Location: PHPKode > projects > php Blogger > userpanel.php
<?php session_start();
/* * ********************************************************************
*  Copyright notice PHP Blogger 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
*  All rights reserved
*
*  This script is part of the PHP Blogger project. 
*  The PHP Blogger project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
##############################
# userpanel.php  version 1.1.#
##############################
include ('settings.php');
require_once ('languages/lang_english.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'ESALT_';
$ss->regenerate_id = true;
if(!$ss->Check() || !isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
	include ('form.php');
	die();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="themes/classic/styles/style.css" />
<title><?php echo $lang['USERPANEL'] ?></title>
</head>
<body>
<div id="wrapper">
<div class="headers">
<div class="headerin">
<div id="menu">
<li><a href="<?php echo $sitepath; ?>"><img id="logo" src="<?php echo $sitepath; ?>/themes/<?php echo $themes; ?>/styles/images/logo.png" width="197px" height="35px" border="0" title="<?php echo $sitetitle; ?>" alt="<?php echo $sitetitle; ?>" /></a></li>
</div>
<div class="headerinfo">
<li class="float">
</li>
<li style="float:right">
</li>
</div>
</div>
<div id="announc">
&nbsp;&nbsp;<a href="signout.php"><?php echo $lang['LINKOUT'] ?></a>
</div>
</div>
<div id="main">
<?php
$shouter = @$_SESSION['INC_USER_ID'];
$arecordSet = &$conn->Execute("SELECT * FROM users WHERE usid='".
	mysql_real_escape_string($shouter)."' ");
if(!$arecordSet)
	print $conn->ErrorMsg();
else
	while(!$arecordSet->EOF) {
		$kori = $arecordSet->fields['usid'];
		$usercc = $arecordSet->fields['username'];
		$thumbs = $arecordSet->fields['thumbs'];
		$eeuser = $arecordSet->fields['email'];
		$cpriv = $arecordSet->fields['privilege'];
		$cdate = $arecordSet->fields['date'];
		$lastime = $arecordSet->fields['lastime'];
		$cfullname = $arecordSet->fields['fullname'];
		$chomep = $arecordSet->fields['homep'];
		$cbiosi = $arecordSet->fields['biosi'];
		$cthumbs = $arecordSet->fields['thumbs'];
		$arecordSet->MoveNext();
	}
if(isset($_POST['query'])) {
	if(get_magic_quotes_gpc()) {
		$fullname = stripslashes($_POST['fullname']);
		$homep = stripslashes($_POST['homep']);
		$biosi = stripslashes($_POST['biosi']);
	} else {
		$fullname = $_POST['fullname'];
		$homep = $_POST['homep'];
		$biosi = $_POST['biosi'];
	}
	if($option == 1) {
		$file = $thumbs;
		$file1 = $thumbs;
		$file2 = $thumbs;
		$file = "uploads/".$file;
		$file1 = "maxthumb/".$file1;
		$file2 = "minthumb/".$file2;
		@unlink($file);
		@unlink($file1);
		@unlink($file2);
	}
	@$option = $_POST['option'];
	$name = array($fullname,$homep,$biosi);
	foreach($name as $name) {
		if(preg_match("/%/",$name)) {
			echo "$lang[NOTVALID] '%'</div>";
			include ('static.php');
			die();
		}
		if(preg_match("/;/",$name)) {
			echo "$lang[NOTVALID] ';'</div>";
			include ('static.php');
			die();
		}
		if(preg_match("/</",$name)) {
			echo "$lang[NOTVALID] '<'</div>";
			include ('static.php');
			die();
		}
		if(preg_match("/\\[/",$name)) {
			echo "$lang[NOTVALID] '['</div>";
			include ('static.php');
			die();
		}
	}
	if(strlen($homep) > 120) {
		echo "$lang[MAXCHAR] ($lang[LINKHOME]): 120 
<a href='javascript:history.go(-1)'>$lang[GOBACK]</a></div>";
		include ('static.php');
                die();
	}
	if(strlen($biosi) > 800) {
		echo "$lang[MAXCHAR] ($lang[LINKABOUT]): 800 <a href='javascript:history.go(-1)'>$lang[GOBACK]</a></div>";
		include ('static.php');
		die();
	}
	if(strlen($fullname) > 100) {
		echo "$lang[MAXCHAR] ($lang[LINKFULL]): 100 <a href='javascript:history.go(-1)'>$lang[GOBACK]</a></div>";
		include ('static.php');
	}
	$fullname = mysql_real_escape_string($fullname);
	$homep = mysql_real_escape_string($homep);
	$biosi = mysql_real_escape_string($biosi);
	if($_FILES['image']['name'] == "") {
		$new_image = "noavatar.png";
	} else {
		$current_image = $_FILES['image']['name'];
		$extension = substr(strrchr($current_image,'.'),1);
		if(($extension !== "jpg" && $extension !== "jpeg")) {
			die('Please Upload Valid .jpg or .jpeg File');
		}
		$time = date("fYhis");
		$new_image = $time.".".$extension;
		$destination = "uploads/".$new_image;
		$action = copy($_FILES['image']['tmp_name'],$destination);
		/**
		 * ccthumb()
		 * 
		 * @param mixed $imgSrc
		 * @param mixed $filename
		 * @param mixed $thumbnail_width
		 * @param mixed $thumbnail_height
		 * @return
		 */
		function ccthumb($imgSrc,$filename,$thumbnail_width,$thumbnail_height) {
			list($width_orig,$height_orig) = getimagesize($imgSrc);
			if($width_orig > 980 || $height_orig > 980) {
				echo "<br />Maximum width and height exceeded. Please upload images below  980 x 980 px size</div>";
				exit();
			}
			$tag = explode('.',$imgSrc);
			if(preg_match('/jpg|jpeg/',$tag[1])) {
				if(@$cimage = imagecreatefromjpeg($imgSrc) == true) {
					$cimage = imagecreatefromjpeg($imgSrc);
				} else {
					die("wrong file");
				}
			}
			$ratio_orig = $width_orig / $height_orig;
			if($thumbnail_width / $thumbnail_height > $ratio_orig) {
				$new_height = $thumbnail_width / $ratio_orig;
				$new_width = $thumbnail_width;
			} else {
				$new_width = $thumbnail_height * $ratio_orig;
				$new_height = $thumbnail_height;
			}
			$x_mid = $new_width / 2; //horizontal middle
			$y_mid = $new_height / 2; //vertical middle
			$process = imagecreatetruecolor(round($new_width),round($new_height));
			imagecopyresampled($process,$cimage,0,0,0,0,$new_width,$new_height,$width_orig,
				$height_orig);
			$thumb = imagecreatetruecolor($thumbnail_width,$thumbnail_height);
			imagecopyresampled($thumb,$process,0,0,($x_mid - ($thumbnail_width / 2)),($y_mid -
				($thumbnail_height / 2)),$thumbnail_width,$thumbnail_height,$thumbnail_width,$thumbnail_height);
			imagejpeg($thumb,$filename,100);
			return $thumb;
		}
		ccthumb($destination,'maxthumb/'.$new_image,222,222);
		ccthumb($destination,'minthumb/'.$new_image,50,50);
	}
	if($option == 1) {
		$brecordSet = &$conn->Execute("UPDATE users SET fullname = '".
			mysql_real_escape_string($fullname)."', homep = '".mysql_real_escape_string($homep).
			"', biosi = '".mysql_real_escape_string($biosi)."', thumbs = '".
			mysql_real_escape_string($new_image)."' WHERE `usid` = '".
			mysql_real_escape_string($shouter)."'");
	} else {
		$brecordSet = &$conn->Execute("UPDATE users SET fullname = '".
			mysql_real_escape_string($fullname)."', homep = '".mysql_real_escape_string($homep).
			"', biosi = '".mysql_real_escape_string($biosi)."' WHERE `usid` = '".
			mysql_real_escape_string($shouter)."'");
	}
	echo "<br />$lang[EDITSUCC] <a href=\"javascript:history.go(-1)\"> $lang[GOBACK]</a>";
	$recordSet->Close();
	$arecordSet->Close();
	$brecordSet->Close();
	$conn->Close();
} else {
    ?>
<form method="post" action="userpanel.php" id="panelform"  name="form"  enctype="multipart/form-data">
<h2><?php echo $usercc ?> <?php echo $cfullname ?></h2><br />
<div id="firstform">
<?php echo $lang['LINKFULL']; ?><br />
<input type="text" name="fullname" class="incc" value="<?php echo $cfullname ?>" />
</div>
<div id="firstform">
&nbsp;<?php echo $lang['LINKHOME']; ?><br />
<input type="text" name="homep" class="incc" value="<?php echo $chomep ?>" />
</div>
<div id="firstform">
<?php echo $lang['LINKABOUT']; ?></span><br />
<input type="text" name="biosi" class="incc" value="<?php echo $cbiosi ?>" />
</div>
<?php 	if($cthumbs == true) { ?>
<div id="incfirst">
<br />
<img style="padding:2px;border:1px solid #ccc;" src="<?php echo $sitepath.
'/maxthumb/'.$cthumbs; ?>" width="50px" height="50px" border="0" />
<br />
<?php } ?>
<br />Upload New Image
<input style="float:left;width:28px;" type="checkbox" name="option" value="1" />
<br /><br />
New Image:(only .jpg .jpeg formats);
<br /><br />
<input type="file" name="image" />
</div>
<div id="incfirst">
<input type="submit" value="<?php echo $lang['LINKSUB']; ?>" name="query" class="cbuton" />
</form>
</div>
<?php
    $recordSet->Close();
	$arecordSet->Close();
	$conn->Close();
}
?>
</div>
<?php include ('static.php'); ?>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: php Blogger