mirror of
https://github.com/torrentpier/torrentpier
synced 2025-08-14 10:37:30 -07:00
r555
Фикс http://torrentpier.me/threads/10876/ + удаление возможности загрузки аватарки по удаленной ссылке и/или использования ссылки (удаленной картинки) в качестве аватарки, из-за обнаруженной уязвимости в механизме валидации передаваемых данных, что в теории может привести к взлому трекера, путем загрузки модифицированного изображения, содержащего вредоносный код. git-svn-id: https://torrentpier2.googlecode.com/svn/trunk@555 a8ac35ab-4ca4-ca47-4c2d-a49a94f06293
This commit is contained in:
glix08@gmail.com
parent
7d06262c20
commit
c6499545af
14 changed files with 85 additions and 237 deletions
|
|
@ -30,7 +30,6 @@
|
|||
- images/ranks
|
||||
- images/smiles
|
||||
- log
|
||||
- pictures
|
||||
- triggers
|
||||
|
||||
************************************
|
||||
|
|
|
|||
|
|
@ -542,7 +542,6 @@ CREATE TABLE IF NOT EXISTS `bb_config` (
|
|||
|
||||
INSERT INTO `bb_config` VALUES ('allow_autologin', '1');
|
||||
INSERT INTO `bb_config` VALUES ('allow_avatar_local', '1');
|
||||
INSERT INTO `bb_config` VALUES ('allow_avatar_remote', '0');
|
||||
INSERT INTO `bb_config` VALUES ('allow_avatar_upload', '1');
|
||||
INSERT INTO `bb_config` VALUES ('allow_bbcode', '1');
|
||||
INSERT INTO `bb_config` VALUES ('allow_namechange', '0');
|
||||
|
|
|
|||
|
|
@ -176,7 +176,6 @@ switch($mode)
|
|||
'SIG_SIZE' => $new['max_sig_chars'],
|
||||
'ALLOW_NAMECHANGE' => ($new['allow_namechange']) ? true : false,
|
||||
'ALLOW_AVATARS_LOCAL' => ($new['allow_avatar_local']) ? true : false,
|
||||
'ALLOW_AVATAR_REMOTE' => ($new['allow_avatar_remote']) ? true : false,
|
||||
'ALLOW_AVATAR_UPLOAD' => ($new['allow_avatar_upload']) ? true : false,
|
||||
'AVATAR_FILESIZE' => $new['avatar_filesize'],
|
||||
'AVATAR_MAX_HEIGHT' => $new['avatar_max_height'],
|
||||
|
|
|
|||
|
|
@ -55,8 +55,8 @@ $domain_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : $do
|
|||
|
||||
// Increase number of revision after update
|
||||
$bb_cfg['tp_version'] = '2.5 (unstable)';
|
||||
$bb_cfg['tp_release_date'] = '12-01-2014';
|
||||
$bb_cfg['tp_release_state'] = 'R554';
|
||||
$bb_cfg['tp_release_date'] = '13-01-2014';
|
||||
$bb_cfg['tp_release_state'] = 'R555';
|
||||
|
||||
// Database
|
||||
$charset = 'utf8';
|
||||
|
|
|
|||
|
|
@ -2692,9 +2692,6 @@ function get_avatar ($avatar, $type, $allow_avatar = true, $height = '', $width
|
|||
case USER_AVATAR_UPLOAD:
|
||||
$user_avatar = ( $bb_cfg['allow_avatar_upload'] ) ? '<img src="'. $bb_cfg['avatar_path'] .'/'. $avatar .'" alt="" border="0" '. $height .' '. $width .'/>' : '';
|
||||
break;
|
||||
case USER_AVATAR_REMOTE:
|
||||
$user_avatar = ( $bb_cfg['allow_avatar_remote'] ) ? '<img src="'. $avatar .'" alt="" border="0" onload="imgFit(this, 100);" onClick="return imgFit(this, 100);" '. $height .' '. $width .'/>' : '';
|
||||
break;
|
||||
case USER_AVATAR_GALLERY:
|
||||
$user_avatar = ( $bb_cfg['allow_avatar_local'] ) ? '<img src="'. $bb_cfg['avatar_gallery_path'] .'/'. $avatar .'" alt="" border="0" '. $height .' '. $width .'/>' : '';
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ define('USER_ACTIVATION_ADMIN', 2);
|
|||
|
||||
define('USER_AVATAR_NONE', 0);
|
||||
define('USER_AVATAR_UPLOAD', 1);
|
||||
define('USER_AVATAR_REMOTE', 2);
|
||||
define('USER_AVATAR_REMOTE', 2); // не ипользуется
|
||||
define('USER_AVATAR_GALLERY', 3);
|
||||
|
||||
// Group settings
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
if (!defined('IN_FORUM')) die("Hacking attempt");
|
||||
|
||||
function check_image_type(&$type, &$errors)
|
||||
function check_image_type (&$type, &$errors)
|
||||
{
|
||||
global $lang;
|
||||
|
||||
|
|
@ -32,7 +32,7 @@ function check_image_type(&$type, &$errors)
|
|||
return false;
|
||||
}
|
||||
|
||||
function user_avatar_delete($avatar_type, $avatar_file)
|
||||
function user_avatar_delete ($avatar_type, $avatar_file)
|
||||
{
|
||||
global $bb_cfg;
|
||||
|
||||
|
|
@ -48,7 +48,7 @@ function user_avatar_delete($avatar_type, $avatar_file)
|
|||
return array('user_avatar' => '', 'user_avatar_type' => USER_AVATAR_NONE);
|
||||
}
|
||||
|
||||
function user_avatar_gallery($mode, &$errors, $avatar_filename, $avatar_category)
|
||||
function user_avatar_gallery ($mode, &$errors, $avatar_filename, $avatar_category)
|
||||
{
|
||||
global $bb_cfg;
|
||||
|
||||
|
|
@ -74,28 +74,7 @@ function user_avatar_gallery($mode, &$errors, $avatar_filename, $avatar_category
|
|||
}
|
||||
}
|
||||
|
||||
function user_avatar_url($mode, &$errors, $avatar_filename)
|
||||
{
|
||||
global $lang;
|
||||
|
||||
if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) )
|
||||
{
|
||||
$avatar_filename = 'http://' . $avatar_filename;
|
||||
}
|
||||
|
||||
$avatar_filename = substr($avatar_filename, 0, 100);
|
||||
|
||||
if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
|
||||
{
|
||||
$errors[] = $lang['WRONG_REMOTE_AVATAR_FORMAT'];
|
||||
return;
|
||||
}
|
||||
|
||||
return array('user_avatar' => DB()->escape($avatar_filename), 'user_avatar_type' => USER_AVATAR_REMOTE);
|
||||
|
||||
}
|
||||
|
||||
function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$errors, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
|
||||
function user_avatar_upload ($mode, $avatar_mode, &$current_avatar, &$current_type, &$errors, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
|
||||
{
|
||||
global $bb_cfg, $lang;
|
||||
|
||||
|
|
@ -104,69 +83,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
|||
$width = $height = 0;
|
||||
$type = '';
|
||||
|
||||
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/', $avatar_filename, $url_ary) )
|
||||
{
|
||||
if ( empty($url_ary[4]) )
|
||||
{
|
||||
$errors[] = $lang['INCOMPLETE_URL'];
|
||||
return;
|
||||
}
|
||||
|
||||
$base_get = '/' . $url_ary[4];
|
||||
$port = ( !empty($url_ary[3]) ) ? $url_ary[3] : 80;
|
||||
|
||||
if ( !($fsock = @fsockopen($url_ary[2], $port, $errno, $errstr)) )
|
||||
{
|
||||
$errors[] = $lang['NO_CONNECTION_URL'];
|
||||
return;
|
||||
}
|
||||
|
||||
@fputs($fsock, "GET $base_get HTTP/1.1\r\n");
|
||||
@fputs($fsock, "HOST: " . $url_ary[2] . "\r\n");
|
||||
@fputs($fsock, "Connection: close\r\n\r\n");
|
||||
|
||||
$avatar_data = '';
|
||||
while( !@feof($fsock) )
|
||||
{
|
||||
$avatar_data .= @fread($fsock, $bb_cfg['avatar_filesize']);
|
||||
}
|
||||
@fclose($fsock);
|
||||
|
||||
if (!preg_match('#Content-Length\: ([0-9]+)[^ /][\s]+#i', $avatar_data, $file_data1) || !preg_match('#Content-Type\: image/[x\-]*([a-z]+)[\s]+#i', $avatar_data, $file_data2))
|
||||
{
|
||||
$errors[] = $lang['FILE_NO_DATA'];
|
||||
return;
|
||||
}
|
||||
|
||||
$avatar_filesize = $file_data1[1];
|
||||
$avatar_filetype = $file_data2[1];
|
||||
|
||||
if ( !$errors && $avatar_filesize > 0 && $avatar_filesize < $bb_cfg['avatar_filesize'] )
|
||||
{
|
||||
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
|
||||
|
||||
//$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $bb_cfg['avatar_path'] . '/tmp';
|
||||
$tmp_path = ini_get('upload_tmp_dir');
|
||||
$tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-');
|
||||
|
||||
$fptr = @fopen($tmp_filename, 'wb');
|
||||
$bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize);
|
||||
@fclose($fptr);
|
||||
|
||||
if ( $bytes_written != $avatar_filesize )
|
||||
{
|
||||
@unlink($tmp_filename);
|
||||
message_die(GENERAL_ERROR, 'Could not write avatar file to local storage. Please contact the board administrator with this message', '', __LINE__, __FILE__);
|
||||
}
|
||||
|
||||
list($width, $height, $type) = @getimagesize($tmp_filename);
|
||||
}
|
||||
else
|
||||
{
|
||||
$errors[] = sprintf($lang['AVATAR_FILESIZE'], round($bb_cfg['avatar_filesize'] / 1024));
|
||||
}
|
||||
}
|
||||
else if ( ( file_exists(@phpbb_realpath($avatar_filename)) ) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) )
|
||||
if ( ( file_exists(@phpbb_realpath($avatar_filename)) ) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) )
|
||||
{
|
||||
if ( $avatar_filesize <= $bb_cfg['avatar_filesize'] && $avatar_filesize > 0 )
|
||||
{
|
||||
|
|
@ -234,40 +151,32 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
|||
user_avatar_delete($current_type, $current_avatar);
|
||||
}
|
||||
|
||||
if( $avatar_mode == 'remote' )
|
||||
if ( @$ini_val('open_basedir') != '' )
|
||||
{
|
||||
@copy($tmp_filename, './' . $bb_cfg['avatar_path'] . "/$new_filename");
|
||||
@unlink($tmp_filename);
|
||||
if ( @phpversion() < '4.0.3' )
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__);
|
||||
}
|
||||
|
||||
$move_file = 'move_uploaded_file';
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( @$ini_val('open_basedir') != '' )
|
||||
{
|
||||
if ( @phpversion() < '4.0.3' )
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__);
|
||||
}
|
||||
|
||||
$move_file = 'move_uploaded_file';
|
||||
}
|
||||
else
|
||||
{
|
||||
$move_file = 'copy';
|
||||
}
|
||||
|
||||
if (!is_uploaded_file($avatar_filename))
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
|
||||
}
|
||||
$move_file($avatar_filename, './' . $bb_cfg['avatar_path'] . "/$new_filename");
|
||||
$move_file = 'copy';
|
||||
}
|
||||
|
||||
if (!is_uploaded_file($avatar_filename))
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
|
||||
}
|
||||
$move_file($avatar_filename, './' . $bb_cfg['avatar_path'] . "/$new_filename");
|
||||
|
||||
@chmod('./' . $bb_cfg['avatar_path'] . "/$new_filename", 0777);
|
||||
return array('user_avatar' => $new_filename, 'user_avatar_type' => USER_AVATAR_UPLOAD);
|
||||
return array('user_avatar' => $new_filename, 'user_avatar_type' => USER_AVATAR_UPLOAD);
|
||||
}
|
||||
else
|
||||
{
|
||||
$errors[] = sprintf($lang['AVATAR_IMAGESIZE'], $bb_cfg['avatar_max_width'], $bb_cfg['avatar_max_height']);
|
||||
return '';
|
||||
return '';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -23,7 +23,7 @@ $can_register = (IS_GUEST || IS_ADMIN);
|
|||
|
||||
$submit = !empty($_POST['submit']);
|
||||
$errors = array();
|
||||
$adm_edit = false; // редактирование админом чужого профиля
|
||||
$adm_edit = false; // редактирование админом чужого профиля
|
||||
|
||||
require(INC_DIR .'bbcode.php');
|
||||
require(INC_DIR .'functions_validate.php');
|
||||
|
|
@ -47,7 +47,7 @@ switch ($mode)
|
|||
}
|
||||
if (!IS_ADMIN)
|
||||
{
|
||||
// Ограничение по ипу
|
||||
// Ограничение по ip
|
||||
if($bb_cfg['unique_ip'])
|
||||
{
|
||||
if($users = DB()->fetch_row("SELECT user_id, username FROM ". BB_USERS ." WHERE user_reg_ip = '". USER_IP ."' LIMIT 1"))
|
||||
|
|
@ -67,13 +67,7 @@ switch ($mode)
|
|||
{
|
||||
bb_die($lang['REGISTERED_IN_TIME']);
|
||||
}
|
||||
|
||||
}
|
||||
// Вывод начальной страницы с условиями регистрации
|
||||
/*if (empty($_POST['reg_agreed']))
|
||||
{
|
||||
print_page('agreement.tpl');
|
||||
}*/
|
||||
}
|
||||
|
||||
// field => can_edit
|
||||
|
|
@ -110,7 +104,7 @@ switch ($mode)
|
|||
'user_active' => IS_ADMIN,
|
||||
'username' => (IS_ADMIN || $bb_cfg['allow_namechange']),
|
||||
'user_password' => true,
|
||||
'user_email' => true, // должен быть после user_password
|
||||
'user_email' => true, // должен быть после user_password
|
||||
'user_lang' => true,
|
||||
'user_gender' => true,
|
||||
'user_birthday' => true,
|
||||
|
|
@ -154,19 +148,13 @@ switch ($mode)
|
|||
bb_die($lang['PROFILE_NOT_FOUND']);
|
||||
}
|
||||
|
||||
if (!bf($pr_data['user_opt'], 'user_opt', 'allow_avatar') && ($bb_cfg['allow_avatar_upload'] || $bb_cfg['allow_avatar_local'] || $bb_cfg['allow_avatar_remote']))
|
||||
if (!bf($pr_data['user_opt'], 'user_opt', 'allow_avatar') && ($bb_cfg['allow_avatar_upload'] || $bb_cfg['allow_avatar_local']))
|
||||
{
|
||||
$template->assign_block_vars('switch_avatar_block', array());
|
||||
|
||||
if ($bb_cfg['allow_avatar_upload'] && file_exists(@phpbb_realpath('./' . $bb_cfg['avatar_path'])))
|
||||
{
|
||||
$template->assign_block_vars('switch_avatar_block.switch_avatar_local_upload', array());
|
||||
$template->assign_block_vars('switch_avatar_block.switch_avatar_remote_upload', array());
|
||||
}
|
||||
|
||||
if ($bb_cfg['allow_avatar_remote'])
|
||||
{
|
||||
$template->assign_block_vars('switch_avatar_block.switch_avatar_remote_link', array());
|
||||
}
|
||||
|
||||
if ($bb_cfg['allow_avatar_local'] && file_exists(@phpbb_realpath('./' . $bb_cfg['avatar_gallery_path'])))
|
||||
|
|
@ -178,7 +166,7 @@ switch ($mode)
|
|||
{
|
||||
$template->assign_block_vars('not_avatar_block', array());
|
||||
}
|
||||
break;
|
||||
break;
|
||||
|
||||
default:
|
||||
trigger_error("invalid mode: $mode", E_USER_ERROR);
|
||||
|
|
@ -209,7 +197,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
$active = isset($_POST['user_active']) ? (int) $_POST['user_active'] : $pr_data['user_active'];
|
||||
if ($submit && $adm_edit)
|
||||
{
|
||||
$pr_data['user_active'] = $active;
|
||||
$pr_data['user_active'] = $active;
|
||||
$db_data['user_active'] = $active;
|
||||
}
|
||||
break;
|
||||
|
|
@ -218,7 +206,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
* Имя (edit, reg)
|
||||
*/
|
||||
case 'username':
|
||||
$username = !empty($_POST['username']) ? clean_username($_POST['username']) : $pr_data['username'];
|
||||
$username = !empty($_POST['username']) ? clean_username($_POST['username']) : $pr_data['username'];
|
||||
|
||||
if ($submit)
|
||||
{
|
||||
|
|
@ -227,7 +215,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
{
|
||||
$errors[] = $err;
|
||||
}
|
||||
if($can_edit && $username != $pr_data['username'] || $mode == 'register')
|
||||
if ($can_edit && $username != $pr_data['username'] || $mode == 'register')
|
||||
{
|
||||
$pr_data['username'] = $username;
|
||||
$db_data['username'] = $username;
|
||||
|
|
@ -284,7 +272,6 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
/**
|
||||
|
|
@ -302,7 +289,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
}
|
||||
$db_data['user_email'] = $email;
|
||||
}
|
||||
else if ($email != $pr_data['user_email']) // если смена мейла юзером
|
||||
else if ($email != $pr_data['user_email']) // если смена мейла юзером
|
||||
{
|
||||
if (!$cur_pass_valid)
|
||||
{
|
||||
|
|
@ -330,7 +317,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
$user_lang = isset($_POST['user_lang']) ? (string) $_POST['user_lang'] : $pr_data['user_lang'];
|
||||
if ($submit && ($user_lang != $pr_data['user_lang'] || $mode == 'register'))
|
||||
{
|
||||
$pr_data['user_lang'] = $user_lang;
|
||||
$pr_data['user_lang'] = $user_lang;
|
||||
$db_data['user_lang'] = $user_lang;
|
||||
}
|
||||
break;
|
||||
|
|
@ -357,7 +344,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
$gender = isset($_POST['user_gender']) ? (int) $_POST['user_gender'] : $pr_data['user_gender'];
|
||||
if ($submit && $gender != $pr_data['user_gender'])
|
||||
{
|
||||
$pr_data['user_gender'] = $gender;
|
||||
$pr_data['user_gender'] = $gender;
|
||||
$db_data['user_gender'] = $gender;
|
||||
}
|
||||
$tp_data['USER_GENDER'] = build_select('user_gender', array_flip($lang['GENDER_SELECT']), $pr_data['user_gender']);
|
||||
|
|
@ -384,7 +371,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
else
|
||||
{
|
||||
$birthday = "$b_year-$b_md-$b_day";
|
||||
$next_birthday_greeting = (date('md') < $b_md . (($b_day <= 9) ? '0' : '') . $b_day) ? date('Y') : date('Y')+1;
|
||||
$next_birthday_greeting = (date('md') < $b_md . (($b_day <= 9) ? '0' : '') . $b_day) ? date('Y') : date('Y') + 1;
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
@ -393,7 +380,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
$next_birthday_greeting = 0;
|
||||
}
|
||||
|
||||
if ($submit && $birthday != $pr_data['user_birthday'])
|
||||
if ($submit && $birthday != $pr_data['user_birthday'])
|
||||
{
|
||||
$pr_data['user_birthday'] = $birthday;
|
||||
$db_data['user_birthday'] = $birthday;
|
||||
|
|
@ -408,9 +395,9 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
$user_opt = $pr_data['user_opt'];
|
||||
|
||||
$update_user_opt = array(
|
||||
'viewemail' => true,
|
||||
'allow_viewonline' => true,
|
||||
'notify' => true,
|
||||
'viewemail' => true,
|
||||
'allow_viewonline' => true,
|
||||
'notify' => true,
|
||||
'notify_pm' => true,
|
||||
'hide_porn_forums' => true,
|
||||
'allow_dls' => true,
|
||||
|
|
@ -556,11 +543,11 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
break;
|
||||
|
||||
case 'user_avatar_type':
|
||||
if(isset($_POST['avatargallery']) && !$errors)
|
||||
if (isset($_POST['avatargallery']) && !$errors)
|
||||
{
|
||||
$category = (!empty($_POST['avatarcategory'])) ? htmlspecialchars($_POST['avatarcategory']) : '';
|
||||
|
||||
$dir = @opendir($bb_cfg['avatar_gallery_path']);
|
||||
$dir = @opendir($bb_cfg['avatar_gallery_path']);
|
||||
|
||||
$avatar_images = array();
|
||||
while($file = @readdir($dir))
|
||||
|
|
@ -571,15 +558,15 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
|
||||
$avatar_row_count = 0;
|
||||
$avatar_col_count = 0;
|
||||
while($sub_file = @readdir($sub_dir))
|
||||
while ($sub_file = @readdir($sub_dir))
|
||||
{
|
||||
if(preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file))
|
||||
if (preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file))
|
||||
{
|
||||
$avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file;
|
||||
$avatar_name[$file][$avatar_row_count][$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file)));
|
||||
|
||||
$avatar_col_count++;
|
||||
if($avatar_col_count == 5)
|
||||
if ($avatar_col_count == 5)
|
||||
{
|
||||
$avatar_row_count++;
|
||||
$avatar_col_count = 0;
|
||||
|
|
@ -612,7 +599,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
$s_categories .= '</select>';
|
||||
|
||||
$s_colspan = 0;
|
||||
for($i = 0; $i < @count($avatar_images[$category]); $i++)
|
||||
for ($i = 0; $i < @count($avatar_images[$category]); $i++)
|
||||
{
|
||||
$template->assign_block_vars('avatar_row', array());
|
||||
|
||||
|
|
@ -633,6 +620,9 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
|
||||
$s_hidden_vars = '<input type="hidden" name="avatarcatname" value="' . $category . '" />';
|
||||
|
||||
$u_id = (isset($_GET['u']) && intval($_GET['u'])) ? intval($_GET['u']) : 0;
|
||||
$mode = (IS_ADMIN && $u_id) ? $mode . '&u=' . $u_id : $mode;
|
||||
|
||||
$template->assign_vars(array(
|
||||
'S_CATEGORY_SELECT' => $s_categories,
|
||||
'S_COLSPAN' => $s_colspan,
|
||||
|
|
@ -645,9 +635,7 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
|
||||
$user_avatar_local = (isset($_POST['avatarselect']) && !empty($_POST['submitavatar']) && $bb_cfg['allow_avatar_local']) ? htmlspecialchars($_POST['avatarselect']) : ((isset($_POST['avatarlocal'])) ? htmlspecialchars($_POST['avatarlocal']) : '');
|
||||
$user_avatar_category = (isset($_POST['avatarcatname']) && $bb_cfg['allow_avatar_local']) ? htmlspecialchars($_POST['avatarcatname']) : '';
|
||||
|
||||
$user_avatar_remoteurl = (!empty($_POST['avatarremoteurl'])) ? trim(htmlspecialchars($_POST['avatarremoteurl'])) : '';
|
||||
$user_avatar_upload = (!empty($_POST['avatarurl'])) ? trim($_POST['avatarurl']) : ((!empty($_FILES['avatar']) && $_FILES['avatar']['tmp_name'] != "none") ? $_FILES['avatar']['tmp_name'] : '');
|
||||
$user_avatar_upload = (!empty($_FILES['avatar']) && $_FILES['avatar']['tmp_name'] != "none") ? $_FILES['avatar']['tmp_name'] : '';
|
||||
$user_avatar_name = (!empty($_FILES['avatar']['name'])) ? $_FILES['avatar']['name'] : '';
|
||||
$user_avatar_size = (!empty($_FILES['avatar']['size'])) ? $_FILES['avatar']['size'] : 0;
|
||||
$user_avatar_filetype = (!empty($_FILES['avatar']['type'])) ? $_FILES['avatar']['type'] : '';
|
||||
|
|
@ -677,41 +665,35 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
{
|
||||
if (!empty($user_avatar_upload))
|
||||
{
|
||||
$avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local';
|
||||
$avatar = user_avatar_upload($mode, $avatar_mode, $pr_data['user_avatar'], $pr_data['user_avatar_type'], $errors, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
|
||||
$avatar = user_avatar_upload($mode, 'local', $pr_data['user_avatar'], $pr_data['user_avatar_type'], $errors, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
|
||||
}
|
||||
else if (!empty($user_avatar_name))
|
||||
{
|
||||
$errors[] = sprintf($lang['AVATAR_FILESIZE'], round($bb_cfg['avatar_filesize'] / 1024));
|
||||
}
|
||||
}
|
||||
else if ($user_avatar_remoteurl != '' && $bb_cfg['allow_avatar_remote'])
|
||||
{
|
||||
user_avatar_delete($pr_data['user_avatar_type'], $pr_data['user_avatar']);
|
||||
$avatar = user_avatar_url($mode, $errors, $user_avatar_remoteurl);
|
||||
}
|
||||
else if ($user_avatar_local != '' && $bb_cfg['allow_avatar_local'])
|
||||
{
|
||||
user_avatar_delete($pr_data['user_avatar_type'], $pr_data['user_avatar']);
|
||||
$avatar = user_avatar_gallery($mode, $errors, $user_avatar_local, $user_avatar_category);
|
||||
}
|
||||
|
||||
if($avatar)
|
||||
{
|
||||
$user_avatar = $avatar['user_avatar'];
|
||||
$user_avatar_type = $avatar['user_avatar_type'];
|
||||
$hidden_vars = '';
|
||||
foreach($_POST as $name => $key)
|
||||
{
|
||||
$hidden_vars .= '<input type="hidden" name="'. $name .'" value="'. $key .'" />';
|
||||
}
|
||||
$tp_data['USER_AVATAR'] = get_avatar($user_avatar, $user_avatar_type) . $hidden_vars;
|
||||
}
|
||||
else
|
||||
{
|
||||
$tp_data['USER_AVATAR'] = get_avatar($pr_data['user_avatar'], $pr_data['user_avatar_type'], !bf($pr_data['user_opt'], 'user_opt', 'allow_avatar'));
|
||||
}
|
||||
if ($submit && !bf($pr_data['user_opt'], 'user_opt', 'allow_avatar'))
|
||||
if ($avatar)
|
||||
{
|
||||
$user_avatar = $avatar['user_avatar'];
|
||||
$user_avatar_type = $avatar['user_avatar_type'];
|
||||
$hidden_vars = '';
|
||||
foreach ($_POST as $name => $key)
|
||||
{
|
||||
$hidden_vars .= '<input type="hidden" name="'. $name .'" value="'. $key .'" />';
|
||||
}
|
||||
$tp_data['USER_AVATAR'] = get_avatar($user_avatar, $user_avatar_type) . $hidden_vars;
|
||||
}
|
||||
else
|
||||
{
|
||||
$tp_data['USER_AVATAR'] = get_avatar($pr_data['user_avatar'], $pr_data['user_avatar_type'], !bf($pr_data['user_opt'], 'user_opt', 'allow_avatar'));
|
||||
}
|
||||
if ($submit && !bf($pr_data['user_opt'], 'user_opt', 'allow_avatar'))
|
||||
{
|
||||
if ($user_avatar != $pr_data['user_avatar'] || $user_avatar_type != $pr_data['user_avatar_type'])
|
||||
{
|
||||
|
|
@ -751,17 +733,17 @@ foreach ($profile_fields as $field => $can_edit)
|
|||
}
|
||||
}
|
||||
|
||||
if($bb_cfg['birthday_enabled'] && $mode != 'register')
|
||||
if ($bb_cfg['birthday_enabled'] && $mode != 'register')
|
||||
{
|
||||
$days = array($lang['DELTA_TIME']['INTERVALS']['mday'][0] => 0);
|
||||
for($i=1; $i<=31; $i++)
|
||||
for ($i = 1; $i <= 31; $i++)
|
||||
{
|
||||
$days[$i] = $i;
|
||||
}
|
||||
$s_birthday = build_select('b_day', $days, $b_day);
|
||||
|
||||
$months = array($lang['DELTA_TIME']['INTERVALS']['mon'][0] => 0);
|
||||
for($i=1; $i<=12; $i++)
|
||||
for ($i = 1; $i <= 12; $i++)
|
||||
{
|
||||
$month = bb_date(mktime(0, 0, 0, ($i+1), 0, 0), 'F');
|
||||
$months[$month] = $i;
|
||||
|
|
@ -770,7 +752,7 @@ if($bb_cfg['birthday_enabled'] && $mode != 'register')
|
|||
|
||||
$year = bb_date(TIMENOW, 'Y', 'false');
|
||||
$years = array($lang['DELTA_TIME']['INTERVALS']['year'][0] => 0);
|
||||
for($i=$year-$bb_cfg['birthday_max_age']; $i<=$year-$bb_cfg['birthday_min_age']; $i++)
|
||||
for ($i = $year-$bb_cfg['birthday_max_age']; $i <= $year - $bb_cfg['birthday_min_age']; $i++)
|
||||
{
|
||||
$years[$i] = $i;
|
||||
}
|
||||
|
|
@ -799,9 +781,9 @@ if ($submit && !$errors)
|
|||
}
|
||||
$db_data['user_regdate'] = TIMENOW;
|
||||
|
||||
if(!IS_ADMIN) $db_data['user_reg_ip'] = USER_IP;
|
||||
if (!IS_ADMIN) $db_data['user_reg_ip'] = USER_IP;
|
||||
|
||||
if(!isset($db_data['tpl_name'])) $db_data['tpl_name'] = (string) $bb_cfg['tpl_name'];
|
||||
if (!isset($db_data['tpl_name'])) $db_data['tpl_name'] = (string) $bb_cfg['tpl_name'];
|
||||
|
||||
$sql_args = DB()->build_array('INSERT', $db_data);
|
||||
|
||||
|
|
@ -856,11 +838,9 @@ if ($submit && !$errors)
|
|||
|
||||
if ($bb_cfg['require_activation'] == USER_ACTIVATION_ADMIN)
|
||||
{
|
||||
$sql = "SELECT user_email, user_lang, usr_opt
|
||||
FROM ". BB_USERS ."
|
||||
WHERE user_level = " . ADMIN;
|
||||
$sql = "SELECT user_email, user_lang, usr_opt FROM ". BB_USERS ." WHERE user_level = " . ADMIN;
|
||||
|
||||
if ( !($result = DB()->sql_query($sql)) )
|
||||
if (!($result = DB()->sql_query($sql)))
|
||||
{
|
||||
message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
|
@ -890,7 +870,7 @@ if ($submit && !$errors)
|
|||
}
|
||||
}
|
||||
|
||||
if(empty($active_admin))
|
||||
if (empty($active_admin))
|
||||
{
|
||||
$emailer->from($bb_cfg['board_email']);
|
||||
$emailer->replyto($bb_cfg['board_email']);
|
||||
|
|
@ -928,7 +908,7 @@ if ($submit && !$errors)
|
|||
if (!$pr_data['user_active'])
|
||||
{
|
||||
$user_actkey = make_rand_str(12);
|
||||
$pr_data['user_actkey'] = $user_actkey;
|
||||
$pr_data['user_actkey'] = $user_actkey;
|
||||
$db_data['user_actkey'] = $user_actkey;
|
||||
|
||||
include(INC_DIR . 'emailer.class.php');
|
||||
|
|
@ -959,7 +939,7 @@ if ($submit && !$errors)
|
|||
$emailer->reset();
|
||||
|
||||
$message = $lang['PROFILE_UPDATED_INACTIVE'];
|
||||
$user->session_end();
|
||||
$user->session_end();
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -979,7 +959,7 @@ if ($submit && !$errors)
|
|||
}
|
||||
}
|
||||
|
||||
cache_rm_user_sessions ($pr_data['user_id']);
|
||||
cache_rm_user_sessions ($pr_data['user_id']);
|
||||
|
||||
if($adm_edit)
|
||||
{
|
||||
|
|
@ -1014,14 +994,14 @@ $template->assign_vars(array(
|
|||
'SHOW_PASS' => ($adm_edit || ($mode == 'register' && IS_ADMIN)),
|
||||
'CAPTCHA_HTML' => ($need_captcha) ? CAPTCHA()->get_html() : '',
|
||||
|
||||
'LANGUAGE_SELECT' => language_select($user_lang, 'user_lang'),
|
||||
'LANGUAGE_SELECT' => language_select($user_lang, 'user_lang'),
|
||||
'TIMEZONE_SELECT' => tz_select($user_timezone, 'user_timezone'),
|
||||
'USER_TIMEZONE' => $pr_data['user_timezone'],
|
||||
|
||||
'AVATAR_EXPLAIN' => sprintf($lang['AVATAR_EXPLAIN'], $bb_cfg['avatar_max_width'], $bb_cfg['avatar_max_height'], (round($bb_cfg['avatar_filesize'] / 1024))),
|
||||
'SIGNATURE_EXPLAIN' => sprintf($lang['SIGNATURE_EXPLAIN'], $bb_cfg['max_sig_chars']),
|
||||
'AVATAR_EXPLAIN' => sprintf($lang['AVATAR_EXPLAIN'], $bb_cfg['avatar_max_width'], $bb_cfg['avatar_max_height'], (round($bb_cfg['avatar_filesize'] / 1024))),
|
||||
'SIGNATURE_EXPLAIN' => sprintf($lang['SIGNATURE_EXPLAIN'], $bb_cfg['max_sig_chars']),
|
||||
|
||||
'SIG_DISALLOWED' => bf($pr_data['user_opt'], 'user_opt', 'allow_sig'),
|
||||
'SIG_DISALLOWED' => bf($pr_data['user_opt'], 'user_opt', 'allow_sig'),
|
||||
|
||||
'PR_USER_ID' => $pr_data['user_id'],
|
||||
'U_RESET_AUTOLOGIN' => "login.php?logout=1&reset_autologin=1&sid={$userdata['session_id']}",
|
||||
|
|
|
|||
|
|
@ -251,8 +251,6 @@ $lang['ALLOW_NAME_CHANGE'] = 'Allow Username changes';
|
|||
|
||||
$lang['AVATAR_SETTINGS'] = 'Avatar Settings';
|
||||
$lang['ALLOW_LOCAL'] = 'Enable gallery avatars';
|
||||
$lang['ALLOW_REMOTE'] = 'Enable remote avatars';
|
||||
$lang['ALLOW_REMOTE_EXPLAIN'] = 'Avatars linked to from another website';
|
||||
$lang['ALLOW_UPLOAD'] = 'Enable avatar uploading';
|
||||
$lang['MAX_FILESIZE'] = 'Maximum Avatar File Size';
|
||||
$lang['MAX_FILESIZE_EXPLAIN'] = 'For uploaded avatar files';
|
||||
|
|
|
|||
|
|
@ -556,7 +556,6 @@ $lang['ONLY_ONE_AVATAR'] = 'Only one type of avatar can be specified';
|
|||
$lang['FILE_NO_DATA'] = 'The file at the URL you gave contains no data';
|
||||
$lang['NO_CONNECTION_URL'] = 'A connection could not be made to the URL you gave';
|
||||
$lang['INCOMPLETE_URL'] = 'The URL you entered is incomplete';
|
||||
$lang['WRONG_REMOTE_AVATAR_FORMAT'] = 'The URL of the remote avatar is not valid';
|
||||
$lang['NO_SEND_ACCOUNT_INACTIVE'] = 'Sorry, but your password cannot be retrieved because your account is currently inactive';
|
||||
$lang['NO_SEND_ACCOUNT'] = 'Sorry, but your password cannot be retrieved. Please contact the forum administrator for more information';
|
||||
|
||||
|
|
@ -615,12 +614,7 @@ $lang['RESET_AUTOLOGIN_EXPL'] = '';
|
|||
$lang['AVATAR'] = 'Avatar';
|
||||
$lang['AVATAR_EXPLAIN'] = 'Displays a small graphic image below your details in posts. Only one image can be displayed at a time, its width can be no greater than %d pixels, the height no greater than %d pixels, and the file size no more than %d KB.';
|
||||
$lang['UPLOAD_AVATAR_FILE'] = 'Upload Avatar from your machine';
|
||||
$lang['UPLOAD_AVATAR_URL'] = 'Upload Avatar from a URL';
|
||||
$lang['UPLOAD_AVATAR_URL_EXPLAIN'] = 'Enter the URL of the location containing the Avatar image, it will be copied to this site.';
|
||||
$lang['PICK_LOCAL_AVATAR'] = 'Select Avatar from the gallery';
|
||||
$lang['LINK_REMOTE_AVATAR'] = 'Link to off-site Avatar';
|
||||
$lang['LINK_REMOTE_AVATAR_EXPLAIN'] = 'Enter the URL of the location containing the Avatar image you wish to link to.';
|
||||
$lang['AVATAR_URL'] = 'URL of Avatar Image';
|
||||
$lang['SELECT_FROM_GALLERY'] = 'Select Avatar from gallery';
|
||||
$lang['VIEW_AVATAR_GALLERY'] = 'Show gallery';
|
||||
|
||||
|
|
|
|||
|
|
@ -252,8 +252,6 @@ $lang['ALLOW_NAME_CHANGE'] = 'Разрешить смену имени поль
|
|||
|
||||
$lang['AVATAR_SETTINGS'] = 'Настройки аватар';
|
||||
$lang['ALLOW_LOCAL'] = 'Разрешить аватар из галереи';
|
||||
$lang['ALLOW_REMOTE'] = 'Разрешить удалённых аватар';
|
||||
$lang['ALLOW_REMOTE_EXPLAIN'] = 'Ссылка на аватару, находящуюся на другом сайте';
|
||||
$lang['ALLOW_UPLOAD'] = 'Разрешить закачку аватар';
|
||||
$lang['MAX_FILESIZE'] = 'Макс. размер файла аватары';
|
||||
$lang['MAX_FILESIZE_EXPLAIN'] = 'Для закачанных файлов';
|
||||
|
|
|
|||
|
|
@ -559,7 +559,6 @@ $lang['ONLY_ONE_AVATAR'] = 'Может быть указан только оди
|
|||
$lang['FILE_NO_DATA'] = 'Файл по указанному вами URL не содержит данных';
|
||||
$lang['NO_CONNECTION_URL'] = 'Невозможно установить соединения с указанным вами URL';
|
||||
$lang['INCOMPLETE_URL'] = 'Вы указали неполный URL';
|
||||
$lang['WRONG_REMOTE_AVATAR_FORMAT'] = 'Неверный URL удалённой аватары';
|
||||
$lang['NO_SEND_ACCOUNT_INACTIVE'] = 'Извините, но пароль не может быть выслан (учётная запись неактивна)';
|
||||
$lang['NO_SEND_ACCOUNT'] = 'Извините, но пароль для этого пользователя не может быть выслан. Обратитесь к администраторам форума за дополнительной информацией';
|
||||
|
||||
|
|
@ -618,12 +617,7 @@ $lang['RESET_AUTOLOGIN_EXPL'] = 'включая все места, где вы
|
|||
$lang['AVATAR'] = 'Аватара';
|
||||
$lang['AVATAR_EXPLAIN'] = 'Показывает небольшое изображение под информацией о вас в сообщениях. Может быть показано только одно изображение, шириной не более %d пикселов, высотой не более %d пикселов и объёмом не более %d кб.';
|
||||
$lang['UPLOAD_AVATAR_FILE'] = 'Загрузить аватару с вашего компьютера';
|
||||
$lang['UPLOAD_AVATAR_URL'] = 'Загрузить аватару с URL';
|
||||
$lang['UPLOAD_AVATAR_URL_EXPLAIN'] = 'Введите URL по которому находится файл с изображением, он будет скопирован на этот сайт.';
|
||||
$lang['PICK_LOCAL_AVATAR'] = 'Выбрать аватару из галереи';
|
||||
$lang['LINK_REMOTE_AVATAR'] = 'Показывать аватару с другого сервера';
|
||||
$lang['LINK_REMOTE_AVATAR_EXPLAIN'] = 'Введите URL изображения, на которое вы хотите сослаться.';
|
||||
$lang['AVATAR_URL'] = 'URL изображения аватары';
|
||||
$lang['SELECT_FROM_GALLERY'] = 'Выбрать аватару из галереи';
|
||||
$lang['VIEW_AVATAR_GALLERY'] = 'Показать галерею';
|
||||
|
||||
|
|
|
|||
|
|
@ -183,13 +183,6 @@
|
|||
<label><input type="radio" name="allow_avatar_local" value="0" <!-- IF not ALLOW_AVATARS_LOCAL -->checked="checked"<!-- ENDIF --> />{L_NO}</label>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><h4>{L_ALLOW_REMOTE}</h4><h6>{L_ALLOW_REMOTE_EXPLAIN}</h6></td>
|
||||
<td>
|
||||
<label><input type="radio" name="allow_avatar_remote" value="1" <!-- IF ALLOW_AVATAR_REMOTE -->checked="checked"<!-- ENDIF --> />{L_YES}</label>
|
||||
<label><input type="radio" name="allow_avatar_remote" value="0" <!-- IF not ALLOW_AVATAR_REMOTE -->checked="checked"<!-- ENDIF --> />{L_NO}</label>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><h4>{L_ALLOW_UPLOAD}</h4></td>
|
||||
<td>
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ ajax.callback.user_register = function(data){
|
|||
|
||||
<p class="nav"><a href="{U_INDEX}">{T_INDEX}</a></p>
|
||||
|
||||
<form method="post" action="profile.php" class="tokenized" enctype="multipart/form-data">
|
||||
<form method="post" action="profile.php<!-- IF IS_ADMIN && PR_USER_ID -->?u={PR_USER_ID}<!-- ENDIF -->" class="tokenized" enctype="multipart/form-data">
|
||||
<input type="hidden" name="mode" value="{MODE}" />
|
||||
<input type="hidden" name="reg_agreed" value="1" />
|
||||
<!-- IF NEW_USER --><input type="hidden" name="admin" value="1" /><!-- ENDIF -->
|
||||
|
|
@ -272,18 +272,6 @@ ajax.callback.posts = function(data){
|
|||
</td>
|
||||
</tr>
|
||||
<!-- END switch_avatar_local_upload -->
|
||||
<!-- BEGIN switch_avatar_remote_upload -->
|
||||
<tr>
|
||||
<td>{L_UPLOAD_AVATAR_URL}:<h6>{L_UPLOAD_AVATAR_URL_EXPLAIN}</h6></td>
|
||||
<td><input type="text" name="avatarurl" size="44" /></td>
|
||||
</tr>
|
||||
<!-- END switch_avatar_remote_upload -->
|
||||
<!-- BEGIN switch_avatar_remote_link -->
|
||||
<tr>
|
||||
<td>{L_LINK_REMOTE_AVATAR}:<h6>{L_LINK_REMOTE_AVATAR_EXPLAIN}</h6></td>
|
||||
<td><input type="text" name="avatarremoteurl" size="44" /></td>
|
||||
</tr>
|
||||
<!-- END switch_avatar_remote_link -->
|
||||
<!-- BEGIN switch_avatar_local_gallery -->
|
||||
<tr>
|
||||
<td>{L_AVATAR_GALLERY}:</td>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue