Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
196 Commits
1 Branch
Tree: e857952d21
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e857952d21'
${ noResults }
Gazelle/sections/user/take_edit.php

take_edit.php 14KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423 
  1. <?

  2. authorize();

  3. 

  4. $UserID = $_REQUEST['userid'];

  5. if (!is_number($UserID)) {

  6.   error(404);

  7. }

  8. 

  9. //For this entire page, we should generally be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]

  10. $U = Users::user_info($UserID);

  11. 

  12. if (!$U) {

  13.   error(404);

  14. }

  15. 

  16. $Permissions = Permissions::get_permissions($U['PermissionID']);

  17. if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {

  18.   send_irc('PRIVMSG '.ADMIN_CHAN.' :User '.$LoggedUser['Username'].' ('.site_url().'user.php?id='.$LoggedUser['ID'].') just tried to edit the profile of '.site_url().'user.php?id='.$_REQUEST['userid']);

  19.   error(403);

  20. }

  21. 

  22. $Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet.");

  23. $Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet URL.", array('regex' => '/^'.CSS_REGEX.'$/i'));

  24. // The next two are commented out because the drop-down menus were replaced with a check box and radio buttons

  25. //$Val->SetFields('disablegrouping', 0, "number", "You forgot to select your torrent grouping option.");

  26. //$Val->SetFields('torrentgrouping', 0, "number", "You forgot to select your torrent grouping option.");

  27. $Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100)));

  28. //$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1));

  29. $Val->SetFields('collagecovers', 1, "number", "You forgot to select your collage option.");

  30. $Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", array('regex' => "/^".IMAGE_REGEX."$/i"));

  31. $Val->SetFields('email', 1, "email", "You did not enter a valid email address.");

  32. $Val->SetFields('twofa', 0, "regex", "You did not enter a valid 2FA verification code.", array('regex' => '/^[0-9]{6}$/'));

  33. $Val->SetFields('irckey', 0, "string", "You did not enter a valid IRC key. An IRC key must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32));

  34. $Val->SetFields('new_pass_1', 0, "regex", "You did not enter a valid password. A valid password is 6 characters or longer.", array('regex' => '/(?=^.{6,}$).*$/'));

  35. $Val->SetFields('new_pass_2', 1, "compare", "Your passwords do not match.", array('comparefield' => 'new_pass_1'));

  36. if (check_perms('site_advanced_search')) {

  37.   $Val->SetFields('searchtype', 1, "number", "You forgot to select your default search preference.", array('minlength' => 0, 'maxlength' => 1));

  38. }

  39. 

  40. $Err = $Val->ValidateForm($_POST);

  41. 

  42. if (!apc_exists('DBKEY')) {

  43.   $Err = "Cannot edit profile until database fully decrypted.";

  44. }

  45. 

  46. if ($Err) {

  47.   error($Err);

  48.   header("Location: user.php?action=edit&userid=$UserID");

  49.   die();

  50. }

  51. 

  52. // Begin building $Paranoia

  53. // Reduce the user's input paranoia until it becomes consistent

  54. if (isset($_POST['p_uniquegroups_l'])) {

  55.   $_POST['p_uploads_l'] = 'on';

  56.   $_POST['p_uploads_c'] = 'on';

  57. }

  58. 

  59. if (isset($_POST['p_uploads_l'])) {

  60.   $_POST['p_uniquegroups_l'] = 'on';

  61.   $_POST['p_uniquegroups_c'] = 'on';

  62.   $_POST['p_perfectflacs_l'] = 'on';

  63.   $_POST['p_perfectflacs_c'] = 'on';

  64.   $_POST['p_artistsadded'] = 'on';

  65. }

  66. 

  67. if (isset($_POST['p_collagecontribs_l'])) {

  68.   $_POST['p_collages_l'] = 'on';

  69.   $_POST['p_collages_c'] = 'on';

  70. }

  71. 

  72. if (isset($_POST['p_snatched_c']) && isset($_POST['p_seeding_c']) && isset($_POST['p_downloaded'])) {

  73.   $_POST['p_requiredratio'] = 'on';

  74. }

  75. 

  76. // if showing exactly 2 of stats, show all 3 of stats

  77. $StatsShown = 0;

  78. $Stats = array('downloaded', 'uploaded', 'ratio');

  79. foreach ($Stats as $S) {

  80.   if (isset($_POST["p_$S"])) {

  81.     $StatsShown++;

  82.   }

  83. }

  84. 

  85. if ($StatsShown == 2) {

  86.   foreach ($Stats as $S) {

  87.     $_POST["p_$S"] = 'on';

  88.   }

  89. }

  90. 

  91. $Paranoia = array();

  92. $Checkboxes = array('downloaded', 'uploaded', 'ratio', 'lastseen', 'requiredratio', 'invitedcount', 'artistsadded', 'notifications');

  93. foreach ($Checkboxes as $C) {

  94.   if (!isset($_POST["p_$C"])) {

  95.     $Paranoia[] = $C;

  96.   }

  97. }

  98. 

  99. $SimpleSelects = array('torrentcomments', 'collages', 'collagecontribs', 'uploads', 'uniquegroups', 'perfectflacs', 'seeding', 'leeching', 'snatched');

  100. foreach ($SimpleSelects as $S) {

  101.   if (!isset($_POST["p_$S".'_c']) && !isset($_POST["p_$S".'_l'])) {

  102.     // Very paranoid - don't show count or list

  103.     $Paranoia[] = "$S+";

  104.   } elseif (!isset($_POST["p_$S".'_l'])) {

  105.     // A little paranoid - show count, don't show list

  106.     $Paranoia[] = $S;

  107.   }

  108. }

  109. 

  110. $Bounties = array('requestsfilled', 'requestsvoted');

  111. foreach ($Bounties as $B) {

  112.   if (isset($_POST["p_$B".'_list'])) {

  113.     $_POST["p_$B".'_count'] = 'on';

  114.     $_POST["p_$B".'_bounty'] = 'on';

  115.   }

  116.   if (!isset($_POST["p_$B".'_list'])) {

  117.     $Paranoia[] = $B.'_list';

  118.   }

  119.   if (!isset($_POST["p_$B".'_count'])) {

  120.     $Paranoia[] = $B.'_count';

  121.   }

  122.   if (!isset($_POST["p_$B".'_bounty'])) {

  123.     $Paranoia[] = $B.'_bounty';

  124.   }

  125. }

  126. 

  127. if (!isset($_POST['p_donor_heart'])) {

  128.   $Paranoia[] = 'hide_donor_heart';

  129. }

  130. 

  131. if (isset($_POST['p_donor_stats'])) {

  132.   Donations::show_stats($UserID);

  133. } else {

  134.   Donations::hide_stats($UserID);

  135. }

  136. 

  137. // End building $Paranoia

  138. 

  139. 

  140. // Email change

  141. $DB->query("

  142.   SELECT Email

  143.   FROM users_main

  144.   WHERE ID = $UserID");

  145. list($CurEmail) = $DB->next_record();

  146. $CurEmail = DBCrypt::decrypt($CurEmail);

  147. if ($CurEmail != $_POST['email']) {

  148.   if (!check_perms('users_edit_profiles')) { // Non-admins have to authenticate to change email

  149.     $DB->query("

  150.       SELECT PassHash

  151.       FROM users_main

  152.       WHERE ID = '".db_string($UserID)."'");

  153.     list($PassHash)=$DB->next_record();

  154.     if (!Users::check_password($_POST['cur_pass'], $PassHash)) {

  155.       $Err = 'You did not enter the correct password.';

  156.     }

  157.   }

  158.   if (!$Err) {

  159.     $NewEmail = db_string($_POST['email']);

  160. 

  161. 

  162.     //This piece of code will update the time of their last email change to the current time *not* the current change.

  163.     $ChangerIP = db_string($LoggedUser['IP']);

  164.     $DB->query("

  165.       UPDATE users_history_emails

  166.       SET Time = '".sqltime()."'

  167.       WHERE UserID = '$UserID'

  168.         AND Time IS NULL");

  169.     $DB->query("

  170.       INSERT INTO users_history_emails

  171.         (UserID, Email, Time, IP)

  172.       VALUES

  173.         ('$UserID', '".DBCrypt::encrypt($NewEmail)."', NULL, '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."')");

  174. 

  175.   } else {

  176.     error($Err);

  177.     header("Location: user.php?action=edit&userid=$UserID");

  178.     die();

  179.   }

  180. }

  181. //End email change

  182. 

  183. //2FA activation

  184. if (!empty($_POST['twofa'])) {

  185.   $DB->query("

  186.     SELECT TwoFactor, PassHash

  187.     FROM users_main

  188.     WHERE ID = $UserID");

  189.   list($TwoFactor, $PassHash) = $DB->next_record();

  190.   if (empty($TwoFactor)) {

  191.     if (!Users::check_password($_POST['cur_pass'], $PassHash)) {

  192.       error('You did not enter the correct password.');

  193.       header("Location: user.php?action=edit&userid=$UserID");

  194.       die();

  195.     }

  196.     require_once SERVER_ROOT.'/classes/twofa.class.php';

  197.     $TwoFA = new TwoFactorAuth(SITE_NAME);

  198.     if ($TwoFA->verifyCode($_POST['twofasecret'], $_POST['twofa'])) {

  199.       $DB->query("

  200.         UPDATE users_main

  201.         SET TwoFactor='".db_string($_POST['twofasecret'])."'

  202.         WHERE ID = $UserID");

  203.     } else {

  204.       error('Invalid 2FA verification code.');

  205.       header("Location: user.php?action=edit&userid=$UserID");

  206.       die();

  207.     }

  208.   }

  209. }

  210. //End 2FA

  211. 

  212. if (!$Err && ($_POST['cur_pass'] || $_POST['new_pass_1'] || $_POST['new_pass_2'])) {

  213.   $DB->query("

  214.     SELECT PassHash

  215.     FROM users_main

  216.     WHERE ID = '".db_string($UserID)."'");

  217.   list($PassHash) = $DB->next_record();

  218. 

  219.   if (Users::check_password($_POST['cur_pass'], $PassHash)) {

  220.     if ($_POST['new_pass_1'] && $_POST['new_pass_2']) {

  221.       $ResetPassword = true;

  222.     }

  223.   } else {

  224.     $Err = 'You did not enter the correct password.';

  225.   }

  226. }

  227. 

  228. if ($LoggedUser['DisableAvatar'] && $_POST['avatar'] != $U['Avatar']) {

  229.   $Err = 'Your avatar privileges have been revoked.';

  230. }

  231. 

  232. if ($Err) {

  233.   error($Err);

  234.   header("Location: user.php?action=edit&userid=$UserID");

  235.   die();

  236. }

  237. 

  238. if (!empty($LoggedUser['DefaultSearch'])) {

  239.   $Options['DefaultSearch'] = $LoggedUser['DefaultSearch'];

  240. }

  241. $Options['DisableGrouping2']    = (!empty($_POST['disablegrouping']) ? 0 : 1);

  242. $Options['TorrentGrouping']     = (!empty($_POST['torrentgrouping']) ? 1 : 0);

  243. $Options['PostsPerPage']        = (int)$_POST['postsperpage'];

  244. $Options['CollageCovers']       = (empty($_POST['collagecovers']) ? 0 : $_POST['collagecovers']);

  245. $Options['ShowTorFilter']       = (empty($_POST['showtfilter']) ? 0 : 1);

  246. $Options['ShowTags']            = (!empty($_POST['showtags']) ? 1 : 0);

  247. $Options['AutoSubscribe']       = (!empty($_POST['autosubscribe']) ? 1 : 0);

  248. $Options['DisableSmileys']      = (!empty($_POST['disablesmileys']) ? 1 : 0);

  249. $Options['AutoloadCommStats']   = (check_perms('users_mod') && !empty($_POST['autoload_comm_stats']) ? 1 : 0);

  250. $Options['DisableAvatars']      = db_string($_POST['disableavatars']);

  251. $Options['Identicons']          = (!empty($_POST['identicons']) ? (int)$_POST['identicons'] : 0);

  252. $Options['DisablePMAvatars']    = (!empty($_POST['disablepmavatars']) ? 1 : 0);

  253. $Options['NotifyOnQuote']       = (!empty($_POST['notifications_Quotes_popup']) ? 1 : 0);

  254. $Options['ListUnreadPMsFirst']  = (!empty($_POST['list_unread_pms_first']) ? 1 : 0);

  255. $Options['ShowSnatched']        = (!empty($_POST['showsnatched']) ? 1 : 0);

  256. $Options['DisableAutoSave']     = (!empty($_POST['disableautosave']) ? 1 : 0);

  257. $Options['NoVoteLinks']         = (!empty($_POST['novotelinks']) ? 1 : 0);

  258. $Options['CoverArt']            = (int)!empty($_POST['coverart']);

  259. $Options['ShowExtraCovers']     = (int)!empty($_POST['show_extra_covers']);

  260. $Options['HideLolicon']         = (int)!empty($_POST['hide_lolicon']);

  261. $Options['HideScat']            = (int)!empty($_POST['hide_scat']);

  262. $Options['HideSnuff']           = (int)!empty($_POST['hide_snuff']);

  263. $Options['AutoComplete']        = (int)$_POST['autocomplete'];

  264. $Options['StyleAdditions']      = $_POST['style_additions'] ?? [];

  265. 

  266. if (isset($LoggedUser['DisableFreeTorrentTop10'])) {

  267.   $Options['DisableFreeTorrentTop10'] = $LoggedUser['DisableFreeTorrentTop10'];

  268. }

  269. 

  270. if (!empty($_POST['sorthide'])) {

  271.   $JSON = json_decode($_POST['sorthide']);

  272.   foreach ($JSON as $J) {

  273.     $E = explode('_', $J);

  274.     $Options['SortHide'][$E[0]] = $E[1];

  275.   }

  276. } else {

  277.   $Options['SortHide'] = array();

  278. }

  279. 

  280. if (check_perms('site_advanced_search')) {

  281.   $Options['SearchType'] = $_POST['searchtype'];

  282. } else {

  283.   unset($Options['SearchType']);

  284. }

  285. 

  286. //TODO: Remove the following after a significant amount of time

  287. unset($Options['ArtistNoRedirect']);

  288. unset($Options['ShowQueryList']);

  289. unset($Options['ShowCacheList']);

  290. 

  291. $DownloadAlt = isset($_POST['downloadalt']) ? 1 : 0;

  292. $UnseededAlerts = isset($_POST['unseededalerts']) ? 1 : 0;

  293. 

  294. Donations::update_rewards($UserID);

  295. NotificationsManager::save_settings($UserID);

  296. 

  297. // Begin Badge settings

  298. if (!empty($_POST['badges'])) {

  299.   $BadgeIDs = array_slice($_POST['badges'], 0, 5);

  300. } else {

  301.   $BadgeIDs = array();

  302. }

  303. 

  304. $BadgesChanged = false;

  305. $NewBadges = array();

  306. if ($Cache->get_value('user_badges_'.$UserID)) {

  307.   $Badges = $Cache->get_value('user_badges_'.$UserID);

  308.   foreach ($Badges as $Badge) {

  309.     if (in_array($Badge['BadgeID'], $BadgeIDs)) { // Is the current badge in the list of badges the user wants to display?

  310.       $Displayed = true;

  311.       $DisplayedBadgeIDs[] = $Badge['BadgeID'];

  312.       if ($Badge['Displayed'] == 0) { // The user wants to display a badge that wasn't displayed before

  313.         $BadgesChanged = true;

  314.       }

  315.     } else { // The user no longer wants to display a badge that was displayed before

  316.       $Displayed = false;

  317.       $BadgesChanged = true;

  318.     }

  319.     $NewBadges[] = array('BadgeID' => $Badge['BadgeID'], 'Displayed' => $Displayed?'1':'0');

  320. 

  321.   }

  322. } else {

  323.   $BadgesChanged = true;

  324. }

  325. if ($BadgesChanged) {

  326.   $Cache->cache_value('user_badges_'.$UserID, $NewBadges);

  327. }

  328. // End Badge settings

  329. 

  330. // Information on how the user likes to download torrents is stored in cache

  331. if ($DownloadAlt != $LoggedUser['DownloadAlt']) {

  332.   $Cache->delete_value('user_'.$LoggedUser['torrent_pass']);

  333. }

  334. 

  335. $Cache->begin_transaction("user_info_$UserID");

  336. $Cache->update_row(false, array(

  337.     'Avatar' => display_str($_POST['avatar']),

  338.     'Paranoia' => $Paranoia

  339. ));

  340. $Cache->commit_transaction(0);

  341. 

  342. $Cache->begin_transaction("user_info_heavy_$UserID");

  343. $Cache->update_row(false, array(

  344.     'StyleID' => $_POST['stylesheet'],

  345.     'StyleURL' => display_str($_POST['styleurl']),

  346.     'DownloadAlt' => $DownloadAlt

  347.     ));

  348. $Cache->update_row(false, $Options);

  349. $Cache->commit_transaction(0);

  350. 

  351. 

  352. $SQL = "

  353.   UPDATE users_main AS m

  354.     JOIN users_info AS i ON m.ID = i.UserID

  355.   SET

  356.     i.StyleID = '".db_string($_POST['stylesheet'])."',

  357.     i.StyleURL = '".db_string($_POST['styleurl'])."',

  358.     i.Avatar = '".db_string($_POST['avatar'])."',

  359.     i.SiteOptions = '".db_string(json_encode($Options))."',

  360.     i.NotifyOnQuote = '".db_string($Options['NotifyOnQuote'])."',

  361.     i.Info = '".db_string($_POST['info'])."',

  362.     i.InfoTitle = '".db_string($_POST['profile_title'])."',

  363.     i.DownloadAlt = '$DownloadAlt',

  364.     i.UnseededAlerts = '$UnseededAlerts',

  365.     m.Email = '".DBCrypt::encrypt($_POST['email'])."',

  366.     m.IRCKey = '".db_string($_POST['irckey'])."',

  367.     m.Paranoia = '".db_string(json_encode($Paranoia))."'";

  368. 

  369. if ($ResetPassword) {

  370.   $ChangerIP = db_string(DBCrypt::encrypt($LoggedUser['IP']));

  371.   $PassHash = Users::make_sec_hash($_POST['new_pass_1']);

  372.   $SQL.= ",m.PassHash = '".db_string($PassHash)."'";

  373.   $DB->query("

  374.     INSERT INTO users_history_passwords

  375.       (UserID, ChangerIP, ChangeTime)

  376.     VALUES

  377.       ('$UserID', '$ChangerIP', '".sqltime()."')");

  378. }

  379. 

  380. if (isset($_POST['resetpasskey'])) {

  381. 

  382.   $UserInfo = Users::user_heavy_info($UserID);

  383.   $OldPassKey = db_string($UserInfo['torrent_pass']);

  384.   $NewPassKey = db_string(Users::make_secret());

  385.   $ChangerIP = db_string(DBCrypt::encrypt($LoggedUser['IP']));

  386.   $SQL .= ",m.torrent_pass = '$NewPassKey'";

  387.   $DB->query("

  388.     INSERT INTO users_history_passkeys

  389.       (UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)

  390.     VALUES

  391.       ('$UserID', '$OldPassKey', '$NewPassKey', '$ChangerIP', '".sqltime()."')");

  392.   $Cache->begin_transaction("user_info_heavy_$UserID");

  393.   $Cache->update_row(false, array('torrent_pass' => $NewPassKey));

  394.   $Cache->commit_transaction(0);

  395.   $Cache->delete_value("user_$OldPassKey");

  396. 

  397.   Tracker::update_tracker('change_passkey', array('oldpasskey' => $OldPassKey, 'newpasskey' => $NewPassKey));

  398. }

  399. 

  400. $SQL .= "WHERE m.ID = '".db_string($UserID)."'";

  401. $DB->query($SQL);

  402. 

  403. if ($BadgesChanged) {

  404.   $DB->query("

  405.     UPDATE users_badges

  406.     SET Displayed = 0

  407.     WHERE UserID = $UserID");

  408.   if (!empty($BadgeIDs)) {

  409.     $DB->query("

  410.       UPDATE users_badges

  411.       SET Displayed = 1

  412.       WHERE UserID = $UserID

  413.         AND BadgeID IN (".db_string(implode(',', $BadgeIDs)).")");

  414.   }

  415. }

  416. 

  417. if ($ResetPassword) {

  418.   logout_all_sessions();

  419. }

  420. 

  421. header("Location: user.php?action=edit&userid=$UserID");

  422. 

  423. ?>