-
Notifications
You must be signed in to change notification settings - Fork 2
/
editExecute.php
94 lines (79 loc) · 2.39 KB
/
editExecute.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
function isValidEmail($email)
{
$pattern = "/^[\w\.=-]+@[\w\.-]+\.[\w]{2,3}$/";
if (preg_match($pattern,$email) == 1)
{
return true;
}
else
{
return false;
}
}
include_once("function.misc.php");
include_once("class.User.php");
session_start();
if (strlen(trim(stripslashes($_POST['password']))) < 3)
{
header("Location: editUser.php?userId=".$_SESSION['user']->getUserId()."&error=2");
exit();
}
if (!isValidEmail(trim(stripslashes($_POST['email']))))
{
header("Location: editUser.php?userId=".$_SESSION['user']->getUserId()."&error=1");
exit();
}
$sigStr = stripslashes($_POST['sig']);
$sigStr = str_replace("\n","",$sigStr);
$sigStr = str_replace("\r\n","",$sigStr);
$sigStr = str_replace("\r","",$sigStr);
preg_match_all("/<img.*? \/>/",$sigStr,$matches);
foreach ($matches[0] as $match)
{
$url = substr(substr(strstr($match,'src="'),5),0,strpos(substr(strstr($match,'src="'),5),'"'));
if (@urlfilesize($url,"kb") <= 200)
{
$imgDimensions = @getimagesize($url);
if ($imgDimensions[0] > 600 || $imgDimensions[1] > 600 || $imgDimensions == false)
{
$sigStr = str_replace($match,"",$sigStr);
}
}
else
{
$sigStr = str_replace($match,"",$sigStr);
}
}
$sigStr = strip_tags($sigStr,'<p><br><b><i><u><strong><em><li><ul><ol><img><table><tr><td><hr><font><span><sub><sup><tbody><blockquote>');
if ($_POST['hideEmail'] == 'yes')
{
$hideEmail = 1;
}
else
{
$hideEmail = 0;
}
if (@urlfilesize($_POST['avatar'],"kb") <= 100)
{
$imgDimensions = @getimagesize($_POST['avatar']);
if ($imgDimensions[0] <= 70 && $imgDimensions[1] <= 70 && $imgDimensions != false)
{
$img = $_POST['avatar'];
}
else
{
$img = "";
}
}
else
{
$img = "";
}
$newUserStr = $_SESSION['user']->getUserId()."\n".trim(stripslashes($_POST['password']))."\nfalse\n".$_SESSION['user']->getNoTopics()."\n".$_SESSION['user']->getNoPosts()."\n".$_SESSION['user']->getJoinDate()."\n".$_SESSION['user']->getLevel()."\n".$sigStr."\n".trim(stripslashes($_POST['email']))."\n".$hideEmail."\n".$img;
file_put_contents("db/Users/".$_SESSION['user']->getUserId().".dat",$newUserStr);
$temp = new User($newUserStr);
$_SESSION['loggedIn'] = true;
$_SESSION['user'] = $temp;
header("location: editUser.php?userId=".$_SESSION['user']->getUserId());
?>