diff options
| -rw-r--r-- | includes/account.php | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/includes/account.php b/includes/account.php index f28cf49..67f0e7a 100644 --- a/includes/account.php +++ b/includes/account.php @@ -25,6 +25,8 @@ $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; +// $showdetalis refers to Secret Question and Answers from account/13.php + $showdetails = ""; if(array_key_exists("showdetails",$_REQUEST)) $showdetails=$_REQUEST['showdetails']; $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); @@ -1205,7 +1207,7 @@ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); } - if($oldid == 13 && $process != "") + if($oldid == 13 && $process != "" && $showdetails!="") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; @@ -1313,18 +1315,20 @@ where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } - $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', - `Q2`='".$_SESSION['_config']['user']['Q2']."', - `Q3`='".$_SESSION['_config']['user']['Q3']."', - `Q4`='".$_SESSION['_config']['user']['Q4']."', - `Q5`='".$_SESSION['_config']['user']['Q5']."', - `A1`='".$_SESSION['_config']['user']['A1']."', - `A2`='".$_SESSION['_config']['user']['A2']."', - `A3`='".$_SESSION['_config']['user']['A3']."', - `A4`='".$_SESSION['_config']['user']['A4']."', - `A5`='".$_SESSION['_config']['user']['A5']."' - where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + if ($showdetails!="") { + $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', + `Q2`='".$_SESSION['_config']['user']['Q2']."', + `Q3`='".$_SESSION['_config']['user']['Q3']."', + `Q4`='".$_SESSION['_config']['user']['Q4']."', + `Q5`='".$_SESSION['_config']['user']['Q5']."', + `A1`='".$_SESSION['_config']['user']['A1']."', + `A2`='".$_SESSION['_config']['user']['A2']."', + `A3`='".$_SESSION['_config']['user']['A3']."', + `A4`='".$_SESSION['_config']['user']['A4']."', + `A5`='".$_SESSION['_config']['user']['A5']."' + where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + } //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); |