if ($_POST['action'] == 'saveprofile') {
if ($eddateformat == $defaultdateformat) {
$eddateformat = '';
}
if ($eddateshort == $defaultdateshort) {
$eddateshort = '';
}
sbr(0, $signature);
sbr(0, $bio);
sbr(0, $postheader);
$minipic = htmlspecialchars($minipic);
$avatar = htmlspecialchars($avatar);
$birthday = @mktime(0, 0, 0, $bmonth, $bday, $byear);
if (!$bmonth && !$bday && !$byear) {
$birthday = 0;
}
//$sql->query("INSERT logs SET useraction ='Edit User ".$user[nick]."(".$user[id]."'");
if ($password) {
$passedit = "`password` = '" . getpwhash($password, $userid) . "', ";
}
if ($sex == -378) {
$sex = $sexn;
}
if ($userid == 1 && $loguserid != 1) {
xk_ircsend("1|" . xk(7) . "Someone (*cough{$loguserid}cough*) is trying to be funny...");
}
$sql->query("UPDATE `users` SET\r\n\t\t`posts` = '{$numposts}',\r\n\t\t`regdate` = '{$regtime}',\r\n\t\t`name` = '{$username}',\r\n\t\t{$passedit}\r\n\t\t`picture` = '{$picture}',\r\n\t\t`signature` = '{$signature}',\r\n\t\t`bio` = '{$bio}',\r\n\t\t`powerlevel` = '{$powerlevel}',\r\n\t\t`title` = '{$usertitle}',\r\n\t\t`email` = '{$email}',\r\n\t\t`icq` = '{$icq}',\r\n\t\t`aim` = '{$aim}',\r\n\t\t`aka` = '{$aka}',\r\n\t\t`sex` = '{$sex}',\r\n\t\t`homepageurl` = '{$homepage}',\r\n\t\t`timezone` = '{$timezone}',\r\n\t\t`dateformat`\t\t= '{$eddateformat}',\r\n\t\t`dateshort`\t\t\t= '{$eddateshort}',\r\n\t\t`postsperpage` = '{$postsperpage}',\r\n\t\t`realname` = '{$realname}',\r\n\t\t`location` = '{$location}',\r\n\t\t`postbg` = '{$postbg}',\r\n\t\t`postheader` = '{$postheader}',\r\n\t\t`useranks` = '{$useranks}',\r\n\t\t`birthday` = '{$birthday}',\r\n\t\t`minipic` = '{$minipic}',\r\n\t\t`homepagename` = '{$pagename}',\r\n\t\t`scheme` = '{$sscheme}',\r\n\t\t`threadsperpage` = '{$threadsperpage}',\r\n\t\t`viewsig` = '{$viewsig}',\r\n\t\t`layout` = '{$tlayout}'," . "`moodurl` = '{$moodurl}',\r\n\t\t`profile_locked` = '{$profile_locked}',\r\n\t\t`editing_locked` = '{$editing_locked}',\r\n\t\t`titleoption` = '{$titleoption}'\r\n\tWHERE `id` = '{$userid}'") or print mysql_error();
print "\r\n\t{$tblstart}\r\n\t {$tccell1}>Thank you, {$loguser['name']}, for editing this user.<br>\r\n\t " . redirect("profile.php?id={$userid}", "view {$username}'s profile", 0) . "\r\n\t{$tblend}";
}
print $footer;
printtimedif($startingtime);
$userlevel = 3;
}
$currenttime = ctime();
$ipaddr = getenv("REMOTE_ADDR");
if (!$x_hacks['host'] && false) {
$sql->query("INSERT INTO `pendingusers` SET `username` = '{$name}', `password` = '" . $pass . "', `ip` = '{$ipaddr}', `time` = '{$currenttime}'") or print mysql_error();
// $sql->query("INSERT INTO `ipbans` SET `ip` = '$ipaddr', `reason` = 'Automagic ban', `banner` = 'Acmlmboard'");
print "{$tccell1}>Thank you, {$username}, for registering your account.<br>" . redirect('index.php', 'the board', 0);
} else {
$ircout['name'] = stripslashes($name);
$ircout['ip'] = $ipaddr;
// No longer useful
//$ircout['pmatch'] = $sql -> resultq("SELECT COUNT(*) FROM `users` WHERE `password` = '". md5($pass) ."'");
$sql->query("INSERT INTO `users` SET `name` = '{$name}', `password` = '" . md5($pass) . "', `powerlevel` = '0', `postsperpage` = '20', `threadsperpage` = '50', `lastip` = '{$ipaddr}', `layout` = '1', `scheme` = '0', `lastactivity` = '{$currenttime}', `regdate` = '{$currenttime}'") or print mysql_error();
$newuserid = mysql_insert_id();
$sql->query("UPDATE users SET `password` = '" . getpwhash($pass, $newuserid) . "' WHERE `id` = '{$newuserid}'");
$ircout['id'] = $newuserid;
xk_ircout("user", $ircout['name'], $ircout);
$sql->query("INSERT INTO `users_rpg` (`uid`) VALUES ('" . $newuserid . "')") or print mysql_error();
print "{$tccell1}>Thank you, {$username}, for registering your account.<br>" . redirect('index.php', 'the board', 0);
}
} else {
/* if ($password == "123") {
echo "$tccell1>Thank you, $username, for registering your account.<img src=cookieban.php width=1 height=1><br>".redirect('index.php','the board',0);
mysql_query("INSERT INTO `ipbans` (`ip`, `reason`, `date`) VALUES ('". $_SERVER['REMOTE_ADDR'] ."', 'blocked password of 123', '". ctime() ."')");
die();
}
*/
if ($userid != -1) {
$reason = "That username is already in use.";
} elseif ($nomultis) {
function checkuser($name, $pass)
{
global $hacks, $sql;
$user = $sql->fetchq("SELECT id,password FROM users WHERE name='{$name}'");
if (!$user) {
return -1;
}
if ($user['password'] !== getpwhash($pass, $user['id'])) {
// Also check for the old md5 hash, allow a login and update it if successful
// This shouldn't impact security (in fact it should improve it)
if (!$hacks['password_compatibility']) {
return -1;
} else {
if ($user['password'] === md5($pass)) {
// Uncomment the lines below to update password hashes
$sql->query("UPDATE users SET `password` = '" . getpwhash($pass, $user['id']) . "' WHERE `id` = '{$user['id']}'");
xk_ircsend("102|" . xk(3) . "Password hash for " . xk(9) . $name . xk(3) . " (uid " . xk(9) . $user['id'] . xk(3) . ") has been automatically updated.");
} else {
return -1;
}
}
}
return $user['id'];
}
$bio = preg_replace("'onload'si", 'o<z>nload', $bio);
$bio = preg_replace("'onfail'si", 'o<z>nfail', $bio);
$bio = preg_replace("'onhover'si", 'o<z>nhover', $bio);
$bio = preg_replace("'javascript'si", 'java<z>script', $bio);
$birthday = @mktime(12, 0, 0, $bmonth, $bday, $byear);
if (!$bmonth && !$bday && !$byear) {
$birthday = 0;
}
if (!$icq) {
$icq = 0;
}
if (!isset($useranks)) {
$useranks = $loguser[useranks];
}
if ($_POST['password']) {
$hash = getpwhash($_POST['password'], $loguserid);
$passwordenc = "`password` = '{$hash}', ";
if ($loguser['id'] == $loguserid) {
$verifyid = intval(substr($_COOKIE['logverify'], 0, 1));
$verify = create_verification_hash($verifyid, $hash);
setcookie('logverify', $verify, 2147483647, "/", $_SERVER['SERVER_NAME'], false, true);
}
} else {
// Sneaky! But no.
$passwordenc = '';
}
$sql->query("UPDATE users\r\n SET\t\t{$passwordenc}\r\n `picture` = '{$picture}',\r\n `minipic` = '{$minipic}',\r\n `signature` = '{$signature}',\r\n `bio` = '{$bio}',\r\n `email` = '{$email}',\r\n `icq` = '{$icq}',\r\n `title` = '{$title}',\r\n `useranks` = '{$useranks}',\r\n `aim` = '{$aim}',\r\n `sex` = '{$sex}',\r\n `homepageurl` = '{$homepage}',\r\n `homepagename` = '{$pagename}',\r\n `timezone` = '{$timezone}',\r\n `dateformat` = '{$eddateformat}',\r\n `dateshort` = '{$eddateshort}',\r\n `postsperpage` = '{$postsperpage}'," . "`realname` = '{$realname}',\r\n `location` = '{$location}',\r\n `postbg` = '{$postbg}',\r\n `postheader` = '{$postheader}',\r\n `birthday` = '{$birthday}',\r\n `scheme` = '{$sscheme}',\r\n `threadsperpage` = '{$threadsperpage}',\r\n `viewsig` = '{$viewsig}',\r\n `layout` = '{$tlayout}',\r\n `moodurl` = '" . $_POST['moodurl'] . "'," . "`imood` = '{$imood}',\r\n `signsep` = '{$signsep}',\r\n `pagestyle` = '{$pagestyle}',\r\n `pollstyle` = '{$pollstyle}'\r\n WHERE `id` = '{$loguserid}'") or print mysql_error();
print "{$header}<br>{$tblstart}{$tccell1}>Thank you, {$loguser['name']}, for editing your profile.<br>" . redirect("profile.php?id={$loguserid}", 'view your profile', 0) . $tblend;
}
print $footer;
printtimedif($startingtime);