Location: PHPKode > scripts > PHP Link Directory Script > linkdirectory/www/preferences.php
<?php
/* PHP Link Directory Copyright 2011 Robert Rook */
// Member preferences: allows members
// to change account details, and help
// keep their account secure.
// preferences.php
require('dblogon.php');
require('userhead.php');

require('tpl/boxes.php');

// Include the form validation script
$header_code = "<script language=\"Javascript\" type=\"text/Javascript\"";
$header_code.= " src=\"{$site_url}/js/vform.js\"></script>\n";

// Show page head
$page_title = "Preferences";
require('admin_l.php');

if(isset($_GET['cmd']) && $_GET['cmd']=="change_password") {
	// Change account password
	show_header("Change password", "Change your login password using the form below, and click \"Update\" when done.");

	if(isset($_POST['password'])) {
		// Change account password
		$err = "";
		if($_POST['password']!=$userinf['password']) {
			$err.= "<li>The password you have provided was not correct.</li>\n";
		}
		if(!preg_match('/^[A-Z]{1}[A-Z0-9-_\s+=.,]{4,19}$/i',$_POST['new_password'])) {
			$err.= "<li>Password must be between 5 and 20 characters long,\n";
			$err.= "contain only letters, numbers, blank spaces and the\n";
			$err.= "following characters: (-_+=.,), and start with a letter.</li>\n";
		}
		if($_POST['new_password']!=$_POST['new_password2']) {
			$err.= "<li>The new passwords you provided do not match.</li>\n";
		}

		if(!strlen($err)) {
			// Update the users password
			mysql_query("UPDATE {$prefix}users SET password='{$_POST['new_password']}' WHERE userid='{$userinf['userid']}'", $db);
			$_POST['change_success'] = 1;

			show_result("Password changed", "Your password has been changed.  You must now login to your account again with the new password.\n<ul><li><a href=\"{$site_url}/login.php\">Jump to login page</a></li></ul>");
		}
	}

	// Show any errors
	if(isset($err) && strlen($err)) {
		show_error("Account not updated", "The following errors have occured when trying to change your account information:\n<ul>{$err}</ul>");
	}
	
	$htmdisabled = (isset($_POST['change_success'])?" disabled=\"disabled\"":"");

echo <<<ENDHTML
	<form method="post" action="preferences.php?cmd=change_password">
	<table border="0" cellpadding="2px" cellspacing="0" width="100%">
	<tr><td>Current password</td>
		<td align="right"><input type="password" maxlength="30" name="password" class="stdinput"></td></tr>
	<tr><td>New password</td>
		<td align="right"><input type="password" maxlength="30" name="new_password" id="id_new_password" onchange='Javascript:validate_field("id_new_password", /^[A-Z]{1}[A-Z0-9-_\s]{4,29}\$/i);' class="stdinput"></td></tr>
	<tr><td colspan="2"><div class="formerror" style="display:none;" id="id_new_password_error">
	Please provide a password between 5 and 30 characters long, that starts with a letter
	and includes only letters, numbers, or the following characters: underscore (_), hyphen
	(-), and blank spaces.</div></td></tr>
	<tr><td>Repeat new password</td>
		<td align="right"><input type="password" maxlength="30" name="new_password2" id="id_new_password2" class="stdinput" onchange='Javascript:compare_fields("id_new_password","id_new_password2");'></td></tr>
	<tr><td colspan="2"><div class="formerror" style="display:none;" id="id_new_password2_error">The passwords you have provided do not match.</div></td></tr>
	<tr><td colspan="2" align="right"><input type="submit" value="Update"{$htmdisabled} class="stdbutton"></td></tr>
	</table>
	</form>
ENDHTML;

} else if(isset($_GET['cmd']) && $_GET['cmd']=="change_question") {
	// Change secret question
	show_header("Change secret question", "Change the secret question you will be asked if attempting to reset your password or change your email address.");

	if(isset($_POST['panswer'])) {
		// Try and change question
		$err = "";
		if($_POST['password']!=$userinf['password']) {
			$err.= "<li>The password you have provided was not correct.</li>\n";
		}
		$err = "";
		if($_POST['panswer']!=$userinf['panswer']) {
			$err.= "<li>The answer to your secret question was not correct.</li>\n";
		}

		if(!strlen($err)) {
			// Change to new secret question/
			// answer combo
			$userinf['pquestion'] = strip_tags($_POST['pquestion']);
			$userinf['panswer'] = strip_tags($_POST['panswer']);
			$_POST['change_success'] = 1;

			mysql_query("UPDATE {$prefix}users SET pquestion='{$userinf['pquestion']}', panswer='{$userinf['panswer']}' WHERE userid='{$userinf['userid']}'", $db);

			show_result("Secret question changed", "Your secret question and answer have been successfully changed.");
		}
	}

	// Show any errors
	if(isset($err) && strlen($err)) {
		show_error("Account not updated", "The following errors have occured when trying to change your account information:\n<ul>{$err}</ul>");
	}
	
	$htmdisabled = (isset($_POST['change_success'])?" disabled=\"disabled\"":"");

echo <<<ENDHTML
	<form method="post" action="preferences.php?cmd=change_question">
	<table border="0" cellpadding="2px" cellspacing="0" width="100%">
	<tr><td><b>Current question:</b></td><td>{$userinf['pquestion']}</td></tr>
	<tr><td>Answer question</td>
		<td align="right"><input type="text" maxlength="200" name="panswer" class="stdinput"></td></tr>
	<tr><td>Password</td>
		<td align="right"><input type="password" maxlength="30" name="password" class="stdinput"></td></tr>
	<tr><td>New question</td>
		<td align="right"><input type="text" maxlength="100" name="new_question" id="id_new_question" onchange='Javascript:validate_field("id_new_question", /^.{5,100}\$/);' class="stdinput"></td></tr>
	<tr><td colspan="2"><div class="formerror" style="display:none;" id="id_new_question_error">Please provide a secret question that is over 5 characters long.</div></td></tr>
	<tr><td>Answer to new question</td>
		<td align="right"><input type="text" maxlength="200" name="new_answer" id="id_new_answer" onchange='Javascript:validate_field("id_new_answer", /^.{5,200}\$/);' class="stdinput"></td></tr>
	<tr><td colspan="2"><div class="formerror" style="display:none;" id="id_new_answer_error">Please provide a secret answer that is over 5 characters long.</div></td></tr>
	<tr><td colspan="2" align="right"><input type="submit" value="Update"{$htmdisabled} class="stdbutton"></td></tr>
	</table></form>
ENDHTML;
} else if(isset($_GET['cmd']) && $_GET['cmd']=="change_email") {
	// Change email address
	show_header("Change email address", "Use the following form the update your email if you wish to recieve correspondence from us at a different email address.");

	if(isset($_POST['panswer'])) {
		// Try and change email address
		$err = "";
		if($_POST['password']!=$userinf['password']) {
			$err.= "<li>The password you have provided was not correct.</li>\n";
		}
		if($_POST['panswer']!=$userinf['panswer']) {
			$err.= "<li>The answer to your secret question was not correct.</li>\n";
		}
		if(!preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$/i',$_POST['new_email'])) {
			$err.= "<li>Please provide a valid new email address.</li>\n";
		}
		if($_POST['new_email']!=$_POST['new_email2']) {
			$err.= "<li>The new email addresses you have provided do not match.</li>\n";
		}
		
		// Check the email address isn't
		// associated with another account
		if(!strlen($err)) {
			$result = mysql_query("SELECT userid FROM {$prefix}users WHERE email='{$_POST['new_email']}' AND userid!='{$userinf['userid']}'", $db);
			if(mysql_num_rows($result)) {
				$err.= "<li>The new email address provided is already associated with an account.</li>\n";
			}
		}
		if(!strlen($err)) {
			// Save changes to the email address,
			// and send a new validation email
			$verifkey = substr(md5(time()),0,rand(20,30));
			mysql_query("UPDATE {$prefix}users SET email='{$_POST['new_email']}', bverified=0, verifkey='{$verifkey}' WHERE userid='{$userinf['userid']}'", $db);
			$userinf['email'] = $_POST['new_email'];
			$userinf['verifkey'] = $verifkey;
			$userinf['bverified'] = 0;
			require('lib/mail.php');
			sendmail_verification_byid($userinf['userid']);
			$_POST['change_success'] = 1;

			show_result("Email address changed", "Your email address has been successfully changed.  Please follow the verification link provided in the verification email to continue using your account.");
		}
	}

	// Show any errors
	if(isset($err) && strlen($err)) {
		show_error("Account not updated", "The following errors have occured when trying to change your account information:\n<ul>{$err}</ul>");
	}
	
	$htmemail = (isset($_POST['new_email'])?$_POST['new_email']:"");
	$htmemail2 = (isset($_POST['new_email2'])?$_POST['new_email2']:"");
	$htmdisabled = (isset($_POST['change_success'])?" disabled=\"disabled\"":"");

echo <<<ENDHTML
	<form method="post" action="preferences.php?cmd=change_email">
	<table border="0" cellpadding="2px" cellspacing="0" width="100%">
	<tr><td><b>Current question:</b></td>
		<td align="right">{$userinf['pquestion']}</td></tr>
	<tr><td>Answer question</td>
		<td align="right"><input type="text" maxlength="200" name="panswer" class="stdinput"></td></tr>
	<tr><td>Password</td>
		<td align="right"><input type="password" maxlength="30" name="password" class="stdinput"></td></tr>
	<tr><td>New email address</td>
		<td align="right"><input type="text" maxlength="250" name="new_email" value="{$htmemail}" id="id_new_email" onchange='Javascript:validate_email("id_new_email");' class="stdinput"></td></tr>
	<tr><td colspan="2"><div class="formerror" style="display:none;" id="id_new_email_error">Please provide a valid email address.</div></td></tr>
	<tr><td>Repeat new email</td>
		<td align="right"><input type="text" maxlength="250" name="new_email2" value="{$htmemail2}" id="id_new_email2" onchange='Javascript:compare_fields("id_new_email","id_new_email2");' class="stdinput"></td></tr>
	<tr><td colspan="2"><div class="formerror" style="display:none;" id="id_new_email2_error">The email addresses you have provided do not match.</div></td></tr>
	<tr><td colspan="2" align="right"><input type="submit" value="Update"{$htmdisabled} class="stdbutton"></td></tr>
	</table></form>
ENDHTML;
} else if(isset($_GET['cmd']) && $_GET['cmd']=="change_name") {
	// Change contact name
	show_header("Change contact name", "The contact name we keep on file is solely so that we have a way to address you in correspondence and on our website. To change it, use the form below.");

	if(isset($_POST['password'])) {
		// Try and change contact name
		$err = "";
		if($_POST['password']!=$userinf['password']) {
			$err.= "<li>The password you have provided was not correct.</li>\n";
		}
		$_POST['new_fname'] = trim(strip_tags($_POST['new_fname']));
		if(strlen($_POST['new_fname'])<3) {
			$err.= "<li>Please provide a name of at least three characters.</li>\n";
		}

		if(!strlen($err)) {
			// Update the users name
			mysql_query("UPDATE {$prefix}users SET fullname='{$_POST['new_fname']}' WHERE userid='{$userinf['userid']}'", $db);
			$userinf['fullname'] = $_POST['new_fname'];
			$_POST['change_success'] = 1;

			show_result("Contact name changed", "Your contact name has been successfully changed.");
		}
	}

	// Show any errors
	if(isset($err) && strlen($err)) {
		show_error("Account not updated", "The following errors have occured when trying to change your account information:\n<ul>{$err}</ul>");
	}
	
	$htmfname = (isset($_POST['fname'])?$_POST['fname']:$userinf['fullname']);
	$htmdisabled = (isset($_POST['change_success'])?" disabled=\"disabled\"":"");

echo <<<ENDHTML
	<form method="post" action="preferences.php?cmd=change_name">
	<table border="0" cellpadding="2px" cellspacing="0" width="100%">
	<tr><td>Password</td>
		<td align="right"><input type="password" maxlength="30" name="password" class="stdinput"></td></tr>
	<tr><td>New contact name</td>
		<td align="right"><input type="text" maxlength="100" name="new_fname" value="{$htmfname}" id="id_new_fname" onchange='Javascript:validate_field("id_new_fname", /^.{3,100}\$/);' class="stdinput"></td></tr>
	<tr><td colspan="2"><div class="formerror" style="display:none;" id="id_new_fname_error">Please provide a name for us to address you by.</div></td></tr>
	<tr><td colspan="2" align="right"><input type="submit" value="Update"{$htmdisabled} class="stdbutton"></td></tr>
	</table>
	</form>
ENDHTML;
} else {
	// Show member a list of account options
	show_header("Account Preferences", "If you wish to change account settings, such as your password, secret question, or email address, you can do so via the following links.");

echo <<<ENDHTML
	<p><b>Current account details</b><br>
		Username: <i>{$userinf['username']}</i><br>
		Contact name: <i>{$userinf['fullname']}</i><br>
		Email address: <i>{$userinf['email']}</i><br>
		Account ID: <i>#{$userinf['userid']}</i></p>
	<ul>
		<li><a href="preferences.php?cmd=change_password"><b>Change password</b></a>
			<p>Change the login password for your account.</p></li>
		<li><a href="preferences.php?cmd=change_question"><b>Change secret question</b></a>
			<p>Change the secret question for your account.</p></li>
		<li><a href="preferences.php?cmd=change_email"><b>Change email address</b></a>
			<p>Change the email address associated with your account.</p></li>
		<li><a href="preferences.php?cmd=change_name"><b>Change contact name</b></a>
			<p>Change how we address you from our website.</p></li>
	</ul>
ENDHTML;
}

// Show page footers
require('admin_r.php');
?>
Return current item: PHP Link Directory Script