[ PHPXref.com ] [ Generated: Sun Jul 20 20:23:56 2008 ] [ Siteseed 1.6 ]
[ Index ]     [ Variables ]     [ Functions ]     [ Classes ]     [ Constants ]     [ Statistics ]

title

Body

[close]

/siteseed/ -> edit_account.php (source)

   1  <?
   2  /**************************************
   3  Project: Siteseed (copyright MrNet 2001 - All right reserved)
   4  Filename: edit_account.php
   5  Last modified: 20020420 (security code audit by pls)
   6  Category: publicly accessible file that can be called directly.
   7  ***************************************/ 
   8  
   9  require  "include/db_connect.php";
  10  require  "include/strings.php";
  11  require  "bo/include/defaults.php";
  12  
  13  
  14  // validade data
  15  $skin += 0;
  16  $success_change+=0;
  17  $visual+=0;
  18  $area_id+=0;
  19  $prefix="";
  20  $suffix="";
  21  $sql="";
  22  
  23  if (!$url) $url = "index.php";
  24  if (!$session_id)
  25  {
  26      header ("Location: index.php"); 
  27      exit;
  28  }
  29  
  30  if($unique_fields) while (list($key,$val)=each($unique_fields)) { setcookie("unique_fields[$key]","",1);}
  31  if($mandatory_fields) while (list($key,$val)=each($mandatory_fields)) { setcookie("mandatory_fields[$key]","",1);}
  32  if($confirmation_fields) while (list($key,$val)=each($confirmation_fields)) { setcookie("confirmation_fields[$key]","",1);}
  33  
  34  // fetch skin data
  35  if (!$skin) $skin = 1;
  36  
  37  $query = mysql_query ("SELECT prefix, suffix FROM skins WHERE id=$skin");
  38  
  39  if (!$query)
  40  {
  41      if (!$url_error)
  42      {
  43          header("Location: $url");
  44          exit;
  45      }
  46      else 
  47      {
  48          header("Location: $url_error");
  49          exit;
  50      }
  51  
  52  }
  53  else if (mysql_num_rows($query))
  54  {
  55      list ($prefix, $suffix) = mysql_fetch_row ($query);
  56      
  57      $prefix = stripslashes ($prefix);
  58      $suffix = stripslashes ($suffix);
  59  }
  60  
  61  // what are the mandatory fields?
  62  $query = mysql_query ("    SELECT field_name, field_type FROM user_fields WHERE mandatory_to_register='1'");
  63  if (!$query)
  64  {
  65      if (!$url_error)
  66      {
  67          header("Location: $url");
  68          exit;
  69      }
  70      else 
  71      {
  72          header("Location: $url_error");
  73          exit;
  74      }
  75  }
  76  
  77  // check for all mandatory fields
  78  if (mysql_num_rows($query))
  79  {
  80      $Mandatory=array();
  81      while (list($field) = mysql_fetch_row($query))
  82      {
  83          if (!$$field && $type!="date")
  84          {
  85              if (!$url_mandatory_error)
  86              {
  87                  if ($url_error)
  88                  {
  89                      header("Location: $url_error");
  90                      exit;
  91                  }
  92                  else
  93                  {
  94                      require  "include/users.php";
  95  
  96                      eval ("?>$prefix<?");
  97                      print "<br>$strEAmissreq <i>$field</i><br>";
  98                      eval ("?>$suffix<?");
  99                      exit;
 100                  }
 101              }
 102              else
 103              {
 104                  array_push($Mandatory,$field);
 105              }
 106          }
 107      }
 108      
 109      if ($url_mandatory_error && $Mandatory)
 110      {
 111          while (list($key,$val) = each($Mandatory))
 112          {
 113              setcookie("mandatory_fields[$key]","$val","0");
 114          }
 115          header("Location: $url_mandatory_error");
 116          exit;
 117      }
 118  }
 119  
 120  
 121  // what are the unique fields?
 122  $query = mysql_query ("SELECT field_name FROM user_fields WHERE must_be_unique='1'");
 123  if (!$query)
 124  {
 125      if (!$url_error)
 126      {
 127          header("Location: $url");
 128          exit;
 129      }
 130      else 
 131      {
 132          header("Location: $url_error");
 133          exit;
 134      }
 135  }
 136  
 137  // check all unique fields
 138  if (mysql_num_rows($query))
 139  {
 140      $UniqueInUse="";
 141      while (list($field) = mysql_fetch_row($query))
 142      {
 143          $query2 = mysql_query ("SELECT $field FROM users WHERE $field='".$$field."' AND session_id != '$session_id'");
 144  
 145          if (mysql_num_rows($query2))
 146          {
 147              if (!$url_unique_error)
 148              {
 149                  if ($url_error)
 150                  {
 151                      header("Location: $url_error");
 152                      exit;
 153                  }
 154                  else
 155                  {
 156                          require  "include/users.php";
 157  
 158                      eval ("?>$prefix<?");
 159                      print "<br>$field <i>'".$$field."'</i> $strEAinuse<br>";
 160                      eval ("?>$suffix<?");
 161                      exit;
 162                  }
 163              }
 164              else
 165              {
 166                  $UniqueInUse[$field]=$$field;
 167              }
 168          }
 169      }
 170      
 171      if ($url_unique_error && $UniqueInUse)
 172      {
 173          while (list($key,$val) = each($UniqueInUse))
 174          {
 175              setcookie ("unique_fields[$key]", "$val","0");
 176          }
 177          header("Location: $url_unique_error");
 178          exit;
 179      }
 180  }
 181  
 182  // what are the field names?
 183  $query = mysql_query ("SELECT field_name, field_type FROM user_fields WHERE required_to_register='1'");
 184  if (!$query)
 185  {
 186      if (!$url_error)
 187      {
 188          header("Location: $url");
 189          exit;
 190      }
 191      else 
 192      {
 193          header("Location: $url_error");
 194          exit;
 195      }
 196  }
 197  
 198  // check all fields and save
 199  if (mysql_num_rows($query))
 200  {
 201      $Confirmation=array();
 202      while (list($field, $type) = mysql_fetch_row($query))
 203      {
 204          // validate data
 205          if ( ($type == "text" || $type == "password") && $field!="email" && $field!="Email" && $field!="login"&& $field!="Login")
 206          {
 207              // if its a password, confirm it
 208              
 209              if ($type == "password")
 210              {
 211                  $confirmation_name = $field."_confirmation";
 212                  
 213                  if (isset($$confirmation_name))
 214                  {
 215                      if ($$confirmation_name != $$field)
 216                      {
 217                          if (!$url_confirmation_error)
 218                          {
 219                              if ($url_error)
 220                              {
 221                                  header("Location: $url_error");
 222                                  exit;
 223                              }
 224                              else
 225                              {
 226                          
 227                                  require  "include/users.php";
 228  
 229                                  eval ("?>$prefix<?");
 230                                  print "$strEApwmissmatch<br>";
 231                                  eval ("?>$suffix<?");
 232                                  exit;
 233                              }
 234                          }
 235                          else
 236                          {
 237                              array_push ($Confirmation,$field);
 238                          }
 239                      }
 240                  }
 241              }
 242              
 243              $$field = AddSlashes(StripSlashes($$field));
 244              $sql .= "$before$field='".$$field."'";
 245              $before = ", ";
 246              
 247          } 
 248          else if ($type == "int") 
 249          {
 250              $$field += 0;
 251              $sql .= "$before$field='".$$field."'";
 252              $before = ", ";
 253          } 
 254          else if ($type == "date" || $type == "datetime")
 255          {
 256              $name_day = $field."_day";
 257              $name_month = $field."_month";
 258              $name_year = $field."_year";
 259              
 260              if ($$name_day && $$name_month && $$name_year)
 261              {
 262                  $day = $$name_day;
 263                  $month = $$name_month;
 264                  $year = $$name_year;
 265              } 
 266              else
 267              {
 268                  list ($day, $month, $year) = explode ("/", $$field);
 269              }
 270              
 271              $sql .= "$before$field='$year-$month-$day'";
 272              $before = ", ";
 273          }
 274      }
 275  
 276      if ($url_confirmation_error && $Confirmation)
 277      {
 278          while (list($key,$val) = each($Confirmation))
 279          {
 280              setcookie ("confirmation_fields[$key]","$val","0");
 281          }
 282          header("Location: $url_confirmation_error");
 283          exit;
 284      }
 285      
 286      if ($query = mysql_query ("UPDATE users SET $sql WHERE session_id='$session_id'"))
 287      {
 288          $url="index.php?article=$success_change&visual=$visual&id=$area_id";
 289          if (!$url_change)    header ("Location: $url");
 290          else header ("Location: $url_change");
 291          exit;
 292      }
 293  }
 294  
 295  if (!$url_error)    header ("Location: $url");
 296  else header ("Location: $url_error");
 297  ?>


[ Powered by PHPXref - Served by Debian GNU/Linux ]