Location: PHPKode > projects > Trunk.net > takeprofedit.php
<?

require_once("include/functions.php");

hit_start();

function bark($msg) {
	genbark($msg, "Update failed!");
}

dbconn();

hit_count();

loggedinorreturn();

if (!mkglobal("email:chpassword:passagain"))
	bark("missing form data");

// $set = array();

$updateset = array();
$changedemail = 0;

if ($chpassword != "") {
	if (strlen($chpassword) > 40)
		bark("Sorry, password is too long (max is 40 chars)");
	if ($chpassword != $passagain)
		bark("The passwords didn't match. Try again.");

	$sec = mksecret();

  $passhash = md5($sec . $chpassword . $sec);

	$updateset[] = "secret = " . sqlesc($sec);
	$updateset[] = "passhash = " . sqlesc($passhash);
	logincookie($CURUSER["id"], $passhash);
}

if ($email != $CURUSER["email"]) {
	if (!validemail($email))
		bark("That doesn't look like a valid email address.");
  $r = mysql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
	if (mysql_num_rows($r) > 0)
		bark("The e-mail address $email is already in use.");
	$changedemail = 1;
}
$language = $_POST["language"];
$parked = $_POST["parked"];
$acceptpms = $_POST["acceptpms"];
$gender = $_POST["gender"];
$deletepms = ($_POST["deletepms"] != "" ? "yes" : "no");
$savepms = ($_POST["savepms"] != "" ? "yes" : "no");
$pmnotif = $_POST["pmnotif"];
$emailnotif = $_POST["emailnotif"];
$notifs = ($pmnotif == 'yes' ? "[pm]" : "");
$notifs .= ($emailnotif == 'yes' ? "[email]" : "");
$r = mysql_query("SELECT id,parked FROM categories") or sqlerr();
$rows = mysql_num_rows($r);
for ($i = 0; $i < $rows; ++$i)
{
	$a = mysql_fetch_assoc($r);
	if ($HTTP_POST_VARS["cat$a[id]"] == 'yes')
	  $notifs .= "[cat$a[id]]";
}
$avatar = $_POST["avatar"];
$avatars = ($_POST["avatars"] != "" ? "yes" : "no");
// $ircnick = $_POST["ircnick"];
// $ircpass = $_POST["ircpass"];
$info = $_POST["info"];
$stylesheet = $_POST["stylesheet"];
$commentpm = $_POST["commentpm"];
$country = $_POST["country"];
if (is_valid_id($language))
 $updateset[] = "language = $language";
 $groups = $_POST["groups"];
//$timezone = 0 + $_POST["timezone"];
//$dst = ($_POST["dst"] != "" ? "yes" : "no");

/*
if ($privacy != "normal" && $privacy != "low" && $privacy != "strong")
	bark("whoops");

$updateset[] = "privacy = '$privacy'";
*/

$updateset[] = "torrentsperpage = " . min(100, 0 + $_POST["torrentsperpage"]);
$updateset[] = "topicsperpage = " . min(100, 0 + $_POST["topicsperpage"]);
$updateset[] = "postsperpage = " . min(100, 0 + $_POST["postsperpage"]);
if ($parked != $curparked)
{
if ($parked == 'yes')
{

    $days = 30;
    $park_action = (get_date_time(time() + ($days * 86400)));
    $added = sqlesc(get_date_time(time()));
    //$modcomment = (gmdate("Y-m-d")) . " (\"$days\" day timer started at \"$park_action\- Parked  by " . $CURUSER['username'] . " in Profile).\n" . $modcomment;
    $msg = sqlesc("Your account has been parked On \"$park_action\  by " . $CURUSER['username'] . ". You have \"$days\" days to remove this in your profile.or pm a staff to help you ,[color=orange]parked from profile[/color]");
    $msg1 = sqlesc("$arr[username] parked there account on $added");
    mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $arr[id], $msg, $added)") or sqlerr(__FILE__, __LINE__);
    //mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, 1, $msg1, $added)") or sqlerr(__FILE__, __LINE__);
     }
    else
     {
    $days = 30;
    $park_action = (get_date_time(time() + ($days * 86400)));
    $added = sqlesc(get_date_time(time()));
    //$modcomment = (gmdate("Y-m-d")) . " (\"$days\" day timer stoped at \"$park_action\"- Parking removed by " . $CURUSER['username'] . " in profile).\n" . $modcomment;
    $msg = sqlesc("Your parked status has been removed ON \"$park_action\ by " . $CURUSER['username'] . ". propably because you requested it .[color=orange]parked from profile[/color]");
    $msg1 = sqlesc("The user $arr[username] parked there account on $added");
    mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $arr[id], $msg, $added)") or sqlerr(__FILE__, __LINE__);
    //mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, 1, $msg1, $added)") or sqlerr(__FILE__, __LINE__);
}
}
//// end park ////////
if (is_valid_id($stylesheet))
  $updateset[] = "stylesheet = '$stylesheet'";
  
if (is_valid_id($country))
  $updateset[] = "country = $country";
  if (is_valid_id($groups))
  $updateset[] = "groups = $groups";  

//$updateset[] = "timezone = $timezone";
//$updateset[] = "dst = '$dst'";
$updateset[] = "info = " . sqlesc($info);

$updateset[] = "parked = " . sqlesc($parked);
$updateset[] = "commentpm = " . sqlesc($commentpm);
$updateset[] = "park_action = " . sqlesc($park_action);
$updateset[] = "acceptpms = " . sqlesc($acceptpms);
$updateset[] = "gender =  " . sqlesc($gender);
$updateset[] = "deletepms = '$deletepms'";
$updateset[] = "savepms = '$savepms'";
$updateset[] = "notifs = '$notifs'";
$updateset[] = "avatar = " . sqlesc($avatar);
$updateset[] = "avatars = '$avatars'";
if ($_POST['resetpasskey']) $updateset[] = "passkey=''";

/* ****** */

$urladd = "";

if ($changedemail) {
	$sec = mksecret();
	$hash = md5($sec . $email . $sec);
	$obemail = urlencode($email);
	$updateset[] = "editsecret = " . sqlesc($sec);
	$thishost = $_SERVER["HTTP_HOST"];
	$thisdomain = preg_replace('/^www\./is', "", $thishost);
	$body = <<<EOD
You have requested that your user profile (username {$CURUSER["username"]})
on $thisdomain should be updated with this email address ($email) as
user contact.

If you did not do this, please ignore this email. The person who entered your
email address had the IP address {$_SERVER["REMOTE_ADDR"]}. Please do not reply.

To complete the update of your user profile, please follow this link:

http://$thishost/confirmemail.php/{$CURUSER["id"]}/$hash/$obemail

Your new email address will appear in your profile after you do this. Otherwise
your profile will remain unchanged.
EOD;

	mail($email, "$thisdomain profile change confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL");

	$urladd .= "&mailsent=1";
}

mysql_query("UPDATE users SET " . implode(",", $updateset) . " WHERE id = " . $CURUSER["id"]) or sqlerr(__FILE__,__LINE__);

header("Location: $DEFAULTBASEURL/my.php?edited=1" . $urladd);

hit_end();

?>
Return current item: Trunk.net