(Informpro - MG) :LOL: :mryellow:
Anyone want to help by having a look at this script?
Like is there "Anything" else that I should do to make it secure besides change the 'rand' to something more secure?
This is the "Clean" functions I use...
Spoiler: [ Show ]
Spoiler: [ Hide ]
function html_escape($raw_input) {
return htmlspecialchars($raw_input, ENT_QUOTES | ENT_HTML401, 'UTF-8'); // important! don't forget to specify ENT_QUOTES and the correct encoding
}
// Do a clean up of POST.
function sanitize($val){
if(get_magic_quotes_gpc()) {
$val = stripslashes($val);
}
$val = trim($val);
return mysql_real_escape_string($val);
}
// Convert the html layer to readable script
function Zap($val){
$val = trim($val);
$val = htmlspecialchars(stripslashes($val));
return ($val);
}
// Stops the monkey's from adding script in the Game Comments.
function stripTags($val) {
$val = strip_tags($val);
return $val;
}
return htmlspecialchars($raw_input, ENT_QUOTES | ENT_HTML401, 'UTF-8'); // important! don't forget to specify ENT_QUOTES and the correct encoding
}
// Do a clean up of POST.
function sanitize($val){
if(get_magic_quotes_gpc()) {
$val = stripslashes($val);
}
$val = trim($val);
return mysql_real_escape_string($val);
}
// Convert the html layer to readable script
function Zap($val){
$val = trim($val);
$val = htmlspecialchars(stripslashes($val));
return ($val);
}
// Stops the monkey's from adding script in the Game Comments.
function stripTags($val) {
$val = strip_tags($val);
return $val;
}
Spoiler: [ Show ]
Spoiler: [ Hide ]
<?php
/**
* @package (c) 2008 - 2014 Gnu Arcade Script
* @version $Id: my_account.php Version.1.0
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!defined('IN_ARCADE')) {die('Please use the front door');}
function getbody() {
include "includes/db-global.php";
if(!isset($suserid)){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['login_first'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
};
function change_avatar(){
include "includes/db-global.php";
$userid = $usrdata['userid'];
if($avatar == 0) {$avatar0 = 'selected="selected"';};
if($avatar == 1) {$avatar1 = 'selected="selected"';};
if(isset($_POST['avatar'])){
$avatar = sanitize($_POST['avatar']);
if ($avatar == 0) {
$db->query("UPDATE " . USERS_TABLE . " SET avatar='$avatar', avatar_file='' WHERE userid='$userid'") or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['profile_update'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}else{
function findexts ($filename)
{
$filename = strtolower($filename);
$exts = mb_split("[/\.]", $filename);
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}
if ($_FILES['uploaded']['size'] > 40000) {
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['file_too_big'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
};
$ext = findexts ($_FILES['uploaded']['name']);
$os = array("gif", "jpg", "jpeg", "png");
if (!in_array($ext, $os)) {
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['file_type_no'].''.GO_BACK.'</a></div>
'.IMG_THB.'';
return;
}else{/*Do Nothing*/};
$ava = "avatar";
$ava3 = $usrdata['userid'];
$ava4 = $ava.$userid.'.';
$avatar_file = $ava4.$ext;
//This is the directory. Make sure it exists and is chmodded to 0755 or 0777 as required!
$target = "avatars/";
//This combines the directory, the userid, and the extension
$target = $target . $ava4.$ext;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['file_uploaded'].''.GO_BACK.'</div>
'.IMG_THB.'';
$db->query("UPDATE " . USERS_TABLE . " SET avatar='$avatar', avatar_file='$avatar_file' WHERE userid='$userid'") or die(mysql_error());
}else{
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['file_sorry'].''.GO_BACK.'</div>
'.IMG_THB.'';
};
};
}else{
echo '
'.IMG_THL.''.$lang['manage_avatar'].''.IMG_THR.'
'.SCRST.'
<form enctype="multipart/form-data" action="'.S_CHANGE_AVATAR.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp">'.$lang['use_avatar'].':
<select name="avatar">
<option value="0" '.$avatar2.'>'.$lang['no'].'</option>
<option value="1" '.$avatar1.'>'.$lang['yes'].'</option>
</select>
</td>
</tr>
<tr>
<td class="content-a left boldp">'.$lang['file_choose'].': <input name="uploaded" type="file" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" value="'.$lang['submit'].'" />
</td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
};
};
function account(){
include "includes/db-global.php";
if (!isset($_POST['email'])) $_POST['email'] = null;
if(isset($_POST['newsletter'])){
$userid = intval($usrdata['userid']);
$newsletter = sanitize($_POST['newsletter']);
$email = sanitize($_POST['email']);
$aim = sanitize($_POST['aim']);
$icq = sanitize($_POST['icq']);
$msn = sanitize($_POST['msn']);
$yim = sanitize($_POST['yim']);
$location = sanitize($_POST['location']);
$user_flag = sanitize($_POST['user_flag']);
$user_style = sanitize($_POST['user_style']);
$occupation = sanitize($_POST['occupation']);
$website = sanitize($_POST['website']);
$link_a = sanitize($_POST['link_a']);
$link_b = sanitize($_POST['link_b']);
$link_c = sanitize($_POST['link_c']);
$link_d = sanitize($_POST['link_d']);
$link_e = sanitize($_POST['link_e']);
$link_f = sanitize($_POST['link_f']);
$link_g = sanitize($_POST['link_g']);
$link_h = sanitize($_POST['link_h']);
$sex = sanitize($_POST['sex']);
$interests = sanitize($_POST['interests']);
$bio = sanitize($_POST['bio']);
$ip = $_SERVER['REMOTE_ADDR'];
$db->query("UPDATE " . USERS_TABLE . " SET
newsletter='$newsletter',
aim='$aim',
icq='$icq',
msn='$msn',
yim='$yim',
location='$location',
user_flag='$user_flag',
user_style='$user_style',
occupation='$occupation',
website='$website',
link_a='$link_a',
link_b='$link_b',
link_c='$link_c',
link_d='$link_d',
link_e='$link_e',
link_f='$link_f',
link_g='$link_g',
link_h='$link_h',
sex='$sex',
interests='$interests',
bio='$bio',
ip='$ip' WHERE userid='$userid'") or die(mysql_error());
echo '
'.IMG_THL.'
'.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['profile_update'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
};
$userid = intval($usrdata['userid']);
$query = $db->query(sprintf("SELECT
username,
plays,
sex,
avatar,
avatar_file,
newsletter,
aim,
icq,
msn,
yim,
location,
user_style,
user_flag,
occupation,
website,
link_a,
link_b,
link_c,
link_d,
link_e,
link_f,
link_g,
link_h,
interests,
bio
FROM " . USERS_TABLE . " WHERE userid='%u'", $userid)) or die(mysql_error());
$row = $db->fetch_row($query);
$username = html_escape($row['username']);
$plays = intval($row['plays']);
$sex = Zap($row['sex']);
$avatar = Zap($row['avatar']);
$avatar_file = Zap($row['avatar_file']);
$newsletter = Zap($row['newsletter']);
$aim = Zap($row['aim']);
$icq = Zap($row['icq']);
$msn = Zap($row['msn']);
$yim = Zap($row['yim']);
$location = html_escape($row['location']);
$user_flag = Zap($row['user_flag']);
$user_style = Zap($row['user_style']);
$occupation = html_escape($row['occupation']);
$website = Zap($row['website']);
$link_a = Zap($row['link_a']);
$link_b = Zap($row['link_b']);
$link_c = Zap($row['link_c']);
$link_d = Zap($row['link_d']);
$link_e = Zap($row['link_e']);
$link_f = Zap($row['link_f']);
$link_g = Zap($row['link_g']);
$link_h = Zap($row['link_h']);
$interests = html_escape($row['interests']);
$bio = html_escape($row['bio']);
$query = $db->query(sprintf("SELECT
flag_id,
flag_name,
flag_image
FROM " . FLAGS_TABLE . " ")) or die(mysql_error());
while($row = $db->fetch_row($query)){
$flagID = intval($row['flag_id']);
$flag_name = Zap($row['flag_name']);
$flag_image = Zap($row['flag_image']);
if(!empty($user_flag) && ($user_flag == $flag_image)){$Country = $flag_name;}
}
if(!empty($user_flag)){
$show_flag = ' <img src="'.FLAGS.''.$user_flag.'" alt="'.$location.' '.$Country.' " title="'.$location.' '.$Country.'" /> '.$Country.'';}else{$show_flag = '';}
if(!empty($user_style)){
$show_style = $user_style;
}else{
$show_style = '';}
include "templates/$template/ranks.php";
$rank = '<img '.IMG_80.' src="'.IMAGE_PATH.'ranks/'.$AAA.' /> ';
if($newsletter == 0) {$newsletter0 = 'selected="selected"';};
if($newsletter == 1) {$newsletter1 = 'selected="selected"';};
if($sex == 0) {$sex0 = 'selected="selected"';};
if($sex == 1) {$sex1 = 'selected="selected"';};
if($sex == 2) {$sex2 = 'selected="selected"';};
if ($avatar == "1" ) {$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/'.$avatar_file.'" alt="" />';
}else{
if (empty($avatar_file) && ($sex == 2) && ($avatar == "0") || ($avatar == "") ){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-female.png" alt="" />';
}else{
if (empty($avatar_file) && ($sex == 1) && ($avatar == "0") || ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-male.png" alt="" />';
}else{
if (empty($avatar_file) && ($sex == 0) && ($avatar == "0") || ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-member.png" alt="" />';
}else{
if (empty($avatar_file) && ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-member.png" alt="" />';
}}}}}
echo '
'.IMG_THL.''.$lang['myaccount'].''.IMG_THR.'
'.SCRTOP.'
<form action="'.S_MY_ACCT.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td colspan="3" class="content-a center width10">'.$avatar_url.'<br />'.$rank.'</td>
<td class="content-a"> </td>
<td valign="top" class="content-a left boldp width45 nowrap">
<a href="'.U_FAVOURITES.'">'.IMG_ACC_FAV.'</a>
<a href="'.U_MESSAGES.'">'.IMG_ACC_MES.'</a>
<a href="'.U_CHANGE_AVATAR.'">'.IMG_ACC_CHA.'</a>
<a href="'.U_CHANGE_EMAIL.'">'.IMG_ACC_CHE.'</a>
<a href="'.U_CHANGE_PASS.'">'.IMG_ACC_CHP.'</a>
<a href="'.U_CHANGE_QUESTION.'">'.IMG_ACC_CHQ.'</a>
<a href="'.U_PROFILE.$userid.'">'.IMG_ACC_PRO.'</a>
</td>
</tr>
</table>
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a boldp left width45">'.$lang['games_played'].':</td>
<td class="content-a left boldp width50">'.$plays.'</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['template'].':</td>
<td class="content-a left boldp">';
$query = $db->query(sprintf("SELECT
template_name,
style_name
FROM " . THEMES_TABLE . " WHERE visible=1 ORDER BY template_name ASC")) or die(mysql_error());
$style_list = '
<select name="user_style">';
while($row = $db->fetch_row($query)){
$template_name = Zap($row['template_name']);
$style_name = Zap($row['style_name']);
$selected = '';
if (!empty($user_style) && ($template_name == $user_style))
{
$selected = 'selected="selected"';
}
$style_list .= '<option style="width:100px;" value="'.$template_name.'" '.$selected.'>'.$style_name.'</option>';
};
$style_list .= '</select>';
echo '
'.$style_list.'
</td>
</tr>
<tr>
<td class="content-a left boldp">'.$lang['newsletter'].':</td>
<td class="content-a left">
<select name="newsletter">
<option value="0" '.$newsletter0.'>'.$lang['no'].'</option>
<option value="1" '.$newsletter1.'>'.$lang['yes'].'</option>
</select>
</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['location'].': <small>('.$lang['location_exp'].')</small></td>
<td class="content-a left"><input name="location" type="text" size="50" value="'.$location.'" /></td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['country_flag'].': '.$show_flag.'</td>
<td class="content-a left">';
$query = $db->query(sprintf("SELECT
flag_id,
flag_name,
flag_image
FROM " . FLAGS_TABLE . " ORDER BY flag_name ASC")) or die(mysql_error());
$flag_list = '
<select name="user_flag">
<option value="0">'.$lang['country_select'].'</option>';
while($row = $db->fetch_row($query)){
$flagID = intval($row['flag_id']);
$flag_name = Zap($row['flag_name']);
$flag_image = Zap($row['flag_image']);
$selected = '';
if (!empty($user_flag) && ($user_flag == $flag_image))
{
$selected = ' selected="selected"';
}
$flag_list .= '<option style="width:100px;" value="'.$flag_image.'"'.$selected.'>'.$flag_name.'</option>';
};
$flag_list .= '</select>';
echo '
'.$flag_list.'
</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['website_a'].': <small>('.$lang['website_b'].')</small></td>
<td class="content-a left"><input name="website" type="text" size="50" value="'.$website.'" /></td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['occupation'].':<br /></td>
<td class="content-a left"><input name="occupation" type="text" size="50" value="'.$occupation.'" /></td>
</tr>
<tr>
<td class="content-a left boldp">'.$lang['gender'].':</td>
<td class="content-a left">
<select name="sex">
<option value="0" '.$sex0.'>'.$lang['undisclosed'].'</option>
<option value="1" '.$sex1.'>'.$lang['male'].'</option>
<option value="2" '.$sex2.'>'.$lang['female'].'</option>
</select>
</td>
</tr>
<tr>
<td valign="top" class="content-a boldp left">'.$lang['im'].':<br /><small>('.$lang['im_b'].')</small></td>
<td> </td>
</tr>
<tr>
<td class="content-a right">'.IM_AIM.'</td>
<td class="content-a left"><input name="aim" type="text" size="50" value="'.$aim.'" /></td>
</tr>
<tr>
<td class="content-a right">'.IM_ICQ.'</td>
<td class="content-a left"><input name="icq" type="text" size="50" value="'.$icq.'" /></td>
</tr>
<tr>
<td class="content-a right">'.IM_MSN.'</td>
<td class="content-a left"><input name="msn" type="text" size="50" value="'.$msn.'" /></td>
</tr>
<tr>
<td class="content-a right">'.IM_YIM.'</td>
<td class="content-a left"><input name="yim" type="text" size="50" value="'.$yim.'" /></td>
</tr>
<tr>
<td valign="top" class="content-a boldp left">'.$lang['social_bookmarks_a'].':<br /><small>('.$lang['im_b'].')</small></td>
<td> </td>
</tr>
<tr>
<td class="content-a right">'.SB_FB.'</td>
<td class="content-a left"><input name="link_a" type="text" size="50" value="'.$link_a.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_TW.'</td>
<td class="content-a left"><input name="link_b" type="text" size="50" value="'.$link_b.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_MS.'</td>
<td class="content-a left"><input name="link_c" type="text" size="50" value="'.$link_c.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_FL.'</td>
<td class="content-a left"><input name="link_d" type="text" size="50" value="'.$link_d.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_DG.'</td>
<td class="content-a left"><input name="link_e" type="text" size="50" value="'.$link_e.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_YT.'</td>
<td class="content-a left"><input name="link_f" type="text" size="50" value="'.$link_f.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_DL.'</td>
<td class="content-a left"><input name="link_g" type="text" size="50" value="'.$link_g.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_VM.'</td>
<td class="content-a left"><input name="link_h" type="text" size="50" value="'.$link_h.'" />
</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['interests'].':<br /><small>100 '.$lang['characters'].'<br />'.$lang['html_script'].'</small></td>
<td class="content-a"><textarea name="interests" rows="2" cols="34">'.$interests.'</textarea></td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['about_me'].':<br /><small>300 '.$lang['characters'].'<br />'.$lang['html_script'].'</small></td>
<td class="content-a"><textarea name="bio" rows="4" cols="34">'.$bio.'</textarea></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="4"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" />
</td>
</tr>
</table>
</form>
'.SCRBOT.'
'.IMG_THB.'';
};
function delete_favourite(){
include "includes/db-global.php";
$delete_ID = isset($_GET['deleteID']) ? intval($_GET['deleteID']) : 0;
$del1 = $db->query(sprintf("SELECT
name
FROM " . GAMES_TABLE . " WHERE ID='%u'", intval($delete_ID))) or die(mysql_error());
$row4 = $db->fetch_row($del1);
$gamename = Zap(urlencode($row4['name']));
$game_name = Zap(urldecode($row4['name']));
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['are_you_sure_remove_a'].' » <span class="msg-unread"> '.$game_name.' </span> « '.$lang['are_you_sure_remove_b'].'<br />
<a href="'.U_FAV_DELETE_OWN.$gamename.'&deleteID='.$delete_ID.'">'.$lang['yes'].'</a> <a href="'.U_FAVOURITES.'">'.$lang['no'].'</a></div>
'.IMG_THB.'';
}
function favourites(){
include "includes/db-global.php";
$delete_ID = isset($_GET['deleteID']) ? intval($_GET['deleteID']) : 0;
$delete_name = isset($_GET['deletename']) ? Zap($_GET['deletename']) : 0;
if (!empty($delete_ID)){
$db->query("DELETE FROM " . USERS_FAVS_TABLE . " WHERE userid=".$usrdata['userid']." AND gameid=".intval($delete_ID)."") or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['deleted'].' » <span class="msg-unread"> '.$delete_name.' </span> « '.$lang['are_you_sure_remove_b'].'<br /><a href="'.U_FAVOURITES.'">'.$lang['go_back'].'</a></div>
'.IMG_THB.'<br />';
}
echo '
'.IMG_THL.''.$lang['myfavs'].''.IMG_THR.'
'.SCRST.'';
$sql4 = $db->query(sprintf("SELECT
gameid
FROM " . USERS_FAVS_TABLE . " WHERE userid=".$usrdata['userid']."")) or die(mysql_error());
while($row3 = $db->fetch_row($sql4)){
$row3_gameid = intval($row3['gameid']);
$del1 = $db->query(sprintf("SELECT
ID,
file,
description,
name,
views,
type,
thumb,
thumb_url
FROM " . GAMES_TABLE . " WHERE ID='%u'", $row3_gameid)) or die(mysql_error());
$row4 = $db->fetch_row($del1);
$row4_id = intval($row4['ID']);
$row4_views = intval($row4['views']);
$row4_type = intval($row4['type']);
if($row4['type'] == 1) {$row4_thumb = Zap($row4['thumb']);
}else{
$row4_thumb_url = Zap($row4['thumb_url']);}
$row4_file = Zap($row4['file']);
$body = Zap($row4['description']);
$row4_name = Zap($row4['name']);
include "editor/editor_bodystring.php";
$row4_name = Zap($row4_name);
$body = htmlspecialchars_decode($body);
$body = str_replace("&", "&", $body);
$gamelink = ''.U_GAME_LINK.$row4_id.'';
echo '
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="sub-cat-a left boldp width80"> '.$row4_name.'</td>
<td class="sub-cat-a left boldp width20">'.$lang['total_views'].' » '.$row4_views.'</td>
</tr>
</table>
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td width="55" height="55" valign="top" class="fav-image-a">
<a href="'.$gamelink.'">';
if($row4['type'] == 1){
echo ''.IMG_THUMB_B1.$row4_thumb.IMG_THUMB_55.'';
}else{
echo ''.IMG_THUMB_B2.$row4_thumb_url.IMG_THUMB_55.'';
}
echo '
</a>
</td>
<td valign="top" class="fav-image-b left">'.stripslashes(myfavsdesclimit($body)).'<br />
<div style="padding-top: 2px; white-space: nowrap;">
<a href="'.$gamelink.'" class="gamelink-a floatl left">'.IMG_PLAY.'</a>';
if($row4['type'] == 1){echo '
<span class="gamelink-a floatl left"> <a href="javascript:popUp(\''.GAMES.''.$row4_file.'\')">'.IMG_PLAY_FULL.'</a></span>';
}else{echo '<span class="gamelink-a floatl left"> '.IMG_NO_FULL.'</span>';}
$db->query("DELETE FROM " . USERS_FAVS_TABLE . " WHERE ID=".$row4['ID']."") or die(mysql_error());
$ID = intval($row4['ID']);
echo'
<div class="floatr"><a href="'.U_FAV_DELETE.$ID.'">'.ICO_DEL.'</a> </div>
</div>
</td>
</tr>
</table>';
}
echo '
'.SCRSB.'
'.IMG_THB.'';
}
function change_email(){
include "includes/db-global.php";
$userid = intval($usrdata['userid']);
$query = $db->query(sprintf("SELECT
email
FROM " . USERS_TABLE . " WHERE userid='%u'", $userid)) or die(mysql_error());
$row = $db->fetch_row($query);
$current_email = html_escape($row['email']);
if(isset($_POST['submit'])){
$email = sanitize($_POST['email']);
$password = sanitize(md5($_POST['password']));
$password2 = sanitize(md5($_POST['password2']));
if(!$password || !$email || !$password2){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['all_fields_req'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
}
$invalMail = ''.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['email_not_valid'].''.GO_BACK.'</div>
'.IMG_THB.'';
function isValidEmail($email){
if(preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email))
return true;
else
return false;
}
if(!isValidEmail($email)){
echo ''.$invalMail.'';
return;
}
if($_POST['password'] != $_POST['password2']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($password != $usrdata['password']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_wrong_a'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($email == $current_email){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['current_email'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
}
$sql = $db->query("SELECT
email,
username
FROM " . USERS_TABLE . " WHERE email='.$email.'") or die(mysql_error());
if($db->num_rows($sql) == 1){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['email_in_use'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
}
$user_name = Zap($usrdata['username']);
$activation_number = rand( );
$subject = ''.$lang['email_change'].'';
$message = ''.$lang['dear'].' '.$user_name.',<br />'.$lang['email_change_a'].' <a href="'.DIR_PATH.'">'.$sitename.'</a>. <a href="'.DIR_PATH.'index.php?action=activate_email&new_email='.$email.'&old_email='.$current_email.'&id='.$activation_number.'">'.$lang['click_here'].'</a> '.$lang['email_change_b'].'<br />'.$lang['thanks'].'<br />'.$sitename.' '.$lang['administration'].'';
$headers = ''.$lang['from'].': '.$supportemail.'' . "\r\n" . 'Content-Type: text/html; charset=UTF-8' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$sent = mail($email, $subject, $message, $headers);
$db->query("UPDATE " . USERS_TABLE . " SET new_email='$email', new_email_key='$activation_number' WHERE userid='{$usrdata['userid']}'") or die(mysql_error());
#Confirm email sent or notify them of a problem
if ($sent) {
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['email_correct'].'</div>
'.IMG_THB.'<br />';
}else{
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['no_connect_db'].''.GO_BACK.'</div>
'.IMG_THB.'';
}
}
echo '
'.IMG_THL.''.$lang['change_email'].''.IMG_THR.'
'.SCRST.'
<form action="'.S_CHANGE_EMAIL.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp width40">'.$lang['email_address_new'].' » </td>
<td> <input type="text" name="email" size="35" value="" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_current'].' » </td>
<td> <input type="password" name="password" size="35" value="" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_rep'].' » </td>
<td> <input type="password" name="password2" size="35" value="" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2" ><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
}
function change_question(){
include "includes/db-global.php";
if(isset($_POST['submit'])){
$password = sanitize(md5($_POST['password']));
$answer = sanitize(md5($_POST['answer']));
$question = sanitize($_POST['question']);
$password2 = sanitize(md5($_POST['password2']));
if(!$question || !$answer || !$password || !$password2){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['not_all_fields'].'<br /><a href="'.U_CHANGE_QUESTION.'">'.$lang['go_back'].'</a></div>
'.IMG_THB.'';
return;
}
if($_POST['password'] != $_POST['password2']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($password != $usrdata['password']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_wrong_a'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}else{
$db->query("UPDATE " . USERS_TABLE . " SET pass_question='$question', pass_answer='$answer' WHERE userid='{$usrdata['userid']}'") or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['updated_qa'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}
}
echo '
'.IMG_THL.''.$lang['change_pass_qa'].''.IMG_THR.'
'.SCRST.'
<form action="'.S_CHANGE_QUESTION.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp width40">'.$lang['question'].' » </td>
<td class="content-a left"><input type="text" name="question" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['answer'].' »</td>
<td class="content-a left"><input type="text" name="answer" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['current_password'].' » </td>
<td class="content-a left"><input type="password" name="password" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_rep'].' » </td>
<td class="content-a left"><input type="password" name="password2" size="35" value="" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
}
function change_password(){
include "includes/db-global.php";
if(isset($_POST['submit'])){
$oldpass = sanitize(md5($_POST['oldpass']));
$newpass = sanitize(md5($_POST['newpass']));
$password2 = sanitize(md5($_POST['password2']));
if(!$oldpass || !$newpass || !$password2){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['not_all_fields'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($_POST['newpass'] != $_POST['password2']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($oldpass != $usrdata['password']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_wrong_b'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}else{
$db->query(sprintf("UPDATE " . USERS_TABLE . " SET password='%s' WHERE userid='%u'", $newpass, $usrdata['userid'])) or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['password_updated'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}}
echo '
'.IMG_THL.''.$lang['change_password'].''.IMG_THR.'
'.SCRST.'
<form action="'.S_CHANGE_PASS.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp width40">'.$lang['password_old'].' » </td>
<td class="content-a left"><input type="password" name="oldpass" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_new'].' » </td>
<td class="content-a left"><input type="password" name="newpass" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_rep'].' » </td>
<td class="content-a left"><input type="password" name="password2" size="35" value="" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
}
$cmd = isset($_GET['cmd']) ? $_GET['cmd'] : null;
switch($cmd) {
default:
account();
break;
case 'delete_favourite':
delete_favourite();
break;
case 'favourites':
favourites();
break;
case 'change_password':
change_password();
break;
case 'change_question':
change_question();
break;
case 'change_email':
change_email();
break;
case 'change_avatar':
change_avatar();
break;
}
};
?>
/**
* @package (c) 2008 - 2014 Gnu Arcade Script
* @version $Id: my_account.php Version.1.0
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!defined('IN_ARCADE')) {die('Please use the front door');}
function getbody() {
include "includes/db-global.php";
if(!isset($suserid)){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['login_first'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
};
function change_avatar(){
include "includes/db-global.php";
$userid = $usrdata['userid'];
if($avatar == 0) {$avatar0 = 'selected="selected"';};
if($avatar == 1) {$avatar1 = 'selected="selected"';};
if(isset($_POST['avatar'])){
$avatar = sanitize($_POST['avatar']);
if ($avatar == 0) {
$db->query("UPDATE " . USERS_TABLE . " SET avatar='$avatar', avatar_file='' WHERE userid='$userid'") or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['profile_update'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}else{
function findexts ($filename)
{
$filename = strtolower($filename);
$exts = mb_split("[/\.]", $filename);
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}
if ($_FILES['uploaded']['size'] > 40000) {
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['file_too_big'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
};
$ext = findexts ($_FILES['uploaded']['name']);
$os = array("gif", "jpg", "jpeg", "png");
if (!in_array($ext, $os)) {
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['file_type_no'].''.GO_BACK.'</a></div>
'.IMG_THB.'';
return;
}else{/*Do Nothing*/};
$ava = "avatar";
$ava3 = $usrdata['userid'];
$ava4 = $ava.$userid.'.';
$avatar_file = $ava4.$ext;
//This is the directory. Make sure it exists and is chmodded to 0755 or 0777 as required!
$target = "avatars/";
//This combines the directory, the userid, and the extension
$target = $target . $ava4.$ext;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['file_uploaded'].''.GO_BACK.'</div>
'.IMG_THB.'';
$db->query("UPDATE " . USERS_TABLE . " SET avatar='$avatar', avatar_file='$avatar_file' WHERE userid='$userid'") or die(mysql_error());
}else{
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['file_sorry'].''.GO_BACK.'</div>
'.IMG_THB.'';
};
};
}else{
echo '
'.IMG_THL.''.$lang['manage_avatar'].''.IMG_THR.'
'.SCRST.'
<form enctype="multipart/form-data" action="'.S_CHANGE_AVATAR.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp">'.$lang['use_avatar'].':
<select name="avatar">
<option value="0" '.$avatar2.'>'.$lang['no'].'</option>
<option value="1" '.$avatar1.'>'.$lang['yes'].'</option>
</select>
</td>
</tr>
<tr>
<td class="content-a left boldp">'.$lang['file_choose'].': <input name="uploaded" type="file" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" value="'.$lang['submit'].'" />
</td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
};
};
function account(){
include "includes/db-global.php";
if (!isset($_POST['email'])) $_POST['email'] = null;
if(isset($_POST['newsletter'])){
$userid = intval($usrdata['userid']);
$newsletter = sanitize($_POST['newsletter']);
$email = sanitize($_POST['email']);
$aim = sanitize($_POST['aim']);
$icq = sanitize($_POST['icq']);
$msn = sanitize($_POST['msn']);
$yim = sanitize($_POST['yim']);
$location = sanitize($_POST['location']);
$user_flag = sanitize($_POST['user_flag']);
$user_style = sanitize($_POST['user_style']);
$occupation = sanitize($_POST['occupation']);
$website = sanitize($_POST['website']);
$link_a = sanitize($_POST['link_a']);
$link_b = sanitize($_POST['link_b']);
$link_c = sanitize($_POST['link_c']);
$link_d = sanitize($_POST['link_d']);
$link_e = sanitize($_POST['link_e']);
$link_f = sanitize($_POST['link_f']);
$link_g = sanitize($_POST['link_g']);
$link_h = sanitize($_POST['link_h']);
$sex = sanitize($_POST['sex']);
$interests = sanitize($_POST['interests']);
$bio = sanitize($_POST['bio']);
$ip = $_SERVER['REMOTE_ADDR'];
$db->query("UPDATE " . USERS_TABLE . " SET
newsletter='$newsletter',
aim='$aim',
icq='$icq',
msn='$msn',
yim='$yim',
location='$location',
user_flag='$user_flag',
user_style='$user_style',
occupation='$occupation',
website='$website',
link_a='$link_a',
link_b='$link_b',
link_c='$link_c',
link_d='$link_d',
link_e='$link_e',
link_f='$link_f',
link_g='$link_g',
link_h='$link_h',
sex='$sex',
interests='$interests',
bio='$bio',
ip='$ip' WHERE userid='$userid'") or die(mysql_error());
echo '
'.IMG_THL.'
'.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['profile_update'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
};
$userid = intval($usrdata['userid']);
$query = $db->query(sprintf("SELECT
username,
plays,
sex,
avatar,
avatar_file,
newsletter,
aim,
icq,
msn,
yim,
location,
user_style,
user_flag,
occupation,
website,
link_a,
link_b,
link_c,
link_d,
link_e,
link_f,
link_g,
link_h,
interests,
bio
FROM " . USERS_TABLE . " WHERE userid='%u'", $userid)) or die(mysql_error());
$row = $db->fetch_row($query);
$username = html_escape($row['username']);
$plays = intval($row['plays']);
$sex = Zap($row['sex']);
$avatar = Zap($row['avatar']);
$avatar_file = Zap($row['avatar_file']);
$newsletter = Zap($row['newsletter']);
$aim = Zap($row['aim']);
$icq = Zap($row['icq']);
$msn = Zap($row['msn']);
$yim = Zap($row['yim']);
$location = html_escape($row['location']);
$user_flag = Zap($row['user_flag']);
$user_style = Zap($row['user_style']);
$occupation = html_escape($row['occupation']);
$website = Zap($row['website']);
$link_a = Zap($row['link_a']);
$link_b = Zap($row['link_b']);
$link_c = Zap($row['link_c']);
$link_d = Zap($row['link_d']);
$link_e = Zap($row['link_e']);
$link_f = Zap($row['link_f']);
$link_g = Zap($row['link_g']);
$link_h = Zap($row['link_h']);
$interests = html_escape($row['interests']);
$bio = html_escape($row['bio']);
$query = $db->query(sprintf("SELECT
flag_id,
flag_name,
flag_image
FROM " . FLAGS_TABLE . " ")) or die(mysql_error());
while($row = $db->fetch_row($query)){
$flagID = intval($row['flag_id']);
$flag_name = Zap($row['flag_name']);
$flag_image = Zap($row['flag_image']);
if(!empty($user_flag) && ($user_flag == $flag_image)){$Country = $flag_name;}
}
if(!empty($user_flag)){
$show_flag = ' <img src="'.FLAGS.''.$user_flag.'" alt="'.$location.' '.$Country.' " title="'.$location.' '.$Country.'" /> '.$Country.'';}else{$show_flag = '';}
if(!empty($user_style)){
$show_style = $user_style;
}else{
$show_style = '';}
include "templates/$template/ranks.php";
$rank = '<img '.IMG_80.' src="'.IMAGE_PATH.'ranks/'.$AAA.' /> ';
if($newsletter == 0) {$newsletter0 = 'selected="selected"';};
if($newsletter == 1) {$newsletter1 = 'selected="selected"';};
if($sex == 0) {$sex0 = 'selected="selected"';};
if($sex == 1) {$sex1 = 'selected="selected"';};
if($sex == 2) {$sex2 = 'selected="selected"';};
if ($avatar == "1" ) {$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/'.$avatar_file.'" alt="" />';
}else{
if (empty($avatar_file) && ($sex == 2) && ($avatar == "0") || ($avatar == "") ){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-female.png" alt="" />';
}else{
if (empty($avatar_file) && ($sex == 1) && ($avatar == "0") || ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-male.png" alt="" />';
}else{
if (empty($avatar_file) && ($sex == 0) && ($avatar == "0") || ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-member.png" alt="" />';
}else{
if (empty($avatar_file) && ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-member.png" alt="" />';
}}}}}
echo '
'.IMG_THL.''.$lang['myaccount'].''.IMG_THR.'
'.SCRTOP.'
<form action="'.S_MY_ACCT.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td colspan="3" class="content-a center width10">'.$avatar_url.'<br />'.$rank.'</td>
<td class="content-a"> </td>
<td valign="top" class="content-a left boldp width45 nowrap">
<a href="'.U_FAVOURITES.'">'.IMG_ACC_FAV.'</a>
<a href="'.U_MESSAGES.'">'.IMG_ACC_MES.'</a>
<a href="'.U_CHANGE_AVATAR.'">'.IMG_ACC_CHA.'</a>
<a href="'.U_CHANGE_EMAIL.'">'.IMG_ACC_CHE.'</a>
<a href="'.U_CHANGE_PASS.'">'.IMG_ACC_CHP.'</a>
<a href="'.U_CHANGE_QUESTION.'">'.IMG_ACC_CHQ.'</a>
<a href="'.U_PROFILE.$userid.'">'.IMG_ACC_PRO.'</a>
</td>
</tr>
</table>
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a boldp left width45">'.$lang['games_played'].':</td>
<td class="content-a left boldp width50">'.$plays.'</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['template'].':</td>
<td class="content-a left boldp">';
$query = $db->query(sprintf("SELECT
template_name,
style_name
FROM " . THEMES_TABLE . " WHERE visible=1 ORDER BY template_name ASC")) or die(mysql_error());
$style_list = '
<select name="user_style">';
while($row = $db->fetch_row($query)){
$template_name = Zap($row['template_name']);
$style_name = Zap($row['style_name']);
$selected = '';
if (!empty($user_style) && ($template_name == $user_style))
{
$selected = 'selected="selected"';
}
$style_list .= '<option style="width:100px;" value="'.$template_name.'" '.$selected.'>'.$style_name.'</option>';
};
$style_list .= '</select>';
echo '
'.$style_list.'
</td>
</tr>
<tr>
<td class="content-a left boldp">'.$lang['newsletter'].':</td>
<td class="content-a left">
<select name="newsletter">
<option value="0" '.$newsletter0.'>'.$lang['no'].'</option>
<option value="1" '.$newsletter1.'>'.$lang['yes'].'</option>
</select>
</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['location'].': <small>('.$lang['location_exp'].')</small></td>
<td class="content-a left"><input name="location" type="text" size="50" value="'.$location.'" /></td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['country_flag'].': '.$show_flag.'</td>
<td class="content-a left">';
$query = $db->query(sprintf("SELECT
flag_id,
flag_name,
flag_image
FROM " . FLAGS_TABLE . " ORDER BY flag_name ASC")) or die(mysql_error());
$flag_list = '
<select name="user_flag">
<option value="0">'.$lang['country_select'].'</option>';
while($row = $db->fetch_row($query)){
$flagID = intval($row['flag_id']);
$flag_name = Zap($row['flag_name']);
$flag_image = Zap($row['flag_image']);
$selected = '';
if (!empty($user_flag) && ($user_flag == $flag_image))
{
$selected = ' selected="selected"';
}
$flag_list .= '<option style="width:100px;" value="'.$flag_image.'"'.$selected.'>'.$flag_name.'</option>';
};
$flag_list .= '</select>';
echo '
'.$flag_list.'
</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['website_a'].': <small>('.$lang['website_b'].')</small></td>
<td class="content-a left"><input name="website" type="text" size="50" value="'.$website.'" /></td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['occupation'].':<br /></td>
<td class="content-a left"><input name="occupation" type="text" size="50" value="'.$occupation.'" /></td>
</tr>
<tr>
<td class="content-a left boldp">'.$lang['gender'].':</td>
<td class="content-a left">
<select name="sex">
<option value="0" '.$sex0.'>'.$lang['undisclosed'].'</option>
<option value="1" '.$sex1.'>'.$lang['male'].'</option>
<option value="2" '.$sex2.'>'.$lang['female'].'</option>
</select>
</td>
</tr>
<tr>
<td valign="top" class="content-a boldp left">'.$lang['im'].':<br /><small>('.$lang['im_b'].')</small></td>
<td> </td>
</tr>
<tr>
<td class="content-a right">'.IM_AIM.'</td>
<td class="content-a left"><input name="aim" type="text" size="50" value="'.$aim.'" /></td>
</tr>
<tr>
<td class="content-a right">'.IM_ICQ.'</td>
<td class="content-a left"><input name="icq" type="text" size="50" value="'.$icq.'" /></td>
</tr>
<tr>
<td class="content-a right">'.IM_MSN.'</td>
<td class="content-a left"><input name="msn" type="text" size="50" value="'.$msn.'" /></td>
</tr>
<tr>
<td class="content-a right">'.IM_YIM.'</td>
<td class="content-a left"><input name="yim" type="text" size="50" value="'.$yim.'" /></td>
</tr>
<tr>
<td valign="top" class="content-a boldp left">'.$lang['social_bookmarks_a'].':<br /><small>('.$lang['im_b'].')</small></td>
<td> </td>
</tr>
<tr>
<td class="content-a right">'.SB_FB.'</td>
<td class="content-a left"><input name="link_a" type="text" size="50" value="'.$link_a.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_TW.'</td>
<td class="content-a left"><input name="link_b" type="text" size="50" value="'.$link_b.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_MS.'</td>
<td class="content-a left"><input name="link_c" type="text" size="50" value="'.$link_c.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_FL.'</td>
<td class="content-a left"><input name="link_d" type="text" size="50" value="'.$link_d.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_DG.'</td>
<td class="content-a left"><input name="link_e" type="text" size="50" value="'.$link_e.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_YT.'</td>
<td class="content-a left"><input name="link_f" type="text" size="50" value="'.$link_f.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_DL.'</td>
<td class="content-a left"><input name="link_g" type="text" size="50" value="'.$link_g.'" /></td>
</tr>
<tr>
<td class="content-a right">'.SB_VM.'</td>
<td class="content-a left"><input name="link_h" type="text" size="50" value="'.$link_h.'" />
</td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['interests'].':<br /><small>100 '.$lang['characters'].'<br />'.$lang['html_script'].'</small></td>
<td class="content-a"><textarea name="interests" rows="2" cols="34">'.$interests.'</textarea></td>
</tr>
<tr>
<td class="content-a boldp left">'.$lang['about_me'].':<br /><small>300 '.$lang['characters'].'<br />'.$lang['html_script'].'</small></td>
<td class="content-a"><textarea name="bio" rows="4" cols="34">'.$bio.'</textarea></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="4"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" />
</td>
</tr>
</table>
</form>
'.SCRBOT.'
'.IMG_THB.'';
};
function delete_favourite(){
include "includes/db-global.php";
$delete_ID = isset($_GET['deleteID']) ? intval($_GET['deleteID']) : 0;
$del1 = $db->query(sprintf("SELECT
name
FROM " . GAMES_TABLE . " WHERE ID='%u'", intval($delete_ID))) or die(mysql_error());
$row4 = $db->fetch_row($del1);
$gamename = Zap(urlencode($row4['name']));
$game_name = Zap(urldecode($row4['name']));
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['are_you_sure_remove_a'].' » <span class="msg-unread"> '.$game_name.' </span> « '.$lang['are_you_sure_remove_b'].'<br />
<a href="'.U_FAV_DELETE_OWN.$gamename.'&deleteID='.$delete_ID.'">'.$lang['yes'].'</a> <a href="'.U_FAVOURITES.'">'.$lang['no'].'</a></div>
'.IMG_THB.'';
}
function favourites(){
include "includes/db-global.php";
$delete_ID = isset($_GET['deleteID']) ? intval($_GET['deleteID']) : 0;
$delete_name = isset($_GET['deletename']) ? Zap($_GET['deletename']) : 0;
if (!empty($delete_ID)){
$db->query("DELETE FROM " . USERS_FAVS_TABLE . " WHERE userid=".$usrdata['userid']." AND gameid=".intval($delete_ID)."") or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['deleted'].' » <span class="msg-unread"> '.$delete_name.' </span> « '.$lang['are_you_sure_remove_b'].'<br /><a href="'.U_FAVOURITES.'">'.$lang['go_back'].'</a></div>
'.IMG_THB.'<br />';
}
echo '
'.IMG_THL.''.$lang['myfavs'].''.IMG_THR.'
'.SCRST.'';
$sql4 = $db->query(sprintf("SELECT
gameid
FROM " . USERS_FAVS_TABLE . " WHERE userid=".$usrdata['userid']."")) or die(mysql_error());
while($row3 = $db->fetch_row($sql4)){
$row3_gameid = intval($row3['gameid']);
$del1 = $db->query(sprintf("SELECT
ID,
file,
description,
name,
views,
type,
thumb,
thumb_url
FROM " . GAMES_TABLE . " WHERE ID='%u'", $row3_gameid)) or die(mysql_error());
$row4 = $db->fetch_row($del1);
$row4_id = intval($row4['ID']);
$row4_views = intval($row4['views']);
$row4_type = intval($row4['type']);
if($row4['type'] == 1) {$row4_thumb = Zap($row4['thumb']);
}else{
$row4_thumb_url = Zap($row4['thumb_url']);}
$row4_file = Zap($row4['file']);
$body = Zap($row4['description']);
$row4_name = Zap($row4['name']);
include "editor/editor_bodystring.php";
$row4_name = Zap($row4_name);
$body = htmlspecialchars_decode($body);
$body = str_replace("&", "&", $body);
$gamelink = ''.U_GAME_LINK.$row4_id.'';
echo '
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="sub-cat-a left boldp width80"> '.$row4_name.'</td>
<td class="sub-cat-a left boldp width20">'.$lang['total_views'].' » '.$row4_views.'</td>
</tr>
</table>
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td width="55" height="55" valign="top" class="fav-image-a">
<a href="'.$gamelink.'">';
if($row4['type'] == 1){
echo ''.IMG_THUMB_B1.$row4_thumb.IMG_THUMB_55.'';
}else{
echo ''.IMG_THUMB_B2.$row4_thumb_url.IMG_THUMB_55.'';
}
echo '
</a>
</td>
<td valign="top" class="fav-image-b left">'.stripslashes(myfavsdesclimit($body)).'<br />
<div style="padding-top: 2px; white-space: nowrap;">
<a href="'.$gamelink.'" class="gamelink-a floatl left">'.IMG_PLAY.'</a>';
if($row4['type'] == 1){echo '
<span class="gamelink-a floatl left"> <a href="javascript:popUp(\''.GAMES.''.$row4_file.'\')">'.IMG_PLAY_FULL.'</a></span>';
}else{echo '<span class="gamelink-a floatl left"> '.IMG_NO_FULL.'</span>';}
$db->query("DELETE FROM " . USERS_FAVS_TABLE . " WHERE ID=".$row4['ID']."") or die(mysql_error());
$ID = intval($row4['ID']);
echo'
<div class="floatr"><a href="'.U_FAV_DELETE.$ID.'">'.ICO_DEL.'</a> </div>
</div>
</td>
</tr>
</table>';
}
echo '
'.SCRSB.'
'.IMG_THB.'';
}
function change_email(){
include "includes/db-global.php";
$userid = intval($usrdata['userid']);
$query = $db->query(sprintf("SELECT
FROM " . USERS_TABLE . " WHERE userid='%u'", $userid)) or die(mysql_error());
$row = $db->fetch_row($query);
$current_email = html_escape($row['email']);
if(isset($_POST['submit'])){
$email = sanitize($_POST['email']);
$password = sanitize(md5($_POST['password']));
$password2 = sanitize(md5($_POST['password2']));
if(!$password || !$email || !$password2){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['all_fields_req'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
}
$invalMail = ''.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['email_not_valid'].''.GO_BACK.'</div>
'.IMG_THB.'';
function isValidEmail($email){
if(preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email))
return true;
else
return false;
}
if(!isValidEmail($email)){
echo ''.$invalMail.'';
return;
}
if($_POST['password'] != $_POST['password2']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($password != $usrdata['password']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_wrong_a'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($email == $current_email){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['current_email'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
}
$sql = $db->query("SELECT
email,
username
FROM " . USERS_TABLE . " WHERE email='.$email.'") or die(mysql_error());
if($db->num_rows($sql) == 1){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['email_in_use'].''.GO_BACK.'</div>
'.IMG_THB.'';
return;
}
$user_name = Zap($usrdata['username']);
$activation_number = rand( );
$subject = ''.$lang['email_change'].'';
$message = ''.$lang['dear'].' '.$user_name.',<br />'.$lang['email_change_a'].' <a href="'.DIR_PATH.'">'.$sitename.'</a>. <a href="'.DIR_PATH.'index.php?action=activate_email&new_email='.$email.'&old_email='.$current_email.'&id='.$activation_number.'">'.$lang['click_here'].'</a> '.$lang['email_change_b'].'<br />'.$lang['thanks'].'<br />'.$sitename.' '.$lang['administration'].'';
$headers = ''.$lang['from'].': '.$supportemail.'' . "\r\n" . 'Content-Type: text/html; charset=UTF-8' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$sent = mail($email, $subject, $message, $headers);
$db->query("UPDATE " . USERS_TABLE . " SET new_email='$email', new_email_key='$activation_number' WHERE userid='{$usrdata['userid']}'") or die(mysql_error());
#Confirm email sent or notify them of a problem
if ($sent) {
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['email_correct'].'</div>
'.IMG_THB.'<br />';
}else{
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['no_connect_db'].''.GO_BACK.'</div>
'.IMG_THB.'';
}
}
echo '
'.IMG_THL.''.$lang['change_email'].''.IMG_THR.'
'.SCRST.'
<form action="'.S_CHANGE_EMAIL.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp width40">'.$lang['email_address_new'].' » </td>
<td> <input type="text" name="email" size="35" value="" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_current'].' » </td>
<td> <input type="password" name="password" size="35" value="" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_rep'].' » </td>
<td> <input type="password" name="password2" size="35" value="" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2" ><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
}
function change_question(){
include "includes/db-global.php";
if(isset($_POST['submit'])){
$password = sanitize(md5($_POST['password']));
$answer = sanitize(md5($_POST['answer']));
$question = sanitize($_POST['question']);
$password2 = sanitize(md5($_POST['password2']));
if(!$question || !$answer || !$password || !$password2){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['not_all_fields'].'<br /><a href="'.U_CHANGE_QUESTION.'">'.$lang['go_back'].'</a></div>
'.IMG_THB.'';
return;
}
if($_POST['password'] != $_POST['password2']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($password != $usrdata['password']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_wrong_a'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}else{
$db->query("UPDATE " . USERS_TABLE . " SET pass_question='$question', pass_answer='$answer' WHERE userid='{$usrdata['userid']}'") or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['updated_qa'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}
}
echo '
'.IMG_THL.''.$lang['change_pass_qa'].''.IMG_THR.'
'.SCRST.'
<form action="'.S_CHANGE_QUESTION.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp width40">'.$lang['question'].' » </td>
<td class="content-a left"><input type="text" name="question" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['answer'].' »</td>
<td class="content-a left"><input type="text" name="answer" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['current_password'].' » </td>
<td class="content-a left"><input type="password" name="password" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_rep'].' » </td>
<td class="content-a left"><input type="password" name="password2" size="35" value="" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
}
function change_password(){
include "includes/db-global.php";
if(isset($_POST['submit'])){
$oldpass = sanitize(md5($_POST['oldpass']));
$newpass = sanitize(md5($_POST['newpass']));
$password2 = sanitize(md5($_POST['password2']));
if(!$oldpass || !$newpass || !$password2){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['not_all_fields'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($_POST['newpass'] != $_POST['password2']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div>
'.IMG_THB.'<br />';
return;
}
if($oldpass != $usrdata['password']){
echo '
'.IMG_THL.''.$lang['general_error'].''.IMG_THR.'
<div class="error">'.$lang['password_wrong_b'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}else{
$db->query(sprintf("UPDATE " . USERS_TABLE . " SET password='%s' WHERE userid='%u'", $newpass, $usrdata['userid'])) or die(mysql_error());
echo '
'.IMG_THL.''.$lang['general_message'].''.IMG_THR.'
<div class="msg">'.$lang['password_updated'].''.GO_BACK.'</div>
'.IMG_THB.'<br />';
}}
echo '
'.IMG_THL.''.$lang['change_password'].''.IMG_THR.'
'.SCRST.'
<form action="'.S_CHANGE_PASS.'" method="post">
<table class="width100" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="content-a left boldp width40">'.$lang['password_old'].' » </td>
<td class="content-a left"><input type="password" name="oldpass" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_new'].' » </td>
<td class="content-a left"><input type="password" name="newpass" size="35" /></td>
</tr>
<tr>
<td class="content-a left boldp width40">'.$lang['password_rep'].' » </td>
<td class="content-a left"><input type="password" name="password2" size="35" value="" /></td>
</tr>
<tr>
<td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td>
</tr>
</table>
</form>
'.SCRSB.'
'.IMG_THB.'';
}
$cmd = isset($_GET['cmd']) ? $_GET['cmd'] : null;
switch($cmd) {
default:
account();
break;
case 'delete_favourite':
delete_favourite();
break;
case 'favourites':
favourites();
break;
case 'change_password':
change_password();
break;
case 'change_question':
change_question();
break;
case 'change_email':
change_email();
break;
case 'change_avatar':
change_avatar();
break;
}
};
?>
I know it's not phpBB or Icy - but I also know you'll be dying to help - So I'll thank you in advance for your time and opinions.
:twisted: 8)