users/email_change.php

   1 <?php
   2 /************************************************************************/
   3 /* ATutor                                                                                                                               */
   4 /************************************************************************/
   5 /* Copyright (c) 2002-2010                                              */
   6 /* Inclusive Design Institute                                           */
   7 /* http://atutor.ca                                                     */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12 // $Id$
  13
  14 $page = 'profile';
  15 $_user_location = 'users';
  16
  17 define('AT_INCLUDE_PATH', '../include/');
  18 require(AT_INCLUDE_PATH.'vitals.inc.php');
  19
  20
  21 if ($_SESSION['valid_user'] !== true) {
  22         require(AT_INCLUDE_PATH.'header.inc.php');
  23         $info = array('INVALID_USER', $_SESSION['course_id']);
  24         $msg->printInfos($info);
  25         require(AT_INCLUDE_PATH.'footer.inc.php');
  26         exit;
  27 }
  28
  29 if (isset($_POST['cancel'])) {
  30         $msg->addFeedback('CANCELLED');
  31         Header('Location: profile.php');
  32         exit;
  33 }
  34
  35 if (!isset($_SESSION['token']) || !$_SESSION['token']) {
  36         $_SESSION['token'] = md5(mt_rand());
  37 }
  38
  39 if (isset($_POST['submit'])) {
  40
  41         $this_password = $_POST['form_password_hidden'];
  42
  43         // password check
  44         if (!empty($this_password)) {
  45                 //check if old password entered is correct
  46                 $sql    = "SELECT password FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
  47                 $result = mysql_query($sql,$db);
  48                 if ($row = mysql_fetch_assoc($result)) {
  49                         if ($row['password'] != $this_password) {
  50                                 $msg->addError('WRONG_PASSWORD');
  51                                 Header('Location: email_change.php');
  52                                 exit;
  53                         }
  54                 }
  55         } else {
  56                 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
  57                 header('Location: email_change.php');
  58                 exit;
  59         }
  60
  61         // email check
  62         if ($_POST['email'] == '') {
  63                 $msg->addError(array('EMPTY_FIELDS', _AT('email')));
  64         } else {
  65                 if(!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
  66                         $msg->addError('EMAIL_INVALID');
  67                 }
  68                 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email='$_POST[email]' AND member_id<>$_SESSION[member_id]",$db);
  69                 if(mysql_num_rows($result) != 0) {
  70                         $msg->addError('EMAIL_EXISTS');
  71                 }
  72         }
  73
  74         if (!$msg->containsErrors()) {
  75                 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
  76                         //send confirmation email
  77                         $sql    = "SELECT email, creation_date FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
  78                         $result = mysql_query($sql, $db);
  79                         $row    = mysql_fetch_assoc($result);
  80
  81                         if ($row['email'] != $_POST['email']) {
  82                                 $code = substr(md5($_POST['email'] . $row['creation_date'] . $_SESSION['member_id']), 0, 10);
  83                                 $confirmation_link = AT_BASE_HREF . 'confirm.php?id='.$_SESSION['member_id'].SEP .'e='.urlencode($_POST['email']).SEP.'m='.$code;
  84
  85                                 /* send the email confirmation message: */
  86                                 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
  87                                 $mail = new ATutorMailer();
  88
  89                                 $mail->From     = $_config['contact_email'];
  90                                 $mail->AddAddress($_POST['email']);
  91                                 $mail->Subject = SITE_NAME . ' - ' . _AT('email_confirmation_subject');
  92                                 $mail->Body    = _AT('email_confirmation_message2', $_config['site_name'], $confirmation_link);
  93
  94                                 $mail->Send();
  95
  96                                 $msg->addFeedback('CONFIRM_EMAIL');
  97                         } else {
  98                                 $msg->addFeedback('CANCELLED');
  99                         }
 100                 } else {
 101
 102                         //insert into database
 103                         $sql = "UPDATE ".TABLE_PREFIX."members SET email='$_POST[email]', creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
 104                         $result = mysql_query($sql,$db);
 105                         if (!$result) {
 106                                 $msg->printErrors('DB_NOT_UPDATED');
 107                                 exit;
 108                         }
 109
 110                         $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
 111                 }
 112                 header('Location: ./profile.php');
 113                 exit;
 114         }
 115 }
 116
 117 $sql    = 'SELECT email FROM '.TABLE_PREFIX.'members WHERE member_id='.$_SESSION['member_id'];
 118 $result = mysql_query($sql,$db);
 119 $row = mysql_fetch_assoc($result);
 120
 121 if (!isset($_POST['submit'])) {
 122         $_POST = $row;
 123 }
 124
 125 /* template starts here */
 126 $savant->assign('row', $row);
 127 $savant->display('users/email_change.tmpl.php');
 128
 129 ?>