PHP do_sqlquery函数代码示例

function get_value($what, $table, $area, $id)
{
    global $TABLE_PREFIX;
    $query = do_sqlquery("SELECT {$what} FROM {$TABLE_PREFIX}{$table} WHERE {$area}={$id}", true);
    $object_to_array = mysql_fetch_array($query) or sql_err(__FILE__, __LINE__);
    return $object_to_array[$what];
}

function read_invitations()
{
    global $TABLE_PREFIX, $admintpl, $language, $CURUSER, $STYLEPATH, $btit_settings;
    $scriptname = htmlspecialchars($_SERVER["PHP_SELF"] . "?page=admin&user=" . $CURUSER["uid"] . "&code=" . $CURUSER["random"] . "&do=invitations");
    $addparam = "";
    $res = get_result("SELECT COUNT(*) as invites FROM {$TABLE_PREFIX}invitations", true);
    $count = $res[0]["invites"];
    list($pagertop, $pagerbottom, $limit) = pager('15', $count, $scriptname . "&");
    $admintpl->set("inv_pagertop", $pagertop);
    $admintpl->set("inv_pagerbottom", $pagerbottom);
    $results = get_result("SELECT * FROM {$TABLE_PREFIX}invitations ORDER BY id DESC {$limit}", true);
    $invitees = array();
    $i = 0;
    foreach ($results as $id => $data) {
        $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = " . $data["inviter"], true);
        if (mysql_num_rows($res) > 0) {
            $inviter_name = mysql_result($res, 0, 0);
        } else {
            $inviter_name = 'Unknown';
        }
        $invitees[$i]["inviter"] = "<a href=\"index.php?page=userdetails&amp;user=" . $data["inviter"] . "\">" . $inviter_name . "</a>";
        $invitees[$i]["invitee"] = unesc($data["invitee"]);
        $invitees[$i]["hash"] = unesc($data["hash"]);
        $invitees[$i]["time_invited"] = $data["time_invited"];
        $invitees[$i]["delete"] = "<a href=\"index.php?page=admin&amp;user=" . $CURUSER["uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=invitations&amp;action=delete&amp;id=" . $data["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
        $i++;
    }
    $admintpl->set("invitees", $invitees);
    $admintpl->set("language", $language);
}

function scrape($url, $infohash = '')
{
    global $TABLE_PREFIX, $BASEDIR;
    if (isset($url)) {
        $url_c = parse_url($url);
        if (!isset($url_c["port"]) || empty($url_c["port"])) {
            $url_c["port"] = 80;
        }
        require_once $BASEDIR . "/phpscraper/" . $url_c["scheme"] . "tscraper.php";
        try {
            $timeout = 5;
            if ($url_c["scheme"] == "udp") {
                $scraper = new udptscraper($timeout);
            } else {
                $scraper = new httptscraper($timeout);
            }
            $ret = $scraper->scrape($url_c["scheme"] . "://" . $url_c["host"] . ":" . $url_c["port"] . ($url_c["scheme"] == "udp" ? "" : "/announce"), array($infohash));
            do_sqlquery("UPDATE `{$TABLE_PREFIX}files` SET `lastupdate`=NOW(), `lastsuccess`=NOW(), `seeds`=" . $ret[$infohash]["seeders"] . ", `leechers`=" . $ret[$infohash]["leechers"] . ", `finished`=" . $ret[$infohash]["completed"] . " WHERE `announce_url` = '" . $url . "'" . ($infohash == "" ? "" : " AND `info_hash`='" . $infohash . "'"), true);
            if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) == 1) {
                write_log('SUCCESS update external torrent from ' . $url . ' tracker (infohash: ' . $infohash . ')', '');
            }
        } catch (ScraperException $e) {
            write_log("FAILED update external torrent " . ($infohash == "" ? "" : "(infohash: " . $infohash . ")") . " from " . $url . " tracker (" . $e->getMessage() . "))", "");
        }
        return;
    }
    return;
}

function UploadImage($file, $to_url, $allowed_types = NULL, $allowed_ext = NULL)
{
    global $uid, $max_file_size, $max_image_width, $max_image_height, $TABLE_PREFIX;
    if (is_uploaded_file($file["tmp_name"])) {
        list($x, $y, $image_type) = getimagesize($file["tmp_name"]);
        $size = filesize($file["tmp_name"]);
        if ($x > $max_image_width or $max_image_height > 200) {
            redirect("index.php?page=usercp&do=avatar&action=read&what=image_size&uid=" . $uid . "");
            die;
        }
        if ($size > $max_file_size) {
            redirect("index.php?page=usercp&do=avatar&action=read&what=file_size&uid=" . $uid . "");
            die;
        }
        $split_name = explode(".", $file["name"]);
        $file_name = $file["name"];
        if (($allowed_types == NULL || array_search($image_type, $allowed_types, true) !== false) && ($allowed_ext == NULL || array_search(strtolower($split_name[count($split_name) - 1]), $allowed_ext) !== false)) {
            $pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
            while (file_exists($to_url . $file_name)) {
                $split_name[0] = $split_name[0] . $pattern[rand(0, 35)];
                $file_name = implode(".", $split_name);
            }
            move_uploaded_file($file["tmp_name"], $to_url . $file_name);
            do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `avatar_upload_name`='{$file_name}' WHERE `id` = {$uid}", true);
            return $file_name;
        }
    }
    return false;
}

 function get_settings($key)
 {
     global $TABLE_PREFIX;
     $curr_conf_query = do_sqlquery("SELECT `value` FROM `{$TABLE_PREFIX}settings` WHERE `key` = '" . $key . "'", true);
     $curr_conf = mysql_fetch_assoc($curr_conf_query);
     return $curr_conf["value"];
 }

function sortCategories($key)
{
    global $TABLE_PREFIX;
    $categories_ordering = 1;
    foreach ($_POST[$key] as $categories_id) {
        //echo $banner_id.", ";
        $query = "UPDATE {$TABLE_PREFIX}categories SET sort_index = '{$categories_ordering}' WHERE id = " . (int) $categories_id;
        echo $query . "\n";
        do_sqlquery($query);
        $categories_ordering++;
    }
}

function paypal_form($amount, $mail, $item, $curr)
{
    global $CURUSER, $btit_settings, $TABLE_PREFIX, $BASEURL;
    // get user's style
    $resheet = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}style where id=" . $CURUSER["style"] . " LIMIT 1", TRUE, $btit_settings["cache_duration"]);
    if (!$resheet) {
        $STYLEPATH = "{$THIS_BASEPATH}/style/xbtit_default";
        $STYLEURL = "{$BASEURL}/style/xbtit_default";
    } else {
        $resstyle = mysqli_fetch_array($resheet);
        $STYLEPATH = "{$THIS_BASEPATH}/" . $resstyle["style_url"];
        $STYLEURL = "{$BASEURL}/" . $resstyle["style_url"];
    }
    // get settings
    $zap_pp = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM {$TABLE_PREFIX}paypal_settings WHERE id ='1'");
    $settings = mysqli_fetch_array($zap_pp);
    $form = '
	<html>
		<head><title>processing</title><link rel="stylesheet" type="text/css" href="' . $STYLEURL . '/main.css" /></head>
		<body onload="document.paypal.submit();"><br/><br/><br/><br/><br/>
			<table width=30% align=center><tr><td class="block"><center><b>Processing</b></center></td></tr><tr>
                        <td class=lista><center><img border="0" src="images/safe-secure.gif"></td></tr></table>
			<form action="' . ($settings["test"] == "true" ? "https://www.sandbox.paypal.com/cgi-bin/webscr" : "https://www.paypal.com/cgi-bin/webscr") . '" method="post" name="paypal">
				<input type="hidden" name="cmd" value="_xclick" />
				<input type="hidden" name="no_note" value="1" />
				<input type="hidden" name="no_shipping" value="1" />
				<input type="hidden" name="business" value="' . $mail . '" />
				<input type="hidden" name="item_number" value="' . $item . '" />
				<input type="hidden" name="item_name" value="Donation from uid: ' . $CURUSER['uid'] . '" />
				<input type="hidden" name="quantity" value="1" />
				<input type="hidden" name="amount" value="' . $amount . '" />
				<input type="hidden" name="currency_code" value="' . $curr . '" />
				<input type="hidden" name="email" value="' . $CURUSER['email'] . '" />
				<input type="hidden" name="address1" value="" />
				<input type="hidden" name="address2" value="" />
				<input type="hidden" name="city" value="" />
				<input type="hidden" name="country" value="" />
				<input type="hidden" name="zip" value="" />
				<input type="hidden" name="night_phone_a" value="" />
				<input type="hidden" name="night_phone_b" value="" />
				<input type="hidden" name="return" value="' . ($return_to_address ? $return_to_address['true'] : $BASEURL . '/index.php?page=success') . '" />
				<input type="hidden" name="cancel_return" value="' . ($return_to_address ? $return_to_address['false'] : $BASEURL . $_SERVER['SCRIPT_NAME'] . '?do=cancel') . '" />
			</form>
		</body>
	</html>';
    if ($CURUSER['uid'] === 0 or $CURUSER['username'] === 'Guest') {
        unset($CURUSER);
    }
    return $form;
}

function read_styles()
{
    global $TABLE_PREFIX, $language, $CURUSER, $admintpl, $STYLEPATH;
    $sres = style_list();
    for ($i = 0; $i < count($sres); $i++) {
        $res = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}users WHERE style = " . $sres[$i]["id"], true);
        $sres[$i]["style_users"] = mysql_result($res, 0, 0);
        $sres[$i]["style"] = unesc($sres[$i]["style"]);
        $sres[$i]["style_url"] = unesc($sres[$i]["style_url"]);
        $sres[$i]["edit"] = "<a href=\"index.php?page=admin&amp;user=" . $CURUSER["uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=style&amp;action=edit&amp;id=" . $sres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>";
        $sres[$i]["delete"] = "<a href=\"index.php?page=admin&amp;user=" . $CURUSER["uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=style&amp;action=delete&amp;id=" . $sres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
    }
    $admintpl->set("style_add", false, true);
    $admintpl->set("language", $language);
    $admintpl->set("styles", $sres);
    $admintpl->set("style_add_new", "<a href=\"index.php?page=admin&amp;user=" . $CURUSER["uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=style&amp;action=add\">" . $language["STYLE_ADD"] . "</a>");
    unset($sres);
    mysql_free_result($res);
}

if ($CURUSER["view_users"] == "no") {
    err_msg($language["ERROR"], $language["NOT_AUTHORIZED"] . " " . strtolower($language["STAFF"]) . "!");
    stdfoot();
    exit;
} else {
    $query = "SELECT u.id, u.username, u.avatar, UNIX_TIMESTAMP(u.joined) joined, ";
    $query .= "UNIX_TIMESTAMP(u.lastconnect) lastconnect, ul.level, ul.prefixcolor, ";
    $query .= "ul.suffixcolor, c.name country, c.flagpic, o.lastaction ";
    $query .= "FROM {$TABLE_PREFIX}users u ";
    $query .= "LEFT JOIN {$TABLE_PREFIX}users_level ul ON u.id_level = ul.id ";
    $query .= "LEFT JOIN {$TABLE_PREFIX}countries c ON u.flag = c.id ";
    $query .= "LEFT JOIN {$TABLE_PREFIX}online o ON u.id = o.user_id ";
    $query .= "WHERE u.id_level >=6 ";
    $query .= "AND u.id_level <=8 ";
    $query .= "ORDER BY u.id_level DESC, u.id ASC";
    $res = do_sqlquery($query);
    $i = 0;
    while ($row = mysql_fetch_assoc($res)) {
        is_null($row["avatar"]) || $row["avatar"] == "" ? $avatar = "<img src='{$STYLEURL}/images/default_avatar.gif' height=80 width=80>" : ($avatar = "<img src='" . $row["avatar"] . "' height=80 width=80>");
        is_null($row["lastaction"]) ? $lastseen = $row["lastconnect"] : ($lastseen = $row["lastaction"]);
        time() - $lastseen > 900 ? $status = "<img src='images/offline.gif' border='0' alt='" . $language["OFFLINE"] . "'>" : ($status = "<img src='images/online.gif' border='0' alt='" . $language["ONLINE"] . "'>");
        if (is_null($row["flagpic"])) {
            $row["flagpic"] = "unknown.gif";
            $row["country"] = $language["UNKNOWN"];
        }
        $user[$i] = "<tr>";
        $user[$i] .= "<td class='lista' width='84'><center>{$avatar}</center></td>";
        $user[$i] .= "<td class='lista'><center><a href='index.php?page=usercp&amp;do=pm&amp;action=edit&amp;uid=" . $CURUSER["uid"] . "&amp;what=new&amp;to=" . $row["username"] . "'><img src='{$STYLEURL}/images/pm.gif'alt='" . $language["PM"] . "' border='0'></a></center></td>";
        $user[$i] .= "<td class='lista'><center><a href='index.php?page=userdetails&amp;id=" . $row["id"] . "'>" . stripslashes($row["prefixcolor"]) . $row["username"] . stripslashes($row["suffixcolor"]) . "</a></center></td>";
        $user[$i] .= "<td class='lista'><center>" . ucfirst($row["level"]) . "</center></td>";
        $user[$i] .= "<td class='lista'><center><img src='images/flag/" . $row["flagpic"] . "' border='0' alt='" . $row["country"] . "'></center></td>";

    $org = $CURUSER['username'];
    $r = do_sqlquery("SELECT * from {$TABLE_PREFIX}users where id={$uid}");
    $c = mysqli_result($r, 0, "seedbonus");
    if ($c >= $GLOBALS["price_name"]) {
        if (isset($_POST["name"])) {
            $custom = mysqli_real_escape_string($DBDT, $_POST["name"]);
        } else {
            $custom = "";
        }
        if ("{$custom}" == "") {
        } else {
            $res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE username='" . htmlspecialchars($custom) . "'", true);
            if (mysqli_num_rows($res) > 0) {
            } else {
                do_sqlquery("UPDATE {$TABLE_PREFIX}users SET username='" . htmlspecialchars($custom) . "' WHERE id={$CURUSER['uid']}");
                if ($FORUMLINK == "smf") {
                    do_sqlquery("UPDATE {db_prefix}members SET  memberName='" . htmlspecialchars($custom) . "' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]);
                }
                $p = $GLOBALS["price_name"];
                do_sqlquery("UPDATE {$TABLE_PREFIX}users SET seedbonus=seedbonus-{$p} WHERE id={$CURUSER['uid']}");
            }
            // sb control
            @mysqli_query($GLOBALS["___mysqli_ston"], "INSERT into {$TABLE_PREFIX}sb (id,what,gb,points,date) VALUES ('{$uid}','Username ( " . htmlspecialchars($custom) . " )','0', '" . $GLOBALS["price_name"] . "',NOW())");
            // sb control
            do_sqlquery("INSERT INTO {$TABLE_PREFIX}username (uid,username,org,date) VALUES (\"{$uid}\",\"{$custom}\",\"{$org}\",NOW())");
        }
    }
    header("Location: index.php?page=modules&module=seedbonus");
} else {
    header("Location: index.php");
}

            foreach ($alevel as $level) {
                $combo_max_view .= "\n<option value=\"" . $level["id_level"] . ($level["id_level"] == 8 ? "\" selected=\"selected\">" : "\">") . $level["level"] . "</option>";
            }
            $combo_max_view .= "\n</select>";
        }
        $admintpl->set("combo_min_view", $combo_min_view);
        $admintpl->set("combo_max_view", $combo_max_view);
        $admintpl->set("frm_action", "index.php?page=admin&amp;user=" . $CURUSER["uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=blocks&amp;action=confirm&amp;id={$id}");
        $admintpl->set("language", $language);
        $admintpl->set("edit_block", true, true);
        break;
    case 'save':
        if ($_POST["confirm"] == $language["FRM_CONFIRM"]) {
            $br = get_result("SELECT * FROM {$TABLE_PREFIX}blocks", true);
            foreach ($br as $id => $block) {
                $active = isset($_POST["status_" . $block["blockid"]]) ? 1 : 0;
                $position = sqlesc($_POST["position_" . $block["blockid"]]);
                $sort = max(0, $_POST["sort_" . $block["blockid"]]);
                $block_minview = sqlesc(intval($_POST["minclassview_" . $block["blockid"]]));
                $block_maxview = sqlesc(intval($_POST["maxclassview_" . $block["blockid"]]));
                $id = $block["blockid"];
                do_sqlquery("UPDATE {$TABLE_PREFIX}blocks SET position={$position}, sortid={$sort}, status={$active}, minclassview={$block_minview}, maxclassview={$block_maxview} WHERE blockid={$id}", true);
            }
        }
        // don't break, we read the new block's position ;)
    // don't break, we read the new block's position ;)
    case '':
    case 'read':
    default:
        read_blocks();
}

    $usys = "&nbsp;<img src='images/user_images/" . $sy . "' alt='" . $btit_settings["text_sys"] . "' title='" . $btit_settings["text_sys"] . "' />";
}
// user image
// gift
$xmasdayst = mktime(0, 0, 0, 12, 1, 2015);
$xmasdayend = mktime(0, 0, 0, 1, 5, 2016);
$today = mktime(date("G"), date("i"), date("s"), date("m"), date("d"), date("Y"));
if ($CURUSER["gotgift"] == 'no' && $today >= $xmasdayst && $today <= $xmasdayend) {
    ?>
 
<td class='lista' style='text-align:center;;' align='center'><a href='index.php?page=gift&open=1'><img src='images/gift.png' alt='Xmas Gift' title='Xmas Gift' /></a></td>
<?php 
}
// gift
// DT reputation system start
$reput = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}reputation_settings WHERE id =1");
$setrep = mysqli_fetch_array($reput);
if ($setrep["rep_is_online"] == 'false') {
    //do nothing
} else {
    if ($rowuser["reputation"] == 0) {
        $rep = "<a href=index.php?page=reputationpage  > &nbsp; &nbsp; Reputace &nbsp;<img src='images/rep/reputation_balance.gif' border='0' alt='" . $setrep["no_level"] . "' title='" . $setrep["no_level"] . "' /></a>";
    }
    if ($rowuser["reputation"] >= 1) {
        $rep = "<a href=index.php?page=reputationpage  > &nbsp; &nbsp; Reputace &nbsp;<img src='images/rep/reputation_pos.gif' border='0' alt='" . $setrep["good_level"] . "' title='" . $setrep["good_level"] . "' /></a>";
    }
    if ($rowuser["reputation"] <= -1) {
        $rep = "<a href=index.php?page=reputationpage  > &nbsp; &nbsp; Reputace &nbsp;<img src='images/rep/reputation_neg.gif'border='0' alt='" . $setrep["bad_level"] . "' title='" . $setrep["bad_level"] . "' /></a>";
    }
    if ($rowuser["reputation"] >= 101) {
        $rep = "<a href=index.php?page=reputationpage  > &nbsp; &nbsp; Reputace &nbsp;<img src='images/rep/reputation_highpos.gif' border='0' alt='" . $setrep["best_level"] . "' title='" . $setrep["best_level"] . "' /></a>";

            <input type="text" name="genre" value="" size="50" />
            </fieldset>
          </td>
        </tr>
        <tr>
          <td align="center" class="header">
            <input type="submit" value="' . $language['f3'] . '" /> <input type="reset" value="' . $language['f4'] . '" />
          </td>
        </tr>
      </table>
      </form>';
    $djtpl->set("reqform", $reqform);
}
if ($_GET['do'] == 'list') {
    $is_mod = $CURUSER["edit_users"] == "yes";
    $Query = do_sqlquery('SELECT t.*, u.username, g.prefixcolor, g.suffixcolor FROM ' . $TABLE_PREFIX . 'shoutcastdj t LEFT JOIN ' . $TABLE_PREFIX . 'users u ON t.uid=u.id LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id ORDER by t.active ASC', true);
    if (mysqli_num_rows($Query)) {
        $activedjlist = '
            <table width="100%" align="center" border="0" cellpadding="3" cellspacing="0">
              <tr>
                <td colspan="5" class="header"><center>' . $language['djlist'] . '</center></td>
              </tr>
              <tr>
                <td class="header"><center>' . $language['djname'] . '</center></td>
                <td class="header"><center>' . $language['adays'] . '</center></td>
                <td class="header"><center>' . $language['atime'] . '</center></td>
                <td class="header"><center>' . $language['genre'] . '</center></td>
                <td class="header"><center>' . $language['status'] . '</center></td>
              </tr>';
        while ($List = mysqli_fetch_assoc($Query)) {
            $activedjlist .= '

         $lastip = sprintf("%u", ip2long($lastip));
         if ($firstip == -1 || $lastip == -1) {
             err_msg($language["ERROR"], $language["BAN_IP_ERROR"]);
         } else {
             $comment = sqlesc($comment);
             $added = sqlesc(time());
             do_sqlquery("INSERT INTO {$TABLE_PREFIX}bannedip (added, addedby, first, last, comment) VALUES({$added}, {$CURUSER['uid']}, {$firstip}, {$lastip}, {$comment})", true);
         }
     }
     // don't break, so now we read directly ;)
 // don't break, so now we read directly ;)
 case '':
 case 'read':
 default:
     $banned = array();
     $getbanned = do_sqlquery("SELECT b.*, u.username FROM {$TABLE_PREFIX}bannedip b LEFT JOIN {$TABLE_PREFIX}users u ON u.id=b.addedby ORDER BY b.added DESC", true);
     $rowsbanned = @mysql_num_rows($getbanned);
     $admintpl->set("frm_action", "index.php?page=admin&user=" . $CURUSER["uid"] . "&code=" . $CURUSER["random"] . "&do=banip&action=write");
     $i = 0;
     if ($rowsbanned > 0) {
         $admintpl->set("no_records", false, true);
         while ($arr = mysql_fetch_assoc($getbanned)) {
             $banned[$i]["first_ip"] = long2ip($arr["first"]);
             $banned[$i]["last_ip"] = long2ip($arr["last"]);
             $banned[$i]["date"] = get_date_time($arr['added']);
             $banned[$i]["comments"] = htmlspecialchars(unesc($arr["comment"]));
             $banned[$i]["by"] = "<a href=\"index.php?page=userdetails&amp;id=" . $arr["addedby"] . "\">" . unesc($arr["username"]) . "</a>";
             $banned[$i]["remove"] = "<a href=\"index.php?page=admin&amp;user=" . $CURUSER["uid"] . "&amp;code=" . $CURUSER["random"] . "&amp;do=banip&amp;action=delete&amp;ip={$arr['id']}\" onclick=\"return confirm('" . str_replace("'", "\\'", $language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
             $i++;
         }
     } else {

            stdfoot();
            exit;
        } elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) {
            err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
            stdfoot();
            exit;
        } else {
            $respwd = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE id={$uid} AND password='" . md5($_POST["old_pwd"]) . "' AND username=" . sqlesc($CURUSER["username"]) . "");
            if (!$respwd || mysql_num_rows($respwd) == 0) {
                err_msg($language["ERROR"], $language["ERR_RETR_DATA"]);
            } else {
                $arr = mysql_fetch_assoc($respwd);
                do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='" . md5($_POST["new_pwd"]) . "' WHERE id={$uid} AND password='" . md5($_POST["old_pwd"]) . "' AND username=" . sqlesc($CURUSER["username"]) . "") or die(mysql_error());
                if ($GLOBALS["FORUMLINK"] == "smf") {
                    $passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]);
                    do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]) or die(mysql_error());
                }
                success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>");
                stdfoot(true, false);
            }
        }
        break;
    case '':
    case 'change':
    default:
        $pwdtpl = array();
        $pwdtpl["frm_action"] = "index.php?page=usercp&amp;do=pwd&amp;action=post&amp;uid=" . $uid . "";
        $pwdtpl["frm_cancel"] = "index.php?page=usercp&amp;uid=" . $uid . "";
        $usercptpl->set("pwd", $pwdtpl);
        break;
}