1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:
453:
454:
455:
456:
457:
458:
459:
460:
461:
462:
463:
464:
465:
466:
467:
468:
469:
470:
471:
472:
473:
474:
475:
476:
477:
478:
479:
480:
481:
482:
483:
484:
485:
486:
487:
488:
489:
490:
491:
492:
493:
494:
495:
496:
497:
498:
499:
500:
501:
502:
503:
504:
505:
506:
507:
508:
509:
510:
511:
512:
513:
514:
515:
516:
517:
518:
519:
520:
521:
522:
523:
524:
525:
526:
527:
528:
529:
530:
531:
532:
533:
534:
535:
536:
537:
538:
539:
540:
541:
542:
543:
544:
545:
546:
547:
548:
549:
550:
551:
552:
553:
554:
555:
556:
557:
558:
559:
560:
561:
562:
563:
564:
565:
566:
567:
568:
569:
570:
571:
572:
573:
574:
575:
576:
577:
578:
579:
580:
581:
582:
583:
584:
585:
586:
587:
588:
589:
590:
591:
592:
593:
594:
595:
596:
597:
598:
599:
600:
601:
602:
603:
604:
605:
606:
607:
608:
609:
610:
611:
612:
613:
614:
615:
616:
617:
618:
619:
620:
621:
622:
623:
624:
625:
626:
627:
628:
629:
630:
631:
632:
633:
634:
635:
636:
637:
638:
639:
640:
641:
642:
643:
644:
645:
646:
647:
648:
649:
650:
651:
652:
653:
654:
655:
656:
657:
658:
659:
660:
661:
662:
663:
664:
665:
666:
667:
668:
669:
670:
671:
672:
673:
674:
675:
676:
677:
678:
679:
680:
681:
682:
683:
684:
685:
686:
687:
688:
689:
690:
691:
692:
693:
694:
695:
696:
697:
698:
699:
700:
701:
702:
703:
704:
705:
706:
707:
708:
709:
710:
711:
712:
713:
714:
715:
716:
717:
718:
719:
720:
721:
722:
723:
724:
725:
726:
727:
728:
729:
730:
731:
732:
733:
734:
735:
736:
737:
738:
739:
740:
741:
742:
743:
744:
745:
746:
747:
748:
749:
750:
751:
752:
753:
754:
755:
756:
757:
758:
759:
760:
761:
762:
763:
764:
765:
766:
767:
768:
769:
770:
771:
772:
773:
774:
775:
776:
777:
778:
779:
780:
781:
782:
783:
784:
785:
786:
787:
788:
789:
790:
791:
792:
793:
794:
795:
796:
797:
798:
799:
800:
801:
802:
803:
804:
805:
806:
807:
808:
809:
810:
811:
812:
813:
814:
815:
816:
817:
818:
819:
820:
821:
822:
823:
824:
825:
826:
827:
828:
829:
830:
831:
832:
833:
834:
835:
836:
837:
838:
839:
840:
841:
842:
843:
844:
845:
846:
847:
848:
849:
850:
851:
852:
853:
854:
855:
856:
857:
858:
859:
860:
861:
862:
863:
864:
865:
866:
867:
868:
869:
870:
871:
872:
873:
874:
875:
876:
877:
878:
879:
880:
881:
882:
883:
884:
885:
886:
887:
888:
889:
890:
891:
892:
893:
894:
895:
896:
897:
898:
899:
900:
901:
902:
903:
904:
905:
906:
907:
908:
909:
910:
911:
912:
913:
914:
915:
916:
917:
918:
919:
920:
921:
922:
923:
924:
925:
926:
927:
928:
929:
930:
931:
932:
933:
934:
935:
936:
937:
938:
939:
940:
941:
942:
943:
944:
945:
946:
947:
948:
949:
950:
951:
952:
953:
954:
955:
956:
957:
958:
959:
960:
961:
962:
963:
964:
965:
966:
967:
968:
969:
970:
971:
972:
973:
974:
975:
976:
977:
978:
979:
980:
981:
982:
983:
984:
985:
986:
987:
988:
989:
990:
991:
992:
993:
994:
995:
996:
997:
998:
999:
1000:
1001:
1002:
1003:
1004:
1005:
|
<?php
// ************************************************************************************//
// * WoltLab Burning Board 2
// ************************************************************************************//
// * Copyright (c) 2001-2004 WoltLab GmbH
// * Web http://www.woltlab.de/
// * License http://www.woltlab.de/products/burning_board/license_en.php
// * http://www.woltlab.de/products/burning_board/license.php
// ************************************************************************************//
// * WoltLab Burning Board 2 is NOT free software.
// * You may not redistribute this package or any of it's files.
// ************************************************************************************//
// * $Date: 2006-09-25 15:29:13 +0200 (Mo, 25 Sep 2006) $
// * $Author: Burntime $
// * $Rev: 1719 $
// ************************************************************************************//
$filename = 'usercp.php';
require('./global.php');
$lang->load('USERCP,WBBSMILIESHOP');
if (!$wbbuserdata['userid']) access_error();
if (isset($_REQUEST['action'])) $action = $_REQUEST['action'];
else $action = '';
$wbbuserdata['can_edit_title'] = $wbbuserdata['canedittitle'];
/**
* remove an element from a list
*
* @param string list
* @param string remove
*
* @return string new list
*/
function removeFromlist($list, $remove) {
$listelements = explode(' ', $list);
if (!in_array($remove, $listelements)) return - 1;
else {
$count = count($listelements);
for ($i = 0; $i < $count; $i++) {
if ($listelements[$i] == $remove) {
if ($i == $count - 1) array_pop($listelements);
else $listelements[$i] = array_pop($listelements);
break;
}
}
return implode(' ', $listelements);
}
}
$username = htmlconverter($wbbuserdata['username']);
$lang->items['LANG_USERCP_TITLE'] = $lang->get("LANG_USERCP_TITLE", array('$username' => $username));
$userinfo = $db->query_first("SELECT u.*, g.groupids FROM bb".$n."_users u LEFT JOIN bb".$n."_groupcombinations g ON(g.groupcombinationid=u.groupcombinationid) WHERE u.userid='$wbbuserdata[userid]'");
$page_groupid = explode(",",$userinfo['groupids']);
for ($i = 0; $i < count($page_groupid); $i++){
$page_ok = $db->query_first("SELECT * FROM bb".$n."_userpages_start WHERE groupid='$page_groupid[$i]'");
if ($page_ok['pagestart'] == 1) break;
}
/** no action defined => startpage **/
/* SmilieShop */
$smilieoptions = $db->query_first("SELECT * FROM bb".$n."_guthaben_shop_smilieoptions");
$smilieshop = "";
if($smilieoptions['status'] == 1) eval ("\$smilieshop = \"".$tpl->get("smilieshop_anaus")."\";");
/* SmilieShop Ende */
if (!$action) {
eval("\$tpl->output(\"".$tpl->get("usercp")."\");");
}
/** edit profile **/
if ($action == 'profile_edit') {
$lang->load('REGISTER,POSTINGS');
$usercp_error = '';
$gender = array(1 => '', 2 => '');
/** post data sent => verify and safe profile **/
if (isset($_POST['send'])) {
// profilefields
if (isset($_POST['field']) && is_array($_POST['field'])) $field = trim_array($_POST['field']);
else $field = array();
if (isset($_POST['dayfield']) && is_array($_POST['dayfield'])) $dayfield = trim_array($_POST['dayfield']);
else $dayfield = array();
if (isset($_POST['monthfield']) && is_array($_POST['monthfield'])) $monthfield = trim_array($_POST['monthfield']);
else $monthfield = array();
if (isset($_POST['yearfield']) && is_array($_POST['yearfield'])) $yearfield = trim_array($_POST['yearfield']);
else $yearfield = array();
// profiledata
if (isset($_POST['r_email'])) $r_email = wbb_trim($_POST['r_email']);
if (isset($_POST['r_homepage'])) $r_homepage = wbb_trim($_POST['r_homepage']);
if (isset($_POST['r_icq'])) $r_icq = str_replace("-", "", wbb_trim($_POST['r_icq']));
if (isset($_POST['r_aim'])) $r_aim = wbb_trim($_POST['r_aim']);
if (isset($_POST['r_yim'])) $r_yim = wbb_trim($_POST['r_yim']);
if (isset($_POST['r_msn'])) $r_msn = wbb_trim($_POST['r_msn']);
if (isset($_POST['r_day'])) $r_day = wbb_trim($_POST['r_day']);
if (isset($_POST['r_month'])) $r_month = wbb_trim($_POST['r_month']);
if (isset($_POST['r_year'])) $r_year = wbb_trim($_POST['r_year']);
if (isset($_POST['r_gender'])) $r_gender = wbb_trim($_POST['r_gender']);
if (isset($_POST['r_usertext'])) $r_usertext = wbb_trim($_POST['r_usertext']);
if (isset($_POST['r_title']) && $wbbuserdata['can_edit_title'] == 1) $r_title = wbb_trim($_POST['r_title']);
else $r_title = '';
$error = '';
$userfield_error = 0;
$fieldvalues = '';
/** verify required profilefields and build sql update query **/
$result = $db->unbuffered_query("SELECT profilefieldid,required,fieldtype,choicecount,fieldoptions FROM bb".$n."_profilefields ORDER BY profilefieldid ASC");
while ($row = $db->fetch_array($result)) {
// is required -> check content
if ($row['required'] == 1 && $row['fieldtype'] != "checkbox") {
// date
if ($row['fieldtype'] == "date") {
if (!$dayfield[$row['profilefieldid']] || !$monthfield[$row['profilefieldid']] || !$yearfield[$row['profilefieldid']]) {
$userfield_error = 1;
}
}
// select
else if ($row['fieldtype'] == "select") {
$temp = explode("\n", dos2unix($row['fieldoptions']));
$options = trim_array($temp);
if (!isset($field[$row['profilefieldid']]) || !in_array($field[$row['profilefieldid']], $options)) {
$userfield_error = 1;
}
}
// multiselect
else if ($row['fieldtype'] == "multiselect") {
$temp = explode("\n", dos2unix($row['fieldoptions']));
$options = trim_array($temp);
if (!count($field[$row['profilefieldid']])) {
$userfield_error = 1;
}
else {
for ($i = 0, $j = count($field[$row['profilefieldid']]); $i < $j; $i++) {
if (!in_array($field[$row['profilefieldid']][$i], $options)) {
$userfield_error = 1;
}
}
}
}
// other
else {
if (!isset($field[$row['profilefieldid']]) || $field[$row['profilefieldid']] == '') {
$userfield_error = 1;
}
}
if ($userfield_error == 1) break;
}
if ($row['fieldtype'] == "multiselect") {
if (is_array($field[$row['profilefieldid']])) {
if ($row['choicecount'] && count($field[$row['profilefieldid']]) > $row['choicecount']) {
$max = count($field[$row['profilefieldid']]);
for ($i = $row['choicecount']; $i < $max; $i++) unset($field[$row['profilefieldid']][$i]);
}
if ($fieldvalues) $fieldvalues .= ", field$row[profilefieldid] = '".addslashes(wbb_trim(implode("\n", $field[$row['profilefieldid']])))."'";
else $fieldvalues .= "field$row[profilefieldid] = '".addslashes(wbb_trim(implode("\n", $field[$row['profilefieldid']])))."'";
}
else {
if ($fieldvalues) $fieldvalues .= ", field$row[profilefieldid] = ''";
else $fieldvalues .= "field$row[profilefieldid] = ''";
}
}
elseif ($row['fieldtype'] == "date") {
if ($dayfield[$row['profilefieldid']] && $monthfield[$row['profilefieldid']]) $datefield = ((wbb_strlen($yearfield[$row['profilefieldid']]) == 4) ? ($yearfield[$row['profilefieldid']]) : (((wbb_strlen($yearfield[$row['profilefieldid']]) == 2) ? ("19".$yearfield[$row['profilefieldid']]) : ("0000"))))."-".(($monthfield[$row['profilefieldid']] < 10) ? ("0".$monthfield[$row['profilefieldid']]) : ($monthfield[$row['profilefieldid']]))."-".(($dayfield[$row['profilefieldid']] < 10) ? ("0".$dayfield[$row['profilefieldid']]) : ($dayfield[$row['profilefieldid']]));
else $datefield = "0000-00-00";
if ($fieldvalues) $fieldvalues .= ", field$row[profilefieldid] = '".addslashes($datefield)."'";
else $fieldvalues = "field$row[profilefieldid] = '".addslashes($datefield)."'";
}
else {
if ($fieldvalues) $fieldvalues .= ", field$row[profilefieldid] = '".addslashes($field[$row['profilefieldid']])."'";
else $fieldvalues = "field$row[profilefieldid] = '".addslashes($field[$row['profilefieldid']])."'";
}
}
/** verify input, build error messages **/
if ($userfield_error == 1) $error .= $lang->items['LANG_POSTINGS_ERROR1'];
if (wbb_strlen($r_usertext) > $wbbuserdata['max_usertext_length']) $error .= $lang->items['LANG_REGISTER_ERROR6'];
if ($error) eval("\$usercp_error = \"".$tpl->get("register_error")."\";");
/** input ok **/
else {
if ($r_homepage && !preg_match("/[a-zA-Z]:\/\//si", $r_homepage)) $r_homepage = "http://".$r_homepage;
if ($r_day && $r_month) {
$r_year = ((wbb_strlen($r_year) == 4) ? ($r_year) : (((wbb_strlen($r_year) == 2) ? ("19$r_year") : ("0000"))));
if (checkdate($r_month, $r_day, (($r_year != '0000') ? ($r_year) : (date('Y', time()))))) $birthday = $r_year."-".(($r_month < 10) ? ("0$r_month") : ($r_month))."-".(($r_day < 10) ? ("0$r_day") : ($r_day));
else $birthday = "0000-00-00";
}
else $birthday = "0000-00-00";
if ($wbbuserdata['can_edit_title'] == 1 && isset($r_title)) if (!verify_usertitle($r_title)) $r_title = '';
list($rankid) = $db->query_first("SELECT rankid FROM bb".$n."_ranks WHERE groupid IN ('0','$wbbuserdata[rankgroupid]') AND needposts<='$wbbuserdata[userposts]' AND gender IN ('0','".intval($r_gender)."') ORDER BY needposts DESC, gender DESC", 1);
$db->unbuffered_query("UPDATE bb".$n."_users SET ".(($wbbuserdata['can_edit_title'] == 1 && isset($r_title) && $r_title != '') ? ("title='".addslashes($r_title)."', canedittitle='0', ") : (""))."usertext='".addslashes($r_usertext)."', icq='".intval($r_icq)."', aim='".addslashes($r_aim)."', yim='".addslashes($r_yim)."', msn='".addslashes($r_msn)."', homepage='".addslashes($r_homepage)."', birthday='".addslashes($birthday)."', gender='".intval($r_gender)."'".(($rankid != $wbbuserdata['rankid']) ? (", rankid='$rankid'") : (""))." WHERE userid = '$wbbuserdata[userid]'", 1);
if ($fieldvalues) $db->unbuffered_query("UPDATE bb".$n."_userfields SET $fieldvalues WHERE userid = '$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=profile_edit".$SID_ARG_2ND_UN);
exit();
}
}
/** profile saved **/
/** no post data sent, get profile **/
else {
$r_homepage = $wbbuserdata['homepage'];
$r_icq = $wbbuserdata['icq'];
$r_aim = $wbbuserdata['aim'];
$r_yim = $wbbuserdata['yim'];
$r_msn = $wbbuserdata['msn'];
$birthday = explode("-", $wbbuserdata['birthday']);
$r_day = $birthday[2];
$r_month = $birthday[1];
$r_year = (($birthday[0]) ? ($birthday[0]) : (""));
$r_gender = $wbbuserdata['gender'];
$r_usertext = $wbbuserdata['usertext'];
$r_title = $wbbuserdata['title'];
$userfields = $db->query_first("SELECT * FROM bb".$n."_userfields WHERE userid='$wbbuserdata[userid]'");
}
/** now generate the html - form **/
$day_options = ''; $month_options = '';
for ($i = 1; $i <= 31; $i++) $day_options .= makeoption($i, $i, $r_day);
for ($i = 1; $i <= 12; $i++) $month_options .= makeoption($i, getmonth($i), $r_month);
if (isset($r_gender)) $gender[$r_gender] = ' selected="selected"';
$z = 0;
$y = 1;
$profilefields_required = '';
$profilefields = '';
/** get profilefields **/
$result = $db->unbuffered_query("SELECT * FROM bb".$n."_profilefields ORDER BY fieldorder ASC");
while ($row = $db->fetch_array($result)) {
$field_value = '';
$field_checked = '';
$dayfield_value = '';
$monthfield_value = '';
$yearfield_value = '';
$row_options = array();
$selected_options = array();
switch ($row['fieldtype']) {
case "text":
if (isset($_POST['send'])) $field_value = htmlconverter($field[$row['profilefieldid']]);
else $field_value = htmlconverter($userfields["field".$row['profilefieldid']]);
break;
case "select":
$row_options = explode("\n", $row['fieldoptions']);
$field_value = "<option value=\"\">".$lang->get("LANG_GLOBAL_PLEASE_SELECT")."</option>\n";
foreach ($row_options as $option) $field_value .= makeoption(htmlconverter(wbb_trim($option)), htmlconverter(wbb_trim($option)), ((isset($_POST['send'])) ? (htmlconverter(wbb_trim($field[$row['profilefieldid']]))) : (htmlconverter(wbb_trim($userfields["field".$row['profilefieldid']])))));
break;
case "multiselect":
$row_options = explode("\n", $row['fieldoptions']);
if (isset($_POST['send']) && is_array($field[$row['profilefieldid']]) && count($field[$row['profilefieldid']])) $selected_options = $field[$row['profilefieldid']];
else $selected_options = explode("\n", $userfields["field".$row['profilefieldid']]);
foreach ($row_options as $option) $field_value .= makeoption(htmlconverter(wbb_trim($option)), htmlconverter(wbb_trim($option)), ((in_array(wbb_trim($option), $selected_options)) ? (htmlconverter(wbb_trim($option))) : ("")));
break;
case "checkbox":
$field_value = htmlconverter($row['fieldoptions']);
$field_checked = (($row['fieldoptions'] == ((isset($_POST['send'])) ? ($field[$row['profilefieldid']]) : ($userfields["field".$row['profilefieldid']]))) ? (" checked=\"checked\"") : (""));
break;
case "date":
if (isset($_POST['send'])) {
$year_tmp = $yearfield[$row['profilefieldid']];
$month_tmp = $monthfield[$row['profilefieldid']];
$day_tmp = $dayfield[$row['profilefieldid']];
}
else list($year_tmp, $month_tmp, $day_tmp) = explode("-", $userfields["field".$row['profilefieldid']]);
for ($i = 1; $i <= 31; $i++) $dayfield_value .= makeoption($i, $i, $day_tmp);
for ($i = 1; $i <= 12; $i++) $monthfield_value .= makeoption($i, getmonth($i), $month_tmp);
if (intval($year_tmp)) $yearfield_value = $year_tmp;
else $yearfield_value = '';
break;
}
$row['title'] = getlangvar($row['title'], $lang);
$row['description'] = getlangvar($row['description'], $lang);
if ($row['required'] == 1) {
$tdclass = getone($y, "tablea", "tableb");
eval("\$profilefields_required .= \"".$tpl->get("register_userfield_$row[fieldtype]")."\";");
$y++;
}
else {
$tdclass = getone($z, "tablea", "tableb");
eval("\$profilefields .= \"".$tpl->get("register_userfield_$row[fieldtype]")."\";");
$z++;
}
}
$r_homepage = htmlconverter($r_homepage);
$r_icq = intval($r_icq);
$r_aim = htmlconverter($r_aim);
$r_yim = htmlconverter($r_yim);
$r_msn = htmlconverter($r_msn);
$r_year = htmlconverter($r_year);
$r_gender = htmlconverter($r_gender);
$r_usertext = htmlconverter($r_usertext);
$r_title = htmlconverter($r_title);
if (!$r_icq) $r_icq = '';
if ($r_year == "0000") $r_year = '';
/** output html - form **/
eval("\$tpl->output(\"".$tpl->get("usercp_profile_edit")."\");");
}
/** edit signature **/
if ($action == 'signature_edit') {
$lang->load('REGISTER,POSTINGS');
require('./acp/lib/class_parse.php');
$preview_signature = '';
$old_signature = '';
$usercp_error = '';
if (isset($_POST['send'])) {
// post options
if (isset($_POST['disablesmilies'])) $disablesmilies = intval($_POST['disablesmilies']);
else $disablesmilies = 0;
if (isset($_POST['disablehtml'])) $disablehtml = intval($_POST['disablehtml']);
else $disablehtml = 0;
if (isset($_POST['disablebbcode'])) $disablebbcode = intval($_POST['disablebbcode']);
else $disablebbcode = 0;
if (isset($_POST['disableimages'])) $disableimages = intval($_POST['disableimages']);
else $disableimages = 0;
/* get message & strip crap */
$message = stripcrap(wbb_trim($_POST['message']));
/* posting feature rights:start */
if (!$wbbuserdata['can_use_sig_smilies'] || $disablesmilies == 1) $allowsmilies = 0;
else $allowsmilies = 1;
if (!$wbbuserdata['can_use_sig_html'] || $disablehtml == 1) $allowhtml = 0;
else $allowhtml = 1;
if (!$wbbuserdata['can_use_sig_bbcode'] || $disablebbcode == 1) $allowbbcode = 0;
else $allowbbcode = 1;
if (!$wbbuserdata['can_use_sig_images'] || $disableimages == 1) $allowimages = 0;
else $allowimages = 1;
/* posting feature rights:end */
if (!isset($_POST['preview']) && !$_POST['change_editor']) {
$error = '';
if (wbb_strlen($message) > $wbbuserdata['max_sig_length']) $error .= $lang->items['LANG_REGISTER_ERROR4'];
if ($wbbuserdata['max_sig_image'] != -1 && wbb_substr_count(wbb_strtolower($message), "[img]") > $wbbuserdata['max_sig_image']) $error .= $lang->items['LANG_REGISTER_ERROR5'];
if ($error) eval("\$usercp_error = \"".$tpl->get("register_error")."\";");
else {
$db->unbuffered_query("UPDATE bb".$n."_users SET signature='".addslashes($message)."', allowsigsmilies='$allowsmilies', allowsightml='$allowhtml', allowsigbbcode='$allowbbcode', allowsigimages='$allowimages' WHERE userid='$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=signature_edit".$SID_ARG_2ND_UN);
exit();
}
}
else if (!$_POST['change_editor']) {
$parse = &new parse($docensor, 75, $wbbuserdata['showimages'], "", $usecode);
$preview_signature = $parse->doparse($message, $allowsmilies, $allowhtml, $allowbbcode, $allowimages);
}
if ($disablesmilies == 1) $checked[0] = 'checked="checked"';
else $checked[0] = '';
if ($disablehtml == 1) $checked[1] = 'checked="checked"';
else $checked[1] = '';
if ($disablebbcode == 1) $checked[2] = 'checked="checked"';
else $checked[2] = '';
if ($disableimages == 1) $checked[3] = 'checked="checked"';
else $checked[3] = '';
}
else {
$message = $wbbuserdata['signature'];
$disablesmilies = 1 - $wbbuserdata['allowsigsmilies'];
$disablehtml = 1 - $wbbuserdata['allowsightml'];
$disablebbcode = 1 - $wbbuserdata['allowsigbbcode'];
$disableimages = 1 - $wbbuserdata['allowsigimages'];
if ($disablesmilies == 1) $checked[0] = 'checked="checked"';
else $checked[0] = '';
if ($disablehtml == 1) $checked[1] = 'checked="checked"';
else $checked[1] = '';
if ($disablebbcode == 1) $checked[2] = 'checked="checked"';
else $checked[2] = '';
if ($disableimages == 1) $checked[3] = 'checked="checked"';
else $checked[3] = '';
}
if ($wbbuserdata['signature']) {
if (!isset($parse)) $parse = &new parse($docensor, 75, $wbbuserdata['showimages'], "", $usecode);
$old_signature = $parse->doparse($wbbuserdata['signature'], $wbbuserdata['allowsigsmilies'], $wbbuserdata['allowsightml'], $wbbuserdata['allowsigbbcode'], $wbbuserdata['allowsigimages']);
}
if ($wbbuserdata['can_use_sig_bbcode'] == 1 && $wbbuserdata['usewysiwyg'] != 1) $bbcode_buttons = getcodebuttons();
if ($wbbuserdata['can_use_sig_smilies'] == 1) {
if ($wbbuserdata['usewysiwyg'] == 1) $smilies = getAppletSmilies();
$bbcode_smilies = getclickysmilies($smilie_table_cols, $smilie_table_rows);
}
$note = '';
if ($wbbuserdata['can_use_sig_html'] == 0) $note .= $lang->items['LANG_POSTINGS_HTML_NOT_ALLOW'];
else $note .= $lang->items['LANG_POSTINGS_HTML_ALLOW'];
if ($wbbuserdata['can_use_sig_bbcode'] == 0) $note .= $lang->items['LANG_POSTINGS_BBCODE_NOT_ALLOW'];
else $note .= $lang->items['LANG_POSTINGS_BBCODE_ALLOW'];
if ($wbbuserdata['can_use_sig_smilies'] == 0) $note .= $lang->items['LANG_POSTINGS_SMILIES_NOT_ALLOW'];
else $note .= $lang->items['LANG_POSTINGS_SMILIES_ALLOW'];
if ($wbbuserdata['can_use_sig_images'] == 0) $note .= $lang->items['LANG_POSTINGS_HTML_IMAGES_ALLOW'];
else $note .= $lang->items['LANG_POSTINGS_IMAGES_ALLOW'];
if (isset($message)) $message = htmlconverter($message);
$lang->items['LANG_POSTINGS_JS_MESSAGE_TOLONG'] = $lang->items['LANG_USERCP_SIGNATURE_TOLONG'];
$lang->items['LANG_POSTINGS_JS_MESSAGE_MAXLENGTH'] = $lang->items['LANG_USERCP_SIGNATURE_MAXLENGTH'];
$lang->items['LANG_POSTINGS_JS_MESSAGE_CHECKLENGTH'] = $lang->items['LANG_USERCP_SIGNATURE_CHECKLENGTH_TEXT'];
eval("\$headinclude .= \"".$tpl->get("bbcode_script")."\";");
eval("\$editor = \"".$tpl->get("editor")."\";");
eval("\$editor_switch = \"".$tpl->get("editor_switch")."\";");
eval("\$tpl->output(\"".$tpl->get("usercp_signature_edit")."\");");
}
/** change options **/
if ($action == 'options_change') {
$lang->load('REGISTER,POSTINGS');
if (isset($_POST['send'])) {
if (isset($_POST['r_invisible'])) $r_invisible = wbb_trim($_POST['r_invisible']);
if (isset($_POST['r_usecookies'])) $r_usecookies = wbb_trim($_POST['r_usecookies']);
if (isset($_POST['r_admincanemail'])) $r_admincanemail = wbb_trim($_POST['r_admincanemail']);
if (isset($_POST['r_showemail'])) $r_showemail = wbb_trim($_POST['r_showemail']);
if (isset($_POST['r_usercanemail'])) $r_usercanemail = wbb_trim($_POST['r_usercanemail']);
if (isset($_POST['r_emailnotify'])) $r_emailnotify = wbb_trim($_POST['r_emailnotify']);
if (isset($_POST['r_notificationperpm'])) $r_notificationperpm = wbb_trim($_POST['r_notificationperpm']);
if (isset($_POST['r_receivepm'])) $r_receivepm = wbb_trim($_POST['r_receivepm']);
if (isset($_POST['r_emailonpm'])) $r_emailonpm = wbb_trim($_POST['r_emailonpm']);
if (isset($_POST['r_pmpopup'])) $r_pmpopup = wbb_trim($_POST['r_pmpopup']);
if (isset($_POST['r_showsignatures'])) $r_showsignatures = wbb_trim($_POST['r_showsignatures']);
if (isset($_POST['r_showavatars'])) $r_showavatars = wbb_trim($_POST['r_showavatars']);
if (isset($_POST['r_showimages'])) $r_showimages = wbb_trim($_POST['r_showimages']);
if (isset($_POST['r_daysprune'])) $r_daysprune = wbb_trim($_POST['r_daysprune']);
if (isset($_POST['r_umaxposts'])) $r_umaxposts = wbb_trim($_POST['r_umaxposts']);
if (isset($_POST['r_threadview'])) $r_threadview = wbb_trim($_POST['r_threadview']);
if (isset($_POST['r_dateformat'])) $r_dateformat = wbb_trim($_POST['r_dateformat']);
if (isset($_POST['r_timeformat'])) $r_timeformat = wbb_trim($_POST['r_timeformat']);
if (isset($_POST['r_startweek'])) $r_startweek = wbb_trim($_POST['r_startweek']);
if (isset($_POST['r_timezoneoffset'])) $r_timezoneoffset = wbb_trim($_POST['r_timezoneoffset']);
if (isset($_POST['r_styleid'])) $r_styleid = wbb_trim($_POST['r_styleid']);
if (isset($_POST['r_langid'])) $r_langid = wbb_trim($_POST['r_langid']);
if (isset($_POST['r_emailonapplication'])) $r_emailonapplication = wbb_trim($_POST['r_emailonapplication']);
if (isset($_POST['r_usewysiwyg'])) $r_usewysiwyg = wbb_trim($_POST['r_usewysiwyg']);
if (!$r_dateformat) $r_dateformat = $dateformat;
if (!$r_timeformat) $r_timeformat = $timeformat;
$db->unbuffered_query("UPDATE bb".$n."_users SET showemail='".intval($r_showemail)."', admincanemail='".intval($r_admincanemail)."', usercanemail='".intval($r_usercanemail)."', invisible='".intval($r_invisible)."', usecookies='".intval($r_usecookies)."', styleid='".intval($r_styleid)."', daysprune='".intval($r_daysprune)."', timezoneoffset='".addslashes(htmlspecialchars($r_timezoneoffset))."', startweek='".intval($r_startweek)."', dateformat='".addslashes($r_dateformat)."', timeformat='".addslashes($r_timeformat)."', emailnotify='".intval($r_emailnotify)."', notificationperpm='".intval($r_notificationperpm)."', receivepm='".intval($r_receivepm)."', emailonpm='".intval($r_emailonpm)."', pmpopup='".intval($r_pmpopup)."', umaxposts='".intval($r_umaxposts)."', showsignatures='".intval($r_showsignatures)."', showavatars='".intval($r_showavatars)."', showimages='".intval($r_showimages)."', threadview='".intval($r_threadview)."', langid='".intval($r_langid)."'".(($wbbuserdata['isgroupleader'] == 1) ? (", emailonapplication='".intval($r_emailonapplication)."'") : ("")).", usewysiwyg='".intval($r_usewysiwyg)."' WHERE userid = '$wbbuserdata[userid]'", 1);
if ($r_styleid != $session['styleid'] || $r_langid != $session['langid']) $db->unbuffered_query("UPDATE bb".$n."_sessions SET styleid='".intval($r_styleid)."', langid='".intval($r_langid)."' WHERE sessionhash='$sid'", 1);
header("Location: usercp.php?action=options_change".$SID_ARG_2ND_UN);
exit();
}
else {
$r_invisible = $wbbuserdata['invisible'];
$r_usecookies = $wbbuserdata['usecookies'];
$r_admincanemail = $wbbuserdata['admincanemail'];
$r_showemail = $wbbuserdata['showemail'];
$r_usercanemail = $wbbuserdata['usercanemail'];
$r_emailnotify = $wbbuserdata['emailnotify'];
$r_notificationperpm = $wbbuserdata['notificationperpm'];
$r_receivepm = $wbbuserdata['receivepm'];
$r_emailonpm = $wbbuserdata['emailonpm'];
$r_pmpopup = $wbbuserdata['pmpopup'];
$r_showsignatures = $wbbuserdata['showsignatures'];
$r_showavatars = $wbbuserdata['showavatars'];
$r_showimages = $wbbuserdata['showimages'];
$r_daysprune = $wbbuserdata['daysprune'];
$r_umaxposts = $wbbuserdata['umaxposts'];
$r_dateformat = $wbbuserdata['dateformat'];
$r_timeformat = $wbbuserdata['timeformat'];
$r_startweek = $wbbuserdata['startweek'];
$r_timezoneoffset = $wbbuserdata['timezoneoffset'];
$r_styleid = $wbbuserdata['styleid'];
$r_langid = $wbbuserdata['langid'];
$r_threadview = $wbbuserdata['threadview'];
$r_emailonapplication = $wbbuserdata['emailonapplication'];
$r_usewysiwyg = $wbbuserdata['usewysiwyg'];
}
$startweek_options = '';
for ($i = 0; $i < 7; $i++) $startweek_options .= makeoption($i, getday($i), $r_startweek);
if (isset($r_invisible)) $invisible[$r_invisible] = " selected=\"selected\"";
if (isset($r_usecookies)) $usecookies[$r_usecookies] = " selected=\"selected\"";
if (isset($r_admincanemail)) $admincanemail[$r_admincanemail] = " selected=\"selected\"";
if (isset($r_showemail)) $showemail[$r_showemail] = " selected=\"selected\"";
if (isset($r_usercanemail)) $usercanemail[$r_usercanemail] = " selected=\"selected\"";
if (isset($r_emailnotify)) $emailnotify[$r_emailnotify] = " selected=\"selected\"";
if (isset($r_notificationperpm)) $notificationperpm[$r_notificationperpm] = " selected=\"selected\"";
if (isset($r_receivepm)) $receivepm[$r_receivepm] = " selected=\"selected\"";
if (isset($r_emailonpm)) $emailonpm[$r_emailonpm] = " selected=\"selected\"";
if (isset($r_pmpopup)) $spmpopup[$r_pmpopup] = " selected=\"selected\"";
if (isset($r_showsignatures)) $showsignatures[$r_showsignatures] = " selected=\"selected\"";
if (isset($r_showavatars)) $showavatars[$r_showavatars] = " selected=\"selected\"";
if (isset($r_showimages)) $showimages[$r_showimages] = " selected=\"selected\"";
if (isset($r_daysprune)) $sdaysprune[$r_daysprune] = " selected=\"selected\"";
if (isset($r_umaxposts)) $sumaxposts[$r_umaxposts] = " selected=\"selected\"";
if (isset($r_threadview)) $sthreadview[$r_threadview] = " selected=\"selected\"";
if (isset($r_emailonapplication)) $emailonapplication[$r_emailonapplication] = " selected=\"selected\"";
if (isset($r_usewysiwyg)) $usewysiwyg[$r_usewysiwyg] = " selected=\"selected\"";
$timezone_options = '';
$timezones = explode("\n", $lang->items['LANG_REGISTER_TIMEZONES']);
for ($i = 0; $i < count($timezones); $i++) {
$parts = explode("|", wbb_trim($timezones[$i]));
$timezone_options .= makeoption($parts[0], "(GMT".(($parts[1]) ? (" ".$parts[1]) : ("")).") $parts[2]", $r_timezoneoffset);
}
/* styles */
$style_options = '';
$result = $db->unbuffered_query("SELECT styleid, stylename FROM bb".$n."_styles ORDER BY stylename ASC");
while ($row = $db->fetch_array($result)) $style_options .= makeoption($row['styleid'], getlangvar($row['stylename'], $lang), $r_styleid);
/* language packs */
$lang_options = '';
$result = $db->unbuffered_query("SELECT languagepackid, languagepackname FROM bb".$n."_languagepacks ORDER BY languagepackname ASC");
while ($row = $db->fetch_array($result)) $lang_options .= makeoption($row['languagepackid'], getlangvar($row['languagepackname'], $lang), $r_langid);
$r_dateformat = htmlconverter($r_dateformat);
$r_timeformat = htmlconverter($r_timeformat);
eval("\$tpl->output(\"".$tpl->get("usercp_options_change")."\");");
}
/** change password **/
if ($action == 'password_change') {
$lang->load('REGISTER,POSTINGS');
if (isset($_POST['send'])) {
$new_password = $_POST['new_password'];
$confirm_new_password = $_POST['confirm_new_password'];
$authentification = false;
if ($allowloginencryption == 1 && $_POST['crypted'] == "true" && $wbbuserdata['sha1_password']) {
if (sha1(sha1($session['authentificationcode']).$wbbuserdata['sha1_password']) == $_POST['authentificationcode']) $authentification = true;
else $authentification = false;
}
else {
if (md5($_POST['l_password']) == $wbbuserdata['password']) {
$authentification = true;
if (!$wbbuserdata['sha1_password']) {
$db->unbuffered_query("UPDATE bb".$n."_users SET sha1_password='".sha1($_POST['l_password'])."' WHERE userid='$wbbuserdata[userid]'");
}
}
else $authentification = false;
}
if (($_POST['crypted'] == "false" && !$_POST['l_password']) || !$new_password || !$confirm_new_password) error($lang->get("LANG_GLOBAL_ERROR1"));
elseif ($new_password != $confirm_new_password) error($lang->get("LANG_USERCP_PASSWORD_CHANGE_ERROR1"));
elseif ($authentification == false) error($lang->get("LANG_USERCP_PASSWORD_CHANGE_ERROR2"));
else {
$db->query("UPDATE bb".$n."_users SET password='".md5($new_password)."', sha1_password='".sha1($new_password)."' WHERE userid='$wbbuserdata[userid]'");
if ($wbbuserdata['usecookies'] == 1) bbcookie("userpassword", md5($new_password), time() + 3600 * 24 * 365);
redirect($lang->get("LANG_USERCP_PW_REDIRECT"), "usercp.php".$SID_ARG_1ST);
exit;
}
}
eval("\$tpl->output(\"".$tpl->get("usercp_password_change")."\");");
}
/** change email **/
if ($action == 'email_change') {
$lang->load('REGISTER,POSTINGS');
if (isset($_POST['send'])) {
$new_email = wbb_trim($_POST['new_email']);
$confirm_new_email = wbb_trim($_POST['confirm_new_email']);
if ($new_email == $wbbuserdata['email']) {
header("Location: usercp.php".$SID_ARG_1ST);
exit();
}
$authentification = false;
if ($allowloginencryption == 1 && $_POST['crypted'] == "true" && $wbbuserdata['sha1_password']) {
if (sha1(sha1($session['authentificationcode']).$wbbuserdata['sha1_password']) == $_POST['authentificationcode']) $authentification = true;
else $authentification = false;
}
else {
if (md5($_POST['l_password']) == $wbbuserdata['password']) {
$authentification = true;
if (!$wbbuserdata['sha1_password']) {
$db->unbuffered_query("UPDATE bb".$n."_users SET sha1_password='".sha1($_POST['l_password'])."' WHERE userid='$wbbuserdata[userid]'");
}
}
else $authentification = false;
}
if (($_POST['crypted'] == "false" && !$_POST['l_password']) || !$new_email || !$confirm_new_email) error($lang->get("LANG_GLOBAL_ERROR1"));
elseif ($authentification == false) error($lang->get("LANG_USERCP_PASSWORD_CHANGE_ERROR2"));
elseif ($new_email != $confirm_new_email) error($lang->get("LANG_USERCP_EC_ERROR1"));
elseif (!verify_email($new_email)) error($lang->get("LANG_USERCP_EC_ERROR2"));
else {
$db->query("UPDATE bb".$n."_users SET email='".addslashes($new_email)."' WHERE userid = '$wbbuserdata[userid]'");
if ($emailverifymode == 0) {
redirect($lang->get("LANG_USERCP_EC_REDIRECT0"), "usercp.php".$SID_ARG_1ST);
}
if ($emailverifymode == 3) {
$lang->load('MAIL');
$r_password = password_generate();
$db->query("UPDATE bb".$n."_users SET password='".md5($r_password)."', sha1_password='".sha1($r_password)."' WHERE userid = '$wbbuserdata[userid]'");
$db->query("UPDATE bb".$n."_sessions SET userid=0 WHERE sessionhash='$sid'");
$master_board_name_email = getlangvar($o_master_board_name, $lang, 0);
$subject = $lang->get("LANG_MAIL_EC3_SUBJECT", array('$master_board_name_email' => $master_board_name_email));
$content = $lang->get("LANG_MAIL_EC3_TEXT", array('$master_board_name_email' => $master_board_name_email, '$username' => $wbbuserdata['username'], '$r_password' => $r_password));
mailer($new_email, $subject, $content);
redirect($lang->get("LANG_USERCP_EC_REDIRECT3", array('$new_email' => $new_email)), "index.php".$SID_ARG_1ST, 20);
}
if ($emailverifymode == 1 || $emailverifymode == 2) {
$activation = code_generate();
list($groupid) = $db->query_first("SELECT groupid FROM bb".$n."_groups WHERE grouptype = 2");
if (!in_array($groupid, $wbbuserdata['groupids'])) {
$wbbuserdata['groupids'][] = $groupid;
sort($wbbuserdata['groupids']);
$db->unbuffered_query("UPDATE bb".$n."_users SET activation='$activation', groupcombinationid='".cachegroupcombinationdata(implode(",", $wbbuserdata['groupids']), 0)."' WHERE userid='".$wbbuserdata['userid']."'", 1);
}
else $db->query("UPDATE bb".$n."_users SET activation='$activation' WHERE userid = '$wbbuserdata[userid]'");
$db->query("INSERT IGNORE INTO bb".$n."_user2groups (userid,groupid) VALUES ('$wbbuserdata[userid]','$groupid')");
if ($emailverifymode == 1) {
$lang->load('MAIL');
$master_board_name_email = getlangvar($o_master_board_name, $lang, 0);
$subject = $lang->get("LANG_MAIL_EC1_SUBJECT", array('$master_board_name_email' => $master_board_name_email));
$content = $lang->get("LANG_MAIL_EC1_TEXT", array('$master_board_name_email' => $master_board_name_email, '$username' => $wbbuserdata['username'], '$url2board' => $url2board, '$userid' => $wbbuserdata['userid'], '$activation' => $activation, '$webmastermail' => $webmastermail));
mailer($new_email, $subject, $content);
redirect($lang->get("LANG_USERCP_EC_REDIRECT1", array('$new_email' => $new_email)), "usercp.php".$SID_ARG_1ST, 20);
}
else redirect($lang->get("LANG_USERCP_EC_REDIRECT2", array('$new_email' => $new_email)), "usercp.php".$SID_ARG_1ST, 20);
}
exit;
}
}
$wbbuserdata['email'] = htmlconverter($wbbuserdata['email']);
eval("\$tpl->output(\"".$tpl->get("usercp_email_change")."\");");
}
/** buddy list **/
if ($action == 'buddy_list') {
$lang->load('MEMBERS');
if (isset($_POST['send'])) {
list($userid) = $db->query_first("SELECT userid FROM bb".$n."_users WHERE username='".addslashes(wbb_trim($_POST['addtolist']))."'");
if (!$userid) error($lang->items['LANG_USERCP_ERROR1']);
elseif ($userid == $wbbuserdata['userid']) error($lang->items['LANG_USERCP_ERROR2']);
else {
$buddylist = add2list($wbbuserdata['buddylist'], $userid);
if ($buddylist != -1) $db->unbuffered_query("UPDATE bb".$n."_users SET buddylist='$buddylist' WHERE userid='$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=buddy_list".$SID_ARG_2ND_UN);
exit();
}
}
$listbit = '';
$pmLink = '';
$buddyCount=0;
if ($wbbuserdata['buddylist'] != '') {
$result = $db->unbuffered_query("SELECT u.userid, u.username, IF(s.lastactivity>=".(time() - $useronlinetimeout * 60).(($wbbuserdata['a_can_view_ghosts'] == 1) ? ("") : (" AND u.invisible=0")).",1,0) AS online FROM bb".$n."_users u
LEFT JOIN bb".$n."_sessions s USING (userid)
WHERE u.userid IN ('".str_replace(" ", "','", $wbbuserdata[buddylist])."') ORDER BY online DESC, u.username ASC");
while ($row = $db->fetch_array($result)) {
$row['username'] = htmlconverter($row['username']);
$username = $row['username'];
if ($row['online']) $LANG_MEMBERS_USERONLINE = $lang->get("LANG_MEMBERS_USERONLINE", array('$username' => $username));
else $LANG_MEMBERS_USERONLINE = $lang->get("LANG_MEMBERS_USEROFFLINE", array('$username' => $username));
$pmLink .= "&userid[]=$row[userid]";
$buddyCount++;
eval("\$listbit .= \"".$tpl->get("usercp_buddy_listbit")."\";");
}
}
eval("\$tpl->output(\"".$tpl->get("usercp_buddy_list")."\");");
}
/** ignore list **/
if ($action == 'ignore_list') {
if (isset($_POST['send'])) {
$result = getwbbuserdata(wbb_trim($_POST['addtolist']), "username");
if (!$result['userid']) error($lang->items['LANG_USERCP_ERROR1']);
elseif ($result['userid'] == $wbbuserdata['userid']) error($lang->items['LANG_USERCP_ERROR2']);
else {
if ($result['a_can_be_ignored'] !=1) {
$ignorelist = add2list($wbbuserdata['ignorelist'], $result['userid']);
if ($ignorelist != -1) $db->unbuffered_query("UPDATE bb".$n."_users SET ignorelist='$ignorelist' WHERE userid='$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=ignore_list".$SID_ARG_2ND_UN);
exit();
}else {
error($lang->items['LANG_USERCP_ERROR3']);
}
}
}
$listbit = '';
if ($wbbuserdata['ignorelist'] != '') {
$result = $db->unbuffered_query("SELECT userid, username FROM bb".$n."_users WHERE userid IN ('".str_replace(" ", "','", $wbbuserdata['ignorelist'])."') ORDER BY username ASC");
while ($row = $db->fetch_array($result)) {
$row['username'] = htmlconverter($row['username']);
eval("\$listbit .= \"".$tpl->get("usercp_ignore_listbit")."\";");
}
}
eval("\$tpl->output(\"".$tpl->get("usercp_ignore_list")."\");");
}
/** add / remove user to / from buddy list **/
if ($action == 'buddy') {
if ($_GET['remove']) {
list($userid) = $db->query_first("SELECT userid FROM bb".$n."_users WHERE userid='".intval($_GET['remove'])."'");
if (!$userid) error($lang->items['LANG_GLOBAL_ERROR2']);
else {
$buddylist = removeFromlist($wbbuserdata['buddylist'], $userid);
if ($buddylist != -1) $db->unbuffered_query("UPDATE bb".$n."_users SET buddylist='$buddylist' WHERE userid='$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=buddy_list".$SID_ARG_2ND_UN);
exit();
}
}
if ($_GET['add']) {
list($userid) = $db->query_first("SELECT userid FROM bb".$n."_users WHERE userid='".intval($_GET['add'])."'");
if (!$userid) error($lang->items['LANG_GLOBAL_ERROR2']);
elseif ($userid == $wbbuserdata['userid']) error($lang->items['LANG_USERCP_ERROR2']);
else {
$buddylist = add2list($wbbuserdata['buddylist'], $userid);
if ($buddylist != -1) $db->unbuffered_query("UPDATE bb".$n."_users SET buddylist='$buddylist' WHERE userid='$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=buddy_list".$SID_ARG_2ND_UN);
exit();
}
}
}
/** add / remove user to / from ignore list **/
if ($action == 'ignore') {
if ($_GET['remove']) {
list($userid) = $db->query_first("SELECT userid FROM bb".$n."_users WHERE userid='".intval($_GET['remove'])."'");
if (!$userid) error($lang->items['LANG_GLOBAL_ERROR2']);
else {
$ignorelist = removeFromlist($wbbuserdata['ignorelist'], $userid);
if ($ignorelist != -1) $db->unbuffered_query("UPDATE bb".$n."_users SET ignorelist='$ignorelist' WHERE userid='$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=ignore_list".$SID_ARG_2ND_UN);
exit();
}
}
if ($_GET['add']) {
$result = getwbbuserdata(intval($_GET['add'], "userid"));
if (!$result['userid']) error($lang->items['LANG_GLOBAL_ERROR2']);
elseif ($result['userid'] == $wbbuserdata['userid']) error($lang->items['LANG_USERCP_ERROR2']);
else {
if ($result['a_can_be_ignored'] !=1) {
$ignorelist = add2list($wbbuserdata['ignorelist'], $result['userid']);
if ($ignorelist != -1) $db->unbuffered_query("UPDATE bb".$n."_users SET ignorelist='$ignorelist' WHERE userid='$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=ignore_list".$SID_ARG_2ND_UN);
exit();
}else {
error($lang->items['LANG_USERCP_ERROR3']);
}
}
}
}
/** avatars **/
if ($action == 'avatars') {
$lang->load('POSTINGS,REGISTER');
$lang->items['LANG_USERCP_GUTHABEN_AVA_FS_NOTE'] = $lang->get("LANG_USERCP_GUTHABEN_AVA_FS_NOTE", array('$SID_ARG_2ND' => $SID_ARG_2ND));
if (isset($_POST['send'])) {
if ($_POST['avatarid'] != 'useown') {
if ($_POST['avatarid'] != 0) {
if ($wbbuserdata['can_use_avatar'] == 0) access_error();
$result = $db->query_first("SELECT avatarid FROM bb".$n."_avatars WHERE groupid IN(0,".implode(",", $wbbuserdata['groupids']).") AND needposts <= '$wbbuserdata[userposts]' AND userid = 0 AND avatarid='".intval($_POST['avatarid'])."'");
if (!$result['avatarid']) access_error();
}
$oldavatar = $db->query_first("SELECT avatarid, avatarextension FROM bb".$n."_avatars WHERE userid = '$wbbuserdata[userid]'");
if ($oldavatar['avatarid']) {
@unlink("./images/avatars/avatar-".$oldavatar['avatarid'].".".$oldavatar['avatarextension']);
$db->unbuffered_query("DELETE FROM bb".$n."_avatars WHERE avatarid = '$oldavatar[avatarid]'", 1);
}
$db->unbuffered_query("UPDATE bb".$n."_users SET avatarid = '".intval($_POST['avatarid'])."', gut_ava_ba='0' WHERE userid = '$wbbuserdata[userid]'", 1);
header("Location: usercp.php?action=avatars&page=".intval($_POST['page']).$SID_ARG_2ND_UN);
exit();
}
else {
$uploaderror = 0;
if ($_FILES['avatar_file']['tmp_name'] && $_FILES['avatar_file']['tmp_name'] != "none") {
if ($wbbuserdata['can_use_avatar'] == 0 || $wbbuserdata['can_upload_avatar'] == 0) access_error();
$badavatar = 0;
$avatar_file_extension = wbb_strtolower(wbb_substr(strrchr($_FILES['avatar_file']['name'], "."), 1));
$avatar_file_name2 = wbb_substr($_FILES['avatar_file']['name'], 0, (intval(wbb_strlen($avatar_file_extension)) + 1) * -1);
$allowed_avatar_extensions = explode("\n", $wbbuserdata['allowed_avatar_extensions']);
if (in_array($avatar_file_extension, $allowed_avatar_extensions) && $_FILES['avatar_file']['size'] <= $wbbuserdata['max_avatar_size'] && !stristr($avatar_file_extension, 'php')) { /* && */
$db->query("INSERT INTO bb".$n."_avatars (avatarname,avatarextension,userid) VALUES ('".addslashes(htmlspecialchars($avatar_file_name2))."','".addslashes(htmlspecialchars($avatar_file_extension))."','$wbbuserdata[userid]')");
$avatarid = $db->insert_id("bb".$n."_avatars", "avatarid");
if (move_uploaded_file($_FILES['avatar_file']['tmp_name'], "./images/avatars/avatar-".$avatarid.".".$avatar_file_extension)) {
@chmod ("./images/avatars/avatar-".$avatarid.".".$avatar_file_extension, 0777);
$imgsize = @getimagesize("./images/avatars/avatar-".$avatarid.".".$avatar_file_extension);
$width = $imgsize[0];
$height = $imgsize[1];
if ($avatar_file_extension == "swf") {
if ($width > $wbbuserdata['max_avatar_width']) $width = $wbbuserdata['max_avatar_width'];
if ($height > $wbbuserdata['max_avatar_height']) $height = $wbbuserdata['max_avatar_height'];
}
if ($width > $wbbuserdata['max_avatar_width'] || $height > $wbbuserdata['max_avatar_height'] || !$width || !$height) $badavatar = 2;
// check avatar content
$avatarcontent = implode('', @file("./images/avatars/avatar-".$avatarid.".".$avatar_file_extension));
$avatarcontent = preg_replace('/[^a-z0-9\(]+/', '', strtolower($avatarcontent));
$avatarcontent = str_replace('description', '', $avatarcontent);
if (stristr($avatarcontent, 'script') || stristr($avatarcontent, 'javascript') || stristr($avatarcontent, 'expression(')) $badavatar = 2;
if ($badavatar == 0) {
$oldavatar = $db->query_first("SELECT avatarid, avatarextension FROM bb".$n."_avatars WHERE userid = '$wbbuserdata[userid]' AND avatarid='$wbbuserdata[avatarid]'");
if ($oldavatar['avatarid']) {
@unlink("./images/avatars/avatar-".$oldavatar['avatarid'].".".$oldavatar['avatarextension']);
$db->unbuffered_query("DELETE FROM bb".$n."_avatars WHERE avatarid = '$oldavatar[avatarid]'", 1);
}
$db->unbuffered_query("UPDATE bb".$n."_users SET avatarid='$avatarid', gut_ava_ea='0' WHERE userid='$wbbuserdata[userid]'", 1);
$db->unbuffered_query("UPDATE bb".$n."_avatars SET width='$width', height='$height' WHERE avatarid='$avatarid'", 1);
header("Location: usercp.php?action=avatars&page=$page".$SID_ARG_2ND_UN);
exit();
}
}
else $badavatar = 1;
if ($badavatar != 0) {
if ($badavatar == 2) @unlink("./images/avatars/avatar-".$avatarid.".".$avatar_file_extension);
$db->query("DELETE FROM bb".$n."_avatars WHERE avatarid='$avatarid'");
$uploaderror = 1;
}
}
else $uploaderror = 1;
if ($uploaderror == 1) error($lang->items['LANG_USERCP_AVATAR_ERROR1']);
}
elseif (!$havatarid) error($lang->items['LANG_USERCP_AVATAR_ERROR1']);
}
}
if ($wbbuserdata['avatarid'] == 0 || ($wbbuserdata['can_use_avatar'] == 0 && $wbbuserdata['can_upload_avatar'] == 0)) $noavatar_checked = " checked=\"checked\"";
if ($wbbuserdata['can_use_avatar'] == 1) {
list($avatarcount) = $db->query_first("SELECT COUNT(*) FROM bb".$n."_avatars WHERE groupid IN(0,".implode(",", $wbbuserdata['groupids']).") AND needposts <= '$wbbuserdata[userposts]' AND userid = 0 ORDER BY needposts DESC");
if ($avatarcount) {
if (isset($_GET['page'])) {
$page = intval($_GET['page']);
if ($page < 1) $page = 1;
}
else $page = 1;
$pages = ceil($avatarcount / $avatarsperpage);
$result = $db->unbuffered_query("SELECT avatarid, avatarextension, width, height FROM bb".$n."_avatars WHERE groupid IN(0,".implode(",", $wbbuserdata['groupids']).") AND needposts <= '$wbbuserdata[userposts]' AND userid = 0 ORDER BY needposts DESC", 0, $avatarsperpage, $avatarsperpage * ($page - 1));
while ($row = $db->fetch_array($result)) {
$avatarname = "images/avatars/avatar-$row[avatarid].".htmlconverter($row['avatarextension']);
$avatarwidth = $row['width'];
$avatarheight = $row['height'];
if ($row['avatarextension'] == "swf") eval("\$avatarchoice = \"".$tpl->get("avatar_flash")."\";");
else eval("\$avatarchoice = \"".$tpl->get("avatar_image")."\";");
if ($row['avatarid'] == $wbbuserdata['avatarid']) $checked = " checked=\"checked\"";
else $checked = '';
/*## Guthaben Avatar ##*/
if ($wbbuserdata['gut_ava_ba'] || !$guthaben['avatar']) eval ("\$avatarArray[] = \"".$tpl->get("usercp_avatarbit")."\";");
else eval ("\$avatarArray[] = \"".$tpl->get("usercp_avatarbit_guthaben")."\";");
}
$tableRows = ceil(count($avatarArray) / 5);
$count = 0;
for ($i = 0; $i < $tableRows; $i++) {
$avatarbit_td = '';
for ($j = 0; $j < 5; $j++) {
if ($i == 0 && !$avatarArray[$count]) break;
eval("\$avatarbit_td .= \"".$tpl->get("usercp_avatarbit_td")."\";");
$count++;
}
eval("\$avatarbit_tr .= \"".$tpl->get("usercp_avatarbit_tr")."\";");
}
$countfrom = 1 + $avatarsperpage * ($page - 1);
$countto = $avatarsperpage * $page;
if ($countto > $avatarcount) $countto = $avatarcount;
if ($pages > 1) $pagelink = makepagelink("usercp.php?action=avatars".$SID_ARG_2ND, $page, $pages, $showpagelinks - 1);
$lang->items['LANG_USERCP_AVATAR_COUNT'] = $lang->get("LANG_USERCP_AVATAR_COUNT", array('$countfrom' => $countfrom, '$countto' => $countto, '$avatarcount' => $avatarcount));
}
}
if ($wbbuserdata['can_upload_avatar'] == 1) {
$ownavatar = $db->query_first("SELECT avatarid, avatarextension, width, height FROM bb".$n."_avatars WHERE userid = '$wbbuserdata[userid]'");
if ($ownavatar['avatarid']) {
$avatarname = "images/avatars/avatar-$ownavatar[avatarid].".htmlconverter($ownavatar['avatarextension']);
$avatarwidth = $ownavatar['width'];
$avatarheight = $ownavatar['height'];
$havatar = "<input type=\"hidden\" name=\"havatarid\" value=\"$ownavatar[avatarid]\" />";
if ($ownavatar['avatarextension'] == "swf") eval("\$ownavatar = \"".$tpl->get("avatar_flash")."\";");
else eval("\$ownavatar = \"".$tpl->get("avatar_image")."\";");
$ownavatar_checked = " checked=\"checked\"";
}
$lang->items['LANG_USERCP_USE_OWNAVATAR_NOTE'] = $lang->get("LANG_USERCP_USE_OWNAVATAR_NOTE", array('$allowed_avatar_extensions' => getAllowedExtensions($wbbuserdata['allowed_avatar_extensions']), '$max_avatar_width' => $wbbuserdata['max_avatar_width'], '$max_avatar_height' => $wbbuserdata['max_avatar_height'], '$max_avatar_size' => formatFilesize($wbbuserdata['max_avatar_size'])));
}
eval("\$tpl->output(\"".$tpl->get("usercp_avatars")."\");");
}
/** subscriptions **/
if ($action == 'addsubscription') {
if (isset($threadid)) {
$db->unbuffered_query("INSERT IGNORE INTO bb".$n."_subscribethreads (userid,threadid,emailnotify) VALUES ('$wbbuserdata[userid]','$threadid','1')", 1);
header("Location: thread.php?threadid=$threadid".$SID_ARG_2ND_UN);
}
else if (isset($boardid)) {
$db->unbuffered_query("INSERT IGNORE INTO bb".$n."_subscribeboards (userid,boardid,emailnotify) VALUES ('$wbbuserdata[userid]','$boardid','1')", 1);
header("Location: board.php?boardid=$boardid".$SID_ARG_2ND_UN);
}
exit();
}
if ($action == 'removesubscription') {
if (isset($threadid)) $db->unbuffered_query("DELETE FROM bb".$n."_subscribethreads WHERE userid='$wbbuserdata[userid]' AND threadid='$threadid'", 1);
else if (isset($boardid)) $db->unbuffered_query("DELETE FROM bb".$n."_subscribeboards WHERE userid='$wbbuserdata[userid]' AND boardid='$boardid'", 1);
header("Location: usercp.php?action=favorites".$SID_ARG_2ND_UN);
exit();
}
/** favorites **/
if ($action == 'favorites') {
$lang->load('START,BOARD');
include("./acp/lib/class_parse.php");
$favorites = true;
$depth = 2;
// read permissions
$permissioncache = getPermissions();
$badBoardIDs = '';
$badThreadIDs = '';
....... |
: eval()'d code on line 215
