API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 8th, 2019
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 49.33 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(!defined('IN_INDEX'))
  3. {
  4. header('Location: ../index.php');
  5. exit;
  6. }
  7.  
  8. // only registered users have access to this section or user area is public:
  9. if(isset($_SESSION[$settings['session_prefix'].'user_id']) || $settings['user_area_public']==1)
  10. {
  11. if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
  12. else $action = 'main';
  13.  
  14. if(isset($_GET['user_lock'])) $action = 'user_lock';
  15. if(isset($_GET['show_user'])) $action = 'show_user';
  16. if(isset($_GET['show_posts'])) $action = 'show_posts';
  17. if(isset($_POST['edit_user_submit'])) $action = 'edit_userdata';
  18. if(isset($_POST['edit_pw_submit'])) $action = 'edit_pw_submitted';
  19. if(isset($_POST['edit_email_submit'])) $action = 'edit_email_submit';
  20.  
  21. if(isset($_REQUEST['id'])) $id = $_REQUEST['id'];
  22.  
  23. switch($action)
  24. {
  25. case 'main':
  26. if(isset($_GET['search_user']) && trim($_GET['search_user'])!='') $search_user = trim($_GET['search_user']);
  27.  
  28. // count users and pages:
  29. if(isset($search_user))
  30. {
  31. $user_count_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table']." WHERE activate_code='' AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%'", $connid);
  32. }
  33. else
  34. {
  35. $user_count_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_table']." WHERE activate_code=''", $connid);
  36. }
  37. list($total_users) = mysql_fetch_row($user_count_result);
  38. mysql_free_result($user_count_result);
  39. $total_pages = ceil($total_users / $settings['users_per_page']);
  40.  
  41. // who is online:
  42. if($settings['count_users_online']>0)
  43. {
  44. $useronline_result = mysql_query("SELECT ".$db_settings['userdata_table'].".user_name, ".$db_settings['useronline_table'].".user_id
  45. FROM ".$db_settings['useronline_table']."
  46. LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['useronline_table'].".user_id
  47. WHERE ".$db_settings['useronline_table'].".user_id > 0
  48. ORDER BY user_name ASC", $connid) or raise_error('database_error',mysql_error());
  49. $i=0;
  50. while($uid_field = mysql_fetch_array($useronline_result))
  51. {
  52. $useronline_array[] = $uid_field['user_id'];
  53. $users_online[$i]['id'] = $uid_field['user_id'];
  54. $users_online[$i]['name'] = htmlspecialchars($uid_field['user_name']);
  55. ++$i;
  56. }
  57. mysql_free_result($useronline_result);
  58. }
  59.  
  60. if(isset($users_online)) $smarty->assign('users_online',$users_online);
  61.  
  62. if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1;
  63. if($page > $total_pages) $page = $total_pages;
  64. if($page < 1) $page = 1;
  65.  
  66. if(isset($_GET['order'])) $order = $_GET['order']; else $order='user_name';
  67. #if($order!='user_id' && $order!='user_name' && $order!='user_email' && $order!='user_type' && $order!='registered' && $order!='logins' && $order!='last_login' && $order!='user_lock' && $order!='postings' && $order!='user_hp' && $order!='email_contact' && $order!='online') $order='user_name';
  68. if($order!='user_id' && $order!='user_name' && $order!='user_email' && $order!='user_type' && $order!='registered' && $order!='logins' && $order!='last_login' && $order!='user_lock' && $order!='user_hp' && $order!='email_contact' && $order!='online') $order='user_name';
  69. if($order=='user_lock' && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']<1)) $order='user_name';
  70. if(isset($_GET['descasc'])) $descasc = $_GET['descasc']; else $descasc = "ASC";
  71. if($descasc!='DESC' && $descasc!='ASC') $descasc = 'ASC';
  72.  
  73. $ul = ($page-1) * $settings['users_per_page'];
  74.  
  75. // get userdata:
  76. #if($categories!=false) $category_query_add = ' AND '.$db_settings['forum_table'].'.category IN ('.$category_ids_query.')';
  77. $category_query_add = '';
  78.  
  79. if(isset($search_user))
  80. {
  81. /*
  82. $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, count(".$db_settings['forum_table'].".id) AS postings
  83. FROM ".$db_settings['userdata_table']."
  84. LEFT JOIN ".$db_settings['forum_table']." ON ".$db_settings['forum_table'].".user_id=".$db_settings['userdata_table'].".user_id
  85. WHERE activate_code=''".$category_query_add." AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%'
  86. GROUP BY ".$db_settings['userdata_table'].".user_id
  87. ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  88. */
  89. $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, user_real_name
  90. FROM ".$db_settings['userdata_table']."
  91. WHERE activate_code=''".$category_query_add." AND lower(user_name) LIKE '%".mysql_real_escape_string(my_strtolower($search_user, $lang['charset']))."%'
  92. ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  93. }
  94. else
  95. {
  96. /*
  97. $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, count(".$db_settings['forum_table'].".id) AS postings
  98. FROM ".$db_settings['userdata_table']."
  99. LEFT JOIN ".$db_settings['forum_table']." ON ".$db_settings['forum_table'].".user_id=".$db_settings['userdata_table'].".user_id
  100. WHERE activate_code=''".$category_query_add."
  101. GROUP BY ".$db_settings['userdata_table'].".user_id
  102. ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  103. */
  104. $result = @mysql_query("SELECT ".$db_settings['userdata_table'].".user_id, user_name, user_type, user_email, email_contact, user_hp, user_lock, user_real_name
  105. FROM ".$db_settings['userdata_table']."
  106. WHERE activate_code=''".$category_query_add."
  107. ORDER BY ".$order." ".$descasc." LIMIT ".$ul.", ".$settings['users_per_page'], $connid) or raise_error('database_error',mysql_error());
  108.  
  109. }
  110. #$result_count = mysql_num_rows($result);
  111. $i=0;
  112. while($row = mysql_fetch_array($result))
  113. {
  114. $userdata[$i]['user_id'] = $row['user_id'];
  115. $userdata[$i]['user_name'] = htmlspecialchars($row['user_name']);
  116. $userdata[$i]['user_real_name'] = htmlspecialchars($row['user_real_name']);
  117. #$userdata[$i]['email_contact'] = $row['email_contact'];
  118. if($row['email_contact']==1) $userdata[$i]['user_email'] = TRUE;
  119. $userdata[$i]['user_hp'] = htmlspecialchars($row['user_hp']);
  120. if(trim($userdata[$i]['user_hp'])!='')
  121. {
  122. $userdata[$i]['user_hp'] = add_http_if_no_protocol($userdata[$i]['user_hp']);
  123. }
  124. $userdata[$i]['user_type'] = $row['user_type'];
  125. $userdata[$i]['user_lock'] = $row['user_lock'];
  126. // count postings:
  127. #if($categories==false) $count_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($row['user_id']), $connid);
  128. #else $count_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".intval($row['user_id'])." AND category IN (".$category_ids_query.")", $connid);
  129. #list($postings) = mysql_fetch_row($count_result);
  130. #mysql_free_result($count_result);
  131. #$userdata[$i]['postings'] = $postings;
  132. #$userdata[$i]['postings'] = $row['postings'];
  133. // is user online:
  134. #if(isset($useronline_array) && in_array($row['user_id'], $useronline_array))
  135. # {
  136. # $userdata[$i]['online'] = TRUE;
  137. # }
  138. #$userdata[$i]['online'] = $row['online'];
  139. $i++;
  140. }
  141. mysql_free_result($result);
  142.  
  143. $smarty->assign('pagination', pagination($total_pages,$page,3));
  144.  
  145. if(isset($userdata)) $smarty->assign('userdata',$userdata);
  146. #$smarty->assign('page',$page);
  147. $smarty->assign('total_users',$total_users);
  148. #$smarty->assign('total_pages',$total_pages);
  149. #$smarty->assign('previous_page',$previous_page);
  150. #$smarty->assign('next_page',$next_page);
  151.  
  152. if(isset($search_user))
  153. {
  154. $smarty->assign('search_user',htmlspecialchars($search_user));
  155. $smarty->assign('search_user_encoded',urlencode($search_user));
  156. }
  157. $smarty->assign('order',$order);
  158. $smarty->assign('descasc',$descasc);
  159. $smarty->assign('ul',$ul);
  160. $smarty->assign('page',$page);
  161. $smarty->assign('subnav_location','subnav_userarea');
  162. $smarty->assign('subtemplate','user.inc.tpl');
  163. $template = 'main.tpl';
  164. break;
  165. case 'user_lock':
  166. if(isset($_GET['page']))
  167. {
  168. $page = intval($_GET['page']);
  169. if($page < 1) $page = 1;
  170. $order = urlencode($_GET['order']);
  171. $descasc = urlencode($_GET['descasc']);
  172. if(isset($_GET['search_user'])) $search_user_q = '&search_user='.urlencode($_GET['search_user']);
  173. else $search_user_q = '';
  174. }
  175. if(isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type']==1 || $_SESSION[$settings['session_prefix'].'user_type']==2))
  176. {
  177. $lock_result = @mysql_query("SELECT user_type, user_lock FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($_GET['user_lock'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  178. $field = mysql_fetch_array($lock_result);
  179. mysql_free_result($lock_result);
  180. if($field['user_type']==0)
  181. {
  182. if($field['user_lock'] == 0) $new_lock = 1; else $new_lock = 0;
  183. @mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_lock='".$new_lock."', last_login=last_login, registered=registered WHERE user_id='".intval($_GET['user_lock'])."' LIMIT 1", $connid);
  184. }
  185. }
  186. if(isset($_GET['page'])) header('Location: index.php?mode=user'.$search_user_q.'&page='.$page.'&order='.$order.'&descasc='.$descasc);
  187. else header('Location: index.php?mode=user&show_user='.intval($_GET['user_lock']));
  188. exit;
  189. break;
  190. case 'show_user':
  191. $id = intval($_GET['show_user']);
  192.  
  193. $result = mysql_query("SELECT user_id, user_type, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, profile, cache_profile, logins, UNIX_TIMESTAMP(registered) AS registered, UNIX_TIMESTAMP(registered + INTERVAL ".$time_difference." MINUTE) AS user_registered, UNIX_TIMESTAMP(last_login + INTERVAL ".$time_difference." MINUTE) AS user_last_login, user_lock
  194. FROM ".$db_settings['userdata_table']."
  195. LEFT JOIN ".$db_settings['userdata_cache_table']." ON ".$db_settings['userdata_cache_table'].".cache_id=".$db_settings['userdata_table'].".user_id
  196. WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  197.  
  198. if(mysql_num_rows($result)==1)
  199. {
  200. $row = mysql_fetch_array($result);
  201. #mysql_free_result($result);
  202. // count postings:
  203. $count_postings_result = mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id, $connid);
  204. list($postings) = mysql_fetch_row($count_postings_result);
  205. mysql_free_result($count_postings_result);
  206. // last posting:
  207. if($categories==false) $result = mysql_query("SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." ORDER BY time DESC LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  208. else $result = mysql_query("SELECT id, subject, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.") ORDER BY time DESC LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  209. $last_posting = mysql_fetch_array($result);
  210. mysql_free_result($result);
  211.  
  212. $user_name = htmlspecialchars($row['user_name']);
  213.  
  214. $year = my_substr($row['birthday'], 0, 4, $lang['charset']);
  215. $month = my_substr($row['birthday'], 5, 2, $lang['charset']);
  216. $day = my_substr($row['birthday'], 8, 2, $lang['charset']);
  217.  
  218. $ystr = strrev(intval(strftime("%Y%m%d"))-intval($year.$month.$day));
  219. $years = intval(strrev(my_substr($ystr,4,my_strlen($ystr,$lang['charset']),$lang['charset'])));
  220.  
  221. $smarty->assign('p_user_id', $row['user_id']);
  222. $smarty->assign('user_name', $user_name);
  223. $smarty->assign('p_user_type', $row['user_type']);
  224. $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name']));
  225. $smarty->assign('gender', $row['gender']);
  226. if($day!=0&&$month!=0&&$year!=0)
  227. {
  228. $birthdate['day'] = $day;
  229. $birthdate['month'] = $month;
  230. $birthdate['year'] = $year;
  231. $smarty->assign('birthdate', $birthdate);
  232. $smarty->assign('years',$years);
  233. }
  234. if($row['email_contact']==1) $smarty->assign('user_email',TRUE);
  235. if(trim($row['user_hp'])!='')
  236. {
  237. $row['user_hp'] = add_http_if_no_protocol($row['user_hp']);
  238. }
  239. $smarty->assign('user_hp', htmlspecialchars($row['user_hp']));
  240. $smarty->assign('user_location', htmlspecialchars($row['user_location']));
  241. $smarty->assign('user_registered', format_time($lang['time_format'],$row['user_registered']));
  242. if($row['user_registered']!=$row['user_last_login']) $smarty->assign('user_last_login', format_time($lang['time_format'],$row['user_last_login']));
  243. $smarty->assign('postings', $postings);
  244. if($postings>0) $smarty->assign('postings_percent', number_format($postings/$total_postings*100,1));
  245. else $smarty->assign('postings_percent', 0);
  246. $smarty->assign('logins', $row['logins']);
  247. $days_registered = (TIMESTAMP - $row['registered'])/86400;
  248. if($days_registered<1) $days_registered=1;
  249. $smarty->assign('logins_per_day',number_format($row['logins']/$days_registered,2));
  250. $smarty->assign('postings_per_day',number_format($postings/$days_registered,2));
  251. $smarty->assign('last_posting_id',$last_posting['id']);
  252. $smarty->assign('last_posting_time',$last_posting['disp_time']);
  253. $smarty->assign('last_posting_subject',htmlspecialchars($last_posting['subject']));
  254.  
  255. if($settings['avatars']>0)
  256. {
  257. if(file_exists('images/avatars/'.$id.'.jpg')) $avatar['image'] = 'images/avatars/'.$id.'.jpg';
  258. elseif(file_exists('images/avatars/'.$id.'.png')) $avatar['image'] = 'images/avatars/'.$id.'.png';
  259. elseif(file_exists('images/avatars/'.$id.'.gif')) $avatar['image'] = 'images/avatars/'.$id.'.gif';
  260. if(isset($avatar))
  261. {
  262. $image_info = getimagesize($avatar['image']);
  263. $avatar['width'] = $image_info[0];
  264. $avatar['height'] = $image_info[1];
  265. $smarty->assign('avatar', $avatar);
  266. }
  267. }
  268.  
  269. if($row['profile']!='' && $row['cache_profile']=='')
  270. {
  271. // no cached profile so parse it and cache it:
  272. $profile=html_format($row['profile']);
  273.  
  274. // check if there's already a cached record for this user_id
  275. list($row_count) = @mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($row['user_id']), $connid));
  276. if($row_count==1)
  277. {
  278. // there's already a record (cached signature) so update it:
  279. @mysql_query("UPDATE ".$db_settings['userdata_cache_table']." SET cache_profile='".mysql_real_escape_string($profile)."' WHERE cache_id=".intval($row['user_id']), $connid);
  280. }
  281. else
  282. {
  283. // prevent double entries (probably not really necessary because we already counted the records):
  284. @mysql_query("DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($row['user_id']), $connid);
  285. // insert cached profile:
  286. @mysql_query("INSERT INTO ".$db_settings['userdata_cache_table']." (cache_id, cache_signature, cache_profile) VALUES (".intval($row['user_id']).",'','".mysql_real_escape_string($profile)."')", $connid);
  287. }
  288. }
  289. elseif($row['profile']=='')
  290. {
  291. $profile='';
  292. }
  293. else
  294. {
  295. // there's already a cached profile so just take it without any parsing:
  296. $profile = $row['cache_profile'];
  297. }
  298.  
  299. #$profile=nl2br(htmlspecialchars($row['profile']));
  300. #if($settings['autolink'] == 1) $profile = make_link($profile);
  301. #if($settings['bbcode'] == 1) $profile = bbcode($profile);
  302. #if($settings['smilies'] == 1) $profile = smilies($profile);
  303. $smarty->assign('profile', $profile);
  304. if($row['user_lock']==1) $smarty->assign('user_is_locked', true);
  305. else $smarty->assign('user_is_locked', false);
  306. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  307. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  308. $smarty->assign('breadcrumbs',$breadcrumbs);
  309. $smarty->assign('subnav_location','subnav_userarea_show_user');
  310. $smarty->assign('subnav_location_var',$user_name);
  311. }
  312. else
  313. {
  314. $subnav_link = array('mode'=>'index', 'title'=>'forum_index_link_title', 'name'=>'forum_index_link');
  315. $smarty->assign('subnav_link',$subnav_link);
  316. }
  317. $smarty->assign('subtemplate','user_profile.inc.tpl');
  318. $template = 'main.tpl';
  319. break;
  320. case 'show_posts':
  321. $id = intval($_GET['id']);
  322. $result = mysql_query("SELECT user_id, user_name
  323. FROM ".$db_settings['userdata_table']."
  324. WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  325. $row = mysql_fetch_array($result);
  326. mysql_free_result($result);
  327.  
  328. $user_name = htmlspecialchars($row['user_name']);
  329.  
  330. // count postings:
  331. if($categories==false) $count_postings_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id, $connid);
  332. else $count_postings_result = @mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.")", $connid);
  333. list($user_postings_count) = mysql_fetch_row($count_postings_result);
  334. mysql_free_result($count_postings_result);
  335.  
  336. $total_pages = ceil($user_postings_count / $settings['search_results_per_page']);
  337. if(isset($_GET['page'])) $page = intval($_GET['page']); else $page = 1;
  338. if($page < 1) $page = 1;
  339. if($page > $total_pages) $page = $total_pages;
  340. $ul = ($page-1) * $settings['search_results_per_page'];
  341.  
  342. $smarty->assign('pagination', pagination($total_pages,$page,3));
  343.  
  344. if($user_postings_count>0)
  345. {
  346. if($categories==false) $result = @mysql_query("SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." ORDER BY time DESC LIMIT ".$ul.", ".$settings['search_results_per_page'], $connid);
  347. else $result = @mysql_query("SELECT id, pid, tid, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, UNIX_TIMESTAMP(last_reply) AS last_reply, subject, category, marked, sticky FROM ".$db_settings['forum_table']." WHERE user_id = ".$id." AND category IN (".$category_ids_query.") ORDER BY time DESC LIMIT ".$ul.", ".$settings['search_results_per_page'], $connid);
  348. $i=0;
  349. while($row = mysql_fetch_array($result))
  350. {
  351. $user_postings_data[$i]['id'] = intval($row['id']);
  352. $user_postings_data[$i]['pid'] = intval($row['pid']);
  353. $user_postings_data[$i]['name'] = $user_name;
  354. $user_postings_data[$i]['subject'] = htmlspecialchars($row['subject']);
  355. $user_postings_data[$i]['disp_time'] = $row['disp_time'];
  356. if(isset($categories[$row['category']]) && $categories[$row['category']]!='')
  357. {
  358. $user_postings_data[$i]['category']=$row["category"];
  359. $user_postings_data[$i]['category_name']=$categories[$row["category"]];
  360. }
  361. $i++;
  362. }
  363. mysql_free_result($result);
  364. }
  365. if(isset($user_postings_data)) $smarty->assign('user_postings_data',$user_postings_data);
  366. $smarty->assign('user_postings_count',$user_postings_count);
  367. $smarty->assign('action','show_posts');
  368. $smarty->assign('id',$id);
  369.  
  370. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  371. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  372. $smarty->assign('breadcrumbs',$breadcrumbs);
  373. $smarty->assign('subnav_location','subnav_userarea_show_posts');
  374. $smarty->assign('subnav_location_var',$user_name);
  375. $smarty->assign('subtemplate','user_postings.inc.tpl');
  376. $template = 'main.tpl';
  377. break;
  378. case 'edit_profile':
  379. if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  380. {
  381. $id = $_SESSION[$settings['session_prefix'].'user_id'];
  382. $result = mysql_query("SELECT user_id, user_name, user_real_name, gender, birthday, user_email, email_contact, user_hp, user_location, signature, profile, new_posting_notification, new_user_notification, auto_login_code, language, time_zone, time_difference, theme FROM ".$db_settings['userdata_table']." WHERE user_id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  383. $row = mysql_fetch_array($result);
  384. mysql_free_result($result);
  385. if(trim($row['birthday']) == '' || $row['birthday']=='0000-00-00') $user_birthday = '';
  386. else
  387. {
  388. $year = my_substr($row['birthday'], 0, 4, $lang['charset']);
  389. $month = my_substr($row['birthday'], 5, 2, $lang['charset']);
  390. $day = my_substr($row['birthday'], 8, 2, $lang['charset']);
  391. $user_birthday = $year.'-'.$month.'-'.$day;
  392. }
  393.  
  394. if(isset($category_selection)) $smarty->assign('category_selection',$category_selection);
  395.  
  396. // time zones:
  397. if(function_exists('date_default_timezone_set') && $time_zones = get_timezones())
  398. {
  399. $smarty->assign('user_time_zone', htmlspecialchars($row['time_zone']));
  400. $smarty->assign('time_zones', $time_zones);
  401. if(!empty($settings['time_zone'])) $smarty->assign('default_time_zone', $settings['time_zone']);
  402. }
  403.  
  404. $languages = get_languages(true);
  405. if(isset($languages) && count($languages)>1)
  406. {
  407. $smarty->assign('user_language', htmlspecialchars($row['language']));
  408. $smarty->assign('languages', $languages);
  409. foreach($languages as $l)
  410. {
  411. if($l['identifier']==$settings['language_file'])
  412. {
  413. $default_language = $l['title'];
  414. $smarty->assign('default_language', $default_language);
  415. break;
  416. }
  417. }
  418. }
  419.  
  420. $themes = get_themes(true);
  421. if(isset($themes) && count($themes)>1)
  422. {
  423. $smarty->assign('user_theme', htmlspecialchars($row['theme']));
  424. $smarty->assign('themes', $themes);
  425. foreach($themes as $t)
  426. {
  427. if($t['identifier']==$settings['theme'])
  428. {
  429. $default_theme = $t['title'];
  430. $smarty->assign('default_theme', $default_theme);
  431. break;
  432. }
  433. }
  434. }
  435.  
  436. if($row['time_difference']<0) $time_difference_hours = ceil($row['time_difference']/60);
  437. else $time_difference_hours = floor($row['time_difference']/60);
  438. $time_difference_minutes = abs($row['time_difference']-$time_difference_hours*60);
  439. if($time_difference_minutes<10) $time_difference_minutes = '0'.$time_difference_minutes;
  440. if(intval($row['time_difference'])>0) $user_time_difference = '+'.$time_difference_hours;
  441. else $user_time_difference = $time_difference_hours;
  442. if($time_difference_minutes>0) $user_time_difference .= ':'.$time_difference_minutes;
  443. $smarty->assign('user_time_difference', $user_time_difference);
  444.  
  445. #$smarty->assign('default_forum_time', format_time($lang['time_format'],TIMESTAMP+intval($settings['time_difference'])*60));
  446. if(isset($_GET['msg'])) $smarty->assign('msg',$_GET['msg']);
  447. $smarty->assign('user_name', htmlspecialchars($row['user_name']));
  448. $smarty->assign('user_real_name', htmlspecialchars($row['user_real_name']));
  449. $smarty->assign('user_gender', $row['gender']);
  450. $smarty->assign('user_birthday', $user_birthday);
  451. $smarty->assign('user_email',htmlspecialchars($row['user_email']));
  452. $smarty->assign('email_contact',$row['email_contact']);
  453. $smarty->assign('user_hp', htmlspecialchars($row['user_hp']));
  454. $smarty->assign('user_location', htmlspecialchars($row['user_location']));
  455. $profile=htmlspecialchars($row['profile']);
  456. $smarty->assign('profile', htmlspecialchars($row['profile']));
  457. $smarty->assign('signature', htmlspecialchars($row['signature']));
  458. if($row['auto_login_code']!='') $smarty->assign('auto_login', 1);
  459. else $smarty->assign('auto_login', 0);
  460.  
  461. if($settings['avatars']>0)
  462. {
  463. if(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.jpg')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.jpg';
  464. elseif(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.png')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.png';
  465. elseif(file_exists('images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.gif')) $avatar['image'] = 'images/avatars/'.$_SESSION[$settings['session_prefix'].'user_id'].'.gif';
  466.  
  467. if(isset($avatar))
  468. {
  469. $image_info = getimagesize($avatar['image']);
  470. $avatar['width'] = $image_info[0];
  471. $avatar['height'] = $image_info[1];
  472. $smarty->assign('avatar', $avatar);
  473. }
  474. }
  475.  
  476. if($_SESSION[$settings['session_prefix'].'user_type']==1||$_SESSION[$settings['session_prefix'].'user_type']==2)
  477. {
  478. $smarty->assign('new_posting_notification', $row['new_posting_notification']);
  479. $smarty->assign('new_user_notification', $row['new_user_notification']);
  480. }
  481.  
  482. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  483. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  484. $smarty->assign('breadcrumbs',$breadcrumbs);
  485. $smarty->assign('subnav_location','subnav_userarea_edit_user');
  486. $smarty->assign('subtemplate','user_edit.inc.tpl');
  487. $template = 'main.tpl';
  488. }
  489. break;
  490. case 'edit_userdata':
  491. if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  492. {
  493. $id = $_SESSION[$settings['session_prefix'].'user_id'];
  494. if(empty($_POST['email_contact'])) $email_contact = 0;
  495. else $email_contact = 1;
  496. $user_hp = trim($_POST['user_hp']);
  497. $user_real_name = trim($_POST['user_real_name']);
  498. $user_birthday = trim($_POST['user_birthday']);
  499. if(isset($_POST['user_gender'])) $gender = intval($_POST['user_gender']);
  500. else $gender=0;
  501. if($gender!=0&&$gender!=1&&$gender!=2) $gender=0;
  502. $user_location = trim($_POST['user_location']);
  503. $profile = trim($_POST['profile']);
  504. $signature = trim($_POST['signature']);
  505.  
  506. // time zone:
  507. $user_time_zone = '';
  508. if(isset($_POST['user_time_zone']) && $_POST['user_time_zone']!='' && function_exists('date_default_timezone_set') && $time_zones = get_timezones())
  509. {
  510. if(in_array($_POST['user_time_zone'], $time_zones)) $user_time_zone = $_POST['user_time_zone'];
  511. }
  512.  
  513. // time difference:
  514. $user_time_difference = isset($_POST['user_time_difference']) ? trim($_POST['user_time_difference']) : '';
  515. if(isset($user_time_difference[0]) && $user_time_difference[0]=='-') $negative = true;
  516. $user_time_difference_array = explode(':',$_POST['user_time_difference']);
  517. $hours_difference = abs(intval($user_time_difference_array[0]));
  518. if($hours_difference<-24 || $hours_difference>24) $hours_difference = 0;
  519. if(isset($user_time_difference_array[1])) $minutes_difference = intval($user_time_difference_array[1]);
  520. if(isset($minutes_difference))
  521. {
  522. if($minutes_difference<0 || $minutes_difference>59) $minutes_difference = 0;
  523. }
  524. else
  525. {
  526. $minutes_difference = 0;
  527. }
  528. if(isset($negative))
  529. {
  530. $user_time_difference = 0 - ($hours_difference*60 + $minutes_difference);
  531. }
  532. else $user_time_difference = $hours_difference*60 + $minutes_difference;
  533.  
  534. // language:
  535. $user_language = '';
  536. if(isset($_POST['user_language']) && trim($_POST['user_language'])!='')
  537. {
  538. $languages = get_languages();
  539. if(isset($languages) && count($languages)>1)
  540. {
  541. if(in_array($_POST['user_language'], $languages))
  542. {
  543. $user_language = $_POST['user_language'];
  544. }
  545. }
  546. }
  547.  
  548. // theme:
  549. $user_theme = '';
  550. if(isset($_POST['user_theme']) && trim($_POST['user_theme'])!='')
  551. {
  552. $themes = get_themes();
  553. if(isset($themes) && count($themes)>1)
  554. {
  555. if(in_array($_POST['user_theme'], $themes))
  556. {
  557. $user_theme = $_POST['user_theme'];
  558. }
  559. }
  560. }
  561.  
  562. if(isset($_POST['user_view'])) $user_view = intval($_POST['user_view']); else $user_view=0;
  563. if($user_view!=0&&$user_view!=1&&$user_view!=2) $user_view = 0;
  564. if($_SESSION[$settings['session_prefix'].'user_type']==1||$_SESSION[$settings['session_prefix'].'user_type']==2)
  565. {
  566. if(isset($_POST['new_posting_notification']) && $_SESSION[$settings['session_prefix'].'user_type']>0) $new_posting_notification = intval($_POST['new_posting_notification']);
  567. else $new_posting_notification = 0;
  568. if($new_posting_notification!=0&&$new_posting_notification!=1) $new_posting_notification=0;
  569. if(isset($_POST['new_user_notification']) && $_SESSION[$settings['session_prefix'].'user_type']>0) $new_user_notification = intval($_POST['new_user_notification']);
  570. else $new_user_notification = 0;
  571. if($new_user_notification!=0&&$new_user_notification!=1) $new_user_notification=0;
  572. }
  573. else
  574. {
  575. $new_posting_notification = 0;
  576. $new_user_notification = 0;
  577. }
  578.  
  579. if($settings['autologin']==1 && isset($_POST['auto_login']) && intval($_POST['auto_login'])==1)
  580. {
  581. $auto_login = 1;
  582. }
  583. else
  584. {
  585. $auto_login = 0;
  586. }
  587.  
  588. // check posted data:
  589. if(my_strlen($user_hp,$lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long';
  590. if(my_strlen($user_real_name,$lang['charset']) > $settings['name_maxlength']) $errors[] = 'error_name_too_long';
  591. if(isset($user_hp) && $user_hp != '' && !is_valid_url($user_hp)) $errors[] = 'error_hp_wrong';
  592.  
  593. if(isset($_POST['category_selection']) && is_array($_POST['category_selection']))
  594. {
  595. $filtered_category_selection = filter_category_selection($_POST['category_selection'], $category_ids);
  596. if(count($filtered_category_selection)>0) $category_selection_db = implode(',',$filtered_category_selection);
  597. }
  598.  
  599. // birthday check:
  600. if($user_birthday!='')
  601. {
  602. if(is_valid_birthday($user_birthday))
  603. {
  604. $year = intval(my_substr($user_birthday, 0, 4, $lang['charset']));
  605. $month = intval(my_substr($user_birthday, 5, 2, $lang['charset']));
  606. $day = intval(my_substr($user_birthday, 8, 2, $lang['charset']));
  607. $birthday = $year.'-'.$month.'-'.$day;
  608. }
  609. else $errors[] = 'error_invalid_date';
  610. }
  611. if(empty($birthday)) $birthday = '0000-00-00';
  612.  
  613. if(my_strlen($user_hp,$lang['charset']) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long';
  614. if(my_strlen($user_location,$lang['charset']) > $settings['location_maxlength']) $errors[] = 'error_location_too_long';
  615. $smarty->assign('profil_length',my_strlen($profile, $lang['charset']));
  616. if(my_strlen($profile, $lang['charset']) > $settings['profile_maxlength']) $errors[] = 'error_profile_too_long';
  617. $smarty->assign('signature_length',my_strlen($signature, $lang['charset']));
  618. if(my_strlen($signature, $lang['charset']) > $settings['signature_maxlength']) $errors[] = 'error_signature_too_long';
  619.  
  620. // check for too long words:
  621. $too_long_word = too_long_word($user_real_name,$settings['name_word_maxlength']);
  622. if($too_long_word) $errors[] = 'error_word_too_long';
  623.  
  624. if(empty($too_long_word))
  625. {
  626. $too_long_word = too_long_word($user_location,$settings['location_word_maxlength']);
  627. if($too_long_word) $errors[] = 'error_word_too_long';
  628. }
  629.  
  630. $profile_check = html_format($profile);
  631. $profile_check = strip_tags($profile_check);
  632. if(empty($too_long_word))
  633. {
  634. $too_long_word = too_long_word($profile_check,$settings['text_word_maxlength']);
  635. if($too_long_word) $errors[] = 'error_word_too_long';
  636. }
  637.  
  638. $signature_check = signature_format($signature);
  639. $signature_check = strip_tags($signature_check);
  640. if(empty($too_long_word))
  641. {
  642. $too_long_word = too_long_word($signature_check,$settings['text_word_maxlength']);
  643. if($too_long_word) $errors[] = 'error_word_too_long';
  644. }
  645.  
  646. // check for not accepted words:
  647. $joined_message = my_strtolower($user_real_name.' '.$user_hp.' '.$profile.' '.$signature, $lang['charset']);
  648. $not_accepted_words = get_not_accepted_words($joined_message);
  649. if($not_accepted_words!=false)
  650. {
  651. $not_accepted_words_listing = implode(', ',$not_accepted_words);
  652. if(count($not_accepted_words)==1)
  653. {
  654. $smarty->assign('not_accepted_word',htmlspecialchars($not_accepted_words_listing));
  655. $errors[] = 'error_not_accepted_word';
  656. }
  657. else
  658. {
  659. $smarty->assign('not_accepted_words',htmlspecialchars($not_accepted_words_listing));
  660. $errors[] = 'error_not_accepted_words';
  661. }
  662. }
  663.  
  664. if(isset($errors))
  665. {
  666. $smarty->assign('errors', $errors);
  667. $result = mysql_query("SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  668. $row = mysql_fetch_array($result);
  669. mysql_free_result($result);
  670. // timezones:
  671. if(function_exists('date_default_timezone_set') && $time_zones = get_timezones())
  672. {
  673. $smarty->assign('time_zones', $time_zones);
  674. $smarty->assign('user_time_zone', htmlspecialchars($user_time_zone));
  675. }
  676. // languages:
  677. $languages = get_languages(true);
  678. if(isset($languages) && count($languages)>1)
  679. {
  680. $smarty->assign('languages', $languages);
  681. $smarty->assign('user_language', htmlspecialchars($user_language));
  682. }
  683. // themes:
  684. $themes = get_themes(true);
  685. if(isset($themes) && count($themes)>1)
  686. {
  687. $smarty->assign('themes', $themes);
  688. $smarty->assign('user_theme', htmlspecialchars($user_theme));
  689. }
  690. if(isset($too_long_word)) $smarty->assign('word',$too_long_word);
  691. $smarty->assign('user_name', htmlspecialchars($row['user_name']));
  692. $smarty->assign('user_email', htmlspecialchars($row['user_email']));
  693. $smarty->assign('email_contact', $email_contact);
  694. $smarty->assign('user_hp', htmlspecialchars($user_hp));
  695. $smarty->assign('user_real_name', htmlspecialchars($user_real_name));
  696. $smarty->assign('user_gender', $gender);
  697. $smarty->assign('user_birthday', htmlspecialchars($user_birthday));
  698. $smarty->assign('user_location', htmlspecialchars($user_location));
  699. $smarty->assign('profile', htmlspecialchars($profile));
  700. $smarty->assign('signature', htmlspecialchars($signature));
  701. if(isset($_POST['user_time_difference'])) $smarty->assign('user_time_difference', htmlspecialchars($_POST['user_time_difference']));
  702. #$smarty->assign('user_view', $user_view);
  703. $smarty->assign('auto_login', $auto_login);
  704. $smarty->assign('new_posting_notification', $new_posting_notification);
  705. $smarty->assign('new_user_notification', $new_user_notification);
  706. if(isset($_POST['category_selection']) && is_array($_POST['category_selection'])) $smarty->assign('category_selection', $_POST['category_selection']);
  707. $smarty->assign('time_difference_array',$user_time_difference_array);
  708. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  709. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  710. $smarty->assign('breadcrumbs',$breadcrumbs);
  711. $smarty->assign('subnav_location','subnav_userarea_edit_user');
  712. $smarty->assign('subtemplate','user_edit.inc.tpl');
  713. $template = 'main.tpl';
  714. }
  715. else
  716. {
  717. if(isset($category_selection_db))
  718. {
  719. @mysql_query("UPDATE ".$db_settings['userdata_table']." SET email_contact=".intval($email_contact).", user_hp='".mysql_real_escape_string($user_hp)."', user_real_name='".mysql_real_escape_string($user_real_name)."', gender=".intval($gender).", birthday='".mysql_real_escape_string($birthday)."', user_location='".mysql_real_escape_string($user_location)."', profile='".mysql_real_escape_string($profile)."', signature='".mysql_real_escape_string($signature)."', user_view=".intval($user_view).", new_posting_notification=".intval($new_posting_notification).", new_user_notification=".intval($new_user_notification).", category_selection='".mysql_real_escape_string($category_selection_db)."', language='".mysql_real_escape_string($user_language)."', time_zone='".mysql_real_escape_string($user_time_zone)."', time_difference=".intval($user_time_difference).", theme='".mysql_real_escape_string($user_theme)."', last_login=last_login,last_logout=last_logout,registered=registered WHERE user_id=".intval($id), $connid);
  720. $_SESSION[$settings['session_prefix'].'usersettings']['category_selection'] = $filtered_category_selection;
  721. }
  722. else
  723. {
  724. @mysql_query("UPDATE ".$db_settings['userdata_table']." SET email_contact=".intval($email_contact).", user_hp='".mysql_real_escape_string($user_hp)."', user_real_name='".mysql_real_escape_string($user_real_name)."', gender=".intval($gender).", birthday='".mysql_real_escape_string($birthday)."', user_location='".mysql_real_escape_string($user_location)."', profile='".mysql_real_escape_string($profile)."', signature='".mysql_real_escape_string($signature)."', user_view=".intval($user_view).", new_posting_notification=".intval($new_posting_notification).", new_user_notification=".intval($new_user_notification).", category_selection=NULL, language='".mysql_real_escape_string($user_language)."', time_zone='".mysql_real_escape_string($user_time_zone)."', time_difference=".intval($user_time_difference).", theme='".mysql_real_escape_string($user_theme)."', last_login=last_login,last_logout=last_logout,registered=registered WHERE user_id=".intval($id), $connid);
  725. unset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection']);
  726. }
  727. // auto login:
  728. if($auto_login==1)
  729. {
  730. $result = mysql_query("SELECT auto_login_code FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  731. $row = mysql_fetch_array($result);
  732. mysql_free_result($result);
  733. if(strlen($row['auto_login_code'])!=50)
  734. {
  735. $auto_login_code = random_string(50);
  736. }
  737. else
  738. {
  739. $auto_login_code = $row['auto_login_code'];
  740. }
  741. $auto_login_code_cookie = $auto_login_code . intval($id);
  742. setcookie($settings['session_prefix'].'auto_login',$auto_login_code_cookie,TIMESTAMP+(3600*24*$settings['cookie_validity_days']));
  743. @mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, auto_login_code='".mysql_real_escape_string($auto_login_code)."' WHERE user_id=".intval($id), $connid);
  744. }
  745. else
  746. {
  747. setcookie($settings['session_prefix'].'auto_login','',0);
  748. @mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=last_logout, registered=registered, auto_login_code='' WHERE user_id=".intval($id), $connid);
  749. }
  750.  
  751. @mysql_query("DELETE FROM ".$db_settings['userdata_cache_table']." WHERE cache_id=".intval($id), $connid);
  752. if(!empty($user_language)) $_SESSION[$settings['session_prefix'].'usersettings']['language'] = $user_language;
  753. else unset($_SESSION[$settings['session_prefix'].'usersettings']['language']);
  754. if(!empty($user_time_zone)) $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'] = $user_time_zone;
  755. else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']);
  756. if(!empty($user_time_difference)) $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] = intval($user_time_difference);
  757. else unset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']);
  758. if(!empty($user_theme)) $_SESSION[$settings['session_prefix'].'usersettings']['theme'] = $user_theme;
  759. else unset($_SESSION[$settings['session_prefix'].'usersettings']['theme']);
  760. header('Location: index.php?mode=user&action=edit_profile&msg=profile_saved');
  761. exit;
  762. }
  763. }
  764. break;
  765. case 'edit_pw':
  766. if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  767. {
  768. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  769. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  770. $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  771. $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  772. $smarty->assign('breadcrumbs',$breadcrumbs);
  773. $smarty->assign('subnav_location','subnav_userarea_edit_pw');
  774. $smarty->assign('subtemplate','user_edit_pw.inc.tpl');
  775. $template = 'main.tpl';
  776. }
  777. break;
  778. case 'edit_pw_submitted':
  779. if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  780. {
  781. $user_id = $_SESSION[$settings['session_prefix'].'user_id'];
  782. $pw_result = mysql_query("SELECT user_pw FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($user_id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  783. $field = mysql_fetch_array($pw_result);
  784. mysql_free_result($pw_result);
  785.  
  786. $old_pw = trim($_POST['old_pw']);
  787. $new_pw = trim($_POST['new_pw']);
  788. $new_pw_conf = trim($_POST['new_pw_conf']);
  789.  
  790. if($old_pw=='' or $new_pw=='' or $new_pw_conf =='') $errors[] = 'error_form_uncomplete';
  791. else
  792. {
  793. if(!is_pw_correct($old_pw,$field['user_pw'])) $errors[] = 'error_old_pw_wrong';
  794. if($new_pw_conf != $new_pw) $errors[] = 'error_pw_conf_wrong';
  795. if(my_strlen($new_pw, $lang['charset']) < $settings['min_pw_length']) $errors[] = 'error_new_pw_too_short';
  796. }
  797. // Update, if no errors:
  798. if(empty($errors))
  799. {
  800. $pw_hash = generate_pw_hash($new_pw);
  801. $pw_update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_pw='".mysql_real_escape_string($pw_hash)."', last_login=last_login, registered=registered WHERE user_id=".intval($user_id), $connid);
  802. header('location: index.php?mode=user&action=edit_profile&msg=pw_changed');
  803. exit;
  804. }
  805. else
  806. {
  807. $smarty->assign('errors',$errors);
  808. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  809. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  810. $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  811. $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  812. $smarty->assign('breadcrumbs',$breadcrumbs);
  813. $smarty->assign('subnav_location','subnav_userarea_edit_pw');
  814. $smarty->assign('subtemplate','user_edit_pw.inc.tpl');
  815. $template = 'main.tpl';
  816. }
  817. }
  818. break;
  819. case 'edit_email':
  820. if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  821. {
  822. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  823. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  824. $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  825. $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  826. $smarty->assign('breadcrumbs',$breadcrumbs);
  827. $smarty->assign('subnav_location','subnav_userarea_edit_mail');
  828. $smarty->assign('subtemplate','user_edit_email.inc.tpl');
  829. $template = 'main.tpl';
  830. }
  831. break;
  832. case 'edit_email_submit':
  833. if(isset($_SESSION[$settings['session_prefix'].'user_id']))
  834. {
  835. $new_email = trim($_POST['new_email']);
  836. $new_email_confirm = trim($_POST['new_email_confirm']);
  837. $pw_new_email = $_POST['pw_new_email'];
  838. // Check data:
  839. $email_result = @mysql_query("SELECT user_id, user_name, user_pw, user_email FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($_SESSION[$settings['session_prefix'].'user_id'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
  840. $data = mysql_fetch_array($email_result);
  841. mysql_free_result($email_result);
  842. if($pw_new_email=='' || $new_email=='') $errors[] = 'error_form_uncompl';
  843. if(empty($errors))
  844. {
  845. if($new_email!=$new_email_confirm) $errors[] = 'error_email_confirmation';
  846. if(my_strlen($new_email, $lang['charset']) > $settings['email_maxlength']) $errors[] = 'error_email_too_long';
  847. if($new_email == $data['user_email']) $errors[] = 'error_identic_email';
  848. if(!is_valid_email($new_email)) $errors[] = 'error_email_invalid';
  849. if(!is_pw_correct($pw_new_email,$data['user_pw'])) $errors[] = 'pw_wrong';
  850. }
  851. if(empty($errors))
  852. {
  853. $smarty->configLoad($settings['language_file'], 'emails');
  854. $lang = $smarty->getConfigVars();
  855. #if($language_file != $settings['language_file']) setlocale(LC_ALL, $lang['locale']);
  856. $activate_code = random_string(20);
  857. $activate_code_hash = generate_pw_hash($activate_code);
  858. // send mail with activation key:
  859. $lang['edit_address_email_txt'] = str_replace("[name]", $data['user_name'], $lang['edit_address_email_txt']);
  860. $lang['edit_address_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."index.php?mode=register&id=".$data['user_id']."&key=".$activate_code, $lang['edit_address_email_txt']);
  861. if(!my_mail($new_email, $lang['edit_address_email_sj'], $lang['edit_address_email_txt'])) $errors[] = 'mail_error';
  862. if(empty($errors))
  863. {
  864. @mysql_query("UPDATE ".$db_settings['userdata_table']." SET user_email='".mysql_real_escape_string($new_email)."', last_login=last_login, registered=registered, activate_code = '".mysql_real_escape_string($activate_code_hash)."' WHERE user_id=".intval($_SESSION[$settings['session_prefix'].'user_id']), $connid) or raise_error('database_error',mysql_error());
  865. log_out($_SESSION[$settings['session_prefix'].'user_id']);
  866. header("Location: index.php");
  867. exit;
  868. }
  869. }
  870. if(isset($errors))
  871. {
  872. $smarty->assign('new_user_email',htmlspecialchars($new_email));
  873. $smarty->assign('errors',$errors);
  874. $breadcrumbs[0]['link'] = 'index.php?mode=user';
  875. $breadcrumbs[0]['linkname'] = 'subnav_userarea';
  876. $breadcrumbs[1]['link'] = 'index.php?mode=user&amp;action=edit_profile';
  877. $breadcrumbs[1]['linkname'] = 'subnav_userarea_edit_user';
  878. $smarty->assign('breadcrumbs',$breadcrumbs);
  879. $smarty->assign('subnav_location','subnav_userarea_edit_mail');
  880. $smarty->assign('subtemplate','user_edit_email.inc.tpl');
  881. $template = 'main.tpl';
  882. }
  883. }
  884. break;
  885. }
  886. }
  887. else
  888. {
  889. header("Location: index.php");
  890. exit;
  891. }
  892. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!