user-edit.php
179 lines
| 5.6 KiB
| text/x-php
|
XmlPhpLexer
| r1 | <?php | |||
| require_once('include/admin.inc.php'); | ||||
| auth_redirect(); // Require logged in user to access this page. | ||||
| if( isset($_POST['edit']) ) { | ||||
| if( $_POST['edit'] === 'NEW' ) { | ||||
| $username = sanitize_username( $_POST['user_login'] ); | ||||
| if( $username != $_POST['user_login'] || strlen($_POST['user_login']) < 1 ) | ||||
| mtdie( 'The specified username is not valid. Must be composed of a-z _ - @ .', 'Invalid Username' ); | ||||
| r5 | ||||
| r1 | copy(RANTIMG.'default', RANTIMG.$username.'.png'); | |||
| r5 | ||||
| $mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysqli_real_escape_string($mtdb->link, $username) . '", "'.$username.'.png")' ); | ||||
| r1 | $user = get_userdatabylogin( $username ); | |||
| $userid = $user->id; | ||||
| $info.='<p>User Account Created</p>'; | ||||
| adminlog("User '".$username."' created.", MTS_USER, MTA_ADD); | ||||
| $user_old = $user; | ||||
| } else { | ||||
| $userid = (int) $_POST['edit']; | ||||
| $user_old = $user = get_userdatabyid( $userid ); | ||||
| } | ||||
| r5 | ||||
| r1 | $user->nameplate = $_POST['nickname']; | |||
| $user->default_image = $user_old->default_image; | ||||
| $user->default_link = $_POST['rant-link']; | ||||
| $user->email = $_POST['email']; | ||||
| r5 | ||||
| r1 | if( !empty($_POST['password_new1']) && !empty($_POST['password_new2']) ) { | |||
| r5 | ||||
| r1 | if( $_POST['password_new1'] !== $_POST['password_new2'] ) { | |||
| $error.='<p>New passwords do not match.</p>'; | ||||
| } else { | ||||
| /* password change */ | ||||
| r5 | if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysqli_real_escape_string($mtdb->link, $_POST['password_old']) . '") OR password = "")' )) { | |||
| r1 | $error.='<p>Specified password is incorrect.</p>'; | |||
| } else { | ||||
| /* Password match */ | ||||
| $user->password = $_POST['password_new1']; | ||||
| change_password( $user ); | ||||
| $info.='<p>Password successfully changed.</p>'; | ||||
| } | ||||
| } | ||||
| } | ||||
| function handle_upload( &$user ) { | ||||
| global $info,$error; | ||||
| r5 | ||||
| r1 | if( !$_FILES['rant_image'] ) return; | |||
| r5 | ||||
| r1 | if( '' == $_FILES['rant_image']['name'] ) return; | |||
| if( UPLOAD_ERR_NO_FILE == $_FILES['rant_image']['error'] ) return; | ||||
| if( 0 == $_FILES['rant_image']['size'] ) return; | ||||
| r5 | ||||
| r1 | $info.='<p>Tried to upload an image.</p>'; | |||
| // Uploading new rant image | ||||
| $imagedata = getimagesize($_FILES['rant_image']['tmp_name']); | ||||
| if( 300 !== $imagedata[0] ) { | ||||
| $error.='<p>Image wrong width: '.$imagedata[0].'</p>'; | ||||
| return; | ||||
| } | ||||
| if( 245 !== $imagedata[1]) { | ||||
| $error.='<p>Image wrong height: '.$imagedata[1].'</p>'; | ||||
| return; | ||||
| } | ||||
| r5 | ||||
| r1 | switch( $_FILES['rant_image']['type'] ) { | |||
| case 'image/jpeg': | ||||
| case 'image/jpg': $ext = 'jpg'; break; | ||||
| case 'image/gif': $ext = 'gif'; break; | ||||
| case 'image/png': $ext = 'png'; break; | ||||
| case 'image/bmp': $ext = 'bmp'; break; | ||||
| case 'image/tiff': $ext = 'tiff'; break; | ||||
| default: | ||||
| $error.='<p>Unknown image extension. Upload refused.</p>'; | ||||
| return; | ||||
| } | ||||
| r5 | ||||
| r1 | $destination_path = $user->name.'.'.$ext; | |||
| if( !is_uploaded_file( $_FILES['rant_image']['tmp_name'] )) { | ||||
| $error.='<p>Something went wrong while retrieving the uploaded image.</p>'; | ||||
| return; | ||||
| } | ||||
| if( move_uploaded_file($_FILES['rant_image']['tmp_name'], RANTIMG.$destination_path) ) { // TODO: SITE_PATH_ABS .'/'. SITE_RANT ? | ||||
| // great | ||||
| $user->default_image = $destination_path; | ||||
| $info.='<p>New rant image uploaded.</p>'; | ||||
| } else { | ||||
| $error.='<p>Something went wrong while storing the uploaded image.</p>'; | ||||
| adminlog("File system error while uploading rant image.", MTS_USER, MTA_MODIFY, E_WARNING); | ||||
| } | ||||
| } | ||||
| handle_upload( $user ); | ||||
| save_userdata( $user ); | ||||
| $info.='<p>Changes to user profile information were saved successfully.</p>'; | ||||
| adminlog("Profile updated for user ".$user->name.".", MTS_USER, MTA_UPDATE); | ||||
| } else { | ||||
| $userid = (int) $_GET['edit']; | ||||
| $user = get_userdatabyid( $userid ); | ||||
| r5 | } | |||
| r1 | if( !$user ) $error.='<p>The specified user does not exist.</p>'; | |||
| adminhead('Edit User Profile'); | ||||
| adminmenu('users.php'); | ||||
| if( $user ) { | ||||
| ?> | ||||
| <form enctype="multipart/form-data" name="profile" id="your-profile" action="user-edit.php" method="post"> | ||||
| <input type="hidden" name="edit" value="<?php echo $userid; ?>" /> | ||||
| <h2>Editing "<?php echo htmlentities($user->name); ?>"</h2> | ||||
| <p>Modify details for this contributer.</p> | ||||
| <fieldset> | ||||
| <legend>Name</legend> | ||||
| <p><label>Username:<br /> | ||||
| <input type="text" name="user_login" value="<?php echo htmlentities($user->name); ?>" disabled="disabled" /></label></p> | ||||
| <p><label>Nickname:<br /> | ||||
| <input type="text" name="nickname" value="<?php echo htmlentities($user->nameplate); ?>" /></label></p> | ||||
| <p><label>Email:<br /> | ||||
| <input type="text" name="email" value="<?php echo htmlentities($user->email); ?>" /></label></p> | ||||
| </fieldset> | ||||
| <fieldset> | ||||
| <legend>Rant Defaults</legend> | ||||
| <p><label>Link<br /> | ||||
| <input type="text" name="rant-link" value="<?php echo htmlentities($user->default_link); ?>" /></label></p> | ||||
| <p><label>Upload New Image<br /> | ||||
| <input type="hidden" name="MAX_FILE_SIZE" value="10000000" /> | ||||
| <input name="rant_image" type="file" /></label></p> | ||||
| <?php | ||||
| $rantimage_filename = SITE_RANT.'/' . $user->default_image; | ||||
| if( !file_exists( SITE_PATH_ABS.'/' . $rantimage_filename )) { | ||||
| echo '<p>There is currently no default rant image for this contributor.</p>'; | ||||
| } else { | ||||
| echo '<p><img src="' . SITE_HOST . '/' . SITE_PATH . '/' . $rantimage_filename . '" width="150" /></p>'; | ||||
| } | ||||
| ?> | ||||
| </fieldset> | ||||
| <fieldset> | ||||
| <legend>Change Password</legend> | ||||
| <p><label>Old Password</br/> | ||||
| <input type="password" name="password_old" value="" /></label></p> | ||||
| <p><label>New Password</br/> | ||||
| <input type="password" name="password_new1" value="" /></label></p> | ||||
| <p><label>Confirm New Password</br/> | ||||
| <input type="password" name="password_new2" value="" /></label></p> | ||||
| </fieldset> | ||||
| <br clear="all" /> | ||||
| <p class="submit"><input type="submit" value="Update Profile »" name="submit" /></p> | ||||
| </form> | ||||
| </div> | ||||
| <?php | ||||
| } | ||||
| adminfooter(); | ||||
| ?> | ||||
