query("SELECT U_NICK, U_COL, U_RIGHT, U_SESS FROM $rcom_user WHERE U_SESS = '".session_id()."'") as $row) {
$u_nick = $row[0];
$u_col = $row[1];
$u_right = $row[2];
$u_sess = $row[3];
}
if($u_sess != session_id()) {
header("Location: index.php");
}
if($u_right != 10){
$RCOM_LOGIN = 'User: ['.$u_nick.']';
$RCOM_LOGIN_M = '
• My Account';
foreach($dbh->query("SELECT S_PFAD FROM $rcom_style WHERE S_AKTIVE = '1'") as $row) {
$s_pfad = $row[0];
}
foreach($dbh->query("SELECT M_CAT, M_NAME, M_PRIVATE FROM $rcom_menu WHERE M_PRIVATE = '0'") as $row) {
$RCOM_MENU[] = array(
'M_CAT' => $row[0],
'M_NAME' => $row[1],
'M_PRIVATE' => $row[2],
);
}
}else{
$RCOM_LOGIN = 'User: ['.$u_nick.']
';
$RCOM_LOGIN_M = '
• Eintrag hinzufügen
• Menü & Style bearbeiten
• Benutzer bearbeiten
• Statistiken
• My Account';
foreach($dbh->query("SELECT S_PFAD FROM $rcom_style WHERE S_AKTIVE = '1'") as $row) {
$s_pfad = $row[0];
}
foreach($dbh->query("SELECT M_CAT, M_NAME, M_PRIVATE FROM $rcom_menu") as $row) {
$RCOM_MENU[] = array(
'M_CAT' => $row[0],
'M_NAME' => $row[1],
'M_PRIVATE' => $row[2],
);
}
}
foreach($dbh->query("SELECT L_ID, L_NAME, L_URL FROM $rcom_link") as $row) {
$RCOM_LINK[] = array(
'L_ID' => $row[0],
'L_NAME' => $row[1],
'L_URL' => $row[2],
);
}
if($useredit == "true"){
foreach($dbh->query("SELECT U_ID, U_NICK, U_MAIL, U_COL, U_HP FROM $rcom_user WHERE U_SESS = '".session_id()."'") as $row) {
$RCOM_USER_EDIT[] = array(
'U_ID' => $row[0],
'U_NICK' => $row[1],
'U_MAIL' => $row[2],
'U_COL' => $row[3],
'U_HP' => $row[4],
);
}
if(isset($_POST['useredit'])){
$F_COL = @strip_tags(htmlspecialchars(@$_POST["f_col"],ENT_QUOTES));
$F_HP = @strip_tags(htmlspecialchars(@$_POST["f_hp"],ENT_QUOTES));
$F_MAIL = @strip_tags(htmlspecialchars(@$_POST["f_mail"],ENT_QUOTES));
$dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS);
$dbh->query("UPDATE $rcom_user SET U_COL = '$F_COL', U_HP = '$F_HP', U_MAIL = '$F_MAIL' WHERE U_SESS = '".session_id()."'");
$dbh->query("UPDATE $rcom_comment SET C_COL = '$F_COL' WHERE C_NICK = '$u_nick'");
$dbh->query("UPDATE $rcom_blog SET B_COL = '$F_COL' WHERE B_OWNER = '$u_nick'");
$dbh->query("OPTIMIZE TABLE $rcom_user");
$dbh->query("OPTIMIZE TABLE $rcom_comment");
$dbh->query("OPTIMIZE TABLE $rcom_blog");;
header("Location: user_menu.php?useredit=true");
$dbh = null;
}
if(isset($_POST['passwortchange'])){
$PASS_OLD = @strip_tags(htmlspecialchars(@$_POST["pass_old"],ENT_QUOTES));
$PASS_NEW = @strip_tags(htmlspecialchars(@$_POST["pass_new"],ENT_QUOTES));
$PASS_NEW2 = @strip_tags(htmlspecialchars(@$_POST["pass_new2"],ENT_QUOTES));
$hash_old = mhash (MHASH_SHA256, $PASS_OLD);
$pass_old = bin2hex($hash_old);
$dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS);
foreach($dbh->query("SELECT U_PASS FROM $rcom_user WHERE U_SESS = '".session_id()."'") as $row) {
$u_pass = $row[0];
}
if($pass_old != $u_pass){$ERROR = 'Das alte Passwort ist falsch.';}
elseif($PASS_NEW != $PASS_NEW2){$ERROR = 'Das neue Passwort stimmt nicht überein.';}
elseif($ERROR == ''){
$PASS_NEW = @strip_tags(htmlspecialchars(@$_POST["pass_new"],ENT_QUOTES));
$hash = mhash (MHASH_SHA256, $PASS_NEW);
$pass = bin2hex($hash);
$dbh->query("UPDATE $rcom_user SET U_PASS = '$pass' WHERE U_SESS = '".session_id()."'");
$dbh->query("OPTIMIZE TABLE $rcom_user");
$ERROR = 'Das Passwort wurde erfolgreich geändert!';
$dbh = null;
}
}
try
{
$tpl = new optClass;
$tpl -> root = './templates/'.$s_pfad.'/';
$tpl -> compile = './templates_c/';
$tpl -> cache = './cache/';
$tpl -> httpHeaders(OPT_HTML);
$tpl -> cacheStatus(true, $CACHE_TIME);
$tpl -> debugConsole = $DEBUG_MODE;
$tpl -> assign('RCOM_STYLE', $s_pfad);
$tpl -> assign('RCOM_MENU', $RCOM_MENU);
$tpl -> assign('RCOM_LINK', $RCOM_LINK);
$tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN);
$tpl -> assign('RCOM_LOGIN_M', $RCOM_LOGIN_M);
$tpl -> assign('RCOM_USER_EDIT', $RCOM_USER_EDIT);
$tpl -> assign('RCOM_USER_EDIT_SELECT', $RCOM_USER_EDIT_SELECT);
$tpl -> assign('ERROR', $ERROR);
$tpl -> assign('FOOTER', $FOOTER);
$tpl -> parse('user_menu.tpl');
}
catch(optException $exception)
{
optErrorHandler($exception);
}
}
$dbh = null;
?>