Possible fix for non-working profile update
[mailer.git] / inc / modules / member / what-mydata.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 10/16/2003 *
4  * ===============                              Last change: 06/30/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-mydata.php                                  *
8  * -------------------------------------------------------------------- *
9  * Short description : Members can edit their profile data here         *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Mitglieder koennen hier ihre Profildaten aendern *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * Needs to be in all Files and every File needs "svn propset           *
18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
19  * -------------------------------------------------------------------- *
20  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
21  * For more information visit: http://www.mxchange.org                  *
22  *                                                                      *
23  * This program is free software; you can redistribute it and/or modify *
24  * it under the terms of the GNU General Public License as published by *
25  * the Free Software Foundation; either version 2 of the License, or    *
26  * (at your option) any later version.                                  *
27  *                                                                      *
28  * This program is distributed in the hope that it will be useful,      *
29  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
30  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
31  * GNU General Public License for more details.                         *
32  *                                                                      *
33  * You should have received a copy of the GNU General Public License    *
34  * along with this program; if not, write to the Free Software          *
35  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
36  * MA  02110-1301  USA                                                  *
37  ************************************************************************/
38
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
41         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
42         require($INC);
43 } elseif (!IS_MEMBER()) {
44         redirectToUrl('modules.php?module=index');
45 } elseif ((!EXT_IS_ACTIVE('mydata')) && (!IS_ADMIN())) {
46         addFatalMessage(__FILE__, __LINE__, generateExtensionInactiveNotInstalledMessage('mydata'));
47         return;
48 }
49
50 // Add description as navigation point
51 ADD_DESCR('member', __FILE__);
52
53 // @TODO Try to rewrite this constant
54 define('UID_VALUE', getUserId());
55
56 // Init variable to prevent notices
57 $URL = '';
58
59 // Detect what the member wants to do
60 $mode = 'show'; // Show his data
61 if (REQUEST_ISSET_POST('save'))   $mode = 'save';   // Save entered data
62 if (REQUEST_ISSET_POST('edit'))   $mode = 'edit';   // Edit data
63 if (REQUEST_ISSET_POST('notify')) $mode = 'notify'; // Switch off notification
64
65 switch ($mode) {
66         case 'show': // Show his data
67                 if (EXT_IS_ACTIVE('country', true)) {
68                         // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
69                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
70                                 array(getUserId()), __FILE__, __LINE__);
71                 } else {
72                         // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
73                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
74                                 array(getUserId()), __FILE__, __LINE__);
75                 }
76                 $DATA = SQL_FETCHROW($result);
77                 SQL_FREERESULT($result);
78
79                 // Translate / add some things
80                 $DATA[10] = translateGender($DATA[10]);
81                 $DATA[13] = generateDateTime($DATA[13], '0');
82
83                 // How far is last change on his profile away from now?
84                 if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
85                         // You cannot change your account
86                         define('CHANGE', "<div class=\"member_failed\">".sprintf(getMessage('MEMBER_PROFILE_LOCKED'), generateDateTime($DATA[13] + getConfig('profile_lock'), '0'))."</div>");
87                 } else {
88                         // He is allowed to change his profile
89                         define('CHANGE', LOAD_TEMPLATE('member_mydata_button', true));
90                 }
91
92                 if (strlen($DATA[7]) == 1) $DATA[7] = '0'.$DATA[7];
93                 if (strlen($DATA[8]) == 1) $DATA[8] = '0'.$DATA[8];
94
95                 switch (getLanguage()) {
96                         case 'de': define('DOB', $DATA[7] . '.' . $DATA[8] . '.' . $DATA[9]); break;
97                         default  : define('DOB', $DATA[8] . '-' . $DATA[7] . '-' . $DATA[9]); break;
98                 } // END - switch
99
100                 if (EXT_IS_ACTIVE('country')) {
101                         // Load country's description and code
102                         $DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
103                 } // END - if
104
105                 // Load template
106                 LOAD_TEMPLATE('member_mydata_overview');
107                 break;
108
109         case 'edit': // Edit data
110                 if (EXT_IS_ACTIVE('country', true)) {
111                         // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
112                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
113 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
114                         array(getUserId()), __FILE__, __LINE__);
115                 } else {
116                         // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
117                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
118 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
119                                 array(getUserId()), __FILE__, __LINE__);
120                 }
121
122                 $DATA = SQL_FETCHROW($result);
123                 SQL_FREERESULT($result);
124                 $DATA[13] = $DATA[12] + getConfig('profile_lock');
125
126                 // How far is last change on his profile away from now?
127                 if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
128                         $DATA[13] = generateDateTime($DATA[13] + getConfig('profile_lock'), '0');
129                         // You cannot change your account
130                         LOAD_TEMPLATE('member_mydata_locked');
131                 } else {
132                         // He is allowed to change his profile
133                         switch ($DATA[10])
134                         {
135                                 case 'M':
136                                         define('M_DEFAULT', ' selected="selected"');
137                                         define('F_DEFAULT', '');
138                                         define('C_DEFAULT', '');
139                                         break;
140
141                                 case 'F':
142                                         define('M_DEFAULT', '');
143                                         define('F_DEFAULT', ' selected="selected"');
144                                         define('C_DEFAULT', '');
145                                         break;
146
147                                 case 'C':
148                                         define('M_DEFAULT', '');
149                                         define('F_DEFAULT', '');
150                                         define('C_DEFAULT', ' selected="selected"');
151                                         break;
152                         }
153                         $DOB = '';
154                         switch (getLanguage()) {
155                                 case 'de': // German date format
156                                         // Day
157                                         $DOB .= ADD_SELECTION('day', $DATA[7]);
158
159                                         // Month
160                                         $DOB .= ADD_SELECTION('month', $DATA[8]);
161
162                                         // Year
163                                         $DOB .= ADD_SELECTION('year', $DATA[9]);
164                                         break;
165
166                                 default: // Default is the US date format... :)
167                                         break;
168                         } // END - if
169
170                         define('DOB', $DOB);
171                         define('MAX_REC_LIST', addMaxReceiveList('member', $DATA[11], true));
172
173                         if (EXT_IS_ACTIVE('country')) {
174                                 // Generate selection box
175                                 $OUT  = "<select name=\"country_code\" class=\"member_select\" size=\"1\">\n";
176                                 $whereStatement = "WHERE `is_active`='Y'";
177                                 if (IS_ADMIN()) $whereStatement = '';
178                                 $OUT .= generateOptionList('countries', 'id', 'descr', $DATA[3], 'code', $whereStatement);
179                                 $OUT .= "</select>";
180                                 define('__COUNTRY_CONTENT', $OUT);
181                         } else {
182                                 // Ouput default input box
183                                 define('__COUNTRY_CONTENT', "<input type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\" />");
184                         }
185
186                         // Load template
187                         LOAD_TEMPLATE('member_mydata_edit');
188                 }
189                 break;
190
191         case 'save': // Save entered data
192                 // Load old email / password:      0          1           2
193                 $result = SQL_QUERY_ESC("SELECT `email`, `password`, `last_update` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1",
194                         array(getUserId()), __FILE__, __LINE__);
195                 $DATA = SQL_FETCHROW($result);
196                 SQL_FREERESULT($result);
197                 $DATA[3] = $DATA[2] + getConfig('profile_lock');
198
199                 // How far is last change on his profile away from now?
200                 if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
201                         $DATA[3] = generateDateTime($DATA[3] + getConfig('profile_lock'), '0');
202                         // You cannot change your account
203                         LOAD_TEMPLATE('member_mydata_locked');
204                 } elseif (!isEmailValid(REQUEST_POST('addy'))) {
205                         // Invalid email address!
206                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
207                 } else {
208                         // Generate hash
209                         $hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40));
210                         if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST('pass1'))) {
211                                 // Only on simple changes normal mode is active = no email or password changed
212                                 $mode = 'normal'; $AND = '';
213
214                                 // Did the user changed the password?
215                                 if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $mode = 'pass'; }
216
217                                 // Or did he changed his password?
218                                 if (REQUEST_POST('addy') != $DATA[0]) {
219                                         // Jupp
220                                         if ($mode == 'normal') {
221                                                 $mode = 'email';
222                                         } else {
223                                                 $mode .= ";email";
224                                         }
225                                         REQUEST_SET_POST('old_addy', $DATA[0]);
226                                 } // END - if
227
228                                 // Update member's profile
229                                 if (EXT_IS_ACTIVE('country')) {
230                                         // New way
231                                         SQL_QUERY_ESC("UPDATE
232         `{!_MYSQL_PREFIX!}_user_data`
233 SET
234         `gender`='%s', `surname`='%s', `family`='%s',
235         `street_nr`='%s',
236         `country_code`=%s, `zip`=%s, `city`='%s',
237         `email`='%s',
238         `birth_day`=%s, `birth_month`=%s, `birth_year`=%s,
239         `max_mails`=%s,
240         `last_update`=UNIX_TIMESTAMP()".$AND.",
241         `notified`='N',
242         `last_profile_sent`=UNIX_TIMESTAMP()
243 WHERE
244         `userid`=%s
245 LIMIT 1",
246                                                 array(
247                                                         REQUEST_POST('gender'),
248                                                         REQUEST_POST('surname'),
249                                                         REQUEST_POST('family'),
250                                                         REQUEST_POST('street_nr'),
251                                                         bigintval(REQUEST_POST('country_code')),
252                                                         bigintval(REQUEST_POST('zip')),
253                                                         REQUEST_POST('city'),
254                                                         REQUEST_POST('addy'),
255                                                         bigintval(REQUEST_POST('day')),
256                                                         bigintval(REQUEST_POST('month')),
257                                                         bigintval(REQUEST_POST('year')),
258                                                         bigintval(REQUEST_POST('max_mails')),
259                                                         getUserId()
260                                                 ), __FILE__, __LINE__);
261                                 } else {
262                                         // Old way
263                                         SQL_QUERY_ESC("UPDATE
264         `{!_MYSQL_PREFIX!}_user_data`
265 SET
266         `gender`='%s', `surname`='%s', `family`='%s',
267         `street_nr`='%s',
268         `country`='%s', `zip`=%s, `city`='%s',
269         `email`='%s',
270         `birth_day`=%s, `birth_month`=%s, `birth_year`=%s,
271         `max_mails`='%s',
272         `last_update`=UNIX_TIMESTAMP()".$AND.",
273         `notified`='N',
274         `last_profile_sent`=UNIX_TIMESTAMP()
275 WHERE
276         `userid`=%s
277 LIMIT 1",
278                                                 array(
279                                                         REQUEST_POST('gender'),
280                                                         REQUEST_POST('surname'),
281                                                         REQUEST_POST('family'),
282                                                         REQUEST_POST('street_nr'),
283                                                         REQUEST_POST('cntry'),
284                                                         bigintval(REQUEST_POST('zip')),
285                                                         REQUEST_POST('city'),
286                                                         REQUEST_POST('addy'),
287                                                         bigintval(REQUEST_POST('day')),
288                                                         bigintval(REQUEST_POST('month')),
289                                                         bigintval(REQUEST_POST('year')),
290                                                         bigintval(REQUEST_POST('max_mails')),
291                                                         getUserId()
292                                                 ), __FILE__, __LINE__);
293                                 }
294
295                                 // Did something change?
296                                 if (SQL_AFFECTEDROWS() == 1) {
297                                         // Get all modes ...
298                                         $modes = explode(';', $mode);
299
300                                         // ... and run them through
301                                         sendModeMails ('mydata', $modes);
302                                 } else {
303                                         // Something went wrong
304                                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('MEMBER_UPDATE_FAILED'));
305                                 }
306                         } else {
307                                 // Entered wrong pass for updating profile
308                                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('MEBER_UPDATE_PWD_WRONG'));
309                         }
310                 }
311                 break;
312
313         case 'notify': // Switch off notfication
314                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET `notified`='N', `last_update`=UNIX_TIMESTAMP() WHERE `userid`=%s LIMIT 1",
315                         array(getUserId()), __FILE__, __LINE__);
316                 $URL = 'modules.php?module=login&amp;what=welcome&amp;msg=' . urlencode(getMessage('PROFILE_UPDATED'));
317                 break;
318 }
319
320 if (!empty($URL)) {
321         // Load generated URL
322         redirectToUrl($URL);
323 } // END - if
324
325 //
326 ?>