<?php
if(!defined('DATALIFEENGINE'))
{
die("Hacking attempt!");
}
include_once ENGINE_DIR.'/classes/parse.class.php';
//####################################################################################################################
// Обновление информации о пользователе
//####################################################################################################################
if($allow_userinfo AND $doaction == "adduserinfo"){
if ($_POST['dle_allow_hash'] == "" OR $_POST['dle_allow_hash'] != $dle_login_hash) {
die("Hacking attempt! User ID not valid");
}
$parse = new ParseFilter();
$parse->safe_mode = true;
$stop = false;
$password1 = $db->safesql($parse->process($_POST['password1']));
$password2 = $db->safesql($parse->process($_POST['password2']));
$altpass = md5($_POST['altpass']);
$info = $db->safesql($parse->BB_Parse($parse->process($_POST['info']), false));
$signature = $db->safesql($parse->BB_Parse($parse->process($_POST['signature']), false));
$email = $db->safesql($parse->process($_POST['email']));
$fullname = $db->safesql($parse->process($_POST['fullname']));
$land = $db->safesql($parse->process($_POST['land']));
$icq = $db->safesql($parse->process($_POST['icq']));
$allowed_ip = $db->safesql($parse->process(trim($_POST['allowed_ip'])));
$row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE name = '$user'");
$xfieldsid = stripslashes ($row['xfields']);
$image = $_FILES['image']['tmp_name'];
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$img_name_arr = explode(".",$image_name);
$type = end($img_name_arr);
if($image_name != "") $image_name = totranslit(stripslashes($img_name_arr[0])).".".totranslit($type);
if (!$is_logged OR !($member_id['name'] == $row['name'] OR $member_id['user_group'] == 1)) { $stop = $lang['news_err_13'];}
if (is_uploaded_file($image) AND !$stop) {
if ($image_size < 100000) {
$allowed_extensions = array("jpg", "png", "jpe", "jpeg", "gif");
if ((in_array($type, $allowed_extensions) or in_array(strtolower($type), $allowed_extensions)) and $image_name) {
include_once ENGINE_DIR.'/inc/makethumb.php';
$res = @move_uploaded_file($image, ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);
if ($res) {
@chmod(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, 0666);
$thumb=new thumbnail(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);
if ($thumb->size_auto($user_group[$member_id['user_group']]['max_foto'])) {
$thumb->jpeg_quality($config['jpeg_quality']);
$thumb->save(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type);
} else {
@rename(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type);
}
@chmod(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type, 0666);
$foto_name = "foto_".$row['user_id'].".".$type;
$db->query("UPDATE " . USERPREFIX . "_users set foto='$foto_name' where name='$user'");
} else $stop .= $lang['news_err_14'];
} else $stop .= $lang['news_err_15'];
} else $stop .= $lang['news_err_16'];
@unlink (ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);
}
if ($_POST['del_foto'] == "yes") {
@unlink (ROOT_DIR."/uploads/fotos/".$row['foto']);
$db->query("UPDATE " . USERPREFIX . "_users set foto='' WHERE name='$user'");
}
if (strlen($password1)>0){
$altpass = md5($altpass);
if ($altpass!=$member_id['password'])
{
$stop .= $lang['news_err_17'];
}
if ($password1!=$password2)
{
$stop .= $lang['news_err_18'];
}
if (strlen($password1) < 6)
{
$stop .= $lang['news_err_19'];
}
}
if ((!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email)) or (empty($email)))
{
$stop .= $lang['news_err_21'];
}
if (strlen($info) > 1000)
{
$stop .= $lang['news_err_22'];
}
if (strlen($signature) > 1000)
{
$stop .= $lang['news_err_22'];
}
if (strlen($fullname) > 100)
{
$stop .= $lang['news_err_23'];
}
if (strlen($land) > 100)
{
$stop .= $lang['news_err_24'];
}
if (strlen($icq) > 20)
{
$stop .= $lang['news_err_25'];
}
$db->query ("SELECT name FROM " . USERPREFIX . "_users where email = '$email' AND name != '$user'");
if ($db->num_rows())
{
$stop .= $lang['reg_err_8'];
}
$db->free();
if ($stop){ msgbox ($lang['all_err_1'], $stop);}
else {
if ($_POST['allow_mail']) {$allow_mail = 0;} else {$allow_mail = 1;}
$xfieldsaction = "init";
$xfieldsadd = false;
include(ENGINE_DIR.'/inc/userfields.php');
$filecontents = array ();
if (!empty($postedxfields)) {
foreach ($postedxfields as $xfielddataname => $xfielddatavalue) {
if (!$xfielddatavalue) { continue;}
$xfielddatavalue = $db->safesql($parse->BB_Parse($parse->process($xfielddatavalue), false));
$xfielddataname = $db->safesql($xfielddataname);
$xfielddataname = str_replace("|", "|", $xfielddataname);
$xfielddatavalue = str_replace("|", "|", $xfielddatavalue);
$filecontents[] = "$xfielddataname|$xfielddatavalue";
}
$filecontents = implode("||", $filecontents);
} else $filecontents = '';
vb_editpofile($icq, $email, md5($password1), $user, $land, $info);
if (strlen($password1)>0) {
$password1 = md5(md5($password1));
$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', password='$password1', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'";
} else {
$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'";
}
$db->query($sql_user);
}
}
//####################################################################################################################
// Просмотр профиля пользователя
//####################################################################################################################
$parse = new ParseFilter();
$user_found = FALSE;
$sql_result = $db->query("SELECT * FROM " . USERPREFIX . "_users where name = '$user'");
$tpl->load_template('userinfo.tpl');
while($row = $db->get_row($sql_result)){
$user_found = TRUE;
if ($row['banned'] == 'yes') $user_group[$row['user_group']]['group_name'] = $lang['user_ban'];
if ($row['allow_mail']){
$email = explode("@", $row['email'], 2);
$tpl->set('{email}', "<a href=\"$PHP_SELF?do=feedback&user=$row[user_id]\">".$lang['news_mail']."</a>");
}
else {
$tpl->set('{email}', $lang['news_nomail'], $output);
}
$tpl->set('{pm}', "<a href=\"$PHP_SELF?do=pm&doaction=newpm&user=".$row['user_id']."\">".$lang['news_pmnew']."</a>");
if (!$row['allow_mail']) $mailbox = "checked"; else $mailbox = "";
if ($row['foto'] AND (file_exists(ROOT_DIR."/uploads/fotos/".$row['foto'])))
$tpl->set('{foto}', $config['http_home_url']."uploads/fotos/".$row['foto']);
else
$tpl->set('{foto}', "{THEME}/images/noavatar.png");
//--------------User-Rating-----------------//
if($ur_config['us_rating_on']=='yes'){
$tpl->set('{us_rating}', $us_rat->us_rat_show($config['skin'],'0',$row['user_id'],'0', $row['ur_plus'], $row['ur_minus'],$is_logged,$member_id));
}
//-------------------End----------------------------//
$tpl->set('{hidemail}', "<input type=\"checkbox\" name=\"allow_mail\" value=\"1\" ".$mailbox."> ".$lang['news_noamail']);
$tpl->set('{usertitle}', stripslashes($row['name']));
$tpl->set('{fullname}', stripslashes($row['fullname']));
$tpl->set('{icq}', stripslashes($row['icq']));
$tpl->set('{land}', stripslashes($row['land']));
$tpl->set('{info}', stripslashes($row['info']));
$tpl->set('{editmail}', stripslashes($row['email']));
$tpl->set('{comm_num}', $row['comm_num']);
$tpl->set('{news_num}', $row['news_num']);
$tpl->set('{thanks_num}', intval($row['thanks_num']));
$tpl->set('{thanks_sayed}', intval($row['thanks_sayed']));
$tpl->set('{status}', stripslashes($user_group[$row['user_group']]['group_name']));
$tpl->set('{rate}', userrating ($row['name']));
function user_reg_date ($reg_date){
$days = round((time() - $reg_date)/86400);
$count_days = true;
$years = floor($days / 365);
$days -= ($years * 365);
$monthes = floor($days / 30);
$days -= ($monthes * 30);
if ($monthes > 0){
if ($monthes == 12){
$count_days = false;
$years++;
$monthes = "";
} elseif ($monthes > 6){
$count_days = false;
$monthes .= ' месяцев ';
} else {
if ($monthes == 1) $monthes .= ' месяц ';
elseif ($monthes < 5) $monthes .= ' месяцa ';
else $monthes .= ' месяцев ';
}
} else $monthes = "";
if ($years > 0){
if ($years == 1) $years .= ' год ';
elseif ($years < 5) $years .= ' года ';
else $years .= ' лет ';
$count_days = false;
} else $years = "";
if ($count_days && $days > 0){
if ($days == 1 || $days == 21 || $days == 31) $days .= ' день';
elseif ($days < 5) $days .= ' дня';
elseif ($days < 21) $days .= ' дней';
elseif ($days < 25) $days .= ' дня';
else $days .= ' дней';
} else $days = "";
return $years.$monthes.$days;
}
$tpl->set('{registration}', user_reg_date ($row['reg_date']));
if ($config['allow_alt_url'] == "yes") $tpl->set('{fotoalbum}', "<a href=\"$config[http_home_url]user/".urlencode($row['name'])."/gallery/\">".$lang['fotoalbum']."</a>"); else $tpl->set('{fotoalbum}', "<a href=\"$config[http_home_url]index.php?do=gallery&subaction=userfoto&user=".urlencode($row['name'])."\">".$lang['fotoalbum']."</a>");
$tpl->set('{lastdate}', langdate("j F Y H:i", $row['lastdate']));
include_once ENGINE_DIR.'/modules/stag.php';
$tpl->set('{stag}', $with_us);
if ($user_group[$row['user_group']]['icon'])
$tpl->set('{group-icon}', "<img src=\"".$user_group[$row['user_group']]['icon']."\" border=\"0\" />");
else
$tpl->set('{group-icon}', "");
if ($is_logged AND $user_group[$row['user_group']]['time_limit'] AND ($member_id['name'] == $row['name'] OR $member_id['user_group'] < 3)) {
$tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si","\\1");
if ($row['time_limit']) {
$tpl->set('{time_limit}', langdate("j F Y H:i", $row['time_limit']));
} else {
$tpl->set('{time_limit}', $lang['no_limit']);
}
} else {
$tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si","");
}
$_IP = $db->safesql($_SERVER['REMOTE_ADDR']);
$tpl->set('{ip}', $_IP);
$tpl->set('{allowed-ip}', stripslashes($row['allowed_ip']));
$tpl->set('{editinfo}', $parse->decodeBBCodes($row['info'], false));
$tpl->set('{editsignature}', $parse->decodeBBCodes($row['signature'], false));
$tpl->set('{comments}', "<a href=\"$PHP_SELF?do=lastcomments&userid=".$row['user_id']."\">".$lang['last_comm']."</a>");
if ($config['allow_alt_url'] == "yes") {
$tpl->set('{news}', "<a href=\"".$config['http_home_url']."user/".urlencode($row['name'])."/news/"."\">".$lang['all_user_news']."</a>");
} else {
$tpl->set('{news}', "<a href=\"".$PHP_SELF."?subaction=allnews&user=".urlencode($row['name'])."\">".$lang['all_user_news']."</a>");
}
if ($row['signature']) {
$tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si","\\1");
$tpl->set('{signature}', stripslashes($row['signature']));
} else {
$tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si","");
}
$xfieldsaction = "list";
$xfieldsadd = false;
$xfieldsid = $row['xfields'];
include(ENGINE_DIR.'/inc/userfields.php');
$tpl->set('{xfields}',$output);
// Обработка дополнительных полей
$xfieldsdata = xfieldsdataload ($row['xfields']);
foreach ($xfields as $value) {
$preg_safe_name = preg_quote($value[0], "'");
if ($value[5] != 1 OR ($is_logged AND $member_id['user_group'] == 1) OR ($is_logged AND $member_id['name'] == $row['name'])) {
if (empty($xfieldsdata[$value[0]])) {
$tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template);
} else {
$tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "\\1", $tpl->copy_template);
}
$tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", stripslashes($xfieldsdata[$value[0]]), $tpl->copy_template);
} else {
$tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template);
$tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", "", $tpl->copy_template);
}
}
// Обработка дополнительных полей
if ($is_logged AND ($member_id['name'] == $row['name'] OR $member_id['user_group'] == 1)) {
$tpl->set('{edituser}',"[ <a href=\"javascript:ShowOrHide('options')\">".$lang['news_option']."</a> ]");
}
else $tpl->set('{edituser}', "");
if ($is_logged AND ($member_id['name'] == $row['name'] OR $member_id['user_group'] == 1)) {
$tpl->set('[not-logged]',"");
$tpl->set('[/not-logged]',"");
}
else $tpl->set_block("'\\[not-logged\\](.*?)\\[/not-logged\\]'si","<!-- profile -->");
if ($config['allow_alt_url'] == "yes")
$link_profile = $config['http_home_url']."user/".urlencode($row['name'])."/";
else
$link_profile = $PHP_SELF."?subaction=userinfo&user=".urlencode($row['name']);
if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) {
$tpl->copy_template = "<form method=\"post\" name=\"userinfo\" id=\"userinfo\" enctype=\"multipart/form-data\" action=\"{$link_profile}\">".$tpl->copy_template."
<input type=\"hidden\" name=\"doaction\" value=\"adduserinfo\" />
</form>";
}
$tpl->compile('content');
}
$tpl->clear();
$db->free($sql_result);
if ($user_found == FALSE) { $allow_active_news = false; msgbox ($lang['all_err_1'], $lang['news_err_26']); }
?>