profile.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: profile.php,v $
// | $Date: 2004/02/10 01:34:25 $
// | $Revision: 1.57 $
// +-------------------------------------------------------------+
// | File Details:
// | - User profile editing pages.
// +-------------------------------------------------------------+

error_reporting(E_ALL & ~E_NOTICE);
require_once('./global.php');
//Nullify WTN-WDYL Team

$template_cache = templatecache('PROFILE_emails,PROFILE_password,PROFILE_profile,HF_footer,HF_header');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "view_profile";
}

check_user(1);
$page = 'settings';

############################### UPDATE THE DEFAULT EMAIL ###############################

if ($_REQUEST['do'] == "defaultemail") {

	// check that the email is valid
	$result = $db->query_return("
		SELECT COUNT(*) AS total 
		FROM user_email 
		WHERE email = '" . mysql_escape_string($_REQUEST[email]) . "'
		AND userid = '$session[userid]'
	");

	if ($db->num_rows()) {

		// insert the current default email into user_email
		$authcode = substr(md5(rand()), 20);
		$db->query("
			INSERT INTO user_email SET
			userid = '$session[userid]',
			email = '" . mysql_escape_string($user['email']) . "',
			authcode = '" . mysql_escape_string($authcode) . "',
			validated = 1
		");

		// update current default email
		$db->query("UPDATE user SET
			email = '" . mysql_escape_string($_REQUEST['defaultemail']) ."'
			WHERE id = '$session[userid]'
		");

		// delete new default email
		$db->query("DELETE FROM user_email WHERE
			email = '" . mysql_escape_string($_REQUEST['defaultemail']) . "'
		");

		jump('profile.php?do=view_emails', 'redirect_email_verified');
	} else {
		jump('profile.php?do=view_emails', 'redirect_verified');
	}
}

############################### VALIDATE EMAIL (EMAIL SENT TO USER) ###############################

if ($_REQUEST['do'] == "validate") {

	// check in db
	$result = $db->query_return("
		SELECT COUNT(*) AS total 
		FROM user_email 
		WHERE email = '" . mysql_escape_string($_REQUEST[email]) . "'
		AND authcode = '" . mysql_escape_string($_REQUEST[authcode]) . "'
	");

	// update if valid
	if ($result[total] > 0) {
		$db->query("
			UPDATE user_email 
			SET validated = '1' 
			WHERE email = '" . mysql_escape_string($_REQUEST[email]) . "'
			AND authcode = '" . mysql_escape_string($_REQUEST[authcode]) . "'
		");

		// delete it from anyone else
		$db->query("
			DELETE FROM user_email 
			WHERE email = '" . mysql_escape_string($_REQUEST[email]) . "'
			AND userid != '$user[id]'
		");

		jump('profile.php?do=view_emails', 'redirect_email_verified');
	} else {
		error('validate_error');
	}
}

############################### ADD EMAIL ###############################

if ($_REQUEST['do'] == "addemail") {

	if (!validate_email($_REQUEST['newemail'])) {
		error('invalid_email');
	}
	
	if (!unique_email($_REQUEST['newemail'])) {
		error('email_not_unique');
	}

	// lets check not already added
	$mail = $db->query_return("
		SELECT * FROM user_email 
		WHERE email = '" . mysql_escape_string($_REQUEST[newemail]) . "'
		AND userid = '$user[id]'
	");

	if ($db->num_rows()) {
		$_REQUEST['do'] = 'resend';
		$_REQUEST['email'] = $_REQUEST['newemail'];
	} else {
	
		$authcode = substr(md5(rand()), 20);
		$db->query("
			INSERT INTO user_email SET
			userid = '$session[userid]',
			email = '" . mysql_escape_string($_REQUEST['newemail']) . "',
			authcode = '" . mysql_escape_string($authcode) . "'
		");

		$email = urlencode($_REQUEST['newemail']);
		$user_details = $user;
		$user_details = update_user_details($user_details);;
		eval(makeemaileval('message', 'BODY_newemail_confirm', $subject));

		echo $_REQUEST['newemail'];
		dp_mail($_REQUEST['newemail'], $subject, $message);

		jump('profile.php?do=view_emails', 'redirect_email_added_validate');

	}
}

############################### RE-SEND EMAIL ###############################

if ($_REQUEST['do'] == 'resend') {
	
	$_REQUEST['email'] = mysql_escape_string($_REQUEST['email']);
	
	$mail = $db->query_return("
		SELECT * FROM user_email 
		WHERE email = '" . mysql_escape_string($_REQUEST[email]) . "'
		AND userid = '$user[id]'
	");
	
	$email = urlencode($_REQUEST['email']);
	$authcode = $mail['authcode'];

	if (is_array($mail)) {
		$user_details = $user;
		$user_details = update_user_details($user_details);;
		eval(makeemaileval('message', 'BODY_newemail_confirm', $subject));
		dp_mail($mail['email'], $subject, $message);
		jump('profile.php?do=view_emails', 'redirect_email_resent');
	} else {
		error('invalid_email');
	}
}

############################## RE-SEND WELCOME MAIL #########################

if ($_REQUEST['do'] == 'resend_welcome') {

	$user_details = $user;
	$user_details = update_user_details($user_details);;
	eval(makeemaileval('message', 'BODY_register_confirm', $subject));
	dp_mail($user_details['email'], $subject, $message);
	
	jump('profile.php?do=view_emails', 'redirect_email_resent');
}

############################### CANCEL EMAIL ###############################

if ($_REQUEST['do'] == 'cancel') {

	$mail = $db->query_return("
		SELECT * FROM user_email 
		WHERE userid = '$session[userid]' 
			AND email = '" . mysql_escape_string($_REQUEST[email]) . "'
	");

	if (is_array($mail)) {
		
		$db->query("
			DELETE FROM user_email 
			WHERE userid = '$session[userid]' 
			AND email = '" . mysql_escape_string($_REQUEST[email]) . "'
		");

		jump('profile.php?do=view_emails', 'redirect_email_deleted');
	} else {
		error('invalid_email');
	}
}

############################### DELETE EMAIL ###############################

if ($_REQUEST['do'] == "delete") {

	$db->query("DELETE FROM user_email 
				WHERE email = '" . mysql_escape_string($_REQUEST[email]) . "'
				AND userid = '$session[userid]'
			");

	if ($db->num_rows() > 0) {
		
		$db->query("
			SELECT id, email 
			FROM ticket 
			WHERE userid = $user[id] 
			AND email = '".mysql_escape_string($_REQUEST[email])."'
		");

		while ($tlog = $db->row_array()) {
			ticketlog($tlog[id], 'email_changed', 0, 0, mysql_escape_string($tlog[ticketemail]), mysql_escape_string($_REQUEST[email]));
		}

		$db->query("UPDATE ticket SET
					email = '" . addslashes($user[email]) . "'
					WHERE userid = '$user[id]'
					AND email = '" . mysql_escape_string($_REQUEST[email]) . "'
				");

		jump('profile.php?do=view_emails', 'redirect_email_deleted');
	} else {
		error('noemail_to_delete');
	}
}

############################### UPDATE PASSWORD ###############################
	
if ($_REQUEST['do'] == "updatepassword") {

	$password = $db->query_return("SELECT password FROM user WHERE id = '$user[id]'");
	$user['password'] = $password['password'];

	if ($_REQUEST['currpass'] != $user['password']) {
		error('nomatch_password');
	}

	if (strlen($_REQUEST[password1]) < 5) {
		error('passwordshort');
	}

	if ($_REQUEST[password1] != $_REQUEST[password2]) {
		error('match_passwords');
	}

	$password1 = mysql_escape_string($_REQUEST[password1]);
	$password_cookie = md5($session[sessionid] . $_REQUEST[password1] . uniqid(rand(),1));
	$password_url = md5($session[sessionid] . $_REQUEST[password1] . uniqid(rand(),1));
    $password_cookie = substr($password_cookie, 0, 8);
    $password_url = substr($password_url, 0, 8);
		
	$db->query("
		UPDATE user SET 
			password = '" . mysql_escape_string($password1) . "', 
			password_cookie = '" . mysql_escape_string($password_cookie) . "', 
			password_url = '" . mysql_escape_string($password_url) . "' 
		WHERE id = $user[id]
	");
		
	setcookie("dp_user_password", $password_cookie);
	
	// get back updated user
	$user_details = $db->query_return("SELECT * FROM user WHERE id = '$user[id]'");

	$user_details = update_user_details($user_details);;	
	eval(makeemaileval('message', 'BODY_changepass', $subject));
	dp_mail($user_details[email], $subject, $message);
	
	jump('profile.php?do=view_profile', 'redirect_password_change');
}

#############################################################################################
############################### GLOBAL FOR DISPLAY PROFILE PAGES ############################
#############################################################################################

if ($_REQUEST['do'] == 'view_password' OR $_REQUEST['do'] == 'view_emails' OR $_REQUEST['do'] == 'view_profile' OR $_REQUEST['do'] == 'edit_profile') {

	// if we have custom user fields enable user to edit their profile
	$result = $db->query_return("SELECT COUNT(*) 
				AS total 
				FROM user_def
				WHERE user_viewable
			");

	if ($result[total] > 0) {
		$display_profile = 1;
	}

	eval(makeeval('header', 'HF_header'));
	eval(makeeval('footer', 'HF_footer'));
	eval(makeeval('profile_header', 'PROFILE_header'));

}

############################### VIEW PASSWORDS ###############################

if ($_REQUEST['do'] == "view_password") {

	eval(makeeval('header', 'HF_header'));
	eval(makeeval('footer', 'HF_footer'));
	eval(makeeval('echo', 'PROFILE_password'));

}

############################### VIEW EMAILS ###############################

if ($_REQUEST['do'] == "view_emails") {

	$validated[] = array('email' => $user[email]);

	$db->query("SELECT * FROM user_email WHERE userid = '$session[userid]'");
	while ($result = $db->row_array()) {

		if ($result[validated] == 1) {
			$validated[] = array('email' => $result[email]);
		} else {
			$unvalidated[] = array('email' => $result[email]);
		}

	}

	eval(makeeval('header', 'HF_header'));
	eval(makeeval('footer', 'HF_footer'));
	eval(makeeval('echo', 'PROFILE_emails'));

}

############################### EDIT PROFILE ###############################

if ($_REQUEST['do'] == 'edit_profile') {

	$db->query("SELECT * from user_def WHERE user_editable");

	while ($result = $db->row_array()) {

		$data = field_def_val(
			$result, 
			$_REQUEST[custom_fields][$result[name]], 
			$_REQUEST[custom_fields]["extra" . $result[name]]
		);

		if ($data === NULL) {
			
			$tmp = unserialize($result[error_message]);
			$error_message = $tmp[$session[language]];

			// form errors;
			$custom_error[] = array('error' => $error_message);

			// for form design
			$custom_errors[] = $result[name];
	
			$stop = 1;
		} else {
			$query[] = " $result[name] = '" . mysql_escape_string($data) . "'";
		}
	}

	$query[] = " timezone = '" . mysql_escape_string($_REQUEST['timezone']) . "'";
	$query[] = " timezone_dst = '" . mysql_escape_string($_REQUEST['timezone_dst']) . "'";
	$query[] = " name = '" . mysql_escape_string($_REQUEST['name']) . "'";

	if ($stop) {
		$redo = 1;
	} else {
		$query = join(', ', $query);
		$db->query("UPDATE user SET $query WHERE id = $user[id]");
		$user = $db->query_return("SELECT * FROM user WHERE id = $user[id]");
	}

	$_REQUEST['do'] = 'view_profile';
}

############################### VIEW PROFILE ###############################

if ($_REQUEST['do'] == "view_profile") {

	// get profile data
	$db->query(
	"SELECT * from user_def
	WHERE user_viewable
	ORDER by displayorder"
	);

	$custom = array();
	while ($result = $db->row_array()) {

		unset($name, $description, $error, $html);

		$tmp = unserialize($result[display_name]);
		$name = $tmp[$session[language]];

		$tmp = unserialize($result[description]);
		$description = $tmp[$session[language]];

		if ($result['user_editable']) {
			if ($stop) {
				$html = field_def($result, 'redo', $_REQUEST[custom_fields][$result[name]], $_REQUEST[custom_fields]["extra" . $result[name]]);
			} else {
				$html = field_def($result, 'edit', $user[$result[name]], NULL, $user[$result[name]]);
			}
		} else {
			$html = field_display($result, $user[$result['name']], 1);
		}

		$tmp = unserialize($result[error_message]);
		$error = $tmp[$session[language]];

		// two arrays, one for loop and one to allow custom form design
		$custom[] = array(
			'name' => $name,
			'description' => $description,
			'html' => $html,
			'error' => iff(@in_array($result[name], $custom_errors), $error, '')

		);

		${$result[name]} = array(
			'name' => $name,
			'description' => $description,
			'html' => $html,
			'error' => iff(@in_array($result[name], $custom_errors), $error, '')
		);
	
	}
	$attach = array();
	$timezone = make_timezone($user['timezone']);
	$timezone_dst = form_checkbox('timezone_dst', NULL, $user['timezone_dst'], NULL, NULL);

	eval(makeeval('header', 'HF_header'));
	eval(makeeval('footer', 'HF_footer'));
	eval(makeeval('echo', 'PROFILE_profile'));

}