Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.30.01 RN All Other Issues
Author Message
draxx
Involved
Involved



Joined: Nov 19, 2003
Posts: 282

PostPosted: Thu Mar 19, 2009 11:01 pm Reply with quote

Code:
<?php

/**************************************************************************/
/* RN Your Account: Advanced User Management for RavenNuke
/* =======================================================================*/
/*
/* Copyright (c) 2008-2009, RavenPHPScripts.com   http://www.ravenphpscripts.com
/*
/* This program is free software. You can redistribute it and/or modify it
/* under the terms of the GNU General Public License as published by the
/* Free Software Foundation, version 2 of the license.
/*
/**************************************************************************/
/* RN Your Account is the based on:
/*  CNB Your Account http://www.phpnuke.org.br
/*  NSN Your Account by Bob Marion, http://www.nukescripts.net
/**************************************************************************/
if (!defined('RNYA')) {
   header('Location: ../../../index.php');
   die();
}
if (!isset($bypass)) $bypass = '';
// montego - modified to not just go get the whole phpBB bbconfig table - only get what we need
$resultbc = $db->sql_query('SELECT * FROM ' . $prefix . '_bbconfig WHERE config_name = \'avatar_path\' OR config_name = \'avatar_gallery_path\'');
while ($rowbc = $db->sql_fetchrow($resultbc)) {
   $board_config[$rowbc['config_name']] = $rowbc['config_value'];
}
$username = check_html($username, 'nohtml');
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');
$num = $db->sql_numrows($result);
$usrinfo = $db->sql_fetchrow($result);
include_once 'header.php';
if ($num == 1) {
   if ($usrinfo['user_level'] > 0) {
      /*
       * Determine if the logged in user is the same as the user being viewed
       */
      if (isset($cookie[1]) && isset($cookie[2]) && (strtolower($usrinfo['username']) == strtolower($cookie[1])) && ($usrinfo['user_password'] == $cookie[2])) {
         define('LOGGEDIN_SAME_USER', true);
      }
      $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields');
      while ($sqlvalue = $db->sql_fetchrow($result)) {
         list($value) = $db->sql_fetchrow($db->sql_query('SELECT value FROM ' . $user_prefix . '_users_field_values WHERE fid =\'' . intval($sqlvalue['fid']) . '\' AND uid = \'' . intval($usrinfo['user_id']) . '\''));
         $usrinfo[$sqlvalue['name']] = $value;
      }
      OpenTable();
      echo '<div align="center" class="content">';
      /*
       * montego - Compliance fix when a field is empty/null from the db (producing empty <b></b> or <strong></strong> tags)
       */
      $usrURI = array('user_website', 'user_avatar');  // Don't override empty URI fields with blank
      foreach($usrinfo as $key => $value) {
         $value = trim($value);
         if ($value == '' and !in_array($key, $usrURI)) $usrinfo[$key] = '&nbsp;';
      }
      /*
       * General User Info
       */
      if (defined('LOGGEDIN_SAME_USER')) {
         echo '<p class="option">' . $username . ', ' . _WELCOMETO . ' ' . $sitename . '!</p>';
         echo '<p class="content">' . _THISISYOURPAGE . '</p>';
         nav(1);
      } else {
         echo '<p class="title">' . _PERSONALINFO . '</p>';
      }
      echo '<table border="0" cellpadding="2" cellspacing="1" width="60%">' ;
      echo '<tr><td align="center" class="title" colspan="2" width="100%">';
      if ($usrinfo['user_avatar_type'] == 1) { // Type 1
         echo '<img src="' . $board_config['avatar_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
      } elseif ($usrinfo['user_avatar_type'] == 2) { // Type 2
         echo '<img src="' . $usrinfo['user_avatar'] . '" alt="" />';
      } elseif ($usrinfo['user_avatar'] == '') { // empty
         echo '<img src="' . $board_config['avatar_path'] . '/blank.gif" alt="" />';
      } else { // Type 3
         echo '<img src="' . $board_config['avatar_gallery_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
      }
      echo '</td></tr>' ;
      if (is_admin($admin) || $usrinfo['user_viewemail'] == 1) {
         $user_email = '<a href="mailto:' . $usrinfo['user_email'] . '">' . $usrinfo['user_email'] . '</a>';
      } else {
         $user_email = _YA_NA;
      }
      echo '<tr><td width="30%" align="left">' . _USERNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['username'] . '</strong></td></tr>' ;
      if ($ya_config['userealname'] >= '1') {
         echo '<tr><td width="30%" align="left">' . _UREALNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['name'] . '&nbsp;</strong></td></tr>' ;
      }
      if (is_admin($admin) OR is_user($user) AND $usrinfo['username'] == $username) {
         if ($ya_config['useviewemail'] >= '1') {
            echo '<tr><td width="30%" align="left">' . _EMAIL . '</td><td width="70%" align="left"><strong>' . $user_email . '</strong></td></tr>';
         }
      }
      if ($ya_config['usefakeemail'] >= '1') echo '<tr><td width="30%" align="left">' . _UFAKEMAIL . '</td><td width="70%" align="left"><strong>' . $usrinfo['femail'] . '</strong></td></tr>';
      if ($ya_config['usewebsite'] >= '1') {
         if ($usrinfo['user_website'] == '') {
            $userwebsite = _YA_NA;
         } else {
            $usrinfo['user_website'] = strtolower($usrinfo['user_website']);
            $usrinfo['user_website'] = str_replace('http://', '', $usrinfo['user_website']);
            $userwebsite = '<a href="http://' . $usrinfo['user_website'] . '" target="new">' . $usrinfo['user_website'] . '</a>';
         }
         echo '<tr><td width="30%" align="left">' . _WEBSITE . '</td><td width="70%" align="left"><strong>' . $userwebsite . '</strong></td></tr>';
      }
      /*
       * Get Custom Fields and display them in desired order
       */
[color=red]//
      if (is_admin($admin) OR is_user($user) AND $usrinfo['username'] == $username) {
         $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" ORDER BY pos');
      } else {
         $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" AND public = "1" ORDER BY pos');
      }
      while ($sqlvalue = $db->sql_fetchrow($result)) {
         $name_exit = ya_GetCustomFieldDesc($sqlvalue['name']);
         echo '<tr><td width="30%" align="left">' . $name_exit . '</td><td width="70%" align="left">' . $usrinfo[$sqlvalue['name']] . '</td></tr>' ;
      }
//[/color]      
/*
       * Display rest of default fields if they are active
       */
      if ($ya_config['useinstantmessaim'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
         if ($usrinfo['user_aim'] == '') $usrinfo['user_aim'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _AIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_aim'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinstantmessicq'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
         if ($usrinfo['user_icq'] == '') $usrinfo['user_icq'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _ICQ . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_icq'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinstantmessmsn'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
         if ($usrinfo['user_msnm'] == '') $usrinfo['user_msnm'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _MSNM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_msnm'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinstantmessyim'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
         if ($usrinfo['user_yim'] == '') $usrinfo['user_yim'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _YIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_yim'] . '</strong></td></tr>' ;
      }
      if ($ya_config['uselocation'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
         if ($usrinfo['user_from'] == '') $usrinfo['user_from'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _LOCATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_from'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useoccupation'] >= '1') {
         if ($usrinfo['user_occ'] == '') $usrinfo['user_occ'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _OCCUPATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_occ'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinterests'] >= '1') {
         if ($usrinfo['user_interests'] == '') $usrinfo['user_interests'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _INTERESTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_interests'] . '</strong></td></tr>' ;
      }
      if ($ya_config['usenewsletter'] >= '1' AND (is_user($user) AND $username == $cookie[1] OR is_admin($admin))) {
         echo '<tr><td width="30%" align="left">' . _NEWSLETTER . '</td><td width="70%" align="left"><strong>';
         if (($usrinfo['newsletter'] == 1)) echo _SUBSCRIBED;
         else echo _NOTSUBSCRIBED;
         echo '</strong></td></tr>' ;
      }
      if ($ya_config['usesignature'] >= '1') {
         $usrinfo['user_sig'] = nl2br($usrinfo['user_sig']);
         if ($usrinfo['user_sig'] == '') $usrinfo['user_sig'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _SIGNATURE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_sig'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useextrainfo'] >= '1') {
         $usrinfo['bio'] = nl2br($usrinfo['bio']);
         if ($usrinfo['bio'] == '') $usrinfo['bio'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _EXTRAINFO . '</td><td width="70%" align="left"><strong>' . $usrinfo['bio'] . '</strong></td></tr>' ;
      }
      if ($ya_config['usepoints'] >= '1' AND (is_user($user) AND $cookie[1] == $username OR is_admin($admin))) {
         echo '<tr><td width="30%" align="left">' . _YA_POINTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['points'] . '</strong></td></tr>' ;
      }
      /*
       * Continue with additional extra fields
       */
      echo '<tr><td width="30%" align="left">' . _REGDATE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_regdate'] . '</strong></td></tr>' ;
      $usrinfo['lastsitevisit'] = date('d F Y H:i', $usrinfo['lastsitevisit']);
      if ($usrinfo['lastsitevisit'] == '') $usrinfo['lastsitevisit'] = _YA_NA;
      echo '<tr><td width="30%" align="left">' . _YA_LASTVISIT . '</td><td width="70%" align="left"><strong>' . $usrinfo['lastsitevisit'] . '</strong></td></tr>' ;
      /*
       * Determine if the user is currently on-line or not
       */
      $sql2 = 'SELECT uname FROM ' . $prefix . '_session WHERE uname=\'' . addslashes($username) . '\'';
      $result2 = $db->sql_query($sql2);
      if ($db->sql_numrows($result2) > 0) {
         $online = _ONLINE;
      } else {
         $online = _OFFLINE;
      }
      echo '<tr><td width="30%" align="left">' . _USERSTATUS . '</td><td width="70%" align="left"><strong>' . $online . '</strong></td></tr>';
      echo '</table><br />';
      if (is_active('Journal') && defined('LOGGEDIN_SAME_USER')) {
         $sql3 = 'SELECT jid FROM ' . $prefix . '_journal WHERE aid=\'' . addslashes($username) . '\' AND status=\'yes\' ORDER BY pdate,jid DESC LIMIT 0,1';
         $result3 = $db->sql_query($sql3);
         $row3 = $db->sql_fetchrow($result3);
         $jid = $row3['jid'];
         if (isset($jid) && $jid != '') {
            echo '<p>[ <a href="journal.html?amp;file=search&amp;bywhat=aid&amp;forwhat=' . $username . '">' . _READMYJOURNAL . '</a> ]</p>';
         }
      }
      if (is_admin($admin)) {
         if ($usrinfo['last_ip'] != 0) {
            echo '<p>' . _LASTIP . ' <strong>' . $usrinfo['last_ip'] . '</strong><br />';
            echo '[ <a href="' . $admin_file . '.php?op=ABBlockedIPAdd&amp;tip=' . $usrinfo['last_ip'] . '">' . _BANTHIS . '</a> ]</p>';
         }
         echo '<p>[ <a href="' . $admin_file . '.php?op=modifyUser&amp;chng_uid=' . $usrinfo['user_id'] . '">' . _EDITUSER . '</a> ] ';
         echo '[ <a href="' . $admin_file . '.php?op=yaSuspendUser&amp;chng_uid=' . $usrinfo['user_id'] . '">' . _SUSPENDUSER . '</a> ] ';
         echo '[ <a href="' . $admin_file . '.php?op=yaDeleteUser&amp;chng_uid=' . $usrinfo['user_id'] . '">' . _DELETEUSER . '</a> ]</p>';
      }
      if (((is_user($user) AND $cookie[1] != $username) OR is_admin($admin)) AND is_active('Private_Messages')) {
         echo '<p>[ <a href="modules.php?name=Private_Messages&amp;mode=post&amp;u=' . $usrinfo['user_id'] . '">' . _USENDPRIVATEMSG . ' ' . $usrinfo['username'] . '</a> ]</p>' ;
      }
      echo '</div>';
      CloseTable();
      $incsdir = dir('modules/' . $module_name . '/includes');
      $incslist = '';
      while ($func = $incsdir->read()) {
         if (substr($func, 0, 3) == 'ui-') {
            $incslist .= $func . ' ';
         }
      }
      closedir($incsdir->handle);
      $incslist = explode(' ', $incslist);
      sort($incslist);
      $j = sizeof($incslist);
      for ($i = 0;$i < $j;++$i) {
         if ($incslist[$i] != '') {
            $counter = 0;
            include_once($incsdir->path . '/' . $incslist[$i]);
         }
      }
   } else {
      OpenTable();
      echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
      if ($usrinfo['user_level'] == 0) {
         echo '<br /><center><strong>' . _ACCSUSPENDED . '</strong></center>';
      }
      if ($usrinfo['user_level'] == -1) {
         echo '<br /><center><strong>' . _ACCDELETED . '</strong></center>';
      }
      CloseTable();
   }
} else {
   OpenTable();
   echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
   echo '<br /><center><strong>' . _YA_ACCNOFIND . '</strong></center>';
   CloseTable();
}
include_once 'footer.php';
?>


//
if (is_admin($admin) OR is_user($user) AND $usrinfo['username'] == $username) {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" ORDER BY pos');
} else {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" AND public= "1" ORDER BY pos');
}
while ($sqlvalue = $db->sql_fetchrow($result)) {
$name_exit = ya_GetCustomFieldDesc($sqlvalue['name']);
echo '<tr><td width="30%" align="left">' . $name_exit . '</td><td width="70%" align="left">' . $usrinfo[$sqlvalue['name']] . '</td></tr>' ;
}
//


Custom fields can be defined as private. If they are private their value is 0. If they are public their value is 1.

The problem is here somewhere in red.

The logic should be if the user is the user or the user is an admin then show the private fields.

Otherwise show only the public fields.

It shows all fields regardless of private settings.

I think its something to do with AND public= "1"? Is that right?


Last edited by draxx on Sun Mar 22, 2009 1:06 am; edited 1 time in total 
View user's profile Send private message
draxx







PostPosted: Thu Mar 19, 2009 11:48 pm Reply with quote

Moreinfo:

I also noticed that when your viewing a profile that is not your own and your not an admin it shows you the real email address of the user being viewed.

So now I think it has something to do with the way the determination of " Is the user viewing himself" is being made.... but im not literate enough for more.
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Sun Mar 22, 2009 9:51 pm Reply with quote

Just for grins and giggles, try this.

if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $username)) {
 
View user's profile Send private message
Palbin
Site Admin



Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Sun Mar 22, 2009 11:07 pm Reply with quote

For me Email doesn't show at all if not logged in. If I am logged in as a user and view another users profile his email shows as N/A.

I can't be sure that my site is running the latest and greatest, but I don't see a problem. Unless I am missing something and that is possible. I will do a little more testing tomorrow.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
draxx







PostPosted: Mon Mar 23, 2009 6:19 pm Reply with quote

Okay I tried Ravens suggestion and no dice - a regular user is still able to view all the private fields.
 
Palbin







PostPosted: Mon Mar 23, 2009 9:42 pm Reply with quote

There is a problem with the public/private fields, but not the real email field. The only way it can be showing is if you are an admin or it is set to viewable in the users preferences.

There is a slight problem with the email logic in my opinion though. If it is set to non-viewable it shows as N/A for everyone except and admin which is fine, but it also shows as N/A for the user himself when viewing his own profile.

I'll get back to you when I figure out the public/private problem.
 
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6437

PostPosted: Mon Mar 23, 2009 10:01 pm Reply with quote

Here's a fresh version that should address these issues (as Palbin suggested, there were logic issues in several places):
Code:
<?php

/**************************************************************************/
/* RN Your Account: Advanced User Management for RavenNuke
/* =======================================================================*/
/*
/* Copyright (c) 2008-2009, RavenPHPScripts.com   http://www.ravenphpscripts.com
/*
/* This program is free software. You can redistribute it and/or modify it
/* under the terms of the GNU General Public License as published by the
/* Free Software Foundation, version 2 of the license.
/*
/**************************************************************************/
/* RN Your Account is the based on:
/*  CNB Your Account http://www.phpnuke.org.br
/*  NSN Your Account by Bob Marion, http://www.nukescripts.net
/**************************************************************************/
if (!defined('RNYA')) {
   header('Location: ../../../index.php');
   die();
}
if (!isset($bypass)) $bypass = '';
// montego - modified to not just go get the whole phpBB bbconfig table - only get what we need
$resultbc = $db->sql_query('SELECT * FROM ' . $prefix . '_bbconfig WHERE config_name = \'avatar_path\' OR config_name = \'avatar_gallery_path\'');
while ($rowbc = $db->sql_fetchrow($resultbc)) {
   $board_config[$rowbc['config_name']] = $rowbc['config_value'];
}
$username = check_html($username, 'nohtml');
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');
$num = $db->sql_numrows($result);
$usrinfo = $db->sql_fetchrow($result);
include_once 'header.php';
if ($num == 1) {
   if ($usrinfo['user_level'] > 0) {
      /*
       * Determine if the logged in user is the same as the user being viewed
       */
      if (isset($cookie[1]) && isset($cookie[2]) && (strtolower($usrinfo['username']) == strtolower($cookie[1])) && ($usrinfo['user_password'] == $cookie[2])) {
         define('LOGGEDIN_SAME_USER', true);
      }
      $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields');
      while ($sqlvalue = $db->sql_fetchrow($result)) {
         list($value) = $db->sql_fetchrow($db->sql_query('SELECT value FROM ' . $user_prefix . '_users_field_values WHERE fid =\'' . intval($sqlvalue['fid']) . '\' AND uid = \'' . intval($usrinfo['user_id']) . '\''));
         $usrinfo[$sqlvalue['name']] = $value;
      }
      OpenTable();
      echo '<div align="center" class="content">';
      /*
       * montego - Compliance fix when a field is empty/null from the db (producing empty <b></b> or <strong></strong> tags)
       */
      $usrURI = array('user_website', 'user_avatar');  // Don't override empty URI fields with blank
      foreach($usrinfo as $key => $value) {
         $value = trim($value);
         if ($value == '' and !in_array($key, $usrURI)) $usrinfo[$key] = '&nbsp;';
      }
      /*
       * General User Info
       */
      if (defined('LOGGEDIN_SAME_USER')) {
         echo '<p class="option">' . $username . ', ' . _WELCOMETO . ' ' . $sitename . '!</p>';
         echo '<p class="content">' . _THISISYOURPAGE . '</p>';
         nav(1);
      } else {
         echo '<p class="title">' . _PERSONALINFO . '</p>';
      }
      echo '<table border="0" cellpadding="2" cellspacing="1" width="60%">' ;
      echo '<tr><td align="center" class="title" colspan="2" width="100%">';
      if ($usrinfo['user_avatar_type'] == 1) { // Type 1
         echo '<img src="' . $board_config['avatar_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
      } elseif ($usrinfo['user_avatar_type'] == 2) { // Type 2
         echo '<img src="' . $usrinfo['user_avatar'] . '" alt="" />';
      } elseif ($usrinfo['user_avatar'] == '') { // empty
         echo '<img src="' . $board_config['avatar_path'] . '/blank.gif" alt="" />';
      } else { // Type 3
         echo '<img src="' . $board_config['avatar_gallery_path'] . '/' . $usrinfo['user_avatar'] . '" alt="" />';
      }
      echo '</td></tr>' ;
      if (is_admin($admin) || $usrinfo['user_viewemail'] == 1) {
         $user_email = '<a href="mailto:' . $usrinfo['user_email'] . '">' . $usrinfo['user_email'] . '</a>';
      } else {
         $user_email = _YA_NA;
      }
      echo '<tr><td width="30%" align="left">' . _USERNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['username'] . '</strong></td></tr>' ;
      if ($ya_config['userealname'] >= '1') {
         echo '<tr><td width="30%" align="left">' . _UREALNAME . '</td><td width="70%" align="left"><strong>' . $usrinfo['name'] . '&nbsp;</strong></td></tr>' ;
      }
      if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $username)) {
         if ($ya_config['useviewemail'] >= '1') {
            echo '<tr><td width="30%" align="left">' . _EMAIL . '</td><td width="70%" align="left"><strong>' . $user_email . '</strong></td></tr>';
         }
      }
      if ($ya_config['usefakeemail'] >= '1') echo '<tr><td width="30%" align="left">' . _UFAKEMAIL . '</td><td width="70%" align="left"><strong>' . $usrinfo['femail'] . '</strong></td></tr>';
      if ($ya_config['usewebsite'] >= '1') {
         if ($usrinfo['user_website'] == '') {
            $userwebsite = _YA_NA;
         } else {
            $usrinfo['user_website'] = strtolower($usrinfo['user_website']);
            $usrinfo['user_website'] = str_replace('http://', '', $usrinfo['user_website']);
            $userwebsite = '<a href="http://' . $usrinfo['user_website'] . '" target="new">' . $usrinfo['user_website'] . '</a>';
         }
         echo '<tr><td width="30%" align="left">' . _WEBSITE . '</td><td width="70%" align="left"><strong>' . $userwebsite . '</strong></td></tr>';
      }
      /*
       * Get Custom Fields and display them in desired order
       */
      if (is_admin($admin) OR (is_user($user) AND $usrinfo['username'] == $username)) {
         $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" ORDER BY pos');
      } else {
         $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users_fields WHERE need <> "0" AND public="1" ORDER BY pos');
      }
      while ($sqlvalue = $db->sql_fetchrow($result)) {
         $name_exit = ya_GetCustomFieldDesc($sqlvalue['name']);
         echo '<tr><td width="30%" align="left">' . $name_exit . '</td><td width="70%" align="left">' . $usrinfo[$sqlvalue['name']] . '</td></tr>' ;
      }
      /*
       * Display rest of default fields if they are active
       */
      if ($ya_config['useinstantmessaim'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
         if ($usrinfo['user_aim'] == '') $usrinfo['user_aim'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _AIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_aim'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinstantmessicq'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
         if ($usrinfo['user_icq'] == '') $usrinfo['user_icq'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _ICQ . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_icq'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinstantmessmsn'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
         if ($usrinfo['user_msnm'] == '') $usrinfo['user_msnm'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _MSNM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_msnm'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinstantmessyim'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
         if ($usrinfo['user_yim'] == '') $usrinfo['user_yim'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _YIM . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_yim'] . '</strong></td></tr>' ;
      }
      if ($ya_config['uselocation'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
         if ($usrinfo['user_from'] == '') $usrinfo['user_from'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _LOCATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_from'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useoccupation'] >= '1') {
         if ($usrinfo['user_occ'] == '') $usrinfo['user_occ'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _OCCUPATION . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_occ'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useinterests'] >= '1') {
         if ($usrinfo['user_interests'] == '') $usrinfo['user_interests'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _INTERESTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_interests'] . '</strong></td></tr>' ;
      }
      if ($ya_config['usenewsletter'] >= '1' AND ((is_user($user) AND $username == $cookie[1]) OR is_admin($admin))) {
         echo '<tr><td width="30%" align="left">' . _NEWSLETTER . '</td><td width="70%" align="left"><strong>';
         if (($usrinfo['newsletter'] == 1)) echo _SUBSCRIBED;
         else echo _NOTSUBSCRIBED;
         echo '</strong></td></tr>' ;
      }
      if ($ya_config['usesignature'] >= '1') {
         $usrinfo['user_sig'] = nl2br($usrinfo['user_sig']);
         if ($usrinfo['user_sig'] == '') $usrinfo['user_sig'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _SIGNATURE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_sig'] . '</strong></td></tr>' ;
      }
      if ($ya_config['useextrainfo'] >= '1') {
         $usrinfo['bio'] = nl2br($usrinfo['bio']);
         if ($usrinfo['bio'] == '') $usrinfo['bio'] = _YA_NA;
         echo '<tr><td width="30%" align="left">' . _EXTRAINFO . '</td><td width="70%" align="left"><strong>' . $usrinfo['bio'] . '</strong></td></tr>' ;
      }
      if ($ya_config['usepoints'] >= '1' AND ((is_user($user) AND $cookie[1] == $username) OR is_admin($admin))) {
         echo '<tr><td width="30%" align="left">' . _YA_POINTS . '</td><td width="70%" align="left"><strong>' . $usrinfo['points'] . '</strong></td></tr>' ;
      }
      /*
       * Continue with additional extra fields
       */
      echo '<tr><td width="30%" align="left">' . _REGDATE . '</td><td width="70%" align="left"><strong>' . $usrinfo['user_regdate'] . '</strong></td></tr>' ;
      $usrinfo['lastsitevisit'] = date('d F Y H:i', $usrinfo['lastsitevisit']);
      if ($usrinfo['lastsitevisit'] == '') $usrinfo['lastsitevisit'] = _YA_NA;
      echo '<tr><td width="30%" align="left">' . _YA_LASTVISIT . '</td><td width="70%" align="left"><strong>' . $usrinfo['lastsitevisit'] . '</strong></td></tr>' ;
      /*
       * Determine if the user is currently on-line or not
       */
      $sql2 = 'SELECT uname FROM ' . $prefix . '_session WHERE uname=\'' . addslashes($username) . '\'';
      $result2 = $db->sql_query($sql2);
      if ($db->sql_numrows($result2) > 0) {
         $online = _ONLINE;
      } else {
         $online = _OFFLINE;
      }
      echo '<tr><td width="30%" align="left">' . _USERSTATUS . '</td><td width="70%" align="left"><strong>' . $online . '</strong></td></tr>';
      echo '</table><br />';
      if (is_active('Journal') && defined('LOGGEDIN_SAME_USER')) {
         $sql3 = 'SELECT jid FROM ' . $prefix . '_journal WHERE aid=\'' . addslashes($username) . '\' AND status=\'yes\' ORDER BY pdate,jid DESC LIMIT 0,1';
         $result3 = $db->sql_query($sql3);
         $row3 = $db->sql_fetchrow($result3);
         $jid = $row3['jid'];
         if (isset($jid) && $jid != '') {
            echo '<p>[ <a href="modules.php?name=Journal&amp;file=search&amp;bywhat=aid&amp;forwhat=' . $username . '">' . _READMYJOURNAL . '</a> ]</p>';
         }
      }
      if (is_admin($admin)) {
         if ($usrinfo['last_ip'] != 0) {
            echo '<p>' . _LASTIP . ' <strong>' . $usrinfo['last_ip'] . '</strong><br />';
            echo '[ <a href="' . $admin_file . '.php?op=ABBlockedIPAdd&amp;tip=' . $usrinfo['last_ip'] . '">' . _BANTHIS . '</a> ]</p>';
         }
         echo '<p>[ <a href="' . $admin_file . '.php?op=modifyUser&amp;chng_uid=' . $usrinfo['user_id'] . '">' . _EDITUSER . '</a> ] ';
         echo '[ <a href="' . $admin_file . '.php?op=yaSuspendUser&amp;chng_uid=' . $usrinfo['user_id'] . '">' . _SUSPENDUSER . '</a> ] ';
         echo '[ <a href="' . $admin_file . '.php?op=yaDeleteUser&amp;chng_uid=' . $usrinfo['user_id'] . '">' . _DELETEUSER . '</a> ]</p>';
      }
      if (((is_user($user) AND $cookie[1] != $username) OR is_admin($admin)) AND is_active('Private_Messages')) {
         echo '<p>[ <a href="modules.php?name=Private_Messages&amp;mode=post&amp;u=' . $usrinfo['user_id'] . '">' . _USENDPRIVATEMSG . ' ' . $usrinfo['username'] . '</a> ]</p>' ;
      }
      echo '</div>';
      CloseTable();
      $incsdir = dir('modules/' . $module_name . '/includes');
      $incslist = '';
      while ($func = $incsdir->read()) {
         if (substr($func, 0, 3) == 'ui-') {
            $incslist .= $func . ' ';
         }
      }
      closedir($incsdir->handle);
      $incslist = explode(' ', $incslist);
      sort($incslist);
      $j = sizeof($incslist);
      for ($i = 0;$i < $j;++$i) {
         if ($incslist[$i] != '') {
            $counter = 0;
            include_once($incsdir->path . '/' . $incslist[$i]);
         }
      }
   } else {
      OpenTable();
      echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
      if ($usrinfo['user_level'] == 0) {
         echo '<br /><center><strong>' . _ACCSUSPENDED . '</strong></center>';
      }
      if ($usrinfo['user_level'] == -1) {
         echo '<br /><center><strong>' . _ACCDELETED . '</strong></center>';
      }
      CloseTable();
   }
} else {
   OpenTable();
   echo '<center><strong>' . _NOINFOFOR . ' <i>' . $usrinfo['username'] . '</i></strong></center>';
   echo '<br /><center><strong>' . _YA_ACCNOFIND . '</strong></center>';
   CloseTable();
}
include_once 'footer.php';
?>

_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
kguske







PostPosted: Mon Mar 23, 2009 10:13 pm Reply with quote

To clarify, this is a fresh version of modules/Your_Account/public/userinfo.php

Please note that the user can specify - in your account settings - to allow others to view the email. If this is set, anyone can view the email when viewing the profile. Otherwise, only the admin gets to see that there Smile
 
Palbin







PostPosted: Mon Mar 23, 2009 10:16 pm Reply with quote

If you want the user to be able to see his own email address when set to nonviewable change line 77 to this:

Code:


if (is_admin($admin) || $usrinfo['username'] == $username || $usrinfo['user_viewemail'] == 1) {
 
kguske







PostPosted: Mon Mar 23, 2009 10:25 pm Reply with quote

I think it was originally designed that way so users wouldn't get concerned that others could view their email addresses.

I tested various scenarios with the updated logic, and it appears to be working fully and correctly now. If no one finds any other issues, I will add to SVN tomorrow.
 
Palbin







PostPosted: Mon Mar 23, 2009 10:27 pm Reply with quote

Sounds good. Disregard my email as I am fine with it saying N/A to avoid confusion Smile
 
draxx







PostPosted: Tue Mar 24, 2009 2:07 pm Reply with quote

I'm sorry but I can still view private fields with a normal user.
 
dad7732
RavenNuke(tm) Development Team



Joined: Mar 18, 2007
Posts: 1242

PostPosted: Tue Mar 24, 2009 2:49 pm Reply with quote

Even after clearing cache and removing cookies?
 
View user's profile Send private message
kguske







PostPosted: Tue Mar 24, 2009 4:18 pm Reply with quote

Your own private fields, or another's?
 
dad7732







PostPosted: Tue Mar 24, 2009 4:32 pm Reply with quote

Logged in as a regular user and bringing up another user's profile, I can ONLY read the email address IF the email icon is present and mouse-over shows it. If there is no icon there then there is no email address to see.
 
draxx







PostPosted: Tue Mar 24, 2009 4:48 pm Reply with quote

Okay after following those suggestions .... err after re-uploading the new userinfo.php and logging out and deleting cookies and cache and logging back in it would appear that the private fields are no longer displayed to a normal user.

I will test it again on a 2nd site and speak up if I notice it acts differently there.

Whoot! Smile Thanks again Smile Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.30.01 RN All Other Issues

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©