-
Notifications
You must be signed in to change notification settings - Fork 1
/
editExecute.php
executable file
·118 lines (102 loc) · 2.77 KB
/
editExecute.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
function isValidEmail($email)
{
$pattern = "/^[\w\.=-]+@[\w\.-]+\.[\w]{2,3}$/";
if (preg_match($pattern,$email) == 1)
{
return true;
}
else
{
return false;
}
}
function urlfilesize($url,$thereturn)
{
if (substr($url,0,4)=='http')
{
$x = array_change_key_case(get_headers($url, 1),CASE_LOWER);
$x = $x['content-length'];
}
else
{
$x = @filesize($url);
}
if (!$thereturn)
{
return $x;
}
elseif ($thereturn == 'mb')
{
return round($x / (1024*1024),2);
}
elseif ($thereturn == 'kb')
{
return round($x / (1024),0);
}
}
include_once("class.User.php");
session_start();
if (strlen(trim(stripslashes($_POST['password']))) < 3)
{
header("Location: editUser.php?userId=".$_SESSION['user']->getUserId()."&error=2");
exit();
}
if (!isValidEmail(trim(stripslashes($_POST['email']))))
{
header("Location: editUser.php?userId=".$_SESSION['user']->getUserId()."&error=1");
exit();
}
$sigStr = stripslashes($_POST['sig']);
$sigStr = str_replace("\n","",$sigStr);
$sigStr = str_replace("\r\n","",$sigStr);
$sigStr = str_replace("\r","",$sigStr);
preg_match_all("/<img.*? \/>/",$sigStr,$matches);
foreach ($matches[0] as $match)
{
$url = substr(substr(strstr($match,'src="'),5),0,strpos(substr(strstr($match,'src="'),5),'"'));
if (@urlfilesize($url,"kb") <= 200)
{
$imgDimensions = @getimagesize($url);
if ($imgDimensions[0] > 600 || $imgDimensions[1] > 600 || $imgDimensions == false)
{
$sigStr = str_replace($match,"",$sigStr);
}
}
else
{
$sigStr = str_replace($match,"",$sigStr);
}
}
$sigStr = strip_tags($sigStr,'<p><br><b><i><u><strong><em><li><ul><ol><img><table><tr><td><hr><font><span><sub><sup><tbody><blockquote>');
if ($_POST['hideEmail'] == 'yes')
{
$hideEmail = 1;
}
else
{
$hideEmail = 0;
}
if (@urlfilesize($_POST['avatar'],"kb") <= 100)
{
$imgDimensions = @getimagesize($_POST['avatar']);
if ($imgDimensions[0] <= 70 && $imgDimensions[1] <= 70 && $imgDimensions != false)
{
$img = $_POST['avatar'];
}
else
{
$img = "";
}
}
else
{
$img = "";
}
$newUserStr = $_SESSION['user']->getUserId()."\n".trim(stripslashes($_POST['password']))."\nfalse\n".$_SESSION['user']->getNoTopics()."\n".$_SESSION['user']->getNoPosts()."\n".$_SESSION['user']->getJoinDate()."\n".$_SESSION['user']->getLevel()."\n".$sigStr."\n".trim(stripslashes($_POST['email']))."\n".$hideEmail."\n".$img;
file_put_contents("db/Users/".$_SESSION['user']->getUserId().".dat",$newUserStr);
$temp = new User($newUserStr);
$_SESSION['loggedIn'] = true;
$_SESSION['user'] = $temp;
header("location: editUser.php?userId=".$_SESSION['user']->getUserId());
?>