$contact = $user['contact']; } if (isset($_POST['description'])) { $description = htmlentities(substr(trim($_POST['description']), 0, 512)); } else { $description = $user['description']; } // Only users can edit their own passwords-while admins can edit just about anything else if (isset($_POST['password']) && $_SESSION['username'] == $username && isset($_POST['changepass'])) { $password = $_POST['password']; $passlength = strlen($password); if ($passlength < 4) { $passErrString = "Sorry, your password must be at least 4 characters.<br />\n"; } else { // Everything checked out, so update. $db->setuserpass($username, $password); } } $picture_ext = $user['has_picture']; if (isset($_POST['remove_picture'])) { if ($picture_ext != null) { unlink(THpath . "images/profiles/" . $username . $ext); } $picture_ext = ""; } $picture_pending = $user['pic_pending']; if ($_FILES['picture']['error'] == 0 && $_FILES['picture']) { if ($picture_pending) { $imgErrString .= "Picture already pending admin approval.<br />\n"; } if ($_FILES['picture']['size'] > THprofile_maxpicsize) {