function addwebsite()
{
$newsite = mysql_real_escape_string($_POST['newsite']);
$theme = $_POST['theme'];
$pseudo = $_SESSION['username'];
$connect = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db("chevre_rose") or die(mysqli_error($connect));
$ret = mysql_query("INSERT INTO `chevre_rose`.`listsite` (`site`, `theme`) VALUES ('{$newsite}', '{$theme}');") or die(mysql_error());
mysql_query("UPDATE user SET credit = credit + 10 WHERE pseudo = '{$pseudo}';");
refreshsession($pseudo);
echo "<script>alert(\"{$newsite} a ete ajouter a la liste des site, Merci. Vous avez gagner 10 credits\");</script>";
}
function modmail()
{
$mdp = mysql_real_escape_string($_POST['oldpwd']);
$newmail = mysql_real_escape_string($_POST['newmail']);
$pseudo = $_SESSION['username'];
$mdp = MD5($mdp);
$connect = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db("chevre_rose") or die(mysqli_error($connect));
$user = mysql_query("SELECT * FROM user WHERE pseudo = '{$pseudo}' && password = '******';") or die(mysql_error() . ' when we select');
$nb = mysql_num_rows($user);
if ($nb == 0) {
echo '<script>alert("L\'identifiant ou le mot de passe est erroné.");</script>';
return;
}
$row = mysql_fetch_array($user, MYSQL_ASSOC);
$id = $row['id'];
mysql_query("UPDATE user SET email = '{$newmail}' WHERE id = {$id};");
mysql_close($connect);
refreshsession($pseudo, $mdp);
}
