home *** CD-ROM | disk | FTP | other *** search
/ PC Basics 53 / PC Basics Issue 53.iso / Software / Internet / Invboard.exe / PC Basics 53 / Invboard / upload / sources / lib / usercp_functions.php < prev   
Encoding:
PHP Script  |  2002-06-12  |  17.2 KB  |  584 lines
  1. <?php
  2.  
  3. /*
  4. +--------------------------------------------------------------------------
  5. |   IBFORUMS v1
  6. |   ========================================
  7. |   by Matthew Mecham and David Baxter
  8. |   (c) 2001,2002 IBForums
  9. |   http://www.ibforums.com
  10. |   ========================================
  11. |   Web: http://www.ibforums.com
  12. |   Email: phpboards@ibforums.com
  13. |   Licence Info: phpib-licence@ibforums.com
  14. +---------------------------------------------------------------------------
  15. |
  16. |   > UserCP functions library
  17. |   > Module written by Matt Mecham
  18. |   > Date started: 20th February 2002
  19. |
  20. |    > Module Version Number: 1.0.0
  21. +--------------------------------------------------------------------------
  22. */
  23.  
  24.  
  25. class usercp_functions {
  26.  
  27.     var $class;
  28.     
  29.     function usercp_functions($class) {
  30.         
  31.         $this->class = $class;
  32.     }
  33.     
  34.     function do_skin_langs() {
  35.         global $ibforums, $DB, $std, $print, $HTTP_POST_VARS;
  36.         
  37.         // Check input for 1337 h/\x0r nonsense
  38.         
  39.         if ($HTTP_POST_VARS['act'] == "")
  40.         {
  41.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) );
  42.         }
  43.         
  44.         //+----------------------------------------
  45.         
  46.         if ( preg_match( "/\.\./", $ibforums->input['u_skin'] ) )
  47.         {
  48.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  49.         }
  50.         //+----------------------------------------
  51.         if ( preg_match( "/\.\./", $ibforums->input['u_language'] ) )
  52.         {
  53.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  54.         }
  55.         
  56.         //+----------------------------------------
  57.         
  58.         $DB->query("SELECT sid FROM ibf_skins WHERE hidden <> 1 AND sid='".$ibforums->input['u_skin']."'");
  59.         
  60.         if (! $DB->get_num_rows() )
  61.         {
  62.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'skin_not_found' ) );
  63.         }
  64.         
  65.         //+----------------------------------------
  66.         
  67.         $db_string = $DB->compile_db_update_string(  array (
  68.                                                               'language'    => $ibforums->input['u_language'],
  69.                                                               'skin       ' => $ibforums->input['u_skin'],
  70.                                                   )         );
  71.         
  72.         $DB->query("UPDATE ibf_members SET $db_string WHERE id='".$this->class->member['id']."'");
  73.         
  74.         $print->redirect_screen( $ibforums->lang['set_updated'], "act=UserCP&CODE=06" );
  75.     
  76.     }
  77.     
  78.     
  79.     function do_board_prefs() {
  80.         global $ibforums, $DB, $std, $print, $HTTP_POST_VARS;
  81.         
  82.         // Check the input for naughties :D
  83.         
  84.         if ($HTTP_POST_VARS['act'] == "")
  85.         {
  86.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) );
  87.         }
  88.         //+----------------------------------------
  89.         if ( ! preg_match( "/^[\-\d\.]+$/", $ibforums->input['u_timezone'] ) )
  90.         {
  91.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  92.         }
  93.         //+----------------------------------------
  94.         if ( ! preg_match( "/^\d+$/", $ibforums->input['VIEW_IMG'] ) )
  95.         {
  96.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  97.         }
  98.         //+----------------------------------------
  99.         if ( ! preg_match( "/^\d+$/", $ibforums->input['VIEW_SIGS'] ) )
  100.         {
  101.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  102.         }
  103.         //+----------------------------------------
  104.         if ( ! preg_match( "/^\d+$/", $ibforums->input['VIEW_AVS'] ) )
  105.         {
  106.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  107.         }
  108.         //+----------------------------------------
  109.         if ( ! preg_match( "/^\d+$/", $ibforums->input['DO_POPUP'] ) )
  110.         {
  111.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  112.         }
  113.         
  114.         if ( ! preg_match( "/^\d+$/", $ibforums->input['HIDE_SESS'] ) )
  115.         {
  116.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'poss_hack_attempt' ) );
  117.         }
  118.         
  119.         //+----------------------------------------
  120.         
  121.         $db_string = $DB->compile_db_update_string(  array (
  122.                                                               'time_offset'  => $ibforums->input['u_timezone'],
  123.                                                               'view_avs'     => $ibforums->input['VIEW_AVS'],
  124.                                                               'view_sigs'    => $ibforums->input['VIEW_SIGS'],
  125.                                                               'view_img'     => $ibforums->input['VIEW_IMG'],
  126.                                                               'view_pop'     => $ibforums->input['DO_POPUP'],
  127.                                                               'dst_in_use'   => $ibforums->input['DST'],
  128.                                                   )         );
  129.         
  130.         $DB->query("UPDATE ibf_members SET $db_string WHERE id='".$this->class->member['id']."'");
  131.         
  132.         if ($ibforums->input['HIDE_SESS'] == 1)
  133.         {
  134.             $std->my_setcookie('hide_sess', '1');
  135.         }
  136.         else
  137.         {
  138.             $std->my_setcookie('hide_sess', '0');
  139.         }
  140.         
  141.         $print->redirect_screen( $ibforums->lang['set_updated'], "act=UserCP&CODE=04" );
  142.     
  143.     }
  144.     
  145.     
  146.     
  147.     function do_email_settings() {
  148.         global $ibforums, $DB, $std, $print, $HTTP_POST_VARS;
  149.         
  150.         if ($HTTP_POST_VARS['act'] == "")
  151.         {
  152.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) );
  153.         }
  154.         //+----------------------------------------
  155.         
  156.         //check and set the rest of the info
  157.         
  158.         foreach ( array('hide_email', 'admin_send', 'send_full_msg', 'pm_reminder') as $v )
  159.         {
  160.             $ibforums->input[ $v ] = $std->is_number( $ibforums->input[ $v ] );
  161.             
  162.             if ( $ibforums->input[ $v ] < 1 )
  163.             {
  164.                 $ibforums->input[ $v ] = 0;
  165.             }
  166.         }
  167.         
  168.         $db_string = $DB->compile_db_update_string(  array (
  169.                                                               'hide_email'         => $ibforums->input['hide_email'],
  170.                                                               'email_full'         => $ibforums->input['send_full_msg'],
  171.                                                               'email_pm'           => $ibforums->input['pm_reminder'],
  172.                                                               'allow_admin_mails'  => $ibforums->input['admin_send'],
  173.                                                   )         );
  174.         
  175.         $DB->query("UPDATE ibf_members SET $db_string WHERE id='".$this->class->member['id']."'");
  176.         
  177.         $print->redirect_screen( "Email Settings updated", "act=UserCP&CODE=02" );
  178.     
  179.     }
  180.     
  181.     
  182.     
  183.     function do_avatar() {
  184.         global $ibforums, $DB, $std, $print, $HTTP_POST_VARS, $HTTP_POST_FILES, $FILE_UPLOAD;
  185.         
  186.         if ($HTTP_POST_VARS['act'] == "")
  187.         {
  188.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) );
  189.         }
  190.         //+----------------------------------------
  191.         
  192.         $real_choice = 'noavatar';
  193.         $real_dims   = '';
  194.         
  195.         if ($ibforums->input['choice'] == 'gallery')
  196.         {
  197.             $avatar_gallery = array();
  198.          
  199.             $dh = opendir( $ibforums->vars['html_dir'].'avatars' );
  200.             while ( $file = readdir( $dh ) )
  201.             {
  202.                 if ( !preg_match( "/^..?$|^index/i", $file ) )
  203.                 {
  204.                     $avatar_gallery[] = $file;
  205.                 }
  206.             }
  207.             closedir( $dh );
  208.             
  209.             if (!in_array( $HTTP_POST_VARS['gallery_list'], $avatar_gallery ) )
  210.             {
  211.                 $std->Error( array( 'LEVEL' => 1, 'MSG' => 'no_avatar_selected' ) );
  212.             }
  213.             
  214.             $real_choice = $ibforums->input['gallery_list'];
  215.             
  216.         }
  217.         else if ($ibforums->input['choice'] == 'url')
  218.         {
  219.         
  220.             //-----------------------------------
  221.             // Check to make sure we don't just have
  222.             // http:// in the URL box..
  223.             //------------------------------------
  224.             
  225.             if ( preg_match( "/^http:\/\/$/i", $ibforums->input['url_avatar'] ) )
  226.             {
  227.                 $ibforums->input['url_avatar'] = "";
  228.             }
  229.         
  230.             if (empty($ibforums->input['url_avatar']) )
  231.             {
  232.             
  233.             //------------------------------------
  234.             // Lets check for an uploaded avatar..
  235.             //------------------------------------
  236.             
  237.                 if ($HTTP_POST_FILES['FILE_UPLOAD']['name'] != "" and ($HTTP_POST_FILES['FILE_UPLOAD']['name'] != "none") )
  238.                 {
  239.                     $FILE_NAME = $HTTP_POST_FILES['FILE_UPLOAD']['name'];
  240.                     $FILE_SIZE = $HTTP_POST_FILES['FILE_UPLOAD']['size'];
  241.                     $FILE_TYPE = $HTTP_POST_FILES['FILE_UPLOAD']['type'];
  242.                     
  243.                     if ($HTTP_POST_FILES['FILE_UPLOAD']['name'] == "")
  244.                     {
  245.                         $std->Error( array( 'LEVEL' => 1, 'MSG' => 'no_av_name' ) );
  246.                     }
  247.         
  248.                     // Naughty Opera adds the filename on the end of the
  249.                     // mime type - we don't want this.
  250.                     
  251.                     $FILE_TYPE = preg_replace( "/^(.+?);.*$/", "\\1", $FILE_TYPE );
  252.                     
  253.                     // Are we allowed to upload or has the admin stopped us?
  254.                     
  255.                     if ( ($ibforums->member['g_avatar_upload'] != 1) or ($ibforums->vars['avup_size_max'] < 1) )
  256.                     {
  257.                         $std->Error( array( 'LEVEL' => 1, 'MSG' => 'no_av_upload' ) );
  258.                     }
  259.                     
  260.                     // Check to make sure it's the correct content type.
  261.                     // Naughty Nominell won't be able to use PNG :P
  262.                     
  263.                     require "./conf_mime_types.php";
  264.                     
  265.                     if ($mime_types[ $FILE_TYPE ][3] != 1)
  266.                     {
  267.                         $std->Error( array( 'LEVEL' => 1, 'MSG' => 'no_av_type' ) );
  268.                     }
  269.                        
  270.                     //-------------------------------------------------
  271.                     // Check the file size
  272.                     //-------------------------------------------------
  273.                     
  274.                     if ($FILE_SIZE > ($ibforums->vars['avup_size_max']*1024))
  275.                     {
  276.                         $std->Error( array( 'LEVEL' => 1, 'MSG' => 'upload_to_big' ) );
  277.                     }
  278.                     
  279.                     $ext = '.gif';
  280.         
  281.                     switch($FILE_TYPE)
  282.                     {
  283.                         case 'image/gif':
  284.                             $ext = '.gif';
  285.                             break;
  286.                         case 'image/jpeg':
  287.                             $ext = '.jpg';
  288.                             break;
  289.                         case 'image/pjpeg':
  290.                             $ext = '.jpg';
  291.                             break;
  292.                         case 'image/x-png':
  293.                             $ext = '.png';
  294.                             break;
  295.                         default:
  296.                             $ext = '.gif';
  297.                             break;
  298.                     }
  299.                     
  300.                     $real_name = 'av-'.$this->class->member['id'].$ext;
  301.                     
  302.                     //-------------------------------------------------
  303.                     // Copy the upload to the uploads directory
  304.                     //-------------------------------------------------
  305.                     
  306.                     if (! @move_uploaded_file( $HTTP_POST_FILES['FILE_UPLOAD']['tmp_name'], $ibforums->vars['upload_dir']."/".$real_name) )
  307.                     {
  308.                         $std->Error( array( 'LEVEL' => 1, 'MSG' => 'upload_failed' ) );
  309.                     }
  310.                     
  311.                     // Set the "real" avatar..
  312.                     
  313.                     $real_choice = 'upload:'.$real_name;
  314.                     
  315.                     $w = $ibforums->input['Avatar_width'];
  316.                     $h = $ibforums->input['Avatar_height'];
  317.                     
  318.                     list($aw, $ah) = explode( "x", $ibforums->vars['avatar_dims'] );
  319.                     
  320.                     $w = $w > $aw ? $aw : $w;
  321.                     $h = $h > $ah ? $ah : $h;
  322.                     
  323.                     $real_dims    = $w.'x'.$h;
  324.                     
  325.                 }
  326.                 else if ( preg_match( "/^upload:/", $this->class->member['avatar'] ) )
  327.                 {
  328.                     // Keep the current avatar
  329.                     
  330.                     $real_choice = $this->class->member['avatar'];
  331.                     
  332.                     $w = $ibforums->input['Avatar_width'];
  333.                     $h = $ibforums->input['Avatar_height'];
  334.                     
  335.                     list($aw, $ah) = explode( "x", $ibforums->vars['avatar_dims'] );
  336.                     
  337.                     $w = $w > $aw ? $aw : $w;
  338.                     $h = $h > $ah ? $ah : $h;
  339.                     
  340.                     $real_dims    = $w.'x'.$h;
  341.                 }
  342.                 else
  343.                 {
  344.                     // URL field and upload field left blank.
  345.             
  346.                     $std->Error( array( 'LEVEL' => 1, 'MSG' => 'no_avatar_selected' ) );
  347.                 
  348.                 }
  349.             }
  350.             else
  351.             {
  352.                 // Non empty URL field, upload box is empty.
  353.             
  354.                 if (!preg_match( "/^http:\/\//i", $ibforums->input['url_avatar'] ) )
  355.                 {
  356.                     $std->Error( array( 'LEVEL' => 1, 'MSG' => 'avatar_invalid_url' ) );
  357.                 }
  358.                 
  359.                 $ext = explode ( "|", $ibforums->vars['avatar_ext'] );
  360.                 $checked = 0;
  361.                 $av_ext = preg_replace( "/^.*\.(\S+)$/", "\\1", $ibforums->input['url_avatar'] );
  362.                 
  363.                 foreach ($ext as $v )
  364.                 {
  365.                     if (strtolower($v) == strtolower($av_ext))
  366.                     {
  367.                         $checked = 1;
  368.                     }
  369.                 }
  370.                 
  371.                 if ($checked != 1)
  372.                 {
  373.                     $std->Error( array( 'LEVEL' => 1, 'MSG' => 'avatar_invalid_ext' ) );
  374.                 }
  375.                 
  376.                 $w = $ibforums->input['Avatar_width'];
  377.                 $h = $ibforums->input['Avatar_height'];
  378.                 
  379.                 list($aw, $ah) = explode( "x", $ibforums->vars['avatar_dims'] );
  380.                 
  381.                 $w = $w > $aw ? $aw : $w;
  382.                 $h = $h > $ah ? $ah : $h;
  383.                 
  384.                 $real_dims    = $w.'x'.$h;
  385.                 $real_choice = $ibforums->input['url_avatar'];
  386.             }
  387.             
  388.         }
  389.         else
  390.         {
  391.             $real_choice = 'noavatar';
  392.         }
  393.         
  394.         // Update the DB
  395.         
  396.         $DB->query("UPDATE ibf_members SET avatar='$real_choice', avatar_size='$real_dims' WHERE id='".$this->class->member['id']."'");
  397.     
  398.         $print->redirect_screen( "Avatar choice updated", "act=UserCP&CODE=24" );
  399.     
  400.     }
  401.     
  402.     
  403.     function do_profile() {
  404.         global $ibforums, $DB, $std, $print, $HTTP_POST_VARS;
  405.         
  406.         //----------------------------------
  407.         // Check for bad entry
  408.         //----------------------------------
  409.         
  410.         if ($HTTP_POST_VARS['act'] == "")
  411.         {
  412.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) );
  413.         }
  414.         //+----------------------------------------
  415.         
  416.         if ( (strlen($HTTP_POST_VARS['Interests']) > $ibforums->vars['max_interest_length']) and ($ibforums->vars['max_interest_length']) )
  417.         {
  418.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'int_too_long' ) );
  419.         }
  420.         //+--------------------
  421.         if ( (strlen($HTTP_POST_VARS['Location']) > $ibforums->vars['max_location_length']) and ($ibforums->vars['max_location_length']) )
  422.         {
  423.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'loc_too_long' ) );
  424.         }
  425.         //+--------------------
  426.         if (strlen($HTTP_POST_VARS['WebSite']) > 150)
  427.         {
  428.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'web_too_long' ) );
  429.         }
  430.         //+--------------------
  431.         if (strlen($HTTP_POST_VARS['Photo']) > 150) 
  432.         {
  433.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'photo_too_long' ) );
  434.         }
  435.         //+--------------------
  436.         if ( ($HTTP_POST_VARS['ICQNumber']) && (!preg_match( "/^(?:\d+)$/", $HTTP_POST_VARS['ICQNumber'] ) ) )
  437.         {
  438.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'not_icq_number' ) );
  439.         }
  440.         //+--------------------
  441.         if ( empty($ibforums->vars['allow_dynamic_img']) )
  442.         {
  443.             if ( preg_match( "/[?&;]/", $HTTP_POST_VARS['Photo'] ) )
  444.             {
  445.                 $std->Error( array( 'LEVEL' => 1, 'MSG' => 'not_url_photo' ) );
  446.             }
  447.         }
  448.         
  449.         //----------------------------------
  450.         // make sure that either we entered
  451.         // all calendar fields, or we left them
  452.         // all blank
  453.         //----------------------------------
  454.         
  455.         $c_cnt = 0;
  456.         
  457.         foreach ( array('day','month','year') as $v )
  458.         {
  459.             if (!empty($ibforums->input[$v]))
  460.             {
  461.                 $c_cnt++;
  462.             }
  463.         }
  464.         
  465.         if ( ($c_cnt > 0) and ($c_cnt != 3) )
  466.         {
  467.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'calendar_not_all' ) );
  468.         }
  469.         
  470.         if ( ! preg_match( "#^http://#", $ibforums->input['WebSite'] ) )
  471.         {
  472.             $ibforums->input['WebSite'] = 'http://'.$ibforums->input['WebSite'];
  473.         }
  474.         
  475.         //----------------------------------
  476.         // Start off our array
  477.         //----------------------------------
  478.         
  479.         $set = array(  'website'     => $ibforums->input['WebSite'],
  480.                        'icq_number'  => $ibforums->input['ICQNumber'],
  481.                        'aim_name'    => $ibforums->input['AOLName'],
  482.                        'yahoo'       => $ibforums->input['YahooName'],
  483.                        'msnname'     => $ibforums->input['MSNName'],
  484.                        'location'    => $ibforums->input['Location'],
  485.                        'interests'   => $ibforums->input['Interests'],
  486.                        'photo'       => $ibforums->input['Photo'],
  487.                        'bday_day'    => $ibforums->input['day'],
  488.                        'bday_month'  => $ibforums->input['month'],
  489.                        'bday_year'   => $ibforums->input['year'],
  490.                     );
  491.         
  492.         //----------------------------------
  493.         // check to see if we can enter a member title
  494.         // and if one is entered, update it.
  495.         //----------------------------------
  496.         
  497.         if ( ($ibforums->input['member_title']) and ($ibforums->vars['post_titlechange']) and ( $this->class->member['posts'] > $ibforums->vars['post_titlechange']) )
  498.         {
  499.             $set['title'] = $ibforums->input['member_title'];
  500.         }
  501.         
  502.         //----------------------------------
  503.         // Update the DB
  504.         //----------------------------------
  505.         
  506.         $set_string = $DB->compile_db_update_string($set);
  507.         
  508.         $DB->query("UPDATE ibf_members SET $set_string WHERE id='".$this->class->member['id']."'");
  509.         
  510.         
  511.         
  512.         // Return us!
  513.         
  514.         $print->redirect_screen( $ibforums->lang['profile_edited'], "act=UserCP&CODE=01" );
  515.         
  516.     }
  517.     
  518.     function do_signature() {
  519.         global $ibforums, $DB, $std, $print, $HTTP_POST_VARS;
  520.         
  521.         if ($HTTP_POST_VARS['act'] == "")
  522.         {
  523.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) );
  524.         }
  525.         //+----------------------------------------
  526.         
  527.         //----------------------------------
  528.         // Check for bad entry
  529.         //----------------------------------
  530.         
  531.         if ( (strlen($HTTP_POST_VARS['Post']) > $ibforums->vars['max_sig_length']) and ($ibforums->vars['max_sig_length']) )
  532.         {
  533.             $std->Error( array( 'LEVEL' => 1, 'MSG' => 'sig_too_long' ) );
  534.         }
  535.         
  536.         //----------------------------------
  537.         // Check for valid IB CODE
  538.         //----------------------------------
  539.         //
  540.         // For efficiency, we convert the IBF code into HTML and store it in the DB
  541.         // Otherwise we'll have to parse the siggies each time we view a post - that
  542.         // gets boring after a while.
  543.         //
  544.         // We will adjust raw HTML on the fly, as some admins may allow it until it's abused
  545.         // then switch it off. If we pre-compile HTML in siggies, we'd have to edit everyones
  546.         // siggies to remove it. We don't want that.
  547.         //
  548.         // I'm going to stick my neck out again and say that most admins will allow IBF Code
  549.         // in siggies, so it's not much of a bother.
  550.         
  551.         $ibforums->input['Post'] = $this->class->parser->convert(  array( 'TEXT'      => $ibforums->input['Post'],
  552.                                                                    'SMILIES'   => 0,
  553.                                                                    'CODE'      => $ibforums->vars['sig_allow_ibc'],
  554.                                                                    'HTML'      => $ibforums->vars['sig_allow_html'],
  555.                                                                    'SIGNATURE' => 1
  556.                                                          )       );
  557.                                        
  558.         if ($this->class->parser->error != "")
  559.         {
  560.             $std->Error( array( 'LEVEL' => 1, 'MSG' => $this->class->parser->error) );
  561.         }
  562.         
  563.         //Write it to the DB.
  564.         
  565.         $ibforums->input['Post'] = preg_replace( "/'/", "\\'", $ibforums->input['Post'] );
  566.         
  567.         $DB->query("UPDATE ibf_members SET signature='".$ibforums->input['Post']."' WHERE id ='".$this->class->member['id']."'");
  568.         
  569.         // Buh BYE:
  570.         
  571.         $std->boink_it($this->class->base_url."&act=UserCP&CODE=22");
  572.         
  573.         exit;
  574.     }
  575.     
  576.     
  577.     
  578.     
  579.     
  580. }
  581.  
  582.  
  583.  
  584. ?>