Файл: edit_info.php
Строк: 92
<?php
include ("functions.php");
$edit = "edit";
if($_GET['page']==$edit)
{
include ("conf.php");
include ("lock.php");
if ($user == $myrow["user"] && $pass == $myrow["pass"] && $user != '')
{
bann($user);
include ("head.php");
$mypass = $myrow['pass'];
print <<<sss
<div class='nav'>
<form name="form1" action="edit_info.php?page=update" method="post">
Пароль: <br />
<input name="pass" type="text" value="$myrow[pass]"><br />
<input name="mypass" type="hidden" value="$mypass">
ФИО: <br />
<input name="name" type="text" value="$myrow[name]"><br />
Статус: <br />
<input name="status" type="text" value="$myrow[status]"><br />
Пол: <br />
<select size="1" name="pol">
<option value="Мужской">Мужской</option>
<option value="Женский">Женский</option>
</select><br />
Город: <br />
<input name="gor" type="text" value="$myrow[gor]"><br />
Телефон: <br />
<input name="phone" type="text" value="$myrow[phone]"><br />
E-mail: <br />
<input name="email" type="text" value="$myrow[email]"><br />
ICQ: <br />
<input name="icq" type="text" value="$myrow[icq]"><br />
О себе: <br />
<input name="os" type="text" value="$myrow[os]">
<input name="id" type="hidden" value="$myrow[id]">
<input name="user" type="hidden" value="$myrow[user]">
<br /><input type="submit" value="Изменить">
</form>
</div><a href=menu.php?user=$user&pass=$pass>В меню</a>
sss;
include ("foot.php");
}
else
{
echo "Ошибка! Неверный <b>Ник</b> или <b>Пароль</b><br />";
echo <<<sss
<a href="index.php">На главную</a>
sss;
}
}
$update = "update";
if($_GET['page']==$update)
{
include ("conf.php");
if (isset($_POST['pass'])) {$pass = mysql_real_escape_string(trim($_POST['pass'])); if ($pass == ''){unset($pass);} }
if (isset($_POST['id'])) {$id = mysql_real_escape_string(trim($_POST['id']));}
$pol = htmlspecialchars(mysql_real_escape_string(trim($_POST['pol']))); if ($pol == ''){unset($pol); }
$gor = htmlspecialchars(mysql_real_escape_string(trim($_POST['gor'])));
$icq = htmlspecialchars(mysql_real_escape_string(trim($_POST['icq'])));
$phone = htmlspecialchars(mysql_real_escape_string(trim($_POST['phone'])));
$email = htmlspecialchars(mysql_real_escape_string(trim($_POST['email'])));
$status = htmlspecialchars(mysql_real_escape_string(trim($_POST['status'])));
$os = htmlspecialchars(mysql_real_escape_string(trim($_POST['os'])));
$name = htmlspecialchars(mysql_real_escape_string(trim($_POST['name']))); if ($name == ''){unset($name); }
$user = htmlspecialchars(mysql_real_escape_string(trim($_POST['user'])));
if (isset($pass) && isset($name) && isset($email) && isset($os))
{
$result = mysql_query("UPDATE userlist SET pass='$pass',name='$name',email='$email',os='$os',pol='$pol',gor='$gor',status='$status',icq='$icq',phone='$phone' WHERE id='$id'",$db);
if ($result == 'true')
{
include ("head.php");
echo "<div class='nav'>";
echo "Ваша анкета изменена!<br /></div>";
echo "<a href=menu.php?user=$user&pass=$pass>В меню</a>";
include ("foot.php");
}
else
{
include ("head.php");
echo "<div class='nav'>";
echo "Ошибка! Ваша анкета не изменена!</div>";
echo "<a href=menu.php?user=$user&pass=$pass>В меню</a>";
include ("foot.php");
}
}
else
{
$mypass = $_POST['mypass'];
include ("head.php");
echo "<div class='nav'>";
echo "Вы не ввели "имя" или "пароль"";
echo "</div>";
echo "<a href=edit_info.php?page=edit&user=$user&pass=$mypass>Назад</a>";
include ("foot.php");
}
}
?>