HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/SBogers45/smuldersinterieurprojecten.nl/wwwroot/admin/php/
Upload Files
File: D:/HostingSpaces/SBogers45/smuldersinterieurprojecten.nl/wwwroot/admin/php/getProfilePage.php
<?php

function getProfilePage(){
	$output = '';
	
	if(isset($_POST['sbmEditPass'])){
		$output .= sbmEditPass();
	}
	else if(isset($_POST['sbmEditLang'])){
		$output .= sbmEditLang();
	}
	else if(isset($_GET['sub'])){
		$action = $_GET['sub'];
		if($action == 'edit-pass'){
			$output .= showEditPassForm();
		}
		else if($action == 'edit-lang'){
			$output .= showEditLangForm();
		}
		else{
			$output .= showProfile();
		}
	}
	else{
		$output .= showProfile();
	}
	
	
	return $output;	
}


function showProfile(){
	
	//get text
	$siteText = getSiteText();	
		
	//get adminId
	$temp = explode('_', $_SESSION['adminStr']);
	$adminId = strtoupper($temp[0]);
	
	//get info
	$query = 'SELECT a.id, a.user, a.email, a.pass, c.label, c.lang
			  FROM _admin AS a, _client AS c
			  WHERE a.id = "'.$adminId.'"';
	$result = mysql_query($query);
	$record = mysql_fetch_assoc($result);
	
	$id = $record['id'];
	$user = $record['user'];
	$email = $record['email'];
	$pass = $record['pass'];
	$label = $record['label'];
	
	$lang = $record['lang'];
	
	$output = '';	
	$output .= '<div class="double-column-container center">';

		//header
		$output .= '<div class="header-bar top-rounded">'.$siteText['profileTitle'].'</div>';
	
		
		//content
		$output .= '<div class="double-column-content">';
		
			//name	
			$output .= '<h1>'.$label.'</h1>';
		
			//user profile
			$output .= '<div class="profile-row profile-head-row">'.$siteText['profileTitleUser'].'</div>';
			$output .= '<div class="profile-row">';
				$output .= '<div class="profile-row-title">'.$siteText['username'] .'</div>';
				$output .= '<div class="profile-row-value">'.$user.'</div>';
			$output .= '</div>';
			$output .= '<div class="profile-row">';
				$output .= '<div class="profile-row-title">'.$siteText['password'].'</div>';
				$output .= '<div class="profile-row-value">'.$siteText['private'].'</div>';
				$output .= '<div class="profile-row-action"><a href="./profile/edit-pass/" class="profile-menu-link"><img src="./images/icons/edit.png" alt="edit" /></a></div>';
			$output .= '</div>';
			/*$output .= '<div class="profile-row">';
				$output .= '<div class="profile-row-title">Email</div>';
				$output .= '<div class="profile-row-value">'.$email.'</div>';
			$output .= '</div>';*/
			
			//settings
			$output .= '<div class="profile-row profile-head-row">'.$siteText['CMSSettings'].'</div>';
			$output .= '<div class="profile-row">';
				$output .= '<div class="profile-row-title">'.$siteText['language'].'</div>';
				$output .= '<div class="profile-row-value">'.strtoupper($lang).'</div>';
				$output .= '<div class="profile-row-action"><a href="./profile/edit-lang/" class="profile-menu-link"><img src="./images/icons/edit.png" alt="edit" /></a></div>';
			$output .= '</div>';
		$output .= '</div>';
	$output .= '</div>';
	
	
	return $output;
	
}


function showEditPassForm(){
	//get text
	$siteText = getSiteText();	
	
	$output = '';
	
	$output .= '<div class="double-column-container center">';

		//header
		$output .= '<div class="header-bar top-rounded">'.$siteText['profileTitle'].'</div>';
	
		//content
		$output .= '<div class="double-column-content">';
		
			$output .= '<h1>'.$siteText['editPass'].'</h1>';
		
			$output .= '<form action="" method=post>';
							//current pass
				$output .= '<div class="input-total">';
								if(!empty($_SESSION['err'])){ $output .= '<span class="errForm">'.$_SESSION['err'].'</span>'; }
								$output .= '<div class="input-title">'.$siteText['currentPass'].' *</div>
								<input type="password" name="currentPass" value="" />
							</div>';
				$output .= '<div class="clear"></div>';
				
							//new pass
				$output .= '<div class="input-total">
								<div class="input-title">'.$siteText['newPass'].'</div>
								<input type="password" name="newPass" value="" />
							</div>';
				$output .= '<div class="clear"></div>';
				
							//password
				$output .= '<div class="input-total">
								<div class="input-title">'.$siteText['confirmPass'].'</div>
								<input type="password" name="confirmPass" value="" /><br />
							</div>';
				$output .= '<div class="clear"></div>';
							
							//submit
				$output .= '<input type="submit" name="sbmEditPass" value="'.$siteText['btnChangePass'].'" class="button fully-rounded"/>';
			$output .= '</form>';	
	
		$output .= '</div>';
		
	$output .= '</div>';
	

	return $output;
}


function sbmEditPass(){
	//get text
	$siteText = getSiteText();	
	
	//get id
	$temp = explode('_', $_SESSION['adminStr']);
	$adminId = strtoupper($temp[0]);
	
	$query = 'SELECT id, user, email, pass FROM _admin WHERE id = "'.$adminId.'"';
	$result = mysql_query($query);
	$record = mysql_fetch_assoc($result);
	
	$id = $record['id'];
	$email = $record['email'];
	$pass = $record['pass'];
	$user = $record['user'];
	
	$output = '';
	
	// if all fields are filt in
	if(!empty($_POST['currentPass']) && !empty($_POST['newPass']) && !empty($_POST['confirmPass'])){
		// if this password is equal to the password in the database
		if(md5($_POST['currentPass']) == $pass){
			//pasword must be at least 6 characters
			if(strlen($_POST['newPass']) >= 6){
				//if confirmPass is equal to newPass
				if($_POST['newPass'] == $_POST['confirmPass']){
					//set to database
					$query = mysql_query("UPDATE _admin SET pass = '".md5($_POST['newPass'])."' WHERE id = '".$adminId."'");	
					
					$str = $record['id'].'_'.md5($user.md5($_POST['newPass'])); //id + md5( user + pass );
					//$str = $id.'_'.md5($email.md5($_POST['newPass'])); //id + md5( user + pass );
					$_SESSION['adminStr'] = $str;
					
					unset($_SESSION['err']);
					
					header('location: ../');
				}
				else{
					$_SESSION['err'] = $siteText['passDontMatch'];
					$output .= showEditPassForm();
				}
			}
			else{
				$_SESSION['err'] = $siteText['passChar'];
				$output .= showEditPassForm();
			}
		}
		else{
			$_SESSION['err'] = $siteText['currentPassIncorrect'];
			$output .= showEditPassForm();
		}
	}
	else{
		$_SESSION['err'] = $siteText['emptyField2'];
		$output .= showEditPassForm();
	}
	return $output;	
}


function showEditLangForm(){
	//get text
	$siteText = getSiteText();	
	
	//get info
	$result = mysql_query('SELECT lang FROM _client LIMIT 1');
	$record = mysql_fetch_assoc($result);
	$lang = $record['lang'];
	
	$output = '';
	$output .= '<div class="double-column-container center">';
		//header
		$output .= '<div class="header-bar top-rounded">'.$siteText['profileTitle'].'</div>';
	
		//content
		$output .= '<div class="double-column-content">';
		
			$output .= '<h1>Edit language</h1>';
		
			$output .= '<form action="" method=post>';
							//current pass
				if(!empty($_SESSION['err'])){ $output .= '<span class="errForm">'.$_SESSION['err'].'</span>'; }
				$output .= '<select name="newLang">';
					$output .= '<option value="en" ';
						if($lang == 'EN') $output .= ' selected ';
					$output .= '>EN</option>';
					$output .= '<option value="nl" ';
						if($lang == 'NL') $output .= ' selected ';
					$output .= '>NL</option>';
				$output .= '</select>';
				$output .= '<div class="clear"></div>';
				
							//submit
				$output .= '<input type="submit" name="sbmEditLang" value="'.$siteText['btnChangeLang'].'" class="button fully-rounded"/>';
			$output .= '</form>';	
	
		$output .= '</div>';
	$output .= '</div>';
	
	return $output;
	
}

function sbmEditLang(){
	$lang = $_POST['newLang'];	
	mysql_query('UPDATE _client SET lang = "'.$lang.'" LIMIT 1');
	header('location: ../');
}

?>
@ Telegram