Location: PHPKode > scripts > PHP Hosting Directory > phphost_directoryv2/include/profile.php
<?

if ( !isset($_COOKIE['logged']) )
{
	java_redirect($config['base_url']."");
}
else
{
	$vars['hid'] = mysql_result(mysql_query("SELECT `hid` FROM `hsl_host` WHERE `username`='".$_COOKIE['logged']."'"), 0, 0);
}

if ( count($request) <= 1 )
{
	$request[1] = 'main';
}

########################## AD IMAGE ##############################
if ($request[1] == 'ad')
{
  if ($_SERVER['REQUEST_METHOD'] == 'POST')
  {
    if (trim($_FILES['ad']['name']) != '')
    {
			@unlink("logos/".$vars['hid']."_adv.gif");
			$fd = fopen("logos/".$vars['hid']."_adv.gif", "wb");
			fwrite($fd, read_file($_FILES['ad']['tmp_name']));
			fclose($fd);
    }
  }

  $res = mysql_query("SELECT * FROM `hsl_host` WHERE `username`='".$_COOKIE['logged']."'");
  $host = mysql_fetch_assoc($res);
	if (file_exists("logos/".$host['hid']."_adv.gif"))
  {
    $host['ad_exists'] = 1;
  }
  $t->assign('host', $host);
}


##################################################################
######################## PAYMENT SECTION #########################
##################################################################

if ($request[1] == 'account')
{
  if ($_SERVER['REQUEST_METHOD'] == 'POST')
  {
    include ("include/payments/".$vars['gateway'].".php");
    $request[1] .= "_".$vars['gateway'];
  }
  else
  {
    $host = mysql_fetch_assoc(mysql_query("SELECT *, DATE_FORMAT(`expired`,'%e %M %Y') AS expired, IF(expired<NOW(),1,0) AS expired_flag FROM `hsl_host` WHERE `username`='".$_COOKIE['logged']."'"));
    $t->assign('host', $host);
  
    if ($host['account_type'] == 2 && $host['expired_flag'] == 0)
    {
      $where = "AND `account_type`=2";
    }
  
    $res_price = mysql_query("SELECT * FROM `hsl_price` WHERE `enabled`=1 $where ORDER BY `account_type`, `period`");
    $prices = array();
    while ($row = mysql_fetch_assoc($res_price))
    {
      $prices[] = $row;
    }
    $t->assign('prices', $prices);
  }
}

##################################################################

if ($request[1] == 'special')
{
	if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		$vars['text'] = addslashes(str_replace("\n", "<br>", stripslashes($vars['text'])));

		if (mysql_result(mysql_query("SELECT COUNT(*) FROM `hsl_special` WHERE `hid`='".$vars['hid']."'"), 0, 0) == 0)
		{
			$sql = "INSERT INTO `hsl_special` VALUES ('".$vars['hid']."','".$vars['text']."','".$vars['year']."-".$vars['month']."-".$vars['day']."')";
		}
		else
		{
			$sql = "UPDATE `hsl_special` SET `text`='".$vars['text']."', `expire`='".$vars['year']."-".$vars['month']."-".$vars['day']."' WHERE `hid`='".$vars['hid']."'";
		}
		mysql_query($sql);

		$t->assign('updated', 1);
	}
	
	$years = array();
	for ($i = date("Y"); $i <= date("Y")+10; $i++)
	{
		array_push($years, $i);
	}
	$t->assign('years', $years);

	$record = mysql_fetch_assoc(mysql_query("SELECT *, DATE_FORMAT(`expire`,'%e') AS ExpireDay, DATE_FORMAT(`expire`,'%c') AS ExpireMonth, DATE_FORMAT(`expire`,'%Y') AS ExpireYear FROM `hsl_special` WHERE `hid`='".$vars['hid']."'"));
	$record['text'] = str_replace("<br>", "\n", $record['text']);
	$t->assign('r', $record);
}

###############################################
################### UPDATE ####################
###############################################

if ($request[1] == 'update')
{
	$years = array();
	$errors = array();

	for ($i = 1990; $i <= date("Y"); $i++)
	{
		array_push($years, $i);
	}

	if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		if (trim($vars['email']) == '' || trim($vars['name']) == '' || trim($vars['address']) == '' || trim($vars['city']) == '' || trim($vars['state_province']) == '' || trim($vars['country']) == '' || trim($vars['zip_postal']) == '' || trim($vars['phone']) == '' || trim($vars['company_url']) == '' || trim($vars['month']) == '' || trim($vars['year']) == '')
		{
			array_push($errors, "Please make sure you've filled in all fields");
		}

		if (trim($vars['pwd']) != '')
		{
			if (!check_pwd($vars['username'], $vars['oldpwd']))
			{
				array_push($errors, "Incorrect old password");
			}
		}

		if (!check_email($vars['email'])) {
			array_push($errors, "Please make sure you've filled correct email");
		}

		if (check_exists_company_url($vars['company_url'], $vars['username']))
		{
			array_push($errors, "This company url already exists");
		}

		if ($vars['nologo'] != 'on' && trim($_FILES['logo']['name']) == '') {
			array_push($errors, "Please provide logo for your company");
		}

		if (count($errors) == 0)
		{
			$sql = "UPDATE `hsl_host` SET";
			if (trim($vars['pwd']) != '')
			{
				$sql .= " `pwd`='".trim($vars['pwd'])."', ";
			}
			$sql .=	"`email`='".$vars['email']."',
							`name`='".$vars['name']."',
							`address`='".$vars['address']."',
							`city`='".$vars['city']."',
							`state_province`='".$vars['state_province']."',
							`country`='".$vars['country']."',
							`zip_postal`='".$vars['zip_postal']."',
							`phone`='".$vars['phone']."',
							`company_url`='".$vars['company_url']."',
							`established`='".$vars['year']."-".$vars['month']."-01'
							WHERE `hid`=".$vars['hid'];

			mysql_query($sql);

			if ($vars['nologo'] != 'on')
			{
				@unlink("logos/".$vars['hid']."_logo.gif");
				$fd = fopen("logos/".$vars['hid']."_logo.gif", "wb");
				fwrite($fd, read_file($_FILES['logo']['tmp_name']));
				fclose($fd);
			}

			java_redirect($config['base_url']."profile/updated");
		}
	}
	else
	{
		$sql = "SELECT *, YEAR(established) as year, MONTH(established) as month FROM `hsl_host` WHERE `username`='".$_COOKIE['logged']."'";
		$res = mysql_query($sql);
		$vars = mysql_fetch_array($res);
		if (!file_exists("logos/".$vars['hid'].".gif"))
		{
			$vars['nologo'] = 'on';
		}
	}

	$t->assign('years', $years);
	$t->assign('errors', $errors);
	$t->assign('old', $vars);
}

###############################################
################## PLAN-ADD ###################
###############################################

if ($request[1] == 'plan-add')
{
	########## GENERATING SERVICES PAIR WITH VALUES
	CreateServicesPair($data);

	if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		$errors = array();

		if (trim($vars['name']) == '' || trim($vars['monthly_price']) == '' || trim($vars['webspace']) == '' || trim(str_replace("http://", "", $vars['purchaseurl'])) == '')
		{
			array_push($errors, "Please make sure you've filled in all fields");
		}

		if ($vars['noyearly'] != 'on' && trim($vars['yearly_price']) == '')
		{
			array_push($errors, "Please enter yearly price for this plan");
		}

		if ($vars['nodatatransfer'] != 'on' && trim($vars['datatransfer']) == '')
		{
			array_push($errors, "Please enter data transfer for this plan");
		}

		if (count($errors) == 0)
		{
			if ($vars['noyearly'] == 'on')
			{
				$vars['yearly_price'] = 0;
			}
			if ($vars['nodatatransfer'] == 'on')
			{
				$vars['datatransfer'] = 999999999;
			}

			$services_names = array();
			$services_values = array();
			$services = CreateServicesPair($vars);
			while (list(,$service) = each ($services))
			{
				array_push($services_names, "`service_".$service['sid']."`");
				array_push($services_values, "'".$service['value']."'");
			}

			$sql = "INSERT INTO `hsl_plan` (
							`hid`, `name`, `monthly_price`, `yearly_price`, `webspace`, `datatransfer`, `os`, `purchaseurl`, `status`, `category`,
							".join(",", $services_names)."
							) VALUES (
							'".get_hid_by_username($_COOKIE['logged'])."', '".$vars['name']."', '".$vars['monthly_price']."', '".$vars['yearly_price']."', '".$vars['webspace']."', '".$vars['datatransfer']."', '".$vars['os']."', '".$vars['purchaseurl']."', '".$AUTO_APPROVE_PLAN."', '".$vars['category']."',
							".join(",", $services_values)."
							)";

			if (!mysql_query($sql))
			{
				array_push($errors, "Price must be in 'dd.dd' format (where d is 0..9)");
				array_push($errors, "Webspace & Data transfer must have digit format");
				$t->assign('errors', $errors);
				$t->assign('old', $vars);
				############## GENERATING SERVICES
				CreateServicesPair($vars);
			}
			else
			{
				java_redirect($config['base_url']."profile/plan-added");
			}
		}
		else
		{
			################ GENERATING SERVICES
			CreateServicesPair($vars);

			$t->assign('errors', $errors);
			$t->assign('old', $vars);
		}
	}
}

###############################################
################## PLAN-LIST ##################
###############################################
if ($request[1] == 'plan-list')
{
	$plans = array();
	$res = mysql_query("SELECT * FROM `hsl_plan` WHERE `hid`=".get_hid_by_username($_COOKIE['logged']));
	while ($row = mysql_fetch_array($res))
	{
		array_push($plans, $row);
	}
	$t->assign('plans', $plans);
}

###############################################
################# PLAN-UPDATE #################
###############################################
if ($request[1] == 'plan-update')
{
	if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($vars['delete']))
	{
		mysql_query("DELETE FROM `hsl_plan` WHERE `pid`=".$request[2]);
		java_redirect($config['base_url']."profile/plan-deleted");
	}

	if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		$errors = array();

		if (trim($vars['name']) == '' || trim($vars['monthly_price']) == '' || trim($vars['webspace']) == '' || trim(str_replace("http://", "", $vars['purchaseurl'])) == '')
		{
			array_push($errors, "Please make sure you've filled in all fields");
		}

		if ($vars['noyearly'] != 'on' && trim($vars['yearly_price']) == '')
		{
			array_push($errors, "Please enter yearly price for this plan");
		}

		if ($vars['nodatatransfer'] != 'on' && trim($vars['datatransfer']) == '')
		{
			array_push($errors, "Please enter data transfer for this plan");
		}

		if (count($errors) == 0)
		{
			if ($vars['noyearly'] == 'on')
			{
				$vars['yearly_price'] = 0;
			}
			if ($vars['nodatatransfer'] == 'on')
			{
				$vars['datatransfer'] = 999999999;
			}

			$services_values = array();
			$services = CreateServicesPair($vars);
			while (list(,$service) = each ($services))
			{
				array_push($services_values, "`service_".$service['sid']."`='".$service['value']."'");
			}

			$sql = "UPDATE `hsl_plan` SET
							`name`='".$vars['name']."',
							`monthly_price`='".$vars['monthly_price']."',
							`yearly_price`='".$vars['yearly_price']."',
							`webspace`='".$vars['webspace']."',
							`datatransfer`='".$vars['datatransfer']."',
							`os`='".$vars['os']."',
							`purchaseurl`='".$vars['purchaseurl']."',".join(",", $services_values).",`category`='".$vars['category']."'
							WHERE `pid`=".$request[2];

			if (!mysql_query($sql))
			{
				array_push($errors, "Price must be in 'dd.dd' format (where d is 0..9)");
				array_push($errors, "Webspace & Data transfer must have digit format");
				$t->assign('errors', $errors);
				$t->assign('pid', $request[2]);
				$t->assign('old', $vars);
			}
			else
			{
				java_redirect($config['base_url']."profile/plan-updated");
			}
		}
		else
		{
			$t->assign('errors', $errors);
			$t->assign('pid', $request[2]);
			$t->assign('old', $vars);
		}
	}
	else
	{
		$sql = "SELECT * FROM `hsl_plan` WHERE `pid`=".$request[2];
		$res = mysql_query($sql);
		$data = mysql_fetch_array($res);
		
		if ($data['yearly_price'] == 0)
		{
			$data['noyearly'] = 'on';
		}
	
		if ($data['datatransfer'] == 999999999)
		{
			$data['datatransfer'] = 0;
			$data['nodatatransfer'] = 'on';
		}

		########## GENERATING SERVICES PAIR WITH VALUES
		CreateServicesPair($data);

		$t->assign('pid', $request[2]);
		$t->assign('old', $data);
	}
}

###############################################
################## MAIN PART ##################
###############################################

$t->assign('profile_html', 'profile_'.$request[1].'.html');
$t->assign('main_html', $request[0].'.html');

?>
Return current item: PHP Hosting Directory