inc/modules/member/what-mydata.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 10/16/2003 *
   4  * ===============                              Last change: 06/30/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-mydata.php                                  *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Members can edit their profile data here         *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Mitglieder koennen hier ihre Profildaten aendern *
  12  * -------------------------------------------------------------------- *
  13  * $Revision::                                                        $ *
  14  * $Date::                                                            $ *
  15  * $Tag:: 0.2.1-FINAL                                                 $ *
  16  * $Author::                                                          $ *
  17  * Needs to be in all Files and every File needs "svn propset           *
  18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
  19  * -------------------------------------------------------------------- *
  20  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  21  * For more information visit: http://www.mxchange.org                  *
  22  *                                                                      *
  23  * This program is free software; you can redistribute it and/or modify *
  24  * it under the terms of the GNU General Public License as published by *
  25  * the Free Software Foundation; either version 2 of the License, or    *
  26  * (at your option) any later version.                                  *
  27  *                                                                      *
  28  * This program is distributed in the hope that it will be useful,      *
  29  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  30  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  31  * GNU General Public License for more details.                         *
  32  *                                                                      *
  33  * You should have received a copy of the GNU General Public License    *
  34  * along with this program; if not, write to the Free Software          *
  35  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  36  * MA  02110-1301  USA                                                  *
  37  ************************************************************************/
  38
  39 // Some security stuff...
  40 if (!defined('__SECURITY')) {
  41         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
  42         require($INC);
  43 } elseif (!IS_MEMBER()) {
  44         LOAD_URL('modules.php?module=index');
  45 } elseif ((!EXT_IS_ACTIVE('mydata')) && (!IS_ADMIN())) {
  46         addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), 'mydata');
  47         return;
  48 }
  49
  50 // Add description as navigation point
  51 ADD_DESCR('member', __FILE__);
  52
  53 define('UID_VALUE', getUserId()); $URL = '';
  54
  55 // Detect what the member wants to do
  56 $MODE = "show"; // Show his data
  57 if (REQUEST_ISSET_POST(('save')))   $MODE = "save";   // Save entered data
  58 if (REQUEST_ISSET_POST('edit'))    $MODE = "edit";   // Edit data
  59 if (REQUEST_ISSET_POST(('notify'))) $MODE = "notify"; // Switch off notification
  60
  61 switch ($MODE)
  62 {
  63 case "show": // Show his data
  64         if (EXT_IS_ACTIVE('country', true)) {
  65                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
  66                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
  67                  array(UID_VALUE), __FILE__, __LINE__);
  68         } else {
  69                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
  70                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
  71                  array(UID_VALUE), __FILE__, __LINE__);
  72         }
  73         $DATA = SQL_FETCHROW($result);
  74         SQL_FREERESULT($result);
  75
  76         // Translate / add some things
  77         $DATA[10] = TRANSLATE_GENDER($DATA[10]);
  78         $DATA[13] = MAKE_DATETIME($DATA[13], "0");
  79
  80         // How far is last change on his profile away from now?
  81         if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
  82                 // You cannot change your account
  83                 define('CHANGE', "<div class=\"member_failed\">".sprintf(getMessage('MEMBER_PROFILE_LOCKED'), MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0"))."</div>");
  84         } else {
  85                 // He is allowed to change his profile
  86                 define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
  87         }
  88
  89         if (strlen($DATA[7]) == 1) $DATA[7] = "0".$DATA[7];
  90         if (strlen($DATA[8]) == 1) $DATA[8] = "0".$DATA[8];
  91
  92         switch (GET_LANGUAGE()) {
  93                 case "de": define('DOB', $DATA[7].".".$DATA[8].".".$DATA[9]); break;
  94                 default  : define('DOB', $DATA[8]."-".$DATA[7]."-".$DATA[9]); break;
  95         }
  96
  97         if (EXT_IS_ACTIVE('country')) {
  98                 // Load country's description and code
  99                 $DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
 100         }
 101
 102         // Load template
 103         LOAD_TEMPLATE("member_mydata_overview");
 104         break;
 105
 106 case "edit": // Edit data
 107         if (EXT_IS_ACTIVE('country', true)) {
 108                 // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
 109                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
 110 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 111                  array(constant('UID_VALUE')), __FILE__, __LINE__);
 112         } else {
 113                 // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
 114                 $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
 115 FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 116                  array(constant('UID_VALUE')), __FILE__, __LINE__);
 117         }
 118
 119         $DATA = SQL_FETCHROW($result);
 120         SQL_FREERESULT($result);
 121         $DATA[13] = $DATA[12] + getConfig('profile_lock');
 122
 123         // How far is last change on his profile away from now?
 124         if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
 125                 $DATA[13] = MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0");
 126                 // You cannot change your account
 127                 LOAD_TEMPLATE("member_mydata_locked");
 128         } else {
 129                 // He is allowed to change his profile
 130                 switch ($DATA[10])
 131                 {
 132                 case "M":
 133                         define('M_DEFAULT', " selected=\"selected\"");
 134                         define('F_DEFAULT', '');
 135                         define('C_DEFAULT', '');
 136                         break;
 137
 138                 case "F":
 139                         define('M_DEFAULT', '');
 140                         define('F_DEFAULT', " selected=\"selected\"");
 141                         define('C_DEFAULT', '');
 142                         break;
 143
 144                 case "C":
 145                         define('M_DEFAULT', '');
 146                         define('F_DEFAULT', '');
 147                         define('C_DEFAULT', " selected=\"selected\"");
 148                         break;
 149                 }
 150                 $DOB = '';
 151                 switch (GET_LANGUAGE())
 152                 {
 153                 case "de": // German date format
 154                         // Day
 155                         $DOB .= ADD_SELECTION("day", $DATA[7]);
 156
 157                         // Month
 158                         $DOB .= ADD_SELECTION("month", $DATA[8]);
 159
 160                         // Year
 161                         $DOB .= ADD_SELECTION("year", $DATA[9]);
 162                         break;
 163
 164                 default: // Default is the US date format... :)
 165                         break;
 166                 }
 167
 168                 define('DOB', $DOB);
 169                 define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST('member', $DATA[11], true));
 170
 171                 if (EXT_IS_ACTIVE('country')) {
 172                         // Generate selection box
 173                         $OUT  = "<select name=\"country_code\" class=\"member_select\" size=\"1\">\n";
 174                         $whereStatement = "WHERE is_active='Y'";
 175                         if (IS_ADMIN()) $whereStatement = '';
 176                         $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $whereStatement);
 177                         $OUT .= "</select>";
 178                         define('__COUNTRY_CONTENT', $OUT);
 179                 } else {
 180                         // Ouput default input box
 181                         define('__COUNTRY_CONTENT', "<input type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\" />");
 182                 }
 183
 184                 // Load template
 185                 LOAD_TEMPLATE("member_mydata_edit");
 186         }
 187         break;
 188
 189 case "save": // Save entered data
 190         // Load old email / password:      0        1          2
 191         $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 192          array(UID_VALUE), __FILE__, __LINE__);
 193         $DATA = SQL_FETCHROW($result);
 194         SQL_FREERESULT($result);
 195         $DATA[3] = $DATA[2] + getConfig('profile_lock');
 196
 197         // How far is last change on his profile away from now?
 198         if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
 199                 $DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0");
 200                 // You cannot change your account
 201                 LOAD_TEMPLATE("member_mydata_locked");
 202         } elseif (!VALIDATE_EMAIL(REQUEST_POST('addy'))) {
 203                 // Invalid email address!
 204                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
 205         } else {
 206                 // Generate hash
 207                 $hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40));
 208                 if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST(('pass1')))) {
 209                         // Only on simple changes normal mode is active = no email or password changed
 210                         $MODE = 'normal'; $AND = '';
 211
 212                         // Did the user changed the password?
 213                         if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = 'pass'; }
 214
 215                         // Or did he changed his password?
 216                         if (REQUEST_POST('addy') != $DATA[0]) {
 217                                 // Jupp
 218                                 if ($MODE == 'normal') { $MODE = 'email'; } else { $MODE .= ";email"; }
 219                                 REQUEST_SET_POST('old_addy', $DATA[0]);
 220                         }
 221
 222                         // Update member's profile
 223                         if (EXT_IS_ACTIVE('country')) {
 224                                 // New way
 225                                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
 226 gender='%s', surname='%s', family='%s',
 227 street_nr='%s',
 228 country_code=%s, zip=%s, city='%s',
 229 email='%s',
 230 birth_day=%s, birth_month=%s, birth_year=%s,
 231 max_mails=%s,
 232 last_update=UNIX_TIMESTAMP()".$AND.",
 233 notified='N',
 234 last_profile_sent=UNIX_TIMESTAMP()
 235 WHERE userid=%s AND password='%s' LIMIT 1",
 236 array(
 237         REQUEST_POST('gender'),
 238         REQUEST_POST('surname'),
 239         REQUEST_POST('family'),
 240         REQUEST_POST('street_nr'),
 241         bigintval(REQUEST_POST('country_code')),
 242         bigintval(REQUEST_POST('zip')),
 243         REQUEST_POST('city'),
 244         REQUEST_POST('addy'),
 245         bigintval(REQUEST_POST('day')),
 246         bigintval(REQUEST_POST('month')),
 247         bigintval(REQUEST_POST('year')),
 248         bigintval(REQUEST_POST('max_mails')),
 249         UID_VALUE,
 250         get_session('u_hash')
 251  ), __FILE__, __LINE__);
 252                         } else {
 253                                 // Old way
 254                                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
 255 gender='%s', surname='%s', family='%s',
 256 street_nr='%s',
 257 country='%s', zip=%s, city='%s',
 258 email='%s',
 259 birth_day=%s, birth_month=%s, birth_year=%s,
 260 max_mails='%s',
 261 last_update=UNIX_TIMESTAMP()".$AND.",
 262 notified='N',
 263 last_profile_sent=UNIX_TIMESTAMP()
 264 WHERE userid=%s AND password='%s' LIMIT 1",
 265 array(
 266         REQUEST_POST('gender'),
 267         REQUEST_POST('surname'),
 268         REQUEST_POST('family'),
 269         REQUEST_POST('street_nr'),
 270         REQUEST_POST('cntry'),
 271         bigintval(REQUEST_POST('zip')),
 272         REQUEST_POST('city'),
 273         REQUEST_POST('addy'),
 274         bigintval(REQUEST_POST('day')),
 275         bigintval(REQUEST_POST('month')),
 276         bigintval(REQUEST_POST('year')),
 277         bigintval(REQUEST_POST('max_mails')),
 278         UID_VALUE,
 279         get_session('u_hash')
 280  ), __FILE__, __LINE__);
 281                         }
 282
 283                         // Get all modes ...
 284                         $modes = explode(';', $MODE);
 285
 286                         // ... and run them through
 287                         SEND_MODE_MAILS ('mydata', $modes);
 288                 } else {
 289                         // Entered wrong pass for updating profile
 290                         LOAD_TEMPLATE('admin_settings_saved', false, getMessage('MEBER_UPDATE_PWD_WRONG'));
 291                 }
 292         }
 293         break;
 294
 295 case "notify": // Switch off notfication
 296         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
 297                 array(getUserId()), __FILE__, __LINE__);
 298         $URL = 'modules.php?module=login&amp;what=welcome&amp;msg=' . urlencode(getMessage('PROFILE_UPDATED'));
 299         break;
 300 }
 301
 302 if (!empty($URL)) {
 303         // Load generated URL
 304         LOAD_URL($URL);
 305 }
 306
 307 //
 308 ?>