Show Posts

1

Chit Chat / 4Images Aktualisierung - Erfahrungswerte gesucht!

« on: February 10, 2010, 04:10:51 PM »

Hallo allerseits,

auch wenn es aktuell (noch) nicht nötig ist, irgendwann wird es aber soweit sein. Ich suche eure Erfahrungswerte bezüglich der Aktualisierung von 4Images mit bereits eingebauten Modifikationen.

Wie geht ihr dabei vor?
Welche zusätzliche Software benutzt ihr dazu?
Was muss beachtet werden?

Fragen über Fragen, die für einen Neuling von Interesse aber für alteingesessene Anwender kein Problem sind. Ich bin gespannt auf eure Anregungen, Hinweise und Erfahrungsberichte.

2

Programming / Javascript-Fehlermeldung

« on: February 05, 2010, 02:09:14 PM »

Hallo allerseits,

kann mich bitte mal einer über diese Fehlermeldung aufklären:

Quote

[Exception... "'JavaScript component does not have a method named: "onLocationChange"' when calling method: [nsIWebProgressListener::onLocationChange]" nsresult: "0x80570030 (NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED)" location: "<unknown>" data: no]

Line 0

Dies meldet mir FF mithilfe vom Addon Firebug. Was bedeutet das?

3

Discussion & Troubleshooting / Benutzerdaten-Seite aufteilen?

« on: February 03, 2010, 12:57:46 PM »

Hallo allerseits,

folgende Problemstellung - ich möchte die Seite, in der der Benutzer seine Einstellungen (member_editprofile.html) ändern kann, so aufteilen, dass die allgemeinen Benutzerdaten sowie das Passwort und das Benutzerbild auf getrennten Seiten bearbeitet werden kann. Es soll also für jeden Bereich eine extra Seite vorhanden sein. Hintergrund - das Benutzerkontrollzentrum soll Untermenüs bzw. Links dafür erhalten.

Kann mir bitte jemand dabei behilflich sein die Datei member.php diesbezüglich so auseinander zu klamüsern bzw. umzuschreiben, das die entsprechenden HTML-Seiten mit folgenden Links über die member.php aufgerufen werden können:

Allgemeine Einstellungen = /member.php?action=editprofile
Benutzerbild = /member.php?action=userpicture
Passwort ändern = /member.php?action=changepassword

Welche Dateien müssen bei dieser Abänderung des Benutzerkontrollzentrums noch berücksichtigt werden? Hier mal noch meine derzeitige member.php.

<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: member.php *
* Copyright: (C) 2002-2009 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.7 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/

$main_template = "member";

define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');

//--- Maintenance --------------------------------
$maintenance = $config['maintenance'];
$redirect_url = ROOT_PATH."maintenance.html";
if ($maintenance && $user_info['user_level'] != ADMIN && $user_info['user_level'] != MODERADOR){
 header("Location: ".$site_sess->url($redirect_url, "&"));
 exit;
}
//--- End of Maintenance -------------------------

if ($action == "") {
 $action = "lostpassword";
}
$content = "";
$txt_clickstream = "";

$sendprocess = 0;

if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) {
 $comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]);
}
else {
 $comment_id = 0;
}

if ($action == "deletecomment") {
 if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $sql = "SELECT c.comment_id, c.user_id AS comment_user_id, i.image_id, i.cat_id, i.user_id, i.image_name
 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
 $comment_row = $site_db->query_firstrow($sql);
 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
 $txt_clickstream .= $lang['comment_delete'];

 $sql = "UPDATE ".IMAGES_TABLE."
 SET image_comments = image_comments - 1
 WHERE image_id = ".$comment_row['image_id'];
 $site_db->query($sql);

 if ($comment_row['comment_user_id'] != GUEST) {
 $sql = "UPDATE ".USERS_TABLE."
 SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
 WHERE ".get_user_table_field("", "user_id")." = ".$comment_row['comment_user_id'];
 $site_db->query($sql);
 }

 $sql = "DELETE FROM ".COMMENTS_TABLE."
 WHERE comment_id = $comment_id";
 $result = $site_db->query($sql);
 $msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}

if ($action == "removecomment") {
 if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
 redirect($url);
 }

 $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
 LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
 $comment_row = $site_db->query_firstrow($sql);
 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 redirect($url);
 }

 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
 $txt_clickstream .= $lang['comment_delete'];

 if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
 $user_name = $comment_row[$user_table_fields['user_name']];
 }
 else {
 $user_name = $comment_row['comment_user_name'];
 }

 $site_template->register_vars(array(
 "comment_id" => $comment_id,
 "image_name" => format_text($comment_row['image_name']),
 "user_name" => format_text($user_name),
 "comment_headline" => format_text($comment_row['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
 "comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
 "lang_delete_comment" => $lang['comment_delete'],
 "lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
 "lang_image_name" => $lang['image_name'],
 "lang_name" => $lang['name'],
 "lang_headline" => $lang['headline'],
 "lang_comment" => $lang['comment'],
 "lang_submit" => $lang['submit'],
 "lang_reset" => $lang['reset'],
 "lang_yes" => $lang['yes'],
 "lang_no" => $lang['no']
 ));
 $content = $site_template->parse_template("member_deletecomment");
}

if ($action == "updatecomment") {
 if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }
 $sql = "SELECT c.comment_id, c.image_id, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
 LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
 $comment_row = $site_db->query_firstrow($sql);
 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
 $txt_clickstream .= $lang['comment_edit'];

 $error = 0;

 $comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
 $comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));

 if ($comment_headline == "") {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['headline']), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }
 if ($comment_text == "") {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['comment']), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }

 if (!$error) {
 $sql = "UPDATE ".COMMENTS_TABLE."
 SET comment_headline = '$comment_headline', comment_text = '$comment_text'
 WHERE comment_id = $comment_id";
 $result = $site_db->query($sql);
 $msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
 }
 else {
 $action = "editcomment";
 $sendprocess = 1;
 }
}

if ($action == "editcomment") {
 if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
 redirect($url);
 }

 $sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
 FROM (".COMMENTS_TABLE." c, ".IMAGES_TABLE." i)
 LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
 WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
 $comment_row = $site_db->query_firstrow($sql);
 if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 header("Location: ".$site_sess->url($url, "&"));
 exit;
 }

 $txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".format_text($comment_row['image_name'], 2)."</a>".$config['category_separator'];
 $txt_clickstream .= $lang['comment_edit'];

 $comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline'];
 $comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];

 if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
 $user_name = $comment_row[$user_table_fields['user_name']];
 }
 else {
 $user_name = $comment_row['comment_user_name'];
 }

 $bbcode = "";
 if ($config['bb_comments'] == 1) {
 $site_template->register_vars(array(
 "lang_bbcode" => $lang['bbcode'],
 "lang_tag_prompt" => $lang['tag_prompt'],
 "lang_link_text_prompt" => $lang['link_text_prompt'],
 "lang_link_url_prompt" => $lang['link_url_prompt'],
 "lang_link_email_prompt" => $lang['link_email_prompt'],
 "lang_list_type_prompt" => $lang['list_type_prompt'],
 "lang_list_item_prompt" => $lang['list_item_prompt']
 ));
 $bbcode = $site_template->parse_template("bbcode");
 }

 $site_template->register_vars(array(
 "bbcode" => $bbcode,
 "comment_id" => $comment_id,
 "image_name" => format_text($comment_row['image_name'], 2),
 "user_name" => format_text($user_name, 2),
 "comment_headline" => format_text($comment_headline, 2),
 "comment_text" => format_text($comment_text, 2),
 "lang_edit_comment" => $lang['comment_edit'],
 "lang_image_name" => $lang['image_name'],
 "lang_name" => $lang['name'],
 "lang_headline" => $lang['headline'],
 "lang_comment" => $lang['comment'],
 "lang_submit" => $lang['submit'],
 "lang_reset" => $lang['reset'],
 "lang_yes" => $lang['yes'],
 "lang_no" => $lang['no']
 ));
 $content = $site_template->parse_template("member_editcomment");
}

if ($action == "deleteimage") {
 if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }
 $sql = "SELECT image_id, cat_id, user_id, image_name, image_media_file, image_thumb_file
 FROM ".IMAGES_TABLE."
 WHERE image_id = $image_id";
 $image_row = $site_db->query_firstrow($sql);
 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $txt_clickstream = $lang['image_delete'];

 $sql = "DELETE FROM ".IMAGES_TABLE."
 WHERE image_id = $image_id";
 $del_img = $site_db->query($sql);
 $sql2 = "UPDATE ".USERS_TABLE."
 SET user_images = user_images-1
 WHERE user_id = ".$image_row['user_id']."";
 $site_db->query($sql2);

 if (!is_remote($image_row['image_media_file']) && !is_local_file($image_row['image_media_file'])) {
 @unlink(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
 }
 if (!empty($image_row['image_thumb_file']) && !is_remote($image_row['image_thumb_file']) && !is_local_file($image_row['image_thumb_file'])) {
 @unlink(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);
 }

 include(ROOT_PATH.'includes/search_utils.php');
 remove_searchwords($image_id);

 if (!empty($user_table_fields['user_comments'])) {
 $sql = "SELECT user_id
 FROM ".COMMENTS_TABLE."
 WHERE image_id = $image_id";
 $result = $site_db->query($sql);
 $user_id_sql = "";
 while ($row = $site_db->fetch_array($result)) {
 if ($row['user_id'] != GUEST) {
 $sql = "UPDATE ".USERS_TABLE."
 SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
 WHERE ".get_user_table_field("", "user_id")." = ".$row['user_id'];
 $site_db->query($sql);
 }
 }
 }

 $sql = "DELETE FROM ".COMMENTS_TABLE."
 WHERE image_id = $image_id";
 $del_com = $site_db->query($sql);

 if ($del_img) {
 $msg = $lang['image_delete_success'];
 }
 else {
 $msg = $lang['image_delete_error'];
 }
}

if ($action == "removeimage") {
 if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 redirect($url);
 }
 $sql = "SELECT image_id, cat_id, user_id, image_name
 FROM ".IMAGES_TABLE."
 WHERE image_id = $image_id";
 $image_row = $site_db->query_firstrow($sql);
 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator'];
 $txt_clickstream .= $lang['image_delete'];

 $site_template->register_vars(array(
 "image_id" => $image_id,
 "image_name" => format_text($image_row['image_name'], 2),
 "lang_delete_image" => $lang['image_delete'],
 "lang_delete_image_confirm" => $lang['image_delete_confirm'],
 "lang_submit" => $lang['submit'],
 "lang_reset" => $lang['reset'],
 "lang_yes" => $lang['yes'],
 "lang_no" => $lang['no']
 ));
 $content = $site_template->parse_template("member_deleteimage");
}

if ($action == "updateimage") {
 if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 }
 $sql = "SELECT image_id, cat_id, user_id, image_name
 FROM ".IMAGES_TABLE."
 WHERE image_id = $image_id";
 $image_row = $site_db->query_firstrow($sql);
 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator'];
 $txt_clickstream .= $lang['image_edit'];

 $error = 0;

 $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
 $image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
 $image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
 $image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
 $image_keywords = str_replace(","," ",$image_keywords);
 $image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);

//#################################### Mod Privat Image ###################################################################
$image_auth_viewimage = $HTTP_POST_VARS['image_auth_viewimage'];
//#################################### Mod Privat Images ###################################################################

 if ($image_name == "") {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }

 if (!empty($additional_image_fields)) {
 foreach ($additional_image_fields as $key => $val) {
 if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }
 }
 }

 if (!$error) {
 $additional_sql = "";

 if (isset($HTTP_POST_VARS['image_allow_comments'])) {
 $additional_sql .= ", image_allow_comments = ".intval($HTTP_POST_VARS['image_allow_comments']);
 }

 if (!empty($additional_image_fields)) {
 $table_fields = $site_db->get_table_fields(IMAGES_TABLE);
 foreach ($additional_image_fields as $key => $val) {
 if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
 $additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
 }
 }
 }

//#################################### Mod Privat Image ###################################################################
$sql = "UPDATE ".IMAGES_TABLE."
 SET image_name = '$image_name', image_description = '$image_description', image_keywords = '$image_keywords', image_auth_viewimage = $image_auth_viewimage".$additional_sql."
 WHERE image_id = $image_id";
//#################################### Mod Privat Image ###################################################################

 $result = $site_db->query($sql);
 if ($result) {
 include(ROOT_PATH.'includes/search_utils.php');
 $search_words = array();
 foreach ($search_match_fields as $image_column => $match_column) {
 if (isset($HTTP_POST_VARS[$image_column])) {
 $search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
 }
 }
 remove_searchwords($image_id);
 add_searchwords($image_id, $search_words);
 $msg = $lang['image_edit_success'];
 }
 else {
 $msg = $lang['image_edit_error'];
 }
 }
 else {
 $action = "editimage";
 $sendprocess = 1;
 }
}

if ($action == "editimage") {
 if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
 redirect($url);
 }

 $additional_sql = "";
 if (!empty($additional_image_fields)) {
 foreach ($additional_image_fields as $key => $val) {
 $additional_sql .= ", ".$key;
 }
 }
//#################################### Mod Privat Images ###################################################################
 $sql = "SELECT image_id, cat_id, user_id, image_name, image_description, image_keywords, image_allow_comments, image_auth_viewimage".$additional_sql."
 FROM ".IMAGES_TABLE."
 WHERE image_id = $image_id";
//#################################### Mod Privat Images ###################################################################

 $image_row = $site_db->query_firstrow($sql);
 if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
 redirect($url);
 }

 $txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".format_text($image_row['image_name'], 2)."</a>".$config['category_separator'];
 $txt_clickstream .= $lang['image_edit'];

 $image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_name']))) : $image_row['image_name'];
 $image_description = (isset($HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_description']))) : $image_row['image_description'];
 $image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_keywords']))) : $image_row['image_keywords'];
 $image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments'])) ? intval($HTTP_POST_VARS['image_allow_comments']) : $image_row['image_allow_comments'];
//#################################### Mod Privat Images ###################################################################
$access_array = array(
 AUTH_ALL => $lang['userlevel_all'],
 AUTH_USER => $lang['userlevel_registered'],
 AUTH_ACL => $lang['userlevel_private'],
 AUTH_ADMIN => $lang['userlevel_admins']
);

 $status = (isset($HTTP_POST_VARS['image_auth_viewimage']))? $HTTP_POST_VARS['image_auth_viewimage'] : $image_row['image_auth_viewimage'];
 $access_select = "<td class=\"row1\">\n<select class=\"input\" name=\"image_auth_viewimage\">\n";
 foreach ($access_array as $key => $val) {
 $access_select .= "<option value=\"".$key."\"";
 if ($status == $key) {
 $access_select .= " selected=\"selected\"";
 }
 $access_select .= ">".$val."</option>\n";
 }
 $access_select .= "</select>\n</td>\n</tr>\n";
//#################################### Mod Privat Images ###################################################################

 $site_template->register_vars(array(

//#################################### Mod Privat Images ###################################################################

"access_select" => $access_select,

"auth_viewimage" => $lang['auth_viewimage'],
//#################################### Mod Privat Images ###################################################################

    "image_id" => $image_id,
    "image_name" => format_text($image_name, 2),
    "image_description" => format_text($image_description, 2),
    "image_keywords" => format_text($image_keywords, 2),
    "image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
    "image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
    "lang_edit_image" => $lang['image_edit'],
    "lang_image_name" => $lang['image_name'],
    "lang_description" => $lang['description'],
    "lang_keywords" => $lang['keywords_ext'],
    "lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
    "lang_submit" => $lang['submit'],
    "lang_reset" => $lang['reset'],
    "lang_yes" => $lang['yes'],
    "lang_no" => $lang['no']
  ));

  if (!empty($additional_image_fields)) {
    $additional_field_array = array();
    foreach ($additional_image_fields as $key => $val) {
      if ($val[1] == "radio") {
        $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : $image_row[$key];
        if ($value == 1) {
          $additional_field_array[$key.'_yes'] = " checked=\"checked\"";
          $additional_field_array[$key.'_no'] = "";
        }
        else {
          $additional_field_array[$key.'_yes'] = "";
          $additional_field_array[$key.'_no'] = " checked=\"checked\"";
        }
      }

elseif ($val[1] == "dropdown") {
 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(stripslashes(trim($HTTP_POST_VARS[$key]))) : $image_row[$key];
 $additional_field_array[$key.'_dropdown'] = get_db_fields_dropdown($key, $val, $value);
 }
 else {
 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(stripslashes(trim($HTTP_POST_VARS[$key]))) : $image_row[$key];
 }
 $additional_field_array[$key] = $value;
 $additional_field_array['lang_'.$key] = $val[0];
 }
 if (!empty($additional_field_array)) {
 $site_template->register_vars($additional_field_array);
 }
 }
 $content = $site_template->parse_template("member_editimage");
}

if ($action == "uploadimage") {
 if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $txt_clickstream = "";
 if ($cat_id && isset($cat_cache[$cat_id])) {
 $txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
 }
 $txt_clickstream .= $lang['user_upload'];

 $remote_media_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_media_file'])));
 $remote_thumb_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_thumb_file'])));

 $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
 $image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
 $image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
 $image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
 $image_keywords = str_replace(","," ",$image_keywords);
 $image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);

//#################################### Mod Privat Images ###################################################################
 $image_auth_viewimage = $HTTP_POST_VARS['image_auth_viewimage'];
//#################################### Mod Privat Images ###################################################################

 $image_active = (isset($HTTP_POST_VARS['image_active']) && $HTTP_POST_VARS['image_active'] == 0) ? 0 : 1;
 $image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments']) && $HTTP_POST_VARS['image_allow_comments'] == 0) ? 0 : 1;
 $image_download_url = (isset($HTTP_POST_VARS['image_download_url'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['image_download_url']))) : "";

 $captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";

 $direct_upload = (check_permission("auth_directupload", $cat_id)) ? 1 : 0;
 $upload_cat = ($direct_upload) ? $cat_id : 0;

 $error = 0;
 $uploaderror = 0;

 if ($cat_id == 0) {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['category']), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }
 if ((empty($HTTP_POST_FILES['media_file']['tmp_name']) || $HTTP_POST_FILES['media_file']['tmp_name'] == "none") && ($remote_media_file == "" || !check_remote_media($remote_media_file))) {
 $error = 1;
 $msg .= (($msg != "") ? " " : "").$lang['image_file_required'];
 }
 if ($image_name == "") {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }

 if ($captcha_enable_upload && !captcha_validate($captcha)) {
 $msg .= (($msg != "") ? " " : "").$lang['captcha_required'];
 $error = 1;
 }

 if (!empty($additional_image_fields)) {
 foreach ($additional_image_fields as $key => $val) {
 if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }
 }
 }

 if (!$error) {
 // Start Upload
 include(ROOT_PATH.'includes/upload.php');
 $site_upload = new Upload();

 // Upload Media file
 if (!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") {
 $new_name = $site_upload->upload_file("media_file", "media", $upload_cat);
 if (!$new_name) {
 $msg .= (($msg != "") ? " " : "")."".$lang['file_upload_error'].": ".$new_name." ".$site_upload->get_upload_errors();
 $uploaderror = 1;
 }
 }
 else {
 $new_name = $remote_media_file;
 }

 // Uplad thumb file
 $new_thumb_name = "";
 if (!empty($HTTP_POST_FILES['thumb_file']['tmp_name']) && $HTTP_POST_FILES['thumb_file']['tmp_name'] != "none" && !$uploaderror) {
 $new_thumb_name = $site_upload->upload_file("thumb_file", "thumb", $upload_cat, get_basefile($new_name));
 if (!$new_thumb_name) {
 $msg .= (($msg != "") ? " " : "")."".$lang['thumb_upload_error'].": ".$new_thumb_name." ".$site_upload->get_upload_errors();
 @unlink(MEDIA_TEMP_PATH."/".$new_name);
 $uploaderror = 1;
 }
 }
 elseif (check_remote_thumb($remote_thumb_file)) {
 $new_thumb_name = $remote_thumb_file;
 }
 elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) {
 if ($direct_upload) {
 $src = MEDIA_PATH."/".$cat_id."/".$new_name;
 $dest = THUMB_PATH."/".$cat_id."/".$new_name;
 }
 else {
 $src = MEDIA_TEMP_PATH."/".$new_name;
 $dest = THUMB_TEMP_PATH."/".$new_name;
 }
 $do_create = 0;
 if ($image_info = @getimagesize($src)) {
 if ($image_info[2] == 1 || $image_info[2] == 2 || $image_info[2] == 3) {
 $do_create = 1;
 }
 }
 if ($do_create) {
 require(ROOT_PATH.'includes/image_utils.php');
 $convert_options = init_convert_options();
 if (!$convert_options['convert_error']) {
 $dimension = (intval($config['auto_thumbnail_dimension'])) ? intval($config['auto_thumbnail_dimension']) : 100;
 $resize_type = (intval($config['auto_thumbnail_resize_type'])) ? intval($config['auto_thumbnail_resize_type']) : 1;
 $quality = (intval($config['auto_thumbnail_quality']) && intval($config['auto_thumbnail_quality']) <= 100) ? intval($config['auto_thumbnail_quality']) : 100;

 if (create_thumbnail($src, $dest, $quality, $dimension, $resize_type)) {
 $new_thumb_name = $new_name;
 }
 }
 }
 }

 if (!$uploaderror) {
 $additional_field_sql = "";
 $additional_value_sql = "";
 if (!empty($additional_image_fields)) {
 $table = ($direct_upload) ? IMAGES_TABLE : IMAGES_TEMP_TABLE;
 $table_fields = $site_db->get_table_fields($table);
 foreach ($additional_image_fields as $key => $val) {
 if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
 $additional_field_sql .= ", $key";
 $additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
 }
 }
 }

 $current_time = time();
 if ($direct_upload) {

//#################################### Mod Privat Images ###################################################################
$sql = "INSERT INTO ".IMAGES_TABLE."
 (cat_id, user_id, image_name, image_description, image_keywords, image_date, image_active, image_media_file, image_thumb_file, image_download_url, image_allow_comments, image_auth_viewimage".$additional_field_sql.")
 VALUES
 ($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, $image_active, '$new_name', '$new_thumb_name', '$image_download_url', $image_allow_comments,$image_auth_viewimage".$additional_value_sql.")";
//#################################### Mod Privat Images ###################################################################

 $result = $site_db->query($sql);
 $image_id = $site_db->get_insert_id();
 if ($result) {

if ($user_info['user_id'] != GUEST) {
 $sql = "UPDATE ".USERS_TABLE."
 SET user_images = user_images+1
 WHERE user_id = ".$user_info['user_id']."";
 $site_db->query($sql);
 }
 include(ROOT_PATH.'includes/search_utils.php');
 $search_words = array();
 foreach ($search_match_fields as $image_column => $match_column) {
 if (isset($HTTP_POST_VARS[$image_column])) {
 $search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
 }
 }
 add_searchwords($image_id, $search_words);
 }
 }
 else {

//#################################### Mod Privat Images ###################################################################
$sql = "INSERT INTO ".IMAGES_TEMP_TABLE."
 (cat_id, user_id, image_name, image_description, image_keywords, image_date, image_media_file, image_thumb_file, image_download_url,image_auth_viewimage".$additional_field_sql.")
 VALUES
 ($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, '$new_name', '$new_thumb_name', '$image_download_url','$image_auth_viewimage'".$additional_value_sql.")";
//#################################### Mod Privat Images ###################################################################

 $result = $site_db->query($sql);
 }

 if ($config['upload_notify'] == 1 && !$direct_upload) {
 include(ROOT_PATH.'includes/email.php');
 $site_email = new Email();

 $config['upload_emails'] = str_replace(" ", "", $config['upload_emails']);
 $emails = explode(",", $config['upload_emails']);

 $validation_url = $script_url."/admin/index.php?goto=".urlencode("validateimages.php?action=validateimages");

 $site_email->set_to($config['site_email']);
 $site_email->set_subject($lang['new_upload_emailsubject']);
 $site_email->register_vars(array(
 "image_name" => stripslashes($image_name),
 "file_name" => $new_name,
 "cat_name" => $cat_cache[$cat_id]['cat_name'],
 "validation_url" => $validation_url,
 "site_name" => $config['site_name']
 ));
 $site_email->set_body("upload_notify", $config['language_dir_default']);
 $site_email->set_bcc($emails);
 $site_email->send_email();
 }

 $msg .= $lang['image_add_success'].": ".format_text(stripslashes($image_name))." (".$new_name.")";
 $msg .= (!$direct_upload) ? " ".$lang['new_upload_validate_desc'] : "";

 $file_extension = get_file_extension($new_name);
 $file = (is_remote($new_name)) ? $new_name : (($direct_upload) ? MEDIA_PATH."/".$cat_id."/".$new_name : MEDIA_TEMP_PATH."/".$new_name);
 $width_height = "";
 if (!is_remote($file) && $imageinfo = @getimagesize($file)) {
 $width_height = " ".$imageinfo[3];
 }
 $media_icon = "<img src=\"".ICON_PATH."/".$file_extension.".gif\" border=\"0\" alt=\"\" />";
 $site_template->register_vars(array(
 "media_src" => $file,
 "media_icon" => $media_icon,
 "image_name" => format_text(stripslashes($image_name)),
 "width_height" => $width_height
 ));
 $media = $site_template->parse_template("media/".$file_extension);
 $content .= "<table border=\"0\" align=\"center\">\n<tr>\n<td>\n".$media."\n</td>\n</tr>\n</table>\n";
 }
 else {
 $action = "uploadform";
 $sendprocess = 1;
 }
 }
 else {
 $action = "uploadform";
 $sendprocess = 1;
 }
}

if ($action == "uploadform") {
 if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
 show_error_page($lang['no_permission']);
 exit;
 }

 $txt_clickstream = "";
 if ($cat_id && isset($cat_cache[$cat_id])) {
 $txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
 }
 $txt_clickstream .= $lang['user_upload'];

 if (!$sendprocess) {
 $remote_media_file = "";
 $remote_thumb_file = "";
 $image_name = "";
 $image_description = "";
 $image_keywords = "";
 $image_download_url = "";
 $image_allow_comments = 1;
 }
//#################################### Mod Privat Images ###################################################################
$access_array = array(
 AUTH_ALL => $lang['userlevel_all'],
 AUTH_USER => $lang['userlevel_registered'],
 AUTH_ACL => $lang['userlevel_private'],
 AUTH_ADMIN => $lang['userlevel_admins']
);
 $status = (isset($HTTP_POST_VARS['image_auth_viewimage']))? $HTTP_POST_VARS['image_auth_viewimage'] : $image_row['image_auth_viewimage'];
 $access_select = "<td class=\"row1\">\n<select class=\"input\" name=\"image_auth_viewimage\">\n";
 foreach ($access_array as $key => $val) {
 $access_select .= "<option value=\"".$key."\"";
 if ($status == $key) {
 $access_select .= " selected=\"selected\"";
 }
 $access_select .= ">".$val."</option>\n";
 }
 $access_select .= "</select>\n</td>\n</tr>\n";
//#################################### Mod Privat Images ###################################################################

 $site_template->register_vars(array(

//#################################### Mod Privat Images ###################################################################
 "access_select" => $access_select,
 "auth_viewimage" => $lang['auth_viewimage'],
//#################################### Mod Privat Images ###################################################################

 "cat_id" => $cat_id,
 "cat_name" => ($cat_id != 0) ? format_text($cat_cache[$cat_id]['cat_name'], 2) : get_category_dropdown($cat_id),
 "remote_media_file" => format_text(stripslashes($remote_media_file), 2),
 "remote_thumb_file" => format_text(stripslashes($remote_thumb_file), 2),
 "image_name" => format_text(stripslashes($image_name), 2),
 "image_description" => format_text(stripslashes($image_description), 2),
 "image_keywords" => format_text(stripslashes($image_keywords), 2),
 "image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
 "image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
 "image_download_url" => format_text(stripslashes($image_download_url), 2),
 "lang_category" => $lang['category'],
 "lang_user_upload" => $lang['user_upload'],
 "lang_media_file" => $lang['media_file'],
 "lang_thumb_file" => $lang['thumb_file'],
 "lang_allowed_file_types" => $lang['allowed_mediatypes_desc'],
 "allowed_media_types" => str_replace(",",", ",$config['allowed_mediatypes']),
 "allowed_thumb_types" => "jpg, gif, png",
 "lang_max_filesize" => $lang['max_filesize'],
 "lang_max_imagewidth" => $lang['max_imagewidth'],
 "lang_max_imageheight" => $lang['max_imageheight'],
 "max_thumb_filsize" => $config['max_thumb_size']." ".$lang['kb'],
 "max_thumb_imagewidth" => $config['max_thumb_width']." ".$lang['px'],
 "max_thumb_imageheight" => $config['max_thumb_height']." ".$lang['px'],
 "max_media_filsize" => $config['max_media_size']." ".$lang['kb'],
 "max_media_imagewidth" => $config['max_image_width']." ".$lang['px'],
 "max_media_imageheight" => $config['max_image_height']." ".$lang['px'],
 "lang_image_name" => $lang['image_name'],
 "lang_description" => $lang['description'],
 "lang_keywords" => $lang['keywords_ext'],
 "lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
 "lang_submit" => $lang['submit'],
 "lang_reset" => $lang['reset'],
 "lang_yes" => $lang['yes'],
 "lang_no" => $lang['no'],
 "lang_captcha" => $lang['captcha'],
 "lang_captcha_desc" => $lang['captcha_desc'],
 "captcha_upload" => (bool)$captcha_enable_upload
 ));

 if (!empty($additional_image_fields)) {
 $additional_field_array = array();
 foreach ($additional_image_fields as $key => $val) {
 if ($val[1] == "radio") {
 $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
 if ($value == 1) {
 $additional_field_array[$key.'_yes'] = " checked=\"checked\"";
 $additional_field_array[$key.'_no'] = "";
 }
 else {
 $additional_field_array[$key.'_yes'] = "";
 $additional_field_array[$key.'_no'] = " checked=\"checked\"";
 }
 }
 else {
 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(stripslashes(trim($HTTP_POST_VARS[$key]))) : "";
 }
 $additional_field_array[$key] = $value;
 $additional_field_array['lang_'.$key] = $val[0];
 }
 if (!empty($additional_field_array)) {
 $site_template->register_vars($additional_field_array);
 }
 }
 $content = $site_template->parse_template("member_uploadform");
}

if ($action == "emailuser") {
 $txt_clickstream = $lang['profile'];
 $user_id = (isset($HTTP_POST_VARS[URL_USER_ID])) ? intval($HTTP_POST_VARS[URL_USER_ID]) : GUEST;
 $error = 0;

 if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
 show_error_page($lang['no_permission']);
 exit;
 }
 $subject = stripslashes(trim($HTTP_POST_VARS['subject']));
 $message = stripslashes(trim($HTTP_POST_VARS['message']));

 if ($subject == "" || $message == "") {
 $msg = $lang['lostfield_error'];
 $sendprocess = 1;
 $error = 1;
 }

 if (!$error) {
 if (($user_info['user_level'] == ADMIN || !$site_db->query_firstrow("SELECT id FROM ".BAN_TABLE." WHERE type = ".BAN_USERID." AND user_id = ".$user_id." AND (NOT expire OR expire > ".time().") LIMIT 1")) && $user_row = get_user_info($user_id)) {
 if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) {
 $content = $lang['invalid_user_id'];
 }
 else {
 $sender_user_name = ($user_info['user_level'] != GUEST) ? (isset($user_info['user_name']) ? $user_info['user_name'] : $lang['userlevel_user']) : $lang['userlevel_guest'];
 $sender_user_email = ($user_info['user_level'] != GUEST && isset($user_info['user_email'])) ? $user_info['user_email'] : $config['site_email'];

 // Start Emailer
 include(ROOT_PATH.'includes/email.php');
 $site_email = new Email();
 $site_email->set_from($sender_user_email, $sender_user_name);
 $site_email->set_to($user_row['user_email']);
 $site_email->set_subject($subject);
 $site_email->register_vars(array(
 "sender_user_name" => $sender_user_name,
 "sender_user_email" => $sender_user_email,
 "message" => $message,
 "site_name" => $config['site_name']
 ));
 $site_email->set_body("mailform_message", $config['language_dir']);
 $site_email->send_email();
 $msg = $lang['emailuser_success'];
 }
 }
 else {
 $content = $lang['invalid_user_id'];
 }
 }
 else {
 $action = "mailform";
 }
}

if ($action == "mailform") {
 $txt_clickstream = $lang['profile'];
 if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) {
 $user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]);
 if (!$user_id) {
 $user_id = GUEST;
 }
 }
 else {
 $user_id = GUEST;
 }

 if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
 show_error_page($lang['no_permission']);
 exit;
 }

 if (!$sendprocess) {
 $subject = "";
 $message = "";
 }

 if ($user_row = get_user_info($user_id)) {
 if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) {
 $content = $lang['invalid_user_id'];
 }
 else {
 $site_template->register_vars(array(
 "user_id" => $user_row['user_id'],
 "user_name" => format_text($user_row['user_name'], 2),
 "subject" => format_text($subject, 2),
 "message" => format_text($message, 2),
 "lang_send_email_to" => $lang['send_email_to'],
 "lang_subject" => $lang['subject'],
 "lang_message" => $lang['message'],
 "lang_submit" => $lang['submit'],
 "lang_reset" => $lang['reset']
 ));
 $content = $site_template->parse_template("member_mailform");
 }
 }
 else {
 $content = $lang['invalid_user_id'];
 }
}

//-----------------------------------------------------
//--- Show Profile ------------------------------------
//-----------------------------------------------------
if ($action == "showprofile") {
 $txt_clickstream = $lang['profile'];
 if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) {
 $user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]);
 if (!$user_id) {
 $user_id = GUEST;
 }
 }
 else {
 $user_id = GUEST;
 }

// Update Profile Hits
if ($user_info['user_level'] != ADMIN && $user_info['user_id'] != $user_id) {
 $sql = "UPDATE ".USERS_TABLE."
 SET profile_hits = profile_hits + 1
 WHERE user_id = $user_id";
 $site_db->query($sql);
}
// End Update Profile Hits

 if ($user_row = get_user_info($user_id)) {
 $user_homepage = (isset($user_row['user_homepage'])) ? format_text(format_url($user_row['user_homepage']), 2) : REPLACE_EMPTY;
 if (!empty($user_homepage) && $user_homepage != REPLACE_EMPTY) {
 $user_homepage_button = "<a href=\"".$user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$user_homepage."\" /></a>";
 }
 else {
 $user_homepage_button = REPLACE_EMPTY;
 }
 $user_msn = (isset($user_row['user_msn'])) ? format_text(format_url($user_row['user_msn']), 2) : REPLACE_EMPTY;
 if (!empty($user_msn) && $user_msn != REPLACE_EMPTY) {
 $user_msn_button = "<a href=\"".$user_msn."\" target=\"_blank\"><img src=\"".get_gallery_image("msn.gif")."\" border=\"0\" alt=\"".$user_msn."\" /></a>";
 }
 else {
 $user_msn_button = REPLACE_EMPTY;
 }

$user_aim = (isset($user_row['user_aim'])) ? format_text(format_url($user_row['user_aim']), 2) : REPLACE_EMPTY;
 if (!empty($user_aim) && $user_aim != REPLACE_EMPTY) {
 $user_aim_button = "<a href=\"".$user_aim."\" target=\"_blank\"><img src=\"".get_gallery_image("aim.gif")."\" border=\"0\" alt=\"".$user_aim."\" /></a>";
 }
 else {
 $user_aim_button = REPLACE_EMPTY;
 }

$user_yahoo = (isset($user_row['user_yahoo'])) ? format_text(format_url($user_row['user_yahoo']), 2) : REPLACE_EMPTY;
 if (!empty($user_yahoo) && $user_yahoo != REPLACE_EMPTY) {
 $user_yahoo_button = "<a href=\"".$user_yahoo."\" target=\"_blank\"><img src=\"".get_gallery_image("yahoo.gif")."\" border=\"0\" alt=\"".$user_yahoo."\" /></a>";
 }
 else {
 $user_yahoo_button = REPLACE_EMPTY;
 }
 $user_icq = (isset($user_row['user_icq'])) ? $user_row['user_icq'] : REPLACE_EMPTY;
 if (!empty($user_icq) && $user_icq != REPLACE_EMPTY) {
 $user_icq_button = "<a href=\"http://www.icq.com/people/about_me.php?uin=".$user_icq."\" target=\"_blank\"><img src=\"http://status.icq.com/online.gif?icq=".$user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$user_icq."\" /></a>";
 }
 else {
 $user_icq_button = REPLACE_EMPTY;
 }
//---[MOD] BUDDY V.1.0.0 beta ------------
//----2007 by eMagix for 4images gallery --
//----------- START CODE -----------------

if (($user_info['user_level'] != GUEST) && ($user_info['user_id'] != $user_row['user_id'])) {

$buddy_url = $self_url;

$buddy_url .= (!empty($mode)) ? ((strpos($buddy_url, '?') !== false) ? "&" : "?")."mode=".$mode : "";

$buddy_url .= strpos($buddy_url, '?') !== false ? "&" : "?";

// IF USER ALREADY A BUDDY SHOW ALREADY BUDDY TEXT

$buddy_status = check_buddy($user_row['user_id']);

if ($buddy_status == 1) {

$buddy_button = $lang['user_buddy_yes'];

}
// IF USER REQUEST PENDING SHOW PENDING TEXT

elseif ($buddy_status == 0) {

$buddy_button = $lang['user_buddy_pending'];

}

// IF NOT YET BUDDY SHOW BUTTON

elseif ($buddy_status == -1) {

$buddy_url .= "action=addbuddy&id=".$user_row['user_id']."";

$buddy_button = "<a href=\"".$site_sess->url($buddy_url)."\"><img src=\"".get_gallery_image("buddy_no.gif")."\" border=\"0\" alt=\"\" /></a>";

}

else {

$buddy_button = "<img src=\"".get_gallery_image("buddy_off.gif")."\" border=\"0\" alt=\"\" />";

}

$site_template->register_vars("lang_buddy_add", $lang['lang_buddy_add']);

// SHOW YOUR BUDDIES ON YOUR PROFILE

$buddy_sql = "SELECT *

FROM (".USERS_TABLE." u)

INNER JOIN ".USERS_FRIENDSHIP_TABLE." i ON (".get_user_table_field("u.", "user_id")." = i.user_id_primary)

WHERE i.friendship_status =1 AND i.user_id_secondary = ".$user_row['user_id']."

UNION

SELECT *

FROM (".USERS_TABLE." u)

INNER JOIN ".USERS_FRIENDSHIP_TABLE." i1 ON (".get_user_table_field("u.", "user_id")." = i1.user_id_secondary)

WHERE i1.friendship_status =1 AND i1.user_id_primary = ".$user_row['user_id']."

               LIMIT 50"; // NUMBER OF BUDDIES YOU WANT TO SHOW ON YOUR PROFILE

$buddy_result = $site_db->query($buddy_sql);

$num_rows = $site_db->get_numrows($buddy_result);

if (!$num_rows) {

$buddylist = $lang['buddy_no_empty'];

$msg = $lang['buddy_no_empty'];

}

else {

$buddylist ="";

while($ds = mysql_fetch_object($buddy_result)){

$user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/", $ds->user_id, $url_show_profile) : ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$ds->user_id;

$buddylist .= " <a href=\"".$site_sess->url($user_profile_link)."\">".htmlspecialchars($ds->user_name)."</a> ";

}

}
$site_template->register_vars("buddy", $buddylist);

$site_template->register_vars("buddy_msg", $msg);

unset($userlist,$msg);

//----------- END CODE -----------------

 if (!empty($user_row['user_email']) && (!isset($user_row['user_showemail']) || (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 1))) {
 $user_email = $user_row['user_email'];
 $user_email_save = str_replace("@", " at ", $user_row['user_email']);
 $user_email_save = str_replace(".", " dot ", $user_row['user_email']);
 if (!empty($url_mailform)) {
 $user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $user_row['user_id'], $url_mailform));
 }
 else {
 $user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$user_row['user_id']);
 }
 $user_email_button = "<a href=\"".$user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$user_email_save."\" /></a>";
 }
 else {
 $user_email = REPLACE_EMPTY;
 $user_email_save = REPLACE_EMPTY;
 $user_mailform_link = REPLACE_EMPTY;
 $user_email_button = REPLACE_EMPTY;
 }

$sql = "SELECT COUNT(image_id) AS totimg
FROM ".IMAGES_TABLE."
WHERE user_id = $user_id";

$result = $site_db->query($sql);

$row = $site_db->fetch_array($result);

$uploaded_images = $row['totimg'];

    // Birthday Mod
    $user_birthday = (isset($user_row[$user_table_fields['birthday']])) ? $user_row[$user_table_fields['birthday']] : REPLACE_EMPTY;
    if (!empty($user_birthday) && $user_birthday != REPLACE_EMPTY  && $user_row[$user_table_fields['birthday']] != "0000-00-00") {

           $birthday = explode("-",$user_row[$user_table_fields['birthday']]);
           $user_birthday = $birthday[2].".".$lang['months'][sprintf("%02d",$birthday[1])];
           $user_birthday .= ($birthday[0]!="0000") ? " ".$birthday[0]."" : "";

           // Show Age in Profile
           if (($config['birthday_show_profile_age'] == 1) && ($age = calc_age ($user_row[$user_table_fields['birthday']]))) {
                $user_birthday .= " ($age)";
           }

           // Show Birthdaycountdown in Profile
           if ($config['birthday_profile_countdown'] == 1 && $b_cdown = calc_countdown ($user_row[$user_table_fields['birthday']]))  {

                $site_template->register_vars(array(
                     "lang_birthday_cdown" => $lang['birthday_cdown'],
                     "cdown_days" => $b_cdown['days'],
                     "cdown_hours" => $b_cdown['hours'],
                     "cdown_minutes" => $b_cdown['minutes'],
                     "lang_days" => $lang['days'],
                     "lang_hours" => $lang['hours'],
                     "lang_minutes" => $lang['minutes']
                ));
           }
          // End Show Birthdaycountdown in Profile

    }
    else {
      $user_birthday = REPLACE_EMPTY;
    }
    // Birthday Mod

$rank_commentator = get_rank($user_row['user_comments'], "commentator");
 $rank_photographer = get_rank($user_row['user_images'], "photographer");

 $site_template->register_vars(array(
 "lang_avatar" => $lang['avatar'],
 "user_avatar_current" => ($config['avatar_use']) ? "<img src=\"".TEMPLATE_PATH."/avatars/".(($user_row['user_avatar'] == "") ? "blank.gif" : $user_row['user_avatar'])."\" name=\"icons\" border=\"0\" alt=\"\">" : "",
 "uploaded_imgs" => $uploaded_images,

  "user_id" => $user_row['user_id'],
      "user_name" => (isset($user_row['user_name'])) ? htmlspecialchars($user_row['user_name']) : REPLACE_EMPTY,
      "lang_rank" => $lang['rank'],

  "lang_uploaded_user_img" => $lang['uploaded_user_img'],
      "rank_commentator" => $rank_commentator,
      "rank_photographer" => $rank_photographer,

  "user_birthday" => $user_birthday,
      "user_email" => $user_email,
      "user_email_save" => $user_email_save,
      "user_mailform_link" => $user_mailform_link,
      "user_email_button" => $user_email_button,
      "user_join_date" => (isset($user_row['user_joindate'])) ? format_date($config['date_format'], $user_row['user_joindate']) : REPLACE_EMPTY,
      "user_last_action" => (isset($user_row['user_lastaction'])) ? format_date($config['date_format']." ".$config['time_format'], $user_row['user_lastaction']) : REPLACE_EMPTY,
      "user_homepage" => $user_homepage,

"buddy_button" => $buddy_button,

// BUDDY MOD – DISPLAY BUDDY BUTTON ON YOUR PROFILE
 "user_homepage_button" => $user_homepage_button,
 "user_icq" => $user_icq,
 "user_icq_button" => $user_icq_button,
 "user_icq_status" => (isset($user_row['user_icq'])) ? get_icq_status($user_row['user_icq']) : REPLACE_EMPTY,
 "user_comments" => (isset($user_row['user_comments'])) ? $user_row['user_comments'] : REPLACE_EMPTY,
 "lang_profile_of" => $lang['profile_of'],
 "lang_show_user_images" => preg_replace("/".$site_template->start."user_name".$site_template->end."/siU", format_text($user_row['user_name'], 2), $lang['show_user_images']),
 "url_show_user_images" => $site_sess->url(ROOT_PATH."search.php?search_user=".urlencode($user_row['user_name'])),
 "lang_join_date" => $lang['join_date'],
 "lang_last_action" => $lang['last_action'],
 "lang_comments" => $lang['comments'],
 "lang_email" => $lang['email'],
 "lang_homepage" => $lang['homepage'],
 "lang_icq" => $lang['icq']
 ));

 if (!empty($additional_user_fields)) {
 $additional_field_array = array();
 foreach ($additional_user_fields as $key => $val) {
 $additional_field_array[$key] = (!empty($user_row[$key])) ? format_text($user_row[$key], 1) : REPLACE_EMPTY;
 $additional_field_array['lang_'.$key] = $val[0];
 }
 if (!empty($additional_field_array)) {
 $site_template->register_vars($additional_field_array);
 }
 }
 $content = $site_template->parse_template("member_profile");
 }
 else {
 $content = $lang['invalid_user_id'];
 }
}

//-----------------------------------------------------
//--- Send Password -----------------------------------
//-----------------------------------------------------
if ($action == "sendpassword") {
 $txt_clickstream = $lang['lost_password'];
 $user_email = un_htmlspecialchars(trim($HTTP_POST_VARS['user_email']));

 if ($user_email != "") {
 $sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password")."
 FROM ".USERS_TABLE."
 WHERE ".get_user_table_field("", "user_email")." = '$user_email'";
 if ($checkuser = $site_db->query_firstrow($sql)) {
 mt_srand((double) microtime() * 1000000);
 $puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 $user_password = "";
 for ($i = 0; $i < 8; $i++) {
 $user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1);
 }

 $sql = "UPDATE ".USERS_TABLE."
 SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
 WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];
 $site_db->query($sql);

 // Start Emailer
 include(ROOT_PATH.'includes/email.php');
 $site_email = new Email();
 $site_email->set_to($user_email);
 $site_email->set_subject($lang['send_password_emailsubject']);
 $site_email->register_vars(array(
 "user_name" => $checkuser[$user_table_fields['user_name']],
 "user_password" => stripslashes($user_password),
 "site_name" => $config['site_name']
 ));
 $site_email->set_body("lost_password", $config['language_dir']);
 $site_email->send_email();

 $msg = $lang['send_password_success'];
 $HTTP_POST_VARS['user_email'] = "";
 }
 else {
 $msg = $lang['invalid_email'];
 }
 }

 $action = "lostpassword";
}

if ($action == "lostpassword") {
 $txt_clickstream = $lang['lost_password'];
 $user_email = (isset($HTTP_POST_VARS['user_email'])) ? format_text(stripslashes($HTTP_POST_VARS['user_email']), 2) : "";
 $site_template->register_vars(array(
 "lang_email" => $lang['email'],
 "lang_lost_password" => $lang['lost_password'],
 "lang_lost_password_msg" => $lang['lost_password_msg'],
 "lang_submit" => $lang['submit'],
 "user_email" => $user_email,
 ));
 $content = $site_template->parse_template("member_lostpassword");
}

//-----------------------------------------------------
//--- Edit Profile ------------------------------------
//-----------------------------------------------------
$update_process = 0;
$new_email_msg = "";
if ($action == "updateprofile") {
 $txt_clickstream = $lang['control_panel'];
 if ($user_info['user_level'] == GUEST) {
 show_error_page($lang['no_permission']);
 exit;
 }
 $user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
 $user_email2 = (isset($HTTP_POST_VARS['user_email2'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email2'])) : "";
 $user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage']))) : "";
 $user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";
 $user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
 $user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 0;
 $user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
 $user_birthday_day = (isset($HTTP_POST_VARS['user_birthday_day'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_birthday_day'])) : "";
 $user_birthday_month = (isset($HTTP_POST_VARS['user_birthday_month'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_birthday_month'])) : "";
 $user_birthday_year = (isset($HTTP_POST_VARS['user_birthday_year'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_birthday_year'])) : "";

 $error = 0;
 if (!$user_birthday = check_birthday($user_birthday_day,$user_birthday_month,$user_birthday_year,$config['birthday_required'])) {
 $msg .= (($msg != "") ? " " : "").$lang['birthday_error'];
 $error = 1;
 }
 if ($user_info['user_email'] != $user_email && $checkuser = $site_db->query_firstrow("SELECT ".get_user_table_field("", "user_id")." FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_email")." = '$user_email' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
 if ($checkuser[$user_table_fields['user_id']] != $user_info['user_id']) {
 $msg .= (($msg != "") ? " " : "").$lang['email_exists'];
 $error = 1;
 }
 }
 if ($user_email != $user_email2) {
 $msg .= (($msg != "") ? " " : "").$lang['update_email_confirm_error'];
 $error = 1;
 }
 if ($user_email == "" || $user_email2 == "") {
 $msg .= (($msg != "") ? " " : "").$lang['update_email_error'];
 $error = 1;
 }
 if (!check_email($user_email)) {
 $msg .= (($msg != "") ? " " : "").$lang['invalid_email_format'];
 $error = 1;
 }

 if (!empty($additional_user_fields)) {
 foreach ($additional_user_fields as $key => $val) {
 if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
 $error = 1;
 $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
 $msg .= (($msg != "") ? " " : "").$field_error;
 }
 }
 }

 if (!$error && $user_email != $user_info['user_email'] && $user_info['user_level'] != ADMIN && $config['account_activation'] != 0) {
 $activationkey = get_random_key(USERS_TABLE, $user_table_fields['user_activationkey']);

 $sql = "UPDATE ".USERS_TABLE."
 SET ".get_user_table_field("", "user_level")." = ".USER_AWAITING.", ".get_user_table_field("", "user_activationkey")." = '$activationkey'
 WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
 $result = $site_db->query($sql);

 if ($result) {
 $activation_url = $script_url."/register.php?action=activate&activationkey=".$activationkey;

 include(ROOT_PATH.'includes/email.php');
 $site_email = new Email();

 switch($config['account_activation']) {
 case 2:
 $user_details_url = $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_info['user_id']."&activation=1");
 $email_to = $config['site_email'];
 $email_subject = $lang['admin_activation_emailsubject'];
 $email_template = "admin_activation";
 $new_email_msg = $lang['update_email_instruction_admin'];
 break;
 case 1:
 if ($config['language_dir_default'] != $config['language_dir']) {
 $activation_url .= "&l=".$config['language_dir'];
 }
 $user_details_url = "";
 $email_to = $user_email;
 $email_subject = $lang['update_email_emailsubject'];
 $email_template = "newemail_activation";
 $new_email_msg = $lang['update_email_instruction'];
 break;
 case 0:
 default:
 break;
 }

 if (!empty($email_to)) {
 $site_email->set_to($email_to);
 $site_email->set_subject($email_subject);
 $site_email->register_vars(array(
 "user_details_url" => $user_details_url,
 "activation_url" => $activation_url,
 "user_name" => $user_info['user_name'],
 "site_name" => $config['site_name']
 ));
 $site_email->set_body($email_template, $config['language_dir']);
 $site_email->send_email();
 }
 }
 else {
 $msg = $lang['general_error'];
 $error = 1;
 }
 }
// Upload Avatar file
 if (!$error) {
 if (!empty($HTTP_POST_FILES['avatar_file']['tmp_name']) && $HTTP_POST_FILES['avatar_file']['tmp_name'] != "none") {
 include(ROOT_PATH.'includes/upload.php');
 $site_upload = new Upload();
 $new_name = $site_upload->upload_file("avatar_file", "avatar", $config['template_dir'], $user_info['user_id']);
 if (!$new_name) {
 $msg .= (($msg != "") ? " " : "")."".$lang['file_upload_error'].": ".$new_name." ".$site_upload->get_upload_errors();
 $error = 1;
 }else{
 $HTTP_POST_VARS['user_avatar'] = "users/".$new_name;
 $avatars_dir = TEMPLATE_DIR."/".$config['template_dir']."/avatars/users/";
 $dir = opendir($avatars_dir);
 $contents = array();
 while ($contents[] = readdir($dir)){;}
 closedir($dir);
 foreach ($contents as $line){
 $filename = substr($line,0,(strlen($line)-strlen(strrchr($line,"."))));
 $extension = substr(strrchr($line,"."), 1);
 $filename2 = substr($new_name,0,(strlen($new_name)-strlen(strrchr($new_name,"."))));
 $extension2 = substr(strrchr($new_name,"."), 1);
 if ($filename == $filename2 && $extension != $extension2) {
 unlink($avatars_dir.$line);
 }
 }

 }
 }
 }
// End Avatar file

 if (!$error) {
 $additional_sql = "";
 if (!empty($additional_user_fields)) {
 $table_fields = $site_db->get_table_fields(USERS_TABLE);
 foreach ($additional_user_fields as $key => $val) {
 if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
 $additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
 }
 }
 }

// Birthday Mod
 $additional_sql .= ", ".get_user_table_field("", "birthday")." = '$user_birthday'";

 $sql = "UPDATE ".USERS_TABLE."
 SET ".get_user_table_field("", "user_email")." = '$user_email', ".get_user_table_field("", "user_showemail")." = $user_showemail, ".get_user_table_field("", "user_allowemails")." = $user_allowemails, ".get_user_table_field("", "user_invisible")." = $user_invisible, ".get_user_table_field("", "user_homepage")." = '$user_homepage', ".get_user_table_field("", "user_icq")." = '$user_icq'".$additional_sql."
 WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
 $site_db->query($sql);

 $msg = $lang['update_profile_success'];
 if (!empty($new_email_msg)) {
 $msg .= " ".$new_email_msg;
 }
 $user_info = $site_sess->load_user_info($user_info['user_id']);
 }
 else {
 $update_process = 1;
 }
 $action = "editprofile";
}

if ($action == "updatepassword") {
 $txt_clickstream = $lang['control_panel'];
 if ($user_info['user_level'] == GUEST) {
 show_error_page($lang['no_permission']);
 exit;
 }
 $error = 0;
 $current_user_password = md5(trim($HTTP_POST_VARS['current_user_password']));
 $user_password = trim($HTTP_POST_VARS['user_password']);
 $user_password2 = trim($HTTP_POST_VARS['user_password2']);
 if ($current_user_password != $user_info['user_password']) {
 $msg .= (($msg != "") ? " " : "").$lang['update_password_error'];
 $error = 1;
 }
 if ($user_password != $user_password2 || $user_password == "") {
 $msg .= (($msg != "") ? " " : "").$lang['update_password_confirm_error'];
 $error = 1;
 }
 if (!$error) {
 $sql = "UPDATE ".USERS_TABLE."
 SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
 WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
 $site_db->query($sql);

 $msg = $lang['update_password_success'];
 $user_info = $site_sess->load_user_info($user_info['user_id']);
 }
 $action = "editprofile";
}

if ($action == "editprofile") {
 $txt_clickstream = $lang['control_panel'];
 if ($user_info['user_level'] == GUEST) {
 show_error_page($lang['no_permission']);
 exit;
 }
 $user_name = $user_info['user_name'];
 if (!$update_process) {
 $user_email = $user_info['user_email'];
 $user_email2 = $user_info['user_email'];
 $user_showemail = $user_info['user_showemail'];
 $user_allowemails = $user_info['user_allowemails'];
 $user_invisible = $user_info['user_invisible'];
 $user_homepage = $user_info['user_homepage'];
 $user_icq = $user_info['user_icq'];

$user_avatar = $user_info['user_avatar'];
 $birthday = explode("-",$user_info['birthday']);
 $user_birthday_day = $birthday[2];
 $user_birthday_month = $birthday[1];
 $user_birthday_year = $birthday[0];
 }

 $birthday_day_options = "<option value=\"\">--</option>\n";
 $birthday_month_options = "<option value=\"\">--</option>\n";

 for ($i=1;$i<=31;$i++){
 $birthday_day_options .= "<option value=\"".sprintf("%02d",$i)."\"".(($i == $user_birthday_day) ? "selected" : "").">".$i."</option>\n";

 }
 for ($i=1;$i<=12;$i++){ //getmonth($i)
 $birthday_month_options .= "<option value=\"".sprintf("%02d",$i)."\"".(($i == $user_birthday_month) ? "selected" : "").">".$lang['months'][sprintf("%02d",$i)]."</option>\n";
 }

 if ($user_showemail == 1) {
 $user_showemail_yes = " checked=\"checked\"";
 $user_showemail_no = "";
 }
 else {
 $user_showemail_yes = "";
 $user_showemail_no = " checked=\"checked\"";
 }
 if ($user_allowemails == 1) {
 $user_allowemails_yes = " checked=\"checked\"";
 $user_allowemails_no = "";
 }
 else {
 $user_allowemails_yes = "";
 $user_allowemails_no = " checked=\"checked\"";
 }
 if ($user_invisible == 1) {
 $user_invisible_yes = " checked=\"checked\"";
 $user_invisible_no = "";
 }
 else {
 $user_invisible_yes = "";
 $user_invisible_no = " checked=\"checked\"";
 }

 $edit_profile_msg = $lang['edit_profile_msg'];
 if ($config['account_activation'] == 1 && $user_info['user_level'] != ADMIN) {
 $edit_profile_msg .= $lang['edit_profile_email_msg'];
 }
 if ($config['account_activation'] == 2 && $user_info['user_level'] != ADMIN) {
 $edit_profile_msg .= $lang['edit_profile_email_msg_admin'];
 }

//-----------------------
//------ Avatar ---------
//-----------------------
 if ($config['avatar_use']){
 $images = "";
 $checked = ($user_avatar == "blank.gif" || $user_avatar == "") ? " selected" : "";
 $images .= "\n<option value=\"blank.gif\"$checked>none</option>\n";
 $dir = opendir(TEMPLATE_PATH."/avatars/users/");
 $contents = array();
 while ($contents[] = readdir($dir)){;}
 closedir($dir);
 natcasesort ($contents);
 foreach ($contents as $line){
 $filename = substr($line,0,(strlen($line)-strlen(strrchr($line,"."))));
 if ($filename == $user_info['user_id']) {
 $checked = (stristr($user_avatar, "users/")) ? " selected" : "";
 $images .= "\n<option value=\"users/$line\"$checked>".$lang['custom']."</option>\n";
 }
 }
 $dir = opendir(TEMPLATE_PATH."/avatars/");
 $contents = array();
 while ($contents[] = readdir($dir)){;}
 closedir($dir);
 natcasesort ($contents);
 $checked = "";
 foreach ($contents as $line){
 $filename = substr($line,0,(strlen($line)-strlen(strrchr($line,"."))));
 $extension = substr(strrchr($line,"."), 1);
 $checked = "";
 if ($line == $user_avatar) { $checked = " selected"; }
 if (strcasecmp($extension,"gif")==0 || strcasecmp($extension,"jpg")==0 || strcasecmp($extension,"jpeg")==0 || strcasecmp($extension,"png")==0 ){
 if ($line != "blank.gif") {
 $filename = str_replace("_", " ", $filename);
 $images .= "<option value=\"$line\"$checked>$filename</option>\n";
 }
 }
 }
 }
//----------------------
//----- End Avatar -----
//----------------------

 $site_template->register_vars(array(
 "lang_avatar" => $lang['avatar'],
 "lang_avatar_file" => $lang['avatar_file'],
 "lang_avatar_dim" => $lang['avatar_max_dim']." ".$config['avatar_width']."x".$config['avatar_height'].$lang['px'],
 "lang_avatar_select" => $lang['avatar_select'],
 "user_avatar_images" => $images,
 "user_avatar_current" => ($config['avatar_use']) ? "<img src=\"".TEMPLATE_PATH."/avatars/".(($user_avatar == "") ? "blank.gif" : $user_avatar)."\" name=\"icons\" border=\"0\" alt=\"\">" : "",
 "lang_or" => $lang['or'],
 "user_avatar_file" => $config['avatar_user_custom'],
 "user_name" => htmlspecialchars(stripslashes($user_name)),
 "user_email" => format_text(stripslashes($user_email), 2),
 "user_email2" => format_text(stripslashes($user_email2), 2),
 "user_homepage" => format_text(stripslashes($user_homepage), 2),
 "birthday_day_options" => $birthday_day_options,
 "birthday_month_options" => $birthday_month_options,
 "user_birthday_year" => $user_birthday_year,
 "lang_day" => $lang['day'],
 "lang_month" => $lang['month'],
 "lang_year" => $lang['year'],

    "user_icq" => $user_icq,
    "user_showemail_yes" => $user_showemail_yes,
    "user_showemail_no" => $user_showemail_no,
    "user_allowemails_yes" => $user_allowemails_yes,
    "user_allowemails_no" => $user_allowemails_no,
    "user_invisible_yes" => $user_invisible_yes,
    "user_invisible_no" => $user_invisible_no,
    "lang_profile_of" => $lang['profile_of'],
    "lang_email" => $lang['email'],
    "lang_email_confirm" => $lang['email_confirm'],
    "lang_show_email" => $lang['show_email'],
    "lang_allow_emails" => $lang['allow_emails'],
    "lang_invisible" => $lang['invisible'],
    "lang_optional_infos" => $lang['optional_infos'],
    "lang_homepage" => $lang['homepage'],
    "profile_hits1" => ($user_row['profile_hits']),

"lang_icq" => $lang['icq'],
    "lang_save" => $lang['save'],
    "lang_reset" => $lang['reset'],
    "lang_change_password" => $lang['change_password'],
    "lang_old_password" => $lang['old_password'],
    "lang_new_password" => $lang['new_password'],
    "lang_new_password_confirm" => $lang['new_password_confirm'],
    "lang_edit_profile_msg" => $edit_profile_msg,
    "lang_yes" => $lang['yes'],
    "lang_no" => $lang['no']
  ));

  if (!empty($additional_user_fields)) {
    $additional_field_array = array();
    foreach ($additional_user_fields as $key => $val) {
      if ($val[1] == "radio") {
        $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : intval($user_info[$key]);
        if ($value == 1) {
          $additional_field_array[$key.'_yes'] = " checked=\"checked\"";
          $additional_field_array[$key.'_no'] = "";
        }
        else {
          $additional_field_array[$key.'_yes'] = "";
          $additional_field_array[$key.'_no'] = " checked=\"checked\"";
        }
      }

elseif ($val[1] == "dropdown") {
 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : $user_info[$key];
 $additional_field_array[$key.'_dropdown'] = get_db_fields_dropdown($key, $val, $value);
 }
 else {
 $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : $user_info[$key];
 }
 $additional_field_array[$key] = $value;
 $additional_field_array['lang_'.$key] = $val[0];
 }
 if (!empty($additional_field_array)) {
 $site_template->register_vars($additional_field_array);
 }
 }

 $content = $site_template->parse_template("member_editprofile");
 if (!empty($new_email_msg)) {
 $site_sess->logout($user_info['user_id']);
 }
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream = "<a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$txt_clickstream."";

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
 "content" => $content,
 "msg" => $msg,
 "clickstream" => $clickstream,
 "lang_control_panel" => $lang['control_panel']
));
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>

Besten Dank im Voraus für eure Hilfe.

Freundliche Grüße, Bommel

4

Discussion & Troubleshooting / Benutzerkonto - doppelte Anmeldung mit gleicher IP-Adresse

« on: January 31, 2010, 01:28:26 AM »

Hallo allerseits,

folgende Problemstellung - ich habe festgestellt, dass ein Benutzer sich unter derselben IP-Adresse mit verschiedenen Browsern zeitgleich mehrmals anmelden kann. Dies finde ich nicht gerade sehr gut. Ist dass jetzt ein Fehler in meiner Installation oder ist es tatsächlich möglich?

Besser wäre es, wenn eine zeitgleiche Mehrfachanmeldung über eine IP-Adresse unterbunden wird. Wenn dies kein Fehler in meiner Installation sein sollte, wie kann dann eine entsprechende Sperre bewerkstelligt werden?

Freundliche Grüße, Bommel

------------------------------------------------------------------------------------------------------------------------------------

Hello on all sides,

the following problem - I have found out that a user can announce himself at the same IP address with different browsers at the same time several times. I find this not exactly very good. Is that now a mistake in my installation or is it really possible?

It would be better if a simultaneous multiple registration about an IP address is prevented. If this should be no mistake in my installation, how can a suitable barrier be managed then?

Yours sincerely, Bommel

5

Mods & Plugins (Requests & Discussions) / Eigenes Template als php aufrufen

« on: January 29, 2010, 07:12:19 PM »

Hallo allerseits,

da ich leider nicht in diesem Thread http://www.4homepages.de/forum/index.php?topic=23037.msg125757#msg125757 posten kann, eröffne ich hierzu einen neuen Thread.

Ich habe mir für meine eigenen Templates eine php-Vorlage erstellt, mit der ich dann einfache HTML-Templates ohne besondere Funktionen (z.B. Impressum etc.) als PHP-Datei aufrufen kann. Meine Frage an euch Profis - habe ich in dieser Vorlage irgendetwas wichtiges vergessen?

<?php

$main_template = 'vorlage';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
error_reporting(E_ALL);

$contents = $site_template->parse_template("vorlage");

$txt_clickstream = $lang['vorlage'];

//-----------------------------------------------------
//---Clickstream---------------------------------------
//-----------------------------------------------------
$clickstream = "<a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['vorlage']."";

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"contents" => $contents,
"clickstream" => $clickstream
));
unset($contents);
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');

?>

Freundliche Grüße, Bommel

6

Discussion & Troubleshooting / Rechtsklick-Schutz funktioniert nicht

« on: January 26, 2010, 11:15:26 AM »

Hallo allerseits,

wie der Titel schon sagt - der Rechtsklick-Schutz funktioniert bei meiner Installation nicht mehr. Ich kann mir hierbei nicht mehr selbst weiterhelfen. An meinen Browsern kann es nicht liegen. Auf anderen Seiten funktioniert der Rechtsklick-Schutz bestens. Wenn ich meine header.html separat lade, funktioniert der Rechtsklick-Schutz wie gewohnt. Natürlich ist die Ausgabe entsprechend, aber er funktioniert. Sobald ich aber die header.html über meine Webseite starte, geht da nichts mehr.

Es muss also irgendwo etwas sein, was diese Funktion außer Kraft setzt. Und genau hier brauche ich eure Hilfe. Ich benutze das Template "Iceberg". Dieses Template habe ich so umgeschrieben, dass die Navigation oben und die linke Spalte mit Benutzeranmeldung etc. über die header.html aufgerufen wird. Das erleichtert mir einiges an Arbeit, wenn ich mal grundlegende Änderungen - wie z.B. an der Navigation - vornehmen muss. Das muss dann schließlich nur einmal vorgenommen werden, anstatt wie bei dem Original auf jeder Seite einzeln.

Was für Möglichkeiten gibt es - ausser der von den Browsern - die eine Javascript-Funktion außer Kraft setzen kann? Ich möchte nicht jede MOD einzeln ausbauen müssen, um dem Übeltäter auf die Spur zu kommen.

Freundliche Grüße, Bommel

PS: Ich weiß, das es einige Benutzer hier gibt, die nicht viel von dieser Rechtsklick-Funktion halten. Und ich weiß auch, dass diese nicht sonderlich viel bringt. Darum bitte ich euch, zu diesem Thema keine Grundsatzdiskussion zu beginnen. Ich möchte diese beibehalten und bei der Fehlersuche einen etwas anderen Weg gehen.

7

Mods & Plugins (Requests & Discussions) / Kategorien Listenansicht

« on: January 25, 2010, 01:14:21 PM »

Hallo allerseits,

gibt es für die Kategorien eine Listenansicht in der die Dateien ohne Thumbnails angezeigt werden? Schön wäre es wenn diese Listenansicht auch nach bestimmten Kriterien sortiert werden könnte.

Freundliche Grüße, Bommel

8

Discussion & Troubleshooting / Zufallsbild - nur Bilddateien anzeigen lassen

« on: January 25, 2010, 07:13:49 AM »

Hallo allerseits,

ich möchte bei den Zufallsbildern erreichen, dass tatsächlich auch nur Bilder angezeigt werden. Weder Videos noch andere Dateien. Es soll auch keine Auswahl nach Kategorien stattfinden. Wie muss das bewerkstelligt werden?

Ich meine, dies irgendwo hier schon einmal gelesen zu haben, kann aber momentan nichts dazu finden.

Freundliche Grüße, Bommel

9

Templates & Styles (Requests & Discussions) / Menü im ACP umstrukturieren?

« on: January 16, 2010, 03:56:20 PM »

Hallo allerseits,

ich möchte im ACP links das Menü umstrukturieren. Die Reihenfolge soll folgendermaßen aussehen:

Support-Tickets verwalten
News verwalten
Allgemein
Kategorien verwalten
Bilder verwalten
Kommentare verwalten
Benutzer verwalten
Moderatoren verwalten
PlugIns

Aktuell sieht es im ACP so aus:

Support-Tickets verwalten
Kategorien verwalten
News verwalten
Bilder verwalten
Kommentare verwalten
Benutzer verwalten
Moderatoren verwalten
Allgemein
PlugIns

Hier der aktuelle Code:

Code: [Select]

          if ($user_info['user_level'] == ADMIN || ($user_info['user_level'] == MODERADOR && $user_info['user_moderador_support'] == 1)) {
		  show_nav_header($lang['nav_support_main']);
		  show_nav_option($lang['nav_general_tickets'], "support.php");
}  
          if ($user_info['user_level'] == ADMIN || ($user_info['user_level'] == MODERADOR && $user_info['user_moderador_categorias'] == 1)) {
          show_nav_header($lang['nav_categories_main']);
          show_nav_option($lang['nav_categories_edit'], "categories.php?action=modifycats");
          show_nav_option($lang['nav_categories_add'], "categories.php?action=addcat");
		 
          }
          if ($user_info['user_level'] == ADMIN || ($user_info['user_level'] == MODERADOR && $user_info['user_moderador_noticias'] == 1)) {
		  show_nav_header($lang['news_main']);
		  show_nav_option($lang['news_add'], "news.php?action=addnews");
		  show_nav_option($lang['modify_news'], "news.php?action=modifynews");
}
          if ($user_info['user_level'] == ADMIN || ($user_info['user_level'] == MODERADOR && $user_info['user_moderador_imagenes'] == 1)) {
          show_nav_header($lang['nav_images_main']);
          show_nav_option($lang['nav_images_edit'], "images.php?action=modifyimages");
          show_nav_option($lang['nav_images_add'], "images.php?action=addimages");
          show_nav_option($lang['nav_images_validate'], "validateimages.php?action=validateimages");
          show_nav_option($lang['nav_images_check'], "checkimages.php?action=checkimages");
          show_nav_option($lang['nav_images_thumbnailer'], "thumbnailer.php?action=checkthumbnails");
          show_nav_option($lang['nav_images_resizer'], "resizer.php?action=selectoptions");
          }
          if ($user_info['user_level'] == ADMIN || ($user_info['user_level'] == MODERADOR && $user_info['user_moderador_comentarios'] == 1)) {
          show_nav_header($lang['nav_comments_main']);
          show_nav_option($lang['nav_comments_edit'], "comments.php?action=modifycomments");
		  }

		  if ($user_info['user_level'] == ADMIN || ($user_info['user_level'] == MODERADOR && $user_info['user_moderador_usuarios'] == 1)) {
          show_nav_header($lang['nav_users_main']);
          show_nav_option($lang['nav_users_edit'], "users.php?action=modifyusers");
          if (!defined('USER_INTEGRATION')) {
            show_nav_option($lang['nav_users_add'], "users.php?action=addusers");
          }
          show_nav_option($lang['nav_usergroups'], "usergroups.php?action=modifygroups");
          if (!defined('USER_INTEGRATION')) {
            show_nav_option($lang['nav_users_email'], "email.php?action=emailusers");
          }
		  }
	      if ($user_info['user_level'] == ADMIN && $user_info['user_level'] != MODERADOR && $user_info['user_level'] != GUEST) {
          show_nav_header($lang['nav_users_moderadores_main']);
          show_nav_option($lang['nav_users_moderadores_edit'], "users.php?action=findusers&usuario=moderadores");
          show_nav_header($lang['nav_general_main']);
          show_nav_option($lang['nav_general_settings'], "settings.php?action=modifysettings");
          show_nav_option($lang['nav_general_templates'], "templates.php?action=modifytemplates");
          show_nav_option($lang['nav_general_backup'], "backup.php?action=modifybackups");
          show_nav_option($lang['nav_general_stats'], "stats.php?action=resetstats");
		  show_nav_option("phpinfo()", "phpinfo.php");

          if (@is_dir("plugins")) {
            show_nav_header("PlugIns");
            $handle = @opendir("plugins/");
            while ($file = @readdir($handle)) {
              if (eregi("^\.{1,2}$", $file) || !eregi("\.php$", $file)) {
                continue;
              }
              $plugin_file = file("./plugins/".$file);
              $plugin_file[0] = trim($plugin_file[0]);
              if (preg_match("/PLUGIN_TITLE:([a-zäöüß0-9\-_ ]+)/i", $plugin_file[0], $regs)) {
                show_nav_option(trim($regs[1]), "./plugins/".$file);
              }
              else {
                show_nav_option($file, "./plugins/".$file);
              }
            }
			}
          ////////// Fin nuevo tipo de usuario //////
            @closedir($handle);
          }

Ich habe im ACP u.a. auch die MOD für Moderatoren integriert (http://www.4homepages.de/forum/index.php?topic=17155.msg91450#msg91450). Wie muss das bewerkstelligt werden, damit es nicht zu Problemen mit den Zugriffsrechten kommt?

Freundliche Grüße, Bommel

10

Mods & Plugins (Requests & Discussions) / Warnmeldung bei fehlendem SSL und Umschaltung per Mausklick

« on: January 07, 2010, 06:46:24 AM »

Hallo allerseits,

zuerst einmal - bitte entschuldigt, wenn diese Anfrage vielleicht schon einmal im Forum vorhanden sein sollte. Ich habe gestern ausgiebig danach gesucht, jedoch nur dieses Thema gefunden:

registration page SSL protected - http://www.4homepages.de/forum/index.php?topic=8542.msg39512#msg39512

Diese Variante habe ich auch bei den relevanten Seiten umgesetzt. Jedoch reicht mir das nicht. Da ich aber in Sachen php und Scripte nicht ganz so bewandert bin, versuche ich es jetzt mal hiermit.

Meine Seite ist nur für registrierte Benutzer aus meiner Familie zugänglich. Da ich in meiner Familie einige Benutzer habe, die mit Computer nicht so bewandert sind, möchte ich dort bezüglich SSL noch einige Vorkehrungen treffen. Wie oben schon erwähnt, habe ich die Idee aus dem genannten Thread bereits umgesetzt. Ich möchte aber auch, dass vor dem Anmelden die Seite an das SSL übergeben wird. Hierfür gibt es zwei Möglichkeiten:

Einmal über eine Weiterleitung von http zu https. Hierbei versage ich leider mit meinem Wissen. Weiterleitung per .htaccess verursacht immer wieder Fehlermeldungen.
Oder ich benutze ein Script, wo der Benutzer vorher daran erinnert wird, auf die SSL-Variante umzuschalten. In diesem Fall erscheint eine blinkende Warnmeldung mit einem Link zum Umschalten in der Anmeldemaske. Sobald auf SSL umgeschaltet ist, verschwindet dieser Warnhinweis.

Mir persönlich sagt die letztere Variante zu. Wie muss ich das bewerkstelligen? Ich möchte nicht, dass ihr mir ein fertiges Script liefert, denn ich möchte es auch verstehen lernen. Das geht nur, wenn ich es selber mache. Ich benötige aber hierfür Hinweise und Ansätze in die richtige Richtung.

Vielen Dank schon mal im Voraus für eure Hilfe.

Freundliche Grüße Bommel

Nachtrag: Ich vergaß zu erwähnen - ich benutze 4images V1.7.7 mit Iceberg-Template.

Nachtrag (15:35 Uhr):

So... ich habe mich jetzt damit weiter befasst. Kann folgendes Grundscript benutzt werden, um die Abfrage des benutzten Protokolls durchzuführen?