2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
14 $_user_location = 'users';
16 define('AT_INCLUDE_PATH', '../include/');
17 require(AT_INCLUDE_PATH.'vitals.inc.php');
19 if ($_SESSION['valid_user'] !== true) {
20 require(AT_INCLUDE_PATH.'header.inc.php');
22 $info = array('INVALID_USER', $_SESSION['course_id']);
23 $msg->printInfos($info);
25 require(AT_INCLUDE_PATH.'footer.inc.php');
29 if (isset($_POST['cancel'])) {
30 $msg->addFeedback('CANCELLED');
31 Header('Location: profile.php');
35 if (isset($_POST['submit'])) {
36 $missing_fields = array();
38 if (!$_POST['first_name']) {
39 $missing_fields[] = _AT('first_name');
42 if (!$_POST['last_name']) {
43 $missing_fields[] = _AT('last_name');
46 $_POST['first_name'] = str_replace('<', '', $_POST['first_name']);
47 $_POST['second_name'] = str_replace('<', '', $_POST['second_name']);
48 $_POST['last_name'] = str_replace('<', '', $_POST['last_name']);
50 // check if first+last is unique
52 * http://www.atutor.ca/atutor/mantis/view.php?id=3760
53 if ($_POST['first_name'] && $_POST['last_name']) {
54 $first_name_sql = $addslashes($_POST['first_name']);
55 $last_name_sql = $addslashes($_POST['last_name']);
56 $second_name_sql = $addslashes($_POST['second_name']);
58 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE first_name='$first_name_sql' AND second_name='$second_name_sql' AND last_name='$last_name_sql' AND member_id<>$_SESSION[member_id] LIMIT 1";
59 $result = mysql_query($sql, $db);
60 if (mysql_fetch_assoc($result)) {
61 $msg->addError('FIRST_LAST_NAME_UNIQUE');
67 $mo = intval($_POST['month']);
68 $day = intval($_POST['day']);
69 $yr = intval($_POST['year']);
71 /* let's us take (one or) two digit years (ex. 78 = 1978, 3 = 2003) */
72 if ($yr < date('y')) {
74 } else if ($yr < 1900) {
78 $dob = $yr.'-'.$mo.'-'.$day;
80 if ($mo && $day && $yr && !checkdate($mo, $day, $yr)) {
81 $msg->addError('DOB_INVALID');
82 } else if (!$mo || !$day || !$yr) {
87 if (($_POST['gender'] != 'm') && ($_POST['gender'] != 'f')) {
88 $_POST['gender'] = 'n'; // not specified
92 if ($missing_fields) {
93 $missing_fields = implode(', ', $missing_fields);
94 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
96 $login = strtolower($_POST['login']);
97 if (!$msg->containsErrors()) {
98 if (($_POST['website']) && (!strstr($_POST['website'], '://'))) { $_POST['website'] = 'http://'.$_POST['website']; }
99 if ($_POST['website'] == 'http://') { $_POST['website'] = ''; }
101 if (isset($_POST['private_email'])) {
102 $_POST['private_email'] = 1;
104 $_POST['private_email'] = 0;
107 // insert into the db.
108 $_POST['website'] = $addslashes($_POST['website']);
109 $_POST['first_name'] = $addslashes($_POST['first_name']);
110 $_POST['second_name']= $addslashes($_POST['second_name']);
111 $_POST['last_name'] = $addslashes($_POST['last_name']);
112 $_POST['address'] = $addslashes($_POST['address']);
113 $_POST['postal'] = $addslashes($_POST['postal']);
114 $_POST['city'] = $addslashes($_POST['city']);
115 $_POST['province'] = $addslashes($_POST['province']);
116 $_POST['country'] = $addslashes($_POST['country']);
117 $_POST['phone'] = $addslashes($_POST['phone']);
119 $sql = "UPDATE ".TABLE_PREFIX."members SET website='$_POST[website]', first_name='$_POST[first_name]', second_name='$_POST[second_name]', last_name='$_POST[last_name]', dob='$dob', gender='$_POST[gender]', address='$_POST[address]', postal='$_POST[postal]', city='$_POST[city]', province='$_POST[province]', country='$_POST[country]', phone='$_POST[phone]', language='$_SESSION[lang]', private_email=$_POST[private_email], creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
121 $result = mysql_query($sql,$db);
123 $msg->printErrors('DB_NOT_UPDATED');
127 $msg->addFeedback('PROFILE_UPDATED');
129 header('Location: ./profile.php');
134 $sql = 'SELECT * FROM '.TABLE_PREFIX.'members WHERE member_id='.$_SESSION['member_id'];
135 $result = mysql_query($sql,$db);
136 $row = mysql_fetch_assoc($result);
138 if (!isset($_POST['submit'])) {
140 list($_POST['year'],$_POST['month'],$_POST['day']) = explode('-', $row['dob']);
143 /* template starts here */
145 $savant->assign('row', $row);
146 $onload = 'document.form.first_name.focus();';
148 //$savant->display('registration.tmpl.php');
149 $savant->display('users/profile.tmpl.php');
150 //global $this->_pages;