[cfinck] 33983: Die with an error message if a user tries to edit his account settings using the phpBB Control Panel. This message is only shown if the board administrator forgot to disable the "Edit account settings" page in the phpBB Administration Control Panel (so a user usually never sees this message). - Ros-diffs

15 Jun 2008

Author: cfinck
Date: Sun Jun 15 08:42:58 2008
New Revision: 33983

URL: http://svn.reactos.org/svn/reactos?rev=33983&view=rev
Log:
Die with an error message if a user tries to edit his account settings using the phpBB
Control Panel.
This message is only shown if the board administrator forgot to disable the "Edit
account settings" page in the phpBB Administration Control Panel (so a user usually
never sees this message).

Modified:
    trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php

Modified: trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php
URL:
http://svn.reactos.org/svn/reactos/trunk/web/reactos.org/htdocs/forum/inclu…
==============================================================================

--- trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php [iso-8859-1]
(original)
+++ trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php [iso-8859-1] Sun Jun
15 08:42:58 2008
@@ -42,226 +42,7 @@
 		switch ($mode)
 		{
 			case 'reg_details':
-
-				$data = array(
-					'username'			=> utf8_normalize_nfc(request_var('username',
$user->data['username'], true)),
-					'email'				=> strtolower(request_var('email',
$user->data['user_email'])),
-					'email_confirm'		=> strtolower(request_var('email_confirm',
'')),
-					'new_password'		=> request_var('new_password', '',
true),
-					'cur_password'		=> request_var('cur_password', '',
true),
-					'password_confirm'	=> request_var('password_confirm', '',
true),
-				);
-
-				add_form_key('ucp_reg_details');
-
-				if ($submit)
-				{
-					// Do not check cur_password, it is the old one.
-					$check_ary = array(
-						'new_password'		=> array(
-							array('string', true, $config['min_pass_chars'],
$config['max_pass_chars']),
-							array('password')),
-						'password_confirm'	=> array('string', true,
$config['min_pass_chars'], $config['max_pass_chars']),
-						'email'				=> array(
-							array('string', false, 6, 60),
-							array('email')),
-						'email_confirm'		=> array('string', true, 6, 60),
-					);
-
-					if ($auth->acl_get('u_chgname') &&
$config['allow_namechange'])
-					{
-						$check_ary['username'] = array(
-							array('string', false, $config['min_name_chars'],
$config['max_name_chars']),
-							array('username'),
-						);
-					}
-
-					$error = validate_data($data, $check_ary);
-
-					if ($auth->acl_get('u_chgpasswd') &&
$data['new_password'] && $data['password_confirm'] !=
$data['new_password'])
-					{
-						$error[] = 'NEW_PASSWORD_ERROR';
-					}
-
-					if (($data['new_password'] || ($auth->acl_get('u_chgemail')
&& $data['email'] != $user->data['user_email']) ||
($data['username'] != $user->data['username'] &&
$auth->acl_get('u_chgname') && $config['allow_namechange']))
&& !phpbb_check_hash($data['cur_password'],
$user->data['user_password']))
-					{
-						$error[] = 'CUR_PASSWORD_ERROR';
-					}
-
-					// Only check the new password against the previous password if there have been no
errors
-					if (!sizeof($error) && $auth->acl_get('u_chgpasswd') &&
$data['new_password'] && phpbb_check_hash($data['new_password'],
$user->data['user_password']))
-					{
-						$error[] = 'SAME_PASSWORD_ERROR';
-					}
-
-					if ($auth->acl_get('u_chgemail') && $data['email'] !=
$user->data['user_email'] && $data['email_confirm'] !=
$data['email'])
-					{
-						$error[] = 'NEW_EMAIL_ERROR';
-					}
-
-					if (!check_form_key('ucp_reg_details'))
-					{
-						$error[] = 'FORM_INVALID';
-					}
-
-					if (!sizeof($error))
-					{
-						$sql_ary = array(
-							'username'			=> ($auth->acl_get('u_chgname') &&
$config['allow_namechange']) ? $data['username'] :
$user->data['username'],
-							'username_clean'	=> ($auth->acl_get('u_chgname') &&
$config['allow_namechange']) ? utf8_clean_string($data['username']) :
$user->data['username_clean'],
-							'user_email'		=> ($auth->acl_get('u_chgemail')) ?
$data['email'] : $user->data['user_email'],
-							'user_email_hash'	=> ($auth->acl_get('u_chgemail')) ?
crc32($data['email']) . strlen($data['email']) :
$user->data['user_email_hash'],
-							'user_password'		=> ($auth->acl_get('u_chgpasswd')
&& $data['new_password']) ? phpbb_hash($data['new_password']) :
$user->data['user_password'],
-							'user_passchg'		=> ($auth->acl_get('u_chgpasswd') &&
$data['new_password']) ? time() : 0,
-						);
-
-						if ($auth->acl_get('u_chgname') &&
$config['allow_namechange'] && $data['username'] !=
$user->data['username'])
-						{
-							add_log('user', $user->data['user_id'],
'LOG_USER_UPDATE_NAME', $user->data['username'],
$data['username']);
-						}
-
-						if ($auth->acl_get('u_chgpasswd') &&
$data['new_password'] && !phpbb_check_hash($data['new_password'],
$user->data['user_password']))
-						{
-							$user->reset_login_keys();
-							add_log('user', $user->data['user_id'],
'LOG_USER_NEW_PASSWORD', $data['username']);
-						}
-
-						if ($auth->acl_get('u_chgemail') && $data['email'] !=
$user->data['user_email'])
-						{
-							add_log('user', $user->data['user_id'],
'LOG_USER_UPDATE_EMAIL', $data['username'],
$user->data['user_email'], $data['email']);
-						}
-
-						$message = 'PROFILE_UPDATED';
-
-						if ($config['email_enable'] && $data['email'] !=
$user->data['user_email'] && $user->data['user_type'] !=
USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF ||
$config['require_activation'] == USER_ACTIVATION_ADMIN))
-						{
-							$message = ($config['require_activation'] == USER_ACTIVATION_SELF) ?
'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
-
-							include_once($phpbb_root_path . 'includes/functions_messenger.' .
$phpEx);
-
-							$server_url = generate_board_url();
-
-							$user_actkey = gen_rand_string(10);
-							$key_len = 54 - (strlen($server_url));
-							$key_len = ($key_len > 6) ? $key_len : 6;
-							$user_actkey = substr($user_actkey, 0, $key_len);
-
-							$messenger = new messenger(false);
-
-							$template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN)
? 'user_activate_inactive' : 'user_activate';
-							$messenger->template($template_file, $user->data['user_lang']);
-
-							$messenger->to($data['email'], $data['username']);
-
-							$messenger->headers('X-AntiAbuse: Board servername - ' .
$config['server_name']);
-							$messenger->headers('X-AntiAbuse: User_id - ' .
$user->data['user_id']);
-							$messenger->headers('X-AntiAbuse: Username - ' .
$user->data['username']);
-							$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
-
-							$messenger->assign_vars(array(
-								'USERNAME'		=> htmlspecialchars_decode($data['username']),
-								'U_ACTIVATE'	=>
"$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
-							);
-
-							$messenger->send(NOTIFY_EMAIL);
-
-							if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
-							{
-								// Grab an array of user_id's with a_user permissions ... these users can
activate a user
-								$admin_ary = $auth->acl_get_list(false, 'a_user', false);
-								$admin_ary = (!empty($admin_ary[0]['a_user'])) ?
$admin_ary[0]['a_user'] : array();
-
-								// Also include founders
-								$where_sql = ' WHERE user_type = ' . USER_FOUNDER;
-
-								if (sizeof($admin_ary))
-								{
-									$where_sql .= ' OR ' . $db->sql_in_set('user_id',
$admin_ary);
-								}
-
-								$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber,
user_notify_type
-									FROM ' . USERS_TABLE . ' ' .
-									$where_sql;
-								$result = $db->sql_query($sql);
-
-								while ($row = $db->sql_fetchrow($result))
-								{
-									$messenger->template('admin_activate', $row['user_lang']);
-									$messenger->to($row['user_email'], $row['username']);
-									$messenger->im($row['user_jabber'], $row['username']);
-
-									$messenger->assign_vars(array(
-										'USERNAME'			=> htmlspecialchars_decode($data['username']),
-										'U_USER_DETAILS'	=>
"$server_url/memberlist.$phpEx?mode=viewprofile&u={$user->data['user_id']}",
-										'U_ACTIVATE'		=>
"$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
-									);
-
-									$messenger->send($row['user_notify_type']);
-								}
-								$db->sql_freeresult($result);
-							}
-
-							user_active_flip('deactivate', $user->data['user_id'],
INACTIVE_PROFILE);
-
-							// Because we want the profile to be reactivated we set user_newpasswd to empty
(else the reactivation will fail)
-							$sql_ary['user_actkey'] = $user_actkey;
-							$sql_ary['user_newpasswd'] = '';
-						}
-
-						if (sizeof($sql_ary))
-						{
-							$sql = 'UPDATE ' . USERS_TABLE . '
-								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-								WHERE user_id = ' . $user->data['user_id'];
-							$db->sql_query($sql);
-						}
-
-						// Need to update config, forum, topic, posting, messages, etc.
-						if ($data['username'] != $user->data['username'] &&
$auth->acl_get('u_chgname') && $config['allow_namechange'])
-						{
-							user_update_name($user->data['username'], $data['username']);
-						}
-
-						// Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
-						if (!empty($sql_ary['user_actkey']))
-						{
-							meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
-							$message = $user->lang[$message] . '<br /><br />' .
sprintf($user->lang['RETURN_INDEX'], '<a href="' .
append_sid($phpbb_root_path . 'index.' . $phpEx) . '">',
'</a>');
-
-							// Because the user gets deactivated we log him out too, killing his session
-							$user->session_kill();
-						}
-						else
-						{
-							meta_refresh(3, $this->u_action);
-							$message = $user->lang[$message] . '<br /><br />' .
sprintf($user->lang['RETURN_UCP'], '<a href="' .
$this->u_action . '">', '</a>');
-						}
-
-						trigger_error($message);
-					}
-
-					// Replace "error" strings with their real, localised form
-					$error = preg_replace('#^([A-Z_]+)$#e',
"(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] :
'\\1'", $error);
-				}
-
-				$template->assign_vars(array(
-					'ERROR'				=> (sizeof($error)) ? implode('<br />', $error)
: '',
-
-					'USERNAME'			=> $data['username'],
-					'EMAIL'				=> $data['email'],
-					'PASSWORD_CONFIRM'	=> $data['password_confirm'],
-					'NEW_PASSWORD'		=> $data['new_password'],
-					'CUR_PASSWORD'		=> '',
-
-					'L_USERNAME_EXPLAIN'		=>
sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'],
$config['min_name_chars'], $config['max_name_chars']),
-					'L_CHANGE_PASSWORD_EXPLAIN'	=>
sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'],
$config['min_pass_chars'], $config['max_pass_chars']),
-
-					'S_FORCE_PASSWORD'	=> ($auth->acl_get('u_chgpasswd')
&& $config['chg_passforce'] &&
$user->data['user_passchg'] < time() - ($config['chg_passforce'] *
86400)) ? true : false,
-					'S_CHANGE_USERNAME' => ($config['allow_namechange'] &&
$auth->acl_get('u_chgname')) ? true : false,
-					'S_CHANGE_EMAIL'	=> ($auth->acl_get('u_chgemail')) ? true :
false,
-					'S_CHANGE_PASSWORD'	=> ($auth->acl_get('u_chgpasswd')) ? true
: false)
-				);
-			break;
+				die('You can modify your account settings using the <a
href="/roscms/?page=user&amp;sec=account&amp;sec2=edit">myReactOS
Settings</a> page.<br /><br />Please tell an Administrator to disable
this page in the phpBB Administration Panel.');
 
 			case 'profile_info':
 


    