2 /***********************************************************************/
4 /***********************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /***********************************************************************/
16 $_user_location = 'users';
18 define('AT_INCLUDE_PATH', '../../../include/');
19 require(AT_INCLUDE_PATH.'vitals.inc.php');
21 if ($_SESSION['valid_user'] !== true) {
22 require(AT_INCLUDE_PATH.'header.inc.php');
24 $info = array('INVALID_USER', $_SESSION['course_id']);
25 $msg->printInfos($info);
27 require(AT_INCLUDE_PATH.'footer.inc.php');
31 if (isset($_POST['cancel'])) {
32 $msg->addFeedback('CANCELLED');
33 Header('Location: profile.php');
37 if (isset($_POST['submit'])) {
38 $missing_fields = array();
40 if (!$_POST['first_name']) {
41 $missing_fields[] = _AT('first_name');
44 if (!$_POST['last_name']) {
45 $missing_fields[] = _AT('last_name');
48 $_POST['first_name'] = str_replace('<', '', $_POST['first_name']);
49 $_POST['second_name'] = str_replace('<', '', $_POST['second_name']);
50 $_POST['last_name'] = str_replace('<', '', $_POST['last_name']);
52 // check if first+last is unique
54 * http://www.atutor.ca/atutor/mantis/view.php?id=3760
55 if ($_POST['first_name'] && $_POST['last_name']) {
56 $first_name_sql = $addslashes($_POST['first_name']);
57 $last_name_sql = $addslashes($_POST['last_name']);
58 $second_name_sql = $addslashes($_POST['second_name']);
60 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE first_name='$first_name_sql' AND second_name='$second_name_sql' AND last_name='$last_name_sql' AND member_id<>$_SESSION[member_id] LIMIT 1";
61 $result = mysql_query($sql, $db);
62 if (mysql_fetch_assoc($result)) {
63 $msg->addError('FIRST_LAST_NAME_UNIQUE');
69 $mo = intval($_POST['month']);
70 $day = intval($_POST['day']);
71 $yr = intval($_POST['year']);
73 /* let's us take (one or) two digit years (ex. 78 = 1978, 3 = 2003) */
74 if ($yr < date('y')) {
76 } else if ($yr < 1900) {
80 $dob = $yr.'-'.$mo.'-'.$day;
82 if ($mo && $day && $yr && !checkdate($mo, $day, $yr)) {
83 $msg->addError('DOB_INVALID');
84 } else if (!$mo || !$day || !$yr) {
89 if (($_POST['gender'] != 'm') && ($_POST['gender'] != 'f')) {
90 $_POST['gender'] = 'n'; // not specified
94 if ($missing_fields) {
95 $missing_fields = implode(', ', $missing_fields);
96 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
98 $login = strtolower($_POST['login']);
99 if (!$msg->containsErrors()) {
100 if (($_POST['website']) && (!strstr($_POST['website'], '://'))) { $_POST['website'] = 'http://'.$_POST['website']; }
101 if ($_POST['website'] == 'http://') { $_POST['website'] = ''; }
103 if (isset($_POST['private_email'])) {
104 $_POST['private_email'] = 1;
106 $_POST['private_email'] = 0;
109 // insert into the db.
110 $_POST['website'] = $addslashes($_POST['website']);
111 $_POST['first_name'] = $addslashes($_POST['first_name']);
112 $_POST['second_name']= $addslashes($_POST['second_name']);
113 $_POST['last_name'] = $addslashes($_POST['last_name']);
114 $_POST['address'] = $addslashes($_POST['address']);
115 $_POST['postal'] = $addslashes($_POST['postal']);
116 $_POST['city'] = $addslashes($_POST['city']);
117 $_POST['province'] = $addslashes($_POST['province']);
118 $_POST['country'] = $addslashes($_POST['country']);
119 $_POST['phone'] = $addslashes($_POST['phone']);
121 $sql = "UPDATE ".TABLE_PREFIX."members SET website='$_POST[website]', first_name='$_POST[first_name]', second_name='$_POST[second_name]', last_name='$_POST[last_name]', dob='$dob', gender='$_POST[gender]', address='$_POST[address]', postal='$_POST[postal]', city='$_POST[city]', province='$_POST[province]', country='$_POST[country]', phone='$_POST[phone]', language='$_SESSION[lang]', private_email=$_POST[private_email], creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
123 $result = mysql_query($sql,$db);
125 $msg->printErrors('DB_NOT_UPDATED');
129 $msg->addFeedback('PROFILE_UPDATED');
131 header('Location: ./profile.php');
136 $sql = 'SELECT * FROM '.TABLE_PREFIX.'members WHERE member_id='.$_SESSION['member_id'];
137 $result = mysql_query($sql,$db);
138 $row = mysql_fetch_assoc($result);
140 if (!isset($_POST['submit'])) {
142 list($_POST['year'],$_POST['month'],$_POST['day']) = explode('-', $row['dob']);
145 /* template starts here */
147 $savant->assign('row', $row);
148 $onload = 'document.form.first_name.focus();';
150 //$savant->display('registration.tmpl.php');
151 $savant->display('users/profile.tmpl.php');