Merge branch 'danbarretodev-7072' into 1.9.x

1.9.x
Yannick Warnier 11 years ago
commit d6bbea1301
  1. 35
      main/admin/user_edit.php
  2. 24
      main/auth/profile.php
  3. 175
      main/inc/lib/usermanager.lib.php

@ -64,6 +64,14 @@ function show_image(image,width,height) {
height = parseInt(height) + 20;
window_x = window.open(image,\'windowX\',\'width=\'+ width + \', height=\'+ height + \' , resizable=0\');
}
function confirmation(name) {
if (confirm("'.get_lang('AreYouSureToDelete', '').' " + name + " ?")) {
document.forms["profile"].submit();
} else {
return false;
}
}
//-->
</script>';
@ -311,8 +319,7 @@ $form->setDefaults($user_data);
$error_drh = false;
// Validate form
if ($form->validate()) {
$user = $form->getSubmitValues();
$user = $form->getSubmitValues(1);
$is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']);
if ($user['status'] == DRH && $is_user_subscribed_in_course) {
@ -387,8 +394,28 @@ if ($form->validate()) {
$value = date('Y-m-d',$time);
}
}
UserManager::update_extra_field_value($user_id, substr($key, 6), $value);
}
// For array $value -> if exists key 'tmp_name' then must not be empty
// This avoid delete from user field value table when doesn't upload a file
if (is_array($value)) {
if (array_key_exists('tmp_name', $value) && empty($value['tmp_name'])) {
//Nothing to do
} else {
if (array_key_exists('tmp_name', $value)) {
$value['tmp_name'] = Security::filter_filename($value['tmp_name']);
}
if (array_key_exists('name', $value)) {
$value['name'] = Security::filter_filename($value['name']);
}
UserManager::update_extra_field_value($user_id, substr($key, 6), $value);
}
} else {
UserManager::update_extra_field_value($user_id, substr($key, 6), $value);
}
} elseif (strpos($key,'remove_extra') !== false) {
$extra_value = Security::filter_filename(urldecode(key($value)));
// To remove from user_field_value and folder
UserManager::update_extra_field_value($user_id, substr($key,13), $extra_value);
}
}
$tok = Security::get_token();
header('Location: user_list.php?action=show_message&message='.urlencode(get_lang('UserUpdated')).'&sec_token='.$tok);

@ -416,7 +416,7 @@ if ($form->validate()) {
$wrong_current_password = false;
// $user_data = $form->exportValues();
$user_data = $form->getSubmitValues();
$user_data = $form->getSubmitValues(1);
// set password if a new one was provided
if (!empty($user_data['password0'])) {
@ -565,6 +565,10 @@ if ($form->validate()) {
} else {
$extras[$new_key] = $value;
}
} elseif (strpos($key, 'remove_extra_') !== false) {
$extra_value = Security::filter_filename(urldecode(key($value)));
// To remove from user_field_value and folder
UserManager::update_extra_field_value($user_id, substr($key,13), $extra_value);
} else {
if (in_array($key, $available_values_to_modify)) {
$sql .= " $key = '".Database::escape_string($value)."',";
@ -623,7 +627,23 @@ if ($form->validate()) {
if (is_array($extras) && count($extras)> 0) {
foreach ($extras as $key => $value) {
//3. Tags are process in the UserManager::update_extra_field_value by the UserManager::process_tags function
UserManager::update_extra_field_value(api_get_user_id(), $key, $value);
// For array $value -> if exists key 'tmp_name' then must not be empty
// This avoid delete from user field value table when doesn't upload a file
if (is_array($value)) {
if (array_key_exists('tmp_name', $value) && empty($value['tmp_name'])) {
//Nothing to do
} else {
if (array_key_exists('tmp_name', $value)) {
$value['tmp_name'] = Security::filter_filename($value['tmp_name']);
}
if (array_key_exists('name', $value)) {
$value['name'] = Security::filter_filename($value['name']);
}
UserManager::update_extra_field_value($user_id, substr($key, 6), $value);
}
} else {
UserManager::update_extra_field_value($user_id, substr($key, 6), $value);
}
}
}

@ -1271,6 +1271,51 @@ class UserManager
return $ok ? $filename : false;
}
/**
* Update User extra field file type into {user_folder}/{$extra_field}
* @param $user_id The user internal identification number
* @param string $extra_field The $extra_field The extra field name
* @param null $file The filename
* @param null $source_file The temporal filename
* @return bool|null return filename if success, but false
*/
public static function update_user_extra_file($user_id, $extra_field = '', $file = null, $source_file = null)
{
// Add Filter
$source_file = Security::filter_filename($source_file);
$file = Security::filter_filename($file);
if (empty($user_id)) {
return false;
}
if (empty($source_file)) {
$source_file = $file;
}
// User-reserved directory where extra file have to be placed.
$path_info = self::get_user_picture_path_by_id($user_id, 'system', true);
$path = $path_info['dir'];
if (!empty($extra_field)) {
$path .= $extra_field . '/';
}
// If this directory does not exist - we create it.
if (!file_exists($path)) {
@mkdir($path, api_get_permissions_for_new_directories(), true);
}
if (filter_extension($file)) {
if (@move_uploaded_file($source_file,$path.$file)) {
if ($extra_field) {
return $extra_field.'/'.$file;
} else {
return $file;
}
}
}
return false; // this should be returned if anything went wrong with the upload
}
/**
* Deletes user photos.
* Note: This method relies on configuration setting from main/inc/conf/profile.conf.php
@ -1317,7 +1362,7 @@ class UserManager
foreach ($productions as $file) {
$production_list .= '<li><a href="'.$production_dir.urlencode($file).'" target="_blank">'.htmlentities($file).'</a>';
if ($showdelete) {
$production_list .= '<input type="image" name="remove_production['.urlencode($file).']" src="'.$del_image.'" alt="'.$del_text.'" title="'.$del_text.' '.htmlentities($file).'" onclick="javascript: return confirmation(\''.htmlentities($file).'\');" /></li>';
$production_list .= '<input style="width:16px;" type="image" name="remove_production['.urlencode($file).']" src="'.$del_image.'" alt="'.$del_text.'" title="'.$del_text.' '.htmlentities($file).'" onclick="javascript: return confirmation(\''.htmlentities($file).'\');" /></li>';
}
}
$production_list .= '</ul>';
@ -1447,6 +1492,7 @@ class UserManager
}
$sqluf = "SELECT * FROM $t_uf WHERE field_variable='$fname'";
$resuf = Database::query($sqluf);
$is_extra_file = false;
if (Database::num_rows($resuf) == 1) {
//ok, the field exists
// Check if enumerated field, if the option is available
@ -1482,6 +1528,19 @@ class UserManager
return false; //enumerated type but no option found
}
break;
case self::USER_FIELD_TYPE_FILE:
$is_extra_file = true;
if (isset($fvalue['tmp_name'])) {
// Filter against dangerous filenames
$fvalue['name'] = Security::filter_filename($fvalue['name']);
$fvalue['tmp_name'] = Security::filter_filename($fvalue['tmp_name']);
// Update and recover the filename
$fvalues = UserManager::update_user_extra_file($user_id, $rowuf['field_variable'], $fvalue['name'], $fvalue['tmp_name']);
} else {
// Set empty string to $fvalues to delete it
$fvalues = '';
}
break;
case 1:
case 2:
default:
@ -1511,6 +1570,10 @@ class UserManager
//we need to update the current record
$rowufv = Database::fetch_array($resufv);
if ($rowufv['field_value'] != $fvalues) {
if ($is_extra_file) {
// To remove from user folder
self::remove_user_extra_file($user_id, $fname, $rowufv['field_value']);
}
// If the new field is empty, delete it
if ($fvalues == '') {
$sql_query = "DELETE FROM $t_ufv WHERE id = ".$rowufv['id'].";";
@ -1606,6 +1669,105 @@ class UserManager
return $fields;
}
/**
* Build a list of extra file already uploaded in $user_folder/{$extra_field}/
* @param $user_id
* @param $extra_field
* @param bool $force
* @param bool $showdelete
* @return bool|string
*/
public static function build_user_extra_file_list($user_id, $extra_field, $force = false, $showdelete = false)
{
if (!$force && !empty($_POST['remove_'.$extra_field])) {
return true; // postpone reading from the filesystem
}
$extra_files = self::get_user_extra_files($user_id, $extra_field);
if (empty($extra_files)) {
return false;
}
$path_info = self::get_user_picture_path_by_id($user_id, 'web', true);
$path = $path_info['dir'];
$del_image = api_get_path(WEB_CODE_PATH).'img/delete.gif';
$del_text = get_lang('Delete');
$extra_file_list = '';
if (count($extra_files) > 0) {
$extra_file_list = '<ul id="productions">';
foreach ($extra_files as $file) {
$filename = substr($file,strlen($extra_field)+1);
$extra_file_list .= '<li><a href="'.$path.$extra_field.'/'.urlencode($filename).'" target="_blank">'.htmlentities($filename).'</a>';
if ($showdelete) {
$extra_file_list .= '<input style="width:16px;" type="image" name="remove_extra_' . $extra_field . '['.urlencode($file).']" src="'.$del_image.'" alt="'.$del_text.'" title="'.$del_text.' '.htmlentities($filename).'" onclick="javascript: return confirmation(\''.htmlentities($filename).'\');" /></li>';
}
}
$extra_file_list .= '</ul>';
}
return $extra_file_list;
}
/**
* Get valid filenames in $user_folder/{$extra_field}/
* @param $user_id
* @param $extra_field
* @param bool $full_path
* @return array
*/
public static function get_user_extra_files($user_id, $extra_field, $full_path = false)
{
if (!$full_path) {
// Nothing to do
} else {
$path_info = self::get_user_picture_path_by_id($user_id, 'system', true);
$path = $path_info['dir'];
}
$extra_data = self::get_extra_user_data_by_field($user_id, $extra_field);
$extra_files = $extra_data[$extra_field];
if (is_array($extra_files)) {
var_dump($extra_files); exit;
foreach ($extra_files as $key => $value) {
if (!$full_path) {
// Relative path from user folder
$files[] = $value;
} else {
$files[] = $path.$value;
}
}
} elseif (!empty($extra_files)) {
if (!$full_path) {
// Relative path from user folder
$files[] = $extra_files;
} else {
$files[] = $path.$extra_files;
}
}
return $files; // can be an empty array
}
/**
* Remove an {$extra_file} from the user folder $user_folder/{$extra_field}/
* @param $user_id
* @param $extra_field
* @param $extra_file
* @return bool
*/
public static function remove_user_extra_file($user_id, $extra_field, $extra_file)
{
$extra_file = Security::filter_filename($extra_file);
$path_info = self::get_user_picture_path_by_id($user_id, 'system', true);
if (strpos($extra_file, $extra_field) !== false) {
$path_extra_file = $path_info['dir'].$extra_file;
} else {
$path_extra_file = $path_info['dir'].$extra_field.'/'.$extra_file;
}
if (is_file($path_extra_file)) {
unlink($path_extra_file);
return true;
}
return false;
}
/**
* Get the list of options attached to an extra field
* @param string $fieldname the name of the field
@ -4342,14 +4504,13 @@ EOF;
$form->freeze('extra_'.$field_details[1]);
break;
case self::USER_FIELD_TYPE_FILE:
if (!empty($field_details[3])) {
$uPaths = UserManager::get_user_picture_path_by_id($user_id);
$path = '<a href="'.$uPaths['dir'].$field_details[3]."'>".$field_details[3].'</a>';
$form->addElement('html', 'extra_'.$field_details[1].'_link', $path, null, '');
$extra_field = 'extra_'.$field_details[1];
$form->addElement('file', $extra_field, $field_details[3], null, '');
if ($extra_file_list = UserManager::build_user_extra_file_list($user_id, $field_details[1], '', true)) {
$form->addElement('static', $extra_field . '_list', null, $extra_file_list);
}
$form->addElement('file', 'extra_'.$field_details[1], $field_details[3], null, '');
if ($field_details[7] == 0) {
$form->freeze('extra_'.$field_details[1]);
$form->freeze($extra_field);
}
break;
}

Loading…
Cancel
Save