<?php
// header('Location: /profiles/edit', true, 301);
// exit;

session_start();
$inpage = "AC" ;
$thispage = "MEMBER_PROFILE" ;

//連接SQL
require("0sqlconnect.php");
include("function.files.php");
include("0mail.php");
include("0member.php");
//禁止輸出錯誤
error_reporting(0);

	//ID查email
function member_id_to_email($text){
	$text = addslashes($text) ;
	$sql = "SELECT `mem_email` FROM `member` WHERE `mem_id`='$text' LIMIT 1" ;
	$rcd = mysql_fetch_array(mysql_query($sql)) ;
	return $rcd['mem_email'] ;
}

if(isset($_POST[profile_submit])){
 if($_SESSION['session_userid'] != ""){
 	while(1){

		//上傳圖片
		$UploadPath = 'uploads/avatars/';
		if($_FILES['uploadimg']['tmp_name']!=""){
			$ImageInfo = getimagesize($_FILES['uploadimg']['tmp_name']);
			//print_r($ImageInfo); exit;
			if($_FILES['uploadimg']['size'] > 1024*35){
				$BreakMsg = '上傳的圖片大小超過限制，請重新選擇!!';
				break;
			}
			if($ImageInfo[0]> 120 || $ImageInfo[1]> 120){
				$BreakMsg = '上傳的圖片大小超過限制，請重新選擇!!';
				break;
			}
			if($ImageInfo[2]!=1&&$ImageInfo[2]!=2){
				$BreakMsg = '上傳的圖片非圖片檔案，請重新選擇!!';
				break;
			}
			copy($_FILES['uploadimg']['tmp_name'],$UploadPath.$_SESSION['session_userid'].'.gif');
			$MemPicSQL = "`mem_conf_pic`='1', ";
		}

		if($_POST['delete_memicon']==1){
			$MemPicSQL = "`mem_conf_pic`='0', ";
			unlink($UploadPath.$_SESSION['session_userid'].'.gif');
			//echo $MemPicSQL; exit;
		}

		$_POST[mem_gamename] 	= addslashes(htmlspecialchars($_POST[mem_gamename])) ;
		$_POST[mem_gameserver]	= addslashes(htmlspecialchars($_POST[mem_gameserver])) ;
		$_POST[mem_gamearea]	= addslashes(htmlspecialchars($_POST[mem_gamearea])) ;
		$_POST[mem_homepage] 	= addslashes(htmlspecialchars($_POST[mem_homepage])) ;
		$_POST[mem_msn] 		= addslashes(htmlspecialchars($_POST[mem_msn])) ;
		$_POST[mem_yahoo] 		= addslashes(htmlspecialchars($_POST[mem_yahoo])) ;
		$_POST[ad_switch] 		= addslashes(htmlspecialchars($_POST[ad_switch])) ;
		$_POST[msg_switch] 		= addslashes(htmlspecialchars($_POST[msg_switch])) ;
		$_POST[pic_switch] 		= addslashes(htmlspecialchars($_POST[pic_switch])) ;
		$_POST[live_switch] 	= addslashes(htmlspecialchars($_POST[live_switch])) ;
		$_POST[moon_switch] 	= addslashes(htmlspecialchars($_POST[moon_switch])) ;
		$_POST[galleryfav_switch] 	= addslashes(htmlspecialchars($_POST[galleryfav_switch])) ;
		$_POST[weather_switch] 	= addslashes(htmlspecialchars($_POST[weather_switch])) ;
		$_POST[link_switch] 	= addslashes(htmlspecialchars($_POST[link_switch])) ;

		$_POST[gametime] 	= addslashes(($_POST[gametime])) ;
		if (60 < $_POST[gametime] || $_POST[gametime] < -60){
			$_POST[gametime] = 0 ;
		}
		if($_POST['gallery_days'] < 0) $_POST['gallery_days'] = 0;

		$_POST[mem_url_1] 		= addslashes(htmlspecialchars($_POST[mem_url_1])) ;
		$_POST[mem_url_2] 		= addslashes(htmlspecialchars($_POST[mem_url_2])) ;
		$_POST[mem_url_3] 		= addslashes(htmlspecialchars($_POST[mem_url_3])) ;
		$_POST[mem_url_4] 		= addslashes(htmlspecialchars($_POST[mem_url_4])) ;
		$_POST[mem_url_5] 		= addslashes(htmlspecialchars($_POST[mem_url_5])) ;
		$_POST[mem_url_6] 		= addslashes(htmlspecialchars($_POST[mem_url_6])) ;
		$_POST[mem_url_7] 		= addslashes(htmlspecialchars($_POST[mem_url_7])) ;
		$_POST[mem_url_8] 		= addslashes(htmlspecialchars($_POST[mem_url_8])) ;
		$_POST[mem_urlt_1] 		= addslashes(htmlspecialchars($_POST[mem_urlt_1])) ;
		$_POST[mem_urlt_2] 		= addslashes(htmlspecialchars($_POST[mem_urlt_2])) ;
		$_POST[mem_urlt_3] 		= addslashes(htmlspecialchars($_POST[mem_urlt_3])) ;
		$_POST[mem_urlt_4] 		= addslashes(htmlspecialchars($_POST[mem_urlt_4])) ;
		$_POST[mem_urlt_5] 		= addslashes(htmlspecialchars($_POST[mem_urlt_5])) ;
		$_POST[mem_urlt_6] 		= addslashes(htmlspecialchars($_POST[mem_urlt_6])) ;
		$_POST[mem_urlt_7] 		= addslashes(htmlspecialchars($_POST[mem_urlt_7])) ;
		$_POST[mem_urlt_8] 		= addslashes(htmlspecialchars($_POST[mem_urlt_8])) ;

		$_POST['mem_conf_photomsg'] = intval($_POST['mem_conf_photomsg']);
		if($_POST['mem_conf_photomsg'] > 120) $_POST['mem_conf_photomsg'] = 0;

		$sql_memprofile  = "UPDATE `member` SET `mem_gamename`='$_POST[mem_gamename]', `mem_gameserver`='$_POST[mem_gameserver]', `mem_gamearea`='$_POST[mem_gamearea]', " ;
		$sql_memprofile .= "`mem_homepage`='$_POST[mem_homepage]', `mem_msn`='$_POST[mem_msn]', `mem_yahoo`='$_POST[mem_yahoo]', `mem_conf_ad`='$_POST[ad_switch]', `mem_conf_bbsview`='$_POST[bbs_view_switch]', ";
		$sql_memprofile .= "`mem_conf_msg`='$_POST[msg_switch]', `mem_conf_bbs`='$_POST[pic_switch]', `mem_conf_live`='$_POST[live_switch]', `mem_conf_weather`='$_POST[weather_switch]', `mem_conf_moon`='$_POST[moon_switch]', `mem_conf_search`='$_POST[google_switch]', `mem_conf_skills`='$_POST[skills_switch]', ";
		$sql_memprofile .= "`mem_conf_links`='$_POST[link_switch]', `mem_conf_moontime`='$_POST[gametime]', `mem_url1`='$_POST[mem_url_1]', `mem_url2`='$_POST[mem_url_2]', ";
		$sql_memprofile .= "`mem_conf_ybg`='$_POST[ybg_switch]', ";
		$sql_memprofile .= $MemPicSQL;
		$sql_memprofile .= "`mem_style`='$_POST[style_switch]', ";
		$sql_memprofile .= "`mem_conf_galleryfav`='$_POST[galleryfav_switch]', ";
		$sql_memprofile .= "`mem_conf_gallerymsg`='$_POST[gallery_days]', ";
		$sql_memprofile .= "`mem_conf_photomsg`='$_POST[mem_conf_photomsg]', ";
		$sql_memprofile .= "`mem_last_modify`='".date("Y-m-d H:i:s")."', ";
		$sql_memprofile .= "`mem_url3`='$_POST[mem_url_3]', `mem_url4`='$_POST[mem_url_4]', `mem_url5`='$_POST[mem_url_5]', `mem_url6`='$_POST[mem_url_6]', ";
		$sql_memprofile .= "`mem_url7`='$_POST[mem_url_7]', `mem_url8`='$_POST[mem_url_8]', `mem_urlt1`='$_POST[mem_urlt_1]', `mem_urlt2`='$_POST[mem_urlt_2]', ";
		$sql_memprofile .= "`mem_urlt3`='$_POST[mem_urlt_3]', `mem_urlt4`='$_POST[mem_urlt_4]', `mem_urlt5`='$_POST[mem_urlt_5]', `mem_urlt6`='$_POST[mem_urlt_6]', ";
		$sql_memprofile .= "`mem_urlt7`='$_POST[mem_urlt_7]', `mem_urlt8`='$_POST[mem_urlt_8]' ";
		$sql_memprofile .= "WHERE `mem_id`='$_SESSION[session_userid]' LIMIT 1";
		//echo $sql_memprofile;	exit;
		mysql_query($sql_memprofile) ;
		$profile_update_success = "1" ;
		break;
	}
 }
}
//更新密碼
if(isset($_POST[new_pass_submit])){
 if ($_SESSION['session_userid'] != ""){
 	$sql_oldpass_md5 = "SELECT `mem_passwd` FROM `member` WHERE `mem_id`='$_SESSION[session_userid]' LIMIT 1";
	$rcd_oldpass_md5 = mysql_fetch_array(mysql_query($sql_oldpass_md5)) ;
		if ($_POST[old_pass] != ""){
			if (md5($_POST[old_pass]) == $rcd_oldpass_md5[mem_passwd]){
				if(md5($_POST[new_pass]) == md5($_POST[new_pass2])){
					if($_POST[new_pass] != ""){
						if($_POST[new_pass2] != ""){
								//全部通過後
								$md5_new_pass = md5($_POST[new_pass2]) ;
								$sql_newpass_update = "UPDATE `member` SET `mem_passwd`='$md5_new_pass' WHERE `mem_id`='$_SESSION[session_userid]' LIMIT 1";
								mysql_query($sql_newpass_update) ;
								$newpass_update_success = 1 ;

								$rcd_email['mem_email'] = member_id_to_email($_SESSION['session_userid']) ;
								$rcd_email['mem_name'] = member_id_to_user($_SESSION['session_userid']) ;
								$passUID = $_SESSION['session_userid'];
								$UpdatePasswd = 1;

								/*
								$message = '親愛的會員 <b>'.$mailName.'</b> 您好：<p>您於 Mabinogi奇幻世界 '.$inputime.' 在本站會員資料進行修改密碼的動作，此次修改密碼動作已經順利完成，還請您牢記您所設定的新密碼！' ;
	$message .= '提醒您，本站管理員皆無法取得您所設定並加密後的密碼，只能由系統配置新密碼還請見諒；若您還有任何問題，歡迎透過線上回報系統回報您的問題。<p>' ;
	$message .= '會員登入頁面：<a href="http://www.wsm.idv.tw/mabinogi/member_login.php">http://www.wsm.idv.tw/mabinogi/member_login.php</a><p>';
	$message .= '<a href="http://www.wsm.idv.tw/mabinogi/index.php">Mabnogi奇幻世界</a> 祝您使用愉快<br>此信件由系統自動寄送 請勿回覆此信件';*/
								$message = '親愛的會員 <b>'.$rcd_email['mem_name'].'</b> 您好：'."\n\n";
								$message.= '您在 '.date("Y-m-d H:i:s").' 修改了您在 Mabinogi奇幻世界 密碼，'."\n";
								$message.= '此次修改密碼動作已經順利完成，還請您牢記您所設定的新密碼！'."\n\n";
								$message.= '還是必須提醒您切勿使用與遊戲中相同的密碼確保您的帳戶安全，'."\n";
								$message.= '本站無法以任何形式取得您所設定的密碼；'."\n";
								$message.= '若密碼修改不是您本人所修改的，請立即於我們聯絡。';
								//$message.= '立即登入：<a href="http://'.CONFIG_HOSTNAME.'/mabinogi/member_login.php">http://'.CONFIG_HOSTNAME.'/mabinogi/member_login.php</a>';
								//echo $message; exit;
								//MabiMail('Mabinogi奇幻世界 修改新密碼通知');
								if( MabiMail($rcd_email['mem_email'], 'Mabinogi奇幻世界 修改新密碼通知', $message) ){
									//$msgOK = '配送新密碼完成 !!<br>請至您的 '.$rcd_email['mem_email'].' 信箱收取新密碼 !!';
								}

						}else{
							$newpass_update_faild = 4 ;
						}
					}else{
						$newpass_update_faild = 4 ;
					}
				}else{
					$newpass_update_faild = 2 ;
				}
			}else{
				$newpass_update_faild = 1 ;
			}
		}else{
			$newpass_update_faild = 3 ;
		}
 }
}
require ("index.php") ;
?>