if ($_POST['password'] == $_POST['c_pass'] && $_POST['password'] != '') { // insert into / update tables $sql = "UPDATE users set password=md5('" . $_POST['password'] . "') where id=" . $_POST['u_id']; $result = mysql_query($sql); $_SESSION[$_CONF['sess_name'] . '_password'] = $password; $t = "Message..."; $b = "Your password has been updated.<br />\n\t\t\t\t<FORM action=" . $_SERVER['PHP_SELF'] . "?lev=" . $_GET['lev'] . "&cat=" . $_GET['cat'] . " method=POST>\n\t\t\t\t<INPUT type=submit name=finish value=Continue>\n\t\t\t\t</FORM>"; $main .= "<br />" . make_box($t, $b, "yellow"); } else { $t = "ERROR..."; $b = "Your passwords did not match. Press your Browser's BACK\n\t\t\t\t\tbutton and please fix. <br />\n\t\t\t\t\tBlank Passwords are not allowed."; $main .= "<br />" . make_box($t, $b, "red"); } } if (isset($_POST['modify_ui'])) { if (uname_ok($_POST['u_name'], $_POST['u_id']) && check_email_address($_POST['u_email'])) { $query = "UPDATE users set first='" . $_POST['u_fname'] . "',last='" . $_POST['u_lname'] . "', email='" . $_POST['u_email'] . "', \n\t\t\t\t\tu_name='" . $_POST['u_name'] . "' where id=" . $_POST['u_id']; $result = mysql_query($query); $_SESSION[$_CONF['sess_name'] . '_username'] = $_POST['u_name']; $t = "Message..."; $b = "User Information updated.<br />\n\t\t\t\t<FORM action=" . $_SERVER['PHP_SELF'] . "?lev=" . $_GET['lev'] . "&cat=" . $_GET['cat'] . " method=POST>\n\t\t\t\t<INPUT type=submit name=finish value=Continue>\n\t\t\t\t</FORM>"; $main .= "<br />" . make_box($t, $b); } else { if (!check_email_address($_POST['u_email'])) { $t = "ERROR..."; $b = "Your email address does not appear to be valid.<br />"; $main .= "<br />" . make_box($t, $b, "red"); } else { $t = "ERROR..."; $b = "That user name is taken. Press your Browser's BACK\n\t\t\t\t\t\tbutton and please fix."; $main .= "<br />" . make_box($t, $b, "red");
function check_user_info($u_name, $u_id, $address) { $results = array(result => true, message => ""); // check the u_name if (!uname_ok($u_name, $u_id)) { $results[result] = false; $results[message] .= "The username {" . $u_name . "} is already in use. Please try \r\nanother.<BR>"; } // check the passwords match if ($pass != $confirm_pass) { $results[result] = false; $results[message] .= "The passwords did not match.<BR>"; } // check the email is OK and not blank if (!check_email_address($address)) { $results[result] = false; $results[message] .= "There is a problem with the email address.<BR>"; $results[message] .= "Please make sure the email address has no spaces.<BR>"; $results[message] .= "It should look like username@domain.com AND IS case sensitive.<BR>"; } return $results; }