Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 467
0.00% covered (danger)
0.00%
0 / 1
CRAP
0.00% covered (danger)
0.00%
0 / 1
ucp_profile
0.00% covered (danger)
0.00%
0 / 465
0.00% covered (danger)
0.00%
0 / 1
17822
0.00% covered (danger)
0.00%
0 / 1
 main
0.00% covered (danger)
0.00%
0 / 465
0.00% covered (danger)
0.00%
0 / 1
17822
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14/**
15* @ignore
16*/
17if (!defined('IN_PHPBB'))
18{
19    exit;
20}
21
22/**
23* ucp_profile
24* Changing profile settings
25*
26* @todo what about pertaining user_sig_options?
27*/
28class ucp_profile
29{
30    var $u_action;
31
32    function main($id, $mode)
33    {
34        global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
35        global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher, $language;
36
37        $user->add_lang('posting');
38
39        $submit        = $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
40        $error = array();
41        $s_hidden_fields = '';
42
43        switch ($mode)
44        {
45            case 'reg_details':
46
47                $data = array(
48                    'username'            => $request->variable('username', $user->data['username'], true),
49                    'email'                => strtolower($request->variable('email', $user->data['user_email'])),
50                    'new_password'        => $request->variable('new_password', '', true),
51                    'cur_password'        => $request->variable('cur_password', '', true),
52                    'password_confirm'    => $request->variable('password_confirm', '', true),
53                );
54
55                /**
56                * Modify user registration data on editing account settings in UCP
57                *
58                * @event core.ucp_profile_reg_details_data
59                * @var    array    data        Array with current or updated user registration data
60                * @var    bool    submit        Flag indicating if submit button has been pressed
61                * @since 3.1.4-RC1
62                */
63                $vars = array('data', 'submit');
64                extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_data', compact($vars)));
65
66                add_form_key('ucp_reg_details');
67
68                if ($submit)
69                {
70                    // Do not check cur_password, it is the old one.
71                    $check_ary = array(
72                        'new_password'        => array(
73                            array('string', true, $config['min_pass_chars'], 0),
74                            array('password')),
75                        'password_confirm'    => array('string', true, $config['min_pass_chars'], 0),
76                        'email'                => array(
77                            array('string', false, 6, 60),
78                            array('user_email')),
79                    );
80
81                    if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
82                    {
83                        $check_ary['username'] = array(
84                            array('string', false, $config['min_name_chars'], $config['max_name_chars']),
85                            array('username'),
86                        );
87                    }
88
89                    $error = validate_data($data, $check_ary);
90
91                    if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
92                    {
93                        $error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
94                    }
95
96                    // Instantiate passwords manager
97                    /* @var $passwords_manager \phpbb\passwords\manager */
98                    $passwords_manager = $phpbb_container->get('passwords.manager');
99
100                    // Only check the new password against the previous password if there have been no errors
101                    if (!count($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
102                    {
103                        $error[] = 'SAME_PASSWORD_ERROR';
104                    }
105
106                    if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
107                    {
108                        $error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
109                    }
110
111                    if (!check_form_key('ucp_reg_details'))
112                    {
113                        $error[] = 'FORM_INVALID';
114                    }
115
116                    /**
117                    * Validate user data on editing registration data in UCP
118                    *
119                    * @event core.ucp_profile_reg_details_validate
120                    * @var    array    data            Array with user profile data
121                    * @var    bool    submit            Flag indicating if submit button has been pressed
122                    * @var array    error            Array of any generated errors
123                    * @since 3.1.4-RC1
124                    */
125                    $vars = array('data', 'submit', 'error');
126                    extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars)));
127
128                    if (!count($error))
129                    {
130                        $sql_ary = array(
131                            'username'            => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
132                            'username_clean'    => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
133                            'user_email'        => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
134                            'user_password'        => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
135                        );
136
137                        if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
138                        {
139                            $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
140                                'reportee_id' => $user->data['user_id'],
141                                $user->data['username'],
142                                $data['username']
143                            ));
144                        }
145
146                        if ($auth->acl_get('u_chgpasswd') && $data['new_password'])
147                        {
148                            $sql_ary['user_passchg'] = time();
149
150                            $user->reset_login_keys();
151                            $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
152                                'reportee_id' => $user->data['user_id'],
153                                $user->data['username']
154                            ));
155                        }
156
157                        if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
158                        {
159                            $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
160                                'reportee_id' => $user->data['user_id'],
161                                $user->data['username'],
162                                $user->data['user_email'],
163                                $data['email']
164                            ));
165                        }
166
167                        $message = 'PROFILE_UPDATED';
168
169                        if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
170                        {
171                            $message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
172
173                            include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
174
175                            $server_url = generate_board_url();
176
177                            $user_actkey = gen_rand_string(mt_rand(6, 10));
178
179                            $messenger = new messenger(false);
180
181                            $template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
182                            $messenger->template($template_file, $user->data['user_lang']);
183
184                            $messenger->to($data['email'], $data['username']);
185
186                            $messenger->anti_abuse_headers($config, $user);
187
188                            $messenger->assign_vars(array(
189                                'USERNAME'        => html_entity_decode($data['username'], ENT_COMPAT),
190                                'U_ACTIVATE'    => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
191                            );
192
193                            $messenger->send(NOTIFY_EMAIL);
194
195                            if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
196                            {
197                                $notifications_manager = $phpbb_container->get('notification_manager');
198                                $notifications_manager->add_notifications('notification.type.admin_activate_user', array(
199                                    'user_id'                    => $user->data['user_id'],
200                                    'user_actkey'                => $user_actkey,
201                                    'user_actkey_expiration'    => $user::get_token_expiration(),
202                                    'user_regdate'                => time(), // Notification time
203                                ));
204                            }
205
206                            user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
207
208                            // Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
209                            $sql_ary['user_actkey'] = $user_actkey;
210                            $sql_ary['user_newpasswd'] = '';
211                        }
212
213                        /**
214                        * Modify user registration data before submitting it to the database
215                        *
216                        * @event core.ucp_profile_reg_details_sql_ary
217                        * @var    array    data        Array with current or updated user registration data
218                        * @var    array    sql_ary        Array with user registration data to submit to the database
219                        * @since 3.1.4-RC1
220                        */
221                        $vars = array('data', 'sql_ary');
222                        extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars)));
223
224                        if (count($sql_ary))
225                        {
226                            $sql = 'UPDATE ' . USERS_TABLE . '
227                                SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
228                                WHERE user_id = ' . $user->data['user_id'];
229                            $db->sql_query($sql);
230                        }
231
232                        // Need to update config, forum, topic, posting, messages, etc.
233                        if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
234                        {
235                            user_update_name($user->data['username'], $data['username']);
236                        }
237
238                        // Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
239                        if (!empty($sql_ary['user_actkey']))
240                        {
241                            meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
242                            $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>');
243
244                            // Because the user gets deactivated we log him out too, killing his session
245                            $user->session_kill();
246                        }
247                        else
248                        {
249                            meta_refresh(3, $this->u_action);
250                            $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
251                        }
252
253                        trigger_error($message);
254                    }
255
256                    // Replace "error" strings with their real, localised form
257                    $error = array_map(array($user, 'lang'), $error);
258                }
259
260                $template->assign_vars(array(
261                    'ERROR'                => (count($error)) ? implode('<br />', $error) : '',
262
263                    'USERNAME'            => $data['username'],
264                    'EMAIL'                => $data['email'],
265                    'PASSWORD_CONFIRM'    => $data['password_confirm'],
266                    'NEW_PASSWORD'        => $data['new_password'],
267                    'CUR_PASSWORD'        => '',
268
269                    'L_USERNAME_EXPLAIN'        => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
270                    'L_CHANGE_PASSWORD_EXPLAIN'    => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
271
272                    'S_FORCE_PASSWORD'    => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
273                    'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
274                    'S_CHANGE_EMAIL'    => ($auth->acl_get('u_chgemail')) ? true : false,
275                    'S_CHANGE_PASSWORD'    => ($auth->acl_get('u_chgpasswd')) ? true : false)
276                );
277            break;
278
279            case 'profile_info':
280                // Do not display profile information panel if not authed to do so
281                if (!$auth->acl_get('u_chgprofileinfo'))
282                {
283                    send_status_line(403, 'Forbidden');
284                    trigger_error('NO_AUTH_PROFILEINFO');
285                }
286
287                /* @var $cp \phpbb\profilefields\manager */
288                $cp = $phpbb_container->get('profilefields.manager');
289
290                $cp_data = $cp_error = array();
291
292                $data = array(
293                    'jabber'        => $request->variable('jabber', $user->data['user_jabber'], true),
294                );
295
296                if ($config['allow_birthdays'])
297                {
298                    $data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
299
300                    if ($user->data['user_birthday'])
301                    {
302                        list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
303                    }
304
305                    $data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
306                    $data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
307                    $data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
308                    $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
309                }
310
311                /**
312                * Modify user data on editing profile in UCP
313                *
314                * @event core.ucp_profile_modify_profile_info
315                * @var    array    data        Array with user profile data
316                * @var    bool    submit        Flag indicating if submit button has been pressed
317                * @since 3.1.4-RC1
318                */
319                $vars = array('data', 'submit');
320                extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_profile_info', compact($vars)));
321
322                add_form_key('ucp_profile_info');
323
324                if ($submit)
325                {
326                    $validate_array = array(
327                        'jabber'        => array(
328                            array('string', true, 5, 255),
329                            array('jabber')),
330                    );
331
332                    if ($config['allow_birthdays'])
333                    {
334                        $validate_array = array_merge($validate_array, array(
335                            'bday_day'        => array('num', true, 1, 31),
336                            'bday_month'    => array('num', true, 1, 12),
337                            'bday_year'        => array('num', true, 1901, gmdate('Y', time()) + 50),
338                            'user_birthday' => array('date', true),
339                        ));
340                    }
341
342                    $error = validate_data($data, $validate_array);
343
344                    // validate custom profile fields
345                    $cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
346
347                    if (count($cp_error))
348                    {
349                        $error = array_merge($error, $cp_error);
350                    }
351
352                    if (!check_form_key('ucp_profile_info'))
353                    {
354                        $error[] = 'FORM_INVALID';
355                    }
356
357                    /**
358                    * Validate user data on editing profile in UCP
359                    *
360                    * @event core.ucp_profile_validate_profile_info
361                    * @var    array    data            Array with user profile data
362                    * @var    bool    submit            Flag indicating if submit button has been pressed
363                    * @var array    error            Array of any generated errors
364                    * @since 3.1.4-RC1
365                    */
366                    $vars = array('data', 'submit', 'error');
367                    extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars)));
368
369                    if (!count($error))
370                    {
371                        $data['notify'] = $user->data['user_notify_type'];
372
373                        if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml')))
374                        {
375                            // User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
376                            // Disable notify by Jabber now for this user.
377                            $data['notify'] = NOTIFY_EMAIL;
378                        }
379
380                        $sql_ary = array(
381                            'user_jabber'    => $data['jabber'],
382                            'user_notify_type'    => $data['notify'],
383                        );
384
385                        if ($config['allow_birthdays'])
386                        {
387                            $sql_ary['user_birthday'] = $data['user_birthday'];
388                        }
389
390                        /**
391                        * Modify profile data in UCP before submitting to the database
392                        *
393                        * @event core.ucp_profile_info_modify_sql_ary
394                        * @var    array    cp_data        Array with the user custom profile fields data
395                        * @var    array    data        Array with user profile data
396                        * @var  array    sql_ary        user options data we update
397                        * @since 3.1.4-RC1
398                        */
399                        $vars = array('cp_data', 'data', 'sql_ary');
400                        extract($phpbb_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars)));
401
402                        $sql = 'UPDATE ' . USERS_TABLE . '
403                            SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
404                            WHERE user_id = ' . $user->data['user_id'];
405                        $db->sql_query($sql);
406
407                        // Update Custom Fields
408                        $cp->update_profile_field_data($user->data['user_id'], $cp_data);
409
410                        meta_refresh(3, $this->u_action);
411                        $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
412                        trigger_error($message);
413                    }
414
415                    // Replace "error" strings with their real, localised form
416                    $error = array_map(array($user, 'lang'), $error);
417                }
418
419                if ($config['allow_birthdays'])
420                {
421                    $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
422                    for ($i = 1; $i < 32; $i++)
423                    {
424                        $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
425                        $s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
426                    }
427
428                    $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
429                    for ($i = 1; $i < 13; $i++)
430                    {
431                        $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
432                        $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
433                    }
434
435                    $now = getdate();
436                    $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
437                    for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
438                    {
439                        $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
440                        $s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
441                    }
442                    unset($now);
443
444                    $template->assign_vars(array(
445                        'S_BIRTHDAY_DAY_OPTIONS'    => $s_birthday_day_options,
446                        'S_BIRTHDAY_MONTH_OPTIONS'    => $s_birthday_month_options,
447                        'S_BIRTHDAY_YEAR_OPTIONS'    => $s_birthday_year_options,
448                        'S_BIRTHDAYS_ENABLED'        => true,
449                    ));
450                }
451
452                $template->assign_vars(array(
453                    'ERROR'                => (count($error)) ? implode('<br />', $error) : '',
454                    'S_JABBER_ENABLED'    => $config['jab_enable'],
455                    'JABBER'            => $data['jabber'],
456                ));
457
458                // Get additional profile fields and assign them to the template block var 'profile_fields'
459                $user->get_profile_fields($user->data['user_id']);
460
461                $cp->generate_profile_fields('profile', $user->get_iso_lang_id());
462
463            break;
464
465            case 'signature':
466
467                if (!$auth->acl_get('u_sig'))
468                {
469                    send_status_line(403, 'Forbidden');
470                    trigger_error('NO_AUTH_SIGNATURE');
471                }
472
473                if (!function_exists('generate_smilies'))
474                {
475                    include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
476                }
477
478                if (!function_exists('display_custom_bbcodes'))
479                {
480                    include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
481                }
482
483                $preview    = $request->is_set_post('preview');
484
485                $enable_bbcode    = ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false;
486                $enable_smilies    = ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false;
487                $enable_urls    = ($config['allow_sig_links']) ? $user->optionget('sig_links') : false;
488
489                $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
490
491                $decoded_message    = generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $bbcode_flags);
492                $signature            = $request->variable('signature', $decoded_message['text'], true);
493                $signature_preview    = '';
494
495                if ($submit || $preview)
496                {
497                    $enable_bbcode    = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
498                    $enable_smilies    = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
499                    $enable_urls    = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
500
501                    if (!check_form_key('ucp_sig'))
502                    {
503                        $error[] = 'FORM_INVALID';
504                    }
505                }
506
507                /**
508                * Modify user signature on editing profile in UCP
509                *
510                * @event core.ucp_profile_modify_signature
511                * @var    bool    enable_bbcode        Whether or not bbcode is enabled
512                * @var    bool    enable_smilies        Whether or not smilies are enabled
513                * @var    bool    enable_urls            Whether or not urls are enabled
514                * @var    string    signature            Users signature text
515                * @var    array    error                Any error strings
516                * @var    bool    submit                Whether or not the form has been sumitted
517                * @var    bool    preview                Whether or not the signature is being previewed
518                * @since 3.1.10-RC1
519                * @changed 3.2.0-RC2 Removed message parser
520                */
521                $vars = array(
522                    'enable_bbcode',
523                    'enable_smilies',
524                    'enable_urls',
525                    'signature',
526                    'error',
527                    'submit',
528                    'preview',
529                );
530                extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars)));
531
532                $bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
533                $warn_msg = generate_text_for_storage(
534                    $signature,
535                    $bbcode_uid,
536                    $bbcode_bitfield,
537                    $bbcode_flags,
538                    $enable_bbcode,
539                    $enable_urls,
540                    $enable_smilies,
541                    $config['allow_sig_img'],
542                    true,
543                    $config['allow_sig_links'],
544                    'sig'
545                );
546
547                if (count($warn_msg))
548                {
549                    $error += $warn_msg;
550                }
551
552                if (!$submit)
553                {
554                    // Parse it for displaying
555                    $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
556                }
557                else
558                {
559                    if (!count($error))
560                    {
561                        $user->optionset('sig_bbcode', $enable_bbcode);
562                        $user->optionset('sig_smilies', $enable_smilies);
563                        $user->optionset('sig_links', $enable_urls);
564
565                        $sql_ary = array(
566                            'user_sig'                    => $signature,
567                            'user_options'                => $user->data['user_options'],
568                            'user_sig_bbcode_uid'        => $bbcode_uid,
569                            'user_sig_bbcode_bitfield'    => $bbcode_bitfield
570                        );
571
572                        /**
573                        * Modify user registration data before submitting it to the database
574                        *
575                        * @event core.ucp_profile_modify_signature_sql_ary
576                        * @var    array    sql_ary        Array with user signature data to submit to the database
577                        * @since 3.1.10-RC1
578                        */
579                        $vars = array('sql_ary');
580                        extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars)));
581
582                        $sql = 'UPDATE ' . USERS_TABLE . '
583                            SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
584                            WHERE user_id = ' . $user->data['user_id'];
585                        $db->sql_query($sql);
586
587                        $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
588                        trigger_error($message);
589                    }
590                }
591
592                // Replace "error" strings with their real, localised form
593                $error = array_map(array($user, 'lang'), $error);
594
595                if ($request->is_set_post('preview'))
596                {
597                    $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
598                }
599
600                /** @var \phpbb\controller\helper $controller_helper */
601                $controller_helper = $phpbb_container->get('controller.helper');
602
603                $template->assign_vars(array(
604                    'ERROR'                => (count($error)) ? implode('<br />', $error) : '',
605                    'SIGNATURE'            => $decoded_message['text'],
606                    'SIGNATURE_PREVIEW'    => $signature_preview,
607
608                    'S_BBCODE_CHECKED'         => (!$enable_bbcode) ? ' checked="checked"' : '',
609                    'S_SMILIES_CHECKED'     => (!$enable_smilies) ? ' checked="checked"' : '',
610                    'S_MAGIC_URL_CHECKED'     => (!$enable_urls) ? ' checked="checked"' : '',
611
612                    'BBCODE_STATUS'            => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
613                    'SMILIES_STATUS'        => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
614                    'IMG_STATUS'            => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
615                    'URL_STATUS'            => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
616                    'MAX_FONT_SIZE'            => (int) $config['max_sig_font_size'],
617
618                    'L_SIGNATURE_EXPLAIN'    => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
619
620                    'S_BBCODE_ALLOWED'        => $config['allow_sig_bbcode'],
621                    'S_SMILIES_ALLOWED'        => $config['allow_sig_smilies'],
622                    'S_BBCODE_IMG'            => ($config['allow_sig_img']) ? true : false,
623                    'S_LINKS_ALLOWED'        => ($config['allow_sig_links']) ? true : false)
624                );
625
626                add_form_key('ucp_sig');
627
628                // Build custom bbcodes array
629                display_custom_bbcodes();
630
631                // Generate smiley listing
632                generate_smilies('inline', 0);
633
634            break;
635
636            case 'avatar':
637
638                add_form_key('ucp_avatar');
639
640                $avatars_enabled = false;
641
642                if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar'))
643                {
644                    /* @var $phpbb_avatar_manager \phpbb\avatar\manager */
645                    $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
646                    $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
647
648                    // This is normalised data, without the user_ prefix
649                    $avatar_data = \phpbb\avatar\manager::clean_row($user->data, 'user');
650
651                    if ($submit)
652                    {
653                        if (check_form_key('ucp_avatar'))
654                        {
655                            $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
656
657                            if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
658                            {
659                                $driver = $phpbb_avatar_manager->get_driver($driver_name);
660                                $result = $driver->process_form($request, $template, $user, $avatar_data, $error);
661
662                                if ($result && empty($error))
663                                {
664                                    // Success! Lets save the result in the database
665                                    $result = array(
666                                        'user_avatar_type' => $driver_name,
667                                        'user_avatar' => $result['avatar'],
668                                        'user_avatar_width' => $result['avatar_width'],
669                                        'user_avatar_height' => $result['avatar_height'],
670                                    );
671
672                                    /**
673                                    * Trigger events on successful avatar change
674                                    *
675                                    * @event core.ucp_profile_avatar_sql
676                                    * @var    array    result    Array with data to be stored in DB
677                                    * @since 3.1.11-RC1
678                                    */
679                                    $vars = array('result');
680                                    extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_sql', compact($vars)));
681
682                                    $sql = 'UPDATE ' . USERS_TABLE . '
683                                        SET ' . $db->sql_build_array('UPDATE', $result) . '
684                                        WHERE user_id = ' . (int) $user->data['user_id'];
685                                    $db->sql_query($sql);
686
687                                    if ($request->is_ajax())
688                                    {
689                                        /** @var \phpbb\avatar\helper $avatar_helper */
690                                        $avatar_helper = $phpbb_container->get('avatar.helper');
691
692                                        $avatar = $avatar_helper->get_user_avatar($user->data, 'USER_AVATAR', true);
693
694                                        $json_response = new \phpbb\json_response;
695                                        $json_response->send(array(
696                                            'success' => true,
697
698                                            'MESSAGE_TITLE'    => $language->lang('INFORMATION'),
699                                            'MESSAGE_TEXT'    => $language->lang('PROFILE_UPDATED'),
700                                            'AVATAR'        => $avatar_helper->get_template_vars($avatar),
701                                            'REFRESH_DATA'    => [
702                                                'time'    => 3,
703                                                'url'        => $this->u_action,
704                                                'text'        => $language->lang('RETURN_TO_UCP'),
705                                            ]
706                                        ));
707                                    }
708                                    else
709                                    {
710                                        meta_refresh(3, $this->u_action);
711                                        $message = $language->lang('PROFILE_UPDATED') . '<br><br>' . $language->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
712                                        trigger_error($message);
713                                    }
714                                }
715                                else if ($request->is_ajax())
716                                {
717                                    $error = $phpbb_avatar_manager->localize_errors($user, $error);
718
719                                    $json_response = new \phpbb\json_response;
720                                    $json_response->send([
721                                        'success' => false,
722                                        'error' => [
723                                            'title'        => $language->lang('INFORMATION'),
724                                            'messages'    => $error,
725                                        ],
726                                    ]);
727                                }
728                            }
729                        }
730                        else
731                        {
732                            $error[] = 'FORM_INVALID';
733                        }
734                    }
735
736                    // Handle deletion of avatars
737                    if ($request->is_set_post('avatar_delete'))
738                    {
739                        if (!confirm_box(true))
740                        {
741                            confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
742                                    'avatar_delete'     => true,
743                                    'i'                 => $id,
744                                    'mode'              => $mode))
745                            );
746                        }
747                        else
748                        {
749                            $phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
750
751                            meta_refresh(3, $this->u_action);
752                            $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
753                            trigger_error($message);
754                        }
755                    }
756
757                    $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
758
759                    $template->assign_vars(array(
760                        'AVATAR_MIN_WIDTH'    => $config['avatar_min_width'],
761                        'AVATAR_MAX_WIDTH'    => $config['avatar_max_width'],
762                        'AVATAR_MIN_HEIGHT'    => $config['avatar_min_height'],
763                        'AVATAR_MAX_HEIGHT'    => $config['avatar_max_height'],
764                    ));
765
766                    foreach ($avatar_drivers as $current_driver)
767                    {
768                        $driver = $phpbb_avatar_manager->get_driver($current_driver);
769
770                        $avatars_enabled = true;
771                        $template->set_filenames(array(
772                            'avatar' => $driver->get_template_name(),
773                        ));
774
775                        if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
776                        {
777                            $driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
778                            $driver_upper = strtoupper($driver_name);
779
780                            $template->assign_block_vars('avatar_drivers', array(
781                                'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
782                                'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
783
784                                'DRIVER' => $driver_name,
785                                'SELECTED' => $current_driver == $selected_driver,
786                                'OUTPUT' => $template->assign_display('avatar'),
787                            ));
788                        }
789                    }
790
791                    // Replace "error" strings with their real, localised form
792                    $error = $phpbb_avatar_manager->localize_errors($user, $error);
793                }
794
795                /** @var \phpbb\avatar\helper $avatar_helper */
796                $avatar_helper = $phpbb_container->get('avatar.helper');
797
798                $avatar = $avatar_helper->get_user_avatar($user->data, 'USER_AVATAR', true);
799                $template->assign_vars($avatar_helper->get_template_vars($avatar));
800
801                $template->assign_vars(array(
802                    'ERROR'                => !empty($error) ? implode('<br />', $error) : '',
803
804                    'S_FORM_ENCTYPE'    => ' enctype="multipart/form-data"',
805
806                    'L_AVATAR_EXPLAIN'    => phpbb_avatar_explanation_string(),
807
808                    'S_AVATARS_ENABLED'        => ($config['allow_avatar'] && $avatars_enabled),
809                ));
810
811            break;
812
813            case 'autologin_keys':
814
815                add_form_key('ucp_autologin_keys');
816
817                if ($submit)
818                {
819                    $keys = $request->variable('keys', array(''));
820
821                    if (!check_form_key('ucp_autologin_keys'))
822                    {
823                        $error[] = 'FORM_INVALID';
824                    }
825
826                    if (!count($error))
827                    {
828                        if (!empty($keys))
829                        {
830                            foreach ($keys as $key => $id)
831                            {
832                                $keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
833                            }
834                            $sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
835                            $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
836                                WHERE user_id = ' . (int) $user->data['user_id'] . '
837                                AND ' . $sql_where ;
838
839                            $db->sql_query($sql);
840
841                            meta_refresh(3, $this->u_action);
842                            $message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
843                            trigger_error($message);
844                        }
845                    }
846
847                    // Replace "error" strings with their real, localised form
848                    $error = array_map(array($user, 'lang'), $error);
849                }
850
851                $sql_ary = [
852                    'SELECT'    => 'sk.key_id, sk.last_ip, sk.last_login',
853                    'FROM'        => [SESSIONS_KEYS_TABLE    => 'sk'],
854                    'WHERE'        => 'sk.user_id = ' . (int) $user->data['user_id'],
855                    'ORDER_BY'    => 'sk.last_login ASC',
856                ];
857
858                /**
859                 * Event allows changing SQL query for autologin keys
860                 *
861                 * @event core.ucp_profile_autologin_keys_sql
862                 * @var    array    sql_ary    Array with autologin keys SQL query
863                 * @since 3.3.2-RC1
864                 */
865                $vars = ['sql_ary'];
866                extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_sql', compact($vars)));
867
868                $result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
869                $sessions = (array) $db->sql_fetchrowset($result);
870                $db->sql_freeresult($result);
871
872                $template_vars = [];
873                foreach ($sessions as $row)
874                {
875                    $key = substr($row['key_id'], 0, 8);
876                    $template_vars[$key] = [
877                        'KEY' => $key,
878                        'IP' => $row['last_ip'],
879                        'LOGIN_TIME' => $user->format_date($row['last_login']),
880                    ];
881                }
882
883                /**
884                 * Event allows changing template variables
885                 *
886                 * @event core.ucp_profile_autologin_keys_template_vars
887                 * @var    array    sessions        Array with session keys data
888                 * @var    array    template_vars    Array with template variables
889                 * @since 3.3.2-RC1
890                 */
891                $vars = ['sessions', 'template_vars'];
892                extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_template_vars', compact($vars)));
893
894                $template->assign_block_vars_array('sessions', $template_vars);
895
896            break;
897        }
898
899        $template->assign_vars(array(
900            'ERROR'        => (count($error)) ? implode('<br />', $error) : '',
901
902            'L_TITLE'    => $user->lang['UCP_PROFILE_' . strtoupper($mode)],
903
904            'S_HIDDEN_FIELDS'    => $s_hidden_fields,
905            'S_UCP_ACTION'        => $this->u_action)
906        );
907
908        // Set desired template
909        $this->tpl_name = 'ucp_profile_' . $mode;
910        $this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
911    }
912}