Файл: user/handler/settings.php
Строк: 143
<?php
if (!empty($_POST['save_info']))
{
$name = check($_POST['name']);
$surname = check($_POST['surname']);
$sex = abs(intval($_POST['sex']));
$day = intval($_POST['day']);
$month = intval($_POST['month']);
$year = intval($_POST['year']);
$hide_year = abs(intval($_POST['hide_year']));
$region = abs(intval($_POST['region']));
$city = check($_POST['city']);
$family = abs(intval($_POST['family']));
$hobi = check($_POST['hobi']);
$about = check($_POST['about']);
$name = substr($name, 0, 30);
$surname = substr($surname, 0, 30);
$sex = substr($sex, 0, 1);
$day = substr($day, 0, 2);
$month = substr($month, 0, 2);
$year = substr($year, 0, 4);
$city = substr($city, 0, 100);
$hobi = substr($hobi, 0, 500);
$about = substr($about, 0, 1000);
if (empty($sex) || $sex < 1 || $sex > 2) $sex = 1;
if (empty($family) || $family < 1 || $family > 7) $family = 0;
if ($day || $month || $year)
{
if ($day < 1 || $day > 31 || $month < 1 || $month > 12 || $year < 1900 || $year > date("Y", time()))
{
$day = '';
$month = '';
$year = '';
}
}
else
{
$day = '';
$month = '';
$year = '';
}
if ($hide_year != 1) $hide_year = 0;
if (empty($region) || empty($city) || $region < 1 || $region > 25) $region = 0;
if (!empty($city) && $region == 0) $city = '';
if (empty($name)) $name = $user['name'];
if (!empty($name) && (mb_strlen($name) < 3 || mb_strlen($name) > 30)) $name = $user['name'];
if (!empty($name) && !preg_match("#^([А-я-ІіЇїЄє])+$#ui", $name)) $name = $user['name'];
if (empty($surname)) $surname = $user['surname'];
if (!empty($surname) && (mb_strlen($surname) < 3 || mb_strlen($surname) > 30)) $surname = $user['surname'];
if (!empty($surname) && !preg_match("#^([А-я-ІіЇїЄє])+$#ui", $surname)) $surname = $user['surname'];
if (empty($hobi)) $hobi = '';
if (empty($about)) $about = '';
if (mysql_query("UPDATE `users` SET
`name` = '$name',
`surname` = '$surname',
`sex` = '$sex',
`day` = '$day',
`month` = '$month',
`year` = '$year',
`hide_year` = '$hide_year',
`family` = '$family',
`region` = '$region',
`city` = '$city',
`hobi` = '$hobi',
`about` = '$about'
WHERE `id` = '".$user_id."'") == true) echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_POST['save_contacts']))
{
$email = check($_POST['email']);
$skype = check($_POST['skype']);
$icq = check($_POST['icq']);
$tel = check($_POST['tel']);
$email = substr($email, 0, 40);
$skype = substr($skype, 0, 20);
$icq = substr($icq, 0, 11);
$tel = substr($tel, 0, 13);
if (empty($email)) $email = '';
if (empty($skype)) $skype = '';
if (empty($icq)) $icq = '';
if (empty($tel)) $tel = '';
if (mysql_query("UPDATE `users` SET
`email` = '$email',
`skype` = '$skype',
`icq` = '$icq',
`tel` = '$tel'
WHERE `id` = '".$user_id."'") == true) echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_POST['save_security']))
{
$mypass = check($_POST['mypass']);
$newpass = check($_POST['newpass']);
$newpass2 = check($_POST['newpass2']);
$md5mypass = md5(md5($mypass));
if (empty($mypass)) $err = true;
if (!empty($mypass) && $md5mypass != $user['pass']) $err = true;
if (empty($newpass)) $err = true;
if (!empty($newpass) && mb_strlen($newpass) < 4 || mb_strlen($newpass) > 20) $err = true;
if (!empty($newpass) && $err == false && preg_match("/[^da-zA-Z_]+/", $newpass)) $err = true;
if (empty($newpass2) && !empty($newpass)) $err = true;
if (!empty($newpass2) && $newpass != $newpass2) $err = true;
$newmypass = md5(md5($newpass));
if ($err == false)
{
if (mysql_query("UPDATE `users` SET
`pass` = '$newmypass'
WHERE `id` = '".$user_id."'") == true)
{
require_once '../incfiles/SendMailSmtpClass.php';
$mailSMTP = new SendMailSmtpClass('livebookua1@gmail.com', 'gama47gama47', 'ssl://smtp.gmail.com', 'LiveBook.com.ua', 465);
$message = 'Ви змінили пароль доступу на сайт LiveBook.com.ua!<br/>
Ваші дані для входу на сайт:<br/>
Ваш E-mail: '.$user['mail'].'<br/>
Ваш Пароль: '.$newpass.'<br/>
З повагою адміністрація сайту LiveBook.com.ua';
$headers= "MIME-Version: 1.0rn";
$headers .= "Content-type: text/html; charset=utf-8rn"; // кодировка письма
$headers .= "From: LiveBook.com.ua <livebook.com.ua@gmail.com>rn"; // от кого письмо
$mailSMTP->send($user['mail'], 'Зміна паролю', $message, $headers); // отправляем письмо
@setcookie('uid', $user_id, time()+86400*365, '/');
@setcookie('upass', $newmypass, time()+86400*365, '/');
echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else
echo err(lang('Ошибка!','Помилка!'));
}
else
echo err(lang('Ошибка!','Помилка!'));
}
else if (!empty($_POST['save_access']))
{
$access_page = abs(intval($_POST['access_page']));
$access_mail = abs(intval($_POST['access_mail']));
$access_ask = abs(intval($_POST['access_ask']));
if (empty($access_page) || $access_page != 1) $access_page = 0;
if (empty($access_mail) || $access_mail != 1) $access_mail = 0;
if (empty($access_ask) || $access_ask < 1 || $access_ask > 3) $access_ask = 0;
mysql_query("UPDATE `users` SET `access_page` = '".$access_page."', `access_mail` = '".$access_mail."' WHERE `id` = '".$user_id."'");
mysql_query("UPDATE `ask` SET `access` = '".$access_ask."' WHERE `user_id` = '".$user_id."'");
echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_POST['save_servis']))
{
$access_elya = abs(intval($_POST['access_elya']));
$access_andrey = abs(intval($_POST['access_andrey']));
$access_jery = abs(intval($_POST['access_jery']));
if (empty($access_elya) || $access_elya != 1) $access_elya = 0;
if (empty($access_andrey) || $access_andrey != 1) $access_andrey = 0;
if (empty($access_jery) || $access_jery != 1) $access_jery = 0;
mysql_query("UPDATE `users` SET `access_elya` = '".$access_elya."', `access_andrey` = '".$access_andrey."' WHERE `id` = '".$user_id."'");
mysql_query("UPDATE `users` SET `access_jery` = '".$access_jery."' WHERE `id` = '".$user_id."'");
echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_POST['save_vip']))
{
$access_best = abs(intval($_POST['access_best']));
if (empty($access_best) || $access_best != 1) $access_best = 0;
mysql_query("UPDATE `users` SET `access_best` ='0''".$access_best."',`balans` = `balans`-10 WHERE `id` = '".$user_id."'");
echo ok(lang('Изменения сохранены с вашего счета снято 10 монет','Зміни збережені з вашого рахунку знято 10 монет'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
else if (!empty($_POST['save_new']))
{
$access_new = abs(intval($_POST['access_new']));
if (empty($access_new) || $access_new != 1) $access_new = 0;
mysql_query("UPDATE `users` SET `access_new` = '".$access_new."' WHERE `id` = '".$user_id."'");
//mysql_query("UPDATE `users` SET `balans` = '-10' WHERE `id` = '".$user_id."");
//mysql_query("UPDATE `ask` SET `access` = '".$access_ask."' WHERE `user_id` = '".$user_id."'");
//mysql_query("UPDATE `users` SET `balans` = '" . ($users['grn'] - 5) . "' WHERE `id` = '$user[id]' LIMIT 1");
// mysql_query("UPDATE `users` SET `balans` = `balans`+200 WHERE `id` = '".$user_id."'");
echo ok(lang('Изменения сохранены','Зміни збережені'));
$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user_id."' LIMIT 1"));
}
?>