]> git.vanrenterghem.biz Git - www.vanrenterghem.biz.git/blob - phpBB2/includes/usercp_register.php
8804723542f6e14a01e388400338220e9a9215b2
[www.vanrenterghem.biz.git] / phpBB2 / includes / usercp_register.php
1 <?php
2 /***************************************************************************
3  *                            usercp_register.php
4  *                            -------------------
5  *   begin                : Saturday, Feb 13, 2001
6  *   copyright            : (C) 2001 The phpBB Group
7  *   email                : support@phpbb.com
8  *
9  *   $Id: usercp_register.php,v 1.20.2.78 2006/12/17 10:51:27 acydburn Exp $
10  *
11  *
12  ***************************************************************************/
14 /***************************************************************************
15  *
16  *   This program is free software; you can redistribute it and/or modify
17  *   it under the terms of the GNU General Public License as published by
18  *   the Free Software Foundation; either version 2 of the License, or
19  *   (at your option) any later version.
20  *
21  *
22  ***************************************************************************/
24 /*
26         This code has been modified from its original form by psoTFX @ phpbb.com
27         Changes introduce the back-ported phpBB 2.2 visual confirmation code. 
29         NOTE: Anyone using the modified code contained within this script MUST include
30         a relevant message such as this in usercp_register.php ... failure to do so 
31         will affect a breach of Section 2a of the GPL and our copyright
33         png visual confirmation system : (c) phpBB Group, 2003 : All Rights Reserved
35 */
37 if ( !defined('IN_PHPBB') )
38 {
39         die("Hacking attempt");
40         exit;
41 }
43 $unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
44 $unhtml_specialchars_replace = array('>', '<', '"', '&');
46 // ---------------------------------------
47 // Load agreement template since user has not yet
48 // agreed to registration conditions/coppa
49 //
50 function show_coppa()
51 {
52         global $userdata, $template, $lang, $phpbb_root_path, $phpEx;
54         $template->set_filenames(array(
55                 'body' => 'agreement.tpl')
56         );
58         $template->assign_vars(array(
59                 'REGISTRATION' => $lang['Registration'],
60                 'AGREEMENT' => $lang['Reg_agreement'],
61                 "AGREE_OVER_13" => $lang['Agree_over_13'],
62                 "AGREE_UNDER_13" => $lang['Agree_under_13'],
63                 'DO_NOT_AGREE' => $lang['Agree_not'],
65                 "U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true"),
66                 "U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&amp;agreed=true&amp;coppa=true"))
67         );
69         $template->pparse('body');
71 }
72 //
73 // ---------------------------------------
75 $error = FALSE;
76 $error_msg = '';
77 $page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register'];
79 if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
80 {
81         include($phpbb_root_path . 'includes/page_header.'.$phpEx);
83         show_coppa();
85         include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
86 }
88 $coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ? 0 : TRUE;
90 //
91 // Check and initialize some variables if needed
92 //
93 if (
94         isset($HTTP_POST_VARS['submit']) ||
95         isset($HTTP_POST_VARS['avatargallery']) ||
96         isset($HTTP_POST_VARS['submitavatar']) ||
97         isset($HTTP_POST_VARS['cancelavatar']) ||
98         $mode == 'register' )
99 {
100         include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
101         include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
102         include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
104         if ( $mode == 'editprofile' )
105         {
106                 $user_id = intval($HTTP_POST_VARS['user_id']);
107                 $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
108         }
110         $strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code');
112         // Strip all tags from data ... may p**s some people off, bah, strip_tags is
113         // doing the job but can still break HTML output ... have no choice, have
114         // to use htmlspecialchars ... be prepared to be moaned at.
115         while( list($var, $param) = @each($strip_var_list) )
116         {
117                 if ( !empty($HTTP_POST_VARS[$param]) )
118                 {
119                         $$var = trim(htmlspecialchars($HTTP_POST_VARS[$param]));
120                 }
121         }
123         $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
125         $trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
127         while( list($var, $param) = @each($trim_var_list) )
128         {
129                 if ( !empty($HTTP_POST_VARS[$param]) )
130                 {
131                         $$var = trim($HTTP_POST_VARS[$param]);
132                 }
133         }
135         $signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
136         $signature_bbcode_uid = '';
138         // Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
139         // empty strings if they fail.
140         validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
142         $viewemail = ( isset($HTTP_POST_VARS['viewemail']) ) ? ( ($HTTP_POST_VARS['viewemail']) ? TRUE : 0 ) : 0;
143         $allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE;
144         $notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0;
145         $notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE;
146         $popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE;
147         $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0;
149         if ( $mode == 'register' )
150         {
151                 $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $board_config['allow_sig'];
153                 $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
154                 $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $board_config['allow_bbcode'];
155                 $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $board_config['allow_smilies'];
156         }
157         else
158         {
159                 $attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $userdata['user_attachsig'];
161                 $allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml'];
162                 $allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode'];
163                 $allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmile'];
164         }
166         $user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style'];
168         if ( !empty($HTTP_POST_VARS['language']) )
169         {
170                 if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
171                 {
172                         $user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
173                 }
174                 else
175                 {
176                         $error = true;
177                         $error_msg = $lang['Fields_empty'];
178                 }
179         }
180         else
181         {
182                 $user_lang = $board_config['default_lang'];
183         }
185         $user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
187         $sql = "SELECT config_value
188                 FROM " . CONFIG_TABLE . "
189                 WHERE config_name = 'default_dateformat'";
190         if ( !($result = $db->sql_query($sql)) )
191         {
192                 message_die(GENERAL_ERROR, 'Could not select default dateformat', '', __LINE__, __FILE__, $sql);
193         }
194         $row = $db->sql_fetchrow($result);
195         $board_config['default_dateformat'] = $row['config_value'];
196         $user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
198         $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal'])  ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
199         $user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ;
201         $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
202         $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
203         $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
204         $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
205         $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
207         $user_avatar = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : '';
208         $user_avatar_type = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : '';
210         if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) )
211         {
212                 $username = stripslashes($username);
213                 $email = stripslashes($email);
214                 $cur_password = htmlspecialchars(stripslashes($cur_password));
215                 $new_password = htmlspecialchars(stripslashes($new_password));
216                 $password_confirm = htmlspecialchars(stripslashes($password_confirm));
218                 $icq = stripslashes($icq);
219                 $aim = stripslashes($aim);
220                 $msn = stripslashes($msn);
221                 $yim = stripslashes($yim);
223                 $website = stripslashes($website);
224                 $location = stripslashes($location);
225                 $occupation = stripslashes($occupation);
226                 $interests = stripslashes($interests);
227                 $signature = htmlspecialchars(stripslashes($signature));
229                 $user_lang = stripslashes($user_lang);
230                 $user_dateformat = stripslashes($user_dateformat);
232                 if ( !isset($HTTP_POST_VARS['cancelavatar']))
233                 {
234                         $user_avatar = $user_avatar_category . '/' . $user_avatar_local;
235                         $user_avatar_type = USER_AVATAR_GALLERY;
236                 }
237         }
240 //
241 // Let's make sure the user isn't logged in while registering,
242 // and ensure that they were trying to register a second time
243 // (Prevents double registrations)
244 //
245 if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username']))
247         message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
250 //
251 // Did the user submit? In this case build a query to update the users profile in the DB
252 //
253 if ( isset($HTTP_POST_VARS['submit']) )
255         include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
257         // session id check
258         if ($sid == '' || $sid != $userdata['session_id'])
259         {
260                 $error = true;
261                 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Session_invalid'];
262         }
264         $passwd_sql = '';
265         if ( $mode == 'editprofile' )
266         {
267                 if ( $user_id != $userdata['user_id'] )
268                 {
269                         $error = TRUE;
270                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
271                 }
272         }
273         else if ( $mode == 'register' )
274         {
275                 if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
276                 {
277                         $error = TRUE;
278                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
279                 }
280         }
282         if ($board_config['enable_confirm'] && $mode == 'register')
283         {
284                 if (empty($HTTP_POST_VARS['confirm_id']))
285                 {
286                         $error = TRUE;
287                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
288                 }
289                 else
290                 {
291                         $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
292                         if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
293                         {
294                                 $confirm_id = '';
295                         }
296                         
297                         $sql = 'SELECT code 
298                                 FROM ' . CONFIRM_TABLE . " 
299                                 WHERE confirm_id = '$confirm_id' 
300                                         AND session_id = '" . $userdata['session_id'] . "'";
301                         if (!($result = $db->sql_query($sql)))
302                         {
303                                 message_die(GENERAL_ERROR, 'Could not obtain confirmation code', '', __LINE__, __FILE__, $sql);
304                         }
306                         if ($row = $db->sql_fetchrow($result))
307                         {
308                                 if ($row['code'] != $confirm_code)
309                                 {
310                                         $error = TRUE;
311                                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
312                                 }
313                                 else
314                                 {
315                                         $sql = 'DELETE FROM ' . CONFIRM_TABLE . " 
316                                                 WHERE confirm_id = '$confirm_id' 
317                                                         AND session_id = '" . $userdata['session_id'] . "'";
318                                         if (!$db->sql_query($sql))
319                                         {
320                                                 message_die(GENERAL_ERROR, 'Could not delete confirmation code', '', __LINE__, __FILE__, $sql);
321                                         }
322                                 }
323                         }
324                         else
325                         {               
326                                 $error = TRUE;
327                                 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
328                         }
329                         $db->sql_freeresult($result);
330                 }
331         }
333         $passwd_sql = '';
334         if ( !empty($new_password) && !empty($password_confirm) )
335         {
336                 if ( $new_password != $password_confirm )
337                 {
338                         $error = TRUE;
339                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
340                 }
341                 else if ( strlen($new_password) > 32 )
342                 {
343                         $error = TRUE;
344                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long'];
345                 }
346                 else
347                 {
348                         if ( $mode == 'editprofile' )
349                         {
350                                 $sql = "SELECT user_password
351                                         FROM " . USERS_TABLE . "
352                                         WHERE user_id = $user_id";
353                                 if ( !($result = $db->sql_query($sql)) )
354                                 {
355                                         message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
356                                 }
358                                 $row = $db->sql_fetchrow($result);
360                                 if ( $row['user_password'] != md5($cur_password) )
361                                 {
362                                         $error = TRUE;
363                                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
364                                 }
365                         }
367                         if ( !$error )
368                         {
369                                 $new_password = md5($new_password);
370                                 $passwd_sql = "user_password = '$new_password', ";
371                         }
372                 }
373         }
374         else if ( ( empty($new_password) && !empty($password_confirm) ) || ( !empty($new_password) && empty($password_confirm) ) )
375         {
376                 $error = TRUE;
377                 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
378         }
380         //
381         // Do a ban check on this email address
382         //
383         if ( $email != $userdata['user_email'] || $mode == 'register' )
384         {
385                 $result = validate_email($email);
386                 if ( $result['error'] )
387                 {
388                         $email = $userdata['user_email'];
390                         $error = TRUE;
391                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
392                 }
394                 if ( $mode == 'editprofile' )
395                 {
396                         $sql = "SELECT user_password
397                                 FROM " . USERS_TABLE . "
398                                 WHERE user_id = $user_id";
399                         if ( !($result = $db->sql_query($sql)) )
400                         {
401                                 message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
402                         }
404                         $row = $db->sql_fetchrow($result);
406                         if ( $row['user_password'] != md5($cur_password) )
407                         {
408                                 $email = $userdata['user_email'];
410                                 $error = TRUE;
411                                 $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
412                         }
413                 }
414         }
416         $username_sql = '';
417         if ( $board_config['allow_namechange'] || $mode == 'register' )
418         {
419                 if ( empty($username) )
420                 {
421                         // Error is already triggered, since one field is empty.
422                         $error = TRUE;
423                 }
424                 else if ( $username != $userdata['username'] || $mode == 'register')
425                 {
426                         if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register')
427                         {
428                                 $result = validate_username($username);
429                                 if ( $result['error'] )
430                                 {
431                                         $error = TRUE;
432                                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
433                                 }
434                         }
436                         if (!$error)
437                         {
438                                 $username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
439                         }
440                 }
441         }
443         if ( $signature != '' )
444         {
445                 if ( strlen($signature) > $board_config['max_sig_chars'] )
446                 {
447                         $error = TRUE;
448                         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Signature_too_long'];
449                 }
451                 if ( !isset($signature_bbcode_uid) || $signature_bbcode_uid == '' )
452                 {
453                         $signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : '';
454                 }
455                 $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
456         }
458         if ( $website != '' )
459         {
460                 rawurlencode($website);
461         }
463         $avatar_sql = '';
465         if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
466         {
467                 $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
468         }
469         else
470         if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
471         {
472                 if ( !empty($user_avatar_upload) )
473                 {
474                         $avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local';
475                         $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
476                 }
477                 else if ( !empty($user_avatar_name) )
478                 {
479                         $l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
481                         $error = true;
482                         $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $l_avatar_size;
483                 }
484         }
485         else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
486         {
487                 user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
488                 $avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
489         }
490         else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
491         {
492                 user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
493                 $avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local, $user_avatar_category);
494         }
496         if ( !$error )
497         {
498                 if ( $avatar_sql == '' )
499                 {
500                         $avatar_sql = ( $mode == 'editprofile' ) ? '' : "'', " . USER_AVATAR_NONE;
501                 }
503                 if ( $mode == 'editprofile' )
504                 {
505                         if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
506                         {
507                                 $user_active = 0;
509                                 $user_actkey = gen_rand_string(true);
510                                 $key_len = 54 - ( strlen($server_url) );
511                                 $key_len = ( $key_len > 6 ) ? $key_len : 6;
512                                 $user_actkey = substr($user_actkey, 0, $key_len);
514                                 if ( $userdata['session_logged_in'] )
515                                 {
516                                         session_end($userdata['session_id'], $userdata['user_id']);
517                                 }
518                         }
519                         else
520                         {
521                                 $user_active = 1;
522                                 $user_actkey = '';
523                         }
525                         $sql = "UPDATE " . USERS_TABLE . "
526                                 SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_interests = '" . str_replace("\'", "''", $interests) . "', user_sig = '" . str_replace("\'", "''", $signature) . "', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popup_pm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '" . str_replace("\'", "''", $user_actkey) . "'" . $avatar_sql . "
527                                 WHERE user_id = $user_id";
528                         if ( !($result = $db->sql_query($sql)) )
529                         {
530                                 message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
531                         }
533                         // We remove all stored login keys since the password has been updated
534                         // and change the current one (if applicable)
535                         if ( !empty($passwd_sql) )
536                         {
537                                 session_reset_keys($user_id, $user_ip);
538                         }
540                         if ( !$user_active )
541                         {
542                                 //
543                                 // The users account has been deactivated, send them an email with a new activation key
544                                 //
545                                 include($phpbb_root_path . 'includes/emailer.'.$phpEx);
546                                 $emailer = new emailer($board_config['smtp_delivery']);
548                                 if ( $board_config['require_activation'] != USER_ACTIVATION_ADMIN )
549                                 {
550                                         $emailer->from($board_config['board_email']);
551                                         $emailer->replyto($board_config['board_email']);
552  
553                                         $emailer->use_template('user_activate', stripslashes($user_lang));
554                                         $emailer->email_address($email);
555                                         $emailer->set_subject($lang['Reactivate']);
556   
557                                         $emailer->assign_vars(array(
558                                                 'SITENAME' => $board_config['sitename'],
559                                                 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
560                                                 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
561   
562                                                 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
563                                         );
564                                         $emailer->send();
565                                         $emailer->reset();
566                                 }
567                                 else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
568                                 {
569                                         $sql = 'SELECT user_email, user_lang 
570                                                 FROM ' . USERS_TABLE . '
571                                                 WHERE user_level = ' . ADMIN;
572                                         
573                                         if ( !($result = $db->sql_query($sql)) )
574                                         {
575                                                 message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
576                                         }
577                                         
578                                         while ($row = $db->sql_fetchrow($result))
579                                         {
580                                                 $emailer->from($board_config['board_email']);
581                                                 $emailer->replyto($board_config['board_email']);
582                                                 
583                                                 $emailer->email_address(trim($row['user_email']));
584                                                 $emailer->use_template("admin_activate", $row['user_lang']);
585                                                 $emailer->set_subject($lang['Reactivate']);
586  
587                                                 $emailer->assign_vars(array(
588                                                         'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
589                                                         'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
590  
591                                                         'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
592                                                 );
593                                                 $emailer->send();
594                                                 $emailer->reset();
595                                         }
596                                         $db->sql_freeresult($result);
597                                 }
599                                 $message = $lang['Profile_updated_inactive'] . '<br /><br />' . sprintf($lang['Click_return_index'],  '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
600                         }
601                         else
602                         {
603                                 $message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'],  '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
604                         }
606                         $template->assign_vars(array(
607                                 "META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">')
608                         );
610                         message_die(GENERAL_MESSAGE, $message);
611                 }
612                 else
613                 {
614                         $sql = "SELECT MAX(user_id) AS total
615                                 FROM " . USERS_TABLE;
616                         if ( !($result = $db->sql_query($sql)) )
617                         {
618                                 message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
619                         }
621                         if ( !($row = $db->sql_fetchrow($result)) )
622                         {
623                                 message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
624                         }
625                         $user_id = $row['total'] + 1;
627                         //
628                         // Get current date
629                         //
630                         $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
631                                 VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";
632                         if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa )
633                         {
634                                 $user_actkey = gen_rand_string(true);
635                                 $key_len = 54 - (strlen($server_url));
636                                 $key_len = ( $key_len > 6 ) ? $key_len : 6;
637                                 $user_actkey = substr($user_actkey, 0, $key_len);
638                                 $sql .= "0, '" . str_replace("\'", "''", $user_actkey) . "')";
639                         }
640                         else
641                         {
642                                 $sql .= "1, '')";
643                         }
645                         if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
646                         {
647                                 message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
648                         }
650                         $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
651                                 VALUES ('', 'Personal User', 1, 0)";
652                         if ( !($result = $db->sql_query($sql)) )
653                         {
654                                 message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
655                         }
657                         $group_id = $db->sql_nextid();
659                         $sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
660                                 VALUES ($user_id, $group_id, 0)";
661                         if( !($result = $db->sql_query($sql, END_TRANSACTION)) )
662                         {
663                                 message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql);
664                         }
666                         if ( $coppa )
667                         {
668                                 $message = $lang['COPPA'];
669                                 $email_template = 'coppa_welcome_inactive';
670                         }
671                         else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
672                         {
673                                 $message = $lang['Account_inactive'];
674                                 $email_template = 'user_welcome_inactive';
675                         }
676                         else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
677                         {
678                                 $message = $lang['Account_inactive_admin'];
679                                 $email_template = 'admin_welcome_inactive';
680                         }
681                         else
682                         {
683                                 $message = $lang['Account_added'];
684                                 $email_template = 'user_welcome';
685                         }
687                         include($phpbb_root_path . 'includes/emailer.'.$phpEx);
688                         $emailer = new emailer($board_config['smtp_delivery']);
690                         $emailer->from($board_config['board_email']);
691                         $emailer->replyto($board_config['board_email']);
693                         $emailer->use_template($email_template, stripslashes($user_lang));
694                         $emailer->email_address($email);
695                         $emailer->set_subject(sprintf($lang['Welcome_subject'], $board_config['sitename']));
697                         if( $coppa )
698                         {
699                                 $emailer->assign_vars(array(
700                                         'SITENAME' => $board_config['sitename'],
701                                         'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
702                                         'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
703                                         'PASSWORD' => $password_confirm,
704                                         'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
706                                         'FAX_INFO' => $board_config['coppa_fax'],
707                                         'MAIL_INFO' => $board_config['coppa_mail'],
708                                         'EMAIL_ADDRESS' => $email,
709                                         'ICQ' => $icq,
710                                         'AIM' => $aim,
711                                         'YIM' => $yim,
712                                         'MSN' => $msn,
713                                         'WEB_SITE' => $website,
714                                         'FROM' => $location,
715                                         'OCC' => $occupation,
716                                         'INTERESTS' => $interests,
717                                         'SITENAME' => $board_config['sitename']));
718                         }
719                         else
720                         {
721                                 $emailer->assign_vars(array(
722                                         'SITENAME' => $board_config['sitename'],
723                                         'WELCOME_MSG' => sprintf($lang['Welcome_subject'], $board_config['sitename']),
724                                         'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
725                                         'PASSWORD' => $password_confirm,
726                                         'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
728                                         'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
729                                 );
730                         }
732                         $emailer->send();
733                         $emailer->reset();
735                         if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
736                         {
737                                 $sql = "SELECT user_email, user_lang 
738                                         FROM " . USERS_TABLE . "
739                                         WHERE user_level = " . ADMIN;
740                                 
741                                 if ( !($result = $db->sql_query($sql)) )
742                                 {
743                                         message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
744                                 }
745                                 
746                                 while ($row = $db->sql_fetchrow($result))
747                                 {
748                                         $emailer->from($board_config['board_email']);
749                                         $emailer->replyto($board_config['board_email']);
750                                         
751                                         $emailer->email_address(trim($row['user_email']));
752                                         $emailer->use_template("admin_activate", $row['user_lang']);
753                                         $emailer->set_subject($lang['New_account_subject']);
755                                         $emailer->assign_vars(array(
756                                                 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
757                                                 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
759                                                 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
760                                         );
761                                         $emailer->send();
762                                         $emailer->reset();
763                                 }
764                                 $db->sql_freeresult($result);
765                         }
767                         $message = $message . '<br /><br />' . sprintf($lang['Click_return_index'],  '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
769                         message_die(GENERAL_MESSAGE, $message);
770                 } // if mode == register
771         }
772 } // End of submit
775 if ( $error )
777         //
778         // If an error occured we need to stripslashes on returned data
779         //
780         $username = stripslashes($username);
781         $email = stripslashes($email);
782         $cur_password = '';
783         $new_password = '';
784         $password_confirm = '';
786         $icq = stripslashes($icq);
787         $aim = str_replace('+', ' ', stripslashes($aim));
788         $msn = stripslashes($msn);
789         $yim = stripslashes($yim);
791         $website = stripslashes($website);
792         $location = stripslashes($location);
793         $occupation = stripslashes($occupation);
794         $interests = stripslashes($interests);
795         $signature = stripslashes($signature);
796         $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $signature) : $signature;
798         $user_lang = stripslashes($user_lang);
799         $user_dateformat = stripslashes($user_dateformat);
802 else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
804         $user_id = $userdata['user_id'];
805         $username = $userdata['username'];
806         $email = $userdata['user_email'];
807         $cur_password = '';
808         $new_password = '';
809         $password_confirm = '';
811         $icq = $userdata['user_icq'];
812         $aim = str_replace('+', ' ', $userdata['user_aim']);
813         $msn = $userdata['user_msnm'];
814         $yim = $userdata['user_yim'];
816         $website = $userdata['user_website'];
817         $location = $userdata['user_from'];
818         $occupation = $userdata['user_occ'];
819         $interests = $userdata['user_interests'];
820         $signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
821         $signature = ($signature_bbcode_uid != '') ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid(=|\])/si", '\\3', $userdata['user_sig']) : $userdata['user_sig'];
823         $viewemail = $userdata['user_viewemail'];
824         $notifypm = $userdata['user_notify_pm'];
825         $popup_pm = $userdata['user_popup_pm'];
826         $notifyreply = $userdata['user_notify'];
827         $attachsig = $userdata['user_attachsig'];
828         $allowhtml = $userdata['user_allowhtml'];
829         $allowbbcode = $userdata['user_allowbbcode'];
830         $allowsmilies = $userdata['user_allowsmile'];
831         $allowviewonline = $userdata['user_allow_viewonline'];
833         $user_avatar = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar'] : '';
834         $user_avatar_type = ( $userdata['user_allowavatar'] ) ? $userdata['user_avatar_type'] : USER_AVATAR_NONE;
836         $user_style = $userdata['user_style'];
837         $user_lang = $userdata['user_lang'];
838         $user_timezone = $userdata['user_timezone'];
839         $user_dateformat = $userdata['user_dateformat'];
842 //
843 // Default pages
844 //
845 include($phpbb_root_path . 'includes/page_header.'.$phpEx);
847 make_jumpbox('viewforum.'.$phpEx);
849 if ( $mode == 'editprofile' )
851         if ( $user_id != $userdata['user_id'] )
852         {
853                 $error = TRUE;
854                 $error_msg = $lang['Wrong_Profile'];
855         }
858 if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
860         include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
862         $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : '';
864         $template->set_filenames(array(
865                 'body' => 'profile_avatar_gallery.tpl')
866         );
868         $allowviewonline = !$allowviewonline;
870         display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, $new_password, $cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']);
872 else
874         include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
876         if ( !isset($coppa) )
877         {
878                 $coppa = FALSE;
879         }
881         if ( !isset($user_style) )
882         {
883                 $user_style = $board_config['default_style'];
884         }
886         $avatar_img = '';
887         if ( $user_avatar_type )
888         {
889                 switch( $user_avatar_type )
890                 {
891                         case USER_AVATAR_UPLOAD:
892                                 $avatar_img = ( $board_config['allow_avatar_upload'] ) ? '<img src="' . $board_config['avatar_path'] . '/' . $user_avatar . '" alt="" />' : '';
893                                 break;
894                         case USER_AVATAR_REMOTE:
895                                 $avatar_img = ( $board_config['allow_avatar_remote'] ) ? '<img src="' . $user_avatar . '" alt="" />' : '';
896                                 break;
897                         case USER_AVATAR_GALLERY:
898                                 $avatar_img = ( $board_config['allow_avatar_local'] ) ? '<img src="' . $board_config['avatar_gallery_path'] . '/' . $user_avatar . '" alt="" />' : '';
899                                 break;
900                 }
901         }
903         $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
904         $s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
905         if( $mode == 'editprofile' )
906         {
907                 $s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';
908                 //
909                 // Send the users current email address. If they change it, and account activation is turned on
910                 // the user account will be disabled and the user will have to reactivate their account.
911                 //
912                 $s_hidden_fields .= '<input type="hidden" name="current_email" value="' . $userdata['user_email'] . '" />';
913         }
915         if ( !empty($user_avatar_local) )
916         {
917                 $s_hidden_fields .= '<input type="hidden" name="avatarlocal" value="' . $user_avatar_local . '" /><input type="hidden" name="avatarcatname" value="' . $user_avatar_category . '" />';
918         }
920         $html_status =  ( $userdata['user_allowhtml'] && $board_config['allow_html'] ) ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
921         $bbcode_status = ( $userdata['user_allowbbcode'] && $board_config['allow_bbcode']  ) ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
922         $smilies_status = ( $userdata['user_allowsmile'] && $board_config['allow_smilies']  ) ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
924         if ( $error )
925         {
926                 $template->set_filenames(array(
927                         'reg_header' => 'error_body.tpl')
928                 );
929                 $template->assign_vars(array(
930                         'ERROR_MESSAGE' => $error_msg)
931                 );
932                 $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
933         }
935         $template->set_filenames(array(
936                 'body' => 'profile_add_body.tpl')
937         );
939         if ( $mode == 'editprofile' )
940         {
941                 $template->assign_block_vars('switch_edit_profile', array());
942         }
944         if ( ($mode == 'register') || ($board_config['allow_namechange']) )
945         {
946                 $template->assign_block_vars('switch_namechange_allowed', array());
947         }
948         else
949         {
950                 $template->assign_block_vars('switch_namechange_disallowed', array());
951         }
954         // Visual Confirmation
955         $confirm_image = '';
956         if (!empty($board_config['enable_confirm']) && $mode == 'register')
957         {
958                 $sql = 'SELECT session_id 
959                         FROM ' . SESSIONS_TABLE; 
960                 if (!($result = $db->sql_query($sql)))
961                 {
962                         message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
963                 }
965                 if ($row = $db->sql_fetchrow($result))
966                 {
967                         $confirm_sql = '';
968                         do
969                         {
970                                 $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
971                         }
972                         while ($row = $db->sql_fetchrow($result));
973                 
974                         $sql = 'DELETE FROM ' .  CONFIRM_TABLE . " 
975                                 WHERE session_id NOT IN ($confirm_sql)";
976                         if (!$db->sql_query($sql))
977                         {
978                                 message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
979                         }
980                 }
981                 $db->sql_freeresult($result);
983                 $sql = 'SELECT COUNT(session_id) AS attempts 
984                         FROM ' . CONFIRM_TABLE . " 
985                         WHERE session_id = '" . $userdata['session_id'] . "'";
986                 if (!($result = $db->sql_query($sql)))
987                 {
988                         message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
989                 }
991                 if ($row = $db->sql_fetchrow($result))
992                 {
993                         if ($row['attempts'] > 3)
994                         {
995                                 message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
996                         }
997                 }
998                 $db->sql_freeresult($result);
999                 
1000                 // Generate the required confirmation code
1001                 // NB 0 (zero) could get confused with O (the letter) so we make change it
1002                 $code = dss_rand();
1003                 $code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);
1005                 $confirm_id = md5(uniqid($user_ip));
1007                 $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) 
1008                         VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
1009                 if (!$db->sql_query($sql))
1010                 {
1011                         message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
1012                 }
1014                 unset($code);
1015                 
1016                 $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />';
1017                 $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
1019                 $template->assign_block_vars('switch_confirm', array());
1020         }
1023         //
1024         // Let's do an overall check for settings/versions which would prevent
1025         // us from doing file uploads....
1026         //
1027         $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
1028         $form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';
1030         $template->assign_vars(array(
1031                 'USERNAME' => isset($username) ? $username : '',
1032                 'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
1033                 'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
1034                 'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
1035                 'EMAIL' => isset($email) ? $email : '',
1036                 'CONFIRM_IMG' => $confirm_image, 
1037                 'YIM' => $yim,
1038                 'ICQ' => $icq,
1039                 'MSN' => $msn,
1040                 'AIM' => $aim,
1041                 'OCCUPATION' => $occupation,
1042                 'INTERESTS' => $interests,
1043                 'LOCATION' => $location,
1044                 'WEBSITE' => $website,
1045                 'SIGNATURE' => str_replace('<br />', "\n", $signature),
1046                 'VIEW_EMAIL_YES' => ( $viewemail ) ? 'checked="checked"' : '',
1047                 'VIEW_EMAIL_NO' => ( !$viewemail ) ? 'checked="checked"' : '',
1048                 'HIDE_USER_YES' => ( !$allowviewonline ) ? 'checked="checked"' : '',
1049                 'HIDE_USER_NO' => ( $allowviewonline ) ? 'checked="checked"' : '',
1050                 'NOTIFY_PM_YES' => ( $notifypm ) ? 'checked="checked"' : '',
1051                 'NOTIFY_PM_NO' => ( !$notifypm ) ? 'checked="checked"' : '',
1052                 'POPUP_PM_YES' => ( $popup_pm ) ? 'checked="checked"' : '',
1053                 'POPUP_PM_NO' => ( !$popup_pm ) ? 'checked="checked"' : '',
1054                 'ALWAYS_ADD_SIGNATURE_YES' => ( $attachsig ) ? 'checked="checked"' : '',
1055                 'ALWAYS_ADD_SIGNATURE_NO' => ( !$attachsig ) ? 'checked="checked"' : '',
1056                 'NOTIFY_REPLY_YES' => ( $notifyreply ) ? 'checked="checked"' : '',
1057                 'NOTIFY_REPLY_NO' => ( !$notifyreply ) ? 'checked="checked"' : '',
1058                 'ALWAYS_ALLOW_BBCODE_YES' => ( $allowbbcode ) ? 'checked="checked"' : '',
1059                 'ALWAYS_ALLOW_BBCODE_NO' => ( !$allowbbcode ) ? 'checked="checked"' : '',
1060                 'ALWAYS_ALLOW_HTML_YES' => ( $allowhtml ) ? 'checked="checked"' : '',
1061                 'ALWAYS_ALLOW_HTML_NO' => ( !$allowhtml ) ? 'checked="checked"' : '',
1062                 'ALWAYS_ALLOW_SMILIES_YES' => ( $allowsmilies ) ? 'checked="checked"' : '',
1063                 'ALWAYS_ALLOW_SMILIES_NO' => ( !$allowsmilies ) ? 'checked="checked"' : '',
1064                 'ALLOW_AVATAR' => $board_config['allow_avatar_upload'],
1065                 'AVATAR' => $avatar_img,
1066                 'AVATAR_SIZE' => $board_config['avatar_filesize'],
1067                 'LANGUAGE_SELECT' => language_select($user_lang, 'language'),
1068                 'STYLE_SELECT' => style_select($user_style, 'style'),
1069                 'TIMEZONE_SELECT' => tz_select($user_timezone, 'timezone'),
1070                 'DATE_FORMAT' => $user_dateformat,
1071                 'HTML_STATUS' => $html_status,
1072                 'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'),
1073                 'SMILIES_STATUS' => $smilies_status,
1075                 'L_CURRENT_PASSWORD' => $lang['Current_password'],
1076                 'L_NEW_PASSWORD' => ( $mode == 'register' ) ? $lang['Password'] : $lang['New_password'],
1077                 'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
1078                 'L_CONFIRM_PASSWORD_EXPLAIN' => ( $mode == 'editprofile' ) ? $lang['Confirm_password_explain'] : '',
1079                 'L_PASSWORD_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_if_changed'] : '',
1080                 'L_PASSWORD_CONFIRM_IF_CHANGED' => ( $mode == 'editprofile' ) ? $lang['password_confirm_if_changed'] : '',
1081                 'L_SUBMIT' => $lang['Submit'],
1082                 'L_RESET' => $lang['Reset'],
1083                 'L_ICQ_NUMBER' => $lang['ICQ'],
1084                 'L_MESSENGER' => $lang['MSNM'],
1085                 'L_YAHOO' => $lang['YIM'],
1086                 'L_WEBSITE' => $lang['Website'],
1087                 'L_AIM' => $lang['AIM'],
1088                 'L_LOCATION' => $lang['Location'],
1089                 'L_OCCUPATION' => $lang['Occupation'],
1090                 'L_BOARD_LANGUAGE' => $lang['Board_lang'],
1091                 'L_BOARD_STYLE' => $lang['Board_style'],
1092                 'L_TIMEZONE' => $lang['Timezone'],
1093                 'L_DATE_FORMAT' => $lang['Date_format'],
1094                 'L_DATE_FORMAT_EXPLAIN' => $lang['Date_format_explain'],
1095                 'L_YES' => $lang['Yes'],
1096                 'L_NO' => $lang['No'],
1097                 'L_INTERESTS' => $lang['Interests'],
1098                 'L_ALWAYS_ALLOW_SMILIES' => $lang['Always_smile'],
1099                 'L_ALWAYS_ALLOW_BBCODE' => $lang['Always_bbcode'],
1100                 'L_ALWAYS_ALLOW_HTML' => $lang['Always_html'],
1101                 'L_HIDE_USER' => $lang['Hide_user'],
1102                 'L_ALWAYS_ADD_SIGNATURE' => $lang['Always_add_sig'],
1104                 'L_AVATAR_PANEL' => $lang['Avatar_panel'],
1105                 'L_AVATAR_EXPLAIN' => sprintf($lang['Avatar_explain'], $board_config['avatar_max_width'], $board_config['avatar_max_height'], (round($board_config['avatar_filesize'] / 1024))),
1106                 'L_UPLOAD_AVATAR_FILE' => $lang['Upload_Avatar_file'],
1107                 'L_UPLOAD_AVATAR_URL' => $lang['Upload_Avatar_URL'],
1108                 'L_UPLOAD_AVATAR_URL_EXPLAIN' => $lang['Upload_Avatar_URL_explain'],
1109                 'L_AVATAR_GALLERY' => $lang['Select_from_gallery'],
1110                 'L_SHOW_GALLERY' => $lang['View_avatar_gallery'],
1111                 'L_LINK_REMOTE_AVATAR' => $lang['Link_remote_Avatar'],
1112                 'L_LINK_REMOTE_AVATAR_EXPLAIN' => $lang['Link_remote_Avatar_explain'],
1113                 'L_DELETE_AVATAR' => $lang['Delete_Image'],
1114                 'L_CURRENT_IMAGE' => $lang['Current_Image'],
1116                 'L_SIGNATURE' => $lang['Signature'],
1117                 'L_SIGNATURE_EXPLAIN' => sprintf($lang['Signature_explain'], $board_config['max_sig_chars']),
1118                 'L_NOTIFY_ON_REPLY' => $lang['Always_notify'],
1119                 'L_NOTIFY_ON_REPLY_EXPLAIN' => $lang['Always_notify_explain'],
1120                 'L_NOTIFY_ON_PRIVMSG' => $lang['Notify_on_privmsg'],
1121                 'L_POPUP_ON_PRIVMSG' => $lang['Popup_on_privmsg'],
1122                 'L_POPUP_ON_PRIVMSG_EXPLAIN' => $lang['Popup_on_privmsg_explain'],
1123                 'L_PREFERENCES' => $lang['Preferences'],
1124                 'L_PUBLIC_VIEW_EMAIL' => $lang['Public_view_email'],
1125                 'L_ITEMS_REQUIRED' => $lang['Items_required'],
1126                 'L_REGISTRATION_INFO' => $lang['Registration_info'],
1127                 'L_PROFILE_INFO' => $lang['Profile_info'],
1128                 'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'],
1129                 'L_EMAIL_ADDRESS' => $lang['Email_address'],
1131                 'L_CONFIRM_CODE_IMPAIRED'       => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'), 
1132                 'L_CONFIRM_CODE'                        => $lang['Confirm_code'], 
1133                 'L_CONFIRM_CODE_EXPLAIN'        => $lang['Confirm_code_explain'], 
1135                 'S_ALLOW_AVATAR_UPLOAD' => $board_config['allow_avatar_upload'],
1136                 'S_ALLOW_AVATAR_LOCAL' => $board_config['allow_avatar_local'],
1137                 'S_ALLOW_AVATAR_REMOTE' => $board_config['allow_avatar_remote'],
1138                 'S_HIDDEN_FIELDS' => $s_hidden_fields,
1139                 'S_FORM_ENCTYPE' => $form_enctype,
1140                 'S_PROFILE_ACTION' => append_sid("profile.$phpEx"))
1141         );
1143         //
1144         // This is another cheat using the block_var capability
1145         // of the templates to 'fake' an IF...ELSE...ENDIF solution
1146         // it works well :)
1147         //
1148         if ( $mode != 'register' )
1149         {
1150                 if ( $userdata['user_allowavatar'] && ( $board_config['allow_avatar_upload'] || $board_config['allow_avatar_local'] || $board_config['allow_avatar_remote'] ) )
1151                 {
1152                         $template->assign_block_vars('switch_avatar_block', array() );
1154                         if ( $board_config['allow_avatar_upload'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_path'])) )
1155                         {
1156                                 if ( $form_enctype != '' )
1157                                 {
1158                                         $template->assign_block_vars('switch_avatar_block.switch_avatar_local_upload', array() );
1159                                 }
1160                                 $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_upload', array() );
1161                         }
1163                         if ( $board_config['allow_avatar_remote'] )
1164                         {
1165                                 $template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array() );
1166                         }
1168                         if ( $board_config['allow_avatar_local'] && file_exists(@phpbb_realpath('./' . $board_config['avatar_gallery_path'])) )
1169                         {
1170                                 $template->assign_block_vars('switch_avatar_block.switch_avatar_local_gallery', array() );
1171                         }
1172                 }
1173         }
1176 $template->pparse('body');
1178 include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
1180 ?>