PageRenderTime 61ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 1ms

/profile.php

https://github.com/hovvit/Newsletter
PHP | 446 lines | 396 code | 44 blank | 6 comment | 41 complexity | add142214ee8386f25aaff0cc58ed967 MD5 | raw file
    

  1. <?php
    2. 

  2.  $user="";
    3. 

  3.  $host="";
    4. 

  4.  $password="";
    5. 

  5.  $dbname="";
    6. 

  6. 

  7.  $cxn = mysql_connect($host,$user,$password)
    8. 

  8.      	  or die ("Couldn't connect to server");
    9. 

  9.  
    10. 

  10.  $link = mysql_select_db($dbname, $cxn);
    11. 

  11. 

  12.  
    13. 

  13.  // This will run on any page where the shopping cart
    14. 

  14.  // accesses the DB. Prevents SQL injection through any
    15. 

  15.  // POST variable.
    16. 

  16.  foreach ($_POST as $key => $value) 
    17. 

  17.  { 
    18. 

  18.  	$_POST[$key] = mysql_real_escape_string($value); 
    19. 

  19.  }
    20. 

  20. 

  21.  function safe($value)
    22. 

  22.  { 
    23. 

  23.  	return mysql_real_escape_string($value); 
    24. 

  24.  }  
    25. 

  25. 

  26.  // If the save button has been pressed, save the form data.
    27. 

  27.  function saveData($cxn, $userID)
    28. 

  28.  {
    29. 

  29. 	/*switch ($_POST['postBirthMonth'])
    30. 

  30. 	{
    31. 

  31. 		case 'January': { $p4 = 1; } break;
    32. 

  32. 		case 'February': { $p4 = 2; } break;
    33. 

  33. 		case 'March': { $p4 = 3; } break;
    34. 

  34. 		case 'April': { $p4 = 4; } break;
    35. 

  35. 		case 'May': { $p4 = 5; } break;
    36. 

  36. 		case 'June': { $p4 = 6; } break;
    37. 

  37. 		case 'July': { $p4 = 7; } break;
    38. 

  38. 		case 'August': { $p4 = 8; } break;
    39. 

  39. 		case 'September': { $p4 = 9; } break;
    40. 

  40. 		case 'October': { $p4 = 10; } break;
    41. 

  41. 		case 'November': { $p4 = 11; } break;
    42. 

  42. 		case 'December': { $p4 = 12; } break;
    43. 

  43. 	}*/
    44. 

  44. 	
    45. 

  45. 	$p1 = safe($_POST['postName']);
    46. 

  46. 	$p2 = safe($_POST['postEmail']);
    47. 

  47. 	$p3 = safe($_POST['postContact']);
    48. 

  48. 	$p4 = safe($_POST['postBirthMonth']);
    49. 

  49. 	$p5 = safe($_POST['postBirthDay']);
    50. 

  50. 	$p6 = safe($_POST['postNews']);
    51. 

  51. 	$p7 = safe($_POST['postEvent1']);
    52. 

  52. 	$p8 = safe($_POST['postEvent2']);
    53. 

  53. 	$p9 = safe($_POST['postEvent3']);
    54. 

  54. 	$p10 = safe($_POST['postHeadline']);
    55. 

  55. 	$p11 = safe($_POST['postStory']);
    56. 

  56. 	$p12 = safe($_POST['postBlogName']);
    57. 

  57. 	$p13 = safe($_POST['postBlogURL']);
    58. 

  58. 	$p14 = safe($_POST['postBlogDescription']);
    59. 

  59. 	$p15 = safe($_POST['postMisc1']);
    60. 

  60. 	$p16 = safe($_POST['postMisc2']);
    61. 

  61. 

  62. 	//$pOld = safe($_POST['login']);
    63. 

  63. 

  64. 	$query_saveData = "UPDATE userdata SET 
    65. 

  65. 						 nameFull='$p1', emailAddress='$p2', contactInfo='$p3',
    66. 

  66. 						 birthMonth=$p4, birthDay=$p5, newsMonth='$p6', event1='$p7',
    67. 

  67. 						 event2='$p8', event3='$p9', newsHeadline='$p10',
    68. 

  68. 						 newsStory='$p11', blogName='$p12', blogURL='$p13',
    69. 

  69. 						 blogDescription='$p14', misc1='$p15', misc2='$p16'  
    70. 

  70. 	                     WHERE userID='$userID'";
    71. 

  71.  	$result_saveData = mysql_query($query_saveData, $cxn)
    72. 

  72.      	  or die ("Couldn't execute query 1");
    73. 

  73.  }
    74. 

  74.  
    75. 

  75.  $userID = 0;
    76. 

  76.  function getExtension($str) {
    77. 

  77.          $i = strrpos($str,".");
    78. 

  78.          if (!$i) { return ""; }
    79. 

  79.          $l = strlen($str) - $i;
    80. 

  80.          $ext = substr($str,$i+1,$l);
    81. 

  81.          return $ext;
    82. 

  82.  }
    83. 

  83.  // check for the login info... if none exists, redirect to home
    84. 

  84.  if (isset ($_POST['login']))
    85. 

  85.  {
    86. 

  86. 	$currentUser = safe($_POST['login']);
    87. 

  87. 	
    88. 

  88. 	// get the ID
    89. 

  89. 	$query_getID = "SELECT userID FROM userdata WHERE emailAddress='$currentUser'";
    90. 

  90.  	$result_getID = mysql_query($query_getID, $cxn)
    91. 

  91.      	  or die ("Couldn't execute query 1");
    92. 

  92. 	
    93. 

  93. 	// If zero rows, create a new user.
    94. 

  94. 	if (mysql_num_rows($result_getID) == 0)
    95. 

  95. 	{
    96. 

  96. 		$qInsert = "INSERT INTO userdata SET emailAddress='$currentUser'";
    97. 

  97. 		$qResult= mysql_query($qInsert, $cxn)
    98. 

  98.      	  or die ("Couldn't execute query 3");
    99. 

  99. 	}
    100. 

  100. 	
    101. 

  101. 	// Now get the ID again...
    102. 

  102. 	$query_getID = "SELECT userID FROM userdata WHERE emailAddress='$currentUser'";
    103. 

  103.  	$result_getID = mysql_query($query_getID, $cxn)
    104. 

  104.      	  or die ("Couldn't execute query 1");
    105. 

  105. 

  106. 	$userIDr = mysql_fetch_assoc($result_getID);
    107. 

  107. 	
    108. 

  108. 	$userID = $userIDr['userID'];
    109. 

  109. 	
    110. 

  110.  }
    111. 

  111.  
    112. 

  112.  if (isset ($_POST['userID']))
    113. 

  113.  {
    114. 

  114. 	$userID = $_POST['userID'];
    115. 

  115.  }
    116. 

  116.  
    117. 

  117.  if ($userID == 0)
    118. 

  118.  {
    119. 

  119. 	header('Location: signup.php');
    120. 

  120.  }
    121. 

  121.  
    122. 

  122.  // save data if neccessary
    123. 

  123.  $errors = 0;
    124. 

  124.  if (isset($_POST['saveTrue']))
    125. 

  125. 	{ 
    126. 

  126. 		saveData($cxn, $userID);
    127. 

  127. 		// reset current user (allows you to change your email address)
    128. 

  128. 		$currentUser = safe($_POST['postEmail']);
    129. 

  129. 	}
    130. 

  130. 

  131.  //reads the name of the file the user submitted for uploading
    132. 

  132.  	//$image=$_FILES['image']['name'];
    133. 

  133.  	//if it is not empty
    134. 

  134.  	if ( isset($_FILES['image']['name']) && $_FILES['image']['name'] != '')//$image) 
    135. 

  135.  	{
    136. 

  136. 		//get the original name of the file from the clients machine
    137. 

  137. 			$filename = stripslashes($_FILES['image']['name']);
    138. 

  138. 		//get the extension of the file in a lower case format
    139. 

  139. 			$extension = getExtension($filename);
    140. 

  140. 			$extension = strtolower($extension);
    141. 

  141. 		//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
    142. 

  142. 		//otherwise we will do more tests
    143. 

  143. 	 if (($extension != "jpg")) 
    144. 

  144. 			{
    145. 

  145. 			//print error message
    146. 

  146. 				//echo '<h1>Unknown extension!</h1>';
    147. 

  147. 				$errors=1;
    148. 

  148. 			}
    149. 

  149. 			else
    150. 

  150. 			{
    151. 

  151. 	//get the size of the image in bytes
    152. 

  152. 	 //$_FILES['image']['tmp_name'] is the temporary filename of the file
    153. 

  153. 	 //in which the uploaded file was stored on the server
    154. 

  154. 	 $size=filesize($_FILES['image']['tmp_name']);
    155. 

  155. 

  156. 	//compare the size with the maxim size we defined and print error if bigger
    157. 

  157. 	if ($size > 1000*1024)
    158. 

  158. 	{
    159. 

  159. 		//echo '<h1>You have exceeded the size limit!</h1>';
    160. 

  160. 		$errors=1;
    161. 

  161. 	}
    162. 

  162. 

  163. 	//we will give an unique name, for example the time in unix time format
    164. 

  164. 	$image_name=$userID.'.'.$extension;
    165. 

  165. 	//the new name will be containing the full path where will be stored (images folder)
    166. 

  166. 	$newname="userimages/".$image_name;
    167. 

  167. 	//we verify if the image has been uploaded, and print error instead
    168. 

  168. 	$copied = copy($_FILES['image']['tmp_name'], $newname);
    169. 

  169. 	if (!$copied) 
    170. 

  170. 	{
    171. 

  171. 		//echo '<h1>Copy unsuccessfull!</h1>';
    172. 

  172. 		$errors=1;
    173. 

  173. 	}
    174. 

  174. 	}}
    175. 

  175. 

  176. 	
    177. 

  177.  // get the info for this user
    178. 

  178.  $query_getData = "SELECT * FROM userdata WHERE userID=$userID";
    179. 

  179.  	$result_getData = mysql_query($query_getData, $cxn)
    180. 

  180.      	  or die ("Couldn't execute query 1");
    181. 

  181. 

  182. 	$userData = mysql_fetch_assoc($result_getData);
    183. 

  183.  
    184. 

  184.  $userID = stripslashes($userData['userID']);
    185. 

  185.  $userName = stripslashes($userData['nameFull']);
    186. 

  186.  $userEmail = stripslashes($userData['emailAddress']);
    187. 

  187.  $userContact = stripslashes($userData['contactInfo']);
    188. 

  188.  $userBirthMonth = $userData['birthMonth'];
    189. 

  189.  $userBirthDay = $userData['birthDay'];
    190. 

  190.  
    191. 

  191.  $order = array("\\r\\n", "\\n", "\\r", "\\");
    192. 

  192.  $userNews = str_replace($order, '', $userData['newsMonth']);
    193. 

  193.  $userStory = str_replace($order, '', $userData['newsStory']);
    194. 

  194.  
    195. 

  195.  //$userNews = $userData['newsMonth'];
    196. 

  196.  $userEvent1 = stripslashes($userData['event1']);
    197. 

  197.  $userEvent2 = stripslashes($userData['event2']);
    198. 

  198.  $userEvent3 = stripslashes($userData['event3']);
    199. 

  199.  $userHeadline = stripslashes($userData['newsHeadline']);
    200. 

  200.  //$userStory = stripslashes($userData['newsStory']);
    201. 

  201.  $userBlogName = stripslashes($userData['blogName']);
    202. 

  202.  $userBlogURL = stripslashes($userData['blogURL']);
    203. 

  203.  $userBlogDescription = stripslashes($userData['blogDescription']);
    204. 

  204.  $userMisc1 = stripslashes($userData['misc1']);
    205. 

  205.  $userImage = stripslashes($userData['misc2']);
    206. 

  206. 

  207. echo "
    208. 

  208. <html>
    209. 

  209.   <title>My Profile</title>
    210. 

  210.   <head></head>
    211. 

  211.   
    212. 

  212.   <body bgcolor=#dde6c6>
    213. 

  213.   
    214. 

  214.   <style type='text/css'>
    215. 

  215.      table {
    216. 

  216. 	       font-family:'Helvetica',serif;
    217. 

  217. 		   font-size: 11;
    218. 

  218. 	       }
    219. 

  219.     A:link {text-decoration: none; color: #645d41;}
    220. 

  220. 	A:visited {text-decoration: none; color: #645d41;}
    221. 

  221. 	A:active {text-decoration: none; color: #645d41;}
    222. 

  222. 	A:hover {text-decoration: underline; color: #ddd6ba;}
    223. 

  223.   </style>  
    224. 

  224.   
    225. 

  225.   <form action='profile.php' enctype='multipart/form-data' method='post'>
    226. 

  226. 

  227.   <table width=100% border=0 bgcolor=#dde6c6>
    228. 

  228.   <tr><td align='center'>
    229. 

  229. 

  230.   <table width=660px border=0 bgcolor='white'>
    231. 

  231.   <tr>
    232. 

  232.   <td style='background-image: url(evan/images/G.jpg)' align='center'><br /><br />Newsletter - a simple monthly publication to keep friends connected<br /><br /></td>
    233. 

  233.   </tr>
    234. 

  234.   <tr><td align='center'><a href='publications.php'>[Archive]</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href='signup.php'>[Log out]</a><br /><br /></td></tr>
    235. 

  235.   </table><br />
    236. 

  236.   
    237. 

  237.   <table width=660px border=0 bgcolor='white'>
    238. 

  238.   
    239. 

  239.   <tr>
    240. 

  240.   <td colspan=3 align='center'><br />
    241. 

  241.   All fields are optional. To unsubscribe from the newsletter, erase your
    242. 

  242.   email address and save the form.";
    243. 

  243.   
    244. 

  244.   if (isset($_POST['saveTrue']))
    245. 

  245. 	{ 
    246. 

  246. 		//saveData();
    247. 

  247. 		echo "<br /><br /><div style='color: red;'><strong>
    248. 

  248. 		Your information has been submitted to the newspaper.<br />
    249. 

  249. 		You may make further modifications using this page until the publication date.
    250. 

  250. 		</strong></div></br />";
    251. 

  251. 		
    252. 

  252. 		if ($errors != 0)
    253. 

  253. 		{
    254. 

  254. 			echo "<br /><br /><div style='color: red;'><strong>
    255. 

  255. 		Error submitting image. You image must be saved with a .jpg<br />
    256. 

  256. 		extension and be less than 1 MB in size.
    257. 

  257. 		</strong></div></br />";
    258. 

  258. 		}
    259. 

  259. 	}
    260. 

  260.   
    261. 

  261.   echo "
    262. 

  262.   </td>
    263. 

  263.   </tr>
    264. 

  264.   
    265. 

  265.   <!--
    266. 

  266.   <tr>
    267. 

  267.   <td colspan=2 align='right'> 
    268. 

  268.   <br /><input type='submit' value='      Save      '>
    269. 

  269.   </td>
    270. 

  270.   </tr>
    271. 

  271.   -->
    272. 

  272.   
    273. 

  273.   <tr>
    274. 

  274.     <td width=500px>&nbsp;</td>
    275. 

  275.     <td>
    276. 

  276. 	
    277. 

  277. 	<br />
    278. 

  278. 	<strong>Your information</strong>
    279. 

  279. 	<hr width=100%>
    280. 

  280. 	
    281. 

  281. 	
    282. 

  282. 	Name<br />
    283. 

  283. 	  <input type='input' name='postName' value='$userName' size=50>
    284. 

  284. 	<br />
    285. 

  285. 	
    286. 

  286. 	Email<br />
    287. 

  287. 	  <input type='input' size=50 name='postEmail' value='$userEmail'>* publications will be sent here
    288. 

  288. 	<br />
    289. 

  289. 	
    290. 

  290. 	<!--Other contact information<br />-->
    291. 

  291. 	  <input type='hidden' name='postContact' value='$userContact' size=50>
    292. 

  292. 	 <br />
    293. 

  293. 	 
    294. 

  294. 	<br /> 
    295. 

  295. 	Birthday&nbsp;&nbsp;
    296. 

  296. 	  <select name='postBirthMonth'>";
    297. 

  297. 	  
    298. 

  298. 	if ($userBirthMonth == 1) { echo "<option value=1 selected='selected'>"; }
    299. 

  299. 	else { echo "<option value=1>";}
    300. 

  300. 	echo "January</option>";
    301. 

  301. 	
    302. 

  302. 	if ($userBirthMonth == 2) { echo "<option value=2 selected='selected'>"; }
    303. 

  303. 	else { echo "<option value=2>";}
    304. 

  304. 	echo "February</option>";
    305. 

  305. 	
    306. 

  306. 	if ($userBirthMonth == 3) { echo "<option value=3 selected='selected'>"; }
    307. 

  307. 	else { echo "<option value=3>";}
    308. 

  308. 	echo "March</option>";
    309. 

  309. 	
    310. 

  310. 	if ($userBirthMonth == 4) { echo "<option value=4 selected='selected'>"; }
    311. 

  311. 	else { echo "<option value=4>";}
    312. 

  312. 	echo "April</option>";
    313. 

  313. 	
    314. 

  314. 	if ($userBirthMonth == 5) { echo "<option value=5 selected='selected'>"; }
    315. 

  315. 	else { echo "<option value=5>";}
    316. 

  316. 	echo "May</option>";
    317. 

  317. 	
    318. 

  318. 	if ($userBirthMonth == 6) { echo "<option value=6 selected='selected'>"; }
    319. 

  319. 	else { echo "<option value=6>";}
    320. 

  320. 	echo "June</option>";
    321. 

  321. 	
    322. 

  322. 	if ($userBirthMonth == 7) { echo "<option value=7 selected='selected'>"; }
    323. 

  323. 	else { echo "<option value=7>";}
    324. 

  324. 	echo "July</option>";
    325. 

  325. 	
    326. 

  326. 	if ($userBirthMonth == 8) { echo "<option value=8 selected='selected'>"; }
    327. 

  327. 	else { echo "<option value=8>";}
    328. 

  328. 	echo "August</option>";
    329. 

  329. 	
    330. 

  330. 	if ($userBirthMonth == 9) { echo "<option  value=9 selected='selected'>"; }
    331. 

  331. 	else { echo "<option value=9>";}
    332. 

  332. 	echo "September</option>";
    333. 

  333. 	
    334. 

  334. 	if ($userBirthMonth == 10) { echo "<option value=10 selected='selected'>"; }
    335. 

  335. 	else { echo "<option value=10>";}
    336. 

  336. 	echo "October</option>";
    337. 

  337. 	
    338. 

  338. 	if ($userBirthMonth == 11) { echo "<option value=11 selected='selected'>"; }
    339. 

  339. 	else { echo "<option value=11>";}
    340. 

  340. 	echo "November</option>";
    341. 

  341. 	
    342. 

  342. 	if ($userBirthMonth == 12) { echo "<option value=12 selected='selected'>"; }
    343. 

  343. 	else { echo "<option value=12>";}
    344. 

  344. 	echo "December</option>";
    345. 

  345. 	
    346. 

  346. 	 
    347. 

  347. 	echo "
    348. 

  348. 	  </select>
    349. 

  349. 	  
    350. 

  350. 	  <input type='input' name='postBirthDay' value='$userBirthDay' size=3>
    351. 

  351. 	<br /><br />
    352. 

  352. 	
    353. 

  353. 	<br />
    354. 

  354. 	<strong>Your news</strong>
    355. 

  355. 	<hr width=100%>
    356. 

  356. 	
    357. 

  357. 	Monthly update (<200 words please)<br />
    358. 

  358. 	<i>Write a short paragraph or two about what you've been up to.</i><br />
    359. 

  359. 	  <textarea cols=62 rows=10 name='postNews'>$userNews</textarea>
    360. 

  360. 	<br /><br />
    361. 

  361. 	
    362. 

  362. 	Announcements & Events<br />
    363. 

  363. 	<i>Any announcements / events you are hosting or planning to attend.</i><br />
    364. 

  364. 	  1.<input type='input' name='postEvent1' value='$userEvent1' size=78><br />
    365. 

  365. 	  2.<input type='input' name='postEvent2' value='$userEvent2' size=78><br />
    366. 

  366. 	  3.<input type='input' name='postEvent3' value='$userEvent3' size=78>
    367. 

  367. 

  368. 	<br />
    369. 

  369. 	
    370. 

  370. 	<br /><br />
    371. 

  371. 	<strong>Write a featured story</strong><br />
    372. 

  372. 	<i>Write a long, blog-style post about anything. Featured stories
    373. 

  373. 	   will be printed on the first page.</i> <!-- Optionally,
    374. 

  374. 	   include images. To include images, first upload the image by pressing
    375. 

  375. 	   the button. Then, at the desired location in the post, enter two pound
    376. 

  376. 	   symbols followed by the image name followed by two pound symbols. The
    377. 

  377. 	   image name is case sensitive. test.JPG is not the same as Test.jpg. 
    378. 

  378. 	   <br />Example: ##image.jpg##</i><br /> -->
    379. 

  379. 	<hr width=100%>
    380. 

  380. 	
    381. 

  381. 	Headline<br />
    382. 

  382. 	  <input type='input' size=80 height=5 name='postHeadline' value='$userHeadline'>
    383. 

  383. 	<br />
    384. 

  384. 	
    385. 

  385. 	Optional image: 
    386. 

  386. 	<i>Upload the image by pressing the button. The image will be displayed
    387. 

  387. 	at the beginning of your post. Only one image can be uploaded. Images
    388. 

  388. 	MUST be saved in a .jpg format and be under 1 mb!
    389. 

  389. 	   <br /></i>
    390. 

  390. 	  <input type='file' name='image'> 
    391. 

  391. 	  <input type='hidden' size=40 height=5 name='postMisc2' value='$userImage'>
    392. 

  392. 	<br />
    393. 

  393. 	
    394. 

  394. 	Story (no size limit)<br />
    395. 

  395. 	  <textarea cols=62 rows=14 name='postStory'>$userStory</textarea>
    396. 

  396. 	<br />
    397. 

  397. 	
    398. 

  398. 	<br /><br />
    399. 

  399. 	<strong>Do you have a personal blog?</strong>
    400. 

  400. 	<hr width=100%>
    401. 

  401. 	
    402. 

  402. 	Blog name<br />
    403. 

  403. 	  <input type='input' size=80 name='postBlogName' value='$userBlogName'>
    404. 

  404. 	<br />
    405. 

  405. 	
    406. 

  406. 	Blog URL<br />
    407. 

  407. 	  <input type='input' size=80 name='postBlogURL' value='$userBlogURL'>
    408. 

  408. 	<br />
    409. 

  409. 	
    410. 

  410. 	Blog description (short)<br />
    411. 

  411. 	  <input type='input' size=80 name='postBlogDescription' value='$userBlogDescription'>
    412. 

  412. 	<br />
    413. 

  413. 	
    414. 

  414. 	<br />
    415. 

  415. 	<strong>Misc</strong>
    416. 

  416. 	<hr width=100%>
    417. 

  417. 	
    418. 

  418. 	Recommended books/music<br />
    419. 

  419. 	  <input type='input' size=80 name='postMisc1' value='$userMisc1'>
    420. 

  420. 	<br />
    421. 

  421. 	
    422. 

  422. 	<br />
    423. 

  423. 			
    424. 

  424.     </td>
    425. 

  425. 	<td width=500px>&nbsp;</td>
    426. 

  426.   </tr>
    427. 

  427.   
    428. 

  428.   <tr>
    429. 

  429.   <td colspan=2 align='right'>
    430. 

  430.   <input type='hidden' name='userID' value='$userID'>
    431. 

  431.   <input type='submit' name='saveTrue' value='      Save      '><br /><br /><br />
    432. 

  432.   </td>
    433. 

  433.   </tr>
    434. 

  434.   
    435. 

  435.   </table>
    436. 

  436.   
    437. 

  437.   </td></tr>
    438. 

  438.   </table>
    439. 

  439.   
    440. 

  440.   </form>
    441. 

  441. 

  442.   </body>
    443. 

  443. 

  444. </html>";
    445. 

    446. 

  446. ?>
    447.