/** * Handle member add request. * * @return The url to display when complete. */ function command_member_add() { global $esc_post; global $config_email_to; global $config_email_from; global $config_org_name; // Verify permissions if (!user_access('member_add')) { error_register('Permission denied: member_add'); return crm_url('members'); } if (!user_access('contact_add')) { error_register('Permission denied: contact_add'); return crm_url('members'); } if (!user_access('user_add')) { error_register('Permission denied: user_add'); return crm_url('members'); } // Find username or create a new one $username = $_POST['username']; $n = 0; while (empty($username) && $n < 100) { // Contruct test username $test_username = strtolower($_POST[firstName][0] . $_POST[lastName]); if ($n > 0) { $test_username .= $n; } // Check whether username is taken $esc_test_name = mysql_real_escape_string($test_username); $sql = "SELECT * FROM `user` WHERE `username`='{$esc_test_name}'"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } $row = mysql_fetch_assoc($res); if (!$row) { $username = $test_username; } $n++; } if (empty($username)) { error_register('Please specify a username'); return crm_url('members&tab=add'); } // Build contact object $contact = array('firstName' => $_POST['firstName'], 'middleName' => $_POST['middleName'], 'lastName' => $_POST['lastName'], 'email' => $_POST['email'], 'phone' => $_POST['phone'], 'emergencyName' => $_POST['emergencyName'], 'emergencyPhone' => $_POST['emergencyPhone']); // Add user fields $user = array('username' => $username); $contact['user'] = $user; // Add member fields $membership = array(array('pid' => $_POST['pid'], 'start' => $_POST['start'])); $member = array('membership' => $membership); $contact['member'] = $member; // Add user fields $user = array('username' => $username); $contact['user'] = $user; // Save to database $contact = contact_save($contact); // Add role entry $sql = "SELECT `rid` FROM `role` WHERE `name`='member'"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } $row = mysql_fetch_assoc($res); $esc_cid = mysql_real_escape_string($contact['cid']); $esc_rid = mysql_real_escape_string($row['rid']); if ($row) { $sql = "\n INSERT INTO `user_role`\n (`cid`, `rid`)\n VALUES\n ('{$esc_cid}', '{$esc_rid}')"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } } // Notify admins $from = "\"{$config_org_name}\" <{$config_email_from}>"; $headers = "From: {$from}\r\nContent-Type: text/html; charset=ISO-8859-1\r\n"; if (!empty($config_email_to)) { $name = theme_contact_name($contact['cid']); $content = theme('member_created_email', $contact['cid']); mail($config_email_to, "New Member: {$name}", $content, $headers); } // Notify user $confirm_url = user_reset_password_url($contact['user']['username']); $content = theme('member_welcome_email', $contact['user']['cid'], $confirm_url); mail($_POST['email'], "Welcome to {$config_org_name}", $content, $headers); return crm_url("contact&cid={$esc_cid}"); }
/** * Handle contact update request. * * @return The url to display on completion. */ function command_contact_update() { global $esc_post; // Verify permissions if (!user_access('contact_edit') && $_POST['cid'] != user_id()) { error_register('Permission denied: contact_edit'); return crm_url('contacts'); } $contact_data = crm_get_data('contact', array('cid' => $_POST['cid'])); $contact = $contact_data[0]; if (empty($contact)) { error_register("No contact for cid: {$_POST['cid']}"); return crm_url('contacts'); } // Update contact data $contact['firstName'] = $_POST['firstName']; $contact['middleName'] = $_POST['middleName']; $contact['lastName'] = $_POST['lastName']; $contact['email'] = $_POST['email']; $contact['phone'] = $_POST['phone']; $contact['emergencyName'] = $_POST['emergencyName']; $contact['emergencyPhone'] = $_POST['emergencyPhone']; // Save changes to database $contact = contact_save($contact); return crm_url('contacts'); }