2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
15 $_user_location = 'users';
17 define('AT_INCLUDE_PATH', '../include/');
18 require(AT_INCLUDE_PATH.'vitals.inc.php');
21 if ($_SESSION['valid_user'] !== true) {
22 require(AT_INCLUDE_PATH.'header.inc.php');
23 $info = array('INVALID_USER', $_SESSION['course_id']);
24 $msg->printInfos($info);
25 require(AT_INCLUDE_PATH.'footer.inc.php');
29 if (isset($_POST['cancel'])) {
30 $msg->addFeedback('CANCELLED');
31 Header('Location: profile.php');
35 if (!isset($_SESSION['token']) || !$_SESSION['token']) {
36 $_SESSION['token'] = md5(mt_rand());
39 if (isset($_POST['submit'])) {
41 $this_password = $_POST['form_password_hidden'];
44 if (!empty($this_password)) {
45 //check if old password entered is correct
46 $sql = "SELECT password FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
47 $result = mysql_query($sql,$db);
48 if ($row = mysql_fetch_assoc($result)) {
49 if ($row['password'] != $this_password) {
50 $msg->addError('WRONG_PASSWORD');
51 Header('Location: email_change.php');
56 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
57 header('Location: email_change.php');
62 if ($_POST['email'] == '') {
63 $msg->addError(array('EMPTY_FIELDS', _AT('email')));
65 if(!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
66 $msg->addError('EMAIL_INVALID');
68 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email='$_POST[email]' AND member_id<>$_SESSION[member_id]",$db);
69 if(mysql_num_rows($result) != 0) {
70 $msg->addError('EMAIL_EXISTS');
74 if (!$msg->containsErrors()) {
75 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
76 //send confirmation email
77 $sql = "SELECT email, creation_date FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
78 $result = mysql_query($sql, $db);
79 $row = mysql_fetch_assoc($result);
81 if ($row['email'] != $_POST['email']) {
82 $code = substr(md5($_POST['email'] . $row['creation_date'] . $_SESSION['member_id']), 0, 10);
83 $confirmation_link = AT_BASE_HREF . 'confirm.php?id='.$_SESSION['member_id'].SEP .'e='.urlencode($_POST['email']).SEP.'m='.$code;
85 /* send the email confirmation message: */
86 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
87 $mail = new ATutorMailer();
89 $mail->From = $_config['contact_email'];
90 $mail->AddAddress($_POST['email']);
91 $mail->Subject = SITE_NAME . ' - ' . _AT('email_confirmation_subject');
92 $mail->Body = _AT('email_confirmation_message2', $_config['site_name'], $confirmation_link);
96 $msg->addFeedback('CONFIRM_EMAIL');
98 $msg->addFeedback('CANCELLED');
102 //insert into database
103 $sql = "UPDATE ".TABLE_PREFIX."members SET email='$_POST[email]', creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
104 $result = mysql_query($sql,$db);
106 $msg->printErrors('DB_NOT_UPDATED');
110 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
112 header('Location: ./profile.php');
117 $sql = 'SELECT email FROM '.TABLE_PREFIX.'members WHERE member_id='.$_SESSION['member_id'];
118 $result = mysql_query($sql,$db);
119 $row = mysql_fetch_assoc($result);
121 if (!isset($_POST['submit'])) {
125 /* template starts here */
126 $savant->assign('row', $row);
127 $savant->display('users/email_change.tmpl.php');