예제 #1
0
function mx_ckprofile($page, $option, $action)
{
    global $mxuser, $msgs, $mxsession, $errors, $usernameerrs;
    if ($action == 'update' || preg_match('%setup_%', $action) || $action == 'done') {
        //die(phpinfo());
        $section = preg_replace('%[^0-9]%', '', $action);
        // just step number in case we're in the setup
        /*
        if (!$section || $section=='' || $section>count($steps)) {
        	$section=null;
        }
        */
        //phpinfo();
        $msgs = null;
        // list of fields that should have been posted to check mandatory ones have been filled...
        $prevsection = mx_secureword($_REQUEST['k']);
        $oldflds = array();
        foreach ($mxuser->infogroups($action == 'done' || $action == 'update' ? null : $prevsection) as $grp => $details) {
            foreach ($details[1] as $field) {
                $oldflds[$field] = 1;
            }
        }
        if (array_key_exists('PROid', $_REQUEST) && $_REQUEST['PROid'] == MXNOPROYET) {
            $_POST['PROmemberid'] = '-';
        }
        //error_log(print_r($oldflds,true));
        foreach ($mxuser->infogroups() as $grp => $details) {
            foreach ($details[1] as $field) {
                $fldinfo = $mxuser->fielddesc($field);
                if (!$fldinfo[0]) {
                    continue;
                }
                if (array_key_exists($field . '_y', $_POST)) {
                    $_POST[$field] = $_POST[$field . '_y'] . '-' . $_POST[$field . '_m'] . '-' . $_POST[$field . '_d'];
                }
                if (!array_key_exists($field, $_POST)) {
                    // field was not posted
                    if ($mxuser->{$field}) {
                        continue;
                    }
                    // field is already set
                    if (!array_key_exists($field, $oldflds)) {
                        continue;
                    }
                    // not in the previous form and not blank
                    if ($fldinfo[0] < 3 || $mxuser->acctype == MXACCOUNTFAN && $fldinfo[0] == 4) {
                        continue;
                    }
                    // not mandatory
                    if ($section && $section < $prevsection) {
                        continue;
                    }
                    // we're back to the previous form: don't bother...
                    $_REQUEST['a'] = 'setup_' . $prevsection;
                    $errors[$field] = _('This field is mandatory!');
                    continue;
                }
                if (!$_POST[$field] && $field != 'PROid') {
                    // field blank
                    if ($fldinfo[0] >= 3 && ($mxuser->acctype != MXACCOUNTFAN || $fldinfo[0] != 4) && ($section == '' || $section > $prevsection)) {
                        // we're going to the next step...
                        if ($prevsection) {
                            $_REQUEST['a'] = 'setup_' . $prevsection;
                        } else {
                            $_REQUEST['a'] = 'edit';
                        }
                        $errors[$field] = _('This field is mandatory!');
                        continue;
                    }
                }
                switch ($fldinfo[2]) {
                    // CAREFUL: testing types not fields!!
                    case 'legalname':
                        $postfld = ucwords(mx_securestring($_POST[$field]));
                        break;
                    case 'fullname':
                        $postfld = mx_securestring($_POST[$field]);
                        if ($postfld == strtolower($postfld)) {
                            $postfld = ucwords($postfld);
                        }
                        // if all lowercase capitalize initials
                        break;
                    case 'proid':
                        $postfld = mx_secureword($_POST[$field]);
                        if ($postfld == 0) {
                            $proname = mx_securestring($_POST['proname']);
                            $prosite = mx_securestring($_POST['prosite']);
                            if ($proname && $prosite) {
                                $postfld = $mxuser->addpro($proname, $prosite);
                            } else {
                                //$errors[$field]=_('You must inform your PRO organization');
                                if (!$proname && !$prosite) {
                                    $errors[$field] = _('We need this information.');
                                } else {
                                    if (!$proname) {
                                        $errors[$field] = _('You must inform the association\'s name/acronym');
                                    } else {
                                        $errors[$field] = _('You must inform a website');
                                    }
                                }
                                if ($prevsection) {
                                    $_REQUEST['a'] = 'setup_' . $prevsection;
                                } else {
                                    $_REQUEST['a'] = 'edit';
                                }
                                continue;
                            }
                        }
                        break;
                    case 'acctype':
                        // ignore this field
                        if ($mxuser->acctype != MXACCOUNTFAN && $mxuser->status != MXACCTEMAILCONFIRMED) {
                            $postfld = $mxuser->acctype;
                        } else {
                            $postfld = preg_replace('%[^0-9]%', '', $_POST[$field]);
                        }
                        break;
                    case 'date':
                        $postfld = $_POST[$field . '_y'] . '-' . $_POST[$field . '_m'] . '-' . $_POST[$field . '_d'];
                        break;
                    case 'privacy':
                        if (is_array($_POST[$field])) {
                            $postfld = implode(',', $_POST[$field]);
                        } else {
                            $postfld = '';
                        }
                        break;
                    case 'password':
                        $chkold = hash('sha256', $_POST[$field]);
                        if (!$_POST[$field]) {
                            $postfld = $mxuser->{$field};
                            // no old password -> don't change :-)
                        } else {
                            if ($chkold != $mxuser->pwdhash) {
                                $msgs->err = _('Wrong password entered.<br/>Your present password was left unchanged.');
                                $postfld = $mxuser->{$field};
                                // do not change password!
                            } else {
                                $postfld = hash('sha256', $_POST['new_' . $field]);
                                $chkconf = hash('sha256', $_POST['conf_' . $field]);
                                if ($chkconf != $postfld) {
                                    $msgs->err = _('Password confirmation does not match new password!<br/>Your password was left unchanged.');
                                    $postfld = $mxuser->{$field};
                                    // do not change password!
                                } else {
                                    $msgs->ok = _('Your password was successfully updated.');
                                    $field = 'pwdhash';
                                    // we'll update the hash!
                                }
                            }
                        }
                        break;
                    case 'username':
                        $postfld = trim(strtolower(preg_replace('![^0-9a-zA-Z-_.]!', '', $_POST[$field])));
                        if ($postfld != $mxuser->{$field}) {
                            $ckusername = mx_checkusername($mxuser->username, $postfld);
                            if ($ckusername) {
                                $msgs->err .= sprintf(_('Username was not updated: %s'), $ckusername > 0 ? _('Username already used') : $usernameerrs[$ckusername]);
                                $postfld = $mxuser->{$field};
                            } else {
                                $msgs->ok .= _('Username was updated.');
                            }
                        }
                        break;
                    case 'agreement':
                        if (!$mxuser->agreement || $mxuser->agreement == '0000-00-00 00:00:00') {
                            $postfld = date('Y-m-d H:i:s');
                        } else {
                            $postfld = $mxuser->agreement;
                        }
                        break;
                    case 'genre':
                        $postfld = $_POST[$field];
                        break;
                    default:
                        $postfld = stripslashes($_POST[$field]);
                        break;
                }
                if ($postfld != $mxuser->{$field}) {
                    $mxuser->setoption($field, $postfld);
                    //$mxuser->$field=$postfld; // already done in setoption...
                }
                if ($field == 'pwdhash') {
                    // needs to clear the session with new password credentials :-)
                    mx_setsession($mxuser, time());
                }
            }
        }
        if ($action == 'done' && !$errors) {
            $mxuser->setoption('status', MXACCTSETUP);
        }
        //header('Location: '.mx_actionurl($page,$option,'done'));
    }
    //error_log(print_r($errors,true));
}
예제 #2
0
/* ---
 * Project: musxpand
 * File:    paypal.php
 * Author:  phil
 * Date:    09/09/2011
 * ---
 * License:

    This file is part of musxpand.

    musxpand is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    musxpand is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with musxpand.  If not, see <http://www.gnu.org/licenses/>.

    Copyright � 2010 by Philippe Hilger
 */
require 'includes/mx_check.php';
if (basename($_SERVER['PHP_SELF']) == basename(__FILE__)) {
    $query = mx_secureword($_REQUEST['u']);
    die(mx_checkusername(strtolower($mxuser->username), $query));
}