<?php
/* +--------------------------------------------
* |
* | Product: PHPEchoCMS
* | Author: Tigran Abrahamyan
* | License: GPL
* | Last updated: 06.03.07
* | For version: 2.0
* | Desc: User Control Panel module
* |
* +--------------------------------------------
*/
if( !@$BASE_LOAD )
{
die('Application error.');
}
$mlang = $core->getlang ("cpanel");
$content = "";
if ( session_is_registered('login') )
{
$profile = query ("SELECT * FROM ".PREFIX."users WHERE id = '".addslashes($_SESSION['uid'])."'", 4);
if (@$_GET['act']=='chpass' && $_GET['id'])
{
$min_pass = query("select `min_pass` from `".PREFIX."settings`", 2);
if (@$_POST['old'] && $_POST['new'] && $_POST['confirm'] && strlen($_POST['new'])>=$min_pass)
{
$user_ch = query ("select * from `".PREFIX."users` where id=".addslashes($_SESSION['uid']), 4);
if ( md5(addslashes($_POST['old']))==$user_ch['password'] && $_POST['new']==$_POST['confirm'])
{
$_SESSION['password'] = md5(addslashes($_POST['new']));
query ("update `".PREFIX."users` set `password`='".md5(addslashes($_POST['new']))."' where id=".addslashes($_SESSION['uid']), 1);
$content .= "<font color='green'>".$mlang['014']."</font>";
}
else
$content .= "<font color='red'>".$mlang['015']."</font>";
}
elseif (@$_POST['old'] && $_POST['new'] && $_POST['confirm'])
{
$content .= "<font color='red'>".$mlang['016']."</font>";
}
else
{
$content = "<form action='index.php?module=cpanel&act=chpass&id=".$_SESSION['uid']."' method='post'>";
$content .= "<table><tr><td width='30%'>".$mlang['011']."</td><td><input type=password name='old' size=30></td></tr>";
$content .= "<tr><td width='30%'>".$mlang['012']."</td><td><input type=password name='new' size=30></td></tr>";
$content .= "<tr><td width='30%'>".$mlang['013']."</td><td><input type=password name='confirm' size=30></td></tr></table>";
$content .= "<input type='submit' value='".$mlang['007']."'></form>";
}
}
else
{
if ( @$_POST['submit'] )
{
if ($_POST['username'] != $_SESSION['username'])
{
$check_user_name = query ("SELECT id, username FROM `".PREFIX."users` WHERE username = '".$_POST['username']."' and password = '".$_SESSION['password']."'", 4);
}
if ( !$check_user_name ['username'] )
{
query ("UPDATE ".PREFIX."users SET email = '".htmlentities( addslashes($_POST['email']) )."', language = '".addslashes($_POST['sel_dlang'])."', theme = '".addslashes($_POST['sel_dtheme'])."' WHERE id = '".addslashes($profile['id'])."'", 1);
$_SESSION['username'] = addslashes($_POST['username']);
$profile = query ("SELECT * FROM ".PREFIX."users WHERE id = '".$_SESSION['uid']."'", 4);
$content = "<font color='green'>".$mlang['001']."</font>";
}
else
{
$content = "<font color='red'>".$mlang['008']."</font>";
}
}
$dtheme = "<select name=sel_dtheme>";
$themes = query ("select `tdir`,`tname` from `".PREFIX."themes`", 1);
while ($th = mysql_fetch_array($themes))
{
if (strtolower($profile['theme']) == $th['tdir'])
$dtheme .= "<option value='".$th['tdir']."' selected='selected'>".$th['tname']."</option>";
else
$dtheme .= "<option value='".$th['tdir']."'>".$th['tname']."</option>";
}
$dtheme .= "</select>";
$dlang = "<select name=sel_dlang>";
$langs = query ("select `lang_dir`,`lang_name` from `".PREFIX."languages`", 1);
while ($l = mysql_fetch_array($langs))
{
if (strtolower($profile['language']) == $l['lang_dir'])
$dlang .= "<option value='".$l['lang_dir']."' selected='selected'>".$l['lang_name']."</option>";
else
$dlang .= "<option value='".$l['lang_dir']."'>".$l['lang_name']."</option>";
}
$dlang .= "</select>";
$smarty->assign ( "username" , $profile['username']);
$smarty->assign ( "password" , "<a href='index.php?module=cpanel&act=chpass&id=".$_SESSION['uid']."'><u>".$mlang['010']."</u></a>");
$smarty->assign ( "email", $profile['email']);
$smarty->assign ( "theme", $dtheme);
$smarty->assign ( "slang", $dlang);
$smarty->assign ( "mlang", $mlang);
$content .= $smarty->fetch ( "modules/cpanel.tpl" );
}
}
else
{
$content = "<font color='red'>".$mlang['009']."</font>";
}
echo $content;
?>