HTML->XHTML preparation (still *A LOT* to convert
[mailer.git] / inc / modules / member / what-mydata.php
index 646a0a8..df2c5a3 100644 (file)
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
+} elseif (!IS_MEMBER()) {
        LOAD_URL("modules.php?module=index");
-}
- elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN()))
-{
-       ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata");
+} elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN())) {
+       addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata");
        return;
 }
 
 // Add description as navigation point
-ADD_DESCR("member", basename(__FILE__));
+ADD_DESCR("member", __FILE__);
 
-OPEN_TABLE("100%", "member_content member_content_align", "");
 define('UID_VALUE', $GLOBALS['userid']); $URL = "";
 
 // Detect what the member wants to do
@@ -65,27 +59,27 @@ case "show": // Show his data
        if (EXT_IS_ACTIVE("country", true))
        {
                // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
-               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        }
         else
        {
                // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
-               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        }
        $DATA = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
 
        // Translate / add some things
-       $DATA[10] = TRANSLATE_SEX($DATA[10]);
+       $DATA[10] = TRANSLATE_GENDER($DATA[10]);
        $DATA[13] = MAKE_DATETIME($DATA[13], "0");
 
        // How far is last change on his profile away from now?
-       if ((($DATA[13] + $_CONFIG['profile_lock']) > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0))
+       if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0))
        {
                // You cannot change your account
-               define('CHANGE', "<FONT class=\"member_failed\">".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + $_CONFIG['profile_lock'], "0").MEMBER_PROFILE_LOCKED_2."</FONT>");
+               define('CHANGE', "<div class=\"member_failed\">".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0").MEMBER_PROFILE_LOCKED_2."</div>");
        }
         else
        {
@@ -113,24 +107,24 @@ case "show": // Show his data
 case "edit": // Edit data
        if (EXT_IS_ACTIVE("country", true)) {
                // New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
-               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
+FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        } else {
                // Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
-               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
+FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                 array(UID_VALUE), __FILE__, __LINE__);
        }
 
        $DATA = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
-       $DATA[13] = $DATA[12] + $_CONFIG['profile_lock'];
+       $DATA[13] = $DATA[12] + getConfig('profile_lock');
 
        // How far is last change on his profile away from now?
-       if (($DATA[13] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0))
+       if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0))
        {
-               $DATA[13] = MAKE_DATETIME($DATA[13] + $_CONFIG['profile_lock'], "0");
+               $DATA[13] = MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0");
                // You cannot change your account
                LOAD_TEMPLATE("member_mydata_locked");
        }
@@ -174,21 +168,19 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                default: // Default is the US date format... :)
                        break;
                }
+
                define('DOB', $DOB);
                define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST("member", $DATA[11], true));
 
-               if (EXT_IS_ACTIVE("country"))
-               {
+               if (EXT_IS_ACTIVE("country")) {
                        // Generate selection box
-                       $OUT  = "<SELECT name=\"country_code\" class=\"member_select\" size=\"1\">\n";
+                       $OUT  = "<select name=\"country_code\" class=\"member_select\" size=\"1\">\n";
                        $whereStatement = "WHERE is_active='Y'";
                        if (IS_ADMIN()) $whereStatement = "";
                        $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $whereStatement);
-                       $OUT .= "</SELECT>";
+                       $OUT .= "</select>";
                        define('__COUNTRY_CONTENT', $OUT);
-               }
-                else
-               {
+               } else {
                        // Ouput default input box
                        define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\">");
                }
@@ -200,32 +192,22 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
 
 case "save": // Save entered data
        // Load old email / password:      0        1          2
-       $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
         array(UID_VALUE), __FILE__, __LINE__);
        $DATA = SQL_FETCHROW($result);
        SQL_FREERESULT($result);
-       $DATA[3] = $DATA[2] + $_CONFIG['profile_lock'];
+       $DATA[3] = $DATA[2] + getConfig('profile_lock');
 
        // How far is last change on his profile away from now?
-       if (($DATA[3] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0))
-       {
-               $DATA[3] = MAKE_DATETIME($DATA[3] + $_CONFIG['profile_lock'], "0");
+       if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
+               $DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0");
                // You cannot change your account
                LOAD_TEMPLATE("member_mydata_locked");
-       }
-        elseif (!VALIDATE_EMAIL($_POST['addy']))
-       {
+       } elseif (!VALIDATE_EMAIL($_POST['addy'])) {
                // Invalid email address!
                LOAD_TEMPLATE("admin_settings_saved", false, INVALID_EMAIL_ADDRESS_ENTERED);
-       }
-        else
-       {
-               // Secure every submitted variable
-               foreach ($_POST as $key=>$value)
-               {
-                       $_POST[$key] = addslashes($value);
-               }
-
+       } else {
+               // Generate hash
                $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
                if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1'])))
                {
@@ -247,8 +229,8 @@ case "save": // Save entered data
                        if (EXT_IS_ACTIVE("country"))
                        {
                                // New way
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
-sex='%s', surname='%s', family='%s',
+                               SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET
+gender='%s', surname='%s', family='%s',
 street_nr='%s',
 country_code=%s, zip=%s, city='%s',
 email='%s',
@@ -259,7 +241,7 @@ notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
 WHERE userid=%s AND password='%s' LIMIT 1",
 array(
-       $_POST['sex'],
+       $_POST['gender'],
        $_POST['surname'],
        $_POST['family_name'],
        $_POST['street_nr'],
@@ -278,8 +260,8 @@ array(
                         else
                        {
                                // Old way
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
-sex='%s', surname='%s', family='%s',
+                               SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET
+gender='%s', surname='%s', family='%s',
 street_nr='%s',
 country='%s', zip=%s, city='%s',
 email='%s',
@@ -290,7 +272,7 @@ notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
 WHERE userid=%s AND password='%s' LIMIT 1",
 array(
-       $_POST['sex'],
+       $_POST['gender'],
        $_POST['surname'],
        $_POST['family_name'],
        $_POST['street_nr'],
@@ -322,17 +304,16 @@ array(
        break;
 
 case "notify": // Switch off notfication
-       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
+       SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
-       $URL = URL."/modules.php?module=login&amp;what=welcome&msg=".urlencode(PROFILE_UPDATED);
+       $URL = "modules.php?module=login&amp;what=welcome&amp;msg=".urlencode(PROFILE_UPDATED);
        break;
 }
-CLOSE_TABLE();
 
-if (!empty($URL))
-{
+if (!empty($URL)) {
        // Load generated URL
        LOAD_URL($URL);
 }
+
 //
 ?>