Viewing file:  profiles.phtml (15.6 KB) -rwxrwxr-x
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?
require('ax5.inc');
/*
Table "profiles"
Attribute | Type | Modifier
---------------+------+----------
name | text | not null
realname | text |
location | text |
compete_style | text |
gym_attend | text |
height | text |
weight | text |
age | text |
gender | text |
about | text |
email | text |
url | text |
Index: profiles_pkey
*/
function display_load_form($profile="") {
if(isset($profile['name'])) $profile_name = $profile['name'];
else $profile_name = '';
?>
<form method="post">
<table cellpadding="0" cellspacing="0">
<tr>
<td class="col1">Name:</td>
<td class="col2">
<input type="text" name="name" size="30" value="<? echo htmlspecialchars($profile_name); ?>" />
<input type="submit" name="action" value="Create/load profile" />
</td>
</tr>
</table>
</form>
<?
}
function textfield($label,$arrayname,$tag,$array) {
return '<tr><td class="col1">'.$label.'</td><td class="col2"><input type="text" size="40" name="'.$arrayname.'['.$tag.']" size="40" value="'.htmlspecialchars($array[$tag]).'" /></td>';
}
function display_profile_form($profile) {
?>
<form method="post" action="<? echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
<table id="profileDisplay" cellpadding="0" cellspacing="0">
<tr>
<td class="col1">AX name:</td>
<td class="col2">
<input type="hidden" name="profile[name]" value="<? echo htmlspecialchars($profile['name']) ?>" />
<span id="userName"><? echo htmlspecialchars($profile['name']) ?></span>
[ <a href="./profiles?action=display&name=<? echo urlencode($profile['name']) ?>">View your profile</a> ]
<? //<input type="submit" name="action" value="Change user" /> ?>
<?php
echo textfield('Real name:','profile','realname',$profile);
echo textfield('Email address:','profile','email',$profile);
echo textfield('Webpage URL:','profile','url',$profile);
echo textfield('Where do you live (include country please)?:','profile','location',$profile);
echo textfield('What do you train/compete in?:','profile','compete_style',$profile);
echo textfield('If you attend a gym, what gym do you attend?:','profile','gym_attend',$profile);
echo textfield('Height:','profile','height',$profile);
echo textfield('Weight:','profile','weight',$profile);
echo textfield('Age:','profile','age',$profile);
echo textfield('Gender:','profile','gender',$profile);
?>
<tr>
<td class="col1">
Attach image:
</td>
<td class="col2">
<input type="file" name="userfile" />
</td>
</tr>
<tr>
<td class="col1">
Tell us about yourself:
</td>
<td class="col2">
<textarea name="profile[about]"><? print $profile['about'] ?></textarea>
</td>
<tr>
<td class="col1">
</td>
<td class="col2">
<input type="submit" name="action" value="Save Profile" />
</td>
</tr>
</table>
</form>
<?
}
function display_profile($profile) {
global $HTTP_COOKIE_VARS;
if (isset($_SESSION['username'])) $session_username = $_SESSION['username'];
else $session_username = '';
?>
<table id="profileDisplay" cellpadding="0" cellspacing="0">
<tr>
<td class="col1">
AX name:
</td>
<td class="col2">
<form method="post" action="./profiles">
<span class="userName"><? echo htmlspecialchars($profile['name']) ?></span>
<?
if ($profile['name']==addslashes($session_username)) {
echo " <input type=\"submit\" name=\"action\" value=\"Edit profile\" />";
}
?>
</form>
</td>
</tr>
<? if ($profile['messages_posted']) { ?>
<tr>
<td class="col1">
Number of posts:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['messages_posted']) ?>
</td>
</tr>
<? }; ?>
<tr>
<td class="col1">
Real name:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['realname']) ?>
</td>
</tr>
<tr>
<td class="col1">
Email address:
</td>
<td class="col2">
<a href="mailto:<? echo htmlspecialchars($profile['email']) ?>"><? echo htmlspecialchars($profile['email']) ?></a>
</td>
</tr>
<tr>
<td class="col1">
Webpage URL:
</td>
<td class="col2">
<a href="<? echo htmlspecialchars(((strpos($profile['url'],'://')===FALSE)?'http://':'').trim($profile['url']))?>" rel="nofollow" target="_blank"><? echo htmlspecialchars($profile['url']) ?></a>
</td>
</tr>
<tr>
<td class="col1">
Where do you live?:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['location']) ?>
</td>
</tr>
<tr>
<td class="col1">
What do you train/compete in?:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['compete_style']) ?>
</td>
</tr>
<tr>
<td class="col1">
If you attend a gym, what gym do you attend?:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['gym_attend']) ?>
</td>
</tr>
<tr>
<td class="col1">
Height:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['height']) ?>
</td>
</tr>
<tr>
<td class="col1">
Weight:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['weight']) ?>
</td>
</tr>
<tr>
<td class="col1">
Age:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['age']) ?>
</td>
</tr>
<tr>
<td class="col1">
Gender:
</td>
<td class="col2">
<? echo htmlspecialchars($profile['gender']) ?>
</td>
</tr>
<tr>
<td class="col1">
Tell us about yourself:
</td>
<td class="col2">
<? print nl2br($profile['about']) ?>
</td>
</tr>
</table>
<?
}
function retrieve_profile_data($name) { // try to retrieve profile data based on user name
global $conn;
$result=pg_query($conn,"select * from profiles where name='".pg_escape_string($name)."';");
$result_count = pg_num_rows($result);
if ($result_count) {
$profile=pg_fetch_array($result,0);
$messages_result=pg_query($conn,"select messages_posted from users where name='".pg_escape_string($name)."';");
//echo pg_last_error();
if (pg_num_rows($messages_result)) {
$profile['messages_posted']=pg_result($messages_result,0,0);
} else {
$profile['messages_posted']='';
}
return $profile;
}
return FALSE;
}
function update_profile_data($profile) {
global $conn;
$fields=array("name","realname","location","compete_style","gym_attend","height","weight","age","gender","about","email","url");
$names="(".implode(",",$fields).")";
unset($value);
while (list($key,$val) = each($fields)) {
$value[]=addslashes($profile[$val]);
}
$values="('".implode("','",$value)."')";
pg_exec($conn,"begin;");
pg_exec($conn,"delete from profiles where name='".addslashes($profile['name'])."';");
pg_exec($conn,"insert into profiles ".$names." values ".$values.";");
pg_exec($conn,"commit;");
pg_exec($conn,"end;");
}
// ACTION STARTS HERE ****************************************************************************
$conn=pg_connect("","","","","ax");
if (isset($_REQUEST['action'])) $action = $_REQUEST['action'];
else $action = '';
if (isset($_GET['name'])) $name = trim($_GET['name']);
else $name = '';
/* if (isset($_COOKIE['name'])) $cookie_name = $_COOKIE['name'];
else $cookie_name = '';
if (isset($_COOKIE['password'])) $cookie_password = $_COOKIE['password'];
else $cookie_password = '';*/
if (isset($_SESSION['username'])) $session_username= addslashes($_SESSION['username']);
else $session_username = '';
if (isset($_SESSION['login'])) $logged_in= $_SESSION['login'];
else $logged_in = FALSE;
switch ($action) {
case "login" :
login_session($_POST['username'],$_POST['pw']);
//register_visit();
//display_topics();
break;
case "logout" :
logout_session();
//register_visit();
//display_topics();
break;
case "display":
$profile=retrieve_profile_data($name);
echo 'profile[$name] is '.$profile['name'];
if (isset($profile['name'])) {
disp_preamble("Ax Profiles",$name);
display_profile($profile);
} else {
disp_preamble("Ax Profiles",$name." - not found");
if ($name==$session_username) {
echo "<div id=\"postResponse\"><p>You haven't created a profile yet. </p></div>";
echo "<form method=\"post\" action=\"./profiles.phtml\">\n".
" <input type=\"submit\" name=\"action\" value=\"Edit profile\" />".
"</form>";
}
}
disp_tail();
break;
case "browse":
disp_preamble("Ax Profiles","Browsing Ax Profiles");
$result=pg_exec($conn,"select name, about from profiles order by lower(name);");
$rows=pg_numrows($result);
echo "<div id=\"browseProfiles\">\n";
echo "<h2>The following ".$rows." people have entered information about themselves:</h2>";
echo "<ul>\n";
for($row=0;$row<$rows;$row++) {
$obj=pg_fetch_array($result,$row);
// $about=$result['about'];
$name=$obj['name'];
if (substr_count(strtolower($obj['about']), "<img")>0)
{
echo "<li><a href=\"profiles?action=display&name=".urlencode($name)."\">".$name."</a><font color=#99999> - With Photo</font>\n";
}
else
{
echo "<li><a href=\"profiles?action=display&name=".urlencode($name)."\">".$name."</a>\n";
}
}
echo "</ul>\n";
echo "</div>\n";
disp_tail();
break;
case "Create/load profile":
if (!$logged_in) {
disp_preamble("Ax Profiles",$name);
display_login_required('to edit a profile');
disp_tail();
} else {
disp_preamble("Ax Profiles",$session_username);
$profile=retrieve_profile_data($session_username);
//if ($name==$cookie_name)
// $profile['password']=$cookie_password;
display_profile_form($profile);
disp_tail();
}
break;
case "Save Profile":
$profile=$_POST["profile"];
//$result=pg_query("select userid, name, password from users where name='".addslashes($profile['name'])."' and password='".addslashes($profile['password'])."';");
$result=pg_query("select userid, name, password from users where name='".addslashes($profile['name'])."';");
if (pg_numrows($result)==1) {
disp_preamble("Ax Profiles","Profile update successful");
if ($_FILES['userfile'] && $_FILES['userfile']['tmp_name']!="none" && $_FILES['userfile']['name']!="" )
{
// posting image
//$basedir="images/user_uploaded/";
//$namepart=strtr($profile['name'],"/","-");
$row = pg_fetch_row($result);
$user_id = (string) $row[0];
$full_base_path="/www/theaxforum.com/public_html/";
$basedir="user_images/";
$mydir=$full_base_path.$basedir.$user_id;
$myumask=umask(2);
@ mkdir($mydir,02775);
@ chgrp($mydir,'www-data');
$filename = $HTTP_POST_FILES['userfile']['name'];
$file_info = pathinfo($filename);
$extension = $file_info['extension'];
$file_basename = basename($filename, '.'.$extension);
$counter = 0;
while (file_exists($mydir."/".$filename)) {
$counter++;
$filename = $file_basename."_".(string) $counter.".".$extension;
/*if ($counter == 10) {
echo "Filename:".$filename."\n";
echo "File upload failed. Quitting execution";
exit;
}*/
}
$full_file_path = $mydir."/".$filename;
if (copy($HTTP_POST_FILES['userfile']['tmp_name'],$full_file_path)) {
@ chmod($full_file_path,0664);
@ chgrp($full_file_path,'www-data');
$link="http://theaxforum.com/".$basedir.rawurlencode($user_id)."/".rawurlencode($filename);
$profile['about'].="\n".'<br /><img src="'.$link.'" />'."\n";
//$_POST['text']= $_POST['text']."\n<img src=\"".$link."\" /><br />";
};
umask($myumask);
};
update_profile_data($profile);
pg_exec("insert into authattempt (name,password,result,date,ipaddr) values ('".addslashes($name)."','".addslashes($password)."','OK',now(),'".addslashes($REMOTE_ADDR)."');");
echo "<p align=center>The information you entered is hopefully in the database now.</p>";
$profile=retrieve_profile_data($profile['name']);
//$profile['password']=$cookie_password;
display_profile_form($profile);
disp_tail();
} else {
disp_preamble("Ax Profiles","Profile update failed");
echo "<p align=center>We could not find your user account. Please check your name and password.</p>";
pg_exec("insert into authattempt (name,password,result,date,ipaddr) values ('".addslashes($name)."','".addslashes($password)."','failed',now(),'".addslashes($REMOTE_ADDR)."');");
display_profile_form($profile);
disp_tail();
}
break;
case "Change user":
if (!$logged_in) {
disp_preamble("Ax Profiles",$name);
display_login_required('to edit a profile');
disp_tail();
} else {
disp_preamble("Ax Profiles",$session_username);
$profile=retrieve_profile_data($session_username);
//if ($name==$cookie_name)
// $profile['password']=$cookie_password;
display_profile_form($profile);
disp_tail();
}
break;
case "Edit Profile":
if (!$logged_in) {
disp_preamble("Ax Profiles",$session_username);
display_login_required('to edit a profile');
disp_tail();
} else {
disp_preamble("Ax Profiles",$session_username);
$profile=retrieve_profile_data($session_username);
//if ($name==$cookie_name)
// $profile['password']=$cookie_password;
display_profile_form($profile);
disp_tail();
}
break;
default:
if ($logged_in) {
disp_preamble("Ax Profiles",$session_username);
$profile=retrieve_profile_data($_SESSION['username']);
//if (!isset($profile['realname'])) $profile['realname']=$_COOKIE['name'];
//if ($profile['email']=="") $profile['email']=$_COOKIE['email'];
//if ($profile['url']=="") $profile['url']=$_COOKIE['url'];
//$profile['password']=$_COOKIE['password'];
display_profile_form($profile);
disp_tail();
} else {
disp_preamble("Ax Profiles","");
display_login_required('to edit a profile');
disp_tail();
}
}
?>
|