HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/360.naniguide.com/backend/ajax/save_profile.php
<?php
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED);
ob_start();
session_start();
if((($_SERVER['SERVER_ADDR']==$_SESSION['demo_server_ip']) && ($_SERVER['REMOTE_ADDR']!=$_SESSION['demo_developer_ip']) && ($_SESSION['id_user']==$_SESSION['demo_user_id'])) || ($_SESSION['svt_si']!=session_id())) {
    die();
}
require_once("../../db/connection.php");
require_once(dirname(__FILE__).'/../functions.php');
$settings = get_settings();
$id_user = $_SESSION['id_user'];
$user_info = get_user_info($id_user);
if(!empty($user_info['language'])) {
    set_language($user_info['language'],$settings['language_domain']);
} else {
    set_language($settings['language'],$settings['language_domain']);
}
$username = strip_tags($_POST['username_svt']);
$email = strip_tags($_POST['email_svt']);
$language = strip_tags($_POST['language_svt']);
$avatar = strip_tags($_POST['avatar_svt']);
$first_name = strip_tags($_POST['first_name']);
$last_name = strip_tags($_POST['last_name']);
$company = strip_tags($_POST['company']);
$tax_id = strip_tags($_POST['tax_id']);
$street = strip_tags($_POST['street']);
$city = strip_tags($_POST['city']);
$province = strip_tags($_POST['province']);
$postal_code = strip_tags($_POST['postal_code']);
$country = strip_tags($_POST['country']);
$tel = strip_tags($_POST['tel']);
$query_check = "SELECT id FROM svt_users WHERE username=? AND id!=?;";
if($smt = $mysqli->prepare($query_check)) {
    $smt->bind_param('si', $username, $id_user);
    $result_check = $smt->execute();
    if ($result_check) {
        $result_check = get_result($smt);
        if (count($result_check) > 0) {
            ob_end_clean();
            echo json_encode(array("status"=>"error","msg"=>_("Username already registered!")));
            exit;
        }
    }
}
$query_check = "SELECT id FROM svt_users WHERE email=? AND id!=?;";
if($smt = $mysqli->prepare($query_check)) {
    $smt->bind_param('si', $email, $id_user);
    $result_check = $smt->execute();
    if ($result_check) {
        $result_check = get_result($smt);
        if (count($result_check) > 0) {
            ob_end_clean();
            echo json_encode(array("status"=>"error","msg"=>_("E-mail already registered!")));
            exit;
        }
    }
}
$reload = 0;
if (strpos($avatar, 'data:image') !== false) {
    $avatar_image = base64_decode(explode(",",$avatar)[1]);
    $im = @imagecreatefromstring($avatar_image);
    $name_avatar = 'avatar_'.time().'.jpg';
    imagejpeg($im, dirname(__FILE__).'/../assets/'.$name_avatar,100);
    if(file_exists(dirname(__FILE__).'/../assets/'.$name_avatar)) {
        $query = "UPDATE svt_users SET avatar=? WHERE id=?;";
        if($smt = $mysqli->prepare($query)) {
            $smt->bind_param('si', $name_avatar, $id_user);
            $smt->execute();
            $reload = true;
        }
    }
}
$query_l = "SELECT language,username FROM svt_users WHERE id=? LIMIT 1;";
if($smt = $mysqli->prepare($query_l)) {
    $smt->bind_param('i',  $id_user);
    $result_l = $smt->execute();
    if ($result_l) {
        $result_l = get_result($smt);
        if (count($result_l) == 1) {
            $row_l = array_shift($result_l);
            $language_exist = $row_l['language'];
            $username_exist = $row_l['username'];
            if($language!=$language_exist) {
                $_SESSION['lang']=$language;
                $reload = 1;
            }
            if($username!=$username_exist) {
                $reload = 1;
            }
        }
    }
}
session_write_close();
$query = "UPDATE svt_users SET username=?,email=?,language=?,first_name=?,last_name=?,company=?,tax_id=?,street=?,city=?,province=?,postal_code=?,country=?,tel=? WHERE id=?;";
if($smt = $mysqli->prepare($query)) {
    $smt->bind_param('sssssssssssssi',  $username,$email,$language,$first_name,$last_name,$company,$tax_id,$street,$city,$province,$postal_code,$country,$tel,$id_user);
    $result = $smt->execute();
    if ($result) {
        ob_end_clean();
        echo json_encode(array("status"=>"ok","reload_page"=>$reload));
    } else {
        ob_end_clean();
        echo json_encode(array("status"=>"error","msg"=>_("Error")));
    }
} else {
    echo json_encode(array("status"=>"error","msg"=>_("Error")));
}