Location: PHPKode > projects > Chirp: The Microblog > chirp.v.1.1/users.php
<?php

	session_start();

	header ("Cache-control: private");

	error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);

	

	include("includes/config.inc.php");

	include("includes/db.inc.php");

	include("language/language.".$language.".php");

	include("includes/functions.inc.php");

	include("includes/users_funct.inc.php");

	

	$statmsg	= '';

	$act		= '';

	$actval		= '';

	$curpage	= 0;

	

	if (!isset($_SESSION['loggedon'])){

		header("Location: ".$url."login");

		exit();

	}elseif (isset($_SESSION['loggedon']) && ($_SESSION['loggedon'] != true)){

		header("Location: ".$url."login");

		exit();

	}

	

	$loc = htmlspecialchars(@$_GET['id'],ENT_QUOTES);



	if(strpos($loc,"/") !== false){

		$locarray = explode("/",$loc);

		if (count($locarray) == 3){

			$loc = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[0],ENT_QUOTES)));

			$act = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[1],ENT_QUOTES)));

			$actval = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[2],ENT_QUOTES)));

		}else{

			$loc = 'messages';

		}

	}

	

	$hdr 	= file_get_contents('themes/'.$theme.'/header.theme.html');

	$lpanel = file_get_contents('themes/'.$theme.'/user_left.theme.html');

	$cpanel = file_get_contents('themes/'.$theme.'/user_center.theme.html');

	$rpanel = file_get_contents('themes/'.$theme.'/user_right.theme.html');

	$ftr 	= file_get_contents('themes/'.$theme.'/footer.theme.html');

	$ndx = $hdr.$lpanel.$cpanel.$rpanel.$ftr;

	

	switch($loc){

		case "profile":

			if ($_SERVER['REQUEST_METHOD'] == 'POST'){

				if(isset($_POST['updatebtn'])){

					$location 	= htmlspecialchars(@$_POST['location'],ENT_QUOTES);

					$interests	= addslashes(mysql_real_escape_string(strip_tags_attributes(@$_POST['interests'])));

					$hobbies	= addslashes(mysql_real_escape_string(strip_tags_attributes(@$_POST['hobbies'])));

					$website	= htmlspecialchars(@$_POST['website'],ENT_QUOTES);

					$portfolio	= htmlspecialchars(@$_POST['portfolio'],ENT_QUOTES);

					$bday		= htmlspecialchars(@$_POST['bday'],ENT_QUOTES);

					$aim		= htmlspecialchars(@$_POST['aim'],ENT_QUOTES);

					$icq		= htmlspecialchars(@$_POST['icq'],ENT_QUOTES);

					$yim		= htmlspecialchars(@$_POST['yim'],ENT_QUOTES);

					$msn		= htmlspecialchars(@$_POST['msn'],ENT_QUOTES);

					$gtalk		= htmlspecialchars(@$_POST['gtalk'],ENT_QUOTES);

					$isenab		= htmlspecialchars(@$_POST['isenab'],ENT_QUOTES);

					$userimage = $_FILES['uimage'];

					

					$result = mysql_query('SELECT * FROM public_profile WHERE USERID = '.$_SESSION['USERID'].' LIMIT 1');

					$cnt = mysql_num_rows($result);

					if ($cnt > 0){

						$delpic = htmlspecialchars(@$_POST['delpic'],ENT_QUOTES);

						$statmsg = FUNCT_USER_PROFILE_UPDATEDB($delpic,$userimage,$location,$interests,$hobbies,$website,$portfolio,$bday,$aim,$icq,$yim,$msn,$gtalk,$isenab);

					}else{

						$statmsg = FUNCT_USER_PROFILE_ADDDB($userimage,$location,$interests,$hobbies,$website,$portfolio,$bday,$aim,$icq,$yim,$msn,$gtalk,$isenab);

					}

				}

			}

			

			if(strpos($ndx,"%USERFORMS%") !== false){

				$ndx = str_replace('%USERFORMS%',FUNCT_PROFILE(),$ndx);

			}

			break;

		case "account":

			if ($_SERVER['REQUEST_METHOD'] == 'POST'){

				if(isset($_POST['acctbtn'])){

					$firstname	= htmlspecialchars(@$_POST['firstname'],ENT_QUOTES);

					$lastname	= htmlspecialchars(@$_POST['lastname'],ENT_QUOTES);

					$email		= htmlspecialchars(@$_POST['email'],ENT_QUOTES);

					$address	= htmlspecialchars(@$_POST['address'],ENT_QUOTES);

					$city		= htmlspecialchars(@$_POST['city'],ENT_QUOTES);

					$state		= htmlspecialchars(@$_POST['state'],ENT_QUOTES);

					$zip		= htmlspecialchars(@$_POST['zipcode'],ENT_QUOTES);

					$phone		= htmlspecialchars(@$_POST['phone'],ENT_QUOTES);

					if (validEmail($email)){

						if(registeredEmail($email)){

							$statmsg = FUNCT_USER_ACCOUNT_ADDDB($firstname,$lastname,$email,$address,$city,$state,$zip,$phone);

						}else{

							$statmsg = $usersmsg1;

						}

					}else{

						$statmsg = $usersmsg2;

					}

				}

			}

			if(strpos($ndx,"%USERFORMS%") !== false){

				$ndx = str_replace('%USERFORMS%',FUNCT_USER_ACCOUNT(),$ndx);

			}

			break;

		Case "password":

			$pwout = 0;

			if ($_SERVER['REQUEST_METHOD'] == 'POST'){

				if(isset($_POST['cpassword'])){

					$opw 	= addslashes(mysql_real_escape_string(htmlspecialchars(@$_POST['opw'],ENT_QUOTES)));

					$pw1 	= addslashes(mysql_real_escape_string(htmlspecialchars(@$_POST['pw1'],ENT_QUOTES)));

					$pw2 	= addslashes(mysql_real_escape_string(htmlspecialchars(@$_POST['pw2'],ENT_QUOTES)));

					if ($pw1 == $pw2){

						if (strlen($pw1) >= $password_length_min){

							$result = mysql_query('SELECT * FROM users WHERE USERID = '.$_SESSION['USERID'].' AND PASSWORD = "'.md5($opw).'" LIMIT 1');

							$cnt = mysql_num_rows($result);

							if ($cnt > 0){

								mysql_query('UPDATE users SET PASSWORD = "'.md5($pw1).'" WHERE USERID = '.$_SESSION['USERID'].' AND PASSWORD = "'.md5($opw).'" LIMIT 1');

								if(mysql_errno()){

									$stamsg = $usersmsg3;

								}else{

									$statmsg = $usersmsg4;

									$_SESSION = array();

									session_destroy();

									$pwout = 1;

								}

							}else{

								$statmsg = $usersmsg5;

							}

						}else{

							$statmsg = $usersmsg6;

						}

					}else{

						$statmsg = $usersmsg7;

					}

				}

			}

			if ($pwout == 0){

				if(strpos($ndx,"%USERFORMS%") !== false){

					$ndx = str_replace('%USERFORMS%',file_get_contents('themes/'.$theme.'/user_pw_change.theme.html'),$ndx);

				}

			}elseif($pwout == 1){

				$ndx = str_replace('%USERFORMS%','',$ndx);

			}

			break;

		case 'messages':

			include('includes/direct_msg.inc.php');

			if($_SERVER['REQUEST_METHOD'] == 'POST'){

				if(isset($_POST['message1']) && !empty($_POST['message1']) && (strlen($_POST['message1'])>=2)){

					if(isset($_POST['username']) && !empty($_POST['username'])){

						$toname =  substr(addslashes(mysql_real_escape_string(htmlspecialchars($_POST['username'],ENT_QUOTES))),1);

						$message1 = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['message1'],ENT_QUOTES)));

						

						$sqltxt = 'SELECT * FROM friends WHERE friends.USERID IN (SELECT USERID FROM users WHERE USERNAME = "'.$toname.'") AND FRIENDID = '.$_SESSION['USERID'];

						$result = mysql_query($sqltxt);

						if(mysql_errno()){

							$statmsg = $usersmsg8;

						}else{

							$cnt = mysql_num_rows($result);

							if ($allow_nonfollow_dm == 1){

								$cnt = 1;

							}

							if ($cnt > 0){

								if ($use_bad_word_filer == 1){

									$message1 = FUNCT_WORD_FILTER($message1);

								}

								if ($use_keyword_spam_filter == 1){

									if (keywords_funct($message1) == 'GOOD') {

										$sql = 'INSERT INTO directmessages (TO_USERNAME,FROM_USERNAME,ENTRYDATE,MESSAGE) VALUES ("'.$toname.'","'.$_SESSION['USERNAME'].'",Now(),"'.$message1.'")';

										mysql_query($sql);

										if(mysql_errno()){

											$statmsg = $usersmsg9;

										}else{

											$statmsg = $usersmsg10;

										}

									}elseif(keywords_funct($message1) == 'BAD'){

										$statmsg = $msgblock8;

									}

								}else{

									$sql = 'INSERT INTO directmessages (TO_USERNAME,FROM_USERNAME,ENTRYDATE,MESSAGE) VALUES ("'.$toname.'","'.$_SESSION['USERNAME'].'",Now(),"'.$message1.'")';

									mysql_query($sql);

									if(mysql_errno()){

										$statmsg = $usersmsg9;

									}else{

										$statmsg = $usersmsg10;

									}

								}

							}else{

								$statmsg = $usersmsg11;

							}

						}

					}

				}

			}

			if($_SERVER['REQUEST_METHOD'] == 'GET'){

				if(isset($_GET['page']) && !empty($_GET['page']) && is_numeric($_GET['page'])){

					$curpage = htmlspecialchars(@$_GET['page'],ENT_QUOTES);

				}

				switch($act){

					case "deldm":

						if(!empty($actval) && is_numeric($actval)){

							mysql_query('DELETE FROM directmessages WHERE TO_USERNAME = "'.$_SESSION['USERNAME'].'" AND MSGID = '.$actval.' LIMIT 1');

							if(mysql_errno()){

								$statmsg = $usersmsg12;	

							}

						}

						$loc = 'messages';

					break;

					case "reply":

						$ndx = str_replace('%USERFORMS%',FUNCT_DM_FRM($actval),$ndx);

						$loc = 'messages';

						break;

				}

			}



			if(strpos($ndx,"%USERFORMS%") !== false){

					$ndx = str_replace('%USERFORMS%',directDBNFO($curpage),$ndx);

			}

			break;

		default:

			$ndx = str_replace('%USERFORMS%',FUNCT_PROFILE(),$ndx);

	}

	if(strpos($ndx,"%STATUSMSG%") !== false){

		$ndx = str_replace('%STATUSMSG%',$statmsg,$ndx);

	}else{

		$ndx = str_replace('%STATUSMSG%','',$ndx);	

	}

	echo USER_PAGE_PROCESSING($ndx);

	

	mysql_close($connection);

?>
Return current item: Chirp: The Microblog