2011-03-28 14:21:28 +00:00
< ?
authorize ();
$UserID = $_REQUEST [ 'userid' ];
2013-04-20 08:01:01 +00:00
if ( ! is_number ( $UserID )) {
2011-03-28 14:21:28 +00:00
error ( 404 );
}
2013-02-22 08:00:24 +00:00
//For the entire of this page we should in general be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]
2012-10-11 08:00:15 +00:00
$U = Users :: user_info ( $UserID );
2011-03-28 14:21:28 +00:00
if ( ! $U ) {
error ( 404 );
}
2012-10-11 08:00:15 +00:00
$Permissions = Permissions :: get_permissions ( $U [ 'PermissionID' ]);
2011-03-28 14:21:28 +00:00
if ( $UserID != $LoggedUser [ 'ID' ] && ! check_perms ( 'users_edit_profiles' , $Permissions [ 'Class' ])) {
2012-09-09 08:00:26 +00:00
send_irc ( " PRIVMSG " . ADMIN_CHAN . " :User " . $LoggedUser [ 'Username' ] . " (https:// " . SSL_SITE_URL . " /user.php?id= " . $LoggedUser [ 'ID' ] . " ) just tried to edit the profile of https:// " . SSL_SITE_URL . " /user.php?id= " . $_REQUEST [ 'userid' ]);
2011-03-28 14:21:28 +00:00
error ( 403 );
}
$Val -> SetFields ( 'stylesheet' , 1 , " number " , " You forgot to select a stylesheet. " );
$Val -> SetFields ( 'styleurl' , 0 , " regex " , " You did not enter a valid stylesheet url. " , array ( 'regex' => '/^https?:\/\/(localhost(:[0-9]{2,5})?|[0-9]{1,3}(\.[0-9]{1,3}){3}|([a-zA-Z0-9\-\_]+\.)+([a-zA-Z]{1,5}[^\.]))(:[0-9]{2,5})?(\/[^<>]+)+\.css$/i' ));
$Val -> SetFields ( 'disablegrouping' , 1 , " number " , " You forgot to select your torrent grouping option. " , array ( 'minlength' => 0 , 'maxlength' => 1 ));
$Val -> SetFields ( 'torrentgrouping' , 1 , " number " , " You forgot to select your torrent grouping option. " , array ( 'minlength' => 0 , 'maxlength' => 1 ));
$Val -> SetFields ( 'discogview' , 1 , " number " , " You forgot to select your discography view option. " , array ( 'minlength' => 0 , 'maxlength' => 1 ));
$Val -> SetFields ( 'postsperpage' , 1 , " number " , " You forgot to select your posts per page option. " , array ( 'inarray' => array ( 25 , 50 , 100 )));
2011-11-20 08:00:18 +00:00
//$Val->SetFields('hidecollage',1,"number","You forgot to select your collage option.",array('minlength'=>0,'maxlength'=>1));
$Val -> SetFields ( 'collagecovers' , 1 , " number " , " You forgot to select your collage option. " );
2011-03-28 14:21:28 +00:00
$Val -> SetFields ( 'avatar' , 0 , " regex " , " You did not enter a valid avatar url. " , array ( 'regex' => " /^ " . IMAGE_REGEX . " $ /i " ));
$Val -> SetFields ( 'email' , 1 , " email " , " You did not enter a valid email address. " );
$Val -> SetFields ( 'irckey' , 0 , " string " , " You did not enter a valid IRCKey, must be between 6 and 32 characters long. " , array ( 'minlength' => 6 , 'maxlength' => 32 ));
2012-06-18 08:00:14 +00:00
$Val -> SetFields ( 'cur_pass' , 0 , " string " , " You did not enter a valid password, must be at least 6 characters long. " , array ( 'minlength' => 6 , 'maxlength' => 150 ));
2013-03-16 08:00:25 +00:00
$Val -> SetFields ( 'new_pass_1' , 0 , " regex " , " You did not enter a valid password. A strong password is between 8 and 40 characters long contains at least 1 lowercase and uppercase letter, contains at least a number or symbol " , array ( 'regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$/' ));
2011-03-28 14:21:28 +00:00
$Val -> SetFields ( 'new_pass_2' , 1 , " compare " , " Your passwords do not match. " , array ( 'comparefield' => 'new_pass_1' ));
if ( check_perms ( 'site_advanced_search' )) {
$Val -> SetFields ( 'searchtype' , 1 , " number " , " You forgot to select your default search preference. " , array ( 'minlength' => 0 , 'maxlength' => 1 ));
}
$Err = $Val -> ValidateForm ( $_POST );
2013-04-20 08:01:01 +00:00
if ( $Err ) {
2011-03-28 14:21:28 +00:00
error ( $Err );
header ( 'Location: user.php?action=edit&userid=' . $UserID );
die ();
}
// Begin building $Paranoia
// Reduce the user's input paranoia until it becomes consistent
if ( isset ( $_POST [ 'p_uniquegroups_l' ])) {
$_POST [ 'p_uploads_l' ] = 'on' ;
$_POST [ 'p_uploads_c' ] = 'on' ;
}
if ( isset ( $_POST [ 'p_uploads_l' ])) {
$_POST [ 'p_uniquegroups_l' ] = 'on' ;
$_POST [ 'p_uniquegroups_c' ] = 'on' ;
$_POST [ 'p_perfectflacs_l' ] = 'on' ;
$_POST [ 'p_perfectflacs_c' ] = 'on' ;
$_POST [ 'p_artistsadded' ] = 'on' ;
}
if ( isset ( $_POST [ 'p_collagecontribs_l' ])) {
$_POST [ 'p_collages_l' ] = 'on' ;
$_POST [ 'p_collages_c' ] = 'on' ;
}
if ( isset ( $_POST [ 'p_snatched_c' ]) && isset ( $_POST [ 'p_seeding_c' ]) && isset ( $_POST [ 'p_downloaded' ])) {
$_POST [ 'p_requiredratio' ] = 'on' ;
}
// if showing exactly 2 of stats, show all 3 of stats
$StatsShown = 0 ;
$Stats = array ( 'downloaded' , 'uploaded' , 'ratio' );
2013-04-20 08:01:01 +00:00
foreach ( $Stats as $S ) {
if ( isset ( $_POST [ 'p_' . $S ])) {
2011-03-28 14:21:28 +00:00
$StatsShown ++ ;
}
}
2013-04-20 08:01:01 +00:00
if ( $StatsShown == 2 ) {
foreach ( $Stats as $S ) {
2011-03-28 14:21:28 +00:00
$_POST [ 'p_' . $S ] = 'on' ;
}
}
$Paranoia = array ();
2013-05-23 08:01:12 +00:00
$Checkboxes = array ( 'downloaded' , 'uploaded' , 'ratio' , 'lastseen' , 'requiredratio' , 'invitedcount' , 'artistsadded' , 'notifications' );
2013-04-20 08:01:01 +00:00
foreach ( $Checkboxes as $C ) {
if ( ! isset ( $_POST [ 'p_' . $C ])) {
2011-03-28 14:21:28 +00:00
$Paranoia [] = $C ;
}
}
$SimpleSelects = array ( 'torrentcomments' , 'collages' , 'collagecontribs' , 'uploads' , 'uniquegroups' , 'perfectflacs' , 'seeding' , 'leeching' , 'snatched' );
foreach ( $SimpleSelects as $S ) {
2013-04-20 08:01:01 +00:00
if ( ! isset ( $_POST [ 'p_' . $S . '_c' ]) && ! isset ( $_POST [ 'p_' . $S . '_l' ])) {
2011-03-28 14:21:28 +00:00
// Very paranoid - don't show count or list
$Paranoia [] = $S . '+' ;
} elseif ( ! isset ( $_POST [ 'p_' . $S . '_l' ])) {
// A little paranoid - show count, don't show list
$Paranoia [] = $S ;
}
}
$Bounties = array ( 'requestsfilled' , 'requestsvoted' );
foreach ( $Bounties as $B ) {
if ( isset ( $_POST [ 'p_' . $B . '_list' ])) {
$_POST [ 'p_' . $B . '_count' ] = 'on' ;
$_POST [ 'p_' . $B . '_bounty' ] = 'on' ;
}
if ( ! isset ( $_POST [ 'p_' . $B . '_list' ])) {
$Paranoia [] = $B . '_list' ;
}
if ( ! isset ( $_POST [ 'p_' . $B . '_count' ])) {
$Paranoia [] = $B . '_count' ;
}
if ( ! isset ( $_POST [ 'p_' . $B . '_bounty' ])) {
$Paranoia [] = $B . '_bounty' ;
}
}
// End building $Paranoia
//Email change
$DB -> query ( " SELECT Email FROM users_main WHERE ID= " . $UserID );
list ( $CurEmail ) = $DB -> next_record ();
if ( $CurEmail != $_POST [ 'email' ]) {
2013-04-20 08:01:01 +00:00
if ( ! check_perms ( 'users_edit_profiles' )) { // Non-admins have to authenticate to change email
2011-03-28 14:21:28 +00:00
$DB -> query ( " SELECT PassHash,Secret FROM users_main WHERE ID=' " . db_string ( $UserID ) . " ' " );
list ( $PassHash , $Secret ) = $DB -> next_record ();
2013-04-20 08:01:01 +00:00
if ( ! Users :: check_password ( $_POST [ 'cur_pass' ], $PassHash , $Secret )) {
2011-03-28 14:21:28 +00:00
$Err = " You did not enter the correct password. " ;
}
}
2013-04-20 08:01:01 +00:00
if ( ! $Err ) {
2013-02-22 08:00:24 +00:00
$NewEmail = db_string ( $_POST [ 'email' ]);
2011-03-28 14:21:28 +00:00
//This piece of code will update the time of their last email change to the current time *not* the current change.
$ChangerIP = db_string ( $LoggedUser [ 'IP' ]);
2013-05-27 08:00:58 +00:00
$DB -> query ( "
UPDATE users_history_emails
SET Time = '".sqltime()."'
WHERE UserID = '$UserID'
AND Time = '0000-00-00 00:00:00' " );
$DB -> query ( "
INSERT INTO users_history_emails
( UserID , Email , Time , IP )
VALUES
2011-03-28 14:21:28 +00:00
( '$UserID' , '$NewEmail' , '0000-00-00 00:00:00' , '".db_string($_SERVER[' REMOTE_ADDR '])."' ) " );
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
} else {
error ( $Err );
header ( 'Location: user.php?action=edit&userid=' . $UserID );
die ();
}
2013-02-22 08:00:24 +00:00
2013-05-16 16:15:57 +00:00
2011-03-28 14:21:28 +00:00
}
//End Email change
if ( ! $Err && ( $_POST [ 'cur_pass' ] || $_POST [ 'new_pass_1' ] || $_POST [ 'new_pass_2' ])) {
2013-05-27 08:00:58 +00:00
$DB -> query ( "
SELECT PassHash , Secret
FROM users_main
WHERE ID = '".db_string($UserID)."' " );
list ( $PassHash , $Secret ) = $DB -> next_record ();
2011-03-28 14:21:28 +00:00
2012-10-11 08:00:15 +00:00
if ( Users :: check_password ( $_POST [ 'cur_pass' ], $PassHash , $Secret )) {
2013-02-22 08:00:24 +00:00
if ( $_POST [ 'new_pass_1' ] && $_POST [ 'new_pass_2' ]) {
$ResetPassword = true ;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
} else {
2013-05-27 08:00:58 +00:00
$Err = 'You did not enter the correct password.' ;
2011-03-28 14:21:28 +00:00
}
}
2013-04-20 08:01:01 +00:00
if ( $LoggedUser [ 'DisableAvatar' ] && $_POST [ 'avatar' ] != $U [ 'Avatar' ]) {
2013-05-27 08:00:58 +00:00
$Err = 'Your avatar rights have been removed.' ;
2011-03-28 14:21:28 +00:00
}
if ( $Err ) {
error ( $Err );
header ( 'Location: user.php?action=edit&userid=' . $UserID );
die ();
}
2013-04-20 08:01:01 +00:00
if ( ! empty ( $LoggedUser [ 'DefaultSearch' ])) {
2011-04-17 11:05:01 +00:00
$Options [ 'DefaultSearch' ] = $LoggedUser [ 'DefaultSearch' ];
}
2013-05-27 08:00:58 +00:00
$Options [ 'DisableGrouping2' ] = ( ! empty ( $_POST [ 'disablegrouping' ]) ? 1 : 0 );
$Options [ 'TorrentGrouping' ] = ( ! empty ( $_POST [ 'torrentgrouping' ]) ? 1 : 0 );
$Options [ 'DiscogView' ] = ( ! empty ( $_POST [ 'discogview' ]) ? 1 : 0 );
$Options [ 'PostsPerPage' ] = ( int ) $_POST [ 'postsperpage' ];
//$Options['HideCollage'] = (!empty($_POST['hidecollage']) ? 1 : 0);
$Options [ 'CollageCovers' ] = ( empty ( $_POST [ 'collagecovers' ]) ? 0 : $_POST [ 'collagecovers' ]);
$Options [ 'ShowTorFilter' ] = ( empty ( $_POST [ 'showtfilter' ]) ? 0 : 1 );
$Options [ 'ShowTags' ] = ( ! empty ( $_POST [ 'showtags' ]) ? 1 : 0 );
$Options [ 'AutoSubscribe' ] = ( ! empty ( $_POST [ 'autosubscribe' ]) ? 1 : 0 );
$Options [ 'DisableSmileys' ] = ( ! empty ( $_POST [ 'disablesmileys' ]) ? 1 : 0 );
2012-12-03 08:00:16 +00:00
$Options [ 'EnableMatureContent' ] = ( ! empty ( $_POST [ 'enablematurecontent' ]) ? 1 : 0 );
2013-05-27 08:00:58 +00:00
$Options [ 'DisableAvatars' ] = db_string ( $_POST [ 'disableavatars' ]);
$Options [ 'Identicons' ] = ( ! empty ( $_POST [ 'identicons' ]) ? ( int ) $_POST [ 'identicons' ] : 0 );
$Options [ 'DisablePMAvatars' ] = ( ! empty ( $_POST [ 'disablepmavatars' ]) ? 1 : 0 );
$Options [ 'NotifyOnQuote' ] = ( ! empty ( $_POST [ 'notifyquotes' ]) ? 1 : 0 );
$Options [ 'ShowSnatched' ] = ( ! empty ( $_POST [ 'showsnatched' ]) ? 1 : 0 );
$Options [ 'DisableAutoSave' ] = ( ! empty ( $_POST [ 'disableautosave' ]) ? 1 : 0 );
$Options [ 'NoVoteLinks' ] = ( ! empty ( $_POST [ 'novotelinks' ]) ? 1 : 0 );
$Options [ 'CoverArt' ] = ( int ) ! empty ( $_POST [ 'coverart' ]);
2011-03-28 14:21:28 +00:00
2013-04-20 08:01:01 +00:00
if ( isset ( $LoggedUser [ 'DisableFreeTorrentTop10' ])) {
2011-10-30 08:00:11 +00:00
$Options [ 'DisableFreeTorrentTop10' ] = $LoggedUser [ 'DisableFreeTorrentTop10' ];
}
2013-04-20 08:01:01 +00:00
if ( ! empty ( $_POST [ 'sorthide' ])) {
2012-10-27 08:00:09 +00:00
$JSON = json_decode ( $_POST [ 'sorthide' ]);
2013-04-20 08:01:01 +00:00
foreach ( $JSON as $J ) {
$E = explode ( '_' , $J );
2012-10-27 08:00:09 +00:00
$Options [ 'SortHide' ][ $E [ 0 ]] = $E [ 1 ];
2011-03-28 14:21:28 +00:00
}
} else {
2012-10-27 08:00:09 +00:00
$Options [ 'SortHide' ] = array ();
2011-03-28 14:21:28 +00:00
}
2012-10-27 08:00:09 +00:00
2011-03-28 14:21:28 +00:00
if ( check_perms ( 'site_advanced_search' )) {
2011-04-17 11:05:01 +00:00
$Options [ 'SearchType' ] = $_POST [ 'searchtype' ];
2011-03-28 14:21:28 +00:00
} else {
unset ( $Options [ 'SearchType' ]);
}
//TODO: Remove the following after a significant amount of time
unset ( $Options [ 'ArtistNoRedirect' ]);
unset ( $Options [ 'ShowQueryList' ]);
unset ( $Options [ 'ShowCacheList' ]);
2013-04-20 08:01:01 +00:00
$DownloadAlt = ( isset ( $_POST [ 'downloadalt' ])) ? 1 : 0 ;
$UnseededAlerts = ( isset ( $_POST [ 'unseededalerts' ])) ? 1 : 0 ;
2011-03-28 14:21:28 +00:00
2012-10-27 08:00:09 +00:00
2013-01-02 08:00:26 +00:00
$LastFMUsername = db_string ( $_POST [ 'lastfm_username' ]);
2013-05-27 08:00:58 +00:00
$OldLastFMUsername = '' ;
2013-01-02 08:00:26 +00:00
$DB -> query ( " SELECT username FROM lastfm_users WHERE ID = ' $UserID ' " );
2013-04-20 08:01:01 +00:00
if ( $DB -> record_count () > 0 ) {
2013-01-02 08:00:26 +00:00
list ( $OldLastFMUsername ) = $DB -> next_record ();
2013-04-20 08:01:01 +00:00
if ( $OldLastFMUsername != $LastFMUsername ) {
if ( empty ( $LastFMUsername )) {
2013-01-02 08:00:26 +00:00
$DB -> query ( " DELETE FROM lastfm_users WHERE ID = ' $UserID ' " );
} else {
$DB -> query ( " UPDATE lastfm_users SET Username = ' $LastFMUsername ' WHERE ID = ' $UserID ' " );
}
}
2013-04-20 08:01:01 +00:00
} elseif ( ! empty ( $LastFMUsername )) {
2013-05-27 08:00:58 +00:00
$DB -> query ( "
INSERT INTO lastfm_users ( ID , Username )
VALUES ( '$UserID' , '$LastFMUsername' ) " );
2013-01-02 08:00:26 +00:00
}
2011-03-28 14:21:28 +00:00
// Information on how the user likes to download torrents is stored in cache
2013-04-20 08:01:01 +00:00
if ( $DownloadAlt != $LoggedUser [ 'DownloadAlt' ]) {
2011-03-28 14:21:28 +00:00
$Cache -> delete_value ( 'user_' . $LoggedUser [ 'torrent_pass' ]);
}
$Cache -> begin_transaction ( 'user_info_' . $UserID );
$Cache -> update_row ( false , array (
'Avatar' => $_POST [ 'avatar' ],
'Paranoia' => $Paranoia
));
$Cache -> commit_transaction ( 0 );
$Cache -> begin_transaction ( 'user_info_heavy_' . $UserID );
$Cache -> update_row ( false , array (
'StyleID' => $_POST [ 'stylesheet' ],
'StyleURL' => $_POST [ 'styleurl' ],
'DownloadAlt' => $DownloadAlt
));
$Cache -> update_row ( false , $Options );
$Cache -> commit_transaction ( 0 );
2013-05-16 16:15:57 +00:00
$SQL = "
UPDATE users_main AS m
JOIN users_info AS i ON m . ID = i . UserID
SET
i . StyleID = '".db_string($_POST[' stylesheet '])."' ,
i . StyleURL = '".db_string($_POST[' styleurl '])."' ,
i . Avatar = '".db_string($_POST[' avatar '])."' ,
i . SiteOptions = '".db_string(serialize($Options))."' ,
i . NotifyOnQuote = '".db_string($Options[' NotifyOnQuote '])."' ,
i . Info = '".db_string($_POST[' info '])."' ,
i . DownloadAlt = '$DownloadAlt' ,
i . UnseededAlerts = '$UnseededAlerts' ,
m . Email = '".db_string($_POST[' email '])."' ,
m . IRCKey = '".db_string($_POST[' irckey '])."' , " ;
2011-03-28 14:21:28 +00:00
$SQL .= " m.Paranoia=' " . db_string ( serialize ( $Paranoia )) . " ' " ;
2013-04-20 08:01:01 +00:00
if ( $ResetPassword ) {
2011-05-26 08:00:10 +00:00
$ChangerIP = db_string ( $LoggedUser [ 'IP' ]);
2013-05-27 08:00:58 +00:00
$PassHash = Users :: make_crypt_hash ( $_POST [ 'new_pass_1' ]);
$SQL .= " ,m.PassHash=' " . db_string ( $PassHash ) . " ' " ;
2013-05-16 16:15:57 +00:00
$DB -> query ( "
INSERT INTO users_history_passwords
( UserID , ChangerIP , ChangeTime )
VALUES
( '$UserID' , '$ChangerIP' , '".sqltime()."' ) " );
2011-03-28 14:21:28 +00:00
}
if ( isset ( $_POST [ 'resetpasskey' ])) {
2013-02-22 08:00:24 +00:00
2012-10-11 08:00:15 +00:00
$UserInfo = Users :: user_heavy_info ( $UserID );
2012-02-01 08:00:25 +00:00
$OldPassKey = db_string ( $UserInfo [ 'torrent_pass' ]);
2012-10-11 08:00:15 +00:00
$NewPassKey = db_string ( Users :: make_secret ());
2011-03-28 14:21:28 +00:00
$ChangerIP = db_string ( $LoggedUser [ 'IP' ]);
$SQL .= " ,m.torrent_pass=' $NewPassKey ' " ;
2013-05-16 16:15:57 +00:00
$DB -> query ( "
INSERT INTO users_history_passkeys
( UserID , OldPassKey , NewPassKey , ChangerIP , ChangeTime )
VALUES
2011-03-28 14:21:28 +00:00
( '$UserID' , '$OldPassKey' , '$NewPassKey' , '$ChangerIP' , '".sqltime()."' ) " );
$Cache -> begin_transaction ( 'user_info_heavy_' . $UserID );
$Cache -> update_row ( false , array ( 'torrent_pass' => $NewPassKey ));
$Cache -> commit_transaction ( 0 );
$Cache -> delete_value ( 'user_' . $OldPassKey );
2013-02-22 08:00:24 +00:00
2012-10-11 08:00:15 +00:00
Tracker :: update_tracker ( 'change_passkey' , array ( 'oldpasskey' => $OldPassKey , 'newpasskey' => $NewPassKey ));
2011-03-28 14:21:28 +00:00
}
$SQL .= " WHERE m.ID=' " . db_string ( $UserID ) . " ' " ;
$DB -> query ( $SQL );
if ( $ResetPassword ) {
logout ();
}
header ( 'Location: user.php?action=edit&userid=' . $UserID );
?>