2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /************************************************************************/
13 // $Id: profile.php 6025 2006-03-28 20:13:55Z joel $
16 $_user_location = 'users';
18 define('AT_INCLUDE_PATH', '../include/');
19 require(AT_INCLUDE_PATH.'vitals.inc.php');
22 if ($_SESSION['valid_user'] !== true) {
23 require(AT_INCLUDE_PATH.'header.inc.php');
24 $info = array('INVALID_USER', $_SESSION['course_id']);
25 $msg->printInfos($info);
26 require(AT_INCLUDE_PATH.'footer.inc.php');
30 if (isset($_POST['cancel'])) {
31 $msg->addFeedback('CANCELLED');
32 Header('Location: profile.php');
36 if (!isset($_SESSION['token']) || !$_SESSION['token']) {
37 $_SESSION['token'] = md5(mt_rand());
40 if (isset($_POST['submit'])) {
42 $this_password = $_POST['form_password_hidden'];
45 if (!empty($this_password)) {
46 //check if old password entered is correct
47 $sql = "SELECT password FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
48 $result = mysql_query($sql,$db);
49 if ($row = mysql_fetch_assoc($result)) {
50 if ($row['password'] != $this_password) {
51 $msg->addError('WRONG_PASSWORD');
52 Header('Location: email_change.php');
57 $msg->addError(array('EMPTY_FIELDS', _AT('password')));
58 header('Location: email_change.php');
63 if ($_POST['email'] == '') {
64 $msg->addError(array('EMPTY_FIELDS', _AT('email')));
66 if(!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
67 $msg->addError('EMAIL_INVALID');
69 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email='$_POST[email]' AND member_id<>$_SESSION[member_id]",$db);
70 if(mysql_num_rows($result) != 0) {
71 $msg->addError('EMAIL_EXISTS');
75 if (!$msg->containsErrors()) {
76 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
77 //send confirmation email
78 $sql = "SELECT email, creation_date FROM ".TABLE_PREFIX."members WHERE member_id=$_SESSION[member_id]";
79 $result = mysql_query($sql, $db);
80 $row = mysql_fetch_assoc($result);
82 if ($row['email'] != $_POST['email']) {
83 $code = substr(md5($_POST['email'] . $row['creation_date'] . $_SESSION['member_id']), 0, 10);
84 $confirmation_link = AT_BASE_HREF . 'confirm.php?id='.$_SESSION['member_id'].SEP .'e='.urlencode($_POST['email']).SEP.'m='.$code;
86 /* send the email confirmation message: */
87 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
88 $mail = new ATutorMailer();
90 $mail->From = $_config['contact_email'];
91 $mail->AddAddress($_POST['email']);
92 $mail->Subject = SITE_NAME . ' - ' . _AT('email_confirmation_subject');
93 $mail->Body = _AT('email_confirmation_message2', $_config['site_name'], $confirmation_link);
97 $msg->addFeedback('CONFIRM_EMAIL');
99 $msg->addFeedback('CANCELLED');
103 //insert into database
104 $sql = "UPDATE ".TABLE_PREFIX."members SET email='$_POST[email]', creation_date=creation_date, last_login=last_login WHERE member_id=$_SESSION[member_id]";
105 $result = mysql_query($sql,$db);
107 $msg->printErrors('DB_NOT_UPDATED');
111 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
113 header('Location: ./profile.php');
118 $sql = 'SELECT email FROM '.TABLE_PREFIX.'members WHERE member_id='.$_SESSION['member_id'];
119 $result = mysql_query($sql,$db);
120 $row = mysql_fetch_assoc($result);
122 if (!isset($_POST['submit'])) {
126 /* template starts here */
127 $savant->assign('row', $row);
128 $savant->display('users/email_change.tmpl.php');