inc/modules/member/what-mydata.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 10/16/2003 *
   4  * ===============                              Last change: 06/30/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-mydata.php                                  *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Members can edit their profile data here         *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Mitglieder koennen hier ihre Profildaten aendern *
  12  * -------------------------------------------------------------------- *
  13  * $Revision::                                                        $ *
  14  * $Date::                                                            $ *
  15  * $Tag:: 0.2.1-FINAL                                                 $ *
  16  * $Author::                                                          $ *
  17  * Needs to be in all Files and every File needs "svn propset           *
  18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
  19  * -------------------------------------------------------------------- *
  20  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  21  * For more information visit: http://www.mxchange.org                  *
  22  *                                                                      *
  23  * This program is free software; you can redistribute it and/or modify *
  24  * it under the terms of the GNU General Public License as published by *
  25  * the Free Software Foundation; either version 2 of the License, or    *
  26  * (at your option) any later version.                                  *
  27  *                                                                      *
  28  * This program is distributed in the hope that it will be useful,      *
  29  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  30  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  31  * GNU General Public License for more details.                         *
  32  *                                                                      *
  33  * You should have received a copy of the GNU General Public License    *
  34  * along with this program; if not, write to the Free Software          *
  35  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  36  * MA  02110-1301  USA                                                  *
  37  ************************************************************************/
  38
  39 // Some security stuff...
  40 if (!defined('__SECURITY')) {
  41         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
  42         require($INC);
  43 } elseif (!IS_MEMBER()) {
  44         redirectToUrl('modules.php?module=index');
  45 } elseif ((!EXT_IS_ACTIVE('mydata')) && (!IS_ADMIN())) {
  46         addFatalMessage(__FILE__, __LINE__, generateExtensionInactiveNotInstalledMessage('mydata'));
  47         return;
  48 }
  49
  50 // Add description as navigation point
  51 ADD_DESCR('member', __FILE__);
  52
  53 // @TODO Try to rewrite this constant
  54 define('UID_VALUE', getUserId());
  55
  56 // Init variable to prevent notices
  57 $URL = '';
  58
  59 // Detect what the member wants to do
  60 $mode = 'show'; // Show his data
  61 if (REQUEST_ISSET_POST('save'))   $mode = 'save';   // Save entered data
  62 if (REQUEST_ISSET_POST('edit'))   $mode = 'edit';   // Edit data
  63 if (REQUEST_ISSET_POST('notify')) $mode = 'notify'; // Switch off notification
  64
  65 switch ($mode) {
  66         case 'show': // Show his data
  67                 if (EXT_IS_ACTIVE('country', true)) {
  68                         // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
  69                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
  70                                 array(getUserId()), __FILE__, __LINE__);
  71                 } else {
  72                         // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
  73                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
  74                                 array(getUserId()), __FILE__, __LINE__);
  75                 }
  76                 $DATA = SQL_FETCHROW($result);
  77                 SQL_FREERESULT($result);
  78
  79                 // Translate / add some things
  80                 $DATA[10] = translateGender($DATA[10]);
  81                 $DATA[13] = generateDateTime($DATA[13], '0');
  82
  83                 // How far is last change on his profile away from now?
  84                 if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
  85                         // You cannot change your account
  86                         define('CHANGE', "<div class=\"member_failed\">".sprintf(getMessage('MEMBER_PROFILE_LOCKED'), generateDateTime($DATA[13] + getConfig('profile_lock'), '0'))."</div>");
  87                 } else {
  88                         // He is allowed to change his profile
  89                         define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
  90                 }
  91
  92                 if (strlen($DATA[7]) == 1) $DATA[7] = '0'.$DATA[7];
  93                 if (strlen($DATA[8]) == 1) $DATA[8] = '0'.$DATA[8];
  94
  95                 switch (getLanguage()) {
  96                         case 'de': define('DOB', $DATA[7].'.'.$DATA[8].'.'.$DATA[9]); break;
  97                         default  : define('DOB', $DATA[8].'-'.$DATA[7].'-'.$DATA[9]); break;
  98                 } // END - switch
  99
 100                 if (EXT_IS_ACTIVE('country')) {
 101                         // Load country's description and code
 102                         $DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
 103                 } // END - if
 104
 105                 // Load template
 106                 LOAD_TEMPLATE('member_mydata_overview');
 107                 break;
 108
 109         case 'edit': // Edit data
 110                 if (EXT_IS_ACTIVE('country', true)) {
 111                         // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
 112                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
 113 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 114                         array(getUserId()), __FILE__, __LINE__);
 115                 } else {
 116                         // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
 117                         $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
 118 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 119                                 array(getUserId()), __FILE__, __LINE__);
 120                 }
 121
 122                 $DATA = SQL_FETCHROW($result);
 123                 SQL_FREERESULT($result);
 124                 $DATA[13] = $DATA[12] + getConfig('profile_lock');
 125
 126                 // How far is last change on his profile away from now?
 127                 if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
 128                         $DATA[13] = generateDateTime($DATA[13] + getConfig('profile_lock'), '0');
 129                         // You cannot change your account
 130                         LOAD_TEMPLATE('member_mydata_locked');
 131                 } else {
 132                         // He is allowed to change his profile
 133                         switch ($DATA[10])
 134                         {
 135                                 case 'M':
 136                                         define('M_DEFAULT', ' selected="selected"');
 137                                         define('F_DEFAULT', '');
 138                                         define('C_DEFAULT', '');
 139                                         break;
 140
 141                                 case 'F':
 142                                         define('M_DEFAULT', '');
 143                                         define('F_DEFAULT', ' selected="selected"');
 144                                         define('C_DEFAULT', '');
 145                                         break;
 146
 147                                 case 'C':
 148                                         define('M_DEFAULT', '');
 149                                         define('F_DEFAULT', '');
 150                                         define('C_DEFAULT', ' selected="selected"');
 151                                         break;
 152                         }
 153                         $DOB = '';
 154                         switch (getLanguage()) {
 155                                 case 'de': // German date format
 156                                         // Day
 157                                         $DOB .= ADD_SELECTION('day', $DATA[7]);
 158
 159                                         // Month
 160                                         $DOB .= ADD_SELECTION('month', $DATA[8]);
 161
 162                                         // Year
 163                                         $DOB .= ADD_SELECTION('year', $DATA[9]);
 164                                         break;
 165
 166                                 default: // Default is the US date format... :)
 167                                         break;
 168                         } // END - if
 169
 170                         define('DOB', $DOB);
 171                         define('MAX_REC_LIST', addMaxReceiveList('member', $DATA[11], true));
 172
 173                         if (EXT_IS_ACTIVE('country')) {
 174                                 // Generate selection box
 175                                 $OUT  = "<select name=\"country_code\" class=\"member_select\" size=\"1\">\n";
 176                                 $whereStatement = "WHERE `is_active`='Y'";
 177                                 if (IS_ADMIN()) $whereStatement = '';
 178                                 $OUT .= generateOptionList("countries", 'id', "descr", $DATA[3], "code", $whereStatement);
 179                                 $OUT .= "</select>";
 180                                 define('__COUNTRY_CONTENT', $OUT);
 181                         } else {
 182                                 // Ouput default input box
 183                                 define('__COUNTRY_CONTENT', "<input type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\" />");
 184                         }
 185
 186                         // Load template
 187                         LOAD_TEMPLATE('member_mydata_edit');
 188                 }
 189                 break;
 190
 191         case 'save': // Save entered data
 192                 // Load old email / password:      0        1          2
 193                 $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 194                         array(getUserId()), __FILE__, __LINE__);
 195                 $DATA = SQL_FETCHROW($result);
 196                 SQL_FREERESULT($result);
 197                 $DATA[3] = $DATA[2] + getConfig('profile_lock');
 198
 199                 // How far is last change on his profile away from now?
 200                 if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
 201                         $DATA[3] = generateDateTime($DATA[3] + getConfig('profile_lock'), '0');
 202                         // You cannot change your account
 203                         LOAD_TEMPLATE('member_mydata_locked');
 204                 } elseif (!isEmailValid(REQUEST_POST('addy'))) {
 205                         // Invalid email address!
 206                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
 207                 } else {
 208                         // Generate hash
 209                         $hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40));
 210                         if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST('pass1'))) {
 211                                 // Only on simple changes normal mode is active = no email or password changed
 212                                 $mode = 'normal'; $AND = '';
 213
 214                                 // Did the user changed the password?
 215                                 if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $mode = 'pass'; }
 216
 217                                 // Or did he changed his password?
 218                                 if (REQUEST_POST('addy') != $DATA[0]) {
 219                                         // Jupp
 220                                         if ($mode == 'normal') {
 221                                                 $mode = 'email';
 222                                         } else {
 223                                                 $mode .= ";email";
 224                                         }
 225                                         REQUEST_SET_POST('old_addy', $DATA[0]);
 226                                 } // END - if
 227
 228                                 // Update member's profile
 229                                 if (EXT_IS_ACTIVE('country')) {
 230                                         // New way
 231                                         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
 232 `gender`='%s', `surname`='%s', `family`='%s',
 233 `street_nr`='%s',
 234 `country_code`=%s, `zip`=%s, `city`='%s',
 235 `email`='%s',
 236 `birth_day`=%s, `birth_month`=%s, `birth_year`=%s,
 237 `max_mails`=%s,
 238 `last_update`=UNIX_TIMESTAMP()".$AND.",
 239 `notified`='N',
 240 `last_profile_sent`=UNIX_TIMESTAMP()
 241 WHERE `userid`=%s AND `password`='%s' LIMIT 1",
 242                                                 array(
 243                                                         REQUEST_POST('gender'),
 244                                                         REQUEST_POST('surname'),
 245                                                         REQUEST_POST('family'),
 246                                                         REQUEST_POST('street_nr'),
 247                                                         bigintval(REQUEST_POST('country_code')),
 248                                                         bigintval(REQUEST_POST('zip')),
 249                                                         REQUEST_POST('city'),
 250                                                         REQUEST_POST('addy'),
 251                                                         bigintval(REQUEST_POST('day')),
 252                                                         bigintval(REQUEST_POST('month')),
 253                                                         bigintval(REQUEST_POST('year')),
 254                                                         bigintval(REQUEST_POST('max_mails')),
 255                                                         getUserId(),
 256                                                         getSession('u_hash')
 257                                                 ), __FILE__, __LINE__);
 258                                 } else {
 259                                         // Old way
 260                                         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
 261 `gender`='%s', `surname`='%s', `family`='%s',
 262 `street_nr`='%s',
 263 `country`='%s', `zip`=%s, `city`='%s',
 264 `email`='%s',
 265 `birth_day`=%s, `birth_month`=%s, `birth_year`=%s,
 266 `max_mails`='%s',
 267 `last_update`=UNIX_TIMESTAMP()".$AND.",
 268 `notified`='N',
 269 `last_profile_sent`=UNIX_TIMESTAMP()
 270 WHERE `userid`=%s AND `password`='%s' LIMIT 1",
 271                                                 array(
 272                                                         REQUEST_POST('gender'),
 273                                                         REQUEST_POST('surname'),
 274                                                         REQUEST_POST('family'),
 275                                                         REQUEST_POST('street_nr'),
 276                                                         REQUEST_POST('cntry'),
 277                                                         bigintval(REQUEST_POST('zip')),
 278                                                         REQUEST_POST('city'),
 279                                                         REQUEST_POST('addy'),
 280                                                         bigintval(REQUEST_POST('day')),
 281                                                         bigintval(REQUEST_POST('month')),
 282                                                         bigintval(REQUEST_POST('year')),
 283                                                         bigintval(REQUEST_POST('max_mails')),
 284                                                         getUserId(),
 285                                                         getSession('u_hash')
 286                                                 ), __FILE__, __LINE__);
 287                                 }
 288
 289                                 // Get all modes ...
 290                                 $modes = explode(';', $mode);
 291
 292                                 // ... and run them through
 293                                 sendModeMails ('mydata', $modes);
 294                         } else {
 295                                 // Entered wrong pass for updating profile
 296                                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('MEBER_UPDATE_PWD_WRONG'));
 297                         }
 298                 }
 299                 break;
 300
 301         case 'notify': // Switch off notfication
 302                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
 303                         array(getUserId()), __FILE__, __LINE__);
 304                 $URL = 'modules.php?module=login&amp;what=welcome&amp;msg=' . urlencode(getMessage('PROFILE_UPDATED'));
 305                 break;
 306 }
 307
 308 if (!empty($URL)) {
 309         // Load generated URL
 310         redirectToUrl($URL);
 311 } // END - if
 312
 313 //
 314 ?>