mt-admin
RSS
Merge pull request #1 from mt-admin allow-iframes...
Merge pull request #1 from mt-admin allow-iframes Enable iframes in static pages
darkmorford - - Load All Authors

File last commit:

c1e4c31f199d
bcaa28009116 merge
Show More
user-edit.php
179 lines | 5.6 KiB | text/x-php | XmlPhpLexer
/ user-edit.php
History | Annotation | Raw |Copy content
<?php
require_once('include/admin.inc.php');
auth_redirect(); // Require logged in user to access this page.
if( isset($_POST['edit']) ) {
if( $_POST['edit'] === 'NEW' ) {
$username = sanitize_username( $_POST['user_login'] );
if( $username != $_POST['user_login'] || strlen($_POST['user_login']) < 1 )
mtdie( 'The specified username is not valid. Must be composed of a-z _ - @ .', 'Invalid Username' );
copy(RANTIMG.'default', RANTIMG.$username.'.png');
$mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysql_real_escape_string($username) . '", "'.$username.'.png")' );
$user = get_userdatabylogin( $username );
$userid = $user->id;
$info.='<p>User Account Created</p>';
adminlog("User '".$username."' created.", MTS_USER, MTA_ADD);
$user_old = $user;
} else {
$userid = (int) $_POST['edit'];
$user_old = $user = get_userdatabyid( $userid );
}
$user->nameplate = $_POST['nickname'];
$user->default_image = $user_old->default_image;
$user->default_link = $_POST['rant-link'];
$user->email = $_POST['email'];
if( !empty($_POST['password_new1']) && !empty($_POST['password_new2']) ) {
if( $_POST['password_new1'] !== $_POST['password_new2'] ) {
$error.='<p>New passwords do not match.</p>';
} else {
/* password change */
if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysql_real_escape_string($_POST['password_old']) . '") OR password = "")' )) {
$error.='<p>Specified password is incorrect.</p>';
} else {
/* Password match */
$user->password = $_POST['password_new1'];
change_password( $user );
$info.='<p>Password successfully changed.</p>';
}
}
}
function handle_upload( &$user ) {
global $info,$error;
if( !$_FILES['rant_image'] ) return;
if( '' == $_FILES['rant_image']['name'] ) return;
if( UPLOAD_ERR_NO_FILE == $_FILES['rant_image']['error'] ) return;
if( 0 == $_FILES['rant_image']['size'] ) return;
$info.='<p>Tried to upload an image.</p>';
// Uploading new rant image
$imagedata = getimagesize($_FILES['rant_image']['tmp_name']);
if( 300 !== $imagedata[0] ) {
$error.='<p>Image wrong width: '.$imagedata[0].'</p>';
return;
}
if( 245 !== $imagedata[1]) {
$error.='<p>Image wrong height: '.$imagedata[1].'</p>';
return;
}
switch( $_FILES['rant_image']['type'] ) {
case 'image/jpeg':
case 'image/jpg': $ext = 'jpg'; break;
case 'image/gif': $ext = 'gif'; break;
case 'image/png': $ext = 'png'; break;
case 'image/bmp': $ext = 'bmp'; break;
case 'image/tiff': $ext = 'tiff'; break;
default:
$error.='<p>Unknown image extension. Upload refused.</p>';
return;
}
$destination_path = $user->name.'.'.$ext;
if( !is_uploaded_file( $_FILES['rant_image']['tmp_name'] )) {
$error.='<p>Something went wrong while retrieving the uploaded image.</p>';
return;
}
if( move_uploaded_file($_FILES['rant_image']['tmp_name'], RANTIMG.$destination_path) ) { // TODO: SITE_PATH_ABS .'/'. SITE_RANT ?
// great
$user->default_image = $destination_path;
$info.='<p>New rant image uploaded.</p>';
} else {
$error.='<p>Something went wrong while storing the uploaded image.</p>';
adminlog("File system error while uploading rant image.", MTS_USER, MTA_MODIFY, E_WARNING);
}
}
handle_upload( $user );
save_userdata( $user );
$info.='<p>Changes to user profile information were saved successfully.</p>';
adminlog("Profile updated for user ".$user->name.".", MTS_USER, MTA_UPDATE);
} else {
$userid = (int) $_GET['edit'];
$user = get_userdatabyid( $userid );
}
if( !$user ) $error.='<p>The specified user does not exist.</p>';
adminhead('Edit User Profile');
adminmenu('users.php');
if( $user ) {
?>
<form enctype="multipart/form-data" name="profile" id="your-profile" action="user-edit.php" method="post">
<input type="hidden" name="edit" value="<?php echo $userid; ?>" />
<h2>Editing "<?php echo htmlentities($user->name); ?>"</h2>
<p>Modify details for this contributer.</p>
<fieldset>
<legend>Name</legend>
<p><label>Username:<br />
<input type="text" name="user_login" value="<?php echo htmlentities($user->name); ?>" disabled="disabled" /></label></p>
<p><label>Nickname:<br />
<input type="text" name="nickname" value="<?php echo htmlentities($user->nameplate); ?>" /></label></p>
<p><label>Email:<br />
<input type="text" name="email" value="<?php echo htmlentities($user->email); ?>" /></label></p>
</fieldset>
<fieldset>
<legend>Rant Defaults</legend>
<p><label>Link<br />
<input type="text" name="rant-link" value="<?php echo htmlentities($user->default_link); ?>" /></label></p>
<p><label>Upload New Image<br />
<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<input name="rant_image" type="file" /></label></p>
<?php
$rantimage_filename = SITE_RANT.'/' . $user->default_image;
if( !file_exists( SITE_PATH_ABS.'/' . $rantimage_filename )) {
echo '<p>There is currently no default rant image for this contributor.</p>';
} else {
echo '<p><img src="' . SITE_HOST . '/' . SITE_PATH . '/' . $rantimage_filename . '" width="150" /></p>';
}
?>
</fieldset>
<fieldset>
<legend>Change Password</legend>
<p><label>Old Password</br/>
<input type="password" name="password_old" value="" /></label></p>
<p><label>New Password</br/>
<input type="password" name="password_new1" value="" /></label></p>
<p><label>Confirm New Password</br/>
<input type="password" name="password_new2" value="" /></label></p>
</fieldset>
<br clear="all" />
<p class="submit"><input type="submit" value="Update Profile &raquo;" name="submit" /></p>
</form>
</div>
<?php
}
adminfooter();
?>