_prefix'].'user_id']) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid)); $data = mysqli_fetch_array($email_result); mysqli_free_result($email_result); if ($pw_new_email == '' || $new_email == '') $errors[] = 'error_form_uncompl'; if (empty($errors)) { if ($new_email != $new_email_confirm) $errors[] = 'error_email_confirmation'; if (my_strlen($new_email, $lang['charset']) > $settings['email_maxlength']) $errors[] = 'error_email_too_long'; if ($new_email == $data['user_email']) $errors[] = 'error_identic_email'; if (!is_valid_email($new_email)) $errors[] = 'error_email_invalid'; if (!is_pw_correct($pw_new_email, $data['user_pw'])) $errors[] = 'pw_wrong'; if ($data['email_collision'] != 0) $errors[] = 'error_email_collision'; } if (empty($errors)) { $smarty->configLoad($settings['language_file'], 'emails'); $lang = $smarty->getConfigVars(); $activate_code = random_string(20); $activate_code_hash = generate_pw_hash($activate_code); // send mail with activation key: $lang['edit_address_email_txt'] = str_replace("[name]", $data['user_name'], $lang['edit_address_email_txt']); $lang['edit_address_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."index.php?mode=register&id=".$data['user_id']."&key=".$activate_code, $lang['edit_address_email_txt']); if (!my_mail($new_email, $lang['edit_address_email_sj'], $lang['edit_address_email_txt'])) $errors[] = 'mail_error'; if (empty($errors)) { @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET user_email = '". mysqli_real_escape_string($connid, $new_email) ."', last_login = last_login, registered = registered, activate_code = '". mysqli_real_escape_string($connid, $activate_code_hash) ."' WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or raise_error('database_error', mysqli_error($connid)); log_out($_SESSION[$settings['session_prefix'].'user_id']); header("Location: index.php"); exit; } } if(isset($errors)) { $smarty->assign('new_user_email', htmlspecialchars($new_email)); $smarty->assign('errors', $errors); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location', 'subnav_userarea_edit_mail'); $smarty->assign('subtemplate', 'user_edit_email.inc.tpl'); $template = 'main.tpl'; } } break; } } else { header("Location: index.php"); exit; } ?>