Файл: Source/pages/settings.php
Строк: 593
<?php
/*
* Script name: Points4Prize
* Author: Soft Projects
* Date created: 15/07/2015
*/
require_once 'inc/header.php';
if (!isset($_SESSION['logged_in'])) {
header('Location: /login');
exit();
}
if (isset($_SESSION['user'], $_SESSION['pass'])) {
$user = str_replace(" ", "", $_SESSION['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
} else {
$user = str_replace(" ", "", $_COOKIE['user']);
$user = sprintf("%s", mysql_real_escape_string($user));
}
$result = mysql_query("SELECT * FROM vn_users WHERE user='{$user}'") or die(mysql_error());
$row = mysql_fetch_array($result);
$mail = $row['email'];
$USERID = $row['id'];
$description = $row['about'];
$points = number_format($row['points'], 0, ',', ' ');
$query31 = mysql_query("SELECT count(id) as sms from `vn_sms` WHERE `userid` = '".$row['id']."'");
$row1 = mysql_fetch_array($query31);
$xaxa = $row1['sms'];
if ($row1['sms'] > 1) {
$sms = $xaxa;
} else {
$sms = $xaxa;
}
$regdate = date("j.F.Y", $row['regtime']);
if (empty($row['avatar'])) {
$avatar = "uploads/avatars/noavatar.png";
} else {
$avatar = $row['avatar'];
}
$result2 = mysql_query("SELECT forw FROM vn_messages WHERE forw='{$user}' and readed='0'") or die(mysql_error());
$countm = mysql_num_rows($result2);
if ($countm > 0) {
$countm = "<b>$countm</b>";
} else {
$countm = $countm;
}
?>
<body class="no-slider">
<!-- <body class="has-top-menu"> -->
<!-- BEGIN #slider-imgs -->
<div id="slider-imgs">
<div class="featured-img-box">
<div id="featured-img-1" class="featured-img"></div>
<div id="featured-img-2" class="featured-img invisible"></div>
<div id="featured-img-3" class="featured-img invisible"></div>
<div id="featured-img-4" class="featured-img invisible"></div>
</div>
<!-- END #slider-imgs -->
</div>
<!-- BEGIN #top-layer -->
<div id="top-layer">
<div id="header-top">
<?php
require_once 'inc/header_top.php';
?>
</div>
<section id="content">
<header id="header">
<div id="menu-bottom">
<?php
require_once 'inc/menu_bottom.php';
?>
</div>
<div class="wrapper">
<div class="header-breadcrumbs">
<?php require_once 'inc/stats.php';
?>
</div>
</div>
</header>
<br />
<br />
<style>
hr {
border:0px;
border-bottom: 1px dashed #696969;
}
</style>
<div id="main-box" class="full-width">
<div id="main">
<!-- BEGIN .user-profile -->
<div class="user-profile">
<div class="profile-shadow"></div>
<!-- BEGIN .profile-left-side -->
<div class="profile-left-side">
<div class="the-profile-top">
<div class="profile-user-name">
<h1><?php echo $user;?></h1>
<div class="sttaa"><a href="/pm">Messages <b>(<?php echo $countm;?>)</b></a></div>
</div>
<div class="avatar online">
<div class="avatar-button"><a href="/avatar"><i class="fa fa-camera-retro"></i>Change avatar</a></div>
<img src="<?php echo $avatar;?>" class="setborder" style="width:100%;" alt="" />
</div>
<div class="user-panel-about">
<div>
<b><i class="fa fa-male"></i>Description</b>
<p>
<?php
if (empty($description)) {
$description = "Няма";
} else {
$description = htmlentities($description, ENT_COMPAT, 'UTF-8');
$description = $description;
$description = str_replace(":)", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace(":(", " <img border='0'src='assets/img/emoticons/02.gif'> ", "$description");
$description = str_replace(":D", " <img border='0'src='assets/img/emoticons/03.gif'> ", "$description");
$description = str_replace("8-)", " <img border='0'src='assets/img/emoticons/04.gif'> ", "$description");
$description = str_replace(":O", " <img border='0'src='assets/img/emoticons/05.gif'> ", "$description");
$description = str_replace(";)", " <img border='0'src='assets/img/emoticons/06.gif'> ", "$description");
$description = str_replace(";(", " <img border='0'src='assets/img/emoticons/07.gif'> ", "$description");
$description = str_replace("(sweat)", " <img border='0'src='assets/img/emoticons/08.gif'> ", "$description");
$description = str_replace(":|", " <img border='0'src='assets/img/emoticons/09.gif'> ", "$description");
$description = str_replace(":*", " <img border='0'src='assets/img/emoticons/10.gif'> ", "$description");
$description = str_replace(":p", " <img border='0'src='assets/img/emoticons/11.gif'> ", "$description");
$description = str_replace("(blush)", " <img border='0'src='assets/img/emoticons/12.gif'> ", "$description");
$description = str_replace(":^)", " <img border='0'src='assets/img/emoticons/13.gif'> ", "$description");
$description = str_replace(":-)", " <img border='0'src='assets/img/emoticons/14.gif'> ", "$description");
$description = str_replace(":-(", " <img border='0'src='assets/img/emoticons/15.gif'> ", "$description");
$description = str_replace("(love)", " <img border='0'src='assets/img/emoticons/16.gif'> ", "$description");
$description = str_replace("(inlove)", " <img border='0'src='assets/img/emoticons/16.gif'> ", "$description");
$description = str_replace(":_)", " <img border='0'src='assets/img/emoticons/17.gif'> ", "$description");
$description = str_replace("(talk)", " <img border='0'src='assets/img/emoticons/18.gif'> ", "$description");
$description = str_replace("(yawn)", " <img border='0'src='assets/img/emoticons/19.gif'> ", "$description");
$description = str_replace("(puke)", " <img border='0'src='assets/img/emoticons/20.gif'> ", "$description");
$description = str_replace("(doh)", " <img border='0'src='assets/img/emoticons/21.gif'> ", "$description");
$description = str_replace(":@", " <img border='0'src='assets/img/emoticons/22.gif'> ", "$description");
$description = str_replace("@", " <img border='0'src='assets/img/emoticons/22.gif'> ", "$description");
$description = str_replace(";@", " <img border='0'src='assets/img/emoticons/22.gif'> ", "$description");
$description = str_replace("(wasntme)", " <img border='0'src='assets/img/emoticons/23.gif'> ", "$description");
$description = str_replace("(party)", " <img border='0'src='assets/img/emoticons/24.gif'> ", "$description");
$description = str_replace(":s", " <img border='0'src='assets/img/emoticons/25.gif'> ", "$description");
$description = str_replace("(mm)", " <img border='0'src='assets/img/emoticons/26.gif'> ", "$description");
$description = str_replace("8-|", " <img border='0'src='assets/img/emoticons/27.gif'> ", "$description");
$description = str_replace(":x", " <img border='0'src='assets/img/emoticons/28.gif'> ", "$description");
$description = str_replace("(wave)", " <img border='0'src='assets/img/emoticons/29.gif'> ", "$description");
$description = str_replace("(hi)", " <img border='0'src='assets/img/emoticons/29.gif'> ", "$description");
$description = str_replace("(devil)", " <img border='0'src='assets/img/emoticons/31.gif'> ", "$description");
$description = str_replace("(hug)", " <img border='0'src='assets/img/emoticons/35.gif'> ", "$description");
$description = str_replace("(thing)", " <img border='0'src='assets/img/emoticons/39.gif'> ", "$description");
$description = str_replace("(rofl)", " <img border='0'src='assets/img/emoticons/41.gif'> ", "$description");
$description = str_replace("(whew)", " <img border='0'src='assets/img/emoticons/42.gif'> ", "$description");
$description = str_replace("(happy)", " <img border='0'src='assets/img/emoticons/43.gif'> ", "$description");
$description = str_replace("(punch)", " <img border='0'src='assets/img/emoticons/47.gif'> ", "$description");
$description = str_replace("(skype)", " <img border='0'src='assets/img/emoticons/52.gif'> ", "$description");
$description = str_replace("(h)", " <img border='0'src='assets/img/emoticons/53.gif'> ", "$description");
$description = str_replace("(u)", " <img border='0'src='assets/img/emoticons/54.gif'> ", "$description");
$description = str_replace("(rain)", " <img border='0'src='assets/img/emoticons/57.gif'> ", "$description");
$description = str_replace("(sun)", " <img border='0'src='assets/img/emoticons/58.gif'> ", "$description");
$description = str_replace("(o)", " <img border='0'src='assets/img/emoticons/59.gif'> ", "$description");
$description = str_replace("(mp)", " <img border='0'src='assets/img/emoticons/62.gif'> ", "$description");
$description = str_replace("(pi)", " <img border='0'src='assets/img/emoticons/64.gif'> ", "$description");
$description = str_replace("(^)", " <img border='0'src='assets/img/emoticons/67.gif'> ", "$description");
$description = str_replace("(beer)", " <img border='0'src='assets/img/emoticons/68.gif'> ", "$description");
$description = str_replace("(d)", " <img border='0'src='assets/img/emoticons/69.gif'> ", "$description");
$description = str_replace("(drunk)", " <img border='0'src='assets/img/emoticons/75.gif'> ", "$description");
$description = str_replace("(flag:bg)", " <img border='0'src='assets/img/emoticons/77.gif'> ", "$description");
$description = str_replace("(bg)", " <img border='0'src='assets/img/emoticons/77.gif'> ", "$description");
$description = str_replace("(headbang)", " <img border='0'src='assets/img/emoticons/79.gif'> ", "$description");
$description = str_replace("(mooning)", " <img border='0'src='assets/img/emoticons/80.gif'> ", "$description");
$description = str_replace("(poolparty)", " <img border='0'src='assets/img/emoticons/81.gif'> ", "$description");
$description = str_replace("(smoke)", " <img border='0'src='assets/img/emoticons/83.gif'> ", "$description");
$description = str_replace("<plaintext></plaintext>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("<plaintext>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("</plaintext>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("alert", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("<table>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("<div>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("<fieldset>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("<script>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
$description = str_replace("<body>", " <img border='0'src='assets/img/emoticons/01.gif'> ", "$description");
}
echo $description;
?>
</p>
</div>
<style>
.maibaton{
font-family: "Cuprum",sans-serif;
text-transform: uppercase;
font-size: 13px;
font-weight: bold;
width:100%;padding:9px;color:#4D4D4D;border:0px;backround:#EAEAEA;
}
</style>
</div>
<div>
<ul class="user-button-list">
<li><a href="/cp" class="defbutton profile-button"><i class="fa fa-user"></i>Profile</a></li>
<li><a href="/messages" class="defbutton profile-button"><i class="fa fa-comment"></i>Mesagess</a></li>
<li><a href="/getprize" class="defbutton profile-button"><i class="fa fa-gift"></i>Get Prize</a></li>
<li><a href="/smspoints" class="defbutton profile-button"><i class="fa fa-mobile"></i>SMS Points</a></li>
<li><a href="/settings" class="defbutton profile-button"><i class="fa fa-cog"></i>Settings</a></li>
<li><a href="/logout" class="defbutton profile-button"><i class="fa fa-toggle-on"></i>Logout</a></li>
</ul>
</div>
</div>
<!-- END .profile-left-side -->
</div>
<!-- BEGIN .profile-right-side -->
<div class="profile-right-side">
<!-- BEGIN .content-padding -->
<div class="content-padding">
<div>
<div>
<h2 style="margin-left:-30px;"><span>Settings</span></h2>
<div style="padding:10px 5px; text-align:left;">
<b>Change password</b>
<hr />
<?php
if (isset($_POST['oldpass'])) {
if (isset($_POST['oldpass'], $_POST['newpass'], $_POST['re-newpass'])) {
$oldpass = str_replace(" ", "", $_POST['oldpass']);
$oldpass = sprintf("%s", mysql_real_escape_string($oldpass));
$newpass = str_replace(" ", "", $_POST['newpass']);
$newpass = sprintf("%s", mysql_real_escape_string($newpass));
$renewpass = str_replace(" ", "", $_POST['re-newpass']);
$renewpass = sprintf("%s", mysql_real_escape_string($renewpass));
$date = time();
$ip = $_SERVER['REMOTE_ADDR'];
$errors = array();
$checkoldpass = crypt($oldpass, '$2a$07$suph3$');
$checkoldpass2 = encrypt($oldpass);
$check = mysql_query("SELECT user,password FROM vn_users WHERE user='{$user}' and password='{$checkoldpass}'") or die(mysql_error());
$check2 = mysql_query("SELECT user,password FROM vn_users WHERE user='{$user}' and password='{$checkoldpass2}'") or die(mysql_error());
if (mysql_num_rows($check) <= 0 and mysql_num_rows($check2) <= 0) {
$errors[] = '
<div class="info-message">
The old password is incorrect.
</div>
';
}
if (strlen($newpass) < 6 or strlen($newpass) > 20) {
$errors[] = '
<div class="info-message">
The new password should be from 6-20 characters.
</div>
';
}
if ($newpass != $renewpass) {
$errors[] = '
<div class="info-message">
New passwords do not match.
</div>
';
}
if (empty($errors)) {
$newpass = encrypt($newpass);
mysql_query("UPDATE vn_users SET password='{$newpass}' WHERE id='{$USERID}'") or die(mysql_error());
mysql_query("INSERT INTO vn_changepassword (userid, oldpassword, newpassword, time, ip) VALUES ('{$USERID}', '{$checkoldpass2}', '{$newpass}', '{$date}', '{$ip}')") or die(mysql_error());
echo "
<div class='info-message'>
Your password was successfully changed.
</div>
";
} else {
echo "<div class='msg-error'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
} else {
echo " <div class='info-message'>
Some fields are empty
</div>
";
}
echo "<script type='text/javascript'>
$(document).ready(function() {
location.hash = "#optionsd";
});
</script>";
}
?>
<form method="post" name="changepassword" id="changepassword">
<table>
<td><label for="inputEmail" class="col-lg-2 control-label">Old Password:</label></td>
<td> <input class="form-control" id="inputEmail" placeholder="Old Password" type="password" name="oldpass" required="required" style="width:200px;" ></td>
<tr style="background:none;">
<td><label for="inputEmail" class="col-lg-2 control-label">New Password:</label></td>
<td> <input class="form-control" id="inputEmail" placeholder="New Password" type="password" name="newpass" required="required" style="width:200px;" ></td>
</tr>
<tr>
<td><label for="inputEmail" class="col-lg-2 control-label">New Password [Again]:</label></td>
<td> <input class="form-control" id="inputEmail" placeholder="New Password [Again]" type="password" name="re-newpass" required="required" style="width:200px;" ></td>
</tr>
</table>
<div style="width:370px; margin-top:10px;">
<table style="margin:0 auto;">
<tr>
<td><button type="submit" class="newdefbutton" style="width:150px;">Change</button></td>
</tr>
</table>
</div>
</form>
<br />
<b>Change E-mail</b>
<hr />
<?php
if (isset($_POST['oldemail'])) {
if (isset($_POST['oldemail'], $_POST['newemail'], $_POST['re-newemail'])) {
$oldemail = str_replace(" ", "", $_POST['oldemail']);
$oldemail = sprintf("%s", mysql_real_escape_string($oldemail));
$newemail = str_replace(" ", "", $_POST['newemail']);
$newemail = sprintf("%s", mysql_real_escape_string($newemail));
$renewemail = str_replace(" ", "", $_POST['re-newemail']);
$renewemail = sprintf("%s", mysql_real_escape_string($renewemail));
$date = time();
$ip = $_SERVER['REMOTE_ADDR'];
$errors = array();
$check = mysql_query("SELECT user,email FROM vn_users WHERE user='{$user}' and email='{$oldemail}'") or die(mysql_error());
if (mysql_num_rows($check) <= 0) {
$errors[] = ' <div class="info-message">
The old e-mail is incorrect.
</div>
';
}
if (!eregi('^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$', $newemail) or strlen($newemail) > 40) {
$errors[] = '<div class="info-message">
The new e-mail is invalid.
</div>';
}
if ($newemail != $renewemail) {
$errors[] = '<div class="info-message">
Reps email does not match.
</div>';
}
$check2 = mysql_query("SELECT email FROM vn_users WHERE email='{$newemail}'") or die(mysql_error());
$result2 = mysql_num_rows($check2);
if ($result2 >= 1) {
$errors[] = "<div class='info-message'>
E-mail <b>$newemail</b> It is used by another user.
</div>";
}
if (empty($errors)) {
mysql_query("UPDATE vn_users SET email='{$newemail}' WHERE id='{$USERID}'") or die(mysql_error());
mysql_query("INSERT INTO vn_changeemail (userid, oldemail, newemail, time, ip) VALUES ('{$USERID}', '{$oldemail}', '{$newemail}', '{$date}', '{$ip}')") or die(mysql_error());
echo "<div class='info-message'>
Contact your e-mail has been changed successfully.
</div> ";
} else {
echo "<div class='msg-error'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
} else {
echo "<div class='msg-error'>Some fields are empty.</div>";
}
echo "<script type='text/javascript'>
$(document).ready(function() {
location.hash = "#changeemail";
});
</script>";
}
?>
<form method="post" name="changeemail" id="changeemail">
<table>
<tr>
<td><label for="inputEmail" class="col-lg-2 control-label">Old E-mail:</label></td>
<td> <input class="form-control" id="inputEmail" placeholder="Old E-mail" type="text" name="oldemail" required="required" style="width:200px;" ></td>
</tr>
<tr style="background:none;">
<td><label for="inputEmail" class="col-lg-2 control-label">New E-mail:</label></td>
<td> <input class="form-control" id="inputEmail" placeholder="New E-mail" type="text" name="newemail" required="required" style="width:200px;" ></td>
</tr>
<tr style="background:none;">
<td><label for="inputEmail" class="col-lg-2 control-label">New E-mail [Again]:</label></td>
<td> <input class="form-control" id="inputEmail" placeholder="New E-mail [Again]" type="text" name="re-newemail" required="required" style="width:200px;" ></td>
</tr>
</table>
<div style="width:370px; margin-top:10px;">
<table style="margin:0 auto;">
<tr>
<td><button type="submit" class="newdefbutton" style="width:150px;">Change</button></td>
</tr>
</table>
</div>
</form>
<br />
<b>Profile</b>
<hr />
<?php
if (isset($_POST['updateprofile'])) {
$errors = array();
$about = HtmlSpecialchars($_POST['about']);
if (strlen($about) > 150) {
$errors[] = '<div class="alert alert-danger">The description should not be longer than <b>150</b> characters.</div>';
}
$about = sprintf("%s", mysql_real_escape_string($about));
if ($row['vip'] == 1) {
$votemessage = HtmlSpecialchars($_POST['votemessage']);
} else {
$votemessage = "";
}
if (strlen($votemessage) > 200) {
$errors[] = '<div class="alert alert-danger">The voice message should not be longer than <b>200</b> characters.</div>';
}
if (empty($_FILES['avatar']['tmp_name']) === false) {
@$file_ext = strtolower(end(explode('.', $_FILES['avatar']['name'])));
$allowed_ext = array('jpg', 'jpeg', 'png', 'gif');
$maxsize = 524288; //512KB
$aavatar = $_FILES['avatar']['tmp_name'];
if (in_array($file_ext, $allowed_ext) === false) {
$errors[] = '<div class="info-message" style="background-color: #a24026;"> Avatar should be image.</div>';
}
if ($_FILES['avatar']['size'] > $maxsize) {
$errors[] = '<div class="info-message" style="background-color: #a24026;">Avatar should not be greater than 512KB.</div>';
}
}
if (empty($errors)) {
if (file_exists($aavatar)) {
$src_size = getimagesize($aavatar);
if ($src_size['mime'] == 'image/jpeg') {
$src_img = imagecreatefromjpeg($aavatar);
} elseif ($src_size['mime'] == 'image/png') {
$src_img = imagecreatefrompng($aavatar);
} elseif ($src_size['mime'] == 'image/gif') {
$src_img = imagecreatefromgif($aavatar);
} else {
$src_img = false;
}
if ($src_img != false) {
if ($src_size[0] > $src_size[1]) {
$thumb_width = 150;
if ($src_size[0] <= $thumb_width) {
$thumb = $src_img;
} else {
$new_size[0] = $thumb_width;
$new_size[1] = ($src_size[1] / $src_size[0]) * $thumb_width;
$thumb = imagecreatetruecolor($new_size[0], $new_size[1]);
imagecopyresampled($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]);
}
} else {
$thumb_height = 150;
if ($src_size[1] <= $thumb_height) {
$thumb = $src_img;
} else {
$new_size[0] = ($src_size[0] / $src_size[1]) * $thumb_height;
$new_size[1] = $thumb_height;
$thumb = imagecreatetruecolor($new_size[0], $new_size[1]);
imagecopyresampled($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]);
}
}
imagejpeg($thumb, "uploads/avatars/{$USERID}.jpg");
echo '<meta http-equiv="refresh" content="0">';
//phpinfo();
mysql_query("UPDATE vn_users SET avatar='/uploads/avatars/{$USERID}.jpg' WHERE id='{$USERID}'") or die(mysql_error());
}
}
mysql_query("UPDATE vn_users SET about='{$about}', votemessage='{$votemessage}' WHERE id='{$USERID}'") or die(mysql_error());
echo "<div class='info-message' style='background-color: #75a226;'>
Changes made successfully.
</div>";
} else {
echo "<div class='msg-error'>";
foreach ($errors as $error) {
echo $error . '<br />';
}
echo "</div>";
}
echo "<script type='text/javascript'>
$(document).ready(function() {
location.hash = "#changeprofile";
});
</script>";
}
$result5 = mysql_query("SELECT * FROM vn_users WHERE user='{$user}'") or die(mysql_error());
$row5 = mysql_fetch_assoc($result5);
if (empty($row5['avatar'])) {
$avatar = "/uploads/avatars/noavatar.png";
} else {
$avatar = $row5['avatar'];
}
?>
<form method="post" enctype="multipart/form-data" name="changeprofile" id="changeprofile">
<div style="float:left;">Avatar:
<div style="width:220px; height:220px; border:1px dotted #545454; background:url(<?php echo $avatar; ?>) no-repeat center,center;"></div>
<input type="file" name="avatar" class="input" style="width:220px; margin-top:5px; cursor:pointer;" />
</div>
<div style="float:left;">
<table class="register" style="margin:-10px 0px 0px 10px;;">
<tr>
<td>
Description:<br />
<textarea name="about" class="input" style="width:300px; height:80px; resize:none; overflow:hidden;"><?php echo $row5['about']; ?></textarea></td>
</tr>
<?php
if ($row5['vip'] == 1) {
echo "
<tr>
<td>
Message in voice:<br />
<textarea name='votemessage' class='input' style='width:300px; height:40px; resize:none; overflow:hidden;' title='This message will be displayed when someone give you a voice.'>$row5[votemessage]</textarea></td>
</tr>";
}
?>
</table>
</div>
<table style="margin:0 auto; clear:both;">
<tr>
<td><button type="submit" name="updateprofile" class="newdefbutton" style="width:150px;">Refresh</button></td>
</tr>
</table>
</form>
</div>
<div>
</div>
<!-- END .content-padding -->
</div>
<!-- END .profile-right-side -->
</div>
<div class="clear-float"></div>
<!-- END .user-profile -->
</div>
</div>
<div class="clear-float"></div>
</div>
</div>
</div>
<?php
require_once 'inc/footer.php';
?>