Location: PHPKode > projects > Ads Exchange Server > estigi_0.1.1_RC2/profile.php
<?php

/***************************************************************************
 *                             profile.php
 *                            -------------------
 *   begin                : mier, mayo 2, 2007
 *   copyright            : (C)
 *   email                : hide@address.com
 *   Desc                 : User settings, both for admins as for regular users
 *
 *
 ***************************************************************************/

define('IN_ADSERVER', true);

include_once("./inc/common.inc.php");

checkLogin($web_address);

$s_Warning = "";

/* Declare the TPL */
$profile_Tpl = new tpl($s_path_Tpl . "/profile.tpl");

//See if it is an admin who wants to see or modify data
if(get_User_Settings($session['id_User'], "edit_Users") == 1){
	if(isset($_GET['id_User'])){
		$s_User_Id = $_GET['id_User'];
	}
		else if(isset($_POST['id_User'])){
			$s_User_Id = $_POST['id_User'];
	}
		else{
			$s_User_Id = $session['id_User'];
		}

	$s_Modify = 1;
}
	else{
		$s_User_Id = $session['id_User'];
		$s_Modify = 0;
	}

//Change data
if(isset($_POST['changeData']) && $_POST['changeData'] != "" && rtrim($_POST['email']) != ""){

	if($_POST['pwd_1'] != $_POST['pwd_0']){
		$s_Warning = $_lang['profile_Msg_Pwd_Match'];
	}

	if($s_Modify == 0){
		//Get password to confirm, admins don't need it.
		$q = "
			SELECT id_User, email, pwd
			FROM ".$db_Pre ."users
			WHERE user_Name = '" . $session['user_Name'] . "'
			AND pwd = '" . md5($_POST['pwd_2']) . "'
		  ";

		$q_check_Pwd = mysql_query($q) or die("Unable to Get Current Password: " . mysql_Error());

		if(mysql_num_rows($q_check_Pwd) == 0){
			$s_Warning = $_lang['profile_Msg_Pwd_Inc'];
		}

		$s_Change_This_Too = "";

	}
	else if(get_User_Settings($session['id_User'], "edit_Users", $web_address) == 1 && rtrim($_POST['user_Name']) != ""){
		$s_Change_This_Too = ", user_Name = '".$_POST['user_Name']."', id_Group = ".$_POST['id_Group'].", active = ".(isset($_POST['active']) ? 1 : 0)."";
	}

		//Everything is going fine
		if($s_Error == ""){

			//Make the changes
			$q = "
				UPDATE ".$db_Pre."users
				SET pwd = " . ($_POST['pwd_0'] != "" ? "'".md5($_POST['pwd_0'])."'" : "pwd" ). ",
					 email = '".$_POST['email']."'
					" . $s_Change_This_Too . "
				WHERE id_User = " . $s_User_Id . "
				";

			$q_Change_Data = mysql_query($q) or die("Unable to Change Data: " . mysql_Error());

			$s_Warning = $_lang['profile_Msg_Changes'];
		}
	}

//Get user data
$q = "
	SELECT ".$db_Pre ."users.*, ".$db_Pre ."groups.group_Name
	FROM ".$db_Pre ."users
	INNER JOIN ".$db_Pre ."groups ON ".$db_Pre ."users.id_Group = ".$db_Pre ."groups.id_Group
	WHERE id_User = ".$s_User_Id."
	";

$q_Get_Data = mysql_query($q) or die("Unable to Get User Data: " . mysql_Error());

if(mysql_num_rows($q_Get_Data) == 0){
	$s_Warning = $_lang['profile_Msg_No_User'];
}
	//Everything is fine
	else{
		$row = mysql_fetch_array($q_Get_Data, MYSQL_ASSOC);
			$s_Group = $row['group_Name'];
			$s_Id_Group = $row['id_Group'];
			$s_Active = $row['active'];
			$s_User_Name = $row['user_Name'];
			$s_Email = $row['email'];
	}

if($s_Modify == 1){
	//Get Available Groups
	$q = "
		SELECT ".$db_Pre ."groups.*
		FROM ".$db_Pre ."groups
		";

	$q_Get_Groups = mysql_query($q) or die("Unable to Get Groups: " . mysql_Error());

		while($row = mysql_fetch_array($q_Get_Groups, MYSQL_ASSOC)){
			$s_Groups .= "<option value='".$row['id_Group']."' ".($row['id_Group'] == $s_Id_Group ? "selected" : "").">".$row['group_Name']."</option>";
		}
}

//Change credits
if(isset($_GET['change_Credits']) && get_User_Settings($session['id_User'], "edit_Users") == 1){

	$q = "
		UPDATE ".$db_Pre."credits
		SET credits = ".($_GET['credits'] >= 0 ? $_GET['credits'] : -1 ). "
		WHERE id_User = " . $_GET['id_User'] . "
		AND id_Zone = " . $_GET['id_Zone'] . "
		";

	$q_Change_Credits = mysql_query($q) or die("Unable to Change Credits: " . mysql_Error());

	$s_Warning = $_lang['profile_Msg_Changes'];

}

//Get Credits for this user
if($s_Modify == 1 && get_User_Settings($session['id_User'], "edit_Users") == 1){

	$q = "
		SELECT ".$db_Pre ."credits.*, ".$db_Pre ."zones.dimensions, ".$db_Pre ."zones.text
		FROM ".$db_Pre ."credits
		INNER JOIN ".$db_Pre ."zones ON ".$db_Pre ."zones.id_Zone = ".$db_Pre ."credits.id_Zone
		WHERE id_User = '" . (isset($_GET['id_User']) ? $_GET['id_User'] : $session['id_User']) . "'
		AND ".$db_Pre ."zones.active = 1
		ORDER BY ".$db_Pre ."zones.text
		";

	$q_Get_Credits = mysql_query($q) or die("Unable to Get Credits: " . mysql_Error());

	while($row = mysql_fetch_array($q_Get_Credits, MYSQL_ASSOC)){
		$a_Credits_Text[] = $row['text'];
		$a_Credits_Dimensions[] = $row['dimensions'];
		$a_Credits_Id_Zone[] = $row['id_Zone'];
		$a_Credits_Q[] = $row['credits'];
	}

	/* First block of edit users */
	$a_Profile_Edit_Users_1 = array(
		"{PROFILE_USER_NAME}" => $_lang['profile_User'],
		"{PROFILE_USER_NAME_V}" => $s_User_Name,
		"{PROFILE_GROUP}" => $_lang['profile_Group'],
		"{PROFILE_GROUP_SELECT}" => $s_Groups,
		"{PROFILE_ACTIVE}" => $_lang['profile_Active'],
		"{PROFILE_ACTIVE_V}" => ($s_Active == 1 ? "checked" : "")
	);

	$profile_Tpl->rBlock($a_Profile_Edit_Users_1, "EDIT_USER");
	
	/* Second block of Edit Users */
	$a_Profile_Edit_Users_2 = array(
		"{PROFILE_CREDITS_TITLE}" => $_lang['profile_Credits'],
		"{PROFILE_UNLIMITED_NOTE}" => $_lang['profile_Unlimited']
	);

	$profile_Tpl->rBlock($a_Profile_Edit_Users_2, "EDIT_USER_2");

	/* Arrays with all the values */
	for($i = 0; $i < count($a_Credits_Q); $i++) {
		$a_Zones_Values[] = array(
									$_lang['profile_Zone'],
									($a_Credits_Text[$i] == 1 ? $_lang['profile_Text'] : ""),
									$a_Credits_Dimensions[$i],
									(isset($_GET['id_User']) ? $_GET['id_User'] : $session['id_User']),
									$a_Credits_Id_Zone[$i],
									$a_Credits_Q[$i],
									$_lang['profile_Commit']
									);
	}

	/* Array with keys */
	$a_Zones_Keys = array(
						"{PROFILE_ZONE}",
						"{PROFILE_TEXT}",
						"{PROFILE_DIMENSIONS}",
						"{PROFILE_ID_USER}",
						"{PROFILE_ID_ZONE}",
						"{PROFILE_CREDITS}",
						"{PROFILE_COMMIT}"
						);

	$profile_Tpl->rBlock_Several($a_Zones_Keys, $a_Zones_Values, "ZONES");

}
	else{
		$profile_Tpl->hideBlock("EDIT_USER");
		$profile_Tpl->hideBlock("EDIT_USER_2");
	}

$a_Profile = array(
	"{PROFILE_USER}" => sprintf($_lang['profile_Data'], $s_User_Name, $s_User_Id),
	"{PROFILE_EMAIL}" => $_lang['profile_Email'],
	"{PROFILE_EMAIL_V}" => $s_Email,
	"{PROFILE_PASSWORD}" => $_lang['profile_New_Pssw'],
	"{PROFILE_PASSWORD_AGAIN}" => $_lang['profile_New_Pssw_Again'],
	"{PROFILE_PASSWORD_CONFIRM}" => $_lang['profile_Confirm_Pssw'],
	"{PROFILE_USER_ID}" => $s_User_Id,
	"{PROFILE_COMMIT}" => $_lang['profile_Commit']
);

/* Replace main TPL */
$profile_Tpl->rBlock($a_Profile, "");

include_once("./header.inc.php"); 
/* Print the tpl */
$profile_Tpl->print_Tpl();
include_once("./footer.inc.php");
?>
Return current item: Ads Exchange Server