/**
* Handle member add request.
*
* @return The url to display when complete.
*/
function command_member_add()
{
global $esc_post;
global $config_email_to;
global $config_email_from;
global $config_org_name;
// Verify permissions
if (!user_access('member_add')) {
error_register('Permission denied: member_add');
return crm_url('members');
}
if (!user_access('contact_add')) {
error_register('Permission denied: contact_add');
return crm_url('members');
}
if (!user_access('user_add')) {
error_register('Permission denied: user_add');
return crm_url('members');
}
// Find username or create a new one
$username = $_POST['username'];
$n = 0;
while (empty($username) && $n < 100) {
// Contruct test username
$test_username = strtolower($_POST[firstName][0] . $_POST[lastName]);
if ($n > 0) {
$test_username .= $n;
}
// Check whether username is taken
$esc_test_name = mysql_real_escape_string($test_username);
$sql = "SELECT * FROM `user` WHERE `username`='{$esc_test_name}'";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
$row = mysql_fetch_assoc($res);
if (!$row) {
$username = $test_username;
}
$n++;
}
if (empty($username)) {
error_register('Please specify a username');
return crm_url('members&tab=add');
}
// Build contact object
$contact = array('firstName' => $_POST['firstName'], 'middleName' => $_POST['middleName'], 'lastName' => $_POST['lastName'], 'email' => $_POST['email'], 'phone' => $_POST['phone'], 'emergencyName' => $_POST['emergencyName'], 'emergencyPhone' => $_POST['emergencyPhone']);
// Add user fields
$user = array('username' => $username);
$contact['user'] = $user;
// Add member fields
$membership = array(array('pid' => $_POST['pid'], 'start' => $_POST['start']));
$member = array('membership' => $membership);
$contact['member'] = $member;
// Add user fields
$user = array('username' => $username);
$contact['user'] = $user;
// Save to database
$contact = contact_save($contact);
// Add role entry
$sql = "SELECT `rid` FROM `role` WHERE `name`='member'";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
$row = mysql_fetch_assoc($res);
$esc_cid = mysql_real_escape_string($contact['cid']);
$esc_rid = mysql_real_escape_string($row['rid']);
if ($row) {
$sql = "\n INSERT INTO `user_role`\n (`cid`, `rid`)\n VALUES\n ('{$esc_cid}', '{$esc_rid}')";
$res = mysql_query($sql);
if (!$res) {
crm_error(mysql_error());
}
}
// Notify admins
$from = "\"{$config_org_name}\" <{$config_email_from}>";
$headers = "From: {$from}\r\nContent-Type: text/html; charset=ISO-8859-1\r\n";
if (!empty($config_email_to)) {
$name = theme_contact_name($contact['cid']);
$content = theme('member_created_email', $contact['cid']);
mail($config_email_to, "New Member: {$name}", $content, $headers);
}
// Notify user
$confirm_url = user_reset_password_url($contact['user']['username']);
$content = theme('member_welcome_email', $contact['user']['cid'], $confirm_url);
mail($_POST['email'], "Welcome to {$config_org_name}", $content, $headers);
return crm_url("contact&cid={$esc_cid}");
}
/**
* Handle contact update request.
*
* @return The url to display on completion.
*/
function command_contact_update()
{
global $esc_post;
// Verify permissions
if (!user_access('contact_edit') && $_POST['cid'] != user_id()) {
error_register('Permission denied: contact_edit');
return crm_url('contacts');
}
$contact_data = crm_get_data('contact', array('cid' => $_POST['cid']));
$contact = $contact_data[0];
if (empty($contact)) {
error_register("No contact for cid: {$_POST['cid']}");
return crm_url('contacts');
}
// Update contact data
$contact['firstName'] = $_POST['firstName'];
$contact['middleName'] = $_POST['middleName'];
$contact['lastName'] = $_POST['lastName'];
$contact['email'] = $_POST['email'];
$contact['phone'] = $_POST['phone'];
$contact['emergencyName'] = $_POST['emergencyName'];
$contact['emergencyPhone'] = $_POST['emergencyPhone'];
// Save changes to database
$contact = contact_save($contact);
return crm_url('contacts');
}
