User's cant edit profile: PHPFusion 6 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Hey

i need some help. my users, cant edit there profile, and this error came, after i updatet the updateuser.php. (i think,) can some see if there is some error in this code ?

Or can the error be in the update_profil.php fil ? becores i think my updateuser.php file looks ok ?

Code Download source

<?php
/*---------------------------------------------------+
| PHPFusion 6 Content Management System
+----------------------------------------------------+
| Copyright (c) 2005 Nick Jones
| http://www.php-fusion.co.uk/
+----------------------------------------------------+
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
if (!defined("IN_FUSION")) { header("location: ../index.php"); exit; }
if (!checkrights("M")) fallback("../index.php");
if (!isset($user_id) || !isNum($user_id)) fallback(FUSION_SELF);

$error = ""; $set_avatar = "";
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$user_id'");
$data2 = dbarray($result);
if ($user_id == 1) $error .= $locale['450']."<br>\n";

$user_name = trim(eregi_replace(" +", " ", $_POST['user_name']));

if ($user_name == "" || $_POST['user_email'] == "") {
   $error .= $locale['451']."<br>\n";
} else {
   if (!preg_match("/^[-0-9A-Z_@\s]+$/i", $user_name)) $error .= $locale['452']."<br>\n";
   
   if ($user_name != $data2['user_name']) {
      $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name'");
      if (dbrows($result) != 0) {
         $error .= $locale['453']."<br>\n";
      }
   }
   
   if (!preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $_POST['user_email'])) $error .= $locale['454']."<br>\n";
   
   if ($_POST['user_email'] != $data2['user_email']) {
      $result = dbquery("SELECT user_email FROM ".$db_prefix."users WHERE user_email='".$_POST['user_email']."'");
      if (dbrows($result) != 0) {
         $error = $locale['455']."<br>\n";
      }
   }
}

if ($_POST['user_newpassword'] != "") {
   if ($_POST['user_newpassword2'] != $_POST['user_newpassword']) {
      $error .= $locale['456']."<br>";
   } else {
      if ($_POST['user_hash'] == $data2['user_password']) {
         if (!preg_match("/^[0-9A-Z@]{6,20}$/i", $_POST['user_newpassword'])) {
            $error .= $locale['457']."<br>\n";
         }
      } else {         
         $error .= $locale['458']."<br>\n";
      }
   }
}

$user_hide_email = isNum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1";
$user_location = isset($_POST['user_location']) ? stripinput(trim($_POST['user_location'])) : "";
if ($_POST['user_month'] != 0 && $_POST['user_day'] != 0 && $_POST['user_year'] != 0) {
   $user_birthdate = (isNum($_POST['user_year']) ? $_POST['user_year'] : "0000")
   ."-".(isNum($_POST['user_month']) ? $_POST['user_month'] : "00")
   ."-".(isNum($_POST['user_day']) ? $_POST['user_day'] : "00");
} else {
   $user_birthdate = "0000-00-00";
}
$user_aim = isset($_POST['user_aim']) ? stripinput(trim($_POST['user_aim'])) : "";
$user_icq = isset($_POST['user_icq']) ? stripinput(trim($_POST['user_icq'])) : "";
$user_msn = isset($_POST['user_msn']) ? stripinput(trim($_POST['user_msn'])) : "";
$user_yahoo = isset($_POST['user_yahoo']) ? stripinput(trim($_POST['user_yahoo'])) : "";
$user_web = isset($_POST['user_web']) ? stripinput(trim($_POST['user_web'])) : "";
$user_theme = stripinput($_POST['user_theme']);
$user_offset = is_numeric($_POST['user_offset']) ? $_POST['user_offset'] : "0";
$user_sig = isset($_POST['user_sig']) ? stripinput(trim($_POST['user_sig'])) : "";

if ($error == "") {
   $newavatar = $_FILES['user_avatar'];
   if ($data2['user_avatar'] == "" && !empty($newavatar['name']) && is_uploaded_file($newavatar['tmp_name'])) {
   if (preg_match("/^[-0-9A-Z_\.\[\]]+$/i", $newavatar['name']) && $newavatar['size'] <= 30720) {
         $avatarext = strrchr($newavatar['name'],".");
         if ($avatarext == ".gif" || $avatarext == ".jpg" || $avatarext == ".png") {
            $avatarname = substr($newavatar['name'], 0, strrpos($newavatar['name'], "."));
            $avatarname = $avatarname."[".$user_id."]".$avatarext;
            $set_avatar = "user_avatar='$avatarname', ";
            move_uploaded_file($newavatar['tmp_name'], IMAGES."avatars/".$avatarname);
            chmod(IMAGES."/avatars/".$avatarname,0644);
            $size = getimagesize(IMAGES."avatars/".$avatarname);
            if ($size['0'] > $avadmin['avatar_admin_width'] || $size['1'] > $avadmin['avatar_admin_height']) {
               unlink(IMAGES."avatars/".$avatarname);
               $set_avatar = "";
            }
         }
      }
   }

   if (isset($_POST['del_avatar'])) {
      $set_avatar = "user_avatar='', ";
      unlink(IMAGES."avatars/".$data2['user_avatar']);
   }
   
   if ($user_newpassword != "") { $newpass = " user_password=md5('$user_newpassword'), "; } else { $newpass = " "; }
   $result = dbquery("UPDATE ".$db_prefix."users SET user_name='$user_name',".$newpass."user_email='".$_POST['user_email']."', user_hide_email='$user_hide_email', user_location='$user_location', user_birthdate='$user_birthdate', user_icq='$user_icq', user_msn='$user_msn', user_yahoo='$user_yahoo', user_web='$user_web', user_theme='$user_theme', user_offset='$user_offset', ".$set_avatar."user_sig='$user_sig' WHERE user_id='$user_id'");
}
?>

Edited by shearer on 16-01-2006 16:48, 18 y

0 replies

Falk

answered 16 Jan 2006 at 03:52 PM

Super Admin

If users cant edit their profiles its includes/update_user_profile.php you need to look at.

0 replies

hmmm, then i need some help. i try to delete, the red text, becores i think that was the error, butt i stille cant edit, i just get a empty page, when i press save.

Code Download source

<?php
/*---------------------------------------------------+
| PHPFusion 6 Content Management System
+----------------------------------------------------+
| Copyright © 2002 - 2005 Nick Jones
| http://www.php-fusion.co.uk/
+----------------------------------------------------+
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
if (!defined("IN_FUSION")) { header("Location: ../index.php"); exit; }
if (!iMEMBER) fallback("index.php");

$error = ""; $set_avatar = "";

$username = trim(eregi_replace(" +", " ", $_POST['user_name']));
if ($username == "" || $_POST['user_email'] == "") {
   $error .= $locale['480']."<br>\n";
} else {
   if (!preg_match("/^[-0-9A-Z_@\s]+$/i", $username)) $error .= $locale['481']."<br>\n";
   
   if ($username != $userdata['user_name']) {
      $result = dbquery("SELECT user_name FROM ".$db_prefix."users WHERE user_name='$username'");
      if (dbrows($result) != 0) $error = $locale['482']."<br>\n";
   }
   
   if (!preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $_POST['user_email'])) $error .= $locale['483']."<br>\n";
   
   if ($_POST['user_email'] != $userdata['user_email']) {
      $result = dbquery("SELECT user_email FROM ".$db_prefix."users WHERE user_email='".$_POST['user_email']."'");
      if (dbrows($result) != 0) $error = $locale['484']."<br>\n";
   }
}

if ($_POST['user_newpassword'] != "") {
   if ($_POST['user_newpassword2'] != $_POST['user_newpassword']) {
      $error .= $locale['485']."<br>";
   } else {
      if ($_POST['user_hash'] == $userdata['user_password']) {
         if (!preg_match("/^[0-9A-Z@]{6,20}$/i", $_POST['user_newpassword'])) {
            $error .= $locale['486']."<br>\n";
         }
      } else {         
         $error .= $locale['487']."<br>\n";
      }
   }
}

$user_hide_email = isNum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1";
$user_location = isset($_POST['user_location']) ? stripinput(trim($_POST['user_location'])) : "";
if ($_POST['user_month'] != 0 && $_POST['user_day'] != 0 && $_POST['user_year'] != 0) {
   $user_birthdate = (isNum($_POST['user_year']) ? $_POST['user_year'] : "0000")
   ."-".(isNum($_POST['user_month']) ? $_POST['user_month'] : "00")
   ."-".(isNum($_POST['user_day']) ? $_POST['user_day'] : "00");
} else {
   $user_birthdate = "0000-00-00";
}
$user_aim = isset($_POST['user_aim']) ? stripinput(trim($_POST['user_aim'])) : "";
$user_icq = isset($_POST['user_icq']) ? stripinput(trim($_POST['user_icq'])) : "";
$user_msn = isset($_POST['user_msn']) ? stripinput(trim($_POST['user_msn'])) : "";
$user_yahoo = isset($_POST['user_yahoo']) ? stripinput(trim($_POST['user_yahoo'])) : "";
$user_web = isset($_POST['user_web']) ? stripinput(trim($_POST['user_web'])) : "";
$user_theme = stripinput($_POST['user_theme']);
$user_offset = is_numeric($_POST['user_offset']) ? $_POST['user_offset'] : "0";
$user_sig = isset($_POST['user_sig']) ? stripinput(trim($_POST['user_sig'])) : "";

if ($error == "") {
   $newavatar = $_FILES['user_avatar'];
if ($userdata['user_avatar'] == "" && !empty($newavatar['name']) && is_uploaded_file($newavatar['tmp_name'])) {
   if (preg_match("/^[-0-9A-Z_\.\[\]]+$/i", $newavatar['name']) && $newavatar['size'] <= 30720) {
      [color=red]if (is_uploaded_file($newavatar['tmp_name']) && $newavatar['size'] <= $avadmin['avatar_admin_size']) {[/color]
         $avatarext = strrchr($newavatar['name'],".");
         if (eregi(".gif", $avatarext) || eregi(".jpg", $avatarext) || eregi(".png", $avatarext)) {
            $avatarname = substr($newavatar['name'], 0, strrpos($newavatar['name'], "."));
            $avatarname = $avatarname."[".$userdata['user_id']."]".$avatarext;
            $set_avatar = "user_avatar='$avatarname', ";
            move_uploaded_file($newavatar['tmp_name'], IMAGES."avatars/".$avatarname);
            chmod(IMAGES."avatars/".$avatarname,0644);
            $size = getimagesize(IMAGES."avatars/".$avatarname);
            if ($size['0'] > $avadmin['avatar_admin_width'] || $size['1'] > $avadmin['avatar_admin_height']) {
               unlink(IMAGES."avatars/".$avatarname);
               $set_avatar = "";
            }
         }
      unlink($newavatar['tmp_name']);
   }
   
   if (isset($_POST['del_avatar'])) {
      $set_avatar = "user_avatar='', ";
      unlink(IMAGES."avatars/".$userdata['user_avatar']);
   }
   
   if ($user_newpassword != "") { $newpass = " user_password=md5('$user_newpassword'), "; } else { $newpass = " "; }
   $result = dbquery("UPDATE ".$db_prefix."users SET user_name='$username',".$newpass."user_email='".$_POST['user_email']."', user_hide_email='$user_hide_email', user_location='$user_location', user_birthdate='$user_birthdate', user_aim='$user_aim', user_icq='$user_icq', user_msn='$user_msn', user_yahoo='$user_yahoo', user_web='$user_web', user_theme='$user_theme', user_offset='$user_offset', ".$set_avatar."user_sig='$user_sig' WHERE user_id='".$userdata['user_id']."'");
   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='".$userdata['user_id']."'");
   if (dbrows($result) != 0) {
      $userdata = dbarray($result);
      redirect("edit_profile.php?update_profile=ok");
   }
}
?>

Edited by shearer on 16-01-2006 17:01, 18 y

0 replies

Falk

answered 16 Jan 2006 at 04:18 PM

Super Admin

Remove the red line, replace:

Code Download source

if (preg_match("/^[-0-9A-Z_\.\[\]]+$/i", $newavatar['name']) && $newavatar['size'] <= 30720) {

With:

Code Download source

if (preg_match("/^[-0-9A-Z_\.\[\]]+$/i", $newavatar['name']) && $newavatar['size'] <= $avadmin['avatar_admin_size']) {

0 replies

Nope dont help, i still can edit ?

0 replies

@digi. do you want superadmin acces to my site, so you can see what i mean, when i try to edit some profile ?

0 replies

Falk

answered 16 Jan 2006 at 08:44 PM

Super Admin

No, try commenting out the last line

Code Download source

//redirect("edit_profile.php?update_profile=ok");

Try editing your profile now, see what error u get.

0 replies

hmm dont understand .

i have try delete the //redirect("edit_profile.php?update_profile=ok"

;

butt still the same error.

Edited by shearer on 16-01-2006 21:56, 18 y

0 replies

Digi
any other ideas ? my users is starting to be "angry" about this ;)

0 replies

Falk

answered 17 Jan 2006 at 01:52 PM

Super Admin

Can you not try the .303 core files? That would be the ideal approach assuming you haven't altered the users db.

Edited by Falk on 17-01-2006 14:53, 18 y

0 replies

ok i try, do i only need to tryk with the update_user_profile.php or any others to ?

0 replies

Falk

answered 17 Jan 2006 at 01:57 PM

Super Admin

Just that one

0 replies

Okay, that works. butt i dont think i can used that file, becores i think i have made some code changes to my file, butt i am not sure. can you see some changes in the codes ?

0 replies

Falk

answered 17 Jan 2006 at 02:20 PM

Super Admin

With all due respect i have to draw a line in terms of support, my obligation is to fix errors in any core code, it is up to you how you modify any code, but i cannot provide support.

0 replies

Okay, it was only, becores you know the core code, i ask if you could see some importen code changes, that i have made. becores my brain isen't working so good ;) butt fair, thanks for the help...

0 replies

Category Forum

Bugs and Errors - 6

Labels

None yet

Statistics

Views 0 views
Posts 14 posts
Votes 0 votes
Topic users 2 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

User's cant edit profile

14 posts

PHPFusion

Resources

Community

Development