Your IP : 216.73.216.40
<?php
$loginID = $_REQUEST['loginID'];
if (!$loginID) $loginID = $user;
$submit = $_POST['submit'];
$tbl = 'webprofiles';
$webmasters = array('yes','no');
$passwd = $_POST['passwd'];
$nickname = htmlsafe($_POST['nickname']);
$email = htmlsafe($_POST['email']);
$webmaster = htmlsafe($_POST['webmaster']);
switch ($submit) {
case "SAVE":
if (mysql_num_rows(mysql_query("select * from $tbl where login='$loginID'"))) {
if ($passwd) mysql_query("update $tbl set passwd=password('$passwd') where login='$loginID'");
mysql_query("update $tbl set nickname='$nickname',email='$email',webmaster='$webmaster'
where login='$loginID'");
} else {
mysql_query("insert into $tbl(login,passwd,nickname,email,webmaster)
values('$loginID',password('$passwd'),'$nickname','$email','$webmaster')");
}
$tbl = 'webpages';
$rowid = mysql_fetch_object(mysql_query("select rowid from $tbl where nickname='$nickname'"))->rowid;
if (mysql_num_rows(mysql_query("select * from $tbl where rowid=$rowid"))) {
mysql_query("update $tbl set linktext='$nickname',parentid=998,pageid='$nickname',
pagetitle='Profile of $nickname',pageaccess='public',dateupdation=now()
where rowid=$rowid");
} else {
mysql_query("insert into $tbl(linktext,parentid,pageid,pagetitle,pagetype,pageaccess,keyword,datecreation,dateupdation,visibility)
values('$nickname',998, '$nickname','Profile of $nickname','html','public','$nickname, $email',now(),now(),'disable')");
}
break;
case 'DELETE':
mysql_query("delete from $tbl where login='$loginID'");
break;
}
$tbl = 'webprofiles';
if ($role == 'admin') {
echo "Select Login <select name='logID' onchange=\"document.location.href='$PHP_SELF?conf=$conf&loginID='+this.value\">
<option value='new'>New</option>";
$rs = mysql_query("SELECT * FROM $tbl order by nickname");
while ($o = mysql_fetch_object($rs)) {
echo "<option value='$o->login'";
if ($loginID == $o->login) echo " selected";
echo ">$o->login</option>";
}
echo "</select>";
$rs = mysql_query("select * from $tbl where login='$loginID'");
}
if ($role == 'user') $rs = mysql_query("select * from $tbl where login='$user'");
if ($rs) {
$o = mysql_fetch_object($rs);
$passwd = $o->passwd;
$nickname = $o->nickname;
$email = $o->email;
$webmaster = $o->webmaster;
}
echo "<p>
Please furnish these information in order to host your profile on website. Thanks.
<table width='100%' border='0' cellpadding='2' cellspacing='1'>
<tr><td>Login ID *</td><td><input type='text' name='loginID' value='$loginID' size='60'></td></tr>
<tr><td>Password *</td><td><input type='password' name='passwd' value='' size='60'></td></tr>
<tr><td>Nickname *</td><td><input type='text' name='nickname' value='$nickname' size='60'></td></tr>
<tr><td>Email *</td><td><input type='text' name='email' value='$email' size='60'></td></tr>
";
if ($role == 'admin') {
echo "<tr><td>Webmaster</td><td><select name='webmaster' style='width:60'>";
foreach ($webmasters as $wm){
echo "<option value='$wm'";
if ($wm == $webmaster) echo " selected";
echo ">$wm</option>";
}
echo "</select></td></tr>";
}
echo "<tr><td></td><td><input type='submit' name='submit' value='SAVE' style='width:80px'>";
if ($loginID <> 'new') echo "<input type='submit' name='submit' value='DELETE' style='width:80px'>
<a href='inner.php?conf=webpages&pageid=$nickname'>Create/Edit Profile</a>";
echo "</td></tr></table>";
?>