Code Coverage for /data/phpBB/includes/ucp/ucp

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 467	0.00% covered (danger)	0.00%	0 / 1	CRAP	0.00% covered (danger)	0.00%	0 / 1
ucp_profile	0.00% covered (danger)	0.00%	0 / 465	0.00% covered (danger)	0.00%	0 / 1	17822	0.00% covered (danger)	0.00%	0 / 1
main	0.00% covered (danger)	0.00%	0 / 465	0.00% covered (danger)	0.00%	0 / 1	17822

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	/**
23	* ucp_profile
24	* Changing profile settings
25	*
26	* @todo what about pertaining user_sig_options?
27	*/
28	class ucp_profile
29	{
30	var $u_action;
31
32	function main($id, $mode)
33	{
34	global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
35	global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher, $language;
36
37	$user->add_lang('posting');
38
39	$submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
40	$error = array();
41	$s_hidden_fields = '';
42
43	switch ($mode)
44	{
45	case 'reg_details':
46
47	$data = array(
48	'username' => $request->variable('username', $user->data['username'], true),
49	'email' => strtolower($request->variable('email', $user->data['user_email'])),
50	'new_password' => $request->variable('new_password', '', true),
51	'cur_password' => $request->variable('cur_password', '', true),
52	'password_confirm' => $request->variable('password_confirm', '', true),
53	);
54
55	/**
56	* Modify user registration data on editing account settings in UCP
57	*
58	* @event core.ucp_profile_reg_details_data
59	* @var array data Array with current or updated user registration data
60	* @var bool submit Flag indicating if submit button has been pressed
61	* @since 3.1.4-RC1
62	*/
63	$vars = array('data', 'submit');
64	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_data', compact($vars)));
65
66	add_form_key('ucp_reg_details');
67
68	if ($submit)
69	{
70	// Do not check cur_password, it is the old one.
71	$check_ary = array(
72	'new_password' => array(
73	array('string', true, $config['min_pass_chars'], 0),
74	array('password')),
75	'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
76	'email' => array(
77	array('string', false, 6, 60),
78	array('user_email')),
79	);
80
81	if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
82	{
83	$check_ary['username'] = array(
84	array('string', false, $config['min_name_chars'], $config['max_name_chars']),
85	array('username'),
86	);
87	}
88
89	$error = validate_data($data, $check_ary);
90
91	if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
92	{
93	$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
94	}
95
96	// Instantiate passwords manager
97	/* @var $passwords_manager \phpbb\passwords\manager */
98	$passwords_manager = $phpbb_container->get('passwords.manager');
99
100	// Only check the new password against the previous password if there have been no errors
101	if (!count($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
102	{
103	$error[] = 'SAME_PASSWORD_ERROR';
104	}
105
106	if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
107	{
108	$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
109	}
110
111	if (!check_form_key('ucp_reg_details'))
112	{
113	$error[] = 'FORM_INVALID';
114	}
115
116	/**
117	* Validate user data on editing registration data in UCP
118	*
119	* @event core.ucp_profile_reg_details_validate
120	* @var array data Array with user profile data
121	* @var bool submit Flag indicating if submit button has been pressed
122	* @var array error Array of any generated errors
123	* @since 3.1.4-RC1
124	*/
125	$vars = array('data', 'submit', 'error');
126	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars)));
127
128	if (!count($error))
129	{
130	$sql_ary = array(
131	'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
132	'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
133	'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
134	'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
135	);
136
137	if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
138	{
139	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
140	'reportee_id' => $user->data['user_id'],
141	$user->data['username'],
142	$data['username']
143	));
144	}
145
146	if ($auth->acl_get('u_chgpasswd') && $data['new_password'])
147	{
148	$sql_ary['user_passchg'] = time();
149
150	$user->reset_login_keys();
151	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
152	'reportee_id' => $user->data['user_id'],
153	$user->data['username']
154	));
155	}
156
157	if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
158	{
159	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
160	'reportee_id' => $user->data['user_id'],
161	$user->data['username'],
162	$user->data['user_email'],
163	$data['email']
164	));
165	}
166
167	$message = 'PROFILE_UPDATED';
168
169	if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF \|\| $config['require_activation'] == USER_ACTIVATION_ADMIN))
170	{
171	$message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
172
173	include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
174
175	$server_url = generate_board_url();
176
177	$user_actkey = gen_rand_string(mt_rand(6, 10));
178
179	$messenger = new messenger(false);
180
181	$template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
182	$messenger->template($template_file, $user->data['user_lang']);
183
184	$messenger->to($data['email'], $data['username']);
185
186	$messenger->anti_abuse_headers($config, $user);
187
188	$messenger->assign_vars(array(
189	'USERNAME' => html_entity_decode($data['username'], ENT_COMPAT),
190	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
191	);
192
193	$messenger->send(NOTIFY_EMAIL);
194
195	if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
196	{
197	$notifications_manager = $phpbb_container->get('notification_manager');
198	$notifications_manager->add_notifications('notification.type.admin_activate_user', array(
199	'user_id' => $user->data['user_id'],
200	'user_actkey' => $user_actkey,
201	'user_actkey_expiration' => $user::get_token_expiration(),
202	'user_regdate' => time(), // Notification time
203	));
204	}
205
206	user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
207
208	// Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
209	$sql_ary['user_actkey'] = $user_actkey;
210	$sql_ary['user_newpasswd'] = '';
211	}
212
213	/**
214	* Modify user registration data before submitting it to the database
215	*
216	* @event core.ucp_profile_reg_details_sql_ary
217	* @var array data Array with current or updated user registration data
218	* @var array sql_ary Array with user registration data to submit to the database
219	* @since 3.1.4-RC1
220	*/
221	$vars = array('data', 'sql_ary');
222	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars)));
223
224	if (count($sql_ary))
225	{
226	$sql = 'UPDATE ' . USERS_TABLE . '
227	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
228	WHERE user_id = ' . $user->data['user_id'];
229	$db->sql_query($sql);
230	}
231
232	// Need to update config, forum, topic, posting, messages, etc.
233	if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
234	{
235	user_update_name($user->data['username'], $data['username']);
236	}
237
238	// Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
239	if (!empty($sql_ary['user_actkey']))
240	{
241	meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
242	$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>');
243
244	// Because the user gets deactivated we log him out too, killing his session
245	$user->session_kill();
246	}
247	else
248	{
249	meta_refresh(3, $this->u_action);
250	$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
251	}
252
253	trigger_error($message);
254	}
255
256	// Replace "error" strings with their real, localised form
257	$error = array_map(array($user, 'lang'), $error);
258	}
259
260	$template->assign_vars(array(
261	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
262
263	'USERNAME' => $data['username'],
264	'EMAIL' => $data['email'],
265	'PASSWORD_CONFIRM' => $data['password_confirm'],
266	'NEW_PASSWORD' => $data['new_password'],
267	'CUR_PASSWORD' => '',
268
269	'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
270	'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
271
272	'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
273	'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
274	'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false,
275	'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false)
276	);
277	break;
278
279	case 'profile_info':
280	// Do not display profile information panel if not authed to do so
281	if (!$auth->acl_get('u_chgprofileinfo'))
282	{
283	send_status_line(403, 'Forbidden');
284	trigger_error('NO_AUTH_PROFILEINFO');
285	}
286
287	/* @var $cp \phpbb\profilefields\manager */
288	$cp = $phpbb_container->get('profilefields.manager');
289
290	$cp_data = $cp_error = array();
291
292	$data = array(
293	'jabber' => $request->variable('jabber', $user->data['user_jabber'], true),
294	);
295
296	if ($config['allow_birthdays'])
297	{
298	$data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
299
300	if ($user->data['user_birthday'])
301	{
302	list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
303	}
304
305	$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
306	$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
307	$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
308	$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
309	}
310
311	/**
312	* Modify user data on editing profile in UCP
313	*
314	* @event core.ucp_profile_modify_profile_info
315	* @var array data Array with user profile data
316	* @var bool submit Flag indicating if submit button has been pressed
317	* @since 3.1.4-RC1
318	*/
319	$vars = array('data', 'submit');
320	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_profile_info', compact($vars)));
321
322	add_form_key('ucp_profile_info');
323
324	if ($submit)
325	{
326	$validate_array = array(
327	'jabber' => array(
328	array('string', true, 5, 255),
329	array('jabber')),
330	);
331
332	if ($config['allow_birthdays'])
333	{
334	$validate_array = array_merge($validate_array, array(
335	'bday_day' => array('num', true, 1, 31),
336	'bday_month' => array('num', true, 1, 12),
337	'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50),
338	'user_birthday' => array('date', true),
339	));
340	}
341
342	$error = validate_data($data, $validate_array);
343
344	// validate custom profile fields
345	$cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
346
347	if (count($cp_error))
348	{
349	$error = array_merge($error, $cp_error);
350	}
351
352	if (!check_form_key('ucp_profile_info'))
353	{
354	$error[] = 'FORM_INVALID';
355	}
356
357	/**
358	* Validate user data on editing profile in UCP
359	*
360	* @event core.ucp_profile_validate_profile_info
361	* @var array data Array with user profile data
362	* @var bool submit Flag indicating if submit button has been pressed
363	* @var array error Array of any generated errors
364	* @since 3.1.4-RC1
365	*/
366	$vars = array('data', 'submit', 'error');
367	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars)));
368
369	if (!count($error))
370	{
371	$data['notify'] = $user->data['user_notify_type'];
372
373	if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] \|\| !$data['jabber'] \|\| !@extension_loaded('xml')))
374	{
375	// User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
376	// Disable notify by Jabber now for this user.
377	$data['notify'] = NOTIFY_EMAIL;
378	}
379
380	$sql_ary = array(
381	'user_jabber' => $data['jabber'],
382	'user_notify_type' => $data['notify'],
383	);
384
385	if ($config['allow_birthdays'])
386	{
387	$sql_ary['user_birthday'] = $data['user_birthday'];
388	}
389
390	/**
391	* Modify profile data in UCP before submitting to the database
392	*
393	* @event core.ucp_profile_info_modify_sql_ary
394	* @var array cp_data Array with the user custom profile fields data
395	* @var array data Array with user profile data
396	* @var array sql_ary user options data we update
397	* @since 3.1.4-RC1
398	*/
399	$vars = array('cp_data', 'data', 'sql_ary');
400	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars)));
401
402	$sql = 'UPDATE ' . USERS_TABLE . '
403	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
404	WHERE user_id = ' . $user->data['user_id'];
405	$db->sql_query($sql);
406
407	// Update Custom Fields
408	$cp->update_profile_field_data($user->data['user_id'], $cp_data);
409
410	meta_refresh(3, $this->u_action);
411	$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
412	trigger_error($message);
413	}
414
415	// Replace "error" strings with their real, localised form
416	$error = array_map(array($user, 'lang'), $error);
417	}
418
419	if ($config['allow_birthdays'])
420	{
421	$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
422	for ($i = 1; $i < 32; $i++)
423	{
424	$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
425	$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
426	}
427
428	$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
429	for ($i = 1; $i < 13; $i++)
430	{
431	$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
432	$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
433	}
434
435	$now = getdate();
436	$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
437	for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
438	{
439	$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
440	$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
441	}
442	unset($now);
443
444	$template->assign_vars(array(
445	'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
446	'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
447	'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
448	'S_BIRTHDAYS_ENABLED' => true,
449	));
450	}
451
452	$template->assign_vars(array(
453	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
454	'S_JABBER_ENABLED' => $config['jab_enable'],
455	'JABBER' => $data['jabber'],
456	));
457
458	// Get additional profile fields and assign them to the template block var 'profile_fields'
459	$user->get_profile_fields($user->data['user_id']);
460
461	$cp->generate_profile_fields('profile', $user->get_iso_lang_id());
462
463	break;
464
465	case 'signature':
466
467	if (!$auth->acl_get('u_sig'))
468	{
469	send_status_line(403, 'Forbidden');
470	trigger_error('NO_AUTH_SIGNATURE');
471	}
472
473	if (!function_exists('generate_smilies'))
474	{
475	include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
476	}
477
478	if (!function_exists('display_custom_bbcodes'))
479	{
480	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
481	}
482
483	$preview = $request->is_set_post('preview');
484
485	$enable_bbcode = ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false;
486	$enable_smilies = ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false;
487	$enable_urls = ($config['allow_sig_links']) ? $user->optionget('sig_links') : false;
488
489	$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
490
491	$decoded_message = generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $bbcode_flags);
492	$signature = $request->variable('signature', $decoded_message['text'], true);
493	$signature_preview = '';
494
495	if ($submit \|\| $preview)
496	{
497	$enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
498	$enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
499	$enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
500
501	if (!check_form_key('ucp_sig'))
502	{
503	$error[] = 'FORM_INVALID';
504	}
505	}
506
507	/**
508	* Modify user signature on editing profile in UCP
509	*
510	* @event core.ucp_profile_modify_signature
511	* @var bool enable_bbcode Whether or not bbcode is enabled
512	* @var bool enable_smilies Whether or not smilies are enabled
513	* @var bool enable_urls Whether or not urls are enabled
514	* @var string signature Users signature text
515	* @var array error Any error strings
516	* @var bool submit Whether or not the form has been sumitted
517	* @var bool preview Whether or not the signature is being previewed
518	* @since 3.1.10-RC1
519	* @changed 3.2.0-RC2 Removed message parser
520	*/
521	$vars = array(
522	'enable_bbcode',
523	'enable_smilies',
524	'enable_urls',
525	'signature',
526	'error',
527	'submit',
528	'preview',
529	);
530	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars)));
531
532	$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
533	$warn_msg = generate_text_for_storage(
534	$signature,
535	$bbcode_uid,
536	$bbcode_bitfield,
537	$bbcode_flags,
538	$enable_bbcode,
539	$enable_urls,
540	$enable_smilies,
541	$config['allow_sig_img'],
542	true,
543	$config['allow_sig_links'],
544	'sig'
545	);
546
547	if (count($warn_msg))
548	{
549	$error += $warn_msg;
550	}
551
552	if (!$submit)
553	{
554	// Parse it for displaying
555	$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
556	}
557	else
558	{
559	if (!count($error))
560	{
561	$user->optionset('sig_bbcode', $enable_bbcode);
562	$user->optionset('sig_smilies', $enable_smilies);
563	$user->optionset('sig_links', $enable_urls);
564
565	$sql_ary = array(
566	'user_sig' => $signature,
567	'user_options' => $user->data['user_options'],
568	'user_sig_bbcode_uid' => $bbcode_uid,
569	'user_sig_bbcode_bitfield' => $bbcode_bitfield
570	);
571
572	/**
573	* Modify user registration data before submitting it to the database
574	*
575	* @event core.ucp_profile_modify_signature_sql_ary
576	* @var array sql_ary Array with user signature data to submit to the database
577	* @since 3.1.10-RC1
578	*/
579	$vars = array('sql_ary');
580	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars)));
581
582	$sql = 'UPDATE ' . USERS_TABLE . '
583	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
584	WHERE user_id = ' . $user->data['user_id'];
585	$db->sql_query($sql);
586
587	$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
588	trigger_error($message);
589	}
590	}
591
592	// Replace "error" strings with their real, localised form
593	$error = array_map(array($user, 'lang'), $error);
594
595	if ($request->is_set_post('preview'))
596	{
597	$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
598	}
599
600	/** @var \phpbb\controller\helper $controller_helper */
601	$controller_helper = $phpbb_container->get('controller.helper');
602
603	$template->assign_vars(array(
604	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
605	'SIGNATURE' => $decoded_message['text'],
606	'SIGNATURE_PREVIEW' => $signature_preview,
607
608	'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
609	'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
610	'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
611
612	'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
613	'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
614	'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
615	'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
616	'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'],
617
618	'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
619
620	'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
621	'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
622	'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
623	'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
624	);
625
626	add_form_key('ucp_sig');
627
628	// Build custom bbcodes array
629	display_custom_bbcodes();
630
631	// Generate smiley listing
632	generate_smilies('inline', 0);
633
634	break;
635
636	case 'avatar':
637
638	add_form_key('ucp_avatar');
639
640	$avatars_enabled = false;
641
642	if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar'))
643	{
644	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
645	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
646	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
647
648	// This is normalised data, without the user_ prefix
649	$avatar_data = \phpbb\avatar\manager::clean_row($user->data, 'user');
650
651	if ($submit)
652	{
653	if (check_form_key('ucp_avatar'))
654	{
655	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
656
657	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
658	{
659	$driver = $phpbb_avatar_manager->get_driver($driver_name);
660	$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
661
662	if ($result && empty($error))
663	{
664	// Success! Lets save the result in the database
665	$result = array(
666	'user_avatar_type' => $driver_name,
667	'user_avatar' => $result['avatar'],
668	'user_avatar_width' => $result['avatar_width'],
669	'user_avatar_height' => $result['avatar_height'],
670	);
671
672	/**
673	* Trigger events on successful avatar change
674	*
675	* @event core.ucp_profile_avatar_sql
676	* @var array result Array with data to be stored in DB
677	* @since 3.1.11-RC1
678	*/
679	$vars = array('result');
680	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_sql', compact($vars)));
681
682	$sql = 'UPDATE ' . USERS_TABLE . '
683	SET ' . $db->sql_build_array('UPDATE', $result) . '
684	WHERE user_id = ' . (int) $user->data['user_id'];
685	$db->sql_query($sql);
686
687	if ($request->is_ajax())
688	{
689	/** @var \phpbb\avatar\helper $avatar_helper */
690	$avatar_helper = $phpbb_container->get('avatar.helper');
691
692	$avatar = $avatar_helper->get_user_avatar($user->data, 'USER_AVATAR', true);
693
694	$json_response = new \phpbb\json_response;
695	$json_response->send(array(
696	'success' => true,
697
698	'MESSAGE_TITLE' => $language->lang('INFORMATION'),
699	'MESSAGE_TEXT' => $language->lang('PROFILE_UPDATED'),
700	'AVATAR' => $avatar_helper->get_template_vars($avatar),
701	'REFRESH_DATA' => [
702	'time' => 3,
703	'url' => $this->u_action,
704	'text' => $language->lang('RETURN_TO_UCP'),
705	]
706	));
707	}
708	else
709	{
710	meta_refresh(3, $this->u_action);
711	$message = $language->lang('PROFILE_UPDATED') . '<br><br>' . $language->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
712	trigger_error($message);
713	}
714	}
715	else if ($request->is_ajax())
716	{
717	$error = $phpbb_avatar_manager->localize_errors($user, $error);
718
719	$json_response = new \phpbb\json_response;
720	$json_response->send([
721	'success' => false,
722	'error' => [
723	'title' => $language->lang('INFORMATION'),
724	'messages' => $error,
725	],
726	]);
727	}
728	}
729	}
730	else
731	{
732	$error[] = 'FORM_INVALID';
733	}
734	}
735
736	// Handle deletion of avatars
737	if ($request->is_set_post('avatar_delete'))
738	{
739	if (!confirm_box(true))
740	{
741	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
742	'avatar_delete' => true,
743	'i' => $id,
744	'mode' => $mode))
745	);
746	}
747	else
748	{
749	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
750
751	meta_refresh(3, $this->u_action);
752	$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
753	trigger_error($message);
754	}
755	}
756
757	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
758
759	$template->assign_vars(array(
760	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
761	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
762	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
763	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
764	));
765
766	foreach ($avatar_drivers as $current_driver)
767	{
768	$driver = $phpbb_avatar_manager->get_driver($current_driver);
769
770	$avatars_enabled = true;
771	$template->set_filenames(array(
772	'avatar' => $driver->get_template_name(),
773	));
774
775	if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
776	{
777	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
778	$driver_upper = strtoupper($driver_name);
779
780	$template->assign_block_vars('avatar_drivers', array(
781	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
782	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
783
784	'DRIVER' => $driver_name,
785	'SELECTED' => $current_driver == $selected_driver,
786	'OUTPUT' => $template->assign_display('avatar'),
787	));
788	}
789	}
790
791	// Replace "error" strings with their real, localised form
792	$error = $phpbb_avatar_manager->localize_errors($user, $error);
793	}
794
795	/** @var \phpbb\avatar\helper $avatar_helper */
796	$avatar_helper = $phpbb_container->get('avatar.helper');
797
798	$avatar = $avatar_helper->get_user_avatar($user->data, 'USER_AVATAR', true);
799	$template->assign_vars($avatar_helper->get_template_vars($avatar));
800
801	$template->assign_vars(array(
802	'ERROR' => !empty($error) ? implode('<br />', $error) : '',
803
804	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
805
806	'L_AVATAR_EXPLAIN' => phpbb_avatar_explanation_string(),
807
808	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
809	));
810
811	break;
812
813	case 'autologin_keys':
814
815	add_form_key('ucp_autologin_keys');
816
817	if ($submit)
818	{
819	$keys = $request->variable('keys', array(''));
820
821	if (!check_form_key('ucp_autologin_keys'))
822	{
823	$error[] = 'FORM_INVALID';
824	}
825
826	if (!count($error))
827	{
828	if (!empty($keys))
829	{
830	foreach ($keys as $key => $id)
831	{
832	$keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
833	}
834	$sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
835	$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
836	WHERE user_id = ' . (int) $user->data['user_id'] . '
837	AND ' . $sql_where ;
838
839	$db->sql_query($sql);
840
841	meta_refresh(3, $this->u_action);
842	$message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
843	trigger_error($message);
844	}
845	}
846
847	// Replace "error" strings with their real, localised form
848	$error = array_map(array($user, 'lang'), $error);
849	}
850
851	$sql_ary = [
852	'SELECT' => 'sk.key_id, sk.last_ip, sk.last_login',
853	'FROM' => [SESSIONS_KEYS_TABLE => 'sk'],
854	'WHERE' => 'sk.user_id = ' . (int) $user->data['user_id'],
855	'ORDER_BY' => 'sk.last_login ASC',
856	];
857
858	/**
859	* Event allows changing SQL query for autologin keys
860	*
861	* @event core.ucp_profile_autologin_keys_sql
862	* @var array sql_ary Array with autologin keys SQL query
863	* @since 3.3.2-RC1
864	*/
865	$vars = ['sql_ary'];
866	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_sql', compact($vars)));
867
868	$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
869	$sessions = (array) $db->sql_fetchrowset($result);
870	$db->sql_freeresult($result);
871
872	$template_vars = [];
873	foreach ($sessions as $row)
874	{
875	$key = substr($row['key_id'], 0, 8);
876	$template_vars[$key] = [
877	'KEY' => $key,
878	'IP' => $row['last_ip'],
879	'LOGIN_TIME' => $user->format_date($row['last_login']),
880	];
881	}
882
883	/**
884	* Event allows changing template variables
885	*
886	* @event core.ucp_profile_autologin_keys_template_vars
887	* @var array sessions Array with session keys data
888	* @var array template_vars Array with template variables
889	* @since 3.3.2-RC1
890	*/
891	$vars = ['sessions', 'template_vars'];
892	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_template_vars', compact($vars)));
893
894	$template->assign_block_vars_array('sessions', $template_vars);
895
896	break;
897	}
898
899	$template->assign_vars(array(
900	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
901
902	'L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)],
903
904	'S_HIDDEN_FIELDS' => $s_hidden_fields,
905	'S_UCP_ACTION' => $this->u_action)
906	);
907
908	// Set desired template
909	$this->tpl_name = 'ucp_profile_' . $mode;
910	$this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
911	}
912	}