mods/social/basic_profile.php

   1 <?php
   2 /************************************************************************/
   3 /* ATutor                                                                                                                               */
   4 /************************************************************************/
   5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
   6 /* Adaptive Technology Resource Centre / University of Toronto                  */
   7 /* http://atutor.ca                                                                                                             */
   8 /*                                                                                                                                              */
   9 /* This program is free software. You can redistribute it and/or                */
  10 /* modify it under the terms of the GNU General Public License                  */
  11 /* as published by the Free Software Foundation.                                                */
  12 /************************************************************************/
  13 // $Id: profile.php 7208 2008-01-09 16:07:24Z greg $
  14
  15 $_user_location = 'public';
  16
  17 define('AT_INCLUDE_PATH', '../../include/');
  18 require(AT_INCLUDE_PATH.'vitals.inc.php');
  19 $_custom_css = $_base_path . AT_SOCIAL_BASENAME . 'module.css'; // use a custom stylesheet
  20 if ($_SESSION['valid_user'] !== true) {
  21         require(AT_INCLUDE_PATH.'header.inc.php');
  22
  23         $info = array('INVALID_USER', $_SESSION['course_id']);
  24         $msg->printInfos($info);
  25
  26         require(AT_INCLUDE_PATH.'footer.inc.php');
  27         exit;
  28 }
  29
  30 if (isset($_POST['cancel'])) {
  31         $msg->addFeedback('CANCELLED');
  32         Header('Location: profile.php');
  33         exit;
  34 }
  35
  36 if (isset($_POST['submit'])) {
  37         $missing_fields = array();
  38
  39         if (!$_POST['first_name']) {
  40                 $missing_fields[] = _AT('first_name');
  41         }
  42
  43         if (!$_POST['last_name']) {
  44                 $missing_fields[] = _AT('last_name');
  45         }
  46
  47         $_POST['first_name'] = str_replace('<', '', $_POST['first_name']);
  48         $_POST['second_name'] = str_replace('<', '', $_POST['second_name']);
  49         $_POST['last_name'] = str_replace('<', '', $_POST['last_name']);
  50
  51         // check if first+last is unique
  52         if ($_POST['first_name'] && $_POST['last_name']) {
  53                 $first_name_sql  = $addslashes($_POST['first_name']);
  54                 $last_name_sql   = $addslashes($_POST['last_name']);
  55                 $second_name_sql = $addslashes($_POST['second_name']);
  56
  57                 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE first_name='$first_name_sql' AND second_name='$second_name_sql' AND last_name='$last_name_sql' AND member_id<>$_SESSION[member_id] LIMIT 1";
  58                 $result = mysql_query($sql, $db);
  59                 if (mysql_fetch_assoc($result)) {
  60                         $msg->addError('FIRST_LAST_NAME_UNIQUE');
  61                 }
  62         }
  63
  64         //check date of birth
  65         $mo = intval($_POST['month']);
  66         $day = intval($_POST['day']);
  67         $yr = intval($_POST['year']);
  68
  69         /* let's us take (one or) two digit years (ex. 78 = 1978, 3 = 2003) */
  70         if ($yr < date('y')) {
  71                 $yr += 2000;
  72         } else if ($yr < 1900) {
  73                 $yr += 1900;
  74         }
  75
  76         $dob = $yr.'-'.$mo.'-'.$day;
  77
  78         if ($mo && $day && $yr && !checkdate($mo, $day, $yr)) {
  79                 $msg->addError('DOB_INVALID');
  80         } else if (!$mo || !$day || !$yr) {
  81                 $dob = '0000-00-00';
  82                 $yr = $mo = $day = 0;
  83         }
  84
  85         if (($_POST['gender'] != 'm') && ($_POST['gender'] != 'f')) {
  86                 $_POST['gender'] = 'n'; // not specified
  87         }
  88
  89
  90         if ($missing_fields) {
  91                 $missing_fields = implode(', ', $missing_fields);
  92                 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
  93         }
  94         $login = strtolower($_POST['login']);
  95         if (!$msg->containsErrors()) {
  96                 if (($_POST['website']) && (!ereg('://',$_POST['website']))) { $_POST['website'] = 'http://'.$_POST['website']; }
  97                 if ($_POST['website'] == 'http://') { $_POST['website'] = ''; }
  98
  99                 if (isset($_POST['private_email'])) {
 100                         $_POST['private_email'] = 1;
 101                 } else {
 102                         $_POST['private_email'] = 0;
 103                 }
 104
 105                 // insert into the db.
 106                 $_POST['website']    = $addslashes($_POST['website']);
 107                 $_POST['first_name'] = $addslashes($_POST['first_name']);
 108                 $_POST['second_name']= $addslashes($_POST['second_name']);
 109                 $_POST['last_name']  = $addslashes($_POST['last_name']);
 110                 $_POST['address']    = $addslashes($_POST['address']);
 111                 $_POST['postal']     = $addslashes($_POST['postal']);
 112                 $_POST['city']       = $addslashes($_POST['city']);
 113                 $_POST['province']   = $addslashes($_POST['province']);
 114                 $_POST['country']    = $addslashes($_POST['country']);
 115                 $_POST['phone']      = $addslashes($_POST['phone']);
 116
 117                 $sql = "UPDATE ".TABLE_PREFIX."members SET website='$_POST[website]', first_name='$_POST[first_name]', second_name='$_POST[second_name]', last_name='$_POST[last_name]', dob='$dob', gender='$_POST[gender]', address='$_POST[address]', postal='$_POST[postal]', city='$_POST[city]', province='$_POST[province]', country='$_POST[country]', phone='$_POST[phone]', language='$_SESSION[lang]', private_email=$_POST[private_email], creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
 118
 119                 $result = mysql_query($sql,$db);
 120                 if (!$result) {
 121                         $msg->printErrors('DB_NOT_UPDATED');
 122                         exit;
 123                 }
 124
 125                 $msg->addFeedback('PROFILE_UPDATED');
 126
 127                 header('Location: basic_profile.php');
 128                 exit;
 129         }
 130 }
 131
 132 $sql    = 'SELECT * FROM '.TABLE_PREFIX.'members WHERE member_id='.$_SESSION['member_id'];
 133 $result = mysql_query($sql,$db);
 134 $row = mysql_fetch_assoc($result);
 135
 136 if (!isset($_POST['submit'])) {
 137         $_POST = $row;
 138         list($_POST['year'],$_POST['month'],$_POST['day']) = explode('-', $row['dob']);
 139 }
 140
 141 /* template starts here */
 142 require(AT_INCLUDE_PATH.'header.inc.php');
 143 include('lib/profile_menu.inc.php');
 144 $savant->assign('row', $row);
 145 $onload = 'document.form.first_name.focus();';
 146
 147 //$savant->display('registration.tmpl.php');
 148 $savant->display('html/basic_profile.tmpl.php');
 149 require(AT_INCLUDE_PATH.'footer.inc.php');?>