Файл: modules/padmin/user_edit.php
Строк: 140
<?php
if ($db->query("SELECT * FROM `users` WHERE `id` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->rowCount() == 0)
{
header('Location: /');
exit();
}
if($user['level'] >= 6) {
$user_edit = $db->query("SELECT * FROM `users` WHERE `id` = '".abs(intval($_GET['id'])) ."'")->fetch();
if(isset($_POST['save']) && $_GET['act']== 'save') {
$nick = substr(input($_POST['nick']), 0, 150);
$email = substr(input($_POST['email']), 0, 150);
$rub = substr(input($_POST['rub']), 0, 150);
$name = substr(input($_POST['name']), 0, 35);
$surname = substr(input($_POST['surname']), 0, 35);
$day = substr(abs(intval($_POST['day'])), 0, 2);
$month = substr(abs(intval($_POST['month'])), 0, 2);
$year = substr(abs(intval($_POST['year'])), 0, 4);
$device = substr(input($_POST['device']), 0, 65);
$icq = substr(abs(intval($_POST['icq'])), 0, 9);
$gender = ($_POST['gender'] == 1 || $_POST['gender'] == 2 ? abs(intval($_POST['gender'])) : 1);
$city = substr(input($_POST['city']), 0, 65);
$country = substr(input($_POST['country']), 0, 55);
$site1 = substr(input($_POST['site']), 0, 40);
$site = str_replace('http://', '', $site1);
$about_me = substr(input($_POST['about_me']), 0, 1000);
$db->query("UPDATE `users` SET `nick` = '". $nick."', `email` = '". $email."', `rub` = '". $rub."', `name` = '". $name."', `surname` = '". $surname."', `day` = '". $day."', `month` = '". $month."', `year` = '". $year."', `device` = '". $device."', `icq` = '". $icq."', `city` = '". $city."', `country` = '". $country."', `site` = '". $site."', `gender` = '". $gender."', `info` = '". $about_me."' WHERE `id` = '".abs(intval($_GET['id'])) ."'");
// print_r($db->errorInfo());
go('/padmin/user_edit.php?id='. $user_edit['id'] .'&act=edited');
}
$locate = 'in_edit';
$title = $lang->word('edit_profile');
require_once(SYS.'/view/header.php');
if($_GET['act']=='edited') {$tpl->div('block', $lang->word('succ_save'));}
$tpl->div('title', ''.$lang->word('edit_profile').' <b>'. $user_edit['nick'] .'</b>');
if (isset($err)) echo '<div class="error">'. $err .'</div>';
echo '<div class="post">
<form action="/padmin/user_edit.php?id='. $user_edit['id'] .'&act=save" method="post">
'. $lang->word('nick') .':<br/>
<input type="text" name="nick" value="'. $user_edit['nick'] .'" /><br/>
E-mail:<br/>
<input type="text" name="email" value="'. $user_edit['email'] .'" /><br/>
Баланс:<br/>
<input type="text" name="rub" value="'. $user_edit['rub'] .'" /><br/>
'. $lang->word('name') .':<br/>
<input type="text" name="name" value="'. $user_edit['name'] .'" /><br/>
'. $lang->word('surname') .':<br/>
<input type="text" name="surname" value="'. $user_edit['surname'] .'" /><br/>
'. $lang->word('birth') .':<br/>
<select name="day">
<option value="0" '.($user_edit['day'] == '0' ? 'selected="selected"' : NULL).'>0</option>';
for($d = 1; $d<=31; $d++) {
echo "<option value="". $d ."" ".($user_edit['day'] == $d ? 'selected="selected"' : NULL).">". $d ."</option>n";
}
echo '</select>
<select name="month">
<option value="0" '.($user_edit['day'] == '0' ? 'selected="selected"' : NULL).'>0</option>';
for($m = 1; $m<=12; $m++) {
echo "<option value="". $m ."" ".($user_edit['month'] == $m ? 'selected="selected"' : NULL).">". $m ."</option>n";
}
echo '</select>
<select name="year">
<option value="0" '.($user_edit['day'] == '0' ? 'selected="selected"' : NULL).'>0</option>';
for($y = 1960; $y<=(date('Y')-1); $y++) {
echo "<option value="". $y ."" ".($user_edit['year'] == $y ? 'selected="selected"' : NULL).">". $y ."</option>n";
}
echo '</select><br/>
'. $lang->word('gender') .':<br/>
<select name="gender">
<option value="1" '.($user_edit['gender'] == '1' ? 'selected="selected"' : NULL).'>'. $lang->word('male') .'</option>
<option value="2" '.($user_edit['gender'] == '2' ? 'selected="selected"' : NULL).'>'. $lang->word('female') .'</option>
</select><br/>
'. $lang->word('device') .':<br/>
<input type="text" name="device" value="'. $user_edit['device'] .'" /><br/>
ICQ: <br/>
<input type="text" name="icq" value="'. $user_edit['icq'] .'" /><br/>
'. $lang->word('city') .': <br/>
<input type="text" name="city" value="'. $user_edit['city'] .'" /><br/>
'. $lang->word('country') .': <br/>
<input type="text" name="country" value="'. $user_edit['country'] .'" /><br/>
'. $lang->word('site') .': <br/>
<input type="text" name="site" value="'. (empty($user_edit['site']) ? 'http://' : $user['site']).'" /><br/>
'. $lang->word('about_me') .': <br/>
<textarea name="about_me">'. $user_edit['info'] .'</textarea><br/>
<input name="save" type="submit" value="'. $lang->word('save') .'" />
</form>
</div>
';
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
} else { go('/'); }
require_once(SYS.'/view/footer.php');
?>