Code Coverage for /data/phpBB/includes/ucp/ucp

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 452	0.00% covered (danger)	0.00%	0 / 1	CRAP	0.00% covered (danger)	0.00%	0 / 1
ucp_profile	0.00% covered (danger)	0.00%	0 / 450	0.00% covered (danger)	0.00%	0 / 1	17030	0.00% covered (danger)	0.00%	0 / 1
main	0.00% covered (danger)	0.00%	0 / 450	0.00% covered (danger)	0.00%	0 / 1	17030

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	use phpbb\messenger\method\messenger_interface;
15
16	/**
17	* @ignore
18	*/
19	if (!defined('IN_PHPBB'))
20	{
21	exit;
22	}
23
24	/**
25	* ucp_profile
26	* Changing profile settings
27	*
28	* @todo what about pertaining user_sig_options?
29	*/
30	class ucp_profile
31	{
32	var $u_action;
33
34	function main($id, $mode)
35	{
36	global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
37	global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher, $language;
38
39	/** @var \phpbb\controller\helper $controller_helper */
40	$controller_helper = $phpbb_container->get('controller.helper');
41
42	$user->add_lang('posting');
43
44	$submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST);
45	$error = array();
46	$s_hidden_fields = '';
47
48	switch ($mode)
49	{
50	case 'reg_details':
51
52	$data = array(
53	'username' => $request->variable('username', $user->data['username'], true),
54	'email' => strtolower($request->variable('email', $user->data['user_email'])),
55	'new_password' => $request->variable('new_password', '', true),
56	'cur_password' => $request->variable('cur_password', '', true),
57	'password_confirm' => $request->variable('password_confirm', '', true),
58	);
59
60	/**
61	* Modify user registration data on editing account settings in UCP
62	*
63	* @event core.ucp_profile_reg_details_data
64	* @var array data Array with current or updated user registration data
65	* @var bool submit Flag indicating if submit button has been pressed
66	* @since 3.1.4-RC1
67	*/
68	$vars = array('data', 'submit');
69	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_data', compact($vars)));
70
71	add_form_key('ucp_reg_details');
72
73	if ($submit)
74	{
75	// Do not check cur_password, it is the old one.
76	$check_ary = array(
77	'new_password' => array(
78	array('string', true, $config['min_pass_chars'], 0),
79	array('password')),
80	'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
81	'email' => array(
82	array('string', false, 6, 60),
83	array('user_email')),
84	);
85
86	if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
87	{
88	$check_ary['username'] = array(
89	array('string', false, $config['min_name_chars'], $config['max_name_chars']),
90	array('username'),
91	);
92	}
93
94	$error = validate_data($data, $check_ary);
95
96	if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
97	{
98	$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
99	}
100
101	// Instantiate passwords manager
102	/* @var $passwords_manager \phpbb\passwords\manager */
103	$passwords_manager = $phpbb_container->get('passwords.manager');
104
105	// Only check the new password against the previous password if there have been no errors
106	if (!count($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
107	{
108	$error[] = 'SAME_PASSWORD_ERROR';
109	}
110
111	if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
112	{
113	$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
114	}
115
116	if (!check_form_key('ucp_reg_details'))
117	{
118	$error[] = 'FORM_INVALID';
119	}
120
121	/**
122	* Validate user data on editing registration data in UCP
123	*
124	* @event core.ucp_profile_reg_details_validate
125	* @var array data Array with user profile data
126	* @var bool submit Flag indicating if submit button has been pressed
127	* @var array error Array of any generated errors
128	* @since 3.1.4-RC1
129	*/
130	$vars = array('data', 'submit', 'error');
131	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars)));
132
133	if (!count($error))
134	{
135	$sql_ary = array(
136	'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
137	'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
138	'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
139	'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
140	);
141
142	if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
143	{
144	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array(
145	'reportee_id' => $user->data['user_id'],
146	$user->data['username'],
147	$data['username']
148	));
149	}
150
151	if ($auth->acl_get('u_chgpasswd') && $data['new_password'])
152	{
153	$sql_ary['user_passchg'] = time();
154
155	$user->reset_login_keys();
156	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
157	'reportee_id' => $user->data['user_id'],
158	$user->data['username']
159	));
160	}
161
162	if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
163	{
164	$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
165	'reportee_id' => $user->data['user_id'],
166	$user->data['username'],
167	$user->data['user_email'],
168	$data['email']
169	));
170	}
171
172	$message = 'PROFILE_UPDATED';
173
174	if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF \|\| $config['require_activation'] == USER_ACTIVATION_ADMIN))
175	{
176	$message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
177
178	$server_url = generate_board_url();
179
180	$user_actkey = gen_rand_string(mt_rand(6, 10));
181
182	$email_method = $phpbb_container->get('messenger.method.email');
183	$template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
184	$email_method->template($template_file, $user->data['user_lang']);
185	$email_method->to($data['email'], $data['username']);
186	$email_method->anti_abuse_headers($config, $user);
187	$email_method->assign_vars([
188	'USERNAME' => html_entity_decode($data['username'], ENT_COMPAT),
189	'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey",
190	]);
191	$email_method->send();
192
193	if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
194	{
195	$notifications_manager = $phpbb_container->get('notification_manager');
196	$notifications_manager->add_notifications('notification.type.admin_activate_user', array(
197	'user_id' => $user->data['user_id'],
198	'user_actkey' => $user_actkey,
199	'user_actkey_expiration' => $user::get_token_expiration(),
200	'user_regdate' => time(), // Notification time
201	));
202	}
203
204	user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
205
206	// Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
207	$sql_ary['user_actkey'] = $user_actkey;
208	$sql_ary['user_newpasswd'] = '';
209	}
210
211	/**
212	* Modify user registration data before submitting it to the database
213	*
214	* @event core.ucp_profile_reg_details_sql_ary
215	* @var array data Array with current or updated user registration data
216	* @var array sql_ary Array with user registration data to submit to the database
217	* @since 3.1.4-RC1
218	*/
219	$vars = array('data', 'sql_ary');
220	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars)));
221
222	if (count($sql_ary))
223	{
224	$sql = 'UPDATE ' . USERS_TABLE . '
225	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
226	WHERE user_id = ' . $user->data['user_id'];
227	$db->sql_query($sql);
228	}
229
230	// Need to update config, forum, topic, posting, messages, etc.
231	if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
232	{
233	user_update_name($user->data['username'], $data['username']);
234	}
235
236	// Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
237	if (!empty($sql_ary['user_actkey']))
238	{
239	$index_route = $controller_helper->route('phpbb_index_controller');
240	meta_refresh(5, $index_route);
241	$message = $language->lang($message) . '<br /><br />' . sprintf($language->lang('RETURN_INDEX'), '<a href="' . $index_route . '">', '</a>');
242
243	// Because the user gets deactivated we log him out too, killing his session
244	$user->session_kill();
245	}
246	else
247	{
248	meta_refresh(3, $this->u_action);
249	$message = $language->lang($message) . '<br /><br />' . sprintf($language->lang('RETURN_UCP'), '<a href="' . $this->u_action . '">', '</a>');
250	}
251
252	trigger_error($message);
253	}
254
255	// Replace "error" strings with their real, localised form
256	$error = array_map(array($user, 'lang'), $error);
257	}
258
259	$template->assign_vars(array(
260	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
261
262	'USERNAME' => $data['username'],
263	'EMAIL' => $data['email'],
264	'PASSWORD_CONFIRM' => $data['password_confirm'],
265	'NEW_PASSWORD' => $data['new_password'],
266	'CUR_PASSWORD' => '',
267
268	'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS_XY', (int) $config['min_name_chars']), $user->lang('CHARACTERS_XY', (int) $config['max_name_chars'])),
269	'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
270
271	'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
272	'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
273	'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false,
274	'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false)
275	);
276	break;
277
278	case 'profile_info':
279	// Do not display profile information panel if not authed to do so
280	if (!$auth->acl_get('u_chgprofileinfo'))
281	{
282	send_status_line(403, 'Forbidden');
283	trigger_error('NO_AUTH_PROFILEINFO');
284	}
285
286	/* @var $cp \phpbb\profilefields\manager */
287	$cp = $phpbb_container->get('profilefields.manager');
288
289	$cp_data = $cp_error = array();
290
291	$data = [];
292
293	if ($config['allow_birthdays'])
294	{
295	$data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0;
296
297	if ($user->data['user_birthday'])
298	{
299	list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
300	}
301
302	$data['bday_day'] = $request->variable('bday_day', $data['bday_day']);
303	$data['bday_month'] = $request->variable('bday_month', $data['bday_month']);
304	$data['bday_year'] = $request->variable('bday_year', $data['bday_year']);
305	$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
306	}
307
308	/**
309	* Modify user data on editing profile in UCP
310	*
311	* @event core.ucp_profile_modify_profile_info
312	* @var array data Array with user profile data
313	* @var bool submit Flag indicating if submit button has been pressed
314	* @since 3.1.4-RC1
315	*/
316	$vars = array('data', 'submit');
317	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_profile_info', compact($vars)));
318
319	add_form_key('ucp_profile_info');
320
321	if ($submit)
322	{
323	$validate_array = [];
324
325	if ($config['allow_birthdays'])
326	{
327	$validate_array = array_merge($validate_array, array(
328	'bday_day' => array('num', true, 1, 31),
329	'bday_month' => array('num', true, 1, 12),
330	'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50),
331	'user_birthday' => array('date', true),
332	));
333	}
334
335	$error = validate_data($data, $validate_array);
336
337	// validate custom profile fields
338	$cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
339
340	if (count($cp_error))
341	{
342	$error = array_merge($error, $cp_error);
343	}
344
345	if (!check_form_key('ucp_profile_info'))
346	{
347	$error[] = 'FORM_INVALID';
348	}
349
350	/**
351	* Validate user data on editing profile in UCP
352	*
353	* @event core.ucp_profile_validate_profile_info
354	* @var array data Array with user profile data
355	* @var bool submit Flag indicating if submit button has been pressed
356	* @var array error Array of any generated errors
357	* @since 3.1.4-RC1
358	*/
359	$vars = array('data', 'submit', 'error');
360	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars)));
361
362	if (!count($error))
363	{
364	$sql_ary = [];
365
366	if ($config['allow_birthdays'])
367	{
368	$sql_ary['user_birthday'] = $data['user_birthday'];
369	}
370
371	/**
372	* Modify profile data in UCP before submitting to the database
373	*
374	* @event core.ucp_profile_info_modify_sql_ary
375	* @var array cp_data Array with the user custom profile fields data
376	* @var array data Array with user profile data
377	* @var array sql_ary user options data we update
378	* @since 3.1.4-RC1
379	*/
380	$vars = array('cp_data', 'data', 'sql_ary');
381	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars)));
382
383	// Skip query if no data to update
384	if (count($sql_ary))
385	{
386	$sql = 'UPDATE ' . USERS_TABLE . '
387	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
388	WHERE user_id = ' . $user->data['user_id'];
389	$db->sql_query($sql);
390	}
391
392	// Always update custom fields
393	$cp->update_profile_field_data($user->data['user_id'], $cp_data);
394
395	meta_refresh(3, $this->u_action);
396	$message = $language->lang('PROFILE_UPDATED') . '<br /><br />' . sprintf($language->lang('RETURN_UCP'), '<a href="' . $this->u_action . '">', '</a>');
397	trigger_error($message);
398	}
399
400	// Replace "error" strings with their real, localised form
401	$error = array_map(array($user, 'lang'), $error);
402	}
403
404	if ($config['allow_birthdays'])
405	{
406	$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
407	for ($i = 1; $i < 32; $i++)
408	{
409	$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
410	$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
411	}
412
413	$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
414	for ($i = 1; $i < 13; $i++)
415	{
416	$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
417	$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
418	}
419
420	$now = getdate();
421	$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
422	for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
423	{
424	$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
425	$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
426	}
427	unset($now);
428
429	$template->assign_vars(array(
430	'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
431	'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
432	'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options,
433	'S_BIRTHDAYS_ENABLED' => true,
434	));
435	}
436
437	$template->assign_vars(array(
438	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
439	));
440
441	// Get additional profile fields and assign them to the template block var 'profile_fields'
442	$user->get_profile_fields($user->data['user_id']);
443
444	$cp->generate_profile_fields('profile', $user->get_iso_lang_id());
445
446	break;
447
448	case 'signature':
449
450	if (!$auth->acl_get('u_sig'))
451	{
452	send_status_line(403, 'Forbidden');
453	trigger_error('NO_AUTH_SIGNATURE');
454	}
455
456	if (!function_exists('generate_smilies'))
457	{
458	include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
459	}
460
461	if (!function_exists('display_custom_bbcodes'))
462	{
463	include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
464	}
465
466	$preview = $request->is_set_post('preview');
467
468	$enable_bbcode = ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false;
469	$enable_smilies = ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false;
470	$enable_urls = ($config['allow_sig_links']) ? $user->optionget('sig_links') : false;
471
472	$bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0);
473
474	$decoded_message = generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $bbcode_flags);
475	$signature = $request->variable('signature', $decoded_message['text'], true);
476	$signature_preview = '';
477
478	if ($submit \|\| $preview)
479	{
480	$enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false;
481	$enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false;
482	$enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false;
483
484	if (!check_form_key('ucp_sig'))
485	{
486	$error[] = 'FORM_INVALID';
487	}
488	}
489
490	/**
491	* Modify user signature on editing profile in UCP
492	*
493	* @event core.ucp_profile_modify_signature
494	* @var bool enable_bbcode Whether or not bbcode is enabled
495	* @var bool enable_smilies Whether or not smilies are enabled
496	* @var bool enable_urls Whether or not urls are enabled
497	* @var string signature Users signature text
498	* @var array error Any error strings
499	* @var bool submit Whether or not the form has been sumitted
500	* @var bool preview Whether or not the signature is being previewed
501	* @since 3.1.10-RC1
502	* @changed 3.2.0-RC2 Removed message parser
503	*/
504	$vars = array(
505	'enable_bbcode',
506	'enable_smilies',
507	'enable_urls',
508	'signature',
509	'error',
510	'submit',
511	'preview',
512	);
513	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars)));
514
515	$bbcode_uid = $bbcode_bitfield = $bbcode_flags = '';
516	$warn_msg = generate_text_for_storage(
517	$signature,
518	$bbcode_uid,
519	$bbcode_bitfield,
520	$bbcode_flags,
521	$enable_bbcode,
522	$enable_urls,
523	$enable_smilies,
524	$config['allow_sig_img'],
525	true,
526	$config['allow_sig_links'],
527	'sig'
528	);
529
530	if (count($warn_msg))
531	{
532	$error += $warn_msg;
533	}
534
535	if (!$submit)
536	{
537	// Parse it for displaying
538	$signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags);
539	}
540	else
541	{
542	if (!count($error))
543	{
544	$user->optionset('sig_bbcode', $enable_bbcode);
545	$user->optionset('sig_smilies', $enable_smilies);
546	$user->optionset('sig_links', $enable_urls);
547
548	$sql_ary = array(
549	'user_sig' => $signature,
550	'user_options' => $user->data['user_options'],
551	'user_sig_bbcode_uid' => $bbcode_uid,
552	'user_sig_bbcode_bitfield' => $bbcode_bitfield
553	);
554
555	/**
556	* Modify user registration data before submitting it to the database
557	*
558	* @event core.ucp_profile_modify_signature_sql_ary
559	* @var array sql_ary Array with user signature data to submit to the database
560	* @since 3.1.10-RC1
561	*/
562	$vars = array('sql_ary');
563	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars)));
564
565	$sql = 'UPDATE ' . USERS_TABLE . '
566	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
567	WHERE user_id = ' . $user->data['user_id'];
568	$db->sql_query($sql);
569
570	$message = $language->lang('PROFILE_UPDATED') . '<br /><br />' . sprintf($language->lang('RETURN_UCP'), '<a href="' . $this->u_action . '">', '</a>');
571	trigger_error($message);
572	}
573	}
574
575	// Replace "error" strings with their real, localised form
576	$error = array_map(array($user, 'lang'), $error);
577
578	if ($request->is_set_post('preview'))
579	{
580	$decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags);
581	}
582
583	/** @var \phpbb\controller\helper $controller_helper */
584	$controller_helper = $phpbb_container->get('controller.helper');
585
586	$template->assign_vars(array(
587	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
588	'SIGNATURE' => $decoded_message['text'],
589	'SIGNATURE_PREVIEW' => $signature_preview,
590
591	'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '',
592	'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '',
593	'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '',
594
595	'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'),
596	'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $language->lang('SMILIES_ARE_ON') : $language->lang('SMILIES_ARE_OFF'),
597	'IMG_STATUS' => ($config['allow_sig_img']) ? $language->lang('IMAGES_ARE_ON') : $language->lang('IMAGES_ARE_OFF'),
598	'URL_STATUS' => ($config['allow_sig_links']) ? $language->lang('URL_IS_ON') : $language->lang('URL_IS_OFF'),
599	'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'],
600
601	'L_SIGNATURE_EXPLAIN' => $user->lang('SIGNATURE_EXPLAIN', (int) $config['max_sig_chars']),
602
603	'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
604	'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
605	'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
606	'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
607	);
608
609	add_form_key('ucp_sig');
610
611	// Build custom bbcodes array
612	display_custom_bbcodes();
613
614	// Generate smiley listing
615	generate_smilies('inline', 0);
616
617	break;
618
619	case 'avatar':
620
621	add_form_key('ucp_avatar');
622
623	$avatars_enabled = false;
624
625	if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar'))
626	{
627	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
628	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
629	$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
630
631	// This is normalised data, without the user_ prefix
632	$avatar_data = \phpbb\avatar\manager::clean_row($user->data, 'user');
633
634	if ($submit)
635	{
636	if (check_form_key('ucp_avatar'))
637	{
638	$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
639
640	if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete'))
641	{
642	$driver = $phpbb_avatar_manager->get_driver($driver_name);
643	$result = $driver->process_form($request, $template, $user, $avatar_data, $error);
644
645	if ($result && empty($error))
646	{
647	// Success! Lets save the result in the database
648	$result = array(
649	'user_avatar_type' => $driver_name,
650	'user_avatar' => $result['avatar'],
651	'user_avatar_width' => $result['avatar_width'],
652	'user_avatar_height' => $result['avatar_height'],
653	);
654
655	/**
656	* Trigger events on successful avatar change
657	*
658	* @event core.ucp_profile_avatar_sql
659	* @var array result Array with data to be stored in DB
660	* @since 3.1.11-RC1
661	*/
662	$vars = array('result');
663	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_sql', compact($vars)));
664
665	$sql = 'UPDATE ' . USERS_TABLE . '
666	SET ' . $db->sql_build_array('UPDATE', $result) . '
667	WHERE user_id = ' . (int) $user->data['user_id'];
668	$db->sql_query($sql);
669
670	if ($request->is_ajax())
671	{
672	$json_response = new \phpbb\json_response;
673	$json_response->send(array(
674	'success' => true,
675
676	'MESSAGE_TITLE' => $language->lang('INFORMATION'),
677	'MESSAGE_TEXT' => $language->lang('PROFILE_UPDATED'),
678	'REFRESH_DATA' => [
679	'time' => 3,
680	'url' => $this->u_action,
681	'text' => $language->lang('RETURN_TO_UCP'),
682	]
683	));
684	}
685	else
686	{
687	meta_refresh(3, $this->u_action);
688	$message = $language->lang('PROFILE_UPDATED') . '<br><br>' . $language->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
689	trigger_error($message);
690	}
691	}
692	else if ($request->is_ajax())
693	{
694	$error = $phpbb_avatar_manager->localize_errors($user, $error);
695
696	$json_response = new \phpbb\json_response;
697	$json_response->send([
698	'success' => false,
699	'error' => [
700	'title' => $language->lang('INFORMATION'),
701	'messages' => $error,
702	],
703	]);
704	}
705	}
706	}
707	else
708	{
709	$error[] = 'FORM_INVALID';
710	}
711	}
712
713	// Handle deletion of avatars
714	if ($request->is_set_post('avatar_delete'))
715	{
716	if (!confirm_box(true))
717	{
718	confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
719	'avatar_delete' => true,
720	'i' => $id,
721	'mode' => $mode))
722	);
723	}
724	else
725	{
726	$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, USERS_TABLE, 'user_');
727
728	meta_refresh(3, $this->u_action);
729	$message = $language->lang('PROFILE_UPDATED') . '<br /><br />' . sprintf($language->lang('RETURN_UCP'), '<a href="' . $this->u_action . '">', '</a>');
730	trigger_error($message);
731	}
732	}
733
734	$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
735
736	$template->assign_vars(array(
737	'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
738	'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
739	'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
740	'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
741	));
742
743	foreach ($avatar_drivers as $current_driver)
744	{
745	$driver = $phpbb_avatar_manager->get_driver($current_driver);
746
747	$avatars_enabled = true;
748	$template->set_filenames(array(
749	'avatar' => $driver->get_template_name(),
750	));
751
752	if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
753	{
754	$driver_name = $phpbb_avatar_manager->prepare_driver_name($current_driver);
755	$driver_upper = strtoupper($driver_name);
756
757	$template->assign_block_vars('avatar_drivers', array(
758	'L_TITLE' => $user->lang($driver_upper . '_TITLE'),
759	'L_EXPLAIN' => $user->lang($driver_upper . '_EXPLAIN'),
760
761	'DRIVER' => $driver_name,
762	'SELECTED' => $current_driver == $selected_driver,
763	'OUTPUT' => $template->assign_display('avatar'),
764	));
765	}
766	}
767
768	// Replace "error" strings with their real, localised form
769	$error = $phpbb_avatar_manager->localize_errors($user, $error);
770	}
771
772	/** @var \phpbb\avatar\helper $avatar_helper */
773	$avatar_helper = $phpbb_container->get('avatar.helper');
774
775	$avatar = $avatar_helper->get_user_avatar($user->data, 'USER_AVATAR', true);
776	$template->assign_vars($avatar_helper->get_template_vars($avatar));
777
778	$template->assign_vars(array(
779	'ERROR' => !empty($error) ? implode('<br />', $error) : '',
780
781	'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"',
782
783	'L_AVATAR_EXPLAIN' => phpbb_avatar_explanation_string(),
784
785	'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled),
786	));
787
788	break;
789
790	case 'autologin_keys':
791
792	add_form_key('ucp_autologin_keys');
793
794	if ($submit)
795	{
796	$keys = $request->variable('keys', array(''));
797
798	if (!check_form_key('ucp_autologin_keys'))
799	{
800	$error[] = 'FORM_INVALID';
801	}
802
803	if (!count($error))
804	{
805	if (!empty($keys))
806	{
807	foreach ($keys as $key => $id)
808	{
809	$keys[$key] = $db->sql_like_expression($id . $db->get_any_char());
810	}
811	$sql_where = '(key_id ' . implode(' OR key_id ', $keys) . ')';
812	$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
813	WHERE user_id = ' . (int) $user->data['user_id'] . '
814	AND ' . $sql_where ;
815
816	$db->sql_query($sql);
817
818	meta_refresh(3, $this->u_action);
819	$message = $language->lang('AUTOLOGIN_SESSION_KEYS_DELETED') . '<br /><br />' . sprintf($language->lang('RETURN_UCP'), '<a href="' . $this->u_action . '">', '</a>');
820	trigger_error($message);
821	}
822	}
823
824	// Replace "error" strings with their real, localised form
825	$error = array_map(array($user, 'lang'), $error);
826	}
827
828	$sql_ary = [
829	'SELECT' => 'sk.key_id, sk.last_ip, sk.last_login',
830	'FROM' => [SESSIONS_KEYS_TABLE => 'sk'],
831	'WHERE' => 'sk.user_id = ' . (int) $user->data['user_id'],
832	'ORDER_BY' => 'sk.last_login ASC',
833	];
834
835	/**
836	* Event allows changing SQL query for autologin keys
837	*
838	* @event core.ucp_profile_autologin_keys_sql
839	* @var array sql_ary Array with autologin keys SQL query
840	* @since 3.3.2-RC1
841	*/
842	$vars = ['sql_ary'];
843	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_sql', compact($vars)));
844
845	$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
846	$sessions = (array) $db->sql_fetchrowset($result);
847	$db->sql_freeresult($result);
848
849	$template_vars = [];
850	foreach ($sessions as $row)
851	{
852	$key = substr($row['key_id'], 0, 8);
853	$template_vars[$key] = [
854	'KEY' => $key,
855	'IP' => $row['last_ip'],
856	'LOGIN_TIME' => $user->format_date($row['last_login']),
857	];
858	}
859
860	/**
861	* Event allows changing template variables
862	*
863	* @event core.ucp_profile_autologin_keys_template_vars
864	* @var array sessions Array with session keys data
865	* @var array template_vars Array with template variables
866	* @since 3.3.2-RC1
867	*/
868	$vars = ['sessions', 'template_vars'];
869	extract($phpbb_dispatcher->trigger_event('core.ucp_profile_autologin_keys_template_vars', compact($vars)));
870
871	$template->assign_block_vars_array('sessions', $template_vars);
872
873	break;
874	}
875
876	$template->assign_vars(array(
877	'ERROR' => (count($error)) ? implode('<br />', $error) : '',
878
879	'L_TITLE' => $language->lang('UCP_PROFILE_' . strtoupper($mode)),
880
881	'S_HIDDEN_FIELDS' => $s_hidden_fields,
882	'S_UCP_ACTION' => $this->u_action)
883	);
884
885	// Set desired template
886	$this->tpl_name = 'ucp_profile_' . $mode;
887	$this->page_title = 'UCP_PROFILE_' . strtoupper($mode);
888	}
889	}