diff options
| -rw-r--r-- | includes/account.php | 44 | ||||
| -rw-r--r-- | pages/account/13.php | 4 |
2 files changed, 27 insertions, 21 deletions
diff --git a/includes/account.php b/includes/account.php index f28cf49..36793f0 100644 --- a/includes/account.php +++ b/includes/account.php @@ -22,14 +22,16 @@ loadem("account"); - $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); - $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); - $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; + $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0; + $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0; + $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : ""; +// $showdetalis refers to Secret Question and Answers from account/13.php + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; - $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); - $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); - $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']); - $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']); + $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0; + $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0; + $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0; + $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0; if(!$_SESSION['mconn']) @@ -1205,7 +1207,7 @@ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); } - if($oldid == 13 && $process != "") + if($oldid == 13 && $process != "" && $showdetails!="") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; @@ -1313,18 +1315,20 @@ where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } - $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', - `Q2`='".$_SESSION['_config']['user']['Q2']."', - `Q3`='".$_SESSION['_config']['user']['Q3']."', - `Q4`='".$_SESSION['_config']['user']['Q4']."', - `Q5`='".$_SESSION['_config']['user']['Q5']."', - `A1`='".$_SESSION['_config']['user']['A1']."', - `A2`='".$_SESSION['_config']['user']['A2']."', - `A3`='".$_SESSION['_config']['user']['A3']."', - `A4`='".$_SESSION['_config']['user']['A4']."', - `A5`='".$_SESSION['_config']['user']['A5']."' - where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + if ($showdetails!="") { + $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', + `Q2`='".$_SESSION['_config']['user']['Q2']."', + `Q3`='".$_SESSION['_config']['user']['Q3']."', + `Q4`='".$_SESSION['_config']['user']['Q4']."', + `Q5`='".$_SESSION['_config']['user']['Q5']."', + `A1`='".$_SESSION['_config']['user']['A1']."', + `A2`='".$_SESSION['_config']['user']['A2']."', + `A3`='".$_SESSION['_config']['user']['A3']."', + `A4`='".$_SESSION['_config']['user']['A4']."', + `A5`='".$_SESSION['_config']['user']['A5']."' + where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + } //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); diff --git a/pages/account/13.php b/pages/account/13.php index 1c1cfc6..08f325d 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -23,7 +23,8 @@ $year = intval(substr($user['dob'], 0, 4)); $month = intval(substr($user['dob'], 5, 2)); $day = intval(substr($user['dob'], 8, 2)); - $showdetails = array_key_exists('showdetails', $_REQUEST) && !!intval($_REQUEST['showdetails']); + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; + if($showdetails){ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; $body .= _("You receive this automatic mail since you yourself or someone ". @@ -160,6 +161,7 @@ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td> </tr> <tr> + <input type="hidden" name="showdetails" value="1" /> <? } ?> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> </tr> |