/backend/backend_userinfo.php

https://gitlab.com/Toldierone/ReClop · PHP · 203 lines · 201 code · 2 blank · 0 comment · 21 complexity · 5fc7096724065cd30602cd6b3100642d MD5 · raw file 

    

  1. <?php
    2. 

  2. include("allfunctions.php");
    3. 

  3. needsuser();
    4. 

  4. foreach ($_POST as $key => $value) {
    5. 

  5.     $mysql[$key] = $GLOBALS['mysqli']->real_escape_string($value);
    6. 

  6. }
    7. 

  7. if ($_POST && (($_POST['token_userinfo'] == "") || ($_POST['token_userinfo'] != $_SESSION['token_userinfo']))) {
    8. 

  8.     $errors[] = "Try again.";
    9. 

  9. }
    10. 

  10. if ($_POST || ($_SESSION['token_userinfo'] == "")) {
    11. 

  11.     $_SESSION['token_userinfo'] = sha1(rand() . $_SESSION['token_userinfo']);
    12. 

  12. }
    13. 

  13. $sql =<<<EOSQL
    14. 

  14. SELECT u.username, u.user_id, u.email, u.flag, u.donator, u.description, u.stasismode, u.hidebanners, u.hideicons, u.hidereports, u.alliance_id, u.funmode, a.name AS alliancename
    15. 

  15. FROM users u LEFT JOIN alliances a ON u.alliance_id = a.alliance_id WHERE u.user_id = '{$_SESSION['user_id']}'
    16. 

  16. EOSQL;
    17. 

  17. $userinfo = onelinequery($sql);
    18. 

  18. $display['description'] = htmlentities($userinfo['description'], ENT_SUBSTITUTE, "UTF-8");
    19. 

  19. $display['email'] = htmlentities($userinfo['email'], ENT_SUBSTITUTE, "UTF-8");
    20. 

  20. $display['flag'] = htmlentities($userinfo['flag'], ENT_SUBSTITUTE, "UTF-8");
    21. 

  21. 

  22. $funstatus = ($userinfo['funmode'] == 1) ? "checked" : "";
    23. 

  23. $_SESSION['async_token'] = sha1(rand());
    24. 

  24. 

  25. if (!$errors) {
    26. 

  26. if ($_POST['changedescription']) {
    27. 

  27.     $sql=<<<EOSQL
    28. 

  28. UPDATE users SET description = '{$mysql['description']}' WHERE user_id = '{$_SESSION['user_id']}'
    29. 

  29. EOSQL;
    30. 

  30.     $GLOBALS['mysqli']->query($sql);
    31. 

  31. 	$infos[] = "Description changed.";
    32. 

  32. 	$display['description'] = htmlentities($_POST['description'], ENT_SUBSTITUTE, "UTF-8");
    33. 

  33. }
    34. 

  34. if ($_POST['action'] == "New Password") {
    35. 

  35.     $checkpasswordhash = sha1($mysql['currentpassword'] . "saltlick"); // I'm fully aware that this is shit, thanks
    36. 

  36.     $sql = "SELECT user_id FROM users WHERE user_id = '{$_SESSION['user_id']}' AND password = '{$checkpasswordhash}'";
    37. 

  37.     $rs = onelinequery($sql);
    38. 

  38.     if (!$rs) {
    39. 

  39.         $errors[] = "Incorrect current password.";
    40. 

  40.     }
    41. 

  41.     if ($_POST['password'] != $_POST['confirm_password']) {
    42. 

  42.         $errors[] = "Passwords do not match.";
    43. 

  43.     }
    44. 

  44.     if (empty($errors)) {
    45. 

  45.         $passwordhash = sha1($mysql['password'] . "saltlick");
    46. 

  46.         $sql=<<<EOSQL
    47. 

  47. UPDATE users SET password = '{$passwordhash}' WHERE user_id = '{$_SESSION['user_id']}'
    48. 

  48. EOSQL;
    49. 

  49.         $GLOBALS['mysqli']->query($sql);
    50. 

  50.         $infos[] = "Password changed.";
    51. 

  51.     }
    52. 

  52. }
    53. 

  53. if ($_POST['changeflag']) {
    54. 

  54. 	if (!preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/i', $_POST['flag']) && $_POST['flag'] != "") {
    55. 

  55. 		$errors[] = "Heeeeyyy... are you SURE that's an image? (JPGs, GIFs, and PNGs only.)";
    56. 

  56. 	}
    57. 

  57.     if (empty($errors)) {
    58. 

  58.         $sql=<<<EOSQL
    59. 

  59. UPDATE users SET flag = '{$mysql['flag']}' WHERE user_id = '{$_SESSION['user_id']}'
    60. 

  60. EOSQL;
    61. 

  61.         $GLOBALS['mysqli']->query($sql);
    62. 

  62.         $infos[] = "Flag changed.";
    63. 

  63.         $userinfo['flag'] = $_POST['flag'];
    64. 

  64. 		$display['flag'] = htmlentities($userinfo['flag'], ENT_SUBSTITUTE, "UTF-8");
    65. 

  65.     }
    66. 

  66. }
    67. 

  67. if ($_POST['changeemail']) {
    68. 

  68.     if (empty($errors)) {
    69. 

  69.         $sql=<<<EOSQL
    70. 

  70. UPDATE users SET email = '{$mysql['email']}' WHERE user_id = '{$_SESSION['user_id']}'
    71. 

  71. EOSQL;
    72. 

  72.         $GLOBALS['mysqli']->query($sql);
    73. 

  73.         $infos[] = "Email address changed.";
    74. 

  74.         $userinfo['email'] = $_POST['email'];
    75. 

  75. 		$display['email'] = htmlentities($userinfo['email'], ENT_SUBSTITUTE, "UTF-8");
    76. 

  76.     }
    77. 

  77. }
    78. 

  78. if ($_POST['changecolor']) {
    79. 

  79.     $mysql['css'] = (int)$_POST['css'];
    80. 

  80.     if ($mysql['css'] > 2 || $mysql['css'] < 0) {
    81. 

  81.         $errors[] = "What do you think would even happen, smart guy?";
    82. 

  82.     }
    83. 

  83.     if (!$errors) {
    84. 

  84.     $sql=<<<EOSQL
    85. 

  85.     UPDATE users SET css = '{$mysql['css']}' WHERE user_id = '{$_SESSION['user_id']}'
    86. 

  86. EOSQL;
    87. 

  87.     $_SESSION['css'] = $mysql['css'];
    88. 

  88.     $userinfo['css'] = $mysql['css'];
    89. 

  89.     $GLOBALS['mysqli']->query($sql);
    90. 

  90.     }
    91. 

  91. }
    92. 

  92. if ($_POST['enterstasis']) {
    93. 

  93.     $sql=<<<EOSQL
    94. 

  94.     SELECT stasisdate FROM users WHERE user_id = '{$_SESSION['user_id']}'
    95. 

  95. EOSQL;
    96. 

  96.     $rs = onelinequery($sql);
    97. 

  97.     if (strtotime($rs['stasisdate']) > (time() - 86400)) {
    98. 

  98.         $errors[] = "You have left stasis less than 24 hours ago.";
    99. 

  99.     } else {
    100. 

  100. 		$sql=<<<EOSQL
    101. 

  101. 		SELECT nation_id FROM nations WHERE user_id = '{$_SESSION['user_id']}'
    102. 

  102. EOSQL;
    103. 

  103. 		$sth = $GLOBALS['mysqli']->query($sql);
    104. 

  104. 		while ($rs = mysqli_fetch_array($sth)) {
    105. 

  105. 			$sql=<<<EOSQL
    106. 

  106. 			UPDATE forcegroups SET attack_mission = 0, oldmission = 0, departuredate = NULL, destination_id = 0
    107. 

  107. 			WHERE nation_id = {$rs['nation_id']}
    108. 

  108. 			AND departuredate IS NOT NULL
    109. 

  109. EOSQL;
    110. 

  110. 			$GLOBALS['mysqli']->query($sql);
    111. 

  111. 			$sql=<<<EOSQL
    112. 

  112. 			UPDATE forcegroups SET attack_mission = 0, oldmission = 0, destination_id = {$rs['nation_id']}, departuredate = NOW()
    113. 

  113. 			WHERE nation_id = {$rs['nation_id']}
    114. 

  114. 			AND location_id != {$rs['nation_id']}
    115. 

  115. EOSQL;
    116. 

  116. 			$GLOBALS['mysqli']->query($sql);
    117. 

  117. 		}
    118. 

  118.         $sql = "SELECT username FROM users WHERE user_id = {$_SESSION['user_id']}";
    119. 

  119.         $thisuser = onelinequery($sql);
    120. 

  120.         $message=<<<EOFORM
    121. 

  121. <a href="viewuser.php?user_id={$_SESSION['user_id']}">{$thisuser['username']}</a> has gone into stasis.
    122. 

  122. EOFORM;
    123. 

  123.         $mysqlmessage = $GLOBALS['mysqli']->real_escape_string($message);
    124. 

  124.         $sql =<<<EOSQL
    125. 

  125.         INSERT INTO news (message, posted)
    126. 

  126.         VALUES ('{$mysqlmessage}', NOW())
    127. 

  127. EOSQL;
    128. 

  128.         $GLOBALS['mysqli']->query($sql);
    129. 

  129.         $sql=<<<EOSQL
    130. 

  130.         UPDATE users SET stasisdate = NOW(), stasismode = 1 WHERE user_id = '{$_SESSION['user_id']}'
    131. 

  131. EOSQL;
    132. 

  132.         $GLOBALS['mysqli']->query($sql);
    133. 

  133.         session_destroy();
    134. 

  134.         session_unset();
    135. 

  135.         header("Location: index.php");
    136. 

  136.         exit;
    137. 

  137.     }
    138. 

  138. } else if ($_POST['leavestasis']) {
    139. 

  139. 	if (!$errors) {
    140. 

  140. 	$sql=<<<EOSQL
    141. 

  141.     UPDATE users SET stasisdate = NOW(), stasismode = 0 WHERE user_id = '{$_SESSION['user_id']}'
    142. 

  142. EOSQL;
    143. 

  143. 	$GLOBALS['mysqli']->query($sql);
    144. 

  144. 	$infos[] = "You have left stasis mode.";
    145. 

  145. 	$userinfo['stasismode'] = 0;
    146. 

  146. 	$sql = "SELECT username FROM users WHERE user_id = {$_SESSION['user_id']}";
    147. 

  147. 	$thisuser = onelinequery($sql);
    148. 

  148. 	$message=<<<EOFORM
    149. 

  149. <a href="viewuser.php?user_id={$_SESSION['user_id']}">{$thisuser['username']}</a> has left stasis.
    150. 

  150. EOFORM;
    151. 

  151. 	$mysqlmessage = $GLOBALS['mysqli']->real_escape_string($message);
    152. 

  152.     $sql =<<<EOSQL
    153. 

  153.     INSERT INTO news (message, posted)
    154. 

  154.     VALUES ('{$mysqlmessage}', NOW())
    155. 

  155. EOSQL;
    156. 

  156.     $GLOBALS['mysqli']->query($sql);
    157. 

  157.     }
    158. 

  158. }
    159. 

  159. if ($_POST['hidebanners']) {
    160. 

  160.     $sql=<<<EOSQL
    161. 

  161.     UPDATE users SET hidebanners = 1 WHERE user_id = '{$_SESSION['user_id']}'
    162. 

  162. EOSQL;
    163. 

  163.     $GLOBALS['mysqli']->query($sql);
    164. 

  164.     $_SESSION['hidebanners'] = 1;
    165. 

  165.     $userinfo['hidebanners'] = 1;
    166. 

  166. } else if ($_POST['showbanners']) {
    167. 

  167.     $sql=<<<EOSQL
    168. 

  168.     UPDATE users SET hidebanners = 0 WHERE user_id = '{$_SESSION['user_id']}'
    169. 

  169. EOSQL;
    170. 

  170.     $GLOBALS['mysqli']->query($sql);
    171. 

  171.     $_SESSION['hidebanners'] = 0;
    172. 

  172.     $userinfo['hidebanners'] = 0;
    173. 

  173. }
    174. 

  174. if ($_POST['hidereports']) {
    175. 

  175.     $sql=<<<EOSQL
    176. 

  176.     UPDATE users SET hidereports = 1 WHERE user_id = '{$_SESSION['user_id']}'
    177. 

  177. EOSQL;
    178. 

  178.     $GLOBALS['mysqli']->query($sql);
    179. 

  179.     $_SESSION['hidereports'] = 1;
    180. 

  180.     $userinfo['hidereports'] = 1;
    181. 

  181. } else if ($_POST['showreports']) {
    182. 

  182.     $sql=<<<EOSQL
    183. 

  183.     UPDATE users SET hidereports = 0 WHERE user_id = '{$_SESSION['user_id']}'
    184. 

  184. EOSQL;
    185. 

  185.     $GLOBALS['mysqli']->query($sql);
    186. 

  186.     $_SESSION['hidereports'] = 0;
    187. 

  187.     $userinfo['hidereports'] = 0;
    188. 

  188. }
    189. 

  189. if ($_POST['hideicons']) {
    190. 

  190.     $sql=<<<EOSQL
    191. 

  191.     UPDATE users SET hideicons = 1 WHERE user_id = '{$_SESSION['user_id']}'
    192. 

  192. EOSQL;
    193. 

  193.     $GLOBALS['mysqli']->query($sql);
    194. 

  194.     $userinfo['hideicons'] = 1;
    195. 

  195. } else if ($_POST['showicons']) {
    196. 

  196.     $sql=<<<EOSQL
    197. 

  197.     UPDATE users SET hideicons = 0 WHERE user_id = '{$_SESSION['user_id']}'
    198. 

  198. EOSQL;
    199. 

  199.     $GLOBALS['mysqli']->query($sql);
    200. 

  200.     $userinfo['hideicons'] = 0;
    201. 

  201. }
    202. 

  202. }
    203. 

  203. ?>
    204.