本文整理汇总了PHP中htmlspecialchars__recursive函数的典型用法代码示例。如果您正苦于以下问题:PHP htmlspecialchars__recursive函数的具体用法?PHP htmlspecialchars__recursive怎么用?PHP htmlspecialchars__recursive使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了htmlspecialchars__recursive函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: ModifyProfile2
function ModifyProfile2()
{
global $txt, $modSettings;
global $cookiename, $context;
global $sourcedir, $scripturl, $db_prefix;
global $ID_MEMBER, $user_info;
global $context, $newpassemail, $user_profile, $validationCode;
loadLanguage('Profile');
/* Set allowed sub-actions.
The format of $sa_allowed is as follows:
$sa_allowed = array(
'sub-action' => array(permission_array_for_editing_OWN_profile, permission_array_for_editing_ANY_profile, session_validation_method[, require_password]),
...
);
*/
$sa_allowed = array('account' => array(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own'), array('manage_membergroups', 'profile_identity_any'), 'post', true), 'forumProfile' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'theme' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'notification' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'pmprefs' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'deleteAccount' => array(array('profile_remove_any', 'profile_remove_own'), array('profile_remove_any'), 'post', true), 'activateAccount' => array(array(), array('moderate_forum'), 'get'));
// Is the current sub-action allowed?
if (empty($_REQUEST['sa']) || !isset($sa_allowed[$_REQUEST['sa']])) {
fatal_lang_error(453, false);
}
checkSession($sa_allowed[$_REQUEST['sa']][2]);
// Start with no updates and no errors.
$profile_vars = array();
$post_errors = array();
// Normally, don't send an email.
$newpassemail = false;
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = stripslashes__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
$_POST = addslashes__recursive($_POST);
// Search for the member being edited and put the information in $user_profile.
$memberResult = loadMemberData((int) $_REQUEST['userID'], false, 'profile');
if (!is_array($memberResult)) {
fatal_lang_error(453, false);
}
list($memID) = $memberResult;
// Are you modifying your own, or someone else's?
if ($ID_MEMBER == $memID) {
$context['user']['is_owner'] = true;
} else {
$context['user']['is_owner'] = false;
validateSession();
}
// Check profile editing permissions.
isAllowedTo($sa_allowed[$_REQUEST['sa']][$context['user']['is_owner'] ? 0 : 1]);
// If this is yours, check the password.
if ($context['user']['is_owner'] && !empty($sa_allowed[$_REQUEST['sa']][3])) {
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '') {
$post_errors[] = 'no_password';
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])));
// Does the integration want to check passwords?
$good_password = false;
if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) {
if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) {
$good_password = true;
}
}
// Bad password!!!
if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) {
$post_errors[] = 'bad_password';
}
}
// No need for the sub action array.
unset($sa_allowed);
// If the user is an admin - see if they are resetting someones username.
if ($user_info['is_admin'] && isset($_POST['memberName'])) {
// We'll need this...
require_once $sourcedir . '/Subs-Auth.php';
// Do the reset... this will send them an email too.
resetPassword($memID, $_POST['memberName']);
}
// Change the IP address in the database.
if ($context['user']['is_owner']) {
$profile_vars['memberIP'] = "'{$user_info['ip']}'";
}
// Now call the sub-action function...
if (isset($_POST['sa']) && $_POST['sa'] == 'deleteAccount') {
deleteAccount2($profile_vars, $post_errors, $memID);
if (empty($post_errors)) {
redirectexit();
}
} else {
saveProfileChanges($profile_vars, $post_errors, $memID);
}
// There was a problem, let them try to re-enter.
if (!empty($post_errors)) {
// Load the language file so we can give a nice explanation of the errors.
loadLanguage('Errors');
$context['post_errors'] = $post_errors;
$_REQUEST['sa'] = $_POST['sa'];
$_REQUEST['u'] = $memID;
return ModifyProfile($post_errors);
}
//.........这里部分代码省略.........
示例2: getPackageInfo
/**
* Loads a package's information and returns a representative array.
*
* - Expects the file to be a package in packages/.
* - Returns a error string if the package-info is invalid.
* - Otherwise returns a basic array of id, version, filename, and similar information.
* - An Xml_Array is available in 'xml'.
*
* @package Packages
* @param string $gzfilename
*/
function getPackageInfo($gzfilename)
{
$gzfilename = trim($gzfilename);
// Extract package-info.xml from downloaded file. (*/ is used because it could be in any directory.)
if (preg_match('~^https?://~i', $gzfilename) === 1) {
$packageInfo = read_tgz_data(fetch_web_data($gzfilename, '', true), '*/package-info.xml', true);
} else {
// It must be in the package directory then
if (!file_exists(BOARDDIR . '/packages/' . $gzfilename)) {
return 'package_get_error_not_found';
}
// Make sure an package.xml file is available
if (is_file(BOARDDIR . '/packages/' . $gzfilename)) {
$packageInfo = read_tgz_file(BOARDDIR . '/packages/' . $gzfilename, '*/package-info.xml', true);
} elseif (file_exists(BOARDDIR . '/packages/' . $gzfilename . '/package-info.xml')) {
$packageInfo = file_get_contents(BOARDDIR . '/packages/' . $gzfilename . '/package-info.xml');
} else {
return 'package_get_error_missing_xml';
}
}
// Nothing?
if (empty($packageInfo)) {
// Perhaps they are trying to install a theme, lets tell them nicely this is the wrong function
$packageInfo = read_tgz_file(BOARDDIR . '/packages/' . $gzfilename, '*/theme_info.xml', true);
if (!empty($packageInfo)) {
return 'package_get_error_is_theme';
} else {
return 'package_get_error_is_zero';
}
}
// Parse package-info.xml into an Xml_Array.
require_once SUBSDIR . '/XmlArray.class.php';
$packageInfo = new Xml_Array($packageInfo);
// @todo Error message of some sort?
if (!$packageInfo->exists('package-info[0]')) {
return 'package_get_error_packageinfo_corrupt';
}
$packageInfo = $packageInfo->path('package-info[0]');
// Convert packageInfo to an array for use
$package = htmlspecialchars__recursive($packageInfo->to_array());
$package['xml'] = $packageInfo;
$package['filename'] = $gzfilename;
// Set a default type if none was supplied in the package
if (!isset($package['type'])) {
$package['type'] = 'modification';
}
return $package;
}示例3: method_get_participated_topic
function method_get_participated_topic()
{
global $context, $mobdb, $mobsettings, $modSettings, $user_info, $sourcedir;
// Guest?
if ($user_info['is_guest']) {
createErrorResponse(21);
}
// Get the username
$username = base64_decode($context['mob_request']['params'][0][0]);
if (empty($username)) {
createErrorResponse(8);
}
require_once $sourcedir . '/Subs-Auth.php';
######## Added by Sean##############
$username = htmltrim__recursive($username);
$username = stripslashes__recursive($username);
$username = htmlspecialchars__recursive($username);
$username = addslashes__recursive($username);
##################################################################
// Does this user exist?
$members = findMembers($username);
if (empty($members)) {
createErrorResponse(8);
}
$id_member = array_keys($members);
$member = $members[$id_member[0]];
if (empty($member)) {
createErrorResponse(8);
}
// Do we have start num defined?
if (isset($context['mob_request']['params'][1])) {
$start_num = (int) $context['mob_request']['params'][1][0];
}
// Do we have last number defined?
if (isset($context['mob_request']['params'][2])) {
$last_num = (int) $context['mob_request']['params'][2][0];
}
// Perform some start/last num checks
if (isset($start_num) && isset($last_num)) {
if ($start_num > $last_num) {
createErrorResponse(3);
} elseif ($last_num - $start_num > 50) {
$last_num = $start_num + 50;
}
}
// Default number of topics per page
$topics_per_page = 20;
// Generate the limit clause
$limit = '';
if (!isset($start_num) && !isset($last_num)) {
$start_num = 0;
$limit = $topics_per_page;
} elseif (isset($start_num) && !isset($last_num)) {
$limit = $topics_per_page;
} elseif (isset($start_num) && isset($last_num)) {
$limit = $last_num - $start_num + 1;
} elseif (empty($start_num) && empty($last_num)) {
$start_num = 0;
$limit = $topics_per_page;
}
// Get the count
$mobdb->query('
SELECT t.ID_TOPIC
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
WHERE {query_see_board}
AND m.ID_MEMBER = {int:member}
GROUP BY t.ID_TOPIC
ORDER BY t.ID_TOPIC DESC', array('member' => $id_member[0]));
$tids = array();
while ($row = $mobdb->fetch_assoc()) {
$tids[] = $row['ID_TOPIC'];
}
$mobdb->free_result();
$count = count($tids);
if ($limit + $start_num > $count) {
$limit = $count - $start_num;
}
$tids = array_slice($tids, $start_num, $limit);
$topics = array();
if (count($tids)) {
// Grab the topics
$mobdb->query('
SELECT t.ID_TOPIC AS id_topic, t.isSticky AS is_sticky, t.locked, fm.subject AS topic_title, t.numViews AS views, t.numReplies AS replies,
IFNULL(mem.ID_MEMBER, 0) AS id_member, mem.realName, mem.memberName, mem.avatar, IFNULL(a.ID_ATTACH, 0) AS id_attach, a.filename, a.attachmentType AS attachment_type,
IFNULL(lm.posterTime, fm.posterTime) AS last_message_time, ' . ($user_info['is_guest'] ? '0' : 'ln.ID_TOPIC AS is_notify, IFNULL(lt.ID_MSG, IFNULL(lmr.ID_MSG, -1)) + 1') . ' AS new_from,
IFNULL(lm.body, fm.body) AS body, lm.ID_MSG_MODIFIED AS id_msg_modified, b.name AS board_name, b.ID_BOARD AS id_board
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
INNER JOIN {db_prefix}messages AS fm ON (t.ID_FIRST_MSG = fm.ID_MSG)
INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
LEFT JOIN {db_prefix}messages AS lm ON (t.ID_LAST_MSG = lm.ID_MSG)
LEFT JOIN {db_prefix}members AS mem ON (lm.ID_MEMBER = mem.ID_MEMBER)' . ($user_info['is_guest'] ? '' : '
LEFT JOIN {db_prefix}log_topics AS lt ON (lt.ID_TOPIC = t.ID_TOPIC AND lt.ID_MEMBER = {int:current_member})
LEFT JOIN {db_prefix}log_notify AS ln ON ((ln.ID_TOPIC = t.ID_TOPIC OR ln.ID_BOARD = t.ID_BOARD) AND ln.ID_MEMBER = {int:current_member})
LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.ID_BOARD = t.ID_BOARD AND lmr.ID_MEMBER = {int:current_member})') . '
LEFT JOIN {db_prefix}attachments AS a ON (a.ID_MEMBER = mem.ID_MEMBER)
WHERE {query_see_board}
AND m.ID_MEMBER = {int:member} AND t.ID_TOPIC IN ({array_int:topic_ids})
//.........这里部分代码省略.........
示例4: htmlspecialchars__recursive
function htmlspecialchars__recursive($var, $level = 0)
{
global $smcFunc;
if (!is_array($var)) {
return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES);
}
// Add the htmlspecialchars to every element.
foreach ($var as $k => $v) {
$var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1);
}
return $var;
}示例5: action_register2
//.........这里部分代码省略.........
$possible_strings = array_diff($possible_strings, $exclude_fields);
$possible_ints = array_diff($possible_ints, $exclude_fields);
$possible_floats = array_diff($possible_floats, $exclude_fields);
$possible_bools = array_diff($possible_bools, $exclude_fields);
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = Util::htmlspecialchars($_POST[$var], ENT_QUOTES);
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
// Make sure they are clean, dammit!
$regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']);
// Check whether we have fields that simply MUST be displayed?
require_once SUBSDIR . '/Profile.subs.php';
loadCustomFields(0, 'register');
foreach ($context['custom_fields'] as $row) {
// Don't allow overriding of the theme variables.
if (isset($regOptions['theme_vars'][$row['colname']])) {
unset($regOptions['theme_vars'][$row['colname']]);
}
// Prepare the value!
$value = isset($_POST['customfield'][$row['colname']]) ? trim($_POST['customfield'][$row['colname']]) : '';
// We only care for text fields as the others are valid to be empty.
if (!in_array($row['type'], array('check', 'select', 'radio'))) {
// Is it too long?
if ($row['field_length'] && $row['field_length'] < Util::strlen($value)) {
$reg_errors->addError(array('custom_field_too_long', array($row['name'], $row['field_length'])));
}
// Any masks to apply?
if ($row['type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') {
// @todo We never error on this - just ignore it at the moment...
if ($row['mask'] == 'email' && !isValidEmail($value)) {
$reg_errors->addError(array('custom_field_invalid_email', array($row['name'])));
} elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) {
$reg_errors->addError(array('custom_field_not_number', array($row['name'])));
} elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) !== '' && preg_match(substr($row['mask'], 5), $value) === 0) {
$reg_errors->addError(array('custom_field_inproper_format', array($row['name'])));
}
}
}
// Is this required but not there?
if (trim($value) == '' && $row['show_reg'] > 1) {
$reg_errors->addError(array('custom_field_empty', array($row['name'])));
}示例6: SetThemeSettings
function SetThemeSettings()
{
global $txt, $context, $settings, $modSettings, $sourcedir, $smcFunc;
if (empty($_GET['th']) && empty($_GET['id'])) {
return ThemeAdmin();
}
$_GET['th'] = isset($_GET['th']) ? (int) $_GET['th'] : (int) $_GET['id'];
// Select the best fitting tab.
$context[$context['admin_menu_name']]['current_subsection'] = 'list';
loadLanguage('Admin');
isAllowedTo('admin_forum');
// Validate inputs/user.
if (empty($_GET['th'])) {
fatal_lang_error('no_theme', false);
}
// Fetch the smiley sets...
$sets = explode(',', 'none,' . $modSettings['smiley_sets_known']);
$set_names = explode("\n", $txt['smileys_none'] . "\n" . $modSettings['smiley_sets_names']);
$context['smiley_sets'] = array('' => $txt['smileys_no_default']);
foreach ($sets as $i => $set) {
$context['smiley_sets'][$set] = htmlspecialchars($set_names[$i]);
}
$old_id = $settings['theme_id'];
$old_settings = $settings;
loadTheme($_GET['th'], false);
// Sadly we really do need to init the template.
loadSubTemplate('init', 'ignore');
// Also load the actual themes language file - in case of special settings.
loadLanguage('Settings', '', true, true);
// Let the theme take care of the settings.
loadTemplate('Settings');
loadSubTemplate('settings');
// Submitting!
if (isset($_POST['submit'])) {
checkSession();
if (empty($_POST['options'])) {
$_POST['options'] = array();
}
if (empty($_POST['default_options'])) {
$_POST['default_options'] = array();
}
// Make sure items are cast correctly.
foreach ($context['theme_settings'] as $item) {
// Disregard this item if this is just a separator.
if (!is_array($item)) {
continue;
}
foreach (array('options', 'default_options') as $option) {
if (!isset($_POST[$option][$item['id']])) {
continue;
} elseif (empty($item['type'])) {
$_POST[$option][$item['id']] = $_POST[$option][$item['id']] ? 1 : 0;
} elseif ($item['type'] == 'number') {
$_POST[$option][$item['id']] = (int) $_POST[$option][$item['id']];
}
}
}
// Set up the sql query.
$inserts = array();
foreach ($_POST['options'] as $opt => $val) {
$inserts[] = array(0, $_GET['th'], $opt, is_array($val) ? implode(',', $val) : $val);
}
foreach ($_POST['default_options'] as $opt => $val) {
$inserts[] = array(0, 1, $opt, is_array($val) ? implode(',', $val) : $val);
}
// If we're actually inserting something..
if (!empty($inserts)) {
$smcFunc['db_insert']('replace', '{db_prefix}themes', array('id_member' => 'int', 'id_theme' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'id_theme', 'variable'));
}
cache_put_data('theme_settings-' . $_GET['th'], null, 90);
cache_put_data('theme_settings-1', null, 90);
// Invalidate the cache.
updateSettings(array('settings_updated' => time()));
redirectexit('action=admin;area=theme;sa=settings;th=' . $_GET['th'] . ';' . $context['session_var'] . '=' . $context['session_id']);
}
$context['sub_template'] = 'set_settings';
$context['page_title'] = $txt['theme_settings'];
foreach ($settings as $setting => $dummy) {
if (!in_array($setting, array('theme_url', 'theme_dir', 'images_url', 'template_dirs'))) {
$settings[$setting] = htmlspecialchars__recursive($settings[$setting]);
}
}
$context['settings'] = $context['theme_settings'];
$context['theme_settings'] = $settings;
foreach ($context['settings'] as $i => $setting) {
// Separators are dummies, so leave them alone.
if (!is_array($setting)) {
continue;
}
if (!isset($setting['type']) || $setting['type'] == 'bool') {
$context['settings'][$i]['type'] = 'checkbox';
} elseif ($setting['type'] == 'int' || $setting['type'] == 'integer') {
$context['settings'][$i]['type'] = 'number';
} elseif ($setting['type'] == 'string') {
$context['settings'][$i]['type'] = 'text';
}
if (isset($setting['options'])) {
$context['settings'][$i]['type'] = 'list';
}
$context['settings'][$i]['value'] = !isset($settings[$setting['id']]) ? '' : $settings[$setting['id']];
//.........这里部分代码省略.........
示例7: Register2
//.........这里部分代码省略.........
unset($_SESSION['visual_verification_code']);
}
fatal_lang_error('visual_verification_failed', false);
} elseif (isset($_SESSION['visual_errors'])) {
unset($_SESSION['visual_errors']);
}
// Collect all extra registration fields someone might have filled in.
$possible_strings = array('websiteUrl', 'websiteTitle', 'AIM', 'YIM', 'location', 'birthdate', 'timeFormat', 'buddy_list', 'pm_ignore_list', 'smileySet', 'signature', 'personalText', 'avatar', 'lngfile', 'secretQuestion', 'secretAnswer');
$possible_ints = array('pm_email_notify', 'notifyTypes', 'ICQ', 'gender', 'ID_THEME');
$possible_floats = array('timeOffset');
$possible_bools = array('notifyAnnouncements', 'notifyOnce', 'notifySendBody', 'hideEmail', 'showOnline');
if (isset($_POST['secretAnswer']) && $_POST['secretAnswer'] != '') {
$_POST['secretAnswer'] = md5($_POST['secretAnswer']);
}
// Needed for isReservedName() and registerMember().
require_once $sourcedir . '/Subs-Members.php';
// Validation... even if we're not a mall.
if (isset($_POST['realName']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) {
$_POST['realName'] = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['realName']));
if (trim($_POST['realName']) != '' && !isReservedName($_POST['realName']) && $func['strlen']($_POST['realName']) <= 60) {
$possible_strings[] = 'realName';
}
}
if (isset($_POST['MSN']) && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['MSN']) != 0) {
$profile_strings[] = 'MSN';
}
// Handle a string as a birthdate...
if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
} elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
}
// Validate the passed langauge file.
if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
$language_directories = array($settings['default_theme_dir'] . '/languages', $settings['actual_theme_dir'] . '/languages');
if (!empty($settings['base_theme_dir'])) {
$language_directories[] = $settings['base_theme_dir'] . '/languages';
}
$language_directories = array_unique($language_directories);
foreach ($language_directories as $language_dir) {
if (!file_exists($language_dir)) {
continue;
}
$dir = dir($language_dir);
while ($entry = $dir->read()) {
if (preg_match('~^index\\.(.+)\\.php$~', $entry, $matches) && $matches[1] == $_POST['lngfile']) {
// Got it!
$found = true;
$_SESSION['language'] = $_POST['lngfile'];
break 2;
}
}
$dir->close();
}
if (empty($found)) {
unset($_POST['lngfile']);
}
} else {
unset($_POST['lngfile']);
}
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['passwrd1'], 'password_check' => $_POST['passwrd2'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !isset($_POST['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = '\'' . $func['htmlspecialchars']($_POST[$var]) . '\'';
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? htmlspecialchars__recursive($_POST['options']) : array();
$memberID = registerMember($regOptions);
// If COPPA has been selected then things get complicated, setup the template.
if (!empty($modSettings['coppaAge']) && !isset($_POST['skip_coppa'])) {
redirectexit('action=coppa;member=' . $memberID);
} elseif (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => &$txt[97], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . substr($regOptions['register_vars']['passwordSalt'], 1, -1)));
redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}示例8: Post2
//.........这里部分代码省略.........
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
$_POST['poll_expire'] = (int) $_POST['poll_expire'];
$_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
$_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
// Make sure guests are actually allowed to vote generally.
if ($_POST['poll_guest_vote']) {
require_once $sourcedir . '/Subs-Members.php';
$allowedVoteGroups = groupsAllowedTo('poll_vote', $board);
if (!in_array(-1, $allowedVoteGroups['allowed'])) {
$_POST['poll_guest_vote'] = 0;
}
}
// If the user tries to set the poll too far in advance, don't let them.
if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) {
fatal_lang_error('poll_range_error', false);
} elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
}
// Clean up the question and answers.
$_POST['question'] = htmlspecialchars($_POST['question']);
$_POST['question'] = $smcFunc['truncate']($_POST['question'], 255);
$_POST['question'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $_POST['question']);
$_POST['options'] = htmlspecialchars__recursive($_POST['options']);
}
// Check if they are trying to delete any current attachments....
if (isset($_REQUEST['msg'], $_POST['attach_del']) && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments'))) {
$del_temp = array();
foreach ($_POST['attach_del'] as $i => $dummy) {
$del_temp[$i] = (int) $dummy;
}
require_once $sourcedir . '/ManageAttachments.php';
$attachmentQuery = array('attachment_type' => 0, 'id_msg' => (int) $_REQUEST['msg'], 'not_id_attach' => $del_temp);
removeAttachments($attachmentQuery);
}
// ...or attach a new file...
if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments']) && empty($_POST['from_qr'])) {
// Verify they can post them!
if (!$modSettings['postmod_active'] || !allowedTo('post_unapproved_attachments')) {
isAllowedTo('post_attachment');
}
// Make sure we're uploading to the right place.
if (!empty($modSettings['currentAttachmentUploadDir'])) {
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
// The current directory, of course!
$current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
} else {
$current_attach_dir = $modSettings['attachmentUploadDir'];
}
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg'])) {
$request = $smcFunc['db_query']('', '
SELECT COUNT(*), SUM(size)
FROM {db_prefix}attachments示例9: action_index
//.........这里部分代码省略.........
}
// Permissions for good measure.
if (!empty($profile_include_data['permission'])) {
isAllowedTo($profile_include_data['permission'][$context['user']['is_owner'] ? 'own' : 'any']);
}
// Create a token if needed.
if (!empty($profile_include_data['token'])) {
createToken($token_name, $token_type);
$context['token_check'] = $token_name;
}
// Build the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''), 'name' => sprintf($txt['profile_of_username'], $context['member']['name']));
if (!empty($profile_include_data['label'])) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'], 'name' => $profile_include_data['label']);
}
if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'], 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0]);
}
// Set the template for this area... if you still can :P
// and add the profile layer.
$context['sub_template'] = $profile_include_data['function'];
Template_Layers::getInstance()->add('profile');
loadJavascriptFile('profile.js');
// All the subactions that require a user password in order to validate.
$check_password = $context['user']['is_owner'] && !empty($profile_include_data['password']);
$context['require_password'] = $check_password && empty($user_settings['openid_uri']);
// These will get populated soon!
$post_errors = array();
$profile_vars = array();
// Right - are we saving - if so let's save the old data first.
if ($this->_completed_save) {
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
if ($check_password) {
// If we're using OpenID try to revalidate.
if (!empty($user_settings['openid_uri'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$openID = new OpenID();
$openID->revalidate();
} else {
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '') {
$post_errors[] = 'no_password';
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
// Does the integration want to check passwords?
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
// Start up the password checker, we have work to do
require_once SUBSDIR . '/Auth.subs.php';
// Bad password!!!
if (!$good_password && !validateLoginPassword($_POST['oldpasswrd'], $user_info['passwd'], $user_profile[$memID]['member_name'])) {
$post_errors[] = 'bad_password';
}
// Warn other elements not to jump the gun and do custom changes!
if (in_array('bad_password', $post_errors)) {
$context['password_auth_failed'] = true;
}
}
}
// Change the IP address in the database.
if ($context['user']['is_owner']) {
$profile_vars['member_ip'] = $user_info['ip'];
}
// Now call the sub-action function...示例10: action_setthemesettings
//.........这里部分代码省略.........
if (file_exists($settings['theme_dir'] . '/index.template.php')) {
$file_contents = implode("\n", file($settings['theme_dir'] . '/index.template.php'));
if (preg_match('~\'theme_variants\'\\s*=>(.+?\\)),$~sm', $file_contents, $matches)) {
eval('global $settings; $settings[\'theme_variants\'] = ' . $matches[1] . ';');
}
call_integration_hook('integrate_init_theme', array($theme, &$settings));
}
// Submitting!
if (isset($_POST['save'])) {
// Allowed?
checkSession();
validateToken('admin-sts');
if (empty($_POST['options'])) {
$_POST['options'] = array();
}
if (empty($_POST['default_options'])) {
$_POST['default_options'] = array();
}
// Make sure items are cast correctly.
foreach ($context['theme_settings'] as $item) {
// Unwatch this item if this is just a separator.
if (!is_array($item)) {
continue;
}
// Clean them up for the database
foreach (array('options', 'default_options') as $option) {
if (!isset($_POST[$option][$item['id']])) {
continue;
} elseif (empty($item['type'])) {
$_POST[$option][$item['id']] = $_POST[$option][$item['id']] ? 1 : 0;
} elseif ($item['type'] == 'number') {
$_POST[$option][$item['id']] = (int) $_POST[$option][$item['id']];
}
}
}
// Set up the sql query.
$inserts = array();
foreach ($_POST['options'] as $opt => $val) {
$inserts[] = array($theme, 0, $opt, is_array($val) ? implode(',', $val) : $val);
}
foreach ($_POST['default_options'] as $opt => $val) {
$inserts[] = array(1, 0, $opt, is_array($val) ? implode(',', $val) : $val);
}
// If we're actually inserting something..
if (!empty($inserts)) {
updateThemeOptions($inserts);
}
// Clear and Invalidate the cache.
cache_put_data('theme_settings-' . $theme, null, 90);
cache_put_data('theme_settings-1', null, 90);
updateSettings(array('settings_updated' => time()));
redirectexit('action=admin;area=theme;sa=list;th=' . $theme . ';' . $context['session_var'] . '=' . $context['session_id']);
}
$context['sub_template'] = 'set_settings';
$context['page_title'] = $txt['theme_settings'];
foreach ($settings as $setting => $dummy) {
if (!in_array($setting, array('theme_url', 'theme_dir', 'images_url', 'template_dirs'))) {
$settings[$setting] = htmlspecialchars__recursive($settings[$setting]);
}
}
$context['settings'] = $context['theme_settings'];
$context['theme_settings'] = $settings;
foreach ($context['settings'] as $i => $setting) {
// Separators are dummies, so leave them alone.
if (!is_array($setting)) {
continue;
}
// Create the right input fields for the data
if (!isset($setting['type']) || $setting['type'] == 'bool') {
$context['settings'][$i]['type'] = 'checkbox';
} elseif ($setting['type'] == 'int' || $setting['type'] == 'integer') {
$context['settings'][$i]['type'] = 'number';
} elseif ($setting['type'] == 'string') {
$context['settings'][$i]['type'] = 'text';
}
if (isset($setting['options'])) {
$context['settings'][$i]['type'] = 'list';
}
$context['settings'][$i]['value'] = !isset($settings[$setting['id']]) ? '' : $settings[$setting['id']];
}
// Do we support variants?
if (!empty($settings['theme_variants'])) {
$context['theme_variants'] = array();
foreach ($settings['theme_variants'] as $variant) {
// Have any text, old chap?
$context['theme_variants'][$variant] = array('label' => isset($txt['variant_' . $variant]) ? $txt['variant_' . $variant] : $variant, 'thumbnail' => !file_exists($settings['theme_dir'] . '/images/thumbnail.png') || file_exists($settings['theme_dir'] . '/images/thumbnail_' . $variant . '.png') ? $settings['images_url'] . '/thumbnail_' . $variant . '.png' : $settings['images_url'] . '/thumbnail.png');
}
$context['default_variant'] = !empty($settings['default_variant']) && isset($context['theme_variants'][$settings['default_variant']]) ? $settings['default_variant'] : $settings['theme_variants'][0];
}
// Restore the current theme.
loadTheme($old_id, false);
$settings = $old_settings;
// Reinit just incase.
if (function_exists('template_init')) {
$settings += template_init();
}
loadTemplate('ManageThemes');
// We like Kenny better than Token.
createToken('admin-sts');
}示例11: action_post2
//.........这里部分代码省略.........
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
$_POST['poll_expire'] = (int) $_POST['poll_expire'];
$_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
$_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
// Make sure guests are actually allowed to vote generally.
if ($_POST['poll_guest_vote']) {
require_once SUBSDIR . '/Members.subs.php';
$allowedVoteGroups = groupsAllowedTo('poll_vote', $board);
if (!in_array(-1, $allowedVoteGroups['allowed'])) {
$_POST['poll_guest_vote'] = 0;
}
}
// If the user tries to set the poll too far in advance, don't let them.
if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) {
fatal_lang_error('poll_range_error', false);
} elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
}
// Clean up the question and answers.
$_POST['question'] = htmlspecialchars($_POST['question'], ENT_COMPAT, 'UTF-8');
$_POST['question'] = Util::substr($_POST['question'], 0, 255);
$_POST['question'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $_POST['question']);
$_POST['options'] = htmlspecialchars__recursive($_POST['options']);
// Finally, make the poll.
require_once SUBSDIR . '/Poll.subs.php';
$id_poll = createPoll($_POST['question'], $user_info['id'], $_POST['guestname'], $_POST['poll_max_votes'], $_POST['poll_hide'], $_POST['poll_expire'], $_POST['poll_change_vote'], $_POST['poll_guest_vote'], $_POST['options']);
} else {
$id_poll = 0;
}
// ...or attach a new file...
if (empty($ignore_temp) && $context['attachments']['can']['post'] && !empty($_SESSION['temp_attachments']) && empty($_POST['from_qr'])) {
$attachIDs = array();
foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $user_info['id']) === false) {
continue;
}
// If there was an initial error just show that message.
if ($attachID == 'initial_error') {
unset($_SESSION['temp_attachments']);
break;
}
// No errors, then try to create the attachment
if (empty($attachment['errors'])) {
// Load the attachmentOptions array with the data needed to create an attachment
$attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $user_info['id'], 'name' => $attachment['name'], 'tmp_name' => $attachment['tmp_name'], 'size' => isset($attachment['size']) ? $attachment['size'] : 0, 'mime_type' => isset($attachment['type']) ? $attachment['type'] : '', 'id_folder' => isset($attachment['id_folder']) ? $attachment['id_folder'] : 0, 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'), 'errors' => array());
if (createAttachment($attachmentOptions)) {
$attachIDs[] = $attachmentOptions['id'];
if (!empty($attachmentOptions['thumb'])) {
$attachIDs[] = $attachmentOptions['thumb'];
}
}
} else {
@unlink($attachment['tmp_name']);
}
}示例12: makeCustomFieldChanges
function makeCustomFieldChanges($memID, $area, $sanitize = true)
{
global $context, $smcFunc, $user_profile, $user_info, $modSettings;
if ($sanitize && isset($_POST['customfield'])) {
$_POST['customfield'] = htmlspecialchars__recursive($_POST['customfield']);
}
$where = $area == 'register' ? 'show_reg != 0' : 'show_profile = {string:area}';
// Load the fields we are saving too - make sure we save valid data (etc).
$request = $smcFunc['db_query']('', '
SELECT col_name, field_name, field_desc, field_type, field_length, field_options, default_value, show_reg, mask, private
FROM {db_prefix}custom_fields
WHERE ' . $where . '
AND active = {int:is_active}', array('is_active' => 1, 'area' => $area));
$changes = array();
$log_changes = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
/* This means don't save if:
- The user is NOT an admin.
- The data is not freely viewable and editable by users.
- The data is not invisible to users but editable by the owner (or if it is the user is not the owner)
- The area isn't registration, and if it is that the field is not suppossed to be shown there.
*/
if ($row['private'] != 0 && !allowedTo('admin_forum') && ($memID != $user_info['id'] || $row['private'] != 2) && ($area != 'register' || $row['show_reg'] == 0)) {
continue;
}
// Validate the user data.
if ($row['field_type'] == 'check') {
$value = isset($_POST['customfield'][$row['col_name']]) ? 1 : 0;
} elseif ($row['field_type'] == 'select' || $row['field_type'] == 'radio') {
$value = $row['default_value'];
foreach (explode(',', $row['field_options']) as $k => $v) {
if (isset($_POST['customfield'][$row['col_name']]) && $_POST['customfield'][$row['col_name']] == $k) {
$value = $v;
}
}
} else {
$value = isset($_POST['customfield'][$row['col_name']]) ? $_POST['customfield'][$row['col_name']] : '';
if ($row['field_length']) {
$value = $smcFunc['substr']($value, 0, $row['field_length']);
}
// Any masks?
if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') {
//!!! We never error on this - just ignore it at the moment...
if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) {
$value = '';
} elseif ($row['mask'] == 'number') {
$value = (int) $value;
} elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0) {
$value = isset($user_profile[$memID]['options'][$row['col_name']]) ? $user_profile[$memID]['options'][$row['col_name']] : '';
}
// xxx changed this to above: $value = '';
}
// xxx if we are editing our minecraft name, make sure there are no duplicates
if ($area != 'register' && ($row['col_name'] == "cust_minecra" || $row['col_name'] == "cust_rscnam") && $value != '' && (!isset($user_profile[$memID]['options'][$row['col_name']]) || $user_profile[$memID]['options'][$row['col_name']] != $value)) {
$what_name = $row['col_name'] == "cust_minecra" ? 'Minecraft' : 'RSC';
$forum_group_banned = 86;
foreach (explode(',', $user_profile[$memID]['additional_groups']) as $group) {
if ($group == $forum_group_banned) {
die("This {$what_name} account has been banned, contact staff for clarification.");
}
}
$already_taken_memID = -1;
$already_taken_memName = 'This user';
// first check the custom names
$mc_request = $smcFunc['db_query']('', '
SELECT `id_member`
FROM `{db_prefix}themes`
WHERE `variable` = {string:col_name}
AND `value` = {string:value}
AND id_member != {int:id_member}', array('col_name' => $row['col_name'], 'value' => strtolower($value), 'id_member' => $memID));
if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) {
$already_taken_memID = $mc_row['id_member'];
}
$smcFunc['db_free_result']($mc_request);
// if custom name is not taken, compare it to account names, or just grab name
$mc_request = $smcFunc['db_query']('', '
SELECT `id_member`, `real_name`
FROM `{db_prefix}members`
WHERE id_member = {int:already_taken_memID} OR
(
(
`real_name` = {string:value}
OR `member_name` = {string:value}
)
AND id_member != {int:id_member}
)', array('already_taken_memID' => $already_taken_memID, 'value' => strtolower($value), 'id_member' => $memID));
if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) {
$already_taken_memID = $mc_row['id_member'];
$already_taken_memName = $mc_row['real_name'];
}
$smcFunc['db_free_result']($mc_request);
if ($already_taken_memID != -1) {
// then someone already is using this name
global $boardurl;
die('<html>Error: <a href="' . $boardurl . '/index.php?action=profile;u=' . $already_taken_memID . "\">{$already_taken_memName}</a> has already registered this {$what_name} name!</html>");
}
//echo "success!"; exit;
}
if ($area != 'register' && $row['col_name'] == "cust_moparcr" && $value != '' && strlen($value) != 40 && (!isset($user_profile[$memID]['options'][$row['col_name']]) || $user_profile[$memID]['options'][$row['col_name']] != $value)) {
//print_r($user_info);echo("--------------------------------------------------------------\n");print_r($user_profile);exit;
//.........这里部分代码省略.........
示例13: action_settings
/**
* Allows to edit Personal Message Settings.
*
* @uses ProfileOptions controller. (@todo refactor this.)
* @uses Profile template.
* @uses Profile language file.
*/
public function action_settings()
{
global $txt, $user_info, $context, $scripturl, $profile_vars, $cur_profile, $user_profile;
require_once SUBSDIR . '/Profile.subs.php';
// Load the member data for editing
loadMemberData($user_info['id'], false, 'profile');
$cur_profile = $user_profile[$user_info['id']];
// Load up the profile template, its where PM settings are located
loadLanguage('Profile');
loadTemplate('Profile');
// We want them to submit back to here.
$context['profile_custom_submit_url'] = $scripturl . '?action=pm;sa=settings;save';
$context['page_title'] = $txt['pm_settings'];
$context['user']['is_owner'] = true;
$context['id_member'] = $user_info['id'];
$context['require_password'] = false;
$context['menu_item_selected'] = 'settings';
$context['submit_button_text'] = $txt['pm_settings'];
// Add our position to the linktree.
$context['linktree'][] = array('url' => $scripturl . '?action=pm;sa=settings', 'name' => $txt['pm_settings']);
// Are they saving?
if (isset($_REQUEST['save'])) {
checkSession('post');
// Mimic what profile would do.
$_POST = htmltrim__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
// Save the fields.
saveProfileFields();
if (!empty($profile_vars)) {
updateMemberData($user_info['id'], $profile_vars);
}
// Invalidate any cached data and reload so we show the saved values
cache_put_data('member_data-profile-' . $user_info['id'], null, 0);
loadMemberData($user_info['id'], false, 'profile');
$cur_profile = $user_profile[$user_info['id']];
}
// Load up the fields.
require_once CONTROLLERDIR . '/ProfileOptions.controller.php';
$controller = new ProfileOptions_Controller();
$controller->action_pmprefs();
}示例14: ModifyProfile
//.........这里部分代码省略.........
if (!isset($profile_include_data['function']) || !function_exists($profile_include_data['function'])) {
destroyMenu();
fatal_lang_error('no_access', false);
}
// Build the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''), 'name' => sprintf($txt['profile_of_username'], $context['member']['name']));
if (!empty($profile_include_data['label'])) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'], 'name' => $profile_include_data['label']);
}
if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'], 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0]);
}
// Set the template for this area and add the profile layer.
$context['sub_template'] = $profile_include_data['function'];
$context['template_layers'][] = 'profile';
// All the subactions that require a user password in order to validate.
$check_password = $context['user']['is_owner'] && in_array($profile_include_data['current_area'], $context['password_areas']);
$context['require_password'] = $check_password && empty($user_settings['openid_uri']);
// If we're in wireless then we have a cut down template...
if (WIRELESS && $context['sub_template'] == 'summary' && WIRELESS_PROTOCOL != 'wap') {
$context['sub_template'] = WIRELESS_PROTOCOL . '_profile';
}
// These will get populated soon!
$post_errors = array();
$profile_vars = array();
// Right - are we saving - if so let's save the old data first.
if ($context['completed_save']) {
// If it's someone elses profile then validate the session.
if (!$context['user']['is_owner']) {
validateSession();
}
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
if ($check_password) {
// If we're using OpenID try to revalidate.
if (!empty($user_settings['openid_uri'])) {
require_once $sourcedir . '/Subs-OpenID.php';
smf_openID_revalidate();
} else {
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '') {
$post_errors[] = 'no_password';
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
// Does the integration want to check passwords?
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
// Bad password!!!
if (!$good_password && $user_info['passwd'] != sha1(strtolower($cur_profile['member_name']) . $_POST['oldpasswrd'])) {
$post_errors[] = 'bad_password';
}
// Warn other elements not to jump the gun and do custom changes!
if (in_array('bad_password', $post_errors)) {
$context['password_auth_failed'] = true;
}
}
}
// Change the IP address in the database.
if ($context['user']['is_owner']) {
$profile_vars['member_ip'] = $user_info['ip'];
}
// Now call the sub-action function...
if ($current_area == 'activateaccount') {
if (empty($post_errors)) {
activateAccount($memID);示例15: Register2
//.........这里部分代码省略.........
$possible_strings = array_diff($possible_strings, $exclude_fields);
$possible_ints = array_diff($possible_ints, $exclude_fields);
$possible_floats = array_diff($possible_floats, $exclude_fields);
$possible_bools = array_diff($possible_bools, $exclude_fields);
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = $smcFunc['htmlspecialchars']($_POST[$var], ENT_QUOTES);
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
// Make sure they are clean, dammit!
$regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']);
// If Quick Reply hasn't been set then set it to be shown but collapsed.
if (!isset($regOptions['theme_vars']['display_quick_reply'])) {
$regOptions['theme_vars']['display_quick_reply'] = 1;
}
// Check whether we have fields that simply MUST be displayed?
$request = $smcFunc['db_query']('', '
SELECT col_name, field_name, field_type, field_length, mask, show_reg
FROM {db_prefix}custom_fields
WHERE active = {int:is_active}', array('is_active' => 1));
$custom_field_errors = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// Don't allow overriding of the theme variables.
if (isset($regOptions['theme_vars'][$row['col_name']])) {
unset($regOptions['theme_vars'][$row['col_name']]);
}
// Not actually showing it then?
if (!$row['show_reg']) {
continue;
}
// Prepare the value!
$value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : '';
// We only care for text fields as the others are valid to be empty.
if (!in_array($row['field_type'], array('check', 'select', 'radio'))) {
// Is it too long?
if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value)) {
$custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
}
// Any masks to apply?
if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') {
//!!! We never error on this - just ignore it at the moment...
if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) {
$custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));