Файл: editprofile.php
Строк: 60
<?php
require('includes/header.php');
require('includes/utils.php');
require('includes/db.php');
require('includes/auth.php');
require('includes/config.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
mysql_query('UPDATE users SET name = "' . addslashes($_POST['name']) . '", surname = "' . addslashes($_POST['surname']) . '", email = "' . addslashes($_POST['email']) . '" WHERE login = "' . $login . '"');
if($_POST['pass'] != '')
mysql_query('UPDATE users SET password = "' . md5($_POST['pass']) . '" WHERE login = "' . $login . '"');
?>
<wml>
<card id="ok" title="ok" ontimer="main.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>"><timer value="15"/>
<do type="prev" label="назад"><prev/></do>
<p align="center">
<b>Ваши данные изменены</b>
</p>
</card>
</wml>
<?php
exit;
}
else
{
$users = mysql_query('SELECT id, login, name, surname, email FROM users WHERE id = "' . (int)($_GET['id']) . '" AND login = "' . addslashes($_GET['p']) . '"');
$user = mysql_fetch_array($users, MYSQL_ASSOC);
?>
<wml>
<card id="profile" title="Профайл">
<p>
Ваш сайт: http://<?php echo $login . '.' . $server_name; ?><br/>
Логин: <?php echo $user['login']; ?><br/>
Пароль:<input name="pass" value="" maxlength="10" title="pass"/><br/>
Имя:<input name="name" value="<?php echo $user['name']; ?>" maxlength="20" title="name"/><br/>
Фамилия:<input name="surname" value="<?php echo $user['surname']; ?>" maxlength="20" title="surname"/><br/>
Контактный e-mail: <input name="email" value="<?php echo $user['email']; ?>" maxlength="50" title="sendmail"/><br/><br/>
<anchor title="go">Сохранить изменения<go href="editprofile.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>" method="post">
<postfield name="pass" value="$(pass)"/>
<postfield name="name" value="$(name)"/>
<postfield name="surname" value="$(surname)"/>
<postfield name="email" value="$(email)"/>
</go></anchor><br/>
или<br/>
<a href="main.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>">Выйти</a>
</p>
</card>
</wml>
<?php
}
?>