[ros-diffs] [cfinck] 33983: Die with an error message if a user tries to edit his account settings using the phpBB Control Panel. This message is only shown if the board administrator forgot to disable the "Edit account settings" page in the phpBB Administration Control Panel (so a user usually never sees this message).
cfinck at svn.reactos.org
cfinck at svn.reactos.org
Sun Jun 15 15:42:59 CEST 2008
Author: cfinck
Date: Sun Jun 15 08:42:58 2008
New Revision: 33983
URL: http://svn.reactos.org/svn/reactos?rev=33983&view=rev
Log:
Die with an error message if a user tries to edit his account settings using the phpBB Control Panel.
This message is only shown if the board administrator forgot to disable the "Edit account settings" page in the phpBB Administration Control Panel (so a user usually never sees this message).
Modified:
trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php
Modified: trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php
URL: http://svn.reactos.org/svn/reactos/trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php?rev=33983&r1=33982&r2=33983&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php [iso-8859-1] (original)
+++ trunk/web/reactos.org/htdocs/forum/includes/ucp/ucp_profile.php [iso-8859-1] Sun Jun 15 08:42:58 2008
@@ -42,226 +42,7 @@
switch ($mode)
{
case 'reg_details':
-
- $data = array(
- 'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)),
- 'email' => strtolower(request_var('email', $user->data['user_email'])),
- 'email_confirm' => strtolower(request_var('email_confirm', '')),
- 'new_password' => request_var('new_password', '', true),
- 'cur_password' => request_var('cur_password', '', true),
- 'password_confirm' => request_var('password_confirm', '', true),
- );
-
- add_form_key('ucp_reg_details');
-
- if ($submit)
- {
- // Do not check cur_password, it is the old one.
- $check_ary = array(
- 'new_password' => array(
- array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
- array('password')),
- 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
- 'email' => array(
- array('string', false, 6, 60),
- array('email')),
- 'email_confirm' => array('string', true, 6, 60),
- );
-
- if ($auth->acl_get('u_chgname') && $config['allow_namechange'])
- {
- $check_ary['username'] = array(
- array('string', false, $config['min_name_chars'], $config['max_name_chars']),
- array('username'),
- );
- }
-
- $error = validate_data($data, $check_ary);
-
- if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
- {
- $error[] = 'NEW_PASSWORD_ERROR';
- }
-
- if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && !phpbb_check_hash($data['cur_password'], $user->data['user_password']))
- {
- $error[] = 'CUR_PASSWORD_ERROR';
- }
-
- // Only check the new password against the previous password if there have been no errors
- if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password']))
- {
- $error[] = 'SAME_PASSWORD_ERROR';
- }
-
- if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])
- {
- $error[] = 'NEW_EMAIL_ERROR';
- }
-
- if (!check_form_key('ucp_reg_details'))
- {
- $error[] = 'FORM_INVALID';
- }
-
- if (!sizeof($error))
- {
- $sql_ary = array(
- 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
- 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
- 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
- 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32($data['email']) . strlen($data['email']) : $user->data['user_email_hash'],
- 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'],
- 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
- );
-
- if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
- {
- add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
- }
-
- if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password']))
- {
- $user->reset_login_keys();
- add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
- }
-
- if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
- {
- add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
- }
-
- $message = 'PROFILE_UPDATED';
-
- if ($config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
- {
- $message = ($config['require_activation'] == USER_ACTIVATION_SELF) ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN';
-
- include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
-
- $server_url = generate_board_url();
-
- $user_actkey = gen_rand_string(10);
- $key_len = 54 - (strlen($server_url));
- $key_len = ($key_len > 6) ? $key_len : 6;
- $user_actkey = substr($user_actkey, 0, $key_len);
-
- $messenger = new messenger(false);
-
- $template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate';
- $messenger->template($template_file, $user->data['user_lang']);
-
- $messenger->to($data['email'], $data['username']);
-
- $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
- $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
- $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
- $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
-
- $messenger->assign_vars(array(
- 'USERNAME' => htmlspecialchars_decode($data['username']),
- 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
- );
-
- $messenger->send(NOTIFY_EMAIL);
-
- if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
- {
- // Grab an array of user_id's with a_user permissions ... these users can activate a user
- $admin_ary = $auth->acl_get_list(false, 'a_user', false);
- $admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();
-
- // Also include founders
- $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
-
- if (sizeof($admin_ary))
- {
- $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
- }
-
- $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
- FROM ' . USERS_TABLE . ' ' .
- $where_sql;
- $result = $db->sql_query($sql);
-
- while ($row = $db->sql_fetchrow($result))
- {
- $messenger->template('admin_activate', $row['user_lang']);
- $messenger->to($row['user_email'], $row['username']);
- $messenger->im($row['user_jabber'], $row['username']);
-
- $messenger->assign_vars(array(
- 'USERNAME' => htmlspecialchars_decode($data['username']),
- 'U_USER_DETAILS' => "$server_url/memberlist.$phpEx?mode=viewprofile&u={$user->data['user_id']}",
- 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
- );
-
- $messenger->send($row['user_notify_type']);
- }
- $db->sql_freeresult($result);
- }
-
- user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE);
-
- // Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail)
- $sql_ary['user_actkey'] = $user_actkey;
- $sql_ary['user_newpasswd'] = '';
- }
-
- if (sizeof($sql_ary))
- {
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
- WHERE user_id = ' . $user->data['user_id'];
- $db->sql_query($sql);
- }
-
- // Need to update config, forum, topic, posting, messages, etc.
- if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
- {
- user_update_name($user->data['username'], $data['username']);
- }
-
- // Now, we can remove the user completely (kill the session) - NOT BEFORE!!!
- if (!empty($sql_ary['user_actkey']))
- {
- meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx));
- $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>');
-
- // Because the user gets deactivated we log him out too, killing his session
- $user->session_kill();
- }
- else
- {
- meta_refresh(3, $this->u_action);
- $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
- }
-
- trigger_error($message);
- }
-
- // Replace "error" strings with their real, localised form
- $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
- }
-
- $template->assign_vars(array(
- 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
-
- 'USERNAME' => $data['username'],
- 'EMAIL' => $data['email'],
- 'PASSWORD_CONFIRM' => $data['password_confirm'],
- 'NEW_PASSWORD' => $data['new_password'],
- 'CUR_PASSWORD' => '',
-
- 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
- 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
-
- 'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
- 'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,
- 'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false,
- 'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false)
- );
- break;
+ die('You can modify your account settings using the <a href="/roscms/?page=user&sec=account&sec2=edit">myReactOS Settings</a> page.<br /><br />Please tell an Administrator to disable this page in the phpBB Administration Panel.');
case 'profile_info':
More information about the Ros-diffs
mailing list