diff -r dd2edcdc6c03 -r e5484a9e0818 ajax.php
--- a/ajax.php	Wed Jun 27 12:09:02 2007 -0400
+++ b/ajax.php	Thu Jun 28 11:13:39 2007 -0400
@@ -186,6 +186,31 @@
       $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
       echo PageUtils::acl_json($parms);
       break;
+    case "change_theme":
+      if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
+      {
+        die('Invalid input');
+      }
+      if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
+      {
+        die('Invalid input');
+      }
+      if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
+      {
+        die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
+      }
+      if ( !$session->user_logged_in )
+      {
+        die('You must be logged in to change your theme');
+      }
+      // Just in case something slipped through...
+      $theme_id = $db->escape($_POST['theme_id']);
+      $style_id = $db->escape($_POST['style_id']);
+      $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
+      if ( !$e )
+        die( $db->get_error() );
+      die('GOOD');
+      break;
     default:
       die('Hacking attempt');
       break;