function runQuery($sql)
{
global $db_link;
$result = mysql_query($sql, $db_link) or die(reportSQLError($sql));
return $result;
// end function
}
function birthday($format)
{
global $db_link;
$tbl_birthday = mysql_fetch_array(mysql_query("SELECT DATE_FORMAT(birthday, \"{$format}\") AS birthday FROM " . TABLE_CONTACT . " AS contact WHERE contact.id={$this->id}", $db_link)) or die(reportSQLError());
return $tbl_birthday['birthday'];
/*
Note on saving birthdays.
We can use strtotime() (see http://us2.php.net/manual/en/function.strtotime.php)
to take common date writing methods such as "September 27, 1983" or "3/1/86"
and convert it to a timestamp which we can then use to save as the mysql date
format.
This is more user friendly.
If the year is omitted then it uses the current year. In our implementation this
should be a 0000 year which also means "I do not know". When there is a 0000 year
found, the birthday method should refuse to display any such year or age.
*/
}
function doQuery($sql)
{
global $db_link;
mysql_query($sql) or die(reportSQLError($sql));
}
?>
">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="EXPIRES" CONTENT="-1">
</HEAD>
<BODY>
<?php
// CHECK TO SEE IF A FORM HAS BEEN SUBMITTED, AND SAVE THE SCRATCHPAD.
if ($_POST['saveNotes'] == "YES") {
$notes = addslashes(trim($_POST['notes']));
// UPDATES THE SCRATCHPAD TABLE
$sql = "UPDATE " . TABLE_SCRATCHPAD . " SET notes='{$notes}'";
$update = mysql_query($sql, $db_link) or die(reportSQLError($sql));
echo $lang[SCRATCH_SAVED] . "\n";
/*
echo("<P><A HREF=\"" . FILE_LIST . "\"><B>Return to List</B></A>\n");
echo("</BODY>");
echo("</HTML>");
exit();
*/
}
?>
<SCRIPT LANGUAGE="JavaScript">
<!--
function saveEntry() {
<!-- END BOX -->
</TD>
</TR>
<TR VALIGN="top">
<TD WIDTH=560 CLASS="listHeader"><?php
echo $lang['LBL_EMAIL_ADDRESS_CHANGE'];
?>
</TD>
</TR>
<TR VALIGN="top">
<TD CLASS="data">
<?php
// GET THE USER'S EMAIL ADDRESS
$r_user = mysql_fetch_array(mysql_query("SELECT email FROM " . TABLE_USERS . " AS users WHERE username='******'username'] . "' LIMIT 1", $db_link)) or die(reportSQLError());
$email = $r_user['email'];
if ($email) {
echo $lang['USR_HELP_EMAIL_NEW'] . "<B> {$email} </B>. " . $lang['USR_HELP_EMAIL_NEW2'];
} else {
echo $lang['USR_HELP_EMAIL_NONE'];
}
echo " " . $lang['USR_HELP_EMAIL_CONFIRM'];
?>
<!-- CHANGE EMAIL BOX -->
<P>
<FORM NAME="changeEmail" ACTION="<?php
echo FILE_USERS . "?action=changeemail";
?>
" METHOD="post">
<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5 WIDTH=500>
checkForLogin("admin", "user");
// ** RETRIEVE OPTIONS THAT PERTAIN TO THIS PAGE **
$options = new Options();
// ** CHECK FOR ID **
$mode = $_GET['mode'];
if ($mode == 'new') {
$id = '0';
// this is to create empty variables from the database
} else {
$mode = 'edit';
$id = check_id();
}
// ** END INITIALIZATION *******************************************************
// RETRIEVE ENTRY INFORMATION GIVEN AN ID
if (isset($id)) {
$r_contact = mysql_query("SELECT * FROM " . TABLE_CONTACT . " AS contact WHERE contact.id={$id}", $db_link) or die(reportSQLError());
$r_additionalData = mysql_query("SELECT * FROM " . TABLE_ADDITIONALDATA . " AS additionaldata WHERE additionaldata.id={$id}", $db_link);
$r_address = mysql_query("SELECT * FROM " . TABLE_ADDRESS . " AS address WHERE address.id={$id}", $db_link);
$r_email = mysql_query("SELECT * FROM " . TABLE_EMAIL . " AS email WHERE email.id={$id}", $db_link);
$r_messaging = mysql_query("SELECT * FROM " . TABLE_MESSAGING . " AS messaging WHERE messaging.id={$id}", $db_link);
$r_otherPhone = mysql_query("SELECT * FROM " . TABLE_OTHERPHONE . " AS otherphone WHERE otherphone.id={$id}", $db_link);
$r_websites = mysql_query("SELECT * FROM " . TABLE_WEBSITES . " AS websites WHERE websites.id={$id}", $db_link);
$r_lastUpdate = mysql_query("SELECT DATE_FORMAT(lastUpdate, \"%W, %M %e %Y (%h:%i %p)\") AS lastUpdate FROM " . TABLE_CONTACT . " AS contact WHERE contact.id={$id}", $db_link);
// NOTE: Groups is determined with a special query that will be run at the bottom of the page.
// Turns query results into an array from where variables can then be extracted from it.
$tbl_contact = mysql_fetch_array($r_contact);
$tbl_lastUpdate = mysql_fetch_array($r_lastUpdate);
// Put data into variable holders -- taken from arrays that are created from query results.
$contact_firstname = stripslashes($tbl_contact['firstname']);
$contact_lastname = stripslashes($tbl_contact['lastname']);
$contact_middlename = stripslashes($tbl_contact['middlename']);
if ($group_name == "") {
$group_id = 1;
$group_name = "All Entries";
}
}
// RETRIEVE LIST OF CONTACTS, DEPENDING ON GROUP
// The following query displays all entries.
if ($group_id <= 1 || !$group_id) {
$listsql = "SELECT DISTINCT contact.id, CONCAT(lastname,', ',firstname) AS fullname, lastname, firstname\n\t\t\t\t\t\t\tFROM " . TABLE_CONTACT . " AS contact\n\t\t\t\t\t\t\tORDER BY fullname";
} elseif ($group_id == 2) {
$listsql = "SELECT DISTINCT contact.id, CONCAT(lastname,', ',firstname) AS fullname, lastname, firstname\n\t\t\t\t\t\t\tFROM " . TABLE_CONTACT . " AS contact\n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_GROUPS . " AS groups ON groups.id=contact.id\n\t\t\t\t\t\t\tWHERE groups.id IS NULL\n\t\t\t\t\t\t\tORDER BY fullname";
} else {
$listsql = "SELECT DISTINCT contact.id, CONCAT(lastname,', ',firstname) AS fullname, lastname, firstname\n\t\t\t\t\t\t\tFROM " . TABLE_CONTACT . " AS contact, " . TABLE_GROUPS . " AS groups\n\t\t\t\t\t\t\tWHERE contact.id=groups.id AND groups.groupid={$group_id}\n\t\t\t\t\t\t\tORDER BY fullname";
}
// Execute the specified query
$r_contact = mysql_query($listsql, $db_link) or die(reportSQLError($listsql));
// HTML OUTPUT
?>
<HTML>
<HEAD>
<TITLE>Address Book - Edit Group</TITLE>
<LINK REL="stylesheet" HREF="styles.css" TYPE="text/css">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="EXPIRES" CONTENT="-1">
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $lang['CHARSET'];
?>
"
</HEAD>
function retrieve($uname)
{
global $db_link;
// The following needs to be set to retrieve correctly
// $this->group_id
// $this->current_letter
// $this->max_entries
// $this->current_page
// CREATE INITIAL SQL FRAGMENT
$this->sql = "SELECT contact.id, CONCAT(lastname,', ',firstname) AS fullname, lastname, firstname,\n\t\t\t\t\t\trefid, line1, line2, city, state, zip, phone1, phone2, country, whoAdded\n\t\t\t\t\t\tFROM ( " . TABLE_CONTACT . " AS contact ";
// CREATE SQL FRAGMENTS TO FILTER BY GROUP
// group_id = 0 --> "All Entries"
// if ($this->group_id == 0) {
// $sql_group = ") LEFT JOIN " . TABLE_ADDRESS . " AS address ON contact.id=address.id AND contact.primaryAddress=address.refid
// WHERE contact.hidden != 1 and whoAdded = '".$uname."'";
if ($this->group_id == 0) {
$sql_group = ") LEFT JOIN " . TABLE_ADDRESS . " AS address ON contact.id=address.id AND contact.primaryAddress=address.refid\n\t\t\t\t\t\tWHERE contact.hidden != 1";
} elseif ($this->group_id == 1) {
$sql_group = ") LEFT JOIN " . TABLE_ADDRESS . " AS address ON contact.id=address.id AND contact.primaryAddress=address.refid\n\t\t\t\t\t\tLEFT JOIN " . TABLE_GROUPS . " AS groups ON groups.id=contact.id\n\t\t\t\t\t\tWHERE groups.id IS NULL AND contact.hidden != 1 ";
} elseif ($this->group_id == 2) {
$sql_group = ") LEFT JOIN " . TABLE_ADDRESS . " AS address ON contact.id=address.id AND contact.primaryAddress=address.refid\n\t\t\t\t\t\tWHERE contact.hidden = 1 ";
} else {
$sql_group = ", " . TABLE_GROUPS . " AS groups)\n\t\t\t\t\t\tLEFT JOIN " . TABLE_ADDRESS . " AS address ON contact.id=address.id AND contact.primaryAddress=address.refid\n\t\t\t\t\t\tWHERE contact.id=groups.id AND groups.groupid={$this->group_id} AND contact.hidden != 1 ";
}
// CREATE SQL FRAGMENTS TO FILTER BY LETTER
switch ($this->current_letter) {
case "":
// No letter filter
$sql_letter = "";
break;
case "1":
// If selecting non-alphabetical characters
$sql_letter = " AND lastname REGEXP '^[^[:alpha:]]'";
break;
default:
// If a letter is set
$sql_letter = " AND lastname LIKE '{$this->current_letter}%'";
break;
}
// CREATE SQL FRAGMENTS TO LIMIT NUMBER OF ENTRIES PER PAGE
if ($this->max_entries > 0) {
//if this option is set, limit the number of entries shown per page
// Count number of rows (this uses group and letter sql fragments, determined previously)
$count = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM " . TABLE_CONTACT . " AS contact" . $sql_group . $sql_letter, $db_link));
$this->total_pages = intval(ceil($count[0] / $this->max_entries));
//divide the total entries by the limit per page. Round up to an integer
// Users like to start counting from 1 in stead of 0
$lowerLimit = $this->current_page - 1;
//deduct 1 from the result page number in the URL, use this to calculate the lower limit of the range
$lowerLimit = $lowerLimit * $this->max_entries;
//lower limit of the range
$sql_limit = " LIMIT {$lowerLimit}, {$this->max_entries}";
}
// ASSEMBLE THE SQL QUERY
$this->sql .= $sql_group . $sql_letter . " ORDER BY fullname" . $sql_limit;
// EXECUTE THE SQL QUERY
$r_contact = mysql_query($this->sql, $db_link) or die(reportSQLError($this->sql));
// RETURN RESULTS OF QUERY
return $r_contact;
}
echo "Name,Email Address\n";
while ($tbl_contact = mysql_fetch_array($r_contact)) {
// First Name, Last Name, and Type variables are checked for the comma (,) character, which will be
// removed if found. This is to prevent these fields from breaking the CSV format.
echo str_replace(",", "", $tbl_contact['firstname']) . " " . str_replace(",", "", $tbl_contact['lastname']);
if (str_replace(",", "", $tbl_contact['type'])) {
echo " (" . str_replace(",", "", $tbl_contact['type']) . ")";
}
echo "," . $tbl_contact['email'] . "\n";
}
// END
break;
case "vcard":
//from wilco on forum http://www.corvalis.net/phpBB2/viewtopic.php?t=294
$vCardQuery = "SELECT id, firstname, middlename, lastname, nickname, birthday, pictureURL, notes\n\t\t\t\t \tFROM " . TABLE_CONTACT . " WHERE whoAdded = '" . $_SESSION['username'] . "'";
$r_contact = mysql_query($vCardQuery, $db_link) or die(reportSQLError($vCardQuery));
$mobile_prefix = '06';
// prefix for mobile numbers
$picture_prefix = 'http://202.164.53.116/sms/mugshots/';
//include('vcard.php');
while ($r = mysql_fetch_array($r_contact)) {
// $r means result
$output .= "BEGIN:VCARD\nVERSION:3.0\n";
$output .= 'FN:' . $r['firstname'] . "\n";
$output .= 'N:' . $r['lastname'] . ';' . $r['firstname'] . ';' . $r['middlename'] . ";\n";
if ($r['nickname']) {
$output .= 'NICKNAME:' . $r['nickname'] . "\n";
}
if ($r['pictureURL']) {
$output .= 'PHOTO;VALUE=uri:' . $picture_prefix . $r['pictureURL'] . "\n";
}
$contact = new Contact($id);
$r_additionalData = mysql_query("SELECT * FROM " . TABLE_ADDITIONALDATA . " AS additionaldata WHERE additionaldata.id={$id}", $db_link);
$r_address = mysql_query("SELECT * FROM " . TABLE_ADDRESS . " AS address WHERE address.id={$id}", $db_link);
$r_email = mysql_query("SELECT * FROM " . TABLE_EMAIL . " AS email WHERE email.id={$id}", $db_link);
$r_groups = mysql_query("SELECT grouplist.groupid, groupname FROM " . TABLE_GROUPS . " AS groups LEFT JOIN " . TABLE_GROUPLIST . " AS grouplist ON groups.groupid=grouplist.groupid WHERE id={$id}", $db_link);
$r_messaging = mysql_query("SELECT * FROM " . TABLE_MESSAGING . " AS messaging WHERE messaging.id={$id}", $db_link);
$r_otherPhone = mysql_query("SELECT * FROM " . TABLE_OTHERPHONE . " AS otherphone WHERE otherphone.id={$id}", $db_link);
$r_websites = mysql_query("SELECT * FROM " . TABLE_WEBSITES . " AS websites WHERE websites.id={$id}", $db_link);
// CALCULATE 'NEXT' AND 'PREVIOUS' ADDRESS ENTRIES
$r_prev = mysql_query("SELECT id, CONCAT(lastname,', ',firstname) AS fullname FROM " . TABLE_CONTACT . " AS contact WHERE CONCAT(lastname, ', ', firstname) < \"" . $contact->fullname . "\" AND contact.hidden != 1 ORDER BY fullname DESC LIMIT 1", $db_link) or die(reportSQLError());
$t_prev = mysql_fetch_array($r_prev);
$prev = $t_prev['id'];
if ($prev < 1) {
$prev = $id;
}
$r_next = mysql_query("SELECT id, CONCAT(lastname,', ',firstname) AS fullname FROM " . TABLE_CONTACT . " AS contact WHERE CONCAT(lastname, ', ', firstname) > \"" . $contact->fullname . "\" AND contact.hidden != 1 ORDER BY fullname ASC LIMIT 1", $db_link) or die(reportSQLError());
$t_next = mysql_fetch_array($r_next);
$next = $t_next['id'];
if ($next < 1) {
$next = $id;
}
// PICTURE STUFF.
// do we have a picture?
if ($contact->picture_url) {
$tableColumnAmt = 3;
$tableColumnWidth = (540 - $options->picWidth) / 2;
} else {
if ($options->picAlwaysDisplay == 1) {
$tableColumnAmt = 3;
$tableColumnWidth = (540 - $options->picWidth) / 2;
} else {
function reset_user()
{
// This function is designed to clear the user's settings and have all option variables
// set to NULL in the database. NULL means neither yes or no, and will force the
// script to look to the global options table for information.
global $db_link;
global $lang;
// QUERY
$sql = "UPDATE " . TABLE_USERS . " SET \n\t\t\t\tbdayInterval = NULL,\n\t\t\t\tbdayDisplay = NULL,\n\t\t\t\tdisplayAsPopup = NULL,\n\t\t\t\tuseMailScript = NULL,\n\t\t\t\tlanguage = NULL,\n\t\t\t\tdefaultLetter = NULL,\n\t\t\t\tlimitEntries = NULL\n\t\t\t\tWHERE username='******'username'] . "'";
mysql_query($sql, $db_link) or die(reportSQLError($lang['ERR_OPTIONS_NO_SAVE']));
// RESET MEMBER VARIABLES
$this->set_global();
$this->message = $lang['OPT_RESET_USER'];
return true;
}
