profile.class.php

Revision 458, 41.6 kB (checked in by sven, 2 years ago)
simplify user human name escaping, fiddling with post/comment escaping

Line
1	<?php
2	/*
3	Penny note: none of the queries in this file
4	that are get_something_sql or
5	get_something_select can be converted to use
6	prepared statements because they all have $where
7	that has come from some function somewhere...
8	*/
9
10	Class ElggProfile {
11
12	function ElggProfile ($profile_id) {
13
14	global $data;
15	global $page_owner;
16	global $PAGE;
17
18	// ELGG profile system initialisation
19	// ID of profile to view / edit
20
21	if (!empty($profile_id)) {
22	$this->id = $profile_id;
23	} else {
24	$this->id = -1;
25	}
26
27	$page_owner = $profile_id;
28
29	// Profile initialisation
30	// very strange init sequence from the old main() call follows
31	$this->editfield_defaults();
32	// $this->actions(); // not from here --
33	// $this->upload_foaf();
34
35	}
36
37	function edit_link () {
38
39
40	global $page_owner;
41	global $data;
42	global $CFG;
43
44	$run_result = '';
45
46	if (run("permissions:check", "profile")) {
47
48	$editMsg = gettext("Click here to edit this profile.");
49
50	$run_result .= <<<END
51
52	<p>
53	<a href="{$CFG->wwwroot}profile/edit.php?profile_id=$page_owner">$editMsg</a>
54	</p>
55	END;
56
57	$run_result .= run("profile:edit:link");
58
59	}
60	return $run_result;
61	}
62
63	function display_name () {
64
65	global $name_cache;
66	global $data;
67
68	if (!isset($name_cache[$this->id]) \|\| (time() - $name_cache[$this->id]->created > 60)) {
69
70	$name_cache[$this->id]->created = time();
71	$name_cache[$this->id]->data = htmlspecialchars(get_field('users','name','ident',$this->id), ENT_COMPAT, 'utf-8');
72
73	}
74	$run_result = $name_cache[$this->id]->data;
75	return $run_result;
76	}
77
78	function display_form () {
79
80	global $page_owner;
81
82	global $data;
83
84	$run_result = '';
85
86	$body = "<p>\n" . gettext(" This screen allows you to edit your profile. Blank fields will not show up on your profile screen in any view; you can change the access level for each piece of information in order to prevent it from falling into the wrong hands. For example, we strongly recommend you keep your address to yourself or a few trusted parties.") . "</p>\n";
87
88	if (run("permissions:check", "profile")) {
89
90	$profile_username = run("users:id_to_name",$page_owner);
91
92
93
94	$body .= "<form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
95	$body .= "<p>" . gettext("You can import some profile data by uploading a FOAF file here:") . "</p>";
96	$body .=templates_draw(array(
97	'context' => 'databox',
98	'name' => gettext("Upload a FOAF file:"),
99	'column1' => "<input name=\"foaf_file\" id=\"foaf_file\" type=\"file\" />",
100	'column2' => "<input type=\"submit\" value=\"".gettext("Upload") . "\" />"
101	)
102	);
103	$body .= <<<END
104
105	<input type="hidden" name="action" value="profile:foaf:upload" />
106	<input type="hidden" name="profile_id" value="$page_owner" />
107	</form>
108
109	END;
110	$body .= "<p>" .gettext("Or you can fill in your profile directly below:") . "</p>";
111	$body .= "<form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\">";
112
113	// Cycle through all defined profile detail fields and display them
114
115	if (!empty($data['profile:details']) && sizeof($data['profile:details']) > 0) {
116
117	foreach($data['profile:details'] as $field) {
118	$body .= $this->editfield_display($field);
119	}
120
121	}
122
123	$submitMsg = gettext("Submit details:");
124	$saveProfile = gettext("Save your profile");
125	$body .= <<< END
126
127	<p align="center">
128	<label>
129	$submitMsg
130	<input type="submit" name="submit" value="$saveProfile" />
131	</label>
132	<input type="hidden" name="action" value="profile:edit" />
133	<input type="hidden" name="profile_id" value="$page_owner" />
134	</p>
135
136	</form>
137	END;
138
139	$run_result .= $body;
140
141	}
142	return $run_result;
143	}
144
145	function editfield_defaults () {
146
147	global $data;
148	$run_result = '';
149	// Initial profile data
150
151	/* Profile info is of the format:
152
153	$data['profile:details'][] = array(
154	Description,
155	Short / unique internal name,
156	Type of field,
157	User instructions for entering data
158	)
159	e.g.
160	$data['profile:details'][] = array(gettext("Interests"),"interests","keywords",gettext("Separated with commas."));
161
162	Additions to this data structure will input/output a corresponding FOAF field
163
164	$data['foaf:profile'][] = array(
165	Short / unique internal name,
166	Corresponding FOAF schema field
167	"collated" or "individual" - whether multiple data elements (eg interests)
168	should be in separate tags ("individual") or
169	in the same tag separated by commas
170	(collated = default)
171	"resource" or "enclosed" - whether the data is an rdf:resource="" attribute
172	or enclosed within the tag
173	(resource = default)
174	)
175	e.g.
176	$data['foaf:profile'][] = array("interests","foaf:interest");
177
178	Also present is $data['vcard:profile:adr'][] for VCard ADR elements within the FOAF file
179	e.g.
180	$data['vcard:profile:adr'][] = array("streetaddress","vCard:Street","collated");
181	*/
182
183	$data['profile:details'][] = array(gettext("Who am I?"),"biography","longtext",gettext("A short introduction for you."));
184	$data['foaf:profile'][] = array("biography","bio:olb","collated","enclosed");
185
186	$data['profile:details'][] = array(gettext("Brief description"),"minibio","text",gettext("For use in your sidebar profile."));
187
188	// $data['profile:details'][] = array(gettext("Postal address"),"postaladdress","mediumtext");
189	$data['profile:details'][] = array(gettext("Street address"),"streetaddress","text");
190	$data['vcard:profile:adr'][] = array("streetaddress","vCard:Street","collated","enclosed");
191
192	$data['profile:details'][] = array(gettext("Town"),"town","keywords");
193	$data['vcard:profile:adr'][] = array("town","vCard:Locality","collated","enclosed");
194
195	$data['profile:details'][] = array(gettext("State / Region"),"state","keywords");
196	$data['vcard:profile:adr'][] = array("state","vCard:Region","collated","enclosed");
197
198	$data['profile:details'][] = array(gettext("Postal code"),"postcode","text");
199	$data['vcard:profile:adr'][] = array("postcode","vCard:Pcode","collated","enclosed");
200
201	$data['profile:details'][] = array(gettext("Country"),"country","keywords");
202	$data['vcard:profile:adr'][] = array("country","vCard:Country","collated","enclosed");
203
204	$data['profile:details'][] = array(gettext("Email address"),"emailaddress","email");
205
206	$data['profile:details'][] = array(gettext("Work telephone"),"workphone","text");
207	$data['foaf:profile'][] = array("workphone","foaf:phone","individual","resource");
208
209	$data['profile:details'][] = array(gettext("Home telephone"),"homephone","text");
210	$data['foaf:profile'][] = array("homephone","foaf:phone","individual","resource");
211
212	$data['profile:details'][] = array(gettext("Mobile telephone"),"mobphone","text");
213	$data['foaf:profile'][] = array("mobphone","foaf:phone","individual","resource");
214
215	$data['profile:details'][] = array(gettext("Official website address"),"workweb","web",gettext("The URL to your official website, if you have one."));
216	$data['foaf:profile'][] = array("workweb","foaf:workplaceHomepage","individual","resource");
217
218	$data['profile:details'][] = array(gettext("Personal website address"),"personalweb","web",gettext("The URL to your personal website, if you have one."));
219	$data['foaf:profile'][] = array("personalweb","foaf:homepage","individual","resource");
220
221	$data['profile:details'][] = array(gettext("ICQ number"),"icq","icq");
222	$data['foaf:profile'][] = array("icq","foaf:icqChatID","individual","enclosed");
223
224	$data['profile:details'][] = array(gettext("MSN chat"),"msn","msn");
225	$data['foaf:profile'][] = array("msn","foaf:msnChatID","individual","enclosed");
226
227	$data['profile:details'][] = array(gettext("AIM screenname"),"aim","aim");
228	$data['foaf:profile'][] = array("aim","foaf:aimChatID","individual","enclosed");
229
230	$data['profile:details'][] = array(gettext("Skype username"),"skype","skype");
231
232	$data['profile:details'][] = array(gettext("Jabber username"),"jabber","text");
233	$data['foaf:profile'][] = array("jabber","foaf:jabberChatID","individual","enclosed");
234
235	$data['profile:details'][] = array(gettext("Interests"),"interests","keywords",gettext("Separated with commas."));
236	$data['foaf:profile'][] = array("interests","foaf:interest","individual","resource");
237	// $data['foaf:profile'][] = array("interests","bio:keywords","collated","enclosed");
238
239	$data['profile:details'][] = array(gettext("Likes"),"likes","keywords",gettext("Separated with commas."));
240	$data['profile:details'][] = array(gettext("Dislikes"),"dislikes","keywords",gettext("Separated with commas."));
241	$data['profile:details'][] = array(gettext("Occupation"),"occupation","text");
242	$data['profile:details'][] = array(gettext("Industry"),"industry","keywords");
243
244	$data['profile:details'][] = array(gettext("Company / Institution"),"organisation","text");
245	$data['foaf:profile'][] = array("organisation","foaf:organization","collated","enclosed");
246
247	$data['profile:details'][] = array(gettext("Job Title"),"jobtitle","text");
248	$data['profile:details'][] = array(gettext("Job Description"),"jobdescription","text");
249	$data['profile:details'][] = array(gettext("I would like to ..."),"goals","keywords",gettext("Separated with commas."));
250	$data['profile:details'][] = array(gettext("Career Goals"),"careergoals","longtext",gettext("Freeform: let colleagues and potential employers know what you'd like to get out of your career."));
251	$data['profile:details'][] = array(gettext("Level of Education"),"educationlevel","text");
252	$data['profile:details'][] = array(gettext("High School"),"highschool","text");
253	$data['profile:details'][] = array(gettext("University / College"),"university","text");
254	$data['profile:details'][] = array(gettext("Degree"),"universitydegree","text");
255	$data['profile:details'][] = array(gettext("Main Skills"),"skills","keywords",gettext("Separated with commas."));
256	return $run_result;
257	}
258
259	// the field parameter seems to be an array of unknown structure...
260	function editfield_display ($field) {
261
262	// copy array element with default to ''
263	$flabel = !empty($field[0]) ? $field[0] : '';
264	$fname = !empty($field[1]) ? $field[1] : '';
265	$ftype = !empty($field[2]) ? $field[2] : '';
266	$fblurb = !empty($field[3]) ? $field[3] : '';
267
268	global $page_owner;
269	global $data;
270	global $CFG;
271
272	$run_result = '';
273
274	if (empty($flabel) && empty($fname)) {
275	return '';
276	}
277
278	if (!isset($data['profile:preload'][$flabel])) {
279	if (!$value = get_record('profile_data','name',$fname,'owner',$page_owner)) {
280	$value = "";
281	$value->value = "";
282	$value->access = $CFG->default_access;
283	}
284	} else {
285	$value = "";
286	$value->value = $data['profile:preload'][$fname];
287	$value->access = $CFG->default_access;
288
289	}
290
291	$name = "<label for=\"$fname\"><b>{$flabel}</b>";
292	if (!empty($fblurb)) {
293	$name .= "<br /><i>" . $fblurb . "</i>";
294	}
295	$name .= '</label>';
296
297	if (empty($ftype)) {
298	$ftype = "text";
299	}
300
301	$column1 = display_input_field(array("profiledetails[" . $fname . "]",$value->value,$ftype,$fname,@$value->ident,$page_owner));
302	$column2 = "<label>". gettext("Access Restriction:") ."<br />";
303	$column2 .= run("display:access_level_select",array("profileaccess[".$fname . "]",$value->access)) . "</label>";
304
305	$run_result .=templates_draw(array(
306	'context' => 'databox',
307	'name' => $name,
308	'column1' => $column1,
309	'column2' => $column2
310	)
311	);
312
313	return $run_result;
314
315	}
316
317	function field_display ($field, $allvalues) {
318
319	global $data;
320
321	$run_result = '';
322
323	if (sizeof($field) >= 2) {
324
325	// $value = get_record('profile_data','name',$field[1],'owner',$this->id);
326
327	foreach($allvalues as $curvalue) {
328	if ($curvalue->name == stripslashes($field[1])) {
329	$value = $curvalue;
330	break; // found it, done!
331	}
332	}
333
334	if (!isset($value)) {
335	return '';
336	}
337
338	if ((($value->value != "" && $value->value != "blank"))
339	&& run("users:access_level_check", $value->access)) {
340	$name = $field[0];
341	$column1 = display_output_field(array($value->value,$field[2],$field[1],$field[0],$value->ident));
342	$run_result .=templates_draw(array(
343	'context' => 'databox1',
344	'name' => $name,
345	'column1' => $column1
346	)
347	);
348	}
349	}
350	return $run_result;
351	}
352
353	function search ($tagtype, $tagvalue) {
354
355	global $data, $CFG, $db;
356
357	$handle = 0;
358	$run_result = '';
359
360	foreach($data['profile:details'] as $profiletype) {
361	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
362	$handle = 1;
363	}
364	}
365
366	if ($handle) {
367
368	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
369	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
370	$searchline = str_replace("owner","t.owner",$searchline);
371	$tagvalue = stripslashes($tagvalue);
372	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
373	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
374	WHERE '.$searchline)) {
375	$profilesMsg = gettext("Profiles where");
376	$body = <<< END
377
378	<h2>
379	$profilesMsg
380	END;
381	$body .= "'".gettext($tagtype)."' = '".$tagvalue."':";
382	$body .= <<< END
383	</h2>
384	END;
385	$body .= <<< END
386	<table class="userlist">
387	<tr>
388	END;
389	$i = 1;
390	foreach($result as $key => $info) {
391	$width = 50;
392	if (sizeof($tagvalue) > 4) {
393	$width = 25;
394	}
395	$friends_username = $info->username;
396	$friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8');
397	$friends_menu = run("users:infobox:menu",array($info->ident));
398	$body .= <<< END
399	<td align="center">
400	<p>
401	<a href="{$CFG->wwwroot}{$friends_username}/">
402	<img src="{$CFG->wwwroot}{$friends_username}/icons/{$info->icon}/w/{$width}" alt="{$friends_name}" border="0" /></a><br />
403	<span class="userdetails">
404	{$friends_name}
405	{$friends_menu}
406	</span>
407	</p>
408	</td>
409	END;
410	if ($i % 5 == 0) {
411	$body .= "</tr><tr>";
412	}
413	$i++;
414	}
415	$body .= <<< END
416	</tr>
417	</table>
418	END;
419	$run_result .= $body;
420	}
421	}
422	return $run_result;
423	}
424
425	function search_all_tagtypes () {
426
427	global $data;
428
429	foreach($data['profile:details'] as $profiletype) {
430	if ($profiletype[2] == "keywords") {
431