'u.*, g.g_id, g.g_user_title, g.g_moderator', 'FROM' => 'users AS u', 'JOINS' => array( array( 'LEFT JOIN' => 'groups AS g', 'ON' => 'g.g_id=u.group_id' ) ), 'WHERE' => 'u.id='.$id ); ($hook = get_hook('pf_qr_get_user_info')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); if (!$pun_db->num_rows($result)) message($lang_common['Bad request']); $user = $pun_db->fetch_assoc($result); if ($action == 'change_pass') { ($hook = get_hook('pf_change_pass_selected')) ? eval($hook) : null; // User pressed the cancel button if (isset($_POST['cancel'])) redirect(pun_link($pun_url['profile_about'], $id), $lang_common['Cancel redirect']); if (isset($_GET['key'])) { // If the user is already logged in we shouldn't be here :) if (!$pun_user['is_guest']) message($lang_profile['Pass logout']); ($hook = get_hook('pf_change_pass_key_supplied')) ? eval($hook) : null; $key = $_GET['key']; if ($key == '' || $key != $user['activate_key']) message(sprintf($lang_profile['Pass key bad'], ''.$pun_config['o_admin_email'].'')); else { if (isset($_POST['form_sent'])) { ($hook = get_hook('pf_change_pass_key_form_submitted')) ? eval($hook) : null; $new_password1 = trim($_POST['req_new_password1']); $new_password2 = trim($_POST['req_new_password2']); if (pun_strlen($new_password1) < 4) $errors[] = $lang_profile['Pass too short']; else if ($new_password1 != $new_password2) $errors[] = $lang_profile['Pass not match']; // Did everything go according to plan? if (empty($errors)) { $new_password_hash = sha1($user['salt'].sha1($new_password1)); $query = array( 'UPDATE' => 'users', 'SET' => 'password=\''.$new_password_hash.'\', activate_key=NULL', 'WHERE' => 'id='.$id ); ($hook = get_hook('pf_qr_update_password')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); redirect(pun_link($pun_url['index']), $lang_profile['Pass updated']); } } // Setup form $pun_page['set_count'] = $pun_page['fld_count'] = 0; $pun_page['form_action'] = pun_link($pun_url['change_password_key'], array($id, $key)); // Setup breadcrumbs $pun_page['crumbs'] = array( array($pun_config['o_board_title'], pun_link($pun_url['index'])), array(sprintf($lang_profile['Users profile'], $user['username'], $lang_profile['Section about']), pun_link($pun_url['profile_about'], $id)), $lang_profile['Change password'] ); ($hook = get_hook('pf_change_pass_key_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-changepass'); require PUN_ROOT.'header.php'; ?>

'.$cur_error.''; ($hook = get_hook('pf_pre_change_pass_key_errors')) ? eval($hook) : null; ?>

'.$lang_common['Required'].'') ?>

'users', 'SET' => 'password=\''.$new_password_hash.'\'', 'WHERE' => 'id='.$id ); ($hook = get_hook('pf_qr_update_password2')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); if ($pun_user['id'] == $id) { $expire = ($user['save_pass'] == '1') ? time() + 31536000 : 0; pun_setcookie($cookie_name, base64_encode($pun_user['id'].'|'.$new_password_hash), $expire); } redirect(pun_link($pun_url['profile_about'], $id), $lang_profile['Pass updated redirect']); } } // Setup form $pun_page['set_count'] = $pun_page['fld_count'] = 0; $pun_page['form_action'] = pun_link($pun_url['change_password'], $id); $pun_page['hidden_fields'][] = ''; if ($pun_user['is_admmod']) $pun_page['hidden_fields'][] = ''; // Setup breadcrumbs $pun_page['crumbs'] = array( array($pun_config['o_board_title'], pun_link($pun_url['index'])), array(sprintf($lang_profile['Users profile'], $user['username'], $lang_profile['Section about']), pun_link($pun_url['profile_about'], $id)), $lang_profile['Change password'] ); ($hook = get_hook('pf_change_pass_normal_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-changepass'); require PUN_ROOT.'header.php'; ?>

'.$cur_error.''; ($hook = get_hook('pf_pre_change_pass_errors')) ? eval($hook) : null; ?>

'.$lang_common['Required'].'') ?>

'.$pun_config['o_admin_email'].'')); else { $query = array( 'UPDATE' => 'users', 'SET' => 'email=activate_string, activate_string=NULL, activate_key=NULL', 'WHERE' => 'id='.$id ); ($hook = get_hook('pf_qr_update_email')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); message($lang_profile['E-mail updated']); } } else if (isset($_POST['form_sent'])) { ($hook = get_hook('pf_change_email_normal_form_submitted')) ? eval($hook) : null; if (sha1($pun_user['salt'].sha1($_POST['req_password'])) !== $pun_user['password']) $errors[] = $lang_profile['Wrong password']; require PUN_ROOT.'include/email.php'; // Validate the email-address $new_email = strtolower(trim($_POST['req_new_email'])); if (!is_valid_email($new_email)) $errors[] = $lang_common['Invalid e-mail']; // Check it it's a banned e-mail address if (is_banned_email($new_email)) { ($hook = get_hook('pf_change_email_normal_banned_email')) ? eval($hook) : null; if ($pun_config['p_allow_banned_email'] == '0') $errors[] = $lang_profile['Banned e-mail']; else if ($pun_config['o_mailing_list'] != '') { $mail_subject = 'Alert - Banned e-mail detected'; $mail_message = 'User \''.$pun_user['username'].'\' changed to banned e-mail address: '.$new_email."\n\n".'User profile: '.pun_link($pun_url['user'], $id)."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)'; pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); } } // Check if someone else already has registered with that e-mail address $query = array( 'SELECT' => 'u.id, u.username', 'FROM' => 'users AS u', 'WHERE' => 'u.email=\''.$pun_db->escape($new_email).'\'' ); ($hook = get_hook('pf_qr_check_email_dupe')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); if ($pun_db->num_rows($result)) { ($hook = get_hook('pf_change_email_normal_dupe_email')) ? eval($hook) : null; if ($pun_config['p_allow_dupe_email'] == '0') $errors[] = $lang_profile['Dupe e-mail']; else if (($pun_config['o_mailing_list'] != '') && empty($errors)) { while ($cur_dupe = $pun_db->fetch_assoc($result)) $dupe_list[] = $cur_dupe['username']; $mail_subject = 'Alert - Duplicate e-mail detected'; $mail_message = 'User \''.$pun_user['username'].'\' changed to an e-mail address that also belongs to: '.implode(', ', $dupe_list)."\n\n".'User profile: '.pun_link($pun_url['user'], $id)."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)'; pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); } } // Did everything go according to plan? if (empty($errors)) { $new_email_key = random_key(8, true); // Save new e-mail and activation key $query = array( 'UPDATE' => 'users', 'SET' => 'activate_string=\''.$pun_db->escape($new_email).'\', activate_key=\''.$new_email_key.'\'', 'WHERE' => 'id='.$id ); ($hook = get_hook('pf_qr_update_email_activation')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); // Load the "activate e-mail" template $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl')); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('', $pun_user['username'], $mail_message); $mail_message = str_replace('', $base_url.'/', $mail_message); $mail_message = str_replace('', str_replace('&', '&', pun_link($pun_url['change_email_key'], array($id, $new_email_key))), $mail_message); $mail_message = str_replace('', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message); ($hook = get_hook('pf_change_email_normal_pre_activation_email_sent')) ? eval($hook) : null; pun_mail($new_email, $mail_subject, $mail_message); message(sprintf($lang_profile['Activate e-mail sent'], ''.$pun_config['o_admin_email'].'')); } } // Setup form $pun_page['set_count'] = $pun_page['fld_count'] = 0; $pun_page['form_action'] = pun_link($pun_url['change_email'], $id); $pun_page['hidden_fields'][] = ''; if ($pun_user['is_admmod']) $pun_page['hidden_fields'][] = ''; // Setup form information $pun_page['frm_info'] = '

'.$lang_profile['E-mail info'].'

'; // Setup breadcrumbs $pun_page['crumbs'] = array( array($pun_config['o_board_title'], pun_link($pun_url['index'])), array(sprintf($lang_profile['Users profile'], $user['username'], $lang_profile['Section about']), pun_link($pun_url['profile_about'], $id)), $lang_profile['Change e-mail'] ); ($hook = get_hook('pf_change_email_normal_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-changemail'); require PUN_ROOT.'header.php'; ?>

'.$cur_error.''; ($hook = get_hook('pf_pre_change_email_errors')) ? eval($hook) : null; ?>

'.$lang_common['Required'].'') ?>

'.$lang_profile['Delete warning'].'', '

'.$lang_profile['Delete posts info'].'

' ); // Setup breadcrumbs $pun_page['crumbs'] = array( array($pun_config['o_board_title'], pun_link($pun_url['index'])), array(sprintf($lang_profile['Users profile'], $user['username'], $lang_profile['Section admin']), pun_link($pun_url['profile_admin'], $id)), $lang_profile['Delete user'] ); ($hook = get_hook('pf_delete_user_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'dialogue'); require PUN_ROOT.'header.php'; ?>

'users', 'SET' => 'group_id='.$new_group_id, 'WHERE' => 'id='.$id ); ($hook = get_hook('pf_qr_update_group')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); $query = array( 'SELECT' => 'g.g_moderator', 'FROM' => 'groups AS g', 'WHERE' => 'g.g_id='.$new_group_id ); ($hook = get_hook('pf_qr_check_new_group_mod')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); $new_group_mod = $pun_db->result($result); // If the user was a moderator or an administrator (and no longer is), we remove him/her from the moderator list in all forums if (($user['g_id'] == PUN_ADMIN || $user['g_moderator'] == '1') && $new_group_id != PUN_ADMIN && $new_group_mod != '1') clean_forum_moderators(); redirect(pun_link($pun_url['profile_admin'], $id), $lang_profile['Group membership redirect']); } else if (isset($_POST['update_forums'])) { if ($pun_user['g_id'] != PUN_ADMIN) message($lang_common['No permission']); ($hook = get_hook('pf_forum_moderators_form_submitted')) ? eval($hook) : null; $moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array(); // Loop through all forums $query = array( 'SELECT' => 'f.id, f.moderators', 'FROM' => 'forums AS f' ); ($hook = get_hook('pf_qr_get_all_forum_mods')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); while ($cur_forum = $pun_db->fetch_assoc($result)) { $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); // If the user should have moderator access (and he/she doesn't already have it) if (in_array($cur_forum['id'], $moderator_in) && !in_array($id, $cur_moderators)) { $cur_moderators[$user['username']] = $id; ksort($cur_moderators); } // If the user shouldn't have moderator access (and he/she already has it) else if (!in_array($cur_forum['id'], $moderator_in) && in_array($id, $cur_moderators)) unset($cur_moderators[$user['username']]); $cur_moderators = (!empty($cur_moderators)) ? '\''.$pun_db->escape(serialize($cur_moderators)).'\'' : 'NULL'; $query = array( 'UPDATE' => 'forums', 'SET' => 'moderators='.$cur_moderators, 'WHERE' => 'id='.$cur_forum['id'] ); ($hook = get_hook('pf_qr_update_forum_moderators')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); } redirect(pun_link($pun_url['profile_admin'], $id), $lang_profile['Update forums redirect']); } else if (isset($_POST['ban'])) { if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0')) message($lang_common['No permission']); ($hook = get_hook('pf_ban_user_selected')) ? eval($hook) : null; redirect(pun_link($pun_url['admin_bans']).'?add_ban='.$id, $lang_profile['Ban redirect']); } else if (isset($_POST['form_sent'])) { // Make sure we are allowed to edit this user's profile if ($pun_user['id'] != $id && $pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_edit_users'] == '0' || $user['g_id'] == PUN_ADMIN || $user['g_moderator'] == '1')) message($lang_common['No permission']); ($hook = get_hook('pf_change_details_form_submitted')) ? eval($hook) : null; // Extract allowed elements from $_POST['form'] function extract_elements($allowed_elements) { $form = array(); while (list($key, $value) = @each($_POST['form'])) { if (in_array($key, $allowed_elements)) $form[$key] = $value; } return $form; } $username_updated = false; // Validate input depending on section switch ($section) { case 'identity': { $form = extract_elements(array('realname', 'url', 'location', 'jabber', 'icq', 'msn', 'aim', 'yahoo')); ($hook = get_hook('pf_change_details_identity_validation')) ? eval($hook) : null; if ($pun_user['is_admmod']) { // Are we allowed to change usernames? if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_rename_users'] == '1')) { $form['username'] = trim($_POST['req_username']); $old_username = trim($_POST['old_username']); // Validate the new username $errors = array_merge($errors, validate_username($form['username'], $id)); if ($form['username'] != $old_username) $username_updated = true; } // We only allow administrators to update the post count if ($pun_user['g_id'] == PUN_ADMIN) $form['num_posts'] = intval($_POST['num_posts']); } if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod']) { require PUN_ROOT.'include/email.php'; // Validate the email-address $form['email'] = strtolower(trim($_POST['req_email'])); if (!is_valid_email($form['email'])) $errors[] = $lang_common['Invalid e-mail']; } if ($pun_user['is_admmod']) $form['admin_note'] = trim($_POST['admin_note']); if ($pun_user['g_id'] == PUN_ADMIN) $form['title'] = trim($_POST['title']); else if ($pun_user['g_set_title'] == '1') { $form['title'] = trim($_POST['title']); if ($form['title'] != '') { // A list of words that the title may not contain // If the language is English, there will be some duplicates, but it's not the end of the world $forbidden = array('Member', 'Moderator', 'Administrator', 'Banned', 'Guest', $lang_common['Member'], $lang_common['Moderator'], $lang_common['Administrator'], $lang_common['Banned'], $lang_common['Guest']); if (in_array($form['title'], $forbidden)) $errors[] = $lang_profile['Forbidden title']; } } // Add http:// if the URL doesn't contain it already if ($form['url'] != '' && strpos(strtolower($form['url']), 'http://') !== 0) $form['url'] = 'http://'.$form['url']; // If the ICQ UIN contains anything other than digits it's invalid if ($form['icq'] != '' && !ctype_digit($form['icq'])) $errors[] = $lang_profile['Bad ICQ']; break; } case 'settings': { $form = extract_elements(array('dst', 'timezone', 'language', 'email_setting', 'save_pass', 'notify_with_post', 'auto_notify', 'time_format', 'date_format', 'disp_topics', 'disp_posts', 'show_smilies', 'show_img', 'show_img_sig', 'show_avatars', 'show_sig', 'style')); ($hook = get_hook('pf_change_details_settings_validation')) ? eval($hook) : null; $form['dst'] = (isset($form['dst'])) ? 1 : 0; $form['time_format'] = (isset($form['time_format'])) ? intval($form['time_format']) : 0; $form['date_format'] = (isset($form['date_format'])) ? intval($form['date_format']) : 0; $form['email_setting'] = intval($form['email_setting']); if ($form['email_setting'] < 0 && $form['email_setting'] > 2) $form['email_setting'] = 1; if (!isset($form['save_pass']) || $form['save_pass'] != '1') $form['save_pass'] = '0'; if ($pun_config['o_subscriptions'] == '1') { if (!isset($form['notify_with_post']) || $form['notify_with_post'] != '1') $form['notify_with_post'] = '0'; if (!isset($form['auto_notify']) || $form['auto_notify'] != '1') $form['auto_notify'] = '0'; } // If the save_pass setting has changed, we need to set a new cookie with the appropriate expire date if ($pun_user['id'] == $id && $form['save_pass'] != $pun_user['save_pass']) pun_setcookie($cookie_name, base64_encode($id.'|'.$user['password']), ($form['save_pass'] == '1') ? time() + 31536000 : 0); // Make sure we got a valid language string if (isset($form['language'])) { $form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']); if (!file_exists(PUN_ROOT.'lang/'.$form['language'].'/common.php')) message($lang_common['Bad request']); } if ($form['disp_topics'] != '' && intval($form['disp_topics']) < 3) $form['disp_topics'] = 3; if ($form['disp_topics'] != '' && intval($form['disp_topics']) > 75) $form['disp_topics'] = 75; if ($form['disp_posts'] != '' && intval($form['disp_posts']) < 3) $form['disp_posts'] = 3; if ($form['disp_posts'] != '' && intval($form['disp_posts']) > 75) $form['disp_posts'] = 75; if (!isset($form['show_smilies']) || $form['show_smilies'] != '1') $form['show_smilies'] = '0'; if (!isset($form['show_img']) || $form['show_img'] != '1') $form['show_img'] = '0'; if (!isset($form['show_img_sig']) || $form['show_img_sig'] != '1') $form['show_img_sig'] = '0'; if (!isset($form['show_avatars']) || $form['show_avatars'] != '1') $form['show_avatars'] = '0'; if (!isset($form['show_sig']) || $form['show_sig'] != '1') $form['show_sig'] = '0'; // Make sure we got a valid style string if (isset($form['style'])) { $form['style'] = preg_replace('#[\.\\\/]#', '', $form['style']); if (!file_exists(PUN_ROOT.'style/'.$form['style'].'/'.$form['style'].'.php')) message($lang_common['Bad request']); } break; } case 'signature': { if ($pun_config['o_signatures'] == '0') message($lang_profile['Signatures disabled']); ($hook = get_hook('pf_change_details_signature_validation')) ? eval($hook) : null; // Clean up signature from POST $form['signature'] = pun_linebreaks(trim($_POST['signature'])); // Validate signature if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) $errors[] = sprintf($lang_profile['Sig too long'], $pun_config['p_sig_length']); if (substr_count($form['signature'], "\n") > ($pun_config['p_sig_lines'] - 1)) $errors[] = sprintf($lang_profile['Sig too many lines'], $pun_config['p_sig_lines']); if ($form['signature'] != '' && $pun_config['p_sig_all_caps'] == '0' && strtoupper($form['signature']) == $form['signature'] && !$pun_user['is_admmod']) $form['signature'] = ucwords(strtolower($form['signature'])); // Validate BBCode syntax if ($pun_config['p_sig_bbcode'] == '1' && strpos($form['signature'], '[') !== false && strpos($form['signature'], ']') !== false) { require PUN_ROOT.'include/parser.php'; $form['signature'] = preparse_bbcode($form['signature'], $errors, true); } break; } case 'avatar': { if ($pun_config['o_avatars'] == '0') message($lang_profile['Avatars disabled']); ($hook = get_hook('pf_change_details_avatar_validation')) ? eval($hook) : null; if (!isset($_FILES['req_file'])) { $errors[] = $lang_profile['No file']; break; } else $uploaded_file = $_FILES['req_file']; // Make sure the upload went smooth if (isset($uploaded_file['error']) && empty($errors)) { switch ($uploaded_file['error']) { case 1: // UPLOAD_ERR_INI_SIZE case 2: // UPLOAD_ERR_FORM_SIZE $errors[] = $lang_profile['Too large ini']; break; case 3: // UPLOAD_ERR_PARTIAL $errors[] = $lang_profile['Partial upload']; break; case 4: // UPLOAD_ERR_NO_FILE $errors[] = $lang_profile['No file']; break; case 6: // UPLOAD_ERR_NO_TMP_DIR $errors[] = $lang_profile['No tmp directory']; break; default: // No error occured, but was something actually uploaded? if ($uploaded_file['size'] == 0) $errors[] = $lang_profile['No file']; break; } } if (is_uploaded_file($uploaded_file['tmp_name']) && empty($errors)) { $allowed_types = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png'); if (!in_array($uploaded_file['type'], $allowed_types)) $errors[] = $lang_profile['Bad type']; else { // Make sure the file isn't too big if ($uploaded_file['size'] > $pun_config['o_avatars_size']) $errors[] = sprintf($lang_profile['Too large'], $pun_config['o_avatars_size']); } if (empty($errors)) { // Determine type $extensions = null; if ($uploaded_file['type'] == 'image/gif') $extensions = array('.gif', '.jpg', '.png'); else if ($uploaded_file['type'] == 'image/jpeg' || $uploaded_file['type'] == 'image/pjpeg') $extensions = array('.jpg', '.gif', '.png'); else $extensions = array('.png', '.gif', '.jpg'); // Move the file to the avatar directory. We do this before checking the width/height to circumvent open_basedir restrictions. if (!@move_uploaded_file($uploaded_file['tmp_name'], $pun_config['o_avatars_dir'].'/'.$id.'.tmp')) $errors[] = sprintf($lang_profile['Move failed'], ''.$pun_config['o_admin_email'].''); if (empty($errors)) { // Now check the width/height list($width, $height, $type,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) { @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); $errors[] = sprintf($lang_profile['Too wide or high'], $pun_config['o_avatars_width'], $pun_config['o_avatars_height']); } else if ($type == 1 && $uploaded_file['type'] != 'image/gif') // Prevent dodgy uploads { @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); $errors[] = $lang_profile['Bad type']; } if (empty($errors)) { // Delete any old avatars if (file_exists($pun_config['o_avatars_dir'].'/'.$id.$extensions[0])) @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); if (file_exists($pun_config['o_avatars_dir'].'/'.$id.$extensions[1])) @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[1]); if (file_exists($pun_config['o_avatars_dir'].'/'.$id.$extensions[2])) @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[2]); // Put the new avatar in its place @rename($pun_config['o_avatars_dir'].'/'.$id.'.tmp', $pun_config['o_avatars_dir'].'/'.$id.$extensions[0]); @chmod($pun_config['o_avatars_dir'].'/'.$id.$extensions[0], 0644); } } } } else if (empty($errors)) $errors[] = $lang_profile['Unknown failure']; break; } default: { ($hook = get_hook('pf_change_details_new_section_validation')) ? eval($hook) : null; break; } } // All sections apart from avatar potentially affect the database if (($section != 'avatar') && empty($errors)) { ($hook = get_hook('pf_change_details_database_validation')) ? eval($hook) : null; // Singlequotes around non-empty values and NULL for empty values $temp = array(); while (list($key, $input) = @each($form)) { $value = ($input !== '') ? '\''.$pun_db->escape($input).'\'' : 'NULL'; $temp[] = $key.'='.$value; } // Make sure we have something to update if (empty($temp)) message($lang_common['Bad request']); // Run the update $query = array( 'UPDATE' => 'users', 'SET' => implode(',', $temp), 'WHERE' => 'id='.$id ); ($hook = get_hook('pf_qr_update_user')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); // If we changed the username we have to update some stuff if ($username_updated) { ($hook = get_hook('pf_change_details_username_changed')) ? eval($hook) : null; $query = array( 'UPDATE' => 'posts', 'SET' => 'poster=\''.$pun_db->escape($form['username']).'\'', 'WHERE' => 'poster_id='.$id ); ($hook = get_hook('pf_qr_update_username1')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); $query = array( 'UPDATE' => 'topics', 'SET' => 'poster=\''.$pun_db->escape($form['username']).'\'', 'WHERE' => 'poster=\''.$pun_db->escape($old_username).'\'' ); ($hook = get_hook('pf_qr_update_username2')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); $query = array( 'UPDATE' => 'topics', 'SET' => 'last_poster=\''.$pun_db->escape($form['username']).'\'', 'WHERE' => 'last_poster=\''.$pun_db->escape($old_username).'\'' ); ($hook = get_hook('pf_qr_update_username3')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); $query = array( 'UPDATE' => 'forums', 'SET' => 'last_poster=\''.$pun_db->escape($form['username']).'\'', 'WHERE' => 'last_poster=\''.$pun_db->escape($old_username).'\'' ); ($hook = get_hook('pf_qr_update_username4')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); $query = array( 'UPDATE' => 'online', 'SET' => 'ident=\''.$pun_db->escape($form['username']).'\'', 'WHERE' => 'ident=\''.$pun_db->escape($old_username).'\'' ); ($hook = get_hook('pf_qr_update_username5')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); // If the user is a moderator or an administrator we have to update the moderator lists and bans cache if ($user['g_id'] == PUN_ADMIN || $user['g_moderator'] == '1') { $query = array( 'SELECT' => 'f.id, f.moderators', 'FROM' => 'forums AS f' ); ($hook = get_hook('pf_qr_get_all_forum_mods2')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); while ($cur_forum = $pun_db->fetch_assoc($result)) { $cur_moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); if (in_array($id, $cur_moderators)) { unset($cur_moderators[$old_username]); $cur_moderators[$form['username']] = $id; ksort($cur_moderators); $query = array( 'UPDATE' => 'forums', 'SET' => 'moderators=\''.$pun_db->escape(serialize($cur_moderators)).'\'', 'WHERE' => 'id='.$cur_forum['id'] ); ($hook = get_hook('pf_qr_update_forum_moderators2')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); } } // Regenerate the bans cache require_once PUN_ROOT.'include/cache.php'; generate_bans_cache(); } } redirect(pun_link($pun_url['profile_'.$section], $id), $lang_profile['Profile redirect']); } } ($hook = get_hook('pf_new_action')) ? eval($hook) : null; if ($user['signature'] != '') { require_once PUN_ROOT.'include/parser.php'; $parsed_signature = parse_signature($user['signature']); } // View or edit? if ($pun_user['id'] != $id && $pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_edit_users'] == '0' || $user['g_id'] == PUN_ADMIN || $user['g_moderator'] == '1')) { ($hook = get_hook('pf_view_details_selected')) ? eval($hook) : null; // Setup user identification $pun_page['user_ident'] = array(); if ($pun_config['o_avatars'] == '1') { if ($pun_page['img_size'] = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.gif')) $pun_page['avatar_format'] = 'gif'; else if ($pun_page['img_size'] = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.jpg')) $pun_page['avatar_format'] = 'jpg'; else if ($pun_page['img_size'] = @getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.png')) $pun_page['avatar_format'] = 'png'; else $pun_page['avatar_format'] = ''; if ($pun_page['avatar_format'] != '') $pun_page['user_ident'][] = ' '.$lang_profile['Avatar'].'

'; } $pun_page['user_ident'][] = ''.pun_htmlencode($user['username']).''; // Setup user information $pun_page['user_info'] = array( '

'.$lang_profile['Title'].' '.get_title($user).'

', '

'.$lang_profile['From'].' '.(($user['location'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['location']) : $user['location']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['Registered'].' '.format_time($user['registered'], true).'

' ); if ($pun_config['o_show_post_count'] == '1' || $pun_user['is_admmod']) $pun_page['user_info'][] = '

'.$lang_profile['Posts'].' '.$user['num_posts'].'

'; // Setup user actions $pun_page['user_actions'] = array(); if ($user['email_setting'] != '2' && !$pun_user['is_guest'] && $pun_user['g_send_email'] == '1') $pun_page['user_actions'][] = '

'.$lang_common['Send forum e-mail'].'

'; if ($pun_user['g_search'] == '1') { $pun_page['user_actions'][] = '

'.$lang_profile['Show posts'].'

'; $pun_page['user_actions'][] = '

'.$lang_profile['Show topics'].'

'; } // Setup user data $pun_page['user_data'] = array( '

'.$lang_profile['Realname'].' '.(($user['realname'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['realname']) : $user['realname']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['Last post'].' '.format_time($user['last_post']).'

' ); if ($user['email_setting'] == '0' && !$pun_user['is_guest'] && $pun_user['g_send_email'] == '1') $pun_page['user_data'][] = '

'.$lang_profile['E-mail'].' '.($pun_config['o_censoring'] == '1' ? censor_words($user['email']) : $user['email']).'

'; else $pun_page['user_data'][] = '

'.$lang_profile['E-mail'].' '.$lang_profile['Private'].'

'; if ($user['url'] != '') { if ($pun_config['o_censoring'] == '1') $user['url'] = censor_words($user['url']); $user['url'] = pun_htmlencode($user['url']); $pun_page['url'] = ''.$user['url'].''; } else $pun_page['url'] = $lang_profile['Unknown']; array_push( $pun_page['user_data'], '

'.$lang_profile['Website'].' '.$pun_page['url'].'

', '

'.$lang_profile['Jabber'].' '.(($user['jabber'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['jabber']) : $user['jabber']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['ICQ'].' '.(($user['icq'] !='') ? pun_htmlencode($user['icq']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['MSN'].' '.(($user['msn'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['msn']) : $user['msn']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['AOL IM'].' '.(($user['aim'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['aim']) : $user['aim']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['Yahoo'].' '.(($user['yahoo'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['yahoo']) : $user['yahoo']) : $lang_profile['Unknown']).'

' ); if ($pun_config['o_signatures'] == '1' && isset($parsed_signature)) $pun_page['sig_demo'] = $parsed_signature; // Setup breadcrumbs $pun_page['crumbs'] = array( array($pun_config['o_board_title'], pun_link($pun_url['index'])), sprintf($lang_profile['Users profile'], $user['username']) ); ($hook = get_hook('pf_view_details_pre_header_load')) ? eval($hook) : null; define('PUN_ALLOW_INDEX', 1); define('PUN_PAGE', 'profile'); require PUN_ROOT.'header.php'; ?>

'; } $pun_page['user_ident'][] = ''.pun_htmlencode($user['username']).''; // Setup user information $pun_page['user_info'] = array( '

'.$lang_profile['Title'].' '.get_title($user).'

', '

'.$lang_profile['From'].' '.(($user['location'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['location']) : $user['location']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['Registered'].' '.format_time($user['registered'], true).'

' ); if ($pun_config['o_show_post_count'] == '1' || $pun_user['is_admmod']) $pun_page['user_info'][] = '

'.$lang_profile['Posts'].' '.$user['num_posts'].'

'; if ($pun_user['is_admmod']) $pun_page['user_info'][]= '

'.$lang_profile['IP'].' '.pun_htmlencode($user['registration_ip']).'

'; if ($pun_user['is_admmod'] && $user['admin_note'] != '') $pun_page['user_info'][] = '

'.$lang_profile['Note'].' '.pun_htmlencode($user['admin_note']).'

'; // Setup user actions $pun_page['user_actions'] = array(); if ($pun_user['id'] == $id || $pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_change_passwords'] == '1')) $pun_page['user_actions'][] = '

'.$lang_profile['Change password'].'

'; if (!$pun_user['is_admmod'] && $pun_config['o_regs_verify'] == '1') $pun_page['user_actions'][] = '

'.$lang_profile['Change e-mail'].'

'; if (($user['email_setting'] != '2' || $pun_user['is_admmod']) && $pun_user['g_send_email'] == '1') $pun_page['user_actions'][] = '

'.$lang_profile['Send forum e-mail'].'

'; if ($pun_user['g_search'] == '1' || $pun_user['is_admmod']) { $pun_page['user_actions'][] = '

'.$lang_profile['Show posts'].'

'; $pun_page['user_actions'][] = '

'.$lang_profile['Show topics'].'

'; } // Setup user data $pun_page['user_data'] = array( '

'.$lang_profile['Realname'].' '.(($user['realname'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['realname']) : $user['realname']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['Last post'].' '.format_time($user['last_post']).'

' ); if (($user['email_setting'] == '0' && !$pun_user['is_guest']) && $pun_user['g_send_email'] == '1') $pun_page['user_data'][] = '

'.$lang_profile['E-mail'].' '.($pun_config['o_censoring'] == '1' ? censor_words($user['email']) : $user['email']).'

'; else $pun_page['user_data'][] = '

'.$lang_profile['E-mail'].' '.$lang_profile['Private'].'

'; if ($user['url'] != '') { $user['url'] = pun_htmlencode($user['url']); if ($pun_config['o_censoring'] == '1') $user['url'] = censor_words($user['url']); $pun_page['url'] = ''.$user['url'].''; } else $pun_page['url'] = $lang_profile['Unknown']; array_push( $pun_page['user_data'], '

'.$lang_profile['Website'].' '.$pun_page['url'].'

', '

'.$lang_profile['Jabber'].' '.(($user['jabber'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['jabber']) : $user['jabber']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['ICQ'].' '.(($user['icq'] !='') ? pun_htmlencode($user['icq']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['MSN'].' '.(($user['msn'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['msn']) : $user['msn']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['AOL IM'].' '.(($user['aim'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['aim']) : $user['aim']) : $lang_profile['Unknown']).'

', '

'.$lang_profile['Yahoo'].' '.(($user['yahoo'] !='') ? pun_htmlencode(($pun_config['o_censoring'] == '1') ? censor_words($user['yahoo']) : $user['yahoo']) : $lang_profile['Unknown']).'

' ); if ($pun_config['o_signatures'] == '1' && isset($parsed_signature)) $pun_page['sig_demo'] = $parsed_signature; ($hook = get_hook('pf_change_details_about_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-about'); require PUN_ROOT.'header.php'; ?>

'; if ($pun_user['is_admmod']) $pun_page['hidden_fields'][] = ''; if ($pun_user['is_admmod'] && ($pun_user['g_id'] == PUN_ADMIN || $pun_user['g_mod_rename_users'] == '1')) $pun_page['hidden_fields'][] = ''; // Does the form have required fields $pun_page['has_required'] = ((($pun_user['is_admmod'] && ($pun_user['g_id'] == PUN_ADMIN || $pun_user['g_mod_rename_users'] == '1')) || ($pun_user['is_admmod'] || $pun_config['o_regs_verify'] != '1')) ? true : false); ($hook = get_hook('pf_change_details_identity_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-identity'); require PUN_ROOT.'header.php'; ?>

:

'.$cur_error.''; ($hook = get_hook('pf_pre_change_details_identity_errors')) ? eval($hook) : null; ?>

'.$lang_common['Required'].'') ?>

read()) !== false) { if ($pun_page['entry'] != '.' && $pun_page['entry'] != '..' && is_dir(PUN_ROOT.'style/'.$pun_page['entry']) && file_exists(PUN_ROOT.'style/'.$pun_page['entry'].'/'.$pun_page['entry'].'.css')) $pun_page['styles'][] = $pun_page['entry']; } $pun_page['d']->close(); // Setup the form $pun_page['set_count'] = $pun_page['fld_count'] = 0; $pun_page['form_action'] = pun_link($pun_url['profile_settings'], $id); $pun_page['hidden_fields'][] = ''; if ($pun_user['is_admmod']) $pun_page['hidden_fields'][] = ''; ($hook = get_hook('pf_change_details_settings_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-settings'); require PUN_ROOT.'header.php'; ?>

:

read()) !== false) { if ($pun_page['entry'] != '.' && $pun_page['entry'] != '..' && is_dir(PUN_ROOT.'lang/'.$pun_page['entry']) && file_exists(PUN_ROOT.'lang/'.$pun_page['entry'].'/common.php')) $pun_page['languages'][] = $pun_page['entry']; } $pun_page['d']->close(); // Only display the language selection box if there's more than one language available if (count($pun_page['languages']) > 1) { natcasesort($pun_page['languages']); ?>

'."\n"; else if (count($pun_page['styles']) > 1) { natcasesort($pun_page['styles']); ?>

'.$lang_profile['Signature info'].''; if ($user['signature'] != '') $pun_page['sig_demo'] = $parsed_signature; // Setup the form $pun_page['set_count'] = $pun_page['fld_count'] = 0; $pun_page['form_action'] = pun_link($pun_url['profile_signature'], $id); $pun_page['hidden_fields'][] = ''; if ($pun_user['is_admmod']) $pun_page['hidden_fields'][] = ''; // Setup help $pun_page['main_head_options'] = array(); if ($pun_config['p_sig_bbcode'] == '1') $pun_page['main_head_options'][] = ''.$lang_common['BBCode'].''; if ($pun_config['p_sig_img_tag'] == '1') $pun_page['main_head_options'][] = ''.$lang_common['Images'].''; if ($pun_config['o_smilies_sig'] == '1') $pun_page['main_head_options'][] = ''.$lang_common['Smilies'].''; ($hook = get_hook('pf_change_details_signature_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-signature'); require PUN_ROOT.'header.php'; ?>

:

'.sprintf($lang_common['You may use'], implode(' ', $pun_page['main_head_options'])).'

'."\n" ?>

'.$cur_error.''; ($hook = get_hook('pf_pre_change_details_signature_errors')) ? eval($hook) : null; ?>

', '' ); if ($pun_user['is_admmod']) $pun_page['hidden_fields'][] = ''; // Setup form information $pun_page['frm_info'] = array(); if ($pun_page['avatar_format'] != '') { $pun_page['frm_info'][] = '

'.$lang_profile['Avatar info change'].'

'; $pun_page['frm_info'][] = '

'.$lang_profile['Avatar info type'].'

'; $pun_page['frm_info'][] = '

'.sprintf($lang_profile['Avatar info size'], $pun_config['o_avatars_width'], $pun_config['o_avatars_height'], $pun_config['o_avatars_size'], ceil($pun_config['o_avatars_size'] / 1024)).'

'; $pun_page['avatar_demo'] = ' '.$lang_profile['Avatar'].'

'; } else { $pun_page['frm_info'][] = '

'.$lang_profile['Avatar info none'].'

'; $pun_page['frm_info'][] = '

'.sprintf($lang_profile['Avatar info size'], $pun_config['o_avatars_width'], $pun_config['o_avatars_height'], $pun_config['o_avatars_size'], ceil($pun_config['o_avatars_size'] / 1024)).'

'; } ($hook = get_hook('pf_change_details_avatar_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-avatar'); require PUN_ROOT.'header.php'; ?>

:

'.$cur_error.''; ($hook = get_hook('pf_pre_change_details_avatar_errors')) ? eval($hook) : null; ?>

'.$lang_profile['Ban user'].': '.$lang_profile['Ban user info'].''; $pun_page['user_management'][] = '

'.$lang_profile['Manage ban'].'

'; } else if ($pun_user['g_moderator'] != '1' && $user['g_id'] != PUN_ADMIN ) { $pun_page['user_actions'][] = '

'.$lang_profile['Ban user'].': '.$lang_profile['Ban user info'].'

'; $pun_page['user_actions'][] = '

'.$lang_profile['Delete user'].': '.$lang_profile['Delete user info'].'

'; $pun_page['user_management'][] = '

'.$lang_profile['Manage ban'].'

'; $pun_page['user_management'][] = '

'.$lang_profile['Manage delete'].'

'; } if ($pun_user['g_moderator'] != '1' && $pun_user['id'] != $id && $user['g_id'] == PUN_ADMIN ) $pun_page['user_management'][] = '

'.$lang_profile['Manage groups'].'

'; // Setup form $pun_page['fld_count'] = $pun_page['set_count'] = 0; $pun_page['form_action'] = pun_link($pun_url['profile_admin'], $id); $pun_page['hidden_fields'][] = ''; if ($pun_user['is_admmod']) $pun_page['hidden_fields'][] = ''; ($hook = get_hook('pf_change_details_admin_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE', 'profile-admin'); require PUN_ROOT.'header.php'; ?>

:

'c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.moderators', 'FROM' => 'categories AS c', 'JOINS' => array( array( 'INNER JOIN' => 'forums AS f', 'ON' => 'c.id=f.cat_id' ) ), 'WHERE' => 'f.redirect_url IS NULL', 'ORDER BY' => 'c.disp_position, c.id, f.disp_position' ); ($hook = get_hook('pf_qr_get_cats_and_forums')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); $cur_category = 0; while ($cur_forum = $pun_db->fetch_assoc($result)) { if ($cur_forum['cid'] != $cur_category) // A new category since last iteration? { if ($cur_category) echo "\n\t\t\t\t\t".'

'."\n"; echo "\t\t\t\t".'

'."\n\t\t\t\t\t".''.$cur_forum['cat_name'].':'."\n"; $cur_category = $cur_forum['cid']; } $moderators = ($cur_forum['moderators'] != '') ? unserialize($cur_forum['moderators']) : array(); echo "\t\t\t\t\t".'

'.pun_htmlencode($cur_forum['forum_name']).'

'."\n"; } ?>