Файл: includes/edit_status.php
Строк: 44
<?php
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
exit;
}
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
$user_status_img = htmlspecialchars(stripslashes($HTTP_GET_VARS['user_status_img']));
if ( (!empty($HTTP_POST_VARS['add']) && !empty($HTTP_POST_VARS['action_url'])) || (!empty($HTTP_POST_VARS['action_id'])) )
{
if (!empty($HTTP_POST_VARS['action_id']) && empty($HTTP_POST_VARS['add']))
{
$action_id = intval($HTTP_POST_VARS['action_id']);
$sql = "SELECT action_url
FROM ".$table_prefix."weblog_actions
WHERE action_id = $action_id";
if(!$result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, "Could not get data from styles table", "", __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$action_url = $row['action_url'];
}
else
{
$action_url = htmlspecialchars(trim($HTTP_POST_VARS['action_url']));
}
$sql = "UPDATE " . USERS_TABLE . "
SET user_status_img = '" . str_replace("'", "''", $action_url) . "'
WHERE user_id = ".$userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
$message = 'Статус установлен<br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="2;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $message);
}
else
{
$status_image_select = status_image_select('action_id');
$page_title = 'Статусы';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'profile_edit_status.tpl')
);
$template->assign_vars(array(
'STATUS_IMAGE' => $userdata['user_status_img'],
'STATUS_SELECT' => $status_image_select,
'L_SUBMIT' => $lang['Submit'],
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=editstatus"))
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
?>