• DONATE to NULLED!
    Форуму и его команде можно помочь, мотивировать модераторов разделов.
    Помогите модератору этого раздела killoff лично.

[help] user info

Статус
В этой теме нельзя размещать новые ответы.

Forum_MAster

Постоялец
Регистрация
18 Фев 2008
Сообщения
122
Реакции
4
Добрго времени всем.
Короче такая фишка зарегился чувак на сайте и пишет мне письмо мол типа не могу изменить свою инву через Мой Профиль. Я проверяю и точнно, после изменения нажимаешь сохранить пишет "Hacking attempt! User ID not valid"
Что случилось? как подправить ?
 
Добрго времени всем.
Короче такая фишка зарегился чувак на сайте и пишет мне письмо мол типа не могу изменить свою инву через Мой Профиль. Я проверяю и точнно, после изменения нажимаешь сохранить пишет "Hacking attempt! User ID not valid"
Что случилось? как подправить ?
Менять шаблон.
;)
 
а если серьёзно, покажи нам содержимое файла

templates/твой_стиль/userinfo.tpl
 
PHP:
<div id="vs">Пользователь: {usertitle}</div>
<div id="vs2">

<img src="{foto}" align="right" style="margin: 0px 0px 0px 10px;" border="0">
Зовут: {fullname}<br />
Состоит в группе: {status}<br />
Номер аськи: {icq}<br />
Рейтинг: {rate}<br />
{us_rating}<br />

<p>С нами уже: {registration}<br />
Был на сайте: {lastdate}<br />
Стаж юзера: {stag}</p>
<p>Пользователь <strong>{usertitle}</strong>, пишет о себе:<br />
{info}</p>
<p>Новостей добавил: {news_num}<br />
Поблагодарил (раз): {thanks_sayed}<br />
Поблагодарили (раз): {thanks_num}<br />
Оставил комментариев: {comm_num}<br />
{fotoalbum}<br />

{comments}&nbsp;&nbsp;{email}&nbsp;&nbsp;{pm}&nbsp;&nbsp;{edituser}
<div class="clear"></div>
</div>
[not-logged]
<div id="options" style="display:none;">
<div id="vs">Редактирование профиля пользователя {usertitle}</div>
<div id="vs2">
<table id="type">
<tr>
<td id="left"><img src="{THEME}/images/ico/email.gif" /> Адрес почты:</td>
<td id="center"><input type="text" class="text" name="email" value="{editmail}"><br />{hidemail}</td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/group.gif" /> Ваше Имя:</td>
<td id="center"><input type="text" class="text" name="fullname" value="{fullname}"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/land.gif" /> Место жительства:</td>
<td id="center"><input type="text" class="text" name="land" value="{land}"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/icq.gif" /> Номер ICQ:</td>
<td id="center"><input type="text" class="text" name="icq" value="{icq}"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/key.gif" /> Старый пароль:</td>
<td id="center"><input type="password" class="text" name="altpass"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/key2.gif" /> Новый пароль:</td>
<td id="center"><input type="password" class="text" name="password1"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/key3.gif" /> Повторите:</td>
<td id="center"><input type="password" class="text" name="password2"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/exclamation.gif"> Блокировка по IP:</td>
<td id="center"><input type="text" class="text" name="allowed_ip" value="{allowed-ip}"></td>
</tr>
<!-- Ваш текущий IP: {ip} -->
<tr>
<td id="left"><img src="{THEME}/images/ico/picture.gif" /> Аватар:</td>
<td id="center"><input type="file" class="text" name="image"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/delete.gif" /> Удалить фотографию:</td>
<td id="center"><input type="checkbox" name="del_foto" value="yes"></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/about_us.gif" /> О себе:</td>
<td id="center"><textarea class="ta" name="info">{editinfo}</textarea></td>
</tr>
<tr>
<td id="left"><img src="{THEME}/images/ico/signature.gif" /> Подпись:</td>
<td id="center"><textarea class="ta" name="signature">{editsignature}</textarea></td>
</tr>
{xfields}
<tr>
<td></td>
<td id="center">
<input name="image" type="submit" class="button" value="Отправить">
<input name="submit" type="hidden" id="submit" value="submit">
</td>
</tr></table>
</div>

[/not-logged]
<script src="{THEME}/images/js/boxover.js"></script>
 
Тут скорее всего дело в движке, а не в шаблоне...
 
Тут скорее всего дело в движке, а не в шаблоне...

крутишь посты?

profile.php
PHP:
<?php
if(!defined('DATALIFEENGINE'))
{
  die("Hacking attempt!");
}

include_once ENGINE_DIR.'/classes/parse.class.php';

//####################################################################################################################
//         Обновление информации о пользователе
//####################################################################################################################
if($allow_userinfo AND $doaction == "adduserinfo"){

	if ($_POST['dle_allow_hash'] == "" OR $_POST['dle_allow_hash'] != $dle_login_hash) {

		  die("Hacking attempt! User ID not valid");

	}

	$parse = new ParseFilter();
	$parse->safe_mode = true;
    $stop = false;

	$password1 = $db->safesql($parse->process($_POST['password1']));
	$password2 = $db->safesql($parse->process($_POST['password2']));
	$altpass = md5($_POST['altpass']);
	$info = $db->safesql($parse->BB_Parse($parse->process($_POST['info']), false));
	$signature = $db->safesql($parse->BB_Parse($parse->process($_POST['signature']), false));
	$email = $db->safesql($parse->process($_POST['email']));

	$fullname = $db->safesql($parse->process($_POST['fullname']));
	$land = $db->safesql($parse->process($_POST['land']));
	$icq = $db->safesql($parse->process($_POST['icq']));
	$allowed_ip = $db->safesql($parse->process(trim($_POST['allowed_ip'])));

	$row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE name = '$user'");
	$xfieldsid = stripslashes ($row['xfields']);

    $image = $_FILES['image']['tmp_name'];
    $image_name = $_FILES['image']['name'];
    $image_size = $_FILES['image']['size'];
	$img_name_arr = explode(".",$image_name);
	$type         = end($img_name_arr);

    if($image_name != "") $image_name  = totranslit(stripslashes($img_name_arr[0])).".".totranslit($type);


	if (!$is_logged OR !($member_id['name'] == $row['name'] OR $member_id['user_group'] == 1)) { $stop = $lang['news_err_13'];}


	if (is_uploaded_file($image) AND !$stop) {

		if ($image_size < 100000) {

		$allowed_extensions = array("jpg", "png", "jpe", "jpeg", "gif");

	if ((in_array($type, $allowed_extensions) or in_array(strtolower($type), $allowed_extensions)) and $image_name) {
	include_once ENGINE_DIR.'/inc/makethumb.php';


	$res = @move_uploaded_file($image, ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);

	if ($res) {

	@chmod(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, 0666);
	$thumb=new thumbnail(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);

	if ($thumb->size_auto($user_group[$member_id['user_group']]['max_foto'])) {	
		$thumb->jpeg_quality($config['jpeg_quality']);
		$thumb->save(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type);
	} else {
		@rename(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type);
	}

	@chmod(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type, 0666);
	$foto_name = "foto_".$row['user_id'].".".$type;

	$db->query("UPDATE " . USERPREFIX . "_users set foto='$foto_name' where name='$user'");

	} else $stop .= $lang['news_err_14'];
	} else $stop .= $lang['news_err_15'];

	} else $stop .= $lang['news_err_16'];

	@unlink (ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);
}

	if ($_POST['del_foto'] == "yes") {
		@unlink (ROOT_DIR."/uploads/fotos/".$row['foto']);
		$db->query("UPDATE " . USERPREFIX . "_users set foto='' WHERE name='$user'");

	}

	if (strlen($password1)>0){

		$altpass = md5($altpass);

		if ($altpass!=$member_id['password'])
		{
			$stop .= $lang['news_err_17'];
		}

		if ($password1!=$password2)
		{
            $stop .= $lang['news_err_18'];
		}

		if (strlen($password1) < 6)
		{
            $stop .= $lang['news_err_19'];
		}
 	}

	if ((!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email)) or (empty($email)))
	{
		 
            $stop .= $lang['news_err_21'];
	}
	if (strlen($info) > 1000)
	{
		 
            $stop .= $lang['news_err_22'];
	}
	if (strlen($signature) > 1000)
	{
		 
            $stop .= $lang['news_err_22'];
	}
	if (strlen($fullname) > 100)
	{
		 
            $stop .= $lang['news_err_23'];
	}
	if (strlen($land) > 100)
	{
		 
            $stop .= $lang['news_err_24'];
	}
	if (strlen($icq) > 20)
	{
		 
            $stop .= $lang['news_err_25'];
	}

	$db->query ("SELECT name FROM " . USERPREFIX . "_users where email = '$email' AND name != '$user'");

    if ($db->num_rows())
      {
			$stop .= $lang['reg_err_8'];
      }
	
	$db->free();

	if ($stop){ msgbox ($lang['all_err_1'], $stop);}
	else {

	if ($_POST['allow_mail']) {$allow_mail = 0;} else {$allow_mail = 1;}

	$xfieldsaction = "init";
	$xfieldsadd = false;
	include(ENGINE_DIR.'/inc/userfields.php');
	$filecontents = array ();

    if (!empty($postedxfields)) {
      foreach ($postedxfields as $xfielddataname => $xfielddatavalue) {
        if (!$xfielddatavalue) { continue;}

		$xfielddatavalue = $db->safesql($parse->BB_Parse($parse->process($xfielddatavalue), false));

        $xfielddataname = $db->safesql($xfielddataname);

        $xfielddataname = str_replace("|", "|", $xfielddataname);
        $xfielddatavalue = str_replace("|", "|", $xfielddatavalue);
		$filecontents[] = "$xfielddataname|$xfielddatavalue";
      }

      $filecontents = implode("||", $filecontents);
	} else $filecontents = '';

vb_editpofile($icq, $email, md5($password1), $user, $land, $info); 
	if (strlen($password1)>0) {

	$password1 = md5(md5($password1));

	$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', password='$password1', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'";
	} else {
	$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'";
	}


	$db->query($sql_user);
	}

}


//####################################################################################################################
//         Просмотр профиля пользователя
//####################################################################################################################

	$parse = new ParseFilter();

	$user_found = FALSE;

	$sql_result = $db->query("SELECT * FROM " . USERPREFIX . "_users where name = '$user'");

	$tpl->load_template('userinfo.tpl');

	while($row = $db->get_row($sql_result)){

	$user_found = TRUE;

	if ($row['banned'] == 'yes') $user_group[$row['user_group']]['group_name'] = $lang['user_ban'];

	if ($row['allow_mail']){
	$email = explode("@", $row['email'], 2);
	$tpl->set('{email}', "<a href=\"$PHP_SELF?do=feedback&user=$row[user_id]\">".$lang['news_mail']."</a>");
	}
	else {
	$tpl->set('{email}', $lang['news_nomail'], $output);
	}

	$tpl->set('{pm}', "<a href=\"$PHP_SELF?do=pm&doaction=newpm&user=".$row['user_id']."\">".$lang['news_pmnew']."</a>");

	if (!$row['allow_mail']) $mailbox = "checked"; else $mailbox = "";

	if ($row['foto'] AND (file_exists(ROOT_DIR."/uploads/fotos/".$row['foto']))) 
	$tpl->set('{foto}', $config['http_home_url']."uploads/fotos/".$row['foto']);
	else
	$tpl->set('{foto}', "{THEME}/images/noavatar.png");
//--------------User-Rating-----------------//
if($ur_config['us_rating_on']=='yes'){
$tpl->set('{us_rating}', $us_rat->us_rat_show($config['skin'],'0',$row['user_id'],'0', $row['ur_plus'], $row['ur_minus'],$is_logged,$member_id));
}
//-------------------End----------------------------// 
	$tpl->set('{hidemail}', "<input type=\"checkbox\" name=\"allow_mail\" value=\"1\" ".$mailbox."> ".$lang['news_noamail']);
	$tpl->set('{usertitle}', stripslashes($row['name']));
	$tpl->set('{fullname}', stripslashes($row['fullname']));
	$tpl->set('{icq}', stripslashes($row['icq']));
	$tpl->set('{land}', stripslashes($row['land']));
	$tpl->set('{info}', stripslashes($row['info']));
	$tpl->set('{editmail}', stripslashes($row['email']));
	$tpl->set('{comm_num}', $row['comm_num']);
	$tpl->set('{news_num}', $row['news_num']);
    $tpl->set('{thanks_num}', intval($row['thanks_num']));
    $tpl->set('{thanks_sayed}', intval($row['thanks_sayed']));
	$tpl->set('{status}', stripslashes($user_group[$row['user_group']]['group_name']));
	$tpl->set('{rate}', userrating ($row['name']));


function user_reg_date ($reg_date){

$days = round((time() - $reg_date)/86400); 
                                                 
$count_days = true;

$years = floor($days / 365);
$days -= ($years * 365);
$monthes = floor($days / 30);
$days -= ($monthes * 30);

if ($monthes > 0){

    if ($monthes == 12){

        $count_days = false;
        $years++;
        $monthes = "";

    } elseif ($monthes > 6){

        $count_days = false;
        $monthes .= ' месяцев ';

    } else {

        if ($monthes == 1) $monthes .= ' месяц ';
        elseif ($monthes < 5) $monthes .= ' месяцa ';
        else $monthes .= ' месяцев ';

    }

} else $monthes = "";

if ($years > 0){

    if ($years == 1) $years .= ' год ';
    elseif ($years < 5) $years .= ' года ';
    else $years .= ' лет ';

    $count_days = false;

} else $years = "";

if ($count_days && $days > 0){

    if ($days == 1 || $days == 21 || $days == 31) $days .= ' день';
    elseif ($days < 5) $days .= ' дня';
    elseif ($days < 21) $days .= ' дней';
    elseif ($days < 25) $days .= ' дня';
    else $days .= ' дней';

} else $days = "";

return $years.$monthes.$days;
}
$tpl->set('{registration}', user_reg_date ($row['reg_date']));  
if ($config['allow_alt_url'] == "yes") $tpl->set('{fotoalbum}', "<a href=\"$config[http_home_url]user/".urlencode($row['name'])."/gallery/\">".$lang['fotoalbum']."</a>"); else $tpl->set('{fotoalbum}', "<a href=\"$config[http_home_url]index.php?do=gallery&subaction=userfoto&user=".urlencode($row['name'])."\">".$lang['fotoalbum']."</a>");

	$tpl->set('{lastdate}', langdate("j F Y H:i", $row['lastdate']));

	include_once ENGINE_DIR.'/modules/stag.php';
	$tpl->set('{stag}', $with_us);

	if ($user_group[$row['user_group']]['icon'])
		$tpl->set('{group-icon}', "<img src=\"".$user_group[$row['user_group']]['icon']."\" border=\"0\" />");
	else
		$tpl->set('{group-icon}', "");

	if ($is_logged AND $user_group[$row['user_group']]['time_limit'] AND ($member_id['name'] == $row['name'] OR $member_id['user_group'] < 3)) {

		$tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si","\\1");

		if ($row['time_limit']) {

			$tpl->set('{time_limit}', langdate("j F Y H:i", $row['time_limit']));

		} else {

			$tpl->set('{time_limit}', $lang['no_limit']);

		}

	} else {

		$tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si","");

	}

	$_IP = $db->safesql($_SERVER['REMOTE_ADDR']);

	$tpl->set('{ip}', $_IP);
	$tpl->set('{allowed-ip}', stripslashes($row['allowed_ip']));

	$tpl->set('{editinfo}', $parse->decodeBBCodes($row['info'], false));
	$tpl->set('{editsignature}', $parse->decodeBBCodes($row['signature'], false));

	$tpl->set('{comments}', "<a href=\"$PHP_SELF?do=lastcomments&userid=".$row['user_id']."\">".$lang['last_comm']."</a>");

	if ($config['allow_alt_url'] == "yes") {

		$tpl->set('{news}', "<a href=\"".$config['http_home_url']."user/".urlencode($row['name'])."/news/"."\">".$lang['all_user_news']."</a>");

	} else {

		$tpl->set('{news}', "<a href=\"".$PHP_SELF."?subaction=allnews&user=".urlencode($row['name'])."\">".$lang['all_user_news']."</a>");

	}

	if ($row['signature']) {

		$tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si","\\1");
		$tpl->set('{signature}', stripslashes($row['signature']));

	} else {

		$tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si","");

	}

	$xfieldsaction = "list";
	$xfieldsadd = false;
	$xfieldsid = $row['xfields'];
	include(ENGINE_DIR.'/inc/userfields.php');
    $tpl->set('{xfields}',$output);

	// Обработка дополнительных полей
    $xfieldsdata = xfieldsdataload ($row['xfields']);
  
    foreach ($xfields as $value) {
      $preg_safe_name = preg_quote($value[0], "'");

      if ($value[5] != 1 OR ($is_logged AND $member_id['user_group'] == 1) OR ($is_logged AND $member_id['name'] == $row['name'])) {
        if (empty($xfieldsdata[$value[0]])) {
          $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template);
        } else {
          $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "\\1", $tpl->copy_template);
        }
      $tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", stripslashes($xfieldsdata[$value[0]]), $tpl->copy_template);
      } else {
      $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template);
      $tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", "", $tpl->copy_template);
		}
    }
	// Обработка дополнительных полей



	if ($is_logged AND ($member_id['name'] == $row['name'] OR $member_id['user_group'] == 1)) {
        $tpl->set('{edituser}',"[ <a href=\"javascript:ShowOrHide('options')\">".$lang['news_option']."</a> ]");
		}
		else $tpl->set('{edituser}', "");

	if ($is_logged AND ($member_id['name'] == $row['name'] OR $member_id['user_group'] == 1)) {
        $tpl->set('[not-logged]',"");
        $tpl->set('[/not-logged]',"");
		}
		else $tpl->set_block("'\\[not-logged\\](.*?)\\[/not-logged\\]'si","<!-- profile -->");

	if ($config['allow_alt_url'] == "yes")
		$link_profile = $config['http_home_url']."user/".urlencode($row['name'])."/";
	else
		$link_profile = $PHP_SELF."?subaction=userinfo&user=".urlencode($row['name']);

	if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) {
	$tpl->copy_template = "<form  method=\"post\" name=\"userinfo\" id=\"userinfo\" enctype=\"multipart/form-data\" action=\"{$link_profile}\">".$tpl->copy_template."
	<input type=\"hidden\" name=\"doaction\" value=\"adduserinfo\" />
	</form>";
}
        $tpl->compile('content');

	}

	$tpl->clear();
	$db->free($sql_result);

	if ($user_found == FALSE) { $allow_active_news = false; msgbox ($lang['all_err_1'], $lang['news_err_26']); }
?>


Добавлено через 14 минут
всё, сам исправил
profile.php

PHP:
<?php
if(!defined('DATALIFEENGINE'))
{
  die("Hacking attempt!");
}

include_once ENGINE_DIR.'/classes/parse.class.php';

//####################################################################################################################
//         Обновление информации о пользователе
//####################################################################################################################
if($allow_userinfo AND $doaction == "adduserinfo"){

	if ($_POST['dle_allow_hash'] == "" OR $_POST['dle_allow_hash'] != $dle_login_hash) {

		  die("Hacking attempt! User ID not valid");

	}

	$parse = new ParseFilter();
	$parse->safe_mode = true;
    $stop = false;

	$password1 = $db->safesql($parse->process($_POST['password1']));
	$password2 = $db->safesql($parse->process($_POST['password2']));
	$altpass = md5($_POST['altpass']);
	$info = $db->safesql($parse->BB_Parse($parse->process($_POST['info']), false));
	$signature = $db->safesql($parse->BB_Parse($parse->process($_POST['signature']), false));
	$email = $db->safesql($parse->process($_POST['email']));

	$fullname = $db->safesql($parse->process($_POST['fullname']));
	$land = $db->safesql($parse->process($_POST['land']));
	$icq = $db->safesql($parse->process($_POST['icq']));
	$allowed_ip = $db->safesql($parse->process(trim($_POST['allowed_ip'])));

	$row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE name = '$user'");
	$xfieldsid = stripslashes ($row['xfields']);

    $image = $_FILES['image']['tmp_name'];
    $image_name = $_FILES['image']['name'];
    $image_size = $_FILES['image']['size'];
	$img_name_arr = explode(".",$image_name);
	$type         = end($img_name_arr);

    if($image_name != "") $image_name  = totranslit(stripslashes($img_name_arr[0])).".".totranslit($type);


	if (!$is_logged OR !($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) { $stop = $lang['news_err_13'];}


	if (is_uploaded_file($image) AND !$stop) {

		if ($image_size < 100000) {

		$allowed_extensions = array("jpg", "png", "jpe", "jpeg", "gif");

	if ((in_array($type, $allowed_extensions) or in_array(strtolower($type), $allowed_extensions)) and $image_name) {
	include_once ENGINE_DIR.'/inc/makethumb.php';


	$res = @move_uploaded_file($image, ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);

	if ($res) {

	@chmod(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, 0666);
	$thumb=new thumbnail(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);

	if ($thumb->size_auto($user_group[$member_id['user_group']]['max_foto'])) {	
		$thumb->jpeg_quality($config['jpeg_quality']);
		$thumb->save(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type);
	} else {
		@rename(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type);
	}

	@chmod(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type, 0666);
	$foto_name = "foto_".$row['user_id'].".".$type;

	$db->query("UPDATE " . USERPREFIX . "_users set foto='$foto_name' where name='$user'");

	} else $stop .= $lang['news_err_14'];
	} else $stop .= $lang['news_err_15'];

	} else $stop .= $lang['news_err_16'];

	@unlink (ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type);
}

	if ($_POST['del_foto'] == "yes") {

		@unlink (ROOT_DIR."/uploads/fotos/".$row['foto']);
		$db->query("UPDATE " . USERPREFIX . "_users set foto='' WHERE name='$user'");

	}

	if (strlen($password1)>0){

		$altpass = md5($altpass);

		if ($altpass!=$member_id['password'])
		{
			$stop .= $lang['news_err_17'];
		}

		if ($password1!=$password2)
		{
            $stop .= $lang['news_err_18'];
		}

		if (strlen($password1) < 6)
		{
            $stop .= $lang['news_err_19'];
		}
 	}

	if ((!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email)) or (empty($email)))
	{
		 
            $stop .= $lang['news_err_21'];
	}
	if (strlen($info) > 1000)
	{
		 
            $stop .= $lang['news_err_22'];
	}
	if (strlen($signature) > 1000)
	{
		 
            $stop .= $lang['news_err_22'];
	}
	if (strlen($fullname) > 100)
	{
		 
            $stop .= $lang['news_err_23'];
	}
	if (strlen($land) > 100)
	{
		 
            $stop .= $lang['news_err_24'];
	}
	if (strlen($icq) > 20)
	{
		 
            $stop .= $lang['news_err_25'];
	}

	$db->query ("SELECT name FROM " . USERPREFIX . "_users where email = '$email' AND name != '$user'");

    if ($db->num_rows())
      {
			$stop .= $lang['reg_err_8'];
      }
	
	$db->free();

	if ($stop){ msgbox ($lang['all_err_1'], $stop);}
	else {

	if ($_POST['allow_mail']) {$allow_mail = 0;} else {$allow_mail = 1;}

	$xfieldsaction = "init";
	$xfieldsadd = false;
	include(ENGINE_DIR.'/inc/userfields.php');
	$filecontents = array ();

    if (!empty($postedxfields)) {
      foreach ($postedxfields as $xfielddataname => $xfielddatavalue) {
        if (!$xfielddatavalue) { continue;}

		$xfielddatavalue = $db->safesql($parse->BB_Parse($parse->process($xfielddatavalue), false));

        $xfielddataname = $db->safesql($xfielddataname);

        $xfielddataname = str_replace("|", "|", $xfielddataname);
        $xfielddatavalue = str_replace("|", "|", $xfielddatavalue);
		$filecontents[] = "$xfielddataname|$xfielddatavalue";
      }

      $filecontents = implode("||", $filecontents);
	} else $filecontents = '';
vb_editpofile($icq, $email, md5($password1), $user, $land, $info); 
	if (strlen($password1)>0) {

	$password1 = md5(md5($password1));

	$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', password='$password1', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'";
	} else {
	$sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'";
	}


	$db->query($sql_user);
	}

}


//####################################################################################################################
//         Просмотр профиля пользователя
//####################################################################################################################

	$parse = new ParseFilter();

	$user_found = FALSE;

	$sql_result = $db->query("SELECT * FROM " . USERPREFIX . "_users where name = '$user'");

	$tpl->load_template('userinfo.tpl');

	while($row = $db->get_row($sql_result)){

	$user_found = TRUE;

	if ($row['banned'] == 'yes') $user_group[$row['user_group']]['group_name'] = $lang['user_ban'];

	if ($row['allow_mail']){
	$email = explode("@", $row['email'], 2);
	$tpl->set('{email}', "<a href=\"$PHP_SELF?do=feedback&user=$row[user_id]\">".$lang['news_mail']."</a>");
	}
	else {
	$tpl->set('{email}', $lang['news_nomail'], $output);
	}

	$tpl->set('{pm}', "<a href=\"$PHP_SELF?do=pm&doaction=newpm&user=".$row['user_id']."\">".$lang['news_pmnew']."</a>");

	if (!$row['allow_mail']) $mailbox = "checked"; else $mailbox = "";

	if ($row['foto'] AND (file_exists(ROOT_DIR."/uploads/fotos/".$row['foto']))) 
	$tpl->set('{foto}', $config['http_home_url']."uploads/fotos/".$row['foto']);
	else
	$tpl->set('{foto}', "{THEME}/images/noavatar.png");
//--------------User-Rating-----------------//
if($ur_config['us_rating_on']=='yes'){
$tpl->set('{us_rating}', $us_rat->us_rat_show($config['skin'],'0',$row['user_id'],'0', $row['ur_plus'], $row['ur_minus'],$is_logged,$member_id));
}
//-------------------End----------------------------// 
	$tpl->set('{hidemail}', "<input type=\"checkbox\" name=\"allow_mail\" value=\"1\" ".$mailbox."> ".$lang['news_noamail']);
	$tpl->set('{usertitle}', stripslashes($row['name']));
	$tpl->set('{fullname}', stripslashes($row['fullname']));
	$tpl->set('{icq}', stripslashes($row['icq']));
	$tpl->set('{land}', stripslashes($row['land']));
	$tpl->set('{info}', stripslashes($row['info']));
	$tpl->set('{editmail}', stripslashes($row['email']));
	$tpl->set('{comm_num}', $row['comm_num']);
	$tpl->set('{news_num}', $row['news_num']);
	    $tpl->set('{thanks_num}', intval($row['thanks_num']));
    $tpl->set('{thanks_sayed}', intval($row['thanks_sayed']));
	$tpl->set('{status}', stripslashes($user_group[$row['user_group']]['group_name']));
	$tpl->set('{rate}', userrating ($row['name']));
	
	
function user_reg_date ($reg_date){

$days = round((time() - $reg_date)/86400); 
                                                 
$count_days = true;

$years = floor($days / 365);
$days -= ($years * 365);
$monthes = floor($days / 30);
$days -= ($monthes * 30);

if ($monthes > 0){

    if ($monthes == 12){

        $count_days = false;
        $years++;
        $monthes = "";

    } elseif ($monthes > 6){

        $count_days = false;
        $monthes .= ' месяцев ';

    } else {

        if ($monthes == 1) $monthes .= ' месяц ';
        elseif ($monthes < 5) $monthes .= ' месяцa ';
        else $monthes .= ' месяцев ';

    }

} else $monthes = "";

if ($years > 0){

    if ($years == 1) $years .= ' год ';
    elseif ($years < 5) $years .= ' года ';
    else $years .= ' лет ';

    $count_days = false;

} else $years = "";

if ($count_days && $days > 0){

    if ($days == 1 || $days == 21 || $days == 31) $days .= ' день';
    elseif ($days < 5) $days .= ' дня';
    elseif ($days < 21) $days .= ' дней';
    elseif ($days < 25) $days .= ' дня';
    else $days .= ' дней';

} else $days = "";

return $years.$monthes.$days;
}
$tpl->set('{registration}', user_reg_date ($row['reg_date']));  
if ($config['allow_alt_url'] == "yes") $tpl->set('{fotoalbum}', "<a href=\"$config[http_home_url]user/".urlencode($row['name'])."/gallery/\">".$lang['fotoalbum']."</a>"); else $tpl->set('{fotoalbum}', "<a href=\"$config[http_home_url]index.php?do=gallery&subaction=userfoto&user=".urlencode($row['name'])."\">".$lang['fotoalbum']."</a>");
	
	$tpl->set('{lastdate}', langdate("j F Y H:i", $row['lastdate']));
	include_once ENGINE_DIR.'/modules/stag.php';
	$tpl->set('{stag}', $with_us);
	if ($user_group[$row['user_group']]['icon'])
		$tpl->set('{group-icon}', "<img src=\"".$user_group[$row['user_group']]['icon']."\" border=\"0\" />");
	else
		$tpl->set('{group-icon}', "");

	if ($is_logged AND $user_group[$row['user_group']]['time_limit'] AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] < 3)) {

		$tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si","\\1");

		if ($row['time_limit']) {

			$tpl->set('{time_limit}', langdate("j F Y H:i", $row['time_limit']));

		} else {

			$tpl->set('{time_limit}', $lang['no_limit']);

		}

	} else {

		$tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si","");

	}

	$_IP = $db->safesql($_SERVER['REMOTE_ADDR']);

	$tpl->set('{ip}', $_IP);
	$tpl->set('{allowed-ip}', stripslashes($row['allowed_ip']));

	$tpl->set('{editinfo}', $parse->decodeBBCodes($row['info'], false));
	$tpl->set('{editsignature}', $parse->decodeBBCodes($row['signature'], false));

	$tpl->set('{comments}', "<a href=\"$PHP_SELF?do=lastcomments&userid=".$row['user_id']."\">".$lang['last_comm']."</a>");

	if ($config['allow_alt_url'] == "yes") {

		$tpl->set('{news}', "<a href=\"".$config['http_home_url']."user/".urlencode($row['name'])."/news/"."\">".$lang['all_user_news']."</a>");

	} else {

		$tpl->set('{news}', "<a href=\"".$PHP_SELF."?subaction=allnews&user=".urlencode($row['name'])."\">".$lang['all_user_news']."</a>");

	}

	if ($row['signature']) {

		$tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si","\\1");
		$tpl->set('{signature}', stripslashes($row['signature']));

	} else {

		$tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si","");

	}

	$xfieldsaction = "list";
	$xfieldsadd = false;
	$xfieldsid = $row['xfields'];
	include(ENGINE_DIR.'/inc/userfields.php');
    $tpl->set('{xfields}',$output);

	// Обработка дополнительных полей
    $xfieldsdata = xfieldsdataload ($row['xfields']);
  
    foreach ($xfields as $value) {
      $preg_safe_name = preg_quote($value[0], "'");

      if ($value[5] != 1 OR ($is_logged AND $member_id['user_group'] == 1) OR ($is_logged AND $member_id['user_id'] == $row['user_id'])) {
        if (empty($xfieldsdata[$value[0]])) {
          $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template);
        } else {
          $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "\\1", $tpl->copy_template);
        }
      $tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", stripslashes($xfieldsdata[$value[0]]), $tpl->copy_template);
      } else {
      $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template);
      $tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", "", $tpl->copy_template);
		}
    }
	// Обработка дополнительных полей



	if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) {
        $tpl->set('{edituser}',"[ <a href=\"javascript:ShowOrHide('options')\">".$lang['news_option']."</a> ]");
		}
		else $tpl->set('{edituser}', "");

	if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) {
        $tpl->set('[not-logged]',"");
        $tpl->set('[/not-logged]',"");
		}
		else $tpl->set_block("'\\[not-logged\\](.*?)\\[/not-logged\\]'si","<!-- profile -->");

	if ($config['allow_alt_url'] == "yes")
		$link_profile = $config['http_home_url']."user/".urlencode($row['name'])."/";
	else
		$link_profile = $PHP_SELF."?subaction=userinfo&user=".urlencode($row['name']);

	if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) {
		$tpl->copy_template = "<form  method=\"post\" name=\"userinfo\" id=\"userinfo\" enctype=\"multipart/form-data\" action=\"{$link_profile}\">".$tpl->copy_template."
		<input type=\"hidden\" name=\"doaction\" value=\"adduserinfo\" />
		<input type=\"hidden\" name=\"dle_allow_hash\" value=\"{$dle_login_hash}\" />
		</form>";
		}

        $tpl->compile('content');

	}

	$tpl->clear();
	$db->free($sql_result);

	if ($user_found == FALSE) { $allow_active_news = false; msgbox ($lang['all_err_1'], $lang['news_err_26']); }
?>
 
Статус
В этой теме нельзя размещать новые ответы.
Назад
Сверху