/**
* Handle member import request.
*
* @return The url to display on completion.
*/
function command_member_import()
{
global $config_org_name;
if (!user_access('contact_edit')) {
error_register('User does not have permission: contact_edit');
return crm_url('members');
}
if (!user_access('member_edit')) {
error_register('User does not have permission: member_edit');
return crm_url('members');
}
if (!array_key_exists('member-file', $_FILES)) {
error_register('No member file uploaded');
return crm_url('members&tab=import');
}
$csv = file_get_contents($_FILES['member-file']['tmp_name']);
$data = csv_parse($csv);
foreach ($data as $row) {
// Convert row keys to lowercase and remove spaces
foreach ($row as $key => $value) {
$new_key = str_replace(' ', '', strtolower($key));
unset($row[$key]);
$row[$new_key] = $value;
}
// Add contact
$firstName = mysql_real_escape_string($row['firstname']);
$middleName = mysql_real_escape_string($row['middlename']);
$lastName = mysql_real_escape_string($row['lastname']);
$email = mysql_real_escape_string($row['email']);
$phone = mysql_real_escape_string($row['phone']);
$emergencyName = mysql_real_escape_string($row['emergencyname']);
$emergencyPhone = mysql_real_escape_string($row['emergencyphone']);
$sql = "\n INSERT INTO `contact`\n (`firstName`,`middleName`,`lastName`,`email`,`phone`,`emergencyName`,`emergencyPhone`)\n VALUES\n ('{$firstName}','{$middleName}','{$lastName}','{$email}','{$phone}','{$emergencyName}','{$emergencyPhone}')";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
$cid = mysql_insert_id();
$esc_cid = mysql_real_escape_string($cid);
// Add member
$sql = "\n INSERT INTO `member`\n (`cid`)\n VALUES\n ('{$esc_cid}')";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
// Find Username
$username = $row['username'];
$n = 0;
while (empty($username) && $n < 100) {
// Contruct test username
$test_username = strtolower($row['firstname'][0] . $row['lastName']);
if ($n > 0) {
$test_username .= $n;
}
// Check whether username is taken
$esc_test_name = mysql_real_escape_string($test_username);
$sql = "SELECT * FROM `user` WHERE `username`='{$esc_test_name}'";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
$user_row = mysql_fetch_assoc($res);
if (!$user_row) {
$username = $test_username;
}
$n++;
}
if (empty($username)) {
error_register('Please specify a username');
return crm_url('members&tab=import');
}
// Add user
$user = array();
$user['username'] = $username;
$user['cid'] = $cid;
user_save($user);
// Add role entry
$sql = "SELECT `rid` FROM `role` WHERE `name`='member'";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
$role_row = mysql_fetch_assoc($res);
$esc_rid = mysql_real_escape_string($role_row['rid']);
if ($role_row) {
$sql = "\n INSERT INTO `user_role`\n (`cid`, `rid`)\n VALUES\n ('{$esc_cid}', '{$esc_rid}')";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
}
// Add plan if necessary
$esc_plan_name = mysql_real_escape_string($row['plan']);
$sql = "SELECT `pid` FROM `plan` WHERE `name`='{$esc_plan_name}'";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
if (mysql_num_rows($res) < 1) {
$sql = "\n INSERT INTO `plan`\n (`name`, `active`, `price`, `voting`)\n VALUES\n ('{$esc_plan_name}', '1', '0', '0' )\n ";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
$pid = mysql_insert_id();
} else {
$plan_row = mysql_fetch_assoc($res);
$pid = $plan_row['pid'];
}
// Add membership
$esc_start = mysql_real_escape_string($row['startdate']);
$esc_pid = mysql_real_escape_string($pid);
$sql = "\n INSERT INTO `membership`\n (`cid`, `pid`, `start`)\n VALUES\n ('{$esc_cid}', '{$esc_pid}', '{$esc_start}')\n ";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
// Notify admins
$from = "\"{$config_org_name}\" <{$config_email_from}>";
$headers = "From: {$from}\r\nContent-Type: text/html; charset=ISO-8859-1\r\n";
if (!empty($config_email_to)) {
$name = theme_contact_name($_POST['cid']);
$content = theme('member_created_email', $user['cid']);
mail($config_email_to, "New Member: {$name}", $content, $headers);
}
// Notify user
$confirm_url = user_reset_password_url($user['username']);
$content = theme('member_welcome_email', $user['cid'], $confirm_url);
mail($email, "Welcome to {$config_org_name}", $content, $headers);
}
return crm_url('members');
}
/**
* Respond to reset password request.
*/
function command_reset_password()
{
global $config_host;
global $config_base_path;
global $config_email_from;
global $config_site_title;
// Send code to user by username
$user = crm_get_one('user', array('filter' => array('username' => $_POST['username'])));
if (empty($user)) {
// Try email instead
$user = crm_get_one('user', array('filter' => array('email' => $_POST['username'])));
}
if (empty($user)) {
error_register('No such username/email.');
return crm_url();
}
$contact = crm_get_one('contact', array('cid' => $user['cid']));
$url = user_reset_password_url($user['username']);
if (!empty($url)) {
$to = $contact['email'];
$subject = "[{$config_site_title}] Reset Password";
$from = $config_email_from;
$headers = "From: {$from}\r\n";
$message = "To reset your password, visit the following url: {$url}";
$res = mail($to, $subject, $message, $headers);
// Notify user to check their email
message_register('Instructions for resetting your password have been sent to your e-mail.');
}
return crm_url();
}
