From ff58fc5e7c66ea43a292c48ffb58061b0d1c52a8 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Mon, 7 Jul 2003 23:43:57 +0000 Subject: [PATCH] Move certain methods out of ucp class, move ucp class into ucp, break half a dozen other features, introduce x hundred new, exciting bugs git-svn-id: file:///svn/phpbb/trunk@4213 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 711 ++++++++++------------------ phpBB/includes/ucp/ucp_main.php | 29 +- phpBB/includes/ucp/ucp_prefs.php | 34 +- phpBB/includes/ucp/ucp_profile.php | 17 +- phpBB/includes/ucp/ucp_register.php | 6 +- phpBB/posting.php | 9 +- phpBB/ucp.php | 259 +++++++++- 7 files changed, 565 insertions(+), 500 deletions(-) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 8fa26793b2..f1874a03a2 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -19,519 +19,330 @@ * ***************************************************************************/ -// Handles manipulation of user data. Primary used in registration -// and user profile manipulation -class ucp extends user + +// Generates an alphanumeric random string of given length +function gen_rand_string($num_chars) { - var $modules = array(); - var $error = array(); + $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); - // Loads a given module (if it isn't already available), instantiates - // a new object, and where appropriate calls the modules init method - function load_module($module_name) + list($usec, $sec) = explode(' ', microtime()); + mt_srand($sec * $usec); + + $max_chars = count($chars) - 1; + $rand_str = ''; + for ($i = 0; $i < $num_chars; $i++) { - if (!class_exists('ucp_' . $module_name)) + $rand_str .= $chars[mt_rand(0, $max_chars)]; + } + + return $rand_str; +} + +// Check to see if the username has been taken, or if it is disallowed. +// Also checks if it includes the " character, which we don't allow in usernames. +// Used for registering, changing names, and posting anonymously with a username +function validate_username($username) +{ + global $db, $user; + + $sql = 'SELECT username + FROM ' . USERS_TABLE . " + WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'"; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + return 'USERNAME_TAKEN'; + } + $db->sql_freeresult($result); + + $sql = 'SELECT group_name + FROM ' . GROUPS_TABLE . " + WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'"; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + return 'USERNAME_TAKEN'; + } + $db->sql_freeresult($result); + + $sql = 'SELECT disallow_username + FROM ' . DISALLOW_TABLE; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (preg_match('#' . str_replace('*', '.*?', preg_quote($row['disallow_username'], '#')) . '#i', $username)) { - global $phpbb_root_path, $phpEx; - - require_once($phpbb_root_path . 'includes/ucp/ucp_' . $module_name . '.'.$phpEx); - eval('$this->module[' . $module_name . '] = new ucp_' . $module_name . '();'); - - if (method_exists($this->module[$module_name], 'init')) - { - $this->module[$module_name]->init(); - } + return 'USERNAME_DISALLOWED'; } } + $db->sql_freeresult($result); - // This is replaced by the loaded module - function main($module_id = false) + $sql = 'SELECT word + FROM ' . WORDS_TABLE; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) { - return false; - } - - // This generates the block template variable for outputting the list - // of submodules, should be called with an associative array of modules - // in the form 'LANG_STRING' => 'LINK' - function subsection(&$module_ary, &$selected_module) - { - global $template, $user, $phpEx, $SID; - - foreach($module_ary as $section_title => $module_link) + if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username)) { - $template->assign_block_vars('ucp_subsection', array( - 'L_TITLE' => $user->lang['UCP_' . $section_title], - - 'S_SELECTED'=> ($section_title == strtoupper($selected_module)) ? true : false, - - 'U_TITLE' => "ucp.$phpEx$SID&$module_link") - ); + return 'USERNAME_DISALLOWED'; } } + $db->sql_freeresult($result); - // Displays the appropriate template with the given title - function display(&$page_title, $tpl_name) + return false; +} + +// Check to see if email address is banned or already present in the DB +function validate_email($email) +{ + global $config, $db, $user; + + if (preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email)) { - global $template, $phpEx; - - page_header($page_title); - - $template->set_filenames(array( - 'body' => $tpl_name) - ); - make_jumpbox('viewforum.'.$phpEx); - - page_footer(); - } - - // Generates list of additional fields, their type, appropriate data - // etc. for admin defined fields - function extra_fields($page) - { - return false; - } - - // Generates an alphanumeric random string of given length - function gen_rand_string($num_chars) - { - $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); - - list($usec, $sec) = explode(' ', microtime()); - mt_srand($sec * $usec); - - $max_chars = count($chars) - 1; - $rand_str = ''; - for ($i = 0; $i < $num_chars; $i++) - { - $rand_str .= $chars[mt_rand(0, $max_chars)]; - } - - return $rand_str; - } - - // Normalises supplied data dependant on required type/length, errors - // on incorrect data - function normalise_data(&$data, &$normalise) - { - $valid_data = array(); - foreach ($normalise as $var_type => $var_ary) - { - foreach ($var_ary as $var_name => $var_limits) - { - $var_name = (is_string($var_name)) ? $var_name : $var_limits; - - if (isset($data[$var_name])) - { - switch ($var_type) - { - case 'int': - $valid_data[$var_name] = (int) $data[$var_name]; - break; - - case 'float': - $valid_data[$var_name] = (double) $data[$var_name]; - break; - - case 'bool': - $valid_data[$var_name] = ($data[$var_name] <= 0) ? 0 : 1; - break; - - case 'string': - // Cleanup data, remove excess spaces, run entites - $valid_data[$var_name] = htmlentities(trim(preg_replace('#\s{2,}#s', ' ', strtr((string) $data[$var_name], array_flip(get_html_translation_table(HTML_ENTITIES)))))); - - // How should we check this data? - if (!is_array($var_limits)) - { - // Is the match a string? If it is, process it further, else we'll - // assume it's a maximum length - if (is_string($var_limits)) - { - if (strstr($var_limits, ',')) - { - list($min_value, $max_value) = explode(',', $var_limits); - if (!empty($valid_data[$var_name]) && strlen($valid_data[$var_name]) < $min_value) - { - $this->error[] = strtoupper($var_name) . '_TOO_SHORT'; - } - - if (strlen($valid_data[$var_name]) > $max_value) - { - $this->error[] = strtoupper($var_name) . '_TOO_LONG'; - } - } - } - else - { - if (strlen($valid_data[$var_name]) > $var_limits) - { - $this->error[] = strtoupper($var_name) . '_TOO_LONG'; - } - } - } - break; - } - } - } - } - - return $valid_data; - } - - // Validates data subject to supplied requirements, errors appropriately - function validate_data(&$data, &$validate) - { - global $db, $user, $config; - - foreach ($validate as $operation => $var_ary) - { - foreach ($var_ary as $var_name => $compare) - { - if (!empty($compare)) - { - switch ($operation) - { - case 'match': - if (is_array($compare)) - { - foreach ($compare as $match) - { - if (!preg_match($match, $data[$var_name])) - { - $this->error[] = strtoupper($var_name) . '_WRONG_DATA'; - } - } - } - else if (!preg_match($compare, $data[$var_name])) - { - $this->error[] = strtoupper($var_name) . '_WRONG_DATA'; - } - break; - - case 'compare': - if (is_array($compare)) - { - if (!in_array($data[$var_name], $compare)) - { - $this->error[] = strtoupper($var_name) . '_MISMATCH'; - } - } - else if ($data[$var_name] != $compare) - { - $this->error[] = strtoupper($var_name) . '_MISMATCH'; - } - break; - - case 'function': - if ($result = $this->$compare($data[$var_name])) - { - $this->error[] = $result; - } - - break; - - case 'reqd': - if (!isset($data[$compare]) || (is_string($data[$compare]) && $data[$compare] === '')) - { - $this->error[] = strtoupper($compare) . '_MISSING_DATA'; - } - break; - } - } - } - } - } - - // Check to see if the username has been taken, or if it is disallowed. - // Also checks if it includes the " character, which we don't allow in usernames. - // Used for registering, changing names, and posting anonymously with a username - function validate_username($username) - { - global $db, $user; - - $sql = "SELECT username - FROM " . USERS_TABLE . " - WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'"; + $sql = 'SELECT ban_email + FROM ' . BANLIST_TABLE; $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return 'USERNAME_TAKEN'; - } - $db->sql_freeresult($result); - - $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . " - WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return 'USERNAME_TAKEN'; - } - $db->sql_freeresult($result); - $sql = 'SELECT disallow_username - FROM ' . DISALLOW_TABLE; - $result = $db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) { - if (preg_match('#' . str_replace('*', '.*?', preg_quote($row['disallow_username'], '#')) . '#i', $username)) + if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email)) { - return 'USERNAME_DISALLOWED'; + return 'EMAIL_BANNED'; } } $db->sql_freeresult($result); - $sql = 'SELECT word - FROM ' . WORDS_TABLE; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) + if (!$config['allow_emailreuse']) { - if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username)) - { - return 'USERNAME_DISALLOWED'; - } - } - $db->sql_freeresult($result); - - return false; - } - - // Check to see if email address is banned or already present in the DB - function validate_email($email) - { - global $config, $db, $user; - - if (preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email)) - { - $sql = 'SELECT ban_email - FROM ' . BANLIST_TABLE; + $sql = 'SELECT user_email + FROM ' . USERS_TABLE . " + WHERE user_email = '" . $db->sql_escape($email) . "'"; $result = $db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + if ($row = $db->sql_fetchrow($result)) { - if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email)) - { - return 'EMAIL_BANNED'; - } + return 'EMAIL_TAKEN'; } $db->sql_freeresult($result); - - if (!$config['allow_emailreuse']) - { - $sql = 'SELECT user_email - FROM ' . USERS_TABLE . " - WHERE user_email = '" . $db->sql_escape($email) . "'"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - return 'EMAIL_TAKEN'; - } - $db->sql_freeresult($result); - } - - return false; } - - return 'EMAIL_INVALID'; + + return false; } + return 'EMAIL_INVALID'; +} +function update_username($old_name, $new_name) +{ + global $db; + $update_ary = array( + FORUMS_TABLE => array('forum_last_poster_name'), + MODERATOR_TABLE => array('username'), + POSTS_TABLE => array('poster_username'), + TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'), + ); - - function update_username($old_name, $new_name) + foreach ($update_ary as $table => $field_ary) { - global $db; - - } - - - - - function avatar_delete() - { - global $config, $db, $user; - - if (@file_exists('./' . $config['avatar_path'] . '/' . $user->data['user_avatar'])) + foreach ($field_ary as $field) { - @unlink('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']); + $sql = "UPDATE $table + SET $field = '$new_name' + WHERE $field = '$old_name'"; + $db->sql_query($sql); } } - function avatar_remote(&$data) + $sql = 'UPDATE ' . CONFIG_TABLE . " + SET config_value = '" . $new_name . "' + WHERE config_name = 'newest_username' + AND config_value = '" . $old_name . "'"; + $db->sql_query($sql); +} + +function avatar_delete() +{ + global $config, $db, $user; + + if (@file_exists('./' . $config['avatar_path'] . '/' . $user->data['user_avatar'])) { - global $config, $db, $user, $phpbb_root_path; + @unlink('./' . $config['avatar_path'] . '/' . $user->data['user_avatar']); + } +} - if (!preg_match('#^(http[s]*?)|(ftp)://#i', $data['remotelink'])) - { - $data['remotelink'] = 'http://' . $data['remotelink']; - } +function avatar_remote(&$data) +{ + global $config, $db, $user, $phpbb_root_path; - if (!preg_match('#^(http[s]?)|(ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink'])) + if (!preg_match('#^(http[s]*?)|(ftp)://#i', $data['remotelink'])) + { + $data['remotelink'] = 'http://' . $data['remotelink']; + } + + if (!preg_match('#^(http[s]?)|(ftp)://(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}:?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink'])) + { + $this->error[] = $user->lang['AVATAR_URL_INVALID']; + return true; + } + + if ((!($data['width'] || $data['height']) || $data['remotelink'] != $user->data['user_avatar']) && ($config['avatar_max_width'] || $config['avatar_max_height'])) + { + list($width, $height) = @getimagesize($data['remotelink']); + + if (!$width || !$height) { - $this->error[] = $user->lang['AVATAR_URL_INVALID']; + $this->error[] = $user->lang['AVATAR_NO_SIZE']; return true; } - - if ((!($data['width'] || $data['height']) || $data['remotelink'] != $user->data['user_avatar']) && ($config['avatar_max_width'] || $config['avatar_max_height'])) - { - list($width, $height) = @getimagesize($data['remotelink']); - - if (!$width || !$height) - { - $this->error[] = $user->lang['AVATAR_NO_SIZE']; - return true; - } - else if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) - { - $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']); - return true; - } - - $data['width'] = &$width; - $data['height'] = &$height; - } - else if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height']) + else if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) { $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']); return true; } - // Set type - $data['filename'] = &$data['remotelink']; - $data['type'] = AVATAR_REMOTE; - - return false; - } - - function avatar_upload(&$data) - { - global $config, $db, $user; - - if (!empty($_FILES['uploadfile']['tmp_name'])) - { - $filename = $_FILES['uploadfile']['tmp_name']; - $filesize = $_FILES['uploadfile']['size']; - $realname = $_FILES['uploadfile']['name']; - - if (file_exists($filename) && preg_match('#^(.*?)\.(jpg|jpeg|gif|png)$#i', $realname, $match)) - { - $realname = $match[1]; - $filetype = $match[2]; - $php_move = 'move_uploaded_file'; - } - else - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - } - else if (preg_match('#^(http://).*?\.(jpg|jpeg|gif|png)$#i', $data['uploadurl'], $match)) - { - if (empty($match[2])) - { - $this->error[] = $user->lang['AVATAR_URL_INVALID']; - return true; - } - - $url = parse_url($data['uploadurl']); - - $host = $url['host']; - $path = dirname($url['path']); - $port = (!empty($url['port'])) ? $url['port'] : 80; - $filetype = array_pop(explode('.', $url['path'])); - $realname = basename($url['path'], '.' . $filetype); - $filename = $url['path']; - $filesize = 0; - - if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - - fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n"); - fputs($fsock, "HOST: " . $host . "\r\n"); - fputs($fsock, "Connection: close\r\n\r\n"); - - $avatar_data = ''; - while (!feof($fsock)) - { - $avatar_data .= fread($fsock, $config['avatar_filesize']); - } - @fclose($fsock); - $avatar_data = array_pop(explode("\r\n", $avatar_data)); - - if (empty($avatar_data)) - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - unset($url_ary); - - $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache/tmp'; - $filename = tempnam($tmp_path, uniqid(rand()) . '-'); - - if (!($fp = @fopen($filename, 'wb'))) - { - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - $filesize = fwrite($fp, $avatar_data); - fclose($fp); - unset($avatar_data); - - if (!$filesize) - { - unlink($filename); - $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return true; - } - - $php_move = 'copy'; - } - - list($width, $height) = getimagesize($filename); - - if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'] || $width < $config['avatar_min_width'] || $height < $config['avatar_min_height'] || !$width || !$height) - { - $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); - return true; - } - - // Replace any chars which may cause us problems with _ - $bad_chars = array(' ', '/', ':', '*', '?', '"', '<', '>', '|'); - - $data['filename'] = $user->data['user_id'] . '_' . str_replace($bad_chars, '_', $realname) . '.' . $filetype; $data['width'] = &$width; $data['height'] = &$height; + } + else if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height']) + { + $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_max_width'], $config['avatar_max_height']); + return true; + } - if(!$php_move($filename, './' . $config['avatar_path'] . '/' . $data['filename'])) + // Set type + $data['filename'] = &$data['remotelink']; + $data['type'] = AVATAR_REMOTE; + + return false; +} + +function avatar_upload(&$data) +{ + global $config, $db, $user; + + if (!empty($_FILES['uploadfile']['tmp_name'])) + { + $filename = $_FILES['uploadfile']['tmp_name']; + $filesize = $_FILES['uploadfile']['size']; + $realname = $_FILES['uploadfile']['name']; + + if (file_exists($filename) && preg_match('#^(.*?)\.(jpg|jpeg|gif|png)$#i', $realname, $match)) + { + $realname = $match[1]; + $filetype = $match[2]; + $php_move = 'move_uploaded_file'; + } + else { - @unlink($filename); $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; return true; } - @unlink($filename); - - $filesize = filesize('./' . $config['avatar_path'] . '/' . $data['filename']); - if (!$filesize || $filesize > $config['avatar_filesize']) + } + else if (preg_match('#^(http://).*?\.(jpg|jpeg|gif|png)$#i', $data['uploadurl'], $match)) + { + if (empty($match[2])) { - @unlink('./' . $config['avatar_path'] . '/' . $data['filename']); - $this->error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']); + $this->error[] = $user->lang['AVATAR_URL_INVALID']; return true; } - // Set type - $data['type'] = AVATAR_UPLOAD; + $url = parse_url($data['uploadurl']); - return; + $host = $url['host']; + $path = dirname($url['path']); + $port = (!empty($url['port'])) ? $url['port'] : 80; + $filetype = array_pop(explode('.', $url['path'])); + $realname = basename($url['path'], '.' . $filetype); + $filename = $url['path']; + $filesize = 0; + + if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) + { + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; + return true; + } + + fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n"); + fputs($fsock, "HOST: " . $host . "\r\n"); + fputs($fsock, "Connection: close\r\n\r\n"); + + $avatar_data = ''; + while (!feof($fsock)) + { + $avatar_data .= fread($fsock, $config['avatar_filesize']); + } + @fclose($fsock); + $avatar_data = array_pop(explode("\r\n", $avatar_data)); + + if (empty($avatar_data)) + { + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; + return true; + } + unset($url_ary); + + $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache/tmp'; + $filename = tempnam($tmp_path, uniqid(rand()) . '-'); + + if (!($fp = @fopen($filename, 'wb'))) + { + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; + return true; + } + $filesize = fwrite($fp, $avatar_data); + fclose($fp); + unset($avatar_data); + + if (!$filesize) + { + unlink($filename); + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; + return true; + } + + $php_move = 'copy'; } + + list($width, $height) = getimagesize($filename); + + if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'] || $width < $config['avatar_min_width'] || $height < $config['avatar_min_height'] || !$width || !$height) + { + $this->error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); + return true; + } + + // Replace any chars which may cause us problems with _ + $bad_chars = array(' ', '/', ':', '*', '?', '"', '<', '>', '|'); + + $data['filename'] = $user->data['user_id'] . '_' . str_replace($bad_chars, '_', $realname) . '.' . $filetype; + $data['width'] = &$width; + $data['height'] = &$height; + + if(!$php_move($filename, './' . $config['avatar_path'] . '/' . $data['filename'])) + { + @unlink($filename); + $this->error[] = $user->lang['AVATAR_NOT_UPLOADED']; + return true; + } + @unlink($filename); + + $filesize = filesize('./' . $config['avatar_path'] . '/' . $data['filename']); + if (!$filesize || $filesize > $config['avatar_filesize']) + { + @unlink('./' . $config['avatar_path'] . '/' . $data['filename']); + $this->error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']); + return true; + } + + // Set type + $data['type'] = AVATAR_UPLOAD; + + return; } ?> \ No newline at end of file diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 4e5e5bbd58..13921c776d 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -31,7 +31,7 @@ class ucp_main extends ucp $submodules['FRONT'] = "i=$id&mode=front"; $submodules['WATCHED'] = "i=$id&mode=watched"; - $this->subsection($submodules, $submode); + $this->menu($id, $submodules, $submode); unset($submodules); switch ($submode) @@ -152,8 +152,8 @@ class ucp_main extends ucp 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), 'ATTACH_ICON_IMG' => ($auth->acl_get('f_download', $forum_id) && $row['topic_attachment']) ? $user->img('icon_attach', '') : '', - 'S_ROW_COUNT' => $i, - 'S_USER_POSTED' => (!empty($row['mark_type'])) ? true : false, + 'S_ROW_COUNT' => $i, + 'S_USER_POSTED' => (!empty($row['mark_type'])) ? true : false, 'U_VIEW_TOPIC' => $view_topic_url) ); @@ -163,7 +163,6 @@ class ucp_main extends ucp $db->sql_freeresult($result); //TODO -/* $sql_and = ''; $sql = 'SELECT COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . ' @@ -184,7 +183,7 @@ class ucp_main extends ucp $post_count_sql"; $result = $db->sql_query($sql); - $num_real_posts = min($row['user_posts'], $db->sql_fetchfield('num_posts', 0, $result)); + $num_real_posts = min($user->data['user_posts'], $db->sql_fetchfield('num_posts', 0, $result)); $db->sql_freeresult($result); $sql = "SELECT f.forum_id, f.forum_name, COUNT(post_id) AS num_posts @@ -237,9 +236,15 @@ class ucp_main extends ucp } unset($active_t_row); - $template->assign_vars(show_profile($row)); +// $template->assign_vars(show_profile($row)); $template->assign_vars(array( + 'USER_COLOR' => (!empty($user->data['user_colour'])) ? $user->data['user_colour'] : '', + 'RANK_TITLE' => $rank_title, + 'KARMA' => (!empty($row['user_karma'])) ? $user->data['user_karma'] : 0, + 'JOINED' => $user->format_date($user->data['user_regdate'], $user->lang['DATE_FORMAT']), + 'VISITED' => (empty($last_visit)) ? ' - ' : $user->format_date($last_visit, $user->lang['DATE_FORMAT']), + 'POSTS' => ($data['user_posts']) ? $data['user_posts'] : 0, 'POSTS_DAY' => sprintf($user->lang['POST_DAY'], $posts_per_day), 'POSTS_PCT' => sprintf($user->lang['POST_PCT'], $percentage), 'ACTIVE_FORUM' => $active_f_name, @@ -252,13 +257,12 @@ class ucp_main extends ucp 'OCCUPATION' => (!empty($row['user_occ'])) ? $row['user_occ'] : '', 'INTERESTS' => (!empty($row['user_interests'])) ? $row['user_interests'] : '', - 'S_PROFILE_ACTION' => "groupcp.$phpEx$SID", 'S_GROUP_OPTIONS' => $group_options, 'U_ACTIVE_FORUM' => "viewforum.$phpEx$SID&f=$active_f_id", 'U_ACTIVE_TOPIC' => "viewtopic.$phpEx$SID&t=$active_t_id",) ); -*/ + break; case 'watched': @@ -385,15 +389,14 @@ class ucp_main extends ucp // Subscribed Topics - $sql_t_tracking = ($config['load_db_lastread'] || $config['load_db_track']) ? 'LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')' : ''; - $sql_f_tracking = ($config['load_db_lastread']) ? 'LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.forum_id = t.forum_id AND ft.user_id = ' . $user->data['user_id'] . ')' : ''; + $sql_from = ($config['load_db_lastread'] || $config['load_db_track']) ? '(' . TOPICS_TABLE . ' t LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . '))' : TOPICS_TABLE . ' t'; +// $sql_f_tracking = ($config['load_db_lastread']) ? 'LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.forum_id = t.forum_id AND ft.user_id = ' . $user->data['user_id'] . ')' : ''; $sql_t_select = ($config['load_db_lastread'] || $config['load_db_track']) ? ', tt.mark_type, tt.mark_time' : ''; - $sql_f_select = ($config['load_db_lastread']) ? ', ft.mark_time AS forum_mark_time' : ''; +// $sql_f_select = ($config['load_db_lastread']) ? ', ft.mark_time AS forum_mark_time' : ''; $sql = "SELECT t.* $sql_f_select $sql_t_select - FROM ((" . TOPICS_TABLE . " t - $sql_f_tracking) $sql_t_tracking), " . TOPICS_WATCH_TABLE . ' tw + FROM $sql_from, " . TOPICS_WATCH_TABLE . ' tw WHERE tw.user_id = ' . $user->data['user_id'] . ' AND t.topic_id = tw.topic_id ORDER BY t.topic_last_post_time DESC'; diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 1df28f80f8..c6e2e52328 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -32,7 +32,7 @@ class ucp_prefs extends ucp $submodules['VIEW'] = "i=$id&mode=view"; $submodules['POST'] = "i=$id&mode=post"; - $this->subsection($submodules, $submode); + $this->menu($id, $submodules, $submode); unset($submodules); switch($submode) @@ -49,7 +49,7 @@ class ucp_prefs extends ucp ), 'int' => array('dst', 'style'), 'float' => array('tz'), - 'bool' => array('viewemail', 'hideonline', 'notifypm', 'popuppm') + 'bool' => array('viewemail', 'massemail', 'hideonline', 'notifypm', 'popuppm') ); $data = $this->normalise_data($_POST, $normalise); @@ -64,8 +64,9 @@ class ucp_prefs extends ucp if (!sizeof($this->error)) { $sql_ary = array( - 'user_allow_viewemail' => $data['viewemail'], - 'user_allow_viewonline' => !$data['hideonline'], + 'user_allow_viewemail' => $data['viewemail'], + 'user_allow_massemail' => $data['massemail'], + 'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$data['hideonline'] : $user->data['user_allow_viewonline'], 'user_notify_pm' => $data['notifypm'], 'user_popup_pm' => $data['popuppm'], 'user_dst' => $data['dst'], @@ -90,9 +91,12 @@ class ucp_prefs extends ucp unset($data); } - $view_email = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail']; + $viewemail = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail']; $view_email_yes = ($viewemail) ? ' checked="checked"' : ''; $view_email_no = (!$viewemail) ? ' checked="checked"' : ''; + $massemail = (isset($massemail)) ? $massemail : $user->data['user_allow_massemail']; + $mass_email_yes = ($massemail) ? ' checked="checked"' : ''; + $mass_email_no = (!$massemail) ? ' checked="checked"' : ''; $hideonline = (isset($hideonline)) ? $hideonline : !$user->data['user_allow_viewonline']; $hide_online_yes = ($hideonline) ? ' checked="checked"' : ''; $hide_online_no = (!$hideonline) ? ' checked="checked"' : ''; @@ -116,6 +120,8 @@ class ucp_prefs extends ucp 'VIEW_EMAIL_YES' => $view_email_yes, 'VIEW_EMAIL_NO' => $view_email_no, + 'ADMIN_EMAIL_YES' => $mass_email_yes, + 'ADMIN_EMAIL_NO' => $mass_email_no, 'HIDE_ONLINE_YES' => $hide_online_yes, 'HIDE_ONLINE_NO' => $hide_online_no, 'NOTIFY_PM_YES' => $notify_pm_yes, @@ -129,7 +135,9 @@ class ucp_prefs extends ucp 'S_LANG_OPTIONS' => language_select($lang), 'S_STYLE_OPTIONS' => style_select($style), - 'S_TZ_OPTIONS' => tz_select($tz)) + 'S_TZ_OPTIONS' => tz_select($tz), + 'S_CAN_HIDE_ONLINE' => true, + ) ); break; @@ -143,7 +151,7 @@ class ucp_prefs extends ucp 'sk' => '1,1', 'sd' => '1,1', ), - 'int' => array('st'), + 'int' => array('st', 'minkarma'), 'bool' => array('images', 'flash', 'smilies', 'sigs', 'avatars', 'wordcensor'), ); $data = $this->normalise_data($_POST, $normalise); @@ -159,7 +167,8 @@ class ucp_prefs extends ucp 'user_viewcensors' => ($auth->acl_get('u_chgcensors')) ? $data['wordcensor'] : $user->data['user_viewcensors'], 'user_sortby_type' => $data['sk'], 'user_sortby_dir' => $data['sd'], - 'user_show_days' => $data['st'], + 'user_show_days' => $data['st'], + 'user_min_karma' => $data['minkarma'], ); $sql = 'UPDATE ' . USERS_TABLE . ' @@ -190,6 +199,14 @@ class ucp_prefs extends ucp $s_limit_days = $s_sort_key = $s_sort_dir = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, &$s_limit_days, &$s_sort_key, &$s_sort_dir); + $s_min_karma_options = ''; + $minkarma = (isset($minkarma)) ? $minkarma : $user->data['user_min_karma']; + for ($i = -5; $i < 6; $i++) + { + $selected = ($i == $minkarma) ? ' selected="selected"' : ''; + $s_min_karma_options .= ""; + } + $images = (isset($images)) ? $images : $user->data['user_viewimg']; $images_yes = ($images) ? ' checked="checked"' : ''; $images_no = (!$images) ? ' checked="checked"' : ''; @@ -225,6 +242,7 @@ class ucp_prefs extends ucp 'DISABLE_CENSORS_YES' => $wordcensor_yes, 'DISABLE_CENSORS_NO' => $wordcensor_no, + 'S_MIN_KARMA_OPTIONS' => $s_min_karma_options, 'S_CHANGE_CENSORS' => ($auth->acl_get('u_chgcensors')) ? true : false, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_SELECT_SORT_KEY' => $s_sort_key, diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index f08f30d947..beafc0ace1 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -25,7 +25,7 @@ class ucp_profile extends ucp { global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; - $submode = ($_REQUEST['mode']) ? htmlspecialchars($_REQUEST['mode']) : 'reg_details'; + $submode = (isset($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : 'reg_details'; $error = ''; $submodules['REG_DETAILS'] = "i=$id&mode=reg_details"; @@ -33,7 +33,7 @@ class ucp_profile extends ucp $submodules['SIGNATURE'] = "i=$id&mode=signature"; $submodules['AVATAR'] = "i=$id&mode=avatar"; - $this->subsection($submodules, $submode); + $this->menu($id, $submodules, $submode); unset($submodules); switch ($submode) @@ -66,7 +66,7 @@ class ucp_profile extends ucp 'email_confirm' => ($data['email'] != $user->data['user_email']) ? $data['email'] : '', ), 'match' => array( - 'username' => ($data['username'] != $user->data['username']) ? '#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#iu' : '', + 'username' => ($data['username'] != $user->data['username']) ? '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu' : '', ), 'function' => array( 'username' => ($data['username'] != $user->data['username']) ? 'validate_username' : '', @@ -91,7 +91,7 @@ class ucp_profile extends ucp // Need to update config, forum, topic, posting, messages, etc. if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') & $config['allow_namechange']) { - $this->update_username($user->data['username'], $data['username']); + update_username($user->data['username'], $data['username']); } meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$submode"); @@ -349,13 +349,12 @@ class ucp_profile extends ucp // Can we upload? $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || @ini_get('file_uploads') == 'On')) ? true : false; - if (isset($_POST['submit'])) { $data = array(); if (!empty($_FILES['uploadfile']['tmp_name']) && $can_upload) { - $this->avatar_upload($data); + avatar_upload($data); } else if (!empty($_POST['uploadurl']) && $can_upload) { @@ -366,7 +365,7 @@ class ucp_profile extends ucp ); $data = $this->normalise_data($_POST, $normalise); - $this->avatar_upload($data); + avatar_upload($data); } else if (!empty($_POST['remotelink']) && $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote']) { @@ -379,7 +378,7 @@ class ucp_profile extends ucp ); $data = $this->normalise_data($_POST, $normalise); - $this->avatar_remote($data); + avatar_remote($data); } else if (!empty($_POST['delete']) && $auth->acl_get('u_chgavatar')) { @@ -406,7 +405,7 @@ class ucp_profile extends ucp // Delete old avatar if present if ($user->data['user_avatar'] != '' && $data['filename'] != $user->data['user_avatar']) { - $this->avatar_delete(); + avatar_delete(); } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index b217455cb9..f6b9b51330 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -92,7 +92,7 @@ class ucp_register extends ucp 'email_confirm' => $data['email'], ), 'match' => array( - 'username' => '#^' . str_replace('\\\\', '\\', $config['allow_name_chars']) . '$#iu', + 'username' => '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu', ), 'function' => array( 'username' => 'validate_username', @@ -146,7 +146,7 @@ class ucp_register extends ucp $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) { - $user_actkey = $this->gen_rand_string(10); + $user_actkey = gen_rand_string(10); $key_len = 54 - (strlen($server_url)); $key_len = ($key_len > 6) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); @@ -324,7 +324,7 @@ class ucp_register extends ucp } $db->sql_freeresult($result); - $code = $this->gen_rand_string(6); + $code = gen_rand_string(6); $confirm_id = md5(uniqid($user_ip)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) diff --git a/phpBB/posting.php b/phpBB/posting.php index 809e79f59f..065c35bd6f 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -109,7 +109,8 @@ switch ($mode) $sql = 'SELECT t.*, f.* FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f WHERE t.topic_id = $topic_id - AND f.forum_id IN (t.forum_id, $forum_id)"; + AND (f.forum_id = t.forum_id + OR f.forum_id = $forum_id)"; $forum_validate = $topic_validate = true; break; @@ -131,7 +132,8 @@ switch ($mode) WHERE p.post_id = $post_id AND t.topic_id = p.topic_id AND u.user_id = p.poster_id - AND f.forum_id IN (t.forum_id, $forum_id)"; + AND (f.forum_id = t.forum_id + OR f.forum_id = $forum_id)"; $forum_validate = $topic_validate = $post_validate = true; break; @@ -667,10 +669,9 @@ if ($submit || $preview || $refresh) if (($username != '' && $user->data['user_id'] == ANONYMOUS) || ($mode == 'edit' && $post_username != '')) { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); - $ucp = new ucp(); $username = strip_tags(htmlspecialchars($username)); - if (($result = $ucp->validate_username($username)) != false) + if (($result = validate_username($username)) != false) { $error[] = $result; } diff --git a/phpBB/ucp.php b/phpBB/ucp.php index 28b1a13287..8612d9a55a 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -56,12 +56,243 @@ include($phpbb_root_path . 'common.'.$phpEx); include($phpbb_root_path . '/includes/functions_user.'.$phpEx); +// --------- +// FUNCTIONS +// + +// Handles manipulation of user data. Primary used in registration +// and user profile manipulation +class ucp extends user +{ + var $modules = array(); + var $error = array(); + + // Loads a given module (if it isn't already available), instantiates + // a new object, and where appropriate calls the modules init method + function load_module($module_name) + { + if (!class_exists('ucp_' . $module_name)) + { + global $phpbb_root_path, $phpEx; + + require_once($phpbb_root_path . 'includes/ucp/ucp_' . $module_name . '.'.$phpEx); + eval('$this->module = new ucp_' . $module_name . '();'); + + if (method_exists($this->module, 'init')) + { + $this->module->init(); + } + } + } + + // This is replaced by the loaded module + function main($module_id = false) + { + return false; + } + + // This generates the block template variable for outputting the list + // of submodules, should be called with an associative array of modules + // in the form 'LANG_STRING' => 'LINK' + function menu(&$id, &$module_ary, &$selected_module) + { + global $template, $user, $phpEx, $SID, $s_modules; + + foreach ($s_modules as $module_id => $section_data) + { + $template->assign_block_vars('ucp_section', array( + 'L_TITLE' => $section_data['title'], + + 'S_SELECTED'=> $section_data['selected'], + + 'U_TITLE' => $section_data['url']) + ); + + if ($module_id == $id) + { + foreach ($module_ary as $section_title => $module_link) + { + $template->assign_block_vars('ucp_section.ucp_subsection', array( + 'L_TITLE' => $user->lang['UCP_' . $section_title], + + 'S_SELECTED'=> ($section_title == strtoupper($selected_module)) ? true : false, + + 'U_TITLE' => "ucp.$phpEx$SID&$module_link") + ); + } + } + } + + foreach ($module_ary as $section_title => $module_link) + { + $template->assign_block_vars('ucp_subsection', array( + 'L_TITLE' => $user->lang['UCP_' . $section_title], + + 'S_SELECTED'=> ($section_title == strtoupper($selected_module)) ? true : false, + + 'U_TITLE' => "ucp.$phpEx$SID&$module_link") + ); + } + } + + // Displays the appropriate template with the given title + function display(&$page_title, $tpl_name) + { + global $template, $phpEx; + + page_header($page_title); + + $template->set_filenames(array( + 'body' => $tpl_name) + ); + make_jumpbox('viewforum.'.$phpEx); + + page_footer(); + } + + // Normalises supplied data dependant on required type/length, errors + // on incorrect data + function normalise_data(&$data, &$normalise) + { + $valid_data = array(); + foreach ($normalise as $var_type => $var_ary) + { + foreach ($var_ary as $var_name => $var_limits) + { + $var_name = (is_string($var_name)) ? $var_name : $var_limits; + + if (isset($data[$var_name])) + { + switch ($var_type) + { + case 'int': + $valid_data[$var_name] = (int) $data[$var_name]; + break; + + case 'float': + $valid_data[$var_name] = (double) $data[$var_name]; + break; + + case 'bool': + $valid_data[$var_name] = ($data[$var_name] <= 0) ? 0 : 1; + break; + + case 'string': + // Cleanup data, remove excess spaces, run entites + $valid_data[$var_name] = htmlentities(trim(preg_replace('#\s{2,}#s', ' ', strtr((string) $data[$var_name], array_flip(get_html_translation_table(HTML_ENTITIES)))))); + + // How should we check this data? + if (!is_array($var_limits)) + { + // Is the match a string? If it is, process it further, else we'll + // assume it's a maximum length + if (is_string($var_limits)) + { + if (strstr($var_limits, ',')) + { + list($min_value, $max_value) = explode(',', $var_limits); + if (!empty($valid_data[$var_name]) && strlen($valid_data[$var_name]) < $min_value) + { + $this->error[] = strtoupper($var_name) . '_TOO_SHORT'; + } + + if (strlen($valid_data[$var_name]) > $max_value) + { + $this->error[] = strtoupper($var_name) . '_TOO_LONG'; + } + } + } + else + { + if (strlen($valid_data[$var_name]) > $var_limits) + { + $this->error[] = strtoupper($var_name) . '_TOO_LONG'; + } + } + } + break; + } + } + } + } + + return $valid_data; + } + + // Validates data subject to supplied requirements, errors appropriately + function validate_data(&$data, &$validate) + { + global $db, $user, $config; + + foreach ($validate as $operation => $var_ary) + { + foreach ($var_ary as $var_name => $compare) + { + if (!empty($compare)) + { + switch ($operation) + { + case 'match': + if (is_array($compare)) + { + foreach ($compare as $match) + { + if (!preg_match($match, $data[$var_name])) + { + $this->error[] = strtoupper($var_name) . '_WRONG_DATA'; + } + } + } + else if (!preg_match($compare, $data[$var_name])) + { + $this->error[] = strtoupper($var_name) . '_WRONG_DATA'; + } + break; + + case 'compare': + if (is_array($compare)) + { + if (!in_array($data[$var_name], $compare)) + { + $this->error[] = strtoupper($var_name) . '_MISMATCH'; + } + } + else if ($data[$var_name] != $compare) + { + $this->error[] = strtoupper($var_name) . '_MISMATCH'; + } + break; + + case 'function': + if ($result = $compare($data[$var_name])) + { + $this->error[] = $result; + } + + break; + + case 'reqd': + if (!isset($data[$compare]) || (is_string($data[$compare]) && $data[$compare] === '')) + { + $this->error[] = strtoupper($compare) . '_MISSING_DATA'; + } + break; + } + } + } + } + } +} +// +// FUNCTIONS +// --------- + + // Start session management $user->start(); $user->setup(); $auth->acl($user->data); - // Basic parameter data $mode = (!empty($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : ''; $module = (!empty($_REQUEST['i'])) ? intval($_REQUEST['i']) : 1; @@ -76,15 +307,14 @@ switch ($mode) { case 'activate': $ucp->load_module('activate'); - $ucp->module['activate']->main(); + $ucp->module->main(); break; case 'remind': $ucp->load_module('remind'); - $ucp->module['remind']->main(); + $ucp->module->main(); break; - case 'register': if ($user->data['user_id'] != ANONYMOUS) { @@ -92,12 +322,12 @@ switch ($mode) } $ucp->load_module('register'); - $ucp->module['register']->main(); + $ucp->module->main(); break; case 'confirm': $ucp->load_module('confirm'); - $ucp->module['confirm']->main(); + $ucp->module->main(); break; case 'login': @@ -135,11 +365,12 @@ obtain_word_list($censors); // Grab the other enabled UCP modules -$sql = "SELECT module_id, module_title, module_filename - FROM " . UCP_MODULES_TABLE . " - ORDER BY module_order ASC"; +$sql = 'SELECT module_id, module_title, module_filename + FROM ' . UCP_MODULES_TABLE . ' + ORDER BY module_order ASC'; $result = $db->sql_query($sql); +$s_modules = array(); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('ucp_sections', array( @@ -149,7 +380,11 @@ while ($row = $db->sql_fetchrow($result)) 'S_IS_TAB' => ($row['module_id'] == $module) ? true : false) ); - + + $s_modules[$row['module_id']]['title'] = $user->lang['UCP_' . $row['module_title']]; + $s_modules[$row['module_id']]['url'] = "ucp.$phpEx$SID&i=" . $row['module_id']; + $s_modules[$row['module_id']]['selected'] = ($row['module_id'] == $module) ? true : false; + if ($row['module_id'] == $module) { $selected_module = $row['module_filename']; @@ -161,9 +396,7 @@ $db->sql_freeresult($result); if ($selected_module) { $ucp->load_module($selected_module); - $ucp->module[$selected_module]->main($selected_id); + $ucp->module->main($selected_id); } -exit; - ?> \ No newline at end of file