INT, 'ppaction' => STRING, 'verifykey' => INT, 'protype' => INT, 'resend' => STRING,
'delete' => STRING, 'showall' => INT, 'iname' => STRING, 'iemail' => STRING,
'iname' => STRING, 'iemail' => STRING, 'imessage' => STRING));
typecast($_POST, array('offset' => INT, 'editemail' => STRING, 'editemailconfirm' => STRING, 'editbio' => STRING, 'editbirthday' => STRING,
'edithomepage' => STRING, 'editicq' => STRING, 'editaim' => STRING, 'edityahoo' => STRING,
'edityear' => STRING, 'editday' => STRING, 'editmonth' => STRING, 'edithobbies' => STRING,
'editoccupation' => STRING, 'editinterests' => STRING, 'editlocation' => STRING, 'inemail' => STRING,
'do' => STRING, 'oldpassword' => STRING, 'newpassword' => STRING,
'cnewpassword' => STRING,'email' => STRING,'emailconfirm' => STRING,'bio' => STRING,
'birthday' => STRING,'homepage' => STRING,'icq' => STRING,'aim' => STRING,
'yahoo' => STRING,'year' => STRING,'hobbies' => STRING,'occupation' => STRING,
'location' => STRING, 'rating' => INT, 'feedback' => STRING, 'edittitle' => STRING, 'editsig' => STRING));
typecast_wc('delsub', STRING);
typecast_wc('delnot', STRING);
authenticate();
if ( $Globals['ppboards'] == "closed" && $User['adminedit'] != 1 )
{
diewell( $Globals['closedmsg'] );
}
if ( empty($ppaction) )
{
$ppaction = "profile";
}
// If not for someone else, then for me...
if ( $uid == 0 ) {
$uid = $User['userid'];
}
if ( $uid == $User['userid'] ) {
$query = "SELECT COUNT(*) FROM {$Globals['pp_db_prefix']}subscriptions WHERE isactive='yes'";
$resultz = ppmysql_query($query,$link);
$subcheck = mysql_num_rows($resultz);
}
if ( !isset( $rating) ) $rating = 0;
if ( !isset( $feedback ) ) $feedback = "";
if ( $rating > 0 || !empty($feedback) ) {
// User is trying to give feedback; lets do some fraud checking first
if ( $gologin == 1 )
diewell( $Globals['pp_lang']['onlyreg'] );
if ( $rating < 1 || $rating > 3 )
diewell( $Globals['pp_lang']['rateerror'] );
if ( strlen($feedback) < 5 )
diewell( $Globals['pp_lang']['feederror'] );
if ( $User['userid'] == $uid )
diewell ( $Globals['pp_lang']['errorself'] );
// phew! made it, so lets record it
$query = "SELECT id,rating,comment FROM {$Globals['pp_db_prefix']}feedback WHERE fromuser={$User['userid']} AND foruser=$uid";
$result = ppmysql_query($query,$link);
list( $feedid, $oldrating, $oldfeedback ) = mysql_fetch_row($result);
ppmysql_free_result($result);
$ipaddr = findenv("REMOTE_ADDR");
list($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
$mon = $mon + 1;
$year = $year + 1900;
$julian = mktime($hour,$min,$sec,$mon,$mday,$year);
$moderate = ( $User['usemod'] == 0 ? 1 : 0 );
$username_q = addslashes($User['username']);
if ( $oldrating )
{
// They are updating a rating/feedback
$query = "UPDATE {$Globals['pp_db_prefix']}feedback SET rating=$rating, comment='$feedback', approved=$moderate, ip='$ipaddr', postdate=$julian, username='$username_q' WHERE id=$feedid";
$result = ppmysql_query($query,$link);
}
else
{
// New feedback
$query = "INSERT INTO {$Globals['pp_db_prefix']}feedback (id,foruser,fromuser,username,postdate,rating,comment,approved,ip)
values (NULL,$uid,'{$User['userid']}','$username_q',$julian,$rating,'$feedback',$moderate,'$ipaddr')";
$result = ppmysql_query($query,$link);
}
forward( "member.php?uid=$uid", $Globals['pp_lang']['feedthankyou'] );
exit;
}
// Display a user's profile
if ( $ppaction == "rpwd" && $Globals['vbversion'] == "sellerspost" )
{
list( $dbkey, $email, $dbuser ) = ppmysql_query_onerow("SELECT joindate,email,username FROM {$Globals['pp_db_prefix']}users WHERE userid=$uid", $link);
if ( $verifykey == $dbkey )
{
$newpass = gen_password();
$npass = md5($newpass);
$resulta = ppmysql_query("UPDATE {$Globals['pp_db_prefix']}users SET password='$npass' WHERE userid=$uid", $link);
include("{$Globals['PP_PATH']}/languages/$pplang/emails.php");
$mail_from = "From: {$Globals['adminemail']}";
$letter = $Globals['pp_lang']['epwdreset'];
$letter = stripslashes($letter);
$subject = $Globals['pp_lang']['epassrsub'];
mail( $email, $subject, $letter, $mail_from );
if ( isset($adminreset) ) {
diewell( $Globals['pp_lang']['ureset'] );
}
forward( "index.php", $Globals['pp_lang']['preset'] );
}
else
{
forward( "index.php", $Globals['pp_lang']['nomatch'] );
}
exit;
}
//
// View a user's profile
//
if ( $Globals['showavatar'] == "yes" )
{
list( $cuname, $cuhomep, $cuposts, $cutitle, $cureg, $culoc, $cuavatar, $usig ) = get_profiledata( $uid );
}
$msgtext = null;
if ( $ppaction == "sendpm" )
{
if ( $uid && $imessage && $iname )
{
send_ppmsg( $uid, $imessage, $User['userid'], 'm' );
$msgtext = get_string( "msgsent", $iname );
}
else
{
$msgtext = $Globals['pp_lang']['nomsg'];
}
// Now drop them down to messages
$ppaction = "profile";
$protype = 6;
$uid = $User['userid'];
}
if ( $ppaction == "message" )
{
if ( $delete == "all" )
{
ppmysql_query( "UPDATE {$Globals['pp_db_prefix']}messages SET status=1 WHERE userid=$uid", $link );
}
else
{
$delete = (int)$delete;
if ( $delete )
{
ppmysql_query( "UPDATE {$Globals['pp_db_prefix']}messages SET status=1 WHERE msgid=$delete", $link );
}
}
// Now drop them down to messages
$ppaction = "profile";
$protype = 6;
}
$invitemsg = null;
if ( $ppaction == "invite" && $User['userid'] > 0 )
{
if ( $resend )
{
list( $icode, $omessage, $oname, $iemail ) = ppmysql_query_onerow( "SELECT code,message,name,email FROM {$Globals['pp_db_prefix']}invites WHERE code='$resend' AND status < 9 LIMIT 1", $link );
if ( $icode )
{
$iname = $oname;
$imessage = $omessage;
list( , , $temail ) = get_userinfo( "", $User['userid'] );
$letter = get_string( "invitemsg", $iname ) . "!\n\n$imessage\n\n";
$letter .= "{$Globals['pp_lang']['tojoin']}\n\n";
$letter .= "{$Globals['maindir']}/register.php?invite=$icode\n\n";
$email_from = "From: {$Globals['adminemail']}";
$subject = get_string( "invitesub", $User['username'] );
mail( $iemail, $subject, $letter, $email_from );
$invitemsg = get_string( "inviteresend", $iname, $iemail );
}
}
elseif ( $delete )
{
ppmysql_query( "DELETE FROM {$Globals['pp_db_prefix']}invites WHERE code='$delete'", $link );
$tuser = $User['userid'];
ppmysql_query( "UPDATE {$Globals['pp_db_prefix']}users SET invites=(invites-1) WHERE userid=$tuser", $link );
}
elseif ( $iemail && $iname && $imessage )
{
list( $userid ) = ppmysql_query_onerow( "SELECT userid FROM {$Globals['pp_db_prefix']}users WHERE email='$iemail' LIMIT 1", $link );
if ( $userid )
{
// Already a user
$invitemsg = get_string( "invitexist", $iemail);
}
else
{
list( $icode, $omessage, $oname ) = ppmysql_query_onerow( "SELECT code,message,name FROM {$Globals['pp_db_prefix']}invites WHERE email='$iemail' AND status < 9 LIMIT 1", $link );
$tuser = $User['userid'];
if ( $icode )
{
$iname = $oname;
$imessage = $omessage;
$invitemsg = get_string( "inviteresend", $iname, $iemail );
}
else
{
$tdate = time();
do
{
$icode = gen_password();
$scode = ppmysql_query( "INSERT INTO {$Globals['pp_db_prefix']}invites (code,email,name,message,datestamp,referer) VALUES ('$icode', '$iemail', '$iname', '$imessage', $tdate, $tuser)", $link );
$lastid = mysql_insert_id($link);
} while ( !$lastid );
$invitemsg = get_string( "invitesent", $iname, $iemail );
}
list( , , $temail ) = get_userinfo( "", $tuser );
$letter = get_string( "invitemsg", $iname ) . "\n\n$imessage\n\n";
$letter .= $Globals['pp_lang']['tojoin'] ."\n\n";
$letter .= "{$Globals['maindir']}/register.php?invite=$icode\n\n";
$email_from = "From: {$Globals['adminemail']}";
$subject = get_string( "invitesub", $User['username'] );
mail( $iemail, $subject, $letter, $email_from );
ppmysql_query( "UPDATE {$Globals['pp_db_prefix']}users SET invites=(invites+1) WHERE userid=$tuser", $link );
}
}
else
{
$invitemsg = $Globals['pp_lang']['invitebad'];
}
// Now drop them down below
$ppaction = "profile";
$protype = 5;
}
if ( $ppaction == "profile" )
{
$buddylist = null;
if ( $User['userid'] && ($User['userid'] != $uid) )
{
// Buddy?
list( $isbuddy ) = ppmysql_query_onerow("SELECT id FROM {$Globals['pp_db_prefix']}buddies WHERE userid={$User['userid']} AND buddy=$uid", $link);
if ( $isbuddy )
{
$buddylist = "{$Globals['pp_lang']['remfrombuddy']}";
}
else
{
$buddylist = "{$Globals['pp_lang']['addtobuddy']}";
}
}
if ( !$protype )
{
$userprofile = null;
list( $userid,$username,$utitle,$usig,$uavatar,$usergroupid,$homepage,$icq,$aim,$yahoo,$joindate,$posts,$birthday,$location,$interests,$occupation,$bio,$offset ) = ppmysql_query_onerow("SELECT userid,username,title,signature,avatar,usergroupid,homepage,icq,aim,yahoo,joindate,posts,birthday,location,interests,occupation,bio,offset FROM {$Globals['pp_db_prefix']}users WHERE userid=$uid LIMIT 1", $link);
// get the users profile information
list( $userid, $username, $email, $password, $temppass, $groups, $offset, $sessionid ) = get_userinfo( "", $uid );
$userprofile = get_profilelink( $uid, $username );
$interests = convert_returns(convert_markups($interersts));
$bio = convert_returns(convert_markups($bio));
}
elseif ( $protype == 3 )
{
$userprofile = null;
// get the users profile information
list( $userid, $username, $email, $password, $temppass, $groups, $offset, $sessionid ) = get_userinfo( "", $uid );
$userprofile = get_profilelink( $uid, $username );
list( $totalviews, $totalproducts ) = ppmysql_query_onerow("SELECT SUM(views), count(*) FROM {$Globals['pp_db_prefix']}products WHERE userid=$uid", $link);
list( $posttotal ) = ppmysql_query_onerow("SELECT count(*) FROM {$Globals['pp_db_prefix']}comments WHERE userid=$uid", $link);
$totalviews = number_format( $totalviews );
$totalproducts = number_format( $totalproducts );
$posttotal = number_format( $posttotal );
$resulta = ppmysql_query("SELECT p.id,p.title,p.userid,p.cat,p.approved,p.bigimage FROM {$Globals['pp_db_prefix']}products p LEFT JOIN {$Globals['pp_db_prefix']}categories c ON p.cat=c.id WHERE p.userid=$uid ORDER BY p.date DESC", $link);
while ( list( $phoid, $photitle, $puser, $pcat, $papproved, $pbigimage ) = mysql_fetch_row($resulta) )
{
$is_private = is_image_private( $pcat );
if ( $is_private == "no" )
{
break;
}
}
if ( !empty($pbigimage) )
{
$mthumb = get_imagethumb($pbigimage, $pcat, $puser, $papproved);
}
else
{
$mthumb = null;
$photitle = null;
}
if ( empty($photitle) )
{
$photitle = $Globals['pp_lang']['never'];
}
else
{
$photitle = "$mthumb
$photitle";
}
list( $comid, $comment ) = ppmysql_query_onerow("SELECT product,comment FROM {$Globals['pp_db_prefix']}comments WHERE userid=$uid AND comment != '' ORDER BY date DESC LIMIT 1", $link);
if ($comid > 0 )
{
list($comphoid, $comphotitle) = ppmysql_query_onerow("SELECT id,title FROM {$Globals['pp_db_prefix']}products WHERE id='$comid' ORDER BY date DESC LIMIT 1", $link);
$comment = convert_returns(convert_markups($comment));
$comphotitle = "$comphotitle
$comment";
}
else
{
$comphotitle = $Globals['pp_lang']['never'];
}
$catsub = null;
$notifysub = null;
$submitcheck = 0;
if ( $uid == $User['userid'] || $User['adminedit'] == 1 )
{
// Now get their subscriptions
$resulta = ppmysql_query("SELECT n.id,n.product,n.type,c.id,c.catname,p.id,p.title FROM {$Globals['pp_db_prefix']}notify n
LEFT JOIN {$Globals['pp_db_prefix']}categories c ON c.id=n.product
LEFT JOIN {$Globals['pp_db_prefix']}products p ON p.id=n.product
WHERE n.userid=$uid", $link);
$catsub = "
{$Globals['pp_lang']['nosub']} |
";
$notifysub = "{$Globals['pp_lang']['nonotify']} |
";
while ( list( $notifyid, $notifycat, $notifytype, $catid, $catname, $productid, $producttitle ) = mysql_fetch_row($resulta) )
{
if ( $notifytype == 1 ) {
$catrows .= " |
$catname |
";
}
else
{
$notifyrows .= " |
$producttitle |
";
}
$submitcheck = 1;
}
if ( $catrows != "" )
$catsub = "$catrows |
";
if ( $notifyrows != "" )
$notifysub = "$notifyrows |
";
}
}
elseif ( $protype == 1 || $protype == 4 )
{
list( $userid, $username ) = get_userinfo( "", $uid );
}
elseif ( $protype == 5 && $User['userid'] == $uid )
{
// Invites
list( $userid, $username ) = get_userinfo( "", $uid );
$resulta = ppmysql_query("SELECT invites,accepts FROM {$Globals['pp_db_prefix']}users WHERE userid=$uid LIMIT 1", $link);
list( $invites, $accepts ) = mysql_fetch_row($resulta);
$finvites = number_format( $invites );
$faccepts = number_format( $accepts );
// Outstanding invites
$outstand = array();
$x = 0;
$statusa = array( $Globals['pp_lang']['invitesent'], $Globals['pp_lang']['remidersent'], null, null, null, null, null, null, null, $Globals['pp_lang']['accepted'] );
$oinvites = ppmysql_query("SELECT name,code,email,datestamp,status FROM {$Globals['pp_db_prefix']}invites WHERE referer=$uid AND status < 9 ORDER BY datestamp DESC", $link);
while ( $oresult = mysql_fetch_assoc($oinvites) )
{
$outstand[$x][name] = $oresult[name];
$outstand[$x][email] = $oresult[email];
$outstand[$x][code] = $oresult[code];
$outstand[$x][date] = ago($oresult[datestamp]);
$outstand[$x][status] = $statusa[$oresult[status]];
$x++;
}
$acptd = null;
$oinvites = ppmysql_query("SELECT i.name,i.uid,u.username FROM {$Globals['pp_db_prefix']}invites i
LEFT JOIN {$Globals['pp_db_prefix']}users u ON (u.userid=i.uid)
WHERE i.referer=$uid AND i.status=9 ORDER BY i.datestamp DESC LIMIT 20", $link);
while ( $oresult = mysql_fetch_assoc($oinvites) )
{
$acptd .= ( $acptd ? ", " : "" ) . "{$oresult['name']} as $oresult[username]";
}
}
elseif ( $protype == 6 && $User['userid'] == $uid )
{
// Messages
$userid = $User['userid'];
$username = $User['username'];
$statusa = array( $Globals['pp_lang']['new'], $Globals['pp_lang']['read'] );
$x = 0;
$messages = array();
$limitq = ( $showall ? null : "LIMIT 15" );
$msgs = ppmysql_query("SELECT msgid,datestamp,message,type,product FROM {$Globals['pp_db_prefix']}messages WHERE userid=$uid AND status=0 ORDER BY datestamp DESC $limitq", $link);
while ( $msg = mysql_fetch_assoc($msgs) )
{
if ( $msg['type'] == "m" )
{
list( $tid, $tname ) = get_userinfo( "", $msg['product'] );
$msg[datestamp] = $msg[datestamp] + ($User['offset'] * 3600) + ($Globals['gmtoffset'] * 3600);
$messages[$x] = "{$Globals['pp_lang']['from']}: $tname [ ". strftime( "%B %d %I:%m%p", $msg[datestamp]) . " ] [ {$Globals['pp_lang']['reply']} ]
";
$messages[$x] .= convert_returns(convert_markups($msg['message']));
}
else
{
$msg[datestamp] = $msg[datestamp] + ($User['offset'] * 3600) + ($Globals['gmtoffset'] * 3600);
$messages[$x] = strftime( "%B %d %I:%m%p", $msg[datestamp]) . ": ";
$messages[$x] .= convert_returns(convert_markups($msg['message']));
}
$msgid[$x] = $msg['msgid'];
$x++;
}
}
elseif ( $protype == 7 && $User['userid'] )
{
$username = $User['username'];
list( $userid, $sendname ) = get_userinfo( "", $uid );
}
elseif ( $protype == 8 && $User['userid'] )
{
// Buddy List
$userid = $User['userid'];
$username = $User['username'];
$buddies = array();
$buds = ppmysql_query("SELECT b.buddy,u.userid,u.username,u.laston,o.date FROM {$Globals['pp_db_prefix']}buddies b
LEFT JOIN {$Globals['pp_db_prefix']}users u ON (u.userid=b.buddy)
LEFT JOIN {$Globals['pp_db_prefix']}iponline o ON (o.uid=b.buddy)
WHERE b.userid=$userid ORDER BY u.username", $link);
while ( $bud = mysql_fetch_assoc($buds) )
{
$online = $laston = null;
if ( $bud['date'] > 0 )
{
$tdiff = time() - $bud['date'];
if ( $tdiff < 1200 )
{
// Online if in last 20 minutes
$online = "[ online ] ";
}
elseif ( $bud['laston'] )
{
$bud['laston'] = $bud['laston'] + ($User['offset'] * 3600) + ($Globals['gmtoffset'] * 3600);
$laston = " [ {$Globals['pp_lang']['lastseen']}: ". strftime( "%B %d %I:%m%p", $bud['laston']) ." ]";
}
}
else
{
if ( $bud['laston'] )
{
$bud['laston'] = $bud['laston'] + ($User['offset'] * 3600) + ($Globals['gmtoffset'] * 3600);
$laston = " [ {$Globals['pp_lang']['lastseen']}: ". strftime( "%B %d %I:%m%p", $bud['laston']) ." ]";
}
}
$resulta = ppmysql_query("SELECT p.id,p.title,p.userid,p.cat,p.approved,p.bigimage FROM {$Globals['pp_db_prefix']}products p LEFT JOIN {$Globals['pp_db_prefix']}categories c ON p.cat=c.id WHERE p.userid='{$bud['userid']}' ORDER BY p.date DESC LIMIT 5", $link);
while ( list( $phoid, $photitle, $puser, $pcat, $papproved, $pbigimage ) = mysql_fetch_row($resulta) )
{
if ( is_image_private($pcat) == "no" )
{
break;
}
}
if ( !empty($pbigimage) )
{
$mthumb = get_imagethumb($pbigimage, $pcat, $puser, $papproved);
}
else
{
$mthumb = null;
$photitle = null;
}
if ( empty($photitle) )
{
$photitle = $Globals['pp_lang']['noimage'];
}
else
{
$photitle = "$mthumb
$photitle";
}
$resulta = ppmysql_query("SELECT product,comment FROM {$Globals['pp_db_prefix']}comments WHERE userid='{$bud['userid']}' AND comment != '' ORDER BY date DESC LIMIT 1", $link);
list( $comid, $comment ) = mysql_fetch_row($resulta);
$comphotitle = null;
if ($comid > 0 )
{
$resulta = ppmysql_query("SELECT id,title FROM {$Globals['pp_db_prefix']}products WHERE id='$comid' ORDER BY date DESC LIMIT 1", $link);
list($comphoid, $comphotitle) = mysql_fetch_row($resulta);
$comment = convert_returns(convert_markups($comment));
$comphotitle = "{$Globals['pp_lang']['lcommenton']}: [ $comphotitle ]
$comment | ";
}
$buddies[] = "{$bud['username']} {$online}{$laston} | $photitle | $comphotitle";
}
}
elseif ( $protype == 9 && $User['userid'] )
{
list( $userid, $username ) = get_userinfo( "", $uid );
$ratecode = ""; $feedback = "";
// Only allow one rating per user, only for registered users
if ( $gologin == 0 ) {
$query = "SELECT rating,comment FROM {$Globals['pp_db_prefix']}feedback WHERE fromuser={$User['userid']} AND foruser=$uid";
$totalv = ppmysql_query($query,$link);
list( $rating, $feedback ) = mysql_fetch_row($totalv);
ppmysql_free_result($totalv);
$ratecode = get_rate_code( $rating );
}
// Let's get their feedback info
// Get their rating
list( $numstars, $overall ) = get_user_rating( $uid );
$ratingicon = "";
if ( $numstars > 0 ) $ratingicon = " ";
$query = "SELECT rating,count(*) FROM {$Globals['pp_db_prefix']}feedback WHERE foruser=$uid GROUP BY rating";
$totalv = ppmysql_query($query,$link);
$eachfeed = array( "", "{$Globals['pp_lang']['none']}", "{$Globals['pp_lang']['none']}", "{$Globals['pp_lang']['none']}" );
while ( list( $rating, $votes ) = mysql_fetch_row($totalv) ) {
$eachfeed[$rating] = $votes;
}
ppmysql_free_result($totalf);
}
else
{
list( $userid, $username ) = get_userinfo( "", $uid );
// Grab the most recent comments
$queryz = ppmysql_query("SELECT c.cat,c.product,c.comment,p.bigimage,p.cat,p.userid
FROM {$Globals['pp_db_prefix']}comments c
LEFT JOIN {$Globals['pp_db_prefix']}products p ON p.id=c.product
WHERE c.comment != '' AND c.userid=$uid ORDER BY c.date DESC LIMIT 10", $link);
$numfound = 0;
$compal = $usercoms = array();
while ( list($usercoms['cat'], $usercoms['lcproduct'], $comcomment, $thumbimg, $thumbcat, $thumbuid ) = mysql_fetch_row($queryz))
{
if ( $CatPerms['ugview'][$thumbcat] == 0 )
{
// Clean up html conversions
$comcomment = un_htmlspecialchars($comcomment);
// Strip out BB codes
$comcomment = preg_replace("#\[.*/?\]#siU", "", $comcomment);
$usercoms['cat'] = $thumbcat;
$usercoms['comment'] = ( strlen($comcomment) > 100 ? substr($comcomment,0,100)."..." : $comcomment );
$usercoms['thumblink'] = get_imagethumb( $thumbimg, $thumbcat, $thumbuid, 1, 0, 1, $thumbw, $thumbh );
// Rotated? We need unrotated...
if ( $Globals['rotatel'] > 0 || $Globals['rotatep'] > 0 )
{
$usercoms['thumblink'] = str_replace("/thumbs/", "/mini/", $usercoms['thumblink']);
}
if ( $Globals['spider'] == "yes" )
{
$usercoms['link'] = "{$Globals['maindir']}/showproduct.php/product/{$usercoms['lcproduct']}/cat/{$usercoms['cat']}";
}
else
{
$usercoms['link'] = "{$Globals['maindir']}/showproduct.php?product={$usercoms['lcproduct']}&cat={$usercoms['cat']}";
}
$compal['comment'][] = $usercoms['comment'];
$compal['thumblink'][] = $usercoms['thumblink'];
$compal['link'][] = $usercoms['link'];
$numfound++;
}
}
$comsfound = $numfound;
// Grab the most recent comments
$queryz = ppmysql_query("SELECT c.username,c.userid,c.cat,c.product,c.comment,p.bigimage,p.cat,p.userid
FROM {$Globals['pp_db_prefix']}comments c
LEFT JOIN {$Globals['pp_db_prefix']}products p ON p.id=c.product
WHERE c.comment != '' AND p.userid=$uid ORDER BY c.date DESC LIMIT 10", $link);
$usercoms = $phopal = array();
while ( list($usercoms['username'], $usercoms['userid'], $usercoms['cat'], $usercoms['lcproduct'], $comcomment, $thumbimg, $thumbcat, $thumbuid ) = mysql_fetch_row($queryz))
{
if ( $CatPerms['ugview'][$thumbcat] == 0 )
{
// Clean up html conversions
$comcomment = un_htmlspecialchars($comcomment);
// Strip out BB codes
$comcomment = preg_replace("#\[.*/?\]#siU", "", $comcomment);
$usercoms['cat'] = $thumbcat;
$usercoms['comment'] = ( strlen($comcomment) > 100 ? substr($comcomment,0,100)."..." : $comcomment );
$usercoms['thumblink'] = get_imagethumb( $thumbimg, $thumbcat, $thumbuid, 1, 0, 1, $thumbw, $thumbh );
// Rotated? We need unrotated...
if ( $Globals['rotatel'] > 0 || $Globals['rotatep'] > 0 )
{
$usercoms['thumblink'] = str_replace("/thumbs/", "/mini/", $usercoms['thumblink']);
}
if ( $Globals['spider'] == "yes" )
{
$usercoms['link'] = "{$Globals['maindir']}/showproduct.php/product/{$usercoms['lcproduct']}/cat/{$usercoms['cat']}";
}
else
{
$usercoms['link'] = "{$Globals['maindir']}/showproduct.php?product={$usercoms['lcproduct']}&cat={$usercoms['cat']}";
}
$phopal['comment'][] = $usercoms['comment'];
$phopal['thumblink'][] = $usercoms['thumblink'];
$phopal['link'][] = $usercoms['link'];
$phopal['username'][] = $usercoms['username'];
$phopal['userid'][] = $usercoms['userid'];
$numfound++;
}
}
$phocfound = $numfound;
}
printheader( 0, $Globals['pp_lang']['memprofile'], 0, "yes", null, $uid );
topmenu();
include( "{$Globals['TMPL_PATH']}/menubar.tmpl" );
include( "{$Globals['TMPL_PATH']}/profile.tmpl" );
printfooter();
exit;
}
if ( $ppaction == "forgot" && $Globals['vbversion'] == "sellerspost" )
{
if ( $do == "process" )
{
$query = "SELECT username,userid,joindate FROM {$Globals['pp_db_prefix']}users WHERE email='$inemail'";
$resultb = ppmysql_query($query,$link);
$checkrows = mysql_num_rows($resultb);
if ($checkrows > 0)
{
while( list( $dbuser, $dbuid, $joindate ) = mysql_fetch_row($resultb) ) {
$genpass = gen_password();
$newpass = md5($genpass);
$resulta = ppmysql_query("UPDATE {$Globals['pp_db_prefix']}users SET password='$newpass' WHERE userid=$dbuid", $link);
include("{$Globals['PP_PATH']}/languages/$pplang/emails.php");
$email_from = "From: {$Globals['adminemail']}";
$letter = $Globals['pp_lang']['epassres'];
$letter = stripslashes($letter);
$subject = $Globals['pp_lang']['epasssub2'];
mail( $inemail, $subject, $letter, $email_from );
}
forward( "index.php", $Globals['pp_lang']['checke'] );
exit;
}
else
{
$message = "{$Globals['pp_lang']['noaddr']}";
}
}
printheader( 0, $Globals['pp_lang']['memberpassadmin'] );
topmenu();
include( "{$Globals['TMPL_PATH']}/menubar.tmpl" );
include( "{$Globals['TMPL_PATH']}/forgotpass.tmpl" );
printfooter();
exit;
}
if ( $ppaction == "chgpass" && $Globals['vbversion'] == "sellerspost" )
{
if ( $gologin == 1 )
{
login( "{$Globals['maindir']}/member.php?ppaction=chgpass" );
exit;
}
if ( $do == "process" )
{
$reason = null;
if ( empty($oldpassword) )
{
$reason .= "{$Globals['pp_lang']['blankpass']}";
$stop = 1;
}
if ( empty($newpassword) )
{
$reason .= "{$Globals['pp_lang']['blankpass2']}";
$stop = 1;
}
if ( empty($cnewpassword) )
{
$reason .= "{$Globals['pp_lang']['confirmblank']}";
$stop = 1;
}
if ($newpassword != $cnewpassword)
{
$reason .= "{$Globals['pp_lang']['nomatch']}";
$stop = 1;
}
if ($newpassword != "")
{
$pwdstrlen = strlen($newpassword);
if ( $pwdstrlen < 4 )
{
$reason .= "{$Globals['pp_lang']['fourchars']}";
$stop = 1;
}
}
$resulta = ppmysql_query("SELECT password FROM {$Globals['pp_db_prefix']}users WHERE userid={$User['userid']} LIMIT 1", $link);
list( $dbpwd ) = mysql_fetch_row($resulta);
$oldpassword = md5($oldpassword);
if ( $oldpassword != $dbpwd )
{
$reason .= "{$Globals['pp_lang']['oldwrong']}";
$stop = 1;
}
if ($stop == 1)
{
diewell($reason);
}
$newpassword = md5($newpassword);
$resulta = ppmysql_query("UPDATE {$Globals['pp_db_prefix']}users SET password='$newpassword' WHERE userid={$User['userid']}", $link);
forward( "index.php", $Globals['pp_lang']['passchanged'] );
exit;
}
printheader( 0, $Globals['pp_lang']['memberoassadmin'] );
topmenu();
include( "{$Globals['TMPL_PATH']}/menubar.tmpl" );
include( "{$Globals['TMPL_PATH']}/changepass.tmpl" );
printfooter();
exit;
}
// Edit a user's profile (form)
if ($ppaction == "edit")
{
if ( $gologin == 1 )
{
login( "{$Globals['maindir']}/member.php?ppaction=edit" );
exit;
}
if ( $User['adminedit'] == 1 )
{
if ( $uid == 0 )
{
$uid = $User['userid'];
}
}
else
{
$uid = $User['userid'];
}
$months = array($Globals['pp_lang']['month1'],$Globals['pp_lang']['month2'],$Globals['pp_lang']['month3'],$Globals['pp_lang']['month4'],
$Globals['pp_lang']['month5'],$Globals['pp_lang']['month6'],$Globals['pp_lang']['month7'],$Globals['pp_lang']['month8'],
$Globals['pp_lang']['month9'],$Globals['pp_lang']['month10'],$Globals['pp_lang']['month11'],$Globals['pp_lang']['month12']);
$resulta = ppmysql_query("SELECT username,usergroupid,title,signature,homepage,icq,aim,yahoo,joindate,posts,birthday,location,interests,occupation,bio,email,offset FROM {$Globals['pp_db_prefix']}users WHERE userid=$uid LIMIT 1", $link);
list($username,$usergroupid,$utitle,$usig,$homepage,$icq,$aim,$yahoo,$joindate,$posts,$birthday,$location,$interests,$occupation,$bio,$email,$offset) = mysql_fetch_row($resulta);
// get the users profile information
list( $userid, $username, $email, $password, $temppass, $groups, $offset, $sessionid ) = get_userinfo( "", $uid );
if ( !$userid )
{
diewell( "{$Globals['pp_lang']['nomatch']}" );
}
$birth = explode( "-", $birthday );
$bmon = intval($birth[1]);
$bday = intval($birth[2]);
$byear = $birth[0];
if ($bmon != "")
{
$bmonsel = "";
}
else
{
$bmonsel = "";
}
if ($bday != "")
{
$bdaysel = "";
}
else
{
$bdaysel = "";
}
if ( $byear == "" )
{
$byear = null;
}
if ( $byear == "0000" )
{
$byear = null;
}
list($jsec,$jmin,$jhour,$jmday,$jmon,$jyear,$jwday,$jyday,$jisdst) = localtime($joindate);
$jmon++;
$jyear=1900+$jyear;
$resulta = ppmysql_query("SELECT groupname FROM {$Globals['pp_db_prefix']}usergroups WHERE groupid=$usergroupid", $link);
list( $usergroup ) = mysql_fetch_row($resulta);
list($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
$mon = $mon + 1;
$year = $year + 1900;
$julian = mktime($hour,$min,$sec,$mon,$mday,$year);
$cclock = formatpptime( $julian );
$ppdate = formatppdate( $julian );
$ttime = "$ppdate $cclock";
printheader( 0, $Globals['pp_lang']['memberprofile'] );
topmenu();
include( "{$Globals['TMPL_PATH']}/menubar.tmpl" );
include( "{$Globals['TMPL_PATH']}/editprofile.tmpl" );
printfooter();
exit;
}
// Process a user's edit, forward to profile display
if ( $ppaction == "processedit" )
{
if ( $gologin == 1 )
{
login( "{$Globals['maindir']}/member.php?ppaction=edit" );
exit;
}
if ($User['adminedit'] == 0 || !is_numeric($uid) )
{
if ($uid != $User['userid'])
{
diewell( $Globals['pp_lang']['noeditperm'] );
}
}
$testname = $_FILES['theimage']['name'][0];
$realsize = $_FILES['theimage']['size'][0];
if ( $realsize )
{
// We got something
include "{$Globals['PP_PATH']}/image-inc.php";
// Remove old avatar
$oa = ppmysql_query("SELECT avatar FROM {$Globals['pp_db_prefix']}users WHERE userid=$uid LIMIT 1", $link );
list ($oavatar) = mysql_fetch_row($oa);
if ( $oavatar )
{
@unlink( "{$Globals['datafull']}avatars/$oavatar" );
}
// Process new one
$realname = fixfilenames( $testname );
$outfilename = "{$User['userid']}$realname";
$filepath = "{$Globals['datafull']}avatars";
$filedir = "$filepath/$outfilename";
$infile = "{$Globals['datafull']}avatars/$realname";
$outfile = "{$Globals['datafull']}avatars/$outfilename";
handleupload($filepath, 0);
$resize_worked = resize_jpeg($infile, $outfile, 120, 120);
@unlink( $infile );
ppmysql_query("UPDATE {$Globals['pp_db_prefix']}users SET avatar='$outfilename' WHERE userid=$uid LIMIT 1", $link );
}
$email=$editemail;
$emailconfirm=$editemailconfirm;
$bio = fixstring( $editbio );
$birthday="$edityear-$editmonth-$editday";
$homepage = fixstring($edithomepage);
$icq = fixstring( $editicq );
$aim = fixstring( $editaim );
$yahoo = fixstring( $edityahoo );
$year = fixstring( $edityear );
$hobbies = fixstring( $editinterests );
$occupation = fixstring( $editoccupation );
$location = fixstring( $editlocation );
$editttitle = fixstring( $edittitle );
$editsig = fixstring( $editsig );
if ( !$year )
{
$year = "0000";
}
if ( !$month )
{
$month = "0";
}
if ( !$day )
{
$day = "0";
}
$msg = $Globals['pp_lang']['profileupdated'];
if ( $Globals['vbversion'] == "photopost" )
{
if ($email != $emailconfirm)
{
diewell($Globals['pp_lang']['noemailmatch']);
}
if ( !valid_email($email) )
{
diewell($Globals['pp_lang']['emailbad']);
}
if ($Globals['emailverify'] == "yes")
{
// Check to see if user changed email. Verify it if needed.
$resulta = ppmysql_query("SELECT email,username FROM {$Globals['pp_db_prefix']}users WHERE userid=$uid LIMIT 1", $link);
list( $emaildb, $dbuser ) = mysql_fetch_row($resulta);
if ($email != $emaildb)
{
list($dsec,$dmin,$dhour,$dmday,$dmon,$dyear,$dwday,$dyday,$disdst) = localtime();
$genpass = gen_password();
$newpass = md5($genpass);
include("{$Globals['PP_PATH']}/languages/$pplang/emails.php");
$resulta = ppmysql_query("UPDATE {$Globals['pp_db_prefix']}users SET password='$newpass' WHERE userid=$uid", $link);
$email_from = "From: {$Globals['adminemail']}";
$letter = $Globals['pp_lang']['enewemail'];
$letter = stripslashes($letter);
$subject = $Globals['pp_lang']['enewesub'];
mail( $email, $subject, $letter, $email_from );
$msg .= "
{$Globals['pp_lang']['checke']}";
}
}
}
// Write input data to db
$resulta = ppmysql_query("UPDATE {$Globals['pp_db_prefix']}users SET email='$email',homepage='$homepage',icq='$icq',aim='$aim',yahoo='$yahoo',birthday='$birthday',interests='$hobbies',occupation='$occupation',bio='$bio',location='$location',offset='$offset' WHERE userid=$uid", $link);
forward( "member.php?ppaction=profile&uid=$uid", $msg );
exit;
}
//
// User wants to unsubscribe from notifications
//
if ( $ppaction == "unsubscribe" )
{
$whichand = null;
if ( $User['adminedit'] != 1 )
{
$whichand = "AND userid='{$User['userid']}'";
}
foreach($_POST as $id=>$setting)
{
$name = explode("-", $setting);
$notifyid = intval($name[1]);
if ( $notifyid > 0 ) {
$whichvar = $name[0];
if ( $whichvar == "delsub" || $whichvar == "delnot" )
{
$resulta = ppmysql_query("DELETE FROM {$Globals['pp_db_prefix']}notify WHERE id='$notifyid' $whichand", $link);
}
}
}
forward( "member.php", "Subscriptions updated." );
exit;
}
if ( $ppaction == "readfeed" )
{
// get the users profile information
list( $userid, $username, $email, $password, $temppass, $groups, $offset, $sessionid ) = get_userinfo( "", $uid );
// Get their rating
list( $numstars, $overall ) = get_user_rating( $uid );
$ratingicon = "";
if ( $numstars > 0 ) $ratingicon = " ";
$query = "SELECT id,username,foruser,fromuser,postdate,comment,approved,rating FROM {$Globals['pp_db_prefix']}feedback WHERE foruser=$uid ORDER BY postdate ASC";
$rows = ppmysql_query($query,$link);
$itemnum = 0;
while ( list( $id, $user, $cuserid, $cfromid, $cdate, $clinetext, $capproved, $crating ) = mysql_fetch_row($rows) )
{
$reviewnum[$itemnum] = $id;
$ucuserid[$itemnum] = $cuserid;
if ( ($Globals['moderatecoms'] == "no" && $capproved == 0) )
{
// Do not print anything under these condition; placeholder
}
else
{
$cclock[$itemnum] = formatpptime( $cdate );
$ppdate[$itemnum] = formatppdate( $cdate );
$ucuser[$itemnum] = "$user";
$feedtypes = array( "", "Negative", "Neutral", "Positive" );
$feedback[$itemnum] = $feedtypes[$crating];
if ($ckcolor == 1)
{
$fillcolor[$itemnum] = "{$Style['alternatetable']}";
$ckcolor = 0;
}
else
{
$fillcolor[$itemnum] = "{$Style['tddetails']}";
$ckcolor = 1;
}
$clinetext = convert_markups($clinetext);
$commenttext[$itemnum] = convert_returns($clinetext);
$itemnum++;
}
$date = $cdate;
}
ppmysql_free_result( $rows );
printheader( 0, "Member Feedback" );
topmenu();
include( "{$Globals['TMPL_PATH']}/menubar.tmpl" );
include( "{$Globals['TMPL_PATH']}/feedback.tmpl" );
printfooter();
exit;
}
?>