Mini Shell Moded By TiGER HeX

/mnt/volume_sfo2_01/50mmla/editProfile.php

<?php
include_once('includes/static/configure.php');
include_once('includes/static/util.php');
include_once('includes/static/dbcon.php');
include_once('includes/static/gdimg.php');
include_once('includes/static/sessions.php');
include_once('includes/appTop.php');

if(!is_authorized()){
   header("Location: login.php?refurl=".urlencode($_SERVER['PHP_SELF']));
   exit();
}
if(is_banned()){
   header("Location: banned.php");
   exit();
}
$err = "";
$uid = $_SESSION['user_id'];
$sql="SELECT username,profile,image,password,url,email FROM 50mm_users WHERE user_id = '$uid'";
if( !($result = $db->sql_query($sql)) ){
   $sql_error = $db->sql_error();
   die($sql_error['message']);
}
$row = $db->sql_fetchrow($result);
$profile = $row['profile'];
$uname = $row['username'];
$password = $row['password'];
$email = $row['email'];
$user_url = $row['url'];
$img = "";
if(!empty($row['image'])){
   $img ='<img src="'.PROFILE_IMG_DIR.$row['image'].'">';
}
if(isset($_REQUEST['update'])){
	//$email = $_REQUEST['email'];
	$user_url = $_REQUEST['website'];
	//$uname = $_REQUEST['username'];
	$password = $_REQUEST['password'];
	$profile = $_REQUEST['profile'];

$cur_file = $_FILES['file']['name'];
	$cur_temp = $_FILES['file']['tmp_name'];
	$cur_mime = $_FILES['file']['type'];
	$cur_size = $_FILES['file']['size'];
	$cur_error = $_FILES['file']['error'];

//first check for unique name
	/*$sql = "SELECT user_id FROM 50mm_users WHERE username ='$uname'";
	if( !($result = $db->sql_query($sql)) ){
	   $sql_error = $db->sql_error();
	   die($sql_error['message']);
	}*/
	//$update = false;
	//$id_row = $db->sql_fetchrow($result);
    //check for uniquenes
   // if( $db->sql_numrows($result) < 1){
     //  $update = true;
	//}else if(($id_row['user_id'] == $_SESSION['user_id']) && ($db->sql_numrows($result) == 1)){
	   //updating your username
      // $update = true;
	//}

//store profile image on the server
	  $unique_name = "";
	  $valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,PROFILE_MAX_KB);
	  if($valid['result']){
	     $type = explode("/",$cur_mime);
		 $cur_type = trim($type[0]);
		 $unique_name = get_unique_filename($cur_file);
		 $image_info = getimagesize($cur_temp);

//check to see if image needs resizing
		 if(($image_info[0] > PROFILE_IMG_WIDTH) || ($image_info[1] > PROFILE_IMG_HEIGHT)){
			//create image res
			$gd = new gd_img($cur_mime,$cur_temp);
			if(!$gd->img_id){ die($gd->gd_error);}

//scale image
			$id = $gd->gd_scale_img(PROFILE_IMG_WIDTH,PROFILE_IMG_WIDTH,IMG_QUALITY);
			if(!$id){ die($gd->gd_error);}

//create image
			$res = $gd->gd_create_img($id,ROOT_DIR.PROFILE_IMG_DIR.$unique_name);
			if(!$res){ die($gd->gd_error);}
		 }else{
			if (!copy($cur_temp, ROOT_DIR.PROFILE_IMG_DIR.$unique_name)) {
			   die("Failed Image Upload");
			}
		 }
		 //delete old image from disk.
         if(!empty($row['image'])){
            unlink(ROOT_DIR.PROFILE_IMG_DIR.$row['image']);
         }
	     //update table
	     $uid = $_SESSION['user_id'];
	     $sql = "UPDATE 50mm_users SET email='$email',username='$uname',password='$password',image='$unique_name',profile='$profile',url='$user_url' WHERE user_id='$uid'";
	  }else{	     
		 //no image being uploaded or image is too large
		 $err = "<div class=\"error\">".$valid['error']."</div>";
	     $uid = $_SESSION['user_id'];
	     $sql = "UPDATE 50mm_users SET email='$email',username='$uname',password='$password',profile='$profile',url='$user_url' WHERE user_id='$uid'";
	  }
	  if( !($result = $db->sql_query($sql)) ){
        $sql_error = $db->sql_error();
        die($sql_error['message']);
      }
	  $user_url = append_query("viewProfile.php","userId",$_SESSION['user_id']);
	  header("Location: $user_url");
	  exit();
}

$pg_name = basename($_SERVER['PHP_SELF']);
include_once('includes/header.php');
?>
<script>registerDivs = new Array('password');</script>
<form action="<?echo $_SERVER['PHP_SELF'];?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,registerDivs,'errorUpdate');">
<table cellspacing="0" cellpadding="4" border="0">
  <tr>
    <td><span class="title">Modify Your Profile</span></td>
  </tr>
  <tr>
    <td>Email
	   <br>
	   <?echo $email?>
	</td>
  </tr>
   <tr>
    <td>Username
	   <br>
	   <?echo $uname?>
	</td>
  </tr>
   <tr>
    <td>Password<span id="errpassword" class="error" style="visibility:hidden;"> *</span>
	  <br>
      <input type="password" name="password" value="<?echo $password?>" class="field">
	 </td>
  </tr>
  <tr>
    <td>Website
	 <br>
	 <input type="text" name="website" value="<?echo $user_url?>" class="field">
	</td>
  </tr>
  <tr valign="top">
    <td>
	  <?echo $img?><br>
	  Replace Profile Image
	  <br>
	  <input type="file" name="file" class="field">
	</td>
  </tr>
   <tr valign="top">
    <td>Manifesto:
	<br>
     <textarea class="body" name="profile" style="width: 400px; height: 200px;"><?echo $profile?></textarea>
   </td>
  </tr>
  <tr>
	<td>	  
	   <input name="update" type="submit" class="button" value="Save Changes"><br>
	   <?echo $err?>
	   <div id="errorUpdate" class="error" style="visibility:hidden;">Please correct the fields marked by *</div>
	</td>
  </tr>
</table>
</form>
<?
include_once('includes/footer.php');
include_once('includes/appBottom.php');
?>