* * * * This script displays the contents for the 'Edit Profile' page. Don't * * forget the 12 space indent for all content pages. * * * * Last modified : September 25th, 2002 (JJS) * \******************************************************************************/ /* Make sure no one is calling this file directly */ $file_name = "edit_profile.php"; /* Get the negative length of $file_name */ $file_name_length = -(strlen($file_name)); /* Check if the values match, if so, redirect */ if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) header("Location: ../index.php"); /* Grab the veriables submitted by the form */ $email = GetVars("email"); $old_email = GetVars("old_email"); $location = GetVars("location"); $occupation = GetVars("occupation"); $homepage = GetVars("homepage"); $picture = GetVars("picture"); $interests = GetVars("interests"); $aim = GetVars("aim"); $icq = GetVars("icq"); $yahoo = GetVars("yahoo"); $signature = GetVars("signature"); $include_sig = GetVars("include_sig"); $action = GetVars("action"); $step = GetVars("step"); /* Parse any user input */ CheckVars(&$step, 1); CheckVars(&$username, 64); CheckVars(&$password, 64); CheckVars(&$confirm_password, 64); CheckVars(&$email, 128); CheckVars(&$old_email, 128); CheckVars(&$location, 128); CheckVars(&$occupation, 64); CheckVars(&$homepage, 128); CheckVars(&$picture, 128); CheckVars(&$interests, 255); CheckVars(&$aim, 16); CheckVars(&$icq, 16); CheckVars(&$yahoo, 32); CheckVars(&$signature, 255); CheckVars(&$include_sig, 1); /* Check that the user isn't trying to mess with the $step variable */ if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 ) ) $step = 1; /* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ if ( ( ( $username == "" || $email == "" ) && ( $step == 3 || $step == 4 ) ) || ( ( ( $step == 1 && ( $QUERY_STRING != "pid=edit_profile" && $QUERY_STRING != "pid=login" ) ) ) || ( $step == 2 && $QUERY_STRING != "pid=edit_profile" ) || ( $step == 3 && $QUERY_STRING != "pid=edit_profile&step=3" ) || ( $step == 4 && $QUERY_STRING != "pid=edit_profile" ) ) || ( ( $step != 1 && $step != 2 ) && ( strlen(trim($username)) == 0 || strlen(trim($email)) == 0 ) ) ) { echo " Malformed request detected!
\n"; $step = 1; } /* On step 3 we have two choices, determine which step to go to based on the button the user clicks on */ if ($action == "Edit Profile") $step = 2; else if ($action == "Submit Profile") $step = 4; /* Parse some of the variables to ensure accurate values */ if ( $step == 2 && $homepage == "" ) $homepage = "http://"; if ( $step == 2 && $picture == "" ) $picture = "http://"; /* Strip out html and slashes on step 2 */ if ($step == 2) { $username = stripslashes(strip_tags($username)); $password = stripslashes(strip_tags($password)); $email = stripslashes(strip_tags($email)); $location = stripslashes(strip_tags($location)); $occupation = stripslashes(strip_tags($occupation)); $homepage = stripslashes(strip_tags($homepage)); $picture = stripslashes(strip_tags($picture)); $interests = stripslashes(strip_tags($interests)); $aim = stripslashes(strip_tags($aim)); $icq = stripslashes(strip_tags($icq)); $yahoo = stripslashes(strip_tags($yahoo)); $signature = stripslashes(strip_tags($signature)); } /* Step 3 too ... */ if ($step == 3) { $username = stripslashes(strip_tags($username)); $password = stripslashes(strip_tags($password)); $email = stripslashes(strip_tags($email)); $location = stripslashes(strip_tags($location)); $occupation = stripslashes(htmlspecialchars($occupation)); $homepage = stripslashes(strip_tags($homepage)); $picture = stripslashes(strip_tags($picture)); $interests = stripslashes(strip_tags($interests)); $aim = stripslashes(strip_tags($aim)); $icq = stripslashes(strip_tags($icq)); $yahoo = stripslashes(strip_tags($yahoo)); /* Allowing CRs creates issues, this code should resolve them :) */ $signature = stripslashes(htmlspecialchars($signature)); $signature = nl2br($signature); $signature = str_replace("
", "
", $signature); } /* On step 4, clean up the signature */ if ($step == 4) { $occupation = htmlspecialchars($occupation); $signature = htmlspecialchars($signature); $signature = str_replace("<BR>", "
", $signature); } /* Display the current step */ switch ($step) { /* Display the current profile */ default: case 1: /* Pull the number of accounts with the same username */ $SQL = "SELECT * FROM " . TABLE_PREFIX . "users WHERE user_name='$username';"; $results = ExeSQL($SQL); /* Grab the data and assign it to variables */ while ($row = mysql_fetch_array($results)) { $username = $row["user_name"]; $password = ""; $email = $row["user_email"]; $location = $row["user_location"]; $occupation = $row["user_occupation"]; $homepage = $row["user_homepage"]; $picture = $row["user_picture"]; $interests = $row["user_interests"]; $aim = $row["user_aim"]; $icq = $row["user_icq"]; $yahoo = $row["user_yahoo"]; $signature = $row["user_signature"]; $include_sig = $row["user_usesig"]; } /* Display the HTML for the beginning of the form and table */ echo "

\n" . " \n" . " \n" . " \n" . " \n"; /* Assign the active color to the inactive value */ $the_color = TABLE_COLOR_2; /* Preview the mandatory fields ... */ PreviewSection ( $password, "Password", &$the_color ); PreviewSection ( $email, "Email", &$the_color ); /* ... and the optional ones */ if ( $location != "" ) PreviewSection( $location, "Location", &$the_color ); if ( $occupation != "" ) PreviewSection( $occupation, "Occupation", &$the_color ); if ( $homepage != "" && $homepage != "http://" ) PreviewSection( $homepage, "Homepage", &$the_color ); if ( $picture != "" && $picture != "http://" ) PreviewSection ( $picture, "Picture", &$the_color ); if ( $interests != "" ) PreviewSection ( $interests, "Interests", &$the_color ); if ( $aim != "" ) PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); if ( $icq != "" ) PreviewSection ( $icq, "ICQ", &$the_color ); if ( $yahoo != "" ) PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); /* The signature is a different kind of field, so we handle it differently */ if ( $signature != "" ) { /* Change to the other color */ if ($the_color == TABLE_COLOR_1) $the_color = TABLE_COLOR_2; else $the_color = TABLE_COLOR_1; /* Determine if the user is including the signature or not */ if ($include_sig == 1) $show_include = "You have chosen to include this signature on new posts."; else $show_include = "You have chosen to not include this signature on new posts."; /* Display the signature section of the form */ echo " \n" . " \n" . " \n" . " \n"; } /* Finish off the HTML */ echo "

$username's Profile
Signature:	\n" . " $signature \n" . " $show_include\n" . " \n" . " \n" . "

\n" . " \n" . "
\n" . "

\n"; break; /* Display the form for the user to fill out */ case 2: ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); break; /* Display the info the user supplied and prompt them to continue or edit */ case 3: /* Display the HTML */ echo "

\n" . " \n" . " \n" . " \n" . " \n"; /* Assign second color as the active one */ $the_color = TABLE_COLOR_2; /* Preview the mandatory sections */ PreviewSection ( $username, "Username", &$the_color ); PreviewSection ( $password, "Password", &$the_color ); PreviewSection ( $email, "Email", &$the_color ); /* Along with the optional sections */ if ( $location != "" ) PreviewSection( $location, "Location", &$the_color ); if ( $occupation != "" ) PreviewSection( $occupation, "Occupation", &$the_color ); if ( $homepage != "" && $homepage != "http://" ) PreviewSection( $homepage, "Homepage", &$the_color ); if ( $picture != "" && $picture != "http://" ) PreviewSection ( $picture, "Picture", &$the_color ); if ( $interests != "" ) PreviewSection ( $interests, "Interests", &$the_color ); if ( $aim != "" ) PreviewSection ( $aim, "AOL Instant Messenger", &$the_color ); if ( $icq != "" ) PreviewSection ( $icq, "ICQ", &$the_color ); if ( $yahoo != "" ) PreviewSection ( $yahoo, "Yahoo Pager", &$the_color ); /* The signature is a more complex section, hence more code */ if ( $signature != "" ) { /* Swap out the colors */ if ($the_color == TABLE_COLOR_1) $the_color = TABLE_COLOR_2; else $the_color = TABLE_COLOR_1; /* Determine is the user is including the signatures or not */ if ($include_sig == 1) $show_include = "You have chosen to include this signature on new posts."; else $show_include = "You have chosen to not include this signature on new posts."; /* Display the HTML for the signautre section */ echo " \n" . " \n" . " \n" . " \n"; } /* And close off the page */ echo "

Profile Preview
Signature:	\n" . " $signature \n" . " $show_include\n" . " \n" . " \n" . "

\n" . " \n" . " \n" . "
\n" . " \n" . " \n" . " \n" . " \n" . "

\n"; break; /* Check the user's input, add the user to the database, and display the results */ case 4: /* If the page was POSTed to, then continue */ if ( $REQUEST_METHOD == "POST" ) { /* Start off with 0 errors */ $no_err = 0; /* If the new and old email's don't match then ... */ if ($email != $old_email) { /* ... then pull the number of email's that match */ $SQL = "SELECT COUNT(*) as email_exists FROM " . TABLE_PREFIX . "users WHERE user_email='$email';"; $results = ExeSQL($SQL); /* Grab the data */ while ($row = mysql_fetch_array($results)) { /* If there are accounts with the same email ... */ if ($row["email_exists"] != 0) { /* ... then let the user know */ echo " Someone has already registered using that email address!
\n"; $no_err++; } } } /* No errors means we continue with out plans */ if ($no_err == 0) { /* Clear out the URL variables if they still contain 'http://' */ if ($homepage == "http://") { $homepage = ""; } if ($picture == "http://") { $picture = ""; } /* Crypt the password to a random salt */ if ($password != "") $password = crypt($password); /* If it doesn't equal 1, then set it equal to 0 */ if ($include_sig != 1) $include_sig = 0; /* If the password is blank, then don't update the password, if it isn't then do it! */ if ($password != "") $SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_pass='$password', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';"; else $SQL = "UPDATE " . TABLE_PREFIX . "users SET user_email='$email', user_location='$location', user_occupation='$occupation', user_homepage='$homepage', user_picture='$picture', user_interests='$interests', user_aim='$aim', user_icq='$icq', user_yahoo='$yahoo', user_signature='$signature', user_usesig='$include_sig' WHERE user_name='$username';"; /* Execute the SQL query */ $results = ExeSQL($SQL); /* Log the user in with their new password if they set one */ if ($password != "") { SetCookie("user_name", $username, time() + 86400, '', $_SERVER['HTTP_HOST']); SetCookie("user_pass", $password, time() + 86400, '', $_SERVER['HTTP_HOST']); } /* Set the logged in variable to active */ $logged_in = 1; /* Let the user know everything is cool */ echo " \n" . " Your profile has been updated!
\n" . " \n" . "
\n"; /* Display the forum list */ require("./content/view_forums.php"); return; } else { /* If there's an error, then display the form again */ ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); } } else { /* This means someone way trying to feed the script false info, just let them know and show the form again */ echo " Malformed request detected!

\n"; ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ); } break; } /* * */ function ShowProfileForm( $username, $password, $confirm_password, $email, $location, $occupation, $homepage, $picture, $interests, $aim, $icq, $yahoo, $signature, $include_sig ) { echo " \n"; echo "

\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; $username = str_replace("\"", """, $username); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $password = str_replace("\"", """, $password); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $password = str_replace("\"", """, $password); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $email = str_replace("\"", """, $email); echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; $location = str_replace("\"", """, $location); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $occupation = str_replace("\"", """, $occupation); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $homepage = str_replace("\"", """, $homepage); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $picture = str_replace("\"", """, $picture); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $interests = str_replace("\"", """, $interests); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $aim = str_replace("\"", """, $aim); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $icq = str_replace("\"", """, $icq); echo " \n"; echo " \n"; echo " \n"; echo " \n"; $yahoo = str_replace("\"", """, $yahoo); echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "

Required Information Leave the password fields blank if you wish to keep your current password.

Username:

$username

Password:

Min 6 characters - Max: 64 characters

Confirm Password:

Min: 6 characters - Max: 64 characters

Email:

Max: 128 characters

Optional Information

Location:

Max: 128 characters

Occupation:

Max: 64 characters

Homepage:

Max: 128 characters

Picture:

Max: 128 characters

Interests:

Max: 255 characters

AOL Instant Messenger:

Max: 16 characters

ICQ:

Max: 16 characters

Yahoo Pager:

Max: 32 characters

Signature:

\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; if ($include_sig == 1) $checked = " checked"; else $checked = ""; echo " \n"; echo " \n"; echo " \n"; echo "

$signature	Max: 255 characters
Include signature on new posts?

\n"; echo "

\n"; echo " \n"; echo "
\n"; echo "

\n"; } function PreviewSection ( $section_value, $section_title, $the_color ) { if ($the_color == TABLE_COLOR_1) $the_color = TABLE_COLOR_2; else $the_color = TABLE_COLOR_1; echo " \n"; echo " $section_title:\n"; echo " \n"; if ($section_title == "Password") echo " Password is hidden for security purposes.\n"; else echo " $section_value\n"; if ($section_title == "Picture") { $profile_img = @getimagesize($section_value); $image_caption = "Image size"; if ($profile_img[0] > 320) { $profile_img[0] = 320; $image_caption = "Scaled image size"; } if ($profile_img[1] > 240) { $profile_img[1] = 240; $image_caption = "Scaled image size"; } if ($profile_img[0] > $profile_img[1]) $scale_img = "height=\"$profile_img[1]\""; else $scale_img = "width=\"$profile_img[0]\""; echo "

\n"; echo " $image_caption: {$profile_img[0]}x{$profile_img[1]}\n"; echo "

\n"; } if ($section_title == "AOL Instant Messenger") $section_title = "aim"; else $section_title = strtolower($section_title); if ($section_title == "yahoo pager") $section_title = "yahoo"; /* URL encode the double quotes */ $section_value = str_replace("\"", """, $section_value); echo " \n"; echo " \n"; echo " \n"; } ?>