- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
if (empty($_GET['mms']) and empty($_GET['mass']) and empty($_GET['showuser']) and empty($_GET['user']) and empty($_GET['rate'])) {
$db = mysql_connect ( "mysql.hostinger.ru", "u391920429_gala", "kirill1998" );
mysql_select_db ( "u391920429_gala", $db );
$pas = $_POST['pas'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$lop = addcslashes($pass1, '?%');
$jjj = mysql_real_escape_string ($lop);
$pol = addcslashes($pass2, '?%');
$kkk = mysql_real_escape_string ($pol);
$i = $_GET['edit'];
$mail = $_POST['mail'];
$stat = $_POST['stat'];
$ava = $_POST['ava'];
$ie = addcslashes($i, '?%');
$ieq = mysql_real_escape_string ($ie);
$id = preg_replace('~[^a-z0-9 \x80-\xFF]~i', "",$ieq);
$lol = addcslashes($mail, '?%');
$ooo = mysql_real_escape_string ($lol);
$per = addcslashes($stat, '?%');
$adr = mysql_real_escape_string ($per);
$po = addcslashes($ava, '?%');
$popa = mysql_real_escape_string ($po);
$re=mysql_query("SELECT * FROM users WHERE id='$id'", $db);
$user = $_SESSION["id"];
if (mb_strlen($_POST['mail']) >= 4) {
$up=mysql_query("UPDATE users SET email='$ooo' WHERE id='$user'", $db);
}
if (mb_strlen($_POST['stat']) >= 5) {
$up=mysql_query("UPDATE users SET stat='$adr' WHERE id='$user'", $db);
}
if (mb_strlen($_POST['ava']) >= 4) {
$up=mysql_query("UPDATE users SET ava='$popa' WHERE id='$user'", $db);
}
$name = $_SESSION["name"];
$result=mysql_query("SELECT * FROM users WHERE name='$name'", $db);
$myrow=mysql_fetch_array($result);
$passs = md5($pas);
if ($passs == $myrow["pass"]) {
if ($jjj == $kkk) {
if (mb_strlen($jjj) >=5) {
$mdpass = md5($jjj);
$up=mysql_query("UPDATE users SET pass='$mdpass' WHERE id='$user'", $db);
}
}
}
$res=mysql_fetch_array($re);
if ($_SESSION["id"] == $id) {
if ($res['ban'] == 1) {
echo '<div class="user_prof">
<div class="name_prof_block">Профиль</div>
<form name="set" action="/prof.php?edit='.($res['id']).'" method="post">
<div class="name_prof_b">Почта</div>
<input class="form_mail" value="'.$res['email'].'" name="mail" type="text"/>
<div class="name_prof_b">Аватар</div>
<input class="form_ava" value="'.$res['ava'].'" name="ava" type="text"/>
<div class="name_prof_b">Статус</div>
<div class="bb_code_div">'.BB_PANEL('set','stat').'</div>
<textarea class="form_status" name="stat" type="text">'.$res['stat'].'</textarea>
<input class="add_news" value="Сохранить" type="submit"/>
</form>
</div>';
echo '<div class="stat_prof">
<div class="name_prof_block">Пароль</div>
<form action="" method="post">
<input class="form_mail" placeholder="Старый пароль" name="pas" type="text"/>
<input class="form_mail" placeholder="Новый пароль" name="pass1" type="text"/>
<input class="form_ava" placeholder="Повторите новый пароль" name="pass2" type="text"/>
<input class="add_news" value="Сменить пароль" type="submit"/>
</form>
</div>';
}
if ($res['ban'] == 0) {
echo '<div class="user_prof">Ваш аккаунт заблокирован<a class="logout_prof" href="/?step=exit">Выход</a></div>';
}
}
else {
echo 'Доступ запрещен';
}
}