Файл: modules/account/index.php
Строк: 385
<?php
/*
* @author mides <Mike Osendowski>
* @link http://midwm.org
* @copyright 2011-2014
*/
if (!is_auth())
{
redirect(HTTPHOME);
}
switch ($act) {
default:
$totalpm = DB::run()->querySingle("select count(`id`) from `pm` where `recipientid` = ? or `senderid` = ?;", array($u['id'], $u['id']));
$config['newtitle'] = $lang['My_Account'];
$tpl['file'] = 'account';
require_once 'core/header.php';
break;
case 'editprofile':
$name = isset($_POST['name']) ? check($_POST['name']) : FALSE;
$gender = isset($_POST['gender']) ? abs(intval($_POST['gender'])) : FALSE;
$location = isset($_POST['location']) ? check($_POST['location']) : FALSE;
$website = isset($_POST['website']) ? check($_POST['website']) : FALSE;
$skype = isset($_POST['skype']) ? check($_POST['skype']) : FALSE;
$icq = isset($_POST['icq']) ? check($_POST['icq']) : FALSE;
$jabber = isset($_POST['jabber']) ? check($_POST['jabber']) : FALSE;
if ($name or $gender or $location or $website or $skype or $icq or $jabber)
{
if (!in_array($gender, array(0, 1, 2)))
{
$gender = 0;
}
if ($website && !preg_match('%^((https?://)|(www.))([a-z0-9-].?)+(:[0-9]+)?(/.*)?$%i', $website))
{
$error = $lang['URL_of_your_website_is_incorrect'];
}
if (!isset($error))
{
DB::run()->query("update `users` set
`name` = ?,
`gender` = ?,
`location` = ?,
`website` = ?,
`skype` = ?,
`icq` = ?,
`jabber` = ?
where `id` = ?;", array(
$name,
$gender,
$location,
$website,
$skype,
$icq,
$jabber,
$u['id']
));
$_SESSION['note'] = $lang['All_Changes_Saved'];
redirect('/account/editprofile');
}
$_SESSION['note'] = $error;
}
$tpl['title'] = '<a href="/account">'.$lang['My_Account'].'</a> » '.$lang['Edit_Profile'];
$tpl['file'] = 'account_editprofile';
require_once 'core/header.php';
break;
case 'config':
$theme = isset($_POST['theme']) ? check($_POST['theme']) : FALSE;
$language = isset($_POST['language']) ? check($_POST['language']) : FALSE;
$ipp = isset($_POST['ipp']) ? abs(intval($_POST['ipp'])) : FALSE;
$bbpanel = isset($_POST['bbpanel']) ? 1 : 0;
if ($theme)
{
$checkLang = DB::run()->querySingle("select count(`id`) from `language` where `file` = ?;", array($language));
if ($language && $checkLang)
{
if ($ipp && $ipp > 0 && $ipp < 100)
{
DB::run()->query("update `users` set `ipp` = ?, `theme` = ?, `language` = ?, `bbpanel` = ? where `id` = ?;", array($ipp, $theme, $language, $bbpanel, $u['id']));
$_SESSION['note'] = $lang['All_Changes_Saved'];
redirect('?');
}
else
{
$_SESSION['note'] = $lang['The_Items_per_page_number_is_incorrect'];
}
}
}
$config['newtitle'] = $lang['Settings'];
$tpl['title'] = '<a href="/account">'.$lang['My_Account'].'</a> » '.$lang['Settings'];
$tpl['file'] = 'account_config';
require_once 'core/header.php';
break;
case 'changepassword':
$currentpass = isset($_POST['currentpass']) ? check($_POST['currentpass']) : FALSE;
$newpass = isset($_POST['newpass']) ? check($_POST['newpass']) : FALSE;
$newpass2 = isset($_POST['newpass2']) ? check($_POST['newpass2']) : FALSE;
if ($currentpass && $newpass && $newpass2)
{
$currentpassStrlen = mb_strlen($currentpass, 'utf-8');
if (preg_match('|^[a-z0-9-]+$|i', $currentpass) && $currentpassStrlen > 4 && $currentpassStrlen < 21)
{
if (hash('sha512', md5(md5($currentpass))) == $u['password'])
{
$newpassStrlen = mb_strlen($newpass, 'utf-8');
if (preg_match('|^[a-z0-9-]+$|i', $newpass) && $newpassStrlen > 4 && $newpassStrlen < 21)
{
if ($newpass == $newpass2)
{
if ($currentpass != $newpass)
{
DB::run()->query("update `users` set `password` = ? where `id` = ?;", array(hash('sha512', md5(md5($newpass))), $u['id']));
$_SESSION['note'] = $lang['Your_password_has_been_changed'];
redirect(HTTPHOME.'login');
}
else
{
$_SESSION['note'] = $lang['The_new_password_should_not_be_same_as_old_password'];
}
}
else
{
$_SESSION['note'] = $lang['The_password_does_not_match_the_confirm_password'];
}
}
else
{
$_SESSION['note'] = $lang['The_new_password_is_incorrent'];
}
}
else
{
$_SESSION['note'] = $lang['Your_current_password_is_incorrent'];
}
}
else
{
$_SESSION['note'] = $lang['Your_current_password_is_incorrent'];
}
}
$config['newtitle'] = $lang['Settings'];
$tpl['title'] = '<a href="/account">'.$lang['My_Account'].'</a> » '.$lang['Settings'];
$tpl['file'] = 'account_changepassword';
require_once 'core/header.php';
break;
case 'email':
$currentpass = isset($_POST['currentpass']) ? check($_POST['currentpass']) : FALSE;
$newemail = isset($_POST['newemail']) ? check($_POST['newemail']) : FALSE;
if ($currentpass && $newemail)
{
$currentpassStrlen = mb_strlen($currentpass, 'utf-8');
if (preg_match('|^[a-z0-9-]+$|i', $currentpass) && $currentpassStrlen > 4 && $currentpassStrlen < 21)
{
if (hash('sha512', md5(md5($currentpass))) == $u['password'])
{
if (preg_match('/[0-9a-z_-]+@[0-9a-z_-^.]+.[a-z]{2,6}/i', $newemail))
{
if ($newemail != $u['email'])
{
$checkEmail = DB::run()->querySingle("select count(`id`) from `users` where `email` = ? limit 1;", array($newemail));
if (!$checkEmail)
{
DB::run()->query("update `users` set `email` = ? where `id` = ?;", array($newemail, $u['id']));
$_SESSION['note'] = $lang['Your_email_address_has_been_changed'];
redirect(HTTPHOME.'account/email');
}
else
{
$_SESSION['note'] = $lang['This_email_is_already_in_use_Try_recovery_process'];
}
}
else
{
$_SESSION['note'] = $lang['The_new_email_address_should_not_be_the_same_as_old_one'];
}
}
else
{
$_SESSION['note'] = $lang['The_email_is_incorrect'];
}
}
else
{
$_SESSION['note'] = $lang['Your_current_password_is_incorrent'];
}
}
else
{
$_SESSION['note'] = $lang['Your_current_password_is_incorrent'];
}
}
$config['newtitle'] = $lang['Settings'];
$tpl['title'] = '<a href="/account">'.$lang['My_Account'].'</a> » '.$lang['Settings'];
$tpl['file'] = 'account_email';
require_once 'core/header.php';
break;
case 'pm':
$total = DB::run()->querySingle("select count(`id`) from `pm` where `recipientid` = ? or `senderid` = ?;", array($u['id'], $u['id']));
if ($total)
{
require_once 'core/navsetvars.php';
$query = DB::run()->query("select * from `pm` where `recipientid` = ? or `senderid` = ? order by `time` desc limit $start, $config[ipp];", array($u['id'], $u['id']));
}
$config['newtitle'] = $lang['Personal_Messages'];
$tpl['title'] = '<a href="/account">'.$lang['My_Account'].'</a> » '.$lang['Personal_Messages'];
$tpl['file'] = 'account_pm';
require_once 'core/header.php';
break;
case 'pm_compose':
$recipient = isset($_POST['recipient']) ? check($_POST['recipient']) : FALSE;
$message = isset($_POST['message']) ? check($_POST['message']) : FALSE;
$keystring = isset($_POST['keystring']) ? check($_POST['keystring']) : FALSE;
if ($recipient && $message && $keystring)
{
if (isset($_SESSION['captcha_keystring']) && $_SESSION['captcha_keystring'] === $keystring)
{
if (mb_strlen($message, 'utf-8') <= $config['msglength'])
{
if ($_SESSION['wait'] < TIME)
{
$userExists = DB::run()->queryFetch("select `id` from `users` where `username` = ?;", array($recipient));
if ($userExists)
{
$pmExists = DB::run()->queryFetch("select `id` from `pm` where (`recipientid` = ? and `senderid` = ?) or (`recipientid` = ? and `senderid` = ?);", array($userExists['id'], $u['id'], $u['id'], $userExists['id']));
if ($pmExists)
{
$pmid = $pmExists['id'];
}
else
{
DB::run()->query("insert into `pm` set `recipientid` = ?, `senderid` = ?, `time` = ?;", array($userExists['id'], $u['id'], TIME));
$pmid = DB::run()->lastinsertid();
}
DB::run()->query("insert into `pm_posts` set `pmid` = ?, `recipientid` = ?, `senderid` = ?, `message` = ?, `time` = ?;", array($pmid, $userExists['id'], $u['id'], $message, TIME));
unset($_SESSION['captcha_keystring']);
$_SESSION['wait'] = TIME + $config['wait_time'];
redirect('/account/pm/'.$pmid);
}
else
{
$_SESSION['note'] = $lang['The_user_you_are_trying_to_reach_does_not_exist'];
}
}
else
{
$_SESSION['note'] = $lang['Anti_Spam_Please_wait_before_trying_again'];
}
}
else
{
$_SESSION['note'] = $lang['Your_message_exceeds_the_maximum_number_of_characters_allowed'].' ('.$config['msglength'].')';
}
}
else
{
$_SESSION['note'] = $lang['The_verification_code_is_incorrect'];
}
}
$config['newtitle'] = $lang['Compose'];
$tpl['title'] = '<a href="/account">'.$lang['My_Account'].'</a> » <a href="/account/pm">'.$lang['Personal_Messages'].'</a> » '.$lang['Compose'];
$tpl['file'] = 'account_pm_compose';
require_once 'core/header.php';
break;
case 'pm_viewpm':
$pm = DB::run()->queryFetch("select * from `pm` where `id` = ?;", array($id));
if ($pm && ($pm['recipientid'] == $u['id'] or $pm['senderid'] == $u['id']))
{
$total = DB::run()->querySingle("select count(`id`) from `pm_posts` where `pmid` = ?;", array($pm['id']));
if ($total)
{
$message = isset($_POST['message']) ? check($_POST['message']) : FALSE;
if ($message)
{
if (mb_strlen($message, 'utf-8') <= $config['msglength'])
{
if ($_SESSION['wait'] < TIME)
{
$recipientid = $pm['recipientid'] == $u['id'] ? $pm['senderid'] : $pm['recipientid'];
$userExists = DB::run()->queryFetch("select `id` from `users` where `id` = ?;", array($recipientid));
if ($userExists)
{
DB::run()->query("update `pm` set `time` = ? where `id` = ?;", array(TIME, $pm['id']));
DB::run()->query("insert into `pm_posts` set `pmid` = ?, `recipientid` = ?, `senderid` = ?, `message` = ?, `time` = ?;", array($pm['id'], $userExists['id'], $u['id'], $message, TIME));
$_SESSION['wait'] = TIME + $config['wait_time'];
redirect('/account/pm/'.$pm['id']);
}
else
{
$_SESSION['note'] = $lang['The_user_you_are_trying_to_reach_does_not_exist'];
}
}
else
{
$_SESSION['note'] = $lang['Anti_Spam_Please_wait_before_trying_again'];
}
}
else
{
$_SESSION['note'] = $lang['Your_message_exceeds_the_maximum_number_of_characters_allowed'].' ('.$config['msglength'].')';
}
}
require_once 'core/navsetvars.php';
$query = DB::run()->query("select * from `pm_posts` where `pmid` = ? order by `time` desc limit $start, $config[ipp];", array($pm['id']));
$config['newtitle'] = $lang['Personal_Messages'];
$tpl['title'] = '<a href="/account">'.$lang['My_Account'].'</a> » <a href="/account/pm">'.$lang['Personal_Messages'].'</a> » '.($pm['recipientid'] == $u['id'] ? username($pm['senderid']) : username($pm['recipientid'])).'';
$tpl['file'] = 'account_pm_viewpm';
require_once 'core/header.php';
if ($unread)
{
DB::run()->query("update `pm_posts` set `read` = 1 where `pmid` = ?;", array($pm['id']));
}
}
else
{
DB::run()->query("delete from `pm` where `id` = ?;", array($pm['id']));
redirect('/account/pm');
}
}
else
{
redirect('/account/pm');
}
break;
}