View file profile.php

File size: 6.5Kb
<?php
$urls='profile.php';
error_reporting(0);
$ttl='| Чат';
$urls='profile.php';
include("config.php");
include("./includes/constants/index");
include("./includes/".$ver."/banned");
$ref = rand(1000, 9999);

list($msec, $sec) = explode(chr(32), microtime()); 
$headtime = $sec + $msec;

header ("Content-type: text/html; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-relative");
include("./template/head.php");
//AUTH
$q = mysql_query("SELECT * FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".$password."';");

if(mysql_affected_rows() == 0)
{
//echo "Ошибка авторизации!<br/>\n";
include("./reginc.php");
include("./template/foot.php");
exit();
}
//END AUTH

//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE

$user = mysql_fetch_array($q);
$nickname = $user['nickname'];
$name = $user['name'];
$site = $user['site'];
$sex = $user['sex'];
$from = $user['from'];
$mobile = $user['mobile'];
$email = $user['email'];
$birthday = $user['birthday'];
$birthday = explode("-", $birthday);
$about = $user['about'];
$posts = $user['posts'];
$level = $user['level'];
$status = $user['status'];


if(!isset($_POST['action']))
{
echo "<div class=\"form\">\n";
echo "<form method=\"post\" action=\"profile_sav.php?id=$id&password=$password\">\n";
if($level > 2)
{
echo "Ник:<br/>
<input type=\"text\" name=\"nickname\" value=\"$nickname\" maxlength=\"15\"/><br/>\n";
}
echo "Пароль:<br/>
<input type=\"text\" name=\"pass\" value=\"$password\" maxlength=\"20\"/><br/>\n";
if($level > 2)
{
echo "Статус:<br/>
<input type=\"text\" name=\"status\" value=\"$status\" maxlength=\"15\"/><br/>\n";
}
echo "Имя:<br/>
<input type=\"text\" name=\"name\" value=\"$name\" maxlength=\"20\"/><br/>
Пол:<br/>
<select name=\"sex\">\n";
if($sex == 0)
{
echo "<option value=\"0\" selected=\"selected\">Мужской</option>\n";
echo "<option value=\"1\">Женский</option>\n";
echo "<option value=\"2\">Неизвестно :)</option>\n";
echo "</select><br/>\n";
}
elseif($sex == 1)
{
echo "<option value=\"1\" selected=\"selected\">Женский</option>\n";
echo "<option value=\"0\">Мужской</option>\n";
echo "<option value=\"2\">Неизвестно :)</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<option value=\"2\" selected=\"selected\">Неизвестно :)</option>\n";
echo "<option value=\"1\">Женский</option>\n";
echo "<option value=\"0\">Мужской</option>\n";
echo "</select><br/>\n";
}
echo "Дата рождения:<br/>
<input size=\"2\" name=\"day\" value=\"".$birthday[0]."\" maxlength=\"2\"/>
-
<input size=\"2\" name=\"month\" value=\"".$birthday[1]."\" maxlength=\"2\"/>
-
<input size=\"4\" name=\"year\" value=\"".$birthday[2]."\" maxlength=\"4\"/><br/>
Город:<br/>
<input type=\"text\" name=\"from\" value=\"$from\" maxlength=\"20\"/><br/>
Модель мобильного телефона:<br/>
<input type=\"text\" name=\"mobile\" value=\"$mobile\" maxlength=\"20\"/><br/>
eMail:<br/>
<input type=\"text\" name=\"email\" value=\"$email\" maxlength=\"20\"/><br/>
Сайт:<br/>
<input type=\"text\" name=\"site\" value=\"http://$site\"  maxlength=\"50\"/><br/>
О себе:<br/>
<input type=\"text\" name=\"about\" value=\"$about\" maxlength=\"300\"/><br/>";
echo "<input type=\"hidden\" name=\"action\" value=\"save\"/>\n";
echo "<input type=\"submit\" name=\"submit\"/></form></div><br/>\n";
echo "<a href=\"upload.php?nocache=$nocache&amp;ref=$ref\">Фотография</a><br/>\n";
echo "<a href=\"index.php?nocache=$nocache&amp;ref=$ref\">Меню чата</a><br/>\n";
}
else
{
	if($level > 2)
	{
	$nickname = mysql_escape_string(htmlspecialchars(trim($_POST['nickname'])));
	$status = mysql_escape_string(htmlspecialchars(trim($_POST['status'])));
	}
	else
	{
	$query = mysql_query("SELECT `nickname`, `status` FROM `chat_users` WHERE `id` = '".$id."';");
	$nickname = mysql_result($query, 0, 'nickname');
	$status = mysql_result($query, 0, 'status');
	}
$pass = $_POST['pass'];
$name = mysql_escape_string(htmlspecialchars(trim($_POST['name'])));
	if($_POST['sex'] == 0 or $_POST['sex'] == 1 or $_POST['sex'] == 2)
	{
	$sex = intval($_POST['sex']);
	}
	else
	{
	$sex = 2;
	}
$day = intval($_POST['day']);
$day = substr($day, 0, 2);
$month = intval($_POST['month']);
$month = substr($month, 0, 2);
$year = intval($_POST['year']);
$year = substr($year, 0, 4);
$birthday = "$day-$month-$year";
$from = mysql_escape_string(htmlspecialchars(trim($_POST['from'])));
$mobile = mysql_escape_string(htmlspecialchars(trim($_POST['mobile'])));
$email = mysql_escape_string(htmlspecialchars(trim($_POST['email'])));
$site = strtolower(mysql_escape_string(htmlspecialchars(trim($_POST['site']))));
$site = str_replace('http://', '', $site);
$about = mysql_escape_string(htmlspecialchars(trim($_POST['about'])));

$error = "";

if(empty($nickname) && $level > 2) $error .= "Не введен ник!<br/>\n";
if(empty($pass)) $error .= "Не введен пароль!<br/>\n";
if(preg_match("/[^0-9a-zA-Z_]+/",$pass)) $error .= "В пароле есть запрещенные символы!<br/>\n";
if(empty($status) && $level > 2) $error .= "Не введен статус!<br/>\n";
if(strlen($mobile) > 40) $error .= "Слишком много информации в \"Модель мобильного телефона\"!<br/>\n";
if(strlen($email) > 40) $error .= "Слишком длинный e-mail!<br/>\n";
if(strlen($site) > 100) $error .= "Слишком длинный адрес сайта!<br/>\n";
if(strlen($about) > 600) $error .= "Слишком много информации в \"О себе\"!<br/>\n";

if(!empty($error))
{
echo $error;
echo "<a href=\"profile.php?ref=$ref\">Назад</a><br/>\n";
echo "<a href=\"index.php?nocache=$nocache&amp;ref=$ref\">Меню чата</a><br/>\n";
include("./template/foot.php");
exit();
}

$q = mysql_query("UPDATE `chat_users` SET `nickname` = '".$nickname."', `password` = '".$pass."', `name` = '".$name."', `sex` = '".$sex."', `status` = '".$status."', `birthday` = '".$birthday."', `from` = '".$from."', `mobile` = '".$mobile."', `email` = '".$email."', `site` = '".$site."', `about` = '".$about."' WHERE `id` = '".$id."';");

echo "Профиль успешно сохранен!<br/>\n";
echo '<a href="index.php?id='.$id.'&password='.$pass.'&ver=html">Меню чата</a><br/>';
}
include("./template/foot.php");
break;
?>