profile.php shit

<?php

require_once('./data_classes/server-data.php_data_classes-core.php.php');
require_once('./data_classes/server-data.php_data_classes-session.php.php');

$pagename = "Mein Profil";
$body_id = "profile";
$pageid = "2";

if(isset($_GET['web-profile-tab'])){
    if($_GET['web-profile-tab'] < 2 || $_GET['web-profile-tab'] > 6 || !$_GET['web-profile-tab']){
        header("Location: ".$path."/profile/2");
        $tab = 0;
        exit;
    } else {
        $tab = FilterText($_GET['web-profile-tab']);
    }
} else {
    $tab = "2";
}

if($tab == "2"){
    if(isset($_POST['save'])){
        if(strlen($_POST['motto']) > 32){
            $result = "Entschuldigung, aber deine Mission ist zu lang!";
            $error = "1";
        } else {
            if($_POST['block_newfriends'] == "true"){ $block_newfriends = '0'; }else{ $block_newfriends = '1'; }
            if($_POST['hide_online'] == "true"){ $hide_online = '0'; }else{ $hide_online = '1'; }
            if($_POST['hide_inroom'] == "true"){ $hide_inroom = '0'; }else{ $hide_inroom = '1'; }

            mysql_query("UPDATE users SET motto = '".FilterText($_POST['motto'])."', visibility = '".FilterText($_POST['visibility'])."', block_newfriends = '".FilterText($block_newfriends)."', hide_online = '".FilterText($hide_online)."', hide_inroom = '".FilterText($hide_inroom)."' WHERE id = '".$my_id."' LIMIT 1") or die(mysql_error());
            $result = "Einstellungen wurden erfolgreich geändert.";
        }
    }
} else if($tab == "3"){
    if(isset($_POST['save'])){
    $pass1 = FilterText($_POST['password']);
    $pass1_hash = HoloHashMD5($pass1, $myrow['username']);
    $day1 = FilterText($_POST['day']);
    $month1 = FilterText($_POST['month']);
    $year1 = FilterText($_POST['year']);
        $formatted_dob = "".$day1.".".$month1.".".$year1."";
    $mail1 = FilterText($_POST['email']);
    $themail = $mail1;
        //checks password --encryption--
        if($pass1_hash == $myrow['password']){
        $email_check = preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $mail1);
            if($email_check == "1"){
            mysql_query("UPDATE users SET mail = '".$mail1."' WHERE username = '".$rawname."' and password = '".$rawpass."'") or die(mysql_error());

            $result = "Deine Email wurde erfolgreich in \"".$mail1."\" ge&auml;ndert.";
            } else {
            $result = "Die Email Adresse ist falsch.";
            $error = "1";
            }
        } else {
        $result = "Deine Angaben waren nicht korreckt!";
        $error = "1";
        }
    } else {
    $themail = $myrow['mail'];
    }

} else if($tab == "4"){
    if(isset($_POST['save'])){
    $pass1 = FilterText($_POST['password']);
    //Hashes and salts the old password with the user id (in lowercase) --encryption--
    $pass1_hash = HoloHashMD5($pass1, $myrow['name']);
    $day1 = FilterText($_POST['day']);
    $month1 = FilterText($_POST['month']);
    $year1 = FilterText($_POST['year']);
    $formatted_dob = "".$day1.".".$month1.".".$year1."";
    $newpass = FilterText($_POST['pass']);
    //Hashes and salts the new password with the user id (in lowercase) --encryption--
    $newpass_hash = HoloHashMD5($newpass, $rawname);
    $newpass_conf = FilterText($_POST['confpass']);
        if($pass1_hash == $myrow['password']){
            if($newpass == $newpass_conf){
                if(strlen($newpass) < 6){
                $result = "Das Passwort ist zu kurz. Mindestens 6 Zeichen.";
                $error = "1";
                } else {
                    if(strlen($newpass) > 51){
                    $result = "Das Passwort ist zu lang. Mindestens 50 Zeichen.";
                    $error = "1";
                    } else {
                    //Updates password --encryption--
                    mysql_query("UPDATE users SET password = '".$newpass_hash."' WHERE username = '".$rawname."' and password = '".$rawpass."'") or die(mysql_error());
                    $result = "Das Passwort wurde erfolgreich ge&auml;ndert. Bitte log dich neu ein.";
                    }
                }
            } else {
            $result = "Die Passw&ouml;rter stimmen nicht &uuml;berein.";
            $error = "1";
            }
        } else {
        $result = "Die Daten stimmen nicht mit den Daten, die auf unserer Datenbank stehen &uuml;berein.";
        $error = "1";
        }
    }

}

require_once('./templates/community_subheader.php');
require_once('./templates/community_header.php');

?>
<div id="container">
    <div id="content">
    <div>
<div class="content">
<div class="habblet-container" style="float:left; width:210px;">
<div class="cbb settings">

<h2 class="title">Profil Einstellungen</h2>
<div class="box-content">
            <div id="settingsNavigation">
            <ul>
        <?php
        if($tab == "2"){
                echo "<li class='selected'>Meine Mission
                </li>";
        } else {
                echo "<li><a href='".$path."/profile/2'>Meine Mission
                </li>";
        }

        if($tab == "3"){
                echo "<li class='selected'>Meine E-mail
                </li>";
        } else {
                echo "<li><a href='".$path."/profile/3'>Meine E-mail</a>
                </li>";
        }

        if($tab == "4"){
                echo "<li class='selected'>Mein Passwort
                </li>";
        } else {
                echo "<li><a href='".$path."/profile/4'>Mein Passwort</a>
                </li>";
        }

        if($tab == "5"){
                echo "<li class='selected'>Freunde verwalten
                </li>";
        } else {
                echo "<li><a href='".$path."/profile/5'>Freunde verwalten</a>
                </li>";
        }

        if($tab == "6"){
               echo "<li class='selected'>Verwarnungen und Banns
                </li>";
        } else {
                echo "<li><a href='".$path."/profile/6'>Verwarnungen und Banns</a>
                </li>";
        }
        ?>
            </ul>
            </div>
</div></div>

</div>

<?php if($tab == "2"){ ?>
    <div class="habblet-container " style="float:left; width: 560px;">
        <div class="cbb clearfix settings">

            <h2 class="title">&Auml;ndere dein Profil</h2>
            <div class="box-content">


<form action="profile/2" method="post">
<input type="hidden" name="tab" value="2" />
<input type="hidden" name="__app_key" value="HoloCMS" />

<?php

if(!empty($result)){
    if($error == "1"){
        echo "<div class='rounded rounded-red'>";
    } else {
        echo "<div class='rounded rounded-green'>";
    }

    echo $result . "<br />
    </div><br />";
}

$user_sql = mysql_query("SELECT * FROM users WHERE id = '".$my_id."'");
$user_row = mysql_fetch_assoc($user_sql);

?>

<h3>Deine Mission</h3>

<p>
Deine Mission wird bei <?php echo $shortname; ?> Home und im <?php echo $shortname; ?> Hotel angezeigt.
</p>

<p>
<span class="label">Mission:</span>
<input type="text" name="motto" size="32" maxlength="32" value="<?php echo HoloText($user_row['motto']); ?>" id="avatarmotto" />
</p>

<h3>Deine Seite</h3>

<p>
Wer darf dein <?php echo $shortname; ?> Home sehen?<br>
<label><input name="visibility" value="EVERYONE" <?php if($user_row['visibility'] == "EVERYONE"){ ?>checked="checked" <?php } ?>type="radio">Jeder</label>
<label><input name="visibility" value="FRIENDS" <?php if($user_row['visibility'] == "FRIENDS"){ ?>checked="checked" <?php } ?>type="radio">Nur Freunde</label>
<label><input name="visibility" value="NOBODY" <?php if($user_row['visibility'] == "NOBODY"){ ?>checked="checked" <?php } ?>type="radio">Niemand</label>
</p>

<h3>Freundschaftsanfragen</h3>
<p>

<label>
<input name="block_newfriends" <?php if($user_row['block_newfriends'] == 0){ ?>checked="checked"<?php } ?> value="true" type="checkbox">
Freundschaftsanfragen freigegeben
</label></p>

<h3>Online Status</h3>
<p>

<label>
<input name="hide_online" <?php if($user_row['hide_online'] == 0){ ?>checked="checked"<?php } ?> value="true" type="checkbox">
Erlaube anderen Habbos dich ONLINE sehen zu dürfen
</label></p>

<h3>Verfolgungseinstellung</h3>
<p>

<label>
<input name="hide_inroom" <?php if($user_row['hide_inroom'] == 0){ ?>checked="checked"<?php } ?> value="true" type="checkbox">
Erlaube deinen Freunden dich per Konsole zu verfolgen
</label></p>

<?php if($hc > 0){ ?>
<h3><?php echo $shortname; ?> Club</h3>

<p>Du bist bereits im <?php echo $shortname; ?> Club. Deine Mitgliedschaft l&auml;uft in <b>
<?php echo getHCdays($my_id); ?></b> Tagen ab. Wenn du deine Mitgliedschaft verl&auml;ngern willst klick <a href='./client'>hier</a>.</p>
<?php }?>

<?php if($vip > 0){ ?>
<h3>VIP Nutzer</h3>

<p>Du bist ein VIP Nutzer. Deine Mitgliedschaft l&auml;uft in <b><?php echo getVIPDays($my_id); ?></b> Tagen ab. Wenn du deine Mitgliedschaft verl&auml;ngern willst klick <a href='../credits'>hier</a>.</p>
<?php }?>
<div class="settings-buttons">
<input type="submit" value="&Auml;nderung Speichern" name="save" class="submit" />
</div>

</form>

</div>
</div>
</div>
</div></div>
    </div>
<?php } else if($tab == "3"){ ?>
    <div class="habblet-container " style="float:left; width: 560px;">
        <div class="cbb clearfix settings">

            <h2 class="title">&Auml;ndere deine Mail-Adresse</h2>
            <div class="box-content">

<?php
if(!empty($result)){
    if($error == "1"){
    echo "<div class='rounded rounded-red'>";
    } else {
    echo "<div class='rounded rounded-green'>";
    }
    echo "".$result."<br />
    </div><br />";
}
?>

<form action="profile/3" method="post" id="emailform">
<input type="hidden" name="tab" value="3" />
<input type="hidden" name="__app_key" value="HoloCMS" />
WICHTIG: Ändere NIEMALS deine E-Mail, wenn dich jemand im <?php echo $shortname; ?> dazu auffordert. Du könntest so deinen <?php echo $shortname; ?> sowie alle Taler und Möbel verlieren!
<div class="settings-step">

    <h4>1.</h4>
    <div class="settings-step-content">

<h3>Gib deine derzeitigen Details an</h3>
<p>Pass auf die Rechtschreibung auf!</p>

<p>
 <label for="currentpassword">Aktuelles Passwort</label><br />
 <input type="password" size="32" maxlength="32" name="password" id="currentpassword" class="currentpassword " />
</p>

<p>
<label for="mail">Aktuelle Mail-Adresse:</label><br />
<input type="text" name="mail" id="mail" READONLY size="32" maxlength="48" value="<?php echo $myrow['mail']; ?>" />
</p>


</div></div>

<div class="settings-step">

    <h4>2.</h4>
    <div class="settings-step-content">

<h3>Gebe deine neue E-Mail Adresse ein.</h3>

<p>Sei sicher, dass du deine E-Mail Adresse korrekt eingegeben hast!</p>

<p>
<label for="email">Mail-Adresse:</label><br />
<input type="text" name="email" id="email" size="32" maxlength="48" value="<?php echo $themail; ?>" />
</p>

    </div>
</div>

<div class="settings-buttons">
<input type="submit" value="&Auml;nderung Speichern" name="save" class="submit" />
</div>

</form>

</div></div></div></div>


</div>
</div>

<?php } else if($tab == "4"){ ?>

<div class="habblet-container " style="float:left; width: 560px;">
        <div class="cbb clearfix settings">

            <h2 class="title">&Auml;ndere dein Passwort</h2>
            <div class="box-content">

<?php
if(!empty($result)){
    if($error == "1"){
    echo "<div class='rounded rounded-red'>";
    } else {
    echo "<div class='rounded rounded-green'>";
    }
    echo "".$result."<br />
    </div><br />";
}
?>

WICHTIG: &Auml;ndere NIEMALS dein Passwort, wenn dich jemand im <?php echo $shortname; ?> dazu auffordert. Du k&ouml;nntest so deinen <?php echo $shortname; ?> sowie alle Taler und M&ouml;bel verlieren!

<form action="profile/4" method="post" id="passwordform">
<input type="hidden" name="tab" value="4" />
<input type="hidden" name="__app_key" value="HoloCMS" />

<div class="settings-step">

    <h4>1.</h4>
    <div class="settings-step-content">

<h3>Gib deine derzeitigen Details an</h3>

<p>
 <label for="currentpassword">Aktuelles Passwort</label><br />
 <input type="password" size="32" maxlength="32" name="password" id="currentpassword" class="currentpassword " />
</p>


    </div>
</div>
<div class="settings-step">

    <h4>2.</h4>
    <div class="settings-step-content">

<h3>Neues Passwort eingeben</h3>

<p>Dein neues Passwort muss aus mindestens 6 Zeichen bestehen, Klein- und Gro&szlig;buchstaben sowie Zahlen und Sonderzeichen enthalten.</p>

<p>
<label for="pass">Neues Passwort</label><br />
<input type="password" name="pass" id="password" size="32" maxlength="48" value="" />
</p>

<p>
<label for="confpass">Neues Passwort (wiederholen)</label><br/>
<input type="password" name="confpass" id="password" size="32" maxlength="48" value="" />
</p>

    </div>
</div>

<div class="settings-buttons">
<input type="submit" value="&Auml;nderung Speichern" name="save" class="submit" />
</div>

</form>

</div></div></div></div>


</div>
</div>

<?php } elseif($tab == "5"){ ?>

<div id="friend-management" class="habblet-container">
                <div class="cbb clearfix settings">
                    <h2 class="title">FREUNDE VERWALTEN</h2>
                    <div id="friend-management-container" class="box-content">
                        <div id="category-view" class="clearfix">
                            <div id="search-view">
                                Suche unten nach einem Freund
                                <div id="friend-search" class="friendlist-search">
                                    <input type="text" maxlength="32" id="friend_query" class="friend-search-query" />
                                    <a class="friendlist-search new-button search-icon" id="friend-search-button"><b><span></span></b><i></i></a>
                                </div>
                            </div>
                            <div id="category-list">
<div id="friends-category-title">
    Freunde Kategorien
</div>

<div class="category-default category-item selected-category" id="category-item-0">Freunde</div>

    <input type="text" maxlength="32" id="category-name" class="create-category" /><div id="add-category-button" class="friendmanagement-small-icons add-category-item add-category"></div>
                            </div>
                        </div>
                        <div id="friend-list" class="clearfix">
<div id="friend-list-header-container" class="clearfix">
    <div id="friend-list-header">
        <div class="page-limit">
            <div class="big-icons friend-header-icon">Freunde
                <br />Zeigen
                30 |
                <a class="category-limit" id="pagelimit-50">50</a> |
                <a class="category-limit" id="pagelimit-100">100</a>
            </div>
        </div>
    </div>
    <div id="friend-list-paging">
             1 |
    <?php
        $afriendscount = mysql_query("SELECT COUNT(*) FROM messenger_friendships  WHERE user_one_id = '".$my_id."'") or die(mysql_error());
        $friendscount = mysql_result($afriendscount, 0);

        $pages = ceil($friendscount / 30);

        $n = 1;

        while ($n < $pages) {
            $n++;
            echo "<a href=\"#\" class=\"friend-list-page\" id=\"page-".$n."\">".$n."</a> |";
        }

        echo "<a href=\"#\" class=\"friend-list-page\" id=\"page-2\">&gt;&gt;</a>"
    ?>

        </div>
    </div>


<form id="friend-list-form">
    <table id="friend-list-table" border="0" cellpadding="0" cellspacing="0">
        <tbody>
            <tr class="friend-list-header">
                <td class="friend-select" />
                <td class="friend-name table-heading">Name</td>
                <td class="friend-login table-heading">Letzter Login</td>
                <td class="friend-remove table-heading">Entfernen</td>
            </tr>
           <?php
           $i = 0;
           $getem = mysql_query("SELECT * FROM messenger_friendships WHERE user_one_id = '".$my_id."' LIMIT 30") or die(mysql_error());

           while ($row = mysql_fetch_assoc($getem)) {
                   $i++;

                   if(IsEven($i)){
                       $even = "odd";
                   } else {
                       $even = "even";
                   }

                   if($row['user_two_id'] == '".$my_id."'){
                        $friendsql = mysql_query("SELECT * FROM users WHERE id = '".$row['user_one_id']."'");
                   } else {
                        $friendsql = mysql_query("SELECT * FROM users WHERE id = '".$row['user_two_id']."'");
                   }

                   $friendrow = mysql_fetch_assoc($friendsql);


printf("   <tr class=\"%s\">
               <td><input type=\"checkbox\" name=\"friendList[]\" value=\"%s\" /></td>
               <td class=\"friend-name\">
                %s
               </td>
               <td class=\"friend-login\" title=\"%s\">%s</td>
               <td class=\"friend-remove\"><div id=\"remove-friend-button-%s\" class=\"friendmanagement-small-icons friendmanagement-remove remove-friend\"></div></td>
           </tr>", $even, $friendrow['id'], $friendrow['username'], date('d.m.Y  H:i:s', $friendrow['last_online']), date('d.m.Y  H:i:s', $friendrow['last_online']), $friendrow['id']);
           }
        ?>
        </tbody>
    </table>
    <a class="select-all" id="friends-select-all" href="#">Alle auswählen</a> |
    <a class="deselect-all" href=#" id="friends-deselect-all">Auswahl verwerfen</a>
</form>                        </div>
    <script type="text/javascript">
        new FriendManagement({ currentCategoryId: 0, pageListLimit: 30, pageNumber: 1});
    </script>

<div class="friend-del"><a class="new-button red-button cancel-icon" href="#" id="delete-friends"><b><span></span>Ausgewählte Freunde löschen</b><i></i></a></div>
<br>
<br>
<br>
<br>

                    </div>
                </div>
            </div>
        </div>

<script type="text/javascript">
  L10N.put("friendmanagement.tooltip.deletefriends", "Ausgewählte Freunde wirklich löschen?\n<div class=\"friendmanagement-small-icons friendmanagement-save friendmanagement-tip-delete\"\>\n    <a class=\"friends-delete-button\" id=\"delete-friends-button\"\>Löschen</a\>\n</div\>\n<div class=\"friendmanagement-small-icons friendmanagement-remove friendmanagement-tip-cancel\"\>\n    <a id=\"cancel-delete-friends\"\>Beenden</a\>\n</div\>\n\n");
  L10N.put("friendmanagement.tooltip.deletefriend", "Ausgewählter Freund wirklich löschen?\n<div class=\"friendmanagement-small-icons friendmanagement-save friendmanagement-tip-delete\"\>\n    <a id=\"delete-friend-%friend_id%\"\>Löschen</a\>\n</div\>\n<div class=\"friendmanagement-small-icons friendmanagement-remove friendmanagement-tip-cancel\"\>\n    <a id=\"remove-friend-can-%friend_id%\"\>Beenden</a\>\n</div\>");
  L10N.put("friendmanagement.tooltip.deletecategory", "Diese Kategorie wirklich löschen?\n<div class=\"friendmanagement-small-icons friendmanagement-save friendmanagement-tip-delete\"\>\n    <a class=\"delete-category-button\" id=\"delete-category-%category_id%\"\>Löschen</a\>\n</div\>\n<div class=\"friendmanagement-small-icons friendmanagement-remove friendmanagement-tip-cancel\"\>\n    <a id=\"cancel-cat-delete-%category_id%\"\>Beenden</a\>\n</div\>");
  new FriendManagement({ currentCategoryId: 0, pageListLimit: 30, pageNumber: 1});
</script>

    </div>
    </div>
<?php
 }
elseif($tab == "6"){
?>

<div class="habblet-container " style="float:left; width: 560px;">
        <div class="cbb clearfix red">

            <h2 class="title">Verwarnung(en) und Bann(s)</h2>
          <div class="box-content">

          Hier hast du die Möglichkeit deine <b>letzten 10 Verwarnungen</b> und Banns zu betrachten, die folgenden aufgelisteten Gründe sind <b>nicht</b> zu bestreiten.
          Falls du weiterhin fragen zu deinem Bann hast wende dich an den <b>jeweiligen Mitarbeiter</b>, der dir <b>den jeweiligen Bann</b> ausgeteilt hat!

        <?php
if(!empty($result)){
    if($error == "1"){
    echo "<div class='rounded rounded-red'>";
    } else {
    echo "<div class='rounded rounded-green'>";
    }
    echo "".$result."<br />
    </div><br />";
}
?>

<table class="BAN-history">


<thead>
<tr>
 <th class="BAN-image">Typ</th>
 <th class="BAN-subject">Grund</th>
 <th class="BAN-teilnehmer">Bannung</th>
 <th class="BAN-date">Entbannung</th>
 <th class="BAN-creator">Mitarbeiter</th>

</tr>
</thead>
<tbody>

<?php
$tick = 0;
$get_em = mysql_query("SELECT * FROM bans WHERE value='".$myrow['username']."'") or die(mysql_error());
while($row = mysql_fetch_assoc($get_em)){
$tick++;

if(IsEven($tick)){ $even = "even"; } else { $even = "odd"; }


?>

<tr class="<?php echo $even; ?>">
 <td class="BAN-image"><?php if($row['bantype'] == "user"){ echo 'Account';} else { echo 'IP';}?></td>
 <td class="BAN-subject"><?php echo $row['reason'];?></td>
 <td class="BAN-teilnehmer"><?php echo $row['added_date'];?></td>
 <td class="BAN-date"><?php echo date("d.m.Y h:m",$row['expire']);?></td>
 <td class="BAN-creator"><?php echo $row['added_by'];?></td>

</tr>


<?php }?>
</tbody>
</table>


        </div>
            </div>
        </div>
</div>
</div>
</div>

<style>
/*BANLIST*/

table.BAN-history {
    border: 0;
    border-spacing: 0;
    margin-top:15px;
    width:100%;
    border-collapse: collapse;

}

table.BAN-history tr.odd {
    background-color: #efefef;
    height:40px;
}
table.BAN-history tr.even {
    background-color: white;
    height:40px;
}

table.BAN-history td, table.BAN-history th {
    font-size: 11px;
}

table.BAN-history th {
    color: #999;
    font-size: 12px;
    font-weight: normal;
}

table.BAN-history .BAN-image {
    white-space: nowrap;

}

table.BAN-history .BAN-subject {
    white-space: nowrap;

}
table.BAN-history .BAN-teilnehmer {
    white-space: nowrap;
}

table.BAN-history .BAN-date {
    white-space: nowrap;

}

table.BAN-history .BAN-creator {
    white-space: nowrap;
}

table.BAN-history .BAN-dabei {
    white-space: nowrap;
    padding-left:0px;
}

ul.BAN-navi {
    padding-bottom: 8px;
}
ul.BAN-navi li.next { float: right; }
ul.BAN-navi li.prev { float: left; }

#BAN-log p, ul.BAN-navi {
    margin: 0 15px;
}

div.purse-BAN { font-size: 10px; }
</style>

<?php
}  else { header("location: ".$path.""); exit; } require_once('./templates/community_footer.php'); ?>