40
« on: March 24, 2008, 05:13:11 PM »
Ich habe 1.7.1 im Einsatz.
Hier ist meine member.php.
Gruss
TIMIT
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: member.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.1 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
$main_template = "member";
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
if ($action == "") {
$action = "lostpassword";
}
$content = "";
$txt_clickstream = "";
$sendprocess = 0;
if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) {
$comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]);
}
else {
$comment_id = 0;
}
if ($action == "deletecomment") {
if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT c.comment_id, c.user_id AS comment_user_id, i.image_id, i.cat_id, i.user_id, i.image_name
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_delete'];
$sql = "UPDATE ".IMAGES_TABLE."
SET image_comments = image_comments - 1
WHERE image_id = ".$comment_row['image_id'];
$site_db->query($sql);
if ($comment_row['comment_user_id'] != GUEST) {
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
WHERE ".get_user_table_field("", "user_id")." = ".$comment_row['comment_user_id'];
$site_db->query($sql);
}
$sql = "DELETE FROM ".COMMENTS_TABLE."
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}
if ($action == "removecomment") {
if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_delete'];
if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
$user_name = $comment_row[$user_table_fields['user_name']];
}
else {
$user_name = $comment_row['comment_user_name'];
}
$site_template->register_vars(array(
"comment_id" => $comment_id,
"image_name" => htmlspecialchars($comment_row['image_name']),
"user_name" => htmlspecialchars($user_name),
"comment_headline" => format_text($comment_row['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"lang_delete_comment" => $lang['comment_delete'],
"lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
"lang_image_name" => $lang['image_name'],
"lang_name" => $lang['name'],
"lang_headline" => $lang['headline'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$content = $site_template->parse_template("member_deletecomment");
}
if ($action == "updatecomment") {
if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT c.comment_id, c.image_id, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_edit'];
$error = 0;
$comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
if (!isset($comment_headline)) {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['headline']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
if ($comment_text == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['comment']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
if (!$error) {
$sql = "UPDATE ".COMMENTS_TABLE."
SET comment_headline = '$comment_headline', comment_text = '$comment_text'
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
}
else {
$action = "editcomment";
$sendprocess = 1;
}
}
if ($action == "editcomment") {
if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_id'] != $comment_row['comment_user_id'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_edit'];
$comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline'];
$comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];
if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
$user_name = $comment_row[$user_table_fields['user_name']];
}
else {
$user_name = $comment_row['comment_user_name'];
}
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_id" => $comment_id,
"image_name" => htmlspecialchars($comment_row['image_name']),
"user_name" => htmlspecialchars($user_name),
"comment_headline" => htmlspecialchars($comment_headline),
"comment_text" => htmlspecialchars($comment_text),
"lang_edit_comment" => $lang['comment_edit'],
"lang_image_name" => $lang['image_name'],
"lang_name" => $lang['name'],
"lang_headline" => $lang['headline'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$content = $site_template->parse_template("member_editcomment");
}
/*
MOD RECYCLE BIN FOR IMAGES
BEGIN INSERT
*/
if ($action == "deleteimage")
{
$recycle_bin_cat = 61; //recycle bin category ID
$big = ""; //big folder name. leave empty if your are not using it
$big = "big"; //big folder name. leave empty if your are not using it
$backup = (defined('BACKUPDIR')) ? BACKUPDIR : ""; //backup dir with trailing slash! leave empty if not using it
$backup = "/www/4images_backup/"; //backup dir with trailing slash! leave empty if not using it
$control_panel = $lang['image_delete'];
if (!function_exists("multilang"))
{
function multilang($text)
{
return $text;
}
}
function movefiles($src, $dest)
{
$n = 2;
$copy = "";
$name = substr($dest,0,(strlen($dest)-strlen(strrchr($dest,"."))));
$ext = substr(strrchr($dest,"."), 1);
while (file_exists($name.$copy.".".$ext))
{
$copy = "_".$n;
$n++;
}
$dest = $name.$copy.".".$ext;
if ($ok = @copy($src, $dest))
{
@chmod($dest, CHMOD_FILES);
@unlink($src);
return basename($dest);
}
return false;
}
if ($config['user_delete_image'] > 1)
{
if (!$image_id)
{
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_media_file, i.image_thumb_file".get_user_table_field(", u.", "user_level")."
FROM ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
WHERE i.image_active = 1 AND i.image_id = $image_id AND i.cat_id NOT IN (".get_auth_cat_sql('auth_viewcat', 'NOTIN').",".$recycle_bin_cat.")";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || ($user_info['user_level'] != ADMIN && ($image_row['user_level'] <= USER_AWAITING || $user_info['user_id'] != $image_row['user_id'] || (!$config['user_delete_image'] && $user_info['user_cat'] != $image_row['cat_id']))))
{
show_error_page($lang['no_permission']);
exit;
}
$sql = "";
switch($config['user_delete_image'])
{
case 2: //recycle bin
$mime_type_match = array();
include(ROOT_PATH.'includes/upload_definitions.php');
$error = 0;
$media_moved = 0;
$new_media_name = $image_row['image_media_file'];
$new_thumb_name = $image_row['image_thumb_file'];
if (!$error && $image_row['image_media_file'] && !is_remote($image_row['image_media_file']))
{
if ($new_media_name = movefiles(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'], MEDIA_PATH."/".$recycle_bin_cat."/".$image_row['image_media_file']))
{
$media_moved = 1;
}
else
{
$error = 1;
}
}
if (!$error && $image_row['image_thumb_file'] && !is_remote($image_row['image_thumb_file']))
{
if (!$new_thumb_name = movefiles(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file'], THUMB_PATH."/".$recycle_bin_cat."/".$image_row['image_thumb_file']))
{
$error = 1;
if ($media_moved)
{
movefiles(MEDIA_PATH."/".$recycle_bin_cat."/".$new_media_name, MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
}
}
}
if (!$error && $big)
{
$file = MEDIA_PATH."/".$image_row['cat_id']."/".$big."/".$image_row['image_media_file'];
$new_file = MEDIA_PATH."/".$recycle_bin_cat."/".$big."/".$new_media_name;
if ($image_row['image_media_file'] && file_exists($file))
{
if (!@is_dir(MEDIA_PATH."/".$recycle_bin_cat."/".$big))
{
$oldumask = umask(0);
$result = @mkdir(MEDIA_PATH."/".$recycle_bin_cat."/".$big, CHMOD_DIRS);
umask($oldumask);
if (!is_dir(MEDIA_PATH."/".$recycle_bin_cat."/".$big) || !$result)
{
$result = @mkdir(MEDIA_PATH."/".$recycle_bin_cat."/".$big, 0755);
}
@chmod(MEDIA_PATH."/".$recycle_bin_cat."/".$big, CHMOD_DIRS);
}
if (file_exists($new_file))
{
@unlink($new_file);
}
if (@copy($file, $new_file))
{
@unlink($file);
@chmod($new_file, CHMOD_FILES);
}
}
}
if (!$error && $backup)
{
$file = $backup."/".$image_row['cat_id']."/".$image_row['image_media_file'];
$new_file = $backup."/".$recycle_bin_cat."/".$new_media_name;
if ($image_row['image_media_file'] && file_exists($file))
{
if (!@is_dir(MEDIA_PATH."/".$recycle_bin_cat."/".$backup))
{
$oldumask = umask(0);
$result = @mkdir($backup."/".$recycle_bin_cat, CHMOD_DIRS);
umask($oldumask);
if (!is_dir($backup."/".$recycle_bin_cat) || !$result)
{
$result = @mkdir($backup."/".$recycle_bin_cat, 0755);
}
@chmod($backup."/".$recycle_bin_cat, CHMOD_DIRS);
}
if (file_exists($new_file))
{
@unlink($new_file);
}
if (@copy($file, $new_file))
{
@unlink($file);
@chmod($new_file, CHMOD_FILES);
}
}
}
$sql = "UPDATE ".IMAGES_TABLE."
SET image_media_file = '".addslashes($new_media_name)."', image_thumb_file = '".addslashes($new_thumb_name)."', cat_id = ".$recycle_bin_cat."
WHERE image_id = ".$image_row['image_id'];
break;
case 3: //mark as inactive
$sql = "UPDATE ".IMAGES_TABLE."
SET image_active = 0
WHERE image_id = ".$image_row['image_id'];
break;
}
if (!$error && (!$sql || !$site_db->query($sql)))
{
$error = 1;
}
if (!$error)
{
$msg_color = 1;
}
$msg = "<meta http-equiv=\"refresh\" content=\"2; url=".$site_sess->url(ROOT_PATH.(($error) ? "details.php?".URL_IMAGE_ID."=".$image_id : "categories.php?cat_id=".$image_row['cat_id']))."\">".(($error) ? $lang['image_delete_error'] : $lang['image_delete_success']);
$txt_clickstream = get_category_path($image_row['cat_id'], 1, 0, 1).(($error) ? $config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".multilang($image_row['image_name'])."</a>".$config['category_separator'] : "");
$action = "";
}
}
/*
MOD RECYCLE BIN FOR IMAGES
END INSERT
*/
if ($action == "deleteimage") {
if (!$image_id || (!$config['user_delete_image'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT image_id, cat_id, user_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['image_delete'];
$sql = "DELETE FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$del_img = $site_db->query($sql);
if (!is_remote($image_row['image_media_file']) && !is_local_file($image_row['image_media_file'])) {
@unlink(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
}
if (!empty($image_row['image_thumb_file']) && !is_remote($image_row['image_thumb_file']) && !is_local_file($image_row['image_thumb_file'])) {
@unlink(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);
}
include(ROOT_PATH.'includes/search_utils.php');
remove_searchwords($image_id);
if (!empty($user_table_fields['user_comments'])) {
$sql = "SELECT user_id
FROM ".COMMENTS_TABLE."
WHERE image_id = $image_id";
$result = $site_db->query($sql);
$user_id_sql = "";
while ($row = $site_db->fetch_array($result)) {
if ($row['user_id'] != GUEST) {
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
WHERE ".get_user_table_field("", "user_id")." = ".$row['user_id'];
$site_db->query($sql);
}
}
}
$sql = "DELETE FROM ".COMMENTS_TABLE."
WHERE image_id = $image_id";
$del_com = $site_db->query($sql);
if ($del_img) {
$msg = $lang['image_delete_success'];
}
else {
$msg = $lang['image_delete_error'];
}
}
if ($action == "removeimage") {
if (!$image_id || (!$config['user_delete_image'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT image_id, cat_id, user_id, image_name
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['image_delete'];
$site_template->register_vars(array(
"image_id" => $image_id,
"image_name" => htmlspecialchars($image_row['image_name']),
"lang_delete_image" => $lang['image_delete'],
"lang_delete_image_confirm" => $lang['image_delete_confirm'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$content = $site_template->parse_template("member_deleteimage");
}
if ($action == "updateimage") {
if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
}
$sql = "SELECT image_id, cat_id, user_id, image_name
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['image_edit'];
$error = 0;
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
$image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
$image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
$image_keywords = str_replace(","," ",$image_keywords);
$image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);
if ($image_name == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
// Minimum Keyword Check
if ($config['min_image_keywords']) {
$keyword_count = substr_count($image_keywords," ");
if ($config['min_image_keywords'] > ($keyword_count+1)) {
$error = 1;
//$field_error = $lang['image_too_few_keywords'];
$field_error = preg_replace("/".$site_template->start."minimum_keywords".$site_template->end."/siU", str_replace(":", "", $config['min_image_keywords']), $lang['image_too_few_keywords']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
}
// Minimum Keyword Check
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
}
}
if (!$error) {
$additional_sql = "";
if (isset($HTTP_POST_VARS['image_allow_comments'])) {
$additional_sql .= ", image_allow_comments = ".intval($HTTP_POST_VARS['image_allow_comments']);
}
if (!empty($additional_image_fields)) {
$table_fields = $site_db->get_table_fields(IMAGES_TABLE);
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
$additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
}
}
}
$sql = "UPDATE ".IMAGES_TABLE."
SET image_name = '$image_name', image_description = '$image_description', image_keywords = '$image_keywords'".$additional_sql."
WHERE image_id = $image_id";
$result = $site_db->query($sql);
if ($result) {
include(ROOT_PATH.'includes/search_utils.php');
$search_words = array();
foreach ($search_match_fields as $image_column => $match_column) {
if (isset($HTTP_POST_VARS[$image_column])) {
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
}
}
remove_searchwords($image_id);
add_searchwords($image_id, $search_words);
$msg = $lang['image_edit_success'];
header("Refresh: 2; url=".$site_sess->url(ROOT_PATH."details.php?image_id=".$image_id, "&")); // refresh after edit MOD
}
else {
$msg = $lang['image_edit_error'];
}
}
else {
$action = "editimage";
$sendprocess = 1;
}
}
if ($action == "editimage") {
if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$additional_sql = "";
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
$additional_sql .= ", ".$key;
}
}
$sql = "SELECT image_id, cat_id, user_id, image_name, image_description, image_keywords, image_allow_comments".$additional_sql.", image_media_file, image_thumb_file, image_date, image_active, image_downloads, image_hits, image_comments, image_rating, image_votes, image_download_url
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['image_edit'];
$image_row['cat_name'] = $cat_cache[$image_row['cat_id']]['cat_name'];
show_image($image_row);
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_name']))) : $image_row['image_name'];
$image_description = (isset($HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_description']))) : $image_row['image_description'];
$image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_keywords']))) : $image_row['image_keywords'];
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments'])) ? intval($HTTP_POST_VARS['image_allow_comments']) : $image_row['image_allow_comments'];
$site_template->register_vars(array(
"image_id" => $image_id,
"image_name" => htmlspecialchars($image_name),
"image_description" => htmlspecialchars($image_description),
"image_keywords" => htmlspecialchars($image_keywords),
"image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
"image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
"lang_edit_image" => $lang['image_edit'],
"lang_image_name" => $lang['image_name'],
"lang_description" => $lang['description'],
"lang_keywords" => $lang['keywords_ext'],
"lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
if (!empty($additional_image_fields)) {
$additional_field_array = array();
foreach ($additional_image_fields as $key => $val) {
if ($val[1] == "radio") {
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : $image_row[$key];
if ($value == 1) {
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
$additional_field_array[$key.'_no'] = "";
}
else {
$additional_field_array[$key.'_yes'] = "";
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
}
}
elseif ($val[1] == "dropdown") {
$value = (isset($HTTP_POST_VARS[$key])) ? $HTTP_POST_VARS[$key] : $image_row[$key];
$additional_field_array[$key.'_dropdown'] = get_db_fields_dropdown($key, $val, $value);
}
else {
$value = (isset($HTTP_POST_VARS[$key])) ? htmlspecialchars(stripslashes(trim($HTTP_POST_VARS[$key]))) : ((isset($image_row[$key])) ? $image_row[$key] : "");
}
$additional_field_array[$key] = $value;
$additional_field_array['lang_'.$key] = $val[0];
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
$content = $site_template->parse_template("member_editimage");
}
if ($action == "uploadimage") {
if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = "";
if ($cat_id && isset($cat_cache[$cat_id])) {
$txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
}
$txt_clickstream .= $lang['user_upload'];
$remote_media_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_media_file'])));
$remote_thumb_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_thumb_file'])));
if ($HTTP_POST_VARS['image_keywords_check']){
$HTTP_POST_VARS['image_keywords'] .= " ".implode(" ", $HTTP_POST_VARS['image_keywords_check']);
}
if ($HTTP_POST_VARS['image_keywords_multi']){
$HTTP_POST_VARS['image_keywords'] .= " ".implode(" ", $HTTP_POST_VARS['image_keywords_multi']);
}
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
$image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
$image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
$image_keywords = str_replace(","," ",$image_keywords);
$image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);
/*$image_keywords_check = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords_check']));
$image_keywords_check = preg_replace("/[\n\r]/is", " ", $image_keywords_check);
$image_keywords_check = str_replace(","," ",$image_keywords_check);
$image_keywords_check = ereg_replace("( ){2,}", " ", $image_keywords_check);
$image_keywords_multi = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords_multi']));
$image_keywords_multi = preg_replace("/[\n\r]/is", " ", $image_keywords_multi);
$image_keywords_multi = str_replace(","," ",$image_keywords_multi);
$image_keywords_multi = ereg_replace("( ){2,}", " ", $image_keywords_multi);*/
$image_active = (isset($HTTP_POST_VARS['image_active']) && $HTTP_POST_VARS['image_active'] == 0) ? 0 : 1;
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments']) && $HTTP_POST_VARS['image_allow_comments'] == 0) ? 0 : 1;
$image_download_url = (isset($HTTP_POST_VARS['image_download_url'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['image_download_url']))) : "";
$image_format = "";
$direct_upload = (check_permission("auth_directupload", $cat_id)) ? 1 : 0;
$upload_cat = ($direct_upload) ? $cat_id : 0;
$error = 0;
$uploaderror = 0;
if ($cat_id == 0) {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['category']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
if ((empty($HTTP_POST_FILES['media_file']['tmp_name']) || $HTTP_POST_FILES['media_file']['tmp_name'] == "none") && ($remote_media_file == "" || !check_remote_media($remote_media_file))) {
$error = 1;
$msg .= (($msg != "") ? "<br />" : "").$lang['image_file_required'];
}
if ($image_name == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
// Minimum Keyword Check
if ($config['min_image_keywords']) {
$keyword_count = substr_count($image_keywords," ");
if ($config['min_image_keywords'] > ($keyword_count+1)) {
$error = 1;
//$field_error = $lang['image_too_few_keywords'];
$field_error = preg_replace("/".$site_template->start."minimum_keywords".$site_template->end."/siU", str_replace(":", "", $config['min_image_keywords']), $lang['image_too_few_keywords']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
}
// Minimum Keyword Check
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
}
}
if (!$error) {
// Start Upload
include(ROOT_PATH.'includes/upload.php');
$site_upload = new Upload();
// Upload Media file
if (!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") {
$new_name = $site_upload->upload_file("media_file", "media", $upload_cat);
if (!$new_name) {
$msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['file_upload_error'].": ".$new_name."</b><br />".$site_upload->get_upload_errors();
$uploaderror = 1;
}
}
else {
$new_name = $remote_media_file;
}
// Uplad thumb file
$new_thumb_name = "";
if (!empty($HTTP_POST_FILES['thumb_file']['tmp_name']) && $HTTP_POST_FILES['thumb_file']['tmp_name'] != "none" && !$uploaderror) {
$new_thumb_name = $site_upload->upload_file("thumb_file", "thumb", $upload_cat, basename($new_name));
if (!$new_thumb_name) {
$msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['thumb_upload_error'].": ".$new_thumb_name."</b><br />".$site_upload->get_upload_errors();
@unlink(MEDIA_TEMP_PATH."/".$new_name);
$uploaderror = 1;
}
}
elseif (check_remote_thumb($remote_thumb_file)) {
$new_thumb_name = $remote_thumb_file;
}
elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) {
if ($direct_upload) {
$src = MEDIA_PATH."/".$cat_id."/".$new_name;
$dest = THUMB_PATH."/".$cat_id."/".$new_name;
}
else {
$src = MEDIA_TEMP_PATH."/".$new_name;
$dest = THUMB_TEMP_PATH."/".$new_name;
}
$do_create = 0;
if ($image_info = @getimagesize($src)) {
if ($image_info[2] == 1 || $image_info[2] == 2 || $image_info[2] == 3) {
$do_create = 1;
}
}
if ($do_create) {
require(ROOT_PATH.'includes/image_utils.php');
$convert_options = init_convert_options();
if (!$convert_options['convert_error']) {
$dimension = (intval($config['auto_thumbnail_dimension'])) ? intval($config['auto_thumbnail_dimension']) : 100;
$resize_type = (intval($config['auto_thumbnail_resize_type'])) ? intval($config['auto_thumbnail_resize_type']) : 1;
$quality = (intval($config['auto_thumbnail_quality']) && intval($config['auto_thumbnail_quality']) <= 100) ? intval($config['auto_thumbnail_quality']) : 100;
if (create_thumbnail($src, $dest, $quality, $dimension, $resize_type)) {
$new_thumb_name = $new_name;
}
}
}
}
if (!$uploaderror) {
// Mod Image Dimensions & Filesize / Fix
$file = (file_exists(MEDIA_PATH."/".$cat_id."/".$new_name)) ? MEDIA_PATH."/".intval($cat_id)."/".$new_name : MEDIA_TEMP_PATH."/".$new_name;
if ($image_info = @getimagesize($file)) {
$width_height = " ".$imageinfo[3];
//$width = $image_info[0];
$HTTP_POST_VARS['image_aufloesung1'] = $image_info[0];
$HTTP_POST_VARS['image_aufloesung2'] = $image_info[1];
//$height = $image_info[1];
if (function_exists('format_file_size') && function_exists('filesize')) {
$image_filesize = @filesize($file);
$image_filesize = format_file_size($image_filesize);
$image_filesize = str_replace(" "," ",$image_filesize);
$HTTP_POST_VARS['image_filegroesse'] = $image_filesize;
}
}
// END Mod Image Dimensions & Filesize / Fix
$additional_field_sql = "";
$additional_value_sql = "";
if (!empty($additional_image_fields)) {
$table = ($direct_upload) ? IMAGES_TABLE : IMAGES_TEMP_TABLE;
$table_fields = $site_db->get_table_fields($table);
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
$additional_field_sql .= ", $key";
$additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
}
}
}
$current_time = time();
// #################################### Start Mod Colorsearch ##################################
$ext = get_file_extension($new_name);
$config['colorsearch_types_array'] = explode(",", $config['colorsearch_types']);
if (in_array($ext, $config['colorsearch_types_array']) && ($config['colorsearch_Show'] == "1")) {
$show_colors = $config['colorsearch_colors'];
class GetMostCommonColors
{
var $image;
function Get_Color()
{
if (isset($this->image))
{
$PREVIEW_WIDTH = 150;
$PREVIEW_HEIGHT = 150;
$size = GetImageSize($this->image);
$scale=1;
if ($size[0]>0)
$scale = min($PREVIEW_WIDTH/$size[0], $PREVIEW_HEIGHT/$size[1]);
if ($scale < 1)
{
$width = floor($scale*$size[0]);
$height = floor($scale*$size[1]);
}
else
{
$width = $size[0];
$height = $size[1];
}
$image_resized = imagecreatetruecolor($width, $height);
if ($size[2]==1)
$image_orig=imagecreatefromgif($this->image);
if ($size[2]==2)
$image_orig=imagecreatefromjpeg($this->image);
if ($size[2]==3)
$image_orig=imagecreatefrompng($this->image);
imagecopyresampled($image_resized, $image_orig, 0, 0, 0, 0, $width, $height, $size[0], $size[1]);
$im = $image_resized;
$imgWidth = imagesx($im);
$imgHeight = imagesy($im);
for ($y=0; $y < $imgHeight; $y++)
{
for ($x=0; $x < $imgWidth; $x++)
{
$index = imagecolorat($im,$x,$y);
$Colors = imagecolorsforindex($im,$index);
$Colors['red']=intval((($Colors['red'])+15)/32)*32;
$Colors['green']=intval((($Colors['green'])+15)/32)*32;
$Colors['blue']=intval((($Colors['blue'])+15)/32)*32;
if ($Colors['red']>=256)
$Colors['red']=240;
if ($Colors['green']>=256)
$Colors['green']=240;
if ($Colors['blue']>=256)
$Colors['blue']=240;
$hexarray[]=substr("0".dechex($Colors['red']),-2).substr("0".dechex($Colors['green']),-2).substr("0".dechex($Colors['blue']),-2);
}
}
$hexarray=array_count_values($hexarray);
natsort($hexarray);
$hexarray=array_reverse($hexarray,true);
return $hexarray;
}
else die("ERROR! (\$image parameter)");
}
}
$ex=new GetMostCommonColors();
if ($direct_upload) {
$ex->image= ROOT_PATH.MEDIA_DIR."/".$cat_id."/".$new_name."";
}
else {
$ex->image= ROOT_PATH.MEDIA_TEMP_DIR."/".$new_name."";
}
$colors=$ex->Get_Color();
$colors_key=array_keys($colors);
$how_many = count(array_keys($colors))-1;
$image_colorsearch_colors = "";
if ($how_many <= $show_colors) {
for ($i = 0; $i <= $how_many; $i++)
{
$image_colorsearch_colors .= "$colors_key[$i] ";
}
}
else {
for ($i = 0; $i <= ($show_colors-1); $i++)
{
$image_colorsearch_colors .= "$colors_key[$i] ";
}
}
}
// #################################### END Mod Colorsearch ##################################
if ($direct_upload) {
$sql = "INSERT INTO ".IMAGES_TABLE."
(cat_id, user_id, image_name, image_description, image_keywords, image_date, image_active, image_media_file, image_thumb_file, image_download_url, image_allow_comments, image_colorsearch_colors".$additional_field_sql.")
VALUES
($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, $image_active, '$new_name', '$new_thumb_name', '$image_download_url', $image_allow_comments, '$image_colorsearch_colors'".$additional_value_sql.")";
$result = $site_db->query($sql);
$image_id = $site_db->get_insert_id();
if ($result) {
include(ROOT_PATH.'includes/search_utils.php');
$search_words = array();
foreach ($search_match_fields as $image_column => $match_column) {
// #################################### Start Mod Colorsearch ################################
$search_words[$image_column] = $image_colorsearch_colors;
// #################################### End Mod Colorsearch ##################################
if (isset($HTTP_POST_VARS[$image_column])) {
$search_words[$image_column] .= stripslashes($HTTP_POST_VARS[$image_column]);
}
}
add_searchwords($image_id, $search_words);
}
}
else {
$sql = "INSERT INTO ".IMAGES_TEMP_TABLE."
(cat_id, user_id, image_name, image_description, image_keywords, image_date, image_media_file, image_thumb_file, image_download_url, image_colorsearch_colors".$additional_field_sql.")
VALUES
($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, '$new_name', '$new_thumb_name', '$image_download_url', '$image_colorsearch_colors'".$additional_value_sql.")";
$result = $site_db->query($sql);
}
if ($config['upload_notify'] == 1) {
include(ROOT_PATH.'includes/email.php');
$site_email = new Email();
$config['upload_emails'] = str_replace(" ", "", $config['upload_emails']);
$emails = explode(",", $config['upload_emails']);
$validation_url = $script_url."/admin/index.php?goto=".urlencode("validateimages.php?action=validateimages");
$site_email->set_to($config['site_email']);
$site_email->set_subject($lang['new_upload_emailsubject']);
$site_email->register_vars(array(
"image_name" => stripslashes($image_name),
"file_name" => $new_name,
"cat_name" => $cat_cache[$cat_id]['cat_name'],
"validation_url" => $validation_url,
"site_name" => $config['site_name']
));
$site_email->set_body("upload_notify", $config['language_dir_default']);
$site_email->set_bcc($emails);
$site_email->send_email();
}
$msg .= $lang['image_add_success'].": <b>".stripslashes($image_name)."</b> (".$new_name.")";
$msg .= (!$direct_upload) ? "<br />".$lang['new_upload_validate_desc'] : "";
$file_extension = get_file_extension($new_name);
$file = (is_remote($new_name)) ? $new_name : (($direct_upload) ? MEDIA_PATH."/".$cat_id."/".$new_name : MEDIA_TEMP_PATH."/".$new_name);
$width_height = "";
if (!is_remote($file) && $imageinfo = @getimagesize($file)) {
$width_height = " ".$imageinfo[3];
$width = (function_exists('getimagesize')) ? $imageinfo[0] : 0;
$height = (function_exists('getimagesize')) ? $imageinfo[1] : 0;
// Display uploaded Image smaller
$max_display_width = 450;
if ($width > $max_display_width) {
$new_aspect_ratio = $width/$height;
$width = $max_display_width;
$height = round($width / $new_aspect_ratio,0);
$width_height = ' height="'.$height.'" width="'.$width.'"';
}
$image_filesize = (function_exists('format_file_size') && function_exists('filesize')) ? format_file_size(@filesize(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'])) : "";
// Mod Image Dimensions / FileSize FIX
/*$sql_update = "UPDATE ".IMAGES_TABLE."
SET image_aufloesung1 = '".$width."', image_aufloesung2 = '".$height."', image_filegroesse = '".$image_filesize."'
WHERE image_id = ".$image_id;
$result = $site_db->query($sql_update); */
}
$media_icon = "<img src=\"".ICON_PATH."/".$file_extension.".gif\" border=\"0\" alt=\"\" />";
$site_template->register_vars(array(
"media_src" => $file,
"media_icon" => $media_icon,
"image_name" => format_text(stripslashes($image_name)),
"width" => intval(trim($width)),
"height" => intval(trim($height)),
"image_filesize" => trim($image_filesize),
"width_height" => $width_height
));
$media = $site_template->parse_template("media/".$file_extension);
$content .= "<table border=\"0\" align=\"center\">\n<tr>\n<td>\n".$media."\n</td>\n</tr>\n</table>\n";
}
else {
$action = "uploadform";
$sendprocess = 1;
}
}
else {
$action = "uploadform";
$sendprocess = 1;
}
}
if ($action == "UsStat") {
include(ROOT_PATH.'adminstat.php');
if (!isset($_GET['detail'])||intval($_GET['detail'])==0){
$content= selectProduct('./member.php?action=UsStat');
}else
$content= showDetStat($_GET['detail']);
}
if ($action == "uploadform") {
if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = "";
if ($cat_id && isset($cat_cache[$cat_id])) {
$txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
}
$txt_clickstream .= $lang['user_upload'];
if (!$sendprocess) {
$remote_media_file = "";
$remote_thumb_file = "";
$image_name = "";
$image_description = "";
$image_keywords = "";
$image_download_url = "";
$image_allow_comments = 1;
}
$site_template->register_vars(array(
"cat_id" => $cat_id,
/* MOD UPLOAD CATEGORIES DROPDOWN
ORIGINAL LINE:
"cat_name" => ($cat_id != 0) ? htmlspecialchars($cat_cache[$cat_id]['cat_name']) : get_category_dropdown($cat_id),
*/
/*
MOD UPLOAD CATEGORIES DROPDOWN BEGIN REPLACE
*/
// "cat_name" => get_category_dropdown_upload($cat_id),
"cat_name" => ($cat_id != 0 && (!isset($HTTP_POST_VARS['showdropdown']))) ? htmlspecialchars($cat_cache[$cat_id]['cat_name']) : get_category_dropdown_upload($cat_id)."<input type=\"hidden\" name=\"showdropdown\" value=\"1\">",
"cat_name_required" => addslashes(preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['category']), $lang['field_required'])),
/* MOD UPLOAD CATEGORIES DROPDOWN END REPLACE
*/
"remote_media_file" => htmlspecialchars(stripslashes($remote_media_file)),
"remote_thumb_file" => htmlspecialchars(stripslashes($remote_thumb_file)),
"image_name" => htmlspecialchars(stripslashes($image_name)),
"image_description" => htmlspecialchars(stripslashes($image_description)),
"image_keywords" => htmlspecialchars(stripslashes($image_keywords)),
"image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
"image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
"image_download_url" => htmlspecialchars(stripslashes($image_download_url)),
"lang_category" => $lang['category'],
"lang_user_upload" => $lang['user_upload'],
"lang_media_file" => $lang['media_file'],
"lang_thumb_file" => $lang['thumb_file'],
"lang_allowed_file_types" => $lang['allowed_mediatypes_desc'],
"allowed_media_types" => str_replace(",",", ",$config['allowed_mediatypes']),
"allowed_thumb_types" => "jpg, gif, png",
"lang_max_filesize" => $lang['max_filesize'],
"lang_max_imagewidth" => $lang['max_imagewidth'],
"lang_max_imageheight" => $lang['max_imageheight'],
"max_thumb_filsize" => $config['max_thumb_size']." ".$lang['kb'],
"max_thumb_imagewidth" => $config['max_thumb_width']." ".$lang['px'],
"max_thumb_imageheight" => $config['max_thumb_height']." ".$lang['px'],
"max_media_filsize" => $config['max_media_size']." ".$lang['kb'],
"max_media_imagewidth" => $config['max_image_width']." ".$lang['px'],
"max_media_imageheight" => $config['max_image_height']." ".$lang['px'],
"lang_image_name" => $lang['image_name'],
"lang_description" => $lang['description'],
"lang_keywords" => $lang['keywords_ext'],
"lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
if (!empty($additional_image_fields)) {
$additional_field_array = array();
foreach ($additional_image_fields as $key => $val) {
if ($val[1] == "radio") {
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
if ($value == 1) {
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
$additional_field_array[$key.'_no'] = "";
}
else {
$additional_field_array[$key.'_yes'] = "";
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
}
}
elseif ($val[1] == "dropdown") {
$value = (isset($HTTP_POST_VARS[$key])) ? $HTTP_POST_VARS[$key] : $image_row[$key];
$additional_field_array[$key.'_dropdown'] = get_db_fields_dropdown($key, $val, $value);
}
else {
$value = (isset($HTTP_POST_VARS[$key])) ? htmlspecialchars(stripslashes(trim($HTTP_POST_VARS[$key]))) : ((isset($image_row[$key])) ? $image_row[$key] : "");
}
$additional_field_array[$key] = $value;
$additional_field_array['lang_'.$key] = $val[0];
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
$content = $site_template->parse_template("member_uploadform");
}
if ($action == "emailuser") {
$txt_clickstream = $lang['profile'];
$user_id = (isset($HTTP_POST_VARS[URL_USER_ID])) ? intval($HTTP_POST_VARS[URL_USER_ID]) : GUEST;
$error = 0;
if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
show_error_page($lang['no_permission']);
exit;
}
$subject = stripslashes(trim($HTTP_POST_VARS['subject']));
$message = stripslashes(trim($HTTP_POST_VARS['message']));
if ($subject == "" || $message == "") {
$msg = $lang['lostfield_error'];
$sendprocess = 1;
$error = 1;
}
if (!$error) {
if ($user_row = get_user_info($user_id)) {
if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) {
$content = $lang['invalid_user_id'];
}
else {
$sender_user_name = ($user_info['user_level'] != GUEST) ? (isset($user_info['user_name']) ? $user_info['user_name'] : $lang['userlevel_user']) : $lang['userlevel_guest'];
$sender_user_email = ($user_info['user_level'] != GUEST && isset($user_info['user_email'])) ? $user_info['user_email'] : $config['site_email'];
// Start Emailer
include(ROOT_PATH.'includes/email.php');
$site_email = new Email();
$site_email->set_from($sender_user_email, $sender_user_name);
$site_email->set_to($user_row['user_email']);
$site_email->set_subject($subject);
$site_email->register_vars(array(
"sender_user_name" => $sender_user_name,
"sender_user_email" => $sender_user_email,
"message" => $message,
"site_name" => $config['site_name']
));
$site_email->set_body("mailform_message", $config['language_dir']);
$site_email->send_email();
$msg = $lang['emailuser_success'];
}
}
else {
$content = $lang['invalid_user_id'];
}
}
else {
$action = "mailform";
}
}
if ($action == "mailform") {
$txt_clickstream = $lang['profile'];
if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) {
$user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]);
if (!$user_id) {
$user_id = GUEST;
}
}
else {
$user_id = GUEST;
}
if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
show_error_page($lang['no_permission']);
exit;
}
if (!$sendprocess) {
$subject = "";
$message = "";
}
if ($user_row = get_user_info($user_id)) {
if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) {
$content = $lang['invalid_user_id'];
}
else {
$site_template->register_vars(array(
"user_id" => $user_row['user_id'],
"user_name" => htmlspecialchars($user_row['user_name']),
"subject" => htmlspecialchars($subject),
"message" => htmlspecialchars($message),
"lang_send_email_to" => $lang['send_email_to'],
"lang_subject" => $lang['subject'],
"lang_message" => $lang['message'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset']
));
$content = $site_template->parse_template("member_mailform");
}
}
else {
$content = $lang['invalid_user_id'];
}
}
//-----------------------------------------------------
//--- Show Profile ------------------------------------
//-----------------------------------------------------
if ($action == "showprofile") {
$txt_clickstream = $lang['profile'];
if (isset($HTTP_GET_VARS[URL_USER_ID]) || isset($HTTP_POST_VARS[URL_USER_ID])) {
$user_id = (isset($HTTP_GET_VARS[URL_USER_ID])) ? intval($HTTP_GET_VARS[URL_USER_ID]) : intval($HTTP_POST_VARS[URL_USER_ID]);
if (!$user_id) {
$user_id = GUEST;
}
}
else {
$user_id = GUEST;
}
// show next and previous profile link
$sql ="SELECT * FROM ".USERS_TABLE." WHERE ".get_user_table_field("","user_id")." > $user_id
ORDER BY ".get_user_table_field("","user_id")." ASC
LIMIT 0,1";
$result_profile_next = $site_db->query_firstrow($sql);
$sql ="SELECT * FROM ".USERS_TABLE." WHERE ".get_user_table_field("","user_id")." < $user_id
ORDER BY ".get_user_table_field("","user_id")." DESC
LIMIT 0,1";
$result_profile_previous = $site_db->query_firstrow($sql);
$profile_next_userid = (isset($result_profile_next[$user_table_fields['user_id']]) && $result_profile_next[$user_table_fields['user_id']]> GUEST) ? $result_profile_next[$user_table_fields['user_id']] : 0;
$profile_previous_userid = (isset($result_profile_previous[$user_table_fields['user_id']]) && $result_profile_previous[$user_table_fields['user_id']]> GUEST) ? $result_profile_previous[$user_table_fields['user_id']] : 0;
$site_template->register_vars(array(
"profile_next_link" => ($profile_next_userid) ? " <img border=\"0\" src=\"./picture_library/pfeil_grau.gif\"> <a class=\"grau\" href=\"".$site_sess->url(ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$profile_next_userid)."\">Next</a>" : "",
"profile_previous_link" => ($profile_previous_userid) ? " <img border=\"0\" src=\"./picture_library/pfeil_grau.gif\"> <a class=\"grau\" href=\"".$site_sess->url(ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$profile_previous_userid)."\">Back</a>" : "",
));
// show next and previous profile link
if ($user_row = get_user_info($user_id)) {
/*
MOD MULTI-LIGHTBOXES
START INSERT
*/
$user_lightbox = "";
$limit = ($user_row['user_lightbox_count'] == -1 || !$config['lightbox_count'] || $user_row['user_level'] == ADMIN) ? -1 : (($user_row['user_lightbox_count']) ? $user_row['user_lightbox_count'] : $config['lightbox_count']);
if ((($user_row['user_lightbox_private'] || $user_row['user_level'] == ADMIN) && $config['lightbox_share'] && $user_info['user_level'] >= $config['lightbox']) || $user_info['user_level'] == ADMIN)
{
$condition = "";
if ($limit != -1)
{
$condition = " LIMIT ".$limit;
}
$condition;
$sql = "SELECT lightbox_id, lightbox_name, lightbox_private, lightbox_image_ids
FROM ".LIGHTBOXES_TABLE."
WHERE user_id = ".$user_row['user_id'].$condition;
$result = $site_db->query($sql);
if ($result)
{
while ($row = $site_db->fetch_array($result))
{
if (!$row['lightbox_private'] || $user_info['user_level'] == ADMIN)
{
$user_lightbox .= (($user_lightbox) ? "<br />" : "").(($user_info['user_level'] == ADMIN) ? ((!$row['lightbox_private']) ? "+ " : "- ") : "")."
<p style=\"margin-left: 0; margin-right: 0; margin-top: 10; margin-bottom: -1\"> <img border=\"0\" src=\"./picture_library/pfeil_orange.gif\"> <a class=\"profile\" href=\"".$site_sess->url(ROOT_PATH."lightbox.php?lightbox_id=".$row['lightbox_id'])."\">".$row['lightbox_name']." </a>\n";
}
}
}
}
$site_template->register_vars(array(
"user_lightbox" => $user_lightbox,
"lang_user_lightbox" => $lang['user_lightbox'],
));
/*
MOD MULTI-LIGHTBOXES
END INSERT
*/
$user_homepage = (isset($user_row['user_homepage'])) ? format_url($user_row['user_homepage']) : REPLACE_EMPTY;
if (!empty($user_homepage) && $user_homepage != REPLACE_EMPTY) {
$user_homepage_button = "<a href=\"".$user_homepage."\" target=\"_blank\"><img src=\"".get_gallery_image("homepage.gif")."\" border=\"0\" alt=\"".$user_homepage."\" /></a>";
}
else {
$user_homepage_button = REPLACE_EMPTY;
}
$user_icq = (isset($user_row['user_icq'])) ? $user_row['user_icq'] : REPLACE_EMPTY;
if (!empty($user_icq) && $user_icq != REPLACE_EMPTY) {
$user_icq_button = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=".$user_icq."\" target=\"_blank\"><img src=\"http://web.icq.com/whitepages/online?icq=".$user_icq."&img=5\" width=\"18\" height=\"18\" border=\"0\" alt=\"".$user_icq."\" /></a>";
}
else {
$user_icq_button = REPLACE_EMPTY;
}
if (!empty($user_row['user_email']) && (!isset($user_row['user_showemail']) || (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 1))) {
$user_email = $user_row['user_email'];
$user_email_save = str_replace("@", " at ", $user_row['user_email']);
if (!empty($url_mailform)) {
$user_mailform_link = $site_sess->url(preg_replace("/{user_id}/", $user_row['user_id'], $url_mailform));
}
else {
$user_mailform_link = $site_sess->url(ROOT_PATH."member.php?action=mailform&".URL_USER_ID."=".$user_row['user_id']);
}
$user_email_button = "<a href=\"".$user_mailform_link."\"><img src=\"".get_gallery_image("email.gif")."\" border=\"0\" alt=\"".$user_email_save."\" /></a>";
}
else {
$user_email = REPLACE_EMPTY;
$user_email_save = REPLACE_EMPTY;
$user_mailform_link = REPLACE_EMPTY;
$user_email_button = REPLACE_EMPTY;
}
// Birthday Mod
$user_birthday = (isset($user_row[$user_table_fields['birthday']])) ? $user_row[$user_table_fields['birthday']] : REPLACE_EMPTY;
if (!empty($user_birthday) && $user_birthday != REPLACE_EMPTY && $user_row[$user_table_fields['birthday']] != "0000-00-00") {
$birthday = explode("-",$user_row[$user_table_fields['birthday']]);
$user_birthday = $birthday[2].".".$lang['months'][sprintf("%02d",$birthday[1])];
$user_birthday .= ($birthday[0]!="0000") ? " ".$birthday[0]."" : "";
// Show Age in Profile
if (($config['birthday_show_profile_age'] == 1) && ($age = calc_age ($user_row[$user_table_fields['birthday']]))) {
$user_birthday .= " ($age)";
}
// Show Birthdaycountdown in Profile
if ($config['birthday_profile_countdown'] == 1 && $b_cdown = calc_countdown ($user_row[$user_table_fields['birthday']])) {
$site_template->register_vars(array(
"lang_birthday_cdown" => $lang['birthday_cdown'],
"cdown_days" => $b_cdown['days'],
"cdown_hours" => $b_cdown['hours'],
"cdown_minutes" => $b_cdown['minutes'],
"lang_days" => $lang['days'],
"lang_hours" => $lang['hours'],
"lang_minutes" => $lang['minutes']
));
}
// End Show Birthdaycountdown in Profile
}
else {
$user_birthday = REPLACE_EMPTY;
}
// Birthday Mod
//----Zeige Users Album ---27.05.05------http://www.4homepages.de/forum/index.php?topic=4107.0---------
$sql = "SELECT *
FROM ".LIGHTBOXES_TABLE."
WHERE ".get_user_table_field("", "user_id")." = ".$user_row['user_id'];
$user_lightbox_info = $site_db->query_firstrow($sql);
$num_rows_all = 0;
if (!empty($user_lightbox_info['lightbox_image_ids'])) {
$image_id_sql = str_replace(" ", ",", trim($user_lightbox_info['lightbox_image_ids']));
$sql = "SELECT COUNT(image_id) AS images
FROM ".IMAGES_TABLE."
WHERE image_active = 1 AND image_id IN ($image_id_sql)";
$result = $site_db->query_firstrow($sql);
$num_rows_all = $result['images'];
}
$site_template->register_vars(array(
"lang_show_user_lightbox" => $lang['show_user_lightbox']." (".$num_rows_all.")",
"url_show_user_lightbox" => $site_sess->url(ROOT_PATH."search.php?search_lightbox=".$user_row['user_id']),
"user_id" => $user_row['user_id'],
"user_name" => (isset($user_row['user_name'])) ? htmlspecialchars($user_row['user_name']) : REPLACE_EMPTY,
"user_birthday" => $user_birthday,
//-------27.05.05------Ende------------
///////////////////
"user_bank_kontonummer"=>$user_row['user_bank_kontonummer'],
"user_bank_blz"=>$user_row['user_bank_blz'],
"user_bank_kontoinhaber"=>$user_row['user_bank_kontoinhaber'],
"user_bank_national"=>$user_row['user_bank_national'],
"user_bank_international"=>$user_row['user_bank_international'],
//////////////////
"user_email" => $user_email,
"user_email_save" => $user_email_save,
"user_mailform_link" => $user_mailform_link,
"user_email_button" => $user_email_button,
"user_join_date" => (isset($user_row['user_joindate'])) ? format_date($config['date_format'], $user_row['user_joindate']) : REPLACE_EMPTY,
"user_last_action" => (isset($user_row['user_lastaction'])) ? format_date($config['date_format']." ".$config['time_format'], $user_row['user_lastaction']) : REPLACE_EMPTY,
"user_homepage" => $user_homepage,
//User Pic
"userpic_img" => ($config['userpic'] && $user_row['userpic']) ? ROOT_PATH."data/userpic/".$user_row['userpic'] : ROOT_PATH."data/userpic/default.gif",
//End User Pic
"user_homepage_button" => $user_homepage_button,
"user_icq" => $user_icq,
"user_icq_button" => $user_icq_button,
"user_icq_status" => (isset($user_row['user_icq'])) ? get_icq_status($user_row['user_icq']) : REPLACE_EMPTY,
"user_comments" => (isset($user_row['user_comments'])) ? $user_row['user_comments'] : REPLACE_EMPTY,
"lang_profile_of" => $lang['profile_of'],
"lang_show_user_images" => preg_replace("/".$site_template->start."user_name".$site_template->end."/siU", $user_row['user_name'], $lang['show_user_images']),
"url_show_user_images" => $site_sess->url(ROOT_PATH."search.php?search_user=".urlencode($user_row['user_name'])),
"lang_join_date" => $lang['join_date'],
"lang_last_action" => $lang['last_action'],
"lang_comments" => $lang['comments'],
"lang_email" => $lang['email'],
"lang_homepage" => $lang['homepage'],
"lang_icq" => $lang['icq'],
"lang_my"=>'hello'
));
if (!empty($additional_user_fields)) {
$additional_field_array = array();
foreach ($additional_user_fields as $key => $val) {
$additional_field_array[$key] = (!empty($user_row[$key])) ? format_text($user_row[$key], 1) : REPLACE_EMPTY;
$additional_field_array['lang_'.$key] = $val[0];
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
$content = $site_template->parse_template("member_profile");
}
else {
$content = $lang['invalid_user_id'];
}
}
//-----------------------------------------------------
//--- Send Password -----------------------------------
//-----------------------------------------------------
if ($action == "sendpassword") {
$txt_clickstream = $lang['lost_password'];
$user_email = un_htmlspecialchars(trim($HTTP_POST_VARS['user_email']));
if ($user_email != "") {
$sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password")."
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_email")." = '$user_email'";
if ($checkuser = $site_db->query_firstrow($sql)) {
mt_srand((double) microtime() * 1000000);
$puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$user_password = "";
for ($i = 0; $i < 8; $i++) {
$user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1);
}
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];
$site_db->query($sql);
// Start Emailer
include(ROOT_PATH.'includes/email.php');
$site_email = new Email();
$site_email->set_to($user_email);
$site_email->set_subject($lang['send_password_emailsubject']);
$site_email->register_vars(array(
"user_name" => $checkuser[$user_table_fields['user_name']],
"user_password" => stripslashes($user_password),
"site_name" => $config['site_name']
));
$site_email->set_body("lost_password", $config['language_dir']);
$site_email->send_email();
$msg = $lang['send_password_success'];
$HTTP_POST_VARS['user_email'] = "";
}
else {
$msg = $lang['invalid_email'];
}
}
$action = "lostpassword";
}
if ($action == "lostpassword") {
$txt_clickstream = $lang['lost_password'];
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? htmlspecialchars(stripslashes($HTTP_POST_VARS['user_email'])) : "";
$site_template->register_vars(array(
"lang_email" => $lang['email'],
"lang_lost_password" => $lang['lost_password'],
"lang_lost_password_msg" => $lang['lost_password_msg'],
"lang_submit" => $lang['submit'],
"user_email" => $user_email
));
$content = $site_template->parse_template("member_lostpassword");
}
//-----------------------------------------------------
//--- Edit Profile ------------------------------------
//-----------------------------------------------------
$update_process = 0;
$new_email_msg = "";
if ($action == "updateprofile") {
$txt_clickstream = $lang['control_panel'];
if ($user_info['user_level'] == GUEST) {
show_error_page($lang['no_permission']);
exit;
}
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
$user_email2 = (isset($HTTP_POST_VARS['user_email2'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email2'])) : "";
$user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage']))) : "";
$user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";
$user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
$user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 0;
$user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
$user_birthday_day = (isset($HTTP_POST_VARS['user_birthday_day'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_birthday_day'])) : "";
$user_birthday_month = (isset($HTTP_POST_VARS['user_birthday_month'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_birthday_month'])) : "";
$user_birthday_year = (isset($HTTP_POST_VARS['user_birthday_year'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_birthday_year'])) : "";
$user_bank_kontonummer== (isset($HTTP_POST_VARS['user_bank_kontonummer'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_bank_kontonummer'])) : "";
$user_bank_blz== (isset($HTTP_POST_VARS['user_bank_blz'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_bank_blz'])) : "";
$user_bank_kontoinhaber== (isset($HTTP_POST_VARS['user_bank_kontoinhaber'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_bank_kontoinhaber'])) : "";
$user_bank_national== (isset($HTTP_POST_VARS['user_bank_national'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_bank_national'])) : "";
$user_bank_international== (isset($HTTP_POST_VARS['user_bank_international'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_bank_international'])) : "";
/*
MOD MULTI-LIGHTBOXES
START INSERT
*/
// $sql = "UPDATE ".USERS_TABLE."
// SET
// user_bank_kontonummer = $user_bank_kontonummer,
// user_bank_blz= $user_bank_blz,
// user_bank_international= $user_bank_international,
// user_bank_kontoinhaber = $user_bank_kontoinhaber,
// user_bank_national = $user_bank_national
// WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
// $site_db->query($sql);
//these settings can not be changed by the user, only by administrator from ACP
if (isset($HTTP_POST_VARS['user_lightbox'])) unset($HTTP_POST_VARS['user_lightbox']);
if (isset($HTTP_POST_VARS['user_lightbox_private'])) unset($HTTP_POST_VARS['user_lightbox_private']);
if (isset($HTTP_POST_VARS['user_lightbox_count'])) unset($HTTP_POST_VARS['user_lightbox_count']);
/*
MOD MULTI-LIGHTBOXES
END INSERT
*/
$error = 0;
if (!$user_birthday = check_birthday($user_birthday_day,$user_birthday_month,$user_birthday_year,$config['birthday_required'])) {
$msg .= (($msg != "") ? "<br />" : "").$lang['birthday_error'];
$error = 1;
}
if ($user_info['user_email'] != $user_email && $checkuser = $site_db->query_firstrow("SELECT ".get_user_table_field("", "user_id")." FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_email")." = '$user_email' AND ".get_user_table_field("", "user_id")." <> '".$user_info['user_id']."'")) {
if ($checkuser[$user_table_fields['user_id']] != $user_info['user_id']) {
$msg .= (($msg != "") ? "<br />" : "").$lang['email_exists'];
$error = 1;
}
}
if ($user_email != $user_email2) {
$msg .= (($msg != "") ? "<br />" : "").$lang['update_email_confirm_error'];
$error = 1;
}
if ($user_email == "" || $user_email2 == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['update_email_error'];
$error = 1;
}
if (!check_email($user_email)) {
$msg .= (($msg != "") ? "<br />" : "").$lang['invalid_email_format'];
$error = 1;
}
if (!empty($additional_user_fields)) {
foreach ($additional_user_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
}
}
// Upload User Pic
$userpic = $userpic_new = "";
if (!$error && $config['userpic'])
{
$userpics_dir = ROOT_PATH."data/userpic/";
if (!empty($HTTP_POST_FILES['userpic_file']['tmp_name']) && $HTTP_POST_FILES['userpic_file']['tmp_name'] != "none")
{
if (isset($HTTP_COOKIE_VARS['userpic_file']) || isset($HTTP_POST_VARS['userpic_file']) || isset($HTTP_GET_VARS['userpic_file'])) {
die("Security violation");
}
if (!function_exists("is_uploaded_file")) {
function is_uploaded_file($file_name) {
if (!$tmp_file = @get_cfg_var('upload_tmp_dir')) {
$tmp_file = tempnam('','');
$deleted = @unlink($tmp_file);
$tmp_file = dirname($tmp_file);
}
$tmp_file .= '/'.basename($file_name);
return (ereg_replace('/+', '/', $tmp_file) == $file_name) ? 1 : 0;
}
function move_uploaded_file($file_name, $destination) {
return (is_uploaded_file($file_name)) ? ((copy($file_name, $destination)) ? 1 : 0) : 0;
}
}
$error = array();
$mime_types = array(
"image/jpeg",
"image/pjpeg",
"image/gif",
"image/x-png"
);
$extensions = array(
"jpg",
"jpeg",
"gif",
"png"
);
$userpic_ext = strtolower(substr(strrchr($HTTP_POST_FILES['userpic_file']['name'],"."), 1));
$userpic_mime = $HTTP_POST_FILES['userpic_file']['type'];
if (!in_array($userpic_mime, $mime_types) || !in_array($userpic_ext, $extensions))
{
$error[] = $lang['invalid_file_type']. " (".$userpic_ext.", ".$HTTP_POST_FILES['userpic_file']['type'].")";
}
if ($HTTP_POST_FILES['userpic_file']['size'] > $config['userpic_size'] * 1024)
{
$error[] = $lang['invalid_file_size'];
}
if (empty($error))
{
$userpic_name = $user_info['user_id'].".".$userpic_ext;
$userpic_file = $userpics_dir.$userpic_name;
if (file_exists($userpic_file))
{
unlink($userpic_file);
}
if (!move_uploaded_file($HTTP_POST_FILES['userpic_file']['tmp_name'], $userpic_file))
{
$error[] = $lang['file_copy_error'];
}
else
{
@chmod($userpic_file, CHMOD_FILES);
}
}
if (empty($error))
{
$userpic = $HTTP_POST_VARS['userpic'] = $userpic_new = $userpic_name;
if ($user_info['userpic'] != $userpic_name && file_exists($userpics_dir.$user_info['userpic']))
{
@unlink($userpics_dir.$user_info['userpic']);
}
if (!function_exists(init_convert_options))
{
require(ROOT_PATH.'includes/image_utils.php');
}
$image_info = getimagesize($userpic_file);
$convert_options = init_convert_options();
if (($image_info[0] > $config['userpic_width'] || $image_info[1] > $config['userpic_height']))
{
if ($convert_options['convert_error'] || (!$convert_options['convert_error'] && !resize_image($userpic_file, 85, $config['userpic_width'], 1)))
{
if ($image_info[0] > $config['userpic_width'])
{
$error[] = $lang['invalid_image_width'];
}
if ($image_info[1] > $config['userpic_height'])
{
$error[] = $lang['invalid_image_height'];
}
}
}
}
if (!empty($error))
{
$msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['file_upload_error'].": ".$HTTP_POST_FILES['userpic_file']['name']."</b><br />";
foreach ($error as $val) {
$msg .= "<b>".$HTTP_POST_FILES['userpic_file']['name'].":</b> ".$val."<br />";
}
$HTTP_POST_VARS['userpic'] = $user_info['userpic'];
}
}
else
{
if (isset($HTTP_POST_VARS['userpic_del']) && $HTTP_POST_VARS['userpic_del'])
{
@unlink($userpics_dir.$user_info['userpic']);
$HTTP_POST_VARS['userpic'] = $userpic = "";
$userpic_new = 1;
}
}
}
// End Upload User Pic
if (!$error && $user_email != $user_info['user_email'] && $user_info['user_level'] != ADMIN && $config['account_activation'] != 0) {
$activationkey = get_random_key(USERS_TABLE, $user_table_fields['user_activationkey']);
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_level")." = ".USER_AWAITING.", ".get_user_table_field("", "user_activationkey")." = '$activationkey'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
$result = $site_db->query($sql);
if ($result) {
$activation_url = $script_url."/register.php?action=activate&activationkey=".$activationkey;
include(ROOT_PATH.'includes/email.php');
$site_email = new Email();
switch($config['account_activation']) {
case 2:
$user_details_url = $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_info['user_id']."&activation=1");
$email_to = $config['site_email'];
$email_subject = $lang['admin_activation_emailsubject'];
$email_template = "admin_activation";
$new_email_msg = $lang['update_email_instruction_admin'];
break;
case 1:
if ($config['language_dir_default'] != $config['language_dir']) {
$activation_url .= "&l=".$config['language_dir'];
}
$user_details_url = "";
$email_to = $user_email;
$email_subject = $lang['update_email_emailsubject'];
$email_template = "newemail_activation";
$new_email_msg = $lang['update_email_instruction'];
break;
case 0:
default:
break;
}
if (!empty($email_to)) {
$site_email->set_to($email_to);
$site_email->set_subject($email_subject);
$site_email->register_vars(array(
"user_details_url" => $user_details_url,
"activation_url" => $activation_url,
"user_name" => $user_info['user_name'],
"site_name" => $config['site_name']
));
$site_email->set_body($email_template, $config['language_dir']);
$site_email->send_email();
}
}
else {
$msg = $lang['general_error'];
$error = 1;
}
}
if (!$error) {
$additional_sql = "";
if (!empty($additional_user_fields)) {
$table_fields = $site_db->get_table_fields(USERS_TABLE);
foreach ($additional_user_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
$additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
}
}
}
// Birthday Mod
$additional_sql .= ", ".get_user_table_field("", "birthday")." = '$user_birthday'";
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_email")." = '$user_email', ".get_user_table_field("", "user_showemail")." = $user_showemail, ".get_user_table_field("", "user_allowemails")." = $user_allowemails, ".get_user_table_field("", "user_invisible")." = $user_invisible, ".get_user_table_field("", "user_homepage")." = '$user_homepage', ".get_user_table_field("", "user_icq")." = '$user_icq'".$additional_sql."
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
$site_db->query($sql);
// -----22.03.05----Mutation---Usergruppe in Kontrollzenter---------
if ($HTTP_POST_VARS['usergruppe'] == 'Fotograf') {
$add_group_id = 1;
$del_group_id = 2;
} else {
$add_group_id = 2;
$del_group_id = 1;
}
if (!isset($usergroup[$add_group_id])) {
$sql = "DELETE FROM ".GROUP_MATCH_TABLE."
WHERE group_id = $del_group_id AND user_id = ".$user_info['user_id'];
$site_db->query($sql);
$sql = "INSERT INTO ".GROUP_MATCH_TABLE."
(group_id, user_id, groupmatch_startdate, groupmatch_enddate)
VALUES
($add_group_id, ".$user_info['user_id'].", ".time().", 0)";
$site_db->query($sql);
}
// -----22.03.05----Mutation---Usergruppe in Kontrollzenter---------
$msg = $lang['update_profile_success'];
if (!empty($new_email_msg)) {
$msg .= "<br />".$new_email_msg;
}
$user_info = $site_sess->load_user_info($user_info['user_id']);
}
else {
$update_process = 1;
}
$action = "editprofile";
}
if ($action == "updatepassword") {
$txt_clickstream = $lang['control_panel'];
if ($user_info['user_level'] == GUEST) {
show_error_page($lang['no_permission']);
exit;
}
$error = 0;
$current_user_password = md5(trim($HTTP_POST_VARS['current_user_password']));
$user_password = md5(trim($HTTP_POST_VARS['user_password']));
$user_password2 = md5(trim($HTTP_POST_VARS['user_password2']));
if ($current_user_password != $user_info['user_password']) {
$msg .= (($msg != "") ? "<br />" : "").$lang['update_password_error'];
$error = 1;
}
if ($user_password != $user_password2 || $user_password == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['update_password_confirm_error'];
$error = 1;
}
if (!$error) {
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '$user_password'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
$site_db->query($sql);
$msg = $lang['update_password_success'];
$user_info = $site_sess->load_user_info($user_info['user_id']);
}
$action = "editprofile";
}
if ($action == "editprofile") {
$txt_clickstream = $lang['control_panel'];
if ($user_info['user_level'] == GUEST) {
show_error_page($lang['no_permission']);
exit;
}
$user_name = $user_info['user_name'];
if (!$update_process) {
$user_email = $user_info['user_email'];
$user_email2 = $user_info['user_email'];
$user_showemail = $user_info['user_showemail'];
$user_allowemails = $user_info['user_allowemails'];
$user_invisible = $user_info['user_invisible'];
$user_homepage = $user_info['user_homepage'];
$user_icq = $user_info['user_icq'];
$birthday = explode("-",$user_info['birthday']);
$user_birthday_day = $birthday[2];
$user_birthday_month = $birthday[1];
$user_birthday_year = $birthday[0];
}
$birthday_day_options = "<option value=\"\">--</option>\n";
$birthday_month_options = "<option value=\"\">--</option>\n";
for ($i=1;$i<=31;$i++){
$birthday_day_options .= "<option value=\"".sprintf("%02d",$i)."\"".(($i == $user_birthday_day) ? "selected" : "").">".$i."</option>\n";
}
for ($i=1;$i<=12;$i++){ //getmonth($i)
$birthday_month_options .= "<option value=\"".sprintf("%02d",$i)."\"".(($i == $user_birthday_month) ? "selected" : "").">".$lang['months'][sprintf("%02d",$i)]."</option>\n";
}
if ($user_showemail == 1) {
$user_showemail_yes = " checked=\"checked\"";
$user_showemail_no = "";
}
else {
$user_showemail_yes = "";
$user_showemail_no = " checked=\"checked\"";
}
if ($user_allowemails == 1) {
$user_allowemails_yes = " checked=\"checked\"";
$user_allowemails_no = "";
}
else {
$user_allowemails_yes = "";
$user_allowemails_no = " checked=\"checked\"";
}
if ($user_invisible == 1) {
$user_invisible_yes = " checked=\"checked\"";
$user_invisible_no = "";
}
else {
$user_invisible_yes = "";
$user_invisible_no = " checked=\"checked\"";
}
$edit_profile_msg = $lang['edit_profile_msg'];
if ($config['account_activation'] == 1 && $user_info['user_level'] != ADMIN) {
$edit_profile_msg .= $lang['edit_profile_email_msg'];
}
if ($config['account_activation'] == 2 && $user_info['user_level'] != ADMIN) {
$edit_profile_msg .= $lang['edit_profile_email_msg_admin'];
}
$site_template->register_vars(array(
"user_name" => htmlspecialchars(stripslashes($user_name)),
"user_email" => htmlspecialchars(stripslashes($user_email)),
"user_email2" => htmlspecialchars(stripslashes($user_email2)),
"user_homepage" => htmlspecialchars(stripslashes($user_homepage)),
"birthday_day_options" => $birthday_day_options,
"birthday_month_options" => $birthday_month_options,
"user_birthday_year" => $user_birthday_year,
"lang_day" => $lang['day'],
"lang_month" => $lang['month'],
"lang_year" => $lang['year'],
"user_icq" => $user_icq,
///////////////////
"user_bank_kontonummer"=>$user_row['user_bank_kontonummer'],
"user_bank_blz"=>$user_row['user_bank_blz'],
"user_bank_kontoinhaber"=>$user_row['user_bank_kontoinhaber'],
"user_bank_national"=>$user_row['user_bank_national'],
"user_bank_international"=>$user_row['user_bank_international'],
//////////////////
//User Pic
"userpic_alowed" => $config['userpic'],
"userpic_img" => ($user_info['userpic']) ? ROOT_PATH."data/userpic/".$user_info['userpic'] : ROOT_PATH."data/userpic/userppicupload.gif",
"lang_userpic_del" => $lang['userpic_del'],
"lang_userpic_upload" => $lang['userpic_upload'],
"userpic_max_width" => $config['userpic_width'],
"userpic_max_height" => $config['userpic_height'],
"userpic_max_size" => $config['userpic_size']." ".$lang['kb'],
//End User Pic
"user_showemail_yes" => $user_showemail_yes,
"user_showemail_no" => $user_showemail_no,
"user_allowemails_yes" => $user_allowemails_yes,
"user_allowemails_no" => $user_allowemails_no,
"user_invisible_yes" => $user_invisible_yes,
"user_invisible_no" => $user_invisible_no,
"lang_profile_of" => $lang['profile_of'],
"lang_email" => $lang['email'],
"lang_email_confirm" => $lang['email_confirm'],
"lang_show_email" => $lang['show_email'],
"lang_allow_emails" => $lang['allow_emails'],
"lang_invisible" => $lang['invisible'],
"lang_optional_infos" => $lang['optional_infos'],
"lang_homepage" => $lang['homepage'],
"lang_icq" => $lang['icq'],
"lang_save" => $lang['save'],
"lang_reset" => $lang['reset'],
"lang_change_password" => $lang['change_password'],
"lang_old_password" => $lang['old_password'],
"lang_new_password" => $lang['new_password'],
"lang_new_password_confirm" => $lang['new_password_confirm'],
"lang_edit_profile_msg" => $edit_profile_msg,
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
if (!empty($additional_user_fields)) {
$additional_field_array = array();
foreach ($additional_user_fields as $key => $val) {
if ($val[1] == "radio") {
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : intval($user_info[$key]);
if ($value == 1) {
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
$additional_field_array[$key.'_no'] = "";
}
else {
$additional_field_array[$key.'_yes'] = "";
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
}
}
elseif ($val[1] == "dropdown") {
$value = (isset($HTTP_POST_VARS[$key])) ? $HTTP_POST_VARS[$key] : $user_info[$key];
$additional_field_array[$key.'_dropdown'] = get_db_fields_dropdown($key, $val, $value);
}
else {
$value = (isset($HTTP_POST_VARS[$key])) ? htmlspecialchars(trim($HTTP_POST_VARS[$key])) : $user_info[$key];
}
$additional_field_array[$key] = $value;
$additional_field_array['lang_'.$key] = $val[0];
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
$content = $site_template->parse_template("member_editprofile");
if (!empty($new_email_msg)) {
$site_sess->logout($user_info['user_id']);
}
}
//------22.03.05----Bestimmung Usergruppe in Kontrolzenter-----------
$site_template->register_vars(array(
"user_is_photographer_yes" => $user_is_photographer_yes,
"user_is_photographer_no" => $user_is_photographer_no,
));
//------ENDE 22.03.05----Bestimmung Usergruppe in Kontrolzenter-----------
//------22.03.05----Bestimmung Usergruppe in Kontrolzenter-----------
$group_id = 1;
if (isset($usergroup[$group_id])) {
$user_is_photographer_yes = " checked=\"checked\"";
$user_is_photographer_no = "";
}
else {
$user_is_photographer_yes = "";
$user_is_photographer_no = " checked=\"checked\"";
}
//----Ende--22.03.05----Bestimmung Usergruppe in Kontrolzenter-----------
//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$txt_clickstream."</span>";
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"content" => $content,
"msg" => $msg,
"clickstream" => $clickstream,
"lang_control_panel" => $lang['control_panel']
));
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>
Show Posts
13.04.08: I found a solutions - it is no longer an open issue.
