Go to most recent revision | Blame | Last modification | View Log | Download
<?php
/*************************
Coppermine Photo Gallery
************************
Copyright (c) 2003-2005 Coppermine Dev Team
v1.1 originaly written by Gregory DEMAR
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
********************************************
Coppermine version: 1.3.3
$Source: /cvsroot/coppermine/stable/profile.php,v $
$Revision: 1.7 $
$Author: gaugau $
$Date: 2005/04/19 03:17:11 $
**********************************************/
define('IN_COPPERMINE', true);
define('PROFILE_PHP', true);
require('include/init.inc.php');
$edit_profile_form_param = array(
array('text', 'username', $lang_register_php['username']),
array('text', 'reg_date', $lang_register_php['reg_date']),
array('text', 'group', $lang_register_php['group']),
array('text', 'email', $lang_register_php['email']),
array('text', 'disk_usage', $lang_register_php['disk_usage']),
array('input', 'location', $lang_register_php['location'], 255),
array('input', 'interests', $lang_register_php['interests'], 255),
array('input', 'website', $lang_register_php['website'], 255),
array('input', 'occupation', $lang_register_php['occupation'], 255),
);
$display_profile_form_param = array(
array('text', 'username', $lang_register_php['username']),
array('text', 'reg_date', $lang_register_php['reg_date']),
array('text', 'group', $lang_register_php['group']),
array('text', 'location', $lang_register_php['location']),
array('text', 'interests', $lang_register_php['interests']),
array('text', 'website', $lang_register_php['website']),
array('text', 'occupation', $lang_register_php['occupation']),
array('thumb', 'user_thumb'),
);
$change_password_form_param = array(
array('password', 'current_pass', $lang_register_php['current_pass'], 25),
array('password', 'new_pass', $lang_register_php['new_pass'], 25),
array('password', 'new_pass_again', $lang_register_php['new_pass_again'], 25),
);
function make_form($form_param, $form_data)
{
global $CONFIG, $PHP_SELF, $HTTP_POST_VARS;
global $lang_register_php;
foreach ($form_param as $element) switch ($element[0]) {
case 'label' :
echo <<<EOT
<tr>
<td colspan="2" class="tableh2">
<b>{$element[1]}<b>
</td>
</tr>
EOT;
break;
case 'text' :
if ($form_data[$element[1]] == '') break;
echo <<<EOT
<tr>
<td width="40%" class="tableb" height="25">
{$element[2]}
</td>
<td width="60%" class="tableb">
{$form_data[$element[1]]}
</td>
</tr>
EOT;
break;
case 'input' :
$value = $form_data[$element[1]];
echo <<<EOT
<tr>
<td width="40%" class="tableb" height="25">
{$element[2]}
</td>
<td width="60%" class="tableb" valign="top">
<input type="text" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="$value" class="textinput">
</td>
</tr>
EOT;
break;
case 'password' :
echo <<<EOT
<tr>
<td width="40%" class="tableb">
{$element[2]}
</td>
<td width="60%" class="tableb" valign="top">
<input type="password" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="" class="textinput">
</td>
</tr>
EOT;
break;
case 'thumb' :
$value = $form_data[$element[1]];
if ($value) echo <<<EOT
<td valign="top" colspan="2" class="thumbnails" align="center">
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td align="center">
$value
</td>
</tr>
</table>
</td>
EOT;
break;
default:
cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__);
}
}
function get_post_var($var)
{
global $HTTP_POST_VARS, $lang_errors;
if (!isset($HTTP_POST_VARS[$var])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ($var)", __FILE__, __LINE__);
return addslashes(trim($HTTP_POST_VARS[$var]));
}
$op = isset($HTTP_GET_VARS['op']) ? $HTTP_GET_VARS['op'] : '';
$uid = isset($HTTP_GET_VARS['uid']) ? (int)$HTTP_GET_VARS['uid'] : -1;
if (isset($HTTP_POST_VARS['change_pass'])) $op = 'change_pass';
if (isset($HTTP_POST_VARS['change_profile']) && USER_ID && !defined('UDB_INTEGRATION')) {
$location = get_post_var('location');
$interests = get_post_var('interests');
$website = get_post_var('website');
$occupation = get_post_var('occupation');
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_location = '$location', " . "user_interests = '$interests', " . "user_website = '$website', " . "user_occupation = '$occupation' " . "WHERE user_id = '" . USER_ID . "'";
$result = db_query($sql);
$title = sprintf($lang_register_php['x_s_profile'], USER_NAME);
$redirect = "index.php";
pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url=$redirect\">");
msg_box($lang_info, $lang_register_php['update_success'], $lang_continue, $redirect);
pagefooter();
ob_end_flush();
exit;
}
if (isset($HTTP_POST_VARS['change_password']) && USER_ID && !defined('UDB_INTEGRATION')) {
$current_pass = get_post_var('current_pass');
$new_pass = get_post_var('new_pass');
$new_pass_again = get_post_var('new_pass_again');
if (strlen($new_pass) < 2) cpg_die(ERROR, $lang_register_php['err_password_short'], __FILE__, __LINE__);
if ($new_pass != $new_pass_again) cpg_die(ERROR, $lang_register_php['err_password_mismatch'], __FILE__, __LINE__);
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_password = '$new_pass' " . "WHERE user_id = '" . USER_ID . "' AND BINARY user_password = '$current_pass'";
$result = db_query($sql);
if (!mysql_affected_rows()) cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__);
setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['new_pass']), time() + 86400, $CONFIG['cookie_path']);
$title = sprintf($lang_register_php['x_s_profile'], USER_NAME);
$redirect = $PHP_SELF . "?op=edit_profile";
pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url=$redirect\">");
msg_box($lang_info, $lang_register_php['pass_chg_success'], $lang_continue, $redirect);
pagefooter();
ob_end_flush();
exit;
}
switch ($op) {
// ------------------------------------------------------------------------- //
case 'edit_profile' :
if (!USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
if (defined('UDB_INTEGRATION')) udb_edit_profile(USER_ID);
$sql = "SELECT user_name, user_email, user_group, UNIX_TIMESTAMP(user_regdate) as user_regdate, group_name, " . "user_location, user_interests, user_website, user_occupation, user_group_list, " . "COUNT(pid) as pic_count, ROUND(SUM(total_filesize)/1024) as disk_usage, group_quota " . "FROM {$CONFIG['TABLE_USERS']} AS u " . "INNER JOIN {$CONFIG['TABLE_USERGROUPS']} AS g ON user_group = group_id " . "LEFT JOIN {$CONFIG['TABLE_PICTURES']} AS p ON p.owner_id = u.user_id " . "WHERE user_id ='" . USER_ID . "' " . "GROUP BY user_id ";
$result = db_query($sql);
if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_register_php['err_unk_user'], __FILE__, __LINE__);
$user_data = mysql_fetch_array($result);
mysql_free_result($result);
$group_list = '';
if ($user_data['user_group_list'] != '') {
$sql = "SELECT group_name " . "FROM {$CONFIG['TABLE_USERGROUPS']} " . "WHERE group_id IN ({$user_data['user_group_list']}) AND group_id != {$user_data['user_group']} " . "ORDER BY group_name";
$result = db_query($sql);
while ($row = mysql_fetch_array($result)) {
$group_list .= $row['group_name'] . ', ';
}
mysql_free_result($result);
$group_list = '<br /><i>(' . substr($group_list, 0, -2) . ')</i>';
}
$form_data = array('username' => $user_data['user_name'],
'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
'group' => $user_data['group_name'] . $group_list,
'email' => $user_data['user_email'],
'disk_usage' => $user_data['disk_usage'] .
($user_data['group_quota'] ? '/' . $user_data['group_quota'] : '') . ' ' . $lang_byte_units[1],
'location' => $user_data['user_location'],
'interests' => $user_data['user_interests'],
'website' => $user_data['user_website'],
'occupation' => $user_data['user_occupation'],
);
$title = sprintf($lang_register_php['x_s_profile'], USER_NAME);
pageheader($title);
starttable(-1, $title, 2);
echo <<<EOT
<form method="post" action="$PHP_SELF">
EOT;
make_form($edit_profile_form_param, $form_data);
echo <<<EOT
<tr>
<td colspan="2" align="center" class="tablef">
<input type="submit" name="change_profile" value="{$lang_register_php['apply_modif']}" class="button">
<img src="images/spacer.gif" width="20" height="1">
<input type="submit" name="change_pass" value="{$lang_register_php['change_pass']}" class="button">
</td>
</tr>
</form>
EOT;
endtable();
pagefooter();
ob_end_flush();
break;
// ------------------------------------------------------------------------- //
case 'change_pass' :
if (!USER_ID || defined('UDB_INTEGRATION')) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
$title = $lang_register_php['change_pass'];
pageheader($title);
starttable(-1, $title, 2);
echo <<<EOT
<form method="post" action="$PHP_SELF">
EOT;
make_form($change_password_form_param, '');
echo <<<EOT
<tr>
<td colspan="2" align="center" class="tablef">
<input type="submit" name="change_password" value="$title" class="button">
</td>
</tr>
</form>
EOT;
endtable();
pagefooter();
ob_end_flush();
break;
// ------------------------------------------------------------------------- //
default :
if (defined('UDB_INTEGRATION')) {
$user_data = udb_get_user_infos($uid);
} else {
$sql = "SELECT user_name, user_email, UNIX_TIMESTAMP(user_regdate) as user_regdate, group_name, " . "user_location, user_interests, user_website, user_occupation " . "FROM {$CONFIG['TABLE_USERS']} AS u " . "INNER JOIN {$CONFIG['TABLE_USERGROUPS']} AS g ON user_group = group_id " . "WHERE user_id ='$uid'";
$result = db_query($sql);
if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_register_php['err_unk_user'], __FILE__, __LINE__);
$user_data = mysql_fetch_array($result);
mysql_free_result($result);
}
if ($FORBIDDEN_SET != "") $FORBIDDEN_SET = "AND $FORBIDDEN_SET";
$query = "SELECT count(*), MAX(pid) FROM {$CONFIG['TABLE_PICTURES']} AS p WHERE owner_id = '$uid' AND approved = 'YES' $FORBIDDEN_SET";
$result = db_query($query);
$nbEnr = mysql_fetch_array($result);
$picture_count = $nbEnr[0];
$thumb_pid = $nbEnr[1];
mysql_free_result($result);
$result = db_query("SELECT count(*) FROM {$CONFIG['TABLE_ALBUMS']} AS p WHERE category = '" . (FIRST_USER_CAT + $uid) . "' $FORBIDDEN_SET");
$nbEnr = mysql_fetch_array($result);
$album_count = $nbEnr[0];
mysql_free_result($result);
$result = db_query("SELECT count(*), MAX(msg_id) FROM {$CONFIG['TABLE_COMMENTS']} as c, {$CONFIG['TABLE_PICTURES']} as p WHERE c.pid = p.pid AND author_id = '$uid' $FORBIDDEN_SET");
$nbEnr = mysql_fetch_array($result);
$comment_count = $nbEnr[0];
$lastcom_id = $nbEnr[1];
mysql_free_result($result);
$lastcom = '';
if ($comment_count) {
$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight, msg_author, UNIX_TIMESTAMP(msg_date) as msg_date, msg_body " . "FROM {$CONFIG['TABLE_COMMENTS']} AS c, {$CONFIG['TABLE_PICTURES']} AS p " . "WHERE msg_id='" . $lastcom_id . "' AND c.pid = p.pid";
$result = db_query($sql);
if (mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
mysql_free_result($result);
$pic_url = get_pic_url($row, 'thumb');
if (!is_image($row['filename'])) {
$image_info = getimagesize($pic_url);
$row['pwidth'] = $image_info[0];
$row['pheight'] = $image_info[1];
}
$image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);
$mime_content = get_type($row['filename']);
$lastcom = '<img src="' . $pic_url . '" class="image"' . $image_size['geom'] . ' border="0" alt="">';
$lastcom = '<td width="50%" valign="top" align="center">'
. '<a href="thumbnails.php?album=lastcomby&uid=' . $uid . '">'
. $lastcom
. '</a><br />';
$lastcom .= "<span class=\"thumb_caption\"><b>" . $row['msg_author'] . '</b></span>' . "<span class=\"thumb_caption\">" . localised_date($row['msg_date'], $lastcom_date_fmt) . '</span>' . "<span class=\"thumb_caption\">" . $row['msg_body'] . '</span></td>';
}
}
$user_thumb = '';
if ($picture_count) {
$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='" . $thumb_pid . "'";
$result = db_query($sql);
if (mysql_num_rows($result)) {
$picture = mysql_fetch_array($result);
mysql_free_result($result);
$pic_url = get_pic_url($picture, 'thumb');
if (!is_image($picture['filename'])) {
$image_info = getimagesize($pic_url);
$picture['pwidth'] = $image_info[0];
$picture['pheight'] = $image_info[1];
}
$image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['thumb_width']);
$mime_content = get_type($picture['filename']);
$user_thumb = '<img src="' . $pic_url . '" class="image"'
. $image_size['geom'] . ' border="0" alt="">';
$user_thumb = '<td width="50%" valign="top" align="center">'
. '<a href="thumbnails.php?album=lastupby&uid=' . $uid . '">'
. $user_thumb
. '</a></td>';
}
}
$quick_jump = ($user_thumb . $lastcom) ? '<table width="100%" border="0" cellspacing="5"><tr>' . $user_thumb . $lastcom . '</tr></table>' : '';
$form_data = array('username' => $user_data['user_name'],
'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
'group' => $user_data['group_name'],
'location' => $user_data['user_location'],
'interests' => $user_data['user_interests'],
'website' => make_clickable($user_data['user_website']),
'occupation' => $user_data['user_occupation'],
'user_thumb' => $quick_jump,
);
$title = sprintf($lang_register_php['x_s_profile'], $user_data['user_name']);
pageheader($title);
starttable(-1, $title, 2);
make_form($display_profile_form_param, $form_data);
endtable();
pagefooter();
ob_end_flush();
break;
}
?>