X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fmember%2Fwhat-mydata.php;h=b71c4af1f678382cfce1c0bd12eec1413f80b61d;hp=1c51e6e49a5e09a76c7626f139d151da3911918d;hb=c78089215285d52d483760699d07a96dfbbe0671;hpb=75ad748a68473ace540251427a74fb781b1145e9

diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php
index 1c51e6e49a..b71c4af1f6 100644
--- a/inc/modules/member/what-mydata.php
+++ b/inc/modules/member/what-mydata.php
@@ -32,76 +32,64 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
-	LOAD_URL(URL."/modules.php?module=index");
-}
- elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN()))
-{
-	ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata");
+} elseif (!IS_MEMBER()) {
+	LOAD_URL("modules.php?module=index");
+} elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN())) {
+	addFatalMessage(__FILE__, __LINE__, getMessage('EXTENSION_PROBLEM_EXT_INACTIVE'), "mydata");
 	return;
 }
 
 // Add description as navigation point
-ADD_DESCR("member", basename(__FILE__));
+ADD_DESCR("member", __FILE__);
 
-OPEN_TABLE("100%", "member_content member_content_align", "");
 define('UID_VALUE', $GLOBALS['userid']); $URL = "";
 
 // Detect what the member wants to do
 $MODE = "show"; // Show his data
-if (!empty($_POST['save']))   $MODE = "save";   // Save entered data
-if (isset($_POST['edit']))   $MODE = "edit";   // Edit data
-if (!empty($_POST['notify'])) $MODE = "notify"; // Switch off notification
+if (REQUEST_ISSET_POST(('save')))   $MODE = "save";   // Save entered data
+if (REQUEST_ISSET_POST('edit'))    $MODE = "edit";   // Edit data
+if (REQUEST_ISSET_POST(('notify'))) $MODE = "notify"; // Switch off notification
 
 switch ($MODE)
 {
 case "show": // Show his data
-	if (EXT_IS_ACTIVE("country", true))
-	{
+	if (EXT_IS_ACTIVE("country", true)) {
 		// New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
-		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 		 array(UID_VALUE), __FILE__, __LINE__);
-	}
-	 else
-	{
+	} else {
 		// Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
-		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 		 array(UID_VALUE), __FILE__, __LINE__);
 	}
 	$DATA = SQL_FETCHROW($result);
 	SQL_FREERESULT($result);
 
 	// Translate / add some things
-	$DATA[10] = TRANSLATE_SEX($DATA[10]);
+	$DATA[10] = TRANSLATE_GENDER($DATA[10]);
 	$DATA[13] = MAKE_DATETIME($DATA[13], "0");
 
 	// How far is last change on his profile away from now?
-	if ((($DATA[13] + $CONFIG['profile_lock']) > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
-	{
+	if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
 		// You cannot change your account
-		define('CHANGE', "<FONT class=\"member_failed\">".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + $CONFIG['profile_lock'], "0").MEMBER_PROFILE_LOCKED_2."</FONT>");
-	}
-	 else
-	{
+		define('CHANGE', "<div class=\"member_failed\">".sprintf(getMessage('MEMBER_PROFILE_LOCKED'), MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0"))."</div>");
+	} else {
 		// He is allowed to change his profile
 		define('CHANGE', LOAD_TEMPLATE("member_mydata_button", true));
 	}
+
 	if (strlen($DATA[7]) == 1) $DATA[7] = "0".$DATA[7];
 	if (strlen($DATA[8]) == 1) $DATA[8] = "0".$DATA[8];
-	switch (GET_LANGUAGE())
-	{
-		case "de": define ('DOB', $DATA[7].".".$DATA[8].".".$DATA[9]); break;
-		default  : define ('DOB', $DATA[8]."-".$DATA[7]."-".$DATA[9]); break;
+
+	switch (GET_LANGUAGE()) {
+		case "de": define('DOB', $DATA[7].".".$DATA[8].".".$DATA[9]); break;
+		default  : define('DOB', $DATA[8]."-".$DATA[7]."-".$DATA[9]); break;
 	}
 
-	if (EXT_IS_ACTIVE("country"))
-	{
+	if (EXT_IS_ACTIVE("country")) {
 		// Load country's description and code
 		$DATA[3] = COUNTRY_GENERATE_INFO($DATA[3]);
 	}
@@ -111,34 +99,28 @@ case "show": // Show his data
 	break;
 
 case "edit": // Edit data
-	if (EXT_IS_ACTIVE("country", true))
-	{
+	if (EXT_IS_ACTIVE("country", true)) {
 		// New way                         0        1         2          3         4     5     6        7           8            9       10      11           12           13
-		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
-		 array(UID_VALUE), __FILE__, __LINE__);
-	}
-	 else
-	{
+		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
+FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
+		 array(constant('UID_VALUE')), __FILE__, __LINE__);
+	} else {
 		// Old way                         0        1         2        3      4     5     6        7           8            9       10      11           12           13
-		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update
-FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
-		 array(UID_VALUE), __FILE__, __LINE__);
+		$result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update
+FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
+		 array(constant('UID_VALUE')), __FILE__, __LINE__);
 	}
 
 	$DATA = SQL_FETCHROW($result);
 	SQL_FREERESULT($result);
-	$DATA[13] = $DATA[12] + $CONFIG['profile_lock'];
+	$DATA[13] = $DATA[12] + getConfig('profile_lock');
 
 	// How far is last change on his profile away from now?
-	if (($DATA[13] > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
-	{
-		$DATA[13] = MAKE_DATETIME($DATA[13] + $CONFIG['profile_lock'], "0");
+	if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
+		$DATA[13] = MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0");
 		// You cannot change your account
 		LOAD_TEMPLATE("member_mydata_locked");
-	}
-	 else
-	{
+	} else {
 		// He is allowed to change his profile
 		switch ($DATA[10])
 		{
@@ -177,23 +159,21 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 		default: // Default is the US date format... :)
 			break;
 		}
+
 		define('DOB', $DOB);
 		define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST("member", $DATA[11], true));
 
-		if (EXT_IS_ACTIVE("country"))
-		{
+		if (EXT_IS_ACTIVE("country")) {
 			// Generate selection box
-			$OUT  = "<SELECT name=\"country_code\" class=\"member_select\" size=\"1\">\n";
-			$WHERE = "WHERE is_active='Y'";
-			if (IS_ADMIN()) $WHERE = "";
-			$OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $WHERE);
-			$OUT .= "</SELECT>";
+			$OUT  = "<select name=\"country_code\" class=\"member_select\" size=\"1\">\n";
+			$whereStatement = "WHERE is_active='Y'";
+			if (IS_ADMIN()) $whereStatement = "";
+			$OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $whereStatement);
+			$OUT .= "</select>";
 			define('__COUNTRY_CONTENT', $OUT);
-		}
-		 else
-		{
+		} else {
 			// Ouput default input box
-			define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\">");
+			define('__COUNTRY_CONTENT', "<input type=\"text\" name=\"cntry\" class=\"member_normal\" size=\"2\" maxlength=\"3\" value=\"".$DATA[3]."\" />");
 		}
 
 		// Load template
@@ -203,35 +183,24 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 
 case "save": // Save entered data
 	// Load old email / password:      0        1          2
-	$result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+	$result = SQL_QUERY_ESC("SELECT email, password, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
 	 array(UID_VALUE), __FILE__, __LINE__);
 	$DATA = SQL_FETCHROW($result);
 	SQL_FREERESULT($result);
-	$DATA[3] = $DATA[2] + $CONFIG['profile_lock'];
+	$DATA[3] = $DATA[2] + getConfig('profile_lock');
 
 	// How far is last change on his profile away from now?
-	if (($DATA[3] > time()) && (!IS_ADMIN()) && ($CONFIG['profile_lock'] > 0))
-	{
-		$DATA[3] = MAKE_DATETIME($DATA[3] + $CONFIG['profile_lock'], "0");
+	if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) {
+		$DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0");
 		// You cannot change your account
 		LOAD_TEMPLATE("member_mydata_locked");
-	}
-	 elseif (!VALIDATE_EMAIL($_POST['addy']))
-	{
+	} elseif (!VALIDATE_EMAIL(REQUEST_POST('addy'))) {
 		// Invalid email address!
-		LOAD_TEMPLATE("admin_settings_saved", false, INVALID_EMAIL_ADDRESS_ENTERED);
-	}
-	 else
-	{
-		// Secure every submitted variable
-		foreach ($_POST as $key=>$value)
-		{
-			$_POST[$key] = addslashes($value);
-		}
-
-		$hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40));
-		if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1'])))
-		{
+		LOAD_TEMPLATE("admin_settings_saved", false, getMessage('INVALID_EMAIL_ADDRESS_ENTERED'));
+	} else {
+		// Generate hash
+		$hash = generateHash(REQUEST_POST('pass1'), substr($DATA[1], 0, -40));
+		if ((($hash == $DATA[1]) || (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) && (REQUEST_ISSET_POST(('pass1')))) {
 			// Only on simple changes normal mode is active = no email or password changed
 			$MODE = "normal"; $AND = "";
 
@@ -239,74 +208,70 @@ case "save": // Save entered data
 			if ($hash != $DATA[1]) { $AND = ", password='".$hash."'"; $MODE = "pass"; }
 
 			// Or did he changed his password?
-			if ($_POST['addy'] != $DATA[0])
-			{
+			if (REQUEST_POST('addy') != $DATA[0]) {
 				// Jupp
 				if ($MODE == "normal") { $MODE = "email"; } else { $MODE .= ";email"; }
-				$_POST['old_addy'] = $DATA[0];
+				REQUEST_SET_POST('old_addy', $DATA[0]);
 			}
 
 			// Update member's profile
-			if (EXT_IS_ACTIVE("country"))
-			{
+			if (EXT_IS_ACTIVE("country")) {
 				// New way
-				$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
-sex='%s', surname='%s', family='%s',
+				SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
+gender='%s', surname='%s', family='%s',
 street_nr='%s',
-country_code=%d, zip=%d, city='%s',
+country_code=%s, zip=%s, city='%s',
 email='%s',
-birth_day=%d, birth_month=%d, birth_year=%d,
-max_mails=%d,
+birth_day=%s, birth_month=%s, birth_year=%s,
+max_mails=%s,
 last_update=UNIX_TIMESTAMP()".$AND.",
 notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
-WHERE userid=%d AND password='%s' LIMIT 1",
- array(
-  $_POST['sex'],
-  $_POST['surname'],
-  $_POST['family_name'],
-  $_POST['street_nr'],
-  bigintval($_POST['country_code']),
-  bigintval($_POST['zip']),
-  $_POST['city'],
-  $_POST['addy'],
-  bigintval($_POST['day']),
-  bigintval($_POST['month']),
-  bigintval($_POST['year']),
-  bigintval($_POST['max_mails']),
-  UID_VALUE,
-  $_COOKIE['u_hash']
+WHERE userid=%s AND password='%s' LIMIT 1",
+array(
+ 	REQUEST_POST('gender'),
+ 	REQUEST_POST('surname'),
+ 	REQUEST_POST('family'),
+ 	REQUEST_POST('street_nr'),
+ 	bigintval(REQUEST_POST('country_code')),
+ 	bigintval(REQUEST_POST('zip')),
+ 	REQUEST_POST('city'),
+ 	REQUEST_POST('addy'),
+ 	bigintval(REQUEST_POST('day')),
+ 	bigintval(REQUEST_POST('month')),
+ 	bigintval(REQUEST_POST('year')),
+ 	bigintval(REQUEST_POST('max_mails')),
+ 	UID_VALUE,
+ 	get_session('u_hash')
  ), __FILE__, __LINE__);
-			}
-			 else
-			{
+			} else {
 				// Old way
-				$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET
-sex='%s', surname='%s', family='%s',
+				SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET
+gender='%s', surname='%s', family='%s',
 street_nr='%s',
-country='%s', zip=%d, city='%s',
+country='%s', zip=%s, city='%s',
 email='%s',
-birth_day=%d, birth_month=%d, birth_year=%d,
+birth_day=%s, birth_month=%s, birth_year=%s,
 max_mails='%s',
 last_update=UNIX_TIMESTAMP()".$AND.",
 notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
-WHERE userid=%d AND password='%s' LIMIT 1",
- array(
-  $_POST['sex'],
-  $_POST['surname'],
-  $_POST['family_name'],
-  $_POST['street_nr'],
-  $_POST['cntry'],
-  bigintval($_POST['zip']),
-  $_POST['city'],
-  $_POST['addy'],
-  bigintval($_POST['day']),
-  bigintval($_POST['month']),
-  bigintval($_POST['year']),
-  bigintval($_POST['max_mails']),
-  UID_VALUE,
-  $_COOKIE['u_hash']
+WHERE userid=%s AND password='%s' LIMIT 1",
+array(
+	REQUEST_POST('gender'),
+	REQUEST_POST('surname'),
+	REQUEST_POST('family'),
+	REQUEST_POST('street_nr'),
+	REQUEST_POST('cntry'),
+	bigintval(REQUEST_POST('zip')),
+	REQUEST_POST('city'),
+	REQUEST_POST('addy'),
+	bigintval(REQUEST_POST('day')),
+	bigintval(REQUEST_POST('month')),
+	bigintval(REQUEST_POST('year')),
+	bigintval(REQUEST_POST('max_mails')),
+	UID_VALUE,
+	get_session('u_hash')
  ), __FILE__, __LINE__);
 			}
 
@@ -315,27 +280,24 @@ WHERE userid=%d AND password='%s' LIMIT 1",
 
 			// ... and run them through
 			SEND_MODE_MAILS ("mydata", $modes);
-		}
-		 else
-		{
+		} else {
 			// Entered wrong pass for updating profile
-			LOAD_TEMPLATE("admin_settings_saved", false, MEBER_UPDATE_PWD_WRONG);
+			LOAD_TEMPLATE("admin_settings_saved", false, getMessage('MEBER_UPDATE_PWD_WRONG'));
 		}
 	}
 	break;
 
 case "notify": // Switch off notfication
-	$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
-	 array($GLOBALS['userid']), __FILE__, __LINE__);
-	$URL = URL."/modules.php?module=login&amp;what=welcome&msg=".urlencode(PROFILE_UPDATED);
+	SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1",
+		array($GLOBALS['userid']), __FILE__, __LINE__);
+	$URL = "modules.php?module=login&amp;what=welcome&amp;msg=".urlencode(getMessage('PROFILE_UPDATED'));
 	break;
 }
-CLOSE_TABLE();
 
-if (!empty($URL))
-{
+if (!empty($URL)) {
 	// Load generated URL
 	LOAD_URL($URL);
 }
+
 //
 ?>