plugins/SpecialUserPrefs.php
changeset 1227 bdac73ed481e
parent 1169 d5474f54a525
child 1235 25e13d35cd76
equal deleted inserted replaced
1226:de56132c008d 1227:bdac73ed481e
     1 <?php
     1 <?php
     2 /**!info**
     2 /**!info**
     3 {
     3 {
     4   "Plugin Name"  : "plugin_specialuserprefs_title",
     4 	"Plugin Name"  : "plugin_specialuserprefs_title",
     5   "Plugin URI"   : "http://enanocms.org/",
     5 	"Plugin URI"   : "http://enanocms.org/",
     6   "Description"  : "plugin_specialuserprefs_desc",
     6 	"Description"  : "plugin_specialuserprefs_desc",
     7   "Author"       : "Dan Fuhry",
     7 	"Author"       : "Dan Fuhry",
     8   "Version"      : "1.1.6",
     8 	"Version"      : "1.1.6",
     9   "Author URI"   : "http://enanocms.org/"
     9 	"Author URI"   : "http://enanocms.org/"
    10 }
    10 }
    11 **!*/
    11 **!*/
    12 
    12 
    13 /*
    13 /*
    14  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    14  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    23 
    23 
    24 $userprefs_menu = Array();
    24 $userprefs_menu = Array();
    25 $userprefs_menu_links = Array();
    25 $userprefs_menu_links = Array();
    26 function userprefs_menu_add($section, $text, $link)
    26 function userprefs_menu_add($section, $text, $link)
    27 {
    27 {
    28   global $userprefs_menu;
    28 	global $userprefs_menu;
    29   if ( isset($userprefs_menu[$section]) && is_array($userprefs_menu[$section]) )
    29 	if ( isset($userprefs_menu[$section]) && is_array($userprefs_menu[$section]) )
    30   {
    30 	{
    31     $userprefs_menu[$section][] = Array(
    31 		$userprefs_menu[$section][] = Array(
    32       'text' => $text,
    32 			'text' => $text,
    33       'link' => $link
    33 			'link' => $link
    34       );
    34 			);
    35   }
    35 	}
    36   else
    36 	else
    37   {
    37 	{
    38     $userprefs_menu[$section] = Array(Array(
    38 		$userprefs_menu[$section] = Array(Array(
    39       'text' => $text,
    39 			'text' => $text,
    40       'link' => $link
    40 			'link' => $link
    41       ));
    41 			));
    42   }
    42 	}
    43 }
    43 }
    44 
    44 
    45 $plugins->attachHook('tpl_compile_sidebar', 'userprefs_jbox_setup($button, $tb, $menubtn);');
    45 $plugins->attachHook('tpl_compile_sidebar', 'userprefs_jbox_setup($button, $tb, $menubtn);');
    46 
    46 
    47 function userprefs_jbox_setup(&$button, &$tb, &$menubtn)
    47 function userprefs_jbox_setup(&$button, &$tb, &$menubtn)
    48 {
    48 {
    49   global $db, $session, $paths, $template, $plugins; // Common objects
    49 	global $db, $session, $paths, $template, $plugins; // Common objects
    50   global $lang;
    50 	global $lang;
    51   
    51 	
    52   if ( $paths->namespace != 'Special' || $paths->page_id != 'Preferences' )
    52 	if ( $paths->namespace != 'Special' || $paths->page_id != 'Preferences' )
    53     return false;
    53 		return false;
    54   
    54 	
    55   $tb .= "<ul>$template->toolbar_menu</ul>";
    55 	$tb .= "<ul>$template->toolbar_menu</ul>";
    56   $template->toolbar_menu = '';
    56 	$template->toolbar_menu = '';
    57   
    57 	
    58   $button->assign_vars(array(
    58 	$button->assign_vars(array(
    59       'TEXT' => $lang->get('usercp_btn_memberlist'),
    59 			'TEXT' => $lang->get('usercp_btn_memberlist'),
    60       'FLAGS' => '',
    60 			'FLAGS' => '',
    61       'PARENTFLAGS' => '',
    61 			'PARENTFLAGS' => '',
    62       'HREF' => makeUrlNS('Special', 'Memberlist')
    62 			'HREF' => makeUrlNS('Special', 'Memberlist')
    63     ));
    63 		));
    64   
    64 	
    65   $tb .= $button->run();
    65 	$tb .= $button->run();
    66 }
    66 }
    67 
    67 
    68 function userprefs_menu_html()
    68 function userprefs_menu_html()
    69 {
    69 {
    70   global $userprefs_menu;
    70 	global $userprefs_menu;
    71   global $userprefs_menu_links;
    71 	global $userprefs_menu_links;
    72   global $lang;
    72 	global $lang;
    73   
    73 	
    74   $html = '';
    74 	$html = '';
    75   $quot = '"';
    75 	$quot = '"';
    76   
    76 	
    77   foreach ( $userprefs_menu as $section => $buttons )
    77 	foreach ( $userprefs_menu as $section => $buttons )
    78   {
    78 	{
    79     $section_name = $section;
    79 		$section_name = $section;
    80     if ( preg_match('/^[a-z]+_[a-z_]+$/', $section) )
    80 		if ( preg_match('/^[a-z]+_[a-z_]+$/', $section) )
    81     {
    81 		{
    82       $section_name = $lang->get($section_name);
    82 			$section_name = $lang->get($section_name);
    83     }
    83 		}
    84     $html .= ( isset($userprefs_menu_links[$section]) ) ? "<a href={$quot}{$userprefs_menu_links[$section]}{$quot}>{$section_name}</a>\n        " : "<a>{$section_name}</a>\n        ";
    84 		$html .= ( isset($userprefs_menu_links[$section]) ) ? "<a href={$quot}{$userprefs_menu_links[$section]}{$quot}>{$section_name}</a>\n        " : "<a>{$section_name}</a>\n        ";
    85     $html .= "<ul>\n          ";
    85 		$html .= "<ul>\n          ";
    86     foreach ( $buttons as $button )
    86 		foreach ( $buttons as $button )
    87     {
    87 		{
    88       $buttontext = $button['text'];
    88 			$buttontext = $button['text'];
    89       if ( preg_match('/^[a-z]+_[a-z_]+$/', $buttontext) )
    89 			if ( preg_match('/^[a-z]+_[a-z_]+$/', $buttontext) )
    90       {
    90 			{
    91         $buttontext = $lang->get($buttontext);
    91 				$buttontext = $lang->get($buttontext);
    92       }
    92 			}
    93       $html .= "  <li><a href={$quot}{$button['link']}{$quot}>{$buttontext}</a></li>\n          ";
    93 			$html .= "  <li><a href={$quot}{$button['link']}{$quot}>{$buttontext}</a></li>\n          ";
    94     }
    94 		}
    95     $html .= "</ul>\n        ";
    95 		$html .= "</ul>\n        ";
    96   }
    96 	}
    97   
    97 	
    98   return $html;
    98 	return $html;
    99 }
    99 }
   100 
   100 
   101 function userprefs_show_menu()
   101 function userprefs_show_menu()
   102 {
   102 {
   103   echo '<div class="menu_nojs">
   103 	echo '<div class="menu_nojs">
   104           ' . userprefs_menu_html() . '
   104 					' . userprefs_menu_html() . '
   105           <span class="menuclear"></span>
   105 					<span class="menuclear"></span>
   106         </div>
   106 				</div>
   107         <br />
   107 				<br />
   108         ';
   108 				';
   109 }
   109 }
   110 
   110 
   111 function userprefs_menu_init()
   111 function userprefs_menu_init()
   112 {
   112 {
   113   global $db, $session, $paths, $template, $plugins; // Common objects
   113 	global $db, $session, $paths, $template, $plugins; // Common objects
   114   global $userprefs_menu_links;
   114 	global $userprefs_menu_links;
   115   
   115 	
   116   userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_emailpassword', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');
   116 	userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_emailpassword', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');
   117   userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_signature', makeUrlNS('Special', 'Preferences/Signature'));
   117 	userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_signature', makeUrlNS('Special', 'Preferences/Signature'));
   118   // userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_publicinfo', makeUrlNS('Special', 'Preferences/Profile'));
   118 	// userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_publicinfo', makeUrlNS('Special', 'Preferences/Profile'));
   119   userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_usergroups', makeUrlNS('Special', 'Usergroups'));
   119 	userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_usergroups', makeUrlNS('Special', 'Usergroups'));
   120   if ( getConfig('avatar_enable') == '1' )
   120 	if ( getConfig('avatar_enable') == '1' )
   121   {
   121 	{
   122     userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_avatar', makeUrlNS('Special', 'Preferences/Avatar'));
   122 		userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_avatar', makeUrlNS('Special', 'Preferences/Avatar'));
   123   }
   123 	}
   124   userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
   124 	userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
   125   userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));
   125 	userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));
   126   userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_sent', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));
   126 	userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_sent', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));
   127   userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));
   127 	userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));
   128   userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));
   128 	userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));
   129   
   129 	
   130   /*
   130 	/*
   131   // Reserved for Enano's Next Big Innovation.(TM)
   131 	// Reserved for Enano's Next Big Innovation.(TM)
   132   userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special',      'Private_Messages#folder:inbox'));
   132 	userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special',      'Private_Messages#folder:inbox'));
   133   userprefs_menu_add('Private messages', 'Starred', makeUrlNS('Special',     'Private_Messages#folder:starred'));
   133 	userprefs_menu_add('Private messages', 'Starred', makeUrlNS('Special',     'Private_Messages#folder:starred'));
   134   userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'Private_Messages#folder:sent'));
   134 	userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'Private_Messages#folder:sent'));
   135   userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special',     'Private_Messages#folder:drafts'));
   135 	userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special',     'Private_Messages#folder:drafts'));
   136   userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special',    'Private_Messages#folder:archive'));
   136 	userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special',    'Private_Messages#folder:archive'));
   137   userprefs_menu_add('Private messages', 'Trash', makeUrlNS('Special',    'Private_Messages#folder:trash'));
   137 	userprefs_menu_add('Private messages', 'Trash', makeUrlNS('Special',    'Private_Messages#folder:trash'));
   138   */
   138 	*/
   139   
   139 	
   140   $userprefs_menu_links['usercp_sec_profile'] = makeUrlNS('Special', 'Preferences');
   140 	$userprefs_menu_links['usercp_sec_profile'] = makeUrlNS('Special', 'Preferences');
   141   $userprefs_menu_links['usercp_sec_pm']  = makeUrlNS('Special', 'PrivateMessages');
   141 	$userprefs_menu_links['usercp_sec_pm']  = makeUrlNS('Special', 'PrivateMessages');
   142   
   142 	
   143   $code = $plugins->setHook('userprefs_jbox');
   143 	$code = $plugins->setHook('userprefs_jbox');
   144   foreach ( $code as $cmd )
   144 	foreach ( $code as $cmd )
   145   {
   145 	{
   146     eval($cmd);
   146 		eval($cmd);
   147   }
   147 	}
   148 }
   148 }
   149 
   149 
   150 $plugins->attachHook('common_post', 'userprefs_menu_init();');
   150 $plugins->attachHook('common_post', 'userprefs_menu_init();');
   151 
   151 
   152 function page_Special_Preferences()
   152 function page_Special_Preferences()
   153 {
   153 {
   154   global $db, $session, $paths, $template, $plugins; // Common objects
   154 	global $db, $session, $paths, $template, $plugins; // Common objects
   155   global $lang;
   155 	global $lang;
   156   global $timezone;
   156 	global $timezone;
   157   global $cache;
   157 	global $cache;
   158   
   158 	
   159   // We need a login to continue
   159 	// We need a login to continue
   160   if ( !$session->user_logged_in )
   160 	if ( !$session->user_logged_in )
   161     redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');
   161 		redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');
   162   
   162 	
   163   // User ID - later this will be specified on the URL, but hardcoded for now
   163 	// User ID - later this will be specified on the URL, but hardcoded for now
   164   $uid = intval($session->user_id);
   164 	$uid = intval($session->user_id);
   165   
   165 	
   166   // Instanciate the AES encryptor
   166 	// Instanciate the AES encryptor
   167   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
   167 	$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
   168   
   168 	
   169   // Basic user info
   169 	// Basic user info
   170   $q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');
   170 	$q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');
   171   if ( !$q )
   171 	if ( !$q )
   172     $db->_die();
   172 		$db->_die();
   173   
   173 	
   174   $row = $db->fetchrow();
   174 	$row = $db->fetchrow();
   175   $db->free_result();
   175 	$db->free_result();
   176   
   176 	
   177   $section = $paths->getParam(0);
   177 	$section = $paths->getParam(0);
   178   if ( !$section )
   178 	if ( !$section )
   179   {
   179 	{
   180     $section = 'Home';
   180 		$section = 'Home';
   181   }
   181 	}
   182   
   182 	
   183   $errors = '';
   183 	$errors = '';
   184   
   184 	
   185   switch ( $section )
   185 	switch ( $section )
   186   {
   186 	{
   187     case 'Avatar':
   187 		case 'Avatar':
   188       $template->preload_js('jquery');
   188 			$template->preload_js('jquery');
   189       $template->preload_js('jquery-ui');
   189 			$template->preload_js('jquery-ui');
   190       break;
   190 			break;
   191     case 'EmailPassword':
   191 		case 'EmailPassword':
   192       // Require elevated privileges (well sortof)
   192 			// Require elevated privileges (well sortof)
   193       if ( $session->auth_level < USER_LEVEL_CHPREF )
   193 			if ( $session->auth_level < USER_LEVEL_CHPREF )
   194       {
   194 			{
   195         redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);
   195 				redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);
   196       }
   196 			}
   197       
   197 			
   198       if ( isset($_POST['submit']) )
   198 			if ( isset($_POST['submit']) )
   199       {
   199 			{
   200         $email_changed = false;
   200 				$email_changed = false;
   201         // First do the e-mail address
   201 				// First do the e-mail address
   202         if ( strlen($_POST['newemail']) > 0 )
   202 				if ( strlen($_POST['newemail']) > 0 )
   203         {
   203 				{
   204           switch('foo') // Same reason as in the password code...
   204 					switch('foo') // Same reason as in the password code...
   205           {
   205 					{
   206             case 'foo':
   206 						case 'foo':
   207               if ( $_POST['newemail'] != $_POST['newemail_conf'] )
   207 							if ( $_POST['newemail'] != $_POST['newemail_conf'] )
   208               {
   208 							{
   209                 $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_email_no_match') . '</div>';
   209 								$errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_email_no_match') . '</div>';
   210                 break;
   210 								break;
   211               }
   211 							}
   212           }
   212 					}
   213           $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
   213 					$q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
   214           if ( !$q )
   214 					if ( !$q )
   215             $db->_die();
   215 						$db->_die();
   216           $row = $db->fetchrow();
   216 					$row = $db->fetchrow();
   217           $db->free_result();
   217 					$db->free_result();
   218           
   218 					
   219           $new_email = $_POST['newemail'];
   219 					$new_email = $_POST['newemail'];
   220           
   220 					
   221           $result = $session->change_email($session->user_id, $new_email);
   221 					$result = $session->change_email($session->user_id, $new_email);
   222           if ( $result != 'success' )
   222 					if ( $result != 'success' )
   223           {
   223 					{
   224             $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>';
   224 						$message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>';
   225             $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';
   225 						$message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';
   226             die_friendly($lang->get('usercp_emailpassword_err_title'), $message);
   226 						die_friendly($lang->get('usercp_emailpassword_err_title'), $message);
   227           }
   227 					}
   228           $email_changed = true;
   228 					$email_changed = true;
   229         }
   229 				}
   230         // Obtain password
   230 				// Obtain password
   231         if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) || $session->password_change_disabled )
   231 				if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) || $session->password_change_disabled )
   232         {
   232 				{
   233           $newpass = $session->password_change_disabled ? '' : $session->get_aes_post('newpass');
   233 					$newpass = $session->password_change_disabled ? '' : $session->get_aes_post('newpass');
   234           // At this point we know if we _want_ to change the password...
   234 					// At this point we know if we _want_ to change the password...
   235           
   235 					
   236           // We can't check the password to see if it matches the confirmation
   236 					// We can't check the password to see if it matches the confirmation
   237           // because the confirmation was destroyed during the encryption. I figured
   237 					// because the confirmation was destroyed during the encryption. I figured
   238           // this wasn't a big deal because if the encryption worked, then either
   238 					// this wasn't a big deal because if the encryption worked, then either
   239           // the Javascript validated it or the user hacked the form. In the latter
   239 					// the Javascript validated it or the user hacked the form. In the latter
   240           // case, if he's smart enough to hack the encryption code, he's probably
   240 					// case, if he's smart enough to hack the encryption code, he's probably
   241           // smart enough to remember his password.
   241 					// smart enough to remember his password.
   242           
   242 					
   243           if ( strlen($newpass) > 0 )
   243 					if ( strlen($newpass) > 0 )
   244           {
   244 					{
   245             if ( defined('ENANO_DEMO_MODE') )
   245 						if ( defined('ENANO_DEMO_MODE') )
   246               $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_demo') . '</div>';
   246 							$errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_demo') . '</div>';
   247             // Perform checks
   247 						// Perform checks
   248             if ( strlen($newpass) < 6 )
   248 						if ( strlen($newpass) < 6 )
   249               $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_short') . '</div>';
   249 							$errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_short') . '</div>';
   250             if ( getConfig('pw_strength_enable') == '1' )
   250 						if ( getConfig('pw_strength_enable') == '1' )
   251             {
   251 						{
   252               $score_inp = password_score($newpass);
   252 							$score_inp = password_score($newpass);
   253               $score_min = getConfig('pw_strength_minimum', -10);
   253 							$score_min = getConfig('pw_strength_minimum', -10);
   254               if ( $score_inp < $score_min )
   254 							if ( $score_inp < $score_min )
   255                 $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '</div>';
   255 								$errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '</div>';
   256             }
   256 						}
   257             if ( $_POST['use_crypt'] == 'no' && $newpass != $_POST['newpass_confirm'] )
   257 						if ( $_POST['use_crypt'] == 'no' && $newpass != $_POST['newpass_confirm'] )
   258             {
   258 						{
   259               $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>';
   259 							$errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>';
   260             }
   260 						}
   261             // Encrypt new password
   261 						// Encrypt new password
   262             if ( empty($errors) )
   262 						if ( empty($errors) )
   263             {
   263 						{
   264               // Perform the swap
   264 							// Perform the swap
   265               $session->set_password($session->username, $newpass);
   265 							$session->set_password($session->username, $newpass);
   266               // Log out and back in
   266 							// Log out and back in
   267               $username = $session->username;
   267 							$username = $session->username;
   268               $session->logout();
   268 							$session->logout();
   269               if ( $email_changed )
   269 							if ( $email_changed )
   270               {
   270 							{
   271                 if ( getConfig('account_activation') == 'user' )
   271 								if ( getConfig('account_activation') == 'user' )
   272                 {
   272 								{
   273                   redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);
   273 									redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);
   274                 }
   274 								}
   275                 else if ( getConfig('account_activation') == 'admin' )
   275 								else if ( getConfig('account_activation') == 'admin' )
   276                 {
   276 								{
   277                   redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
   277 									redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);
   278                 }
   278 								}
   279               }
   279 							}
   280               $session->login_without_crypto($username, $newpass);
   280 							$session->login_without_crypto($username, $newpass);
   281               redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
   281 							redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);
   282             }
   282 						}
   283           }
   283 					}
   284           else if ( $email_changed )
   284 					else if ( $email_changed )
   285           {
   285 					{
   286             $session->logout(USER_LEVEL_CHPREF);
   286 						$session->logout(USER_LEVEL_CHPREF);
   287             $activation = $session->user_level >= USER_LEVEL_MOD ? 'none' : getConfig('account_activation', 'none');
   287 						$activation = $session->user_level >= USER_LEVEL_MOD ? 'none' : getConfig('account_activation', 'none');
   288             switch($activation)
   288 						switch($activation)
   289             {
   289 						{
   290               default:
   290 							default:
   291                 $message_body = $lang->get('usercp_emailpassword_msg_password_changed');
   291 								$message_body = $lang->get('usercp_emailpassword_msg_password_changed');
   292                 $timeout = 5;
   292 								$timeout = 5;
   293                 break;
   293 								break;
   294               case 'admin':
   294 							case 'admin':
   295                 $message_body = $lang->get('usercp_emailpassword_msg_need_activ_user');
   295 								$message_body = $lang->get('usercp_emailpassword_msg_need_activ_user');
   296                 $timeout = 20;
   296 								$timeout = 20;
   297                 break;
   297 								break;
   298               case 'user':
   298 							case 'user':
   299                 $message_body = $lang->get('usercp_emailpassword_msg_need_activ_admin');
   299 								$message_body = $lang->get('usercp_emailpassword_msg_need_activ_admin');
   300                 $timeout = 20;
   300 								$timeout = 20;
   301                 break;
   301 								break;
   302             }
   302 						}
   303             redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_email_success'), $message_body, $timeout);
   303 						redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_email_success'), $message_body, $timeout);
   304           }
   304 					}
   305         }
   305 				}
   306       }
   306 			}
   307       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
   307 			$template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');
   308       break;
   308 			break;
   309     case 'Signature':
   309 		case 'Signature':
   310       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');
   310 			$template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');
   311       break;
   311 			break;
   312     case 'Profile':
   312 		case 'Profile':
   313     case 'Home':
   313 		case 'Home':
   314       if ( isset($_POST['submit']) )
   314 			if ( isset($_POST['submit']) )
   315         csrf_request_confirm();
   315 				csrf_request_confirm();
   316       
   316 			
   317       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');
   317 			$template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');
   318       break;
   318 			break;
   319   }
   319 	}
   320   
   320 	
   321   $template->header();
   321 	$template->header();
   322   
   322 	
   323   // Output the menu
   323 	// Output the menu
   324   // This is not templatized because it conforms to the jBox menu standard.
   324 	// This is not templatized because it conforms to the jBox menu standard.
   325   
   325 	
   326   userprefs_show_menu();
   326 	userprefs_show_menu();
   327   
   327 	
   328   switch ( $section )
   328 	switch ( $section )
   329   {
   329 	{
   330     case 'EmailPassword':
   330 		case 'EmailPassword':
   331       
   331 			
   332       $errors = trim($errors);
   332 			$errors = trim($errors);
   333       if ( !empty($errors) )
   333 			if ( !empty($errors) )
   334       {
   334 			{
   335         echo $errors;
   335 				echo $errors;
   336       }
   336 			}
   337       
   337 			
   338       echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
   338 			echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
   339       echo '<fieldset>';
   339 			echo '<fieldset>';
   340       echo '<legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>';
   340 			echo '<legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>';
   341       
   341 			
   342       // Password change form
   342 			// Password change form
   343       if ( $session->password_change_disabled )
   343 			if ( $session->password_change_disabled )
   344       {
   344 			{
   345         echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled') . '</p>';
   345 				echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled') . '</p>';
   346         if ( $session->password_change_dest['url'] )
   346 				if ( $session->password_change_dest['url'] )
   347         {
   347 				{
   348           echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled_url') . '
   348 					echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled_url') . '
   349                    <a onclick="window.open(this.href); return false;" href="' . htmlspecialchars($session->password_change_dest['url']) . '">' . htmlspecialchars($session->password_change_dest['title']) . '</a></p>';
   349  									<a onclick="window.open(this.href); return false;" href="' . htmlspecialchars($session->password_change_dest['url']) . '">' . htmlspecialchars($session->password_change_dest['title']) . '</a></p>';
   350         }
   350 				}
   351       }
   351 			}
   352       else
   352 			else
   353       {
   353 			{
   354       echo $lang->get('usercp_emailpassword_field_newpass') . '<br />
   354 			echo $lang->get('usercp_emailpassword_field_newpass') . '<br />
   355                 <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '
   355 								<input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . '
   356               <br />
   356 							<br />
   357               <br />
   357 							<br />
   358               ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />
   358 							' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br />
   359               <input type="password" name="newpass_confirm" size="30" tabindex="2" />
   359 							<input type="password" name="newpass_confirm" size="30" tabindex="2" />
   360               ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
   360 							' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div>
   361               <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' );
   361 							<small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' );
   362       }
   362 			}
   363       echo '</fieldset><br />';
   363 			echo '</fieldset><br />';
   364       echo '<fieldset>
   364 			echo '<fieldset>
   365         <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend>
   365 				<legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend>
   366         ' . $lang->get('usercp_emailpassword_field_newemail') . '<br />
   366 				' . $lang->get('usercp_emailpassword_field_newemail') . '<br />
   367           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />
   367 					<input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />
   368         <br />
   368 				<br />
   369         <br />
   369 				<br />
   370         ' . $lang->get('usercp_emailpassword_field_newemail_confirm') . '<br />
   370 				' . $lang->get('usercp_emailpassword_field_newemail_confirm') . '<br />
   371           <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />
   371 					<input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />
   372       </fieldset>
   372 			</fieldset>
   373       <br />
   373 			<br />
   374       <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';
   374 			<div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';
   375       
   375 			
   376       if ( !$session->password_change_disabled )
   376 			if ( !$session->password_change_disabled )
   377         echo $session->generate_aes_form();
   377 				echo $session->generate_aes_form();
   378       
   378 			
   379       echo '</form>';
   379 			echo '</form>';
   380       
   380 			
   381       // ENCRYPTION CODE
   381 			// ENCRYPTION CODE
   382       ?>
   382 			?>
   383       <?php if ( !$session->password_change_disabled && getConfig('pw_strength_enable') == '1' ): ?>
   383 			<?php if ( !$session->password_change_disabled && getConfig('pw_strength_enable') == '1' ): ?>
   384       <script type="text/javascript">
   384 			<script type="text/javascript">
   385       addOnloadHook(function()
   385 			addOnloadHook(function()
   386         {
   386 				{
   387           password_score_field(document.forms.empwform.newpass);
   387 					password_score_field(document.forms.empwform.newpass);
   388         });
   388 				});
   389       </script>
   389 			</script>
   390       <?php endif; ?>
   390 			<?php endif; ?>
   391       <?php
   391 			<?php
   392       echo $session->aes_javascript('empwform', 'newpass');
   392 			echo $session->aes_javascript('empwform', 'newpass');
   393       break;
   393 			break;
   394     case 'Signature':
   394 		case 'Signature':
   395       if ( isset($_POST['new_sig']) )
   395 			if ( isset($_POST['new_sig']) )
   396       {
   396 			{
   397         $sig = $_POST['new_sig'];
   397 				$sig = $_POST['new_sig'];
   398         $sig = RenderMan::preprocess_text($sig, true, false);
   398 				$sig = RenderMan::preprocess_text($sig, true, false);
   399         $sql_sig = $db->escape($sig);
   399 				$sql_sig = $db->escape($sig);
   400         $q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');
   400 				$q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');
   401         if ( !$q )
   401 				if ( !$q )
   402           $db->_die();
   402 					$db->_die();
   403         $session->signature = $sig;
   403 				$session->signature = $sig;
   404         echo '<div class="info-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_signature_msg_saved') . '</div>';
   404 				echo '<div class="info-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_signature_msg_saved') . '</div>';
   405       }
   405 			}
   406       echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
   406 			echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
   407       echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));
   407 			echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));
   408       echo '<input type="submit" value="' . $lang->get('usercp_signature_btn_save') . '" />';
   408 			echo '<input type="submit" value="' . $lang->get('usercp_signature_btn_save') . '" />';
   409       echo '</form>';
   409 			echo '</form>';
   410       break;
   410 			break;
   411     case "Profile":
   411 		case "Profile":
   412     case 'Home':
   412 		case 'Home':
   413       
   413 			
   414       global $email;
   414 			global $email;
   415       $userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);
   415 			$userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);
   416       $userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';
   416 			$userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';
   417       $user_page = makeUrlNS('User', sanitize_page_id($session->username));
   417 			$user_page = makeUrlNS('User', sanitize_page_id($session->username));
   418       $site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('usercp_intro_para3_admin_link'));
   418 			$site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('usercp_intro_para3_admin_link'));
   419       
   419 			
   420       echo '<h3 style="margin-top: 0;">' . $lang->get('usercp_intro_heading_main', array('username' => $session->username)) . '</h3>';
   420 			echo '<h3 style="margin-top: 0;">' . $lang->get('usercp_intro_heading_main', array('username' => $session->username)) . '</h3>';
   421       
   421 			
   422       echo  $lang->get('usercp_intro', array('userpage_link' => $user_page));
   422 			echo  $lang->get('usercp_intro', array('userpage_link' => $user_page));
   423       
   423 			
   424       $available_ranks = $session->get_user_possible_ranks($session->user_id);
   424 			$available_ranks = $session->get_user_possible_ranks($session->user_id);
   425       $current_rank = $session->get_user_rank($session->user_id);
   425 			$current_rank = $session->get_user_rank($session->user_id);
   426       
   426 			
   427       if ( isset($_POST['submit']) )
   427 			if ( isset($_POST['submit']) )
   428       {
   428 			{
   429         $real_name = htmlspecialchars($_POST['real_name']);
   429 				$real_name = htmlspecialchars($_POST['real_name']);
   430         $real_name = $db->escape($real_name);
   430 				$real_name = $db->escape($real_name);
   431         
   431 				
   432         $timezone = intval($_POST['timezone']);
   432 				$timezone = intval($_POST['timezone']);
   433         $tz_local = $timezone + 1440;
   433 				$tz_local = $timezone + 1440;
   434         
   434 				
   435         $dst = $db->escape($_POST['dst']);
   435 				$dst = $db->escape($_POST['dst']);
   436         if ( !preg_match('/^[0-9]+;[0-9]+;[0-9]+;[0-9]+;[0-9]+$/', $dst) )
   436 				if ( !preg_match('/^[0-9]+;[0-9]+;[0-9]+;[0-9]+;[0-9]+$/', $dst) )
   437           $dst = '0;0;0;0;60';
   437 					$dst = '0;0;0;0;60';
   438         
   438 				
   439         $GLOBALS['dst_params'] = explode(';', $dst);
   439 				$GLOBALS['dst_params'] = explode(';', $dst);
   440         
   440 				
   441         $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);
   441 				$imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);
   442         $imaddr_aim = $db->escape($imaddr_aim);
   442 				$imaddr_aim = $db->escape($imaddr_aim);
   443         
   443 				
   444         $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);
   444 				$imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);
   445         $imaddr_msn = $db->escape($imaddr_msn);
   445 				$imaddr_msn = $db->escape($imaddr_msn);
   446         
   446 				
   447         $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);
   447 				$imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);
   448         $imaddr_yahoo = $db->escape($imaddr_yahoo);
   448 				$imaddr_yahoo = $db->escape($imaddr_yahoo);
   449         
   449 				
   450         $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);
   450 				$imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);
   451         $imaddr_xmpp = $db->escape($imaddr_xmpp);
   451 				$imaddr_xmpp = $db->escape($imaddr_xmpp);
   452         
   452 				
   453         $homepage = htmlspecialchars($_POST['homepage']);
   453 				$homepage = htmlspecialchars($_POST['homepage']);
   454         $homepage = $db->escape($homepage);
   454 				$homepage = $db->escape($homepage);
   455         
   455 				
   456         $location = htmlspecialchars($_POST['location']);
   456 				$location = htmlspecialchars($_POST['location']);
   457         $location = $db->escape($location);
   457 				$location = $db->escape($location);
   458         
   458 				
   459         $occupation = htmlspecialchars($_POST['occupation']);
   459 				$occupation = htmlspecialchars($_POST['occupation']);
   460         $occupation = $db->escape($occupation);
   460 				$occupation = $db->escape($occupation);
   461         
   461 				
   462         $hobbies = htmlspecialchars($_POST['hobbies']);
   462 				$hobbies = htmlspecialchars($_POST['hobbies']);
   463         $hobbies = $db->escape($hobbies);
   463 				$hobbies = $db->escape($hobbies);
   464         
   464 				
   465         $date_format = $db->escape(htmlspecialchars($_POST['date_format']));
   465 				$date_format = $db->escape(htmlspecialchars($_POST['date_format']));
   466         $time_format = $db->escape(htmlspecialchars($_POST['time_format']));
   466 				$time_format = $db->escape(htmlspecialchars($_POST['time_format']));
   467         
   467 				
   468         $email_public = ( isset($_POST['email_public']) ) ? '1' : '0';
   468 				$email_public = ( isset($_POST['email_public']) ) ? '1' : '0';
   469         $disable_js_fx = ( isset($_POST['disable_js_fx']) ) ? '1' : '0';
   469 				$disable_js_fx = ( isset($_POST['disable_js_fx']) ) ? '1' : '0';
   470         
   470 				
   471         $session->real_name = $real_name;
   471 				$session->real_name = $real_name;
   472         
   472 				
   473         if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )
   473 				if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )
   474         {
   474 				{
   475           $imaddr_msn = "$imaddr_msn@hotmail.com";
   475 					$imaddr_msn = "$imaddr_msn@hotmail.com";
   476         }
   476 				}
   477         
   477 				
   478         if ( !preg_match('#^https?://#', $homepage) )
   478 				if ( !preg_match('#^https?://#', $homepage) )
   479         {
   479 				{
   480           $homepage = "http://$homepage";
   480 					$homepage = "http://$homepage";
   481         }
   481 				}
   482         
   482 				
   483         if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
   483 				if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
   484         {
   484 				{
   485           $homepage = '';
   485 					$homepage = '';
   486         }
   486 				}
   487         
   487 				
   488         $session->user_extra['user_aim'] = $imaddr_aim;
   488 				$session->user_extra['user_aim'] = $imaddr_aim;
   489         $session->user_extra['user_msn'] = $imaddr_msn;
   489 				$session->user_extra['user_msn'] = $imaddr_msn;
   490         $session->user_extra['user_xmpp'] = $imaddr_xmpp;
   490 				$session->user_extra['user_xmpp'] = $imaddr_xmpp;
   491         $session->user_extra['user_yahoo'] = $imaddr_yahoo;
   491 				$session->user_extra['user_yahoo'] = $imaddr_yahoo;
   492         $session->user_extra['user_homepage'] = $homepage;
   492 				$session->user_extra['user_homepage'] = $homepage;
   493         $session->user_extra['user_location'] = $location;
   493 				$session->user_extra['user_location'] = $location;
   494         $session->user_extra['user_job'] = $occupation;
   494 				$session->user_extra['user_job'] = $occupation;
   495         $session->user_extra['user_hobbies'] = $hobbies;
   495 				$session->user_extra['user_hobbies'] = $hobbies;
   496         $session->user_extra['email_public'] = intval($email_public);
   496 				$session->user_extra['email_public'] = intval($email_public);
   497         $session->date_format = $date_format;
   497 				$session->date_format = $date_format;
   498         $session->time_format = $time_format;
   498 				$session->time_format = $time_format;
   499         
   499 				
   500         // user title
   500 				// user title
   501         $user_title_col = '';
   501 				$user_title_col = '';
   502         if ( $session->get_permissions('custom_user_title') && isset($_POST['user_title']) )
   502 				if ( $session->get_permissions('custom_user_title') && isset($_POST['user_title']) )
   503         {
   503 				{
   504           $user_title = trim($_POST['user_title']);
   504 					$user_title = trim($_POST['user_title']);
   505           if ( empty($user_title) )
   505 					if ( empty($user_title) )
   506           {
   506 					{
   507             $colval = 'NULL';
   507 						$colval = 'NULL';
   508             $session->user_title = null;
   508 						$session->user_title = null;
   509           }
   509 					}
   510           else
   510 					else
   511           {
   511 					{
   512             $colval = "'" . $db->escape($user_title) . "'";
   512 						$colval = "'" . $db->escape($user_title) . "'";
   513             $session->user_title = $user_title;
   513 						$session->user_title = $user_title;
   514           }
   514 					}
   515           $user_title_col = ", user_title = $colval";
   515 					$user_title_col = ", user_title = $colval";
   516         }
   516 				}
   517         $user_rank_col = '';
   517 				$user_rank_col = '';
   518         if ( isset($_POST['user_rank']) && intval($_POST['user_rank']) != $current_rank['rank_id'] && count($available_ranks) > 1 )
   518 				if ( isset($_POST['user_rank']) && intval($_POST['user_rank']) != $current_rank['rank_id'] && count($available_ranks) > 1 )
   519         {
   519 				{
   520           if ( $_POST['user_rank'] == 'NULL' )
   520 					if ( $_POST['user_rank'] == 'NULL' )
   521           {
   521 					{
   522             $user_rank_col = ", user_rank = NULL, user_rank_userset = 0";
   522 						$user_rank_col = ", user_rank = NULL, user_rank_userset = 0";
   523           }
   523 					}
   524           else
   524 					else
   525           {
   525 					{
   526             $new_rank = intval($_POST['user_rank']);
   526 						$new_rank = intval($_POST['user_rank']);
   527             $rank_allowed = false;
   527 						$rank_allowed = false;
   528             foreach ( $available_ranks as $rank )
   528 						foreach ( $available_ranks as $rank )
   529             {
   529 						{
   530               if ( $rank['rank_id'] == $new_rank )
   530 							if ( $rank['rank_id'] == $new_rank )
   531               {
   531 							{
   532                 $rank_allowed = true;
   532 								$rank_allowed = true;
   533                 break;
   533 								break;
   534               }
   534 							}
   535             }
   535 						}
   536             if ( $rank_allowed )
   536 						if ( $rank_allowed )
   537             {
   537 						{
   538               $user_rank_col = ", user_rank = $new_rank, user_rank_userset = 1";
   538 							$user_rank_col = ", user_rank = $new_rank, user_rank_userset = 1";
   539               // hack
   539 							// hack
   540               $current_rank['rank_id'] = $new_rank;
   540 							$current_rank['rank_id'] = $new_rank;
   541               $cache->purge('ranks');
   541 							$cache->purge('ranks');
   542             }
   542 						}
   543           }
   543 					}
   544         }
   544 				}
   545         
   545 				
   546         $q = $db->sql_query('UPDATE '.table_prefix."users SET real_name='$real_name', user_timezone = {$tz_local}, user_dst = '$dst'{$user_title_col}{$user_rank_col} WHERE user_id=$session->user_id;");
   546 				$q = $db->sql_query('UPDATE '.table_prefix."users SET real_name='$real_name', user_timezone = {$tz_local}, user_dst = '$dst'{$user_title_col}{$user_rank_col} WHERE user_id=$session->user_id;");
   547         if ( !$q )
   547 				if ( !$q )
   548           $db->_die();
   548 					$db->_die();
   549         
   549 				
   550         $q = $db->sql_query('UPDATE '.table_prefix."users_extra SET user_aim='$imaddr_aim',user_yahoo='$imaddr_yahoo',user_msn='$imaddr_msn',
   550 				$q = $db->sql_query('UPDATE '.table_prefix."users_extra SET user_aim='$imaddr_aim',user_yahoo='$imaddr_yahoo',user_msn='$imaddr_msn',
   551                                user_xmpp='$imaddr_xmpp',user_homepage='$homepage',user_location='$location',user_job='$occupation',
   551  															user_xmpp='$imaddr_xmpp',user_homepage='$homepage',user_location='$location',user_job='$occupation',
   552                                user_hobbies='$hobbies',email_public=$email_public,disable_js_fx=$disable_js_fx,date_format='$date_format',
   552  															user_hobbies='$hobbies',email_public=$email_public,disable_js_fx=$disable_js_fx,date_format='$date_format',
   553                                time_format='$time_format'
   553  															time_format='$time_format'
   554                                WHERE user_id=$session->user_id;");
   554  															WHERE user_id=$session->user_id;");
   555         
   555 				
   556         if ( !$q )
   556 				if ( !$q )
   557           $db->_die();
   557 					$db->_die();
   558         
   558 				
   559         // verify language id
   559 				// verify language id
   560         $lang_id = strval(intval($_POST['lang_id']));
   560 				$lang_id = strval(intval($_POST['lang_id']));
   561         $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'language WHERE lang_id = ' . $lang_id . ';');
   561 				$q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'language WHERE lang_id = ' . $lang_id . ';');
   562         if ( !$q )
   562 				if ( !$q )
   563           $db->_die();
   563 					$db->_die();
   564         
   564 				
   565         if ( $db->numrows() > 0 )
   565 				if ( $db->numrows() > 0 )
   566         {
   566 				{
   567           $db->free_result();
   567 					$db->free_result();
   568           
   568 					
   569           // unload / reload $lang, this verifies that the selected language works
   569 					// unload / reload $lang, this verifies that the selected language works
   570           // enano should die a violent death if the language fails to load
   570 					// enano should die a violent death if the language fails to load
   571           unset($GLOBALS['lang']);
   571 					unset($GLOBALS['lang']);
   572           unset($lang);
   572 					unset($lang);
   573           $lang_id = intval($lang_id);
   573 					$lang_id = intval($lang_id);
   574           $GLOBALS['lang'] = new Language($lang_id);
   574 					$GLOBALS['lang'] = new Language($lang_id);
   575           global $lang;
   575 					global $lang;
   576           
   576 					
   577           $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_lang = ' . $lang_id . " WHERE user_id = {$session->user_id};");
   577 					$q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_lang = ' . $lang_id . " WHERE user_id = {$session->user_id};");
   578           if ( !$q )
   578 					if ( !$q )
   579             $db->_die();
   579 						$db->_die();
   580         }
   580 				}
   581         else
   581 				else
   582         {
   582 				{
   583           $db->free_result();
   583 					$db->free_result();
   584         }
   584 				}
   585         
   585 				
   586         generate_cache_userranks();
   586 				generate_cache_userranks();
   587         
   587 				
   588         echo '<div class="info-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_publicinfo_msg_save_success') . '</div>';
   588 				echo '<div class="info-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_publicinfo_msg_save_success') . '</div>';
   589       }
   589 			}
   590       
   590 			
   591       $lang_box = '<select name="lang_id">';
   591 			$lang_box = '<select name="lang_id">';
   592       $q = $db->sql_query('SELECT lang_id, lang_name_native FROM ' . table_prefix . "language;");
   592 			$q = $db->sql_query('SELECT lang_id, lang_name_native FROM ' . table_prefix . "language;");
   593       if ( !$q )
   593 			if ( !$q )
   594         $db->_die();
   594 				$db->_die();
   595       
   595 			
   596       while ( $row = $db->fetchrow_num() )
   596 			while ( $row = $db->fetchrow_num() )
   597       {
   597 			{
   598         list($lang_id, $lang_name) = $row;
   598 				list($lang_id, $lang_name) = $row;
   599         $lang_name = htmlspecialchars($lang_name);
   599 				$lang_name = htmlspecialchars($lang_name);
   600         $selected = ( $lang->lang_id == $lang_id ) ? ' selected="selected"' : '';
   600 				$selected = ( $lang->lang_id == $lang_id ) ? ' selected="selected"' : '';
   601         $lang_box .= "<option value=\"$lang_id\"$selected>$lang_name</option>";
   601 				$lang_box .= "<option value=\"$lang_id\"$selected>$lang_name</option>";
   602       }
   602 			}
   603       
   603 			
   604       $lang_box .= '</select>';
   604 			$lang_box .= '</select>';
   605       
   605 			
   606       $tz_select = '<select name="timezone">';
   606 			$tz_select = '<select name="timezone">';
   607       $tz_list = $lang->get('tz_list');
   607 			$tz_list = $lang->get('tz_list');
   608       try
   608 			try
   609       {
   609 			{
   610         $tz_list = enano_json_decode($tz_list);
   610 				$tz_list = enano_json_decode($tz_list);
   611       }
   611 			}
   612       catch(Exception $e)
   612 			catch(Exception $e)
   613       {
   613 			{
   614         die("Caught exception decoding timezone data: <pre>$e</pre>");
   614 				die("Caught exception decoding timezone data: <pre>$e</pre>");
   615       }
   615 			}
   616       foreach ( $tz_list as $key => $i )
   616 			foreach ( $tz_list as $key => $i )
   617       {
   617 			{
   618         $i = ($i * 60);
   618 				$i = ($i * 60);
   619         $title = $lang->get("tz_title_{$key}");
   619 				$title = $lang->get("tz_title_{$key}");
   620         $hrs = $lang->get("tz_hrs_{$key}");
   620 				$hrs = $lang->get("tz_hrs_{$key}");
   621         $selected = ( $i == $timezone ) ? ' selected="selected"' : '';
   621 				$selected = ( $i == $timezone ) ? ' selected="selected"' : '';
   622         $tz_select .= "<option value=\"$i\"$selected>$title</option>";
   622 				$tz_select .= "<option value=\"$i\"$selected>$title</option>";
   623       }
   623 			}
   624       $tz_select .= '</select>';
   624 			$tz_select .= '</select>';
   625       
   625 			
   626       echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
   626 			echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
   627       ?>
   627 			?>
   628       <div class="tblholder">
   628 			<div class="tblholder">
   629         <table border="0" cellspacing="1" cellpadding="4">
   629 				<table border="0" cellspacing="1" cellpadding="4">
   630           <tr>
   630 					<tr>
   631             <th colspan="2"><?php echo $lang->get('usercp_publicinfo_heading_main'); ?></th>
   631 						<th colspan="2"><?php echo $lang->get('usercp_publicinfo_heading_main'); ?></th>
   632           </tr>
   632 					</tr>
   633           <tr>
   633 					<tr>
   634             <td colspan="2" class="row3"><?php echo $lang->get('usercp_publicinfo_note_optional'); ?></td>
   634 						<td colspan="2" class="row3"><?php echo $lang->get('usercp_publicinfo_note_optional'); ?></td>
   635           </tr>
   635 					</tr>
   636           <tr>
   636 					<tr>
   637             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_realname'); ?></td>
   637 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_realname'); ?></td>
   638             <td class="row1" style="width: 50%;"><input type="text" name="real_name" value="<?php echo $session->real_name; ?>" size="30" /></td>
   638 						<td class="row1" style="width: 50%;"><input type="text" name="real_name" value="<?php echo $session->real_name; ?>" size="30" /></td>
   639           </tr>
   639 					</tr>
   640           <tr>
   640 					<tr>
   641             <td class="row2"><?php echo $lang->get('usercp_publicinfo_field_language') . '<br /><small>' . $lang->get('usercp_publicinfo_field_language_hint') . '</small>'; ?></td>
   641 						<td class="row2"><?php echo $lang->get('usercp_publicinfo_field_language') . '<br /><small>' . $lang->get('usercp_publicinfo_field_language_hint') . '</small>'; ?></td>
   642             <td class="row1"><?php echo $lang_box; ?></td>
   642 						<td class="row1"><?php echo $lang_box; ?></td>
   643           </tr>
   643 					</tr>
   644           <tr>
   644 					<tr>
   645             <td class="row2"><?php echo $lang->get('usercp_publicinfo_field_changetheme_title'); ?></td>
   645 						<td class="row2"><?php echo $lang->get('usercp_publicinfo_field_changetheme_title'); ?></td>
   646             <td class="row1"><?php echo $lang->get('usercp_publicinfo_field_changetheme_hint'); ?> <a href="<?php echo makeUrlNS('Special', 'ChangeStyle/' . $paths->page); ?>" onclick="ajaxChangeStyle(); return false;"><?php echo $lang->get('usercp_publicinfo_field_changetheme'); ?></a></td>
   646 						<td class="row1"><?php echo $lang->get('usercp_publicinfo_field_changetheme_hint'); ?> <a href="<?php echo makeUrlNS('Special', 'ChangeStyle/' . $paths->page); ?>" onclick="ajaxChangeStyle(); return false;"><?php echo $lang->get('usercp_publicinfo_field_changetheme'); ?></a></td>
   647           </tr>
   647 					</tr>
   648           <tr>
   648 					<tr>
   649             <td class="row2"><?php echo $lang->get('usercp_publicinfo_field_dateformat'); ?></td>
   649 						<td class="row2"><?php echo $lang->get('usercp_publicinfo_field_dateformat'); ?></td>
   650             <td class="row1">
   650 						<td class="row1">
   651             <select name="date_format">
   651 						<select name="date_format">
   652               <?php
   652 							<?php
   653               foreach ( array(DATE_1, DATE_2, DATE_3, DATE_4) as $format )
   653 							foreach ( array(DATE_1, DATE_2, DATE_3, DATE_4) as $format )
   654               {
   654 							{
   655                 $selected = $format === $session->date_format ? ' selected="selected"' : '';
   655 								$selected = $format === $session->date_format ? ' selected="selected"' : '';
   656                 echo '<option value="' . $format . '"' . $selected . '>' . enano_date($format) . '</option>';
   656 								echo '<option value="' . $format . '"' . $selected . '>' . enano_date($format) . '</option>';
   657               }
   657 							}
   658               ?>
   658 							?>
   659             </select>
   659 						</select>
   660             </td>
   660 						</td>
   661           </tr>
   661 					</tr>
   662           <tr>
   662 					<tr>
   663             <td class="row2"><?php echo $lang->get('usercp_publicinfo_field_timeformat'); ?></td>
   663 						<td class="row2"><?php echo $lang->get('usercp_publicinfo_field_timeformat'); ?></td>
   664             <td class="row1">
   664 						<td class="row1">
   665             <select name="time_format">
   665 						<select name="time_format">
   666               <?php
   666 							<?php
   667               foreach ( array(TIME_12_NS, TIME_12_S, TIME_24_NS, TIME_24_S) as $format )
   667 							foreach ( array(TIME_12_NS, TIME_12_S, TIME_24_NS, TIME_24_S) as $format )
   668               {
   668 							{
   669                 $selected = $format === $session->time_format ? ' selected="selected"' : '';
   669 								$selected = $format === $session->time_format ? ' selected="selected"' : '';
   670                 echo '<option value="' . $format . '"' . $selected . '>' . enano_date($format) . '</option>';
   670 								echo '<option value="' . $format . '"' . $selected . '>' . enano_date($format) . '</option>';
   671               }
   671 							}
   672               ?>
   672 							?>
   673             </select>
   673 						</select>
   674             </td>
   674 						</td>
   675           </tr>
   675 					</tr>
   676           <tr>
   676 					<tr>
   677             <td class="row3" colspan="2"><?php echo $lang->get('usercp_publicinfo_field_timezone'); ?> <?php echo $tz_select; ?><br /><small><?php echo $lang->get('usercp_publicinfo_field_timezone_hint'); ?></small></td>
   677 						<td class="row3" colspan="2"><?php echo $lang->get('usercp_publicinfo_field_timezone'); ?> <?php echo $tz_select; ?><br /><small><?php echo $lang->get('usercp_publicinfo_field_timezone_hint'); ?></small></td>
   678           </tr>
   678 					</tr>
   679           <tr>
   679 					<tr>
   680             <td class="row2"><?php echo $lang->get('usercp_publicinfo_field_dst'); ?></td>
   680 						<td class="row2"><?php echo $lang->get('usercp_publicinfo_field_dst'); ?></td>
   681             <td class="row1">
   681 						<td class="row1">
   682               <select name="dst">
   682 							<select name="dst">
   683                 <?php
   683 								<?php
   684                 global $dst_profiles, $dst_params;
   684 								global $dst_profiles, $dst_params;
   685                 $user_dst = implode(';', $dst_params);
   685 								$user_dst = implode(';', $dst_params);
   686                 foreach ( $dst_profiles as $region => $data )
   686 								foreach ( $dst_profiles as $region => $data )
   687                 {
   687 								{
   688                   $selected = ( $data === $user_dst ) ? ' selected="selected"' : '';
   688 									$selected = ( $data === $user_dst ) ? ' selected="selected"' : '';
   689                   echo '<option value="' . $data . '"' . $selected . '>' . $lang->get("tz_dst_$region") . '</option>';
   689 									echo '<option value="' . $data . '"' . $selected . '>' . $lang->get("tz_dst_$region") . '</option>';
   690                 }
   690 								}
   691                 ?>
   691 								?>
   692               </select>
   692 							</select>
   693             </td>
   693 						</td>
   694           </tr>
   694 					</tr>
   695           <?php
   695 					<?php
   696           if ( $session->get_permissions('custom_user_title') ):
   696 					if ( $session->get_permissions('custom_user_title') ):
   697           ?>
   697 					?>
   698             <tr>
   698 						<tr>
   699               <td class="row2">
   699 							<td class="row2">
   700                 <?php echo $lang->get('usercp_publicinfo_field_usertitle_title'); ?><br />
   700 								<?php echo $lang->get('usercp_publicinfo_field_usertitle_title'); ?><br />
   701                 <small><?php echo $lang->get('usercp_publicinfo_field_usertitle_hint'); ?></small>
   701 								<small><?php echo $lang->get('usercp_publicinfo_field_usertitle_hint'); ?></small>
   702               </td>
   702 							</td>
   703               <td class="row1">
   703 							<td class="row1">
   704                 <input type="text" name="user_title" value="<?php echo htmlspecialchars($session->user_title); ?>" />
   704 								<input type="text" name="user_title" value="<?php echo htmlspecialchars($session->user_title); ?>" />
   705               </td>
   705 							</td>
   706             </tr>
   706 						</tr>
   707           <?php
   707 					<?php
   708           endif;
   708 					endif;
   709           if ( count($available_ranks) > 1 ):
   709 					if ( count($available_ranks) > 1 ):
   710           ?>
   710 					?>
   711           <tr>
   711 					<tr>
   712             <td class="row2">
   712 						<td class="row2">
   713               <?php echo $lang->get('usercp_publicinfo_field_rank_title'); ?><br />
   713 							<?php echo $lang->get('usercp_publicinfo_field_rank_title'); ?><br />
   714               <small><?php echo $lang->get('usercp_publicinfo_field_rank_hint'); ?></small>
   714 							<small><?php echo $lang->get('usercp_publicinfo_field_rank_hint'); ?></small>
   715             </td>
   715 						</td>
   716             <td class="row1">
   716 						<td class="row1">
   717               <select name="user_rank">
   717 							<select name="user_rank">
   718                 <?php
   718 								<?php
   719                 foreach ( $available_ranks as $rank )
   719 								foreach ( $available_ranks as $rank )
   720                 {
   720 								{
   721                   $sel = ( $rank['rank_id'] == $current_rank['rank_id'] ) ? ' selected="selected"' : '';
   721 									$sel = ( $rank['rank_id'] == $current_rank['rank_id'] ) ? ' selected="selected"' : '';
   722                   echo '<option' . $sel . ' value="' . $rank['rank_id'] . '" style="' . htmlspecialchars($rank['rank_style']) . '">';
   722 									echo '<option' . $sel . ' value="' . $rank['rank_id'] . '" style="' . htmlspecialchars($rank['rank_style']) . '">';
   723                   echo htmlspecialchars($lang->get($rank['rank_title']));
   723 									echo htmlspecialchars($lang->get($rank['rank_title']));
   724                   echo '</option>';
   724 									echo '</option>';
   725                 }
   725 								}
   726                 ?>
   726 								?>
   727               </select>
   727 							</select>
   728             </td>
   728 						</td>
   729           </tr>
   729 					</tr>
   730           <?php
   730 					<?php
   731           endif;
   731 					endif;
   732           ?>
   732 					?>
   733           <tr>
   733 					<tr>
   734             <th class="subhead" colspan="2">
   734 						<th class="subhead" colspan="2">
   735               <?php echo $lang->get('usercp_publicinfo_th_im'); ?>
   735 							<?php echo $lang->get('usercp_publicinfo_th_im'); ?>
   736             </th>
   736 						</th>
   737           <tr>
   737 					<tr>
   738             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_aim'); ?></td>
   738 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_aim'); ?></td>
   739             <td class="row1" style="width: 50%;"><input type="text" name="imaddr_aim" value="<?php echo $session->user_extra['user_aim']; ?>" size="30" /></td>
   739 						<td class="row1" style="width: 50%;"><input type="text" name="imaddr_aim" value="<?php echo $session->user_extra['user_aim']; ?>" size="30" /></td>
   740           </tr>
   740 					</tr>
   741           <tr>
   741 					<tr>
   742             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_wlm'); ?></td>
   742 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_wlm'); ?></td>
   743             <td class="row1" style="width: 50%;"><input type="text" name="imaddr_msn" value="<?php echo $session->user_extra['user_msn']; ?>" size="30" /></td>
   743 						<td class="row1" style="width: 50%;"><input type="text" name="imaddr_msn" value="<?php echo $session->user_extra['user_msn']; ?>" size="30" /></td>
   744           </tr>
   744 					</tr>
   745           <tr>
   745 					<tr>
   746             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_yim'); ?></td>
   746 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_yim'); ?></td>
   747             <td class="row1" style="width: 50%;"><input type="text" name="imaddr_yahoo" value="<?php echo $session->user_extra['user_yahoo']; ?>" size="30" /></td>
   747 						<td class="row1" style="width: 50%;"><input type="text" name="imaddr_yahoo" value="<?php echo $session->user_extra['user_yahoo']; ?>" size="30" /></td>
   748           </tr>
   748 					</tr>
   749           <tr>
   749 					<tr>
   750             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_xmpp'); ?></td>
   750 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_xmpp'); ?></td>
   751             <td class="row1" style="width: 50%;"><input type="text" name="imaddr_xmpp" value="<?php echo $session->user_extra['user_xmpp']; ?>" size="30" /></td>
   751 						<td class="row1" style="width: 50%;"><input type="text" name="imaddr_xmpp" value="<?php echo $session->user_extra['user_xmpp']; ?>" size="30" /></td>
   752           </tr>
   752 					</tr>
   753           <tr>
   753 					<tr>
   754             <th class="subhead" colspan="2">
   754 						<th class="subhead" colspan="2">
   755               <?php echo $lang->get('usercp_publicinfo_th_contact'); ?>
   755 							<?php echo $lang->get('usercp_publicinfo_th_contact'); ?>
   756             </th>
   756 						</th>
   757           </tr>
   757 					</tr>
   758           <tr>
   758 					<tr>
   759             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_homepage'); ?></td>
   759 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_homepage'); ?></td>
   760             <td class="row1" style="width: 50%;"><input type="text" name="homepage" value="<?php echo $session->user_extra['user_homepage']; ?>" size="30" /></td>
   760 						<td class="row1" style="width: 50%;"><input type="text" name="homepage" value="<?php echo $session->user_extra['user_homepage']; ?>" size="30" /></td>
   761           </tr>
   761 					</tr>
   762           <tr>
   762 					<tr>
   763             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_location'); ?></td>
   763 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_location'); ?></td>
   764             <td class="row1" style="width: 50%;"><input type="text" name="location" value="<?php echo $session->user_extra['user_location']; ?>" size="30" /></td>
   764 						<td class="row1" style="width: 50%;"><input type="text" name="location" value="<?php echo $session->user_extra['user_location']; ?>" size="30" /></td>
   765           </tr>
   765 					</tr>
   766           <tr>
   766 					<tr>
   767             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_job'); ?></td>
   767 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_job'); ?></td>
   768             <td class="row1" style="width: 50%;"><input type="text" name="occupation" value="<?php echo $session->user_extra['user_job']; ?>" size="30" /></td>
   768 						<td class="row1" style="width: 50%;"><input type="text" name="occupation" value="<?php echo $session->user_extra['user_job']; ?>" size="30" /></td>
   769           </tr>
   769 					</tr>
   770           <tr>
   770 					<tr>
   771             <td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_hobbies'); ?></td>
   771 						<td class="row2" style="width: 50%;"><?php echo $lang->get('usercp_publicinfo_field_hobbies'); ?></td>
   772             <td class="row1" style="width: 50%;"><input type="text" name="hobbies" value="<?php echo $session->user_extra['user_hobbies']; ?>" size="30" /></td>
   772 						<td class="row1" style="width: 50%;"><input type="text" name="hobbies" value="<?php echo $session->user_extra['user_hobbies']; ?>" size="30" /></td>
   773           </tr>
   773 					</tr>
   774           <tr>
   774 					<tr>
   775             <td class="row2" style="width: 50%;"><label for="chk_email_public"><?php echo $lang->get('usercp_publicinfo_field_email_public'); ?></label></td>
   775 						<td class="row2" style="width: 50%;"><label for="chk_email_public"><?php echo $lang->get('usercp_publicinfo_field_email_public'); ?></label></td>
   776             <td class="row1" style="width: 50%;"><label><input type="checkbox" id="chk_email_public" name="email_public" <?php if ($session->user_extra['email_public'] == 1) echo 'checked="checked"'; ?> size="30" /> <small><?php echo $lang->get('usercp_publicinfo_field_email_public_hint'); ?></small></label></td>
   776 						<td class="row1" style="width: 50%;"><label><input type="checkbox" id="chk_email_public" name="email_public" <?php if ($session->user_extra['email_public'] == 1) echo 'checked="checked"'; ?> size="30" /> <small><?php echo $lang->get('usercp_publicinfo_field_email_public_hint'); ?></small></label></td>
   777           </tr>
   777 					</tr>
   778           <tr>
   778 					<tr>
   779             <td class="row2" style="width: 50%;"><label for="chk_jsfx"><?php echo $lang->get('usercp_publicinfo_field_jsfx'); ?></label></td>
   779 						<td class="row2" style="width: 50%;"><label for="chk_jsfx"><?php echo $lang->get('usercp_publicinfo_field_jsfx'); ?></label></td>
   780             <td class="row1" style="width: 50%;"><label><input type="checkbox" id="chk_jsfx" name="disable_js_fx" <?php if ($session->user_extra['disable_js_fx'] == 1) echo 'checked="checked"'; ?> size="30" /> <small><?php echo $lang->get('usercp_publicinfo_field_jsfx_hint'); ?></small></label></td>
   780 						<td class="row1" style="width: 50%;"><label><input type="checkbox" id="chk_jsfx" name="disable_js_fx" <?php if ($session->user_extra['disable_js_fx'] == 1) echo 'checked="checked"'; ?> size="30" /> <small><?php echo $lang->get('usercp_publicinfo_field_jsfx_hint'); ?></small></label></td>
   781           </tr>
   781 					</tr>
   782           <tr>
   782 					<tr>
   783             <th class="subhead" colspan="2">
   783 						<th class="subhead" colspan="2">
   784               <input type="submit" name="submit" value="<?php echo $lang->get('usercp_publicinfo_btn_save'); ?>" />
   784 							<input type="submit" name="submit" value="<?php echo $lang->get('usercp_publicinfo_btn_save'); ?>" />
   785             </th>
   785 						</th>
   786           </tr>
   786 					</tr>
   787         </table>
   787 				</table>
   788       </div>
   788 			</div>
   789       <?php
   789 			<?php
   790       // CSRF protection
   790 			// CSRF protection
   791       echo '<input type="hidden" name="cstok" value="' . $session->csrf_token . '" />';
   791 			echo '<input type="hidden" name="cstok" value="' . $session->csrf_token . '" />';
   792       echo '</form>';
   792 			echo '</form>';
   793       break;
   793 			break;
   794     case 'Avatar':
   794 		case 'Avatar':
   795       if ( getConfig('avatar_enable', 0) !== 1 )
   795 			if ( getConfig('avatar_enable', 0) !== 1 )
   796       {
   796 			{
   797         echo '<div class="error-box"><b>' . $lang->get('usercp_avatar_err_disabled_title') . '</b><br />' . $lang->get('usercp_avatar_err_disabled_body') . '</div>';
   797 				echo '<div class="error-box"><b>' . $lang->get('usercp_avatar_err_disabled_title') . '</b><br />' . $lang->get('usercp_avatar_err_disabled_body') . '</div>';
   798         break;
   798 				break;
   799       }
   799 			}
   800       
   800 			
   801       if ( isset($_POST['submit']) )
   801 			if ( isset($_POST['submit']) )
   802       {
   802 			{
   803         list($has_avi, $avi_type) = avatar_post($session->user_id);
   803 				list($has_avi, $avi_type) = avatar_post($session->user_id);
   804       }
   804 			}
   805       else
   805 			else
   806       {
   806 			{
   807         // Determine current avatar
   807 				// Determine current avatar
   808         $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
   808 				$q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
   809         if ( !$q )
   809 				if ( !$q )
   810           $db->_die('Avatar CP selecting user\'s avatar data');
   810 					$db->_die('Avatar CP selecting user\'s avatar data');
   811         
   811 				
   812         list($has_avi, $avi_type) = $db->fetchrow_num();
   812 				list($has_avi, $avi_type) = $db->fetchrow_num();
   813       }
   813 			}
   814       
   814 			
   815       ?>
   815 			?>
   816       <script type="text/javascript">
   816 			<script type="text/javascript">
   817       
   817 			
   818         function avatar_select_field(elParent)
   818 				function avatar_select_field(elParent)
   819         {
   819 				{
   820           $('td#avatar_upload_btns > div:visible').hide('blind');
   820 					$('td#avatar_upload_btns > div:visible').hide('blind');
   821           switch(elParent.value)
   821 					switch(elParent.value)
   822           {
   822 					{
   823             case 'set_http':
   823 						case 'set_http':
   824               $('#avatar_upload_http').show('blind');
   824 							$('#avatar_upload_http').show('blind');
   825               break;
   825 							break;
   826             case 'set_file':
   826 						case 'set_file':
   827               $('#avatar_upload_file').show('blind');
   827 							$('#avatar_upload_file').show('blind');
   828               break;
   828 							break;
   829             case 'set_gravatar':
   829 						case 'set_gravatar':
   830               $('#avatar_upload_gravatar').show('blind');
   830 							$('#avatar_upload_gravatar').show('blind');
   831               break;
   831 							break;
   832           }
   832 					}
   833         }
   833 				}
   834       
   834 			
   835       </script>
   835 			</script>
   836       <?php
   836 			<?php
   837       
   837 			
   838       echo '<form action="' . makeUrl($paths->fullpage) . '" method="post" enctype="multipart/form-data">';
   838 			echo '<form action="' . makeUrl($paths->fullpage) . '" method="post" enctype="multipart/form-data">';
   839       echo '<div class="tblholder">';
   839 			echo '<div class="tblholder">';
   840       echo '<table border="0" cellspacing="1" cellpadding="4">';
   840 			echo '<table border="0" cellspacing="1" cellpadding="4">';
   841       echo '<tr>
   841 			echo '<tr>
   842               <th colspan="2">
   842 							<th colspan="2">
   843                 ' . $lang->get('usercp_avatar_table_title') . '
   843 								' . $lang->get('usercp_avatar_table_title') . '
   844               </th>
   844 							</th>
   845             </tr>';
   845 						</tr>';
   846             
   846 						
   847       echo '<tr>
   847 			echo '<tr>
   848               <td class="row2" style="width: 150px;">
   848 							<td class="row2" style="width: 150px;">
   849                 ' . $lang->get('usercp_avatar_label_current') . '
   849 								' . $lang->get('usercp_avatar_label_current') . '
   850               </td>
   850 							</td>
   851               <td class="row1" style="text-align: center;">';
   851 							<td class="row1" style="text-align: center;">';
   852               
   852 							
   853       if ( $has_avi == 1 )
   853 			if ( $has_avi == 1 )
   854       {
   854 			{
   855         echo '<img alt="' . $lang->get('usercp_avatar_image_alt', array('username' => $session->username)) . '" src="' . make_avatar_url($session->user_id, $avi_type, $session->email) . '" />';
   855 				echo '<img alt="' . $lang->get('usercp_avatar_image_alt', array('username' => $session->username)) . '" src="' . make_avatar_url($session->user_id, $avi_type, $session->email) . '" />';
   856       }
   856 			}
   857       else
   857 			else
   858       {
   858 			{
   859         echo $lang->get('usercp_avatar_image_none');
   859 				echo $lang->get('usercp_avatar_image_none');
   860       }
   860 			}
   861       
   861 			
   862       echo '    </td>
   862 			echo '    </td>
   863               </tr>';
   863 							</tr>';
   864               
   864 							
   865       echo '  <tr>
   865 			echo '  <tr>
   866                 <td class="row2">
   866 								<td class="row2">
   867                   ' . $lang->get('usercp_avatar_lbl_change') . '
   867 									' . $lang->get('usercp_avatar_lbl_change') . '
   868                 </td>
   868 								</td>
   869                 <td class="row1" id="avatar_upload_btns">
   869 								<td class="row1" id="avatar_upload_btns">
   870                   <label><input type="radio" name="avatar_action" value="keep" onclick="avatar_select_field(this);" checked="checked" /> ' . $lang->get('usercp_avatar_lbl_keep') . '</label><br />
   870 									<label><input type="radio" name="avatar_action" value="keep" onclick="avatar_select_field(this);" checked="checked" /> ' . $lang->get('usercp_avatar_lbl_keep') . '</label><br />
   871                   <label><input type="radio" name="avatar_action" value="remove" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_remove') . '</label><br />';
   871 									<label><input type="radio" name="avatar_action" value="remove" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_remove') . '</label><br />';
   872       if ( getConfig('avatar_upload_http') == '1' )
   872 			if ( getConfig('avatar_upload_http') == '1' )
   873       {
   873 			{
   874         echo '    <label><input type="radio" name="avatar_action" value="set_http" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_http') . '</label><br />
   874 				echo '    <label><input type="radio" name="avatar_action" value="set_http" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_http') . '</label><br />
   875                   <div id="avatar_upload_http" style="display: none; margin: 10px 0 0 2.2em;">
   875 									<div id="avatar_upload_http" style="display: none; margin: 10px 0 0 2.2em;">
   876                     ' . $lang->get('usercp_avatar_lbl_url') . ' <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
   876 										' . $lang->get('usercp_avatar_lbl_url') . ' <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
   877                     <small>' . $lang->get('usercp_avatar_lbl_url_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
   877 										<small>' . $lang->get('usercp_avatar_lbl_url_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
   878                   </div>';
   878 									</div>';
   879       }
   879 			}
   880       if ( getConfig('avatar_upload_file') == '1' )
   880 			if ( getConfig('avatar_upload_file') == '1' )
   881       {
   881 			{
   882         echo '    <label><input type="radio" name="avatar_action" value="set_file" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_file') . '</label><br />
   882 				echo '    <label><input type="radio" name="avatar_action" value="set_file" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_file') . '</label><br />
   883                   <div id="avatar_upload_file" style="display: none; margin: 10px 0 0 2.2em;">
   883 									<div id="avatar_upload_file" style="display: none; margin: 10px 0 0 2.2em;">
   884                     ' . $lang->get('usercp_avatar_lbl_file') . ' <input type="file" name="avatar_file" size="40" /><br />
   884 										' . $lang->get('usercp_avatar_lbl_file') . ' <input type="file" name="avatar_file" size="40" /><br />
   885                     <small>' . $lang->get('usercp_avatar_lbl_file_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
   885 										<small>' . $lang->get('usercp_avatar_lbl_file_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
   886                   </div>';
   886 									</div>';
   887       }
   887 			}
   888       if ( getConfig('avatar_upload_gravatar') == '1' )
   888 			if ( getConfig('avatar_upload_gravatar') == '1' )
   889       {
   889 			{
   890         $rating_images = array('g' => '0', 'pg' => '1', 'r' => '2', 'x' => '3');
   890 				$rating_images = array('g' => '0', 'pg' => '1', 'r' => '2', 'x' => '3');
   891         $rating_id = $rating_images[ getConfig('gravatar_rating', 'g') ];
   891 				$rating_id = $rating_images[ getConfig('gravatar_rating', 'g') ];
   892         $rating_image = "http://s.gravatar.com/images/gravatars/ratings/$rating_id.gif";
   892 				$rating_image = "http://s.gravatar.com/images/gravatars/ratings/$rating_id.gif";
   893         $max_rating = getConfig('gravatar_rating', 'g');
   893 				$max_rating = getConfig('gravatar_rating', 'g');
   894         echo '    <label><input type="radio" name="avatar_action" value="set_gravatar" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_gravatar') . ' <img alt=" " src="' . make_gravatar_url($session->email, 16) . '" /></label> (<a href="http://www.gravatar.com/" onclick="window.open(this); return false;">' . $lang->get('usercp_avatar_link_gravatar_info') . '</a>)
   894 				echo '    <label><input type="radio" name="avatar_action" value="set_gravatar" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_gravatar') . ' <img alt=" " src="' . make_gravatar_url($session->email, 16) . '" /></label> (<a href="http://www.gravatar.com/" onclick="window.open(this); return false;">' . $lang->get('usercp_avatar_link_gravatar_info') . '</a>)
   895                   <div id="avatar_upload_gravatar" style="display: none; margin: 10px 0 0 2.2em;">
   895 									<div id="avatar_upload_gravatar" style="display: none; margin: 10px 0 0 2.2em;">
   896                     <div style="float: left; margin-right: 5px; margin-bottom: 20px;">
   896 										<div style="float: left; margin-right: 5px; margin-bottom: 20px;">
   897                       <img alt=" " src="' . $rating_image . '" />
   897 											<img alt=" " src="' . $rating_image . '" />
   898                     </div>
   898 										</div>
   899                     ' . $lang->get("usercp_avatar_gravatar_rating_$max_rating") . '
   899 										' . $lang->get("usercp_avatar_gravatar_rating_$max_rating") . '
   900                   </div>';
   900 									</div>';
   901       }
   901 			}
   902       echo '    </td>
   902 			echo '    </td>
   903               </tr>';
   903 							</tr>';
   904               
   904 							
   905       echo '  <tr>
   905 			echo '  <tr>
   906                 <th class="subhead" colspan="2">
   906 								<th class="subhead" colspan="2">
   907                   <input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" />
   907 									<input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" />
   908                 </th>
   908 								</th>
   909               </tr>';
   909 							</tr>';
   910               
   910 							
   911       echo '</table>
   911 			echo '</table>
   912             </div>';
   912 						</div>';
   913       
   913 			
   914       break;
   914 			break;
   915     default:
   915 		default:
   916       $good = false;
   916 			$good = false;
   917       $code = $plugins->setHook('userprefs_body', true);
   917 			$code = $plugins->setHook('userprefs_body', true);
   918       foreach ( $code as $cmd )
   918 			foreach ( $code as $cmd )
   919       {
   919 			{
   920         if ( eval($cmd) )
   920 				if ( eval($cmd) )
   921           $good = true;
   921 					$good = true;
   922       }
   922 			}
   923       if ( !$good )
   923 			if ( !$good )
   924       {
   924 			{
   925         echo '<h3>Invalid module</h3>
   925 				echo '<h3>Invalid module</h3>
   926               <p>Userprefs module "'.$section.'" not found.</p>';
   926 							<p>Userprefs module "'.$section.'" not found.</p>';
   927       }
   927 			}
   928       break;
   928 			break;
   929   }
   929 	}
   930   
   930 	
   931   $template->footer();
   931 	$template->footer();
   932 }
   932 }
   933 
   933 
   934 // Avatar POST processor
   934 // Avatar POST processor
   935 function avatar_post($user_id, $quiet = false)
   935 function avatar_post($user_id, $quiet = false)
   936 {
   936 {
   937   global $db, $session, $paths, $template, $plugins; // Common objects
   937 	global $db, $session, $paths, $template, $plugins; // Common objects
   938   global $lang;
   938 	global $lang;
   939   
   939 	
   940   $had_a_boo_boo = true;
   940 	$had_a_boo_boo = true;
   941   
   941 	
   942   // Determine current avatar
   942 	// Determine current avatar
   943   $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
   943 	$q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
   944   if ( !$q )
   944 	if ( !$q )
   945     $db->_die('Avatar CP selecting user\'s avatar data');
   945 		$db->_die('Avatar CP selecting user\'s avatar data');
   946   
   946 	
   947   list($has_avi, $avi_type) = $db->fetchrow_num();
   947 	list($has_avi, $avi_type) = $db->fetchrow_num();
   948   
   948 	
   949   $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
   949 	$action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
   950   $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
   950 	$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
   951   switch($action)
   951 	switch($action)
   952   {
   952 	{
   953     case 'keep':
   953 		case 'keep':
   954     default:
   954 		default:
   955       $had_a_boo_boo = false;
   955 			$had_a_boo_boo = false;
   956       break;
   956 			break;
   957     case 'remove':
   957 		case 'remove':
   958       if ( $has_avi )
   958 			if ( $has_avi )
   959       {
   959 			{
   960         // First switch the avatar off
   960 				// First switch the avatar off
   961         $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
   961 				$q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
   962         if ( !$q )
   962 				if ( !$q )
   963           $db->_die('Avatar CP switching user avatar off');
   963 					$db->_die('Avatar CP switching user avatar off');
   964         
   964 				
   965         if ( @unlink($avi_path) )
   965 				if ( @unlink($avi_path) )
   966         {
   966 				{
   967           $quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_delete_success') . '</div>';
   967 					$quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_delete_success') . '</div>';
   968         }
   968 				}
   969         $has_avi = 0;
   969 				$has_avi = 0;
   970       }
   970 			}
   971       $had_a_boo_boo = false;
   971 			$had_a_boo_boo = false;
   972       break;
   972 			break;
   973     case 'set_http':
   973 		case 'set_http':
   974     case 'set_file':
   974 		case 'set_file':
   975       // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
   975 			// Hackish way to preserve the UNIX philosophy of reusing as much code as possible
   976       if ( $action == 'set_http' )
   976 			if ( $action == 'set_http' )
   977       {
   977 			{
   978         // Check if this action is enabled
   978 				// Check if this action is enabled
   979         if ( getConfig('avatar_upload_http', 1) !== 1 )
   979 				if ( getConfig('avatar_upload_http', 1) !== 1 )
   980         {
   980 				{
   981           // non-localized, only appears on hack attempt
   981 					// non-localized, only appears on hack attempt
   982           echo '<div class="error-box">Uploads over HTTP are disabled.</div>';
   982 					echo '<div class="error-box">Uploads over HTTP are disabled.</div>';
   983           break;
   983 					break;
   984         }
   984 				}
   985         // Download the file
   985 				// Download the file
   986         require_once( ENANO_ROOT . '/includes/http.php' );
   986 				require_once( ENANO_ROOT . '/includes/http.php' );
   987         
   987 				
   988         if ( !preg_match('/^http:\/\/((?:[a-z0-9-\.]+|\[[a-f0-9:]+\]))(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
   988 				if ( !preg_match('/^http:\/\/((?:[a-z0-9-\.]+|\[[a-f0-9:]+\]))(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
   989         {
   989 				{
   990           echo '<div class="error-box">' . $lang->get('usercp_avatar_invalid_url') . '</div>';
   990 					echo '<div class="error-box">' . $lang->get('usercp_avatar_invalid_url') . '</div>';
   991           break;
   991 					break;
   992         }
   992 				}
   993         
   993 				
   994         $hostname = $match[1];
   994 				$hostname = $match[1];
   995         $uri = '/' . $match[4];
   995 				$uri = '/' . $match[4];
   996         $port = ( $match[3] ) ? intval($match[3]) : 80;
   996 				$port = ( $match[3] ) ? intval($match[3]) : 80;
   997         $max_size = intval(getConfig('avatar_max_size'));
   997 				$max_size = intval(getConfig('avatar_max_size'));
   998         
   998 				
   999         // Get temporary file
   999 				// Get temporary file
  1000         $tempfile = tempnam(false, "enanoavatar_{$user_id}");
  1000 				$tempfile = tempnam(false, "enanoavatar_{$user_id}");
  1001         if ( !$tempfile )
  1001 				if ( !$tempfile )
  1002           echo '<div class="error-box">Error getting temp file.</div>';
  1002 					echo '<div class="error-box">Error getting temp file.</div>';
  1003         
  1003 				
  1004         @unlink($tempfile);
  1004 				@unlink($tempfile);
  1005         $request = new Request_HTTP($hostname, $uri, 'GET', $port);
  1005 				$request = new Request_HTTP($hostname, $uri, 'GET', $port);
  1006         // max download size: 2MB, keeps things reasonable
  1006 				// max download size: 2MB, keeps things reasonable
  1007         // note: we'll try to scale the image down before checking filesize
  1007 				// note: we'll try to scale the image down before checking filesize
  1008         $result = $request->write_response_to_file($tempfile, 1160, 2097152);
  1008 				$result = $request->write_response_to_file($tempfile, 1160, 2097152);
  1009         if ( !$result || $request->response_code != HTTP_OK )
  1009 				if ( !$result || $request->response_code != HTTP_OK )
  1010         {
  1010 				{
  1011           @unlink($tempfile);
  1011 					@unlink($tempfile);
  1012           echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_write') . '</div>';
  1012 					echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_write') . '</div>';
  1013           break;
  1013 					break;
  1014         }
  1014 				}
  1015         
  1015 				
  1016         // Response written. Proceed to validation...
  1016 				// Response written. Proceed to validation...
  1017       }
  1017 			}
  1018       else
  1018 			else
  1019       {
  1019 			{
  1020         // Check if this action is enabled
  1020 				// Check if this action is enabled
  1021         if ( getConfig('avatar_upload_file', 1) !== 1 )
  1021 				if ( getConfig('avatar_upload_file', 1) !== 1 )
  1022         {
  1022 				{
  1023           // non-localized, only appears on hack attempt
  1023 					// non-localized, only appears on hack attempt
  1024           echo '<div class="error-box">Uploads from the browser are disabled.</div>';
  1024 					echo '<div class="error-box">Uploads from the browser are disabled.</div>';
  1025           break;
  1025 					break;
  1026         }
  1026 				}
  1027         
  1027 				
  1028         $max_size = intval(getConfig('avatar_max_size'));
  1028 				$max_size = intval(getConfig('avatar_max_size'));
  1029         
  1029 				
  1030         $file =& $_FILES['avatar_file'];
  1030 				$file =& $_FILES['avatar_file'];
  1031         $tempfile =& $file['tmp_name'];
  1031 				$tempfile =& $file['tmp_name'];
  1032       }
  1032 			}
  1033       $file_type = get_image_filetype($tempfile);
  1033 			$file_type = get_image_filetype($tempfile);
  1034       if ( !$file_type )
  1034 			if ( !$file_type )
  1035       {
  1035 			{
  1036         @unlink($tempfile);
  1036 				@unlink($tempfile);
  1037         echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_filetype') . '</div>';
  1037 				echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_filetype') . '</div>';
  1038         break;
  1038 				break;
  1039       }
  1039 			}
  1040       
  1040 			
  1041       $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
  1041 			$avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
  1042       
  1042 			
  1043       // The file type is good - validate dimensions and animation
  1043 			// The file type is good - validate dimensions and animation
  1044       switch($file_type)
  1044 			switch($file_type)
  1045       {
  1045 			{
  1046         case 'png':
  1046 				case 'png':
  1047           $is_animated = is_png_animated($tempfile);
  1047 					$is_animated = is_png_animated($tempfile);
  1048           $dimensions = png_get_dimensions($tempfile);
  1048 					$dimensions = png_get_dimensions($tempfile);
  1049           break;
  1049 					break;
  1050         case 'gif':
  1050 				case 'gif':
  1051           $is_animated = is_gif_animated($tempfile);
  1051 					$is_animated = is_gif_animated($tempfile);
  1052           $dimensions = gif_get_dimensions($tempfile);
  1052 					$dimensions = gif_get_dimensions($tempfile);
  1053           break;
  1053 					break;
  1054         case 'jpg':
  1054 				case 'jpg':
  1055           $is_animated = false;
  1055 					$is_animated = false;
  1056           $dimensions = jpg_get_dimensions($tempfile);
  1056 					$dimensions = jpg_get_dimensions($tempfile);
  1057           break;
  1057 					break;
  1058         default:
  1058 				default:
  1059           echo '<div class="error-box">API mismatch</div>';
  1059 					echo '<div class="error-box">API mismatch</div>';
  1060           break 2;
  1060 					break 2;
  1061       }
  1061 			}
  1062       // Did we get invalid size data? If so the image is probably corrupt.
  1062 			// Did we get invalid size data? If so the image is probably corrupt.
  1063       if ( !$dimensions )
  1063 			if ( !$dimensions )
  1064       {
  1064 			{
  1065         @unlink($tempfile);
  1065 				@unlink($tempfile);
  1066         echo '<div class="error-box">' . $lang->get('usercp_avatar_corrupt_image') . '</div>';
  1066 				echo '<div class="error-box">' . $lang->get('usercp_avatar_corrupt_image') . '</div>';
  1067         break;
  1067 				break;
  1068       }
  1068 			}
  1069       // Is the image animated?
  1069 			// Is the image animated?
  1070       if ( $is_animated && getConfig('avatar_enable_anim', 0) !== 1 )
  1070 			if ( $is_animated && getConfig('avatar_enable_anim', 0) !== 1 )
  1071       {
  1071 			{
  1072         @unlink($tempfile);
  1072 				@unlink($tempfile);
  1073         echo '<div class="error-box">' . $lang->get('usercp_avatar_disallowed_animation') . '</div>';
  1073 				echo '<div class="error-box">' . $lang->get('usercp_avatar_disallowed_animation') . '</div>';
  1074         break;
  1074 				break;
  1075       }
  1075 			}
  1076       // Check image dimensions
  1076 			// Check image dimensions
  1077       list($image_x, $image_y) = $dimensions;
  1077 			list($image_x, $image_y) = $dimensions;
  1078       $max_x = intval(getConfig('avatar_max_width'));
  1078 			$max_x = intval(getConfig('avatar_max_width'));
  1079       $max_y = intval(getConfig('avatar_max_height'));
  1079 			$max_y = intval(getConfig('avatar_max_height'));
  1080       if ( $image_x > $max_x || $image_y > $max_y )
  1080 			if ( $image_x > $max_x || $image_y > $max_y )
  1081       {
  1081 			{
  1082         // try to scale the image
  1082 				// try to scale the image
  1083         try
  1083 				try
  1084         {
  1084 				{
  1085           @rename($tempfile, "$tempfile-unscaled.$file_type");
  1085 					@rename($tempfile, "$tempfile-unscaled.$file_type");
  1086           $scale_result = scale_image("$tempfile-unscaled.$file_type", "$tempfile.$file_type", $max_x, $max_y, true);
  1086 					$scale_result = scale_image("$tempfile-unscaled.$file_type", "$tempfile.$file_type", $max_x, $max_y, true);
  1087           if ( $scale_result )
  1087 					if ( $scale_result )
  1088           {
  1088 					{
  1089             if ( !(@unlink("$tempfile-unscaled.$file_type") && @rename("$tempfile.$file_type", $tempfile)) )
  1089 						if ( !(@unlink("$tempfile-unscaled.$file_type") && @rename("$tempfile.$file_type", $tempfile)) )
  1090             {
  1090 						{
  1091               // scale failed
  1091 							// scale failed
  1092               @unlink("$tempfile-scale.$file_type");
  1092 							@unlink("$tempfile-scale.$file_type");
  1093               echo '<div class="error-box">Rename failure: ' . $lang->get('usercp_avatar_too_large') . '</div>';
  1093 							echo '<div class="error-box">Rename failure: ' . $lang->get('usercp_avatar_too_large') . '</div>';
  1094               break;
  1094 							break;
  1095             }
  1095 						}
  1096           }
  1096 					}
  1097           else
  1097 					else
  1098           {
  1098 					{
  1099             @unlink($tempfile);
  1099 						@unlink($tempfile);
  1100             @unlink("$tempfile-unscaled.$file_type");
  1100 						@unlink("$tempfile-unscaled.$file_type");
  1101             echo '<div class="error-box">Scale failure: ' . $lang->get('usercp_avatar_too_large') . '</div>';
  1101 						echo '<div class="error-box">Scale failure: ' . $lang->get('usercp_avatar_too_large') . '</div>';
  1102             break;
  1102 						break;
  1103           }
  1103 					}
  1104         }
  1104 				}
  1105         catch ( Exception $e )
  1105 				catch ( Exception $e )
  1106         {
  1106 				{
  1107           // If we get here, the scaling process most definitely failed.
  1107 					// If we get here, the scaling process most definitely failed.
  1108           echo '<div class="error-box">EXCEPTION: ' . $lang->get('usercp_avatar_too_large') . '</div>';
  1108 					echo '<div class="error-box">EXCEPTION: ' . $lang->get('usercp_avatar_too_large') . '</div>';
  1109           break;
  1109 					break;
  1110         }
  1110 				}
  1111       }
  1111 			}
  1112       // Check file size last, so that the scale operation is considered
  1112 			// Check file size last, so that the scale operation is considered
  1113       if ( filesize($tempfile) > $max_size )
  1113 			if ( filesize($tempfile) > $max_size )
  1114       {
  1114 			{
  1115         @unlink($tempfile);
  1115 				@unlink($tempfile);
  1116         echo '<div class="error-box">' . $lang->get('usercp_avatar_file_too_large') . '</div>';
  1116 				echo '<div class="error-box">' . $lang->get('usercp_avatar_file_too_large') . '</div>';
  1117         break;
  1117 				break;
  1118       }
  1118 			}
  1119       // All good!
  1119 			// All good!
  1120       @unlink($avi_path);
  1120 			@unlink($avi_path);
  1121       if ( rename($tempfile, $avi_path_new) )
  1121 			if ( rename($tempfile, $avi_path_new) )
  1122       {
  1122 			{
  1123         $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$user_id};");
  1123 				$q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$user_id};");
  1124         if ( !$q )
  1124 				if ( !$q )
  1125           $db->_die('Avatar CP updating users table after successful avatar upload');
  1125 					$db->_die('Avatar CP updating users table after successful avatar upload');
  1126         $has_avi = 1;
  1126 				$has_avi = 1;
  1127         $avi_type = $file_type;
  1127 				$avi_type = $file_type;
  1128         $quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_upload_success') . '</div>';
  1128 				$quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_upload_success') . '</div>';
  1129       }
  1129 			}
  1130       else
  1130 			else
  1131       {
  1131 			{
  1132         echo '<div class="error-box">' . $lang->get('usercp_avatar_move_failed') . '</div>';
  1132 				echo '<div class="error-box">' . $lang->get('usercp_avatar_move_failed') . '</div>';
  1133       }
  1133 			}
  1134       $had_a_boo_boo = false;
  1134 			$had_a_boo_boo = false;
  1135       break;
  1135 			break;
  1136     case 'set_gravatar':
  1136 		case 'set_gravatar':
  1137       // set avatar to use Gravatar
  1137 			// set avatar to use Gravatar
  1138       // make sure we're allowed to do this
  1138 			// make sure we're allowed to do this
  1139       if ( getConfig('avatar_upload_gravatar') != '1' )
  1139 			if ( getConfig('avatar_upload_gravatar') != '1' )
  1140       {
  1140 			{
  1141         // access denied
  1141 				// access denied
  1142         break;
  1142 				break;
  1143       }
  1143 			}
  1144       // first, remove old image
  1144 			// first, remove old image
  1145       if ( $has_avi )
  1145 			if ( $has_avi )
  1146       {
  1146 			{
  1147         // First switch the avatar off
  1147 				// First switch the avatar off
  1148         $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
  1148 				$q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
  1149         if ( !$q )
  1149 				if ( !$q )
  1150           $db->_die('Avatar CP switching user avatar off');
  1150 					$db->_die('Avatar CP switching user avatar off');
  1151         
  1151 				
  1152         @unlink($avi_path);
  1152 				@unlink($avi_path);
  1153       }
  1153 			}
  1154       // set to gravatar mode
  1154 			// set to gravatar mode
  1155       $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $user_id . ';');
  1155 			$q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $user_id . ';');
  1156       if ( !$q )
  1156 			if ( !$q )
  1157         $db->_die('Avatar CP switching user avatar off');
  1157 				$db->_die('Avatar CP switching user avatar off');
  1158         
  1158 				
  1159       $has_avi = 1;
  1159 			$has_avi = 1;
  1160       $quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_gravatar_success') . '</div>';
  1160 			$quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_gravatar_success') . '</div>';
  1161       $had_a_boo_boo = false;
  1161 			$had_a_boo_boo = false;
  1162       break;
  1162 			break;
  1163   }
  1163 	}
  1164   return array($has_avi, $avi_type, $had_a_boo_boo);
  1164 	return array($has_avi, $avi_type, $had_a_boo_boo);
  1165 }
  1165 }
  1166 
  1166 
  1167 ?>
  1167 ?>