profile.class.php

Revision 1297, 39.6 kB (checked in by ewout, 1 year ago)
Profile fields can now have a default_access attribute. This attribute is set to PRIVATE (in the profile.config.php that ships with elgg) for adresss, home phone and cell phone. Closes #163.
Property svn:eol-style set to `native`

Line
1	<?php
2	/*
3	Penny note: none of the queries in this file
4	that are get_something_sql or
5	get_something_select can be converted to use
6	prepared statements because they all have $where
7	that has come from some function somewhere...
8	*/
9
10	Class ElggProfile {
11
12	function ElggProfile ($profile_id) {
13
14	global $data;
15	global $page_owner;
16	global $PAGE;
17
18	// ELGG profile system initialisation
19	// ID of profile to view / edit
20
21	if (!empty($profile_id)) {
22	$this->id = $profile_id;
23	} else {
24	$this->id = -1;
25	}
26
27	$page_owner = $profile_id;
28
29	// Profile initialisation
30	// very strange init sequence from the old main() call follows
31	$this->editfield_defaults();
32	// $this->actions(); // not from here --
33	// $this->upload_foaf();
34
35	}
36
37	function edit_link () {
38
39
40	global $page_owner;
41	global $data;
42	global $CFG;
43
44	$run_result = '';
45
46	if (run("permissions:check", "profile")) {
47
48	$editMsg = __gettext("Click here to edit this profile.");
49
50	$run_result .= <<<END
51
52	<p>
53	<a href="{$CFG->wwwroot}profile/edit.php?profile_id=$page_owner">$editMsg</a>
54	</p>
55	END;
56
57	$run_result .= run("profile:edit:link");
58
59	}
60	return $run_result;
61	}
62
63	function display_name () {
64
65	global $name_cache;
66	global $data;
67
68	if (!isset($name_cache[$this->id]) \|\| (time() - $name_cache[$this->id]->created > 60)) {
69
70	$name_cache[$this->id]->created = time();
71	$name_cache[$this->id]->data = htmlspecialchars(user_info('name',$this->id), ENT_COMPAT, 'utf-8');
72
73	}
74	$run_result = $name_cache[$this->id]->data;
75	return $run_result;
76	}
77
78	function display_form () {
79
80	global $page_owner;
81	global $data;
82	global $CFG;
83
84	$run_result = '';
85
86	$body = "<p>\n" . __gettext(" This screen allows you to edit your profile. Blank fields will not show up on your profile screen in any view; you can change the access level for each piece of information in order to prevent it from falling into the wrong hands. For example, we strongly recommend you keep your address to yourself or a few trusted parties.") . "</p>\n";
87
88	if (run("permissions:check", "profile")) {
89
90	$profile_username = user_info('username', $page_owner);
91
92	$body .= "<form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
93	$body .= "<div class=\"tabber\">";
94
95	// Cycle through all defined profile detail fields and display them
96
97	$profilecat = array( );
98
99	if (!empty($data['profile:details']) && sizeof($data['profile:details']) > 0) {
100
101	foreach($data['profile:details'] as $field) {
102
103	if (is_array($field)) {
104	$flabel = !empty($field[0]) ? $field[0] : '';
105	$fname = !empty($field[1]) ? $field[1] : '';
106	$ftype = !empty($field[2]) ? $field[2] : '';
107	$fblurb = !empty($field[3]) ? $field[3] : '';
108	$fusertype = !empty($field[4]) ? $field[4] : '';
109	$finvisible = false;
110	$frequired = false;
111	$fcat = __gettext("Main");
112	// Otherwise map things the new way!
113	} else {
114	$flabel = $field->name;
115	$fname = $field->internal_name;
116	$ftype = $field->field_type;
117	$fblurb = $field->description;
118	$fusertype = $field->user_type;
119	$finvisible = $field->invisible;
120	$frequired = $field->required;
121	if (!empty($field->category)) {
122	$fcat = $field->category;
123	} else {
124	$fcat = __gettext("Main");
125	}
126	}
127
128	if (!isset($profilecat[$fcat])) {
129	$profilecat[$fcat] = '';
130	}
131	$profilecat[$fcat] .= $this->editfield_display($field);
132	}
133	if (sizeof($profilecat) > 0) {
134	foreach($profilecat as $cat => $html) {
135
136	$body .= "<div class=\"tabbertab\" title=\"$cat\">";
137	$body .= $html;
138	$body .= "</div>";
139
140	}
141	}
142
143	}
144
145	$submitMsg = __gettext("Submit details:");
146	$saveProfile = __gettext("Save your profile");
147	$body .= <<< END
148
149	</div>
150
151	<p align="center">
152	<label>
153	$submitMsg
154	<input type="submit" name="submit" value="$saveProfile" />
155	</label>
156	<input type="hidden" name="action" value="profile:edit" />
157	<input type="hidden" name="profile_id" value="$page_owner" />
158	</p>
159
160	</form>
161	END;
162
163	$body .= "<p> </p><form action=\"".url . "profile/edit.php?profile_id=".$page_owner."\" method=\"post\" enctype=\"multipart/form-data\">";
164	$body .= "<p>" . __gettext("You can import some profile data by uploading a FOAF file here:") . "</p>";
165	$body .=templates_draw(array(
166	'context' => 'databox',
167	'name' => __gettext("Upload a FOAF file:"),
168	'column1' => "<input name=\"foaf_file\" id=\"foaf_file\" type=\"file\" />",
169	'column2' => "<input type=\"submit\" value=\"".__gettext("Upload") . "\" />"
170	)
171	);
172	$body .= <<<END
173
174	<input type="hidden" name="action" value="profile:foaf:upload" />
175	<input type="hidden" name="profile_id" value="$page_owner" />
176	</form>
177
178	END;
179
180	$run_result .= $body;
181
182	}
183	return $run_result;
184	}
185
186	function editfield_defaults () {
187
188	global $CFG;
189	include($CFG->profilelocation . "profile.config.php");
190	return $run_result;
191	}
192
193	// the field parameter seems to be an array of unknown structure...
194	function editfield_display ($field) {
195
196	global $page_owner;
197	static $usertype;
198
199	if (!isset($usertype)) {
200	$usertype = user_type($page_owner);
201	}
202
203	// copy array element with default to ''
204
205	// If we're dealing with the old-style profile fields
206	if (is_array($field)) {
207	$flabel = !empty($field[0]) ? $field[0] : '';
208	$fname = !empty($field[1]) ? $field[1] : '';
209	$ftype = !empty($field[2]) ? $field[2] : '';
210	$fblurb = !empty($field[3]) ? $field[3] : '';
211	$fusertype = !empty($field[4]) ? $field[4] : '';
212	$finvisible = false;
213	$frequired = false;
214	// Otherwise map things the new way!
215	} else {
216	$flabel = $field->name;
217	$fname = $field->internal_name;
218	$ftype = $field->field_type;
219	$fblurb = $field->description;
220	$fusertype = $field->user_type;
221	$finvisible = $field->invisible;
222	$frequired = $field->required;
223	}
224
225	if (!empty($fusertype) && $fusertype != $usertype) {
226	return '';
227	}
228
229	global $page_owner;
230	global $data;
231	global $CFG;
232
233	$run_result = '';
234
235	if (empty($flabel) && empty($fname)) {
236	return '';
237	}
238
239	if (!isset($data['profile:preload'][$fname])) {
240	if (!$value = get_record('profile_data','name',$fname,'owner',$page_owner)) {
241	$value = "";
242	$value->value = "";
243	if(isset($field->default_access)) { // default access can be set on a per profile field basis
244	$value->access = $field->default_access;
245	} else {
246	$value->access = $CFG->default_access;
247	}
248	}
249	} else {
250	$value = "";
251	$value->value = $data['profile:preload'][$fname];
252	if (!isset($data['profile:preload:access'][$fname])) {
253	if(isset($field->default_access)) {
254	$value->access = $field->default_access;
255	} else {
256	$value->access = $CFG->default_access;
257	}
258	} else {
259	$value->access = $data['profile:preload:access'][$fname];
260	}
261
262	}
263	if ($finvisible) {
264	$value->access = "PRIVATE";
265	}
266
267	$name = "<label for=\"$fname\"><b>{$flabel}</b>";
268	if (!empty($fblurb)) {
269	$name .= "<br /><i>" . $fblurb . "</i>";
270	}
271	$name .= '</label>';
272
273	if (empty($ftype)) {
274	$ftype = "text";
275	}
276
277	$column1 = display_input_field(array("profiledetails[" . $fname . "]",$value->value,$ftype,$fname,@$value->ident,$page_owner));
278	$column2 = "<label>". __gettext("Access Restriction:") ."<br />";
279	$column2 .= run("display:access_level_select",array("profileaccess[".$fname . "]",$value->access)) . "</label>";
280
281	$run_result .=templates_draw(array(
282	'context' => 'databox',
283	'name' => $name,
284	'column1' => $column1,
285	'column2' => $column2
286	)
287	);
288
289	return $run_result;
290
291	}
292
293	function field_display ($field, $allvalues) {
294
295	global $data;
296
297	$run_result = '';
298
299	// If we're dealing with the old-style profile fields
300	if (is_array($field)) {
301	$flabel = !empty($field[0]) ? $field[0] : '';
302	$fname = !empty($field[1]) ? $field[1] : '';
303	$ftype = !empty($field[2]) ? $field[2] : '';
304	$fblurb = !empty($field[3]) ? $field[3] : '';
305	$fusertype = !empty($field[4]) ? $field[4] : '';
306	// Otherwise map things the new way!
307	} else {
308	$flabel = $field->name;
309	$fname = $field->internal_name;
310	$ftype = $field->field_type;
311	$fblurb = $field->description;
312	$fusertype = $field->user_type;
313	$finvisible = $field->invisible;
314	$frequired = $field->required;
315	}
316
317	//if (sizeof($field) >= 2) {
318
319	// $value = get_record('profile_data','name',$field[1],'owner',$this->id);
320	if (is_array($allvalues) && !empty($allvalues)) {
321	foreach($allvalues as $curvalue) {
322	if ($curvalue->name == stripslashes($fname)) {
323	$value = $curvalue;
324	break; // found it, done!
325	}
326	}
327	}
328
329	if (!isset($value)) {
330	return '';
331	}
332
333	if ((($value->value != "" && $value->value != "blank" && !$finvisible))
334	&& run("users:access_level_check", $value->access)) {
335	$name = $flabel;
336	$column1 = display_output_field(array($value->value,$ftype,$fname,$flabel,$value->ident));
337	$run_result .=templates_draw(array(
338	'context' => 'databox1',
339	'name' => $name,
340	'column1' => $column1
341	)
342	);
343	}
344	// }
345	return $run_result;
346	}
347
348	function search ($tagtype, $tagvalue) {
349
350	global $data, $CFG, $db;
351
352	$handle = 0;
353	$run_result = '';
354
355	foreach($data['profile:details'] as $profiletype) {
356	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
357	$handle = 1;
358	}
359	}
360
361	if ($handle) {
362
363	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
364	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
365	$searchline = str_replace("owner","t.owner",$searchline);
366	$tagvalue = stripslashes($tagvalue);
367	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t
368	LEFT JOIN '.$CFG->prefix.'users u ON u.ident = t.owner
369	WHERE '.$searchline)) {
370	$profilesMsg = __gettext("Profiles where");
371	$body = <<< END
372
373	<h2>
374	$profilesMsg
375	END;
376	$body .= "'".__gettext($tagtype)."' = '".$tagvalue."':";
377	$body .= <<< END
378	</h2>
379	END;
380	$body .= <<< END
381	<table class="userlist">
382	<tr>
383	END;
384	$i = 1;
385	foreach($result as $key => $info) {
386	$width = 50;
387	if (sizeof($tagvalue) > 4) {
388	$width = 25;
389	}
390	$friends_username = $info->username;
391	$friends_name = htmlspecialchars(stripslashes($info->name), ENT_COMPAT, 'utf-8');
392	$friends_menu = run("users:infobox:menu",array($info->ident));
393	$body .= <<< END
394	<td align="center">
395	<p>
396	<a href="{$CFG->wwwroot}{$friends_username}/">
397	<img src="{$CFG->wwwroot}_icon/user/{$info->icon}/w/{$width}" alt="{$friends_name}" border="0" /></a><br />
398	<span class="userdetails">
399	{$friends_name}
400	{$friends_menu}
401	</span>
402	</p>
403	</td>
404	END;
405	if ($i % 5 == 0) {
406	$body .= "</tr><tr>";
407	}
408	$i++;
409	}
410	$body .= <<< END
411	</tr>
412	</table>
413	END;
414	$run_result .= $body;
415	}
416	}
417	return $run_result;
418	}
419
420	function search_all_tagtypes () {
421
422	global $data;
423
424	foreach($data['profile:details'] as $profiletype) {
425	if ($profiletype[2] == "keywords") {
426	$data['search:tagtypes'][] = $profiletype[1];
427	}
428	}
429	return true;
430	}
431
432	function search_all_tagtypes_rss () {
433
434	global $data;
435
436	foreach($data['profile:details'] as $profiletype) {
437	if ($profiletype[2] == "keywords") {
438	$data['search:tagtypes:rss'][] = $profiletype[1];
439	}
440	}
441	return true;
442	}
443
444	function search_ecl ($tagtype, $tagvalue) {
445
446	global $data, $CFG, $db;
447
448	$handle = 0;
449	$run_result = '';
450
451	foreach($data['profile:details'] as $profiletype) {
452	if ($profiletype[1] == $tagtype && $profiletype[2] == "keywords") {
453	$handle = 1;
454	}
455	}
456
457	if ($handle) {
458
459	$sub_result = "";
460
461	$searchline = "tagtype = " . $db->qstr($tagtype) . " AND tag = " . $db->qstr($tagvalue) . "";
462	$searchline = "(" . run("users:access_level_sql_where",$_SESSION['userid']) . ") AND " . $searchline;
463	$searchline = str_replace("owner", "t.owner", $searchline);
464	$tagvalue = stripslashes($tagvalue);
465	if ($result = get_record_sql('SELECT DISTINCT u.* FROM '.$CFG->prefix.'tags t