Location: PHPKode > projects > Nitrotech > nitrotech/profile.php
<?php

//
//start everything needed
//
$root = './';
$page_name = 'Profile';
$page_file= basename(__FILE__);

include($root . "includes/common.php");

$page_mode = (isset($_GET['mode'])) ? $_GET['mode'] : '';

//
//Start the page
//

//dbstart();  //start databse     --- already started

if(isset($_GET['page_id']))
{
	@$query1 = "SELECT * FROM " . $table['pages'] . " WHERE page_file='". $page_file ."' AND id = '" . $_GET['page_id'] . "'";
}
@$result1 = mysql_query($query1);
@$id1 = mysql_result($result1,0,"id");

    if (!$id1)
    {
        $not_databased = 1;
    }
    else
    {
	    $name1 = mysql_result($result1,0,"page_name");
	    $text1 = mysql_result($result1,0,"page_text");
	    $auth1 = mysql_result($result1,0,"auth");
	    $loggedin1 = mysql_result($result1,0,"logged_in");
	    $text = text_read($text1);
	    $page_name = $name1;

        if($loggedin1 == '2')
	    {
	        $logged = '0';
	    }
	}

//
//Start the output of the page
//

page_header('normal');

if($loggedin1 == '2')
{
	$logged = '0';
}

if(isset($not_databased) || (($auth1 - 1) < get_userinfo('level') && ($loggedin1 == '0' || $loggedin1 == loggedin() || $logged == loggedin())))
{
	if((($page_mode == 'register') && !loggedin()) || (!loggedin() && ($page_mode != 'regsubmit')))
	{
	    //let the user register
	    echo($terms_and_conditions);
	?>

	<form action="<?php echo (get_sid('profile.php?mode=regsubmit&id='.$_GET['id'])); ?>" method="post">
	I agree: <input type="checkbox" name="agreed" value="1">
	<br /><br />
	<table width="100%" border="1" cellspacing="4" cellpadding="4">
	    <tr>
	        <td width="40%">Username:</td>
	        <td width="60%"><input type="text" name="username" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">Password:</td>
	        <td width="60%"><input type="password" name="password" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">Password Confirm:</td>
	        <td width="60%"><input type="password" name="passconfirm" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">E-mail:</td>
	        <td width="60%"><input type="text" name="email" value=""></td>
	    </tr>
	<input type="hidden" value="<?php echo($site_data['defalt_style']); ?>" name="style">
	    <tr>
	        <td colspan="2"><center><input type="submit" value="Register"></center></td>
	    </tr>
	</table>

	</form>

	<?php
	}
	else if(($page_mode == 'regsubmit') && !loggedin())
	{
	    //lets put their info into the database
	    //but first check things

	    if(empty($_POST['agreed']))
	    {
	        message("You must agree to the terms", 'message');
	    }

	    if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email']) || empty($_POST['style']))
	    {
	        message("Please go back and fill in all the feilds", 'message');
	        $keep_going_empty = 0;
	    }
	    else
	    {
	        $keep_going_empty = 1;
	    }

	    $query1 = "SELECT * FROM " . $table['users'];
	    $result1 = mysql_query($query1);
	    if (!$result1)
	    {
	        message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	    }

	    while($row1 = mysql_fetch_assoc($result1))
	    {
	        if($row1['username'] != $_POST['username'])
	        {
	            $keep_going_user = 1;
	        }
	        else
	        {
	            $keep_going_user = 0;
	            $error_message .= "Username already taken<br />";
	        }

	        if($row1['email'] != $_POST['email'])
	        {
	            $keep_going_email = 1;
	        }
	        else
	        {
	            $keep_going_email = 0;
	            $error_message .= "Email already taken<br />";
	        }
	    }

	    unset($query1);
	    unset($result1);

	    if($_POST['password'] == $_POST['passconfirm'])
	    {
	        $keep_going_confirm_pass = 1;
	    }
	    else
	    {
	        $keep_going_confirm_pass = 0;
	        $error_message .= "Passwords did not match.<br />";
	    }

	    if($keep_going_confirm_pass && $keep_going_email && $keep_going_user && $keep_going_empty)
	    {
	        //well they seem fine... lets get them into the database

	        //get post info
	        $username = htmlspecialchars(addslashes($_POST['username']));
	        $password = htmlspecialchars(addslashes(md5($_POST['password'])));
	        $email = htmlspecialchars(addslashes($_POST['email']));
	        $style = htmlspecialchars(addslashes($_POST['style']));


	        $query2 = "INSERT INTO " . $table['users'] . " VALUES ('', '$username', '$password', '$email', '', '', '', '', '', '$style', '0', '1')";
	        $result2 = mysql_query($query2);
	        if(!$result2)
	        {
	            message("Could not successfully run query ($query2) from DB: " . mysql_error(), 'die');
	        }
	        else
	        {
	            message("Thank you for registering... You may now login", 'message');
	        }
	        unset($query2);
	        unset($result2);

	        unset($username);
	        unset($password);
	        unset($email);
	        unset($style);
	    }
	    else
	    {
	        //woops
	        echo("Please go back and fix the following things:<br />");
	        message($error_message, 'comment');
	    }
	}
	else if(loggedin && $page_mode == '')
	{
	    //let them edit their profile
	?>


	<form action="<?php echo (get_sid('profile.php?mode=editsubmit')); ?>" method="post">
	<table width="100%" border="1" cellspacing="4" cellpadding="4">
	    <tr>
	        <td width="40%">*Username:<br /><font size="-1">If you wish to change your username you must enter your current password below.</font></td>
	        <td width="60%"><input type="text" name="username" value="<?php echo(get_userinfo('username')); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Current Password:<br /><font size="-1">If you wish to change your username or password you must fill this in. If not leave it blank.</font></td>
	        <td width="60%"><input type="password" name="curpassword" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">New Password:<br /><font size="-1">If you wish to change your password you must enter your current password above.</font></td>
	        <td width="60%"><input type="password" name="password" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">New Password Confirm:</td>
	        <td width="60%"><input type="password" name="passconfirm" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">*E-mail:</td>
	        <td width="60%"><input type="text" name="email" value="<?php echo(get_userinfo('email')); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Web site:</td>
	        <td width="60%"><input type="text" name="website" value="<?php echo(get_userinfo('website')); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Occupation:</td>
	        <td width="60%"><input type="text" name="occupation" value="<?php echo(get_userinfo('occupation')); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Interests:</td>
	        <td width="60%"><input type="text" name="interests" value="<?php echo(get_userinfo('interests')); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Style:</td>
	        <td width="60%"><?php styles_menu(get_userinfo('style')); ?></td>
	    </tr>
	    <tr>
	        <td width="40%">Signature:<br /><font size="-1">A signature is a small amount of text attached to all of your posts</font></td>
	        <td width="60%"><textarea rows=5 cols=20 wrap="off" name="signature"><?php echo(get_userinfo('signature')); ?></textarea></td>
	    </tr>
	<?php

	$avatar = explode(',', $site_data['avatar_info']);
	if($avatar['0'] && ($avatar['1'] || $avatar['2']))
	{
	?>
	    <tr>
	        <td width="40%">Avatar:<br /><font size="-1">An avatar is a small image displayed under your name on all of your posts.</font></td>
	        <td width="60%">
	        <table width="100%">
	            <tr>
	                <td width="90%">
	<?php
	if($avatar['2'])
	{
	?>
	                Link: <input type="text" name="avatar_link">
	                <br>
	<?php
	}
	if($avatar['1'])
	{
	?>
	                Upload: <input name="avatar_upload" type="file"></td>
	<?php
	}
	?>
	                </td>
	                <td>
	                <div align="right"><?php echo(get_avatar()); ?></div>
	                </td>
	            </tr>
	        </table>
	        </td>
	    </tr>
	<?php
	}
	?>
	    <tr>
	        <td colspan="2"><center><input type="submit" value="Update"></center></td>
	    </tr>
	</table>
	*required field
	</form>

	<?php
	}
	else if($page_mode == 'editsubmit' && loggedin())
	{
	    if(empty($_POST['username']) || empty($_POST['email']) || empty($_POST['style']))
	    {
	        message("Please go back and fill in all the required feilds (passwords aren't needed)", 'message');
	        $keep_going_empty = 0;
	    }
	    else
	    {
	        $keep_going_empty = 1;
	    }

	        $username = htmlspecialchars(addslashes($_POST['username']));
	        $password = htmlspecialchars(addslashes(md5($_POST['password'])));

	    if($keep_going_empty)
	    {
	        if($_POST['username'] != get_userinfo('username'))
	        {
	            if(!empty($_POST['curpassword']) && md5($_POST['curpassword']) == get_userinfo('password'))
	            {
	                $query1 = "UPDATE " . $table['users'] . " SET username='".$username."' WHERE id='" . get_userinfo('id') . "'";
	                $result1 = mysql_query($query1);
	                if (!$result1)
	                {
	                    message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	                }

	                unset($query1);
	                unset($result1);
	            }
	            else
	            {
	                $message .= "You did not set the curent password or you got it wrong. We didn't update your username. Everything else should be ok though<br />";
	            }
	        }

	        if(!empty($_POST['password']))
	        {
	            if(!empty($_POST['curpassword']) && md5($_POST['curpassword']) == get_userinfo('password'))
	            {
	                if($_POST['password'] == $_POST['passconfirm'])
	                {
	                    $query1 = "UPDATE " . $table['users'] . " SET password='".$password."' WHERE id='" . get_userinfo('id') . "'";
	                    $result1 = mysql_query($query1);
	                    if (!$result1)
	                    {
	                        message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	                    }
	                    unset($query1);
	                    unset($result1);
	                }
	            }
	            else
	            {
	                $message .= "You did not set the curent password or you got it wrong. We didn't update your password. Everything else should be ok though<br />";
	            }
	        }

	        //update the rest of the stuff

	        $email = htmlspecialchars(addslashes($_POST['email']));
	        $website = htmlspecialchars(addslashes($_POST['website']));
	        $occupation = htmlspecialchars(addslashes($_POST['occupation']));
	        $interests = htmlspecialchars(addslashes($_POST['interests']));
	        $style = htmlspecialchars(addslashes($_POST['style']));
	        $signature = htmlspecialchars(addslashes($_POST['signature']));

	        $avatar_upload = $_POST['avatar_upload'];
	        $avatar_link = $_POST['avatar_link'];

	        if(empty($avatar_upload) && empty($avatar_link))
	        {
	            $avatar = '0,';
	        }
	        else if(!empty($avatar_upload))
	        {
	            $avatar_info = explode(',', $site_data['avatar_info']);

	            $dir = @opendir($avatar_info['3']);
	            while( $file = @readdir($dir) )
	            {
	                if($file == $_FILES['avatar_upload']['name'])
	                {
	                    $error = 1;
	                }
	            }
	            @closedir($dir);


	            $avatar_dimentions = GetImageSize($_FILES['avatar_upload']['tmp_name']);

	            if (($avatar_dimentions[0] > $avatar_dimentions['4']) || ($avatar_dimentions[1] > $avatar_info['4'])){
	                $error_to_large ="Your avatar is to big... please downsize it below 90x90";
	            }

	            if(($_FILES['avatar_upload']['type'] == 'image/gif' || $_FILES['avatar_upload']['type'] == 'image/pjpeg') && $_FILES['avatar_upload']['size'] < $avatar_info['6'] && !$error && !isset($error_to_large))
	            {
	                if(move_uploaded_file($_FILES['avatar_upload']['tmp_name'], $root.$avatar_info['3'] . "/" . $_FILES['avatar_upload']['name']))
	                {
	                    $avatar = '1,' . $_FILES['avatar_upload']['name'];
	                }
	                else
	                {
	                    print "hmm... Check your avatar dir is chmod(777)  Here's some debugging info:\n";
	                    print_r($_FILES);
	                }
	            }
	            else if($_FILES['avatar_upload']['size'] > $avatar_info['6'])
	            {
	                $message .= "Avatar size is to large<br />";
	            }
	            else if($error)
	            {
	                $message .= "Your avatar file name already exists. Please rename it and upload it again. (everything else has been updated)<br />";
	            }
	            else if(isset($error_to_large))
	            {
	                $message .= $error_to_large;
	            }
	            else
	            {
	                $message .= "Your avatar must be a .gif or .jpg (jpeg)<br />";
	            }
	        }
	        else if(!empty($avatar_link))
	        {
	            $avatar = "2," . $avatar_link;
	        }
	        if(!empty($avatar_upload) && !empty($avatar_link))
	        {
	            $message .= "You used both Link avatar and Upload avatar... The upload one was used<br />";
	        }

	        $query1 = "UPDATE " . $table['users'] . " SET email='".$email."', website='" . $website . "', occupation='".$occupation."', interests='".$interests."', signature='".$signature."', avatar='".$avatar."', style='".$style."' WHERE id='" . get_userinfo('id') . "'";
	        $result1 = mysql_query($query1);
	        if (!$result1)
	        {
	            message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	        }
	        else
	        {
	            $message .= "Update succesful";
	        }

	        unset($query1);
	        unset($result1);
	    }

	    echo($message);
	}
	else
	{
	    //woops
	    message("An error has occured.", 'message');
	}
}
else
{
	message("You are not authorised to view this page, or an error has occured. It could be that ?id is not set in the URL", 'message');
}

page_footer('normal');

//
//End the page
//

dbend(); //end the database

?>
Return current item: Nitrotech