edit_profile.php

BLOG HOSTER---PHP & MYSQL Create Blogs in seconds Installation of your BlogHoster system is easy.

<?
$page = "edit_profile.php";
include "header.php";

if(isset($_POST['task'])) { $task = $_POST['task']; } elseif(isset($_GET['task'])) { $task = $_GET['task']; } else { $task = "main"; }


if($task == "save_do") {

// CREATE BAD WORD ARRAYS
$bad_words = explode(",", trim($admin_info[banned_badwords]));
$bad_words_replace = explode(",", trim($admin_info[banned_badwords_replace]));

$show_name = $_POST['show_name'];
$show_email = $_POST['show_email'];
$show_memberlist = $_POST['show_memberlist'];
$show_userstats = $_POST['show_userstats'];
$fname = str_replace("'", "&#39;", htmlspecialchars($_POST['fname']));
$lname = str_replace("'", "&#39;", htmlspecialchars($_POST['lname']));
$display_name = str_replace($bad_words, $bad_words_replace, str_replace("'", "&#39;", htmlspecialchars($_POST['display_name'])));
$title = str_replace($bad_words, $bad_words_replace, str_replace("'", "&#39;", htmlspecialchars($_POST['title'])));
$description = str_replace($bad_words, $bad_words_replace, htmlspecialchars($_POST['description']));
$wc_id = $_POST['wc_id'];
$email = htmlspecialchars($_POST['email']);
$website = str_replace("'", "&#39;", $_POST['website']);
$screenname = str_replace("'", "&#39;", htmlspecialchars($_POST['screenname']));
$screenname_type = $_POST['screenname_type'];
$gender = $_POST['gender'];
$city = str_replace("'", "&#39;", htmlspecialchars($_POST['city']));
$state = str_replace("'", "&#39;", htmlspecialchars($_POST['state']));
$country = str_replace("'", "&#39;", $_POST['country']);
$interests = $_POST['interests'];

$birthday_month = $_POST['birthday_month'];
$birthday_day = $_POST['birthday_day'];
$birthday_year = $_POST['birthday_year'];
$birthday = MakeTime("0", "0", "0", "$birthday_month", "$birthday_day", "$birthday_year");

if(str_replace(" ", "", $lname) == "") { echo $head; error(14); }
if(str_replace(" ", "", $display_name) == "") { echo $head; error(17); }
if(str_replace(" ", "", $title) == "") { echo $head; error(10); }
if($wc_id == "") { echo $head; error(28); }
if(!preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i", $email)) { echo $head; error(15); }
if(str_replace(" ", "", $website) == "" & $admin_info[field_website] == "3") { echo $head; error(19); }
if(str_replace(" ", "", $screenname) == "" & $admin_info[field_screenname] == "3") { echo $head; error(20); }
if(str_replace(" ", "", $gender) == "" & $admin_info[field_gender] == "3") { echo $head; error(21); }
if(str_replace(" ", "", $birthday) == "" & $admin_info[field_birthday] == "3") { echo $head; error(22); }


if(str_replace(" ", "", $city) == "" & $admin_info[field_city] == "3") { echo $head; error(23); }
if(str_replace(" ", "", $state) == "" & $admin_info[field_state] == "3") { echo $head; error(24); }
if(str_replace(" ", "", $country) == "" & $admin_info[field_country] == "3") { echo $head; error(25); }


if($show_name != 1) { $show_name = 0; }
if($show_email != 1) { $show_email = 0; }










// PROCESS INTERESTS
$interests = str_replace(", ", ",", $interests);
$interest = explode(",", $interests);

$user_interests_new = array();
$count = 0;

while($count < count($interest)) {
if(str_replace(" ", "", $interest[$count]) != "") {


$interest[$count] = preg_replace("/[^a-z,A-Z,0-9,\-, ,_]/", "", $interest[$count]);
//$interest[$count] = str_replace("+", " ", $interest[$count]);

// IF INTEREST DOES NOT EXIST, CREATE IT
if(mysql_num_rows(mysql_query("SELECT * FROM bhost_interests WHERE name='$interest[$count]'")) == 0) {
mysql_query("INSERT INTO bhost_interests (name) VALUES ('$interest[$count]')");
}

// ADD INTEREST TO THIS USER'S LIST, IF NOT ALREADY THERE
$newinterest = mysql_fetch_assoc(mysql_query("SELECT * FROM bhost_interests WHERE name='$interest[$count]'"));
if(!in_array("-".$newinterest[int_id]."-", $user_interests_new)) {
$user_interests_new[$count] = "-$newinterest[int_id]-";
}

}
$count++;
}

$user_interests_new = implode(",", $user_interests_new);
mysql_query("UPDATE bhost_users SET interests='$user_interests_new' WHERE u_id='$user_info[u_id]'");




// UPDATE THE USER
mysql_query("UPDATE bhost_users SET wc_id='$wc_id', fname='$fname', lname='$lname', email='$email', display_name='$display_name', title='$title', description='$description', website='$website', screenname='$screenname', screenname_type='$screenname_type', gender='$gender', birthday='$birthday', city='$city', state='$state', country='$country', show_name='$show_name', show_email='$show_email', show_memberlist='$show_memberlist', show_userstats='$show_userstats' WHERE u_id='$user_info[u_id]'");


$custom_fields = mysql_query("SHOW COLUMNS FROM bhost_profile FROM `$mysql_database`");
$user_profile = mysql_fetch_assoc(mysql_query("SELECT * FROM bhost_profile WHERE u_id='$user_info[u_id]'"));
while($custom = mysql_fetch_assoc($custom_fields)) {
 if($custom[Field] != "p_id" & $custom[Field] != "u_id") {
  $custom_name = str_replace("_", " ", substr($custom[Field], 0, -2));
  $custom_required = substr($custom[Field], -2);
  $custom_field = $custom[Field];
  $custom_field_value = $_POST[$custom_field];
  if($custom_required == "_3" & str_replace(" ", "", $custom_field_value) == "") { 
   echo $head;
   echo "<h2>$edit_profile1</h2>";
   echo "$edit_profile2 <i>$custom_name</i><br><br><input type='button' class='button' value='$edit_profile3' onClick='history.go(-1);'>";
   echo $foot;
   exit();
  }
  if($custom_required != "_0") {
  $custom_field_value = str_replace("'", "&#39;", str_replace($bad_words, $bad_words_replace, htmlspecialchars($custom_field_value)));
  mysql_query("UPDATE bhost_profile SET $custom_field='$custom_field_value' WHERE u_id='$user_info[u_id]'");
  }
 }
}

echo $head;
echo "
<h2>$edit_profile4</h2>
$edit_profile5
<br><br>
<form action='edit_profile.php' method='POST'>
<input type='submit' class='button' value='$edit_profile6'>
</form>
";
echo $foot;
exit();
}







if($task == "links_save") {

//PROCESS LINKS
$total_links = $_POST['total_links'];
$links_title = "";
$links_url = "";
for($l=0;$l<($total_links+1);$l++) {
$var1 = "link_title_$l";
$var2 = "link_url_$l";
$link_title = str_replace("'", "&#39;", str_replace("<!>", "", $_POST[$var1]));
$link_url = str_replace("'", "", str_replace("<!>", "", $_POST[$var2]));
if(str_replace(" ", "", $link_title) == "") { $link_title = $link_url; }
if(str_replace(" ", "", $link_url) != "") {
 if($l != 0) { $links_title .= "<!>"; $links_url .= "<!>"; }
$links_title .= "$link_title";
$links_url .= "$link_url";
}}

mysql_query("UPDATE bhost_users SET links_url='$links_url', links_title='$links_title' WHERE u_id='$user_info[u_id]'");
header("Location: edit_profile.php?#links");
exit();
}







if($task == "avatar_upload") {

$file_name = $_FILES['avatar']['name'];
$file_type = $_FILES['avatar']['type'];
$file_size = $_FILES['avatar']['size'];
$file_tempname = $_FILES['avatar']['tmp_name'];
$file_error = $_FILES['avatar']['error'];
$sizes = @getimagesize($file_tempname);




// FILE IS AN UPLOADED FILE, LOOK FOR PROBLEMS
if(is_uploaded_file($file_tempname)) {

// CHECK FILESIZE
if($file_size > (1024*$admin_info[avatar_filesize])) {
$errormsg = "$edit_profile50  $admin_info[avatar_filesize]kb.";
}


// CHECK THAT IMAGE IS JPG, GIF, OR PNG, THEN CHECK MIME TYPES
$ext = strtolower(strrchr($file_name, "."));
$ext = str_replace(".", "", $ext);
$type = strtolower($file_type);

if($ext == "jpg" OR $ext == "jpeg") {
if($type != "image/jpeg" AND $type != "image/jpg" AND $type != "image/jpe" AND $type != "image/pjpeg" AND $type != "image/pjpg" AND $type != "image/x-jpeg" AND $type != "image/x-jpg") {
$errormsg = "$edit_profile51";
}
}
elseif($ext == "gif") {
if($type != "image/gif" AND $type != "image/x-gif") {
$errormsg = "$edit_profile51";
}
}
elseif($ext == "png") {
if($type != "image/png" AND $type != "image/x-png") {
$errormsg = "$edit_profile51";
}
}


// CHECK FILETYPES AGAIN TO BE SURE
if($sizes == false) {
$errormsg = "$edit_profile51";
}




// IF IMAGE IS TOO BIG, SHOW ERROR
$width = $sizes[0];
$height = $sizes[1];
if($width > $admin_info[avatar_width] OR $height > $admin_info[avatar_height]) { 
$errormsg = "$edit_profile52 $admin_info[avatar_width]x$admin_info[avatar_height]px.";
}





// SHOW ERROR
if($errormsg != "") {
echo $head;
echo "
<h2>$edit_profile53</h2>
$errormsg
<br><br>
<form action='edit_profile.php' method='POST'>
<input type='submit' class='button' value='$edit_profile6'>
</form>
";
echo $foot;
exit;
}


// DELETE OLD AVATAR
if($user_info[avatar] != "") {
$old_avatar = "../uploads/avatars/".basename($user_info[avatar]);
@unlink($old_avatar);
}


// RENAME IMAGE
$rand = rand(1000, 9999);
$newfilename = "$user_info[u_id]_$rand.$ext";
$path = "/uploads/avatars/$newfilename";
$server_array = explode("/", $_SERVER['PHP_SELF']);
$server_info = implode("/", $server_array);
$avatar_path = str_replace("/manager/edit_profile.php", "$path", "http://".$_SERVER['HTTP_HOST'].$server_info);

	// SUCCESS, UPLOAD FILE
	if(move_uploaded_file($file_tempname, "..".$path)) {
		mysql_query("UPDATE bhost_users SET avatar='$avatar_path' WHERE u_id='$user_info[u_id]'");
		@chmod($path, 0777);
	} else {
		exit();
	}

// UPLOAD FAILED BECAUSE SPECIFIED FILE WAS NOT AN UPLOADED FILE
} else {
exit();
}
header("Location: edit_profile.php");
exit();
}







if($task == "avatar_remove") {
if($user_info[avatar] != "") {
$avatar = "../uploads/avatars/".basename($user_info[avatar]);
@unlink($avatar);
mysql_query("UPDATE bhost_users SET avatar='' WHERE u_id='$user_info[u_id]'");
header("Location: edit_profile.php");
exit();
}
}















echo $head;


$profile_url = url("profile", "$user_info[username]");


if($admin_info[allow_avatars] == "1") {
echo "
$edit_profile45
<br><br>
<blockquote>
<table cellpadding='0' cellspacing='0'>
<form action='edit_profile.php' name='avatarform' method='POST' enctype='multipart/form-data'>
<input type='hidden' name='MAX_FILE_SIZE' value='55000'>
<tr>
<td valign='top' NOWRAP>
$edit_profile46<br>
<input type='file' name='avatar' class='text' size='40'>
<input type='submit' value='$edit_profile49'>
<br>
$edit_profile47 $admin_info[avatar_filesize]kb.<br>
$edit_profile40 $admin_info[avatar_width]x$admin_info[avatar_height]px.
</td>
<td align='center' valign='bottom' style='padding-left: 30px;'>
";

if($user_info[avatar] == "") {
echo "
<img src='../images/noavatar2.gif' border='0' class='avatar' style='margin-bottom: 5px;'>
";
} else {
echo "
<img src='$user_info[avatar]' border='0' class='avatar' style='margin-bottom: 5px;'><br>
<font class='gray'>[ <a href='edit_profile.php?task=avatar_remove'>$edit_profile48</a> ]</font>
";
}

echo "
</td>
</tr>
<input type='hidden' name='task' value='avatar_upload'>
</form>
</table>
</blockquote>
<br>
";
}

echo "
<h2>$edit_profile7 <font class='url'>( <a href='$profile_url' target='_blank'>$profile_url</a> )</font></h2>
$edit_profile8

<br><br>

<form action='edit_profile.php' method='POST' name='profilepage'>
<table cellpadding='5' cellspacing='0'>
<tr>
<td align='right' class='entry1'>$edit_profile9</td>
<td class='entry2'>
<input type='text' class='text' name='fname' value='$user_info[fname]'>
</td>
</tr>

<tr>
<td align='right' class='entry1'>$edit_profile10</td>
<td class='entry2'>
<input type='text' class='text' name='lname' value='$user_info[lname]'>
</td>
</tr>

<tr>
<td align='right' class='entry1'>$edit_profile11</td>
<td class='entry2'>
<input type='text' class='text' name='email' value='$user_info[email]'>&nbsp;
</td>
</tr>

<tr>
<td align='right' class='entry1'>$edit_profile12</td>
<td class='entry2'>
<input type='text' class='text' name='display_name' value='$user_info[display_name]'>
"; tip("1"); echo "
</td>
</tr>

<tr>
<td align='right' class='entry1'>$edit_profile14</td>
<td class='entry2'>
<input type='text' class='text' name='title' size='50' value='$user_info[title]' maxlength='250'>
"; tip("2"); echo "
</td>
</tr>

<tr>
<td align='right' class='entry1' valign='top' style='padding-top: 8px;'>$edit_profile16</td>
<td class='entry2'>
<textarea rows='4' cols='60' name='description'>$user_info[description]</textarea>
</td>
</tr>
";


$categories = mysql_query("SELECT * FROM bhost_categories ORDER BY name");
if($admin_info[categories_on] == 1 & mysql_num_rows($categories) != 0) {
 echo "
 <tr>
 <td align='right' class='entry1' valign='top' style='padding-top: 8px;'>$edit_profile43</td>
 <td class='entry2'><select name='wc_id'>
 <option></option>
 ";
 while($category_info = mysql_fetch_assoc($categories)) {
 echo "<option value='$category_info[wc_id]'"; if($user_info[wc_id] == $category_info[wc_id]) { echo " SELECTED"; } echo ">$category_info[name]</option>";