$wishes = $post_get->getvar("wishes");
$publicity = $post_get->getenumkeys("publicity", $langPublicities);
$character_name = $post_get->getvar("character_name");
$character_age = $post_get->getadate("character_age");
$country = $post_get->getenumkeys("country", $langCountries);
$birth = $post_get->getenumkeys("birth", $langBirthes);
$rank = $post_get->getenumkeys("rank", $langRanks);
$quota = $post_get->getenumkeys("quota", $langQuotas);
$quenta = $post_get->getvar("quenta");
$wishes2 = $post_get->getvar("wishes2");
$go_royal_wedding = $post_get->getvar("go_royal_wedding", "0|1", "0");
if (isAdmin($editorid)) {
$master_note = $post_get->getvar("master_note");
} else {
$sql = "SELECT master_note\n\t\tFROM " . PREF . "users\n\t\tWHERE id={$userid}\n\t\tLIMIT 1";
$master_note = (string) db_result00($sql);
}
$sql = "UPDATE " . PREF . "users\n\tSET name='{$name}',\n\t\tnick='{$nick}',\n\t\tcity='{$city}',\n\t\tage='{$age}',\n\t\tcontacts='{$contacts}',\n\t\tcontraindication='{$contraindication}',\n\t\tchronicdesease='{$chronicdesease}',\n\t\twishes='{$wishes}',\n\t\tpublicity='{$publicity}',\n\t\tcharacter_name='{$character_name}',\n\t\tcharacter_age='{$character_age}',\n\t\tcountry='{$country}',\n\t\tbirth='{$birth}',\n\t\trank='{$rank}',\n\t\tquota='{$quota}',\n\t\tquenta='{$quenta}',\n\t\twishes2='{$wishes2}',\n\t\tmaster_note='{$master_note}',\n\t\tgo_royal_wedding={$go_royal_wedding}\n\n\tWHERE id={$userid}\n\tLIMIT 1";
query($sql);
$updated = (bool) affected_rows();
if (isset($_FILES["photo"]) && $_FILES["photo"]['error'] != 4) {
$options = new FileUploadOptions();
$options->key = "photo";
$options->extensions = ["png", "jpg", "jpeg", "gif"];
$options->dir = "../photos/";
$options->is_critical = true;
$options->neoname = photoFileName($email) . ".jpg";
if (file_exists("../photos/{$options->neoname}")) {
unlink("../photos/{$options->neoname}");
}
$filename = file_upload($options);
function isAdmin($id)
{
$id = (int) $id;
$sql = "SELECT is_admin\n\t\tFROM " . PREF . "users\n\t\tWHERE active=1 AND id={$id}\n\t\tLIMIT 1";
$ret = (bool) db_result00($sql);
return $ret;
}
die("Введите корректный e-mail, чтобы войти или восстановить пароль. ");
}
$userid = emailToId($email);
if (!$userid) {
$text = <<<EOT
E-mail {$email} не зарегистрирован.
<br />
Воспользуйтесь <a href="/#register">формой регистрации</a> на главной странице.
<br />
По техническим вопросам обращайтесь к Бодигриму (andrew.lelechenko@gmail.com, skype bodigrim).
EOT;
echo $text;
die;
}
$hash = bcrypt($password);
$sql = "SELECT id\n\tFROM " . PREF . "users\n\tWHERE id={$userid} AND pwhash='{$hash}'\n\tLIMIT 1";
$rows = (int) db_result00($sql);
if (!$rows) {
$text = <<<EOT
Не удалось войти, поскольку пароль не подходит. На всякий случай мы отправили вам ваш пароль на почту еще раз.
<br />
Воспользуйтесь <a href="/#register">формой входа</a> на главной странице еще раз.
<br />
По техническим вопросам обращайтесь к Бодигриму (andrew.lelechenko@gmail.com, skype bodigrim).
EOT;
echo $text;
remindPassword($userid);
die;
}
set_login_cookies($userid, $email, $hash);
redirect(isAdmin($userid) ? "/table.php" : "/edit.php?" . http_build_query(["email" => $email]));
function db_unescape($str)
{
if (!is_array($str)) {
$sql = "SELECT '{$str}'";
$str = (string) db_result00($sql);
} else {
foreach ($str as $key => $value) {
$str[$key] = db_escape($value);
}
}
return $str;
}
