profile.class.php

Revision 690, 34.9 kB (checked in by sven, 2 years ago)
more icon cacheability - all icon urls now /_icon/(user\|file)/ID, to remove unused username variable and question marks

Line
1	<?php
2	/*
3	Penny note: none of the queries in this file
4	that are get_something_sql or
5	get_something_select can be converted to use
6	prepared statements because they all have $where
7	that has come from some function somewhere...
8	*/
9
10	Class ElggProfile {
11
12	function ElggProfile ($profile_id) {
13
14	global $data;
15	global $page_owner;
16	global $PAGE;
17
18	// ELGG profile system initialisation
19	// ID of profile to view / edit
20
21	if (!empty($profile_id)) {
22	$this->id = $profile_id;
23	} else {
24	$this->id = -1;
25	}
26
27	$page_owner = $profile_id;
28
29	// Profile initialisation
30	// very strange init sequence from the old main() call follows
31	$this->editfield_defaults();
32	// $this->actions(); // not from here --
33	// $this->upload_foaf();
34
35	}
36
37	function edit_link () {
38
39
40	global $page_owner;
41	global $data;
42	global $CFG;
43
44	$run_result = '';
45
46	if (run("permissions:check", "profile")) {
47
48	$editMsg = __gettext("Click here to edit this profile.");
49
50	$run_result .= <<<END
51
52	<p>
53	<a href="{$CFG->wwwroot}profile/edit.php?profile_id=$page_owner">$editMsg</a>
54	</p>
55	END;
56
57	$run_result .= run("profile:edit:link");
58
59	}
60	return $run_result;
61	}
62
63	function display_name () {
64
65	global $name_cache;
66	global $data;
67
68	if (!isset($name_cache[$this->id]) \|\| (time() - $name_cache[$this->id]->created > 60)) {
69
70	$name_cache[$this->id]->created = time();
71	$name_cache[$this->id]->data = htmlspecialchars(user_info('name',$this->id), ENT_COMPAT, 'utf-8');
72
73	}
74	$run_result = $name_cache[$this->id]->data;
75	return $run_result;
76	}
77
78	function display_form () {
79
80	global $page_owner;
81	global $data;
82	global $CFG;
83
84	$run_result = '';
85
86	$body = "<p>\n" . __gettext(" This screen allows you to edit your profile. Blank fields will not show up on your profile screen in any view; you can change the access level for each piece of information in order to prevent it from falling into the wrong hands. For example, we strongly recommend you keep your address to yourself or a few trusted parties.") . "</p>\n";
87
88	if (run("permissions:check", "profile")) {
89
90	$profile_username = user_info('username', $page_owner);
91
92
93
94	$body .= "<form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
95	$body .= "<p>" . __gettext("You can import some profile data by uploading a FOAF file here:") . "</p>";
96	$body .=templates_draw(array(
97	'context' => 'databox',
98	'name' => __gettext("Upload a FOAF file:"),
99	'column1' => "<input name=\"foaf_file\" id=\"foaf_file\" type=\"file\" />",
100	'column2' => "<input type=\"submit\" value=\"".__gettext("Upload") . "\" />"
101	)
102	);
103	$body .= <<<END
104
105	<input type="hidden" name="action" value="profile:foaf:upload" />
106	<input type="hidden" name="profile_id" value="$page_owner" />
107	</form>
108
109	END;
110	$body .= "<p>" .__gettext("Or you can fill in your profile directly below:") . "</p>";
111	$body .= "<form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\">";
112
113	// Cycle through all defined profile detail fields and display them
114
115	if (!empty($data['profile:details']) && sizeof($data['profile:details']) > 0) {
116
117	foreach($data['profile:details'] as $field) {
118	$body .= $this->editfield_display($field);
119	}
120
121	}
122
123	$submitMsg = __gettext("Submit details:");
124	$saveProfile = __gettext("Save your profile");
125	$body .= <<< END
126
127	<p align="center">
128	<label>
129	$submitMsg
130	<input type="submit" name="submit" value="$saveProfile" />
131	</label>
132	<input type="hidden" name="action" value="profile:edit" />
133	<input type="hidden" name="profile_id" value="$page_owner" />
134	</p>
135
136	</form>
137	END;
138
139	$run_result .= $body;
140
141	}
142	return $run_result;
143	}
144
145	function editfield_defaults () {
146
147	global $CFG;
148	include($CFG->profilelocation . "profile.config.php");
149	return $run_result;
150	}
151
152	// the field parameter seems to be an array of unknown structure...
153	function editfield_display ($field) {
154
155	global $page_owner;
156	static $usertype;
157
158	if (!isset($usertype)) {
159	$usertype = user_type($page_owner);
160	}
161
162	// copy array element with default to ''
163	$flabel = !empty($field[0]) ? $field[0] : '';
164	$fname = !empty($field[1]) ? $field[1] : '';
165	$ftype = !empty($field[2]) ? $field[2] : '';
166	$fblurb = !empty($field[3]) ? $field[3] : '';
167	$fusertype = !empty($field[4]) ? $field[4] : '';
168
169	if (!empty($fusertype) && $fusertype != $usertype) {
170	return '';
171	}
172
173	global $page_owner;
174	global $data;
175	global $CFG;
176
177	$run_result = '';
178
179	if (empty($flabel) && empty($fname)) {
180	return '';
181	}
182
183	if (!isset($data['profile:preload'][$flabel])) {
184	if (!$value = get_record('profile_data','name',$fname,'owner',$page_owner)) {
185	$value = "";
186	$value->value = "";
187	$value->access = $CFG->default_access;
188	}
189	} else {
190	$value = "";
191	$value->value = $data['profile:preload'][$fname];
192	$value->access = $CFG->default_access;
193
194	}
195
196	$name = "<label for=\"$fname\"><b>{$flabel}</b>";
197	if (!empty($fblurb)) {
198	$name .= "<br /><i>" . $fblurb . "</i>";
199	}
200	$name .= '</label>';
201
202	if (empty($ftype)) {
203	$ftype = "text";
204	}
205
206	$column1 = display_input_field(array("profiledetails[" . $fname . "]",$value->value,$ftype,$fname,@$value->ident,$page_owner));
207	$column2 = "<label>". __gettext("Access Restriction:") ."<br />";
208	$column2 .= run("display:access_level_select",array("profileaccess[".$fname . "]",$value->access)) . "</label>";
209
210	$run_result .=templates_draw(array(
211	'context' => 'databox',
212	'name' => $name,
213	'column1' => $column1,
214	'column2' => $column2
215	)
216	);
217
218	return $run_result;
219
220	}
221
222	function field_display ($field, $allvalues) {
223
224	global $data;
225
226	$run_result = '';
227
228	if (sizeof($field) >= 2) {
229
230	// $value = get_record('profile_data','name',$field[1],'owner',$this->id);
231
232	foreach($allvalues as $curvalue) {
233	if ($curvalue->name == stripslashes($field[1])) {
234	$value = $curvalue;
235	break; // found it, done!
236	}
237	}
238
239	if (!isset($value)) {
240	return '';
241	}
242
243	if ((($value->value != "" && $value->value != "blank"))
244	&& run("users:access_level_check", $value->access)) {
245	$name = $field[0];
246	$column1 = display_output_field(array($value->value,$field[2],$field[1],$field[0],$value->ident));
247	$run_result .=templates_draw(array(
248	'context' => 'databox1',
249	'name' => $name,
250	'column1' => $column1
251	)
252	);
253	}
254	}
255	return $run_result;
256	}
257
258	function search ($tagtype, $tagvalue) {
259
260	global $data, $CFG, $db;
261
262	$handle = 0;
263	$run_result = '';
264
265	foreach($data['profile:details'] as $profiletype) {
266	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
267	$handle = 1;
268	}
269	}
270
271	if ($handle) {
272
273	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
274	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
275	$searchline = str_replace("owner","t.owner",$searchline);
276	$tagvalue = stripslashes($tagvalue);
277	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
278	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
279	WHERE '.$searchline)) {
280	$profilesMsg = __gettext("Profiles where");
281	$body = <<< END
282
283	<h2>
284	$profilesMsg
285	END;
286	$body .= "'".__gettext($tagtype)."' = '".$tagvalue."':";
287	$body .= <<< END
288	</h2>
289	END;
290	$body .= <<< END
291	<table class="userlist">
292	<tr>
293	END;
294	$i = 1;
295	foreach($result as $key => $info) {
296	$width = 50;
297	if (sizeof($tagvalue) > 4) {
298	$width = 25;
299	}
300	$friends_username = $info->username;
301	$friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8');
302	$friends_menu = run("users:infobox:menu",array($info->ident));
303	$body .= <<< END
304	<td align="center">
305	<p>
306	<a href="{$CFG->wwwroot}{$friends_username}/">
307	<img src="{$CFG->wwwroot}_icon/user/{$info->icon}/w/{$width}" alt="{$friends_name}" border="0" /></a><br />
308	<span class="userdetails">
309	{$friends_name}
310	{$friends_menu}
311	</span>
312	</p>
313	</td>
314	END;
315	if ($i % 5 == 0) {
316	$body .= "</tr><tr>";
317	}
318	$i++;
319	}
320	$body .= <<< END
321	</tr>
322	</table>
323	END;
324	$run_result .= $body;
325	}
326	}
327	return $run_result;
328	}
329
330	function search_all_tagtypes () {
331
332	global $data;
333
334	foreach($data['profile:details'] as $profiletype) {
335	if ($profiletype[2] == "keywords") {
336	$data['search:tagtypes'][] = $profiletype[1];
337	}
338	}
339	return true;
340	}
341
342	function search_all_tagtypes_rss () {
343
344	global $data;
345
346	foreach($data['profile:details'] as $profiletype) {
347	if ($profiletype[2] == "keywords") {
348	$data['search:tagtypes:rss'][] = $profiletype[1];
349	}
350	}
351	return true;
352	}
353
354	function search_ecl ($tagtype, $tagvalue) {
355
356	global $data, $CFG, $db;
357
358	$handle = 0;
359	$run_result = '';
360
361	foreach($data['profile:details'] as $profiletype) {
362	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
363	$handle = 1;
364	}
365	}
366
367	if ($handle) {
368
369	$sub_result = "";
370
371	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
372	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
373	$searchline = str_replace("owner", "t.owner", $searchline);
374	$tagvalue = stripslashes($tagvalue);
375	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
376	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
377	WHERE '.$searchline)) {
378	foreach($result as $key => $info) {
379	$icon = url . '_icon/user/'.$post->icon;
380	$sub_result .= "\t\t\t<item>\n";
381	$sub_result .= "\t\t\t\t<name><![CDATA[" . htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8') . "]]></name>\n";
382	$sub_result .= "\t\t\t\t<link>" . url . htmlspecialchars($info->username, ENT_COMPAT, 'utf-8') . "</link>\n";
383	$sub_result .= "\t\t\t\t<link>$icon</link>\n";
384	$sub_result .= "\t\t\t</item>\n";
385	}
386	}
387
388	if ($sub_result != "") {
389
390	$run_result .= "\t\t<profiles tagtype=\"".addslashes(htmlspecialchars($tagtype, ENT_COMPAT, 'utf-8'))."\">\n" . $sub_result . "\t\t</profiles>\n";
391
392	}
393
394	}
395	return $run_result;
396	}
397
398	function search_rss ($tagtype, $tagvalue) {
399
400	global $data, $CFG, $db;
401
402	$handle = 0;
403	$run_result = '';
404
405	foreach($data['profile:details'] as $profiletype) {
406	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
407	$handle = 1;
408	}
409	}
410
411	if ($handle) {
412
413	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
414	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
415	$searchline = str_replace("owner", "t.owner", $searchline);
416	$tagvalue = stripslashes($tagvalue);
417	if ($result = get_records_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
418	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
419	WHERE '.$searchline)) {
420	foreach($result as $key => $info) {
421	$run_result .= "\t<item>\n";
422	$run_result .= "\t\t<title><![CDATA['" . htmlspecialchars($tagtype, ENT_COMPAT, 'utf-8') . "' = " . htmlspecialchars($tagvalue, ENT_COMPAT, 'utf-8') . " :: " . htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8') . "]]></title>\n";
423	$run_result .= "\t\t<link>" . url . htmlspecialchars($info->username, ENT_COMPAT, 'utf-8') . "</link>\n";
424	$run_result .= "\t</item>\n";
425	}
426	}
427	}
428	return $run_result;
429	}
430
431	function upload_foaf () {
432
433	global $data,$CFG;
434
435	$action = optional_param('action');
436	if (!empty($action) && $action == "profile:foaf:upload" && logged_on && run("permissions:check", "profile")) {
437	require_once($CFG->dirroot.'lib/uploadlib.php');
438	$um = new upload_manager('foaf_file',false,true,0,true);
439	$dir = $CFG->dataroot . 'tmp/foaf/';
440	if (!$um->process_file_uploads($dir)) {
441	$messages[] = __gettext("There was an error uploading the file. Possibly the file was too large, or the upload was interrupted.");
442	$messages[] = $um->get_errors();
443	return false;
444	}
445	$file = $um->get_new_filepath();
446	$foaf = @GetXMLTreeProfile($file);
447
448	$data['profile:preload'] = array();
449
450	if (isset($foaf['RDF:RDF'][0]['PERSON'][0]) && !isset($foaf['RDF:RDF'][0]['FOAF:PERSON'][0])) {
451	$foaf['RDF:RDF'][0]['FOAF:PERSON'][0] = $foaf['RDF:RDF'][0]['PERSON'][0];
452	}
453
454	if (isset($foaf['RDF:RDF'][0]['FOAF:PERSON'][0])) {
455
456	$foaf = $foaf['RDF:RDF'][0]['FOAF:PERSON'][0];
457
458	if (!empty($data['foaf:profile']) && sizeof