function mx_ckprofile($page, $option, $action)
{
global $mxuser, $msgs, $mxsession, $errors, $usernameerrs;
if ($action == 'update' || preg_match('%setup_%', $action) || $action == 'done') {
//die(phpinfo());
$section = preg_replace('%[^0-9]%', '', $action);
// just step number in case we're in the setup
/*
if (!$section || $section=='' || $section>count($steps)) {
$section=null;
}
*/
//phpinfo();
$msgs = null;
// list of fields that should have been posted to check mandatory ones have been filled...
$prevsection = mx_secureword($_REQUEST['k']);
$oldflds = array();
foreach ($mxuser->infogroups($action == 'done' || $action == 'update' ? null : $prevsection) as $grp => $details) {
foreach ($details[1] as $field) {
$oldflds[$field] = 1;
}
}
if (array_key_exists('PROid', $_REQUEST) && $_REQUEST['PROid'] == MXNOPROYET) {
$_POST['PROmemberid'] = '-';
}
//error_log(print_r($oldflds,true));
foreach ($mxuser->infogroups() as $grp => $details) {
foreach ($details[1] as $field) {
$fldinfo = $mxuser->fielddesc($field);
if (!$fldinfo[0]) {
continue;
}
if (array_key_exists($field . '_y', $_POST)) {
$_POST[$field] = $_POST[$field . '_y'] . '-' . $_POST[$field . '_m'] . '-' . $_POST[$field . '_d'];
}
if (!array_key_exists($field, $_POST)) {
// field was not posted
if ($mxuser->{$field}) {
continue;
}
// field is already set
if (!array_key_exists($field, $oldflds)) {
continue;
}
// not in the previous form and not blank
if ($fldinfo[0] < 3 || $mxuser->acctype == MXACCOUNTFAN && $fldinfo[0] == 4) {
continue;
}
// not mandatory
if ($section && $section < $prevsection) {
continue;
}
// we're back to the previous form: don't bother...
$_REQUEST['a'] = 'setup_' . $prevsection;
$errors[$field] = _('This field is mandatory!');
continue;
}
if (!$_POST[$field] && $field != 'PROid') {
// field blank
if ($fldinfo[0] >= 3 && ($mxuser->acctype != MXACCOUNTFAN || $fldinfo[0] != 4) && ($section == '' || $section > $prevsection)) {
// we're going to the next step...
if ($prevsection) {
$_REQUEST['a'] = 'setup_' . $prevsection;
} else {
$_REQUEST['a'] = 'edit';
}
$errors[$field] = _('This field is mandatory!');
continue;
}
}
switch ($fldinfo[2]) {
// CAREFUL: testing types not fields!!
case 'legalname':
$postfld = ucwords(mx_securestring($_POST[$field]));
break;
case 'fullname':
$postfld = mx_securestring($_POST[$field]);
if ($postfld == strtolower($postfld)) {
$postfld = ucwords($postfld);
}
// if all lowercase capitalize initials
break;
case 'proid':
$postfld = mx_secureword($_POST[$field]);
if ($postfld == 0) {
$proname = mx_securestring($_POST['proname']);
$prosite = mx_securestring($_POST['prosite']);
if ($proname && $prosite) {
$postfld = $mxuser->addpro($proname, $prosite);
} else {
//$errors[$field]=_('You must inform your PRO organization');
if (!$proname && !$prosite) {
$errors[$field] = _('We need this information.');
} else {
if (!$proname) {
$errors[$field] = _('You must inform the association\'s name/acronym');
} else {
$errors[$field] = _('You must inform a website');
}
}
if ($prevsection) {
$_REQUEST['a'] = 'setup_' . $prevsection;
} else {
$_REQUEST['a'] = 'edit';
}
continue;
}
}
break;
case 'acctype':
// ignore this field
if ($mxuser->acctype != MXACCOUNTFAN && $mxuser->status != MXACCTEMAILCONFIRMED) {
$postfld = $mxuser->acctype;
} else {
$postfld = preg_replace('%[^0-9]%', '', $_POST[$field]);
}
break;
case 'date':
$postfld = $_POST[$field . '_y'] . '-' . $_POST[$field . '_m'] . '-' . $_POST[$field . '_d'];
break;
case 'privacy':
if (is_array($_POST[$field])) {
$postfld = implode(',', $_POST[$field]);
} else {
$postfld = '';
}
break;
case 'password':
$chkold = hash('sha256', $_POST[$field]);
if (!$_POST[$field]) {
$postfld = $mxuser->{$field};
// no old password -> don't change :-)
} else {
if ($chkold != $mxuser->pwdhash) {
$msgs->err = _('Wrong password entered.<br/>Your present password was left unchanged.');
$postfld = $mxuser->{$field};
// do not change password!
} else {
$postfld = hash('sha256', $_POST['new_' . $field]);
$chkconf = hash('sha256', $_POST['conf_' . $field]);
if ($chkconf != $postfld) {
$msgs->err = _('Password confirmation does not match new password!<br/>Your password was left unchanged.');
$postfld = $mxuser->{$field};
// do not change password!
} else {
$msgs->ok = _('Your password was successfully updated.');
$field = 'pwdhash';
// we'll update the hash!
}
}
}
break;
case 'username':
$postfld = trim(strtolower(preg_replace('![^0-9a-zA-Z-_.]!', '', $_POST[$field])));
if ($postfld != $mxuser->{$field}) {
$ckusername = mx_checkusername($mxuser->username, $postfld);
if ($ckusername) {
$msgs->err .= sprintf(_('Username was not updated: %s'), $ckusername > 0 ? _('Username already used') : $usernameerrs[$ckusername]);
$postfld = $mxuser->{$field};
} else {
$msgs->ok .= _('Username was updated.');
}
}
break;
case 'agreement':
if (!$mxuser->agreement || $mxuser->agreement == '0000-00-00 00:00:00') {
$postfld = date('Y-m-d H:i:s');
} else {
$postfld = $mxuser->agreement;
}
break;
case 'genre':
$postfld = $_POST[$field];
break;
default:
$postfld = stripslashes($_POST[$field]);
break;
}
if ($postfld != $mxuser->{$field}) {
$mxuser->setoption($field, $postfld);
//$mxuser->$field=$postfld; // already done in setoption...
}
if ($field == 'pwdhash') {
// needs to clear the session with new password credentials :-)
mx_setsession($mxuser, time());
}
}
}
if ($action == 'done' && !$errors) {
$mxuser->setoption('status', MXACCTSETUP);
}
//header('Location: '.mx_actionurl($page,$option,'done'));
}
//error_log(print_r($errors,true));
}
/* ---
* Project: musxpand
* File: paypal.php
* Author: phil
* Date: 09/09/2011
* ---
* License:
This file is part of musxpand.
musxpand is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
musxpand is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with musxpand. If not, see <http://www.gnu.org/licenses/>.
Copyright � 2010 by Philippe Hilger
*/
require 'includes/mx_check.php';
if (basename($_SERVER['PHP_SELF']) == basename(__FILE__)) {
$query = mx_secureword($_REQUEST['u']);
die(mx_checkusername(strtolower($mxuser->username), $query));
}