to fix a security
// hole found to exist in some systems.
//
$fviewmail = str_replace('=','',$viewemail);
$fthemes = str_replace('=','',$themes);
$fsig = str_replace('=','',$tsig);
$fsmile = str_replace('=','',$smile);
$fdishtml = str_replace('=','',$dishtml);
$fdisbbcode = str_replace('=','',$disbbcode);
$flang = str_replace('=','',$lang);
$sql = "UPDATE users SET user_viewemail='$fviewemail', user_theme='$fthemes', user_attachsig = '$fsig', user_desmile = '$fsmile', user_html = '$fdishtml', user_bbcode = '$fdisbbcode', user_lang = '$flang', user_level = " . $userdata['user_level'] .", user_rank = " . $userdata['user_rank'] . " WHERE (user_id = '$userdata[user_id]')";
//
// END: patch code
//
if(!$result = mysql_query($sql, $db)) {
error_die("An Error Occured
Could not update the database. Please go back and try again.");
}
echo "
";
echo "";
echo "";
echo "
$l_prefupdated";
echo " | |
";
} else {
if (!$user_logged_in) {
// no valid session, need to check user/pass.
if($user == '' || $passwd == '') {
error_die("$l_userpass $l_tryagain");
}
$md_pass = md5($passwd);
$userdata = get_userdata($user, $db);
if($md_pass != $userdata["user_password"]) {
include('page_header.'.$phpEx);
error_die("$l_wrongpass $l_tryagain");
}
if(is_banned($userdata[user_id], "username", $db))
error_die($l_banned);
$sessid = new_session($userdata[user_id], $REMOTE_ADDR, $sesscookietime, $db);
set_session_cookie($sessid, $sesscookietime, $sesscookiename, $cookiepath, $cookiedomain, $cookiesecure);
}
include('page_header.'.$phpEx);
if($userdata[user_viewemail] == 1) {
$y = "CHECKED";
} else {
$n = "CHECKED";
}
if($userdata[user_attachsig] == 1)
$always_sig = "CHECKED";
else
$no_always_sig = "CHECKED";
if($userdata[user_desmile] == 1)
$never_smile = "CHECKED";
else
$no_never_smile = "CHECKED";
if($userdata[user_html] == 1)
$never_html = "CHECKED";
else
$no_never_html = "CHECKED";
if($userdata[user_bbcode] == 1)
$never_bbcode = "CHECKED";
else
$no_never_bbcode = "CHECKED";
if(isset($HTTP_COOKIE_VARS[$cookiename])) {
$user_cookie = "CHECKED";
} else {
$user_nocookie = "CHECKED";
}
?>