SMF Edit Bio question

What I did was redo my editprefs page and add in some info (& then my profile page).

If you want to look:
http://www.mickiclark.com/efiction33/
tester, test

That looks very interesting, mickinell. Care to share what changes you made to get that to work? I would love to see if I could get the betareaders module to show up, as well.  🙂

All right.  Let's see if I can describe this well enough.   🙂  The main reason I did this is because my users have these forever-long bios in SFF (our eFic) and they'd die if they lost them.  'Twould be bad.  Lots of weeping, wailing, teeth-gnashing, and so on.  I am leaving out the mySQL queries and all that...if you need them, let me know and I'll come back and add them (holding a baby in one arm).

SMF Profile Edits - for 3.3.1

(as always, you want to back up your database & files before starting anything like this)
Tables used:  fanfiction_authors, fanfiction_authorprefs
Files used:  user/editprefs, user/profile

Step One:  Database edits
Using phpMyAdmin, open your authorprefs table and insert the "bio" row.
Insert the data from authors into authorprefs.

Step Two: Edit editprefs (again, sorry, I'd post changes only, but holding a kiddo)

if(!defined("_CHARSET")) exit( );

$output = "<div id='pagetitle'>".($action == "register" ? _SETPREFS : _EDITPREFS)."</div>";
if(isset($_POST['submit'])) {
$useralertson = isset($_POST['useralertson']) && $_POST['useralertson'] == "on" ? 1 : 0;
$newreviews = isset($_POST['newreviews']) && $_POST['newreviews'] == "on" ? 1 : 0;
$newrespond = isset($_POST['newrespond']) && $_POST['newrespond'] == "on" ? 1 : 0;
$ageconsent = isset($_POST['ageconsent']) && isNumber($_POST['ageconsent']) ? $_POST['ageconsent'] : 0;
$tinyMCE = isset($_POST['tinyMCE']) && $_POST['tinyMCE'] == "on" ? 1 : 0;
$storyindex = isset($_POST['storyindex']) && $_POST['storyindex'] == "on" ? 1 : 0;
$sortby = isset($_POST['sortby']) && $_POST['sortby'] == 1 ? 1 : 0;
$skinnew = descript(strip_tags($_POST['skinnew']));
if($skinnew != $skin) $_SESSION[$sitekey."_skin"] = $skinnew;
$bio = descript(strip_tags(escapestring($_POST['bio'])));
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET alertson = '$useralertson', newreviews = '$newreviews', newrespond = '$newrespond', ageconsent = '$ageconsent', tinyMCE ='$tinyMCE', userskin = '$skinnew', storyindex = '$storyindex', sortby = '$sortby', bio = '$bio' WHERE uid = '".USERUID."'");
$output .= write_message(_ACTIONSUCCESSFUL." "._BACK2ACCT);
}
else {
$result = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorprefs WHERE uid = '".USERUID."' LIMIT 1");
if(dbnumrows($result) == 0) {
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_authorprefs(`uid`, `userskin`) VALUES('".USERUID."', '$skin')");
$result = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorprefs WHERE uid = '".USERUID."' LIMIT 1");
}
$user = dbassoc($result);
$output .= "<form method="POST" enctype="multipart/form-data" style='width: 425px; margin: 0 auto;' action="user.php?action=editprefs">
<label for='newreviews'>"._CONTACTREVIEWS.":</label> <INPUT name="newreviews" type="checkbox" class="checkbox"".($user['newreviews'] ? " checked" : "")."> <A HREF=""#"" class="pophelp">[?]<span>"._HELP_NEWREV."</span></A><br />
<label for='newrespond'>"._CONTACTRESPOND.":</label> <INPUT name="newrespond" type="checkbox" class="checkbox"".($user['newrespond'] ? " checked" : "")."><A HREF=""#"" class="pophelp">[?]<span>"._HELP_NEWRESP."</span></A><br />";
if($alertson) 
$output .= "<label for='useralertson'>"._ALERTSON2."</label> <INPUT name="useralertson" type="checkbox" class="checkbox"".($user['alertson'] ? " checked" : "")."><A HREF=""#"" class="pophelp">[?]<span>"._HELP_FAVALERT."</span></A><br />";
$output .= "<label for='storyindex'>"._DISPLAYINDEX."</label> <INPUT name="storyindex" type="checkbox" class="checkbox"".($user['storyindex'] ? " checked" : "")."><A HREF=""#"" class="pophelp">[?]<span>"._HELP_TOC."</span></A><br />";
$output .= "<label for='tinyMCE'>"._USETINYMCE."</label> <INPUT name="tinyMCE" type="checkbox" class="checkbox"".($user['tinyMCE'] ? " checked" : "")."><A HREF=""#"" class="pophelp">[?]<span>"._HELP_TINYMCE."</span></A><br />";
if($agestatement) {
$output .= "<div style="margin: 1ex 0;">"._AGECONSENT." <span style='white-space: nowrap;'>
<input type="radio" class="radio" id="ageyes" value="1" name="ageconsent" ".($user['ageconsent'] ? " checked" : "")."> <label for="ageyes">"._YES."</label>
<input type="radio" class="radio" id="ageno" value="0" name="ageconsent" ".(!$user['ageconsent'] ? " checked" : "")."> <label for="ageno">"._NO."</label></span><A HREF=""#"" class="pophelp">[?]<span>"._HELP_AGE."</span></A></div>";
}
$output .= "<label for='sortby'>"._DEFAULTSORT.": </label><select name='sortby' class='textbox'>
<option value='1'".($user['sortby'] ? " selected" : "").">"._MOSTRECENT."</option>
<option value='0'".(!$user['sortby'] ? " selected" : "").">"._ALPHA."</option>
</select><A HREF=""#"" class="pophelp">[?]<span>"._HELP_DEFAULTSORT."</span></A><br />
<label for='skinnew'>"._SKIN.":</label> <select name="skinnew">";
if(!isset($hiddenskins)) $hiddenskins = array( );
if(is_string($hiddenskins)) $hiddenskins = explode(",", $hiddenskins);
$directory = opendir(_BASEDIR."skins");
while($filename = readdir($directory)) {
if($filename== "." || $filename== ".." || !is_dir(_BASEDIR."skins/".$filename) || (in_array($filename, $hiddenskins) && !isADMIN)) continue;
$skinlist[strtolower($filename)] = "<option value="$filename"".($siteskin == $filename ? " selected" : "").">$filename</option>";
}
ksort($skinlist);
foreach($skinlist as $s) { $output .= $s; }
unset($skinlist, $s);
closedir($directory);
$output .= "</select><A HREF=""#"" class="pophelp">[?]<span>"._HELP_SKIN."</span></A><br />";
$output .= "<div><label for='bio'>"._BIO."</label></div>
<div style='width: 450px; margin: 0 auto;'><textarea class="textbox" name="bio" cols="50" rows="6">".($user['bio'])."</TEXTAREA></div> <INPUT type="submit" class="button" id="submit" name="submit" value=""._SUBMIT.""></form>";
}


?>

 
Step Three:  Edit profile

<?php
// Build the user's profile information
if(!defined("_CHARSET")) exit( );
if(file_exists("languages/{$language}_SMF.php")) include("languages/{$language}_SMF.php");
else include("languages/en_SMF.php");

$tpl->newBlock("profile");
$result2 = dbquery("SELECT *, "._UIDFIELD." as uid FROM "._AUTHORTABLE." LEFT JOIN ".TABLEPREFIX."fanfiction_authorprefs as ap ON ap.uid = "._UIDFIELD." WHERE "._UIDFIELD." = '$uid' LIMIT 1");
$userinfo = dbassoc($result2);
$nameinfo = "";
if($userinfo['emailAddress']) {
list($allowGuestsContact) = dbrow(dbquery("SELECT panel_level FROM ".TABLEPREFIX."fanfiction_panels WHERE panel_type = 'P' AND panel_name = 'contact' LIMIT 1"));
if($allowGuestsContact == "0") $nameinfo .= " [<a href=""viewuser.php?action=contact&amp;uid=".$userinfo['uid'"]."">"._CONTACT."</a>]";
}
if(isMEMBER) {
$nameinfo .= "[<a href="'".PATHTOSMF."index.php?action=pm;sa=send;u=".$userinfo['uid'"]."'>"._PRIVATEMESSAGE."</a>]";
}
if(!empty($favorites) && isMEMBER && $userinfo['uid'] != USERUID) {
$fav = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_favorites WHERE uid = '".USERUID."' AND type = 'AU' AND item = '".$userinfo['uid']."'");
if(dbnumrows($fav) == 0) $nameinfo .= " [<a href=""user.php?uid=USERUID&amp;action=favau&amp;author=".$userinfo['uid'"]."">"._ADDAUTHOR2FAVES."</a>]";
}
$tpl->assign("userpenname", $userinfo['memberName']." ".$nameinfo);
$tpl->assign("membersince", date("$dateformat", $userinfo['dateRegistered']));
if($userinfo['realName'])
$tpl->assign("realname", $userinfo['realName']);
if($userinfo['bio']) {
$bio = nl2br($userinfo['bio']);
$tpl->assign("bio", stripslashes($bio));
}

$tpl->assign("userlevel", isset($userinfo['level']) && $userinfo['level'] > 0 && $userinfo['level'] < 4 ? _ADMINISTRATOR.(isADMIN ? " - ".$userinfo['level'] : "") : _MEMBER);
/* Dynamic authorinfo fields */
$result2 = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorinfo WHERE uid = '$uid'");
if(!empty($userinfo['websiteUrl'])) 
$tpl->assign("website", "<a href="'".$userinfo['websiteUrl'"]."'>".(!empty($userinfo['websiteTitle']) ? $userinfo['websiteTitle'] : $userinfo['websiteUrl'])."</a>");
$tpl->assign("aol", !empty($userinfo['AOL']) ? "<img src="" http://big.oscar.aol.com/".$userinfo ['AOL'"]."?on_url=$url/images/aim.gif&amp;off_url=$url/images/aim.gif"> <a href=""aim:goim?{aol}ScreenName=".$userinfo['AOL'"]."">".$userinfo['AOL']."</a>" : "<img src=""images/aim.gif"" alt=""._AOL.""> "._NONE);
$tpl->assign("icq", !empty($userinfo['ICQ']) ? "<img src="" http://status.icq.com/online.gif ?icq=$userinfo[ICQ"]&amp;img=5"> $userinfo[ICQ]" : "<img src=""images/icq.gif"" alt=""._ICQ.""> "._NONE);
$tpl->assign("msn", "<img src=""images/msntalk.gif"" alt=""._MSN.""> ".($userinfo['MSN'] ? $userinfo['MSN'] : _NONE));
$tpl->assign("yahoo", !empty($userinfo['YIM']) ? "<a href="" http://edit.yahoo.com/config/send_webmesg?.target=".$userinfo ['YIM'"]."&amp;.src="pg"><img" border="0" src="" http://opi.yahoo.com/online?u=".$userinfo ['YIM'"]."&amp;m=g&amp;t=1"> ".$userinfo['YIM']."</a>" : "<img src=""images/yim.gif"" alt=""._YAHOO.""> "._NONE);

$dynamicfields = "";
while($field = dbassoc($result2)) {
if($field['info'] == "") continue;
$fieldinfo = dbassoc(dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorfields WHERE field_id = '".$field['field']."' LIMIT 1"));
if($fieldinfo) {
$thisfield = "";
if($fieldinfo['field_on'] == 0) continue;
if($fieldinfo['field_type'] == 1) {
$thisfield =  preg_replace('/(w+://)(S+)/', '<a href=""\1\2"" target="_blank">\1\2</a>', $field['info']);
if(strpos($thisfield, " http://")  == false) $thisfield = preg_replace('/(S+.)(S+)/', '<a href="" http://\1\2" ;" target="_blank">\1\2</a>', $thisfield);
}
if($fieldinfo['field_type'] == 4) {
$thisfield = preg_replace("@{info}@", $field['info'], $fieldinfo['field_options']);
$thisfield =  preg_replace('/(w+://)(S+)/', '<a href=""\1\2"" target="_blank">'.$field['info'].'</a>', $thisfield);
if(strpos($thisfield, " http://")  == false) $thisfield = preg_replace('/(S+.)(S+)/', '<a href="" http://\1\2" ;" target="_blank">\1\2</a>', $thisfield);
}
if($fieldinfo['field_type'] == 2 || $fieldinfo['field_type'] == 6) {
$thisfield = stripslashes($field['info']);
}
if($fieldinfo['field_type'] == 3) {
$thisfield = !empty($field['info']) ? _YES : _NO;
}
else eval($fieldinfo['field_code_out']);
$tpl->assign($fieldinfo['field_name'], $thisfield);
$dynamicfields .= "<div class='authorfields'><span class='label'>".$fieldinfo['field_title'].":</span> ".$thisfield."</div>";
}
}
if(!empty($dynamicfields)) $tpl->assign("authorfields", $dynamicfields);
$tpl->assign("reportthis", "[<a href="""._BASEDIR."contact.php?action=report&amp;url=viewuser.php?uid=".$uid."">"._REPORTTHIS."</a>"]");
/* End dynamic fields */
$adminopts = "";
if(isADMIN && uLEVEL < 3) {
$adminopts .= "<div class="adminoptions"><span class='label'>"._ADMINOPTIONS.":</span> ".(isset($userinfo['validated']) && $userinfo['validated'] ? "[<a href=""admin.php?action=members&amp;revoke=$uid"" class="vuadmin">"._REVOKEVAL."</a>] " : "[<a href=""admin.php?action=members&amp;validate=$uid"" class="vuadmin">"._VALIDATE."</a>] ")."[<a href=""user.php?action=editbio&amp;uid=$uid"" class="vuadmin">"._EDIT."</a>] [<a href=""admin.php?action=members&amp;delete=$uid"" class="vuadmin">"._DELETE."</a>]";
$adminopts .= " [<a href=""admin.php?action=lock&amp;".($userinfo['level'"] < 0 ? "unlock=".$userinfo['uid']."" class="vuadmin">"._UNLOCKMEM : "do=lock&amp;uid=".$userinfo['uid']."" class="vuadmin">"._LOCKMEM)."</a>]";
$adminopts .= " [<a href=""admin.php?action=admins&amp;".(isset($userinfo['level'"]) && $userinfo['level'] > 0 ? "revoke=$uid" class="vuadmin">"._REVOKEADMIN."</a>] [<a href=""admin.php?action=admins&amp;do=edit&amp;uid=$uid"" class="vuadmin">"._EDITADMIN : "do=new&amp;uid=$uid" class="vuadmin">"._MAKEADMIN)."</a>]</div>";
$tpl->assign("adminoptions", $adminopts);
}
$tpl->gotoBlock("_ROOT");
?>

Thanks for the information. Tonight I changed the code and did the work on the database, and it's working! Yay! I looked quickly at what might be involved to change the Betareaders module, but I don't think I feel up to that just yet.  😀

Julieann, I found a problem.  Change the $bio line in editprefs to look like this:

$bio = descript(strip_tags(escapestring($_POST['bio'])));

instead of

$bio = ($_POST['bio']);

Otherwise any user not using tinyMCE's going to complain about mySQL errors when they use apostrophes.

Julieann, I found a problem.  Change the $bio line in editprefs to look like this:

$bio = descript(strip_tags(escapestring($_POST['bio'])));

instead of

$bio = ($_POST['bio']);

Otherwise any user not using tinyMCE's going to complain about mySQL errors when they use apostrophes.

NO!  You've just let hackers post any code they want to in their profiles.  Remove the escapestring if you think you need to, but definitely not the others.

Thanks for correcting me.