break;
case "timezone":
$val = (int) $_POST[$field . 'H'] * 3600 + (int) $_POST[$field . 'M'] * 60 * ((int) $_POST[$field . 'H'] < 0 ? -1 : 1);
$sets[] = $field . " = " . $val;
break;
case "displaypic":
case "minipic":
if ($_POST['remove' . $field]) {
$res = true;
$sets[] = $field . " = ''";
} else {
if ($_FILES[$field]['name'] == "" || $_FILES[$field]['error'] == UPLOAD_ERR_NO_FILE) {
continue;
}
$usepic = '';
$res = HandlePicture($field, $item['type'] == 'displaypic' ? 0 : 1, $usepic);
if ($res === true) {
$sets[] = $field . " = '" . SqlEscape($usepic) . "'";
} else {
Alert($res);
$failed = true;
$item['fail'] = true;
}
}
// delete the old image if needed
if ($res === true) {
if (substr($user[$field], 0, 6) == '$root/') {
// verify that the file they want us to delete is an internal avatar and not something else
$path = str_replace('$root/', DATA_DIR, $user[$field]);
if (!file_exists($path . '.internal')) {
continue;
} else {
Alert($res);
$failed = true;
$item["fail"] = true;
}
break;
case "minipic":
if ($_POST['remove' . $field]) {
@unlink($dataDir . "minipic/{$userid}");
$sets[] = $field . " = ''";
continue;
}
if ($_FILES[$field]['name'] == "" || $_FILES[$field]['error'] == UPLOAD_ERR_NO_FILE) {
continue;
}
$res = HandlePicture($field, 1, $item['errorname']);
if ($res === true) {
$sets[] = $field . " = '#INTERNAL#'";
} else {
Alert($res);
$failed = true;
$item["fail"] = true;
}
break;
}
}
}
}
//Force theme names to be alphanumeric to avoid possible directory traversal exploits ~Dirbaio
if (preg_match("/^[a-zA-Z0-9_]+\$/", $_POST['theme'])) {
$sets[] = "theme = '" . SqlEscape($_POST['theme']) . "'";
