Файл: user/handler/settings.php
Строк: 124
<?php
if (!empty($_POST['save_info']))
{
$name = check($_POST['name']);
$surname = check($_POST['surname']);
$sex = abs(intval($_POST['sex']));
$day = intval($_POST['day']);
$month = intval($_POST['month']);
$year = intval($_POST['year']);
$hide_year = abs(intval($_POST['hide_year']));
$region = abs(intval($_POST['region']));
$city = check($_POST['city']);
$family = abs(intval($_POST['family']));
$hobi = check($_POST['hobi']);
$about = check($_POST['about']);
$name = substr($name, 0, 30);
$surname = substr($surname, 0, 30);
$sex = substr($sex, 0, 1);
$day = substr($day, 0, 2);
$month = substr($month, 0, 2);
$year = substr($year, 0, 4);
$city = substr($city, 0, 100);
$hobi = substr($hobi, 0, 500);
$about = substr($about, 0, 1000);
if (empty($sex) || $sex < 1 || $sex > 2) $sex = 1;
if (empty($family) || $family < 1 || $family > 7) $family = 0;
if ($day || $month || $year)
{
if ($day < 1 || $day > 31 || $month < 1 || $month > 12 || $year < 1900 || $year > date("Y", time()))
{
$day = '';
$month = '';
$year = '';
}
}
else
{
$day = '';
$month = '';
$year = '';
}
if ($hide_year != 1) $hide_year = 0;
if (empty($region) || empty($city) || $region < 1 || $region > 25) $region = 0;
if (!empty($city) && $region == 0) $city = '';
if (empty($name)) $name = $user['name'];
if (!empty($name) && (mb_strlen($name) < 3 || mb_strlen($name) > 30)) $name = $user['name'];
if (!empty($name) && !preg_match("#^([А-я-ІіЇїЄє])+$#ui", $name)) $name = $user['name'];
if (empty($surname)) $surname = $user['surname'];
if (!empty($surname) && (mb_strlen($surname) < 3 || mb_strlen($surname) > 30)) $surname = $user['surname'];
if (!empty($surname) && !preg_match("#^([А-я-ІіЇїЄє])+$#ui", $surname)) $surname = $user['surname'];
if (empty($hobi)) $hobi = '';
if (empty($about)) $about = '';
if (mysql_query("UPDATE `users` SET
`name` = '$name',
`surname` = '$surname',
`sex` = '$sex',
`day` = '$day',
`month` = '$month',
`year` = '$year',
`hide_year` = '$hide_year',
`family` = '$family',
`region` = '$region',
`city` = '$city',
`hobi` = '$hobi',
`about` = '$about'
WHERE `id` = '".$user_id."'") == true) echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_POST['save_contacts']))
{
$email = check($_POST['email']);
$skype = check($_POST['skype']);
$icq = check($_POST['icq']);
$tel = check($_POST['tel']);
$email = substr($email, 0, 40);
$skype = substr($skype, 0, 20);
$icq = substr($icq, 0, 11);
$tel = substr($tel, 0, 13);
if (empty($email)) $email = '';
if (empty($skype)) $skype = '';
if (empty($icq)) $icq = '';
if (empty($tel)) $tel = '';
if (mysql_query("UPDATE `users` SET
`email` = '$email',
`skype` = '$skype',
`icq` = '$icq',
`tel` = '$tel'
WHERE `id` = '".$user_id."'") == true) echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_POST['save_security']))
{
$mypass = check($_POST['mypass']);
$newpass = check($_POST['newpass']);
$newpass2 = check($_POST['newpass2']);
$md5mypass = md5(md5($mypass));
if (empty($mypass)) $err = true;
if (!empty($mypass) && $md5mypass != $user['pass']) $err = true;
if (empty($newpass)) $err = true;
if (!empty($newpass) && mb_strlen($newpass) < 4 || mb_strlen($newpass) > 20) $err = true;
if (!empty($newpass) && $err == false && preg_match("/[^da-zA-Z_]+/", $newpass)) $err = true;
if (empty($newpass2) && !empty($newpass)) $err = true;
if (!empty($newpass2) && $newpass != $newpass2) $err = true;
$newmypass = md5(md5($newpass));
if ($err == false)
{
if (mysql_query("UPDATE `users` SET
`pass` = '$newmypass'
WHERE `id` = '".$user_id."'") == true)
{
require_once '../incfiles/SendMailSmtpClass.php';
$mailSMTP = new SendMailSmtpClass('bigchopko@gmail.com', 'osDms8FfgT', 'ssl://smtp.gmail.com', 'Isme.club', 465);
$message = 'Ви змінили пароль доступу на сайт LiveBook.com.ua!<br/>
Ваші дані для входу на сайт:<br/>
Ваш E-mail: '.$user['mail'].'<br/>
Ваш Пароль: '.$newpass.'<br/>
З повагою адміністрація сайту isme.club';
$headers= "MIME-Version: 1.0rn";
$headers .= "Content-type: text/html; charset=utf-8rn"; // кодировка письма
$headers .= "From: LiveBook.com.ua <bigchopko@gmail.com>rn"; // от кого письмо
$mailSMTP->send($user['mail'], 'Зміна паролю', $message, $headers); // отправляем письмо
@setcookie('uid', $user_id, time()+86400*365, '/');
@setcookie('upass', $newmypass, time()+86400*365, '/');
echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else
echo err(lang('Ошибка!','Помилка!'));
}
else
echo err(lang('Ошибка!','Помилка!'));
}
else if (!empty($_POST['save_access']))
{
$access_page = abs(intval($_POST['access_page']));
$access_wall = abs(intval($_POST['access_wall']));
$access_mail = abs(intval($_POST['access_mail']));
$access_ask = abs(intval($_POST['access_ask']));
if (empty($access_page) || $access_page != 1) $access_page = 0;
if (empty($access_wall) || $access_wall < 1 || $access_wall > 2) $access_wall = 0;
if (empty($access_mail) || $access_mail != 1) $access_mail = 0;
if (empty($access_ask) || $access_ask < 1 || $access_ask > 3) $access_ask = 0;
mysql_query("UPDATE `users` SET `access_page` = '".$access_page."', `access_wall` = '".$access_wall."', `access_mail` = '".$access_mail."' WHERE `id` = '".$user_id."'");
mysql_query("UPDATE `ask` SET `access` = '".$access_ask."' WHERE `user_id` = '".$user_id."'");
echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_FILES['file']))
{
require_once HOME.'/toolkit/AcImage.php';
if(AcImage::isFileExists($_FILES['file']['tmp_name'])) {} else {$err = true;}
if($err == false && AcImage::isFileImage($_FILES['file']['tmp_name']))
{
if (!empty($user['cover']) && file_exists(HOME.'/files/covers/'.$user['cover'])) unlink(HOME.'/files/covers/'.$user['cover']);
$file_name = time().$user_id.'.jpg';
AcImage::createImage($_FILES['file']['tmp_name'])->resizeByWidth(600)->cropCenter('3pr', '1.25pr')->saveAsJPG(HOME.'/files/covers/'.$file_name);
mysql_query("UPDATE `users` SET `cover` = '".$file_name."' WHERE `id` = '".$user_id."'");
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
if ($ajax_query == true) exit;
}
}
?>