View file includes/modules/account.php

File size: 5.55Kb
<?php
$_SESSION['account'] = isset( $_SESSION['account'] ) ? (int) $_SESSION['account'] : NULL;

if( $_SESSION['account'] === NULL )
{
	redirect( gen_uri('index') );
}

if( !$sql->query("SELECT * FROM `" . CATALOGUE_SITES . "` WHERE `id` = " . $_SESSION['account'] . ";") )
{
	put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}

if( $sql->num_rows() < 1 )
{
	redirect( gen_uri('index', '', 'logout', VERSION) );
}

$account_data = $sql->fetch_assoc();

$template_vars['header'] = array(
'TITLE' => output( $account_data['site'] ),
'CSS' => $css
);

$template_vars['body'] = array();

$template->set_vars('header', $template_vars['header']);

$show_form = true;

if( empty($_POST) == false )
{
	$site = isset( $_POST['site'] ) ? (string) $_POST['site'] : '';
	$email = isset( $_POST['email'] ) ? (string) $_POST['email'] : '';
	$title = isset( $_POST['title'] ) ? (string) $_POST['title'] : '';
	$description = isset( $_POST['description'] ) ? (string) $_POST['description'] : '';
	$tr = isset( $_POST['tr'] ) ? (boolean) $_POST['tr'] : false;
	$section_id = isset( $_POST['section_id'] ) ? (int) $_POST['section_id'] : '';

	if( get_magic_quotes_gpc() )
	{
		$site = stripslashes( $site );
		$email = stripslashes( $email );
		$title = stripslashes( $title );
		$description = stripslashes( $description );
	}

	if( $tr )
	{
		$title = tr( $title );
		$description = tr( $description );
	}

	$site = cleanup(trim($site));
	$email = cleanup(trim($email)); 
	$title = cleanup(trim($title));
	$description = cleanup(trim($description));

	if( !$sql->query("SELECT * FROM `" . CATALOGUE_SECTIONS . "` WHERE `id` = " . $section_id . ";") )
	{
		put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
	}

	if( $sql->num_rows() < 1 )
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_INVALID_SECTION_ID']));		
	}
	else if( !preg_match('#^http://([a-z\d-]+\.)*[a-z\d-]+(:\d+)?(.*)$#i', $site, $match) )
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_INVALID_SITE']));
	}
	else if( $description === '' )
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_EMPTY_DESCRIPTION']));
	}
	else
	{
		$site = parse_url( $site );
		$site = strtolower( $site['host'] );
		$path = empty( $match[3] ) ? '/' : $match[3];

		if( strtolower($account_data['site']) <> strtolower($site) )
		{
			$site = $sql->fetch_assoc($qresult);

			$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_TRY_TO_CHANGE_HOST']));
		}
		else
		{
			if( $title == '' ) $title = $site;

			if( !$sql->query("UPDATE `" . CATALOGUE_SITES . "` SET `path` = '" . $sql->escape_string($path) . "', `email` = '" . $sql->escape_string($email) . "', `section_id` = " . $section_id . ", `title` = '" . $sql->escape_string($title) . "', `description` = '" . $sql->escape_string($description) . "' WHERE `id` = " . $_SESSION['account'] . ";") )
			{
				put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
			}

			if( $sql->affected_rows() )
			{
				if( !$sql->query("UPDATE `" . CATALOGUE_SITES . "` SET `checked` = 1, `update_dt` = UNIX_TIMESTAMP() WHERE `id` = " . $_SESSION['account'] . ";") )
				{
					put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
				}				

				$template->load_template('templates/' . VERSION . '/message.tpl', 'body');
				$template->set_vars('body', array('MESSAGE' => $lang['ACCOUNT_UPDATE_SUCCESS']));

				$link = array(
				array('HREF' => gen_uri('index'), 'NAME' => $lang['BACK'])
				);

				for($i = 0; $i < count($link); $i++)
				{
					$template->set_block_vars('body', 'link', $link[$i]);
				}
			}
			else
			{
				redirect( gen_uri('index') );
			}

			$show_form = false;
		}
	}
}

if( $show_form )
{
	if( !$sql->query("SELECT * FROM `" . CATALOGUE_SECTIONS . "` WHERE `reg_access` = 1 ORDER BY `name` ASC;") )
	{
		put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);	
	}

	if( $sql->num_rows() < 1 )
	{
		put_error(ERROR, $lang['ERR_SECTION_LIST_IS_EMPTY']);
	}

	for( $i = 0; $section = $sql->fetch_assoc(); $i++ )
	{
		$template->set_block_vars('body', 'section', array(
		'ID' => $section['id'],
		'NAME' => output($section['name']),
		'SELECTED' => $i ? "" : " selected='selected'"
		));
	}

	$template_vars['body'] = array(
	'WARNING' => $lang['EDIT_WARNING'],
	'SITE' => $lang['SITE'],
	'SITE_VALUE' => 'http://' . output($account_data['site'] . $account_data['path']),
	'EMAIL_VALUE' => output($account_data['email']),
	'TITLE' => $lang['TITLE'],
	'TITLE_VALUE' => output($account_data['title']),
	'DESCRIPTION' => $lang['DESCRIPTION'],
	'DESCRIPTION_VALUE' => output($account_data['description']),
	'SECTION' => $lang['SECTION'],
	'SECTION_VALUE' => $account_data['section_id'],
	'TR' => $lang['TR'],
	'SUBMIT' => $lang['SUBMIT'],
	'Y' => $lang['Y'],
	'N' => $lang['N'],
	'PATH' => gen_uri($m, '', $nocache),
	'CH_PASSWD_HREF' => gen_uri('password', '', $nocache),
	'CH_PASSWD' => $lang['CHANGE_PASSWORD'],
	'LOGOUT_HREF' => gen_uri('index', '', 'logout', VERSION),
	'LOGOUT' => sprintf($lang['LOGOUT'], output($account_data['site'])),
	'BACK_HREF' => gen_uri('index'),
	'BACK' => $lang['BACK'],
	'NOCACHE' => $nocache
	);
}

$template->set_vars('header', $template_vars['header']);
$template->set_vars('body', $template_vars['body']);
$template->set_vars('footer', array('SWITCH_VERSION' => switch_version($m, '', $nocache)));
?>