$wishes = $post_get->getvar("wishes"); $publicity = $post_get->getenumkeys("publicity", $langPublicities); $character_name = $post_get->getvar("character_name"); $character_age = $post_get->getadate("character_age"); $country = $post_get->getenumkeys("country", $langCountries); $birth = $post_get->getenumkeys("birth", $langBirthes); $rank = $post_get->getenumkeys("rank", $langRanks); $quota = $post_get->getenumkeys("quota", $langQuotas); $quenta = $post_get->getvar("quenta"); $wishes2 = $post_get->getvar("wishes2"); $go_royal_wedding = $post_get->getvar("go_royal_wedding", "0|1", "0"); if (isAdmin($editorid)) { $master_note = $post_get->getvar("master_note"); } else { $sql = "SELECT master_note\n\t\tFROM " . PREF . "users\n\t\tWHERE id={$userid}\n\t\tLIMIT 1"; $master_note = (string) db_result00($sql); } $sql = "UPDATE " . PREF . "users\n\tSET name='{$name}',\n\t\tnick='{$nick}',\n\t\tcity='{$city}',\n\t\tage='{$age}',\n\t\tcontacts='{$contacts}',\n\t\tcontraindication='{$contraindication}',\n\t\tchronicdesease='{$chronicdesease}',\n\t\twishes='{$wishes}',\n\t\tpublicity='{$publicity}',\n\t\tcharacter_name='{$character_name}',\n\t\tcharacter_age='{$character_age}',\n\t\tcountry='{$country}',\n\t\tbirth='{$birth}',\n\t\trank='{$rank}',\n\t\tquota='{$quota}',\n\t\tquenta='{$quenta}',\n\t\twishes2='{$wishes2}',\n\t\tmaster_note='{$master_note}',\n\t\tgo_royal_wedding={$go_royal_wedding}\n\n\tWHERE id={$userid}\n\tLIMIT 1"; query($sql); $updated = (bool) affected_rows(); if (isset($_FILES["photo"]) && $_FILES["photo"]['error'] != 4) { $options = new FileUploadOptions(); $options->key = "photo"; $options->extensions = ["png", "jpg", "jpeg", "gif"]; $options->dir = "../photos/"; $options->is_critical = true; $options->neoname = photoFileName($email) . ".jpg"; if (file_exists("../photos/{$options->neoname}")) { unlink("../photos/{$options->neoname}"); } $filename = file_upload($options);
function isAdmin($id) { $id = (int) $id; $sql = "SELECT is_admin\n\t\tFROM " . PREF . "users\n\t\tWHERE active=1 AND id={$id}\n\t\tLIMIT 1"; $ret = (bool) db_result00($sql); return $ret; }
die("Введите корректный e-mail, чтобы войти или восстановить пароль. "); } $userid = emailToId($email); if (!$userid) { $text = <<<EOT E-mail {$email} не зарегистрирован. <br /> Воспользуйтесь <a href="/#register">формой регистрации</a> на главной странице. <br /> По техническим вопросам обращайтесь к Бодигриму (andrew.lelechenko@gmail.com, skype bodigrim). EOT; echo $text; die; } $hash = bcrypt($password); $sql = "SELECT id\n\tFROM " . PREF . "users\n\tWHERE id={$userid} AND pwhash='{$hash}'\n\tLIMIT 1"; $rows = (int) db_result00($sql); if (!$rows) { $text = <<<EOT Не удалось войти, поскольку пароль не подходит. На всякий случай мы отправили вам ваш пароль на почту еще раз. <br /> Воспользуйтесь <a href="/#register">формой входа</a> на главной странице еще раз. <br /> По техническим вопросам обращайтесь к Бодигриму (andrew.lelechenko@gmail.com, skype bodigrim). EOT; echo $text; remindPassword($userid); die; } set_login_cookies($userid, $email, $hash); redirect(isAdmin($userid) ? "/table.php" : "/edit.php?" . http_build_query(["email" => $email]));
function db_unescape($str) { if (!is_array($str)) { $sql = "SELECT '{$str}'"; $str = (string) db_result00($sql); } else { foreach ($str as $key => $value) { $str[$key] = db_escape($value); } } return $str; }