2 /************************************************************************/
\r
4 /************************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /************************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 admin_authenticate(AT_ADMIN_PRIV_USERS);
\r
19 if (isset($_POST['cancel'])) {
\r
20 if (isset($_POST['ml']) && $_REQUEST['ml']) {
\r
21 header('Location: '.AT_BASE_HREF.'mods/_core/users/master_list.php');
\r
23 header('Location: '.AT_BASE_HREF.'mods/_core/users/users.php');
\r
28 if (isset($_POST['submit'])) {
\r
29 $missing_fields = array();
\r
31 $id = intval($_POST['id']);
\r
32 //$_POST['password'] = $addslashes($_POST['password']);
\r
33 $_POST['website'] = $addslashes($_POST['website']);
\r
34 $_POST['first_name'] = $addslashes($_POST['first_name']);
\r
35 $_POST['second_name'] = $addslashes($_POST['second_name']);
\r
36 $_POST['last_name'] = $addslashes($_POST['last_name']);
\r
37 $_POST['address'] = $addslashes($_POST['address']);
\r
38 $_POST['postal'] = $addslashes($_POST['postal']);
\r
39 $_POST['city'] = $addslashes($_POST['city']);
\r
40 $_POST['province'] = $addslashes($_POST['province']);
\r
41 $_POST['country'] = $addslashes($_POST['country']);
\r
42 $_POST['phone'] = $addslashes($_POST['phone']);
\r
43 $_POST['status'] = intval($_POST['status']);
\r
44 $_POST['old_status'] = intval($_POST['old_status']);
\r
45 $_POST['gender'] = $addslashes($_POST['gender']);
\r
46 $_POST['student_id'] = intval($_POST['student_id']);
\r
47 $_POST['email'] = $addslashes($_POST['email']);
\r
49 //check if student id (public field) is already being used
\r
50 if (!$_POST['overwrite'] && !empty($_POST['student_id'])) {
\r
51 $result = mysql_query("SELECT public_field FROM ".TABLE_PREFIX."master_list WHERE public_field='$_POST[student_id]' AND member_id<>0 AND member_id<>$id",$db);
\r
52 if (mysql_num_rows($result) != 0) {
\r
53 $msg->addError('CREATE_MASTER_USED');
\r
58 if ($_POST['email'] == '') {
\r
59 $missing_fields[] = _AT('email');
\r
60 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
\r
61 $msg->addError('EMAIL_INVALID');
\r
63 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]' AND member_id <> $id",$db);
\r
65 if (mysql_num_rows($result) != 0) {
\r
67 $msg->addError('EMAIL_EXISTS');
\r
70 if (!$_POST['first_name']) {
\r
71 $missing_fields[] = _AT('first_name');
\r
74 if (!$_POST['last_name']) {
\r
75 $missing_fields[] = _AT('last_name');
\r
78 $_POST['first_name'] = str_replace('<', '', $_POST['first_name']);
\r
79 $_POST['second_name'] = str_replace('<', '', $_POST['second_name']);
\r
80 $_POST['last_name'] = str_replace('<', '', $_POST['last_name']);
\r
82 // check if first+last is unique
\r
84 * http://www.atutor.ca/atutor/mantis/view.php?id=3760
\r
85 if ($_POST['first_name'] && $_POST['last_name']) {
\r
86 $first_name_sql = $addslashes($_POST['first_name']);
\r
87 $last_name_sql = $addslashes($_POST['last_name']);
\r
88 $second_name_sql = $addslashes($_POST['second_name']);
\r
90 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE first_name='$first_name_sql' AND second_name='$second_name_sql' AND last_name='$last_name_sql' AND member_id<>$id LIMIT 1";
\r
91 $result = mysql_query($sql, $db);
\r
92 if (mysql_fetch_assoc($result)) {
\r
93 $msg->addError('FIRST_LAST_NAME_UNIQUE');
\r
99 //check date of birth
\r
100 $mo = intval($_POST['month']);
\r
101 $day = intval($_POST['day']);
\r
102 $yr = intval($_POST['year']);
\r
104 /* let's us take (one or) two digit years (ex. 78 = 1978, 3 = 2003) */
\r
105 if ($yr < date('y')) {
\r
107 } else if ($yr < 1900) {
\r
111 $dob = $yr.'-'.$mo.'-'.$day;
\r
113 if ($mo && $day && $yr && !checkdate($mo, $day, $yr)) {
\r
114 $msg->addError('DOB_INVALID');
\r
115 } else if (!$mo || !$day || !$yr) {
\r
116 $dob = '0000-00-00';
\r
117 $yr = $mo = $day = 0;
\r
121 if ($missing_fields) {
\r
122 $missing_fields = implode(', ', $missing_fields);
\r
123 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
\r
126 if (!$msg->containsErrors()) {
\r
127 if (isset($_POST['profile_pic_delete'])) {
\r
128 profile_image_delete($id);
\r
130 if (($_POST['website']) && (!strstr($_POST['website'], "://"))) {
\r
131 $_POST['website'] = "http://".$_POST['website'];
\r
133 if ($_POST['website'] == 'http://') {
\r
134 $_POST['website'] = '';
\r
136 $_POST['postal'] = strtoupper(trim($_POST['postal']));
\r
138 if (isset($_POST['private_email'])) {
\r
139 $_POST['private_email'] = 1;
\r
141 $_POST['private_email'] = 0;
\r
144 /* insert into the db. (the last 0 for status) */
\r
145 $sql = "UPDATE ".TABLE_PREFIX."members SET email = '$_POST[email]',
\r
146 website = '$_POST[website]',
\r
147 first_name = '$_POST[first_name]',
\r
148 second_name= '$_POST[second_name]',
\r
149 last_name = '$_POST[last_name]',
\r
151 gender = '$_POST[gender]',
\r
152 address = '$_POST[address]',
\r
153 postal = '$_POST[postal]',
\r
154 city = '$_POST[city]',
\r
155 province = '$_POST[province]',
\r
156 country = '$_POST[country]',
\r
157 phone = '$_POST[phone]',
\r
158 status = $_POST[status],
\r
159 language = '$_SESSION[lang]',
\r
160 private_email = $_POST[private_email],
\r
161 creation_date=creation_date,
\r
162 last_login=last_login
\r
163 WHERE member_id = $id";
\r
164 $result = mysql_query($sql, $db);
\r
166 require(AT_INCLUDE_PATH.'header.inc.php');
\r
167 $msg->addError('DB_NOT_UPDATED');
\r
169 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
174 if (defined('AT_MASTER_LIST') && AT_MASTER_LIST) {
\r
175 $_POST['student_id'] = $addslashes($_POST['student_id']);
\r
176 $student_pin = sha1($addslashes($_POST['student_pin']));
\r
178 //if changed, delete old stud id
\r
179 if (!empty($_POST['old_student_id']) && $_POST['old_student_id'] != $_POST['student_id']) {
\r
180 $sql = "DELETE FROM ".TABLE_PREFIX."master_list WHERE public_field=".$_POST['old_student_id']." AND member_id=$id";
\r
181 $result = mysql_query($sql, $db);
\r
184 if (!empty($_POST['student_id']) && $_POST['old_student_id'] != $_POST['student_id']) {
\r
185 $sql = "REPLACE INTO ".TABLE_PREFIX."master_list VALUES ('$_POST[student_id]', '', $id)";
\r
186 $result = mysql_query($sql, $db);
\r
191 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION && ($_POST['status'] == AT_STATUS_UNCONFIRMED) && ($_POST['old_status'] != AT_STATUS_UNCONFIRMED)) {
\r
193 $sql = "SELECT email, creation_date FROM ".TABLE_PREFIX."members WHERE member_id=$id";
\r
194 $result = mysql_query($sql, $db);
\r
195 $row = mysql_fetch_assoc($result);
\r
197 $code = substr(md5($row['email'] . $row['creation_date']. $id), 0, 10);
\r
198 $confirmation_link = AT_BASE_HREF . 'confirm.php?id='.$id.SEP.'m='.$code;
\r
200 /* send the email confirmation message: */
\r
201 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
\r
202 $mail = new ATutorMailer();
\r
204 $mail->AddAddress($row['email']);
\r
205 $mail->From = $_config['contact_email'];
\r
206 $mail->Subject = $_config['site_name'] . ' - ' . _AT('email_confirmation_subject');
\r
207 $mail->Body = _AT('email_confirmation_message', $_config['site_name'], $confirmation_link);
\r
212 $msg->addFeedback('PROFILE_UPDATED_ADMIN');
\r
213 if (isset($_POST['ml']) && $_REQUEST['ml']) {
\r
214 header('Location: '.AT_BASE_HREF.'mods/_core/users/master_list.php');
\r
216 header('Location: '.AT_BASE_HREF.'mods/_core/users/users.php');
\r
222 $id = intval($_REQUEST['id']);
\r
224 if (empty($_POST)) {
\r
225 $sql = "SELECT * FROM ".TABLE_PREFIX."members WHERE member_id = $id";
\r
226 $result = mysql_query($sql, $db);
\r
227 if (!($row = mysql_fetch_assoc($result))) {
\r
228 require(AT_INCLUDE_PATH.'header.inc.php');
\r
229 $msg->addError('USER_NOT_FOUND');
\r
231 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
236 list($_POST['year'],$_POST['month'],$_POST['day']) = explode('-', $row['dob']);
\r
237 //$_POST['password2'] = $_POST['password'];
\r
238 $_POST['old_status'] = $_POST['status'];
\r
240 if (admin_authenticate(AT_ADMIN_PRIV_USERS, TRUE) && defined('AT_MASTER_LIST') && AT_MASTER_LIST) {
\r
241 $sql = "SELECT public_field FROM ".TABLE_PREFIX."master_list WHERE member_id=$id";
\r
242 $result = mysql_query($sql, $db);
\r
243 if ($row = mysql_fetch_assoc($result)) {
\r
244 $_POST['old_student_id'] = $row['public_field'];
\r
245 $_POST['student_id'] = $row['public_field'];
\r
250 $savant->assign('languageManager', $languageManager);
\r
252 if (isset($_REQUEST['ml']) && $_REQUEST['ml']) {
\r
253 // redirect back to the master list
\r
254 $savant->assign('ml', 1);
\r
256 $savant->assign('ml', 0);
\r
260 /* HAVE TO SEND MEMBER_ID THROUGH FORM AS A HIDDEN POST VARIABLE!!! */
\r
261 /* PUT IN IF LOOP THAT LETS YOU SEE STATUS RADIO BUTTONS */
\r
262 $savant->assign('no_captcha', true);
\r
263 $savant->display('registration.tmpl.php');
\r