File: /var/www/html/tmpr/../tmpr/../tmpr/../accountreporta.php
<?php
require("v/NewsSql.inc.php");
$db = new NewsSQL($dbname);
page_protect();
$catalogid5 = $_GET["nani"];
$rs_settings = mysqli_query($link,"select * from users where catalogid='$_SESSION[euserid]'");
if($_POST['doUpdate'] == 'Update')
{
$rs_pwd = mysqli_query("select pwd from users where catalogid='$_SESSION[euserid]'");
list($old) = mysql_fetch_row($rs_pwd);
if($old == md5($_POST['pwd_old']))
{
$newmd5 = md5(mysql_real_escape_string($_POST['pwd_new']));
mysqli_query("update users set pwd='$newmd5' where catalogid='$_SESSION[euserid]'");
header("Location: step.php?msg=Your new password is updated");
} else
{
header("Location: accountreporta.php?msg=Your old password is invalid");
}
}
if($_POST['doSave'] == 'Save')
{
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
$_POST = filter($_POST);
mysqli_query("UPDATE users SET
`county` = '$_POST[county]',
`category` = '$_POST[category]',
`description` = '$_POST[description]',
`tel` = '$_POST[tel]',
`user_email` = '$_POST[email]',
`fb` = '$_POST[fb]',
`tw` = '$_POST[tw]',
`tel` = '$_POST[tel]'
WHERE catalogid='$_SESSION[euserid]'
") or die(mysql_error());
session_start();
// this sets variables in the session
$_SESSION['sluga']= $_POST[slug];
$_SESSION['user_name'] = $_POST[name];
/*
$message = "Hi $_POST[name] \n
Welcome to Eziki. Thank you for registering with our exciting video sharing website. \n
http://www.eziki.tv \n
Thank You \n
Eziki Team";
$usr_email = $_POST[email];
mail($usr_email, "Welcome to Eziki", $message,
"From: \"Eziki\" <info@eziki.tv>\r\n" .
"X-Mailer: PHP/" . phpversion());
*/
if (isset($_SESSION['goback'])) {
$goback = $_SESSION['goback'];
header("Location: $goback");
}
header('Location: accountreporta.php?msg=Profile+Sucessfully+Saved ');
}
?>
<html>
<head>
<title>My Account Settings</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript" src="v/js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="v/js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$.validator.addMethod("address", function(value, element) {
return this.optional(element) || /^[a-z0-9\_]+$/i.test(value);
}, "URL must no spaces and can contain only letters, numbers, or underscore.");
$("#regForm").validate();
$("#myform").validate();
$("#pform").validate();
});
</script>
<style type="text/css">
<!--
.style9 {font-size: 12}
-->
</style> <style type="text/css">
<!--
.style4 { font-size: 16px;
font-weight: bold;
}
.style13 {
font-size: 10px
}
body,td,th {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
color:#FFF
}
body {
margin-left: 0px;
margin-top: 0px;
}
.style14 {font-size: 14px}
.style15 {
color: #99CC00;
font-weight: bold;
}
a:link {
color: #FFF;
text-decoration: none;
}
a:visited {
text-decoration: none;
color: #FFF;
}
a:hover {
text-decoration: none;
color: #FFF;
}
a:active {
text-decoration: none;
color: #FFF;
}
-->
</style>
</head>
<table width="400" border="0" align="left" cellpadding="0" cellspacing="0" >
<tr>
<td width="400" align="left" valign="top">
<strong style="font-size:18px;color:#FC0;">My Account Settings | </strong><span style="color:#FFF"><a href="v/datareports?widget=<?php echo $catalogid5;?>" >Back </a></span>
<strong style="font-size:12px;color:#0C9;"> <?php echo "<div class=\"response\"><center><strong>$_GET[msg]</strong></center></div>"; ?></strong>
<? while ($row_settings = mysql_fetch_array($rs_settings)) {?>
</p>
<form action="accountreporta.php" method="post" name="myform" id="myform">
<table width="400" border="0" align="left" cellpadding="0" cellspacing="0" class="forms">
<tr>
<td width="100%" height="59"> Username<br>
<input style="padding:10px" name="name" type="text" id="name" value="<? echo $row_settings['catalogname']; ?>" size="50">
<span class="example"> </span></td>
</tr><tr>
<td height="59">URL eziki.tv/yourname <span class="example">(Just enter name e.g peter)</span><br>
<input name="slug" style="padding:10px" disabled type="text" id="slug" value="<? echo $row_settings['slug']; ?>" size="50"> </td>
</tr> <tr>
<td width="320" height="50"><span class="style8"><strong>Default</strong> Assignment</span><br>
<select name="category" class="required" >
<?php
$nameinfo = $db->getallcategoriesR($catalogid5);
if (!empty($nameinfo)){
while (list($key,$val)=each($nameinfo)) {
$tempcatalogid = stripslashes($val["catalogid"]);
$catalogname = stripslashes($val["catalogname"]);
if ($row_settings['category']==$tempcatalogid){
print "<option value=\"$tempcatalogid\" selected>$catalogname</option>";
}
print "<option value=\"$tempcatalogid\">$catalogname</option>";
if ($row_settings['category']==$tempcatalogid){}
}
}
?><option value="10000">Other</option>
</select></td>
</tr>
<tr>
<td width="320" height="50"><span class="style8"><strong>My County</strong> </span><br>
<select name="county" class="required" >
<?php
$nameinfo = $db->getallcounties();
if (!empty($nameinfo)){
while (list($key,$val)=each($nameinfo)) {
$tempcatalogid = stripslashes($val["catalogid"]);
$catalogname = stripslashes($val["catalogname"]);
if ($row_settings['county']==$tempcatalogid){
print "<option value=\"$tempcatalogid\" selected>$catalogname</option>";
}
print "<option value=\"$tempcatalogid\">$catalogname</option>";
if ($row_settings['category']==$tempcatalogid){}
}
}
?>
</select></td>
</tr><tr>
<tr>
<td height="70"> Your Short Bio <br>
<textarea name="description" cols="30" rows="3" style="padding:10px" id="description"><? echo $row_settings['description']; ?></textarea> </td>
</tr>
<tr>
<td height="58">Your Email<br>
<input name="email" type="text" style="padding:10px" class=" " id="email" value="<? echo $row_settings['user_email']; ?>" size="50"></td>
</tr>
<tr>
<td height="61">Cellphone<br>
<input name="tel" type="text" style="padding:10px" id="tel" value="<? echo $row_settings['tel']; ?>" size="50"></td>
</tr>
<tr>
<td height="60">Your Facebook Link<br>
<input name="fb" type="text" id="fb" style="padding:10px" value="<? echo $row_settings['fb']; ?>" size="50"></td>
</tr>
<tr>
<td>Your Twitter Link<br>
<input name="tw" type="text" style="padding:10px" id="tw" value="<? echo $row_settings['tw']; ?>" size="50"></td>
</tr>
<tr>
</tr>
</table>
<p align="left">
<input name="doSave" type="submit" class="formbutton" id="doSave" value="Save">
</p>
</form>
<? } ?></td>
</tr>
<tr>
<td align="left"><span id="buttoned2">Change my Password </span> <br>
<br>
<br>
<p>If you want to change your password, please input your old and new password
to make changes.</p>
<div style="padding:10px;">
<div class="wa">
<div class="wb">
<div class="wc">
<div class="wd"> <form name="pform" id="pform" method="post" action="">
<table width="100%" border="0" align="center" cellpadding="3" cellspacing="3" class="forms">
<tr>
<td width="31%" height="32">Old Password</td>
<td width="69%"><input name="pwd_old" style="padding:10px" type="password" class="required password" id="pwd_old"></td>
</tr>
<tr>
<td>New Password</td>
<td><input name="pwd_new" style="padding:10px" type="password" id="pwd_new" class="required password" ></td>
</tr>
</table>
<p align="center">
<input name="doUpdate" type="submit" class="large ezbutton green" style=" margin-top:2px;border:0px;width:200px; margin-right:5px" id="doUpdate" value="Update">
</p>
<p> </p>
</form>
<p> </p>
<p> </p></div></div></div></div></div>
<p align="right"> </p></td>
</tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>
<?php mysql_close($videoondemand); ?>