profile.class.php

Revision 1582, 39.8 kB (checked in by misja, 7 months ago)
Misja Hoebe <misja@curverider.co.uk> Fixes #342, Profile edit page displays empty categories, thanks kevin
Property svn:eol-style set to `native`

Line
1	<?php
2	/*
3	Penny note: none of the queries in this file
4	that are get_something_sql or
5	get_something_select can be converted to use
6	prepared statements because they all have $where
7	that has come from some function somewhere...
8	*/
9
10	Class ElggProfile {
11
12	function ElggProfile ($profile_id) {
13
14	global $data;
15	global $page_owner;
16	global $PAGE;
17
18	// ELGG profile system initialisation
19	// ID of profile to view / edit
20
21	if (!empty($profile_id)) {
22	$this->id = $profile_id;
23	} else {
24	$this->id = -1;
25	}
26
27	$page_owner = $profile_id;
28
29	// Profile initialisation
30	// very strange init sequence from the old main() call follows
31	$this->editfield_defaults();
32	// $this->actions(); // not from here --
33	// $this->upload_foaf();
34
35	}
36
37	function edit_link () {
38
39
40	global $page_owner;
41	global $data;
42	global $CFG;
43
44	$run_result = '';
45
46	if (run("permissions:check", "profile")) {
47
48	$editMsg = __gettext("Click here to edit this profile.");
49
50	$run_result .= <<<END
51
52	<p>
53	<a href="{$CFG->wwwroot}profile/edit.php?profile_id=$page_owner">$editMsg</a>
54	</p>
55	END;
56
57	$run_result .= run("profile:edit:link");
58
59	}
60	return $run_result;
61	}
62
63	function display_name () {
64
65	global $name_cache;
66	global $data;
67
68	if (!isset($name_cache[$this->id]) \|\| (time() - $name_cache[$this->id]->created > 60)) {
69
70	$name_cache[$this->id]->created = time();
71	$name_cache[$this->id]->data = htmlspecialchars(user_info('name',$this->id), ENT_COMPAT, 'utf-8');
72
73	}
74	$run_result = $name_cache[$this->id]->data;
75	return $run_result;
76	}
77
78	function display_form () {
79
80	global $page_owner;
81	global $data;
82	global $CFG;
83
84	$run_result = '';
85
86	$body = "<p>\n" . __gettext(" This screen allows you to edit your profile. Blank fields will not show up on your profile screen in any view; you can change the access level for each piece of information in order to prevent it from falling into the wrong hands. For example, we strongly recommend you keep your address to yourself or a few trusted parties.") . "</p>\n";
87
88	if (run("permissions:check", "profile")) {
89
90	$profile_username = user_info('username', $page_owner);
91
92	$body .= "<form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
93	$body .= "<div class=\"tabber\">";
94
95	// Cycle through all defined profile detail fields and display them
96
97	$profilecat = array( );
98
99	if (!empty($data['profile:details']) && sizeof($data['profile:details']) > 0) {
100
101	foreach($data['profile:details'] as $field) {
102
103	if (is_array($field)) {
104	$flabel = !empty($field[0]) ? $field[0] : '';
105	$fname = !empty($field[1]) ? $field[1] : '';
106	$ftype = !empty($field[2]) ? $field[2] : '';
107	$fblurb = !empty($field[3]) ? $field[3] : '';
108	$fusertype = !empty($field[4]) ? $field[4] : '';
109	$finvisible = false;
110	$frequired = false;
111	$fcat = __gettext("Main");
112	// Otherwise map things the new way!
113	} else {
114	$flabel = $field->name;
115	$fname = $field->internal_name;
116	$ftype = $field->field_type;
117	$fblurb = $field->description;
118	$fusertype = $field->user_type;
119	$finvisible = $field->invisible;
120	$frequired = $field->required;
121	if (!empty($field->category)) {
122	$fcat = $field->category;
123	} else {
124	$fcat = __gettext("Main");
125	}
126	}
127
128	if (!isset($profilecat[$fcat])) {
129	$profilecat[$fcat] = '';
130	}
131	$profilecat[$fcat] .= $this->editfield_display($field);
132	}
133	if (sizeof($profilecat) > 0) {
134	foreach($profilecat as $cat => $html) {
135
136	if ($html) {
137	$body .= "<div class=\"tabbertab\" title=\"$cat\">";
138	$body .= $html;
139	$body .= "</div>";
140	}
141	}
142	}
143	}
144
145	$submitMsg = __gettext("Submit details:");
146	$saveProfile = __gettext("Save your profile");
147	$body .= <<< END
148
149	</div>
150
151	<p align="center">
152	<label>
153	$submitMsg
154	<input type="submit" name="submit" value="$saveProfile" />
155	</label>
156	<input type="hidden" name="action" value="profile:edit" />
157	<input type="hidden" name="profile_id" value="$page_owner" />
158	</p>
159
160	</form>
161	END;
162
163	$body .= "<p> </p><form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
164	$body .= "<p>" . __gettext("You can import some profile data by uploading a FOAF file here:") . "</p>";
165	$body .=templates_draw(array(
166	'context' => 'databox',
167	'name' => __gettext("Upload a FOAF file:"),
168	'column1' => "<input name=\"foaf_file\" id=\"foaf_file\" type=\"file\" />",
169	'column2' => "<input type=\"submit\" value=\"".__gettext("Upload") . "\" />"
170	)
171	);
172	$body .= <<<END
173
174	<input type="hidden" name="action" value="profile:foaf:upload" />
175	<input type="hidden" name="profile_id" value="$page_owner" />
176	</form>
177
178	END;
179
180	$run_result .= $body;
181
182	}
183	return $run_result;
184	}
185
186	function editfield_defaults () {
187
188	global $CFG;
189	include($CFG->profilelocation . "profile.config.php");
190	return $run_result;
191	}
192
193	// the field parameter seems to be an array of unknown structure...
194	function editfield_display ($field) {
195
196	global $page_owner;
197	static $usertype;
198
199	if (!isset($usertype)) {
200	$usertype = user_type($page_owner);
201	}
202
203	// copy array element with default to ''
204
205	// If we're dealing with the old-style profile fields
206	if (is_array($field)) {
207	$flabel = !empty($field[0]) ? $field[0] : '';
208	$fname = !empty($field[1]) ? $field[1] : '';
209	$ftype = !empty($field[2]) ? $field[2] : '';
210	$fblurb = !empty($field[3]) ? $field[3] : '';
211	$fusertype = !empty($field[4]) ? $field[4] : '';
212	$finvisible = false;
213	$frequired = false;
214	// Otherwise map things the new way!
215	} else {
216	$flabel = $field->name;
217	$fname = $field->internal_name;
218	$ftype = $field->field_type;
219	$fblurb = $field->description;
220	$fusertype = $field->user_type;
221	$finvisible = $field->invisible;
222	$frequired = $field->required;
223	}
224
225	if (!empty($fusertype) && $fusertype != $usertype) {
226	return '';
227	}
228
229	global $page_owner;
230	global $data;
231	global $CFG;
232
233	$run_result = '';
234
235	if (empty($flabel) && empty($fname)) {
236	return '';
237	}
238
239	if (!isset($data['profile:preload'][$fname])) {
240	if (!$value = get_record('profile_data','name',$fname,'owner',$page_owner)) {
241	$value = "";
242	$value->value = "";
243	if(isset($field->default_access)) { // default access can be set on a per profile field basis
244	$value->access = $field->default_access;
245	} else {
246	$value->access = $CFG->default_access;
247	}
248	}
249	} else {
250	$value = "";
251	$value->value = $data['profile:preload'][$fname];
252	if (!isset($data['profile:preload:access'][$fname])) {
253	if(isset($field->default_access)) {
254	$value->access = $field->default_access;
255	} else {
256	$value->access = $CFG->default_access;
257	}
258	} else {
259	$value->access = $data['profile:preload:access'][$fname];
260	}
261
262	}
263	if ($finvisible) {
264	$value->access = "PRIVATE";
265	}
266
267	$name = "<label for=\"$fname\"><b>{$flabel}</b>";
268	if (!empty($fblurb)) {
269	$name .= "<br /><i>" . $fblurb . "</i>";
270	}
271	$name .= '</label>';
272
273	if (empty($ftype)) {
274	$ftype = "text";
275	}
276
277	$column1 = display_input_field(array("profiledetails[" . $fname . "]",$value->value,$ftype,$fname,@$value->ident,$page_owner));
278	if(!$finvisible) {
279	$column2 = "<label>". __gettext("Access Restriction:") ."<br />";
280	$column2 .= run("display:access_level_select",array("profileaccess[".$fname . "]",$value->access)) . "</label>";
281	} else {
282	$column2 = __gettext("Invisible field");
283	}
284
285	$run_result .=templates_draw(array(
286	'context' => 'databox',
287	'name' => $name,
288	'column1' => $column1,
289	'column2' => $column2
290	)
291	);
292
293	return $run_result;
294
295	}
296
297	function field_display ($field, $allvalues) {
298
299	global $data;
300
301	$run_result = '';
302
303	// If we're dealing with the old-style profile fields
304	if (is_array($field)) {
305	$flabel = !empty($field[0]) ? $field[0] : '';
306	$fname = !empty($field[1]) ? $field[1] : '';
307	$ftype = !empty($field[2]) ? $field[2] : '';
308	$fblurb = !empty($field[3]) ? $field[3] : '';
309	$fusertype = !empty($field[4]) ? $field[4] : '';
310	// Otherwise map things the new way!
311	} else {
312	$flabel = $field->name;
313	$fname = $field->internal_name;
314	$ftype = $field->field_type;
315	$fblurb = $field->description;
316	$fusertype = $field->user_type;
317	$finvisible = $field->invisible;
318	$frequired = $field->required;
319	}
320
321	//if (sizeof($field) >= 2) {
322
323	// $value = get_record('profile_data','name',$field[1],'owner',$this->id);
324	if (is_array($allvalues) && !empty($allvalues)) {
325	foreach($allvalues as $curvalue) {
326	if ($curvalue->name == stripslashes($fname)) {
327	$value = $curvalue;
328	break; // found it, done!
329	}
330	}
331	}
332
333	if (!isset($value)) {
334	return '';
335	}
336
337	if ((($value->value != "" && $value->value != "blank" && !$finvisible))
338	&& run("users:access_level_check", $value->access)) {
339	$name = $flabel;
340	$column1 = display_output_field(array($value->value,$ftype,$fname,$flabel,$value->ident));
341	$run_result .=templates_draw(array(
342	'context' => 'databox1',
343	'name' => $name,
344	'column1' => $column1
345	)
346	);
347	}
348	// }
349	return $run_result;
350	}
351
352	function search ($tagtype, $tagvalue) {
353
354	global $data, $CFG, $db;
355
356	$handle = 0;
357	$run_result = '';
358
359	foreach($data['profile:details'] as $profiletype) {
360	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
361	$handle = 1;
362	}
363	}
364
365	if ($handle) {
366
367	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
368	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
369	$searchline = str_replace("owner","t.owner",$searchline);
370	$tagvalue = stripslashes($tagvalue);
371	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
372	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
373	WHERE '.$searchline)) {
374	$profilesMsg = __gettext("Profiles where");
375	$body = <<< END
376
377	<h2>
378	$profilesMsg
379	END;
380	$body .= "'".__gettext($tagtype)."' = '".$tagvalue."':";
381	$body .= <<< END
382	</h2>
383	END;
384	$body .= <<< END
385	<table class="userlist">
386	<tr>
387	END;
388	$i = 1;
389	foreach($result as $key => $info) {
390	$width = 50;
391	if (sizeof($tagvalue) > 4) {
392	$width = 25;
393	}
394	$friends_username = $info->username;
395	$friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8');
396	$friends_menu = run("users:infobox:menu",array($info->ident));
397	$body .= <<< END
398	<td align="center">
399	<p>
400	<a href="{$CFG->wwwroot}{$friends_username}/">
401	<img src="{$CFG->wwwroot}_icon/user/{$info->icon}/w/{$width}" alt="{$friends_name}" border="0" /></a><br />
402	<span class="userdetails">
403	{$friends_name}
404	{$friends_menu}
405	</span>
406	</p>
407	</td>
408	END;
409	if ($i % 5 == 0) {
410	$body .= "</tr><tr>";
411	}
412	$i++;
413	}
414	$body .= <<< END
415	</tr>
416	</table>
417	END;
418	$run_result .= $body;
419	}
420	}
421	return $run_result;
422	}
423
424	function search_all_tagtypes () {
425
426	global $data;
427
428	foreach($data['profile:details'] as $profiletype) {
429	if ($profiletype[2] == "keywords") {
430	$data['search:tagtypes'][] = $profiletype[1];
431	}
432	}
433	return true;
434	}
435
436	function search_all_tagtypes_rss () {
437
438	global $data;
439
440	foreach($data['profile:details'] as $profiletype) {
441	if ($profiletype[2] == "keywords") {
442	$data['search:tagtypes:rss'][] = $profiletype[1];
443	}
444	}
445	return true;
446	}
447
448	function search_ecl ($tagtype, $tagvalue) {
449
450	global $data, $CFG, $db;
451
452	$handle = 0;
453	$run_result = '';
454
455	foreach($data['profile:details'] as $profiletype) {
456	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
457	$handle = 1;
458	}
459	}
460
461	if ($handle) {
462
463	$sub_result = "";
464
465	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
466	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
467	$searchline = str_replace("owner", "t.owner", $searchline);
468	$tagvalue = stri