Файл: profile.php
Строк: 158
<?php
include('common.php');
$gaid = getarg('id', 0);
$do = getarg('do');
if(islogged()){
if($gaid == 0)
$gaid = getid();
if($do == 'ban'){
if(checkmod()){
$uusername = getusername($gaid);
if(!checkadmin($uusername)){
if(checkbanned($uusername)){
mysql_query("update `users` set `banned`='0', `bantime`='0' where `id`='$gaid'");
}else{
mysql_query("update `users` set `banned`='1', `bantime`='".time()."' where `id`='$gaid'");
}
}
}
echo'<div class="list2"><a href="/profile.php?id='.$gaid.'">'.$lang['continue'].'</a></div>';
}
elseif($do == 'delete'){
$query = mysql_query("SELECT * FROM `users` WHERE `id` ='$gaid'");
if(mysql_num_rows($query) > 0 && !checkadmin(getusername($gaid))){
if(checkadmin()){
mysql_query("delete from `invites` where `user`='$gaid'");
mysql_query("delete from `online` where `user`='$gaid'");
mysql_query("update `posts` set `poster`='1' where `poster`='$gaid'");
mysql_query("delete from `private` where `to`='$gaid'");
mysql_query("update `private` set `from`='1' where `from`='$gaid'");
mysql_query("delete from `recover` where `user`='$gaid'");
mysql_query("update `shoutbox` set `user`='1' where `user`='$gaid'");
mysql_query("update `threads` set `poster`='1' where `poster`='$gaid'");
mysql_query("delete from `users` where `id`='$gaid'");
}
}
echo'<div class="list2"><a href="/">'.$lang['continue'].'</a></div>';
}
elseif($do == 'edit'){
$query=mysql_query("select * from `users` where `id`='$gaid'");
if(mysql_num_rows($query) > 0){
if($gaid == getid() || checkadmin()){
$result = mysql_fetch_array($query);
if(isset($_POST['email']) && !empty($_POST['email'])){
$email = clean($_POST['email']);
mysql_query("update `users` set `email`='$email' where `id`='$gaid'");
$oldpassword = isset($_POST['oldpassword']) ? (empty($_POST['oldpassword']) ? '' : clean($_POST['oldpassword'])) : '';
$newpassword = isset($_POST['newpassword']) ? (empty($_POST['newpassword']) ? '' : clean($_POST['newpassword'])) : '';
$apass = rand(1111, 9999) . 'empty';
if($gaid != getid())
$oldpassword = $apass;
if($oldpassword != '' && $newpassword != ''){
$oldpassword = md5(md5($oldpassword));
if($oldpassword == $result['password'] || $oldpassword == $apass){
if($gaid == getid())
$_SESSION['password'] = $newpassword;
mysql_query("update `users` set `password`='".md5(md5($newpassword))."' where `id`='$gaid'");
}
}
if(isset($_POST['lang'])){
$langs=clean($_POST['lang']);
mysql_query("update `users` set `lang`='$langs' where `id`='$gaid'");
}
echo'<div class="list2"><a href="/profile.php?id='.$gaid.'">'.$lang['continue'].'</a></div>';
}else{
echo theader($lang['editprofile']);
echo '<div class="list2">' . $lang['editprofile'] . '</div>
<form method="post" action="/profile.php?id=' . $gaid . '&do=edit">
<div class="list2">' . $lang['email'] . ':<br />
<input type="text" name="email" value="' . $result['email'] . '" /><br />';
$nums=mysql_num_rows(mysql_query("select * from `language`"));
if($nums){
echo $lang['userlang'].':<br /><select name="lang">';
$query=mysql_query("select * from `language` order by `id`");
while($res=mysql_fetch_assoc($query)){
echo'<option value="'.$res['id'].'">'.$res['name'].'</option>';
}
echo'</select><br />';
}
if($gaid == getid()){
echo $lang['oldpassword'] . ':<br /><input type="password" name="oldpassword" /><br />';
}
echo $lang['newpassword'] . ':<br /><input type="password" name="newpassword" /><br />
<input type="submit" value="' . $lang['edit'] . '" />
</form></div><div class="list2">
<a href="/profile.php?id=' . $gaid . '">' . $lang['back'] . '</a><br />
<a href="/index.php">' . $lang['main'] . '</a></div>';
}
}else{echo'<div class="list2"><a href="/">'.$lang['continue'].'</a></div>';}
}else{echo'<div class="list2"><a href="/">'.$lang['continue'].'</a></div>';}
}else{
if($gaid == getid()){
echo theader($lang['myprofile']);
}else{
echo theader($lang['profile'] . ' / ' . getusername($gaid));
}
$query=mysql_query("select * from `users` where `id`='$gaid'");
if(mysql_num_rows($query) > 0){
$result = mysql_fetch_array($query);
$pusername = clean($result['username']);
$email = clean($result['email']);
$date = clean($result['date']);
$level = intval(clean($result['status']));
$status = formatstatus($level);
if(intval(clean($result['banned'])) > 0)
$status = $lang['status']['banned'];
$useragent = $result['useragent'];
$userip = $result['userip'];
$query = mysql_query('SELECT COUNT(*) FROM `threads` WHERE `poster` = '' . $gaid . '';');
$result = mysql_fetch_array($query);
$threads = intval($result[0]);
$query = mysql_query('SELECT COUNT(*) FROM `posts` WHERE `poster` = '' . $gaid . '';');
$result = mysql_fetch_array($query);
$posts = intval($result[0]);
$query = mysql_query('SELECT COUNT(*) FROM `shoutbox` WHERE `user` = '' . $gaid . '';');
$result = mysql_fetch_array($query);
$shouts = intval($result[0]);
$query = mysql_query('SELECT COUNT(*) FROM `private` WHERE `to` = '' . $gaid . '';');
$result = mysql_fetch_array($query);
$inpms = intval($result[0]);
$query = mysql_query('SELECT COUNT(*) FROM `private` WHERE `from` = '' . $gaid . '';');
$result = mysql_fetch_array($query);
$outpms = intval($result[0]);
echo '<div class="list2"><a href="/private.php?do=write&to=' . $pusername . '">' . $lang['pmsend'] . '</a></div>
<div class="list2">
' . $lang['username'] . ': ' . $pusername . '<br />
' . $lang['status']['status'] . ': ' . $status . '<br />
' . $lang['email'] . ': ' . $email . '<br />
' . $lang['numthreads'] . ': ' . $threads . '<br />
' . $lang['posts'] . ': ' . $posts . '<br />
' . $lang['shouts'] . ': ' . $shouts . '<br />
' . $lang['numpms'] . ': ' . $inpms . ' / ' . $outpms . '<br />
' . $lang['regdate'] . ': ' . date('d/m/Y, H:i:s', $date) . '<br />';
if(checkmod()){
echo $lang['useragent'] . ': ' . $useragent . '<br />
' . $lang['userip'] . ': ' . $userip . '<br />';
if(checkbanned($pusername))
echo '<a href="/profile.php?id=' . $gaid . '&do=ban">' . $lang['unban'] . '</a>';
else
echo '<a href="/profile.php?id=' . $gaid . '&do=ban">' . $lang['ban'] . '</a>';
if(!checkadmin())
echo '<br />';
}
if(checkadmin())
echo ' | <a href="/profile.php?id=' . $gaid . '&do=delete">' . $lang['delete'] . '</a><br />';
echo '</div>';
if($gaid == getid() || checkadmin())
echo '<div class="list2"><a href="/profile.php?id=' . $gaid . '&do=edit">' . $lang['edit'] . '</a></div>
<div class="list2"><a href="/index.php">' . $lang['back'] . '</a></div>';
}else{
echo '<div class="list2">' . $lang['usernotexist'] . '</div>
<div class="list2"><a href="/index.php">' . $lang['back'] . '</a></div>';
}
}
echo tfooter();
}else{echo '<div class="list2">'.$lang['error'].'</div>';}
exit();
?>