0) { $useronline_result = mysql_query("SELECT ".$db_settings['userdata_table'].".user_name, ".$db_settings['useronline_table'].".user_id FROM ".$db_settings['useronline_table']." LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['useronline_table'].".user_id WHERE ".$db_settings['useronline_table'].".user_id > 0 ORDER BY user_name ASC", $connid) or raise_error('database_error',mysql_error()); $i=0; while($uid_field = mysql_fetch_array($useronline_result)) { $useronline_array[] = $uid_field['user_id']; $users_online[$i]['id'] = $uid_field['user_id']; $users_online[$i]['name'] = htmlspecialchars($uid_field['user_name']); ++$i; } mysql_free_result($useronline_result); } if(isset($users_online)) $smarty->assign('users_online',$users_online); if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1; if($page > $total_pages) $page = $total_pages; if($page < 1) $page = 1; if(isset($_GET['order'])) $order = $_GET['order']; else $order='user_name'; #if($order!='user_id' && $order!='user_name' && $order!='user_email' && $order!='user_type' && $order!='registered' && $order!='logins' && $order!='last_login' && $order!='user_lock' && $order!='postings' && $order!='user_hp' && $order!='email_contact' && $order!='online') $order='user_name'; if($order!='user_id' && $order!='user_name' && $order!='user_email' && $order!='user_type' && $order!='registered' && $order!='logins' && $order!='last_login' && $order!='user_lock' && $order!='user_hp' && $order!='email_contact' && $order!='online') $order='user_name'; if($order=='user_lock' && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']<1)) $order='user_name'; if(isset($_GET['descasc'])) $descasc = $_GET['descasc']; else $descasc = "ASC"; if($descasc!='DESC' && $descasc!='ASC') $descasc = 'ASC'; $ul = ($page-1) * $settings['users_per_page']; // get userdata: #if($categories!=false) $category_query_add = ' AND '.$db_settings['forum_table'].'.category IN ('.$category_ids_query.')'; $category_query_add = ''; if(isset($search_user)) { /* $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, count(".$db_settings['forum_table'].".id) AS postings FROM ".$db_settings['userdata_table']." LEFT JOIN ".$db_settings['forum_table']." ON ".$db_settings['forum_table'].".user_id=".$db_settings['userdata_table'].".user_id WHERE activate_code=''".$category_query_add." AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%' GROUP BY ".$db_settings['userdata_table'].".user_id ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error()); */ $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock FROM ".$db_settings['userdata_table']." WHERE activate_code=''".$category_query_add." AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%' ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error()); } else { /* $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, count(".$db_settings['forum_table'].".id) AS postings FROM ".$db_settings['userdata_table']." LEFT JOIN ".$db_settings['forum_table']." ON ".$db_settings['forum_table'].".user_id=".$db_settings['userdata_table'].".user_id WHERE activate_code=''".$category_query_add." GROUP BY ".$db_settings['userdata_table'].".user_id ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error()); */ $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock FROM ".$db_settings['userdata_table']." WHERE activate_code=''".$category_query_add." ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error()); } #$result_count = mysql_num_rows($result); $i=0; while($row = mysql_fetch_array($result)) { $userdata[$i]['user_id'] = $row['user_id']; $userdata[$i]['user_name'] = htmlspecialchars($row['user_name']); #$userdata[$i]['user_email'] = htmlspecialchars($row['user_email']); #$userdata[$i]['email_contact'] = $row['email_contact']; if($row['email_contact']==1) $userdata[$i]['user_email'] = TRUE; $userdata[$i]['user_hp'] = htmlspecialchars($row['user_hp']); if(trim($userdata[$i]['user_hp'])!='') { $userdata[$i]['user_hp'] = add_http_if_no_protocol($userdata[$i]['user_hp']); } $userdata[$i]['user_type'] = $row['user_type']; $userdata[$i]['user_lock'] = $row['user_lock']; // count postings: #if($categories==false) $count_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($row['user_id']), $connid); #else $count_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($row['user_id'])." AND category IN (".$category_ids_query.")", $connid); #list($postings) = mysql_fetch_row($count_result); #mysql_free_result($count_result); #$userdata[$i]['postings'] = $postings; #$userdata[$i]['postings'] = $row['postings']; // is user online: #if(isset($useronline_array) && in_array($row['user_id'], $useronline_array)) # { # $userdata[$i]['online'] = TRUE; # } #$userdata[$i]['online'] = $row['online']; $i++; } mysql_free_result($result); $smarty->assign('pagination', pagination($total_pages,$page,3)); if(isset($userdata)) $smarty->assign('userdata',$userdata); #$smarty->assign('page',$page); $smarty->assign('total_users',$total_users); #$smarty->assign('total_pages',$total_pages); #$smarty->assign('previous_page',$previous_page); #$smarty->assign('next_page',$next_page); if(isset($search_user)) { $smarty->assign('search_user',htmlspecialchars($search_user)); $smarty->assign('search_user_encoded',urlencode($search_user)); } $smarty->assign('order',$order); $smarty->assign('descasc',$descasc); $smarty->assign('ul',$ul); $smarty->assign('page',$page); $smarty->assign('subnav_location','subnav_userarea'); $smarty->assign('subtemplate','user.inc.tpl'); $template = 'main.tpl'; break; case 'user_lock': $page = intval($_GET['page']); if($page < 1) $page = 1; $order = urlencode($_GET['order']); $descasc = urlencode($_GET['descasc']); if(isset($_GET['search_user'])) $search_user_q = '&search_user='.urlencode($_GET['search_user']); else $search_user_q = ''; if(isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type']==1 || $_SESSION[$settings['session_prefix'].'user_type']==2)) { $lock_result = @mysql_query("SELECT user_type, user_lock FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($_GET['user_lock'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $field = mysql_fetch_array($lock_result); mysql_free_result($lock_result); if($field['user_type']==0) { if($field['user_lock'] == 0) $new_lock = 1; else $new_lock = 0; @mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_lock='".$new_lock."', last_login=last_login, registered=registered WHERE user_id='".intval($_GET['user_lock'])."' LIMIT 1", $connid); } } header('Location: index.php?mode=user'.$search_user_q.'&page='.$page.'&order='.$order.'&descasc='.$descasc); exit; break; case 'show_user': $id = intval($_GET['show_user']); $result = mysql_query("SELECT user_id, user_type, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, profile, cache_profile, logins, UNIX_TIMESTAMP(registered) AS registered, UNIX_TIMESTAMP(registered + INTERVAL ".$time_difference." MINUTE) AS user_registered, UNIX_TIMESTAMP(last_login + INTERVAL ".$time_difference." MINUTE) AS user_last_login FROM ".$db_settings['userdata_table']." LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id=".$db_settings['userdata_table'].".user_id WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); if(mysql_num_rows($result)==1) { $row = mysql_fetch_array($result); #mysql_free_result($result); // count postings: $count_postings_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id, $connid); list($postings) = mysql_fetch_row($count_postings_result); mysql_free_result($count_postings_result); // last posting: if($categories==false) $result = mysql_query("SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." ORDER BY time DESC LIMIT 1", $connid) or raise_error('database_error',mysql_error()); else $result = mysql_query("SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.") ORDER BY time DESC LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $last_posting = mysql_fetch_array($result); mysql_free_result($result); $user_name = htmlspecialchars($row['user_name']); $year = my_substr($row['birthday'], 0, 4, $lang['charset']); $month = my_substr($row['birthday'], 5, 2, $lang['charset']); $day = my_substr($row['birthday'], 8, 2, $lang['charset']); $ystr = strrev(intval(strftime("%Y%m%d"))-intval($year.$month.$day)); $years = intval(strrev(my_substr($ystr,4,my_strlen($ystr,$lang['charset']),$lang['charset']))); $smarty->assign('p_user_id', $row['user_id']); $smarty->assign('user_name', $user_name); $smarty->assign('p_user_type', $row['user_type']); $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name'])); $smarty->assign('gender', $row['gender']); if($day!=0&&$month!=0&&$year!=0) { $birthdate['day'] = $day; $birthdate['month'] = $month; $birthdate['year'] = $year; $smarty->assign('birthdate', $birthdate); $smarty->assign('years',$years); } if($row['email_contact']==1) $smarty->assign('user_email',TRUE); if(trim($row['user_hp'])!='') { $row['user_hp'] = add_http_if_no_protocol($row['user_hp']); } $smarty->assign('user_hp', htmlspecialchars($row['user_hp'])); $smarty->assign('user_location', htmlspecialchars($row['user_location'])); $smarty->assign('user_registered', format_time($lang['time_format'],$row['user_registered'])); if($row['user_registered']!=$row['user_last_login']) $smarty->assign('user_last_login', format_time($lang['time_format'],$row['user_last_login'])); $smarty->assign('postings', $postings); if($postings>0) $smarty->assign('postings_percent', number_format($postings/$total_postings*100,1)); else $smarty->assign('postings_percent', 0); $smarty->assign('logins', $row['logins']); $days_registered = (time() - $row['registered'])/86400; if($days_registered<1) $days_registered=1; $smarty->assign('logins_per_day',number_format($row['logins']/$days_registered,2)); $smarty->assign('postings_per_day',number_format($postings/$days_registered,2)); $smarty->assign('last_posting_id',$last_posting['id']); $smarty->assign('last_posting_time',$last_posting['disp_time']); $smarty->assign('last_posting_subject',htmlspecialchars($last_posting['subject'])); if($settings['avatars']>0) { if(file_exists('images/avatars/'.$id.'.jpg')) $avatar['image'] = 'images/avatars/'.$id.'.jpg'; elseif(file_exists('images/avatars/'.$id.'.png')) $avatar['image'] = 'images/avatars/'.$id.'.png'; elseif(file_exists('images/avatars/'.$id.'.gif')) $avatar['image'] = 'images/avatars/'.$id.'.gif'; if(isset($avatar)) { $image_info = getimagesize($avatar['image']); $avatar['width'] = $image_info[0]; $avatar['height'] = $image_info[1]; $smarty->assign('avatar', $avatar); } } if($row['profile']!='' && $row['cache_profile']=='') { // no cached profile so parse it and cache it: $profile=html_format($row['profile']); // check if there's already a cached record for this user_id list($row_count) = @mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($row['user_id']), $connid)); if($row_count==1) { // there's already a record (cached signature) so update it: @mysql_query("UPDATE ".$db_settings['userdata_cache_table']." SET cache_profile='".mysql_real_escape_string($profile)."' WHERE cache_id=".intval($row['user_id']), $connid); } else { // prevent double entries (probably not really necessary because we already counted the records): @mysql_query("DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($row['user_id']), $connid); // insert cached profile: @mysql_query("INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (".intval($row['user_id']).",'','".mysql_real_escape_string($profile)."')", $connid); } } elseif($row['profile']=='') { $profile=''; } else { // there's already a cached profile so just take it without any parsing: $profile = $row['cache_profile']; } #$profile=nl2br(htmlspecialchars($row['profile'])); #if($settings['autolink'] == 1) $profile = make_link($profile); #if($settings['bbcode'] == 1) $profile = bbcode($profile); #if($settings['smilies'] == 1) $profile = smilies($profile); $smarty->assign('profile', $profile); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_show_user'); $smarty->assign('subnav_location_var',$user_name); } else { $subnav_link = array('mode'=>'index', 'title'=>'forum_index_link_title', 'name'=>'forum_index_link'); $smarty->assign('subnav_link',$subnav_link); } $smarty->assign('subtemplate','user_profile.inc.tpl'); $template = 'main.tpl'; break; case 'show_posts': $id = intval($_GET['id']); $result = mysql_query("SELECT user_id, user_name FROM ".$db_settings['userdata_table']." WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $row = mysql_fetch_array($result); mysql_free_result($result); $user_name = htmlspecialchars($row['user_name']); // count postings: if($categories==false) $count_postings_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id, $connid); else $count_postings_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.")", $connid); list($user_postings_count) = mysql_fetch_row($count_postings_result); mysql_free_result($count_postings_result); $total_pages = ceil($user_postings_count / $settings['search_results_per_page']); if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1; if($page < 1) $page = 1; if($page > $total_pages) $page = $total_pages; $ul = ($page-1) * $settings['search_results_per_page']; $smarty->assign('pagination', pagination($total_pages,$page,3)); if($user_postings_count>0) { if($categories==false) $result = @mysql_query("SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." ORDER BY time DESC LIMIT ".$ul.", ".$settings['search_results_per_page'], $connid); else $result = @mysql_query("SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.") ORDER BY time DESC LIMIT ".$ul.", ".$settings['search_results_per_page'], $connid); $i=0; while($row = mysql_fetch_array($result)) { $user_postings_data[$i]['id'] = intval($row['id']); $user_postings_data[$i]['pid'] = intval($row['pid']); $user_postings_data[$i]['name'] = $user_name; $user_postings_data[$i]['subject'] = htmlspecialchars($row['subject']); $user_postings_data[$i]['disp_time'] = $row['disp_time']; if(isset($categories[$row['category']]) && $categories[$row['category']]!='') { $user_postings_data[$i]['category']=$row["category"]; $user_postings_data[$i]['category_name']=$categories[$row["category"]]; } $i++; } mysql_free_result($result); } if(isset($user_postings_data)) $smarty->assign('user_postings_data',$user_postings_data); $smarty->assign('user_postings_count',$user_postings_count); $smarty->assign('action','show_posts'); $smarty->assign('id',$id); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_show_posts'); $smarty->assign('subnav_location_var',$user_name); $smarty->assign('subtemplate','user_postings.inc.tpl'); $template = 'main.tpl'; break; case 'edit_profile': if(isset($_SESSION[$settings['session_prefix'].'user_id'])) { $id = $_SESSION[$settings['session_prefix'].'user_id']; $result = mysql_query("SELECT user_id, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, signature, profile, new_posting_notification, new_user_notification, auto_login_code, language, time_zone, time_difference, theme FROM ".$db_settings['userdata_table']." WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $row = mysql_fetch_array($result); mysql_free_result($result); if(trim($row['birthday']) == '' || $row['birthday']=='0000-00-00') $user_birthday = ''; else { $year = my_substr($row['birthday'], 0, 4, $lang['charset']); $month = my_substr($row['birthday'], 5, 2, $lang['charset']); $day = my_substr($row['birthday'], 8, 2, $lang['charset']); $user_birthday = $year.'-'.$month.'-'.$day; } if(isset($category_selection)) $smarty->assign('category_selection',$category_selection); // time zones: if(function_exists('date_default_timezone_set') && $time_zones = get_timezones()) { $smarty->assign('user_time_zone', htmlspecialchars($row['time_zone'])); $smarty->assign('time_zones', $time_zones); if(!empty($settings['time_zone'])) $smarty->assign('default_time_zone', $settings['time_zone']); } $languages = get_languages(true); if(isset($languages) && count($languages)>1) { $smarty->assign('user_language', htmlspecialchars($row['language'])); $smarty->assign('languages', $languages); foreach($languages as $l) { if($l['identifier']==$settings['language_file']) { $default_language = $l['title']; $smarty->assign('default_language', $default_language); break; } } } $themes = get_themes(true); if(isset($themes) && count($themes)>1) { $smarty->assign('user_theme', htmlspecialchars($row['theme'])); $smarty->assign('themes', $themes); foreach($themes as $t) { if($t['identifier']==$settings['theme']) { $default_theme = $t['title']; $smarty->assign('default_theme', $default_theme); break; } } } if($row['time_difference']<0) $time_difference_hours = ceil($row['time_difference']/60); else $time_difference_hours = floor($row['time_difference']/60); $time_difference_minutes = abs($row['time_difference']-$time_difference_hours*60); if($time_difference_minutes<10) $time_difference_minutes = '0'.$time_difference_minutes; if(intval($row['time_difference'])>0) $user_time_difference = '+'.$time_difference_hours; else $user_time_difference = $time_difference_hours; if($time_difference_minutes>0) $user_time_difference .= ':'.$time_difference_minutes; $smarty->assign('user_time_difference', $user_time_difference); #$smarty->assign('default_forum_time', format_time($lang['time_format'],time()+intval($settings['time_difference'])*60)); if(isset($_GET['msg'])) $smarty->assign('msg',$_GET['msg']); $smarty->assign('user_name', htmlspecialchars($row['user_name'])); $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name'])); $smarty->assign('user_gender', $row['gender']); $smarty->assign('user_birthday', $user_birthday); $smarty->assign('user_email',htmlspecialchars($row['user_email'])); $smarty->assign('email_contact',$row['email_contact']); $smarty->assign('user_hp', htmlspecialchars($row['user_hp'])); $smarty->assign('user_location', htmlspecialchars($row['user_location'])); $profile=htmlspecialchars($row['profile']); $smarty->assign('profile', htmlspecialchars($row['profile'])); $smarty->assign('signature', htmlspecialchars($row['signature'])); if($row['auto_login_code']!='') $smarty->assign('auto_login', 1); else $smarty->assign('auto_login', 0); if($settings['avatars']>0) { if(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.jpg')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.jpg'; elseif(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.png')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.png'; elseif(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.gif')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.gif'; if(isset($avatar)) { $image_info = getimagesize($avatar['image']); $avatar['width'] = $image_info[0]; $avatar['height'] = $image_info[1]; $smarty->assign('avatar', $avatar); } } if($_SESSION[$settings['session_prefix'].'user_type']==1||$_SESSION[$settings['session_prefix'].'user_type']==2) { $smarty->assign('new_posting_notification', $row['new_posting_notification']); $smarty->assign('new_user_notification', $row['new_user_notification']); } $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_edit_user'); $smarty->assign('subtemplate','user_edit.inc.tpl'); $template = 'main.tpl'; } break; case 'edit_userdata': if(isset($_SESSION[$settings['session_prefix'].'user_id'])) { $id = $_SESSION[$settings['session_prefix'].'user_id']; if(empty($_POST['email_contact'])) $email_contact = 0; else $email_contact = 1; $user_hp = trim($_POST['user_hp']); $user_real_name = trim($_POST['user_real_name']); $user_birthday = trim($_POST['user_birthday']); if(isset($_POST['user_gender'])) $gender = intval($_POST['user_gender']); else $gender=0; if($gender!=0&&$gender!=1&&$gender!=2) $gender=0; $user_location = trim($_POST['user_location']); $profile = trim($_POST['profile']); $signature = trim($_POST['signature']); // time zone: $user_time_zone = ''; if(isset($_POST['user_time_zone']) && $_POST['user_time_zone']!='' && function_exists('date_default_timezone_set') && $time_zones = get_timezones()) { if(in_array($_POST['user_time_zone'], $time_zones)) $user_time_zone = $_POST['user_time_zone']; } // time difference: $user_time_difference = isset($_POST['user_time_difference']) ? trim($_POST['user_time_difference']) : ''; if(isset($user_time_difference[0]) && $user_time_difference[0]=='-') $negative = true; $user_time_difference_array = explode(':',$_POST['user_time_difference']); $hours_difference = abs(intval($user_time_difference_array[0])); if($hours_difference<-24 || $hours_difference>24) $hours_difference = 0; if(isset($user_time_difference_array[1])) $minutes_difference = intval($user_time_difference_array[1]); if(isset($minutes_difference)) { if($minutes_difference<0 || $minutes_difference>59) $minutes_difference = 0; } else { $minutes_difference = 0; } if(isset($negative)) { $user_time_difference = 0 - ($hours_difference*60 + $minutes_difference); } else $user_time_difference = $hours_difference*60 + $minutes_difference; // language: $user_language = ''; if(isset($_POST['user_language']) && trim($_POST['user_language'])!='') { $languages = get_languages(); if(isset($languages) && count($languages)>1) { if(in_array($_POST['user_language'], $languages)) { $user_language = $_POST['user_language']; } } } // theme: $user_theme = ''; if(isset($_POST['user_theme']) && trim($_POST['user_theme'])!='') { $themes = get_themes(); if(isset($themes) && count($themes)>1) { if(in_array($_POST['user_theme'], $themes)) { $user_theme = $_POST['user_theme']; } } } if(isset($_POST['user_view'])) $user_view = intval($_POST['user_view']); else $user_view=0; if($user_view!=0&&$user_view!=1&&$user_view!=2) $user_view = 0; if($_SESSION[$settings['session_prefix'].'user_type']==1||$_SESSION[$settings['session_prefix'].'user_type']==2) { if(isset($_POST['new_posting_notification']) && $_SESSION[$settings['session_prefix'].'user_type']>0) $new_posting_notification = intval($_POST['new_posting_notification']); else $new_posting_notification = 0; if($new_posting_notification!=0&&$new_posting_notification!=1) $new_posting_notification=0; if(isset($_POST['new_user_notification']) && $_SESSION[$settings['session_prefix'].'user_type']>0) $new_user_notification = intval($_POST['new_user_notification']); else $new_user_notification = 0; if($new_user_notification!=0&&$new_user_notification!=1) $new_user_notification=0; } else { $new_posting_notification = 0; $new_user_notification = 0; } if($settings['autologin']==1 && isset($_POST['auto_login']) && intval($_POST['auto_login'])==1) { $auto_login = 1; } else { $auto_login = 0; } // check posted data: if(my_strlen($user_hp,$lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long'; if(my_strlen($user_real_name,$lang['charset']) > $settings['name_maxlength']) $errors[] = 'error_name_too_long'; if(isset($user_hp) && $user_hp != '' && !is_valid_url($user_hp)) $errors[] = 'error_hp_wrong'; if(isset($_POST['category_selection']) && is_array($_POST['category_selection'])) { $filtered_category_selection = filter_category_selection($_POST['category_selection'], $category_ids); if(count($filtered_category_selection)>0) $category_selection_db = implode(',',$filtered_category_selection); } // birthday check: if($user_birthday!='') { if(is_valid_birthday($user_birthday)) { $year = intval(my_substr($user_birthday, 0, 4, $lang['charset'])); $month = intval(my_substr($user_birthday, 5, 2, $lang['charset'])); $day = intval(my_substr($user_birthday, 8, 2, $lang['charset'])); $birthday = $year.'-'.$month.'-'.$day; } else $errors[] = 'error_invalid_date'; } if(empty($birthday)) $birthday = '0000-00-00'; if(my_strlen($user_hp,$lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long'; if(my_strlen($user_location,$lang['charset']) > $settings['location_maxlength']) $errors[] = 'error_location_too_long'; $smarty->assign('profil_length',my_strlen($profile, $lang['charset'])); if(my_strlen($profile, $lang['charset']) > $settings['profile_maxlength']) $errors[] = 'error_profile_too_long'; $smarty->assign('signature_length',my_strlen($signature, $lang['charset'])); if(my_strlen($signature, $lang['charset']) > $settings['signature_maxlength']) $errors[] = 'error_signature_too_long'; // check for too long words: $too_long_word = too_long_word($user_real_name,$settings['name_word_maxlength']); if($too_long_word) $errors[] = 'error_word_too_long'; if(empty($too_long_word)) { $too_long_word = too_long_word($user_location,$settings['location_word_maxlength']); if($too_long_word) $errors[] = 'error_word_too_long'; } $profile_check = html_format($profile); $profile_check = strip_tags($profile_check); if(empty($too_long_word)) { $too_long_word = too_long_word($profile_check,$settings['text_word_maxlength']); if($too_long_word) $errors[] = 'error_word_too_long'; } $signature_check = signature_format($signature); $signature_check = strip_tags($signature_check); if(empty($too_long_word)) { $too_long_word = too_long_word($signature_check,$settings['text_word_maxlength']); if($too_long_word) $errors[] = 'error_word_too_long'; } // check for not accepted words: $joined_message = my_strtolower($user_real_name.' '.$user_hp.' '.$profile.' '.$signature, $lang['charset']); $not_accepted_words = get_not_accepted_words($joined_message); if($not_accepted_words!=false) { $not_accepted_words_listing = implode(', ',$not_accepted_words); if(count($not_accepted_words)==1) { $smarty->assign('not_accepted_word',htmlspecialchars($not_accepted_words_listing)); $errors[] = 'error_not_accepted_word'; } else { $smarty->assign('not_accepted_words',htmlspecialchars($not_accepted_words_listing)); $errors[] = 'error_not_accepted_words'; } } if(isset($errors)) { $smarty->assign('errors', $errors); $result = mysql_query("SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $row = mysql_fetch_array($result); mysql_free_result($result); // timezones: if(function_exists('date_default_timezone_set') && $time_zones = get_timezones()) { $smarty->assign('time_zones', $time_zones); $smarty->assign('user_time_zone', htmlspecialchars($user_time_zone)); } // languages: $languages = get_languages(true); if(isset($languages) && count($languages)>1) { $smarty->assign('languages', $languages); $smarty->assign('user_language', htmlspecialchars($user_language)); } // themes: $themes = get_themes(true); if(isset($themes) && count($themes)>1) { $smarty->assign('themes', $themes); $smarty->assign('user_theme', htmlspecialchars($user_theme)); } if(isset($too_long_word)) $smarty->assign('word',$too_long_word); $smarty->assign('user_name', htmlspecialchars($row['user_name'])); $smarty->assign('user_email', htmlspecialchars($row['user_email'])); $smarty->assign('email_contact', $email_contact); $smarty->assign('user_hp', htmlspecialchars($user_hp)); $smarty->assign('user_real_name', htmlspecialchars($user_real_name)); $smarty->assign('user_gender', $gender); $smarty->assign('user_birthday', htmlspecialchars($user_birthday)); $smarty->assign('user_location', htmlspecialchars($user_location)); $smarty->assign('profile', htmlspecialchars($profile)); $smarty->assign('signature', htmlspecialchars($signature)); if(isset($_POST['user_time_difference'])) $smarty->assign('user_time_difference', htmlspecialchars($_POST['user_time_difference'])); #$smarty->assign('user_view', $user_view); $smarty->assign('auto_login', $auto_login); $smarty->assign('new_posting_notification', $new_posting_notification); $smarty->assign('new_user_notification', $new_user_notification); if(isset($_POST['category_selection']) && is_array($_POST['category_selection'])) $smarty->assign('category_selection', $_POST['category_selection']); $smarty->assign('time_difference_array',$user_time_difference_array); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_edit_user'); $smarty->assign('subtemplate','user_edit.inc.tpl'); $template = 'main.tpl'; } else { if(isset($category_selection_db)) { @mysql_query("UPDATE ".$db_settings['userdata_table']." SET email_contact=".intval($email_contact).", user_hp='".mysql_real_escape_string($user_hp)."', user_real_name='".mysql_real_escape_string($user_real_name)."', gender=".intval($gender).", birthday='".mysql_real_escape_string($birthday)."', user_location='".mysql_real_escape_string($user_location)."', profile='".mysql_real_escape_string($profile)."', signature='".mysql_real_escape_string($signature)."', user_view=".intval($user_view).", new_posting_notification=".intval($new_posting_notification).", new_user_notification=".intval($new_user_notification).", category_selection='".mysql_real_escape_string($category_selection_db)."', language='".mysql_real_escape_string($user_language)."', time_zone='".mysql_real_escape_string($user_time_zone)."', time_difference=".intval($user_time_difference).", theme='".mysql_real_escape_string($user_theme)."', last_login=last_login,last_logout=last_logout,registered=registered WHERE user_id=".intval($id), $connid); $_SESSION[$settings['session_prefix'].'usersettings']['category_selection'] = $filtered_category_selection; } else { @mysql_query("UPDATE ".$db_settings['userdata_table']." SET email_contact=".intval($email_contact).", user_hp='".mysql_real_escape_string($user_hp)."', user_real_name='".mysql_real_escape_string($user_real_name)."', gender=".intval($gender).", birthday='".mysql_real_escape_string($birthday)."', user_location='".mysql_real_escape_string($user_location)."', profile='".mysql_real_escape_string($profile)."', signature='".mysql_real_escape_string($signature)."', user_view=".intval($user_view).", new_posting_notification=".intval($new_posting_notification).", new_user_notification=".intval($new_user_notification).", category_selection=NULL, language='".mysql_real_escape_string($user_language)."', time_zone='".mysql_real_escape_string($user_time_zone)."', time_difference=".intval($user_time_difference).", theme='".mysql_real_escape_string($user_theme)."', last_login=last_login,last_logout=last_logout,registered=registered WHERE user_id=".intval($id), $connid); unset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection']); } // auto login: if($auto_login==1) { $result = mysql_query("SELECT auto_login_code FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $row = mysql_fetch_array($result); mysql_free_result($result); if(strlen($row['auto_login_code'])!=50) { $auto_login_code = random_string(50); } else { $auto_login_code = $row['auto_login_code']; } $auto_login_code_cookie = $auto_login_code . intval($id); setcookie($settings['session_prefix'].'auto_login',$auto_login_code_cookie,time()+(3600*24*$settings['cookie_validity_days'])); @mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, auto_login_code='".mysql_real_escape_string($auto_login_code)."' WHERE user_id=".intval($id), $connid); } else { setcookie($settings['session_prefix'].'auto_login','',0); @mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, auto_login_code='' WHERE user_id=".intval($id), $connid); } @mysql_query("DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($id), $connid); if(!empty($user_language)) $_SESSION[$settings['session_prefix'].'usersettings']['language'] = $user_language; else unset($_SESSION[$settings['session_prefix'].'usersettings']['language']); if(!empty($user_time_zone)) $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'] = $user_time_zone; else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']); if(!empty($user_time_difference)) $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] = intval($user_time_difference); else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']); if(!empty($user_theme)) $_SESSION[$settings['session_prefix'].'usersettings']['theme'] = $user_theme; else unset($_SESSION[$settings['session_prefix'].'usersettings']['theme']); header('Location: index.php?mode=user&action=edit_profile&msg=profile_saved'); exit; } } break; case 'edit_pw': if(isset($_SESSION[$settings['session_prefix'].'user_id'])) { $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_edit_pw'); $smarty->assign('subtemplate','user_edit_pw.inc.tpl'); $template = 'main.tpl'; } break; case 'edit_pw_submitted': if(isset($_SESSION[$settings['session_prefix'].'user_id'])) { $user_id = $_SESSION[$settings['session_prefix'].'user_id']; $pw_result = mysql_query("SELECT user_pw FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($user_id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $field = mysql_fetch_array($pw_result); mysql_free_result($pw_result); $old_pw = trim($_POST['old_pw']); $new_pw = trim($_POST['new_pw']); $new_pw_conf = trim($_POST['new_pw_conf']); if($old_pw=='' or $new_pw=='' or $new_pw_conf =='') $errors[] = 'error_form_uncomplete'; else { if(!is_pw_correct($old_pw,$field['user_pw'])) $errors[] = 'error_old_pw_wrong'; if($new_pw_conf != $new_pw) $errors[] = 'error_pw_conf_wrong'; if(my_strlen($new_pw, $lang['charset']) < $settings['min_pw_length']) $errors[] = 'error_new_pw_too_short'; } // Update, if no errors: if(empty($errors)) { $pw_hash = generate_pw_hash($new_pw); $pw_update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_pw='".mysql_real_escape_string($pw_hash)."', last_login=last_login, registered=registered WHERE user_id=".intval($user_id), $connid); header('location: index.php?mode=user&action=edit_profile&msg=pw_changed'); exit; } else { $smarty->assign('errors',$errors); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_edit_pw'); $smarty->assign('subtemplate','user_edit_pw.inc.tpl'); $template = 'main.tpl'; } } break; case 'edit_email': if(isset($_SESSION[$settings['session_prefix'].'user_id'])) { $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_edit_mail'); $smarty->assign('subtemplate','user_edit_email.inc.tpl'); $template = 'main.tpl'; } break; case 'edit_email_submit': if(isset($_SESSION[$settings['session_prefix'].'user_id'])) { $new_email = trim($_POST['new_email']); $new_email_confirm = trim($_POST['new_email_confirm']); $pw_new_email = $_POST['pw_new_email']; // Check data: $email_result = @mysql_query("SELECT user_id, user_name, user_pw, user_email FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($_SESSION[$settings['session_prefix'].'user_id'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error()); $data = mysql_fetch_array($email_result); mysql_free_result($email_result); if($pw_new_email=='' || $new_email=='') $errors[] = 'error_form_uncompl'; if(empty($errors)) { if($new_email!=$new_email_confirm) $errors[] = 'error_email_confirmation'; if(my_strlen($new_email, $lang['charset']) > $settings['email_maxlength']) $errors[] = 'error_email_too_long'; if($new_email == $data['user_email']) $errors[] = 'error_identic_email'; if(!is_valid_email($new_email)) $errors[] = 'error_email_invalid'; if(!is_pw_correct($pw_new_email,$data['user_pw'])) $errors[] = 'pw_wrong'; } if(empty($errors)) { $smarty->config_load($settings['language_file'], 'emails'); $lang = $smarty->get_config_vars(); if($language_file != $settings['language_file']) setlocale(LC_ALL, $lang['locale']); $activate_code = random_string(20); $activate_code_hash = generate_pw_hash($activate_code); // send mail with activation key: $lang['edit_address_email_txt'] = str_replace("[name]", $data['user_name'], $lang['edit_address_email_txt']); $lang['edit_address_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."index.php?mode=register&id=".$data['user_id']."&key=".$activate_code, $lang['edit_address_email_txt']); if(!my_mail($new_email, $lang['edit_address_email_sj'], $lang['edit_address_email_txt'])) $errors[] = 'mail_error'; if(empty($errors)) { @mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_email='".mysql_real_escape_string($new_email)."', last_login=last_login, registered=registered, activate_code = '".mysql_real_escape_string($activate_code_hash)."' WHERE user_id=".intval($_SESSION[$settings['session_prefix'].'user_id']), $connid) or raise_error('database_error',mysql_error()); log_out($_SESSION[$settings['session_prefix'].'user_id']); header("Location: index.php"); exit; } } if(isset($errors)) { $smarty->assign('new_user_email',htmlspecialchars($new_email)); $smarty->assign('errors',$errors); $breadcrumbs[0]['link'] = 'index.php?mode=user'; $breadcrumbs[0]['linkname'] = 'subnav_userarea'; $breadcrumbs[1]['link'] = 'index.php?mode=user&action=edit_profile'; $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user'; $smarty->assign('breadcrumbs',$breadcrumbs); $smarty->assign('subnav_location','subnav_userarea_edit_mail'); $smarty->assign('subtemplate','user_edit_email.inc.tpl'); $template = 'main.tpl'; } } break; } } else { header("Location: index.php"); exit; } ?>