Gazelle/sections/user/takeedit.php

329 lines
12 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
authorize();
$UserID = $_REQUEST['userid'];
if(!is_number($UserID)) {
error(404);
}
2013-02-22 08:00:24 +00:00
//For the entire of this page we should in general be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]
2012-10-11 08:00:15 +00:00
$U = Users::user_info($UserID);
2011-03-28 14:21:28 +00:00
if (!$U) {
error(404);
}
2012-10-11 08:00:15 +00:00
$Permissions = Permissions::get_permissions($U['PermissionID']);
2011-03-28 14:21:28 +00:00
if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {
2012-09-09 08:00:26 +00:00
send_irc("PRIVMSG ".ADMIN_CHAN." :User ".$LoggedUser['Username']." (https://".SSL_SITE_URL."/user.php?id=".$LoggedUser['ID'].") just tried to edit the profile of https://".SSL_SITE_URL."/user.php?id=".$_REQUEST['userid']);
2011-03-28 14:21:28 +00:00
error(403);
}
$Val->SetFields('stylesheet',1,"number","You forgot to select a stylesheet.");
$Val->SetFields('styleurl',0,"regex","You did not enter a valid stylesheet url.",array('regex'=>'/^https?:\/\/(localhost(:[0-9]{2,5})?|[0-9]{1,3}(\.[0-9]{1,3}){3}|([a-zA-Z0-9\-\_]+\.)+([a-zA-Z]{1,5}[^\.]))(:[0-9]{2,5})?(\/[^<>]+)+\.css$/i'));
$Val->SetFields('disablegrouping',1,"number","You forgot to select your torrent grouping option.",array('minlength'=>0,'maxlength'=>1));
$Val->SetFields('torrentgrouping',1,"number","You forgot to select your torrent grouping option.",array('minlength'=>0,'maxlength'=>1));
$Val->SetFields('discogview',1,"number","You forgot to select your discography view option.",array('minlength'=>0,'maxlength'=>1));
$Val->SetFields('postsperpage',1,"number","You forgot to select your posts per page option.",array('inarray'=>array(25,50,100)));
2011-11-20 08:00:18 +00:00
//$Val->SetFields('hidecollage',1,"number","You forgot to select your collage option.",array('minlength'=>0,'maxlength'=>1));
$Val->SetFields('collagecovers',1,"number","You forgot to select your collage option.");
2011-03-28 14:21:28 +00:00
$Val->SetFields('avatar',0,"regex","You did not enter a valid avatar url.",array('regex'=>"/^".IMAGE_REGEX."$/i"));
$Val->SetFields('email',1,"email","You did not enter a valid email address.");
$Val->SetFields('irckey',0,"string","You did not enter a valid IRCKey, must be between 6 and 32 characters long.",array('minlength'=>6,'maxlength'=>32));
2012-06-18 08:00:14 +00:00
$Val->SetFields('cur_pass',0,"string","You did not enter a valid password, must be at least 6 characters long.",array('minlength'=>6,'maxlength'=>150));
2012-07-26 08:00:17 +00:00
$Val->SetFields('new_pass_1',0,"regex","You did not enter a valid password. A strong password is between 8 and 40 characters long contains at least 1 lowercase and uppercase letter, contains at least a number or symbol",array('regex'=>'/(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/'));
2011-03-28 14:21:28 +00:00
$Val->SetFields('new_pass_2',1,"compare","Your passwords do not match.",array('comparefield'=>'new_pass_1'));
if (check_perms('site_advanced_search')) {
$Val->SetFields('searchtype',1,"number","You forgot to select your default search preference.",array('minlength'=>0,'maxlength'=>1));
}
$Err = $Val->ValidateForm($_POST);
if($Err) {
error($Err);
header('Location: user.php?action=edit&userid='.$UserID);
die();
}
// Begin building $Paranoia
// Reduce the user's input paranoia until it becomes consistent
if (isset($_POST['p_uniquegroups_l'])) {
$_POST['p_uploads_l'] = 'on';
$_POST['p_uploads_c'] = 'on';
}
if (isset($_POST['p_uploads_l'])) {
$_POST['p_uniquegroups_l'] = 'on';
$_POST['p_uniquegroups_c'] = 'on';
$_POST['p_perfectflacs_l'] = 'on';
$_POST['p_perfectflacs_c'] = 'on';
$_POST['p_artistsadded'] = 'on';
}
if (isset($_POST['p_collagecontribs_l'])) {
$_POST['p_collages_l'] = 'on';
$_POST['p_collages_c'] = 'on';
}
if (isset($_POST['p_snatched_c']) && isset($_POST['p_seeding_c']) && isset($_POST['p_downloaded'])) {
$_POST['p_requiredratio'] = 'on';
}
// if showing exactly 2 of stats, show all 3 of stats
$StatsShown = 0;
$Stats = array('downloaded', 'uploaded', 'ratio');
foreach($Stats as $S) {
if(isset($_POST['p_'.$S])) {
$StatsShown++;
}
}
if($StatsShown == 2) {
foreach($Stats as $S) {
$_POST['p_'.$S] = 'on';
}
}
$Paranoia = array();
$Checkboxes = array('downloaded', 'uploaded', 'ratio', 'lastseen', 'requiredratio', 'invitedcount', 'artistsadded');
foreach($Checkboxes as $C) {
if(!isset($_POST['p_'.$C])) {
$Paranoia[] = $C;
}
}
$SimpleSelects = array('torrentcomments', 'collages', 'collagecontribs', 'uploads', 'uniquegroups', 'perfectflacs', 'seeding', 'leeching', 'snatched');
foreach ($SimpleSelects as $S) {
if(!isset($_POST['p_'.$S.'_c']) && !isset($_POST['p_'.$S.'_l'])) {
// Very paranoid - don't show count or list
$Paranoia[] = $S . '+';
} elseif (!isset($_POST['p_'.$S.'_l'])) {
// A little paranoid - show count, don't show list
$Paranoia[] = $S;
}
}
$Bounties = array('requestsfilled', 'requestsvoted');
foreach ($Bounties as $B) {
if (isset($_POST['p_'.$B.'_list'])) {
$_POST['p_'.$B.'_count'] = 'on';
$_POST['p_'.$B.'_bounty'] = 'on';
}
if (!isset($_POST['p_'.$B.'_list'])) {
$Paranoia[] = $B.'_list';
}
if (!isset($_POST['p_'.$B.'_count'])) {
$Paranoia[] = $B.'_count';
}
if (!isset($_POST['p_'.$B.'_bounty'])) {
$Paranoia[] = $B.'_bounty';
}
}
// End building $Paranoia
//Email change
$DB->query("SELECT Email FROM users_main WHERE ID=".$UserID);
list($CurEmail) = $DB->next_record();
if ($CurEmail != $_POST['email']) {
if(!check_perms('users_edit_profiles')) { // Non-admins have to authenticate to change email
$DB->query("SELECT PassHash,Secret FROM users_main WHERE ID='".db_string($UserID)."'");
list($PassHash,$Secret)=$DB->next_record();
2012-10-11 08:00:15 +00:00
if(!Users::check_password($_POST['cur_pass'], $PassHash, $Secret)) {
2011-03-28 14:21:28 +00:00
$Err = "You did not enter the correct password.";
}
}
if(!$Err) {
2013-02-22 08:00:24 +00:00
$NewEmail = db_string($_POST['email']);
2011-03-28 14:21:28 +00:00
//This piece of code will update the time of their last email change to the current time *not* the current change.
$ChangerIP = db_string($LoggedUser['IP']);
$DB->query("UPDATE users_history_emails SET Time='".sqltime()."' WHERE UserID='$UserID' AND Time='0000-00-00 00:00:00'");
$DB->query("INSERT INTO users_history_emails
(UserID, Email, Time, IP) VALUES
('$UserID', '$NewEmail', '0000-00-00 00:00:00', '".db_string($_SERVER['REMOTE_ADDR'])."')");
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
} else {
error($Err);
header('Location: user.php?action=edit&userid='.$UserID);
die();
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
}
//End Email change
if (!$Err && ($_POST['cur_pass'] || $_POST['new_pass_1'] || $_POST['new_pass_2'])) {
$DB->query("SELECT PassHash,Secret FROM users_main WHERE ID='".db_string($UserID)."'");
list($PassHash,$Secret)=$DB->next_record();
2012-10-11 08:00:15 +00:00
if (Users::check_password($_POST['cur_pass'], $PassHash, $Secret)) {
2013-02-22 08:00:24 +00:00
if ($_POST['new_pass_1'] && $_POST['new_pass_2']) {
$ResetPassword = true;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
} else {
2011-03-28 14:21:28 +00:00
$Err = "You did not enter the correct password.";
}
}
if($LoggedUser['DisableAvatar'] && $_POST['avatar'] != $U['Avatar']) {
$Err = "Your avatar rights have been removed.";
}
if ($Err) {
error($Err);
header('Location: user.php?action=edit&userid='.$UserID);
die();
}
if(!empty($LoggedUser['DefaultSearch'])) {
$Options['DefaultSearch'] = $LoggedUser['DefaultSearch'];
}
2012-11-01 08:00:21 +00:00
$Options['DisableGrouping2'] = (!empty($_POST['disablegrouping']) ? 1 : 0);
2011-03-28 14:21:28 +00:00
$Options['TorrentGrouping'] = (!empty($_POST['torrentgrouping']) ? 1 : 0);
$Options['DiscogView'] = (!empty($_POST['discogview']) ? 1 : 0);
$Options['PostsPerPage'] = (int) $_POST['postsperpage'];
2011-11-20 08:00:18 +00:00
//$Options['HideCollage'] = (!empty($_POST['hidecollage']) ? 1 : 0);
$Options['CollageCovers'] = empty($_POST['collagecovers']) ? 0 : $_POST['collagecovers'];
2013-02-24 08:00:18 +00:00
$Options['ShowTorFilter'] = empty($_POST['showtfilter']) ? 0 : 1;
2011-03-28 14:21:28 +00:00
$Options['ShowTags'] = (!empty($_POST['showtags']) ? 1 : 0);
$Options['AutoSubscribe'] = (!empty($_POST['autosubscribe']) ? 1 : 0);
$Options['DisableSmileys'] = (!empty($_POST['disablesmileys']) ? 1 : 0);
2012-12-03 08:00:16 +00:00
$Options['EnableMatureContent'] = (!empty($_POST['enablematurecontent']) ? 1 : 0);
2012-11-01 08:00:21 +00:00
$Options['DisableAvatars'] = db_string($_POST['disableavatars']);
$Options['Identicons'] = (!empty($_POST['identicons']) ? (int) $_POST['identicons'] : 0);
2011-11-20 08:00:18 +00:00
$Options['DisablePMAvatars'] = (!empty($_POST['disablepmavatars']) ? 1 : 0);
2012-10-27 08:00:09 +00:00
$Options['NotifyOnQuote'] = (!empty($_POST['notifyquotes']) ? 1 : 0);
$Options['ShowSnatched'] = (!empty($_POST['showsnatched']) ? 1 : 0);
2012-10-31 08:00:17 +00:00
$Options['DisableAutoSave'] = (!empty($_POST['disableautosave']) ? 1 : 0);
2012-11-02 08:00:18 +00:00
$Options['NoVoteLinks'] = (!empty($_POST['novotelinks']) ? 1 : 0);
2012-10-27 08:00:09 +00:00
2011-03-28 14:21:28 +00:00
2011-10-30 08:00:11 +00:00
if(isset($LoggedUser['DisableFreeTorrentTop10'])) {
$Options['DisableFreeTorrentTop10'] = $LoggedUser['DisableFreeTorrentTop10'];
}
2012-10-27 08:00:09 +00:00
if(!empty($_POST['sorthide'])) {
$JSON = json_decode($_POST['sorthide']);
foreach($JSON as $J) {
$E = explode("_", $J);
$Options['SortHide'][$E[0]] = $E[1];
2011-03-28 14:21:28 +00:00
}
} else {
2012-10-27 08:00:09 +00:00
$Options['SortHide'] = array();
2011-03-28 14:21:28 +00:00
}
2012-10-27 08:00:09 +00:00
2011-03-28 14:21:28 +00:00
if (check_perms('site_advanced_search')) {
$Options['SearchType'] = $_POST['searchtype'];
2011-03-28 14:21:28 +00:00
} else {
unset($Options['SearchType']);
}
//TODO: Remove the following after a significant amount of time
unset($Options['ArtistNoRedirect']);
unset($Options['ShowQueryList']);
unset($Options['ShowCacheList']);
$DownloadAlt = (isset($_POST['downloadalt']))? 1:0;
$UnseededAlerts = (isset($_POST['unseededalerts']))? 1:0;
2011-03-28 14:21:28 +00:00
2012-10-27 08:00:09 +00:00
2013-01-02 08:00:26 +00:00
$LastFMUsername = db_string($_POST['lastfm_username']);
$OldLastFMUsername = "";
$DB->query("SELECT username FROM lastfm_users WHERE ID = '$UserID'");
if($DB->record_count() > 0) {
list($OldLastFMUsername) = $DB->next_record();
if($OldLastFMUsername != $LastFMUsername) {
if(empty($LastFMUsername)) {
$DB->query("DELETE FROM lastfm_users WHERE ID = '$UserID'");
} else {
$DB->query("UPDATE lastfm_users SET Username = '$LastFMUsername' WHERE ID = '$UserID'");
}
}
}
elseif(!empty($LastFMUsername)) {
$DB->query("INSERT INTO lastfm_users (ID, Username) VALUES ('$UserID', '$LastFMUsername')");
}
2011-03-28 14:21:28 +00:00
// Information on how the user likes to download torrents is stored in cache
if($DownloadAlt != $LoggedUser['DownloadAlt']) {
$Cache->delete_value('user_'.$LoggedUser['torrent_pass']);
}
$Cache->begin_transaction('user_info_'.$UserID);
$Cache->update_row(false, array(
'Avatar'=>$_POST['avatar'],
'Paranoia'=>$Paranoia
));
$Cache->commit_transaction(0);
$Cache->begin_transaction('user_info_heavy_'.$UserID);
$Cache->update_row(false, array(
'StyleID'=>$_POST['stylesheet'],
'StyleURL'=>$_POST['styleurl'],
'DownloadAlt'=>$DownloadAlt
));
$Cache->update_row(false, $Options);
$Cache->commit_transaction(0);
$SQL="UPDATE users_main AS m JOIN users_info AS i ON m.ID=i.UserID SET
i.StyleID='".db_string($_POST['stylesheet'])."',
i.StyleURL='".db_string($_POST['styleurl'])."',
i.Avatar='".db_string($_POST['avatar'])."',
i.SiteOptions='".db_string(serialize($Options))."',
2012-10-27 08:00:09 +00:00
i.NotifyOnQuote = '".db_string($Options['NotifyOnQuote'])."',
2011-03-28 14:21:28 +00:00
i.Info='".db_string($_POST['info'])."',
i.DownloadAlt='$DownloadAlt',
i.UnseededAlerts='$UnseededAlerts',
2011-03-28 14:21:28 +00:00
m.Email='".db_string($_POST['email'])."',
m.IRCKey='".db_string($_POST['irckey'])."',";
$SQL .= "m.Paranoia='".db_string(serialize($Paranoia))."'";
if($ResetPassword) {
$ChangerIP = db_string($LoggedUser['IP']);
2012-10-11 08:00:15 +00:00
$PassHash=Users::make_crypt_hash($_POST['new_pass_1']);
2012-09-22 08:00:24 +00:00
$SQL.=",m.PassHash='".db_string($PassHash)."'";
2011-03-28 14:21:28 +00:00
$DB->query("INSERT INTO users_history_passwords
(UserID, ChangerIP, ChangeTime) VALUES
('$UserID', '$ChangerIP', '".sqltime()."')");
}
if (isset($_POST['resetpasskey'])) {
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
2013-02-22 08:00:24 +00:00
2012-10-11 08:00:15 +00:00
$UserInfo = Users::user_heavy_info($UserID);
2012-02-01 08:00:25 +00:00
$OldPassKey = db_string($UserInfo['torrent_pass']);
2012-10-11 08:00:15 +00:00
$NewPassKey = db_string(Users::make_secret());
2011-03-28 14:21:28 +00:00
$ChangerIP = db_string($LoggedUser['IP']);
$SQL.=",m.torrent_pass='$NewPassKey'";
$DB->query("INSERT INTO users_history_passkeys
(UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime) VALUES
('$UserID', '$OldPassKey', '$NewPassKey', '$ChangerIP', '".sqltime()."')");
$Cache->begin_transaction('user_info_heavy_'.$UserID);
$Cache->update_row(false, array('torrent_pass'=>$NewPassKey));
$Cache->commit_transaction(0);
$Cache->delete_value('user_'.$OldPassKey);
2013-02-22 08:00:24 +00:00
2012-10-11 08:00:15 +00:00
Tracker::update_tracker('change_passkey', array('oldpasskey' => $OldPassKey, 'newpasskey' => $NewPassKey));
2011-03-28 14:21:28 +00:00
}
$SQL.="WHERE m.ID='".db_string($UserID)."'";
$DB->query($SQL);
if ($ResetPassword) {
logout();
}
header('Location: user.php?action=edit&userid='.$UserID);
?>