File size: 4.29Kb
<?
$urls='profile.php';
error_reporting(0);
$ttl='| Чат';
$urls='profile.php';
include("config.php");
include("./includes/constants/index");
include("./includes/".$ver."/banned");
$ref = rand(1000, 9999);
list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
header ("Content-type: text/html; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-relative");
include("./template/head.php");
//AUTH
$id = intval($_GET['id']);
$password = mysql_escape_string($_GET['password']);
$q = mysql_query("SELECT * FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".$password."';");
//if(mysql_affected_rows() == 0)
//{
//echo "Ошибка авторизации!<br/>\n";
//include("./reginc.php");
//include("./template/foot.php");
//exit();
//}
//END AUTH
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE
$user = mysql_fetch_array($q);
$nickname = $user['nickname'];
$name = $user['name'];
$site = $user['site'];
$sex = $user['sex'];
$from = $user['from'];
$mobile = $user['mobile'];
$email = $user['email'];
$birthday = $user['birthday'];
$birthday = explode("-", $birthday);
$about = $user['about'];
$posts = $user['posts'];
$level = $user['level'];
$status = $user['status'];
if($level > 2)
{
$nickname = mysql_escape_string(htmlspecialchars(trim($_POST['nickname'])));
$status = mysql_escape_string(htmlspecialchars(trim($_POST['status'])));
}
else
{
$query = mysql_query("SELECT `nickname`, `status` FROM `chat_users` WHERE `id` = '".$id."';");
$nickname = mysql_result($query, 0, 'nickname');
$status = mysql_result($query, 0, 'status');
}
$pass = $_POST['pass'];
$name = mysql_escape_string(htmlspecialchars(trim($_POST['name'])));
if($_POST['sex'] == 0 or $_POST['sex'] == 1 or $_POST['sex'] == 2)
{
$sex = intval($_POST['sex']);
}
else
{
$sex = 2;
}
$day = intval($_POST['day']);
$day = substr($day, 0, 2);
$month = intval($_POST['month']);
$month = substr($month, 0, 2);
$year = intval($_POST['year']);
$year = substr($year, 0, 4);
$birthday = "$day-$month-$year";
$from = mysql_escape_string(htmlspecialchars(trim($_POST['from'])));
$mobile = mysql_escape_string(htmlspecialchars(trim($_POST['mobile'])));
$email = mysql_escape_string(htmlspecialchars(trim($_POST['email'])));
$site = strtolower(mysql_escape_string(htmlspecialchars(trim($_POST['site']))));
$site = str_replace('http://', '', $site);
$about = mysql_escape_string(htmlspecialchars(trim($_POST['about'])));
$error = "";
if(empty($nickname) && $level > 2) $error .= "Не введен ник!<br/>\n";
if(empty($pass)) $error .= "Не введен пароль!<br/>\n";
if(preg_match("/[^0-9a-zA-Z_]+/",$pass)) $error .= "В пароле есть запрещенные символы!<br/>\n";
if(empty($status) && $level > 2) $error .= "Не введен статус!<br/>\n";
if(strlen($mobile) > 40) $error .= "Слишком много информации в \"Модель мобильного телефона\"!<br/>\n";
if(strlen($email) > 40) $error .= "Слишком длинный e-mail!<br/>\n";
if(strlen($site) > 100) $error .= "Слишком длинный адрес сайта!<br/>\n";
if(strlen($about) > 600) $error .= "Слишком много информации в \"О себе\"!<br/>\n";
if(!empty($error))
{
echo $error;
echo "<a href=\"profile.php?ref=$ref\">Назад</a><br/>\n";
echo "<a href=\"index.php?nocache=$nocache&ref=$ref\">Меню чата</a><br/>\n";
include("./template/foot.php");
exit();
}
$q = mysql_query("UPDATE `chat_users` SET `nickname` = '".$nickname."', `password` = '".$pass."', `name` = '".$name."', `sex` = '".$sex."', `status` = '".$status."', `birthday` = '".$birthday."', `from` = '".$from."', `mobile` = '".$mobile."', `email` = '".$email."', `site` = '".$site."', `about` = '".$about."' WHERE `id` = '".$id."';");
echo "Профиль успешно сохранен!<br/>\n";
echo '<a href="index.php?id='.$id.'&password='.$pass.'&ver=html">Меню чата</a><br/>';
include("./template/foot.php");
break;
?>