Your IP : 216.73.216.40
<?php
$loginid = $_REQUEST['loginid'];
if (!$loginid) $loginid = $user;
$submit = $_POST['submit'];
$tbl = 'webaccounts';
$webmasters = array('yes','no');
$passwd = $_POST['passwd'];
$nickname = htmlsafe($_POST['nickname']);
$email = htmlsafe($_POST['email']);
$webmaster = htmlsafe($_POST['webmaster']);
switch ($submit) {
case "SAVE":
if (mysql_num_rows(mysql_query("select * from $tbl where loginid='$loginid'"))) {
if ($passwd) mysql_query("update $tbl set passwd=password('$passwd') where loginid='$loginid'");
mysql_query("update $tbl set nickname='$nickname',email='$email',webmaster='$webmaster'
where loginid='$loginid'");
} else {
mysql_query("insert into $tbl(loginid,passwd,nickname,email,webmaster)
values('$loginid',password('$passwd'),'$nickname','$email','$webmaster')");
}
$tbl = 'webpages';
$rowid = mysql_fetch_object(mysql_query("select rowid from $tbl where nickname='$nickname'"))->rowid;
if (mysql_num_rows(mysql_query("select * from $tbl where rowid=$rowid"))) {
mysql_query("update $tbl set linktext='$nickname',parentid=998,pageid='$nickname',
pagetitle='Profile of $nickname',pageaccess='public',dateupdation=now()
where rowid=$rowid");
} else {
mysql_query("insert into $tbl(linktext,parentid,pageid,pagetitle,pagetype,pageaccess,keyword,datecreation,dateupdation,visibility)
values('$nickname',998, '$nickname','Profile of $nickname','html','public','$nickname, $email',now(),now(),'disable')");
}
break;
case 'DELETE':
mysql_query("delete from $tbl where loginid='$loginid'");
break;
}
$tbl = 'webaccounts';
if ($role == 'admin') {
echo "Select Login
<select name='logid' style='width: 200px' onchange=\"document.location.href='$PHP_SELF?conf=$conf&loginid='+this.value\">
<option value='new'>New</option>";
$rs = mysql_query("SELECT * FROM $tbl order by nickname");
while ($o = mysql_fetch_object($rs)) {
echo "<option value='$o->loginid'";
if ($loginid == $o->loginid) echo " selected";
echo ">$o->loginid</option>";
}
echo "</select>";
$rs = mysql_query("select * from $tbl where loginid='$loginid'");
}
if ($role == 'user') $rs = mysql_query("select * from $tbl where loginid='$user'");
if ($rs) {
$o = mysql_fetch_object($rs);
$passwd = $o->passwd;
$nickname = $o->nickname;
$email = $o->email;
$webmaster = $o->webmaster;
}
echo "<p>
Please furnish these information in order to host your profile on website. Thanks.
<table width='100%' border='0' cellpadding='2' cellspacing='1'>
<tr><td>Login ID *</td><td><input type='text' name='loginid' value='$loginid' size='60'></td></tr>
<tr><td>Password *</td><td><input type='password' name='passwd' value='' size='60'></td></tr>
<tr><td>Nickname *</td><td><input type='text' name='nickname' value='$nickname' size='60'></td></tr>
<tr><td>Email *</td><td><input type='text' name='email' value='$email' size='60'></td></tr>
";
if ($role == 'admin') {
echo "<tr><td>Webmaster</td><td><select name='webmaster' style='width: 200px'>";
foreach ($webmasters as $wm){
echo "<option value='$wm'";
if ($wm == $webmaster) echo " selected";
echo ">$wm</option>";
}
echo "</select></td></tr>";
}
echo "<tr><td></td><td><input type='submit' name='submit' value='SAVE' style='width: 80px'> ";
if ($loginid <> 'new') echo "<input type='submit' name='submit' value='DELETE' style='width: 80px'>
<a href='inner.php?conf=webpages&pageid=$nickname'>Create/Edit Profile</a>";
echo "</td></tr></table>";
?>