<p id="message"></p> <form action="" method="post" name="regForm" > User: <?php echo $username; ?> <input type="hidden" id="user" value="<?php echo $username; ?> "> <br /> <?php open_db(); $sql = "SELECT user_level, country, e_mail, first_name, last_name FROM user WHERE user_id='{$username}';"; $userdata = query_one_row($sql); ?> <fieldset> <legend>Change Password</legend> Old password: <input type="password" id="old_pass"> <br /> New password: <input type="password" id="new_pass"> <br /> Repeat password: <input type="password" id="new_pass_again"> <br /> <input type="button" value="Change" onClick= "pwd_change();"> </fieldset> <fieldset> <legend>Change Contact information</legend> e-mail: <input type="text" id="email" value="<?php echo $userdata[2]; ?>
<?php // database utilities require_once 'utils.php'; if (!$loggedin) { if (isset($_POST["user"])) { $u = $_POST["user"]; $password = $_POST["pass"]; // select database open_db(); // Is there a user in the DB with this name & pwd? $sql = "SELECT 1 FROM user WHERE user_id='" . $u . "' AND pwd = '" . $password . "'"; if (query_one_row($sql)) { debug_msg("User found."); $loggedin = true; setcookie("user", $u, time() + 3600, "/"); $sql = "UPDATE session SET session_user='******'"; $sql = $sql . " WHERE session_id='" . session_id() . "'"; query_db($sql); } } } if (!$loggedin) { header("HTTP/1.1 403 Forbidden"); exit; }
function query_one_item($sql) { $result = query_one_row($sql); if (!$result) { return false; } else { return $result[0]; } }
session_start(); $file = $_GET["file"]; debug_msg("Parsing file info: " . $file . ", " . strlen($file) . " characters"); // Parse file to find name and path $fname_pos = strrpos($file, "/"); debug_msg("file name found at character no: " . $fname_pos); $file_name = substr($file, $fname_pos + 1, strlen($file) - $fname_pos - 5); $start_path = 0; // if editor is being used, then look for a leading ../ and remove from path if ($_GET["editor"] == "on") { if (strpos($file, "../") == 0) { $start_path = 3; } } // path is everything up to the final / $file_path = substr($file, $start_path, $fname_pos - $start_path); debug_msg("Looking for file (name: " . $file_name . "; path: " . $file_path . ")"); // select database open_db(); $sql = "SELECT file_id FROM file WHERE file_name='" . $file_name . "' AND file_path='" . $file_path . "' "; $file_data = query_one_row($sql); if ($file_data) { // update the data if the file was found $file_id = $file_data[0]; $rating = $_GET['rate']; //needs validation - number $sql = "INSERT INTO file_rating VALUES ({$file_id}, '{$username}', {$rating});"; query_db($sql); } close_db(); // on ferme la connexion