Просмотр файла edit_info.php

Размер файла: 3.36Kb
<?php
####################
# Автор: [Svig]    #
# ICQ: 563000172   #
####################

$edit = "edit";
if($_GET['page']==$edit)
{
include ("conf.php");
include ("lock.php");
if ($user == $myrow["user"] && $pass == $myrow["pass"])
{
include ("head.php");

$mypass = $myrow['pass'];

print <<<sss
<div class='nav'>
<form name="form1" action="edit_info.php?page=update" method="post">
Пароль:  <br />
<input name="pass" type="text" value="$myrow[pass]"><br />
<input name="mypass" type="hidden" value="$mypass">
Имя: <br />
<input name="name" type="text" value="$myrow[name]"><br />
Пол: <br />
<select size="1" name="pol">
  <option value="Мужской">Мужской</option>
  <option value="Женский">Женский</option>
</select><br />
Город: <br />
<input name="gor" type="text" value="$myrow[gor]"><br />
Телефон: <br />
<input name="phone" type="text" value="$myrow[phone]"><br />
E-mail:  <br />
<input name="email" type="text" value="$myrow[email]"><br />
ICQ:  <br />
<input name="icq" type="text" value="$myrow[icq]"><br />
О себе: <br />
<input name="os" type="text" value="$myrow[os]">
<input name="id" type="hidden" value="$myrow[id]">
<input name="user" type="hidden" value="$myrow[user]">
<br /><input type="submit" value="Изменить">
</form>
</div>
<div class='nav'>
• <a href=menu.php?user=$user&pass=$pass>В меню</a>
</div>
sss;
include ("foot.php");
}
else
{
echo "Ошибка! Неверный <b>Ник</b> или <b>Пароль</b><br />";
echo <<<sss
<a href="index.php">На главную</a>
sss;
}
}
$update = "update";
if($_GET['page']==$update)
{
include ("conf.php");


if (isset($_POST['pass']))         {$pass = mysql_real_escape_string(trim($_POST['pass']));     if ($pass == ''){unset($pass);} }
if (isset($_POST['id']))         {$id = mysql_real_escape_string(trim($_POST['id']));}
$pol = htmlspecialchars(mysql_real_escape_string(trim($_POST['pol']))); if ($pol == ''){unset($pol); }
$gor = htmlspecialchars(mysql_real_escape_string(trim($_POST['gor'])));
$icq = htmlspecialchars(mysql_real_escape_string(trim($_POST['icq'])));
$phone = htmlspecialchars(mysql_real_escape_string(trim($_POST['phone'])));
$email = htmlspecialchars(mysql_real_escape_string(trim($_POST['email'])));
$os = htmlspecialchars(mysql_real_escape_string(trim($_POST['os'])));
$name = htmlspecialchars(mysql_real_escape_string(trim($_POST['name']))); if ($name == ''){unset($name); }


$user = $_POST['user'];

if (isset($pass) && isset($name) && isset($email) && isset($os))
{
$result = mysql_query("UPDATE userlist SET pass='$pass',name='$name',email='$email',os='$os',pol='$pol',gor='$gor',icq='$icq',phone='$phone' WHERE id='$id'",$db);

if ($result == 'true')
{
include ("head.php");
echo "<div class='nav'>";
echo "Ваша анкета изменина!<br /></div>";
echo "<div class='nav'>• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "Ошибка! Ваша анкета не изменина!</div>";
echo "<div class='nav'>• <a href=menu.php?user=$user&pass=$pass>В меню</a>";
echo "</div>";
include ("foot.php");
}

}
else
{
$mypass = $_POST['mypass'];
include ("head.php");
echo "<div class='nav'>";
echo "Вы не ввели &quot;имя&quot; или &quot;пароль&quot;<br />";
echo "<a href=edit_info.php?page=edit&user=$user&pass=$mypass>Назад</a>";
echo "</div>";
include ("foot.php");
}

}



?>