inc/modules/member/what-mydata.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 10/16/2003 *
   4  * ===============                              Last change: 06/30/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-mydata.php                                  *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Members can edit their profile data here         *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Mitglieder koennen hier ihre Profildaten aendern *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software; you can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License, or    *
  21  * (at your option) any later version.                                  *
  22  *                                                                      *
  23  * This program is distributed in the hope that it will be useful,      *
  24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  26  * GNU General Public License for more details.                         *
  27  *                                                                      *
  28  * You should have received a copy of the GNU General Public License    *
  29  * along with this program; if not, write to the Free Software          *
  30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  31  * MA  02110-1301  USA                                                  *
  32  ************************************************************************/
  33
  34 // Some security stuff...
  35 if (!defined('__SECURITY')) {
  36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
  37         require($INC);
  38 } elseif (!IS_MEMBER()) {
  39         LOAD_URL("modules.php?module=index");
  40 } elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN())) {
  41         addFatalMessage(getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "mydata");
  42         return;
  43 }
  44
  45 // Add description as navigation point
  46 ADD_DESCR("member", __FILE__);
  47
  48 define('UID_VALUE', $GLOBALS['userid']); $URL = "";
  49
  50 // Detect what the member wants to do
  51 $MODE = "show"; // Show his data
  52 if (!empty($_POST['save']))   $MODE = "save";   // Save entered data
  53 if (isset($_POST['edit']))   $MODE = "edit";   // Edit data
  54 if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification
  55
  56 switch ($MODE)
  57 {
  58 case "show": // Show his data
  59         if (EXT_IS_ACTIVE("country", true)) {
  60                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
  61                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
  62                  array(UID_VALUE), __FILE__, __LINE__);
  63         } else {
  64                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
  65                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
  66                  array(UID_VALUE), __FILE__, __LINE__);
  67         }
  68         $DATA = SQL_FETCHROW($result);
  69         SQL_FREERESULT($result);
  70
  71         // Translate / add some things
  72         $DATA[10] = TRANSLATE_GENDER($DATA[10]);
  73         $DATA[13] = MAKE_DATETIME($DATA[13], "0");
  74
  75         // How far is last change on his profile away from now?
  76         if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
  77                 // You cannot change your account
  78                 define('CHANGE', "<div class=\"member_failed\">".sprintf(getMessage('MEMBER_PROFILE_LOCKED'), MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0"))."</div>");
  79         } else {
  80                 // He is allowed to change his profile
  81                 define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
  82         }
  83
  84         if (strlen($DATA[7]) == 1) $DATA[7] = "0".$DATA[7];
  85         if (strlen($DATA[8]) == 1) $DATA[8] = "0".$DATA[8];
  86
  87         switch (GET_LANGUAGE()) {
  88                 case "de": define('DOB', $DATA[7].".".$DATA[8].".".$DATA[9]); break;
  89                 default  : define('DOB', $DATA[8]."-".$DATA[7]."-".$DATA[9]); break;
  90         }
  91
  92         if (EXT_IS_ACTIVE("country")) {
  93                 // Load country's description and code
  94                 $DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
  95         }
  96
  97         // Load template
  98         LOAD_TEMPLATE("member_mydata_overview");
  99         break;
 100
 101 case "edit": // Edit data
 102         if (EXT_IS_ACTIVE("country", true)) {
 103                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
 104                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
 105 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 106                  array(constant('UID_VALUE')), __FILE__, __LINE__);
 107         } else {
 108                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
 109                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
 110 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 111                  array(constant('UID_VALUE')), __FILE__, __LINE__);
 112         }
 113
 114         $DATA = SQL_FETCHROW($result);
 115         SQL_FREERESULT($result);
 116         $DATA[13] = $DATA[12] + getConfig('profile_lock');
 117
 118         // How far is last change on his profile away from now?
 119         if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
 120                 $DATA[13] = MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0");
 121                 // You cannot change your account
 122                 LOAD_TEMPLATE("member_mydata_locked");
 123         } else {
 124                 // He is allowed to change his profile
 125                 switch ($DATA[10])
 126                 {
 127                 case "M":
 128                         define('M_DEFAULT', " selected=\"selected\"");
 129                         define('F_DEFAULT', "");
 130                         define('C_DEFAULT', "");
 131                         break;
 132
 133                 case "F":
 134                         define('M_DEFAULT', "");
 135                         define('F_DEFAULT', " selected=\"selected\"");
 136                         define('C_DEFAULT', "");
 137                         break;
 138
 139                 case "C":
 140                         define('M_DEFAULT', "");
 141                         define('F_DEFAULT', "");
 142                         define('C_DEFAULT', " selected=\"selected\"");
 143                         break;
 144                 }
 145                 $DOB = "";
 146                 switch (GET_LANGUAGE())
 147                 {
 148                 case "de": // German date format
 149                         // Day
 150                         $DOB .= ADD_SELECTION("day", $DATA[7]);
 151
 152                         // Month
 153                         $DOB .= ADD_SELECTION("month", $DATA[8]);
 154
 155                         // Year
 156                         $DOB .= ADD_SELECTION("year", $DATA[9]);
 157                         break;
 158
 159                 default: // Default is the US date format... :)
 160                         break;
 161                 }
 162
 163                 define('DOB', $DOB);
 164                 define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST("member", $DATA[11], true));
 165
 166                 if (EXT_IS_ACTIVE("country")) {
 167                         // Generate selection box
 168                         $OUT  = "<select name=\"country_code\" class=\"member_select\" size=\"1\">\n";
 169                         $whereStatement = "WHERE is_active='Y'";
 170                         if (IS_ADMIN()) $whereStatement = "";
 171                         $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $whereStatement);
 172                         $OUT .= "</select>";
 173                         define('__COUNTRY_CONTENT', $OUT);
 174                 } else {
 175                         // Ouput default input box
 176                         define('__COUNTRY_CONTENT', "<input type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\" />");
 177                 }
 178
 179                 // Load template
 180                 LOAD_TEMPLATE("member_mydata_edit");
 181         }
 182         break;
 183
 184 case "save": // Save entered data
 185         // Load old email / password:      0        1          2
 186         $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 187          array(UID_VALUE), __FILE__, __LINE__);
 188         $DATA = SQL_FETCHROW($result);
 189         SQL_FREERESULT($result);
 190         $DATA[3] = $DATA[2] + getConfig('profile_lock');
 191
 192         // How far is last change on his profile away from now?
 193         if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
 194                 $DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0");
 195                 // You cannot change your account
 196                 LOAD_TEMPLATE("member_mydata_locked");
 197         } elseif (!VALIDATE_EMAIL($_POST['addy'])) {
 198                 // Invalid email address!
 199                 LOAD_TEMPLATE("admin_settings_saved", false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
 200         } else {
 201                 // Generate hash
 202                 $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
 203                 if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1']))) {
 204                         // Only on simple changes normal mode is active = no email or password changed
 205                         $MODE = "normal"; $AND = "";
 206
 207                         // Did the user changed the password?
 208                         if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; }
 209
 210                         // Or did he changed his password?
 211                         if ($_POST['addy'] != $DATA[0]) {
 212                                 // Jupp
 213                                 if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; }
 214                                 $_POST['old_addy'] = $DATA[0];
 215                         }
 216
 217                         // Update member's profile
 218                         if (EXT_IS_ACTIVE("country")) {
 219                                 // New way
 220                                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
 221 gender='%s', surname='%s', family='%s',
 222 street_nr='%s',
 223 country_code=%s, zip=%s, city='%s',
 224 email='%s',
 225 birth_day=%s, birth_month=%s, birth_year=%s,
 226 max_mails=%s,
 227 last_update=UNIX_TIMESTAMP()".$AND.",
 228 notified='N',
 229 last_profile_sent=UNIX_TIMESTAMP()
 230 WHERE userid=%s AND password='%s' LIMIT 1",
 231 array(
 232         $_POST['gender'],
 233         $_POST['surname'],
 234         $_POST['family_name'],
 235         $_POST['street_nr'],
 236         bigintval($_POST['country_code']),
 237         bigintval($_POST['zip']),
 238         $_POST['city'],
 239         $_POST['addy'],
 240         bigintval($_POST['day']),
 241         bigintval($_POST['month']),
 242         bigintval($_POST['year']),
 243         bigintval($_POST['max_mails']),
 244         UID_VALUE,
 245         get_session('u_hash')
 246  ), __FILE__, __LINE__);
 247                         } else {
 248                                 // Old way
 249                                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
 250 gender='%s', surname='%s', family='%s',
 251 street_nr='%s',
 252 country='%s', zip=%s, city='%s',
 253 email='%s',
 254 birth_day=%s, birth_month=%s, birth_year=%s,
 255 max_mails='%s',
 256 last_update=UNIX_TIMESTAMP()".$AND.",
 257 notified='N',
 258 last_profile_sent=UNIX_TIMESTAMP()
 259 WHERE userid=%s AND password='%s' LIMIT 1",
 260 array(
 261         $_POST['gender'],
 262         $_POST['surname'],
 263         $_POST['family_name'],
 264         $_POST['street_nr'],
 265         $_POST['cntry'],
 266         bigintval($_POST['zip']),
 267         $_POST['city'],
 268         $_POST['addy'],
 269         bigintval($_POST['day']),
 270         bigintval($_POST['month']),
 271         bigintval($_POST['year']),
 272         bigintval($_POST['max_mails']),
 273         UID_VALUE,
 274         get_session('u_hash')
 275  ), __FILE__, __LINE__);
 276                         }
 277
 278                         // Get all modes ...
 279                         $modes = explode(";", $MODE);
 280
 281                         // ... and run them through
 282                         SEND_MODE_MAILS ("mydata", $modes);
 283                 } else {
 284                         // Entered wrong pass for updating profile
 285                         LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEBER_UPDATE_PWD_WRONG'));
 286                 }
 287         }
 288         break;
 289
 290 case "notify": // Switch off notfication
 291         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
 292                 array($GLOBALS['userid']), __FILE__, __LINE__);
 293         $URL = "modules.php?module=login&amp;what=welcome&amp;msg=".urlencode(getMessage('PROFILE_UPDATED'));
 294         break;
 295 }
 296
 297 if (!empty($URL)) {
 298         // Load generated URL
 299         LOAD_URL($URL);
 300 }
 301
 302 //
 303 ?>