& Matías Parodi # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # ## if (!defined("SECURITY")) { exit; } if ($_SESSION['LOGIN'] !== true) header("Location: {$base}home"); $topic = safe_str($_GET['topic'], true); if (($topic == 'profile') or (empty($topic))) { echo '

Perfil | Configuración | Avatar

'; if ($_POST) { $name = safe_str($_POST['name'], true); $web = safe_str($_POST['web'], true); $location = safe_str($_POST['location'], true); $bio = safe_str($_POST['bio'], true); $twitter_username = safe_str($_POST['twitter_username'], true); $twitter_password = safe_str($_POST['twitter_password'], true); $web_match = preg_match_all('/^(?:http:\/\/)?((?:[\w\-]+(?:\.[\w^_]+)+){1}\S*)$/', $web, $matches); if (($web_match == 1) or (empty($web))) { $web = preg_replace('/^(?:http:\/\/)?((?:[\w\-]+(?:\.[\w^_]+)+){1}\S*)$/', 'http://$1', $web); $sql = "UPDATE `users` SET `name` = '" . $name . "', `web` = '" . $web . "', `location` = '" . $location . "', `bio` = '" . $bio . "', `twitter_username` = '" . $twitter_username . "', `twitter_password` = '" . $twitter_password . "' WHERE (`users`.`id_user` = '" . $_SESSION['ID_USER']. "') LIMIT 1;"; mysql_query($sql); echo '' . _('¡Opciones actualizadas!') . '

'; } else { echo '

' . _('URL incorrecta') . '

'; ?>

Perfil | Configuración | Avatar

'; if ($_POST) { $current_password = safe_str($_POST['current_password']); $sql = "SELECT * FROM `users` WHERE (`users`.`id_user` = '" . $_SESSION['ID_USER'] . "') LIMIT 1;"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mysql_free_result($result); $current_password = md5(md5($current_password) . md5($row['salt'])); if ($current_password == $row['password']) { $new_password = safe_str($_POST['new_password']); $repeat_new_password = safe_str($_POST['repeat_new_password']); $email = safe_str($_POST['email'], true); $regenerate_api = safe_str($_POST['regenerate_api']); $configuration_error = false; if (!empty($new_password)) { if ((strlen($new_password) >= 6) and (strlen($new_password) <= 15)) { if ($new_password == $repeat_new_password) { $salt = substr(md5(rand()), 0, 5); $new_password = md5(md5($new_password) . md5($salt)); $query[] = "`password` = '" . $new_password . "'"; $query[] = "`salt` = '" . $salt . "'"; } else { echo '

' . _('Las contraseñas no coinciden') . '

'; $configuration_error = true; } } else { echo '

' . _('La contraseña debe tener entre 6 y 15 caracteres') . '

'; $configuration_error = true; } } if ($regenerate_api) { $old_api = $row['api']; $new_api = substr(md5(rand()), 0, 8); $query[] = "`api` = '" . $new_api . "'"; } if (filter_var($email, FILTER_VALIDATE_EMAIL)) { $query[] = "`email` = '" . $email . "'"; } else { echo '

' . _('Correo electrónico inválido.') . '

'; $configuration_error = true; } if ($configuration_error === false) { $sql_query = implode(', ', $query); $sql = "UPDATE `users` SET " . $sql_query . " WHERE (`users`.`id_user` = '" . $_SESSION['ID_USER']. "') LIMIT 1;"; mysql_query($sql); $_SESSION['EMAIL'] = $email; $_SESSION['API'] = $new_api; echo '

' . _('¡Actualizado con éxito!') . '

'; } } else { echo '

' . _('La contraseña actual no es correcta') . '

'; } } ?>

Perfil | Configuración | Avatar