| Author |
Message |
draxx
Involved
Joined: Nov 19, 2003
Posts: 282
|
 Posted:
Thu Mar 19, 2009 11:01 pm |
|
Code:<?php
/**************************************************************************/
/* RN Your Account: Advanced User Management for RavenNuke
/* =======================================================================*/
/*
/* Copyright (c) 2008-2009, RavenPHPScripts.com http://www.ravenphpscripts.com
/*
/* This program is free software. You can redistribute it and/or modify it
/* under the terms of the GNU General Public License as published by the
/* Free Software Foundation, version 2 of the license.
/*
/**************************************************************************/
/* RN Your Account is the based on:
/* CNB Your Account http://www.phpnuke.org.br
/* NSN Your Account by Bob Marion, http://www.nukescripts.net
/**************************************************************************/
if (!defined('RNYA')) {
header('Location: ../../../index.php');
die();
}
if (!isset($bypass)) $bypass = '';
// montego - modified to not just go get the whole phpBB bbconfig table - only get what we need
$resultbc = $db->sql_query('SELECT * FROM ' . $prefix . '_bbconfig WHERE config_name = \'avatar_path\' OR config_name = \'avatar_gallery_path\'');
while ($rowbc = $db->sql_fetchrow($resultbc)) {
$board_config[$rowbc['config_name']] = $rowbc['config_value'];
}
$username = check_html($username, 'nohtml');
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');
$num = $db->sql_numrows($result);
$usrinfo = $db->sql_fetchrow($result);
include_once 'header.php';
if ($num == 1) {
if ($usrinfo['user_level'] > 0) {
/*
* Determine if the logged in user is the same as the user being viewed
*/
if (isset($cookie[1]) && isset($cookie[2]) && (strtolower($usrinfo['username']) == strtolower($cookie[1])) && ($usrinfo['user_password'] == $cookie[2])) {
define('LOGGEDIN_SAME_USER', true);
}
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields');
while ($sqlvalue = $db->sql_fetchrow($result)) {
list($value) = $db->sql_fetchrow($db->sql_query('SELECT value FROM ' . $user_prefix . '_users_field_values WHERE fid =\'' . intval($sqlvalue['fid']) . '\' AND uid = \'' . intval($usrinfo['user_id']) . '\''));
$usrinfo[$sqlvalue['name']] = $value;
}
OpenTable();
echo '<div align="center" class="content">';
/*
* montego - Compliance fix when a field is empty/null from the db (producing empty <b></b> or <strong></strong> tags)
*/
$usrURI = array('user_website', 'user_avatar'); // Don't override empty URI fields with blank
foreach($usrinfo as $key => $value) {
$value = trim($value);
if ($value == '' and !in_array($key, $usrURI)) $usrinfo[$key] = ' ';
}
/*
* General User Info
*/
if (defined('LOGGEDIN_SAME_USER')) {
echo '<p class="option">' . $username . ', ' . _WELCOMETO . ' ' . $sitename . '!</p>';
echo '<p class="content">' . _THISISYOURPAGE . '</p>';
nav(1);
} else {
echo '<p class="title">' . _PERSONALINFO . '</p>';
}
echo '<table border="0" cellpadding="2" cellspacing="1" width="60%">' ;
echo '<tr><td align="center" class="title" colspan="2" width="100%">';
if ($usrinfo['user_avatar_type'] == 1) { // Type 1
echo '<img src="' . $board_config['avatar_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
} elseif ($usrinfo['user_avatar_type'] == 2) { // Type 2
echo '<img src="' . $usrinfo['user_avatar'] . '" alt="" />';
} elseif ($usrinfo['user_avatar'] == '') { // empty
echo '<img src="' . $board_config['avatar_path'] . '/blank.gif" alt="" />';
} else { // Type 3
echo '<img src="' . $board_config['avatar_gallery_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
}
echo '</td></tr>' ;
if (is_admin($admin) || $usrinfo['user_viewemail'] == 1) {
$user_email = '<a href="mailto:' . $usrinfo['user_email'] . '">' . $usrinfo['user_email'] . '</a>';
} else {
$user_email = _YA_NA;
}
echo '<tr><td width="30%" align="left">' . _USERNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['username'] . '</strong></td></tr>' ;
if ($ya_config['userealname'] >= '1') {
echo '<tr><td width="30%" align="left">' . _UREALNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['name'] . ' </strong></td></tr>' ;
}
if (is_admin($admin) OR is_user($user) AND $usrinfo['username'] == $username) {
if ($ya_config['useviewemail'] >= '1') {
echo '<tr><td width="30%" align="left">' . _EMAIL . '</td><td width="70%" align="left"><strong>' . $user_email . '</strong></td></tr>';
}
}
if ($ya_config['usefakeemail'] >= '1') echo '<tr><td width="30%" align="left">' . _UFAKEMAIL . '</td><td width="70%" align="left"><strong>' . $usrinfo['femail'] . '</strong></td></tr>';
if ($ya_config['usewebsite'] >= '1') {
if ($usrinfo['user_website'] == '') {
$userwebsite = _YA_NA;
} else {
$usrinfo['user_website'] = strtolower($usrinfo['user_website']);
$usrinfo['user_website'] = str_replace('http://', '', $usrinfo['user_website']);
$userwebsite = '<a href="http://' . $usrinfo['user_website'] . '" target="new">' . $usrinfo['user_website'] . '</a>';
}
echo '<tr><td width="30%" align="left">' . _WEBSITE . '</td><td width="70%" align="left"><strong>' . $userwebsite . '</strong></td></tr>';
}
/*
* Get Custom Fields and display them in desired order
*/
[color=red]//
if (is_admin($admin) OR is_user($user) AND $usrinfo['username'] == $username) {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" ORDER BY pos');
} else {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" AND public = "1" ORDER BY pos');
}
while ($sqlvalue = $db->sql_fetchrow($result)) {
$name_exit = ya_GetCustomFieldDesc($sqlvalue['name']);
echo '<tr><td width="30%" align="left">' . $name_exit . '</td><td width="70%" align="left">' . $usrinfo[$sqlvalue['name']] . '</td></tr>' ;
}
//[/color]
/*
* Display rest of default fields if they are active
*/
if ($ya_config['useinstantmessaim'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
if ($usrinfo['user_aim'] == '') $usrinfo['user_aim'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _AIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_aim'] . '</strong></td></tr>' ;
}
if ($ya_config['useinstantmessicq'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
if ($usrinfo['user_icq'] == '') $usrinfo['user_icq'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _ICQ . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_icq'] . '</strong></td></tr>' ;
}
if ($ya_config['useinstantmessmsn'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
if ($usrinfo['user_msnm'] == '') $usrinfo['user_msnm'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _MSNM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_msnm'] . '</strong></td></tr>' ;
}
if ($ya_config['useinstantmessyim'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
if ($usrinfo['user_yim'] == '') $usrinfo['user_yim'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _YIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_yim'] . '</strong></td></tr>' ;
}
if ($ya_config['uselocation'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
if ($usrinfo['user_from'] == '') $usrinfo['user_from'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _LOCATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_from'] . '</strong></td></tr>' ;
}
if ($ya_config['useoccupation'] >= '1') {
if ($usrinfo['user_occ'] == '') $usrinfo['user_occ'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _OCCUPATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_occ'] . '</strong></td></tr>' ;
}
if ($ya_config['useinterests'] >= '1') {
if ($usrinfo['user_interests'] == '') $usrinfo['user_interests'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _INTERESTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_interests'] . '</strong></td></tr>' ;
}
if ($ya_config['usenewsletter'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
echo '<tr><td width="30%" align="left">' . _NEWSLETTER . '</td><td width="70%" align="left"><strong>';
if (($usrinfo['newsletter'] == 1)) echo _SUBSCRIBED;
else echo _NOTSUBSCRIBED;
echo '</strong></td></tr>' ;
}
if ($ya_config['usesignature'] >= '1') {
$usrinfo['user_sig'] = nl2br($usrinfo['user_sig']);
if ($usrinfo['user_sig'] == '') $usrinfo['user_sig'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _SIGNATURE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_sig'] . '</strong></td></tr>' ;
}
if ($ya_config['useextrainfo'] >= '1') {
$usrinfo['bio'] = nl2br($usrinfo['bio']);
if ($usrinfo['bio'] == '') $usrinfo['bio'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _EXTRAINFO . '</td><td width="70%" align="left"><strong>' . $usrinfo['bio'] . '</strong></td></tr>' ;
}
if ($ya_config['usepoints'] >= '1' AND (is_user($user) AND $cookie[1] == $username OR is_admin($admin))) {
echo '<tr><td width="30%" align="left">' . _YA_POINTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['points'] . '</strong></td></tr>' ;
}
/*
* Continue with additional extra fields
*/
echo '<tr><td width="30%" align="left">' . _REGDATE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_regdate'] . '</strong></td></tr>' ;
$usrinfo['lastsitevisit'] = date('d F Y H:i', $usrinfo['lastsitevisit']);
if ($usrinfo['lastsitevisit'] == '') $usrinfo['lastsitevisit'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _YA_LASTVISIT . '</td><td width="70%" align="left"><strong>' . $usrinfo['lastsitevisit'] . '</strong></td></tr>' ;
/*
* Determine if the user is currently on-line or not
*/
$sql2 = 'SELECT uname FROM ' . $prefix . '_session WHERE uname=\'' . addslashes($username) . '\'';
$result2 = $db->sql_query($sql2);
if ($db->sql_numrows($result2) > 0) {
$online = _ONLINE;
} else {
$online = _OFFLINE;
}
echo '<tr><td width="30%" align="left">' . _USERSTATUS . '</td><td width="70%" align="left"><strong>' . $online . '</strong></td></tr>';
echo '</table><br />';
if (is_active('Journal') && defined('LOGGEDIN_SAME_USER')) {
$sql3 = 'SELECT jid FROM ' . $prefix . '_journal WHERE aid=\'' . addslashes($username) . '\' AND status=\'yes\' ORDER BY pdate,jid DESC LIMIT 0,1';
$result3 = $db->sql_query($sql3);
$row3 = $db->sql_fetchrow($result3);
$jid = $row3['jid'];
if (isset($jid) && $jid != '') {
echo '<p>[ <a href="journal.html?amp;file=search&bywhat=aid&forwhat=' . $username . '">' . _READMYJOURNAL . '</a> ]</p>';
}
}
if (is_admin($admin)) {
if ($usrinfo['last_ip'] != 0) {
echo '<p>' . _LASTIP . ' <strong>' . $usrinfo['last_ip'] . '</strong><br />';
echo '[ <a href="' . $admin_file . '.php?op=ABBlockedIPAdd&tip=' . $usrinfo['last_ip'] . '">' . _BANTHIS . '</a> ]</p>';
}
echo '<p>[ <a href="' . $admin_file . '.php?op=modifyUser&chng_uid=' . $usrinfo['user_id'] . '">' . _EDITUSER . '</a> ] ';
echo '[ <a href="' . $admin_file . '.php?op=yaSuspendUser&chng_uid=' . $usrinfo['user_id'] . '">' . _SUSPENDUSER . '</a> ] ';
echo '[ <a href="' . $admin_file . '.php?op=yaDeleteUser&chng_uid=' . $usrinfo['user_id'] . '">' . _DELETEUSER . '</a> ]</p>';
}
if (((is_user($user) AND $cookie[1] != $username) OR is_admin($admin)) AND is_active('Private_Messages')) {
echo '<p>[ <a href="modules.php?name=Private_Messages&mode=post&u=' . $usrinfo['user_id'] . '">' . _USENDPRIVATEMSG . ' ' . $usrinfo['username'] . '</a> ]</p>' ;
}
echo '</div>';
CloseTable();
$incsdir = dir('modules/' . $module_name . '/includes');
$incslist = '';
while ($func = $incsdir->read()) {
if (substr($func, 0, 3) == 'ui-') {
$incslist .= $func . ' ';
}
}
closedir($incsdir->handle);
$incslist = explode(' ', $incslist);
sort($incslist);
$j = sizeof($incslist);
for ($i = 0;$i < $j;++$i) {
if ($incslist[$i] != '') {
$counter = 0;
include_once($incsdir->path . '/' . $incslist[$i]);
}
}
} else {
OpenTable();
echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
if ($usrinfo['user_level'] == 0) {
echo '<br /><center><strong>' . _ACCSUSPENDED . '</strong></center>';
}
if ($usrinfo['user_level'] == -1) {
echo '<br /><center><strong>' . _ACCDELETED . '</strong></center>';
}
CloseTable();
}
} else {
OpenTable();
echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
echo '<br /><center><strong>' . _YA_ACCNOFIND . '</strong></center>';
CloseTable();
}
include_once 'footer.php';
?>
|
//
if (is_admin($admin) OR is_user($user) AND $usrinfo['username'] == $username) {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" ORDER BY pos');
} else {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" AND public= "1" ORDER BY pos');
}
while ($sqlvalue = $db->sql_fetchrow($result)) {
$name_exit = ya_GetCustomFieldDesc($sqlvalue['name']);
echo '<tr><td width="30%" align="left">' . $name_exit . '</td><td width="70%" align="left">' . $usrinfo[$sqlvalue['name']] . '</td></tr>' ;
}
//
Custom fields can be defined as private. If they are private their value is 0. If they are public their value is 1.
The problem is here somewhere in red.
The logic should be if the user is the user or the user is an admin then show the private fields.
Otherwise show only the public fields.
It shows all fields regardless of private settings.
I think its something to do with AND public= "1"? Is that right? |
Last edited by draxx on Sun Mar 22, 2009 1:06 am; edited 1 time in total |
|
|
|
draxx
|
| Posted:
Thu Mar 19, 2009 11:48 pm |
|
Moreinfo:
I also noticed that when your viewing a profile that is not your own and your not an admin it shows you the real email address of the user being viewed.
So now I think it has something to do with the way the determination of " Is the user viewing himself" is being made.... but im not literate enough for more. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Mar 22, 2009 9:51 pm |
|
Just for grins and giggles, try this.
if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $username)) { |
| |
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania
|
| Posted:
Sun Mar 22, 2009 11:07 pm |
|
For me Email doesn't show at all if not logged in. If I am logged in as a user and view another users profile his email shows as N/A.
I can't be sure that my site is running the latest and greatest, but I don't see a problem. Unless I am missing something and that is possible. I will do a little more testing tomorrow. |
_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. |
|
|
|
|
draxx
|
| Posted:
Mon Mar 23, 2009 6:19 pm |
|
Okay I tried Ravens suggestion and no dice - a regular user is still able to view all the private fields. |
| |
|
|
|
|
Palbin
|
| Posted:
Mon Mar 23, 2009 9:42 pm |
|
There is a problem with the public/private fields, but not the real email field. The only way it can be showing is if you are an admin or it is set to viewable in the users preferences.
There is a slight problem with the email logic in my opinion though. If it is set to non-viewable it shows as N/A for everyone except and admin which is fine, but it also shows as N/A for the user himself when viewing his own profile.
I'll get back to you when I figure out the public/private problem. |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Mon Mar 23, 2009 10:01 pm |
|
Here's a fresh version that should address these issues (as Palbin suggested, there were logic issues in several places):
Code:<?php
/**************************************************************************/
/* RN Your Account: Advanced User Management for RavenNuke
/* =======================================================================*/
/*
/* Copyright (c) 2008-2009, RavenPHPScripts.com http://www.ravenphpscripts.com
/*
/* This program is free software. You can redistribute it and/or modify it
/* under the terms of the GNU General Public License as published by the
/* Free Software Foundation, version 2 of the license.
/*
/**************************************************************************/
/* RN Your Account is the based on:
/* CNB Your Account http://www.phpnuke.org.br
/* NSN Your Account by Bob Marion, http://www.nukescripts.net
/**************************************************************************/
if (!defined('RNYA')) {
header('Location: ../../../index.php');
die();
}
if (!isset($bypass)) $bypass = '';
// montego - modified to not just go get the whole phpBB bbconfig table - only get what we need
$resultbc = $db->sql_query('SELECT * FROM ' . $prefix . '_bbconfig WHERE config_name = \'avatar_path\' OR config_name = \'avatar_gallery_path\'');
while ($rowbc = $db->sql_fetchrow($resultbc)) {
$board_config[$rowbc['config_name']] = $rowbc['config_value'];
}
$username = check_html($username, 'nohtml');
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');
$num = $db->sql_numrows($result);
$usrinfo = $db->sql_fetchrow($result);
include_once 'header.php';
if ($num == 1) {
if ($usrinfo['user_level'] > 0) {
/*
* Determine if the logged in user is the same as the user being viewed
*/
if (isset($cookie[1]) && isset($cookie[2]) && (strtolower($usrinfo['username']) == strtolower($cookie[1])) && ($usrinfo['user_password'] == $cookie[2])) {
define('LOGGEDIN_SAME_USER', true);
}
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields');
while ($sqlvalue = $db->sql_fetchrow($result)) {
list($value) = $db->sql_fetchrow($db->sql_query('SELECT value FROM ' . $user_prefix . '_users_field_values WHERE fid =\'' . intval($sqlvalue['fid']) . '\' AND uid = \'' . intval($usrinfo['user_id']) . '\''));
$usrinfo[$sqlvalue['name']] = $value;
}
OpenTable();
echo '<div align="center" class="content">';
/*
* montego - Compliance fix when a field is empty/null from the db (producing empty <b></b> or <strong></strong> tags)
*/
$usrURI = array('user_website', 'user_avatar'); // Don't override empty URI fields with blank
foreach($usrinfo as $key => $value) {
$value = trim($value);
if ($value == '' and !in_array($key, $usrURI)) $usrinfo[$key] = ' ';
}
/*
* General User Info
*/
if (defined('LOGGEDIN_SAME_USER')) {
echo '<p class="option">' . $username . ', ' . _WELCOMETO . ' ' . $sitename . '!</p>';
echo '<p class="content">' . _THISISYOURPAGE . '</p>';
nav(1);
} else {
echo '<p class="title">' . _PERSONALINFO . '</p>';
}
echo '<table border="0" cellpadding="2" cellspacing="1" width="60%">' ;
echo '<tr><td align="center" class="title" colspan="2" width="100%">';
if ($usrinfo['user_avatar_type'] == 1) { // Type 1
echo '<img src="' . $board_config['avatar_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
} elseif ($usrinfo['user_avatar_type'] == 2) { // Type 2
echo '<img src="' . $usrinfo['user_avatar'] . '" alt="" />';
} elseif ($usrinfo['user_avatar'] == '') { // empty
echo '<img src="' . $board_config['avatar_path'] . '/blank.gif" alt="" />';
} else { // Type 3
echo '<img src="' . $board_config['avatar_gallery_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
}
echo '</td></tr>' ;
if (is_admin($admin) || $usrinfo['user_viewemail'] == 1) {
$user_email = '<a href="mailto:' . $usrinfo['user_email'] . '">' . $usrinfo['user_email'] . '</a>';
} else {
$user_email = _YA_NA;
}
echo '<tr><td width="30%" align="left">' . _USERNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['username'] . '</strong></td></tr>' ;
if ($ya_config['userealname'] >= '1') {
echo '<tr><td width="30%" align="left">' . _UREALNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['name'] . ' </strong></td></tr>' ;
}
if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $username)) {
if ($ya_config['useviewemail'] >= '1') {
echo '<tr><td width="30%" align="left">' . _EMAIL . '</td><td width="70%" align="left"><strong>' . $user_email . '</strong></td></tr>';
}
}
if ($ya_config['usefakeemail'] >= '1') echo '<tr><td width="30%" align="left">' . _UFAKEMAIL . '</td><td width="70%" align="left"><strong>' . $usrinfo['femail'] . '</strong></td></tr>';
if ($ya_config['usewebsite'] >= '1') {
if ($usrinfo['user_website'] == '') {
$userwebsite = _YA_NA;
} else {
$usrinfo['user_website'] = strtolower($usrinfo['user_website']);
$usrinfo['user_website'] = str_replace('http://', '', $usrinfo['user_website']);
$userwebsite = '<a href="http://' . $usrinfo['user_website'] . '" target="new">' . $usrinfo['user_website'] . '</a>';
}
echo '<tr><td width="30%" align="left">' . _WEBSITE . '</td><td width="70%" align="left"><strong>' . $userwebsite . '</strong></td></tr>';
}
/*
* Get Custom Fields and display them in desired order
*/
if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $username)) {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" ORDER BY pos');
} else {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" AND public="1" ORDER BY pos');
}
while ($sqlvalue = $db->sql_fetchrow($result)) {
$name_exit = ya_GetCustomFieldDesc($sqlvalue['name']);
echo '<tr><td width="30%" align="left">' . $name_exit . '</td><td width="70%" align="left">' . $usrinfo[$sqlvalue['name']] . '</td></tr>' ;
}
/*
* Display rest of default fields if they are active
*/
if ($ya_config['useinstantmessaim'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
if ($usrinfo['user_aim'] == '') $usrinfo['user_aim'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _AIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_aim'] . '</strong></td></tr>' ;
}
if ($ya_config['useinstantmessicq'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
if ($usrinfo['user_icq'] == '') $usrinfo['user_icq'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _ICQ . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_icq'] . '</strong></td></tr>' ;
}
if ($ya_config['useinstantmessmsn'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
if ($usrinfo['user_msnm'] == '') $usrinfo['user_msnm'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _MSNM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_msnm'] . '</strong></td></tr>' ;
}
if ($ya_config['useinstantmessyim'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
if ($usrinfo['user_yim'] == '') $usrinfo['user_yim'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _YIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_yim'] . '</strong></td></tr>' ;
}
if ($ya_config['uselocation'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
if ($usrinfo['user_from'] == '') $usrinfo['user_from'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _LOCATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_from'] . '</strong></td></tr>' ;
}
if ($ya_config['useoccupation'] >= '1') {
if ($usrinfo['user_occ'] == '') $usrinfo['user_occ'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _OCCUPATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_occ'] . '</strong></td></tr>' ;
}
if ($ya_config['useinterests'] >= '1') {
if ($usrinfo['user_interests'] == '') $usrinfo['user_interests'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _INTERESTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_interests'] . '</strong></td></tr>' ;
}
if ($ya_config['usenewsletter'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
echo '<tr><td width="30%" align="left">' . _NEWSLETTER . '</td><td width="70%" align="left"><strong>';
if (($usrinfo['newsletter'] == 1)) echo _SUBSCRIBED;
else echo _NOTSUBSCRIBED;
echo '</strong></td></tr>' ;
}
if ($ya_config['usesignature'] >= '1') {
$usrinfo['user_sig'] = nl2br($usrinfo['user_sig']);
if ($usrinfo['user_sig'] == '') $usrinfo['user_sig'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _SIGNATURE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_sig'] . '</strong></td></tr>' ;
}
if ($ya_config['useextrainfo'] >= '1') {
$usrinfo['bio'] = nl2br($usrinfo['bio']);
if ($usrinfo['bio'] == '') $usrinfo['bio'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _EXTRAINFO . '</td><td width="70%" align="left"><strong>' . $usrinfo['bio'] . '</strong></td></tr>' ;
}
if ($ya_config['usepoints'] >= '1' AND ((is_user($user) AND $cookie[1] == $username) OR is_admin($admin))) {
echo '<tr><td width="30%" align="left">' . _YA_POINTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['points'] . '</strong></td></tr>' ;
}
/*
* Continue with additional extra fields
*/
echo '<tr><td width="30%" align="left">' . _REGDATE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_regdate'] . '</strong></td></tr>' ;
$usrinfo['lastsitevisit'] = date('d F Y H:i', $usrinfo['lastsitevisit']);
if ($usrinfo['lastsitevisit'] == '') $usrinfo['lastsitevisit'] = _YA_NA;
echo '<tr><td width="30%" align="left">' . _YA_LASTVISIT . '</td><td width="70%" align="left"><strong>' . $usrinfo['lastsitevisit'] . '</strong></td></tr>' ;
/*
* Determine if the user is currently on-line or not
*/
$sql2 = 'SELECT uname FROM ' . $prefix . '_session WHERE uname=\'' . addslashes($username) . '\'';
$result2 = $db->sql_query($sql2);
if ($db->sql_numrows($result2) > 0) {
$online = _ONLINE;
} else {
$online = _OFFLINE;
}
echo '<tr><td width="30%" align="left">' . _USERSTATUS . '</td><td width="70%" align="left"><strong>' . $online . '</strong></td></tr>';
echo '</table><br />';
if (is_active('Journal') && defined('LOGGEDIN_SAME_USER')) {
$sql3 = 'SELECT jid FROM ' . $prefix . '_journal WHERE aid=\'' . addslashes($username) . '\' AND status=\'yes\' ORDER BY pdate,jid DESC LIMIT 0,1';
$result3 = $db->sql_query($sql3);
$row3 = $db->sql_fetchrow($result3);
$jid = $row3['jid'];
if (isset($jid) && $jid != '') {
echo '<p>[ <a href="modules.php?name=Journal&file=search&bywhat=aid&forwhat=' . $username . '">' . _READMYJOURNAL . '</a> ]</p>';
}
}
if (is_admin($admin)) {
if ($usrinfo['last_ip'] != 0) {
echo '<p>' . _LASTIP . ' <strong>' . $usrinfo['last_ip'] . '</strong><br />';
echo '[ <a href="' . $admin_file . '.php?op=ABBlockedIPAdd&tip=' . $usrinfo['last_ip'] . '">' . _BANTHIS . '</a> ]</p>';
}
echo '<p>[ <a href="' . $admin_file . '.php?op=modifyUser&chng_uid=' . $usrinfo['user_id'] . '">' . _EDITUSER . '</a> ] ';
echo '[ <a href="' . $admin_file . '.php?op=yaSuspendUser&chng_uid=' . $usrinfo['user_id'] . '">' . _SUSPENDUSER . '</a> ] ';
echo '[ <a href="' . $admin_file . '.php?op=yaDeleteUser&chng_uid=' . $usrinfo['user_id'] . '">' . _DELETEUSER . '</a> ]</p>';
}
if (((is_user($user) AND $cookie[1] != $username) OR is_admin($admin)) AND is_active('Private_Messages')) {
echo '<p>[ <a href="modules.php?name=Private_Messages&mode=post&u=' . $usrinfo['user_id'] . '">' . _USENDPRIVATEMSG . ' ' . $usrinfo['username'] . '</a> ]</p>' ;
}
echo '</div>';
CloseTable();
$incsdir = dir('modules/' . $module_name . '/includes');
$incslist = '';
while ($func = $incsdir->read()) {
if (substr($func, 0, 3) == 'ui-') {
$incslist .= $func . ' ';
}
}
closedir($incsdir->handle);
$incslist = explode(' ', $incslist);
sort($incslist);
$j = sizeof($incslist);
for ($i = 0;$i < $j;++$i) {
if ($incslist[$i] != '') {
$counter = 0;
include_once($incsdir->path . '/' . $incslist[$i]);
}
}
} else {
OpenTable();
echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
if ($usrinfo['user_level'] == 0) {
echo '<br /><center><strong>' . _ACCSUSPENDED . '</strong></center>';
}
if ($usrinfo['user_level'] == -1) {
echo '<br /><center><strong>' . _ACCDELETED . '</strong></center>';
}
CloseTable();
}
} else {
OpenTable();
echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
echo '<br /><center><strong>' . _YA_ACCNOFIND . '</strong></center>';
CloseTable();
}
include_once 'footer.php';
?>
|
|
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
kguske
|
| Posted:
Mon Mar 23, 2009 10:13 pm |
|
To clarify, this is a fresh version of modules/Your_Account/public/userinfo.php
Please note that the user can specify - in your account settings - to allow others to view the email. If this is set, anyone can view the email when viewing the profile. Otherwise, only the admin gets to see that there  |
| |
|
|
|
|
Palbin
|
| Posted:
Mon Mar 23, 2009 10:16 pm |
|
If you want the user to be able to see his own email address when set to nonviewable change line 77 to this:
Code:
if (is_admin($admin) || $usrinfo['username'] == $username || $usrinfo['user_viewemail'] == 1) {
|
|
| |
|
|
|
|
kguske
|
| Posted:
Mon Mar 23, 2009 10:25 pm |
|
I think it was originally designed that way so users wouldn't get concerned that others could view their email addresses.
I tested various scenarios with the updated logic, and it appears to be working fully and correctly now. If no one finds any other issues, I will add to SVN tomorrow. |
| |
|
|
|
|
Palbin
|
| Posted:
Mon Mar 23, 2009 10:27 pm |
|
Sounds good. Disregard my email as I am fine with it saying N/A to avoid confusion |
| |
|
|
|
|
draxx
|
| Posted:
Tue Mar 24, 2009 2:07 pm |
|
I'm sorry but I can still view private fields with a normal user. |
| |
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1242
|
| Posted:
Tue Mar 24, 2009 2:49 pm |
|
Even after clearing cache and removing cookies? |
| |
|
|
|
|
kguske
|
| Posted:
Tue Mar 24, 2009 4:18 pm |
|
Your own private fields, or another's? |
| |
|
|
|
|
dad7732
|
| Posted:
Tue Mar 24, 2009 4:32 pm |
|
Logged in as a regular user and bringing up another user's profile, I can ONLY read the email address IF the email icon is present and mouse-over shows it. If there is no icon there then there is no email address to see. |
| |
|
|
|
|
draxx
|
| Posted:
Tue Mar 24, 2009 4:48 pm |
|
Okay after following those suggestions .... err after re-uploading the new userinfo.php and logging out and deleting cookies and cache and logging back in it would appear that the private fields are no longer displayed to a normal user.
I will test it again on a 2nd site and speak up if I notice it acts differently there.
Whoot! Thanks again |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
