function saveUserAttribute($userid,$attid,$data) {
if ($data["nodbsave"]) {
dbg("Not saving $attid");
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
dbg("Not saving $attid");
return;
}
if (!$data["type"])
$data["type"] = "textline";
if ($data["type"] == "static" || $data["type"] == "password") {
Sql_Query(sprintf('update user set %s = "%s" where id = %d',
$attid,$data["value"],$userid));
return 1;
}
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from attribute where id = %d',$attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from attribute where name = "%s"',$data["name"]));
if (!$attid_req[0]) {
if ($GLOBALS["config"]["autocreate_attributes"]) {
Dbg("Creating new Attribute: ".$data["name"]);
sendError("creating new attribute ".$data["name"]);
$atttable= getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into attribute (name,type,tablename) values("%s","%s","%s")',$data["name"],$data["type"],$atttable));
$attid = Sql_Insert_Id();
} else {
dbg("Not creating new Attribute: ".$data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
if (!$atttable) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update attribute set tablename ="%s" where id = %d',
$atttable,$attid));
# sendError("Attribute without Tablename $attid");
}
switch ($data["type"]) {
case "static":
case "password":
Sql_Query(sprintf('update user set %s = "%s" where id = %d',
$attid,$data["value"],$userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
where name = "%s"',$atttable,$data["displayvalue"]),1);
if (!$curval[0]) {
Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")',$atttable,
$data["displayvalue"]));
sendError("Added ".$data["displayvalue"]." to $atttable");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
values(%d,%d,"%s")',$userid,$attid,$valid));
break;
default:
Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
values(%d,%d,"%s")',$userid,$attid,$data["value"]));
break;
}
return 1;
}
function saveUserAttribute($userid, $attid, $data)
{
global $usertable_prefix, $table_prefix, $tables;
# workaround for integration webbler/phplist
if (!isset($usertable_prefix)) {
$usertable_prefix = '';
}
if (!isset($table_prefix)) {
$table_prefix = 'phplist_';
}
if (!empty($tables["attribute"])) {
$att_table = $usertable_prefix . $tables["attribute"];
$user_att_table = $usertable_prefix . $tables["user_attribute"];
} else {
$att_table = $usertable_prefix . "attribute";
$user_att_table = $usertable_prefix . "user_attribute";
}
if (!is_array($data)) {
$tmp = $data;
$data = Sql_Fetch_Assoc_Query(sprintf('select * from %s where id = %d', $att_table, $attid));
$data['value'] = $tmp;
$data['displayvalue'] = $tmp;
}
# dbg($data,'$data to store for '.$userid.' '.$attid);
if ($data["nodbsave"]) {
# dbg($attid, "Not saving, nodbsave");
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
# dbg($attid, "Not saving, emailcheck/passwordcheck");
return;
}
if (!$data["type"]) {
$data["type"] = "textline";
}
if ($data["type"] == "static" || $data["type"] == "password" || $data['type'] == 'htmlpref') {
if (!empty($GLOBALS['config']['dontsave_userpassword']) && $data['type'] == 'password') {
$data["value"] = 'not authoritative';
}
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
dbg('Saving', $data['value'], DBG_TRACE);
if ($data["type"] == "password") {
Sql_Query(sprintf('update user set passwordchanged = now(),password="******" where id = %d', hash('sha256', $data['value']), $userid));
}
return 1;
}
$attributetype = $data['type'];
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where id = %d', $att_table, $attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where name = "%s"', $att_table, $data["name"]));
if (!$attid_req[0]) {
if (!empty($data["name"]) && $GLOBALS["config"]["autocreate_attributes"]) {
# Dbg("Creating new Attribute: ".$data["name"]);
sendError("creating new attribute " . $data["name"]);
$atttable = getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into %s (name,type,tablename) values("%s","%s","%s")', $att_table, $data["name"], $data["type"], $atttable));
$attid = Sql_Insert_Id();
} else {
# dbg("Not creating new Attribute: ".$data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
if (empty($attributetype)) {
$attributetype = $attid_req[1];
}
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
if (empty($attributetype)) {
$attributetype = $attid_req[1];
}
$atttable = $attid_req[2];
}
if (!$atttable && !empty($data['name'])) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update %s set tablename ="%s" where id = %d', $att_table, $atttable, $attid));
# sendError("Attribute without Tablename $attid");
}
switch ($attributetype) {
case "static":
case "password":
# dbg('SAVING STATIC OR PASSWORD');
if (!empty($GLOBALS['config']['dontsave_userpassword']) && $data['type'] == 'password') {
$data["value"] = 'not authoritative';
}
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from ' . $table_prefix . 'listattr_%s
where name = "%s"', $atttable, $data["displayvalue"]), 1);
if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') {
Sql_Query(sprintf('insert into ' . $table_prefix . 'listattr_%s (name) values("%s")', $atttable, $data["displayvalue"]));
sendError("Added " . $data["displayvalue"] . " to {$atttable}");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $valid));
break;
case 'avatar':
if (is_array($_FILES)) {
## only avatars are files, for now
if (!defined('MAX_AVATAR_SIZE')) {
define('MAX_AVATAR_SIZE', 100000);
}
$formfield = 'attribute' . $attid . '_file';
## the name of the fileupload element
if (!empty($_FILES[$formfield]['name']) && !empty($_FILES[$formfield]['tmp_name'])) {
$tmpnam = $_FILES[$formfield]['tmp_name'];
move_uploaded_file($tmpnam, '/tmp/avatar' . $userid . '.jpg');
$size = filesize('/tmp/avatar' . $userid . '.jpg');
# dbg('New size: '.$size);
if ($size < MAX_AVATAR_SIZE) {
$avatar = file_get_contents('/tmp/avatar' . $userid . '.jpg');
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, base64_encode($avatar)));
unlink('/tmp/avatar' . $userid . '.jpg');
}
}
}
break;
default:
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $data["value"]));
break;
}
return 1;
}
function saveUserAttribute($userid, $attid, $data)
{
global $usertable_prefix, $tables;
# workaround for integration webbler/phplist
if (!isset($usertable_prefix)) {
$usertable_prefix = '';
}
if (!empty($tables["attribute"])) {
$att_table = $usertable_prefix . $tables["attribute"];
$user_att_table = $usertable_prefix . $tables["user_attribute"];
} else {
$att_table = $usertable_prefix . "attribute";
$user_att_table = $usertable_prefix . "user_attribute";
}
if ($data["nodbsave"]) {
dbg("Not saving {$attid}");
return;
}
if (strtolower($data) == 'invalid attribute index') {
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
dbg("Not saving {$attid}");
return;
}
if (!$data["type"]) {
$data["type"] = "textline";
}
if ($data["type"] == "static" || $data["type"] == "password" || $data['type'] == 'htmlpref') {
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
if ($data["type"] == "password") {
Sql_Query(sprintf('update user set passwordchanged = now() where id = %d', $userid));
}
return 1;
}
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where id = %d', $att_table, $attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where name = "%s"', $att_table, $data["name"]));
if (!$attid_req[0]) {
if ($GLOBALS["config"]["autocreate_attributes"]) {
Dbg("Creating new Attribute: " . $data["name"]);
sendError("creating new attribute " . $data["name"]);
$atttable = getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into %s (name,type,tablename) values("%s","%s","%s")', $att_table, $data["name"], $data["type"], $atttable));
$attid = Sql_Insert_Id();
} else {
dbg("Not creating new Attribute: " . $data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
if (!$atttable) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update %s set tablename ="%s" where id = %d', $att_table, $atttable, $attid));
# sendError("Attribute without Tablename $attid");
}
switch ($data["type"]) {
case "static":
case "password":
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
where name = "%s"', $atttable, $data["displayvalue"]), 1);
if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') {
Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")', $atttable, $data["displayvalue"]));
sendError("Added " . $data["displayvalue"] . " to {$atttable}");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $valid));
break;
case 'avatar':
if (is_array($_FILES)) {
## only avatars are files
$formfield = 'attribute' . $attid . '_file';
## the name of the fileupload element
if (!empty($_FILES[$formfield]['name'])) {
$tmpnam = $_FILES[$formfield]['tmp_name'];
move_uploaded_file($tmpnam, '/tmp/avatar' . $userid . '.jpg');
if (function_exists('resizeImageFile')) {
resizeImageFile('/tmp/avatar' . $userid . '.jpg', 250, 1);
}
$size = filesize('/tmp/avatar' . $userid . '.jpg');
# dbg('New size: '.$size);
if ($size < MAX_AVATAR_SIZE) {
$avatar = file_get_contents('/tmp/avatar' . $userid . '.jpg');
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, base64_encode($avatar)));
unlink('/tmp/avatar' . $userid . '.jpg');
}
}
}
break;
default:
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $data["value"]));
break;
}
return 1;
}
# it is a change
# get the original type
$req = Sql_Fetch_Row_Query("select type,tablename from {$tables['attribute']} where id = {$id}");
$existingtype = $req[0];
#print "Existing attribute: ".$_POST["name"][$id]." new type:".$_POST["type"][$id]." existing type: ".$req[0]."<br/>";
if ($_POST['type'][$id] != $existingtype) {
switch ($existingtype) {
case 'textline':
case 'hidden':
case 'date':
print s('Converting %s from %s to %s', htmlentities($_POST['name'][$id]), $existingtype, htmlentities($_POST['type'][$id])) . '<br/>';
switch ($_POST['type'][$id]) {
case 'radio':
case 'checkboxgroup':
case 'select':
$lc_name = getNewAttributeTablename($req[1]);
Sql_Query("update {$tables['attribute']} set tablename = \"{$lc_name}\" where id = {$id}");
Sql_Query("create table {$table_prefix}" . "listattr_{$lc_name} (id integer not null primary key auto_increment, name varchar(255) unique,listorder integer default 0)");
$attreq = Sql_Query("select distinct value from {$tables['user_attribute']} where attributeid = {$id}");
while ($row = Sql_Fetch_Row($attreq)) {
$attindexreq = Sql_Query("select id from {$table_prefix}" . "listattr_{$lc_name} where name = \"{$row['0']}\"");
if (!Sql_Affected_Rows()) {
Sql_Query("insert into {$table_prefix}" . "listattr_{$lc_name} (name) values(\"{$row['0']}\")");
$attid = Sql_Insert_Id();
} else {
$attindex = Sql_Fetch_Row($attindexreq);
$attid = $attindex[0];
}
Sql_Query("update {$tables['user_attribute']} set value = {$attid} where attributeid = {$id} and value = \"{$row['0']}\"");
}
break;
function saveUserAttribute($userid, $attid, $data)
{
global $usertable_prefix, $tables;
# workaround for integration webbler/phplist
if (!isset($usertable_prefix)) {
$usertable_prefix = '';
}
if (!empty($tables["attribute"])) {
$att_table = $tables["attribute"];
$user_att_table = $tables["user_attribute"];
} else {
$att_table = $usertable_prefix . "attribute";
$user_att_table = $usertable_prefix . "user_attribute";
}
if ($data["nodbsave"]) {
dbg("Not saving {$attid}");
return;
}
if (strtolower($data) == 'invalid attribute index') {
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
dbg("Not saving {$attid}");
return;
}
if (!$data["type"]) {
$data["type"] = "textline";
}
if ($data["type"] == "static" || $data["type"] == "password" || $data['type'] == 'htmlpref') {
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
if ($data["type"] == "password") {
Sql_Query(sprintf('update user set passwordchanged = now() where id = %d', $userid));
}
return 1;
}
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where id = %d', $att_table, $attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where name = "%s"', $att_table, $data["name"]));
if (!$attid_req[0]) {
if ($GLOBALS["config"]["autocreate_attributes"]) {
Dbg("Creating new Attribute: " . $data["name"]);
sendError("creating new attribute " . $data["name"]);
$atttable = getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into %s (name,type,tablename) values("%s","%s","%s")', $att_table, $data["name"], $data["type"], $atttable));
$attid = Sql_Insert_Id();
} else {
dbg("Not creating new Attribute: " . $data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
if (!$atttable) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update %s set tablename ="%s" where id = %d', $att_table, $atttable, $attid));
# sendError("Attribute without Tablename $attid");
}
switch ($data["type"]) {
case "static":
case "password":
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
where name = "%s"', $atttable, $data["displayvalue"]), 1);
if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') {
Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")', $atttable, $data["displayvalue"]));
sendError("Added " . $data["displayvalue"] . " to {$atttable}");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $valid));
break;
default:
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $data["value"]));
break;
}
return 1;
}
