X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-edit_user.php;h=ad0e07740fc0904df00b878b750f70467a0e7fa7;hp=ea524158c7ccf010a82b1254d646e4a2012e9fa7;hb=c78089215285d52d483760699d07a96dfbbe0671;hpb=5ef6ed7373ae85e5635e39e2a0adf9496a8add05

diff --git a/inc/modules/admin/what-edit_user.php b/inc/modules/admin/what-edit_user.php
index ea524158c7..ad0e07740f 100644
--- a/inc/modules/admin/what-edit_user.php
+++ b/inc/modules/admin/what-edit_user.php
@@ -32,71 +32,72 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
-// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
 
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
+// Add description as navigation point
+ADD_DESCR("admin", __FILE__);
 
 // Fix a notice
 $result_main = false;
-if (isset($_GET['u_id'])) {
+if (REQUEST_ISSET_GET(('uid'))) {
 	//                                    0      1        2         3      4     5      6       7         8          9           10         11
-	$result_main = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
-	 array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
+	$result_main = SQL_QUERY_ESC("SELECT gender, surname, family, street_nr, zip, city, country, email, birth_day, birth_month, birth_year, max_mails
+FROM `{!_MYSQL_PREFIX!}_user_data`
+WHERE userid=%s
+LIMIT 1",
+		array(bigintval(REQUEST_GET('uid'))), __FILE__, __LINE__);
 }
 
-if ((SQL_NUMROWS($result_main) == 1) || (empty($_GET['u_id'])))
+if ((SQL_NUMROWS($result_main) == 1) || (!REQUEST_ISSET_GET(('uid'))))
 {
 	// User found
-	if (empty($_GET['u_id']))
+	if (!REQUEST_ISSET_GET(('uid')))
 	{
 		// Output selection form with all confirmed user accounts listed
 		ADD_MEMBER_SELECTION_BOX();
 	}
-	 elseif (isset($_POST['edit']))
+	 elseif (REQUEST_ISSET_POST('edit'))
 	{
 		// Ok, change the account...
 		$PASS = false; $ADD = "";
-		if ((empty($_POST['pass1'])) && (empty($_POST['pass2'])))
+		if ((!REQUEST_ISSET_POST(('pass1'))) && (!REQUEST_ISSET_POST(('pass2'))))
 		{
 			// Don't change the password
 			$PASS = true;
 		}
-		 elseif (($_POST['pass1'] == $_POST['pass2']))
+		 elseif ((REQUEST_POST('pass1') == REQUEST_POST('pass2')))
 		{
 			// Change the password
 			$PASS = true;
-			$ADD = ", password='".generateHash($_POST['pass1'])."'";
+			$ADD = ", password='".generateHash(REQUEST_POST('pass1'))."'";
 		}
 		if ($PASS)
 		{
 			// We have to add the following things: birthday and max receive mails
-			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
-sex='%s',
+			SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
+gender='%s',
 surname='%s',
 family='%s',
 street_nr='%s',
 country='%s',
-zip=%d,
+zip=%s,
 city='%s',
 email='%s'
 ".$ADD."
-WHERE userid=%d LIMIT 1",
+WHERE userid=%s LIMIT 1",
  array(
-	substr($_POST['salut'], 0, 1),
-	$_POST['surname'],
-	$_POST['family_name'],
-	$_POST['street_nr'],
-	$_POST['country'],
-	bigintval($_POST['zip']),
-	$_POST['city'],
-	$_POST['email'],
-	bigintval($_GET['u_id']),
+	substr(REQUEST_POST('gender'), 0, 1),
+	REQUEST_POST('surname'),
+	REQUEST_POST('family'),
+	REQUEST_POST('street_nr'),
+	REQUEST_POST('country'),
+	bigintval(REQUEST_POST('zip')),
+	REQUEST_POST('city'),
+	REQUEST_POST('email'),
+	bigintval(REQUEST_GET('uid')),
 ), __FILE__, __LINE__);
 			$content = USER_ACCOUNT_SAVED;
 		}
@@ -112,28 +113,28 @@ WHERE userid=%d LIMIT 1",
 	 else
 	{
 		// Display form to edit
-		list($sex, $surname, $family, $street, $zip, $city, $country, $email, $bday, $bmonth, $byear, $max) = SQL_FETCHROW($result_main);
+		list($gender, $surname, $family, $street, $zip, $city, $country, $email, $bday, $bmonth, $byear, $max) = SQL_FETCHROW($result_main);
 		SQL_FREERESULT($result_main);
 
 		// Transfer data to constants for the template
-		switch ($sex)
+		switch ($gender)
 		{
 		case "M":
-			define('_SEX_M', " selected=\"selected\"");
-			define('_SEX_F', "");
-			define('_SEX_C', "");
+			define('_GENDER_M', " selected=\"selected\"");
+			define('_GENDER_F', "");
+			define('_GENDER_C', "");
 			break;
 
 		case "F":
-			define('_SEX_M', "");
-			define('_SEX_F', " selected=\"selected\"");
-			define('_SEX_C', "");
+			define('_GENDER_M', "");
+			define('_GENDER_F', " selected=\"selected\"");
+			define('_GENDER_C', "");
 			break;
 
 		case "C":
-			define('_SEX_M', "");
-			define('_SEX_F', "");
-			define('_SEX_C', " selected=\"selected\"");
+			define('_GENDER_M', "");
+			define('_GENDER_F', "");
+			define('_GENDER_C', " selected=\"selected\"");
 			break;
 		}
 
@@ -142,14 +143,12 @@ WHERE userid=%d LIMIT 1",
 		define('_COUNTRY', $country); define('_EMAIL' , $email);
 
 		// Load template
-		LOAD_TEMPLATE("admin_edit_user", false, bigintval($_GET['u_id']));
+		LOAD_TEMPLATE("admin_edit_user", false, bigintval(REQUEST_GET('uid')));
 	}
-}
- else
-{
+} else {
 	// Account does not exists!
-	OUTPUT_HTML("<STRONG class=\"admin_failed\">".ADMIN_MEMBER_404_1.$_GET['u_id'].ADMIN_MEMBER_404_2."</STRONG>");
+	LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_failed\">".sprintf(getMessage('ADMIN_MEMBER_404'), REQUEST_GET('uid'))."</div>");
 }
-CLOSE_TABLE();
+
 //
 ?>