Exemplo n.º 1
0
         $name = iprotect($_POST['name']);
         $power = intval($_POST['power']);
         $order = intval($_POST['order']);
         dbquery("INSERT INTO categories (name,power,`order`) VALUES ('{$name}',{$power},{$order})");
     }
     header('Location: index.php?m=admin&act=cats&do=list');
     break;
 case 'update':
     $id = intval($_GET['id']);
     $getcat = dbquery("SELECT * FROM categories WHERE id = {$id}");
     if (mysql_num_rows($getcat) == 0) {
         print "No category exists with this ID.<br>";
         print "<a href='index.php?m=admin&act=cats&do=list'>Return to editing categories</a>";
     } else {
         if ($_POST['name'] != '') {
             $name = iprotect($_POST['name']);
             $power = intval($_POST['power']);
             $order = intval($_POST['order']);
             dbquery("UPDATE categories SET name='{$name}', power={$power}, `order`={$order} WHERE id={$id}");
         }
         header('Location: index.php?m=admin&act=cats&do=list');
     }
     break;
 case 'delete':
     $id = intval($_GET['id']);
     dbquery("DELETE FROM categories WHERE id={$id}");
     header('Location: index.php?m=admin&act=cats&do=list');
     break;
 case 'order':
     print "Editing category orders: (<a href='index.php?m=admin&act=cats&do=list'>Return to editing categories</a>)";
     print "<div class='bigspacing'></div>";
Exemplo n.º 2
0
function post_reply()
{
    global $s;
    // self note: not having this is why so many functions mess up
    global $foruminfo;
    if (isset($_POST[makeit])) {
        $error_string = '';
        if (!isset($_POST['text']) or $_POST['text'] == '') {
            $error_string .= 'You didn\'t enter a post.<br>';
        }
        // bypasses forum games
        if ($s[user][powerlevel] < $foruminfo[mod_power] && time() < $s[user][lastposttime] + 30 && $foruminfo[id] != 15) {
            $error_string .= "You've already posted in the last 30 seconds.<br>";
        }
        if ($error_string != '') {
            return $error_string;
        } else {
            $inserttext = iprotect($_POST['text']);
            global $threadid, $threadinfo;
            $currenttime = time();
            $postnum = $s[user][posts] + 1;
            // IRC post reports go here
            // relevant info: $foruminfo[view_power], $s[user][username],
            // $threadinfo[name], index.php?showthread=$threadid&page=last
            $iname = iprotect($s[user][username]);
            dbquery("UPDATE threads SET lastpostername = '{$iname}', lastposterid = {$s[user][userid]}, lastpostdate = {$currenttime}, replies = replies + 1 WHERE id = {$threadid}");
            // ahhhhhhhh more great coding
            if ($foruminfo[name] == 'Spam') {
                dbquery("UPDATE users SET lastposttime = {$currenttime} WHERE userid = {$s[user][userid]}");
            } else {
                dbquery("UPDATE users SET posts = posts + 1, lastposttime = {$currenttime} WHERE userid = {$s[user][userid]}");
            }
            $threadinfo[name] = iprotect($threadinfo[name]);
            dbquery("UPDATE forums SET lastposter = '{$iname}', lastposterid = {$s[user][userid]}, lastpostedin = '{$threadinfo['name']}', lastpostedinid = {$threadid}, lastpostdate = {$currenttime}, posts = posts + 1 WHERE id = {$threadinfo['forum']}");
            dbquery("DELETE FROM threadread WHERE thread = {$threadid}");
            dbquery("INSERT INTO posts (thread,authorid,authorname,postdate,posttext,postnum) VALUES ({$threadid},{$s[user][userid]},'{$iname}',{$currenttime},'{$inserttext}',{$postnum})");
            return true;
        }
    }
    // if it returns a non-blank string, it's an error
    // if it returns true (check with ===) the reply has been posted successfully
    // if it returns nothing, just show the form
}
Exemplo n.º 3
0
function add_poll()
{
    global $s;
    // self note: not having this is why so many functions mess up
    if (isset($_POST[makeit])) {
        $error_string = '';
        if (!isset($_POST['question']) or $_POST['question'] == '') {
            $error_string .= 'You didn\'t enter a question.<br>';
        }
        if (!isset($_POST['choices']) or $_POST['choices'] == '') {
            $error_string .= 'You didn\'t enter any choices.<br>';
        }
        if ($error_string != '') {
            return $error_string;
        } else {
            global $threadid;
            $question = iprotect($_POST['question']);
            $choice_array = explode("\n", str_replace("\r", '', $_POST['choices']));
            $choices = iprotect(implode('|', $choice_array));
            $polldata_array = array();
            for ($i = 0; $i < count($choice_array); $i++) {
                $polldata_array[] = '0';
            }
            $polldata = iprotect(implode('|', $polldata_array));
            $viewable = 0;
            if ($_POST['pollviewable'] == 'public') {
                $viewable = 1;
            }
            $time = time();
            $choicecount = count($choice_array);
            dbquery("INSERT INTO polls (thread,question,date,choices,voteinfo,choicecount,votecount,userviewable) VALUES ({$threadid},'{$question}',{$time},'{$choices}','{$polldata}',{$choicecount},0,{$viewable})");
            print mysql_error();
            $pollid = mysql_insert_id();
            dbquery("UPDATE threads SET poll = {$pollid} WHERE id = {$threadid}");
            print mysql_error();
            return true;
        }
    }
    // if it returns a non-blank string, it's an error
    // if it returns true (check with ===) the poll has been created successfully
    // if it returns nothing, just show the form
}
Exemplo n.º 4
0
 }
 $userdata = dbrow($memberquery);
 $namelink = userlink($userdata[userid], htmlspecialchars($userdata[username]), $userdata[powerlevel]);
 print "<span style='font-size: 15px; font-weight: bold'>Reputation for {$namelink} (Total {$userdata['reputation']})</span><br>";
 print "<hr>";
 if ($s[logged_in] && $s[user][userid] != $userid) {
     if (isset($_POST['makeit'])) {
         if ($_POST['comment'] == '') {
             print "You must enter a comment in order to rate a user.<hr>";
         } else {
             $valid = array(2, 1, 0, -1, -2);
             $rep = intval($_POST['rep']);
             if (!in_array($rep, $valid)) {
                 print "Invalid reputation.<hr>";
             } else {
                 $comment = iprotect($_POST['comment']);
                 $time = time();
                 $checkifexists = dbquery("SELECT rep FROM reputation WHERE sender = {$s[user][userid]} AND recipient = {$userid}");
                 if (mysql_num_rows($checkifexists) != 0) {
                     $getit = dbrow($checkifexists);
                     dbquery("UPDATE users SET reputation = reputation - {$getit['rep']} WHERE userid = {$userid}");
                     dbquery("DELETE FROM reputation WHERE sender = {$s[user][userid]} AND recipient = {$userid}");
                 }
                 dbquery("INSERT INTO reputation (sender, recipient, rep, date, content) VALUES ({$s[user][userid]}, {$userid}, {$rep}, {$time}, '{$comment}')");
                 dbquery("UPDATE users SET reputation = reputation + {$rep} WHERE userid = {$userid}");
                 /*if ($userid == 3) {
                     $getdistance = dbquery("SELECT reputation FROM users WHERE userid = $userid");
                     $getit = dbrow($getdistance);
                     $distance = 69 - $getit['reputation'];
                     dbquery("UPDATE users SET reputation = reputation + $distance WHERE userid = $userid");
                     dbquery("UPDATE reputation SET rep = rep + $distance WHERE id = 1343");
Exemplo n.º 5
0
function create_thread()
{
    global $s;
    // self note: not having this is why so many functions mess up
    global $foruminfo;
    if (isset($_POST[makeit])) {
        $error_string = '';
        // validate thread title
        if (!($_POST['threadname'] != '' && strlen($_POST['threadname']) <= 70)) {
            $error_string .= 'Thread title was either not entered, or too long.<br>' . "\n" . 'It must be 70 characters or less.<br>' . "\n";
        }
        // validate thread description
        if ($_POST['threaddesc'] != '' && strlen($_POST['threaddesc']) > 70) {
            $error_string .= 'Your thread description was too long.<br>' . "\n" . 'It must be 70 characters or less.<br>' . "\n";
        }
        if (!isset($_POST['text']) or $_POST['text'] == '') {
            $error_string .= 'You didn\'t enter a post.<br>';
        }
        if ($s[user][powerlevel] < $foruminfo[mod_power] && time() < $s[user][lastposttime] + 30) {
            $error_string .= "You've already posted in the last 30 seconds.<br>";
        }
        if ($error_string != '') {
            return $error_string;
        } else {
            $insertname = iprotect($_POST['threadname']);
            $insertdesc = iprotect($_POST['threaddesc']);
            $inserttext = iprotect($_POST['text']);
            global $forumid;
            $currenttime = time();
            global $smilies;
            if (in_array($_POST['icon'], $smilies)) {
                $newicon = $_POST['icon'];
            } else {
                $newicon = '';
            }
            $iname = iprotect($s[user][username]);
            dbquery("INSERT INTO threads (forum,name,`desc`,authorid,authorname,lastposterid,lastpostername,lastpostdate,icon) VALUES ({$forumid},'{$insertname}','{$insertdesc}',{$s[user][userid]},'{$iname}',{$s[user][userid]},'{$iname}',{$currenttime},'{$newicon}')");
            $threadid = mysql_insert_id();
            $postnum = $s[user][posts] + 1;
            dbquery("INSERT INTO posts (thread,authorid,authorname,postdate,posttext,postnum) VALUES ({$threadid},{$s[user][userid]},'{$iname}',{$currenttime},'{$inserttext}',{$postnum})");
            // Wow Look At This Excellent Coding
            if ($foruminfo[name] == 'Spam') {
                dbquery("UPDATE users SET lastposttime = {$currenttime} WHERE userid = {$s[user][userid]}");
            } else {
                dbquery("UPDATE users SET posts = posts + 1, threads = threads + 1, lastposttime = {$currenttime} WHERE userid = {$s[user][userid]}");
            }
            dbquery("UPDATE forums SET lastposter = '{$iname}', lastposterid = {$s[user][userid]}, lastpostedin = '{$insertname}', lastpostedinid = {$threadid}, lastpostdate = {$currenttime}, threads = threads + 1, posts = posts + 1 WHERE id = {$forumid}");
            // IRC new thread reports go here
            // relevant info: $foruminfo[view_power], $s[user][username],
            // $_POST[threadname], $foruminfo[name], index.php?showthread=$threadid
            return $threadid;
        }
    }
    // if it returns a non-blank string, it's an error
    // if it returns a thread id (check with is_numeric) the thread has been created successfully
    // if it returns nothing, just show the form
}
Exemplo n.º 6
0
function add_forum()
{
    global $s;
    // self note: not having this is why so many functions mess up
    if (isset($_POST[makeit])) {
        $error_string = '';
        if (!isset($_POST['name']) or $_POST['name'] == '') {
            $error_string .= 'You didn\'t enter a forum name.<br>';
        }
        if ($error_string != '') {
            return $error_string;
        } else {
            $insertname = iprotect($_POST['name']);
            $insertdesc = iprotect($_POST['desc']);
            $category = intval($_POST['category']);
            $order = intval($_POST['order']);
            $view_power = intval($_POST['view_power']);
            $reply_power = intval($_POST['reply_power']);
            $thread_power = intval($_POST['thread_power']);
            $mod_power = intval($_POST['mod_power']);
            $group = intval($_POST['group']);
            dbquery("INSERT INTO forums (name,`desc`,category,`order`,view_power,reply_power,thread_power,mod_power,`group`) VALUES ('{$insertname}','{$insertdesc}',{$category},{$order},{$view_power},{$reply_power},{$thread_power},{$mod_power},{$group})");
            return true;
        }
    }
    // if it returns a non-blank string, it's an error
    // if it returns true (check with ===) the forum has been created successfully
    // if it returns nothing, just show the form
}
Exemplo n.º 7
0
     $avatarext = iprotect($_POST[avatarext]);
     $location = iprotect($_POST[location]);
     $quote = iprotect($_POST[quote]);
     $birthday = '';
     if ($_POST[birthday] != '') {
         $validify = explode('-', $_POST[birthday]);
         if (count($validify) == 3) {
             $b = array();
             $b[0] = str_pad(intval($validify[0]), 2, '0', STR_PAD_LEFT);
             $b[1] = str_pad(intval($validify[1]), 2, '0', STR_PAD_LEFT);
             $b[2] = str_pad(intval($validify[2]), 2, '0', STR_PAD_LEFT);
             $birthday = implode('-', $b);
         }
     }
     $signature = iprotect($_POST[signature]);
     $info = iprotect($_POST[info]);
     $rgroups = array();
     if ($_POST[groups] != '') {
         $sgroups = explode(',', $_POST[groups]);
         foreach ($sgroups as $x) {
             $g = intval(trim($x));
             if ($g > 0) {
                 $rgroups[] = $g;
             }
         }
     }
     $groups = implode(',', $rgroups);
     dbquery("update users set powerlevel={$powerlevel},posts={$posts},threads={$threads},email='{$email}',usertitle='{$usertitle}',hasavatar={$hasavatar},avatarext='{$avatarext}',location='{$location}',quote='{$quote}',birthday='{$birthday}',signature='{$signature}',info='{$info}',groups='{$groups}' where userid = {$id}");
     header("Location: index.php?m=admin&act=users&do=edit&id={$id}");
 }
 break;
Exemplo n.º 8
0
                    $newlastthread[name] = iprotect($newlastthread[name]);
                    $newlastthread[lastpostername] = iprotect($newlastthread[lastpostername]);
                    if ($newlastthread) {
                        dbquery("UPDATE forums SET lastposterid = {$newlastthread['lastposterid']}, lastposter = '{$newlastthread['lastpostername']}', lastpostedin = '{$newlastthread['name']}', lastpostedinid = {$newlastthread['id']}, lastpostdate = {$newlastthread['lastpostdate']}, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
                    } else {
                        dbquery("UPDATE forums SET lastposterid = 0, lastposter = '', lastpostedin = '', lastpostedinid = 0, lastpostdate = 0, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
                    }
                    $action = true;
                }
            } elseif (isset($_POST[do_delete])) {
                $getpostcount = dbrow(dbquery("SELECT COUNT(id) FROM posts WHERE thread = {$threadid}"));
                $subtract = $getpostcount['COUNT(id)'];
                dbquery("DELETE FROM posts WHERE thread = {$threadid}");
                dbquery("DELETE FROM threads WHERE id = {$threadid}");
                dbquery("DELETE FROM threadread WHERE thread = {$threadid}");
                $newlastthread = dbrow(dbquery("SELECT threads.*,users.username FROM threads LEFT JOIN users ON threads.lastposterid=users.userid WHERE forum = {$threadinfo['forum']} ORDER BY lastpostdate DESC LIMIT 1"));
                $newlastthread[name] = iprotect($newlastthread[name]);
                $newlastthread[lastpostername] = iprotect($newlastthread[lastpostername]);
                if ($newlastthread) {
                    dbquery("UPDATE forums SET lastposterid = {$newlastthread['lastposterid']}, lastposter = '{$newlastthread['lastpostername']}', lastpostedin = '{$newlastthread['name']}', lastpostedinid = {$newlastthread['id']}, lastpostdate = {$newlastthread['lastpostdate']}, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
                } else {
                    dbquery("UPDATE forums SET lastposterid = 0, lastposter = '', lastpostedin = '', lastpostedinid = 0, lastpostdate = 0, threads = threads - 1, posts = posts - {$subtract} WHERE id = {$threadinfo['forum']}");
                }
                header("Location: index.php?showforum={$threadinfo['forum']}");
            }
            if ($action) {
                header("Location: index.php?showthread={$threadid}");
            }
        }
    }
}
Exemplo n.º 9
0
function edit_post()
{
    global $s;
    // self note: not having this is why so many functions mess up
    if (isset($_POST[makeit])) {
        $error_string = '';
        if (!isset($_POST['text']) or $_POST['text'] == '') {
            $error_string .= 'You didn\'t enter a post.<br>';
        }
        if ($error_string != '') {
            return $error_string;
        } else {
            $timeformatted = parsedate(time());
            $inserttext = iprotect($_POST['text']);
            //."\n\n[size=1][Edited by {$s[user][username]} at $timeformatted.][/size]");
            $un = htmlspecialchars($s[user][username]);
            $editinfo = iprotect("Last edited by {$un} at {$timeformatted}");
            global $postid;
            dbquery("UPDATE posts SET posttext = '{$inserttext}', editinfo='{$editinfo}' WHERE id = {$postid}");
            return true;
        }
    }
    // if it returns a non-blank string, it's an error
    // if it returns true (check with ===) the post has been edited successfully
    // if it returns nothing, just show the form
}
Exemplo n.º 10
0
function do_register()
{
    if (isset($_POST[reg])) {
        $error_string = '';
        // validate username
        if (!($_POST['un'] != '' && strlen($_POST['un']) <= 30)) {
            $error_string .= 'Username was either not entered, or too long.<br>' . "\n" . 'It must be 30 characters or less.<br>' . "\n";
        }
        // check if username is taken
        if ($error_string == '' && username_exists(iprotect($_POST['un']))) {
            $error_string .= 'This username is taken; please enter another one.<br>';
        }
        // validate password
        if (!($_POST['pw'] != '' && strlen($_POST['pw']) < 31 && strlen($_POST['pw']) > 5)) {
            $error_string .= 'Password was either not entered, or too long.<br>' . "\n" . 'It must be between 6 and 30 characters.<br>' . "\n";
        }
        if ($_POST[pw] != $_POST[retypepw]) {
            $error_string .= 'The two passwords you entered didn\'t match.<br>';
        }
        // validate email
        if ($_POST[email] == '') {
            $error_string .= 'You didn\'t enter an email address.<br>';
        }
        if ($error_string != '') {
            return $error_string;
        } else {
            $insertun = iprotect($_POST['un']);
            $insertemail = iprotect($_POST['email']);
            $vals = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnnopqrstuvwxyz0123456789';
            $csalt = '';
            for ($i = 0; $i < 8; $i++) {
                $csalt .= $vals[mt_rand(0, strlen($vals) - 1)];
            }
            //$insertpw = sha1($_POST['pw']);
            $insertpw = md5(md5($csalt) . md5($_POST['pw']));
            $currenttime = time();
            $ip = $_SERVER['REMOTE_ADDR'];
            dbquery("INSERT INTO users (username,pwhash,salt,powerlevel,joindate,email,regip) VALUES ('{$insertun}','{$insertpw}','{$csalt}',5,{$currenttime},'{$insertemail}','{$ip}')");
            $userid = mysql_insert_id();
            // new user IRC reports go here: $userid, $_POST[un], $_POST[email], $ip
            return true;
        }
    }
    // if it returns a non-blank string, it's an error
    // if it returns true (check with === not ==) the account has been created successfully
    // if it returns nothing, just show the form
}
Exemplo n.º 11
0
function send_pm()
{
    global $s;
    // self note: not having this is why so many functions mess up
    if (isset($_POST[makeit])) {
        $error_string = '';
        $recipient = iprotect($_POST['recipient']);
        $getrec = dbquery("SELECT userid FROM users WHERE username = '******'");
        if (dbrows($getrec) == 0) {
            $error_string .= 'No user named ' . htmlspecialchars($_POST['recipient']) . ' seems to exist.<br>' . "\n";
        } else {
            $getit = dbrow($getrec);
            $recipientid = $getit[userid];
        }
        if (!($_POST['title'] != '' && strlen($_POST['title']) <= 70)) {
            $error_string .= 'Message title was either not entered, or too long.<br>' . "\n" . 'It must be 70 characters or less.<br>' . "\n";
        }
        if (!isset($_POST['text']) or $_POST['text'] == '') {
            $error_string .= 'You didn\'t enter a message.<br>';
        }
        if ($error_string != '') {
            //print 'WE HANDLED AN ERROR IT WAS '.$error_string;
            return $error_string;
        } else {
            print 'THERE WAS NO ERROR';
            $inserttitle = iprotect($_POST['title']);
            $inserttext = iprotect($_POST['text']);
            $currenttime = time();
            dbquery("INSERT INTO pmessages (title,sender,recipient,exists_sender,exists_recipient,pmread,text,sentdate) VALUES ('{$inserttitle}',{$s[user][userid]},{$recipientid},1,1,0,'{$inserttext}',{$currenttime})");
            // WHY THE F**K DOES THIS NOT TRIGGER
            //print mysql_error();
            return true;
        }
    }
    // if it returns a non-blank string, it's an error
    // if it returns true (check with ===) the PM has been sent successfully
    // if it returns nothing, just show the form
}
Exemplo n.º 12
0
<?php

if (!defined('IN_TBB')) {
    die;
}
print "<b>Welcome to the Admin CP.</b><br>";
print "You can leave notes here.";
if (isset($_POST['makeit'])) {
    if ($_POST['data'] == '') {
        print "<div class='bigspacing'></div>";
        print "You must enter text in order to add a note.<hr>";
    } else {
        $data = iprotect($_POST['data']);
        $time = time();
        dbquery("INSERT INTO adminnotes (author, notedate, data) VALUES ({$s[user][userid]}, {$time}, '{$data}')");
        header("Location: index.php?m=admin&act=idx");
    }
}
print "<div class='bigspacing'></div>";
print "<b>Post an Admin Note:</b><br>";
print "<form action='index.php?m=admin&act=idx' method='post'>";
print "<textarea rows='4' cols='70' name='data'></textarea>";
print "<br>";
print "<input type='submit' name='makeit' value='Add Note' class='button'>";
print "</form>";
print "<hr>";
$getnotes = dbquery("select adminnotes.*,users.userid,users.username,users.powerlevel from adminnotes left join users on adminnotes.author=users.userid order by adminnotes.notedate");
if (mysql_num_rows($getnotes) == 0) {
    print "Apparently no one has posted any notes yet.";
} else {
    $alternating = true;
Exemplo n.º 13
0
<input type='hidden' name='MAX_FILE_SIZE' value='256000' />
<input type='file' name='avatarfile' class='textentry'>
<br>
<input type='submit' name='makeit' value='Upload Avatar' class='button'>
<input type='submit' name='deleteavatar' value='Remove Avatar' class='button'>
</form>
<?php 
            }
            break;
        case 'editprofile':
            $days = array('01' => '1', '02' => '2', '03' => '3', '04' => '4', '05' => '5', '06' => '6', '07' => '7', '08' => '8', '09' => '9', '10' => '10', '11' => '11', '12' => '12', '13' => '13', '14' => '14', '15' => '15', '16' => '16', '17' => '17', '18' => '18', '19' => '19', '20' => '20', '21' => '21', '22' => '22', '23' => '23', '24' => '24', '25' => '25', '26' => '26', '27' => '27', '28' => '28', '29' => '29', '30' => '30', '31' => '31');
            $months = array('01' => 'January', '02' => 'February', '03' => 'March', '04' => 'April', '05' => 'May', '06' => 'June', '07' => 'July', '08' => 'August', '09' => 'September', '10' => 'October', '11' => 'November', '12' => 'December');
            $years = array('70' => '1970', '71' => '1971', '72' => '1972', '73' => '1973', '74' => '1974', '75' => '1975', '76' => '1976', '77' => '1977', '78' => '1978', '79' => '1979', '80' => '1980', '81' => '1981', '82' => '1982', '83' => '1983', '84' => '1984', '85' => '1985', '86' => '1986', '87' => '1987', '88' => '1988', '89' => '1989', '90' => '1990', '91' => '1991', '92' => '1992', '93' => '1993', '94' => '1994', '95' => '1995', '96' => '1996', '97' => '1997', '98' => '1998', '99' => '1999', '00' => '2000', '01' => '2001', '02' => '2002', '03' => '2003', '04' => '2004', '05' => '2005', '06' => '2006', '07' => '2007', '08' => '2008', '09' => '2009');
            if (isset($_POST['makeit'])) {
                $utitle = iprotect($_POST['usertitle']);
                $quote = iprotect($_POST['quote']);
                $bday = '';
                if ($_POST['birthday'] == 'enable') {
                    $bd_day = $_POST['birthday_day'];
                    $bd_month = $_POST['birthday_month'];
                    $bd_year = $_POST['birthday_year'];
                    if (isset($days[$bd_day]) && isset($months[$bd_month]) && isset($years[$bd_year])) {
                        $bday = $bd_day . '-' . $bd_month . '-' . $bd_year;
                    }
                }
                dbquery("UPDATE users SET usertitle='{$utitle}', quote='{$quote}', birthday='{$bday}' WHERE userid={$s[user][userid]}");
                //header("Location: index.php?m=usercp&act=editprofile");
            }
            if (!isset($_POST['birthday']) && $_POST['birthday'] != 'enable' && $_POST['birthday'] != 'disable') {
                if ($s[user][birthday] == '') {
                    $_POST['birthday'] = 'disable';