/** * Handle member import request. * * @return The url to display on completion. */ function command_member_import() { global $config_org_name; if (!user_access('contact_edit')) { error_register('User does not have permission: contact_edit'); return crm_url('members'); } if (!user_access('member_edit')) { error_register('User does not have permission: member_edit'); return crm_url('members'); } if (!array_key_exists('member-file', $_FILES)) { error_register('No member file uploaded'); return crm_url('members&tab=import'); } $csv = file_get_contents($_FILES['member-file']['tmp_name']); $data = csv_parse($csv); foreach ($data as $row) { // Convert row keys to lowercase and remove spaces foreach ($row as $key => $value) { $new_key = str_replace(' ', '', strtolower($key)); unset($row[$key]); $row[$new_key] = $value; } // Add contact $firstName = mysql_real_escape_string($row['firstname']); $middleName = mysql_real_escape_string($row['middlename']); $lastName = mysql_real_escape_string($row['lastname']); $email = mysql_real_escape_string($row['email']); $phone = mysql_real_escape_string($row['phone']); $emergencyName = mysql_real_escape_string($row['emergencyname']); $emergencyPhone = mysql_real_escape_string($row['emergencyphone']); $sql = "\n INSERT INTO `contact`\n (`firstName`,`middleName`,`lastName`,`email`,`phone`,`emergencyName`,`emergencyPhone`)\n VALUES\n ('{$firstName}','{$middleName}','{$lastName}','{$email}','{$phone}','{$emergencyName}','{$emergencyPhone}')"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } $cid = mysql_insert_id(); $esc_cid = mysql_real_escape_string($cid); // Add member $sql = "\n INSERT INTO `member`\n (`cid`)\n VALUES\n ('{$esc_cid}')"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } // Find Username $username = $row['username']; $n = 0; while (empty($username) && $n < 100) { // Contruct test username $test_username = strtolower($row['firstname'][0] . $row['lastName']); if ($n > 0) { $test_username .= $n; } // Check whether username is taken $esc_test_name = mysql_real_escape_string($test_username); $sql = "SELECT * FROM `user` WHERE `username`='{$esc_test_name}'"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } $user_row = mysql_fetch_assoc($res); if (!$user_row) { $username = $test_username; } $n++; } if (empty($username)) { error_register('Please specify a username'); return crm_url('members&tab=import'); } // Add user $user = array(); $user['username'] = $username; $user['cid'] = $cid; user_save($user); // Add role entry $sql = "SELECT `rid` FROM `role` WHERE `name`='member'"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } $role_row = mysql_fetch_assoc($res); $esc_rid = mysql_real_escape_string($role_row['rid']); if ($role_row) { $sql = "\n INSERT INTO `user_role`\n (`cid`, `rid`)\n VALUES\n ('{$esc_cid}', '{$esc_rid}')"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } } // Add plan if necessary $esc_plan_name = mysql_real_escape_string($row['plan']); $sql = "SELECT `pid` FROM `plan` WHERE `name`='{$esc_plan_name}'"; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } if (mysql_num_rows($res) < 1) { $sql = "\n INSERT INTO `plan`\n (`name`, `active`, `price`, `voting`)\n VALUES\n ('{$esc_plan_name}', '1', '0', '0' )\n "; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } $pid = mysql_insert_id(); } else { $plan_row = mysql_fetch_assoc($res); $pid = $plan_row['pid']; } // Add membership $esc_start = mysql_real_escape_string($row['startdate']); $esc_pid = mysql_real_escape_string($pid); $sql = "\n INSERT INTO `membership`\n (`cid`, `pid`, `start`)\n VALUES\n ('{$esc_cid}', '{$esc_pid}', '{$esc_start}')\n "; $res = mysql_query($sql); if (!$res) { crm_error(mysql_error()); } // Notify admins $from = "\"{$config_org_name}\" <{$config_email_from}>"; $headers = "From: {$from}\r\nContent-Type: text/html; charset=ISO-8859-1\r\n"; if (!empty($config_email_to)) { $name = theme_contact_name($_POST['cid']); $content = theme('member_created_email', $user['cid']); mail($config_email_to, "New Member: {$name}", $content, $headers); } // Notify user $confirm_url = user_reset_password_url($user['username']); $content = theme('member_welcome_email', $user['cid'], $confirm_url); mail($email, "Welcome to {$config_org_name}", $content, $headers); } return crm_url('members'); }
/** * Respond to reset password request. */ function command_reset_password() { global $config_host; global $config_base_path; global $config_email_from; global $config_site_title; // Send code to user by username $user = crm_get_one('user', array('filter' => array('username' => $_POST['username']))); if (empty($user)) { // Try email instead $user = crm_get_one('user', array('filter' => array('email' => $_POST['username']))); } if (empty($user)) { error_register('No such username/email.'); return crm_url(); } $contact = crm_get_one('contact', array('cid' => $user['cid'])); $url = user_reset_password_url($user['username']); if (!empty($url)) { $to = $contact['email']; $subject = "[{$config_site_title}] Reset Password"; $from = $config_email_from; $headers = "From: {$from}\r\n"; $message = "To reset your password, visit the following url: {$url}"; $res = mail($to, $subject, $message, $headers); // Notify user to check their email message_register('Instructions for resetting your password have been sent to your e-mail.'); } return crm_url(); }