<?php
/************************************************************************
 * MXChange v0.2.1                                    Start: 10/16/2003 *
 * ===============                              Last change: 06/30/2004 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : what-mydata.php                                  *
 * -------------------------------------------------------------------- *
 * Short description : Members can edit their profile data here         *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Mitglieder koennen hier ihre Profildaten aendern *
 * -------------------------------------------------------------------- *
 * $Revision::                                                        $ *
 * $Date::                                                            $ *
 * $Tag:: 0.2.1-FINAL                                                 $ *
 * $Author::                                                          $ *
 * Needs to be in all Files and every File needs "svn propset           *
 * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2008 by Roland Haeder                           *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if (!defined('__SECURITY')) {
	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
	require($INC);
} elseif (!IS_MEMBER()) {
	redirectToUrl('modules.php?module=index');
} elseif ((!EXT_IS_ACTIVE('mydata')) && (!IS_ADMIN())) {
	addFatalMessage(__FILE__, __LINE__, generateExtensionInactiveNotInstalledMessage('mydata'));
	return;
}

// Add description as navigation point
ADD_DESCR('member', __FILE__);

// @TODO Try to rewrite this constant
define('UID_VALUE', getUserId());

// Init variable to prevent notices
$URL = '';

// Detect what the member wants to do
$mode = 'show'; // Show his data
if (REQUEST_ISSET_POST('save'))   $mode = 'save';   // Save entered data
if (REQUEST_ISSET_POST('edit'))   $mode = 'edit';   // Edit data
if (REQUEST_ISSET_POST('notify')) $mode = 'notify'; // Switch off notification

switch ($mode) {
	case 'show': // Show his data
		if (EXT_IS_ACTIVE('country', true)) {
			// New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
			$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
				array(getUserId()), __FILE__, __LINE__);
		} else {
			// Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
			$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
				array(getUserId()), __FILE__, __LINE__);
		}
		$DATA = SQL_FETCHROW($result);
		SQL_FREERESULT($result);

		// Translate / add some things
		$DATA[10] = translateGender($DATA[10]);
		$DATA[13] = generateDateTime($DATA[13], '0');

		// How far is last change on his profile away from now?
		if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
			// You cannot change your account
			define('CHANGE', "<div class=\"member_failed\">".sprintf(getMessage('MEMBER_PROFILE_LOCKED'), generateDateTime($DATA[13] + getConfig('profile_lock'), '0'))."</div>");
		} else {
			// He is allowed to change his profile
			define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
		}

		if (strlen($DATA[7]) == 1) $DATA[7] = '0'.$DATA[7];
		if (strlen($DATA[8]) == 1) $DATA[8] = '0'.$DATA[8];

		switch (getLanguage()) {
			case 'de': define('DOB', $DATA[7].'.'.$DATA[8].'.'.$DATA[9]); break;
			default  : define('DOB', $DATA[8].'-'.$DATA[7].'-'.$DATA[9]); break;
		} // END - switch

		if (EXT_IS_ACTIVE('country')) {
			// Load country's description and code
			$DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
		} // END - if

		// Load template
		LOAD_TEMPLATE('member_mydata_overview');
		break;

	case 'edit': // Edit data
		if (EXT_IS_ACTIVE('country', true)) {
			// New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
			$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
			array(getUserId()), __FILE__, __LINE__);
		} else {
			// Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
			$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
				array(getUserId()), __FILE__, __LINE__);
		}

		$DATA = SQL_FETCHROW($result);
		SQL_FREERESULT($result);
		$DATA[13] = $DATA[12] + getConfig('profile_lock');

		// How far is last change on his profile away from now?
		if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
			$DATA[13] = generateDateTime($DATA[13] + getConfig('profile_lock'), '0');
			// You cannot change your account
			LOAD_TEMPLATE('member_mydata_locked');
		} else {
			// He is allowed to change his profile
			switch ($DATA[10])
			{
				case 'M':
					define('M_DEFAULT', ' selected="selected"');
					define('F_DEFAULT', '');
					define('C_DEFAULT', '');
					break;

				case 'F':
					define('M_DEFAULT', '');
					define('F_DEFAULT', ' selected="selected"');
					define('C_DEFAULT', '');
					break;

				case 'C':
					define('M_DEFAULT', '');
					define('F_DEFAULT', '');
					define('C_DEFAULT', ' selected="selected"');
					break;
			}
			$DOB = '';
			switch (getLanguage()) {
				case 'de': // German date format
					// Day
					$DOB .= ADD_SELECTION('day', $DATA[7]);

					// Month
					$DOB .= ADD_SELECTION('month', $DATA[8]);

					// Year
					$DOB .= ADD_SELECTION('year', $DATA[9]);
					break;

				default: // Default is the US date format... :)
					break;
			} // END - if

			define('DOB', $DOB);
			define('MAX_REC_LIST', addMaxReceiveList('member', $DATA[11], true));

			if (EXT_IS_ACTIVE('country')) {
				// Generate selection box
				$OUT  = "<select name=\"country_code\" class=\"member_select\" size=\"1\">\n";
				$whereStatement = "WHERE `is_active`='Y'";
				if (IS_ADMIN()) $whereStatement = '';
				$OUT .= generateOptionList("countries", 'id', "descr", $DATA[3], "code", $whereStatement);
				$OUT .= "</select>";
				define('__COUNTRY_CONTENT', $OUT);
			} else {
				// Ouput default input box
				define('__COUNTRY_CONTENT', "<input type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\" />");
			}

			// Load template
			LOAD_TEMPLATE('member_mydata_edit');
		}
		break;

	case 'save': // Save entered data
		// Load old email / password:      0        1          2
		$result = SQL_QUERY_ESC("SELECT email, password, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
			array(getUserId()), __FILE__, __LINE__);
		$DATA = SQL_FETCHROW($result);
		SQL_FREERESULT($result);
		$DATA[3] = $DATA[2] + getConfig('profile_lock');

		// How far is last change on his profile away from now?
		if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
			$DATA[3] = generateDateTime($DATA[3] + getConfig('profile_lock'), '0');
			// You cannot change your account
			LOAD_TEMPLATE('member_mydata_locked');
		} elseif (!isEmailValid(REQUEST_POST('addy'))) {
			// Invalid email address!
			LOAD_TEMPLATE('admin_settings_saved', false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
		} else {
			// Generate hash
			$hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40));
			if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST(('pass1')))) {
				// Only on simple changes normal mode is active = no email or password changed
				$mode = 'normal'; $AND = '';

				// Did the user changed the password?
				if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $mode = 'pass'; }

				// Or did he changed his password?
				if (REQUEST_POST('addy') != $DATA[0]) {
					// Jupp
					if ($mode == 'normal') {
						$mode = 'email';
					} else {
						$mode .= ";email";
					}
					REQUEST_SET_POST('old_addy', $DATA[0]);
				} // END - if

				// Update member's profile
				if (EXT_IS_ACTIVE('country')) {
					// New way
					SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
`gender`='%s', `surname`='%s', `family`='%s',
`street_nr`='%s',
`country_code`=%s, `zip`=%s, `city`='%s',
`email`='%s',
`birth_day`=%s, `birth_month`=%s, `birth_year`=%s,
`max_mails`=%s,
`last_update`=UNIX_TIMESTAMP()".$AND.",
`notified`='N',
`last_profile_sent`=UNIX_TIMESTAMP()
WHERE `userid`=%s AND `password`='%s' LIMIT 1",
						array(
							REQUEST_POST('gender'),
							REQUEST_POST('surname'),
							REQUEST_POST('family'),
							REQUEST_POST('street_nr'),
							bigintval(REQUEST_POST('country_code')),
							bigintval(REQUEST_POST('zip')),
							REQUEST_POST('city'),
							REQUEST_POST('addy'),
							bigintval(REQUEST_POST('day')),
							bigintval(REQUEST_POST('month')),
							bigintval(REQUEST_POST('year')),
							bigintval(REQUEST_POST('max_mails')),
							getUserId(),
							getSession('u_hash')
						), __FILE__, __LINE__);
				} else {
					// Old way
					SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
`gender`='%s', `surname`='%s', `family`='%s',
`street_nr`='%s',
`country`='%s', `zip`=%s, `city`='%s',
`email`='%s',
`birth_day`=%s, `birth_month`=%s, `birth_year`=%s,
`max_mails`='%s',
`last_update`=UNIX_TIMESTAMP()".$AND.",
`notified`='N',
`last_profile_sent`=UNIX_TIMESTAMP()
WHERE `userid`=%s AND `password`='%s' LIMIT 1",
						array(
							REQUEST_POST('gender'),
							REQUEST_POST('surname'),
							REQUEST_POST('family'),
							REQUEST_POST('street_nr'),
							REQUEST_POST('cntry'),
							bigintval(REQUEST_POST('zip')),
							REQUEST_POST('city'),
							REQUEST_POST('addy'),
							bigintval(REQUEST_POST('day')),
							bigintval(REQUEST_POST('month')),
							bigintval(REQUEST_POST('year')),
							bigintval(REQUEST_POST('max_mails')),
							getUserId(),
							getSession('u_hash')
						), __FILE__, __LINE__);
				}

				// Get all modes ...
				$modes = explode(';', $mode);

				// ... and run them through
				sendModeMails ('mydata', $modes);
			} else {
				// Entered wrong pass for updating profile
				LOAD_TEMPLATE('admin_settings_saved', false, getMessage('MEBER_UPDATE_PWD_WRONG'));
			}
		}
		break;

	case 'notify': // Switch off notfication
		SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
			array(getUserId()), __FILE__, __LINE__);
		$URL = 'modules.php?module=login&amp;what=welcome&amp;msg=' . urlencode(getMessage('PROFILE_UPDATED'));
		break;
}

if (!empty($URL)) {
	// Load generated URL
	redirectToUrl($URL);
} // END - if

//
?>