mod/profiles.php

   1 <?php
   2
   3
   4 function profiles_post(&$a) {
   5
   6         if(! local_user()) {
   7                 notice( "Permission denied." . EOL);
   8                 return;
   9         }
  10         if(($a->argc > 1) && ($a->argv[1] != "new") && intval($a->argv[1])) {
  11                 $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
  12                         intval($a->argv[1]),
  13                         intval($_SESSION['uid'])
  14                 );
  15                 if(! count($r)) {
  16                         $_SESSION['sysmsg'] .= "Profile not found." . EOL;
  17                         return;
  18                 }
  19                 $is_default = (($r[0]['is-default']) ? 1 : 0);
  20
  21                 $profile_name = notags(trim($_POST['profile_name']));
  22                 if(! strlen($profile_name)) {
  23                         $a->$_SESSION['sysmsg'] .= "Profile Name is required." . EOL;
  24                         return;
  25                 }
  26
  27                 $year = intval($_POST['year']);
  28                 if($year < 1900 || $year > 2100 || $year < 0)
  29                         $year = 0;
  30                 $month = intval($_POST['month']);
  31                         if(($month > 12) || ($month < 0))
  32                                 $month = 0;
  33                 $mtab = array(0,31,29,31,30,31,30,31,31,30,31,30,31);
  34                 $day = intval($_POST['day']);
  35                         if(($day > $mtab[$month]) || ($day < 0))
  36                                 $day = 0;
  37                 $dob = '0000-00-00';
  38                 $dob = sprintf('%04d-%02d-%02d',$year,$month,$day);
  39
  40
  41                 $name = notags(trim($_POST['name']));
  42                 $gender = notags(trim($_POST['gender']));
  43                 $address = notags(trim($_POST['address']));
  44                 $locality = notags(trim($_POST['locality']));
  45                 $region = notags(trim($_POST['region']));
  46                 $postal_code = notags(trim($_POST['postal_code']));
  47                 $country_name = notags(trim($_POST['country_name']));
  48                 $marital = notags(trim(implode(', ',$_POST['marital'])));
  49                 $sexual = notags(trim($_POST['sexual']));
  50                 $homepage = notags(trim($_POST['homepage']));
  51                 $politic = notags(trim($_POST['politic']));
  52                 $religion = notags(trim($_POST['religion']));
  53
  54                 $about = escape_tags(trim($_POST['about']));
  55                 $interest = escape_tags(trim($_POST['interest']));
  56                 $contact = escape_tags(trim($_POST['contact']));
  57                 $music = escape_tags(trim($_POST['music']));
  58                 $book = escape_tags(trim($_POST['book']));
  59                 $tv = escape_tags(trim($_POST['tv']));
  60                 $film = escape_tags(trim($_POST['film']));
  61                 $romance = escape_tags(trim($_POST['romance']));
  62                 $work = escape_tags(trim($_POST['work']));
  63                 $education = escape_tags(trim($_POST['education']));
  64                 if(x($_POST,'profile_in_directory'))
  65                         $publish = (($_POST['profile_in_directory'] == 1) ? 1: 0);
  66
  67                 $r = q("UPDATE `profile`
  68                         SET `profile-name` = '%s',
  69                         `name` = '%s',
  70                         `gender` = '%s',
  71                         `dob` = '%s',
  72                         `address` = '%s',
  73                         `locality` = '%s',
  74                         `region` = '%s',
  75                         `postal-code` = '%s',
  76                         `country-name` = '%s',
  77                         `marital` = '%s',
  78                         `sexual` = '%s',
  79                         `homepage` = '%s',
  80                         `politic` = '%s',
  81                         `religion` = '%s',
  82                         `about` = '%s',
  83                         `interest` = '%s',
  84                         `contact` = '%s',
  85                         `music` = '%s',
  86                         `book` = '%s',
  87                         `tv` = '%s',
  88                         `film` = '%s',
  89                         `romance` = '%s',
  90                         `work` = '%s',
  91                         `education` = '%s'
  92                         WHERE `id` = %d AND `uid` = %d LIMIT 1",
  93                         dbesc($profile_name),
  94                         dbesc($name),
  95                         dbesc($gender),
  96                         dbesc($dob),
  97                         dbesc($address),
  98                         dbesc($locality),
  99                         dbesc($region),
 100                         dbesc($postal_code),
 101                         dbesc($country_name),
 102                         dbesc($marital),
 103                         dbesc($sexual),
 104                         dbesc($homepage),
 105                         dbesc($politic),
 106                         dbesc($religion),
 107                         dbesc($about),
 108                         dbesc($interest),
 109                         dbesc($contact),
 110                         dbesc($music),
 111                         dbesc($book),
 112                         dbesc($tv),
 113                         dbesc($film),
 114                         dbesc($romance),
 115                         dbesc($work),
 116                         dbesc($education),
 117                         intval($a->argv[1]),
 118                         intval($_SESSION['uid'])
 119                 );
 120
 121                 if($r)
 122                         $_SESSION['sysmsg'] .= "Profile updated." . EOL;
 123
 124
 125                 if($is_default) {
 126                         $r = q("UPDATE `profile`
 127                         SET `publish` = %d
 128                         WHERE `id` = %d AND `uid` = %d LIMIT 1",
 129                         intval($publish),
 130                         intval($a->argv[1]),
 131                         intval($_SESSION['uid'])
 132
 133                         );
 134                 }
 135
 136
 137         }
 138
 139
 140
 141 }
 142
 143
 144
 145
 146 function profiles_content(&$a) {
 147         if(! local_user()) {
 148                 $_SESSION['sysmsg'] .= "Unauthorised." . EOL;
 149                 return;
 150         }
 151
 152         if(($a->argc > 2) && ($a->argv[1] == "drop") && intval($a->argv[2])) {
 153                 $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is-default` = 0 LIMIT 1",
 154                         intval($a->argv[2]),
 155                         intval($_SESSION['uid'])
 156                 );
 157                 if(! count($r)) {
 158                         $_SESSION['sysmsg'] .= "Profile not found." . EOL;
 159                         goaway($a->get_baseurl() . '/profiles');
 160                         return; // NOTREACHED
 161                 }
 162
 163                 // move every contact using this profile as their default to the user default
 164
 165                 $r = q("UPDATE `contact` SET `profile-id` = (SELECT `profile`.`id` AS `profile-id` FROM `profile` WHERE `profile`.`is-default` = 1 AND `profile`.`uid` = %d LIMIT 1) WHERE `profile-id` = %d AND `uid` = %d ",
 166                         intval($_SESSION['uid']),
 167                         intval($a->argv[2]),
 168                         intval($_SESSION['uid'])
 169                 );
 170                 $r = q("DELETE FROM `profile` WHERE `id` = %d LIMIT 1",
 171                         intval($a->argv[2])
 172                 );
 173                 if($r)
 174                         notice("Profile deleted." . EOL);
 175
 176                 goaway($a->get_baseurl() . '/profiles');
 177                 return; // NOTREACHED
 178         }
 179
 180
 181
 182
 183
 184         if(($a->argc > 1) && ($a->argv[1] == 'new')) {
 185
 186                 $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
 187                         intval($_SESSION['uid']));
 188                 $num_profiles = count($r0);
 189
 190                 $name = "Profile-" . ($num_profiles + 1);
 191
 192                 $r1 = q("SELECT `name`, `photo`, `thumb` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
 193                         intval($_SESSION['uid']));
 194
 195                 $r2 = q("INSERT INTO `profile` (`uid` , `profile-name` , `name`, `photo`, `thumb`)
 196                         VALUES ( %d, '%s', '%s', '%s', '%s' )",
 197                         intval($_SESSION['uid']),
 198                         dbesc($name),
 199                         dbesc($r1[0]['name']),
 200                         dbesc($r1[0]['photo']),
 201                         dbesc($ra[0]['thumb'])
 202                 );
 203
 204                 $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
 205                         intval($_SESSION['uid']),
 206                         dbesc($name)
 207                 );
 208                 $_SESSION['sysmsg'] .= "New profile created." . EOL;
 209                 if(count($r3) == 1)
 210                         goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
 211                 goaway($a->get_baseurl() . '/profiles');
 212         }
 213
 214         if(($a->argc > 2) && ($a->argv[1] == 'clone')) {
 215
 216                 $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
 217                         intval($_SESSION['uid']));
 218                 $num_profiles = count($r0);
 219
 220                 $name = "Profile-" . ($num_profiles + 1);
 221                 $r1 = q("SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d LIMIT 1",
 222                         intval($_SESSION['uid']),
 223                         intval($a->argv[2])
 224                 );
 225                 if(! count($r1)) {
 226                         notice("Profile unavailable to clone." . EOL);
 227                         return;
 228                 }
 229                 unset($r1[0]['id']);
 230                 $r1[0]['is-default'] = 0;
 231                 $r1[0]['publish'] = 0;
 232                 $r1[0]['profile-name'] = dbesc($name);
 233
 234                 dbesc_array($r1[0]);
 235
 236                 $r2 = q("INSERT INTO `profile` (`"
 237                         . implode("`, `", array_keys($r1[0]))
 238                         . "`) VALUES ('"
 239                         . implode("', '", array_values($r1[0]))
 240                         . "')" );
 241
 242                 $r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
 243                         intval($_SESSION['uid']),
 244                         dbesc($name)
 245                 );
 246                 $_SESSION['sysmsg'] .= "New profile created." . EOL;
 247                 if(count($r3) == 1)
 248                         goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
 249         goaway($a->get_baseurl() . '/profiles');
 250         return; // NOTREACHED
 251         }
 252
 253
 254         if(intval($a->argv[1])) {
 255                 $r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
 256                         intval($a->argv[1]),
 257                         intval($_SESSION['uid'])
 258                 );
 259                 if(! count($r)) {
 260                         $_SESSION['sysmsg'] .= "Profile not found." . EOL;
 261                         return;
 262                 }
 263
 264                 require_once('mod/profile.php');
 265                 profile_load($a,$a->user['nickname'],$r[0]['id']);
 266
 267                 require_once('view/profile_selectors.php');
 268
 269                 $tpl = file_get_contents('view/profed_head.tpl');
 270                 $opt_tpl = file_get_contents("view/profile-in-directory.tpl");
 271                 $profile_in_dir = replace_macros($opt_tpl,array(
 272                         '$yes_selected' => (($r[0]['publish']) ? " checked=\"checked\" " : ""),
 273                         '$no_selected' => (($r[0]['publish'] == 0) ? " checked=\"checked\" " : "")
 274                 ));
 275
 276                 $opt_tpl = file_get_contents("view/profile-hide-friends.tpl");
 277                 $hide_friends = replace_macros($opt_tpl,array(
 278                         '$yes_selected' => (($r[0]['hide-friends']) ? " checked=\"checked\" " : ""),
 279                         '$no_selected' => (($r[0]['hide-friends'] == 0) ? " checked=\"checked\" " : "")
 280                 ));
 281
 282
 283                 $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
 284                 $a->page['htmlhead'] .= "<script type=\"text/javascript\" src=\"include/country.js\" ></script>";
 285
 286
 287
 288
 289
 290                 $is_default = (($r[0]['is-default']) ? 1 : 0);
 291                 $tpl = file_get_contents("view/profile_edit.tpl");
 292                 $o .= replace_macros($tpl,array(
 293                         '$disabled' => (($is_default) ? 'onclick="return false;" style="color: #BBBBFF;"' : ''),
 294                         '$baseurl' => $a->get_baseurl(),
 295                         '$profile_id' => $r[0]['id'],
 296                         '$profile_name' => $r[0]['profile-name'],
 297                         '$default' => (($is_default) ? "<p id=\"profile-edit-default-desc\">This is your <strong>public</strong> profile.<br />It <strong>may</strong> be visible to anybody using the internet.</p>" : ""),
 298                         '$name' => $r[0]['name'],
 299                         '$dob' => dob($r[0]['dob']),
 300                         '$hide_friends' => $hide_friends,
 301                         '$address' => $r[0]['address'],
 302                         '$locality' => $r[0]['locality'],
 303                         '$region' => $r[0]['region'],
 304                         '$postal_code' => $r[0]['postal-code'],
 305                         '$country_name' => $r[0]['country-name'],
 306                         '$age' => ((intval($r[0]['dob'])) ? '(Age: '. age($r[0]['dob'],$a->user['timezone'],$a->user['timezone']) . ')' : ''),
 307                         '$gender' => gender_selector($r[0]['gender']),
 308                         '$marital' => marital_selector($r[0]['marital']),
 309                         '$sexual' => sexpref_selector($r[0]['sexual']),
 310                         '$about' => $r[0]['about'],
 311                         '$homepage' => $r[0]['homepage'],
 312                         '$politic' => $r[0]['politic'],
 313                         '$religion' => $r[0]['religion'],
 314                         '$music' => $r[0]['music'],
 315                         '$book' => $r[0]['book'],
 316                         '$tv' => $r[0]['tv'],
 317                         '$film' => $r[0]['film'],
 318                         '$interest' => $r[0]['interest'],
 319                         '$romance' => $r[0]['romance'],
 320                         '$work' => $r[0]['work'],
 321                         '$education' => $r[0]['education'],
 322                         '$contact' => $r[0]['contact'],
 323                         '$profile_in_dir' => (($is_default) ? $profile_in_dir : '')
 324                 ));
 325
 326                 return $o;
 327
 328
 329         }
 330         else {
 331
 332                 $r = q("SELECT * FROM `profile` WHERE `uid` = %d",
 333                         $_SESSION['uid']);
 334                 if(count($r)) {
 335
 336                         $o .= file_get_contents('view/profile_listing_header.tpl');
 337                         $tpl_default = file_get_contents('view/profile_entry_default.tpl');
 338                         $tpl = file_get_contents('view/profile_entry.tpl');
 339
 340                         foreach($r as $rr) {
 341                                 $template = (($rr['is-default']) ? $tpl_default : $tpl);
 342                                 $o .= replace_macros($template, array(
 343                                         '$photo' => $rr['thumb'],
 344                                         '$id' => $rr['id'],
 345                                         '$profile_name' => $rr['profile-name']
 346                                 ));
 347                         }
 348                 }
 349                 return $o;
 350         }
 351
 352 }