PageRenderTime 47ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/legacy/includes/pages/myoptions/username.php

http://novaboard.googlecode.com/
PHP | 111 lines | 61 code | 38 blank | 12 comment | 8 complexity | 56e8ae6681550a22ef7a469d34124636 MD5 | raw file
Possible License(s): AGPL-3.0 
    

  1. <?php

    2. 

  2. 

    3. 

  3. /*

    4. 

  4. +--------------------------------------------------------------------------

    5. 

  5. |   NovaBoard

    6. 

  6. |   ========================================

    7. 

  7. |   By Dave Murchison

    8. 

  8. |   (c) 2009 NovaBoard

    9. 

  9. |   http://www.novaboard.net

    10. 

  10. |   ========================================

    11. 

  11. |   username.php - change member username

    12. 

  12.  

    13. 

  13. */

    14. 

  14. 

    15. 

  15. if (!defined('NOVA_RUN')){

    16. 

  16. 	echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";

    17. 

  17. 	exit();

    18. 

  18. }

    19. 

  19. 

    20. 

  20. template_hook("pages/myoptions/username.template.php", "start");

    21. 

  21. 

    22. 

  22. if ($can_change_own_name=='0'){

    23. 

  23. 

    24. 

  24. 	nova_redirect("index.php?page=error&error=21","error/21");

    25. 

  25. 

    26. 

  26. }

    27. 

  27. elseif ($_POST['username']!=''){

    28. 

  28. 

    29. 

  29. $token_id = $_POST['token_id'];

    30. 

  30. $token_id = escape_string($token_id);

    31. 

  31. 

    32. 

  32. $token_name = "token_username_$token_id";

    33. 

  33. 

    34. 

  34.  if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){

    35. 

  35. 

    36. 

  36. $username=$_POST['username'];

    37. 

  37. $username=escape_string($username);

    38. 

  38. 

    39. 

  39. $query2 = "select NAME from {$db_prefix}members WHERE NAME='$username'" ;

    40. 

  40. $result2 = mysql_query($query2) or die("username.php - Error in query: $query2") ;                                  

    41. 

  41. $count_names = mysql_num_rows($result2);

    42. 

  42. 

    43. 

  43. if ($count_names!='0'){

    44. 

  44. 

    45. 

  45. 	nova_redirect("index.php?page=error&error=37","error/37");

    46. 

  46. 

    47. 

  47. }

    48. 

  48. 

    49. 

  49. $original_name=$_POST['original_name'];

    50. 

  50. $original_name=escape_string($original_name);

    51. 

  51. 

    52. 

  52. $email=$_POST['email'];

    53. 

  53. $email=escape_string($email);

    54. 

  54. 

    55. 

  55. // first, check username isn't taken, if it is, redirect to error page...

    56. 

  56. 

    57. 

  57. 

    58. 

  58. 

    59. 

  59. mysql_query("UPDATE {$db_prefix}members SET name='$username' WHERE id='$my_id'");

    60. 

  60. 

    61. 

  61. 	$lang['email_members_name_title'] = str_replace("<%sitename>", $site_name, $lang['email_members_name_title']);

    62. 

  62. 

    63. 

  63. 	$lang['email_members_name_content'] = str_replace("<%oldname>", $original_name, $lang['email_members_name_content']);	

    64. 

  64. 	$lang['email_members_name_content'] = str_replace("<%subscriber>", $username, $lang['email_members_name_content']);

    65. 

  65. 	$lang['email_members_name_content'] = str_replace("<%sitename>", $site_name, $lang['email_members_name_content']);

    66. 

  66. 	$lang['email_members_name_content'] = str_replace("<%site>", $nova_domain, $lang['email_members_name_content']);

    67. 

  67. 

    68. 

  68. $message=$lang['email_members_name_content'];

    69. 

  69. $outgoing="$email";

    70. 

  70. $from="From: $site_name <$board_email>\r\n";

    71. 

  71. $subject=$lang['email_members_name_title'];

    72. 

  72. mail($outgoing, $subject, $message, $from);

    73. 

  73. 

    74. 

  74. 	template_hook("pages/myoptions/username.template.php", "form");

    75. 

  75. 

    76. 

  76. 	nova_redirect("index.php?page=login","login");

    77. 

  77. 

    78. 

  78. }

    79. 

  79. else{

    80. 

  80. 

    81. 

  81. 	nova_redirect("index.php?page=error&error=28","error/28");

    82. 

  82. 

    83. 

  83. }

    84. 

  84. }

    85. 

  85. else{

    86. 

  86. 

    87. 

  87. 

    88. 

  88. $token_id = md5(microtime());

    89. 

  89. $token = md5(uniqid(rand(),true));

    90. 

  90. 

    91. 

  91. $token_name = "token_username_$token_id";

    92. 

  92. 

    93. 

  93. $_SESSION[$token_name] = $token;

    94. 

  94. 

    95. 

  95. $query2 = "select ID, NAME, EMAIL from {$db_prefix}members WHERE ID='$my_id'" ;

    96. 

  96. $result2 = mysql_query($query2) or die("username.php - Error in query: $query2") ;                                  

    97. 

  97. while ($results2 = mysql_fetch_array($result2)){

    98. 

  98. $id = $results2['ID'];

    99. 

  99. $name = $results2['NAME'];

    100. 

  100. $email = $results2['EMAIL'];

    101. 

  101. 

    102. 

  102. $email=strip_slashes($email);

    103. 

  103. 

    104. 

  104. template_hook("pages/myoptions/username.template.php", "2");

    105. 

  105. 

    106. 

  106. }

    107. 

  107. }

    108. 

  108. 

    109. 

  109. template_hook("pages/myoptions/username.template.php", "end");

    110. 

  110. 

    111. 

  111. ?>
    112.