1
mramsey
New suggestion for the new Xoops Core for userinfo.php
  • 2005/4/12 10:18

  • mramsey

  • Just popping in

  • Posts: 33

  • Since: 2002/3/8 3


Hi All,

I’ve done a hack to userinfo.php to stop any other users to have access the personal account details of another user due to our registration & privacy obligations.

So if you can implement it to the new XOOPS core.

Also if you can have the entire user menu such as (edituser.php, lostpass.php, notifications.php, register.php, user.php, userinfo.php, viewpmsg.php) as a Module, so we can have an access to modify any information required such as we can enable or disable PM.

I am not a PHP programmer, but I learned PHP from Xoops, thank you teams.

It has two modifications
1- The userinfo.php hack
2- The new 'user_info_not.html' under the system modules.

USERINFO.PHP
// $Id: userinfo.php,v 1.18 2004/12/26 19:11:48 Onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// <https://xoops.org/> //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //

$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
include_once XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

include_once XOOPS_ROOT_PATH . '/modules/system/constants.php';

$uid = intval($_GET['uid']);
if ($uid <= 0) {
redirect_header('index.php', 3, _US_SELECTNG);
exit();
}

$gperm_handler = & xoops_gethandler( 'groupperm' );

$groups = is_object($xoopsUser) ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;

$isAdmin = $gperm_handler->checkRight( 'system_admin', XOOPS_SYSTEM_USER, $groups); // isadmin is true if user has 'edit users' admin rights

if (is_object($xoopsUser)) {
if ($uid == $xoopsUser->getVar('uid')) {
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
$xoopsOption['template_main'] = 'system_userinfo.html';
include XOOPS_ROOT_PATH.'/header.php';
$xoopsTpl->assign('user_ownpage', true);
$xoopsTpl->assign('lang_editprofile', _US_EDITPROFILE);
$xoopsTpl->assign('lang_avatar', _US_AVATAR);
$xoopsTpl->assign('lang_inbox', _US_INBOX);
$xoopsTpl->assign('lang_logout', _US_LOGOUT);
if ($xoopsConfigUser['self_delete'] == 1) {
$xoopsTpl->assign('user_candelete', true);
$xoopsTpl->assign('lang_deleteaccount', _US_DELACCOUNT);
} else {
$xoopsTpl->assign('user_candelete', false);
}
$thisUser =& $xoopsUser;
} else {
$member_handler =& xoops_gethandler('member');
$thisUser =& $member_handler->getUser($uid);
if (!is_object($thisUser) || !$thisUser->isActive() ) {
redirect_header("index.php",3,_US_SELECTNG);
exit();
}
$xoopsOption['template_main'] = 'user_info_not.html';
include XOOPS_ROOT_PATH.'/header.php';
$xoopsTpl->assign('user_ownpage', false);
}
} else {
$member_handler =& xoops_gethandler('member');
$thisUser =& $member_handler->getUser($uid);
if (!is_object($thisUser) || !$thisUser->isActive()) {
redirect_header("index.php",3,_US_SELECTNG);
exit();
}
$xoopsOption['template_main'] = 'user_info_not.html';
include(XOOPS_ROOT_PATH.'/header.php');
$xoopsTpl->assign('user_ownpage', false);
}
$myts =& MyTextSanitizer::getInstance();
if ( is_object($xoopsUser) && $isAdmin ) {
$xoopsTpl->assign('lang_editprofile', _US_EDITPROFILE);
$xoopsTpl->assign('lang_deleteaccount', _US_DELACCOUNT);
$xoopsTpl->assign('user_uid', $thisUser->getVar('uid'));
}
$xoopsTpl->assign('lang_allaboutuser', sprintf(_US_ALLABOUT,$thisUser->getVar('uname')));
$xoopsTpl->assign('lang_avatar', _US_AVATAR);
$xoopsTpl->assign('user_avatarurl', 'uploads/'.$thisUser->getVar('user_avatar'));
$xoopsTpl->assign('lang_realname', _US_REALNAME);
$xoopsTpl->assign('user_realname', $thisUser->getVar('name'));
$xoopsTpl->assign('lang_website', _US_WEBSITE);
$xoopsTpl->assign('user_websiteurl', ''.$thisUser->getVar('url').'');
$xoopsTpl->assign('lang_email', _US_EMAIL);
$xoopsTpl->assign('lang_privmsg', _US_PM);
$xoopsTpl->assign('lang_icq', _US_ICQ);
$xoopsTpl->assign('user_icq', $thisUser->getVar('user_icq'));
$xoopsTpl->assign('lang_aim', _US_AIM);
$xoopsTpl->assign('user_aim', $thisUser->getVar('user_aim'));
$xoopsTpl->assign('lang_yim', _US_YIM);
$xoopsTpl->assign('user_yim', $thisUser->getVar('user_yim'));
$xoopsTpl->assign('lang_msnm', _US_MSNM);
$xoopsTpl->assign('user_msnm', $thisUser->getVar('user_msnm'));
$xoopsTpl->assign('lang_location', _US_LOCATION);
$xoopsTpl->assign('user_location', $thisUser->getVar('user_from'));
$xoopsTpl->assign('lang_interest', _US_INTEREST);
$xoopsTpl->assign('user_interest', $thisUser->getVar('user_intrest'));
$xoopsTpl->assign('lang_occupation', _US_OCCUPATION);
$xoopsTpl->assign('user_occupation', $thisUser->getVar('user_occ'));
$xoopsTpl->assign('lang_extrainfo', _US_EXTRAINFO);
$xoopsTpl->assign('user_extrainfo', $myts->makeTareaData4Show($thisUser->getVar('bio', 'N'),0,1,1));
$xoopsTpl->assign('lang_statistics', _US_STATISTICS);
$xoopsTpl->assign('lang_membersince', _US_MEMBERSINCE);
$xoopsTpl->assign('user_joindate', formatTimestamp($thisUser->getVar('user_regdate'),'s'));
$xoopsTpl->assign('lang_rank', _US_RANK);
$xoopsTpl->assign('lang_posts', _US_POSTS);
$xoopsTpl->assign('lang_basicInfo', _US_BASICINFO);
$xoopsTpl->assign('lang_more', _US_MOREABOUT);
$xoopsTpl->assign('lang_myinfo', _US_MYINFO);
$xoopsTpl->assign('user_posts', $thisUser->getVar('posts'));
$xoopsTpl->assign('lang_lastlogin', _US_LASTLOGIN);
$xoopsTpl->assign('lang_notregistered', _US_NOTREGISTERED);

$xoopsTpl->assign('lang_signature', _US_SIGNATURE);
$xoopsTpl->assign('user_signature', $myts->makeTareaData4Show($thisUser->getVar('user_sig', 'N'),0,1,1));

if ($thisUser->getVar('user_viewemail') == 1) {
$xoopsTpl->assign('user_email', $thisUser->getVar('email', 'E'));
} else {
if (is_object($xoopsUser)) {
// All admins will be allowed to see emails, even those that are not allowed to edit users (I think it's ok like this)
if ($xoopsUserIsAdmin || ($xoopsUser->getVar("uid") == $thisUser->getVar("uid"))) {
$xoopsTpl->assign('user_email', $thisUser->getVar('email', 'E'));
} else {
$xoopsTpl->assign('user_email', ' ');
}
}
}
if (is_object($xoopsUser)) {
$xoopsTpl->assign('user_pmlink', "getVar('uid')."', 'pmlite', 450, 380);\">\"".sprintf(_SENDPMTO,$thisUser-getVar('uname'))."\" />");
} else {
$xoopsTpl->assign('user_pmlink', '');
}
$userrank =& $thisUser->rank();
if ($userrank['image']) {
$xoopsTpl->assign('user_rankimage', '');
}
$xoopsTpl->assign('user_ranktitle', $userrank['title']);
$date = $thisUser->getVar("last_login");
if (!empty($date)) {
$xoopsTpl->assign('user_lastlogin', formatTimestamp($date,"m"));
}


$module_handler =& xoops_gethandler('module');
$criteria = new CriteriaCompo(new Criteria('hassearch', 1));
$criteria->add(new Criteria('isactive', 1));
$mids =& array_keys($module_handler->getList($criteria));

foreach ($mids as $mid) {
// Hack by marcan : only return results of modules for which user has access permission
if ( $gperm_handler->checkRight('module_read', $mid, $groups)) {
$module =& $module_handler->get($mid);
$results =& $module->search('', '', 5, 0, $thisUser->getVar('uid'));
$count = count($results);
if (is_array($results) && $count > 0) {
for ($i = 0; $i < $count; $i++) {
if (isset($results[$i]['image']) && $results[$i]['image'] != '') {
$results[$i]['image'] = 'modules/'.$module->getVar('dirname').'/'.$results[$i]['image'];
} else {
$results[$i]['image'] = 'images/icons/posticon2.gif';
}
$results[$i]['link'] = 'modules/'.$module->getVar('dirname').'/'.$results[$i]['link'];
$results[$i]['title'] = $myts->makeTboxData4Show($results[$i]['title']);
$results[$i]['time'] = $results[$i]['time'] ? formatTimestamp($results[$i]['time']) : '';
}
if ($count == 5) {
$showall_link = ''._US_SHOWALL.'';
} else {
$showall_link = '';
}
$xoopsTpl->append('modules', array('name' => $module->getVar('name'), 'results' => $results, 'showall_link' => $showall_link));
}
unset($module);
}
}
include XOOPS_ROOT_PATH.'/footer.php';
?>

USER_INFO_NOT.HTML















style="border-collapse: collapse" bordercolor="#111111">
















You have tried to access the personal account details of another user.

Due
to our registration & privacy obligations,
we do not allow such access.



If you would like to contact the webmaster or the My web site

Please
email :

email@localhost.com



You will be redirected...





 Thank you!


 


 















 


Login

Who's Online

382 user(s) are online (284 user(s) are browsing Support Forums)


Members: 0


Guests: 382


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits