File: /home/httpd/html/baretube.com.new/controllers/control.edit_profile.php
<?php
if (!$_SESSION['userid']) {
header("Location: $basehttp/login");
exit();
}
if ($_POST) {
$_POST = array_map_array('trim', $_POST);
$_POST = array_map_array('strip_tags', $_POST);
if ($_POST['email'] == '') {
setMessage(_t('E-mail is required!'), 'error');
} else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
setMessage(_t('Invalid Email Address'), 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `email` = '" . mysqli_real_escape_string($dbconn, $_POST['email']) . "' AND `record_num` != '$_SESSION[userid]'", false))) {
setMessage(_t('This e-mail is not available!'), 'error');
}
if ($_FILES['file']['tmp_name']) {
if (filesize($_FILES['file']['tmp_name']) > $config['max_avatar_size'] * 1024) {
setMessage(_t('Your avatar is too big. It can be a maximum of %sizekB in GIF, JPG, or PNG format.', array('%size' => $config['max_avatar_size'])), 'error');
} else {
$ext = explode(".", strtolower($_FILES['file']['name']));
$ext = array_reverse($ext);
if (!in_array($ext[0], array('jpg', 'jpeg', 'png'))) {
setMessage(_t('You may only upload image files.'), 'error');
}
}
}
if (!getMessages(false, 'error')) {
dbUpdate('users', array(
'email' => $_POST['email'],
'location' => htmlentities($_POST['location']),
'age' => (int)$_POST['age'],
'gender' => htmlentities($_POST['gender']),
'description' => htmlentities($_POST['description']),
'custom' => serialize($_POST['custom']),
'session_reload' => 1,
'record_num' => $_SESSION['userid'],
));
dbUpdate('users_notifications', array(
'new_message' => (int) $_POST['notifications']['new_message'],
'new_comment' => (int) $_POST['notifications']['new_comment'],
'new_post' => (int) $_POST['notifications']['new_post'],
'friend_request' => (int) $_POST['notifications']['friend_request'],
'user_id' => $_SESSION['userid'],
), 'user_id');
if ($_POST['newpassword'] != '') {
$getSalt = dbValue("SELECT `salt` FROM `users` WHERE `record_num` = '" . $_SESSION['userid'] . "'", 'salt');
$newpass = mysqli_real_escape_string($dbconn, md5($_POST['newpassword'] . $getSalt));
dbQuery("UPDATE `users` SET `password` = '$newpass', `session_reload` = 1 WHERE `record_num` = '" . $_SESSION['userid'] . "'", false);
}
if ($_FILES['file']['tmp_name']) {
$ext = explode(".", strtolower($_FILES['file']['name']));
$ext = array_reverse($ext);
$filename = uniqid() . '.' . $ext[0];
$target = "$misc_path/$filename";
$target_big = "$misc_path/big-$filename";
move_uploaded_file($_FILES['file']['tmp_name'], $target_big);
makeImageThumbnail($target_big, $target, 800, 600, 'mogrify');
makeImageThumbnail($target_big, $target, 170, 130);
dbQuery("UPDATE `users` SET `avatar` = '$filename' WHERE `record_num` = '" . $_SESSION['userid'] . "'", false);
setCache("getUserAvatar.$_SESSION[userid]", ' ', -1);
}
setMessage(_t('Your information has been updated.'), 'success');
header("Location: $_SERVER[REQUEST_URI]");
exit();
}
}
$userRes = dbQuery("SELECT * FROM users WHERE record_num = '" . $_SESSION['userid'] . "'", false);
$urow = $userRes[0];
$getNotif = dbQuery("SELECT new_message,new_post,new_comment,friend_request FROM users_notifications WHERE user_id = {$_SESSION['userid']}", false);
foreach ($getNotif[0] as $note => $value) {
$urow['notifications'][$note] = $value;
}
$custom = unserialize($urow['custom']);
?>