plugins/admin/UserManager.php
changeset 1103 90225c988124
parent 1099 73abd46f5148
child 1141 5a858d6f3634
--- a/plugins/admin/UserManager.php	Tue Aug 25 01:43:11 2009 -0400
+++ b/plugins/admin/UserManager.php	Tue Aug 25 01:43:40 2009 -0400
@@ -2,8 +2,7 @@
 
 /*
  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.1.6 (Caoineag beta 1)
- * Copyright (C) 2006-2008 Dan Fuhry
+ * Copyright (C) 2006-2009 Dan Fuhry
  *
  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
@@ -60,6 +59,24 @@
       if ( !$q )
         $db->_die();
       echo '<div class="info-box">' . $lang->get('acpum_msg_delete_success') . '</div>';
+      
+      // deleting own account?
+      if ( $user_id === $session->user_id )
+      {
+        // cute little hack to boot them out of the admin panel
+        echo '<script type="text/javascript">
+          addOnloadHook(function()
+          {
+            setTimeout(function()
+            {
+              eraseCookie("sid");
+              ENANO_SID = false;
+              auth_level = USER_LEVEL_MEMBER;
+              window.location = makeUrlNS("Special", "Login");
+            }, 3000);
+          });
+        </script>';
+      }
     }
     else
     {
@@ -89,7 +106,7 @@
         $real_name = $_POST['real_name'];
       }
       
-      $signature = RenderMan::preprocess_text($_POST['signature'], true, true);
+      $signature = RenderMan::preprocess_text($_POST['signature'], true, false);
       
       $user_level = intval($_POST['user_level']);
       if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN )
@@ -129,7 +146,10 @@
         $homepage = '';
       }
       
-      if ( count($errors) < 1 )
+      // true for quiet operation
+      list(, , $avatar_post_fail) = avatar_post($user_id, true);
+      
+      if ( count($errors) < 1 && !$avatar_post_fail )
       {
         $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
         if ( !$q )
@@ -177,167 +197,6 @@
           $to_update_users['activation_key'] = sha1($session->dss_rand());
         }
         
-        // Avatar validation
-        $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
-        $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
-        switch($action)
-        {
-          case 'keep':
-          default:
-            break;
-          case 'remove':
-            if ( $has_avi )
-            {
-              // First switch the avatar off
-              $to_update_users['user_has_avatar'] = '0';
-              @unlink($avi_path);
-            }
-            break;
-          case 'set_http':
-          case 'set_file':
-            // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
-            if ( $action == 'set_http' )
-            {
-              // Check if this action is enabled
-              if ( getConfig('avatar_upload_http', 1) !== 1 )
-              {
-                // non-localized, only appears on hack attempt
-                $errors[] = 'Uploads over HTTP are disabled.';
-                break;
-              }
-              // Download the file
-              require_once( ENANO_ROOT . '/includes/http.php' );
-              
-              if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
-              {
-                $errors[] = $lang->get('usercp_avatar_invalid_url');
-                break;
-              }
-              
-              $hostname = $match[1];
-              $uri = '/' . $match[4];
-              $port = ( $match[3] ) ? intval($match[3]) : 80;
-              $max_size = intval(getConfig('avatar_max_size'));
-              
-              // Get temporary file
-              $tempfile = tempnam(false, "enanoavatar_{$user_id}");
-              if ( !$tempfile )
-                $errors[] = 'Error getting temp file.';
-              
-              @unlink($tempfile);
-              $request = new Request_HTTP($hostname, $uri, 'GET', $port);
-              $result = $request->write_response_to_file($tempfile, 50, $max_size);
-              if ( !$result || $request->response_code != HTTP_OK )
-              {
-                @unlink($tempfile);
-                $errors[] = $lang->get('usercp_avatar_bad_write');
-                break;
-              }
-              
-              // Response written. Proceed to validation...
-            }
-            else
-            {
-              // Check if this action is enabled
-              if ( getConfig('avatar_upload_file', 1) !== 1 )
-              {
-                // non-localized, only appears on hack attempt
-                $errors[] = 'Uploads from the browser are disabled.';
-                break;
-              }
-              
-              $max_size = intval(getConfig('avatar_max_size'));
-              
-              $file =& $_FILES['avatar_file'];
-              $tempfile =& $file['tmp_name'];
-              if ( filesize($tempfile) > $max_size )
-              {
-                @unlink($tempfile);
-                $errors[] = $lang->get('usercp_avatar_file_too_large');
-                break;
-              }
-            }
-            $file_type = get_image_filetype($tempfile);
-            if ( !$file_type )
-            {
-              unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_bad_filetype');
-              break;
-            }
-            
-            $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
-            
-            // The file type is good - validate dimensions and animation
-            switch($file_type)
-            {
-              case 'png':
-                $is_animated = is_png_animated($tempfile);
-                $dimensions = png_get_dimensions($tempfile);
-                break;
-              case 'gif':
-                $is_animated = is_gif_animated($tempfile);
-                $dimensions = gif_get_dimensions($tempfile);
-                break;
-              case 'jpg':
-                $is_animated = false;
-                $dimensions = jpg_get_dimensions($tempfile);
-                break;
-              default:
-                $errors[] = 'API mismatch';
-                break 2;
-            }
-            // Did we get invalid size data? If so the image is probably corrupt.
-            if ( !$dimensions )
-            {
-              @unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_corrupt_image');
-              break;
-            }
-            // Is the image animated?
-            if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
-            {
-              @unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_disallowed_animation');
-              break;
-            }
-            // Check image dimensions
-            list($image_x, $image_y) = $dimensions;
-            $max_x = intval(getConfig('avatar_max_width'));
-            $max_y = intval(getConfig('avatar_max_height'));
-            if ( $image_x > $max_x || $image_y > $max_y )
-            {
-              @unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_too_large');
-              break;
-            }
-            // All good!
-            @unlink($avi_path);
-            if ( rename($tempfile, $avi_path_new) )
-            {
-              $to_update_users['user_has_avatar'] = '1';
-              $to_update_users['avatar_type'] = $file_type;
-            }
-            else
-            {
-              // move failed - turn avatar off
-              $to_update_users['user_has_avatar'] = '0';
-            }
-            break;
-          case 'set_gravatar':
-            // set avatar to use Gravatar
-            // first, remove old image
-            if ( $has_avi )
-            {
-              @unlink($avi_path);
-            }
-            // set to gravatar mode
-            $to_update_users['user_has_avatar'] = '1';
-            $to_update_users['avatar_type'] = 'grv';
-            
-            $has_avi = 1;
-            break;
-        }
-        
         if ( count($errors) < 1 )
         {
           $to_update_users_extra = array();
@@ -423,14 +282,17 @@
       }
     }
     
-    if ( count($errors) > 0 )
+    if ( count($errors) > 0 || @$avatar_post_fail )
     {
-      echo '<div class="error-box">
-              <b>' . $lang->get('acpum_err_validation_fail') . '</b>
-              <ul>
-                <li>' . implode("</li>\n        <li>", $errors) . '</li>
-              </ul>
-            </div>';
+      if ( count($errors) > 0 )
+      {
+        echo '<div class="error-box">
+                <b>' . $lang->get('acpum_err_validation_fail') . '</b>
+                <ul>
+                  <li>' . implode("</li>\n        <li>", $errors) . '</li>
+                </ul>
+              </div>';
+      }
       $form = new Admin_UserManager_SmartForm();
       $form->user_id = $user_id;
       $form->username = $username;
@@ -466,7 +328,7 @@
     # END VALIDATION
     #
   }
-  else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) )
+  else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) || ($pathsuser = $paths->getParam(0)) )
   {
     if ( isset($_GET['user']) )
     {
@@ -480,6 +342,10 @@
     {
       $username =& $_POST['username'];
     }
+    else if ( $pathsuser )
+    {
+      $username = str_replace('_', ' ', dirtify_page_id($pathsuser));
+    }
     else
     {
       echo 'No username provided';
@@ -680,7 +546,7 @@
         else $cls = 'row2';
         $coppa = ( $row['user_coppa'] == '1' ) ? '<b>' . $lang->get('acpum_coppauser_yes') . '</b>' : $lang->get('acpum_coppauser_no');
         echo '<tr>
-                <td class="'.$cls.'">'.enano_date('F d, Y h:i a', $row['time_id']).'</td>
+                <td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $row['time_id']).'</td>
                 <td class="'.$cls.'">'.$row['author'].'</td>
                 <td class="'.$cls.'">'.$row['edit_summary'].'</td>
                 <td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td>
@@ -1091,32 +957,21 @@
                   <td class="row2">
                     {lang:acpum_avatar_lbl_change}
                   </td>
-                  <td class="row1">
+                  <td class="row1" id="avatar_upload_btns_{UUID}">
                     <script type="text/javascript">
                       function admincp_users_avatar_set_{UUID}(elParent)
                       {
+                        $('td#avatar_upload_btns_{UUID} > div:visible').hide('blind');
                         switch(elParent.value)
                         {
-                          case 'keep':
-                          case 'remove':
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
-                            break;
                           case 'set_http':
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'block';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
+                            $('#avatar_upload_http_{UUID}').show('blind');
                             break;
                           case 'set_file':
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'block';
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
+                            $('#avatar_upload_file_{UUID}').show('blind');
                             break;
                           case 'set_gravatar':
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'block';
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
+                            $('#avatar_upload_gravatar_{UUID}').show('blind');
                             break;
                         }
                       }