2 /************************************************************************
\r
3 * MXChange v0.2.1 Start: 10/16/2003 *
\r
4 * =============== Last change: 06/30/2004 *
\r
6 * -------------------------------------------------------------------- *
\r
7 * File : what-mydata.php *
\r
8 * -------------------------------------------------------------------- *
\r
9 * Short description : Members can edit their profile data here *
\r
10 * -------------------------------------------------------------------- *
\r
11 * Kurzbeschreibung : Mitglieder koennen hier ihre Profildaten aendern *
\r
12 * -------------------------------------------------------------------- *
\r
14 * -------------------------------------------------------------------- *
\r
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
\r
16 * For more information visit: http://www.mxchange.org *
\r
18 * This program is free software; you can redistribute it and/or modify *
\r
19 * it under the terms of the GNU General Public License as published by *
\r
20 * the Free Software Foundation; either version 2 of the License, or *
\r
21 * (at your option) any later version. *
\r
23 * This program is distributed in the hope that it will be useful, *
\r
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
\r
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
\r
26 * GNU General Public License for more details. *
\r
28 * You should have received a copy of the GNU General Public License *
\r
29 * along with this program; if not, write to the Free Software *
\r
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
\r
31 * MA 02110-1301 USA *
\r
32 ************************************************************************/
\r
34 // Some security stuff...
\r
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
\r
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
\r
40 elseif (!IS_LOGGED_IN())
\r
42 LOAD_URL(URL."/modules.php?module=index");
\r
44 elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN()))
\r
46 ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata");
\r
50 // Add description as navigation point
\r
51 ADD_DESCR("member", basename(__FILE__));
\r
53 OPEN_TABLE("100%", "member_content member_content_align", "");
\r
54 define('UID_VALUE', $GLOBALS['userid']); $URL = "";
\r
56 // Detect what the member wants to do
\r
57 $MODE = "show"; // Show his data
\r
58 if (!empty($_POST['save'])) $MODE = "save"; // Save entered data
\r
59 if (isset($_POST['edit'])) $MODE = "edit"; // Edit data
\r
60 if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification
\r
64 case "show": // Show his data
\r
65 if (EXT_IS_ACTIVE("country", true))
\r
67 // New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
\r
68 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
\r
69 array(UID_VALUE), __FILE__, __LINE__);
\r
73 // Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
\r
74 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
\r
75 array(UID_VALUE), __FILE__, __LINE__);
\r
77 $DATA = SQL_FETCHROW($result);
\r
78 SQL_FREERESULT($result);
\r
80 // Translate / add some things
\r
81 $DATA[10] = TRANSLATE_SEX($DATA[10]);
\r
82 $DATA[13] = MAKE_DATETIME($DATA[13], "0");
\r
84 // How far is last change on his profile away from now?
\r
85 if ((($DATA[13] + $CONFIG['profile_lock']) > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
\r
87 // You cannot change your account
\r
88 define('CHANGE', "<FONT class=\"member_failed\">".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + $CONFIG['profile_lock'], "0").MEMBER_PROFILE_LOCKED_2."</FONT>");
\r
92 // He is allowed to change his profile
\r
93 define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
\r
95 if (strlen($DATA[7]) == 1) $DATA[7] = "0".$DATA[7];
\r
96 if (strlen($DATA[8]) == 1) $DATA[8] = "0".$DATA[8];
\r
97 switch (GET_LANGUAGE())
\r
99 case "de": define ('DOB', $DATA[7].".".$DATA[8].".".$DATA[9]); break;
\r
100 default : define ('DOB', $DATA[8]."-".$DATA[7]."-".$DATA[9]); break;
\r
103 if (EXT_IS_ACTIVE("country"))
\r
105 // Load country's description and code
\r
106 $DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
\r
110 LOAD_TEMPLATE("member_mydata_overview");
\r
113 case "edit": // Edit data
\r
114 if (EXT_IS_ACTIVE("country", true))
\r
116 // New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
\r
117 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
\r
118 FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
\r
119 array(UID_VALUE), __FILE__, __LINE__);
\r
123 // Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13
\r
124 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
\r
125 FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
\r
126 array(UID_VALUE), __FILE__, __LINE__);
\r
129 $DATA = SQL_FETCHROW($result);
\r
130 SQL_FREERESULT($result);
\r
131 $DATA[13] = $DATA[12] + $CONFIG['profile_lock'];
\r
133 // How far is last change on his profile away from now?
\r
134 if (($DATA[13] > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
\r
136 $DATA[13] = MAKE_DATETIME($DATA[13] + $CONFIG['profile_lock'], "0");
\r
137 // You cannot change your account
\r
138 LOAD_TEMPLATE("member_mydata_locked");
\r
142 // He is allowed to change his profile
\r
146 define('M_DEFAULT', " selected=\"selected\"");
\r
147 define('F_DEFAULT', "");
\r
148 define('C_DEFAULT', "");
\r
152 define('M_DEFAULT', "");
\r
153 define('F_DEFAULT', " selected=\"selected\"");
\r
154 define('C_DEFAULT', "");
\r
158 define('M_DEFAULT', "");
\r
159 define('F_DEFAULT', "");
\r
160 define('C_DEFAULT', " selected=\"selected\"");
\r
164 switch (GET_LANGUAGE())
\r
166 case "de": // German date format
\r
168 $DOB .= ADD_SELECTION("day", $DATA[7]);
\r
171 $DOB .= ADD_SELECTION("month", $DATA[8]);
\r
174 $DOB .= ADD_SELECTION("year", $DATA[9]);
\r
177 default: // Default is the US date format... :)
\r
180 define('DOB', $DOB);
\r
181 define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST("member", $DATA[11], true));
\r
183 if (EXT_IS_ACTIVE("country"))
\r
185 // Generate selection box
\r
186 $OUT = "<SELECT name=\"country_code\" class=\"member_select\" size=\"1\">\n";
\r
187 $WHERE = "WHERE is_active='Y'";
\r
188 if (IS_ADMIN()) $WHERE = "";
\r
189 $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $WHERE);
\r
190 $OUT .= "</SELECT>";
\r
191 define('__COUNTRY_CONTENT', $OUT);
\r
195 // Ouput default input box
\r
196 define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\">");
\r
200 LOAD_TEMPLATE("member_mydata_edit");
\r
204 case "save": // Save entered data
\r
205 // Load old email / password: 0 1 2
\r
206 $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
\r
207 array(UID_VALUE), __FILE__, __LINE__);
\r
208 $DATA = SQL_FETCHROW($result);
\r
209 SQL_FREERESULT($result);
\r
210 $DATA[3] = $DATA[2] + $CONFIG['profile_lock'];
\r
212 // How far is last change on his profile away from now?
\r
213 if (($DATA[3] > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
\r
215 $DATA[3] = MAKE_DATETIME($DATA[3] + $CONFIG['profile_lock'], "0");
\r
216 // You cannot change your account
\r
217 LOAD_TEMPLATE("member_mydata_locked");
\r
219 elseif (!VALIDATE_EMAIL($_POST['addy']))
\r
221 // Invalid email address!
\r
222 LOAD_TEMPLATE("admin_settings_saved", false, INVALID_EMAIL_ADDRESS_ENTERED);
\r
226 // Secure every submitted variable
\r
227 foreach ($_POST as $key=>$value)
\r
229 $_POST[$key] = addslashes($value);
\r
232 $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
\r
233 if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1'])))
\r
235 // Only on simple changes normal mode is active = no email or password changed
\r
236 $MODE = "normal"; $AND = "";
\r
238 // Did the user changed the password?
\r
239 if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; }
\r
241 // Or did he changed his password?
\r
242 if ($_POST['addy'] != $DATA[0])
\r
245 if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; }
\r
246 $_POST['old_addy'] = $DATA[0];
\r
249 // Update member's profile
\r
250 if (EXT_IS_ACTIVE("country"))
\r
253 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
\r
254 sex='%s', surname='%s', family='%s',
\r
256 country_code=%d, zip=%d, city='%s',
\r
258 birth_day=%d, birth_month=%d, birth_year=%d,
\r
260 last_update=UNIX_TIMESTAMP()".$AND.",
\r
262 last_profile_sent=UNIX_TIMESTAMP()
\r
263 WHERE userid=%d AND password='%s' LIMIT 1",
\r
267 $_POST['family_name'],
\r
268 $_POST['street_nr'],
\r
269 bigintval($_POST['country_code']),
\r
270 bigintval($_POST['zip']),
\r
273 bigintval($_POST['day']),
\r
274 bigintval($_POST['month']),
\r
275 bigintval($_POST['year']),
\r
276 bigintval($_POST['max_mails']),
\r
279 ), __FILE__, __LINE__);
\r
284 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
\r
285 sex='%s', surname='%s', family='%s',
\r
287 country='%s', zip=%d, city='%s',
\r
289 birth_day=%d, birth_month=%d, birth_year=%d,
\r
291 last_update=UNIX_TIMESTAMP()".$AND.",
\r
293 last_profile_sent=UNIX_TIMESTAMP()
\r
294 WHERE userid=%d AND password='%s' LIMIT 1",
\r
298 $_POST['family_name'],
\r
299 $_POST['street_nr'],
\r
301 bigintval($_POST['zip']),
\r
304 bigintval($_POST['day']),
\r
305 bigintval($_POST['month']),
\r
306 bigintval($_POST['year']),
\r
307 bigintval($_POST['max_mails']),
\r
310 ), __FILE__, __LINE__);
\r
313 // Get all modes ...
\r
314 $modes = explode(";", $MODE);
\r
316 // ... and run them through
\r
317 SEND_MODE_MAILS ("mydata", $modes);
\r
321 // Entered wrong pass for updating profile
\r
322 LOAD_TEMPLATE("admin_settings_saved", false, MEBER_UPDATE_PWD_WRONG);
\r
327 case "notify": // Switch off notfication
\r
328 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
\r
329 array($GLOBALS['userid']), __FILE__, __LINE__);
\r
330 $URL = URL."/modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED);
\r
337 // Load generated URL
\r