File size: 15.24Kb
<?php
include_once '../sys/inc/start.php';
include_once COMPRESS;
include_once SESS;
include_once '../sys/inc/home.php';
include_once SETTINGS;
include_once DB_CONNECT;
include_once IPUA;
include_once FNC;
include_once '../sys/inc/shif.php';
include_once ADM_CHECK;
include_once USER;
user_access('user_prof_edit', null, 'index.php?' . SID);
adm_check();
if (isset($_GET['id'])) {
$ank['id'] = intval($_GET['id']);
} else {
header("Location: /index.php?" . SID);
exit;
}
if (dbresult(dbquery("SELECT COUNT(*) FROM `user` WHERE `id` = '$ank[id]' LIMIT 1"), 0) == 0) {
header("Location: /index.php?" . SID);
exit;
}
$ank = get_user($ank['id']);
if ($user['level'] <= $ank['level']) {
header("Location: /index.php?" . SID);
exit;
}
$set['title'] = 'Профиль пользователя ' . $ank['nick'];
include_once THEAD;
title();
if (isset($_POST['save'])) {
if (isset($_POST['nick']) && $_POST['nick'] != $ank['nick']) {
if (dbresult(dbquery("SELECT COUNT(*) FROM `user` WHERE `nick` = '" . my_esc($_POST['nick']) . "'"), 0) == 1) {
$err = 'Логин ' . $_POST['nick'] . ' уже занят';
} elseif (user_access('user_change_nick')) {
$nick = my_esc($_POST['nick']);
if (!preg_match("#^([A-zА-я0-9\-\_\ ])+$#ui", $nick)) {
$err[] = 'В логине присутствуют запрещенные символы';
}
if (strlen2($nick) < 3) {
$err[] = 'Короткий логин';
}
if (strlen2($nick) > 32) {
$err[] = 'Длина логина превышает 32 символа';
}
if (!isset($err)) {
admin_log('Пользователи', 'Изменение логина', "Логин $ank[nick] изменен на $nick");
$ank['nick'] = $nick;
dbquery("UPDATE `user` SET `nick` = '$nick' WHERE `id` = '$ank[id]' LIMIT 1");
}
} else {
$err[] = 'У Вас нет привилегий на изменение логина пользователя';
}
}
if (isset($_POST['set_files']) && ($_POST['set_files'] == 1 || $_POST['set_files'] == 0)) {
$ank['set_files'] = $_POST['set_files'];
dbquery("UPDATE `user` SET `set_files` = '$ank[set_files]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err = 'Ошибка режима файлов';
}
if (isset($_POST['set_time_chat']) && (is_numeric($_POST['set_time_chat']) && $_POST['set_time_chat'] >= 0 && $_POST['set_time_chat'] <= 900)) {
$ank['set_time_chat'] = $_POST['set_time_chat'];
dbquery("UPDATE `user` SET `set_time_chat` = '$ank[set_time_chat]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err = 'Ошибка во времени автообновления';
}
if (isset($_POST['set_p_str']) && (is_numeric($_POST['set_p_str']) && $_POST['set_p_str'] > 0 && $_POST['set_p_str'] <= 100)) {
$ank['set_p_str'] = $_POST['set_p_str'];
dbquery("UPDATE `user` SET `set_p_str` = '$ank[set_p_str]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err = 'Неправильное количество пунктов на страницу';
}
if (isset($_POST['ank_name']) && preg_match('#^([A-zА-я \-]*)$#ui', $_POST['ank_name'])) {
$ank['ank_name'] = esc(stripcslashes(htmlspecialchars($_POST['ank_name'])));
dbquery("UPDATE `user` SET `ank_name` = '$ank[ank_name]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err = 'Вы ошиблись в поле имя';
}
if (isset($_POST['ank_d_r']) && (is_numeric($_POST['ank_d_r']) && $_POST['ank_d_r'] > 0 && $_POST['ank_d_r'] <= 31 || $_POST['ank_d_r'] == NULL)) {
$ank['ank_d_r'] = $_POST['ank_d_r'];
if ($ank['ank_d_r'] == null) {
$ank['ank_d_r'] = 'null';
}
dbquery("UPDATE `user` SET `ank_d_r` = $ank[ank_d_r] WHERE `id` = '$ank[id]' LIMIT 1");
if ($ank['ank_d_r'] == 'null') {
$ank['ank_d_r'] = NULL;
}
} else {
$err = 'Неверный формат дня рождения';
}
if (isset($_POST['ank_m_r']) && (is_numeric($_POST['ank_m_r']) && $_POST['ank_m_r'] > 0 && $_POST['ank_m_r'] <= 12 || $_POST['ank_m_r'] == NULL)) {
$ank['ank_m_r'] = $_POST['ank_m_r'];
if ($ank['ank_m_r'] == null) {
$ank['ank_m_r'] = 'null';
}
dbquery("UPDATE `user` SET `ank_m_r` = $ank[ank_m_r] WHERE `id` = '$ank[id]' LIMIT 1");
if ($ank['ank_m_r'] == 'null') {
$ank['ank_m_r'] = NULL;
}
} else {
$err = 'Неверный формат месяца рождения';
}
if (isset($_POST['ank_g_r']) && (is_numeric($_POST['ank_g_r']) && $_POST['ank_g_r'] > 0 && $_POST['ank_g_r'] <= date('Y') || $_POST['ank_g_r'] == NULL)) {
$ank['ank_g_r'] = $_POST['ank_g_r'];
if ($ank['ank_g_r'] == null) {
$ank['ank_g_r'] = 'null';
}
dbquery("UPDATE `user` SET `ank_g_r` = $ank[ank_g_r] WHERE `id` = '$ank[id]' LIMIT 1");
if ($ank['ank_g_r'] == 'null') {
$ank['ank_g_r'] = NULL;
}
} else {
$err = 'Неверный формат года рождения';
}
if (isset($_POST['ank_city']) && preg_match('#^([A-zА-я \-]*)$#ui', $_POST['ank_city'])) {
$ank['ank_city'] = esc(stripcslashes(htmlspecialchars($_POST['ank_city'])));
dbquery("UPDATE `user` SET `ank_city` = '$ank[ank_city]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err = 'Вы ошиблись в поле город';
}
if (isset($_POST['ank_skype']) && preg_match('#^([A-z0-9 \-]*)$#ui', $_POST['ank_skype'])) {
$ank['ank_skype'] = $_POST['ank_skype'];
if ($ank['ank_skype'] == null) {
$ank['ank_skype'] = 'null';
}
dbquery("UPDATE `user` SET `ank_skype` = '" . my_esc($ank['ank_skype']) . "' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err[] = 'Неверный логин Skype';
}
if (isset($_POST['ank_n_tel']) && (is_numeric($_POST['ank_n_tel']) && strlen($_POST['ank_n_tel']) >= 5 && strlen($_POST['ank_n_tel']) <= 11 || $_POST['ank_n_tel'] == NULL)) {
$ank['ank_n_tel'] = $_POST['ank_n_tel'];
dbquery("UPDATE `user` SET `ank_n_tel` = '$ank[ank_n_tel]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err = 'Неверный формат номера телефона';
}
if (isset($_POST['ank_mail']) && ($_POST['ank_mail'] == null || preg_match('#^[A-z0-9-\._]+@[A-z0-9]{2,}\.[A-z]{2,4}$#ui', $_POST['ank_mail']))) {
$ank['ank_mail'] = $_POST['ank_mail'];
dbquery("UPDATE `user` SET `ank_mail` = '$ank[ank_mail]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err[] = 'Неверный E-mail';
}
if (isset($_POST['ank_o_sebe']) && preg_match('#^([A-zА-я \-]*)$#ui', $_POST['ank_o_sebe'])) {
$ank['ank_o_sebe'] = esc(stripcslashes(htmlspecialchars($_POST['ank_o_sebe'])));
dbquery("UPDATE `user` SET `ank_o_sebe` = '$ank[ank_o_sebe]' WHERE `id` = '$ank[id]' LIMIT 1");
} else {
$err = 'Вы ошиблись в поле о себе';
}
if (isset($_POST['new_pass']) && strlen2($_POST['new_pass']) > 5) {
admin_log('Пользователи', 'Смена пароля', "Пользователю '$ank[nick]' установлен новый пароль");
dbquery("UPDATE `user` SET `pass` = '" . shif($_POST['new_pass']) . "' WHERE `id` = '$ank[id]' LIMIT 1");
}
if (user_access('user_change_group') && isset($_POST['group_access'])) {
if (dbresult(dbquery("SELECT COUNT(*) FROM `user_group` WHERE `id` = '" . intval($_POST['group_access']) . "' AND `level` < '$user[level]'"), 0) == 1) {
if ($ank['group_access'] != intval($_POST['group_access'])) {
admin_log('Пользователи', 'Изменение статуса', "Пользователь '$ank[nick]': Статус '$ank[group_name]' изменен на '" . dbresult(dbquery("SELECT `name` FROM `user_group` WHERE `id` = '" . intval($_POST['group_access']) . "'"), 0) . "'");
$ank['group_access'] = intval($_POST['group_access']);
dbquery("UPDATE `user` SET `group_access` = '$ank[group_access]' WHERE `id` = '$ank[id]' LIMIT 1");
}
}
}
if (($user['level'] >= 3 || $ank['id'] == $user['id']) && isset($_POST['balls']) && is_numeric($_POST['balls'])) {
$ank['balls'] = intval($_POST['balls']);
dbquery("UPDATE `user` SET `balls` = '$ank[balls]' WHERE `id` = '$ank[id]' LIMIT 1");
}
admin_log('Пользователи', 'Профиль', "Редактирование профиля пользователя '$ank[nick]' (id#$ank[id])");
if (!isset($err)) {
msg('Изменения сохранены');
}
}
err();
aut();
echo "<div class='list-group'>";
echo "<form method='post' class='list-group-item' action='user.php?id=$ank[id]'>";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Логин:</label>\n";
echo "<input" . (user_access('user_change_nick') ? null : ' disabled="disabled"') . " type='text' class='form-control' name='nick' value='$ank[nick]' maxlength='32' />";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Имя:</label>\n";
echo "<input type='text' name='ank_name' class='form-control' value='$ank[ank_name]' maxlength='32' />";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Дата рождения:</label>\n";
echo "<div class='input-group mb-3'>";
//День
echo '<select name="ank_d_r" class="form-select"><option selected="' . $ank['ank_d_r'] . '" value="' . $ank['ank_d_r'] . '" >' . $ank['ank_d_r'] . '</option>';
for ($i = 1; $i < 32; ++$i) {
echo '<option value="' . $i . '">' . $i . '</option>';
}
echo '</select>';
//Месяц
echo '<select name="ank_m_r" class="form-select"><option selected="' . $ank['ank_m_r'] . '" value="' . $ank['ank_m_r'] . '" >' . $ank['ank_m_r'] . '</option>';
for ($i = 1; $i < 13; ++$i) {
echo '<option value="' . $i . '">' . $i . '</option>';
}
echo '</select>';
//Год
echo '<select name="ank_g_r" class="form-select"><option selected="' . $ank['ank_g_r'] . '" value="' . $ank['ank_g_r'] . '" >' . $ank['ank_g_r'] . '</option>';
for ($i = 1920; $i < date('Y') - 7; ++$i) {
echo '<option value="' . $i . '">' . $i . '</option>';
}
echo '</select><br />';
echo "</div>\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Город:</label><br />\n<input type='text' name='ank_city' class='form-control' value='$ank[ank_city]' maxlength='32' />";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Skype</label><br /><input type='text' name='ank_skype' class='form-control' value='$ank[ank_skype]' maxlength='16' />";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>E-mail:</label><br />\n<input type='text' name='ank_mail' class='form-control' value='$ank[ank_mail]' maxlength='32' />";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Номер телефона:</label><br />\n<input type='text' name='ank_n_tel' class='form-control' value='$ank[ank_n_tel]' maxlength='11' />";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>О себе:</label><br />\n<input type='text' name='ank_o_sebe' class='form-control' value='$ank[ank_o_sebe]' maxlength='512' />\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Автообновление в чате:</label><br />\n<input type='text' class='form-control' name='set_time_chat' value='$ank[set_time_chat]' maxlength='3' />\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Пунктов на страницу:</label><br />\n<input type='text' name='set_p_str' class='form-control' value='$ank[set_p_str]' maxlength='3' />\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Выгрузка файлов:</label><br />\n";
echo "<select name=\"set_files\" class='form-select'>\n";
if ($ank['set_files'] == 1) {
$sel = ' selected="selected"';
} else {
$sel = NULL;
}
echo "<option value=\"1\"$sel>Показывать поле</option>\n";
if ($ank['set_files'] == 0) {
$sel = ' selected="selected"';
} else {
$sel = NULL;
}
echo "<option value=\"0\"$sel>Не использовать выгрузку</option>\n";
echo "</select>\n";
echo "</div>\n";
if ($user['level'] < 3) {
$dis = ' disabled="disabled"';
} else {
$dis = NULL;
}
echo "<div class='mb-3'>";
echo "<label class='form-label'>Баллы:</label><br />\n<input type='text'$dis name='balls' class='form-control' value='$ank[balls]' />\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Должность:</label><br />\n<select class='form-control' name='group_access'" . (user_access('user_change_group') ? null : ' disabled="disabled"') . ">\n";
$q = dbquery("SELECT * FROM `user_group` ORDER BY `level`,`id` ASC");
while ($post = dbassoc($q)) {
echo "<option value='$post[id]'" . ($post['level'] >= $user['level'] ? " disabled='disabled'" : null) . "" . ($post['id'] == $ank['group_access'] ? " selected='selected'" : null) . ">" . $post['name'] . "</option>\n";
}
echo "</select>\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Дополнительная должность:</label><br />\n<select class='form-control' name='group_access2'" . (user_access('user_change_group') ? null : ' disabled="disabled"') . "><br />\n";
$q = dbquery("SELECT * FROM `user_group` ORDER BY `level`,`id` ASC");
while ($post = dbassoc($q)) {
echo "<option value='$post[id]'" . ($post['level'] >= $user['level'] ? " disabled='disabled'" : null) . "" . ($post['id'] == $ank['group_access'] ? " selected='selected'" : null) . ">" . $post['name'] . "</option>\n";
}
echo "</select>\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Новый пароль:</label><br />\n<input type='text' class='form-control' name='new_pass' value='' />\n";
echo "</div>\n";
echo "<button type='submit' name='save' class='btn btn-success'><i class='mdi mdi-content-save-outline'></i> Сохранить изменения</button>\n";
echo "</form>\n";
echo "<div class='list-group-item'>\n";
echo "<a href=\"/mail.php?id=$ank[id]\"><i class='mdi mdi-email-outline'></i> Написать сообщение</a><br />\n";
echo "<a href=\"/info.php?id=$ank[id]\"><i class='mdi mdi-account-outline'></i> Профиль $ank[nick]</a><br />\n";
echo "</div>\n";
if (user_access('adm_panel_show')) {
echo "<div class='list-group-item list-group-item-light'>\n";
echo "<a href='/adm_panel/'><i class='mdi mdi-arrow-left'></i> Панель управления</a>\n";
echo "</div>\n";
}
echo "</div>\n";
include_once TFOOT;
?>