branch prepared
[mailer.git] / inc / modules / member / what-mydata.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 10/16/2003 *
4  * ===============                              Last change: 06/30/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-mydata.php                                  *
8  * -------------------------------------------------------------------- *
9  * Short description : Members can edit their profile data here         *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Mitglieder koennen hier ihre Profildaten aendern *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Some security stuff...
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
36 {
37         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
38         require($INC);
39 }
40  elseif (!IS_LOGGED_IN())
41 {
42         LOAD_URL(URL."/modules.php?module=index");
43 }
44  elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN()))
45 {
46         ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata");
47         return;
48 }
49
50 // Add description as navigation point
51 ADD_DESCR("member", basename(__FILE__));
52
53 OPEN_TABLE("100%", "member_content member_content_align", "");
54 define('UID_VALUE', $GLOBALS['userid']); $URL = "";
55
56 // Detect what the member wants to do
57 $MODE = "show"; // Show his data
58 if (!empty($_POST['save']))   $MODE = "save";   // Save entered data
59 if (isset($_POST['edit']))   $MODE = "edit";   // Edit data
60 if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification
61
62 switch ($MODE)
63 {
64 case "show": // Show his data
65         if (EXT_IS_ACTIVE("country", true))
66         {
67                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
68                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
69                  array(UID_VALUE), __FILE__, __LINE__);
70         }
71          else
72         {
73                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
74                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
75                  array(UID_VALUE), __FILE__, __LINE__);
76         }
77         $DATA = SQL_FETCHROW($result);
78         SQL_FREERESULT($result);
79
80         // Translate / add some things
81         $DATA[10] = TRANSLATE_SEX($DATA[10]);
82         $DATA[13] = MAKE_DATETIME($DATA[13], "0");
83
84         // How far is last change on his profile away from now?
85         if ((($DATA[13] + $CONFIG['profile_lock']) > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
86         {
87                 // You cannot change your account
88                 define('CHANGE', "<FONT class=\"member_failed\">".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + $CONFIG['profile_lock'], "0").MEMBER_PROFILE_LOCKED_2."</FONT>");
89         }
90          else
91         {
92                 // He is allowed to change his profile
93                 define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
94         }
95         if (strlen($DATA[7]) == 1) $DATA[7] = "0".$DATA[7];
96         if (strlen($DATA[8]) == 1) $DATA[8] = "0".$DATA[8];
97         switch (GET_LANGUAGE())
98         {
99                 case "de": define ('DOB', $DATA[7].".".$DATA[8].".".$DATA[9]); break;
100                 default  : define ('DOB', $DATA[8]."-".$DATA[7]."-".$DATA[9]); break;
101         }
102
103         if (EXT_IS_ACTIVE("country"))
104         {
105                 // Load country's description and code
106                 $DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
107         }
108
109         // Load template
110         LOAD_TEMPLATE("member_mydata_overview");
111         break;
112
113 case "edit": // Edit data
114         if (EXT_IS_ACTIVE("country", true))
115         {
116                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
117                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
118 FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
119                  array(UID_VALUE), __FILE__, __LINE__);
120         }
121          else
122         {
123                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
124                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
125 FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
126                  array(UID_VALUE), __FILE__, __LINE__);
127         }
128
129         $DATA = SQL_FETCHROW($result);
130         SQL_FREERESULT($result);
131         $DATA[13] = $DATA[12] + $CONFIG['profile_lock'];
132
133         // How far is last change on his profile away from now?
134         if (($DATA[13] > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
135         {
136                 $DATA[13] = MAKE_DATETIME($DATA[13] + $CONFIG['profile_lock'], "0");
137                 // You cannot change your account
138                 LOAD_TEMPLATE("member_mydata_locked");
139         }
140          else
141         {
142                 // He is allowed to change his profile
143                 switch ($DATA[10])
144                 {
145                 case "M":
146                         define('M_DEFAULT', " selected=\"selected\"");
147                         define('F_DEFAULT', "");
148                         define('C_DEFAULT', "");
149                         break;
150
151                 case "F":
152                         define('M_DEFAULT', "");
153                         define('F_DEFAULT', " selected=\"selected\"");
154                         define('C_DEFAULT', "");
155                         break;
156
157                 case "C":
158                         define('M_DEFAULT', "");
159                         define('F_DEFAULT', "");
160                         define('C_DEFAULT', " selected=\"selected\"");
161                         break;
162                 }
163                 $DOB = "";
164                 switch (GET_LANGUAGE())
165                 {
166                 case "de": // German date format
167                         // Day
168                         $DOB .= ADD_SELECTION("day", $DATA[7]);
169
170                         // Month
171                         $DOB .= ADD_SELECTION("month", $DATA[8]);
172
173                         // Year
174                         $DOB .= ADD_SELECTION("year", $DATA[9]);
175                         break;
176
177                 default: // Default is the US date format... :)
178                         break;
179                 }
180                 define('DOB', $DOB);
181                 define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST("member", $DATA[11], true));
182
183                 if (EXT_IS_ACTIVE("country"))
184                 {
185                         // Generate selection box
186                         $OUT  = "<SELECT name=\"country_code\" class=\"member_select\" size=\"1\">\n";
187                         $WHERE = "WHERE is_active='Y'";
188                         if (IS_ADMIN()) $WHERE = "";
189                         $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $WHERE);
190                         $OUT .= "</SELECT>";
191                         define('__COUNTRY_CONTENT', $OUT);
192                 }
193                  else
194                 {
195                         // Ouput default input box
196                         define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\">");
197                 }
198
199                 // Load template
200                 LOAD_TEMPLATE("member_mydata_edit");
201         }
202         break;
203
204 case "save": // Save entered data
205         // Load old email / password:      0        1          2
206         $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
207          array(UID_VALUE), __FILE__, __LINE__);
208         $DATA = SQL_FETCHROW($result);
209         SQL_FREERESULT($result);
210         $DATA[3] = $DATA[2] + $CONFIG['profile_lock'];
211
212         // How far is last change on his profile away from now?
213         if (($DATA[3] > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
214         {
215                 $DATA[3] = MAKE_DATETIME($DATA[3] + $CONFIG['profile_lock'], "0");
216                 // You cannot change your account
217                 LOAD_TEMPLATE("member_mydata_locked");
218         }
219          elseif (!VALIDATE_EMAIL($_POST['addy']))
220         {
221                 // Invalid email address!
222                 LOAD_TEMPLATE("admin_settings_saved", false, INVALID_EMAIL_ADDRESS_ENTERED);
223         }
224          else
225         {
226                 // Secure every submitted variable
227                 foreach ($_POST as $key=>$value)
228                 {
229                         $_POST[$key] = addslashes($value);
230                 }
231
232                 $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
233                 if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1'])))
234                 {
235                         // Only on simple changes normal mode is active = no email or password changed
236                         $MODE = "normal"; $AND = "";
237
238                         // Did the user changed the password?
239                         if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; }
240
241                         // Or did he changed his password?
242                         if ($_POST['addy'] != $DATA[0])
243                         {
244                                 // Jupp
245                                 if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; }
246                                 $_POST['old_addy'] = $DATA[0];
247                         }
248
249                         // Update member's profile
250                         if (EXT_IS_ACTIVE("country"))
251                         {
252                                 // New way
253                                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
254 sex='%s', surname='%s', family='%s',
255 street_nr='%s',
256 country_code=%d, zip=%d, city='%s',
257 email='%s',
258 birth_day=%d, birth_month=%d, birth_year=%d,
259 max_mails=%d,
260 last_update=UNIX_TIMESTAMP()".$AND.",
261 notified='N',
262 last_profile_sent=UNIX_TIMESTAMP()
263 WHERE userid=%d AND password='%s' LIMIT 1",
264  array(
265   $_POST['sex'],
266   $_POST['surname'],
267   $_POST['family_name'],
268   $_POST['street_nr'],
269   bigintval($_POST['country_code']),
270   bigintval($_POST['zip']),
271   $_POST['city'],
272   $_POST['addy'],
273   bigintval($_POST['day']),
274   bigintval($_POST['month']),
275   bigintval($_POST['year']),
276   bigintval($_POST['max_mails']),
277   UID_VALUE,
278   $_COOKIE['u_hash']
279  ), __FILE__, __LINE__);
280                         }
281                          else
282                         {
283                                 // Old way
284                                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
285 sex='%s', surname='%s', family='%s',
286 street_nr='%s',
287 country='%s', zip=%d, city='%s',
288 email='%s',
289 birth_day=%d, birth_month=%d, birth_year=%d,
290 max_mails='%s',
291 last_update=UNIX_TIMESTAMP()".$AND.",
292 notified='N',
293 last_profile_sent=UNIX_TIMESTAMP()
294 WHERE userid=%d AND password='%s' LIMIT 1",
295  array(
296   $_POST['sex'],
297   $_POST['surname'],
298   $_POST['family_name'],
299   $_POST['street_nr'],
300   $_POST['cntry'],
301   bigintval($_POST['zip']),
302   $_POST['city'],
303   $_POST['addy'],
304   bigintval($_POST['day']),
305   bigintval($_POST['month']),
306   bigintval($_POST['year']),
307   bigintval($_POST['max_mails']),
308   UID_VALUE,
309   $_COOKIE['u_hash']
310  ), __FILE__, __LINE__);
311                         }
312
313                         // Get all modes ...
314                         $modes = explode(";", $MODE);
315
316                         // ... and run them through
317                         SEND_MODE_MAILS ("mydata", $modes);
318                 }
319                  else
320                 {
321                         // Entered wrong pass for updating profile
322                         LOAD_TEMPLATE("admin_settings_saved", false, MEBER_UPDATE_PWD_WRONG);
323                 }
324         }
325         break;
326
327 case "notify": // Switch off notfication
328         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
329          array($GLOBALS['userid']), __FILE__, __LINE__);
330         $URL = URL."/modules.php?module=login&amp;what=welcome&msg=".urlencode(PROFILE_UPDATED);
331         break;
332 }
333 CLOSE_TABLE();
334
335 if (!empty($URL))
336 {
337         // Load generated URL
338         LOAD_URL($URL);
339 }
340 //
341 ?>