SHARE
TWEET

Untitled

a guest Dec 8th, 2019 65 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. if(!defined('IN_INDEX'))
  3.  {
  4.   header('Location: ../index.php');
  5.   exit;
  6.  }
  7.  
  8. // only registered users have access to this section or user area is public:
  9. if(isset($_SESSION[$settings['session_prefix'].'user_id']) || $settings['user_area_public']==1)
  10.  {
  11.   if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
  12.   else $action = 'main';
  13.  
  14.   if(isset($_GET['user_lock'])) $action = 'user_lock';
  15.   if(isset($_GET['show_user'])) $action = 'show_user';
  16.   if(isset($_GET['show_posts'])) $action = 'show_posts';
  17.   if(isset($_POST['edit_user_submit'])) $action = 'edit_userdata';
  18.   if(isset($_POST['edit_pw_submit'])) $action = 'edit_pw_submitted';
  19.   if(isset($_POST['edit_email_submit'])) $action = 'edit_email_submit';
  20.  
  21.   if(isset($_REQUEST['id'])) $id = $_REQUEST['id'];
  22.  
  23.   switch($action)
  24.    {
  25.     case 'main':
  26.      if(isset($_GET['search_user']) && trim($_GET['search_user'])!='') $search_user = trim($_GET['search_user']);
  27.  
  28.      // count users and pages:
  29.      if(isset($search_user))
  30.       {
  31.        $user_count_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table']." WHERE activate_code='' AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%'", $connid);
  32.       }
  33.      else
  34.       {
  35.        $user_count_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table']." WHERE activate_code=''", $connid);
  36.       }
  37.      list($total_users) = mysql_fetch_row($user_count_result);
  38.      mysql_free_result($user_count_result);
  39.      $total_pages = ceil($total_users / $settings['users_per_page']);
  40.  
  41.      // who is online:
  42.      if($settings['count_users_online']>0)
  43.       {
  44.        $useronline_result = mysql_query("SELECT ".$db_settings['userdata_table'].".user_name, ".$db_settings['useronline_table'].".user_id
  45.                                          FROM ".$db_settings['useronline_table']."
  46.                                          LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['useronline_table'].".user_id
  47.                                          WHERE ".$db_settings['useronline_table'].".user_id > 0
  48.                                          ORDER BY user_name ASC", $connid) or raise_error('database_error',mysql_error());
  49.        $i=0;
  50.        while($uid_field = mysql_fetch_array($useronline_result))
  51.         {
  52.          $useronline_array[] = $uid_field['user_id'];
  53.          $users_online[$i]['id'] = $uid_field['user_id'];
  54.          $users_online[$i]['name'] = htmlspecialchars($uid_field['user_name']);
  55.          ++$i;
  56.         }
  57.        mysql_free_result($useronline_result);
  58.       }
  59.  
  60.      if(isset($users_online)) $smarty->assign('users_online',$users_online);
  61.  
  62.      if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1;
  63.      if($page > $total_pages) $page = $total_pages;
  64.      if($page < 1) $page = 1;
  65.  
  66.      if(isset($_GET['order'])) $order = $_GET['order']; else $order='user_name';
  67.      #if($order!='user_id' && $order!='user_name' && $order!='user_email' && $order!='user_type' && $order!='registered' && $order!='logins' && $order!='last_login' && $order!='user_lock' && $order!='postings' && $order!='user_hp' && $order!='email_contact' && $order!='online') $order='user_name';
  68.      if($order!='user_id' && $order!='user_name' && $order!='user_email' && $order!='user_type' && $order!='registered' && $order!='logins' && $order!='last_login' && $order!='user_lock' && $order!='user_hp' && $order!='email_contact' && $order!='online') $order='user_name';
  69.      if($order=='user_lock' && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']<1)) $order='user_name';
  70.      if(isset($_GET['descasc'])) $descasc = $_GET['descasc']; else $descasc = "ASC";
  71.      if($descasc!='DESC' && $descasc!='ASC') $descasc = 'ASC';
  72.  
  73.      $ul = ($page-1) * $settings['users_per_page'];
  74.  
  75.     // get userdata:
  76.     #if($categories!=false) $category_query_add = ' AND '.$db_settings['forum_table'].'.category IN ('.$category_ids_query.')';
  77.     $category_query_add = '';
  78.  
  79.     if(isset($search_user))
  80.       {
  81.        /*
  82.        $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, count(".$db_settings['forum_table'].".id) AS postings
  83.                                FROM ".$db_settings['userdata_table']."
  84.                                LEFT JOIN ".$db_settings['forum_table']." ON ".$db_settings['forum_table'].".user_id=".$db_settings['userdata_table'].".user_id
  85.                                WHERE activate_code=''".$category_query_add." AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%'
  86.                                GROUP BY ".$db_settings['userdata_table'].".user_id
  87.                                ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  88.        */
  89.        $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, user_real_name
  90.                                FROM ".$db_settings['userdata_table']."
  91.                                WHERE activate_code=''".$category_query_add." AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%'
  92.                                ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  93.       }
  94.      else
  95.       {
  96.        /*
  97.        $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, count(".$db_settings['forum_table'].".id) AS postings
  98.                                FROM ".$db_settings['userdata_table']."
  99.                                LEFT JOIN ".$db_settings['forum_table']." ON ".$db_settings['forum_table'].".user_id=".$db_settings['userdata_table'].".user_id
  100.                                WHERE activate_code=''".$category_query_add."
  101.                                GROUP BY ".$db_settings['userdata_table'].".user_id
  102.                                ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  103.         */
  104.         $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, user_real_name
  105.                                FROM ".$db_settings['userdata_table']."
  106.                                WHERE activate_code=''".$category_query_add."
  107.                                ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  108.  
  109.       }
  110.      #$result_count = mysql_num_rows($result);
  111.      $i=0;
  112.      while($row = mysql_fetch_array($result))
  113.       {
  114.        $userdata[$i]['user_id'] = $row['user_id'];
  115.        $userdata[$i]['user_name'] = htmlspecialchars($row['user_name']);
  116.        $userdata[$i]['user_real_name'] = htmlspecialchars($row['user_real_name']);
  117.        #$userdata[$i]['email_contact'] = $row['email_contact'];
  118.        if($row['email_contact']==1) $userdata[$i]['user_email'] = TRUE;
  119.        $userdata[$i]['user_hp'] = htmlspecialchars($row['user_hp']);
  120.        if(trim($userdata[$i]['user_hp'])!='')
  121.         {
  122.          $userdata[$i]['user_hp'] = add_http_if_no_protocol($userdata[$i]['user_hp']);
  123.         }
  124.        $userdata[$i]['user_type'] = $row['user_type'];
  125.        $userdata[$i]['user_lock'] = $row['user_lock'];
  126.        // count postings:
  127.        #if($categories==false) $count_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($row['user_id']), $connid);
  128.        #else $count_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($row['user_id'])." AND category IN (".$category_ids_query.")", $connid);
  129.        #list($postings) = mysql_fetch_row($count_result);
  130.        #mysql_free_result($count_result);
  131.        #$userdata[$i]['postings'] = $postings;
  132.        #$userdata[$i]['postings'] = $row['postings'];
  133.        // is user online:
  134.        #if(isset($useronline_array) && in_array($row['user_id'], $useronline_array))
  135.        # {
  136.        #  $userdata[$i]['online'] = TRUE;
  137.        # }
  138.        #$userdata[$i]['online'] = $row['online'];
  139.        $i++;
  140.       }
  141.      mysql_free_result($result);
  142.  
  143.      $smarty->assign('pagination', pagination($total_pages,$page,3));
  144.  
  145.      if(isset($userdata)) $smarty->assign('userdata',$userdata);
  146.      #$smarty->assign('page',$page);
  147.      $smarty->assign('total_users',$total_users);
  148.      #$smarty->assign('total_pages',$total_pages);
  149.      #$smarty->assign('previous_page',$previous_page);
  150.      #$smarty->assign('next_page',$next_page);
  151.  
  152.      if(isset($search_user))
  153.       {
  154.        $smarty->assign('search_user',htmlspecialchars($search_user));
  155.        $smarty->assign('search_user_encoded',urlencode($search_user));
  156.       }
  157.      $smarty->assign('order',$order);
  158.      $smarty->assign('descasc',$descasc);
  159.      $smarty->assign('ul',$ul);
  160.      $smarty->assign('page',$page);
  161.      $smarty->assign('subnav_location','subnav_userarea');
  162.      $smarty->assign('subtemplate','user.inc.tpl');
  163.      $template = 'main.tpl';
  164.     break;
  165.     case 'user_lock':
  166.      if(isset($_GET['page']))
  167.       {
  168.        $page = intval($_GET['page']);
  169.        if($page < 1) $page = 1;
  170.        $order = urlencode($_GET['order']);
  171.        $descasc = urlencode($_GET['descasc']);
  172.        if(isset($_GET['search_user'])) $search_user_q = '&search_user='.urlencode($_GET['search_user']);
  173.        else $search_user_q = '';
  174.       }
  175.      if(isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type']==1 || $_SESSION[$settings['session_prefix'].'user_type']==2))
  176.       {
  177.        $lock_result = @mysql_query("SELECT user_type, user_lock FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($_GET['user_lock'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  178.        $field = mysql_fetch_array($lock_result);
  179.        mysql_free_result($lock_result);
  180.        if($field['user_type']==0)
  181.         {
  182.          if($field['user_lock'] == 0) $new_lock = 1; else $new_lock = 0;
  183.          @mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_lock='".$new_lock."', last_login=last_login, registered=registered WHERE user_id='".intval($_GET['user_lock'])."' LIMIT 1", $connid);
  184.         }
  185.       }
  186.      if(isset($_GET['page'])) header('Location: index.php?mode=user'.$search_user_q.'&page='.$page.'&order='.$order.'&descasc='.$descasc);
  187.      else header('Location: index.php?mode=user&show_user='.intval($_GET['user_lock']));
  188.      exit;
  189.     break;
  190.     case 'show_user':
  191.      $id = intval($_GET['show_user']);
  192.  
  193.      $result = mysql_query("SELECT user_id, user_type, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, profile, cache_profile, logins, UNIX_TIMESTAMP(registered) AS registered, UNIX_TIMESTAMP(registered + INTERVAL ".$time_difference." MINUTE) AS user_registered, UNIX_TIMESTAMP(last_login + INTERVAL ".$time_difference." MINUTE) AS user_last_login, user_lock
  194.      FROM ".$db_settings['userdata_table']."
  195.      LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id=".$db_settings['userdata_table'].".user_id
  196.      WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  197.  
  198.      if(mysql_num_rows($result)==1)
  199.       {
  200.        $row = mysql_fetch_array($result);
  201.        #mysql_free_result($result);
  202.        // count postings:
  203.        $count_postings_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id, $connid);
  204.        list($postings) = mysql_fetch_row($count_postings_result);
  205.        mysql_free_result($count_postings_result);
  206.        // last posting:
  207.        if($categories==false) $result = mysql_query("SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." ORDER BY time DESC LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  208.        else $result = mysql_query("SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.") ORDER BY time DESC LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  209.        $last_posting = mysql_fetch_array($result);
  210.        mysql_free_result($result);
  211.  
  212.        $user_name = htmlspecialchars($row['user_name']);
  213.  
  214.        $year = my_substr($row['birthday'], 0, 4, $lang['charset']);
  215.        $month = my_substr($row['birthday'], 5, 2, $lang['charset']);
  216.        $day = my_substr($row['birthday'], 8, 2, $lang['charset']);
  217.  
  218.        $ystr = strrev(intval(strftime("%Y%m%d"))-intval($year.$month.$day));
  219.        $years = intval(strrev(my_substr($ystr,4,my_strlen($ystr,$lang['charset']),$lang['charset'])));
  220.  
  221.        $smarty->assign('p_user_id', $row['user_id']);
  222.        $smarty->assign('user_name', $user_name);
  223.        $smarty->assign('p_user_type', $row['user_type']);
  224.        $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name']));
  225.        $smarty->assign('gender', $row['gender']);
  226.        if($day!=0&&$month!=0&&$year!=0)
  227.         {
  228.          $birthdate['day'] = $day;
  229.          $birthdate['month'] = $month;
  230.          $birthdate['year'] = $year;
  231.          $smarty->assign('birthdate', $birthdate);
  232.          $smarty->assign('years',$years);
  233.         }
  234.        if($row['email_contact']==1) $smarty->assign('user_email',TRUE);
  235.        if(trim($row['user_hp'])!='')
  236.         {
  237.          $row['user_hp'] = add_http_if_no_protocol($row['user_hp']);
  238.         }
  239.        $smarty->assign('user_hp', htmlspecialchars($row['user_hp']));
  240.        $smarty->assign('user_location', htmlspecialchars($row['user_location']));
  241.        $smarty->assign('user_registered', format_time($lang['time_format'],$row['user_registered']));
  242.        if($row['user_registered']!=$row['user_last_login']) $smarty->assign('user_last_login', format_time($lang['time_format'],$row['user_last_login']));
  243.        $smarty->assign('postings', $postings);
  244.        if($postings>0) $smarty->assign('postings_percent', number_format($postings/$total_postings*100,1));
  245.        else $smarty->assign('postings_percent', 0);
  246.        $smarty->assign('logins', $row['logins']);
  247.        $days_registered = (TIMESTAMP - $row['registered'])/86400;
  248.        if($days_registered<1) $days_registered=1;
  249.        $smarty->assign('logins_per_day',number_format($row['logins']/$days_registered,2));
  250.        $smarty->assign('postings_per_day',number_format($postings/$days_registered,2));
  251.        $smarty->assign('last_posting_id',$last_posting['id']);
  252.        $smarty->assign('last_posting_time',$last_posting['disp_time']);
  253.        $smarty->assign('last_posting_subject',htmlspecialchars($last_posting['subject']));
  254.  
  255.        if($settings['avatars']>0)
  256.         {
  257.          if(file_exists('images/avatars/'.$id.'.jpg')) $avatar['image'] = 'images/avatars/'.$id.'.jpg';
  258.          elseif(file_exists('images/avatars/'.$id.'.png')) $avatar['image'] = 'images/avatars/'.$id.'.png';
  259.          elseif(file_exists('images/avatars/'.$id.'.gif')) $avatar['image'] = 'images/avatars/'.$id.'.gif';
  260.          if(isset($avatar))
  261.           {
  262.            $image_info = getimagesize($avatar['image']);
  263.            $avatar['width'] = $image_info[0];
  264.            $avatar['height'] = $image_info[1];
  265.            $smarty->assign('avatar', $avatar);
  266.           }
  267.         }
  268.  
  269.        if($row['profile']!='' && $row['cache_profile']=='')
  270.         {
  271.          // no cached profile so parse it and cache it:
  272.          $profile=html_format($row['profile']);
  273.  
  274.          // check if there's already a cached record for this user_id
  275.          list($row_count) = @mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($row['user_id']), $connid));
  276.          if($row_count==1)
  277.           {
  278.            // there's already a record (cached signature) so update it:
  279.            @mysql_query("UPDATE ".$db_settings['userdata_cache_table']." SET cache_profile='".mysql_real_escape_string($profile)."' WHERE cache_id=".intval($row['user_id']), $connid);
  280.           }
  281.          else
  282.           {
  283.            // prevent double entries (probably not really necessary because we already counted the records):
  284.            @mysql_query("DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($row['user_id']), $connid);
  285.            // insert cached profile:
  286.            @mysql_query("INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (".intval($row['user_id']).",'','".mysql_real_escape_string($profile)."')", $connid);
  287.           }
  288.         }
  289.        elseif($row['profile']=='')
  290.         {
  291.          $profile='';
  292.         }
  293.        else
  294.         {
  295.          // there's already a cached profile so just take it without any parsing:
  296.          $profile = $row['cache_profile'];
  297.         }
  298.  
  299.        #$profile=nl2br(htmlspecialchars($row['profile']));
  300.        #if($settings['autolink'] == 1) $profile = make_link($profile);
  301.        #if($settings['bbcode'] == 1) $profile = bbcode($profile);
  302.        #if($settings['smilies'] == 1) $profile = smilies($profile);
  303.        $smarty->assign('profile', $profile);
  304.        if($row['user_lock']==1) $smarty->assign('user_is_locked', true);
  305.        else $smarty->assign('user_is_locked', false);
  306.        $breadcrumbs[0]['link'] = 'index.php?mode=user';
  307.        $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  308.        $smarty->assign('breadcrumbs',$breadcrumbs);
  309.        $smarty->assign('subnav_location','subnav_userarea_show_user');
  310.        $smarty->assign('subnav_location_var',$user_name);
  311.       }
  312.      else
  313.       {
  314.        $subnav_link = array('mode'=>'index', 'title'=>'forum_index_link_title', 'name'=>'forum_index_link');
  315.        $smarty->assign('subnav_link',$subnav_link);
  316.       }
  317.      $smarty->assign('subtemplate','user_profile.inc.tpl');
  318.      $template = 'main.tpl';
  319.     break;
  320.     case 'show_posts':
  321.      $id = intval($_GET['id']);
  322.      $result = mysql_query("SELECT user_id, user_name
  323.                             FROM ".$db_settings['userdata_table']."
  324.                             WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  325.      $row = mysql_fetch_array($result);
  326.      mysql_free_result($result);
  327.  
  328.      $user_name = htmlspecialchars($row['user_name']);
  329.  
  330.      // count postings:
  331.      if($categories==false) $count_postings_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id, $connid);
  332.      else $count_postings_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.")", $connid);
  333.      list($user_postings_count) = mysql_fetch_row($count_postings_result);
  334.      mysql_free_result($count_postings_result);
  335.  
  336.      $total_pages = ceil($user_postings_count / $settings['search_results_per_page']);
  337.      if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1;
  338.      if($page < 1) $page = 1;
  339.      if($page > $total_pages) $page = $total_pages;
  340.      $ul = ($page-1) * $settings['search_results_per_page'];
  341.  
  342.      $smarty->assign('pagination', pagination($total_pages,$page,3));
  343.  
  344.      if($user_postings_count>0)
  345.       {
  346.        if($categories==false) $result = @mysql_query("SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." ORDER BY time DESC LIMIT ".$ul.", ".$settings['search_results_per_page'], $connid);
  347.        else $result = @mysql_query("SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.") ORDER BY time DESC LIMIT ".$ul.", ".$settings['search_results_per_page'], $connid);
  348.        $i=0;
  349.        while($row = mysql_fetch_array($result))
  350.         {
  351.          $user_postings_data[$i]['id'] = intval($row['id']);
  352.          $user_postings_data[$i]['pid'] = intval($row['pid']);
  353.          $user_postings_data[$i]['name'] = $user_name;
  354.          $user_postings_data[$i]['subject'] = htmlspecialchars($row['subject']);
  355.          $user_postings_data[$i]['disp_time'] = $row['disp_time'];
  356.          if(isset($categories[$row['category']]) && $categories[$row['category']]!='')
  357.           {
  358.            $user_postings_data[$i]['category']=$row["category"];
  359.            $user_postings_data[$i]['category_name']=$categories[$row["category"]];
  360.           }
  361.          $i++;
  362.         }
  363.        mysql_free_result($result);
  364.       }
  365.      if(isset($user_postings_data)) $smarty->assign('user_postings_data',$user_postings_data);
  366.      $smarty->assign('user_postings_count',$user_postings_count);
  367.      $smarty->assign('action','show_posts');
  368.      $smarty->assign('id',$id);
  369.  
  370.      $breadcrumbs[0]['link'] = 'index.php?mode=user';
  371.      $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  372.      $smarty->assign('breadcrumbs',$breadcrumbs);
  373.      $smarty->assign('subnav_location','subnav_userarea_show_posts');
  374.      $smarty->assign('subnav_location_var',$user_name);
  375.      $smarty->assign('subtemplate','user_postings.inc.tpl');
  376.      $template = 'main.tpl';
  377.     break;
  378.     case 'edit_profile':
  379.      if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  380.       {
  381.        $id = $_SESSION[$settings['session_prefix'].'user_id'];
  382.        $result = mysql_query("SELECT user_id, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, signature, profile, new_posting_notification, new_user_notification, auto_login_code, language, time_zone, time_difference, theme FROM ".$db_settings['userdata_table']." WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  383.        $row = mysql_fetch_array($result);
  384.        mysql_free_result($result);
  385.        if(trim($row['birthday']) == '' || $row['birthday']=='0000-00-00') $user_birthday = '';
  386.        else
  387.         {
  388.          $year = my_substr($row['birthday'], 0, 4, $lang['charset']);
  389.          $month = my_substr($row['birthday'], 5, 2, $lang['charset']);
  390.          $day = my_substr($row['birthday'], 8, 2, $lang['charset']);
  391.          $user_birthday = $year.'-'.$month.'-'.$day;
  392.         }
  393.  
  394.        if(isset($category_selection)) $smarty->assign('category_selection',$category_selection);
  395.  
  396.        // time zones:
  397.        if(function_exists('date_default_timezone_set') && $time_zones = get_timezones())
  398.         {
  399.          $smarty->assign('user_time_zone', htmlspecialchars($row['time_zone']));
  400.          $smarty->assign('time_zones', $time_zones);
  401.          if(!empty($settings['time_zone'])) $smarty->assign('default_time_zone', $settings['time_zone']);
  402.         }
  403.  
  404.        $languages = get_languages(true);
  405.        if(isset($languages) && count($languages)>1)
  406.         {
  407.          $smarty->assign('user_language', htmlspecialchars($row['language']));
  408.          $smarty->assign('languages', $languages);
  409.          foreach($languages as $l)
  410.           {
  411.            if($l['identifier']==$settings['language_file'])
  412.             {
  413.              $default_language = $l['title'];
  414.              $smarty->assign('default_language', $default_language);
  415.              break;
  416.             }
  417.           }
  418.         }
  419.  
  420.        $themes = get_themes(true);
  421.        if(isset($themes) && count($themes)>1)
  422.         {
  423.          $smarty->assign('user_theme', htmlspecialchars($row['theme']));
  424.          $smarty->assign('themes', $themes);
  425.          foreach($themes as $t)
  426.           {
  427.            if($t['identifier']==$settings['theme'])
  428.             {
  429.              $default_theme = $t['title'];
  430.              $smarty->assign('default_theme', $default_theme);
  431.              break;
  432.             }
  433.           }
  434.         }
  435.  
  436.        if($row['time_difference']<0) $time_difference_hours = ceil($row['time_difference']/60);
  437.        else $time_difference_hours = floor($row['time_difference']/60);
  438.        $time_difference_minutes = abs($row['time_difference']-$time_difference_hours*60);
  439.        if($time_difference_minutes<10) $time_difference_minutes = '0'.$time_difference_minutes;
  440.        if(intval($row['time_difference'])>0) $user_time_difference = '+'.$time_difference_hours;
  441.        else $user_time_difference = $time_difference_hours;
  442.        if($time_difference_minutes>0) $user_time_difference .= ':'.$time_difference_minutes;
  443.        $smarty->assign('user_time_difference', $user_time_difference);
  444.  
  445.        #$smarty->assign('default_forum_time', format_time($lang['time_format'],TIMESTAMP+intval($settings['time_difference'])*60));
  446.        if(isset($_GET['msg'])) $smarty->assign('msg',$_GET['msg']);
  447.        $smarty->assign('user_name', htmlspecialchars($row['user_name']));
  448.        $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name']));
  449.        $smarty->assign('user_gender', $row['gender']);
  450.        $smarty->assign('user_birthday', $user_birthday);
  451.        $smarty->assign('user_email',htmlspecialchars($row['user_email']));
  452.        $smarty->assign('email_contact',$row['email_contact']);
  453.        $smarty->assign('user_hp', htmlspecialchars($row['user_hp']));
  454.        $smarty->assign('user_location', htmlspecialchars($row['user_location']));
  455.        $profile=htmlspecialchars($row['profile']);
  456.        $smarty->assign('profile', htmlspecialchars($row['profile']));
  457.        $smarty->assign('signature', htmlspecialchars($row['signature']));
  458.        if($row['auto_login_code']!='') $smarty->assign('auto_login', 1);
  459.        else $smarty->assign('auto_login', 0);
  460.  
  461.        if($settings['avatars']>0)
  462.         {
  463.          if(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.jpg')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.jpg';
  464.          elseif(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.png')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.png';
  465.          elseif(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.gif')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.gif';
  466.  
  467.          if(isset($avatar))
  468.           {
  469.            $image_info = getimagesize($avatar['image']);
  470.            $avatar['width'] = $image_info[0];
  471.            $avatar['height'] = $image_info[1];
  472.            $smarty->assign('avatar', $avatar);
  473.           }
  474.         }
  475.  
  476.        if($_SESSION[$settings['session_prefix'].'user_type']==1||$_SESSION[$settings['session_prefix'].'user_type']==2)
  477.         {
  478.          $smarty->assign('new_posting_notification', $row['new_posting_notification']);
  479.          $smarty->assign('new_user_notification', $row['new_user_notification']);
  480.         }
  481.  
  482.        $breadcrumbs[0]['link'] = 'index.php?mode=user';
  483.        $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  484.        $smarty->assign('breadcrumbs',$breadcrumbs);
  485.        $smarty->assign('subnav_location','subnav_userarea_edit_user');
  486.        $smarty->assign('subtemplate','user_edit.inc.tpl');
  487.        $template = 'main.tpl';
  488.       }
  489.     break;
  490.     case 'edit_userdata':
  491.      if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  492.       {
  493.        $id = $_SESSION[$settings['session_prefix'].'user_id'];
  494.        if(empty($_POST['email_contact'])) $email_contact = 0;
  495.        else $email_contact = 1;
  496.        $user_hp = trim($_POST['user_hp']);
  497.        $user_real_name = trim($_POST['user_real_name']);
  498.        $user_birthday = trim($_POST['user_birthday']);
  499.        if(isset($_POST['user_gender'])) $gender = intval($_POST['user_gender']);
  500.        else $gender=0;
  501.        if($gender!=0&&$gender!=1&&$gender!=2) $gender=0;
  502.        $user_location = trim($_POST['user_location']);
  503.        $profile = trim($_POST['profile']);
  504.        $signature = trim($_POST['signature']);
  505.  
  506.        // time zone:
  507.        $user_time_zone = '';
  508.        if(isset($_POST['user_time_zone']) && $_POST['user_time_zone']!='' && function_exists('date_default_timezone_set') && $time_zones = get_timezones())
  509.         {
  510.          if(in_array($_POST['user_time_zone'], $time_zones)) $user_time_zone = $_POST['user_time_zone'];
  511.         }
  512.  
  513.        // time difference:
  514.        $user_time_difference = isset($_POST['user_time_difference']) ? trim($_POST['user_time_difference']) : '';
  515.        if(isset($user_time_difference[0]) && $user_time_difference[0]=='-') $negative = true;
  516.        $user_time_difference_array = explode(':',$_POST['user_time_difference']);
  517.        $hours_difference = abs(intval($user_time_difference_array[0]));
  518.        if($hours_difference<-24 || $hours_difference>24) $hours_difference = 0;
  519.        if(isset($user_time_difference_array[1])) $minutes_difference = intval($user_time_difference_array[1]);
  520.        if(isset($minutes_difference))
  521.         {
  522.          if($minutes_difference<0 || $minutes_difference>59) $minutes_difference = 0;
  523.         }
  524.        else
  525.         {
  526.          $minutes_difference = 0;
  527.         }
  528.        if(isset($negative))
  529.         {
  530.          $user_time_difference = 0 - ($hours_difference*60 + $minutes_difference);
  531.         }
  532.        else $user_time_difference = $hours_difference*60 + $minutes_difference;
  533.  
  534.        // language:
  535.        $user_language = '';
  536.        if(isset($_POST['user_language']) && trim($_POST['user_language'])!='')
  537.         {
  538.          $languages = get_languages();
  539.          if(isset($languages) && count($languages)>1)
  540.           {
  541.            if(in_array($_POST['user_language'], $languages))
  542.             {
  543.              $user_language = $_POST['user_language'];
  544.             }
  545.           }
  546.         }
  547.  
  548.        // theme:
  549.        $user_theme = '';
  550.        if(isset($_POST['user_theme']) && trim($_POST['user_theme'])!='')
  551.         {
  552.          $themes = get_themes();
  553.          if(isset($themes) && count($themes)>1)
  554.           {
  555.            if(in_array($_POST['user_theme'], $themes))
  556.             {
  557.              $user_theme = $_POST['user_theme'];
  558.             }
  559.           }
  560.         }
  561.  
  562.        if(isset($_POST['user_view'])) $user_view = intval($_POST['user_view']); else $user_view=0;
  563.        if($user_view!=0&&$user_view!=1&&$user_view!=2) $user_view = 0;
  564.        if($_SESSION[$settings['session_prefix'].'user_type']==1||$_SESSION[$settings['session_prefix'].'user_type']==2)
  565.         {
  566.          if(isset($_POST['new_posting_notification']) && $_SESSION[$settings['session_prefix'].'user_type']>0) $new_posting_notification = intval($_POST['new_posting_notification']);
  567.          else $new_posting_notification = 0;
  568.          if($new_posting_notification!=0&&$new_posting_notification!=1) $new_posting_notification=0;
  569.          if(isset($_POST['new_user_notification']) && $_SESSION[$settings['session_prefix'].'user_type']>0) $new_user_notification = intval($_POST['new_user_notification']);
  570.          else $new_user_notification = 0;
  571.          if($new_user_notification!=0&&$new_user_notification!=1) $new_user_notification=0;
  572.         }
  573.        else
  574.         {
  575.          $new_posting_notification = 0;
  576.          $new_user_notification = 0;
  577.         }
  578.  
  579.        if($settings['autologin']==1 && isset($_POST['auto_login']) && intval($_POST['auto_login'])==1)
  580.         {
  581.          $auto_login = 1;
  582.         }
  583.        else
  584.         {
  585.          $auto_login = 0;
  586.         }
  587.  
  588.        // check posted data:
  589.        if(my_strlen($user_hp,$lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long';
  590.        if(my_strlen($user_real_name,$lang['charset']) > $settings['name_maxlength']) $errors[] = 'error_name_too_long';
  591.        if(isset($user_hp) && $user_hp != '' && !is_valid_url($user_hp)) $errors[] = 'error_hp_wrong';
  592.  
  593.        if(isset($_POST['category_selection']) && is_array($_POST['category_selection']))
  594.         {
  595.          $filtered_category_selection = filter_category_selection($_POST['category_selection'], $category_ids);
  596.          if(count($filtered_category_selection)>0) $category_selection_db = implode(',',$filtered_category_selection);
  597.         }
  598.  
  599.        // birthday check:
  600.        if($user_birthday!='')
  601.         {
  602.          if(is_valid_birthday($user_birthday))
  603.           {
  604.            $year = intval(my_substr($user_birthday, 0, 4, $lang['charset']));
  605.            $month = intval(my_substr($user_birthday, 5, 2, $lang['charset']));
  606.            $day = intval(my_substr($user_birthday, 8, 2, $lang['charset']));
  607.            $birthday = $year.'-'.$month.'-'.$day;
  608.           }
  609.          else $errors[] = 'error_invalid_date';
  610.         }
  611.        if(empty($birthday)) $birthday = '0000-00-00';
  612.  
  613.        if(my_strlen($user_hp,$lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long';
  614.        if(my_strlen($user_location,$lang['charset']) > $settings['location_maxlength']) $errors[] = 'error_location_too_long';
  615.        $smarty->assign('profil_length',my_strlen($profile, $lang['charset']));
  616.        if(my_strlen($profile, $lang['charset']) > $settings['profile_maxlength']) $errors[] = 'error_profile_too_long';
  617.        $smarty->assign('signature_length',my_strlen($signature, $lang['charset']));
  618.        if(my_strlen($signature, $lang['charset']) > $settings['signature_maxlength']) $errors[] = 'error_signature_too_long';
  619.  
  620.        // check for too long words:
  621.        $too_long_word = too_long_word($user_real_name,$settings['name_word_maxlength']);
  622.        if($too_long_word) $errors[] = 'error_word_too_long';
  623.  
  624.        if(empty($too_long_word))
  625.         {
  626.          $too_long_word = too_long_word($user_location,$settings['location_word_maxlength']);
  627.          if($too_long_word) $errors[] = 'error_word_too_long';
  628.         }
  629.  
  630.        $profile_check = html_format($profile);
  631.        $profile_check = strip_tags($profile_check);
  632.        if(empty($too_long_word))
  633.         {
  634.          $too_long_word = too_long_word($profile_check,$settings['text_word_maxlength']);
  635.          if($too_long_word) $errors[] = 'error_word_too_long';
  636.         }
  637.  
  638.        $signature_check = signature_format($signature);
  639.        $signature_check = strip_tags($signature_check);
  640.        if(empty($too_long_word))
  641.         {
  642.          $too_long_word = too_long_word($signature_check,$settings['text_word_maxlength']);
  643.          if($too_long_word) $errors[] = 'error_word_too_long';
  644.         }
  645.  
  646.        // check for not accepted words:
  647.        $joined_message = my_strtolower($user_real_name.' '.$user_hp.' '.$profile.' '.$signature, $lang['charset']);
  648.        $not_accepted_words = get_not_accepted_words($joined_message);
  649.        if($not_accepted_words!=false)
  650.         {
  651.          $not_accepted_words_listing = implode(', ',$not_accepted_words);
  652.          if(count($not_accepted_words)==1)
  653.           {
  654.            $smarty->assign('not_accepted_word',htmlspecialchars($not_accepted_words_listing));
  655.            $errors[] = 'error_not_accepted_word';
  656.           }
  657.          else
  658.           {
  659.            $smarty->assign('not_accepted_words',htmlspecialchars($not_accepted_words_listing));
  660.            $errors[] = 'error_not_accepted_words';
  661.           }
  662.         }
  663.  
  664.        if(isset($errors))
  665.         {
  666.          $smarty->assign('errors', $errors);
  667.          $result = mysql_query("SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  668.          $row = mysql_fetch_array($result);
  669.          mysql_free_result($result);
  670.          // timezones:
  671.          if(function_exists('date_default_timezone_set') && $time_zones = get_timezones())
  672.           {
  673.            $smarty->assign('time_zones', $time_zones);
  674.            $smarty->assign('user_time_zone', htmlspecialchars($user_time_zone));
  675.           }
  676.          // languages:
  677.          $languages = get_languages(true);
  678.          if(isset($languages) && count($languages)>1)
  679.           {
  680.            $smarty->assign('languages', $languages);
  681.            $smarty->assign('user_language', htmlspecialchars($user_language));
  682.           }
  683.          // themes:
  684.          $themes = get_themes(true);
  685.          if(isset($themes) && count($themes)>1)
  686.           {
  687.            $smarty->assign('themes', $themes);
  688.            $smarty->assign('user_theme', htmlspecialchars($user_theme));
  689.           }
  690.          if(isset($too_long_word)) $smarty->assign('word',$too_long_word);
  691.          $smarty->assign('user_name', htmlspecialchars($row['user_name']));
  692.          $smarty->assign('user_email', htmlspecialchars($row['user_email']));
  693.          $smarty->assign('email_contact', $email_contact);
  694.          $smarty->assign('user_hp', htmlspecialchars($user_hp));
  695.          $smarty->assign('user_real_name', htmlspecialchars($user_real_name));
  696.          $smarty->assign('user_gender', $gender);
  697.          $smarty->assign('user_birthday', htmlspecialchars($user_birthday));
  698.          $smarty->assign('user_location', htmlspecialchars($user_location));
  699.          $smarty->assign('profile', htmlspecialchars($profile));
  700.          $smarty->assign('signature', htmlspecialchars($signature));
  701.          if(isset($_POST['user_time_difference'])) $smarty->assign('user_time_difference', htmlspecialchars($_POST['user_time_difference']));
  702.          #$smarty->assign('user_view', $user_view);
  703.          $smarty->assign('auto_login', $auto_login);
  704.          $smarty->assign('new_posting_notification', $new_posting_notification);
  705.          $smarty->assign('new_user_notification', $new_user_notification);
  706.          if(isset($_POST['category_selection']) && is_array($_POST['category_selection'])) $smarty->assign('category_selection', $_POST['category_selection']);
  707.          $smarty->assign('time_difference_array',$user_time_difference_array);
  708.          $breadcrumbs[0]['link'] = 'index.php?mode=user';
  709.          $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  710.          $smarty->assign('breadcrumbs',$breadcrumbs);
  711.          $smarty->assign('subnav_location','subnav_userarea_edit_user');
  712.          $smarty->assign('subtemplate','user_edit.inc.tpl');
  713.          $template = 'main.tpl';
  714.         }
  715.        else
  716.         {
  717.          if(isset($category_selection_db))
  718.           {
  719.            @mysql_query("UPDATE ".$db_settings['userdata_table']." SET email_contact=".intval($email_contact).", user_hp='".mysql_real_escape_string($user_hp)."', user_real_name='".mysql_real_escape_string($user_real_name)."', gender=".intval($gender).", birthday='".mysql_real_escape_string($birthday)."', user_location='".mysql_real_escape_string($user_location)."', profile='".mysql_real_escape_string($profile)."', signature='".mysql_real_escape_string($signature)."', user_view=".intval($user_view).", new_posting_notification=".intval($new_posting_notification).", new_user_notification=".intval($new_user_notification).", category_selection='".mysql_real_escape_string($category_selection_db)."', language='".mysql_real_escape_string($user_language)."', time_zone='".mysql_real_escape_string($user_time_zone)."', time_difference=".intval($user_time_difference).", theme='".mysql_real_escape_string($user_theme)."', last_login=last_login,last_logout=last_logout,registered=registered WHERE user_id=".intval($id), $connid);
  720.            $_SESSION[$settings['session_prefix'].'usersettings']['category_selection'] = $filtered_category_selection;
  721.           }
  722.          else
  723.           {
  724.            @mysql_query("UPDATE ".$db_settings['userdata_table']." SET email_contact=".intval($email_contact).", user_hp='".mysql_real_escape_string($user_hp)."', user_real_name='".mysql_real_escape_string($user_real_name)."', gender=".intval($gender).", birthday='".mysql_real_escape_string($birthday)."', user_location='".mysql_real_escape_string($user_location)."', profile='".mysql_real_escape_string($profile)."', signature='".mysql_real_escape_string($signature)."', user_view=".intval($user_view).", new_posting_notification=".intval($new_posting_notification).", new_user_notification=".intval($new_user_notification).", category_selection=NULL, language='".mysql_real_escape_string($user_language)."', time_zone='".mysql_real_escape_string($user_time_zone)."', time_difference=".intval($user_time_difference).", theme='".mysql_real_escape_string($user_theme)."', last_login=last_login,last_logout=last_logout,registered=registered WHERE user_id=".intval($id), $connid);
  725.            unset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection']);
  726.           }
  727.          // auto login:
  728.          if($auto_login==1)
  729.           {
  730.            $result = mysql_query("SELECT auto_login_code FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  731.            $row = mysql_fetch_array($result);
  732.            mysql_free_result($result);
  733.            if(strlen($row['auto_login_code'])!=50)
  734.             {
  735.              $auto_login_code = random_string(50);
  736.             }
  737.            else
  738.             {
  739.              $auto_login_code = $row['auto_login_code'];
  740.             }
  741.            $auto_login_code_cookie = $auto_login_code . intval($id);
  742.            setcookie($settings['session_prefix'].'auto_login',$auto_login_code_cookie,TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
  743.            @mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, auto_login_code='".mysql_real_escape_string($auto_login_code)."' WHERE user_id=".intval($id), $connid);
  744.           }
  745.          else
  746.           {
  747.            setcookie($settings['session_prefix'].'auto_login','',0);
  748.            @mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, auto_login_code='' WHERE user_id=".intval($id), $connid);
  749.           }
  750.  
  751.          @mysql_query("DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($id), $connid);
  752.          if(!empty($user_language)) $_SESSION[$settings['session_prefix'].'usersettings']['language'] = $user_language;
  753.          else unset($_SESSION[$settings['session_prefix'].'usersettings']['language']);
  754.          if(!empty($user_time_zone)) $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'] = $user_time_zone;
  755.          else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']);
  756.          if(!empty($user_time_difference)) $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] = intval($user_time_difference);
  757.          else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']);
  758.          if(!empty($user_theme)) $_SESSION[$settings['session_prefix'].'usersettings']['theme'] = $user_theme;
  759.          else unset($_SESSION[$settings['session_prefix'].'usersettings']['theme']);
  760.          header('Location: index.php?mode=user&action=edit_profile&msg=profile_saved');
  761.          exit;
  762.         }
  763.       }
  764.     break;
  765.     case 'edit_pw':
  766.      if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  767.       {
  768.        $breadcrumbs[0]['link'] = 'index.php?mode=user';
  769.        $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  770.        $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  771.        $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  772.        $smarty->assign('breadcrumbs',$breadcrumbs);
  773.        $smarty->assign('subnav_location','subnav_userarea_edit_pw');
  774.        $smarty->assign('subtemplate','user_edit_pw.inc.tpl');
  775.        $template = 'main.tpl';
  776.       }
  777.     break;
  778.     case 'edit_pw_submitted':
  779.      if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  780.       {
  781.        $user_id = $_SESSION[$settings['session_prefix'].'user_id'];
  782.        $pw_result = mysql_query("SELECT user_pw FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($user_id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  783.        $field = mysql_fetch_array($pw_result);
  784.        mysql_free_result($pw_result);
  785.  
  786.        $old_pw = trim($_POST['old_pw']);
  787.        $new_pw = trim($_POST['new_pw']);
  788.        $new_pw_conf = trim($_POST['new_pw_conf']);
  789.  
  790.        if($old_pw=='' or $new_pw=='' or $new_pw_conf =='') $errors[] = 'error_form_uncomplete';
  791.        else
  792.         {
  793.          if(!is_pw_correct($old_pw,$field['user_pw'])) $errors[] = 'error_old_pw_wrong';
  794.          if($new_pw_conf != $new_pw) $errors[] = 'error_pw_conf_wrong';
  795.          if(my_strlen($new_pw, $lang['charset']) < $settings['min_pw_length']) $errors[] = 'error_new_pw_too_short';
  796.         }
  797.        // Update, if no errors:
  798.        if(empty($errors))
  799.         {
  800.          $pw_hash = generate_pw_hash($new_pw);
  801.          $pw_update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_pw='".mysql_real_escape_string($pw_hash)."', last_login=last_login, registered=registered WHERE user_id=".intval($user_id), $connid);
  802.          header('location: index.php?mode=user&action=edit_profile&msg=pw_changed');
  803.          exit;
  804.         }
  805.        else
  806.         {
  807.          $smarty->assign('errors',$errors);
  808.          $breadcrumbs[0]['link'] = 'index.php?mode=user';
  809.          $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  810.          $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  811.          $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  812.          $smarty->assign('breadcrumbs',$breadcrumbs);
  813.          $smarty->assign('subnav_location','subnav_userarea_edit_pw');
  814.          $smarty->assign('subtemplate','user_edit_pw.inc.tpl');
  815.          $template = 'main.tpl';
  816.         }
  817.       }
  818.     break;
  819.     case 'edit_email':
  820.      if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  821.       {
  822.        $breadcrumbs[0]['link'] = 'index.php?mode=user';
  823.        $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  824.        $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  825.        $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  826.        $smarty->assign('breadcrumbs',$breadcrumbs);
  827.        $smarty->assign('subnav_location','subnav_userarea_edit_mail');
  828.        $smarty->assign('subtemplate','user_edit_email.inc.tpl');
  829.        $template = 'main.tpl';
  830.       }
  831.     break;
  832.     case 'edit_email_submit':
  833.      if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  834.      {
  835.      $new_email = trim($_POST['new_email']);
  836.      $new_email_confirm = trim($_POST['new_email_confirm']);
  837.      $pw_new_email = $_POST['pw_new_email'];
  838.      // Check data:
  839.      $email_result = @mysql_query("SELECT user_id, user_name, user_pw, user_email FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($_SESSION[$settings['session_prefix'].'user_id'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  840.      $data = mysql_fetch_array($email_result);
  841.      mysql_free_result($email_result);
  842.      if($pw_new_email=='' || $new_email=='') $errors[] = 'error_form_uncompl';
  843.      if(empty($errors))
  844.       {
  845.        if($new_email!=$new_email_confirm) $errors[] = 'error_email_confirmation';
  846.        if(my_strlen($new_email, $lang['charset']) > $settings['email_maxlength']) $errors[] = 'error_email_too_long';
  847.        if($new_email == $data['user_email']) $errors[] = 'error_identic_email';
  848.        if(!is_valid_email($new_email)) $errors[] = 'error_email_invalid';
  849.        if(!is_pw_correct($pw_new_email,$data['user_pw'])) $errors[] = 'pw_wrong';
  850.       }
  851.      if(empty($errors))
  852.       {
  853.        $smarty->configLoad($settings['language_file'], 'emails');
  854.        $lang = $smarty->getConfigVars();
  855.        #if($language_file != $settings['language_file']) setlocale(LC_ALL, $lang['locale']);
  856.        $activate_code = random_string(20);
  857.        $activate_code_hash = generate_pw_hash($activate_code);
  858.        // send mail with activation key:
  859.        $lang['edit_address_email_txt'] = str_replace("[name]", $data['user_name'], $lang['edit_address_email_txt']);
  860.        $lang['edit_address_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."index.php?mode=register&id=".$data['user_id']."&key=".$activate_code, $lang['edit_address_email_txt']);
  861.        if(!my_mail($new_email, $lang['edit_address_email_sj'], $lang['edit_address_email_txt'])) $errors[] = 'mail_error';
  862.        if(empty($errors))
  863.         {
  864.          @mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_email='".mysql_real_escape_string($new_email)."', last_login=last_login, registered=registered, activate_code = '".mysql_real_escape_string($activate_code_hash)."' WHERE user_id=".intval($_SESSION[$settings['session_prefix'].'user_id']), $connid) or raise_error('database_error',mysql_error());
  865.          log_out($_SESSION[$settings['session_prefix'].'user_id']);
  866.          header("Location: index.php");
  867.          exit;
  868.         }
  869.       }
  870.      if(isset($errors))
  871.       {
  872.        $smarty->assign('new_user_email',htmlspecialchars($new_email));
  873.        $smarty->assign('errors',$errors);
  874.        $breadcrumbs[0]['link'] = 'index.php?mode=user';
  875.        $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  876.        $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  877.        $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  878.        $smarty->assign('breadcrumbs',$breadcrumbs);
  879.        $smarty->assign('subnav_location','subnav_userarea_edit_mail');
  880.        $smarty->assign('subtemplate','user_edit_email.inc.tpl');
  881.        $template = 'main.tpl';
  882.       }
  883.      }
  884.     break;
  885.    }
  886.  }
  887. else
  888.  {
  889.   header("Location: index.php");
  890.   exit;
  891.  }
  892. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top