<?php
//POWERED by ILI
// ICQ : 197042
//site: ili.wab.ru
// ilichat v4.0
error_reporting(0);
require_once"./includes/functions/gzip.php";
include('start.php');
include("config.php");
list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
$id = intval($_SESSION['id']);
$nocache = rand(10000, 99999);
//polu4enie parolya pol'zovatelya
$q_pass = mysql_query("SELECT `password` FROM `chat_users` WHERE `id` = '".$id."';");
$usr_pass = mysql_result($q_pass, 0);
//proverka parolya
if(md5($_POST['pass']) !== $usr_pass){
switch($ver)
{
//WML PASS CHECK
case 'wml':
header("Content-type: text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"Authentification\"><p align=\"left\">\n";
echo "Пароль к профилю*:<br/>\n";
echo "<input type=\"text\" name=\"pass\" maxlength=\"15\"/><br/>\n";
echo "<anchor>[Enter]<go href=\"profile.php?".SID."&ver=wml&nocache=$nocache\" method=\"post\">\n";
echo "<postfield name=\"pass\" value=\"$(pass)\"/>\n";
echo "</go></anchor><br/>\n";
require_once "includes/functions/gzip_foot.php";
echo "</p></card></wml>";
ob_end_flush();
break;
//HTML PASS CHECK
case 'html';
$my_title = "Профиль";
if(!isset($_COOKIE['theme'])) $_COOKIE['theme'] = 1;
include_once "themes/".intval($_COOKIE['theme'])."/index.php";
echo "<form method=\"post\" action=\"profile.php?".SID."&ver=html&nocache=$nocache\">\n";
echo "Пароль к профилю*:<br/>\n";
echo "<input name=\"pass\" maxlength=\"15\" title=\"pass\"/><br/>\n";
echo "<input type=\"submit\" value=\"OK\"/></form><br/>\n";
include_once "themes/".intval($_COOKIE['theme'])."/foot.php";
break;
}
}//konec proverki parolya
else{
include("./includes/".$ver."/banned");
$ref = rand(1000, 9999);
$password = mysql_escape_string($_POST['pass']);//Na vsyakii slu4ai :)
$qinf = mysql_query("SELECT * FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
switch($ver)
{
////////////////////////////////////////////////////////
//WML VERSION
////////////////////////////////////////////////////////
case 'wml':
header("Content-type:text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE
$user = mysql_fetch_array($qinf);
$nickname = $user['nickname'];
$name = $user['name'];
$site = $user['site'];
$sex = $user['sex'];
$from = $user['from'];
$mobile = $user['mobile'];
$email = $user['email'];
$birthday = $user['birthday'];
$birthday = explode("-", $birthday);
$about = $user['about'];
$posts = $user['posts'];
$level = $user['level'];
$status = $user['status'];
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"Профиль\"><p align=\"left\">\n";
if(!isset($_POST['action']))
{
if($level > 2)
{
echo "Ник:<br/>
<input type=\"text\" name=\"nickname$ref\" value=\"$nickname\" maxlength=\"15\"/><br/>\n";
}
echo "Пароль:<br/>
<input type=\"text\" name=\"upass$ref\" value=\"$password\" maxlength=\"20\"/><br/>\n";
if($level > 2)
{
echo "Статус:<br/>
<input type=\"text\" name=\"status$ref\" value=\"$status\" maxlength=\"15\"/><br/>\n";
}
echo "Имя:<br/>
<input type=\"text\" name=\"name$ref\" value=\"$name\" maxlength=\"20\"/><br/>
Пол:<br/>
<select name=\"sex$ref\" value=\"$sex\">
<option value=\"0\">Мужской</option>
<option value=\"1\">Женский</option>
<option value=\"2\">Неизвестно :)</option>
</select><br/>
Дата рождения:<br/>
<input size=\"2\" name=\"day$ref\" value=\"".$birthday[0]."\" maxlength=\"2\" format=\"*N\" emptyok=\"true\"/>
-
<input size=\"2\" name=\"month$ref\" value=\"".$birthday[1]."\" maxlength=\"2\" format=\"*N\" emptyok=\"true\"/>
-
<input size=\"4\" name=\"year$ref\" value=\"".$birthday[2]."\" maxlength=\"4\" format=\"*N\" emptyok=\"true\"/><br/>
Город:<br/>
<input type=\"text\" name=\"from$ref\" value=\"$from\" maxlength=\"20\"/><br/>
Модель мобильного телефона:<br/>
<input type=\"text\" name=\"mobile$ref\" value=\"$mobile\" maxlength=\"20\"/><br/>
eMail:<br/>
<input type=\"text\" name=\"email$ref\" value=\"$email\" maxlength=\"20\"/><br/>
Сайт:<br/>
<input type=\"text\" name=\"site$ref\" value=\"http://$site\" maxlength=\"50\"/><br/>
О себе:<br/>
<input type=\"text\" name=\"about$ref\" value=\"$about\" maxlength=\"300\"/><br/>
<anchor>[Сохранить]<go href=\"profile.php?".SID."&ref=$ref&ver=wml\" method=\"post\">\n";
if($level > 2)
{
echo "<postfield name=\"nickname\" value=\"$(nickname$ref)\"/>\n";
echo "<postfield name=\"status\" value=\"$(status$ref)\"/>\n";
}
echo "<postfield name=\"upass\" value=\"$(upass$ref)\"/>
<postfield name=\"name\" value=\"$(name$ref)\"/>
<postfield name=\"sex\" value=\"$(sex$ref)\"/>
<postfield name=\"day\" value=\"$(day$ref)\"/>
<postfield name=\"month\" value=\"$(month$ref)\"/>
<postfield name=\"year\" value=\"$(year$ref)\"/>
<postfield name=\"from\" value=\"$(from$ref)\"/>
<postfield name=\"pass\" value=\"".$_POST['pass']."\"/>
<postfield name=\"mobile\" value=\"$(mobile$ref)\"/>
<postfield name=\"email\" value=\"$(email$ref)\"/>
<postfield name=\"site\" value=\"$(site$ref)\"/>
<postfield name=\"about\" value=\"$(about$ref)\"/>
<postfield name=\"action\" value=\"$(save)\"/>
</go></anchor><br/>\n";
echo "<a href=\"photo.php?".SID."&ver=wml\">Фотография</a><br/>\n";
echo "<br/><a href=\"my.php?".SID."&ver=wml\">Личный Кабинет</a><br/>\n";
echo "<a href=\"menu.php?".SID."&ver=wml\">Меню чата</a><br/>\n";
}
else
{
if($level > 2)
{
$nickname = mysql_escape_string(htmlspecialchars(trim($_POST['nickname'])));
$status = mysql_escape_string(htmlspecialchars(trim($_POST['status'])));
}
else
{
$query = mysql_query("SELECT `nickname`, `status` FROM `chat_users` WHERE `id` = '".$id."';");
$nickname = mysql_result($query, 0, 'nickname');
$status = mysql_result($query, 0, 'status');
}
$upass = $_POST['upass'];
$name = mysql_escape_string(htmlspecialchars(trim($_POST['name'])));
if($_POST['sex'] == 0 or $_POST['sex'] == 1 or $_POST['sex'] == 2)
{
$sex = intval($_POST['sex']);
}
else
{
$sex = 2;
}
$day = intval($_POST['day']);
$day = substr($day, 0, 2);
$month = intval($_POST['month']);
$month = substr($month, 0, 2);
$year = intval($_POST['year']);
$year = substr($year, 0, 4);
$birthday = "$day-$month-$year";
$from = mysql_escape_string(htmlspecialchars(trim($_POST['from'])));
$mobile = mysql_escape_string(htmlspecialchars(trim($_POST['mobile'])));
$email = mysql_escape_string(htmlspecialchars(trim($_POST['email'])));
$site = strtolower(mysql_escape_string(htmlspecialchars(trim($_POST['site']))));
$site = str_replace('http://', '', $site);
$about = mysql_escape_string(htmlspecialchars(trim($_POST['about'])));
$error = "";
if(empty($nickname) && $level > 2) $error .= "Не введен ник!<br/>\n";
if(empty($upass)) $error .= "Не введен пароль!<br/>\n";
if(preg_match("/[^0-9a-zA-Z_]+/",$upass)) $error .= "В пароле есть запрещенные символы!<br/>\n";
if(empty($status) && $level > 2) $error .= "Не введен статус!<br/>\n";
if(strlen($mobile) > 40) $error .= "Слишком много информации в \"Модель мобильного телефона\"!<br/>\n";
if(strlen($email) > 40) $error .= "Слишком длинный e-mail!<br/>\n";
if(strlen($site) > 100) $error .= "Слишком длинный адрес сайта!<br/>\n";
if(strlen($about) > 600) $error .= "Слишком много информации в \"О себе\"!<br/>\n";
if(!empty($error))
{
echo $error;
echo "<a href=\"profile.php?".SID."&ver=wml&ref=$ref\">Назад</a><br/>\n";
echo "<br/><a href=\"my.php?".SID."&ver=wml\">Личный Кабинет</a><br/>\n";
echo "<a href=\"menu.php?".SID."&ver=wml\">Меню чата</a><br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</p></card></wml>";
exit();
}
$q = mysql_query("UPDATE `chat_users` SET `nickname` = '".$nickname."', `password` = '".md5($upass)."', `name` = '".$name."', `sex` = '".$sex."', `status` = '".$status."', `birthday` = '".$birthday."', `from` = '".$from."', `mobile` = '".$mobile."', `email` = '".$email."', `site` = '".$site."', `about` = '".$about."' WHERE `id` = '".$id."';");
$_SESSION['password']= $upass;
echo "Профиль успешно сохранен!<br/>\n";
echo "<br/><a href=\"my.php?".SID."&ver=wml\">Личный Кабинет</a><br/>\n";
echo "<a href=\"menu.php?".SID."&ver=wml\">Меню чата</a><br/>\n";
}
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[".round(($sec+$msec)-$headtime, 5)."] sec</small><br/>\n";
require_once "includes/functions/gzip_foot.php";
echo "</p></card></wml>";
ob_end_flush();
break;
////////////////////////////////////////////////////////
//HTML VERSION
////////////////////////////////////////////////////////
case 'html':
$my_title = "Профиль";
if(!isset($_COOKIE['theme'])) $_COOKIE['theme'] = 1;
include_once "themes/".intval($_COOKIE['theme'])."/index.php";
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE
$user = mysql_fetch_array($qinf);
$nickname = $user['nickname'];
$name = $user['name'];
$site = $user['site'];
$sex = $user['sex'];
$from = $user['from'];
$mobile = $user['mobile'];
$email = $user['email'];
$birthday = $user['birthday'];
$birthday = explode("-", $birthday);
$about = $user['about'];
$posts = $user['posts'];
$level = $user['level'];
$status = $user['status'];
if(!isset($_POST['action']))
{
echo "<form method=\"post\" action=\"profile.php?".SID."&ref=$ref&ver=html\">\n";
if($level > 2)
{
echo "Ник:<br/>
<input type=\"text\" name=\"nickname\" value=\"$nickname\" maxlength=\"15\"/><br/>\n";
}
echo "Пароль:<br/>
<input type=\"text\" name=\"upass\" value=\"$password\" maxlength=\"20\"/><br/>\n";
if($level > 2)
{
echo "Статус:<br/>
<input type=\"text\" name=\"status\" value=\"$status\" maxlength=\"15\"/><br/>\n";
}
echo "Имя:<br/>
<input type=\"text\" name=\"name\" value=\"$name\" maxlength=\"20\"/><br/>
Пол:<br/>
<select name=\"sex\">\n";
if($sex == 0)
{
echo "<option value=\"0\" selected=\"selected\">Мужской</option>\n";
echo "<option value=\"1\">Женский</option>\n";
echo "<option value=\"2\">Неизвестно :)</option>\n";
echo "</select><br/>\n";
}
elseif($sex == 1)
{
echo "<option value=\"1\" selected=\"selected\">Женский</option>\n";
echo "<option value=\"0\">Мужской</option>\n";
echo "<option value=\"2\">Неизвестно :)</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<option value=\"2\" selected=\"selected\">Неизвестно :)</option>\n";
echo "<option value=\"1\">Женский</option>\n";
echo "<option value=\"0\">Мужской</option>\n";
echo "</select><br/>\n";
}
echo "Дата рождения:<br/>
<input size=\"2\" name=\"day\" value=\"".$birthday[0]."\" maxlength=\"2\"/>
-
<input size=\"2\" name=\"month\" value=\"".$birthday[1]."\" maxlength=\"2\"/>
-
<input size=\"4\" name=\"year\" value=\"".$birthday[2]."\" maxlength=\"4\"/><br/>
Город:<br/>
<input type=\"text\" name=\"from\" value=\"$from\" maxlength=\"20\"/><br/>
Модель мобильного телефона:<br/>
<input type=\"text\" name=\"mobile\" value=\"$mobile\" maxlength=\"20\"/><br/>
eMail:<br/>
<input type=\"text\" name=\"email\" value=\"$email\" maxlength=\"20\"/><br/>
Сайт:<br/>
<input type=\"text\" name=\"site\" value=\"http://$site\" maxlength=\"50\"/><br/>
О себе:<br/>
<input type=\"text\" name=\"about\" value=\"$about\" maxlength=\"300\"/><br/>";
echo "<input type=\"hidden\" name=\"action\" value=\"save\"/>\n";
echo "<input type=\"hidden\" name=\"pass\" value=\"".$_POST['pass']."\"/>\n";
echo "<input type=\"submit\" value=\"Сохранить\"/></form><br/>\n";
echo "<a href=\"upload.php?".SID."&ver=html\">Фотография</a><br/>\n";
echo "<br/><a href=\"my.php?".SID."&ver=html\">Личный Кабинет</a><br/>\n";
echo "<a href=\"menu.php?".SID."&ver=html\">Меню чата</a><br/>\n";
}
else
{
if($level > 2)
{
$nickname = mysql_escape_string(htmlspecialchars(trim($_POST['nickname'])));
$status = mysql_escape_string(htmlspecialchars(trim($_POST['status'])));
}
else
{
$query = mysql_query("SELECT `nickname`, `status` FROM `chat_users` WHERE `id` = '".$id."';");
$nickname = mysql_result($query, 0, 'nickname');
$status = mysql_result($query, 0, 'status');
}
$upass = $_POST['upass'];
$name = mysql_escape_string(htmlspecialchars(trim($_POST['name'])));
if($_POST['sex'] == 0 or $_POST['sex'] == 1 or $_POST['sex'] == 2)
{
$sex = intval($_POST['sex']);
}
else
{
$sex = 2;
}
$day = intval($_POST['day']);
$day = substr($day, 0, 2);
$month = intval($_POST['month']);
$month = substr($month, 0, 2);
$year = intval($_POST['year']);
$year = substr($year, 0, 4);
$birthday = "$day-$month-$year";
$from = mysql_escape_string(htmlspecialchars(trim($_POST['from'])));
$mobile = mysql_escape_string(htmlspecialchars(trim($_POST['mobile'])));
$email = mysql_escape_string(htmlspecialchars(trim($_POST['email'])));
$site = strtolower(mysql_escape_string(htmlspecialchars(trim($_POST['site']))));
$site = str_replace('http://', '', $site);
$about = mysql_escape_string(htmlspecialchars(trim($_POST['about'])));
$error = "";
if(empty($nickname) && $level > 2) $error .= "Не введен ник!<br/>\n";
if(empty($upass)) $error .= "Не введен пароль!<br/>\n";
if(preg_match("/[^0-9a-zA-Z_]+/",$upass)) $error .= "В пароле есть запрещенные символы!<br/>\n";
if(empty($status) && $level > 2) $error .= "Не введен статус!<br/>\n";
if(strlen($mobile) > 40) $error .= "Слишком много информации в \"Модель мобильного телефона\"!<br/>\n";
if(strlen($email) > 40) $error .= "Слишком длинный e-mail!<br/>\n";
if(strlen($site) > 100) $error .= "Слишком длинный адрес сайта!<br/>\n";
if(strlen($about) > 600) $error .= "Слишком много информации в \"О себе\"!<br/>\n";
if(!empty($error))
{
echo $error;
echo "<a href=\"profile.php?".SID."&ver=html&ref=$ref\">Назад</a><br/>\n";
echo "<br/><a href=\"my.php?".SID."&ver=html\">Личный Кабинет</a><br/>\n";
echo "<a href=\"menu.php?".SID."&ver=html\">Меню чата</a><br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</body></html>";
exit();
}
$q = mysql_query("UPDATE `chat_users` SET `nickname` = '".$nickname."', `password` = '".md5($upass)."', `name` = '".$name."', `sex` = '".$sex."', `status` = '".$status."', `birthday` = '".$birthday."', `from` = '".$from."', `mobile` = '".$mobile."', `email` = '".$email."', `site` = '".$site."', `about` = '".$about."' WHERE `id` = '".$id."';");
$_SESSION['password']= $upass;
echo "Профиль успешно сохранен!<br/>\n";
echo "<br/><a href=\"my.php?".SID."&ver=html\">Личный Кабинет</a><br/>\n";
echo "<a href=\"menu.php?".SID."&ver=html\">Меню чата</a><br/>\n";
}
include_once "themes/".intval($_COOKIE['theme'])."/foot.php";
break;
}
}
?>