View file katrinka.ru/user_update.php

File size: 7.68Kb
<?php
  include 'config.php';
  include 'guestbook/mylib.php';
  session_start();
  header("Content-type: text/vnd.wap.wml");
  $timex=time();
  $rst=0;

  $newpass=substr(htmlspecialchars(trim($_POST['newpass']),ENT_QUOTES), 0, 30);
  $newrepass=substr(htmlspecialchars(trim($_POST['newrepass']),ENT_QUOTES), 0, 30);
  $email=substr(strtolower(htmlspecialchars(trim($_POST['email']),ENT_QUOTES)), 0, 30);
  $icq=rmvbadch(substr(htmlspecialchars(trim($_POST['icq']),ENT_QUOTES), 0, 10));
  $name=rmvbadch(substr(htmlspecialchars(trim($_POST['name']),ENT_QUOTES), 0, 60));
  $day=$_POST['day'];
  $month=$_POST['month'];
  $year=$_POST['year'];
  $operator=rmvbadch(substr(htmlspecialchars(trim($_POST['operator']),ENT_QUOTES), 0, 40));
  $fr=rmvbadch(substr(htmlspecialchars(trim($_POST['fr']),ENT_QUOTES), 0, 100));
  $website=rmvbadch(substr(htmlspecialchars(trim($_POST['website']),ENT_QUOTES), 0, 50));
  $wap=rmvbadch(substr(htmlspecialchars(trim($_POST['wap']),ENT_QUOTES), 0, 50));
  $phonenum=rmvbadch(substr(htmlspecialchars(trim($_POST['phonenum']),ENT_QUOTES), 0, 25));
  $phonemodel=rmvbadch(substr(htmlspecialchars(trim($_POST['phonemodel']),ENT_QUOTES), 0, 40));
  $info=rmvbadch(substr(htmlspecialchars(trim($_POST['info']),ENT_QUOTES), 0, 600));
  $job=rmvbadch(substr(htmlspecialchars(trim($_POST['job']),ENT_QUOTES), 0, 100));
  $cust_status=rmvbadch(substr(htmlspecialchars(trim($_POST['cust_status']),ENT_QUOTES), 0, 120));
  $agent=$_SERVER['HTTP_USER_AGENT'];
  $addr=$_SERVER['REMOTE_ADDR'];
  $lang=$_POST['lang'];
  if ($year < 1900) $year=1900; if ($year > 2000) $year=2000;
  $bdate=sprintf("%s-%s-%s", $year,$month,$day);
  if ($icq=='') $icq=0;

  $lang=$_GET['lang'];
  if ((trim($_COOKIE['Login'])!='')&&(trim($_COOKIE['Password'])!='')) {
	$login=htmlspecialchars(trim($_COOKIE['Login']),ENT_QUOTES);
	$pass=htmlspecialchars(trim($_COOKIE['Password']),ENT_QUOTES);
  } else {
	$login=htmlspecialchars(trim($_POST['login']),ENT_QUOTES);
	$pass=htmlspecialchars(trim($_POST['pass']),ENT_QUOTES);
  }

if (($name=='')||($operator=='')||($fr=='')||($phonemodel=='')||($email=='')) {
	wmlhd();
	print "<p align=\"center\">Sorry, you MUST complete ALL REQUIRED fields</p>\n";
	print "</card>\n</wml>";
	exit;
}

if (($day==1)&&($month==1)&&($year==1970)) {
	wmlhd();
	print "<p align=\"center\">Sorry, you MUST complete ALL REQUIRED fields</p>\n";
	print "</card>\n</wml>";
	exit;
}

if ($newpass!=$newrepass) {
	wmlhd();
	print "<p align=\"center\">Password and confirmation does not match</p>\n";
	print "</card>\n</wml>";
	exit;
}

if ($email!='') {
	$chemail = explode('@',$email);
	$mailhost = $chemail[1];
	$mailhost=$mailhost.".";
	if (getmxrr($mailhost, $mxhosts) == FALSE && gethostbyname($mailhost) == $mailhost) {
		wmlhd();
		print "<p align=\"center\">".$mailhost." is not a valid e-mail host.</p>\n";
		print "</card>\n</wml>";
		exit;
	}
}

if (!($conn=pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser password=$dbpass"))) {
	wmlhd();
	print "<p align=\"center\">Error connecting to database</p>\n";
	print "</card>\n</wml>";
	exit;
}

if (isset($_SESSION['id'])) {
	$id=$_SESSION['id'];
} else {
$res=pg_query($conn,"select id from users where login='$login' and passwd='$pass' and moder=0;");
if (pg_numrows($res)!=1) {
	wmlhd();
	print "<p align=\"center\">Sorry, BAD login</p>\n";
	print "</card>\n</wml>";
	pg_close($conn);
	exit;
}
$id=pg_result($res,0,0);
$_SESSION['id']=$id;
}

	$res=pg_query($conn,"select id from users where email='$email';");
	if (pg_numrows($res)) {
		$eid=pg_result($res,0,0);
		if ($eid!=$id) {
			wmlhd();
			print "<p align=\"center\">Sorry, user with email ".uconv($email)." already exists</p>\n";
			print "</card>\n</wml>";
			pg_close($conn);
			exit;
		}
	}
	$res=pg_query($conn,"select email from users where id='$id';");
	if (pg_numrows($res)) {
		$oldmail=pg_result($res,0,0);
		if ($email!=$oldmail) {
			$rst=1;
			$pass=rand(10000,99999);
			$newpass=$pass;
			$newrepass=$pass;
			mail($email,"Your password at wap.katrinka.ru","Thank you for updating your profile at wap.katrinka.ru!\n\nYour password is: ".$pass."\nYou can change it in your profile.","From: [email protected]");
		}
	}

$newstatus='';
$res=pg_query($conn,"select cust_status,posts from users where id='$id';");
if (pg_numrows($res)) {
	$oldstatus=pg_result($res,0,0);
	$posts=pg_result($res,0,1);
	if ($posts >= 9000) $newstatus=$cust_status;
	else $newstatus=$oldstatus;
}

if ($newpass!='') {
$res=pg_query($conn,"update users set passwd='$newpass',email='$email',name='$name',bday='$bdate',operator='$operator',fr='$fr',phonenum='$phonenum',web='$website',info='$info',phonemod='$phonemodel',icq='$icq',wap='$wap',lastact='$timex',job='$job',cust_status='$newstatus' where id='$id';");
} else {
$res=pg_query($conn,"update users set email='$email',name='$name',bday='$bdate',operator='$operator',fr='$fr',phonenum='$phonenum',web='$website',info='$info',phonemod='$phonemodel',icq='$icq',wap='$wap',lastact='$timex',job='$job',cust_status='$newstatus' where id='$id';");
}

if (!$res) {
	wmlhd();
	print "<p align=\"center\">Error updating user</p>\n";
	print "</card>\n</wml>";
	pg_close($conn);
	exit;
} else {
	if (!$rst) {
		setcookie("Login", $login, time()+864000, "/");	
		setcookie("Password", $pass, time()+864000, "/");	
	} else {
		session_unset();
		setcookie("Login", "", time()-360, "/");	
		setcookie("Password", "", time()-360, "/");	
	}		
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<?php if ($lang=='eng') { ?>
<card id="UpdOk" title="Thanks!" ontimer="http://wap.katrinka.ru/index.php?lang=eng">
<timer value="200"/>
<p>Thank you for updating! We are taking you back to main page...<br/>
If you changed your e-mail - new password will be mailed to you.
</p>
</card>
</wml> 
<?php } else { ?>
<card id="UpdOk" title="&#x0421;&#x043F;&#x0430;&#x0441;&#x0438;&#x0431;&#x043E;!" ontimer="http://wap.katrinka.ru/index.php">
<timer value="200"/>
<p>&#x0421;&#x043F;&#x0430;&#x0441;&#x0438;&#x0431;&#x043E; &#x0437;&#x0430; &#x043E;&#x0431;&#x043D;&#x043E;&#x0432;&#x043B;&#x0435;&#x043D;&#x0438;&#x0435; &#x0412;&#x0430;&#x0448;&#x0438;&#x0445; &#x0434;&#x0430;&#x043D;&#x043D;&#x044B;&#x0445;, &#x043C;&#x044B; &#x0432;&#x043E;&#x0437;&#x0432;&#x0440;&#x0430;&#x0449;&#x0430;&#x0435;&#x043C; &#x0412;&#x0430;&#x0441; &#x043D;&#x0430; &#x0433;&#x043B;&#x0430;&#x0432;&#x043D;&#x0443;&#x044E;...<br/>
&#x0415;&#x0441;&#x043B;&#x0438; &#x0432;&#x044B; &#x043C;&#x0435;&#x043D;&#x044F;&#x043B;&#x0438; &#x0412;&#x0430;&#x0448; e-mail - &#x043D;&#x043E;&#x0432;&#x044B;&#x0439; &#x043F;&#x0430;&#x0440;&#x043E;&#x043B;&#x044C; &#x0431;&#x0443;&#x0434;&#x0435;&#x0442; &#x043E;&#x0442;&#x043E;&#x0441;&#x043B;&#x0430;&#x043D; &#x0412;&#x0430;&#x043C; &#x043F;&#x043E; &#x043F;&#x043E;&#x0447;&#x0442;&#x0435;.
</p>
</card>
</wml> 
<?php }
}
#pg_query($conn,"SET CLIENT_ENCODING TO 'KOI8';");
#$res=pg_query($conn,"select login,passwd,email,name,operator,fr,phonenum,web,info,phonemod from users where id=(select max(id) from users);");

#$login=pg_result($res,0,0);
#$pass=pg_result($res,0,1);
#$email=pg_result($res,0,2);
#$name=pg_result($res,0,3);
#$operator=pg_result($res,0,4);
#$fr=pg_result($res,0,5);
#$phonenum=pg_result($res,0,6);
#$website=pg_result($res,0,7);
#$info=pg_result($res,0,8);
#$phonemodel=pg_result($res,0,9);

pg_close($conn);
#mail("[email protected], [email protected]", "оПЧЩК РПМШЪПЧБФЕМШ WAP УБКФБ", "Login: $login\nPassword: $pass\nName: $name\nдБФБ ТПЦДЕОЙС: $day.$month.$year\nOperator: $operator\nFrom: $fr\nWebsite: $website\nPhone number: $phonenum\nPhone model: $phonemodel\nInfo: $info\nE-mail: $email\nHost: ".gethostbyaddr($addr)." [$addr]\nAgent: $agent\n","From: WAP УБКФ <[email protected]>\nContent-Type: text/plain; charset=KOI8-r");
?>