Location: PHPKode > projects > PHPEcho CMS > modules/cpanel/index.php
<?php
/*  +--------------------------------------------
*   |
*   |     Product:       PHPEchoCMS
*   |     Author:        Tigran Abrahamyan
*   |     License:       GPL
*   |     Last updated:  06.03.07
*   |     For version:   2.0  
*   |     Desc:          User Control Panel module
*   |        
*   +--------------------------------------------
*/

if( !@$BASE_LOAD )
{
    die('Application error.');
}

$mlang = $core->getlang ("cpanel");
$content = "";

if ( session_is_registered('login') )
{
    $profile = query ("SELECT * FROM ".PREFIX."users WHERE id = '".addslashes($_SESSION['uid'])."'", 4);
  if (@$_GET['act']=='chpass' && $_GET['id'])
  {
	$min_pass = query("select `min_pass` from `".PREFIX."settings`", 2);
	if (@$_POST['old'] && $_POST['new'] && $_POST['confirm'] && strlen($_POST['new'])>=$min_pass)
	{
		$user_ch = query ("select * from `".PREFIX."users` where id=".addslashes($_SESSION['uid']), 4);
		if ( md5(addslashes($_POST['old']))==$user_ch['password'] && $_POST['new']==$_POST['confirm'])
		{
			$_SESSION['password'] = md5(addslashes($_POST['new']));
			query ("update `".PREFIX."users` set `password`='".md5(addslashes($_POST['new']))."' where id=".addslashes($_SESSION['uid']), 1);	
 			$content .= "<font color='green'>".$mlang['014']."</font>";
		}
		else
			$content .= "<font color='red'>".$mlang['015']."</font>";
	}
	elseif (@$_POST['old'] && $_POST['new'] && $_POST['confirm'])
	{
		$content .= "<font color='red'>".$mlang['016']."</font>";
	}
	else
	{	
		$content = "<form action='index.php?module=cpanel&act=chpass&id=".$_SESSION['uid']."' method='post'>";
		$content .= "<table><tr><td width='30%'>".$mlang['011']."</td><td><input type=password name='old' size=30></td></tr>";
		$content .= "<tr><td width='30%'>".$mlang['012']."</td><td><input type=password name='new' size=30></td></tr>";
		$content .= "<tr><td width='30%'>".$mlang['013']."</td><td><input type=password name='confirm' size=30></td></tr></table>";
		$content .= "<input type='submit' value='".$mlang['007']."'></form>";
	}
  }
  else
  {
    if ( @$_POST['submit'] )
    {
        if ($_POST['username'] != $_SESSION['username'])
        {
            $check_user_name = query ("SELECT id, username FROM `".PREFIX."users` WHERE username = '".$_POST['username']."' and password = '".$_SESSION['password']."'", 4);
        }
        
        if ( !$check_user_name ['username'] )
        {
            query ("UPDATE ".PREFIX."users SET email = '".htmlentities( addslashes($_POST['email']) )."', language = '".addslashes($_POST['sel_dlang'])."', theme = '".addslashes($_POST['sel_dtheme'])."' WHERE id = '".addslashes($profile['id'])."'", 1);
            $_SESSION['username'] = addslashes($_POST['username']);
            $profile = query ("SELECT * FROM ".PREFIX."users WHERE id = '".$_SESSION['uid']."'", 4);
            $content = "<font color='green'>".$mlang['001']."</font>";
        }
        else
        {
            $content = "<font color='red'>".$mlang['008']."</font>";
        }
    }

	$dtheme = "<select name=sel_dtheme>";
	$themes = query ("select `tdir`,`tname` from `".PREFIX."themes`", 1);
	while ($th = mysql_fetch_array($themes))
	{
		if (strtolower($profile['theme']) == $th['tdir'])
			$dtheme .= "<option value='".$th['tdir']."' selected='selected'>".$th['tname']."</option>";
		else
			$dtheme .= "<option value='".$th['tdir']."'>".$th['tname']."</option>";
	}
	$dtheme .= "</select>";

	$dlang = "<select name=sel_dlang>";
	$langs = query ("select `lang_dir`,`lang_name` from `".PREFIX."languages`", 1);
	while ($l = mysql_fetch_array($langs))
	{
		if (strtolower($profile['language']) == $l['lang_dir'])
			$dlang .= "<option value='".$l['lang_dir']."' selected='selected'>".$l['lang_name']."</option>";
		else
			$dlang .= "<option value='".$l['lang_dir']."'>".$l['lang_name']."</option>";
	}
	$dlang .= "</select>";

    $smarty->assign ( "username" , $profile['username']);
    $smarty->assign ( "password" , "<a href='index.php?module=cpanel&act=chpass&id=".$_SESSION['uid']."'><u>".$mlang['010']."</u></a>");
    $smarty->assign ( "email", $profile['email']);
    $smarty->assign ( "theme", $dtheme);
    $smarty->assign ( "slang", $dlang);
    $smarty->assign ( "mlang", $mlang);
    $content .= $smarty->fetch ( "modules/cpanel.tpl" );
  }
}
else
{
    $content = "<font color='red'>".$mlang['009']."</font>";
}
echo $content;
?>
Return current item: PHPEcho CMS