<?php
/*
*
* @copyright (c) 2010 animegame.eu
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
*
*/
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/config.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/designfunctions.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/user.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$icq = validateString($_GET['icq']);
$new_pw = validateString($_GET['new_pw']);
$new_nick = validateName($_GET['new_nick']);
// wird später benötigt
$new_nick2 = validateName($_GET['new_nick2']);
$homepage = validateString($_GET['homepage']);
$chat = validateString($_GET['chat']);
$ads = validateString($_GET['ads']);
$alt_pw = validateString($_GET['alt_pw']);
// Unkritisch
$charm = $_GET['charm'];
if($_GET['new_nick'] == ''){
$new_nick = '';
}
if((!is_null($_GET['new_nick']) && is_null($new_nick)) || ($new_nick != $_GET['new_nick'])){
displayErrorMessage('Name ungütig!', 'Der Name ist leider ungültig!', displayHistoryBackLink());
exit;
}
function isNickChanged($user){
$sql = 'Select count(*) as anzahl from user_rename where userid = '.$user['id'].' and wunsch = 0 and datum >= TIMESTAMPADD(MONTH, -6, now())';
$row = mysql_fetch_assoc(mysql_query($sql));
return $row['anzahl'] != 0;
}
function changeProfil($user, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads){
if(!is_numeric($chat)){
displayErrorMessage(NULL,'Chat-Feld inkorrekt ausgefuellt!','');
return;
}
if(!is_numeric($ads)){
displayErrorMessage(NULL,'Werbung-Feld inkorrekt ausgefuellt!','');
return;
}
if($new_nick == $new_nick2 && $new_nick !== ''){
$raw_nick = $new_nick;
if(!isNickChanged($user) && $new_nick != $user['nickname'] && $raw_nick == $new_nick) {
$sql = 'Update user set nickname = \''.$new_nick.'\' where id = '.$user['id'];
mysql_query($sql);
if(mysql_affected_rows() > 0){
$sql = 'Insert into user_rename(pre_name, post_name, datum, userid) values(\''.$user['nickname'].'\', \''.$new_nick.'\', now(), '.$user['id'].')';
// echo $sql;
mysql_query($sql);
displayErrorMessage('Nickname erfolgreich geändert','Ein neuer Login wird jedoch nun benötigt.','');
} else{
displayErrorMessage('Fehler','Nickname konnte nicht geändert werden.','');
}
} else if($new_nick != $raw_nick){
displayErrorMessage('Neuer Nickname ungültig!','Es sind Sonderzeichen erlaubt!','');
}
} else if($new_nick !== ''){
displayErrorMessage('Neuer Nickname ungültig!','Es sind Sonderzeichen erlaubt!','');
}
if($new_pw) {
if($new_pw == "") {
displayErrorMessage(NULL,'Neues Passwort nicht angegeben!','');
return;
}
$alt_pw = encryptPassword($alt_pw);
if($alt_pw != $user['passwort']) {
displayErrorMessage(NULL,'Passwort falsch!','');
return;
}
setPassword($user['nickname'], $new_pw);
}
mysql_query('UPDATE user SET homepage=\''.$homepage.'\', icq=\''.$icq.'\', chat = '.$chat.', ads = '.$ads.' WHERE id=\''.$user['id'].'\'');
displayErrorMessage('Profil erfolgreich geändert','Sollte das Passwort geändert worden sein, ist ein erneuter Login erforderlich.','');
return mysql_fetch_assoc(mysql_query('Select * from user where id = '.$user['id']));
}
function display($user){
if($user['post']){
$post_check = 'checked';
}
if($user['schnelllink'] == 2){
$char_schnell = 'selected';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<input type="hidden" name="as" value="profil">
<input type="hidden" name="charm" value="1">
<table cellpadding="0" cellspacing="0" width="100%" height="51">
<tr>
<th colspan="2" align="center">Ihr Profil</th>
</tr>
<tr>
<th align="center">Nickname</th>
<td><?php echo $user['nickname']; ?></td>
</tr>
<?php
if(!isNickChanged($user)){
?>
<tr>
<th align="center">Neuer Nickname</th>
<td><input class="input" name="new_nick" value=""/></td>
</tr>
<tr>
<th align="center">Neuer Nickname</th>
<td><input class="input" name="new_nick2" value=""/></td>
</tr>
<?php
}
?>
<tr>
<th align="center">Altes Passwort</th>
<td>
<input id="input" name="alt_pw" type="password" size="35">
</td>
</tr>
<tr>
<th align="center">Neues Passwort</th>
<td>
<input id="input" name="new_pw" type="password" size="35">
</td>
</tr>
<tr>
<th align="center">Homepage</th>
<td>
<input id="input" name="homepage" size="35" value="<?php echo $user['homepage']; ?>">
</td>
</tr>
<tr>
<th align="center">ICQ:</th>
<td>
<input id="input" name="icq" size="35" value="<?php echo $user['icq']; ?>">
</td>
</tr>
<tr>
<th align="center">Werbegrad:</th>
<td>
<?php
if($user['ads'] == 0){
$che1 = 'checked="checked"';
$che2 = '';
} else{
$che1 = '';
$che2 = 'checked="checked"';
}
?>
moderat: <input type="radio" name="ads" value="0" <?php echo $che1; ?>/>
<?php
if(!(getLayerAdvertisement() == '' or getLayerAdvertisement == null)){
echo 'hardcore: <input type="radio" name="ads" value="1"'.$che2.'/>';
}
?>
</td>
</tr>
<tr>
<th align="center">Chat:</th>
<td>
<?php
if($user['chat'] == 1){
$che1 = 'checked="checked"';
$che2 = '';
} else{
$che1 = '';
$che2 = 'checked="checked"';
}
?>
an: <input type="radio" name="chat" value="1" <?php echo $che1; ?>/>
aus: <input type="radio" name="chat" value="0"<?php echo $che2; ?> />
</td>
</tr>
<tr>
<td> </td>
<td>
<input id="input" size="15" type="submit" value="ändern">
</td>
</tr>
</table>
</form>
<?php
}
if($charm == '1'){
$user_ida = changeProfil($user_ida, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads);
}
display($user_ida);
?>