Location: PHPKode > projects > @1 File Store > profile.php
<?
$MustLogin=1|2|4;
require_once("libs/header.php");

// modify $PROFILE_FORM => optional/reqired fields, added by niotech
if($USER_PROFILE_FIELDS["company"]==1){ $PROFILE_FORM["company"]=array("type"=>"text","description"=>$lang['company_name'],"error"=>$lang['enter']." ".$lang['company_name']); }
if($USER_PROFILE_FIELDS["address1"]==1){ $PROFILE_FORM["address1"]=array("type"=>"text","description"=>$lang['address_1'],"error"=>$lang['enter']." ".$lang['address_1']); }
if($USER_PROFILE_FIELDS["address2"]==1){ $PROFILE_FORM["address2"]=array("type"=>"text","description"=>$lang['address_2'],"error"=>$lang['enter']." ".$lang['address_2']); }
if($USER_PROFILE_FIELDS["city"]==1){ $PROFILE_FORM["city"]=array("type"=>"text","description"=>$lang['city'],"error"=>$lang['enter']." ".$lang['city']); }
if($USER_PROFILE_FIELDS["state"]==1){ $PROFILE_FORM["state"]=array("type"=>"text","description"=>$lang['state'],"error"=>$lang['enter']." ".$lang['state']); }
if($USER_PROFILE_FIELDS["postcode"]==1){ $PROFILE_FORM["postcode"]=array("type"=>"text","description"=>$lang['postcode'],"error"=>$lang['enter']." ".$lang['postcode']); }
if($USER_PROFILE_FIELDS["country"]==1){ $PROFILE_FORM["country"]=array("type"=>"text","description"=>$lang['country'],"error"=>$lang['enter']." ".$lang['country']); }
if($USER_PROFILE_FIELDS["telephone"]==1){ $PROFILE_FORM["telephone"]=array("type"=>"text","description"=>$lang['phone_number'],"error"=>$lang['enter']." ".$lang['phone_number']); }

$form=array(
	"method"=>"POST",
	"action"=>"",
	"message"=>"",
	"errorcount"=>0,
	"fields"=>$PROFILE_FORM,
	"submit"=>$lang['update']
);
$userform=new UserForms($form["fields"]);
if($_SERVER["REQUEST_METHOD"]==$form["method"]) {
	$userform->load($form["fields"], $_POST);
	$form["errorcount"]=$userform->check($form["fields"]);
		
// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/

/* Fields:
$form["fields"]["real_name"]["value"]
$form["fields"]["company"]["value"]
$form["fields"]["address1"]["value"]
$form["fields"]["address2"]["value"]
$form["fields"]["city"]["value"]
$form["fields"]["state"]["value"]
$form["fields"]["postcode"]["value"]
$form["fields"]["country"]["value"]
$form["fields"]["telephone"]["value"]
$form["fields"]["email"]["value"]
$form["fields"]["login"]["value"]
$form["fields"]["password"]["value"]
$form["fields"]["password2"]["value"]
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
                '@<[\/\!]*?[^<>]*?>@si',
                '@([\r\n])[\s]+@',
                '@&(quot|#34);@i',
                '@&(amp|#38);@i',
                '@&(lt|#60);@i',
                '@&(gt|#62);@i',
                '@&(nbsp|#160);@i',
                '@&(iexcl|#161);@i',
                '@&(cent|#162);@i',
                '@&(pound|#163);@i',
                '@&(copy|#169);@i',
                '@&#(\d+);@e');

$replace = array ('',
                 '',
                 '\1',
                 '"',
                 '&',
                 '<',
                 '>',
                 ' ',
                 chr(161),
                 chr(162),
                 chr(163),
                 chr(169),
                 'chr(\1)');

$frealname = $form["fields"]["real_name"]["value"];
$fcompany = $form["fields"]["company"]["value"];
$faddress = $form["fields"]["address1"]["value"];
$faddress2 = $form["fields"]["address2"]["value"];
$fcity = $form["fields"]["city"]["value"];
$fstate = $form["fields"]["state"]["value"];
$fpostcode = $form["fields"]["postcode"]["value"];
$fcountry = $form["fields"]["country"]["value"];
$ftelephone = $form["fields"]["telephone"]["value"];
$femail = $form["fields"]["email"]["value"];
//$flogin = $form["fields"]["login"]["value"];
$fpassword = $form["fields"]["password"]["value"];
$fsubscription = $form["fields"]["subscription"]["value"];

$form["fields"]["real_name"]["value"] = preg_replace($search, $replace, $form["fields"]["real_name"]["value"]);
$form["fields"]["company"]["value"] = preg_replace($search, $replace, $form["fields"]["company"]["value"]);
$form["fields"]["address1"]["value"] = preg_replace($search, $replace, $form["fields"]["address1"]["value"]);
$form["fields"]["address2"]["value"] = preg_replace($search, $replace, $form["fields"]["address2"]["value"]);
$form["fields"]["city"]["value"] = preg_replace($search, $replace, $form["fields"]["city"]["value"]);
$form["fields"]["state"]["value"] = preg_replace($search, $replace, $form["fields"]["state"]["value"]);
$form["fields"]["postcode"]["value"] = preg_replace($search, $replace, $form["fields"]["postcode"]["value"]);
$form["fields"]["country"]["value"] = preg_replace($search, $replace, $form["fields"]["country"]["value"]);
$form["fields"]["telephone"]["value"] = preg_replace($search, $replace, $form["fields"]["telephone"]["value"]);
$form["fields"]["email"]["value"] = preg_replace($search, $replace, $form["fields"]["email"]["value"]);
//$form["fields"]["login"]["value"] = preg_replace($search, $replace, $form["fields"]["login"]["value"]);
$form["fields"]["password"]["value"] = preg_replace($search, $replace, $form["fields"]["password"]["value"]);
$form["fields"]["subscription"]["value"] = preg_replace($search, $replace, $form["fields"]["subscription"]["value"]);


//if ($frealname!=$form["fields"]["real_name"]["value"] or $fcompany!=$form["fields"]["company"]["value"] or $faddress!=$form["fields"]["address1"]["value"] or $faddress2!=$form["fields"]["address2"]["value"] or $fcity!=$form["fields"]["city"]["value"] or $fstate!=$form["fields"]["state"]["value"] or $fpostcode!=$form["fields"]["postcode"]["value"] or $fcountry!=$form["fields"]["country"]["value"] or $ftelephone!=$form["fields"]["telephone"]["value"] or $femail!=$form["fields"]["email"]["value"] or $flogin!=$form["fields"]["login"]["value"] or $fpassword!=$form["fields"]["password"]["value"]) {

if ($frealname!=$form["fields"]["real_name"]["value"] or $fcompany!=$form["fields"]["company"]["value"] or $faddress!=$form["fields"]["address1"]["value"] or $faddress2!=$form["fields"]["address2"]["value"] or $fcity!=$form["fields"]["city"]["value"] or $fstate!=$form["fields"]["state"]["value"] or $fpostcode!=$form["fields"]["postcode"]["value"] or $fcountry!=$form["fields"]["country"]["value"] or $ftelephone!=$form["fields"]["telephone"]["value"] or $femail!=$form["fields"]["email"]["value"] or $fpassword!=$form["fields"]["password"]["value"] or $fsubscription!=$form["fields"]["subscription"]["value"]) {
	die("Please do not enter any malicious code");
}

if (empty($form["fields"]["real_name"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['realname_is_empty'];
}
if (empty($form["fields"]["email"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['email_is_empty'];
}

if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $form["fields"]["email"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['email_format'];
}
/*
if (empty($form["fields"]["login"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]="Login is empty";
}
*/
//if (empty($form["fields"]["password"]["value"]) or empty($form["fields"]["password2"]["value"])) { 
if (empty($form["fields"]["password"]["value"])) { 
	$form["errorcount"]=1;
	$form["message"]=$lang['password_is_empty'];
}

/************************ eod ******************************/

	$SQL1="SELECT email FROM `".DB_PREFIX."users` WHERE `id`='".$CurUser->getid()."'";
	if(!$mysql->query($SQL1) || $mysql->num<=0) {
		exit($mysql->error);
	}
	$q_email = $mysql->field('email');	
	//if ($q_email != $form["fields"]["email"]["value"]) { // why only update when email changed?? -> edited by niotech
		$SQL="SELECT COUNT(*) AS `cnt` FROM `".DB_PREFIX."users`";
		$SQL.=" WHERE `email`='".AddSlashes(trim($form["fields"]["email"]["value"]))."' AND `id`<>'".$CurUser->getid()."'"; // added by niotech: also check for other id
		if(!$mysql->query($SQL) || $mysql->num<=0) {
			exit($mysql->error);
		}
		if(intval($mysql->field("cnt"))>0) {
			$form["errorcount"]=1;
			$form["message"]=$lang['email_exist'];
		} else {
			if($form["errorcount"]==0) {
				$SQL="UPDATE `".DB_PREFIX."users` SET ".$userform->sql($form["fields"])." WHERE `id`='".$CurUser->getid()."'";
				if(!$mysql->query($SQL)) {
					exit($mysql->error);
				}
				Header("Location:profile.php");
				exit();
			}
		}
	//}
} else {
	$SQL="SELECT * FROM `".DB_PREFIX."users` WHERE `id`='".$CurUser->getid()."'";
	if(!$mysql->query($SQL)) {
		exit($mysql->error);
	} else {
		if(substr($mysql->field("login"), 0, 6)=="guest_") {
			$smarty->assign("message", "denied");
			$smarty->display("message.tpl");
			exit();
		}
		$userform->load($form["fields"], $mysql->arr);
	}
}
$smarty->assign("form", $form);
$smarty->display("profile.tpl");
?>
Return current item: @1 File Store