Code Coverage for /data/phpBB/includes/ucp/ucp

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 466	0.00% covered (danger)	0.00%	0 / 1	CRAP	0.00% covered (danger)	0.00%	0 / 1
ucp_profile	0.00% covered (danger)	0.00%	0 / 464	0.00% covered (danger)	0.00%	0 / 1	17822	0.00% covered (danger)	0.00%	0 / 1
main	0.00% covered (danger)	0.00%	0 / 464	0.00% covered (danger)	0.00%	0 / 1	17822

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	use phpbb\messenger\method\messenger_interface;
15
16	/**
17	* @ignore
18	*/
19	if (!defined('IN_PHPBB'))
20	{
21	exit;
22	}
23
24	/**
25	* ucp_profile
26	* Changing profile settings
27	*
28	* @todo what about pertaining user_sig_options?
29	*/
30	class ucp_profile
31	{
32	var $u_action;
33
34	function main($id, $mode)
35	{
36	global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
37	global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher, $language;
38
39	$user->add_lang('posting');
40
41	$submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
42	$error = array();
43	$s_hidden_fields = '';
44
45	switch ($mode)
46	{
47	case 'reg_details':
48
49	$data = array(
50	'username' => $request->variable('username', $user->data['username'], true),
51	'email' => strtolower($request->variable('email', $user->data['user_email'])),
52	'new_password' => $request->variable('new_password', '', true),
53	'cur_password' => $request->variable('cur_password', '', true),
54	'password_confirm' => $request->variable('password_confirm', '', true),
55	);
56
57	/**
58	* Modify user registration data on editing account settings in UCP
59	*
60	* @event core.ucp_profile_reg_details_data
61	* @var array data Array with current or updated user registration data
62	* @var bool submit Flag indicating if submit button has been pressed
63	* @since 3.1.4-RC1
64	*/
65	$vars = array('data', 'submit');
66	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_data', compact($vars)));
67
68	add_form_key('ucp_reg_details');
69
70	if ($submit)
71	{
72	// Do not check cur_password, it is the old one.
73	$check_ary = array(
74	'new_password' => array(
75	array('string', true, $config['min_pass_chars'], 0),
76	array('password')),
77	'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
78	'email' => array(
79	array('string', false, 6, 60),
80	array('user_email')),
81	);
82
83	if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
84	{
85	$check_ary['username'] = array(
86	array('string', false, $config['min_name_chars'], $config['max_name_chars']),
87	array('username'),
88	);
89	}
90
91	$error = validate_data($data, $check_ary);
92
93	if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
94	{
95	$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
96	}
97
98	// Instantiate passwords manager
99	/* @var $passwords_manager \phpbb\passwords\manager */
100	$passwords_manager = $phpbb_container->get('passwords.manager');
101
102	// Only check the new password against the previous password if there have been no errors
103	if (!count($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
104	{
105	$error[] = 'SAME_PASSWORD_ERROR';
106	}
107
108	if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
109	{
110	$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
111	}
112
113	if (!check_form_key('ucp_reg_details'))
114	{
115	$error[] = 'FORM_INVALID';
116	}
117
118	/**
119	* Validate user data on editing registration data in UCP
120	*
121	* @event core.ucp_profile_reg_details_validate
122	* @var array data Array with user profile data
123	* @var bool submit Flag indicating if submit button has been pressed
124	* @var array error Array of any generated errors
125	* @since 3.1.4-RC1
126	*/
127	$vars = array('data', 'submit', 'error');
128	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars)));
129
130	if (!count($error))
131	{
132	$sql_ary = array(
133	'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
134	'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
135	'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
136	'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
137	);
138
139	if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
140	{
141	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
142	'reportee_id' => $user->data['user_id'],
143	$user->data['username'],
144	$data['username']
145	));
146	}
147
148	if ($auth->acl_get('u_chgpasswd') && $data['new_password'])
149	{
150	$sql_ary['user_passchg'] = time();
151
152	$user->reset_login_keys();
153	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
154	'reportee_id' => $user->data['user_id'],
155	$user->data['username']
156	));
157	}
158
159	if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
160	{
161	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
162	'reportee_id' => $user->data['user_id'],
163	$user->data['username'],
164	$user->data['user_email'],
165	$data['email']
166	));
167	}
168
169	$message = 'PROFILE_UPDATED';
170
171	if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF \|\| $config['require_activation'] == USER_ACTIVATION_ADMIN))
172	{
173	$message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
174
175	$server_url = generate_board_url();
176
177	$user_actkey = gen_rand_string(mt_rand(6, 10));
178
179	$email_method = $phpbb_container->get('messenger.method.email');
180	$template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
181	$email_method->template($template_file, $user->data['user_lang']);
182	$email_method->to($data['email'], $data['username']);
183	$email_method->anti_abuse_headers($config, $user);
184	$email_method->assign_vars([
185	'USERNAME' => html_entity_decode($data['username'], ENT_COMPAT),
186	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey",
187	]);
188	$email_method->send();
189
190	if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
191	{
192	$notifications_manager = $phpbb_container->get('notification_manager');
193	$notifications_manager->add_notifications('notification.type.admin_activate_user', array(
194	'user_id' => $user->data['user_id'],
195	'user_actkey' => $user_actkey,
196	'user_actkey_expiration' => $user::get_token_expiration(),
197	'user_regdate' => time(), // Notification time
198	));
199	}
200
201	user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
202
203	// Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
204	$sql_ary['user_actkey'] = $user_actkey;
205	$sql_ary['user_newpasswd'] = '';
206	}
207
208	/**
209	* Modify user registration data before submitting it to the database
210	*
211	* @event core.ucp_profile_reg_details_sql_ary
212	* @var array data Array with current or updated user registration data
213	* @var array sql_ary Array with user registration data to submit to the database
214	* @since 3.1.4-RC1
215	*/
216	$vars = array('data', 'sql_ary');
217	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars)));
218
219	if (count($sql_ary))
220	{
221	$sql = 'UPDATE ' . USERS_TABLE . '
222	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
223	WHERE user_id = ' . $user->data['user_id'];
224	$db->sql_query($sql);
225	}
226
227	// Need to update config, forum, topic, posting, messages, etc.
228	if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
229	{
230	user_update_name($user->data['username'], $data['username']);
231	}
232
233	// Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
234	if (!empty($sql_ary['user_actkey']))
235	{
236	meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
237	$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>');
238
239	// Because the user gets deactivated we log him out too, killing his session
240	$user->session_kill();
241	}
242	else
243	{
244	meta_refresh(3, $this->u_action);
245	$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
246	}
247
248	trigger_error($message);
249	}
250
251	// Replace "error" strings with their real, localised form
252	$error = array_map(array($user, 'lang'), $error);
253	}
254
255	$template->assign_vars(array(
256	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
257
258	'USERNAME' => $data['username'],
259	'EMAIL' => $data['email'],
260	'PASSWORD_CONFIRM' => $data['password_confirm'],
261	'NEW_PASSWORD' => $data['new_password'],
262	'CUR_PASSWORD' => '',
263
264	'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
265	'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
266
267	'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
268	'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
269	'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false,
270	'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false)
271	);
272	break;
273
274	case 'profile_info':
275	// Do not display profile information panel if not authed to do so
276	if (!$auth->acl_get('u_chgprofileinfo'))
277	{
278	send_status_line(403, 'Forbidden');
279	trigger_error('NO_AUTH_PROFILEINFO');
280	}
281
282	/* @var $cp \phpbb\profilefields\manager */
283	$cp = $phpbb_container->get('profilefields.manager');
284
285	$cp_data = $cp_error = array();
286
287	$data = array(
288	'jabber' => $request->variable('jabber', $user->data['user_jabber'], true),
289	);
290
291	if ($config['allow_birthdays'])
292	{
293	$data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
294
295	if ($user->data['user_birthday'])
296	{
297	list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
298	}
299
300	$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
301	$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
302	$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
303	$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
304	}
305
306	/**
307	* Modify user data on editing profile in UCP
308	*
309	* @event core.ucp_profile_modify_profile_info
310	* @var array data Array with user profile data
311	* @var bool submit Flag indicating if submit button has been pressed
312	* @since 3.1.4-RC1
313	*/
314	$vars = array('data', 'submit');
315	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_profile_info', compact($vars)));
316
317	add_form_key('ucp_profile_info');
318
319	if ($submit)
320	{
321	$validate_array = array(
322	'jabber' => array(
323	array('string', true, 5, 255),
324	array('jabber')),
325	);
326
327	if ($config['allow_birthdays'])
328	{
329	$validate_array = array_merge($validate_array, array(
330	'bday_day' => array('num', true, 1, 31),
331	'bday_month' => array('num', true, 1, 12),
332	'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50),
333	'user_birthday' => array('date', true),
334	));
335	}
336
337	$error = validate_data($data, $validate_array);
338
339	// validate custom profile fields
340	$cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
341
342	if (count($cp_error))
343	{
344	$error = array_merge($error, $cp_error);
345	}
346
347	if (!check_form_key('ucp_profile_info'))
348	{
349	$error[] = 'FORM_INVALID';
350	}
351
352	/**
353	* Validate user data on editing profile in UCP
354	*
355	* @event core.ucp_profile_validate_profile_info
356	* @var array data Array with user profile data
357	* @var bool submit Flag indicating if submit button has been pressed
358	* @var array error Array of any generated errors
359	* @since 3.1.4-RC1
360	*/
361	$vars = array('data', 'submit', 'error');
362	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars)));
363
364	if (!count($error))
365	{
366	$data['notify'] = $user->data['user_notify_type'];
367
368	if ($data['notify'] == messenger_interface::NOTIFY_IM && (!$config['jab_enable'] \|\| !$data['jabber'] \|\| !@extension_loaded('xml')))
369	{
370	// User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
371	// Disable notify by Jabber now for this user.
372	$data['notify'] = messenger_interface::NOTIFY_EMAIL;
373	}
374
375	$sql_ary = array(
376	'user_jabber' => $data['jabber'],
377	'user_notify_type' => $data['notify'],
378	);
379
380	if ($config['allow_birthdays'])
381	{
382	$sql_ary['user_birthday'] = $data['user_birthday'];
383	}
384
385	/**
386	* Modify profile data in UCP before submitting to the database
387	*
388	* @event core.ucp_profile_info_modify_sql_ary
389	* @var array cp_data Array with the user custom profile fields data
390	* @var array data Array with user profile data
391	* @var array sql_ary user options data we update
392	* @since 3.1.4-RC1
393	*/
394	$vars = array('cp_data', 'data', 'sql_ary');
395	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars)));
396
397	$sql = 'UPDATE ' . USERS_TABLE . '
398	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
399	WHERE user_id = ' . $user->data['user_id'];
400	$db->sql_query($sql);
401
402	// Update Custom Fields
403	$cp->update_profile_field_data($user->data['user_id'], $cp_data);
404
405	meta_refresh(3, $this->u_action);
406	$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
407	trigger_error($message);
408	}
409
410	// Replace "error" strings with their real, localised form
411	$error = array_map(array($user, 'lang'), $error);
412	}
413
414	if ($config['allow_birthdays'])
415	{
416	$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
417	for ($i = 1; $i < 32; $i++)
418	{
419	$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
420	$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
421	}
422
423	$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
424	for ($i = 1; $i < 13; $i++)
425	{
426	$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
427	$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
428	}
429
430	$now = getdate();
431	$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
432	for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
433	{
434	$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
435	$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
436	}
437	unset($now);
438
439	$template->assign_vars(array(
440	'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
441	'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
442	'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
443	'S_BIRTHDAYS_ENABLED' => true,
444	));
445	}
446
447	$template->assign_vars(array(
448	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
449	'S_JABBER_ENABLED' => $config['jab_enable'],
450	'JABBER' => $data['jabber'],
451	));
452
453	// Get additional profile fields and assign them to the template block var 'profile_fields'
454	$user->get_profile_fields($user->data['user_id']);
455
456	$cp->generate_profile_fields('profile', $user->get_iso_lang_id());
457
458	break;
459
460	case 'signature':
461
462	if (!$auth->acl_get('u_sig'))
463	{
464	send_status_line(403, 'Forbidden');
465	trigger_error('NO_AUTH_SIGNATURE');
466	}
467
468	if (!function_exists('generate_smilies'))
469	{
470	include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
471	}
472
473	if (!function_exists('display_custom_bbcodes'))
474	{
475	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
476	}
477
478	$preview = $request->is_set_post('preview');
479
480	$enable_bbcode = ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false;
481	$enable_smilies = ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false;
482	$enable_urls = ($config['allow_sig_links']) ? $user->optionget('sig_links') : false;
483
484	$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
485
486	$decoded_message = generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $bbcode_flags);
487	$signature = $request->variable('signature', $decoded_message['text'], true);
488	$signature_preview = '';
489
490	if ($submit \|\| $preview)
491	{
492	$enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
493	$enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
494	$enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
495
496	if (!check_form_key('ucp_sig'))
497	{
498	$error[] = 'FORM_INVALID';
499	}
500	}
501
502	/**
503	* Modify user signature on editing profile in UCP
504	*
505	* @event core.ucp_profile_modify_signature
506	* @var bool enable_bbcode Whether or not bbcode is enabled
507	* @var bool enable_smilies Whether or not smilies are enabled
508	* @var bool enable_urls Whether or not urls are enabled
509	* @var string signature Users signature text
510	* @var array error Any error strings
511	* @var bool submit Whether or not the form has been sumitted
512	* @var bool preview Whether or not the signature is being previewed
513	* @since 3.1.10-RC1
514	* @changed 3.2.0-RC2 Removed message parser
515	*/
516	$vars = array(
517	'enable_bbcode',
518	'enable_smilies',
519	'enable_urls',
520	'signature',
521	'error',
522	'submit',
523	'preview',
524	);
525	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars)));
526
527	$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
528	$warn_msg = generate_text_for_storage(
529	$signature,
530	$bbcode_uid,
531	$bbcode_bitfield,
532	$bbcode_flags,
533	$enable_bbcode,
534	$enable_urls,
535	$enable_smilies,
536	$config['allow_sig_img'],
537	true,
538	$config['allow_sig_links'],
539	'sig'
540	);
541
542	if (count($warn_msg))
543	{
544	$error += $warn_msg;
545	}
546
547	if (!$submit)
548	{
549	// Parse it for displaying
550	$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
551	}
552	else
553	{
554	if (!count($error))
555	{
556	$user->optionset('sig_bbcode', $enable_bbcode);
557	$user->optionset('sig_smilies', $enable_smilies);
558	$user->optionset('sig_links', $enable_urls);
559
560	$sql_ary = array(
561	'user_sig' => $signature,
562	'user_options' => $user->data['user_options'],
563	'user_sig_bbcode_uid' => $bbcode_uid,
564	'user_sig_bbcode_bitfield' => $bbcode_bitfield
565	);
566
567	/**
568	* Modify user registration data before submitting it to the database
569	*
570	* @event core.ucp_profile_modify_signature_sql_ary
571	* @var array sql_ary Array with user signature data to submit to the database
572	* @since 3.1.10-RC1
573	*/
574	$vars = array('sql_ary');
575	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars)));
576
577	$sql = 'UPDATE ' . USERS_TABLE . '
578	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
579	WHERE user_id = ' . $user->data['user_id'];
580	$db->sql_query($sql);
581
582	$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
583	trigger_error($message);
584	}
585	}
586
587	// Replace "error" strings with their real, localised form
588	$error = array_map(array($user, 'lang'), $error);
589
590	if ($request->is_set_post('preview'))
591	{
592	$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
593	}
594
595	/** @var \phpbb\controller\helper $controller_helper */
596	$controller_helper = $phpbb_container->get('controller.helper');
597
598	$template->assign_vars(array(
599	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
600	'SIGNATURE' => $decoded_message['text'],
601	'SIGNATURE_PREVIEW' => $signature_preview,
602
603	'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
604	'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
605	'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
606
607	'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
608	'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
609	'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
610	'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
611	'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'],
612
613	'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
614
615	'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
616	'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
617	'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
618	'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
619	);
620
621	add_form_key('ucp_sig');
622
623	// Build custom bbcodes array
624	display_custom_bbcodes();
625
626	// Generate smiley listing
627	generate_smilies('inline', 0);
628
629	break;
630
631	case 'avatar':
632
633	add_form_key('ucp_avatar');
634
635	$avatars_enabled = false;
636
637	if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar'))
638	{
639	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
640	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
641	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
642
643	// This is normalised data, without the user_ prefix
644	$avatar_data = \phpbb\avatar\manager::clean_row($user->data, 'user');
645
646	if ($submit)
647	{
648	if (check_form_key('ucp_avatar'))
649	{
650	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
651
652	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
653	{
654	$driver = $phpbb_avatar_manager->get_driver($driver_name);
655	$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
656
657	if ($result && empty($error))
658	{
659	// Success! Lets save the result in the database
660	$result = array(
661	'user_avatar_type' => $driver_name,
662	'user_avatar' => $result['avatar'],
663	'user_avatar_width' => $result['avatar_width'],
664	'user_avatar_height' => $result['avatar_height'],
665	);
666
667	/**
668	* Trigger events on successful avatar change
669	*
670	* @event core.ucp_profile_avatar_sql
671	* @var array result Array with data to be stored in DB
672	* @since 3.1.11-RC1
673	*/
674	$vars = array('result');
675	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_sql', compact($vars)));
676
677	$sql = 'UPDATE ' . USERS_TABLE . '
678	SET ' . $db->sql_build_array('UPDATE', $result) . '
679	WHERE user_id = ' . (int) $user->data['user_id'];
680	$db->sql_query($sql);
681
682	if ($request->is_ajax())
683	{
684	/** @var \phpbb\avatar\helper $avatar_helper */
685	$avatar_helper = $phpbb_container->get('avatar.helper');
686
687	$avatar = $avatar_helper->get_user_avatar($user->data, 'USER_AVATAR', true);
688
689	$json_response = new \phpbb\json_response;
690	$json_response->send(array(
691	'success' => true,
692
693	'MESSAGE_TITLE' => $language->lang('INFORMATION'),
694	'MESSAGE_TEXT' => $language->lang('PROFILE_UPDATED'),
695	'AVATAR' => $avatar_helper->get_template_vars($avatar),
696	'REFRESH_DATA' => [
697	'time' => 3,
698	'url' => $this->u_action,
699	'text' => $language->lang('RETURN_TO_UCP'),
700	]
701	));
702	}
703	else
704	{
705	meta_refresh(3, $this->u_action);
706	$message = $language->lang('PROFILE_UPDATED') . '<br><br>' . $language->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
707	trigger_error($message);
708	}
709	}
710	else if ($request->is_ajax())
711	{
712	$error = $phpbb_avatar_manager->localize_errors($user, $error);
713
714	$json_response = new \phpbb\json_response;
715	$json_response->send([
716	'success' => false,
717	'error' => [
718	'title' => $language->lang('INFORMATION'),
719	'messages' => $error,
720	],
721	]);
722	}
723	}
724	}
725	else
726	{
727	$error[] = 'FORM_INVALID';
728	}
729	}
730
731	// Handle deletion of avatars
732	if ($request->is_set_post('avatar_delete'))
733	{
734	if (!confirm_box(true))
735	{
736	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
737	'avatar_delete' => true,
738	'i' => $id,
739	'mode' => $mode))
740	);
741	}
742	else
743	{
744	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
745
746	meta_refresh(3, $this->u_action);
747	$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
748	trigger_error($message);
749	}
750	}
751
752	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
753
754	$template->assign_vars(array(
755	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
756	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
757	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
758	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
759	));
760
761	foreach ($avatar_drivers as $current_driver)
762	{
763	$driver = $phpbb_avatar_manager->get_driver($current_driver);
764
765	$avatars_enabled = true;
766	$template->set_filenames(array(
767	'avatar' => $driver->get_template_name(),
768	));
769
770	if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
771	{
772	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
773	$driver_upper = strtoupper($driver_name);
774
775	$template->assign_block_vars('avatar_drivers', array(
776	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
777	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
778
779	'DRIVER' => $driver_name,
780	'SELECTED' => $current_driver == $selected_driver,
781	'OUTPUT' => $template->assign_display('avatar'),
782	));
783	}
784	}
785
786	// Replace "error" strings with their real, localised form
787	$error = $phpbb_avatar_manager->localize_errors($user, $error);
788	}
789
790	/** @var \phpbb\avatar\helper $avatar_helper */
791	$avatar_helper = $phpbb_container->get('avatar.helper');
792
793	$avatar = $avatar_helper->get_user_avatar($user->data, 'USER_AVATAR', true);
794	$template->assign_vars($avatar_helper->get_template_vars($avatar));
795
796	$template->assign_vars(array(
797	'ERROR' => !empty($error) ? implode('<br />', $error) : '',
798
799	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
800
801	'L_AVATAR_EXPLAIN' => phpbb_avatar_explanation_string(),
802
803	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
804	));
805
806	break;
807
808	case 'autologin_keys':
809
810	add_form_key('ucp_autologin_keys');
811
812	if ($submit)
813	{
814	$keys = $request->variable('keys', array(''));
815
816	if (!check_form_key('ucp_autologin_keys'))
817	{
818	$error[] = 'FORM_INVALID';
819	}
820
821	if (!count($error))
822	{
823	if (!empty($keys))
824	{
825	foreach ($keys as $key => $id)
826	{
827	$keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
828	}
829	$sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
830	$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
831	WHERE user_id = ' . (int) $user->data['user_id'] . '
832	AND ' . $sql_where ;
833
834	$db->sql_query($sql);
835
836	meta_refresh(3, $this->u_action);
837	$message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
838	trigger_error($message);
839	}
840	}
841
842	// Replace "error" strings with their real, localised form
843	$error = array_map(array($user, 'lang'), $error);
844	}
845
846	$sql_ary = [
847	'SELECT' => 'sk.key_id, sk.last_ip, sk.last_login',
848	'FROM' => [SESSIONS_KEYS_TABLE => 'sk'],
849	'WHERE' => 'sk.user_id = ' . (int) $user->data['user_id'],
850	'ORDER_BY' => 'sk.last_login ASC',
851	];
852
853	/**
854	* Event allows changing SQL query for autologin keys
855	*
856	* @event core.ucp_profile_autologin_keys_sql
857	* @var array sql_ary Array with autologin keys SQL query
858	* @since 3.3.2-RC1
859	*/
860	$vars = ['sql_ary'];
861	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_sql', compact($vars)));
862
863	$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
864	$sessions = (array) $db->sql_fetchrowset($result);
865	$db->sql_freeresult($result);
866
867	$template_vars = [];
868	foreach ($sessions as $row)
869	{
870	$key = substr($row['key_id'], 0, 8);
871	$template_vars[$key] = [
872	'KEY' => $key,
873	'IP' => $row['last_ip'],
874	'LOGIN_TIME' => $user->format_date($row['last_login']),
875	];
876	}
877
878	/**
879	* Event allows changing template variables
880	*
881	* @event core.ucp_profile_autologin_keys_template_vars
882	* @var array sessions Array with session keys data
883	* @var array template_vars Array with template variables
884	* @since 3.3.2-RC1
885	*/
886	$vars = ['sessions', 'template_vars'];
887	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_template_vars', compact($vars)));
888
889	$template->assign_block_vars_array('sessions', $template_vars);
890
891	break;
892	}
893
894	$template->assign_vars(array(
895	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
896
897	'L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)],
898
899	'S_HIDDEN_FIELDS' => $s_hidden_fields,
900	'S_UCP_ACTION' => $this->u_action)
901	);
902
903	// Set desired template
904	$this->tpl_name = 'ucp_profile_' . $mode;
905	$this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
906	}
907	}