profile.class.php

Revision 1030, 39.4 kB (checked in by ben, 2 years ago)
Profiles now have columns, widgets, and assorted joy. This commit doesn't include the Yahoo User Interface library, which has been chosen to handle back-end AJAX.
Property svn:eol-style set to `native`

Line
1	<?php
2	/*
3	Penny note: none of the queries in this file
4	that are get_something_sql or
5	get_something_select can be converted to use
6	prepared statements because they all have $where
7	that has come from some function somewhere...
8	*/
9
10	Class ElggProfile {
11
12	function ElggProfile ($profile_id) {
13
14	global $data;
15	global $page_owner;
16	global $PAGE;
17
18	// ELGG profile system initialisation
19	// ID of profile to view / edit
20
21	if (!empty($profile_id)) {
22	$this->id = $profile_id;
23	} else {
24	$this->id = -1;
25	}
26
27	$page_owner = $profile_id;
28
29	// Profile initialisation
30	// very strange init sequence from the old main() call follows
31	$this->editfield_defaults();
32	// $this->actions(); // not from here --
33	// $this->upload_foaf();
34
35	}
36
37	function edit_link () {
38
39
40	global $page_owner;
41	global $data;
42	global $CFG;
43
44	$run_result = '';
45
46	if (run("permissions:check", "profile")) {
47
48	$editMsg = __gettext("Click here to edit this profile.");
49
50	$run_result .= <<<END
51
52	<p>
53	<a href="{$CFG->wwwroot}profile/edit.php?profile_id=$page_owner">$editMsg</a>
54	</p>
55	END;
56
57	$run_result .= run("profile:edit:link");
58
59	}
60	return $run_result;
61	}
62
63	function display_name () {
64
65	global $name_cache;
66	global $data;
67
68	if (!isset($name_cache[$this->id]) \|\| (time() - $name_cache[$this->id]->created > 60)) {
69
70	$name_cache[$this->id]->created = time();
71	$name_cache[$this->id]->data = htmlspecialchars(user_info('name',$this->id), ENT_COMPAT, 'utf-8');
72
73	}
74	$run_result = $name_cache[$this->id]->data;
75	return $run_result;
76	}
77
78	function display_form () {
79
80	global $page_owner;
81	global $data;
82	global $CFG;
83
84	$run_result = '';
85
86	$body = "<p>\n" . __gettext(" This screen allows you to edit your profile. Blank fields will not show up on your profile screen in any view; you can change the access level for each piece of information in order to prevent it from falling into the wrong hands. For example, we strongly recommend you keep your address to yourself or a few trusted parties.") . "</p>\n";
87
88	if (run("permissions:check", "profile")) {
89
90	$profile_username = user_info('username', $page_owner);
91
92	$body .= "<form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
93	$body .= "<div class=\"tabber\">";
94
95	// Cycle through all defined profile detail fields and display them
96
97	$profilecat = array( );
98
99	if (!empty($data['profile:details']) && sizeof($data['profile:details']) > 0) {
100
101	foreach($data['profile:details'] as $field) {
102
103	if (is_array($field)) {
104	$flabel = !empty($field[0]) ? $field[0] : '';
105	$fname = !empty($field[1]) ? $field[1] : '';
106	$ftype = !empty($field[2]) ? $field[2] : '';
107	$fblurb = !empty($field[3]) ? $field[3] : '';
108	$fusertype = !empty($field[4]) ? $field[4] : '';
109	$finvisible = false;
110	$frequired = false;
111	$fcat = __gettext("Main");
112	// Otherwise map things the new way!
113	} else {
114	$flabel = $field->name;
115	$fname = $field->internal_name;
116	$ftype = $field->field_type;
117	$fblurb = $field->description;
118	$fusertype = $field->user_type;
119	$finvisible = $field->invisible;
120	$frequired = $field->required;
121	if (!empty($field->category)) {
122	$fcat = $field->category;
123	} else {
124	$fcat = __gettext("Main");
125	}
126	}
127
128	if (!isset($profilecat[$fcat])) {
129	$profilecat[$fcat] = '';
130	}
131	$profilecat[$fcat] .= $this->editfield_display($field);
132	}
133	if (sizeof($profilecat) > 0) {
134	foreach($profilecat as $cat => $html) {
135
136	$body .= "<div class=\"tabbertab\" title=\"$cat\">";
137	$body .= $html;
138	$body .= "</div>";
139
140	}
141	}
142
143	}
144
145	$submitMsg = __gettext("Submit details:");
146	$saveProfile = __gettext("Save your profile");
147	$body .= <<< END
148
149	</div>
150
151	<p align="center">
152	<label>
153	$submitMsg
154	<input type="submit" name="submit" value="$saveProfile" />
155	</label>
156	<input type="hidden" name="action" value="profile:edit" />
157	<input type="hidden" name="profile_id" value="$page_owner" />
158	</p>
159
160	</form>
161	END;
162
163	$body .= "<p> </p><form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
164	$body .= "<p>" . __gettext("You can import some profile data by uploading a FOAF file here:") . "</p>";
165	$body .=templates_draw(array(
166	'context' => 'databox',
167	'name' => __gettext("Upload a FOAF file:"),
168	'column1' => "<input name=\"foaf_file\" id=\"foaf_file\" type=\"file\" />",
169	'column2' => "<input type=\"submit\" value=\"".__gettext("Upload") . "\" />"
170	)
171	);
172	$body .= <<<END
173
174	<input type="hidden" name="action" value="profile:foaf:upload" />
175	<input type="hidden" name="profile_id" value="$page_owner" />
176	</form>
177
178	END;
179
180	$run_result .= $body;
181
182	}
183	return $run_result;
184	}
185
186	function editfield_defaults () {
187
188	global $CFG;
189	include($CFG->profilelocation . "profile.config.php");
190	return $run_result;
191	}
192
193	// the field parameter seems to be an array of unknown structure...
194	function editfield_display ($field) {
195
196	global $page_owner;
197	static $usertype;
198
199	if (!isset($usertype)) {
200	$usertype = user_type($page_owner);
201	}
202
203	// copy array element with default to ''
204
205	// If we're dealing with the old-style profile fields
206	if (is_array($field)) {
207	$flabel = !empty($field[0]) ? $field[0] : '';
208	$fname = !empty($field[1]) ? $field[1] : '';
209	$ftype = !empty($field[2]) ? $field[2] : '';
210	$fblurb = !empty($field[3]) ? $field[3] : '';
211	$fusertype = !empty($field[4]) ? $field[4] : '';
212	$finvisible = false;
213	$frequired = false;
214	// Otherwise map things the new way!
215	} else {
216	$flabel = $field->name;
217	$fname = $field->internal_name;
218	$ftype = $field->field_type;
219	$fblurb = $field->description;
220	$fusertype = $field->user_type;
221	$finvisible = $field->invisible;
222	$frequired = $field->required;
223	}
224
225	if (!empty($fusertype) && $fusertype != $usertype) {
226	return '';
227	}
228
229	global $page_owner;
230	global $data;
231	global $CFG;
232
233	$run_result = '';
234
235	if (empty($flabel) && empty($fname)) {
236	return '';
237	}
238
239	if (!isset($data['profile:preload'][$fname])) {
240	if (!$value = get_record('profile_data','name',$fname,'owner',$page_owner)) {
241	$value = "";
242	$value->value = "";
243	$value->access = $CFG->default_access;
244	}
245	} else {
246	$value = "";
247	$value->value = $data['profile:preload'][$fname];
248	if (!isset($data['profile:preload:access'][$fname])) {
249	$value->access = $CFG->default_access;
250	} else {
251	$value->access = $data['profile:preload:access'][$fname];
252	}
253
254	}
255	if ($finvisible) {
256	$value->access = "PRIVATE";
257	}
258
259	$name = "<label for=\"$fname\"><b>{$flabel}</b>";
260	if (!empty($fblurb)) {
261	$name .= "<br /><i>" . $fblurb . "</i>";
262	}
263	$name .= '</label>';
264
265	if (empty($ftype)) {
266	$ftype = "text";
267	}
268
269	$column1 = display_input_field(array("profiledetails[" . $fname . "]",$value->value,$ftype,$fname,@$value->ident,$page_owner));
270	$column2 = "<label>". __gettext("Access Restriction:") ."<br />";
271	$column2 .= run("display:access_level_select",array("profileaccess[".$fname . "]",$value->access)) . "</label>";
272
273	$run_result .=templates_draw(array(
274	'context' => 'databox',
275	'name' => $name,
276	'column1' => $column1,
277	'column2' => $column2
278	)
279	);
280
281	return $run_result;
282
283	}
284
285	function field_display ($field, $allvalues) {
286
287	global $data;
288
289	$run_result = '';
290
291	// If we're dealing with the old-style profile fields
292	if (is_array($field)) {
293	$flabel = !empty($field[0]) ? $field[0] : '';
294	$fname = !empty($field[1]) ? $field[1] : '';
295	$ftype = !empty($field[2]) ? $field[2] : '';
296	$fblurb = !empty($field[3]) ? $field[3] : '';
297	$fusertype = !empty($field[4]) ? $field[4] : '';
298	// Otherwise map things the new way!
299	} else {
300	$flabel = $field->name;
301	$fname = $field->internal_name;
302	$ftype = $field->field_type;
303	$fblurb = $field->description;
304	$fusertype = $field->user_type;
305	$finvisible = $field->invisible;
306	$frequired = $field->required;
307	}
308
309	//if (sizeof($field) >= 2) {
310
311	// $value = get_record('profile_data','name',$field[1],'owner',$this->id);
312	if (is_array($allvalues) && !empty($allvalues)) {
313	foreach($allvalues as $curvalue) {
314	if ($curvalue->name == stripslashes($fname)) {
315	$value = $curvalue;
316	break; // found it, done!
317	}
318	}
319	}
320
321	if (!isset($value)) {
322	return '';
323	}
324
325	if ((($value->value != "" && $value->value != "blank" && !$finvisible))
326	&& run("users:access_level_check", $value->access)) {
327	$name = $flabel;
328	$column1 = display_output_field(array($value->value,$ftype,$fname,$flabel,$value->ident));
329	$run_result .=templates_draw(array(
330	'context' => 'databox1',
331	'name' => $name,
332	'column1' => $column1
333	)
334	);
335	}
336	// }
337	return $run_result;
338	}
339
340	function search ($tagtype, $tagvalue) {
341
342	global $data, $CFG, $db;
343
344	$handle = 0;
345	$run_result = '';
346
347	foreach($data['profile:details'] as $profiletype) {
348	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
349	$handle = 1;
350	}
351	}
352
353	if ($handle) {
354
355	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
356	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
357	$searchline = str_replace("owner","t.owner",$searchline);
358	$tagvalue = stripslashes($tagvalue);
359	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
360	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
361	WHERE '.$searchline)) {
362	$profilesMsg = __gettext("Profiles where");
363	$body = <<< END
364
365	<h2>
366	$profilesMsg
367	END;
368	$body .= "'".__gettext($tagtype)."' = '".$tagvalue."':";
369	$body .= <<< END
370	</h2>
371	END;
372	$body .= <<< END
373	<table class="userlist">
374	<tr>
375	END;
376	$i = 1;
377	foreach($result as $key => $info) {
378	$width = 50;
379	if (sizeof($tagvalue) > 4) {
380	$width = 25;
381	}
382	$friends_username = $info->username;
383	$friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8');
384	$friends_menu = run("users:infobox:menu",array($info->ident));
385	$body .= <<< END
386	<td align="center">
387	<p>
388	<a href="{$CFG->wwwroot}{$friends_username}/">
389	<img src="{$CFG->wwwroot}_icon/user/{$info->icon}/w/{$width}" alt="{$friends_name}" border="0" /></a><br />
390	<span class="userdetails">
391	{$friends_name}
392	{$friends_menu}
393	</span>
394	</p>
395	</td>
396	END;
397	if ($i % 5 == 0) {
398	$body .= "</tr><tr>";
399	}
400	$i++;
401	}
402	$body .= <<< END
403	</tr>
404	</table>
405	END;
406	$run_result .= $body;
407	}
408	}
409	return $run_result;
410	}
411
412	function search_all_tagtypes () {
413
414	global $data;
415
416	foreach($data['profile:details'] as $profiletype) {
417	if ($profiletype[2] == "keywords") {
418	$data['search:tagtypes'][] = $profiletype[1];
419	}
420	}
421	return true;
422	}
423
424	function search_all_tagtypes_rss () {
425
426	global $data;
427
428	foreach($data['profile:details'] as $profiletype) {
429	if ($profiletype[2] == "keywords") {
430	$data['search:tagtypes:rss'][] = $profiletype[1];
431	}
432	}
433	return true;
434	}
435
436	function search_ecl ($tagtype, $tagvalue) {
437
438	global $data, $CFG, $db;
439
440	$handle = 0;
441	$run_result = '';
442
443	foreach($data['profile:details'] as $profiletype) {
444	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
445	$handle = 1;
446	}
447	}
448
449	if ($handle) {
450
451	$sub_result = "";
452
453	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
454	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
455	$searchline = str_replace("owner", "t.owner", $searchline);
456	$tagvalue = stripslashes($tagvalue);
457	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
458	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
459	WHERE '.$searchline)) {
460	foreach($result as $key => $info) {
461	$icon = url . '_icon/user/'.$post->icon;
462	$sub_result .= "\t\t\t<item>\n";