Файл: includes/wap/profile/info.php
Строк: 58
<?php
$pass=utf2cyr(stripslashes($HTTP_POST_VARS['pass']));
$familia=utf2cyr(stripslashes($HTTP_POST_VARS['familia']));
$name=utf2cyr(stripslashes($HTTP_POST_VARS['name']));
$email=utf2cyr(stripslashes($HTTP_POST_VARS['email']));
if ($HTTP_POST_VARS['tr2cyr']=='yes')
{
$familia=tr2rus($familia);
$name=tr2rus($name);
}
$error='';
if (($pass!='')||($familia!='')||($name!='')||($email!=''))
{
if ($pass!=$data['pass']) $error='<b><small>Неправильный пароль!</small></b><br/>';
if (($familia=='')||($name=='')) $error='<b><small>Не указано имя или фамилия!</small></b><br/>';
if ($error=='')
{
@mysql(DBName,"UPDATE `users` SET `familia` = '$familia' , `name` = '$name' , `email` = '$email' WHERE `domain` = '$sitedomain' AND `login` = '$user' AND `pass` = '$pass' LIMIT 1");
@mysql(DBName,"UPDATE `users` SET `email` = LCASE( `email` ) WHERE `email` REGEXP '[a-z0-9-]+\@[a-z0-9\.-]+\.[a-z]+' AND `domain` = '$sitedomain' AND `login` = '$user' AND `pass` = '$pass' LIMIT 1");
@mysql(DBName,"UPDATE `users` SET `email` = '' WHERE NOT ( `email` REGEXP '[a-z0-9-]+\@[a-z0-9\.-]+\.[a-z]+' ) AND `domain` = '$sitedomain' AND `login` = '$user' AND `pass` = '$pass' LIMIT 1");
print $head.cyr2utf('<card id="main" title="Смена инфо"><p align="center">'.
'Профиль изменен!<br/>'.
'<a href="?'.$id.'/prof">Назад</a><br/>'.
'</p></card></wml>');
exit;
}
}
print $head.cyr2utf('<card id="main" title="Личное инфо"><p>'.$error.
'Введите пароль:<br/>'.
'<input name="pass'.$nocache.'" type="password" title="Пароль" value="" maxlength="10"/><br/>'.
'Фамилия:<br/>'.
'<input name="familia'.$nocache.'" type="text" title="Фамилия" value="'.obrab($data['familia']).'" maxlength="32"/><br/>'.
'Имя:<br/>'.
'<input name="name'.$nocache.'" type="text" title="Имя" value="'.obrab($data['name']).'" maxlength="32"/><br/>'.
'E-mail:<br/>'.
'<input name="email'.$nocache.'" type="text" title="e-mail" value="'.obrab($data['email']).'" maxlength="32"/><br/>'.
'<anchor>Далее'.
'<go href="?'.$id.'/prof/info" method="post">'.
'<postfield name="query" value="'.$id.'/prof/info"/>'.
'<postfield name="pass" value="$(pass'.$nocache.')"/>'.
'<postfield name="familia" value="$(familia'.$nocache.')"/>'.
'<postfield name="name" value="$(name'.$nocache.')"/>'.
'<postfield name="email" value="$(email'.$nocache.')"/>'.
'<postfield name="tr2cyr" value="$(tr2cyr)"/>'.
'</go>'.
'</anchor><br/>'.
'<a href="?'.$id.'/prof">Отмена</a><br/>'.
'</p></card></wml>');
exit;
?>