inc/modules/member/what-mydata.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 10/16/2003 *
   4  * ===============                              Last change: 06/30/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-mydata.php                                  *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Members can edit their profile data here         *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Mitglieder koennen hier ihre Profildaten aendern *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software; you can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License, or    *
  21  * (at your option) any later version.                                  *
  22  *                                                                      *
  23  * This program is distributed in the hope that it will be useful,      *
  24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  26  * GNU General Public License for more details.                         *
  27  *                                                                      *
  28  * You should have received a copy of the GNU General Public License    *
  29  * along with this program; if not, write to the Free Software          *
  30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  31  * MA  02110-1301  USA                                                  *
  32  ************************************************************************/
  33
  34 // Some security stuff...
  35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
  36 {
  37         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
  38         require($INC);
  39 }
  40  elseif (!IS_LOGGED_IN())
  41 {
  42         LOAD_URL("modules.php?module=index");
  43 }
  44  elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN()))
  45 {
  46         ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata");
  47         return;
  48 }
  49
  50 // Add description as navigation point
  51 ADD_DESCR("member", basename(__FILE__));
  52
  53 OPEN_TABLE("100%", "member_content member_content_align", "");
  54 define('UID_VALUE', $GLOBALS['userid']); $URL = "";
  55
  56 // Detect what the member wants to do
  57 $MODE = "show"; // Show his data
  58 if (!empty($_POST['save']))   $MODE = "save";   // Save entered data
  59 if (isset($_POST['edit']))   $MODE = "edit";   // Edit data
  60 if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification
  61
  62 switch ($MODE)
  63 {
  64 case "show": // Show his data
  65         if (EXT_IS_ACTIVE("country", true))
  66         {
  67                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
  68                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
  69                  array(UID_VALUE), __FILE__, __LINE__);
  70         }
  71          else
  72         {
  73                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
  74                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
  75                  array(UID_VALUE), __FILE__, __LINE__);
  76         }
  77         $DATA = SQL_FETCHROW($result);
  78         SQL_FREERESULT($result);
  79
  80         // Translate / add some things
  81         $DATA[10] = TRANSLATE_SEX($DATA[10]);
  82         $DATA[13] = MAKE_DATETIME($DATA[13], "0");
  83
  84         // How far is last change on his profile away from now?
  85         if ((($DATA[13] + $_CONFIG['profile_lock']) > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0))
  86         {
  87                 // You cannot change your account
  88                 define('CHANGE', "<FONT class=\"member_failed\">".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + $_CONFIG['profile_lock'], "0").MEMBER_PROFILE_LOCKED_2."</FONT>");
  89         }
  90          else
  91         {
  92                 // He is allowed to change his profile
  93                 define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
  94         }
  95         if (strlen($DATA[7]) == 1) $DATA[7] = "0".$DATA[7];
  96         if (strlen($DATA[8]) == 1) $DATA[8] = "0".$DATA[8];
  97         switch (GET_LANGUAGE())
  98         {
  99                 case "de": define ('DOB', $DATA[7].".".$DATA[8].".".$DATA[9]); break;
 100                 default  : define ('DOB', $DATA[8]."-".$DATA[7]."-".$DATA[9]); break;
 101         }
 102
 103         if (EXT_IS_ACTIVE("country"))
 104         {
 105                 // Load country's description and code
 106                 $DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
 107         }
 108
 109         // Load template
 110         LOAD_TEMPLATE("member_mydata_overview");
 111         break;
 112
 113 case "edit": // Edit data
 114         if (EXT_IS_ACTIVE("country", true))
 115         {
 116                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
 117                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
 118 FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 119                  array(UID_VALUE), __FILE__, __LINE__);
 120         }
 121          else
 122         {
 123                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
 124                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
 125 FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 126                  array(UID_VALUE), __FILE__, __LINE__);
 127         }
 128
 129         $DATA = SQL_FETCHROW($result);
 130         SQL_FREERESULT($result);
 131         $DATA[13] = $DATA[12] + $_CONFIG['profile_lock'];
 132
 133         // How far is last change on his profile away from now?
 134         if (($DATA[13] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0))
 135         {
 136                 $DATA[13] = MAKE_DATETIME($DATA[13] + $_CONFIG['profile_lock'], "0");
 137                 // You cannot change your account
 138                 LOAD_TEMPLATE("member_mydata_locked");
 139         }
 140          else
 141         {
 142                 // He is allowed to change his profile
 143                 switch ($DATA[10])
 144                 {
 145                 case "M":
 146                         define('M_DEFAULT', " selected=\"selected\"");
 147                         define('F_DEFAULT', "");
 148                         define('C_DEFAULT', "");
 149                         break;
 150
 151                 case "F":
 152                         define('M_DEFAULT', "");
 153                         define('F_DEFAULT', " selected=\"selected\"");
 154                         define('C_DEFAULT', "");
 155                         break;
 156
 157                 case "C":
 158                         define('M_DEFAULT', "");
 159                         define('F_DEFAULT', "");
 160                         define('C_DEFAULT', " selected=\"selected\"");
 161                         break;
 162                 }
 163                 $DOB = "";
 164                 switch (GET_LANGUAGE())
 165                 {
 166                 case "de": // German date format
 167                         // Day
 168                         $DOB .= ADD_SELECTION("day", $DATA[7]);
 169
 170                         // Month
 171                         $DOB .= ADD_SELECTION("month", $DATA[8]);
 172
 173                         // Year
 174                         $DOB .= ADD_SELECTION("year", $DATA[9]);
 175                         break;
 176
 177                 default: // Default is the US date format... :)
 178                         break;
 179                 }
 180                 define('DOB', $DOB);
 181                 define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST("member", $DATA[11], true));
 182
 183                 if (EXT_IS_ACTIVE("country"))
 184                 {
 185                         // Generate selection box
 186                         $OUT  = "<SELECT name=\"country_code\" class=\"member_select\" size=\"1\">\n";
 187                         $whereStatement = "WHERE is_active='Y'";
 188                         if (IS_ADMIN()) $whereStatement = "";
 189                         $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $whereStatement);
 190                         $OUT .= "</SELECT>";
 191                         define('__COUNTRY_CONTENT', $OUT);
 192                 }
 193                  else
 194                 {
 195                         // Ouput default input box
 196                         define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\">");
 197                 }
 198
 199                 // Load template
 200                 LOAD_TEMPLATE("member_mydata_edit");
 201         }
 202         break;
 203
 204 case "save": // Save entered data
 205         // Load old email / password:      0        1          2
 206         $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 207          array(UID_VALUE), __FILE__, __LINE__);
 208         $DATA = SQL_FETCHROW($result);
 209         SQL_FREERESULT($result);
 210         $DATA[3] = $DATA[2] + $_CONFIG['profile_lock'];
 211
 212         // How far is last change on his profile away from now?
 213         if (($DATA[3] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0))
 214         {
 215                 $DATA[3] = MAKE_DATETIME($DATA[3] + $_CONFIG['profile_lock'], "0");
 216                 // You cannot change your account
 217                 LOAD_TEMPLATE("member_mydata_locked");
 218         }
 219          elseif (!VALIDATE_EMAIL($_POST['addy']))
 220         {
 221                 // Invalid email address!
 222                 LOAD_TEMPLATE("admin_settings_saved", false, INVALID_EMAIL_ADDRESS_ENTERED);
 223         }
 224          else
 225         {
 226                 // Secure every submitted variable
 227                 foreach ($_POST as $key=>$value)
 228                 {
 229                         $_POST[$key] = addslashes($value);
 230                 }
 231
 232                 $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
 233                 if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1'])))
 234                 {
 235                         // Only on simple changes normal mode is active = no email or password changed
 236                         $MODE = "normal"; $AND = "";
 237
 238                         // Did the user changed the password?
 239                         if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; }
 240
 241                         // Or did he changed his password?
 242                         if ($_POST['addy'] != $DATA[0])
 243                         {
 244                                 // Jupp
 245                                 if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; }
 246                                 $_POST['old_addy'] = $DATA[0];
 247                         }
 248
 249                         // Update member's profile
 250                         if (EXT_IS_ACTIVE("country"))
 251                         {
 252                                 // New way
 253                                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
 254 sex='%s', surname='%s', family='%s',
 255 street_nr='%s',
 256 country_code=%d, zip=%d, city='%s',
 257 email='%s',
 258 birth_day=%d, birth_month=%d, birth_year=%d,
 259 max_mails=%d,
 260 last_update=UNIX_TIMESTAMP()".$AND.",
 261 notified='N',
 262 last_profile_sent=UNIX_TIMESTAMP()
 263 WHERE userid=%d AND password='%s' LIMIT 1",
 264 array(
 265         $_POST['sex'],
 266         $_POST['surname'],
 267         $_POST['family_name'],
 268         $_POST['street_nr'],
 269         bigintval($_POST['country_code']),
 270         bigintval($_POST['zip']),
 271         $_POST['city'],
 272         $_POST['addy'],
 273         bigintval($_POST['day']),
 274         bigintval($_POST['month']),
 275         bigintval($_POST['year']),
 276         bigintval($_POST['max_mails']),
 277         UID_VALUE,
 278         get_session('u_hash')
 279  ), __FILE__, __LINE__);
 280                         }
 281                          else
 282                         {
 283                                 // Old way
 284                                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
 285 sex='%s', surname='%s', family='%s',
 286 street_nr='%s',
 287 country='%s', zip=%d, city='%s',
 288 email='%s',
 289 birth_day=%d, birth_month=%d, birth_year=%d,
 290 max_mails='%s',
 291 last_update=UNIX_TIMESTAMP()".$AND.",
 292 notified='N',
 293 last_profile_sent=UNIX_TIMESTAMP()
 294 WHERE userid=%d AND password='%s' LIMIT 1",
 295 array(
 296         $_POST['sex'],
 297         $_POST['surname'],
 298         $_POST['family_name'],
 299         $_POST['street_nr'],
 300         $_POST['cntry'],
 301         bigintval($_POST['zip']),
 302         $_POST['city'],
 303         $_POST['addy'],
 304         bigintval($_POST['day']),
 305         bigintval($_POST['month']),
 306         bigintval($_POST['year']),
 307         bigintval($_POST['max_mails']),
 308         UID_VALUE,
 309         get_session('u_hash')
 310  ), __FILE__, __LINE__);
 311                         }
 312
 313                         // Get all modes ...
 314                         $modes = explode(";", $MODE);
 315
 316                         // ... and run them through
 317                         SEND_MODE_MAILS ("mydata", $modes);
 318                 }
 319                  else
 320                 {
 321                         // Entered wrong pass for updating profile
 322                         LOAD_TEMPLATE("admin_settings_saved", false, MEBER_UPDATE_PWD_WRONG);
 323                 }
 324         }
 325         break;
 326
 327 case "notify": // Switch off notfication
 328         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
 329          array($GLOBALS['userid']), __FILE__, __LINE__);
 330         $URL = URL."/modules.php?module=login&amp;what=welcome&msg=".urlencode(PROFILE_UPDATED);
 331         break;
 332 }
 333 CLOSE_TABLE();
 334
 335 if (!empty($URL))
 336 {
 337         // Load generated URL
 338         LOAD_URL($URL);
 339 }
 340 //
 341 ?>