Author: cfinck Date: Sun Jun 15 08:42:58 2008 New Revision: 33983 URL: http://svn.reactos.org/svn/reactos?rev=33983&view=rev Log: Die with an error message if a user tries to edit his account settings using the phpBB Control Panel. This message is only shown if the board administrator forgot to disable the "Edit account settings" page in the phpBB Administration Control Panel (so a user usually never sees this message). Modified: trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php Modified: trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php URL: http://svn.reactos.org/svn/reactos/trunk/web/reactos.org/htdocs/forum/inclu… ============================================================================== --- trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php [iso-8859-1] (original) +++ trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php [iso-8859-1] Sun Jun 15 08:42:58 2008 @@ -42,226 +42,7 @@ switch ($mode) { case 'reg_details': - - $data = array( - 'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)), - 'email' => strtolower(request_var('email', $user->data['user_email'])), - 'email_confirm' => strtolower(request_var('email_confirm', '')), - 'new_password' => request_var('new_password', '', true), - 'cur_password' => request_var('cur_password', '', true), - 'password_confirm' => request_var('password_confirm', '', true), - ); - - add_form_key('ucp_reg_details'); - - if ($submit) - { - // Do not check cur_password, it is the old one. - $check_ary = array( - 'new_password' => array( - array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), - array('password')), - 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), - 'email' => array( - array('string', false, 6, 60), - array('email')), - 'email_confirm' => array('string', true, 6, 60), - ); - - if ($auth->acl_get('u_chgname') && $config['allow_namechange']) - { - $check_ary['username'] = array( - array('string', false, $config['min_name_chars'], $config['max_name_chars']), - array('username'), - ); - } - - $error = validate_data($data, $check_ary); - - if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) - { - $error[] = 'NEW_PASSWORD_ERROR'; - } - - if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && !phpbb_check_hash($data['cur_password'], $user->data['user_password'])) - { - $error[] = 'CUR_PASSWORD_ERROR'; - } - - // Only check the new password against the previous password if there have been no errors - if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password'])) - { - $error[] = 'SAME_PASSWORD_ERROR'; - } - - if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) - { - $error[] = 'NEW_EMAIL_ERROR'; - } - - if (!check_form_key('ucp_reg_details')) - { - $error[] = 'FORM_INVALID'; - } - - if (!sizeof($error)) - { - $sql_ary = array( - 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], - 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'], - 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], - 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32($data['email']) . strlen($data['email']) : $user->data['user_email_hash'], - 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'], - 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, - ); - - if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) - { - add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']); - } - - if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password'])) - { - $user->reset_login_keys(); - add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']); - } - - if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) - { - add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']); - } - - $message = 'PROFILE_UPDATED'; - - if ($config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) - { - $message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN'; - - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - - $server_url = generate_board_url(); - - $user_actkey = gen_rand_string(10); - $key_len = 54 - (strlen($server_url)); - $key_len = ($key_len > 6) ? $key_len : 6; - $user_actkey = substr($user_actkey, 0, $key_len); - - $messenger = new messenger(false); - - $template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate'; - $messenger->template($template_file, $user->data['user_lang']); - - $messenger->to($data['email'], $data['username']); - - $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); - $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); - $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); - $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); - - $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($data['username']), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") - ); - - $messenger->send(NOTIFY_EMAIL); - - if ($config['require_activation'] == USER_ACTIVATION_ADMIN) - { - // Grab an array of user_id's with a_user permissions ... these users can activate a user - $admin_ary = $auth->acl_get_list(false, 'a_user', false); - $admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array(); - - // Also include founders - $where_sql = ' WHERE user_type = ' . USER_FOUNDER; - - if (sizeof($admin_ary)) - { - $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary); - } - - $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type - FROM ' . USERS_TABLE . ' ' . - $where_sql; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - $messenger->template('admin_activate', $row['user_lang']); - $messenger->to($row['user_email'], $row['username']); - $messenger->im($row['user_jabber'], $row['username']); - - $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($data['username']), - 'U_USER_DETAILS' => "$server_url/memberlist.$phpEx?mode=viewprofile&u={$user->data['user_id']}", - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") - ); - - $messenger->send($row['user_notify_type']); - } - $db->sql_freeresult($result); - } - - user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE); - - // Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail) - $sql_ary['user_actkey'] = $user_actkey; - $sql_ary['user_newpasswd'] = ''; - } - - if (sizeof($sql_ary)) - { - $sql = 'UPDATE ' . USERS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id = ' . $user->data['user_id']; - $db->sql_query($sql); - } - - // Need to update config, forum, topic, posting, messages, etc. - if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange']) - { - user_update_name($user->data['username'], $data['username']); - } - - // Now, we can remove the user completely (kill the session) - NOT BEFORE!!! - if (!empty($sql_ary['user_actkey'])) - { - meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx)); - $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>'); - - // Because the user gets deactivated we log him out too, killing his session - $user->session_kill(); - } - else - { - meta_refresh(3, $this->u_action); - $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - } - - trigger_error($message); - } - - // Replace "error" strings with their real, localised form - $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); - } - - $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', - - 'USERNAME' => $data['username'], - 'EMAIL' => $data['email'], - 'PASSWORD_CONFIRM' => $data['password_confirm'], - 'NEW_PASSWORD' => $data['new_password'], - 'CUR_PASSWORD' => '', - - 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), - 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), - - 'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false, - 'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false, - 'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false, - 'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false) - ); - break; + die('You can modify your account settings using the <a href="/roscms/?page=user&amp;sec=account&amp;sec2=edit">myReactOS Settings</a> page.<br /><br />Please tell an Administrator to disable this page in the phpBB Administration Panel.'); case 'profile_info':