Просмотр файла profile.php

Размер файла: 8.96Kb
<?php

// Криме / Krime
include('common.php');

$gaid = getarg('id', 0);
$do = getarg('do');

if(islogged())
{
  if($gaid == 0)
    $gaid = getid();

  if($do == 'ban')
  {
    if(checkmod())
    {
      $uusername = getusername($gaid);
      if(!checkadmin($uusername))
      {
        if(checkbanned($uusername))
        {
          @mysql_query('UPDATE `users` SET `banned` = \'0\', `bantime` = \'0\' WHERE `id` = \'' . $gaid . '\';');
        }
        else
        {
          @mysql_query('UPDATE `users` SET `banned` = \'1\', `bantime` = \'' . time() . '\' WHERE `id` = \'' . $gaid . '\';');
        }
      }
    }

    header('Location: ' . $s_siteurl . '/profile.php?lang=' . $language . '&id=' . $gaid);
  }
  elseif($do == 'delete')
  {
    $query = mysql_query('SELECT * FROM `users` WHERE `id` = \'' . $gaid . '\';');
    if(mysql_num_rows($query) > 0 && !checkadmin(getusername($gaid)))
    {
      if(checkadmin())
      {
        @mysql_query('DELETE FROM `invites` WHERE `user` = \'' . $gaid . '\';');
        @mysql_query('DELETE FROM `online` WHERE `user` = \'' . $gaid . '\';');
        @mysql_query('UPDATE `posts` SET `poster` = \'1\' WHERE `poster` = \'' . $gaid . '\';');
        @mysql_query('DELETE FROM `private` WHERE `to` = \'' . $gaid . '\';');
        @mysql_query('UPDATE `private` SET `from` = \'1\' WHERE `from` = \'' . $gaid . '\';');
        @mysql_query('DELETE FROM `recover` WHERE `user` = \'' . $gaid . '\';');
        @mysql_query('UPDATE `shoutbox` SET `user` = \'1\' WHERE `user` = \'' . $gaid . '\';');
        @mysql_query('UPDATE `threads` SET `poster` = \'1\' WHERE `poster` = \'' . $gaid . '\';');
        @mysql_query('DELETE FROM `users` WHERE `id` = \'' . $gaid . '\';');
      }
    }

    header('Location: ' . $s_siteurl . '/index.php?lang=' . $language);
  }
  elseif($do == 'edit')
  {
    $query = mysql_query('SELECT * FROM `users` WHERE `id` = \'' . $gaid . '\';');
    if(mysql_num_rows($query) > 0)
    {
      if($gaid == getid() || checkadmin())
      {
        $result = mysql_fetch_array($query);
        if(isset($_POST['email']) && !empty($_POST['email']))
        {
          $email = clean($_POST['email']);
          @mysql_query('UPDATE `users` SET `email` = \'' . $email . '\' WHERE `id` = \'' . $gaid . '\';');
          $oldpassword = isset($_POST['oldpassword']) ? (empty($_POST['oldpassword']) ? '' : clean($_POST['oldpassword'])) : '';
          $newpassword = isset($_POST['newpassword']) ? (empty($_POST['newpassword']) ? '' : clean($_POST['newpassword'])) : '';
          $apass = rand(1111, 9999) . 'empty';
          if($gaid != getid())
            $oldpassword = $apass;
          if($oldpassword != '' && $newpassword != '')
          {
            $oldpassword = md5(md5($oldpassword));
            if($oldpassword == $result['password'] || $oldpassword == $apass)
            {
              if($gaid == getid())
                $_SESSION['password'] = $newpassword;
              @mysql_query('UPDATE `users` SET `password` = \'' . md5(md5($newpassword)) . '\' WHERE `id` = \'' . $gaid . '\';');
            }
          }

          header('Location: ' . $s_siteurl . '/profile.php?lang=' . $language . '&id=' . $gaid);
        }
        else
        {
          echo theader($lang['editprofile']);
          echo '    <span>' . $lang['editprofile'] . '</span><br /><br />' . "\r\n";
          echo '    <form method="post" action="' . $s_siteurl . '/profile.php?lang=' . $language . '&amp;id=' . $gaid . '&amp;do=edit">' . "\r\n";
          echo '      <span>' . $lang['email'] . ':</span><br />' . "\r\n";
          echo '      <input type="text" name="email" value="' . $result['email'] . '" /><br /><br />' . "\r\n";
          if($gaid == getid())
          {
            echo '      <span>' . $lang['oldpassword'] . ':</span><br />' . "\r\n";
            echo '      <input type="password" name="oldpassword" /><br />' . "\r\n";
          }
          echo '      <span>' . $lang['newpassword'] . ':</span><br />' . "\r\n";
          echo '      <input type="password" name="newpassword" /><br />' . "\r\n";
          echo '      <input type="submit" value="' . $lang['edit'] . '" /><br />' . "\r\n";
          echo '    </form>' . "\r\n";
          echo '    <span><a href="' . $s_siteurl . '/profile.php?lang=' . $language . '&amp;id=' . $gaid . '">' . $lang['back'] . '</a></span><br />' . "\r\n";
          echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['main'] . '</a></span><br /><br />' . "\r\n";
        }
      }
      else
      {
        header('Location: ' . $s_siteurl . '/index.php?lang=' . $language);
      }
    }
    else
    {
      header('Location: ' . $s_siteurl . '/index.php?lang=' . $language);
    }
  }
  else
  {
    if($gaid == getid())
    {
      echo theader($lang['myprofile']);
    }
    else
    {
      echo theader($lang['profile'] . ' / ' . getusername($gaid));
    }

    $query = mysql_query('SELECT * FROM `users` WHERE `id` = \'' . $gaid . '\';');
    if(mysql_num_rows($query) > 0)
    {
      $result = mysql_fetch_array($query);
      $pusername = clean($result['username']);
      $email = clean($result['email']);
      $date = clean($result['date']);
      $level = intval(clean($result['status']));
      $status = formatstatus($level);
      if(intval(clean($result['banned'])) > 0)
        $status = $lang['status']['banned'];


      $useragent = $result['useragent'];
      $userip = $result['userip'];

      $query = mysql_query('SELECT COUNT(*) FROM `threads` WHERE `poster` = \'' . $gaid . '\';');
      $result = mysql_fetch_array($query);
      $threads = intval($result[0]);
      $query = mysql_query('SELECT COUNT(*) FROM `posts` WHERE `poster` = \'' . $gaid . '\';');
      $result = mysql_fetch_array($query);
      $posts = intval($result[0]);
      $query = mysql_query('SELECT COUNT(*) FROM `shoutbox` WHERE `user` = \'' . $gaid . '\';');
      $result = mysql_fetch_array($query);
      $shouts = intval($result[0]);
      $query = mysql_query('SELECT COUNT(*) FROM `private` WHERE `to` = \'' . $gaid . '\';');
      $result = mysql_fetch_array($query);
      $inpms = intval($result[0]);
      $query = mysql_query('SELECT COUNT(*) FROM `private` WHERE `from` = \'' . $gaid . '\';');
      $result = mysql_fetch_array($query);
      $outpms = intval($result[0]);

      echo '    <span><a href="' . $s_siteurl . '/private.php?lang=' . $language . '&amp;do=write&amp;to=' . $pusername . '">' . $lang['pmsend'] . '</a></span><br /><br />' . "\r\n";
      echo '    <div class="left">' . "\r\n";
      echo '      <span>' . $lang['username'] . ': ' . $pusername . '</span><br />' . "\r\n";
      echo '      <span>' . $lang['status']['status'] . ': ' . $status . '</span><br />' . "\r\n";
      echo '      <span>' . $lang['email'] . ': ' . $email . '</span><br />' . "\r\n";
      echo '      <span>' . $lang['numthreads'] . ': ' . $threads . '</span><br />' . "\r\n";
      echo '      <span>' . $lang['posts'] . ': ' . $posts . '</span><br />' . "\r\n";
      echo '      <span>' . $lang['shouts'] . ': ' . $shouts . '</span><br />' . "\r\n";
      echo '      <span>' . $lang['numpms'] . ': ' . $inpms . ' / ' . $outpms . '</span><br />' . "\r\n";
      echo '      <span>' . $lang['regdate'] . ': ' . date('d/m/Y, H:i:s', $date) . '</span><br />';
      if(checkmod())
      {
        echo "\r\n";
        echo '      <span>' . $lang['useragent'] . ': ' . $useragent . '</span><br />' . "\r\n";
        echo '      <span>' . $lang['userip'] . ': ' . $userip . '</span><br />' . "\r\n";
        if(checkbanned($pusername))
          echo '      <span><a href="' . $s_siteurl . '/profile.php?lang=' . $language . '&amp;id=' . $gaid . '&amp;do=ban">' . $lang['unban'] . '</a>';
        else
          echo '      <span><a href="' . $s_siteurl . '/profile.php?lang=' . $language . '&amp;id=' . $gaid . '&amp;do=ban">' . $lang['ban'] . '</a>';
        if(!checkadmin())
          echo '</span><br />';
      }
      if(checkadmin())
        echo ' | <a href="' . $s_siteurl . '/profile.php?lang=' . $language . '&amp;id=' . $gaid . '&amp;do=delete">' . $lang['delete'] . '</a></span><br />';

      echo "\r\n";
      echo '    </div>' . "\r\n";
      if($gaid == getid() || checkadmin())
        echo '    <span><a href="' . $s_siteurl . '/profile.php?lang=' . $language . '&amp;id=' . $gaid . '&amp;do=edit">' . $lang['edit'] . '</a></span><br />' . "\r\n";
      echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
    }
    else
    {
      echo '    <span>' . $lang['usernotexist'] . '</span><br />' . "\r\n";
      echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
    }
  }

  echo tfooter();
}
else
{
  header('Location: ' . $s_siteurl . '/index.php?lang=' . $language);
}

exit();

?>