<?/* change_settings.php (c) 2000 Ying Zhang (ying@zippydesign.com) * * TERMS OF USAGE: * This file was written and developed by Ying Zhang (ying@zippydesign.com) * for educational and demonstration purposes only.  You are hereby granted the  * rights to use, modify, and redistribute this file as you like.  The only * requirement is that you must retain this notice, without modifications, at * the top of your source code.  No warranties or guarantees are expressed or * implied. DO NOT use this code in a production environment without * understanding the limitations and weaknesses pretaining to or caused by the * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK! *//****************************************************************************** * MAIN *****************************************************************************/include("../application.php");require_login();/* form has been submitted, check if it the user login information is correct */if (match_referer() && isset($HTTP_POST_VARS)) {	$frm = $HTTP_POST_VARS;	$errormsg = validate_form($frm, $errors);	if (empty($errormsg)) {		update_settings($frm);		$noticemsg = "Settings change successful";	}} else {	$frm = load_user_profile();}$DOC_TITLE = "Change Settings";include("$CFG->templatedir/header.php");include("$CFG->templatedir/form_header.php");include("templates/change_settings_form.php");include("$CFG->templatedir/footer.php");/****************************************************************************** * FUNCTIONS *****************************************************************************/function load_user_profile() {/* load up the user's details */	global $SESSION;		$username = $SESSION["user"]["username"];	$qid = db_query("SELECT email, phone, address FROM users WHERE username = '$username'");	return db_fetch_array($qid);}function validate_form(&$frm, &$errors) {/* validate the forgot password form, and return the error messages in a string. * if the string is empty, then there are no errors */	global $SESSION;	$errors = new Object;	$msg = "";	if (empty($frm["email"])) {		$errors->email = true;		$msg .= "<li>You did not specify your email address";	} elseif (email_exists($frm["email"]) && $frm["email"] != $SESSION["user"]["email"]) {		$errors->email = true;		$msg .= "<li>The email address <b>" . ov($frm["email"]) ."</b> already exists";		} elseif (empty($frm["phone"])) {		$errors->phone = true;		$msg .= "<li>You did not specify your phone number";		} elseif (empty($frm["address"])) {		$errors->address = true;		$msg .= "<li>You did not specify your address";	}	return $msg;}function update_settings(&$frm) {/* set the user's password to the new one */	global $SESSION;		$username = $SESSION["user"]["username"];	$qid = db_query("	UPDATE users SET		 email = '$frm[email]'		,phone = '$frm[phone]'		,address = '$frm[address]'	WHERE username = '$username'	");}?>