chgprof.php at Mozart - Free PHP Code

<?
// called from: index.php
// description: update user preferences in USERS
//
include("connect.inc");
include("reqlogin.inc");
include("userprefs.inc");

$Message = "Password is necessary to modify profile";

if (!($submit)) {
	$Last        = $userdata["last"];
	$First       = $userdata["first"];
	$Email       = $userdata["email"];
}

// set up color array
// I don't know of a better way to do this
$colors[1][1] = "#000000";
$colors[1][2] = "Black";
$colors[2][1] = "#0000CC";
$colors[2][2] = "Blue";
$colors[3][1] = "#996633";
$colors[3][2] = "Brown";
$colors[4][1] = "#666666";
$colors[4][2] = "Gray";
$colors[5][1] = "#009900";
$colors[5][2] = "Green";
$colors[6][1] = "#FF3300";
$colors[6][2] = "Orange";
$colors[7][1] = "#990099";
$colors[7][2] = "Purple";
$colors[8][1] = "#FF0000";
$colors[8][2] = "Red";
$colors[9][1] = "#FFFFFF";
$colors[9][2] = "White";
$colors[10][1]= "#FFFF00";
$colors[10][2]= "Yellow";

if ($submit) {
//	salt is used for the crypt function
	$salt = "mz";

//	get the password associated with the given system_id
	$CheckPassSQL = "SELECT first, password FROM users WHERE system_id = '$SysID'";
	$CheckPasswd  = mysql_query($CheckPassSQL);
	$CheckPass    = mysql_fetch_array($CheckPasswd);

//	if $CheckPass is empty, then the given system_id doesn't exist
	if (!($CheckPass)) {
		$Message = "Invalid System ID";
	}

//	encrypt the provided password
	$EncryptPass = crypt($Password, $salt);

//	if the password retrieved doesn't match the encrypted password provided, exit
	if (!($CheckPass["password"] == $EncryptPass)) {
		$Message = "Invalid Password";
	}
	else {
		$UpdPassSQL = "UPDATE users SET last = '$Last', first = '$First', email = '$Email', bgcolor = '$BGColor', txtcolor = '$TxtColor', bordercolor = '$BorderColor' WHERE system_id = '$SysID'";
		$UpdPass = mysql_query($UpdPassSQL);
		$errno   = mysql_errno($db);
		$error   = mysql_error($db);
		if ($errno == 0) {
		   $Message = "Profile Updated Successfully";
		}
		else {
		   $Message = "Error $errno: $error";
		} 
		$UserDataSQL = "SELECT * FROM users WHERE system_id = '$SysID'";
		$UserData    = mysql_query($UserDataSQL);
		$userdata    = mysql_fetch_array($UserData);
		$bgcolor     = $userdata["bgcolor"];
		$txtcolor    = $userdata["txtcolor"];
		$bordercolor = $userdata["bordercolor"];
	}
}
?>
<html>
<title>Mozart: Change Profile</title>
<body bgcolor=<? echo $userdata["bgcolor"] ?> text=<? echo $userdata["txtcolor"] ?>>
<center>
<? 
include("links.inc");
print ("<font color=red>$Message</font>"); 
?>
<table border=1 cellspacing=0 cellpadding=0>
<form action="chgprof.php" method="post">
<tr>
<tr><td>System ID:</td><td><input type="text" name=SysID value=<? echo $SysID ?>></td></tr>
<tr><td>Password:</td><td><input type="password" name=Password></td></tr>
<tr><td>Last Name:</td><td><input type="text" name=Last value=<? echo $Last ?>></td></tr>
<tr><td>First Name:</td><td><input type="text" name=First value=<? echo $First ?>></td></tr>
<tr><td>Email:</td><td><input type="text" name=Email value=<? echo $Email ?>></td></tr>
<tr><td>Background Color:</td><td><select name=BGColor>
<?
$x = 1;
while ($x <= 10) {
	if ($bgcolor == $colors[$x][1]) {
		$selected = " selected";
	}
	else {
		$selected = "";
	}
	printf("<option%s value=%s>%s", $selected, $colors[$x][1], $colors[$x][2]);
	$x++;
}
?>
</select>
</td></tr>
<tr><td>Text Color:</td><td><select name=TxtColor>
<?
$x = 1;
while ($x <= 10) {
	if ($txtcolor == $colors[$x][1]) {
		$selected = " selected";
	}
	else {
		$selected = "";
	}
	printf("<option%s value=%s>%s", $selected, $colors[$x][1], $colors[$x][2]);
	$x++;
}
?>
</select>
</td></tr>
<tr><td>Border Color:</td><td><select name=BorderColor>
<?
$x = 1;
while ($x <= 10) {
	if ($bordercolor == $colors[$x][1]) {
		$selected = " selected";
	}
	else {
		$selected = "";
	}
	printf("<option%s value=%s>%s", $selected, $colors[$x][1], $colors[$x][2]);
	$x++;
}
?>
</select>
</td></tr>
<tr><td><input type="submit" name="submit" value="Modify Profile"></td></tr>
</form>
</table>
</center>
<?
include("links.inc");
?>
</body>
</html>