|
<% include $Header_admin; %>
<%
function fill_data() {
global $input, $membervars;
global $password, $username, $perms, $user_id;
global $months, $currentyear, $data, $db, $valid, $edit;
global $Company_name, $Domain_name, $Root_dir;
# fill up data with current user information
$query = "select * from data where user_id='".$user_id."'";
$data->query($query);
$query = "select * from auth_user where user_id='".$user_id."'";
$db->query($query);
if ($data->num_rows() > 0 && $db->num_rows() > 0) {
$data->next_record();
$db->next_record();
foreach ($membervars as $val) {
$input[$val] = $data->f($val);
}
$password = $db->f("password");
$username = $db->f("username");
$perms = $db->f("perms");
} else {
$error = 1;
my_error (" Sorry, there is no data for the record you are wanting to edit.
\n");
unset($save);
unset($success);
exit();
}
}
function check_data() {
global $input;
global $password, $username, $perms, $user_id;
global $months, $currentyear, $data, $db, $valid, $edit;
global $Company_name, $Domain_name, $Root_dir;
global $badphone, $badzip, $badbusinessid;
$input[firstname] = ucfirst($input[firstname]);
$input[lastname] = ucfirst($input[lastname]);
$username = strtolower($username);
# check validity of submission
$valid = 1;
if (!$edit) {
# these checks are for new submissions only
if (!empty($input[email])) {
$data->query("select user_id from data where email like '$input[email]'");
if ($data->num_rows() > 0) {
$valid = 0;
$data->next_record();
$user_id = $data->f("user_id");
print "Sorry, this submission contains an email address that is the same
as one already contained in our Account Center. If this message
is in error, please email
webmaster@$Domain_name
with your name and the email address you put on your application.
\n";
}
}
if ($valid == 1) {
$db->query("select username from auth_user where username = '$username'");
if ($db->num_rows() > 0) {
$valid = 0;
print "Sorry, this submission contains a username that is the same
as one already contained in our Account Center. You can
change the information and resubmit below. If this
message is in error, please email
webmaster@$Domain_name
with your name and the username you put on your application.
\n";
}
}
if ($valid == 1) {
if (!eregi("(^[a-z0-9 _\-]+$)",$username)) {
$valid = 0;
print "Sorry, the username you have selected is invalid. Usernames can contain
alphanumerics, spaces, underlines and dashes only. Please enter a new username below.
\n";
unset($username);
}
}
}
if ($valid == 1) {
if (
empty($input["lastname"]) || empty($input["firstname"]) || empty($input["phone"]) ||
empty($input["address"]) || empty($input["city"]) || empty($input["state"]) ||
empty($input["zip"]) || empty($input["company"])
) {
$valid = 0;
print "Sorry, your submission is missing some data for required fields. Please look at
the form below and make sure you filled out all form fields that are marked
with a red asterisk.
\n";
}
}
# remove leading "1-" if they put it there
$input["phone"] = preg_replace("/^1\-?/","",$input["phone"]);
$phonesave = $input["phone"];
#remove any non-digit characters from the phone number
$input["phone"] = preg_replace("/\D/","",$input["phone"]);
# pick off the area code, first 3 and last 4 digits
if (preg_match("/^(\d{3})(\d{3})(\d{4})$/",$input["phone"],$matches)) {
$input["phone"] = $matches[1].'-'.$matches[2].'-'.$matches[3];
} else {
$badphone = 1;
$input["phone"] = $phonesave;
$valid = 0;
print "Sorry, the phone number must be in the form xxx-xxx-xxxx. Please check
your entry below and resubmit.
\n";
}
if ($valid == 1 && !preg_match("/^\d{5}(\-\d{4})?$/",$input["zip"])) {
$badzip = 1;
$valid = 0;
print "Sorry, the zip code must be a 5 digit number followed optionally by a hyphen and 4 digits.
Please check your entry below and resubmit.
\n";
}
/*
if ($valid == 1 && !preg_match("/^\d{2}\-\d{7}$/",$input["businessid"])) {
$badbusinessid = 1;
$valid = 0;
print "Sorry, a Business ID (the same as your Federal Tax ID) must be entered
in the form xx-xxxxxxx.
Please check your entry below and resubmit.
\n";
}
*/
if ($valid == 1) {
if (!$edit && (empty($username) || empty($password))) {
$valid = 0;
print "Sorry, your submission is missing some data for username and/or password. Please look at
the form below and make sure you filled out all form fields that are marked
with a red asterisk.
\n";
}
}
if ($valid == 1) {
if (!empty($input[email]) && !validate_email($input[email])) {
$valid = 0;
print "Sorry, your email address appears to be invalid. Please correct it below and resubmit.
\n";
}
}
if ($valid == 0) unset($save);
}
function adduser() {
global $input, $membervars;
global $password, $username, $perms, $user_id;
global $months, $currentyear, $data, $db, $valid, $edit;
global $Company_name, $Domain_name, $Root_dir;
## Create a user_id and insert the user...
$hash_secret = 'zapper19';
$user_id=md5(uniqid($hash_secret));
$query = "insert into auth_user values('$user_id','$username','$password','$perms')";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
}
$date_added = date("Y-m-d",time());
$query = "insert into data set user_id = '$user_id'";
foreach ($membervars as $val) {
$query .= ", $val='".$input[$val]."'";
}
$data->query("$query");
%>
Thank you for creating a new account for
<%echo "$input[company], $input[firstname] $input[lastname]"%> on <% echo $Company_name %>.
You may now login or continue to the <%echo $Company_name%> home page.
Account Center Home
<%
// if ($data->affected_rows() > 0) {
$success = 1;
# email the admininstrator
require("$Root_dir/includes/n_mail.php");
$message = "
A new account was created for the $Company_name web site.
View the Profile Sheet on $input[firstname] $input[lastname].
This email was automatically generated by the $Company_name Account Center
\n";
if (empty($email)) {
$fromemail = "memberships@$Domain_name";
} else {
$fromemail = $email;
}
n_mail($fromemail,"memberships@$Domain_name","[Account Center] New Account - $input[firstname] $input[lastname]",
$message, "Content-Type: text/html;charset=\"iso-8859-1\"\nMime-Version: 1.0");
$message = "You have successfully created a new account for $Company_name.
You can view and edit your Account Profile in the Account Center (http://www.$Domain_name\/members/).
Here are the username and password you signed up with. Please keep a record of this for logging in to the site.
Username: $username
Password: $password
This email was automatically generated by the $Company_name Account Center";
if (!empty($email)) {
n_mail("memberships@$Domain_name",$email,'[Account Center] New Account Confirmation',
$message, "Mime-Version: 1.0");
}
}
function saveedit() {
global $input, $membervars;
global $password, $username, $perms, $user_id, $PHP_SELF;
global $months, $currentyear, $additional_headers, $data, $db, $valid, $edit;
global $Company_name, $Domain_name, $Root_dir;
$query = "update auth_user set perms='$perms' where user_id='$user_id'";
$data->query("$query");
$query = "update data set";
foreach ($membervars as $val) {
$query .= " $val='".$input[$val]."',";
}
$query = substr($query, 0, -1); // remove last comma
$query .= " where user_id='$user_id'";
$data->query("$query");
$success = 1;
print "Your changes were successfully saved to the Account Center. ";
print "\n";
}
%>
<%
function showform() {
global $input, $permlevels;
global $password, $username, $perms, $user_id;
global $months, $currentyear, $data, $db, $valid, $edit;
global $auth, $admin, $PHP_SELF, $save;
global $Company_name, $Domain_name, $Root_dir;
global $badphone, $badzip, $badbusinessid;
%>
<%
if ($admin && $user_id) {
%>
Admin Mode
<%
}
%>
<%
} # end of function showform
%>
<%
if ($disable_new_membership) {
%>
New account additions are temporarily disabled for maintenance. Please try back soon.
<%
} else {
if ($save) {
check_data();
if ($valid) {
if ($edit) {
saveedit();
} else {
adduser();
}
}
}
if ($edit && (!$auth->is_authenticated() || $auth->auth["uname"] == 'nobody')) {
my_error("You must login first before you can edit your Account Profile.");
} else if ($edit && ($user_id != $auth->auth["uid"] && !$admin)) {
my_error("Sorry, you do not have permission to edit the account profile of ".$auth->auth["firstname"].' '.$auth->auth["lastname"].".");
} else {
if (!$valid) {
if ($edit) {
if (!isset($save)) fill_data();
print "Account Edit\n";
showform();
} else {
// this is where new accounts are added
// if ($admin) {
print "New Account
Please fill out the information below to create an account on $Company_name.
Required fields are marked by a red asterisk.
If you have already created this account, please do not create a new account. If you cannot remember
your username or password, go to the Username/Password Lookup Page. \n";
showform();
// } else {
// print "You must be an administrator to create new accounts. \n";
// }
}
}
}
}
%>
<% include $Footer_admin; %>
|
<%
page_close();
%>