query('UPDATE '.$db->prefix.'users SET status='.$_POST['status'].' WHERE id='.$id) or error('Unable to update status', __FILE__, __LINE__, $db->error());
redirect('profile.php?id='.$id, $lang_profile['Update status redirect']);
}
else if (isset($_POST['update_forums']))
{
if ($cur_user['status'] < 2)
message($lang_common['No permission']);
confirm_referer('profile.php');
// Get the username of the user we are processing
$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$username = $db->result($result, 0);
$moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array();
// Loop through all forums
$result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
while ($cur_forum = $db->fetch_assoc($result))
{
$cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
// If the user should have moderator access (and he/she doesn't already have it)
if (in_array($cur_forum['id'], $moderator_in) && !in_array($id, $cur_moderators))
{
$cur_moderators[$username] = $id;
ksort($cur_moderators);
$db->query('UPDATE '.$db->prefix.'forums SET moderators=\''.addslashes(serialize($cur_moderators)).'\' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
}
// If the user shouldn't have moderator access (and he/she already has it)
else if (!in_array($cur_forum['id'], $moderator_in) && in_array($id, $cur_moderators))
{
unset($cur_moderators[$username]);
$cur_moderators = (!empty($cur_moderators)) ? '\''.addslashes(serialize($cur_moderators)).'\'' : 'NULL';
$db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
}
}
redirect('profile.php?id='.$id, $lang_profile['Update forums redirect']);
}
else if (isset($_POST['ban']))
{
if ($cur_user['status'] < 1)
message($lang_common['No permission']);
redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']);
}
else if (isset($_POST['delete']) || isset($_POST['comply']))
{
if ($cur_user['status'] < 2)
message($lang_common['No permission']);
confirm_referer('profile.php');
if (isset($_POST['comply']))
{
// If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
$result = $db->query('SELECT username, status FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
list($username, $status) = $db->fetch_row($status);
if ($status > 0)
{
$result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
while ($cur_forum = $db->fetch_assoc($result))
{
$cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array();
if (in_array($id, $cur_moderators))
{
unset($cur_moderators[$username]);
$cur_moderators = (!empty($cur_moderators)) ? '\''.addslashes(serialize($cur_moderators)).'\'' : 'NULL';
$db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
}
}
}
// Delete the user
$db->query('DELETE FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to delete user', __FILE__, __LINE__, $db->error());
// Set all his/her posts to guest
$db->query('UPDATE '.$db->prefix.'posts SET poster_id=1 WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error());
redirect('index.php', $lang_profile['User delete redirect']);
}
else
{
$page_title = htmlspecialchars($options['board_title']).' / '.$lang_profile['Profile'];
require 'header.php';
?>
0)
{
confirm_referer('profile.php');
$username = trim(un_escape($_POST['username']));
$old_username = trim(un_escape($_POST['old_username']));
if (strlen($username) < 2)
message($lang_prof_reg['Username too short']);
else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))
message($lang_prof_reg['Username guest']);
else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))
message($lang_prof_reg['Username IP']);
else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
message($lang_prof_reg['Username BBCode']);
// Check that the username is not already registered
$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE username=\''.addslashes($username).'\' AND id!='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
message($lang_profile['Dupe username']);
}
// Make sure all newlines are \n and not \r\n or \r
$signature = str_replace("\r", "\n", str_replace("\r\n", "\n", trim(un_escape($_POST['signature']))));
// Validate signature
if (strlen($signature) > $permissions['sig_length'])
message($lang_prof_reg['Sig too long'].' '.$permissions['sig_length'].' '.$lang_prof_reg['characters'].'.');
else if (substr_count($signature, "\n") > ($permissions['sig_lines']-1))
message($lang_prof_reg['Sig too many lines'].' '.$permissions['sig_lines'].' '.$lang_prof_reg['lines'].'.');
else if ($signature && $permissions['sig_all_caps'] == '0' && !ereg( "[[:lower:]]", $signature))
message($lang_prof_reg['Sig caps']);
if ($permissions['sig_bbcode'] == '1')
{
// Change all BBCodes to lower case (this way a lot of regex searches can be case sensitive)
$a = array('[B]', '[I]', '[U]', '[/B]', '[/I]', '[/U]');
$b = array('[b]', '[i]', '[u]', '[/b]', '[/i]', '[/u]');
$message = str_replace($a, $b, isset($message));
$a = array('#\[colou?r=([a-zA-Z]*|\#?[0-9a-fA-F]{6})\]#i', '#\[/colou?r\]#i', '#\[img\]#i', '#\[/img\]#i', '#\[email\]#i', '#\[email=#i', '#\[/email\]#i', '#\[url\]#i', '#\[url=#i', '#\[/url\]#i');
$b = array('[color=\\1]', '[/color]', '[img]', '[/img]', '[email]', '[email=', '[/email]', '[url]', '[url=', '[/url]');
$message = preg_replace($a, $b, isset($message));
if (preg_match('/\[quote\]|\[\/quote\]|\[code\]|\[\/code\]/i', $signature))
message($lang_prof_reg['Signature quote/code']);
}
if ($options['regs_validate'] == '0' || $cur_user['status'] > 0)
{
require 'include/email.php';
// Validate the email-address
$email = strtolower(trim($_POST['req_email']));
if (!is_valid_email($email))
message($lang_common['Invalid e-mail']);
}
// Add http:// if the URL doesn't contain it already
if ($form['url'] != '' && !stristr($form['url'], 'http://'))
$form['url'] = 'http://'.$form['url'];
// If the ICQ UIN contains anything other than digits it's invalid
if ($form['icq'] != '' && preg_match('/[^0-9]/', $form[icq]))
message($lang_prof_reg['Bad ICQ']);
if ($form['disp_topics'] != '' && intval($form['disp_topics']) < 3) $form['disp_topics'] = 3;
if ($form['disp_topics'] != '' && intval($form['disp_topics']) > 75) $form['disp_topics'] = 75;
if ($form['disp_posts'] != '' && intval($form['disp_posts']) < 3) $form['disp_posts'] = 3;
if ($form['disp_posts'] != '' && intval($form['disp_posts']) > 75) $form['disp_posts'] = 75;
if (isset($form['use_avatar']) != '1') $form['use_avatar'] = '0';
if (isset($form['hide_email']) != '1') $form['hide_email'] = '0';
if ($form['save_pass'] != '1') $form['save_pass'] = '0';
if ($form['smilies'] != '1') $form['smilies'] = '0';
if ($form['show_img'] != '1') $form['show_img'] = '0';
if ($form['show_sig'] != '1') $form['show_sig'] = '0';
if ($form['link_to_new_win'] != '1') $form['link_to_new_win'] = '0';
// Singlequotes around non-empty values and NULL for empty values
foreach ($form as $key => $input)
{
$value = ($input != '') ? '\''.escape($input).'\'' : 'NULL';
$temp[] = $key.'='.$value;
}
if ($cur_user['status'] < 1)
{
if ($permissions['users_set_title'] == '1')
{
$user_title = trim($_POST['title']);
if ($user_title != '')
{
// A list of words that the title may not contain
// If $language == 'en', there will be some duplicates, but it's not the end of the world
$forbidden = array('Member', 'Moderator', 'Administrator', 'Banned', 'Guest', $lang_common['Member'], $lang_common['Moderator'], $lang_common['Administrator'], $lang_common['Banned'], $lang_common['Guest']);
if (in_array($user_title, $forbidden))
message($lang_profile['Forbidden title']);
}
$user_title_sql = ($user_title != '') ? 'title=\''.escape($user_title).'\', ' : 'title=NULL, ';
}
$email_sql = ($options['regs_validate'] == '0') ? 'email=\''.$email.'\', ' : '';
$db->query('UPDATE '.$db->prefix.'users SET '.$email_sql.$user_title_sql.'signature=\''.addslashes($signature).'\', '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error());
}
else
{
$user_title = trim($_POST['title']);
$admin_note = trim($_POST['admin_note']);
$user_title = ($user_title != '') ? '\''.escape($user_title).'\'' : 'NULL';
$admin_note = ($admin_note != '') ? '\''.escape($admin_note).'\'' : 'NULL';
// We only allow administrators to update the post counter
$posts_sql = ($cur_user['status'] > 1) ? 'num_posts='.intval($_POST['num_posts']).', ' : '';
$db->query('UPDATE '.$db->prefix.'users SET username=\''.addslashes($username).'\', email=\''.$email.'\', title='.$user_title.', signature=\''.addslashes($signature).'\', '.implode(',', $temp).', '.$posts_sql.'admin_note='.$admin_note.' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error());
// If we changed the username we have to alter "poster" and "last_poster" for any posts, topics and forums
if (strcmp($username, $old_username))
{
$db->query('UPDATE '.$db->prefix.'posts SET poster=\''.addslashes($username).'\' WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'topics SET poster=\''.addslashes($username).'\' WHERE poster=\''.addslashes($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'topics SET last_poster=\''.addslashes($username).'\' WHERE last_poster=\''.addslashes($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'forums SET last_poster=\''.addslashes($username).'\' WHERE last_poster=\''.addslashes($old_username).'\'') or error('Unable to update forums', __FILE__, __LINE__, $db->error());
}
}
redirect('profile.php?id='.$id, $lang_profile['Profile redirect']);
}
else
{
$result = $db->query('SELECT username, email, title, realname, url, icq, aim, yahoo, location, use_avatar, signature, disp_topics, disp_posts, hide_email, save_pass, smilies, show_img, show_sig, link_to_new_win, timezone, style, num_posts, status, last_post, registered, admin_note FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request']);
$user = $db->fetch_assoc($result);
$last_post = format_time($user['last_post']);
if ($user['signature'] != NULL)
{
require 'include/parser.php';
$parsed_signature = parse_signature($user['signature']);
}
// Are we viewing our someone elses profile? (and are we not an admin/moderator)
if (isset($cur_user['id']) != $id && isset($cur_user['status']) < 1)
{
if ($user['hide_email'] != '1')
$email_field = ''.$user['email'].'';
else
$email_field = $lang_profile['Not displayed'];
$user_title_field = get_title($user);
if ($user['url'] != '')
{
$user['url'] = htmlspecialchars($user['url']);
if ($options['censoring'] == '1')
$user['url'] = censor_words($user['url']);
if ($cur_user['link_to_new_win'] != '0')
$url = ''.$user['url'].'';
else
$url = ''.$user['url'].'';
}
if ($options['avatars'] == '1')
{
if ($user['use_avatar'] == '1')
{
if ($img_size = @getimagesize($options['avatars_dir'].'/'.$id.'.gif'))
$avatar_field = '';
else if ($img_size = @getimagesize($options['avatars_dir'].'/'.$id.'.jpg'))
$avatar_field = '';
else if ($img_size = @getimagesize($options['avatars_dir'].'/'.$id.'.png'))
$avatar_field = '';
}
else
$avatar_field = $lang_profile['No avatar'];
}
$page_title = htmlspecialchars($options['board_title']).' / '.$lang_profile['Profile'];
require 'header.php';
?>