Файл: public_html/profile.php
Строк: 113
<?
session_start();
if(!(isset($_SESSION["username"]) && isset($_SESSION["password"])))
{
?>
<script type="text/javascript">
location.replace("login.php");
</script>
<noscript>
<meta http-equiv="refresh" content="0; url=login.php">
</noscript>
<?
exit();
}
include('header.php');
require('config.php');
$res=mysql_query("select valuta from tb_site where id='1'");
$v=mysql_result($res,0,0);
mysql_close($con);
?>
<h3>.::Редактирование Вашего профиля::.</h3>
<br>
<?
require('config.php');
if (isset($_POST["password"]))
{
if( strtolower($_POST['code'])!= strtolower($_SESSION['texto']))
{
echo "<img src="images/error.png" align="middle"> Неверно введен проверочный код... ";include('footer.php'); exit();
}
$password = $_POST["password"];
$cpassword = $_POST["cpassword"];
$country = $_POST["country"];
if($password==NULL|$cpassword==NULL)
{
echo "<img src="images/error.png" align="middle"> Заполните все поля.";
}else{
$asd=0;
function tuc($mensaje)
{
if (ereg("^[a-zA-Zа-яА-Я0-9-_]{1,255}$", $mensaje))
{
return $mensaje;
}else{
$asd=1;
echo "<img src="images/error.png" align="middle"> Введенные данные содержат запрещенные символы. Проверьте правильность ввода";
return $mensaje;
}
}
$password = tuc($password);
$cpassword = tuc($cpassword);
if($country!='') $country = tuc($country);
minimopass($password);
if($password!=$cpassword)
{
echo "<img src="images/error.png" align="middle"> Пароль не совпадает.";
}else{
if($asd!=1)
{
$user=uc($_SESSION["username"]);
$queryb = "UPDATE tb_users SET password='$password', country='$country' WHERE username='$user'";
mysql_query($queryb) or die(mysql_error());
$_SESSION["password"]=$password;
?>
<script type="text/javascript">
location.replace("profile.php");
</script>
<noscript>
<meta http-equiv="refresh" content="0; url=profile.php">
</noscript>
<?
}
}
}
}
$user=uc($_SESSION["username"]);
$sql = "SELECT * FROM tb_users WHERE username='$user'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
?>
<div align="center"><div id="form">
<fieldset style="background: #fff; width: 100%;">
<span style="color:#f00; font-weight:bold">WMID и WM<?=$v?> кошелек изменить нельзя! В случае возникновения такой необходимости, обратитесь к Администрации!</span><br>
<form action="profile.php" method="POST">
<table width="400" border="0" align="center">
<tr>
<td width="150" align="left"><p><label>Пароль:</label></label></p></td>
<td width="250" align="left"><input type="password" size="25" maxlength="15" name="password" value="<? echo $row["password"]; ?>" class="field" value="" tabindex="1"></td>
</tr>
<tr>
<td width="150" align="left"><p><label>Пароль еще раз:</label></p></td>
<td width="250" align="left"><input type="password" size="25" maxlength="15" name="cpassword" value="<? echo $row["password"]; ?>" class="field" value="" tabindex="1"></td>
</tr>
<tr>
<td width="150" align="left"><p><label>WMID:</label></p></td>
<td width="250" align="left"><input type="text" readonly="readonly" size="25" maxlength="12" name="wmid" value="<? echo $row["wmid"]; ?>" class="field" value="" tabindex="1"></td>
</tr>
<tr>
<td width="150" align="left"><p><label>WM<?=$v ?> кошелек:</label></p></td>
<td width="250" align="left"><input type="text" readonly="readonly" size="25" maxlength="13" name="wmpurse" value="<? echo $row["pemail"]; ?>" class="field" value="" tabindex="1"></td>
</tr>
<tr>
<td width="150" align="left"><p><label>Страна:</label></p></td>
<td width="250" align="left"><input type="text" size="25" maxlength="15" name="country" autocomplete="off" class="field" value="<? echo $row["country"]; ?>" tabindex="1"></td>
</tr>
<tr>
<td width="150" align="left"><p><label>Код:</label></p></td>
<td width="250" align="left"><input type='text' size='3' maxlength='3' name='code' autocomplete="off" class="securitycode" value="" tabindex="3"></td>
</tr>
<tr>
<td width="150" align="left"> </td>
<td width="250" align="left"><img src="image.php?<?php echo $res; ?>"></td>
</tr>
<tr>
<td width="150" align="left"> </td>
<td width="250" align="right"><input type="submit" value="Сохранить" class="submit" tabindex="4"></td>
</tr>
</table>
</form>
</fieldset>
</div></div>
<?
mysql_close($con);
?>
<? include('footer.php'); ?>