server()) {
metaRefresh("../login.php");
exit;
}
// copy type and profile name from POST to GET
if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname'];
if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype'];
if (isAccountTypeHidden($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
die();
}
// abort button was pressed
// back to profile editor
if (isset($_POST['abort'])) {
metaRefresh("profilemain.php");
exit;
}
$errors = array();
// save button was presed
if (isset($_POST['save'])) {
// create option array to check and save
$options = array();
$opt_keys = array_keys($_SESSION['profile_types']);
foreach ($opt_keys as $element) {
// text fields
if ($_SESSION['profile_types'][$element] == "text") {
$options[$element] = array($_POST[$element]);
}
// checkboxes
elseif ($_SESSION['profile_types'][$element] == "checkbox") {
if (isset($_POST[$element]) && ($_POST[$element] == "on")) $options[$element] = array('true');
else $options[$element] = array('false');
}
// dropdownbox
elseif ($_SESSION['profile_types'][$element] == "select") {
$options[$element] = array($_POST[$element]);
}
// multiselect
elseif ($_SESSION['profile_types'][$element] == "multiselect") {
if (isset($_POST[$element])) $options[$element] = $_POST[$element]; // value is already an array
else $options[$element] = array();
}
// textareas
if ($_SESSION['profile_types'][$element] == "textarea") {
$options[$element] = explode("\r\n", $_POST[$element]);
}
}
// remove double slashes if magic quotes are on
if (get_magic_quotes_gpc() == 1) {
foreach ($opt_keys as $element) {
if (isset($options[$element][0]) && is_string($options[$element][0])) $options[$element][0] = stripslashes($options[$element][0]);
}
}
// check options
$errors = checkProfileOptions($_POST['accounttype'], $options);
if (sizeof($errors) == 0) { // input data is valid, save profile
// save profile
if (saveAccountProfile($options, $_POST['profname'], $_POST['accounttype'])) {
metaRefresh('profilemain.php?savedSuccessfully=' . $_POST['profname']);
exit();
}
else {
$errors[] = array("ERROR", _("Unable to save profile!"), $_POST['profname']);
}
}
}
// print header
include '../main_header.php';
// print error messages if any
if (sizeof($errors) > 0) {
echo "
\n";
for ($i = 0; $i < sizeof($errors); $i++) {
call_user_func_array('StatusMessage', $errors[$i]);
}
}
// empty list of attribute types
$_SESSION['profile_types'] = array();
// check if account type is valid
$type = $_GET['type'];
// get module options
$options = getProfileOptions($type);
// load old profile or POST values if needed
$old_options = array();
if (isset($_POST['save'])) {
$postKeys = array_keys($_POST);
for ($i = 0; $i < sizeof($postKeys); $i++) {
if (!is_array($_POST[$postKeys[$i]])) {
if (get_magic_quotes_gpc() == 1) {
$old_options[$postKeys[$i]] = array(stripslashes($_POST[$postKeys[$i]]));
}
else {
$old_options[$postKeys[$i]] = array($_POST[$postKeys[$i]]);
}
}
else {
$old_options[$postKeys[$i]] = $_POST[$postKeys[$i]];
}
}
}
elseif (isset($_GET['edit'])) {
$old_options = loadAccountProfile($_GET['edit'], $type);
}
// display formular
echo ("