<?

require_once("include/bittorrent.php");


function bark($msg) {
	genbark($msg, _("Update failed!") );
}

dbconn();


loggedinorreturn();

if (!mkglobal("email:chpassword:passagain"))
	bark( _("missing form data") );

// $set = array();

$updateset = array();
$changedemail = 0;

if ($chpassword != "") {
	if (strlen($chpassword) > 40)
		bark( _("Sorry, password is too long (max is 40 chars)"));
	if ($chpassword != $passagain)
		bark( _("The passwords didn't match. Try again.") );

	$sec = mksecret();

  $passhash = md5($sec . $chpassword . $sec);

	$updateset[] = "secret = " . sqlesc($sec);
	$updateset[] = "passhash = " . sqlesc($passhash);
	logincookie($CURUSER["id"], $passhash);
}

if ($email != $CURUSER["email"]) {
	if (!validemail($email))
		bark( _("That doesn't look like a valid email address.") );
  $r = do_mysql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
	if (mysql_num_rows($r) > 0)
		bark( sprintf( _("The e-mail address %s is already in use."), $email) );
	$changedemail = 1;
}

//$parked = mysql_escape_string($_POST["parked"]);
$parked    = ($_POST['parked'] == 'yes')        ? 'yes' : 'no';
$acceptpms = mysql_escape_string($_POST['acceptpms']);
$logintype = ($_POST["logintype"] == 'normal')  ? 'normal' : 'secure';
$updateset[] = "logintype = " . sqlesc($logintype);
$deletepms = ($_POST["deletepms"] == "on" )    ? "yes" : "no";
$savepms   = ($_POST["savepms"] == "on"         ? "yes" : "no");
$anonymous = ($_POST["anonymous"] != "" ? "yes" : "no");
$pmnotif = mysql_escape_string($_POST["pmnotif"]);
$emailnotif = mysql_escape_string($_POST["emailnotif"]);
$notifs = ($pmnotif == 'yes' ? "[pm]" : "");
$notifs .= ($emailnotif == 'yes' ? "[email]" : "");
$r = do_mysql_query("SELECT id FROM categories") or sqlerr();
$rows = mysql_num_rows($r);
for ($i = 0; $i < $rows; ++$i)
{
	$a = mysql_fetch_assoc($r);
	if ($_POST["cat$a[id]"] == 'yes')
	  $notifs .= "[cat$a[id]]";
}
$avatar = mysql_escape_string($_POST["avatar"]);
$avatars = ($_POST["avatars"] != "" ? "yes" : "no");
$showemail = mysql_escape_string($_POST["showemail"]);
$showwebsite = mysql_escape_string($_POST["showwebsite"]);
$showsig = ($_POST["showsig"] != "" ? "yes" : "no");
$signatureinfo = mysql_escape_string($_POST["signatureinfo"]);
if (strlen($signatureinfo) > 100)
	bark("Sorry, signature is too long (max is 100 chars)");
$toolbar  = ($_POST["toolbar"] == 'yes') ? 'yes' : 'no';
$sidebar  = ($_POST["sidebar"] == 'yes') ? 'yes' : 'no';
$menubar  = ($_POST["menubar"] == 'yes') ? 'yes' : 'no';

// $ircnick = $_POST["ircnick"];
// $ircpass = $_POST["ircpass"];
$info = $_POST["info"];
if (strlen($info) > 400)
	bark("Sorry, info is too long (max is 400 chars)");
$stylesheet = (int) $_POST["stylesheet"];
$country = (int) $_POST["country"];
$gender = $_POST["gender"];
$age = (int) $_POST["age"];
if(strlen($age) > 2)
	bark(_("Wrong age!") );
if(strlen($age) >= 1){
if($age == 0)
  $age = '';
	//bark("Wrong age!");
	}
$updateset[] = "age = '$age'";
$updateset[] = "toolbar =  " . sqlesc($toolbar);
if ($sidebar == 'no' && $menubar == 'no' || $sidebar == 'no' && $CURUSER["menubar"]== 'no' || $menubar == 'no' && $CURUSER["sidebar"]== 'no')
    bark("You must have either the sidebar or menubar!");

$updateset[] = "menubar =  " . sqlesc($menubar);
$updateset[] = "sidebar =  " . sqlesc($sidebar);
$updateset[] = "gender =  " . sqlesc($gender);
$website = mysql_escape_string( strip_tags($_POST["website"]) );
if (strlen($website) > 40)
	bark(_("Sorry, website url is too long (max is 40 chars)"));
$updateset[] = "website = '$website'";

/*
if ($privacy != "normal" && $privacy != "low" && $privacy != "strong")
	bark("whoops");

$updateset[] = "privacy = '$privacy'";
*/
if ($_POST['resetpasskey'] == 1)
{
  $res = do_mysql_query("SELECT username, passhash, oldpasskey, passkey FROM users WHERE id=$CURUSER[id]") or sqlerr(__FILE__, __LINE__);
  $arr = mysql_fetch_assoc($res) or puke();
$oldpasskey = "[$arr[passkey]]$arr[oldpasskey]";
if (strlen($oldpasskey)>255)
	bark(_("You have reset your passkey too many times, ask an admin for permission"));
$updateset[] = "oldpasskey = " . sqlesc($oldpasskey);
 $passkey= md5($arr['username'].get_date_time().$arr['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
}

$updateset[] = "torrentsperpage = " . min(100, 0 + $_POST["torrentsperpage"]);
$updateset[] = "topicsperpage = " . min(100, 0 + $_POST["topicsperpage"]);
$updateset[] = "postsperpage = " . min(100, 0 + $_POST["postsperpage"]);
if ($_POST['resetkey'] == 1)
{
 $passkey= md5($arr['username'].get_date_time().$arr['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
}
if (is_valid_id($stylesheet))
  $updateset[] = "stylesheet = '$stylesheet'";
if (is_valid_id($country))
  $updateset[] = "country = $country";

if( in_array($_POST['language'], $GLOBALS['settings']['languages']) )
   $updateset[] = "language = '".$_POST['language']."'";

$updateset[] = "info = " . sqlesc($info);
$updateset[] = "info_parsed = '" . mysql_escape_string( format_comment($info) ) . "'";
$updateset[] = "signatureinfo = " . sqlesc($signatureinfo);
$updateset[] = "signatureinfo_parsed = " . sqlesc( format_comment($signatureinfo) );
$updateset[] = "parked = " . sqlesc($parked);
$updateset[] = "acceptpms = " . sqlesc($acceptpms);
$updateset[] = "deletepms = '$deletepms'";
$updateset[] = "savepms = '$savepms'";
$updateset[] = "anonymous = '$anonymous'";
$updateset[] = "notifs = '$notifs'";
$updateset[] = "avatar = " . sqlesc($avatar);
$updateset[] = "avatars = '$avatars'";
$updateset[] = "showsig = '$showsig'";
$updateset[] = "showemail = '$showemail'";
$updateset[] = "showwebsite = '$showwebsite'";

/* ****** */

$urladd = "";

if ($changedemail) {
	$sec = mksecret();
	$hash = md5($sec . $email . $sec);
	$obemail = urlencode($email);
	$updateset[] = "editsecret = " . sqlesc($sec);
	$thishost = $_SERVER["HTTP_HOST"];
	$thisdomain = preg_replace('/^www\./is', "", $thishost);
	$body = <<<EOD
You have requested that your user profile (username {$CURUSER["username"]})
on $thisdomain should be updated with this email address ($email) as
user contact.

If you did not do this, please ignore this email. The person who entered your
email address had the IP address {$_SERVER["REMOTE_ADDR"]}. Please do not reply.

To complete the update of your user profile, please follow this link:

http://$thishost/confirmemail.php/{$CURUSER["id"]}/$hash/$obemail

Your new email address will appear in your profile after you do this. Otherwise
your profile will remain unchanged.
EOD;

	mail($email, "$thisdomain profile change confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL");

	$urladd .= "&mailsent=1";

}


//echo "UPDATE users SET " . implode(",", $updateset) . " WHERE id = " . $CURUSER["id"];

do_mysql_query("UPDATE users SET " . implode(",", $updateset) . " WHERE id = " . $CURUSER["id"]) or sqlerr(__FILE__,__LINE__);

header("Location: ".$BASEURL."/my.php?edited=1" . $urladd);

?>