Home Explore Help
Register Sign In
Oppaitime
/
Gazelle
Watch 9
Star 11
Fork 18
Code Issues 21 Pull Requests 7 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
407 Commits
1 Branch
Tree: 53e3dca294
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '53e3dca294'
${ noResults }
Gazelle/sections/user/take_edit.php

take_edit.php 12KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362 
  1. <?

  2. authorize();

  3. 

  4. $UserID = $_REQUEST['userid'];

  5. if (!is_number($UserID)) {

  6.   error(404);

  7. }

  8. 

  9. //For this entire page, we should generally be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]

  10. $U = Users::user_info($UserID);

  11. 

  12. if (!$U) {

  13.   error(404);

  14. }

  15. 

  16. $Permissions = Permissions::get_permissions($U['PermissionID']);

  17. if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {

  18.   send_irc('PRIVMSG '.ADMIN_CHAN.' :User '.$LoggedUser['Username'].' ('.site_url().'user.php?id='.$LoggedUser['ID'].') just tried to edit the profile of '.site_url().'user.php?id='.$_REQUEST['userid']);

  19.   error(403);

  20. }

  21. 

  22. $Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet.");

  23. $Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet URL.", ['regex' => '/^'.CSS_REGEX.'$/i']);

  24. // The next two are commented out because the drop-down menus were replaced with a check box and radio buttons

  25. //$Val->SetFields('disablegrouping', 0, "number", "You forgot to select your torrent grouping option.");

  26. //$Val->SetFields('torrentgrouping', 0, "number", "You forgot to select your torrent grouping option.");

  27. $Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", ['inarray' => [25, 50, 100]]);

  28. //$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", ['minlength' => 0, 'maxlength' => 1]);

  29. $Val->SetFields('collagecovers', 1, "number", "You forgot to select your collage option.");

  30. $Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", ['regex' => "/^".IMAGE_REGEX."$/i"]);

  31. $Val->SetFields('email', 1, "email", "You did not enter a valid email address.");

  32. $Val->SetFields('irckey', 0, "string", "You did not enter a valid IRC key. An IRC key must be between 6 and 32 characters long.", ['minlength' => 6, 'maxlength' => 32]);

  33. $Val->SetFields('new_pass_1', 0, "regex", "You did not enter a valid password. A valid password is 6 characters or longer.", ['regex' => '/(?=^.{6,}$).*$/']);

  34. $Val->SetFields('new_pass_2', 1, "compare", "Your passwords do not match.", ['comparefield' => 'new_pass_1']);

  35. if (check_perms('site_advanced_search')) {

  36.   $Val->SetFields('searchtype', 1, "number", "You forgot to select your default search preference.", ['minlength' => 0, 'maxlength' => 1]);

  37. }

  38. 

  39. $ValErr = $Val->ValidateForm($_POST);

  40. if ($ValErr) {

  41.   error($ValErr);

  42. }

  43. 

  44. if (!apcu_exists('DBKEY')) {

  45.   error("Cannot edit profile until database fully decrypted");

  46. }

  47. 

  48. // Begin building $Paranoia

  49. // Reduce the user's input paranoia until it becomes consistent

  50. if (isset($_POST['p_uniquegroups_l'])) {

  51.   $_POST['p_uploads_l'] = 'on';

  52.   $_POST['p_uploads_c'] = 'on';

  53. }

  54. 

  55. if (isset($_POST['p_uploads_l'])) {

  56.   $_POST['p_uniquegroups_l'] = 'on';

  57.   $_POST['p_uniquegroups_c'] = 'on';

  58.   $_POST['p_perfectflacs_l'] = 'on';

  59.   $_POST['p_perfectflacs_c'] = 'on';

  60.   $_POST['p_artistsadded'] = 'on';

  61. }

  62. 

  63. if (isset($_POST['p_collagecontribs_l'])) {

  64.   $_POST['p_collages_l'] = 'on';

  65.   $_POST['p_collages_c'] = 'on';

  66. }

  67. 

  68. if (isset($_POST['p_snatched_c']) && isset($_POST['p_seeding_c']) && isset($_POST['p_downloaded'])) {

  69.   $_POST['p_requiredratio'] = 'on';

  70. }

  71. 

  72. // if showing exactly 2 of stats, show all 3 of stats

  73. $StatsShown = 0;

  74. $Stats = ['downloaded', 'uploaded', 'ratio'];

  75. foreach ($Stats as $S) {

  76.   if (isset($_POST["p_$S"])) {

  77.     $StatsShown++;

  78.   }

  79. }

  80. 

  81. if ($StatsShown == 2) {

  82.   foreach ($Stats as $S) {

  83.     $_POST["p_$S"] = 'on';

  84.   }

  85. }

  86. 

  87. $Paranoia = [];

  88. $Checkboxes = ['downloaded', 'uploaded', 'ratio', 'lastseen', 'requiredratio', 'invitedcount', 'artistsadded', 'notifications'];

  89. foreach ($Checkboxes as $C) {

  90.   if (!isset($_POST["p_$C"])) {

  91.     $Paranoia[] = $C;

  92.   }

  93. }

  94. 

  95. $SimpleSelects = ['torrentcomments', 'collages', 'collagecontribs', 'uploads', 'uniquegroups', 'perfectflacs', 'seeding', 'leeching', 'snatched'];

  96. foreach ($SimpleSelects as $S) {

  97.   if (!isset($_POST["p_$S".'_c']) && !isset($_POST["p_$S".'_l'])) {

  98.     // Very paranoid - don't show count or list

  99.     $Paranoia[] = "$S+";

  100.   } elseif (!isset($_POST["p_$S".'_l'])) {

  101.     // A little paranoid - show count, don't show list

  102.     $Paranoia[] = $S;

  103.   }

  104. }

  105. 

  106. $Bounties = ['requestsfilled', 'requestsvoted'];

  107. foreach ($Bounties as $B) {

  108.   if (isset($_POST["p_$B".'_list'])) {

  109.     $_POST["p_$B".'_count'] = 'on';

  110.     $_POST["p_$B".'_bounty'] = 'on';

  111.   }

  112.   if (!isset($_POST["p_$B".'_list'])) {

  113.     $Paranoia[] = $B.'_list';

  114.   }

  115.   if (!isset($_POST["p_$B".'_count'])) {

  116.     $Paranoia[] = $B.'_count';

  117.   }

  118.   if (!isset($_POST["p_$B".'_bounty'])) {

  119.     $Paranoia[] = $B.'_bounty';

  120.   }

  121. }

  122. 

  123. if (!isset($_POST['p_donor_heart'])) {

  124.   $Paranoia[] = 'hide_donor_heart';

  125. }

  126. 

  127. if (isset($_POST['p_donor_stats'])) {

  128.   Donations::show_stats($UserID);

  129. } else {

  130.   Donations::hide_stats($UserID);

  131. }

  132. 

  133. // End building $Paranoia

  134. 

  135. $DB->query("

  136.   SELECT Email, PassHash, IRCKey

  137.   FROM users_main

  138.   WHERE ID = ?", $UserID);

  139. list($CurEmail, $CurPassHash, $CurIRCKey) = $DB->next_record();

  140. 

  141. function require_password($Setting = false) {

  142.   global $CurPassHash;

  143.   if (empty($_POST['cur_pass'])) {

  144.     error('A setting you changed requires you to enter your current password'.($Setting ? ' (Setting: '.$Setting.')' : ''));

  145.   }

  146.   if (!Users::check_password($_POST['cur_pass'], $CurPassHash)) {

  147.     error('The password you entered was incorrect'.($Setting ? ' (Required by setting: '.$Setting.')' : ''));

  148.   }

  149. }

  150. 

  151. // Email change

  152. $CurEmail = Crypto::decrypt($CurEmail);

  153. if ($CurEmail != $_POST['email']) {

  154. 

  155.   // Non-admins have to authenticate to change email

  156.   if (!check_perms('users_edit_profiles')) {

  157.     require_password("Change Email");

  158.   }

  159. 

  160.   // Update the time of their last email change to the current time *not* the current change.

  161.   $DB->query("

  162.     UPDATE users_history_emails

  163.     SET Time = NOW()

  164.     WHERE UserID = ?

  165.       AND Time IS NULL", $UserID);

  166.   $DB->query("

  167.     INSERT INTO users_history_emails

  168.       (UserID, Email, Time, IP)

  169.     VALUES

  170.       (?, ?, NULL, ?)", $UserID, Crypto::encrypt($_POST['email']), Crypto::encrypt($_SERVER['REMOTE_ADDR']));

  171. 

  172. }

  173. 

  174. if (!empty($_POST['new_pass_1']) && !empty($_POST['new_pass_2'])) {

  175.   require_password("Change Password");

  176.   $ResetPassword = true;

  177. }

  178. 

  179. if ($CurIRCKey != $_POST['irckey']) {

  180.   require_password("Change IRC Key");

  181. }

  182. 

  183. if (isset($_POST['resetpasskey'])) {

  184.   require_password("Reset Passkey");

  185. }

  186. 

  187. if ($LoggedUser['DisableAvatar'] && $_POST['avatar'] != $U['Avatar']) {

  188.   error('Your avatar privileges have been revoked.');

  189. }

  190. 

  191. if (!empty($LoggedUser['DefaultSearch'])) {

  192.   $Options['DefaultSearch'] = $LoggedUser['DefaultSearch'];

  193. }

  194. $Options['DisableGrouping2']    = (!empty($_POST['disablegrouping']) ? 0 : 1);

  195. $Options['TorrentGrouping']     = (!empty($_POST['torrentgrouping']) ? 1 : 0);

  196. $Options['PostsPerPage']        = (int)$_POST['postsperpage'];

  197. $Options['CollageCovers']       = (empty($_POST['collagecovers']) ? 0 : $_POST['collagecovers']);

  198. $Options['ShowTorFilter']       = (empty($_POST['showtfilter']) ? 0 : 1);

  199. $Options['ShowTags']            = (!empty($_POST['showtags']) ? 1 : 0);

  200. $Options['AutoSubscribe']       = (!empty($_POST['autosubscribe']) ? 1 : 0);

  201. $Options['DisableSmileys']      = (!empty($_POST['disablesmileys']) ? 1 : 0);

  202. $Options['AutoloadCommStats']   = (check_perms('users_mod') && !empty($_POST['autoload_comm_stats']) ? 1 : 0);

  203. $Options['DisableAvatars']      = db_string($_POST['disableavatars']);

  204. $Options['Identicons']          = (!empty($_POST['identicons']) ? (int)$_POST['identicons'] : 0);

  205. $Options['DisablePMAvatars']    = (!empty($_POST['disablepmavatars']) ? 1 : 0);

  206. $Options['NotifyOnQuote']       = (!empty($_POST['notifications_Quotes_popup']) ? 1 : 0);

  207. $Options['ListUnreadPMsFirst']  = (!empty($_POST['list_unread_pms_first']) ? 1 : 0);

  208. $Options['ShowSnatched']        = (!empty($_POST['showsnatched']) ? 1 : 0);

  209. $Options['ShowMagnets']         = (!empty($_POST['showmagnets']) ? 1 : 0);

  210. $Options['DisableAutoSave']     = (!empty($_POST['disableautosave']) ? 1 : 0);

  211. $Options['CoverArt']            = (int)!empty($_POST['coverart']);

  212. $Options['ShowExtraCovers']     = (int)!empty($_POST['show_extra_covers']);

  213. $Options['HideLolicon']         = (int)!empty($_POST['hide_lolicon']);

  214. $Options['HideScat']            = (int)!empty($_POST['hide_scat']);

  215. $Options['HideSnuff']           = (int)!empty($_POST['hide_snuff']);

  216. $Options['AutoComplete']        = (int)$_POST['autocomplete'];

  217. $Options['StyleAdditions']      = $_POST['style_additions'] ?? [];

  218. 

  219. if (isset($LoggedUser['DisableFreeTorrentTop10'])) {

  220.   $Options['DisableFreeTorrentTop10'] = $LoggedUser['DisableFreeTorrentTop10'];

  221. }

  222. 

  223. if (!empty($_POST['sorthide'])) {

  224.   $JSON = json_decode($_POST['sorthide']);

  225.   foreach ($JSON as $J) {

  226.     $E = explode('_', $J);

  227.     $Options['SortHide'][$E[0]] = $E[1];

  228.   }

  229. } else {

  230.   $Options['SortHide'] = [];

  231. }

  232. 

  233. if (check_perms('site_advanced_search')) {

  234.   $Options['SearchType'] = $_POST['searchtype'];

  235. } else {

  236.   unset($Options['SearchType']);

  237. }

  238. 

  239. //TODO: Remove the following after a significant amount of time

  240. unset($Options['ArtistNoRedirect']);

  241. unset($Options['ShowQueryList']);

  242. unset($Options['ShowCacheList']);

  243. 

  244. $UnseededAlerts = isset($_POST['unseededalerts']) ? 1 : 0;

  245. 

  246. Donations::update_rewards($UserID);

  247. NotificationsManager::save_settings($UserID);

  248. 

  249. // Begin Badge settings

  250. if (!empty($_POST['badges'])) {

  251.   $BadgeIDs = array_slice($_POST['badges'], 0, 5);

  252. } else {

  253.   $BadgeIDs = [];

  254. }

  255. 

  256. $NewBadges = [];

  257. $BadgesChanged = false;

  258. $Badges = Users::user_info($UserID)['Badges'];

  259. foreach ($Badges as $BadgeID => $OldDisplayed) {

  260.   if (in_array($BadgeID, $BadgeIDs)) { // Is the current badge in the list of badges the user wants to display?

  261.     $Displayed = true;

  262.     $DisplayedBadgeIDs[] = $BadgeID;

  263.     if ($OldDisplayed == 0) { // The user wants to display a badge that wasn't displayed before

  264.       $BadgesChanged = true;

  265.     }

  266.   } else { // The user no longer wants to display a badge that was displayed before

  267.     $Displayed = false;

  268.     $BadgesChanged = true;

  269.   }

  270.   $NewBadges[$BadgeID] = $Displayed?'1':'0';

  271. }

  272. // End Badge settings

  273. 

  274. $Cache->begin_transaction("user_info_$UserID");

  275. $Cache->update_row(false, [

  276.   'Avatar' => display_str($_POST['avatar']),

  277. 	'Paranoia' => $Paranoia,

  278. 	'Badges' => $NewBadges

  279. ]);

  280. $Cache->commit_transaction(0);

  281. 

  282. $Cache->begin_transaction("user_info_heavy_$UserID");

  283. $Cache->update_row(false, [

  284.   'StyleID' => $_POST['stylesheet'],

  285.   'StyleURL' => display_str($_POST['styleurl'])

  286. ]);

  287. $Cache->update_row(false, $Options);

  288. $Cache->commit_transaction(0);

  289. 

  290. 

  291. $SQL = "

  292.   UPDATE users_main AS m

  293.     JOIN users_info AS i ON m.ID = i.UserID

  294.   SET

  295.     i.StyleID = '".db_string($_POST['stylesheet'])."',

  296.     i.StyleURL = '".db_string($_POST['styleurl'])."',

  297.     i.Avatar = '".db_string($_POST['avatar'])."',

  298.     i.SiteOptions = '".db_string(json_encode($Options))."',

  299.     i.NotifyOnQuote = '".db_string($Options['NotifyOnQuote'])."',

  300.     i.Info = '".db_string($_POST['info'])."',

  301.     i.InfoTitle = '".db_string($_POST['profile_title'])."',

  302.     i.UnseededAlerts = '$UnseededAlerts',

  303.     m.Email = '".Crypto::encrypt($_POST['email'])."',

  304.     m.IRCKey = '".db_string($_POST['irckey'])."',

  305.     m.Paranoia = '".db_string(json_encode($Paranoia))."'";

  306. 

  307. if ($ResetPassword) {

  308.   $ChangerIP = Crypto::encrypt($LoggedUser['IP']);

  309.   $PassHash = Users::make_sec_hash($_POST['new_pass_1']);

  310.   $SQL.= ",m.PassHash = '".db_string($PassHash)."'";

  311.   $DB->query("

  312.     INSERT INTO users_history_passwords

  313.       (UserID, ChangerIP, ChangeTime)

  314.     VALUES

  315.       (?, ?, NOW())", $UserID, $ChangerIP);

  316. }

  317. 

  318. if (isset($_POST['resetpasskey'])) {

  319. 

  320.   $UserInfo = Users::user_heavy_info($UserID);

  321.   $OldPassKey = $UserInfo['torrent_pass'];

  322.   $NewPassKey = Users::make_secret();

  323.   $ChangerIP = Crypto::encrypt($LoggedUser['IP']);

  324.   $SQL .= ",m.torrent_pass = '$NewPassKey'";

  325.   $DB->query("

  326.     INSERT INTO users_history_passkeys

  327.       (UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)

  328.     VALUES

  329.       (?, ?, ?, ?, NOW())",

  330.       $USerID, $OldPassKey, $NewPassKey, $ChangerIP);

  331.   $Cache->begin_transaction("user_info_heavy_$UserID");

  332.   $Cache->update_row(false, ['torrent_pass' => $NewPassKey]);

  333.   $Cache->commit_transaction(0);

  334.   $Cache->delete_value("user_$OldPassKey");

  335. 

  336.   Tracker::update_tracker('change_passkey', ['oldpasskey' => $OldPassKey, 'newpasskey' => $NewPassKey]);

  337. }

  338. 

  339. $SQL .= "WHERE m.ID = '".db_string($UserID)."'";

  340. $DB->query($SQL);

  341. 

  342. if ($BadgesChanged) {

  343.   $DB->query("

  344.     UPDATE users_badges

  345.     SET Displayed = 0

  346.     WHERE UserID = ?", $UserID);

  347.   if (!empty($BadgeIDs)) {

  348.     $DB->query("

  349.       UPDATE users_badges

  350.       SET Displayed = 1

  351.       WHERE UserID = $UserID

  352.         AND BadgeID IN (".db_string(implode(',', $BadgeIDs)).")");

  353.   }

  354. }

  355. 

  356. if ($ResetPassword) {

  357.   logout_all_sessions();

  358. }

  359. 

  360. header("Location: user.php?action=edit&userid=$UserID");

  361. 

  362. ?>