Пример #1
0
function action_act_edit_profile()
{
    // 获取全局变量
    $user = $GLOBALS['user'];
    $_CFG = $GLOBALS['_CFG'];
    $_LANG = $GLOBALS['_LANG'];
    $smarty = $GLOBALS['smarty'];
    $db = $GLOBALS['db'];
    $ecs = $GLOBALS['ecs'];
    $user_id = $_SESSION['user_id'];
    include_once ROOT_PATH . 'includes/lib_transaction.php';
    $birthday = trim($_POST['birthdayYear']) . '-' . trim($_POST['birthdayMonth']) . '-' . trim($_POST['birthdayDay']);
    $email = trim($_POST['email']);
    $other['msn'] = $msn = isset($_POST['extend_field1']) ? trim($_POST['extend_field1']) : '';
    $other['qq'] = $qq = isset($_POST['extend_field2']) ? trim($_POST['extend_field2']) : '';
    $other['office_phone'] = $office_phone = isset($_POST['extend_field3']) ? trim($_POST['extend_field3']) : '';
    $other['home_phone'] = $home_phone = isset($_POST['extend_field4']) ? trim($_POST['extend_field4']) : '';
    // $other['mobile_phone'] = $mobile_phone = isset($_POST['extend_field5']) ?
    // trim($_POST['extend_field5']) : '';
    $sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']);
    $passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : '';
    /* 代码增加2014-12-23 by www.68ecshop.com _star */
    $username = trim($_POST['username']);
    /* 代码增加2014-12-23 by www.68ecshop.com _end */
    /* 更新用户扩展字段的数据 */
    $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id';
    // 读出所有扩展字段的id
    $fields_arr = $db->getAll($sql);
    foreach ($fields_arr as $val) {
        $extend_field_index = 'extend_field' . $val['id'];
        if (isset($_POST[$extend_field_index])) {
            $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr(htmlspecialchars($_POST[$extend_field_index]), 0, 99) : htmlspecialchars($_POST[$extend_field_index]);
            $sql = 'SELECT * FROM ' . $ecs->table('reg_extend_info') . "  WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'";
            if ($db->getOne($sql)) {
                $sql = 'UPDATE ' . $ecs->table('reg_extend_info') . " SET content = '{$temp_field_content}' WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'";
            } else {
                $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . " (`user_id`, `reg_field_id`, `content`) VALUES ('{$user_id}', '{$val['id']}', '{$temp_field_content}')";
            }
            $db->query($sql);
        }
    }
    /* 写入密码提示问题和答案 */
    if (!empty($passwd_answer) && !empty($sel_question)) {
        $sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}'  WHERE `user_id`='" . $_SESSION['user_id'] . "'";
        $db->query($sql);
    }
    /* 代码增加2014-12-23 by www.68ecshop.com _star */
    $sql = "select user_name from " . $GLOBALS['ecs']->table('users') . " where user_id = '" . $_SESSION['user_id'] . "'";
    $u_name = $GLOBALS['db']->getOne($sql);
    if ($username != $u_name) {
        $sql = "select count(*) from " . $GLOBALS['ecs']->table('users') . " where user_name = '{$username}'";
        $count = $GLOBALS['db']->getOne($sql);
        if ($count > 0) {
            show_message('用户名已经存在!');
        }
        if (!empty($username) && preg_match("/[-�]/", $username)) {
            show_message("用户名存在中文");
        }
    }
    /* 代码增加2014-12-23 by www.68ecshop.com _end */
    if (!empty($office_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $office_phone)) {
        show_message($_LANG['passport_js']['office_phone_invalid']);
    }
    if (!empty($home_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $home_phone)) {
        show_message($_LANG['passport_js']['home_phone_invalid']);
    }
    // if(! is_email($email))
    // {
    // show_message($_LANG['msg_email_format']);
    // }
    if (!empty($msn) && !is_email($msn)) {
        show_message($_LANG['passport_js']['msn_invalid']);
    }
    if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) {
        show_message($_LANG['passport_js']['qq_invalid']);
    }
    // if(! empty($mobile_phone) && ! preg_match('/^[\d-\s]+$/', $mobile_phone))
    // {
    // show_message($_LANG['passport_js']['mobile_phone_invalid']);
    // }
    $other['user_name'] = $username;
    // $profile = array(
    // 'user_id' => $user_id,'email' => isset($_POST['email']) ?
    // trim($_POST['email']) : '','sex' => isset($_POST['sex']) ?
    // intval($_POST['sex']) : 0,'birthday' => $birthday,'other' =>
    // isset($other) ? $other : array()
    // );
    $profile = array('user_id' => $user_id, 'user_name' => $username, 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($other) ? $other : array());
    if (edit_profile($profile)) {
        show_message($_LANG['edit_profile_success'], $_LANG['profile_lnk'], 'user.php?act=profile', 'info');
    } else {
        if ($user->error == ERR_EMAIL_EXISTS) {
            $msg = sprintf($_LANG['email_exist'], $profile['email']);
        } else {
            $msg = $_LANG['edit_profile_failed'];
        }
        show_message($msg, '', '', 'info');
    }
}
Пример #2
0
        show_message($_LANG['passport_js']['home_phone_invalid']);
    }
    if (!is_email($email)) {
        show_message($_LANG['msg_email_format']);
    }
    if (!empty($msn) && !is_email($msn)) {
        show_message($_LANG['passport_js']['msn_invalid']);
    }
    if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) {
        show_message($_LANG['passport_js']['qq_invalid']);
    }
    if (!empty($mobile_phone) && !preg_match('/^\\d+$/', $mobile_phone)) {
        show_message($_LANG['passport_js']['mobile_phone_invalid']);
    }
    $profile = array('user_id' => $user_id, 'email' => isset($_POST['email']) ? trim($_POST['email']) : '', 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($_POST['other']) ? $_POST['other'] : array());
    if (edit_profile($profile)) {
        show_message($_LANG['edit_profile_success'], $_LANG['profile_lnk'], 'user.php?act=profile', 'info');
    } else {
        if ($user->error == ERR_EMAIL_EXISTS) {
            $msg = sprintf($_LANG['email_exist'], $profile['email']);
        } else {
            $msg = $_LANG['edit_profile_failed'];
        }
        show_message($msg, '', '', 'info');
    }
} elseif ($action == 'get_password') {
    include_once ROOT_PATH . 'includes/lib_passport.php';
    if (isset($_GET['code']) && isset($_GET['uid'])) {
        $code = trim($_GET['code']);
        $uid = intval($_GET['uid']);
        /* 判断链接的合法性 */
Пример #3
0
     echo remove_company_images($_POST);
 } else {
     if (strpos($uri, '/remove_company_skills_images') !== false) {
         echo remove_company_skills_images($_POST);
     } else {
         if (strpos($uri, '/profiles') !== false) {
             echo get_profile($_GET);
         } else {
             if (strpos($uri, '/profile_reviews') !== false) {
                 echo get_profile_review($_GET);
             } else {
                 if (strpos($uri, '/add_profile_review') !== false) {
                     echo add_profile_review($_POST);
                 } else {
                     if (strpos($uri, '/edit_profile') !== false) {
                         echo edit_profile($_POST);
                     } else {
                         if (strpos($uri, '/uprpic') !== false) {
                             echo upload_edit_profile_picture($_POST, $_FILES);
                         } else {
                             if (strpos($uri, '/add_product_to_favorite') !== false) {
                                 echo add_product_to_favorite($_GET);
                             } else {
                                 if (strpos($uri, '/add_discussion_like_dislike') !== false) {
                                     echo add_discussion_like_dislike($_POST);
                                 }
                             }
                         }
                     }
                 }
             }
Пример #4
0
function update_profile($sid, $sname, $sdescription, $stype, $sautoenable, $auto_cat_status, $auto_fam_status, $tracker)
{
    global $uroles, $dbconn, $conf;
    $username = $stype;
    // Owner Profile
    $host_tracker = 0;
    //      $result = $dbconn->execute("select owner
    //                                  from vuln_nessus_settings
    //                                  where id = $sid");
    //      list ($myowner)=$result->fields;
    //      if ($myowner <> $username && !$uroles[admin]) {
    //         echo "Access denied: You do not own this profile and are not an admin
    //               - (owner = $myowner)\n";
    //         //require_once('footer.php');
    //         die ();
    //      }
    // "G" is global, blank is a private scan profile
    if ($stype == TRUE) {
        $stype = "G";
    } else {
        $stype = "";
    }
    if ($tracker == "on") {
        $host_tracker = 1;
    }
    $query = "update vuln_nessus_settings \n                set name='{$sname}', description='{$sdescription}', \n                   type='{$stype}', autoenable='{$sautoenable}',\n                   auto_cat_status = {$auto_cat_status},\n                   auto_fam_status = {$auto_fam_status},\n                   update_host_tracker='{$host_tracker}',\n                   owner = '{$username}'\n                where id={$sid}";
    $result = $dbconn->execute($query);
    reset($_POST);
    // if form method="post"
    while (list($key, $value) = each($_POST)) {
        $value = Util::htmlentities(mysql_real_escape_string(trim($value)), ENT_QUOTES);
        if (substr($key, 0, 2) == "f_") {
            $type = substr($key, 0, 1);
            $key = substr($key, 2);
            $query = "update vuln_nessus_settings_family \n                    set status={$value} \n                    where sid={$sid} and fid={$key}";
            $results = $dbconn->Execute($query);
        } elseif (substr($key, 0, 2) == "c_") {
            $type = substr($key, 0, 1);
            $key = substr($key, 2);
            $query = "update vuln_nessus_settings_category set status={$value} where sid={$sid} and cid={$key}";
            $results = $dbconn->Execute($query);
        }
    }
    if ($sautoenable == "C") {
        $query = "select t1.cid, t1.status from vuln_nessus_settings_category as t1, vuln_nessus_category as t2 where sid={$sid}";
        $result = $dbconn->execute($query);
        while (!$result->EOF) {
            list($cid, $catstatus) = $result->fields;
            if ($catstatus == 4) {
                $query1 = "update vuln_nessus_settings_plugins set enabled='N' where category={$cid} and sid={$sid}";
                $result1 = $dbconn->execute($query1);
            } elseif ($catstatus == 1) {
                $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where category={$cid} and sid={$sid}";
                $result1 = $dbconn->execute($query1);
            }
            $result->MoveNext();
        }
    } elseif ($sautoenable == "F") {
        $query = "select t1.fid, t1.status from vuln_nessus_settings_family as t1, vuln_nessus_family as t2 where sid={$sid}";
        $result = $dbconn->execute($query);
        while (!$result->EOF) {
            list($fid, $catstatus) = $result->fields;
            if ($catstatus == 4) {
                $query1 = "update vuln_nessus_settings_plugins set enabled='N' where family={$fid} and sid={$sid}";
                $result1 = $dbconn->execute($query1);
            } elseif ($catstatus == 1) {
                $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where family={$fid} and sid={$sid}";
                $result1 = $dbconn->execute($query1);
            }
            $result->MoveNext();
        }
    }
    //echo "Profile Updated<BR>";
    ?>
<script type="text/javascript">
        //<![CDATA[
        document.location.href='settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles';
       //]]>
      </script><?php 
    //logAccess( "Updated Autoenable Settings for Profile $sid" );
    if (preg_match("/omp\\s*\$/i", $nessus_path)) {
        $omp = new OMP();
        $omp->set_plugins_by_family($sid);
    }
    edit_profile($sid);
}
Пример #5
0
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php";
require_once D_ROOT . "/reou/controllers/users_controller.php";
# If the method is path then update the user
update_user($db, $_POST);
# Or show edit profile like normal
$user = edit_profile($db);
// ----------------- Header HTML --------------------
require_once $_SERVER['DOCUMENT_ROOT'] . '/reou/views/layouts/header.php';
?>

<head>
	<title> Edit Profile </title>
	<link rel="stylesheet" type="text/css" href="<?php 
echo asset_route('css');
?>
main.css">
</head>



<div class="profile-container">

	<div class="profile__sidebar-container">

		<div class="profile__sidebar">

			<div class="profile__logo">
				<div class="profile__logo-image"> </div>
				<a href=""> Change Photo </a>
Пример #6
0
    if (login()) {
        config('views.root', 'system/admin/views');
        render('edit-page', array('title' => 'Edit profile - ' . blog_title(), 'description' => blog_description(), 'canonical' => site_url(), 'type' => 'is_profile', 'bodyclass' => 'editprofile', 'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> &#187; Edit profile'));
    } else {
        $login = site_url() . 'login';
        header("location: {$login}");
    }
});
// Get submitted data from edit profile page
post('/edit/profile', function () {
    $proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
    $user = $_SESSION[config("site.url")]['user'];
    $title = from($_REQUEST, 'title');
    $content = from($_REQUEST, 'content');
    if ($proper && !empty($title) && !empty($content)) {
        edit_profile($title, $content, $user);
    } else {
        $message['error'] = '';
        if (empty($title)) {
            $message['error'] .= '<li>Title field is required.</li>';
        }
        if (empty($content)) {
            $message['error'] .= '<li>Content field is required.</li>';
        }
        if (!$proper) {
            $message['error'] .= '<li>CSRF Token not correct.</li>';
        }
        config('views.root', 'system/admin/views');
        render('edit-page', array('title' => 'Edit profile - ' . blog_title(), 'description' => blog_description(), 'canonical' => site_url(), 'error' => '<ul>' . $message['error'] . '</ul>', 'postTitle' => $title, 'postContent' => $content, 'type' => 'is_profile', 'bodyclass' => 'editprofile', 'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> &#187; Edit profile'));
    }
});
Пример #7
0
$title = "Thay đổi thông tin thành viên";
$description = "Thay đổi thông tin thành viên";
$keyword = "thay đổi thông tin thành viên,thay đổi thông tin,thông tin thành viên,thay đổi,thông tin,thành viên,thay doi thong tin thanh vien,thay doi thong tin,thong tin thanh vien,thay doi,thong tin,thanh vien";
require_once "header.php";
echo "<center><p><h1>Thay đổi thông tin thành viên</h1></p></center>";
if ($_SESSION['userid'] != NULL) {
    $sql = "SELECT * FROM `users` where `id`='" . $id . "'";
    $query = @mysql_query($sql);
    if (logging_account(avatar) == NULL) {
        $ava = "./images/noavatar.jpg";
    } else {
        $ava = logging_account(avatar);
    }
    echo "\n<table border='0' style='margin-top: 5px;'>\n<tr>\n<td rowspan='2' style='padding-right: 10px;'>\n<img class='img' src='../" . $ava . "' width='165px' height='165px'/><br/>\n</td>\n</tr>\n<tr>\n<td>\n<form action='' method='post' enctype='multipart/form-data'>\n<input type='file' name='file' id='file' />\n</td>\n</tr>\n</table>\n<table>\n<tr>\n<td><p>Tên</p></td><td><input name='name' type='text' value='" . logging_account(name) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Ngày Sinh</p></td><td><input name='birthday' type='text' value='" . logging_account(birthday) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Giới Tính</p></td><td><input name='sex' type='radio' value='1'";
    if (logging_account(sex) == 1) {
        echo " checked > Nam <input name='sex' type='radio' value='2'";
    } else {
        if (logging_account(sex) == 2) {
            echo "> Nam <input name='sex' type='radio' value='1' checked";
        } else {
            echo "> Nam <input name='sex' type='radio' value='1'";
        }
    }
    echo "> Nữ</td>\n</tr>\n<tr>\n<td><p>Địa Chỉ</p></td><td><input name='address' type='text' value='" . logging_account(address) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Yahoo</p></td><td><input name='yahoo' type='text' value='" . logging_account(yahoo) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Email</p></td><td><input name='email' type='text' value='" . logging_account(email) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Điện Thoại</p></td><td><input name='phone' type='text' value='" . logging_account(phone) . "' class='textbox' size='40' required/></td>\n</tr>\n<tr>\n<td><p>Mật khẩu</p></td><td><p><input name='password' type='password' value='' class='textbox' size='40' required/><br/></p></td>\n</tr>\n<tr>\n<td><p>Mã bảo vệ</p></td><td><p><input name='capt' type='text' value='' class='textbox' size='30' required/>&nbsp;<img src='capt.php'/><br/></p></td>\n</tr>\n</table>\n<span style='float: right;'>\n<input type='submit' name='edit' value='Chỉnh Sửa' class='button'/>\n</form>\n</span><br/><br/><br/>";
    if (isset($_POST["edit"])) {
        edit_profile();
    }
} else {
    echo "<p class='message_yellow'>Bạn chưa đăng nhập, không thể thay đổi thông tin!</p>";
}
require_once "footer.php";
Пример #8
0
function action_act_edit_profile()
{
    $user = $GLOBALS['user'];
    $_CFG = $GLOBALS['_CFG'];
    $_LANG = $GLOBALS['_LANG'];
    $smarty = $GLOBALS['smarty'];
    $db = $GLOBALS['db'];
    $ecs = $GLOBALS['ecs'];
    $user_id = $GLOBALS['user_id'];
    include_once ROOT_PATH . 'includes/lib_transaction.php';
    $user_name = trim($_POST['user_name']);
    $birthday = trim($_POST['birthdayYear']) . '-' . trim($_POST['birthdayMonth']) . '-' . trim($_POST['birthdayDay']);
    //$email = trim($_POST['email']);
    $other['msn'] = $msn = isset($_POST['extend_field1']) ? trim($_POST['extend_field1']) : '';
    $other['qq'] = $qq = isset($_POST['extend_field2']) ? trim($_POST['extend_field2']) : '';
    $other['office_phone'] = $office_phone = isset($_POST['extend_field3']) ? trim($_POST['extend_field3']) : '';
    $other['home_phone'] = $home_phone = isset($_POST['extend_field4']) ? trim($_POST['extend_field4']) : '';
    //$other['mobile_phone'] = $mobile_phone = isset($_POST['extend_field5']) ? trim($_POST['extend_field5']) : '';
    $sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']);
    $passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : '';
    /* 更新用户扩展字段的数据 */
    $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id';
    // 读出所有扩展字段的id
    $fields_arr = $db->getAll($sql);
    foreach ($fields_arr as $val) {
        $extend_field_index = 'extend_field' . $val['id'];
        if (isset($_POST[$extend_field_index])) {
            $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr(htmlspecialchars($_POST[$extend_field_index]), 0, 99) : htmlspecialchars($_POST[$extend_field_index]);
            $sql = 'SELECT * FROM ' . $ecs->table('reg_extend_info') . "  WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'";
            if ($db->getOne($sql)) {
                $sql = 'UPDATE ' . $ecs->table('reg_extend_info') . " SET content = '{$temp_field_content}' WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'";
            } else {
                $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . " (`user_id`, `reg_field_id`, `content`) VALUES ('{$user_id}', '{$val['id']}', '{$temp_field_content}')";
            }
            $db->query($sql);
        }
    }
    include_once ROOT_PATH . '/includes/cls_image.php';
    $image = new cls_image($_CFG['bgcolor']);
    $headimg_original = $image->upload_image($_FILES['headimg'], 'headimg/' . date('Ym'));
    $thumb_path = DATA_DIR . '/headimg/' . date('Ym') . '/';
    $headimg_thumb = $image->make_thumb($headimg_original, '80', '50', $thumb_path);
    $headimg_thumb = $headimg_thumb ? $headimg_thumb : $headimg_original;
    $sql = 'UPDATE ' . $ecs->table('users') . " SET `headimg`='{$headimg_original}'  WHERE `user_id`='" . $_SESSION['user_id'] . "'";
    $db->query($sql);
    /* 写入密码提示问题和答案 */
    if (!empty($passwd_answer) && !empty($sel_question)) {
        $sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}'  WHERE `user_id`='" . $_SESSION['user_id'] . "'";
        $db->query($sql);
    }
    if (empty($user_name)) {
        show_message('用户名不能为空!');
    }
    if (!empty($office_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $office_phone)) {
        show_message($_LANG['passport_js']['office_phone_invalid']);
    }
    if (!empty($home_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $home_phone)) {
        show_message($_LANG['passport_js']['home_phone_invalid']);
    }
    // 	if(! is_email($email))
    // 	{
    // 		show_message($_LANG['msg_email_format']);
    // 	}
    if (!empty($msn) && !is_email($msn)) {
        show_message($_LANG['passport_js']['msn_invalid']);
    }
    if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) {
        show_message($_LANG['passport_js']['qq_invalid']);
    }
    // 	if(! empty($mobile_phone) && ! preg_match('/^[\d-\s]+$/', $mobile_phone))
    // 	{
    // 		show_message($_LANG['passport_js']['mobile_phone_invalid']);
    // 	}
    // 	$profile = array(
    // 		'user_id' => $user_id,'email' => isset($_POST['email']) ? trim($_POST['email']) : '','sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0,'birthday' => $birthday,'other' => isset($other) ? $other : array()
    // 	);
    $profile = array('user_id' => $user_id, 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($other) ? $other : array());
    if (edit_profile($profile)) {
        $sql = 'UPDATE ' . $ecs->table('users') . " SET `user_name`='{$user_name}' WHERE `user_id`='" . $_SESSION['user_id'] . "'";
        $db->query($sql);
        show_message($_LANG['edit_profile_success'], $_LANG['profile_lnk'], 'user.php?act=profile', 'info');
    } else {
        if ($user->error == ERR_EMAIL_EXISTS) {
            $msg = sprintf($_LANG['email_exist'], $profile['email']);
        } else {
            $msg = $_LANG['edit_profile_failed'];
        }
        show_message($msg, '', '', 'info');
    }
}
Пример #9
0
function profile()
{
    switch ($_SERVER['REQUEST_METHOD']) {
        case 'GET':
            // 查询个人信息
            return get_profile($_SESSION['user_id']);
            break;
        case 'POST':
            // 更新个人信息
            $birthday = trim($_POST['birthdayYear']) . '-' . trim($_POST['birthdayMonth']) . '-' . trim($_POST['birthdayDay']);
            $email = trim($_POST['email']);
            $other['msn'] = $msn = isset($_POST['extend_field1']) ? trim($_POST['extend_field1']) : '';
            $other['qq'] = $qq = isset($_POST['extend_field2']) ? trim($_POST['extend_field2']) : '';
            $other['office_phone'] = $office_phone = isset($_POST['extend_field3']) ? trim($_POST['extend_field3']) : '';
            $other['home_phone'] = $home_phone = isset($_POST['extend_field4']) ? trim($_POST['extend_field4']) : '';
            $other['mobile_phone'] = $mobile_phone = isset($_POST['extend_field5']) ? trim($_POST['extend_field5']) : '';
            /* 更新用户扩展字段的数据 */
            $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id';
            //读出所有扩展字段的id
            $fields_arr = $db->getAll($sql);
            foreach ($fields_arr as $val) {
                $extend_field_index = 'extend_field' . $val['id'];
                if (isset($_POST[$extend_field_index])) {
                    $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr(htmlspecialchars($_POST[$extend_field_index]), 0, 99) : htmlspecialchars($_POST[$extend_field_index]);
                    $sql = 'SELECT * FROM ' . $ecs->table('reg_extend_info') . "  WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'";
                    if ($db->getOne($sql)) {
                        $sql = 'UPDATE ' . $ecs->table('reg_extend_info') . " SET content = '{$temp_field_content}' WHERE reg_field_id = '{$val['id']}' AND user_id = '{$user_id}'";
                    } else {
                        $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . " (`user_id`, `reg_field_id`, `content`) VALUES ('{$user_id}', '{$val['id']}', '{$temp_field_content}')";
                    }
                    $db->query($sql);
                }
            }
            $err = array();
            if (!empty($office_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $office_phone)) {
                array_push($err, 'office_phone_invalid');
            }
            if (!empty($home_phone) && !preg_match('/^[\\d|\\_|\\-|\\s]+$/', $home_phone)) {
                array_push($err, 'home_phone_invalid');
            }
            if (!is_email($email)) {
                array_push($err, 'msg_email_format');
            }
            if (!empty($msn) && !is_email($msn)) {
                array_push($err, 'msn_invalid');
            }
            if (!empty($qq) && !preg_match('/^\\d+$/', $qq)) {
                array_push($err, 'qq_invalid');
            }
            if (!empty($mobile_phone) && !preg_match('/^[\\d-\\s]+$/', $mobile_phone)) {
                array_push($err, 'mobile_phone_invalid');
            }
            if (count($err) > 0) {
                return $err;
            } else {
                $profile = array('user_id' => $user_id, 'email' => isset($_POST['email']) ? trim($_POST['email']) : '', 'sex' => isset($_POST['sex']) ? intval($_POST['sex']) : 0, 'birthday' => $birthday, 'other' => isset($other) ? $other : array());
                if (edit_profile($profile)) {
                    $r_data = 'Edit Success!';
                } else {
                    if ($user->error == ERR_EMAIL_EXISTS) {
                        $r_data = 'Email ' . $profile['email'] . ' Exist!';
                    } else {
                        $r_data = 'Unknow Error!';
                    }
                }
                return $r_data;
            }
            break;
        default:
            return 'This API can not support ' . $_SERVER['REQUEST_METHOD'] . ' method';
            break;
    }
}
Пример #10
0
                     $_SESSION['picture'] = $_POST['data']['picture'];
                 }
             }
             if ($errflag) {
                 $tpl->errors = $errmsg_arr;
             } else {
                 $user_id = clean($_SESSION['user_id']);
                 $user_data = array();
                 $user_data['firstname'] = $firstname;
                 $user_data['lastname'] = $lastname;
                 $user_data['user_email'] = $user_email;
                 $user_data['birthday'] = $birthdate;
                 $user_data['fullname'] = $fullname;
                 $user_data['picture'] = clean($_POST['data']['picture']);
                 if (!$_POST['data']['picture'] == "") {
                     $edit_profile = edit_profile($database, $user_data, $user_id);
                     if ($edit_profile) {
                         header("Location: " . main_url . "/edit_profile/success");
                     }
                 } else {
                 }
                 //If there are input validations, redirect back to the register form
             }
         } catch (Exception $e) {
             // CSRF attack detected
             $result = $e->getMessage() . ' Form ignored.';
         }
     }
 } else {
     $result = 'No post data yet.';
 }
Пример #11
0
  			}
  			else if($result == 2){
  				$registration_error = "Email-adressen '" . $_POST['email'] . "' är tagen. Försök med en annan.";
  			}
  			else if($result == 3){
  				header("location:index.php");
  			}
  		}
  		require "templates/register-page.php";
  	}
  }

  else if($page == "account" && logged_in()){
  	if(isset($_GET['action']) && $_GET['action'] == "edit_profile"){
  		if(isset($_POST['email']) && isset($_POST['surname']) && isset($_POST['lastname']) && isset($_POST['street']) && isset($_POST['ort']) && isset($_POST['postalcode']) && isset($_POST['password'])){
  			$result = edit_profile($_POST['email'], $_POST['surname'], $_POST['lastname'], $_POST['street'], $_POST['ort'], $_POST['postalcode'], $_POST['password']);

  			if($result == 1){
  				$edit_profile_error = "Email-adressen '" . $_POST['email'] . "' är tagen. Försök med en annan.";
  			}
  			else if($result == 2){
  				header("location:index.php?page=account");
  			}
  			else if($result == 3){
  				$edit_profile_error = "Lösenordet du skrev in som ditt 'nuvarande' är fel. Försök igen.";
  			}
  		}
  		require "templates/edit_profile.php";
  	}
  	else if(isset($_GET['action']) && $_GET['action'] == "change_password"){
  		if(isset($_POST['new_password'])){