Rev Author Line No. Line
130 kaklik 1 <?php
2 /***************************************************************************
3 * usercp_register.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: usercp_register.php,v 1.20.2.76 2006/05/30 19:29:43 grahamje Exp $
10 *
11 *
12 ***************************************************************************/
13  
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 *
22 ***************************************************************************/
23  
24 /*
25  
26 This code has been modified from its original form by psoTFX @ phpbb.com
27 Changes introduce the back-ported phpBB 2.2 visual confirmation code.
28  
29 NOTE: Anyone using the modified code contained within this script MUST include
30 a relevant message such as this in usercp_register.php ... failure to do so
31 will affect a breach of Section 2a of the GPL and our copyright
32  
33 png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved
34  
35 */
36  
37 if ( !defined('IN_PHPBB') )
38 {
39 die("Hacking attempt");
40 exit;
41 }
42  
43 $unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
44 $unhtml_specialchars_replace = array('>', '<', '"', '&');
45  
46 // ---------------------------------------
47 // Load agreement template since user has not yet
48 // agreed to registration conditions/coppa
49 //
50 function show_coppa()
51 {
52 global $userdata, $template, $lang, $phpbb_root_path, $phpEx;
53  
54 $template->set_filenames(array(
55 'body' => 'agreement.tpl')
56 );
57  
58 $template->assign_vars(array(
59 'REGISTRATION' => $lang['Registration'],
60 'AGREEMENT' => $lang['Reg_agreement'],
61 "AGREE_OVER_13" => $lang['Agree_over_13'],
62 "AGREE_UNDER_13" => $lang['Agree_under_13'],
63 'DO_NOT_AGREE' => $lang['Agree_not'],
64  
65 "U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true"),
66 "U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true&amp;coppa=true"))
67 );
68  
69 $template->pparse('body');
70  
71 }
72 //
73 // ---------------------------------------
74  
75 $error = FALSE;
76 $error_msg = '';
77 $page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register'];
78  
79 if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
80 {
81 include($phpbb_root_path . 'includes/page_header.'.$phpEx);
82  
83 show_coppa();
84  
85 include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
86 }
87  
88 $coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ? 0 : TRUE;
89  
90 //
91 // Check and initialize some variables if needed
92 //
93 if (
94 isset($HTTP_POST_VARS['submit']) ||
95 isset($HTTP_POST_VARS['avatargallery']) ||
96 isset($HTTP_POST_VARS['submitavatar']) ||
97 isset($HTTP_POST_VARS['cancelavatar']) ||
98 $mode == 'register' )
99 {
100 include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
101 include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
102 include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
103  
104 if ( $mode == 'editprofile' )
105 {
106 $user_id = intval($HTTP_POST_VARS['user_id']);
107 $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
108 }
109  
110 $strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code');
111  
112 // Strip all tags from data ... may p**s some people off, bah, strip_tags is
113 // doing the job but can still break HTML output ... have no choice, have
114 // to use htmlspecialchars ... be prepared to be moaned at.
115 while( list($var, $param) = @each($strip_var_list) )
116 {
117 if ( !empty($HTTP_POST_VARS[$param]) )
118 {
119 $$var = trim(htmlspecialchars($HTTP_POST_VARS[$param]));
120 }
121 }
122  
123 $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
124  
125 $trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
126  
127 while( list($var, $param) = @each($trim_var_list) )
128 {
129 if ( !empty($HTTP_POST_VARS[$param]) )
130 {
131 $$var = trim($HTTP_POST_VARS[$param]);
132 }
133 }
134  
135 $signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
136 $signature_bbcode_uid = '';
137  
138 // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
139 // empty strings if they fail.
140 validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
141  
142 $viewemail = ( isset($HTTP_POST_VARS['viewemail']) ) ? ( ($HTTP_POST_VARS['viewemail']) ? TRUE : 0 ) : 0;
143 $allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE;
144 $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0;
145 $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE;
146 $popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE;
147  
148 if ( $mode == 'register' )
149 {
150 $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $board_config['allow_sig'];
151  
152 $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
153 $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $board_config['allow_bbcode'];
154 $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $board_config['allow_smilies'];
155 }
156 else
157 {
158 $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $userdata['user_attachsig'];
159  
160 $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml'];
161 $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode'];
162 $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmile'];
163 }
164  
165 $user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style'];
166  
167 if ( !empty($HTTP_POST_VARS['language']) )
168 {
169 if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
170 {
171 $user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
172 }
173 else
174 {
175 $error = true;
176 $error_msg = $lang['Fields_empty'];
177 }
178 }
179 else
180 {
181 $user_lang = $board_config['default_lang'];
182 }
183  
184 $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
185  
186 $sql = "SELECT config_value
187 FROM " . CONFIG_TABLE . "
188 WHERE config_name = 'default_dateformat'";
189 if ( !($result = $db->sql_query($sql)) )
190 {
191 message_die(GENERAL_ERROR, 'Could not select default dateformat', '', __LINE__, __FILE__, $sql);
192 }
193 $row = $db->sql_fetchrow($result);
194 $board_config['default_dateformat'] = $row['config_value'];
195 $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
196  
197 $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
198 $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ;
199  
200 $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
201 $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
202 $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
203 $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
204 $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
205  
206 $user_avatar = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : '';
207 $user_avatar_type = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : '';
208  
209 if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) )
210 {
211 $username = stripslashes($username);
212 $email = stripslashes($email);
213 $cur_password = htmlspecialchars(stripslashes($cur_password));
214 $new_password = htmlspecialchars(stripslashes($new_password));
215 $password_confirm = htmlspecialchars(stripslashes($password_confirm));
216  
217 $icq = stripslashes($icq);
218 $aim = stripslashes($aim);
219 $msn = stripslashes($msn);
220 $yim = stripslashes($yim);
221  
222 $website = stripslashes($website);
223 $location = stripslashes($location);
224 $occupation = stripslashes($occupation);
225 $interests = stripslashes($interests);
226 $signature = htmlspecialchars(stripslashes($signature));
227  
228 $user_lang = stripslashes($user_lang);
229 $user_dateformat = stripslashes($user_dateformat);
230  
231 if ( !isset($HTTP_POST_VARS['cancelavatar']))
232 {
233 $user_avatar = $user_avatar_category . '/' . $user_avatar_local;
234 $user_avatar_type = USER_AVATAR_GALLERY;
235 }
236 }
237 }
238  
239 //
240 // Let's make sure the user isn't logged in while registering,
241 // and ensure that they were trying to register a second time
242 // (Prevents double registrations)
243 //
244 if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username']))
245 {
246 message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
247 }
248  
249 //
250 // Did the user submit? In this case build a query to update the users profile in the DB
251 //
252 if ( isset($HTTP_POST_VARS['submit']) )
253 {
254 include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
255  
256 $passwd_sql = '';
257 if ( $mode == 'editprofile' )
258 {
259 if ( $user_id != $userdata['user_id'] )
260 {
261 $error = TRUE;
262 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
263 }
264 }
265 else if ( $mode == 'register' )
266 {
267 if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
268 {
269 $error = TRUE;
270 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
271 }
272 }
273  
274 if ($board_config['enable_confirm'] && $mode == 'register')
275 {
276 if (empty($HTTP_POST_VARS['confirm_id']))
277 {
278 $error = TRUE;
279 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
280 }
281 else
282 {
283 $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
284 if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
285 {
286 $confirm_id = '';
287 }
288  
289 $sql = 'SELECT code
290 FROM ' . CONFIRM_TABLE . "
291 WHERE confirm_id = '$confirm_id'
292 AND session_id = '" . $userdata['session_id'] . "'";
293 if (!($result = $db->sql_query($sql)))
294 {
295 message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
296 }
297  
298 if ($row = $db->sql_fetchrow($result))
299 {
300 if ($row['code'] != $confirm_code)
301 {
302 $error = TRUE;
303 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
304 }
305 else
306 {
307 $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
308 WHERE confirm_id = '$confirm_id'
309 AND session_id = '" . $userdata['session_id'] . "'";
310 if (!$db->sql_query($sql))
311 {
312 message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
313 }
314 }
315 }
316 else
317 {
318 $error = TRUE;
319 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
320 }
321 $db->sql_freeresult($result);
322 }
323 }
324  
325 $passwd_sql = '';
326 if ( !empty($new_password) && !empty($password_confirm) )
327 {
328 if ( $new_password != $password_confirm )
329 {
330 $error = TRUE;
331 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
332 }
333 else if ( strlen($new_password) > 32 )
334 {
335 $error = TRUE;
336 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long'];
337 }
338 else
339 {
340 if ( $mode == 'editprofile' )
341 {
342 $sql = "SELECT user_password
343 FROM " . USERS_TABLE . "
344 WHERE user_id = $user_id";
345 if ( !($result = $db->sql_query($sql)) )
346 {
347 message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
348 }
349  
350 $row = $db->sql_fetchrow($result);
351  
352 if ( $row['user_password'] != md5($cur_password) )
353 {
354 $error = TRUE;
355 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
356 }
357 }
358  
359 if ( !$error )
360 {
361 $new_password = md5($new_password);
362 $passwd_sql = "user_password = '$new_password', ";
363 }
364 }
365 }
366 else if ( ( empty($new_password) && !empty($password_confirm) ) || ( !empty($new_password) && empty($password_confirm) ) )
367 {
368 $error = TRUE;
369 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
370 }
371  
372 //
373 // Do a ban check on this email address
374 //
375 if ( $email != $userdata['user_email'] || $mode == 'register' )
376 {
377 $result = validate_email($email);
378 if ( $result['error'] )
379 {
380 $email = $userdata['user_email'];
381  
382 $error = TRUE;
383 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
384 }
385  
386 if ( $mode == 'editprofile' )
387 {
388 $sql = "SELECT user_password
389 FROM " . USERS_TABLE . "
390 WHERE user_id = $user_id";
391 if ( !($result = $db->sql_query($sql)) )
392 {
393 message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
394 }
395  
396 $row = $db->sql_fetchrow($result);
397  
398 if ( $row['user_password'] != md5($cur_password) )
399 {
400 $email = $userdata['user_email'];
401  
402 $error = TRUE;
403 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
404 }
405 }
406 }
407  
408 $username_sql = '';
409 if ( $board_config['allow_namechange'] || $mode == 'register' )
410 {
411 if ( empty($username) )
412 {
413 // Error is already triggered, since one field is empty.
414 $error = TRUE;
415 }
416 else if ( $username != $userdata['username'] || $mode == 'register')
417 {
418 if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register')
419 {
420 $result = validate_username($username);
421 if ( $result['error'] )
422 {
423 $error = TRUE;
424 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
425 }
426 }
427  
428 if (!$error)
429 {
430 $username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
431 }
432 }
433 }
434  
435 if ( $signature != '' )
436 {
437 if ( strlen($signature) > $board_config['max_sig_chars'] )
438 {
439 $error = TRUE;
440 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Signature_too_long'];
441 }
442  
443 if ( !isset($signature_bbcode_uid) || $signature_bbcode_uid == '' )
444 {
445 $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : '';
446 }
447 $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
448 }
449  
450 if ( $website != '' )
451 {
452 rawurlencode($website);
453 }
454  
455 $avatar_sql = '';
456  
457 if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
458 {
459 $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
460 }
461 else
462 if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
463 {
464 if ( !empty($user_avatar_upload) )
465 {
466 $avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local';
467 $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
468 }
469 else if ( !empty($user_avatar_name) )
470 {
471 $l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
472  
473 $error = true;
474 $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $l_avatar_size;
475 }
476 }
477 else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
478 {
479 user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
480 $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
481 }
482 else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
483 {
484 user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
485 $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local, $user_avatar_category);
486 }
487  
488 if ( !$error )
489 {
490 if ( $avatar_sql == '' )
491 {
492 $avatar_sql = ( $mode == 'editprofile' ) ? '' : "'', " . USER_AVATAR_NONE;
493 }
494  
495 if ( $mode == 'editprofile' )
496 {
497 if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
498 {
499 $user_active = 0;
500  
501 $user_actkey = gen_rand_string(true);
502 $key_len = 54 - ( strlen($server_url) );
503 $key_len = ( $key_len > 6 ) ? $key_len : 6;
504 $user_actkey = substr($user_actkey, 0, $key_len);
505  
506 if ( $userdata['session_logged_in'] )
507 {
508 session_end($userdata['session_id'], $userdata['user_id']);
509 }
510 }
511 else
512 {
513 $user_active = 1;
514 $user_actkey = '';
515 }
516  
517 $sql = "UPDATE " . USERS_TABLE . "
518 SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popup_pm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . "
519 WHERE user_id = $user_id";
520 if ( !($result = $db->sql_query($sql)) )
521 {
522 message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
523 }
524  
525 // We remove all stored login keys since the password has been updated
526 // and change the current one (if applicable)
527 if ( !empty($passwd_sql) )
528 {
529 session_reset_keys($user_id, $user_ip);
530 }
531  
532 if ( !$user_active )
533 {
534 //
535 // The users account has been deactivated, send them an email with a new activation key
536 //
537 include($phpbb_root_path . 'includes/emailer.'.$phpEx);
538 $emailer = new emailer($board_config['smtp_delivery']);
539  
540 if ( $board_config['require_activation'] != USER_ACTIVATION_ADMIN )
541 {
542 $emailer->from($board_config['board_email']);
543 $emailer->replyto($board_config['board_email']);
544  
545 $emailer->use_template('user_activate', stripslashes($user_lang));
546 $emailer->email_address($email);
547 $emailer->set_subject($lang['Reactivate']);
548  
549 $emailer->assign_vars(array(
550 'SITENAME' => $board_config['sitename'],
551 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
552 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
553  
554 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
555 );
556 $emailer->send();
557 $emailer->reset();
558 }
559 else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
560 {
561 $sql = 'SELECT user_email, user_lang
562 FROM ' . USERS_TABLE . '
563 WHERE user_level = ' . ADMIN;
564  
565 if ( !($result = $db->sql_query($sql)) )
566 {
567 message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
568 }
569  
570 while ($row = $db->sql_fetchrow($result))
571 {
572 $emailer->from($board_config['board_email']);
573 $emailer->replyto($board_config['board_email']);
574  
575 $emailer->email_address(trim($row['user_email']));
576 $emailer->use_template("admin_activate", $row['user_lang']);
577 $emailer->set_subject($lang['Reactivate']);
578  
579 $emailer->assign_vars(array(
580 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
581 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
582  
583 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
584 );
585 $emailer->send();
586 $emailer->reset();
587 }
588 $db->sql_freeresult($result);
589 }
590  
591 $message = $lang['Profile_updated_inactive'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
592 }
593 else
594 {
595 $message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
596 }
597  
598 $template->assign_vars(array(
599 "META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">')
600 );
601  
602 message_die(GENERAL_MESSAGE, $message);
603 }
604 else
605 {
606 $sql = "SELECT MAX(user_id) AS total
607 FROM " . USERS_TABLE;
608 if ( !($result = $db->sql_query($sql)) )
609 {
610 message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
611 }
612  
613 if ( !($row = $db->sql_fetchrow($result)) )
614 {
615 message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
616 }
617 $user_id = $row['total'] + 1;
618  
619 //
620 // Get current date
621 //
622 $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
623 VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";
624 if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa )
625 {
626 $user_actkey = gen_rand_string(true);
627 $key_len = 54 - (strlen($server_url));
628 $key_len = ( $key_len > 6 ) ? $key_len : 6;
629 $user_actkey = substr($user_actkey, 0, $key_len);
630 $sql .= "0, '" . str_replace("\'", "''", $user_actkey) . "')";
631 }
632 else
633 {
634 $sql .= "1, '')";
635 }
636  
637 if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
638 {
639 message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
640 }
641  
642 $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
643 VALUES ('', 'Personal User', 1, 0)";
644 if ( !($result = $db->sql_query($sql)) )
645 {
646 message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
647 }
648  
649 $group_id = $db->sql_nextid();
650  
651 $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
652 VALUES ($user_id, $group_id, 0)";
653 if( !($result = $db->sql_query($sql, END_TRANSACTION)) )
654 {
655 message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql);
656 }
657  
658 if ( $coppa )
659 {
660 $message = $lang['COPPA'];
661 $email_template = 'coppa_welcome_inactive';
662 }
663 else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
664 {
665 $message = $lang['Account_inactive'];
666 $email_template = 'user_welcome_inactive';
667 }
668 else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
669 {
670 $message = $lang['Account_inactive_admin'];
671 $email_template = 'admin_welcome_inactive';
672 }
673 else
674 {
675 $message = $lang['Account_added'];
676 $email_template = 'user_welcome';
677 }
678  
679 include($phpbb_root_path . 'includes/emailer.'.$phpEx);
680 $emailer = new emailer($board_config['smtp_delivery']);
681  
682 $emailer->from($board_config['board_email']);
683 $emailer->replyto($board_config['board_email']);
684  
685 $emailer->use_template($email_template, stripslashes($user_lang));
686 $emailer->email_address($email);
687 $emailer->set_subject(sprintf($lang['Welcome_subject'], $board_config['sitename']));
688  
689 if( $coppa )
690 {
691 $emailer->assign_vars(array(
692 'SITENAME' => $board_config['sitename'],
693 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
694 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
695 'PASSWORD' => $password_confirm,
696 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
697  
698 'FAX_INFO' => $board_config['coppa_fax'],
699 'MAIL_INFO' => $board_config['coppa_mail'],
700 'EMAIL_ADDRESS' => $email,
701 'ICQ' => $icq,
702 'AIM' => $aim,
703 'YIM' => $yim,
704 'MSN' => $msn,
705 'WEB_SITE' => $website,
706 'FROM' => $location,
707 'OCC' => $occupation,
708 'INTERESTS' => $interests,
709 'SITENAME' => $board_config['sitename']));
710 }
711 else
712 {
713 $emailer->assign_vars(array(
714 'SITENAME' => $board_config['sitename'],
715 'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
716 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
717 'PASSWORD' => $password_confirm,
718 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
719  
720 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
721 );
722 }
723  
724 $emailer->send();
725 $emailer->reset();
726  
727 if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
728 {
729 $sql = "SELECT user_email, user_lang
730 FROM " . USERS_TABLE . "
731 WHERE user_level = " . ADMIN;
732  
733 if ( !($result = $db->sql_query($sql)) )
734 {
735 message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
736 }
737  
738 while ($row = $db->sql_fetchrow($result))
739 {
740 $emailer->from($board_config['board_email']);
741 $emailer->replyto($board_config['board_email']);
742  
743 $emailer->email_address(trim($row['user_email']));
744 $emailer->use_template("admin_activate", $row['user_lang']);
745 $emailer->set_subject($lang['New_account_subject']);
746  
747 $emailer->assign_vars(array(
748 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
749 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
750  
751 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
752 );
753 $emailer->send();
754 $emailer->reset();
755 }
756 $db->sql_freeresult($result);
757 }
758  
759 $message = $message . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
760  
761 message_die(GENERAL_MESSAGE, $message);
762 } // if mode == register
763 }
764 } // End of submit
765  
766  
767 if ( $error )
768 {
769 //
770 // If an error occured we need to stripslashes on returned data
771 //
772 $username = stripslashes($username);
773 $email = stripslashes($email);
774 $cur_password = '';
775 $new_password = '';
776 $password_confirm = '';
777  
778 $icq = stripslashes($icq);
779 $aim = str_replace('+', ' ', stripslashes($aim));
780 $msn = stripslashes($msn);
781 $yim = stripslashes($yim);
782  
783 $website = stripslashes($website);
784 $location = stripslashes($location);
785 $occupation = stripslashes($occupation);
786 $interests = stripslashes($interests);
787 $signature = stripslashes($signature);
788 $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $signature) : $signature;
789  
790 $user_lang = stripslashes($user_lang);
791 $user_dateformat = stripslashes($user_dateformat);
792  
793 }
794 else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
795 {
796 $user_id = $userdata['user_id'];
797 $username = $userdata['username'];
798 $email = $userdata['user_email'];
799 $cur_password = '';
800 $new_password = '';
801 $password_confirm = '';
802  
803 $icq = $userdata['user_icq'];
804 $aim = str_replace('+', ' ', $userdata['user_aim']);
805 $msn = $userdata['user_msnm'];
806 $yim = $userdata['user_yim'];
807  
808 $website = $userdata['user_website'];
809 $location = $userdata['user_from'];
810 $occupation = $userdata['user_occ'];
811 $interests = $userdata['user_interests'];
812 $signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
813 $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $userdata['user_sig']) : $userdata['user_sig'];
814  
815 $viewemail = $userdata['user_viewemail'];
816 $notifypm = $userdata['user_notify_pm'];
817 $popup_pm = $userdata['user_popup_pm'];
818 $notifyreply = $userdata['user_notify'];
819 $attachsig = $userdata['user_attachsig'];
820 $allowhtml = $userdata['user_allowhtml'];
821 $allowbbcode = $userdata['user_allowbbcode'];
822 $allowsmilies = $userdata['user_allowsmile'];
823 $allowviewonline = $userdata['user_allow_viewonline'];
824  
825 $user_avatar = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar'] : '';
826 $user_avatar_type = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar_type'] : USER_AVATAR_NONE;
827  
828 $user_style = $userdata['user_style'];
829 $user_lang = $userdata['user_lang'];
830 $user_timezone = $userdata['user_timezone'];
831 $user_dateformat = $userdata['user_dateformat'];
832 }
833  
834 //
835 // Default pages
836 //
837 include($phpbb_root_path . 'includes/page_header.'.$phpEx);
838  
839 make_jumpbox('viewforum.'.$phpEx);
840  
841 if ( $mode == 'editprofile' )
842 {
843 if ( $user_id != $userdata['user_id'] )
844 {
845 $error = TRUE;
846 $error_msg = $lang['Wrong_Profile'];
847 }
848 }
849  
850 if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
851 {
852 include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
853  
854 $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : '';
855  
856 $template->set_filenames(array(
857 'body' => 'profile_avatar_gallery.tpl')
858 );
859  
860 $allowviewonline = !$allowviewonline;
861  
862 display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, $new_password, $cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']);
863 }
864 else
865 {
866 include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
867  
868 if ( !isset($coppa) )
869 {
870 $coppa = FALSE;
871 }
872  
873 if ( !isset($user_style) )
874 {
875 $user_style = $board_config['default_style'];
876 }
877  
878 $avatar_img = '';
879 if ( $user_avatar_type )
880 {
881 switch( $user_avatar_type )
882 {
883 case USER_AVATAR_UPLOAD:
884 $avatar_img = ( $board_config['allow_avatar_upload'] ) ? '<img src="' . $board_config['avatar_path'] . '/' . $user_avatar . '" alt="" />' : '';
885 break;
886 case USER_AVATAR_REMOTE:
887 $avatar_img = ( $board_config['allow_avatar_remote'] ) ? '<img src="' . $user_avatar . '" alt="" />' : '';
888 break;
889 case USER_AVATAR_GALLERY:
890 $avatar_img = ( $board_config['allow_avatar_local'] ) ? '<img src="' . $board_config['avatar_gallery_path'] . '/' . $user_avatar . '" alt="" />' : '';
891 break;
892 }
893 }
894  
895 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
896 if( $mode == 'editprofile' )
897 {
898 $s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';
899 //
900 // Send the users current email address. If they change it, and account activation is turned on
901 // the user account will be disabled and the user will have to reactivate their account.
902 //
903 $s_hidden_fields .= '<input type="hidden" name="current_email" value="' . $userdata['user_email'] . '" />';
904 }
905  
906 if ( !empty($user_avatar_local) )
907 {
908 $s_hidden_fields .= '<input type="hidden" name="avatarlocal" value="' . $user_avatar_local . '" /><input type="hidden" name="avatarcatname" value="' . $user_avatar_category . '" />';
909 }
910  
911 $html_status = ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
912 $bbcode_status = ( $userdata['user_allowbbcode'] && $board_config['allow_bbcode'] ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
913 $smilies_status = ( $userdata['user_allowsmile'] && $board_config['allow_smilies'] ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
914  
915 if ( $error )
916 {
917 $template->set_filenames(array(
918 'reg_header' => 'error_body.tpl')
919 );
920 $template->assign_vars(array(
921 'ERROR_MESSAGE' => $error_msg)
922 );
923 $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
924 }
925  
926 $template->set_filenames(array(
927 'body' => 'profile_add_body.tpl')
928 );
929  
930 if ( $mode == 'editprofile' )
931 {
932 $template->assign_block_vars('switch_edit_profile', array());
933 }
934  
935 if ( ($mode == 'register') || ($board_config['allow_namechange']) )
936 {
937 $template->assign_block_vars('switch_namechange_allowed', array());
938 }
939 else
940 {
941 $template->assign_block_vars('switch_namechange_disallowed', array());
942 }
943  
944  
945 // Visual Confirmation
946 $confirm_image = '';
947 if (!empty($board_config['enable_confirm']) && $mode == 'register')
948 {
949 $sql = 'SELECT session_id
950 FROM ' . SESSIONS_TABLE;
951 if (!($result = $db->sql_query($sql)))
952 {
953 message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
954 }
955  
956 if ($row = $db->sql_fetchrow($result))
957 {
958 $confirm_sql = '';
959 do
960 {
961 $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
962 }
963 while ($row = $db->sql_fetchrow($result));
964  
965 $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
966 WHERE session_id NOT IN ($confirm_sql)";
967 if (!$db->sql_query($sql))
968 {
969 message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
970 }
971 }
972 $db->sql_freeresult($result);
973  
974 $sql = 'SELECT COUNT(session_id) AS attempts
975 FROM ' . CONFIRM_TABLE . "
976 WHERE session_id = '" . $userdata['session_id'] . "'";
977 if (!($result = $db->sql_query($sql)))
978 {
979 message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
980 }
981  
982 if ($row = $db->sql_fetchrow($result))
983 {
984 if ($row['attempts'] > 3)
985 {
986 message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
987 }
988 }
989 $db->sql_freeresult($result);
990  
991 // Generate the required confirmation code
992 // NB 0 (zero) could get confused with O (the letter) so we make change it
993 $code = dss_rand();
994 $code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);
995  
996 $confirm_id = md5(uniqid($user_ip));
997  
998 $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
999 VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
1000 if (!$db->sql_query($sql))
1001 {
1002 message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
1003 }
1004  
1005 unset($code);
1006  
1007 $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />';
1008 $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
1009  
1010 $template->assign_block_vars('switch_confirm', array());
1011 }
1012  
1013  
1014 //
1015 // Let's do an overall check for settings/versions which would prevent
1016 // us from doing file uploads....
1017 //
1018 $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
1019 $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
1020  
1021 $template->assign_vars(array(
1022 'USERNAME' => isset($username) ? $username : '',
1023 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
1024 'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
1025 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
1026 'EMAIL' => isset($email) ? $email : '',
1027 'CONFIRM_IMG' => $confirm_image,
1028 'YIM' => $yim,
1029 'ICQ' => $icq,
1030 'MSN' => $msn,
1031 'AIM' => $aim,
1032 'OCCUPATION' => $occupation,
1033 'INTERESTS' => $interests,
1034 'LOCATION' => $location,
1035 'WEBSITE' => $website,
1036 'SIGNATURE' => str_replace('<br />', "\n", $signature),
1037 'VIEW_EMAIL_YES' => ( $viewemail ) ? 'checked="checked"' : '',
1038 'VIEW_EMAIL_NO' => ( !$viewemail ) ? 'checked="checked"' : '',
1039 'HIDE_USER_YES' => ( !$allowviewonline ) ? 'checked="checked"' : '',
1040 'HIDE_USER_NO' => ( $allowviewonline ) ? 'checked="checked"' : '',
1041 'NOTIFY_PM_YES' => ( $notifypm ) ? 'checked="checked"' : '',
1042 'NOTIFY_PM_NO' => ( !$notifypm ) ? 'checked="checked"' : '',
1043 'POPUP_PM_YES' => ( $popup_pm ) ? 'checked="checked"' : '',
1044 'POPUP_PM_NO' => ( !$popup_pm ) ? 'checked="checked"' : '',
1045 'ALWAYS_ADD_SIGNATURE_YES' => ( $attachsig ) ? 'checked="checked"' : '',
1046 'ALWAYS_ADD_SIGNATURE_NO' => ( !$attachsig ) ? 'checked="checked"' : '',
1047 'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '',
1048 'NOTIFY_REPLY_NO' => ( !$notifyreply ) ? 'checked="checked"' : '',
1049 'ALWAYS_ALLOW_BBCODE_YES' => ( $allowbbcode ) ? 'checked="checked"' : '',
1050 'ALWAYS_ALLOW_BBCODE_NO' => ( !$allowbbcode ) ? 'checked="checked"' : '',
1051 'ALWAYS_ALLOW_HTML_YES' => ( $allowhtml ) ? 'checked="checked"' : '',
1052 'ALWAYS_ALLOW_HTML_NO' => ( !$allowhtml ) ? 'checked="checked"' : '',
1053 'ALWAYS_ALLOW_SMILIES_YES' => ( $allowsmilies ) ? 'checked="checked"' : '',
1054 'ALWAYS_ALLOW_SMILIES_NO' => ( !$allowsmilies ) ? 'checked="checked"' : '',
1055 'ALLOW_AVATAR' => $board_config['allow_avatar_upload'],
1056 'AVATAR' => $avatar_img,
1057 'AVATAR_SIZE' => $board_config['avatar_filesize'],
1058 'LANGUAGE_SELECT' => language_select($user_lang, 'language'),
1059 'STYLE_SELECT' => style_select($user_style, 'style'),
1060 'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'),
1061 'DATE_FORMAT' => $user_dateformat,
1062 'HTML_STATUS' => $html_status,
1063 'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
1064 'SMILIES_STATUS' => $smilies_status,
1065  
1066 'L_CURRENT_PASSWORD' => $lang['Current_password'],
1067 'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
1068 'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
1069 'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '',
1070 'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '',
1071 'L_PASSWORD_CONFIRM_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_confirm_if_changed'] : '',
1072 'L_SUBMIT' => $lang['Submit'],
1073 'L_RESET' => $lang['Reset'],
1074 'L_ICQ_NUMBER' => $lang['ICQ'],
1075 'L_MESSENGER' => $lang['MSNM'],
1076 'L_YAHOO' => $lang['YIM'],
1077 'L_WEBSITE' => $lang['Website'],
1078 'L_AIM' => $lang['AIM'],
1079 'L_LOCATION' => $lang['Location'],
1080 'L_OCCUPATION' => $lang['Occupation'],
1081 'L_BOARD_LANGUAGE' => $lang['Board_lang'],
1082 'L_BOARD_STYLE' => $lang['Board_style'],
1083 'L_TIMEZONE' => $lang['Timezone'],
1084 'L_DATE_FORMAT' => $lang['Date_format'],
1085 'L_DATE_FORMAT_EXPLAIN' => $lang['Date_format_explain'],
1086 'L_YES' => $lang['Yes'],
1087 'L_NO' => $lang['No'],
1088 'L_INTERESTS' => $lang['Interests'],
1089 'L_ALWAYS_ALLOW_SMILIES' => $lang['Always_smile'],
1090 'L_ALWAYS_ALLOW_BBCODE' => $lang['Always_bbcode'],
1091 'L_ALWAYS_ALLOW_HTML' => $lang['Always_html'],
1092 'L_HIDE_USER' => $lang['Hide_user'],
1093 'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'],
1094  
1095 'L_AVATAR_PANEL' => $lang['Avatar_panel'],
1096 'L_AVATAR_EXPLAIN' => sprintf($lang['Avatar_explain'], $board_config['avatar_max_width'], $board_config['avatar_max_height'], (round($board_config['avatar_filesize'] / 1024))),
1097 'L_UPLOAD_AVATAR_FILE' => $lang['Upload_Avatar_file'],
1098 'L_UPLOAD_AVATAR_URL' => $lang['Upload_Avatar_URL'],
1099 'L_UPLOAD_AVATAR_URL_EXPLAIN' => $lang['Upload_Avatar_URL_explain'],
1100 'L_AVATAR_GALLERY' => $lang['Select_from_gallery'],
1101 'L_SHOW_GALLERY' => $lang['View_avatar_gallery'],
1102 'L_LINK_REMOTE_AVATAR' => $lang['Link_remote_Avatar'],
1103 'L_LINK_REMOTE_AVATAR_EXPLAIN' => $lang['Link_remote_Avatar_explain'],
1104 'L_DELETE_AVATAR' => $lang['Delete_Image'],
1105 'L_CURRENT_IMAGE' => $lang['Current_Image'],
1106  
1107 'L_SIGNATURE' => $lang['Signature'],
1108 'L_SIGNATURE_EXPLAIN' => sprintf($lang['Signature_explain'], $board_config['max_sig_chars']),
1109 'L_NOTIFY_ON_REPLY' => $lang['Always_notify'],
1110 'L_NOTIFY_ON_REPLY_EXPLAIN' => $lang['Always_notify_explain'],
1111 'L_NOTIFY_ON_PRIVMSG' => $lang['Notify_on_privmsg'],
1112 'L_POPUP_ON_PRIVMSG' => $lang['Popup_on_privmsg'],
1113 'L_POPUP_ON_PRIVMSG_EXPLAIN' => $lang['Popup_on_privmsg_explain'],
1114 'L_PREFERENCES' => $lang['Preferences'],
1115 'L_PUBLIC_VIEW_EMAIL' => $lang['Public_view_email'],
1116 'L_ITEMS_REQUIRED' => $lang['Items_required'],
1117 'L_REGISTRATION_INFO' => $lang['Registration_info'],
1118 'L_PROFILE_INFO' => $lang['Profile_info'],
1119 'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'],
1120 'L_EMAIL_ADDRESS' => $lang['Email_address'],
1121  
1122 'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'),
1123 'L_CONFIRM_CODE' => $lang['Confirm_code'],
1124 'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'],
1125  
1126 'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'],
1127 'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'],
1128 'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'],
1129 'S_HIDDEN_FIELDS' => $s_hidden_fields,
1130 'S_FORM_ENCTYPE' => $form_enctype,
1131 'S_PROFILE_ACTION' => append_sid("profile.$phpEx"))
1132 );
1133  
1134 //
1135 // This is another cheat using the block_var capability
1136 // of the templates to 'fake' an IF...ELSE...ENDIF solution
1137 // it works well :)
1138 //
1139 if ( $mode != 'register' )
1140 {
1141 if ( $userdata['user_allowavatar'] && ( $board_config['allow_avatar_upload'] || $board_config['allow_avatar_local'] || $board_config['allow_avatar_remote'] ) )
1142 {
1143 $template->assign_block_vars('switch_avatar_block', array() );
1144  
1145 if ( $board_config['allow_avatar_upload'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_path'])) )
1146 {
1147 if ( $form_enctype != '' )
1148 {
1149 $template->assign_block_vars('switch_avatar_block.switch_avatar_local_upload', array() );
1150 }
1151 $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_upload', array() );
1152 }
1153  
1154 if ( $board_config['allow_avatar_remote'] )
1155 {
1156 $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array() );
1157 }
1158  
1159 if ( $board_config['allow_avatar_local'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_gallery_path'])) )
1160 {
1161 $template->assign_block_vars('switch_avatar_block.switch_avatar_local_gallery', array() );
1162 }
1163 }
1164 }
1165 }
1166  
1167 $template->pparse('body');
1168  
1169 include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
1170  
1171 ?>