X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fmember%2Fwhat-mydata.php;h=df2c5a3fca5c6321a40a2ca8dbd67bb0fa0fe7ac;hp=646a0a8b1c019d0cd2d3c70b2a8724e1f8ba8ec5;hb=56156f6c4392510cdbe0eb4f2ccefc23b43e2672;hpb=c45b1827a16928c65ecc1aea6a9d7a504c4874d4 diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php index 646a0a8b1c..df2c5a3fca 100644 --- a/inc/modules/member/what-mydata.php +++ b/inc/modules/member/what-mydata.php @@ -32,25 +32,19 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); -} - elseif (!IS_LOGGED_IN()) -{ +} elseif (!IS_MEMBER()) { LOAD_URL("modules.php?module=index"); -} - elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN())) -{ - ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata"); +} elseif ((!EXT_IS_ACTIVE("mydata")) && (!IS_ADMIN())) { + addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "mydata"); return; } // Add description as navigation point -ADD_DESCR("member", basename(__FILE__)); +ADD_DESCR("member", __FILE__); -OPEN_TABLE("100%", "member_content member_content_align", ""); define('UID_VALUE', $GLOBALS['userid']); $URL = ""; // Detect what the member wants to do @@ -65,27 +59,27 @@ case "show": // Show his data if (EXT_IS_ACTIVE("country", true)) { // New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } else { // Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } $DATA = SQL_FETCHROW($result); SQL_FREERESULT($result); // Translate / add some things - $DATA[10] = TRANSLATE_SEX($DATA[10]); + $DATA[10] = TRANSLATE_GENDER($DATA[10]); $DATA[13] = MAKE_DATETIME($DATA[13], "0"); // How far is last change on his profile away from now? - if ((($DATA[13] + $_CONFIG['profile_lock']) > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0)) + if ((($DATA[13] + getConfig('profile_lock')) > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) { // You cannot change your account - define('CHANGE', "".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + $_CONFIG['profile_lock'], "0").MEMBER_PROFILE_LOCKED_2.""); + define('CHANGE', "
".MEMBER_PROFILE_LOCKED_1.MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0").MEMBER_PROFILE_LOCKED_2."
"); } else { @@ -113,24 +107,24 @@ case "show": // Show his data case "edit": // Edit data if (EXT_IS_ACTIVE("country", true)) { // New way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update -FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country_code, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update +FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } else { // Old way 0 1 2 3 4 5 6 7 8 9 10 11 12 13 - $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, sex, max_mails, receive_mails, last_update -FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family, street_nr, country, zip, city, email, birth_day, birth_month, birth_year, gender, max_mails, receive_mails, last_update +FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); } $DATA = SQL_FETCHROW($result); SQL_FREERESULT($result); - $DATA[13] = $DATA[12] + $_CONFIG['profile_lock']; + $DATA[13] = $DATA[12] + getConfig('profile_lock'); // How far is last change on his profile away from now? - if (($DATA[13] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0)) + if (($DATA[13] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) { - $DATA[13] = MAKE_DATETIME($DATA[13] + $_CONFIG['profile_lock'], "0"); + $DATA[13] = MAKE_DATETIME($DATA[13] + getConfig('profile_lock'), "0"); // You cannot change your account LOAD_TEMPLATE("member_mydata_locked"); } @@ -174,21 +168,19 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", default: // Default is the US date format... :) break; } + define('DOB', $DOB); define('MAX_REC_LIST', ADD_MAX_RECEIVE_LIST("member", $DATA[11], true)); - if (EXT_IS_ACTIVE("country")) - { + if (EXT_IS_ACTIVE("country")) { // Generate selection box - $OUT = "\n"; $whereStatement = "WHERE is_active='Y'"; if (IS_ADMIN()) $whereStatement = ""; $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $DATA[3], "code", $whereStatement); - $OUT .= ""; + $OUT .= ""; define('__COUNTRY_CONTENT', $OUT); - } - else - { + } else { // Ouput default input box define('__COUNTRY_CONTENT', ""); } @@ -200,32 +192,22 @@ FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", case "save": // Save entered data // Load old email / password: 0 1 2 - $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email, password, last_update FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array(UID_VALUE), __FILE__, __LINE__); $DATA = SQL_FETCHROW($result); SQL_FREERESULT($result); - $DATA[3] = $DATA[2] + $_CONFIG['profile_lock']; + $DATA[3] = $DATA[2] + getConfig('profile_lock'); // How far is last change on his profile away from now? - if (($DATA[3] > time()) && (!IS_ADMIN()) && ($_CONFIG['profile_lock'] > 0)) - { - $DATA[3] = MAKE_DATETIME($DATA[3] + $_CONFIG['profile_lock'], "0"); + if (($DATA[3] > time()) && (!IS_ADMIN()) && (getConfig('profile_lock') > 0)) { + $DATA[3] = MAKE_DATETIME($DATA[3] + getConfig('profile_lock'), "0"); // You cannot change your account LOAD_TEMPLATE("member_mydata_locked"); - } - elseif (!VALIDATE_EMAIL($_POST['addy'])) - { + } elseif (!VALIDATE_EMAIL($_POST['addy'])) { // Invalid email address! LOAD_TEMPLATE("admin_settings_saved", false, INVALID_EMAIL_ADDRESS_ENTERED); - } - else - { - // Secure every submitted variable - foreach ($_POST as $key=>$value) - { - $_POST[$key] = addslashes($value); - } - + } else { + // Generate hash $hash = generateHash($_POST['pass1'], substr($DATA[1], 0, -40)); if ((($hash == $DATA[1]) || ($_POST['pass1'] == $_POST['pass2'])) && (!empty($_POST['pass1']))) { @@ -247,8 +229,8 @@ case "save": // Save entered data if (EXT_IS_ACTIVE("country")) { // New way - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET -sex='%s', surname='%s', family='%s', + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET +gender='%s', surname='%s', family='%s', street_nr='%s', country_code=%s, zip=%s, city='%s', email='%s', @@ -259,7 +241,7 @@ notified='N', last_profile_sent=UNIX_TIMESTAMP() WHERE userid=%s AND password='%s' LIMIT 1", array( - $_POST['sex'], + $_POST['gender'], $_POST['surname'], $_POST['family_name'], $_POST['street_nr'], @@ -278,8 +260,8 @@ array( else { // Old way - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET -sex='%s', surname='%s', family='%s', + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET +gender='%s', surname='%s', family='%s', street_nr='%s', country='%s', zip=%s, city='%s', email='%s', @@ -290,7 +272,7 @@ notified='N', last_profile_sent=UNIX_TIMESTAMP() WHERE userid=%s AND password='%s' LIMIT 1", array( - $_POST['sex'], + $_POST['gender'], $_POST['surname'], $_POST['family_name'], $_POST['street_nr'], @@ -322,17 +304,16 @@ array( break; case "notify": // Switch off notfication - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET notified='N', last_update=UNIX_TIMESTAMP() WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); - $URL = URL."/modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED); + $URL = "modules.php?module=login&what=welcome&msg=".urlencode(PROFILE_UPDATED); break; } -CLOSE_TABLE(); -if (!empty($URL)) -{ +if (!empty($URL)) { // Load generated URL LOAD_URL($URL); } + // ?>