<?php
session_start();
header ("Cache-control: private");
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
include("includes/config.inc.php");
include("includes/db.inc.php");
include("language/language.".$language.".php");
include("includes/functions.inc.php");
include("includes/users_funct.inc.php");
$statmsg = '';
$act = '';
$actval = '';
$curpage = 0;
if (!isset($_SESSION['loggedon'])){
header("Location: ".$url."login");
exit();
}elseif (isset($_SESSION['loggedon']) && ($_SESSION['loggedon'] != true)){
header("Location: ".$url."login");
exit();
}
$loc = htmlspecialchars(@$_GET['id'],ENT_QUOTES);
if(strpos($loc,"/") !== false){
$locarray = explode("/",$loc);
if (count($locarray) == 3){
$loc = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[0],ENT_QUOTES)));
$act = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[1],ENT_QUOTES)));
$actval = addslashes(mysql_real_escape_string(htmlspecialchars($locarray[2],ENT_QUOTES)));
}else{
$loc = 'messages';
}
}
$hdr = file_get_contents('themes/'.$theme.'/header.theme.html');
$lpanel = file_get_contents('themes/'.$theme.'/user_left.theme.html');
$cpanel = file_get_contents('themes/'.$theme.'/user_center.theme.html');
$rpanel = file_get_contents('themes/'.$theme.'/user_right.theme.html');
$ftr = file_get_contents('themes/'.$theme.'/footer.theme.html');
$ndx = $hdr.$lpanel.$cpanel.$rpanel.$ftr;
switch($loc){
case "profile":
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['updatebtn'])){
$location = htmlspecialchars(@$_POST['location'],ENT_QUOTES);
$interests = addslashes(mysql_real_escape_string(strip_tags_attributes(@$_POST['interests'])));
$hobbies = addslashes(mysql_real_escape_string(strip_tags_attributes(@$_POST['hobbies'])));
$website = htmlspecialchars(@$_POST['website'],ENT_QUOTES);
$portfolio = htmlspecialchars(@$_POST['portfolio'],ENT_QUOTES);
$bday = htmlspecialchars(@$_POST['bday'],ENT_QUOTES);
$aim = htmlspecialchars(@$_POST['aim'],ENT_QUOTES);
$icq = htmlspecialchars(@$_POST['icq'],ENT_QUOTES);
$yim = htmlspecialchars(@$_POST['yim'],ENT_QUOTES);
$msn = htmlspecialchars(@$_POST['msn'],ENT_QUOTES);
$gtalk = htmlspecialchars(@$_POST['gtalk'],ENT_QUOTES);
$isenab = htmlspecialchars(@$_POST['isenab'],ENT_QUOTES);
$userimage = $_FILES['uimage'];
$result = mysql_query('SELECT * FROM public_profile WHERE USERID = '.$_SESSION['USERID'].' LIMIT 1');
$cnt = mysql_num_rows($result);
if ($cnt > 0){
$delpic = htmlspecialchars(@$_POST['delpic'],ENT_QUOTES);
$statmsg = FUNCT_USER_PROFILE_UPDATEDB($delpic,$userimage,$location,$interests,$hobbies,$website,$portfolio,$bday,$aim,$icq,$yim,$msn,$gtalk,$isenab);
}else{
$statmsg = FUNCT_USER_PROFILE_ADDDB($userimage,$location,$interests,$hobbies,$website,$portfolio,$bday,$aim,$icq,$yim,$msn,$gtalk,$isenab);
}
}
}
if(strpos($ndx,"%USERFORMS%") !== false){
$ndx = str_replace('%USERFORMS%',FUNCT_PROFILE(),$ndx);
}
break;
case "account":
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['acctbtn'])){
$firstname = htmlspecialchars(@$_POST['firstname'],ENT_QUOTES);
$lastname = htmlspecialchars(@$_POST['lastname'],ENT_QUOTES);
$email = htmlspecialchars(@$_POST['email'],ENT_QUOTES);
$address = htmlspecialchars(@$_POST['address'],ENT_QUOTES);
$city = htmlspecialchars(@$_POST['city'],ENT_QUOTES);
$state = htmlspecialchars(@$_POST['state'],ENT_QUOTES);
$zip = htmlspecialchars(@$_POST['zipcode'],ENT_QUOTES);
$phone = htmlspecialchars(@$_POST['phone'],ENT_QUOTES);
if (validEmail($email)){
if(registeredEmail($email)){
$statmsg = FUNCT_USER_ACCOUNT_ADDDB($firstname,$lastname,$email,$address,$city,$state,$zip,$phone);
}else{
$statmsg = $usersmsg1;
}
}else{
$statmsg = $usersmsg2;
}
}
}
if(strpos($ndx,"%USERFORMS%") !== false){
$ndx = str_replace('%USERFORMS%',FUNCT_USER_ACCOUNT(),$ndx);
}
break;
Case "password":
$pwout = 0;
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['cpassword'])){
$opw = addslashes(mysql_real_escape_string(htmlspecialchars(@$_POST['opw'],ENT_QUOTES)));
$pw1 = addslashes(mysql_real_escape_string(htmlspecialchars(@$_POST['pw1'],ENT_QUOTES)));
$pw2 = addslashes(mysql_real_escape_string(htmlspecialchars(@$_POST['pw2'],ENT_QUOTES)));
if ($pw1 == $pw2){
if (strlen($pw1) >= $password_length_min){
$result = mysql_query('SELECT * FROM users WHERE USERID = '.$_SESSION['USERID'].' AND PASSWORD = "'.md5($opw).'" LIMIT 1');
$cnt = mysql_num_rows($result);
if ($cnt > 0){
mysql_query('UPDATE users SET PASSWORD = "'.md5($pw1).'" WHERE USERID = '.$_SESSION['USERID'].' AND PASSWORD = "'.md5($opw).'" LIMIT 1');
if(mysql_errno()){
$stamsg = $usersmsg3;
}else{
$statmsg = $usersmsg4;
$_SESSION = array();
session_destroy();
$pwout = 1;
}
}else{
$statmsg = $usersmsg5;
}
}else{
$statmsg = $usersmsg6;
}
}else{
$statmsg = $usersmsg7;
}
}
}
if ($pwout == 0){
if(strpos($ndx,"%USERFORMS%") !== false){
$ndx = str_replace('%USERFORMS%',file_get_contents('themes/'.$theme.'/user_pw_change.theme.html'),$ndx);
}
}elseif($pwout == 1){
$ndx = str_replace('%USERFORMS%','',$ndx);
}
break;
case 'messages':
include('includes/direct_msg.inc.php');
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['message1']) && !empty($_POST['message1']) && (strlen($_POST['message1'])>=2)){
if(isset($_POST['username']) && !empty($_POST['username'])){
$toname = substr(addslashes(mysql_real_escape_string(htmlspecialchars($_POST['username'],ENT_QUOTES))),1);
$message1 = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['message1'],ENT_QUOTES)));
$sqltxt = 'SELECT * FROM friends WHERE friends.USERID IN (SELECT USERID FROM users WHERE USERNAME = "'.$toname.'") AND FRIENDID = '.$_SESSION['USERID'];
$result = mysql_query($sqltxt);
if(mysql_errno()){
$statmsg = $usersmsg8;
}else{
$cnt = mysql_num_rows($result);
if ($allow_nonfollow_dm == 1){
$cnt = 1;
}
if ($cnt > 0){
if ($use_bad_word_filer == 1){
$message1 = FUNCT_WORD_FILTER($message1);
}
if ($use_keyword_spam_filter == 1){
if (keywords_funct($message1) == 'GOOD') {
$sql = 'INSERT INTO directmessages (TO_USERNAME,FROM_USERNAME,ENTRYDATE,MESSAGE) VALUES ("'.$toname.'","'.$_SESSION['USERNAME'].'",Now(),"'.$message1.'")';
mysql_query($sql);
if(mysql_errno()){
$statmsg = $usersmsg9;
}else{
$statmsg = $usersmsg10;
}
}elseif(keywords_funct($message1) == 'BAD'){
$statmsg = $msgblock8;
}
}else{
$sql = 'INSERT INTO directmessages (TO_USERNAME,FROM_USERNAME,ENTRYDATE,MESSAGE) VALUES ("'.$toname.'","'.$_SESSION['USERNAME'].'",Now(),"'.$message1.'")';
mysql_query($sql);
if(mysql_errno()){
$statmsg = $usersmsg9;
}else{
$statmsg = $usersmsg10;
}
}
}else{
$statmsg = $usersmsg11;
}
}
}
}
}
if($_SERVER['REQUEST_METHOD'] == 'GET'){
if(isset($_GET['page']) && !empty($_GET['page']) && is_numeric($_GET['page'])){
$curpage = htmlspecialchars(@$_GET['page'],ENT_QUOTES);
}
switch($act){
case "deldm":
if(!empty($actval) && is_numeric($actval)){
mysql_query('DELETE FROM directmessages WHERE TO_USERNAME = "'.$_SESSION['USERNAME'].'" AND MSGID = '.$actval.' LIMIT 1');
if(mysql_errno()){
$statmsg = $usersmsg12;
}
}
$loc = 'messages';
break;
case "reply":
$ndx = str_replace('%USERFORMS%',FUNCT_DM_FRM($actval),$ndx);
$loc = 'messages';
break;
}
}
if(strpos($ndx,"%USERFORMS%") !== false){
$ndx = str_replace('%USERFORMS%',directDBNFO($curpage),$ndx);
}
break;
default:
$ndx = str_replace('%USERFORMS%',FUNCT_PROFILE(),$ndx);
}
if(strpos($ndx,"%STATUSMSG%") !== false){
$ndx = str_replace('%STATUSMSG%',$statmsg,$ndx);
}else{
$ndx = str_replace('%STATUSMSG%','',$ndx);
}
echo USER_PAGE_PROCESSING($ndx);
mysql_close($connection);
?>