<?php

/*---------------------------------------------------+

| PHP-Fusion 6 Content Management System

+----------------------------------------------------+

| Copyright © 2002 - 2006 Nick Jones

| http://www.php-fusion.co.uk/

+----------------------------------------------------+

| Released under the terms & conditions of v2 of the

| GNU General Public License. For details refer to

| the included gpl.txt file or visit http://gnu.org

+----------------------------------------------------*/

require_once "maincore.php";

require_once "subheader.php";

require_once "side_left.php";

include LOCALE.LOCALESET."members-profile.php";

include LOCALE.LOCALESET."user_fields.php";



if (isset($_POST['update_profile'])) require_once INCLUDES."update_profile_include.php";



opentable($locale['440']);

if (iMEMBER) {

   if ($userdata['user_birthdate']!="0000-00-00") {

      $user_birthdate = explode("-", $userdata['user_birthdate']);

      $user_month = number_format($user_birthdate['1']);

      $user_day = number_format($user_birthdate['2']);

      $user_year = $user_birthdate['0'];

   } else {

      $user_month = 0; $user_day = 0; $user_year = 0;

   }

   $theme_files = makefilelist(THEMES, ".|..", true, "folders");

   array_unshift($theme_files, "Default");

   $offset_list = "";

   for ($i=-13;$i<17;$i++) {

      if ($i > 0) { $offset="+".$i; } else { $offset=$i; }

      $offset_list .= "<option".($offset == $userdata['user_offset'] ? " selected" : "").">$offset</option>\n";

   }

   echo "<form name='inputform' method='post' action='".FUSION_SELF."' enctype='multipart/form-data'>\n";

   echo "<table align='center' cellpadding='0' cellspacing='0'>\n";

   if (isset($update_profile)) {

      echo "<tr>\n<td colspan='2' class='tbl'>".$locale['441']."<br><br>\n</td>\n</tr>\n";

   }

   echo "<tr>

<td class='tbl'>".$locale['u001']."<span style='color:#ff0000'>*</span></td>

<td class='tbl'><input type='text' name='user_name' value='".$userdata['user_name']."' maxlength='30' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u003']."</td>

<td class='tbl'><input type='password' name='user_newpassword' maxlength='20' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u004']."</td>

<td class='tbl'><input type='password' name='user_newpassword2' maxlength='20' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u005']."<span style='color:#ff0000'>*</span></td>

<td class='tbl'><input type='text' name='user_email' value='".$userdata['user_email']."' maxlength='100' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u006']."</td>

<td class='tbl'><input type='radio' name='user_hide_email' value='1'".($userdata['user_hide_email'] == "1" ? " checked" : "").">".$locale['u007']."

<input type='radio' name='user_hide_email' value='0'".($userdata['user_hide_email'] == "0" ? " checked" : "").">".$locale['u008']."</td>

</tr>

<tr>

<td class='tbl'>".$locale['u009']."</td>

<td class='tbl'><input type='text' name='user_location' value='".$userdata['user_location']."' maxlength='50' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u010']." <span class='small2'>(mm/dd/yyyy)</span></td>

<td class='tbl'><select name='user_month' class='textbox'>\n<option>--</option>\n";

   for ($i=1;$i<=12;$i++) echo "<option".($user_month == $i ? " selected" : "").">$i</option>\n";

echo "</select>

<select name='user_day' class='textbox'>\n<option>--</option>\n";

   for ($i=1;$i<=31;$i++) echo "<option".($user_day == $i ? " selected" : "").">$i</option>\n";

echo "</select>

<select name='user_year' class='textbox'>\n<option>----</option>\n";

   for ($i=1900;$i<=2004;$i++) echo "<option".($user_year == $i ? " selected" : "").">$i</option>\n";

echo "</select>

</td>

</tr>

<tr>

<td class='tbl'>".$locale['u021']."</td>

<td class='tbl'><input type='text' name='user_aim' value='".$userdata['user_aim']."' maxlength='16' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u011']."</td>

<td class='tbl'><input type='text' name='user_icq' value='".$userdata['user_icq']."' maxlength='15' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u012']."</td>

<td class='tbl'><input type='text' name='user_msn' value='".$userdata['user_msn']."' maxlength='100' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u013']."</td>

<td class='tbl'><input type='text' name='user_yahoo' value='".$userdata['user_yahoo']."' maxlength='100' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u014']."</td>

<td class='tbl'><input type='text' name='user_web' value='".$userdata['user_web']."' maxlength='100' class='textbox' style='width:200px;'></td>

</tr>

<tr>

<td class='tbl'>".$locale['u015']."</td>

<td class='tbl'><select name='user_theme' class='textbox' style='width:100px;'>

".makefileopts($theme_files, $userdata['user_theme'])."

</select></td>

</tr>

<tr>

<td class='tbl'>".$locale['u016']."</td>

<td class='tbl'><select name='user_offset' class='textbox' style='width:100px;'>

$offset_list</select></td>

</tr>\n";

   if (!$userdata['user_avatar']) {

      echo "<tr>

<td class='tbl'>".$locale['u017']."</td>

<td class='tbl'>

<input type='file' name='user_avatar' class='textbox' style='width:200px;'><br>

<span class='small2'>".$locale['u018']."</span><br>

<span class='small2'>".sprintf($locale['u022'], parsebytesize(30720), 100, 100)."</span>

</td>

</tr>\n";

   }

echo "<tr>

<td valign='top' class='tbl'>".$locale['u020']."</td>

<td class='tbl'>

<textarea name='user_sig' rows='5' cols='53' class='textbox'>".$userdata['user_sig']."</textarea><br>

<input type='button' value='b' class='button' style='font-weight:bold;width:25px;' onClick=\"addText('user_sig', '', '');\">

<input type='button' value='i' class='button' style='font-style:italic;width:25px;' onClick=\"addText('user_sig', '', '');\">

<input type='button' value='u' class='button' style='text-decoration:underline;width:25px;' onClick=\"addText('user_sig', '', '');\">

<input type='button' value='url' class='button' style='width:30px;' onClick=\"addText('user_sig', '', '');\">

<input type='button' value='mail' class='button' style='width:35px;' onClick=\"addText('user_sig', '[mail]', '[/mail]');\">

<input type='button' value='img' class='button' style='width:30px;' onClick=\"addText('user_sig', '[img]', '[/img]');\">

<input type='button' value='center' class='button' style='width:45px;' onClick=\"addText('user_sig', '
', '
');\">

<input type='button' value='small' class='button' style='width:40px;' onClick=\"addText('user_sig', '', '');\">

</td>

</tr>

<td valign='top' class='tbl'>Beschreibung</td>

<td class='tbl'>

<textarea name='user_bes' rows='5' cols='53' class='textbox'>".$userdata['user_bes']."</textarea><br>

<input type='button' value='b' class='button' style='font-weight:bold;width:25px;' onClick=\"addText('user_bes', '', '');\">

<input type='button' value='i' class='button' style='font-style:italic;width:25px;' onClick=\"addText('user_bes', '', '');\">

<input type='button' value='u' class='button' style='text-decoration:underline;width:25px;' onClick=\"addText('user_bes', '', '');\">

<input type='button' value='url' class='button' style='width:30px;' onClick=\"addText('user_bes', '', '');\">

<input type='button' value='mail' class='button' style='width:35px;' onClick=\"addText('user_bes', '[mail]', '[/mail]');\">

<input type='button' value='img' class='button' style='width:30px;' onClick=\"addText('user_bes', '[img]', '[/img]');\">

<input type='button' value='center' class='button' style='width:45px;' onClick=\"addText('user_bes', '
', '
');\">

<input type='button' value='small' class='button' style='width:40px;' onClick=\"addText('user_bes', '', '');\">

</td>

</tr>

<tr>

<td align='center' colspan='2' class='tbl'><br>\n";

   if ($userdata['user_avatar']) {

      echo $locale['u017']."<br>\n<img src='".IMAGES."avatars/".$userdata['user_avatar']."' alt='".$locale['u017']."'><br>

<input type='checkbox' name='del_avatar' value='y'> ".$locale['u019']."

<input type='hidden' name='user_avatar' value='".$userdata['user_avatar']."'><br><br>\n";

   }

   echo "<input type='hidden' name='user_hash' value='".$userdata['user_password']."'>

<input type='submit' name='update_profile' value='".$locale['460']."' class='button'></td>

</tr>

</table>

</form>\n";

   closetable();

} else {

   echo "<center><br>\n".$locale['003']."<br>\n<br></center>\n";

   closetable();

}



require_once "side_right.php";

require_once "footer.php";

?>

<?php

/*---------------------------------------------------+

| PHP-Fusion 6 Content Management System

+----------------------------------------------------+

| Copyright © 2002 - 2006 Nick Jones

| http://www.php-fusion.co.uk/

+----------------------------------------------------+

| Released under the terms & conditions of v2 of the

| GNU General Public License. For details refer to

| the included gpl.txt file or visit http://gnu.org

+----------------------------------------------------*/

if (!defined("IN_FUSION")) { header("Location: ../index.php"); exit; }

if (!iMEMBER || !isset($_POST['user_hash']) || $_POST['user_hash'] != $userdata['user_password']) fallback("index.php");



$error = ""; $set_avatar = "";



$username = trim(eregi_replace(" +", " ", $_POST['user_name']));

if ($username == "" || $_POST['user_email'] == "") {

   $error .= $locale['480']."<br>\n";

} else {

   if (preg_match("/^[-0-9A-Z_@\s]+$/i", $username)) {

      if ($username != $userdata['user_name']) {

         $result = dbquery("SELECT user_name FROM ".$db_prefix."users WHERE user_name='$username'");

         if (dbrows($result) != 0) $error = $locale['482']."<br>\n";

      }

   } else {

      $error .= $locale['481']."<br>\n";

   }

   

   if (preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $_POST['user_email'])) {

      if ($_POST['user_email'] != $userdata['user_email']) {

         $result = dbquery("SELECT user_email FROM ".$db_prefix."users WHERE user_email='".$_POST['user_email']."'");

         if (dbrows($result) != 0) $error = $locale['484']."<br>\n";

      }

   } else {

      $error .= $locale['483']."<br>\n";

   }

}



if ($_POST['user_newpassword'] != "") {

   if ($_POST['user_newpassword2'] != $_POST['user_newpassword']) {

      $error .= $locale['485']."<br>";

   } else {

      if ($_POST['user_hash'] == $userdata['user_password']) {

         if (!preg_match("/^[0-9A-Z@]{6,20}$/i", $_POST['user_newpassword'])) {

            $error .= $locale['486']."<br>\n";

         }

      } else {         

         $error .= $locale['487']."<br>\n";

      }

   }

}



$user_hide_email = isNum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1";

$user_location = isset($_POST['user_location']) ? stripinput(trim($_POST['user_location'])) : "";

if ($_POST['user_month'] != "--" && $_POST['user_day'] != "--" && $_POST['user_year'] != "----") {

   $user_birthdate = (isNum($_POST['user_year']) ? $_POST['user_year'] : "0000")

   ."-".(isNum($_POST['user_month']) ? $_POST['user_month'] : "00")

   ."-".(isNum($_POST['user_day']) ? $_POST['user_day'] : "00");

} else {

   $user_birthdate = "0000-00-00";

}

$user_aim = isset($_POST['user_aim']) ? stripinput(trim($_POST['user_aim'])) : "";

$user_icq = isset($_POST['user_icq']) ? stripinput(trim($_POST['user_icq'])) : "";

$user_msn = isset($_POST['user_msn']) ? stripinput(trim($_POST['user_msn'])) : "";

$user_yahoo = isset($_POST['user_yahoo']) ? stripinput(trim($_POST['user_yahoo'])) : "";

$user_web = isset($_POST['user_web']) ? stripinput(trim($_POST['user_web'])) : "";

$user_theme = stripinput($_POST['user_theme']);

$user_offset = is_numeric($_POST['user_offset']) ? $_POST['user_offset'] : "0";

$user_sig = isset($_POST['user_sig']) ? stripinput(trim($_POST['user_sig'])) : "";

$user_bes = isset($_POST['user_bes']) ? stripinput(trim($_POST['user_bes'])) : "";



if ($error == "") {

   $newavatar = $_FILES['user_avatar'];

   if ($userdata['user_avatar'] == "" && !empty($newavatar['name']) && is_uploaded_file($newavatar['tmp_name'])) {

      $avatarext = strrchr($newavatar['name'],".");

      $avatarname = substr($newavatar['name'], 0, strrpos($newavatar['name'], "."));

      if (preg_match("/^[-0-9A-Z_\[\]]+$/i", $avatarname) && preg_match("/(\.gif|\.GIF|\.jpg|\.JPG|\.png|\.PNG)$/", $avatarext) && $newavatar['size'] <= 30720) {

         $avatarname = $avatarname."[".$userdata['user_id']."]".$avatarext;

         $set_avatar = "user_avatar='$avatarname', ";

         move_uploaded_file($newavatar['tmp_name'], IMAGES."avatars/".$avatarname);

         chmod(IMAGES."avatars/".$avatarname,0644);

         if ($size = @getimagesize(IMAGES."avatars/".$avatarname)) {

            if ($size['0'] > 100 || $size['1'] > 100) {

               unlink(IMAGES."avatars/".$avatarname);

               $set_avatar = "";

            } elseif (!verify_image(IMAGES."avatars/".$avatarname)) {

               unlink(IMAGES."avatars/".$avatarname);

               $set_avatar = "";

            }

         } else {

            unlink(IMAGES."avatars/".$avatarname);

            $set_avatar = "";

         }

      }

   }

   

   if (isset($_POST['del_avatar'])) {

      $set_avatar = "user_avatar='', ";

      unlink(IMAGES."avatars/".$userdata['user_avatar']);

   }



   if ($user_newpassword != "") { $newpass = " user_password='".md5(md5($user_newpassword))."', "; } else { $newpass = " "; }

   $result = dbquery("UPDATE ".$db_prefix."users SET user_name='$username',".$newpass."user_email='".$_POST['user_email']."', user_hide_email='$user_hide_email', user_location='$user_location', user_birthdate='$user_birthdate', user_aim='$user_aim', user_icq='$user_icq', user_msn='$user_msn', user_yahoo='$user_yahoo', user_web='$user_web', user_theme='$user_theme', user_offset='$user_offset', user_best='$user_bes', ".$set_avatar."user_sig='$user_sig' WHERE user_id='".$userdata['user_id']."'");

   $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='".$userdata['user_id']."'");

   if (dbrows($result) != 0) {

      $userdata = dbarray($result);

      redirect("edit_profile.php?update_profile=ok");

   }

}

?>

 $result = dbquery("UPDATE ".$db_prefix."users SET user_name='$username',".$newpass."user_email='".$_POST['user_email']."', user_hide_email='$user_hide_email', user_location='$user_location', user_birthdate='$user_birthdate', user_aim='$user_aim', user_icq='$user_icq', user_msn='$user_msn', user_yahoo='$user_yahoo', user_web='$user_web', user_theme='$user_theme', user_offset='$user_offset', user_best='$user_bes', ".$set_avatar."user_sig='$user_sig' WHERE user_id='".$userdata['user_id']."'");

 $result = dbquery("UPDATE ".$db_prefix."users SET user_name='$username',".$newpass."user_email='".$_POST['user_email']."', user_hide_email='$user_hide_email', user_location='$user_location', user_birthdate='$user_birthdate', user_aim='$user_aim', user_icq='$user_icq', user_msn='$user_msn', user_yahoo='$user_yahoo', user_web='$user_web', user_theme='$user_theme', user_offset='$user_offset', user_bes='$user_bes', ".$set_avatar."user_sig='$user_sig' WHERE user_id='".$userdata['user_id']."'");

ALTER TABLE `fusion_users` ADD `user_bes` TEXT CHARACTER SET latin1 COLLATE latin1_german1_ci NOT NULL ;

<?

$query = "ALTER TABLE ".DB_PREFIX."users ADD user_bes TEXT NOT NULL ";

dbquery($query);

?>