function action_act_edit_profile() { // 获取全局变量 $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $_SESSION['user_id']; include_once ROOT_PATH . 'includes/lib_transaction.php'; $birthday = trim($_POST['birthdayYear']) . '-' . trim($_POST['birthdayMonth']) . '-' . trim($_POST['birthdayDay']); $email = trim($_POST['email']); $other['msn'] = $msn = isset($_POST['extend_field1']) ? trim($_POST['extend_field1']) : ''; $other['qq'] = $qq = isset($_POST['extend_field2']) ? trim($_POST['extend_field2']) : ''; $other['office_phone'] = $office_phone = isset($_POST['extend_field3']) ? trim($_POST['extend_field3']) : ''; $other['home_phone'] = $home_phone = isset($_POST['extend_field4']) ? trim($_POST['extend_field4']) : ''; // $other['mobile_phone'] = $mobile_phone = isset($_POST['extend_field5']) ? // trim($_POST['extend_field5']) : ''; $sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']); $passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : ''; /* 代码增加2014-12-23 by www.68ecshop.com _star */ $username = trim($_POST['username']); /* 代码增加2014-12-23 by www.68ecshop.com _end */ /* 更新用户扩展字段的数据 */ $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id'; // 读出所有扩展字段的id $fields_arr = $db->getAll($sql); foreach ($fields_arr as $val) { $extend_field_index = 'extend_field' . $val['id']; if (isset($_POST[$extend_field_index])) { $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr(htmlspecialchars($_POST[$extend_field_index]), 0, 99) : htmlspecialchars($_POST[$extend_field_index]); $sql = 'SELECT * FROM ' . $ecs->table('reg_extend_info') . " WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'"; if ($db->getOne($sql)) { $sql = 'UPDATE ' . $ecs->table('reg_extend_info') . " SET content = '{$temp_field_content}' WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'"; } else { $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . " (`user_id`, `reg_field_id`, `content`) VALUES ('{$user_id}', '{$val['id']}', '{$temp_field_content}')"; } $db->query($sql); } } /* 写入密码提示问题和答案 */ if (!empty($passwd_answer) && !empty($sel_question)) { $sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}' WHERE `user_id`='" . $_SESSION['user_id'] . "'"; $db->query($sql); } /* 代码增加2014-12-23 by www.68ecshop.com _star */ $sql = "select user_name from " . $GLOBALS['ecs']->table('users') . " where user_id = '" . $_SESSION['user_id'] . "'"; $u_name = $GLOBALS['db']->getOne($sql); if ($username != $u_name) { $sql = "select count(*) from " . $GLOBALS['ecs']->table('users') . " where user_name = '{$username}'"; $count = $GLOBALS['db']->getOne($sql); if ($count > 0) { show_message('用户名已经存在!'); } if (!empty($username) && preg_match("/[-�]/", $username)) { show_message("用户名存在中文"); } } /* 代码增加2014-12-23 by www.68ecshop.com _end */ if (!empty($office_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $office_phone)) { show_message($_LANG['passport_js']['office_phone_invalid']); } if (!empty($home_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $home_phone)) { show_message($_LANG['passport_js']['home_phone_invalid']); } // if(! is_email($email)) // { // show_message($_LANG['msg_email_format']); // } if (!empty($msn) && !is_email($msn)) { show_message($_LANG['passport_js']['msn_invalid']); } if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) { show_message($_LANG['passport_js']['qq_invalid']); } // if(! empty($mobile_phone) && ! preg_match('/^[\d-\s]+$/', $mobile_phone)) // { // show_message($_LANG['passport_js']['mobile_phone_invalid']); // } $other['user_name'] = $username; // $profile = array( // 'user_id' => $user_id,'email' => isset($_POST['email']) ? // trim($_POST['email']) : '','sex' => isset($_POST['sex']) ? // intval($_POST['sex']) : 0,'birthday' => $birthday,'other' => // isset($other) ? $other : array() // ); $profile = array('user_id' => $user_id, 'user_name' => $username, 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($other) ? $other : array()); if (edit_profile($profile)) { show_message($_LANG['edit_profile_success'], $_LANG['profile_lnk'], 'user.php?act=profile', 'info'); } else { if ($user->error == ERR_EMAIL_EXISTS) { $msg = sprintf($_LANG['email_exist'], $profile['email']); } else { $msg = $_LANG['edit_profile_failed']; } show_message($msg, '', '', 'info'); } }
show_message($_LANG['passport_js']['home_phone_invalid']); } if (!is_email($email)) { show_message($_LANG['msg_email_format']); } if (!empty($msn) && !is_email($msn)) { show_message($_LANG['passport_js']['msn_invalid']); } if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) { show_message($_LANG['passport_js']['qq_invalid']); } if (!empty($mobile_phone) && !preg_match('/^\\d+$/', $mobile_phone)) { show_message($_LANG['passport_js']['mobile_phone_invalid']); } $profile = array('user_id' => $user_id, 'email' => isset($_POST['email']) ? trim($_POST['email']) : '', 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($_POST['other']) ? $_POST['other'] : array()); if (edit_profile($profile)) { show_message($_LANG['edit_profile_success'], $_LANG['profile_lnk'], 'user.php?act=profile', 'info'); } else { if ($user->error == ERR_EMAIL_EXISTS) { $msg = sprintf($_LANG['email_exist'], $profile['email']); } else { $msg = $_LANG['edit_profile_failed']; } show_message($msg, '', '', 'info'); } } elseif ($action == 'get_password') { include_once ROOT_PATH . 'includes/lib_passport.php'; if (isset($_GET['code']) && isset($_GET['uid'])) { $code = trim($_GET['code']); $uid = intval($_GET['uid']); /* 判断链接的合法性 */
echo remove_company_images($_POST); } else { if (strpos($uri, '/remove_company_skills_images') !== false) { echo remove_company_skills_images($_POST); } else { if (strpos($uri, '/profiles') !== false) { echo get_profile($_GET); } else { if (strpos($uri, '/profile_reviews') !== false) { echo get_profile_review($_GET); } else { if (strpos($uri, '/add_profile_review') !== false) { echo add_profile_review($_POST); } else { if (strpos($uri, '/edit_profile') !== false) { echo edit_profile($_POST); } else { if (strpos($uri, '/uprpic') !== false) { echo upload_edit_profile_picture($_POST, $_FILES); } else { if (strpos($uri, '/add_product_to_favorite') !== false) { echo add_product_to_favorite($_GET); } else { if (strpos($uri, '/add_discussion_like_dislike') !== false) { echo add_discussion_like_dislike($_POST); } } } } } }
function update_profile($sid, $sname, $sdescription, $stype, $sautoenable, $auto_cat_status, $auto_fam_status, $tracker) { global $uroles, $dbconn, $conf; $username = $stype; // Owner Profile $host_tracker = 0; // $result = $dbconn->execute("select owner // from vuln_nessus_settings // where id = $sid"); // list ($myowner)=$result->fields; // if ($myowner <> $username && !$uroles[admin]) { // echo "Access denied: You do not own this profile and are not an admin // - (owner = $myowner)\n"; // //require_once('footer.php'); // die (); // } // "G" is global, blank is a private scan profile if ($stype == TRUE) { $stype = "G"; } else { $stype = ""; } if ($tracker == "on") { $host_tracker = 1; } $query = "update vuln_nessus_settings \n set name='{$sname}', description='{$sdescription}', \n type='{$stype}', autoenable='{$sautoenable}',\n auto_cat_status = {$auto_cat_status},\n auto_fam_status = {$auto_fam_status},\n update_host_tracker='{$host_tracker}',\n owner = '{$username}'\n where id={$sid}"; $result = $dbconn->execute($query); reset($_POST); // if form method="post" while (list($key, $value) = each($_POST)) { $value = Util::htmlentities(mysql_real_escape_string(trim($value)), ENT_QUOTES); if (substr($key, 0, 2) == "f_") { $type = substr($key, 0, 1); $key = substr($key, 2); $query = "update vuln_nessus_settings_family \n set status={$value} \n where sid={$sid} and fid={$key}"; $results = $dbconn->Execute($query); } elseif (substr($key, 0, 2) == "c_") { $type = substr($key, 0, 1); $key = substr($key, 2); $query = "update vuln_nessus_settings_category set status={$value} where sid={$sid} and cid={$key}"; $results = $dbconn->Execute($query); } } if ($sautoenable == "C") { $query = "select t1.cid, t1.status from vuln_nessus_settings_category as t1, vuln_nessus_category as t2 where sid={$sid}"; $result = $dbconn->execute($query); while (!$result->EOF) { list($cid, $catstatus) = $result->fields; if ($catstatus == 4) { $query1 = "update vuln_nessus_settings_plugins set enabled='N' where category={$cid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } elseif ($catstatus == 1) { $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where category={$cid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } $result->MoveNext(); } } elseif ($sautoenable == "F") { $query = "select t1.fid, t1.status from vuln_nessus_settings_family as t1, vuln_nessus_family as t2 where sid={$sid}"; $result = $dbconn->execute($query); while (!$result->EOF) { list($fid, $catstatus) = $result->fields; if ($catstatus == 4) { $query1 = "update vuln_nessus_settings_plugins set enabled='N' where family={$fid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } elseif ($catstatus == 1) { $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where family={$fid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } $result->MoveNext(); } } //echo "Profile Updated<BR>"; ?> <script type="text/javascript"> //<![CDATA[ document.location.href='settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles'; //]]> </script><?php //logAccess( "Updated Autoenable Settings for Profile $sid" ); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $omp->set_plugins_by_family($sid); } edit_profile($sid); }
<?php require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php"; require_once D_ROOT . "/reou/controllers/users_controller.php"; # If the method is path then update the user update_user($db, $_POST); # Or show edit profile like normal $user = edit_profile($db); // ----------------- Header HTML -------------------- require_once $_SERVER['DOCUMENT_ROOT'] . '/reou/views/layouts/header.php'; ?> <head> <title> Edit Profile </title> <link rel="stylesheet" type="text/css" href="<?php echo asset_route('css'); ?> main.css"> </head> <div class="profile-container"> <div class="profile__sidebar-container"> <div class="profile__sidebar"> <div class="profile__logo"> <div class="profile__logo-image"> </div> <a href=""> Change Photo </a>
if (login()) { config('views.root', 'system/admin/views'); render('edit-page', array('title' => 'Edit profile - ' . blog_title(), 'description' => blog_description(), 'canonical' => site_url(), 'type' => 'is_profile', 'bodyclass' => 'editprofile', 'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> » Edit profile')); } else { $login = site_url() . 'login'; header("location: {$login}"); } }); // Get submitted data from edit profile page post('/edit/profile', function () { $proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); $user = $_SESSION[config("site.url")]['user']; $title = from($_REQUEST, 'title'); $content = from($_REQUEST, 'content'); if ($proper && !empty($title) && !empty($content)) { edit_profile($title, $content, $user); } else { $message['error'] = ''; if (empty($title)) { $message['error'] .= '<li>Title field is required.</li>'; } if (empty($content)) { $message['error'] .= '<li>Content field is required.</li>'; } if (!$proper) { $message['error'] .= '<li>CSRF Token not correct.</li>'; } config('views.root', 'system/admin/views'); render('edit-page', array('title' => 'Edit profile - ' . blog_title(), 'description' => blog_description(), 'canonical' => site_url(), 'error' => '<ul>' . $message['error'] . '</ul>', 'postTitle' => $title, 'postContent' => $content, 'type' => 'is_profile', 'bodyclass' => 'editprofile', 'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> » Edit profile')); } });
$title = "Thay đổi thông tin thành viên"; $description = "Thay đổi thông tin thành viên"; $keyword = "thay đổi thông tin thành viên,thay đổi thông tin,thông tin thành viên,thay đổi,thông tin,thành viên,thay doi thong tin thanh vien,thay doi thong tin,thong tin thanh vien,thay doi,thong tin,thanh vien"; require_once "header.php"; echo "<center><p><h1>Thay đổi thông tin thành viên</h1></p></center>"; if ($_SESSION['userid'] != NULL) { $sql = "SELECT * FROM `users` where `id`='" . $id . "'"; $query = @mysql_query($sql); if (logging_account(avatar) == NULL) { $ava = "./images/noavatar.jpg"; } else { $ava = logging_account(avatar); } echo "\n<table border='0' style='margin-top: 5px;'>\n<tr>\n<td rowspan='2' style='padding-right: 10px;'>\n<img class='img' src='../" . $ava . "' width='165px' height='165px'/><br/>\n</td>\n</tr>\n<tr>\n<td>\n<form action='' method='post' enctype='multipart/form-data'>\n<input type='file' name='file' id='file' />\n</td>\n</tr>\n</table>\n<table>\n<tr>\n<td><p>Tên</p></td><td><input name='name' type='text' value='" . logging_account(name) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Ngày Sinh</p></td><td><input name='birthday' type='text' value='" . logging_account(birthday) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Giới Tính</p></td><td><input name='sex' type='radio' value='1'"; if (logging_account(sex) == 1) { echo " checked > Nam <input name='sex' type='radio' value='2'"; } else { if (logging_account(sex) == 2) { echo "> Nam <input name='sex' type='radio' value='1' checked"; } else { echo "> Nam <input name='sex' type='radio' value='1'"; } } echo "> Nữ</td>\n</tr>\n<tr>\n<td><p>Địa Chỉ</p></td><td><input name='address' type='text' value='" . logging_account(address) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Yahoo</p></td><td><input name='yahoo' type='text' value='" . logging_account(yahoo) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Email</p></td><td><input name='email' type='text' value='" . logging_account(email) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Điện Thoại</p></td><td><input name='phone' type='text' value='" . logging_account(phone) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Mật khẩu</p></td><td><p><input name='password' type='password' value='' class='textbox' size='40' required/><br/></p></td>\n</tr>\n<tr>\n<td><p>Mã bảo vệ</p></td><td><p><input name='capt' type='text' value='' class='textbox' size='30' required/> <img src='capt.php'/><br/></p></td>\n</tr>\n</table>\n<span style='float: right;'>\n<input type='submit' name='edit' value='Chỉnh Sửa' class='button'/>\n</form>\n</span><br/><br/><br/>"; if (isset($_POST["edit"])) { edit_profile(); } } else { echo "<p class='message_yellow'>Bạn chưa đăng nhập, không thể thay đổi thông tin!</p>"; } require_once "footer.php";
function action_act_edit_profile() { $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $GLOBALS['user_id']; include_once ROOT_PATH . 'includes/lib_transaction.php'; $user_name = trim($_POST['user_name']); $birthday = trim($_POST['birthdayYear']) . '-' . trim($_POST['birthdayMonth']) . '-' . trim($_POST['birthdayDay']); //$email = trim($_POST['email']); $other['msn'] = $msn = isset($_POST['extend_field1']) ? trim($_POST['extend_field1']) : ''; $other['qq'] = $qq = isset($_POST['extend_field2']) ? trim($_POST['extend_field2']) : ''; $other['office_phone'] = $office_phone = isset($_POST['extend_field3']) ? trim($_POST['extend_field3']) : ''; $other['home_phone'] = $home_phone = isset($_POST['extend_field4']) ? trim($_POST['extend_field4']) : ''; //$other['mobile_phone'] = $mobile_phone = isset($_POST['extend_field5']) ? trim($_POST['extend_field5']) : ''; $sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']); $passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : ''; /* 更新用户扩展字段的数据 */ $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id'; // 读出所有扩展字段的id $fields_arr = $db->getAll($sql); foreach ($fields_arr as $val) { $extend_field_index = 'extend_field' . $val['id']; if (isset($_POST[$extend_field_index])) { $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr(htmlspecialchars($_POST[$extend_field_index]), 0, 99) : htmlspecialchars($_POST[$extend_field_index]); $sql = 'SELECT * FROM ' . $ecs->table('reg_extend_info') . " WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'"; if ($db->getOne($sql)) { $sql = 'UPDATE ' . $ecs->table('reg_extend_info') . " SET content = '{$temp_field_content}' WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'"; } else { $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . " (`user_id`, `reg_field_id`, `content`) VALUES ('{$user_id}', '{$val['id']}', '{$temp_field_content}')"; } $db->query($sql); } } include_once ROOT_PATH . '/includes/cls_image.php'; $image = new cls_image($_CFG['bgcolor']); $headimg_original = $image->upload_image($_FILES['headimg'], 'headimg/' . date('Ym')); $thumb_path = DATA_DIR . '/headimg/' . date('Ym') . '/'; $headimg_thumb = $image->make_thumb($headimg_original, '80', '50', $thumb_path); $headimg_thumb = $headimg_thumb ? $headimg_thumb : $headimg_original; $sql = 'UPDATE ' . $ecs->table('users') . " SET `headimg`='{$headimg_original}' WHERE `user_id`='" . $_SESSION['user_id'] . "'"; $db->query($sql); /* 写入密码提示问题和答案 */ if (!empty($passwd_answer) && !empty($sel_question)) { $sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}' WHERE `user_id`='" . $_SESSION['user_id'] . "'"; $db->query($sql); } if (empty($user_name)) { show_message('用户名不能为空!'); } if (!empty($office_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $office_phone)) { show_message($_LANG['passport_js']['office_phone_invalid']); } if (!empty($home_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $home_phone)) { show_message($_LANG['passport_js']['home_phone_invalid']); } // if(! is_email($email)) // { // show_message($_LANG['msg_email_format']); // } if (!empty($msn) && !is_email($msn)) { show_message($_LANG['passport_js']['msn_invalid']); } if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) { show_message($_LANG['passport_js']['qq_invalid']); } // if(! empty($mobile_phone) && ! preg_match('/^[\d-\s]+$/', $mobile_phone)) // { // show_message($_LANG['passport_js']['mobile_phone_invalid']); // } // $profile = array( // 'user_id' => $user_id,'email' => isset($_POST['email']) ? trim($_POST['email']) : '','sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0,'birthday' => $birthday,'other' => isset($other) ? $other : array() // ); $profile = array('user_id' => $user_id, 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($other) ? $other : array()); if (edit_profile($profile)) { $sql = 'UPDATE ' . $ecs->table('users') . " SET `user_name`='{$user_name}' WHERE `user_id`='" . $_SESSION['user_id'] . "'"; $db->query($sql); show_message($_LANG['edit_profile_success'], $_LANG['profile_lnk'], 'user.php?act=profile', 'info'); } else { if ($user->error == ERR_EMAIL_EXISTS) { $msg = sprintf($_LANG['email_exist'], $profile['email']); } else { $msg = $_LANG['edit_profile_failed']; } show_message($msg, '', '', 'info'); } }
function profile() { switch ($_SERVER['REQUEST_METHOD']) { case 'GET': // 查询个人信息 return get_profile($_SESSION['user_id']); break; case 'POST': // 更新个人信息 $birthday = trim($_POST['birthdayYear']) . '-' . trim($_POST['birthdayMonth']) . '-' . trim($_POST['birthdayDay']); $email = trim($_POST['email']); $other['msn'] = $msn = isset($_POST['extend_field1']) ? trim($_POST['extend_field1']) : ''; $other['qq'] = $qq = isset($_POST['extend_field2']) ? trim($_POST['extend_field2']) : ''; $other['office_phone'] = $office_phone = isset($_POST['extend_field3']) ? trim($_POST['extend_field3']) : ''; $other['home_phone'] = $home_phone = isset($_POST['extend_field4']) ? trim($_POST['extend_field4']) : ''; $other['mobile_phone'] = $mobile_phone = isset($_POST['extend_field5']) ? trim($_POST['extend_field5']) : ''; /* 更新用户扩展字段的数据 */ $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id'; //读出所有扩展字段的id $fields_arr = $db->getAll($sql); foreach ($fields_arr as $val) { $extend_field_index = 'extend_field' . $val['id']; if (isset($_POST[$extend_field_index])) { $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr(htmlspecialchars($_POST[$extend_field_index]), 0, 99) : htmlspecialchars($_POST[$extend_field_index]); $sql = 'SELECT * FROM ' . $ecs->table('reg_extend_info') . " WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'"; if ($db->getOne($sql)) { $sql = 'UPDATE ' . $ecs->table('reg_extend_info') . " SET content = '{$temp_field_content}' WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'"; } else { $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . " (`user_id`, `reg_field_id`, `content`) VALUES ('{$user_id}', '{$val['id']}', '{$temp_field_content}')"; } $db->query($sql); } } $err = array(); if (!empty($office_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $office_phone)) { array_push($err, 'office_phone_invalid'); } if (!empty($home_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $home_phone)) { array_push($err, 'home_phone_invalid'); } if (!is_email($email)) { array_push($err, 'msg_email_format'); } if (!empty($msn) && !is_email($msn)) { array_push($err, 'msn_invalid'); } if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) { array_push($err, 'qq_invalid'); } if (!empty($mobile_phone) && !preg_match('/^[\\d-\\s]+$/', $mobile_phone)) { array_push($err, 'mobile_phone_invalid'); } if (count($err) > 0) { return $err; } else { $profile = array('user_id' => $user_id, 'email' => isset($_POST['email']) ? trim($_POST['email']) : '', 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($other) ? $other : array()); if (edit_profile($profile)) { $r_data = 'Edit Success!'; } else { if ($user->error == ERR_EMAIL_EXISTS) { $r_data = 'Email ' . $profile['email'] . ' Exist!'; } else { $r_data = 'Unknow Error!'; } } return $r_data; } break; default: return 'This API can not support ' . $_SERVER['REQUEST_METHOD'] . ' method'; break; } }
$_SESSION['picture'] = $_POST['data']['picture']; } } if ($errflag) { $tpl->errors = $errmsg_arr; } else { $user_id = clean($_SESSION['user_id']); $user_data = array(); $user_data['firstname'] = $firstname; $user_data['lastname'] = $lastname; $user_data['user_email'] = $user_email; $user_data['birthday'] = $birthdate; $user_data['fullname'] = $fullname; $user_data['picture'] = clean($_POST['data']['picture']); if (!$_POST['data']['picture'] == "") { $edit_profile = edit_profile($database, $user_data, $user_id); if ($edit_profile) { header("Location: " . main_url . "/edit_profile/success"); } } else { } //If there are input validations, redirect back to the register form } } catch (Exception $e) { // CSRF attack detected $result = $e->getMessage() . ' Form ignored.'; } } } else { $result = 'No post data yet.'; }
} else if($result == 2){ $registration_error = "Email-adressen '" . $_POST['email'] . "' är tagen. Försök med en annan."; } else if($result == 3){ header("location:index.php"); } } require "templates/register-page.php"; } } else if($page == "account" && logged_in()){ if(isset($_GET['action']) && $_GET['action'] == "edit_profile"){ if(isset($_POST['email']) && isset($_POST['surname']) && isset($_POST['lastname']) && isset($_POST['street']) && isset($_POST['ort']) && isset($_POST['postalcode']) && isset($_POST['password'])){ $result = edit_profile($_POST['email'], $_POST['surname'], $_POST['lastname'], $_POST['street'], $_POST['ort'], $_POST['postalcode'], $_POST['password']); if($result == 1){ $edit_profile_error = "Email-adressen '" . $_POST['email'] . "' är tagen. Försök med en annan."; } else if($result == 2){ header("location:index.php?page=account"); } else if($result == 3){ $edit_profile_error = "Lösenordet du skrev in som ditt 'nuvarande' är fel. Försök igen."; } } require "templates/edit_profile.php"; } else if(isset($_GET['action']) && $_GET['action'] == "change_password"){ if(isset($_POST['new_password'])){