if ($_POST['password'] == $_POST['c_pass'] && $_POST['password'] != '') {
// insert into / update tables
$sql = "UPDATE users set password=md5('" . $_POST['password'] . "') where id=" . $_POST['u_id'];
$result = mysql_query($sql);
$_SESSION[$_CONF['sess_name'] . '_password'] = $password;
$t = "Message...";
$b = "Your password has been updated.<br />\n\t\t\t\t<FORM action=" . $_SERVER['PHP_SELF'] . "?lev=" . $_GET['lev'] . "&cat=" . $_GET['cat'] . " method=POST>\n\t\t\t\t<INPUT type=submit name=finish value=Continue>\n\t\t\t\t</FORM>";
$main .= "<br />" . make_box($t, $b, "yellow");
} else {
$t = "ERROR...";
$b = "Your passwords did not match. Press your Browser's BACK\n\t\t\t\t\tbutton and please fix. <br />\n\t\t\t\t\tBlank Passwords are not allowed.";
$main .= "<br />" . make_box($t, $b, "red");
}
}
if (isset($_POST['modify_ui'])) {
if (uname_ok($_POST['u_name'], $_POST['u_id']) && check_email_address($_POST['u_email'])) {
$query = "UPDATE users set first='" . $_POST['u_fname'] . "',last='" . $_POST['u_lname'] . "', email='" . $_POST['u_email'] . "', \n\t\t\t\t\tu_name='" . $_POST['u_name'] . "' where id=" . $_POST['u_id'];
$result = mysql_query($query);
$_SESSION[$_CONF['sess_name'] . '_username'] = $_POST['u_name'];
$t = "Message...";
$b = "User Information updated.<br />\n\t\t\t\t<FORM action=" . $_SERVER['PHP_SELF'] . "?lev=" . $_GET['lev'] . "&cat=" . $_GET['cat'] . " method=POST>\n\t\t\t\t<INPUT type=submit name=finish value=Continue>\n\t\t\t\t</FORM>";
$main .= "<br />" . make_box($t, $b);
} else {
if (!check_email_address($_POST['u_email'])) {
$t = "ERROR...";
$b = "Your email address does not appear to be valid.<br />";
$main .= "<br />" . make_box($t, $b, "red");
} else {
$t = "ERROR...";
$b = "That user name is taken. Press your Browser's BACK\n\t\t\t\t\t\tbutton and please fix.";
$main .= "<br />" . make_box($t, $b, "red");
function check_user_info($u_name, $u_id, $address)
{
$results = array(result => true, message => "");
// check the u_name
if (!uname_ok($u_name, $u_id)) {
$results[result] = false;
$results[message] .= "The username {" . $u_name . "} is already in use. Please try \r\nanother.<BR>";
}
// check the passwords match
if ($pass != $confirm_pass) {
$results[result] = false;
$results[message] .= "The passwords did not match.<BR>";
}
// check the email is OK and not blank
if (!check_email_address($address)) {
$results[result] = false;
$results[message] .= "There is a problem with the email address.<BR>";
$results[message] .= "Please make sure the email address has no spaces.<BR>";
$results[message] .= "It should look like username@domain.com AND IS case sensitive.<BR>";
}
return $results;
}
