<?php
include 'config.php';
include 'guestbook/mylib.php';
session_start();
header("Content-type: text/vnd.wap.wml");
$timex=time();
$rst=0;
$newpass=substr(htmlspecialchars(trim($_POST['newpass']),ENT_QUOTES), 0, 30);
$newrepass=substr(htmlspecialchars(trim($_POST['newrepass']),ENT_QUOTES), 0, 30);
$email=substr(strtolower(htmlspecialchars(trim($_POST['email']),ENT_QUOTES)), 0, 30);
$icq=rmvbadch(substr(htmlspecialchars(trim($_POST['icq']),ENT_QUOTES), 0, 10));
$name=rmvbadch(substr(htmlspecialchars(trim($_POST['name']),ENT_QUOTES), 0, 60));
$day=$_POST['day'];
$month=$_POST['month'];
$year=$_POST['year'];
$operator=rmvbadch(substr(htmlspecialchars(trim($_POST['operator']),ENT_QUOTES), 0, 40));
$fr=rmvbadch(substr(htmlspecialchars(trim($_POST['fr']),ENT_QUOTES), 0, 100));
$website=rmvbadch(substr(htmlspecialchars(trim($_POST['website']),ENT_QUOTES), 0, 50));
$wap=rmvbadch(substr(htmlspecialchars(trim($_POST['wap']),ENT_QUOTES), 0, 50));
$phonenum=rmvbadch(substr(htmlspecialchars(trim($_POST['phonenum']),ENT_QUOTES), 0, 25));
$phonemodel=rmvbadch(substr(htmlspecialchars(trim($_POST['phonemodel']),ENT_QUOTES), 0, 40));
$info=rmvbadch(substr(htmlspecialchars(trim($_POST['info']),ENT_QUOTES), 0, 600));
$job=rmvbadch(substr(htmlspecialchars(trim($_POST['job']),ENT_QUOTES), 0, 100));
$cust_status=rmvbadch(substr(htmlspecialchars(trim($_POST['cust_status']),ENT_QUOTES), 0, 120));
$agent=$_SERVER['HTTP_USER_AGENT'];
$addr=$_SERVER['REMOTE_ADDR'];
$lang=$_POST['lang'];
if ($year < 1900) $year=1900; if ($year > 2000) $year=2000;
$bdate=sprintf("%s-%s-%s", $year,$month,$day);
if ($icq=='') $icq=0;
$lang=$_GET['lang'];
if ((trim($_COOKIE['Login'])!='')&&(trim($_COOKIE['Password'])!='')) {
$login=htmlspecialchars(trim($_COOKIE['Login']),ENT_QUOTES);
$pass=htmlspecialchars(trim($_COOKIE['Password']),ENT_QUOTES);
} else {
$login=htmlspecialchars(trim($_POST['login']),ENT_QUOTES);
$pass=htmlspecialchars(trim($_POST['pass']),ENT_QUOTES);
}
if (($name=='')||($operator=='')||($fr=='')||($phonemodel=='')||($email=='')) {
wmlhd();
print "<p align=\"center\">Sorry, you MUST complete ALL REQUIRED fields</p>\n";
print "</card>\n</wml>";
exit;
}
if (($day==1)&&($month==1)&&($year==1970)) {
wmlhd();
print "<p align=\"center\">Sorry, you MUST complete ALL REQUIRED fields</p>\n";
print "</card>\n</wml>";
exit;
}
if ($newpass!=$newrepass) {
wmlhd();
print "<p align=\"center\">Password and confirmation does not match</p>\n";
print "</card>\n</wml>";
exit;
}
if ($email!='') {
$chemail = explode('@',$email);
$mailhost = $chemail[1];
$mailhost=$mailhost.".";
if (getmxrr($mailhost, $mxhosts) == FALSE && gethostbyname($mailhost) == $mailhost) {
wmlhd();
print "<p align=\"center\">".$mailhost." is not a valid e-mail host.</p>\n";
print "</card>\n</wml>";
exit;
}
}
if (!($conn=pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser password=$dbpass"))) {
wmlhd();
print "<p align=\"center\">Error connecting to database</p>\n";
print "</card>\n</wml>";
exit;
}
if (isset($_SESSION['id'])) {
$id=$_SESSION['id'];
} else {
$res=pg_query($conn,"select id from users where login='$login' and passwd='$pass' and moder=0;");
if (pg_numrows($res)!=1) {
wmlhd();
print "<p align=\"center\">Sorry, BAD login</p>\n";
print "</card>\n</wml>";
pg_close($conn);
exit;
}
$id=pg_result($res,0,0);
$_SESSION['id']=$id;
}
$res=pg_query($conn,"select id from users where email='$email';");
if (pg_numrows($res)) {
$eid=pg_result($res,0,0);
if ($eid!=$id) {
wmlhd();
print "<p align=\"center\">Sorry, user with email ".uconv($email)." already exists</p>\n";
print "</card>\n</wml>";
pg_close($conn);
exit;
}
}
$res=pg_query($conn,"select email from users where id='$id';");
if (pg_numrows($res)) {
$oldmail=pg_result($res,0,0);
if ($email!=$oldmail) {
$rst=1;
$pass=rand(10000,99999);
$newpass=$pass;
$newrepass=$pass;
mail($email,"Your password at wap.katrinka.ru","Thank you for updating your profile at wap.katrinka.ru!\n\nYour password is: ".$pass."\nYou can change it in your profile.","From: [email protected]");
}
}
$newstatus='';
$res=pg_query($conn,"select cust_status,posts from users where id='$id';");
if (pg_numrows($res)) {
$oldstatus=pg_result($res,0,0);
$posts=pg_result($res,0,1);
if ($posts >= 9000) $newstatus=$cust_status;
else $newstatus=$oldstatus;
}
if ($newpass!='') {
$res=pg_query($conn,"update users set passwd='$newpass',email='$email',name='$name',bday='$bdate',operator='$operator',fr='$fr',phonenum='$phonenum',web='$website',info='$info',phonemod='$phonemodel',icq='$icq',wap='$wap',lastact='$timex',job='$job',cust_status='$newstatus' where id='$id';");
} else {
$res=pg_query($conn,"update users set email='$email',name='$name',bday='$bdate',operator='$operator',fr='$fr',phonenum='$phonenum',web='$website',info='$info',phonemod='$phonemodel',icq='$icq',wap='$wap',lastact='$timex',job='$job',cust_status='$newstatus' where id='$id';");
}
if (!$res) {
wmlhd();
print "<p align=\"center\">Error updating user</p>\n";
print "</card>\n</wml>";
pg_close($conn);
exit;
} else {
if (!$rst) {
setcookie("Login", $login, time()+864000, "/");
setcookie("Password", $pass, time()+864000, "/");
} else {
session_unset();
setcookie("Login", "", time()-360, "/");
setcookie("Password", "", time()-360, "/");
}
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<?php if ($lang=='eng') { ?>
<card id="UpdOk" title="Thanks!" ontimer="http://wap.katrinka.ru/index.php?lang=eng">
<timer value="200"/>
<p>Thank you for updating! We are taking you back to main page...<br/>
If you changed your e-mail - new password will be mailed to you.
</p>
</card>
</wml>
<?php } else { ?>
<card id="UpdOk" title="Спасибо!" ontimer="http://wap.katrinka.ru/index.php">
<timer value="200"/>
<p>Спасибо за обновление Ваших данных, мы возвращаем Вас на главную...<br/>
Если вы меняли Ваш e-mail - новый пароль будет отослан Вам по почте.
</p>
</card>
</wml>
<?php }
}
#pg_query($conn,"SET CLIENT_ENCODING TO 'KOI8';");
#$res=pg_query($conn,"select login,passwd,email,name,operator,fr,phonenum,web,info,phonemod from users where id=(select max(id) from users);");
#$login=pg_result($res,0,0);
#$pass=pg_result($res,0,1);
#$email=pg_result($res,0,2);
#$name=pg_result($res,0,3);
#$operator=pg_result($res,0,4);
#$fr=pg_result($res,0,5);
#$phonenum=pg_result($res,0,6);
#$website=pg_result($res,0,7);
#$info=pg_result($res,0,8);
#$phonemodel=pg_result($res,0,9);
pg_close($conn);
#mail("[email protected], [email protected]", "оПЧЩК РПМШЪПЧБФЕМШ WAP УБКФБ", "Login: $login\nPassword: $pass\nName: $name\nдБФБ ТПЦДЕОЙС: $day.$month.$year\nOperator: $operator\nFrom: $fr\nWebsite: $website\nPhone number: $phonenum\nPhone model: $phonemodel\nInfo: $info\nE-mail: $email\nHost: ".gethostbyaddr($addr)." [$addr]\nAgent: $agent\n","From: WAP УБКФ <[email protected]>\nContent-Type: text/plain; charset=KOI8-r");
?>