<?php
/**
* PHP versions 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package QuickTicket
* @author Philippe Vandenberghe <hide@address.com>
* @copyright 2008-2012 The PHP Group
* @version 2.5 build:20101222
*/
session_start();
require_once('bin/qti_init.php');
if ( !$oVIP->CanView('U') ) die($L['E_member']);
// INITIALISE
include('bin/qt_lib_smtp.php');
include(Translate('qti_reg.php'));
$id = -1;
if ( isset($_GET['id']) ) $id = intval(strip_tags($_GET['id']));
if ( isset($_POST['id']) ) $id = intval(strip_tags($_POST['id']));
if ( $id<=0 ) die('Missing parameter');
$oVIP->selfurl = 'qti_user_question.php';
$oVIP->selfname = $L['Secret_question'];
$oVIP->exiturl = 'qti_user.php?id='.$id;
$oVIP->exitname = '« '.$L['Profile'];
// QUERY
$oDB->Query('SELECT name,mail,children,parentmail,photo,secret_q,secret_a FROM '.TABUSER.' WHERE id='.$id);
$row = $oDB->Getrow();
// --------
// SUBMITTED
// --------
if ( isset($_POST['ok']) )
{
// CHECK VALUE and protection against injection
$strQ = trim($_POST['secret_q']); if ( get_magic_quotes_gpc() ) $strQ = stripslashes($strQ);
$strA = trim($_POST['secret_a']); if ( get_magic_quotes_gpc() ) $strA = stripslashes($strA);
if ( empty($error) )
{
// save new password
$oDB->Query('UPDATE '.TABUSER.' SET secret_q="'.QTconv($strQ,'3').'",secret_a="'.QTconv(strtolower($strA),'3').'" WHERE id='.$id);
// exit
$oVIP->exitname = $L['Profile'];
$oVIP->EndMessage(NULL,$L['S_update'],$_SESSION[QT]['skin_dir'],2);
}
}
// --------
// HTML START
// --------
include('qti_p_header.php');
echo '
<table class="hidden" cellspacing="0" summary="change password">
<tr class="hidden">
<td class="hidden" style="width:175px"><br />',AsImgBox(AsImg(AsAvatarScr($row['photo']),'',$row['name']),'picbox','',$row['name']),'</td>
<td class="hidden">
';
$oHtml->Msgbox($oVIP->selfname,array(),array('id'=>'login_header'),array('id'=>'login'));
echo '<form method="post" action="',Href(),'" onsubmit="return ValidateForm(this);">
<select id="secret_q" name="secret_q">',QTasTag($L['Secret_q'],$row['secret_q']),'</select>
<br />
<br />
<input type="text" id="secret_a" name="secret_a" size="32" maxlength="255" value="',$row['secret_a'],'" /></p>
<p style="text-align:right">';
if ( !empty($error) ) echo '<span class="error">',$error,' </span>';
echo '<input type="submit" id="ok" name="ok" value="',$L['Save'],'" /></p>
<input type="hidden" name="id" value="',$id,'" />
<input type="hidden" name="name" value="',$row['name'],'" />
<input type="hidden" name="mail" value="',$row['mail'],'" />
<input type="hidden" name="child" value="',$row['children'],'" />
<input type="hidden" name="parentmail" value="',$row['parentmail'],'" />
<br /><p>',$L['H_Secret_question'],'</p>
</form>
';
$oHtml->Msgbox();
echo '
</td>
</tr>
</table>
<p><a href="',Href($oVIP->exiturl),'">',$oVIP->exitname,'</a></p>
';
// HTML END
$strFooterAddScript = '
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
if (theForm.secret_a.value.length==0) { alert(qtHtmldecode("'.$L['Missing'].': '.$L['Secret_question'].'")); return false; }
return null;
}
-->
</script>
';
include('qti_p_footer.php');
?>