35 lines
1.4 KiB
PHP
35 lines
1.4 KiB
PHP
<?php
|
|
|
|
include("../../global.php");
|
|
session_start();
|
|
|
|
if (!isset($_SESSION["username"])) goto fail;
|
|
|
|
$out = $database -> query("SELECT username, admin, user_info FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
|
|
|
|
if (!isset($_GET["old_username"])) return;
|
|
|
|
$user = false;
|
|
|
|
if ($out -> num_rows != 1 && $_GET["old_username"] != $_SESSION["username"])
|
|
{
|
|
fail:
|
|
echo "nope";
|
|
header("Location: ../../../index.php");
|
|
return;
|
|
} else if ($out -> num_rows != 1)
|
|
{
|
|
$user = true;
|
|
}
|
|
|
|
$safe_old_username = mysqli_real_escape_string($database, $_GET["old_username"]);
|
|
$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
|
|
$safe_admin = mysqli_real_escape_string($database, $_GET["admin"]);
|
|
$safe_sex = mysqli_real_escape_string($database, $_GET["sex"]); //fr
|
|
$safe_bio = mysqli_real_escape_string($database, $_GET["bio"]);
|
|
$safe_nickname = mysqli_real_escape_string($database, $_GET["nickname"]);
|
|
|
|
$user_info_id = (($database -> query("SELECT user_info FROM user WHERE username=\"" . $safe_old_username . "\"")) -> fetch_assoc())["user_info"];
|
|
|
|
if (!$user) $database -> query("UPDATE user SET username=\"" . $safe_username . "\", admin=" . $safe_admin . " WHERE user_info=" . $user_info_id);
|
|
$database -> query("UPDATE user_info SET sex=" . $safe_sex . ", bio=\"" . $safe_bio . "\", nickname=\"" . $safe_nickname . "\" WHERE id=" . $user_info_id); |