PageRenderTime 44ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/addressbook.php

https://bitbucket.org/ryanhowdy/family-connections
PHP | 759 lines | 718 code | 16 blank | 25 comment | 8 complexity | 98e627062b25268307dbe412ef98fa23 MD5 | raw file
Possible License(s): Apache-2.0, GPL-2.0
  1. <?php
  2. /**
  3. * AddressBook
  4. *
  5. * PHP versions 4 and 5
  6. *
  7. * @category FCMS
  8. * @package FamilyConnections
  9. * @author Ryan Haudenschilt <r.haudenschilt@gmail.com>
  10. * @copyright 2007 Haudenschilt LLC
  11. * @license http://www.gnu.org/licenses/gpl-2.0.html GPLv2
  12. * @link http://www.familycms.com/wiki/
  13. */
  14. session_start();
  15. define('URL_PREFIX', '');
  16. define('GALLERY_PREFIX', 'gallery/');
  17. require 'fcms.php';
  18. load('datetime', 'addressbook', 'database', 'alerts', 'phone', 'address');
  19. init();
  20. // Globals
  21. $book = new AddressBook($fcmsUser->id);
  22. $alertObj = new Alerts($fcmsUser->id);
  23. $TMPL = array(
  24. 'currentUserId' => $fcmsUser->id,
  25. 'sitename' => getSiteName(),
  26. 'nav-link' => getNavLinks(),
  27. 'pagetitle' => T_('Address Book'),
  28. 'path' => URL_PREFIX,
  29. 'displayname' => $fcmsUser->displayName,
  30. 'version' => getCurrentVersion(),
  31. 'year' => date('Y')
  32. );
  33. control();
  34. exit();
  35. /**
  36. * control
  37. *
  38. * The controlling structure for this script.
  39. *
  40. * @return void
  41. */
  42. function control ()
  43. {
  44. global $book;
  45. if (isset($_GET['alert']))
  46. {
  47. removeAlert();
  48. }
  49. if (isset($_GET['csv']))
  50. {
  51. if ($_GET['csv'] == 'export')
  52. {
  53. displayExportSubmit();
  54. }
  55. elseif (isset($_POST['import']))
  56. {
  57. displayHeader();
  58. $book->importAddressCsv($_FILES['csv']);
  59. displayFooter();
  60. }
  61. else
  62. {
  63. displayHeader();
  64. $book->displayImportForm();
  65. displayFooter();
  66. }
  67. }
  68. elseif (isset($_POST['emailsubmit']))
  69. {
  70. displayMassEmailForm();
  71. }
  72. elseif (isset($_POST['sendemailsubmit']))
  73. {
  74. displayMassEmailSubmit();
  75. }
  76. elseif (isset($_GET['delete']))
  77. {
  78. if (!isset($_GET['confirmed']))
  79. {
  80. displayConfirmDeleteForm();
  81. }
  82. elseif (isset($_POST['delconfirm']) || isset($_GET['confirmed']))
  83. {
  84. displayDeleteSubmit();
  85. }
  86. }
  87. elseif (isset($_GET['edit']))
  88. {
  89. displayEditForm();
  90. }
  91. elseif (isset($_POST['editsubmit']))
  92. {
  93. displayEditSubmit();
  94. }
  95. elseif (isset($_GET['add']))
  96. {
  97. displayAddForm();
  98. }
  99. elseif (isset($_POST['addsubmit']))
  100. {
  101. displayAddSubmit();
  102. }
  103. elseif (isset($_GET['address']))
  104. {
  105. displayAddress();
  106. }
  107. else
  108. {
  109. displayAddressList();
  110. }
  111. }
  112. /**
  113. * displayExportSubmit
  114. *
  115. * @return void
  116. */
  117. function displayExportSubmit ()
  118. {
  119. global $book;
  120. $sql = "SELECT `lname`, `fname`, `address`, `city`, `state`, `zip`, `email`, `home`, `work`, `cell`
  121. FROM `fcms_address` AS a, `fcms_users` AS u
  122. WHERE a.`user` = u.`id`
  123. ORDER BY `lname`, `fname`";
  124. $result = mysql_query($sql);
  125. if (!$result)
  126. {
  127. displayHeader();
  128. displaySqlError($sql, mysql_error());
  129. displayFooter();
  130. return;
  131. }
  132. $csv = "lname, fname, address, city, state, zip, email, home, work, cell\015\012";
  133. while ($row = mysql_fetch_assoc($result))
  134. {
  135. $csv .= '"'.join('","', str_replace('"', '""', $row))."\"\015\012";
  136. }
  137. $date = fixDate('Y-m-d', $book->tzOffset);
  138. header("Content-type: text/plain");
  139. header("Content-disposition: csv; filename=FCMS_Addresses_$date.csv; size=".strlen($csv));
  140. echo $csv;
  141. }
  142. /**
  143. * displayMassEmailForm
  144. *
  145. * @return void
  146. */
  147. function displayMassEmailForm ()
  148. {
  149. global $fcmsUser, $book;
  150. $massEmails = $_POST['massemail'];
  151. displayHeader();
  152. if (checkAccess($fcmsUser->id) > 3)
  153. {
  154. echo '
  155. <p class="error-alert">
  156. '.T_('You do not have permission to perform this task. You must have an access level of 3 (Member) or higher.').'
  157. </p>';
  158. displayFooter();
  159. return;
  160. }
  161. if (empty($massEmails))
  162. {
  163. echo '
  164. <p class="error-alert">
  165. '.T_('You must choose at least one member to email.').'
  166. <a href="help.php#address-massemail">'.T_('Get more help on sending mass emails.').'</a>
  167. </p>';
  168. displayFooter();
  169. return;
  170. }
  171. $book->displayMassEmailForm($massEmails);
  172. displayFooter();
  173. }
  174. /**
  175. * displayHeader
  176. *
  177. * @return void
  178. */
  179. function displayHeader ()
  180. {
  181. global $fcmsUser, $TMPL;
  182. $TMPL['javascript'] = '
  183. <script type="text/javascript" src="ui/js/tablesort.js"></script>
  184. <script type="text/javascript">
  185. //<![CDATA[
  186. Event.observe(window, \'load\', function() {
  187. initChatBar(\''.T_('Chat').'\', \''.$TMPL['path'].'\');
  188. initAddressBookClickRow();
  189. initCheckAll(\''.T_("Select All").'\');
  190. deleteConfirmationLink("del_address", "'.T_('Are you sure you want to DELETE this address?').'");
  191. });
  192. //]]>
  193. </script>';
  194. include_once getTheme($fcmsUser->id).'header.php';
  195. echo '
  196. <div id="addressbook" class="centercontent">';
  197. }
  198. /**
  199. * displayFooter
  200. *
  201. * @return void
  202. */
  203. function displayFooter ()
  204. {
  205. global $fcmsUser, $TMPL;
  206. echo '
  207. </div><!-- /centercontent -->';
  208. include_once getTheme($fcmsUser->id).'footer.php';
  209. }
  210. /**
  211. * displayMassEmailSubmit
  212. *
  213. * @return void
  214. */
  215. function displayMassEmailSubmit ()
  216. {
  217. global $book;
  218. displayHeader();
  219. $requiredFields = array('subject', 'email', 'name', 'msg');
  220. $missingRequired = false;
  221. foreach ($requiredFields as $field)
  222. {
  223. if (!isset($_POST[$field]))
  224. {
  225. $missingRequired = true;
  226. }
  227. }
  228. if ($missingRequired)
  229. {
  230. $book->displayMassEmailForm(
  231. $_POST['emailaddress'],
  232. $_POST['email'],
  233. $_POST['name'],
  234. $_POST['subject'],
  235. $_POST['msg'],
  236. 'Yes'
  237. );
  238. displayFooter();
  239. return;
  240. }
  241. $emailHeaders = getEmailHeaders($_POST['name'], $_POST['email']);
  242. foreach ($_POST['emailaddress'] as $email)
  243. {
  244. mail($email, $_POST['subject'], $_POST['msg']."\r\n-".$_POST['name'], $emailHeaders);
  245. }
  246. displayOkMessage(T_('Email has been sent.'));
  247. $book->displayAddressList('members');
  248. displayFooter();
  249. }
  250. /**
  251. * displayEditSubmit
  252. *
  253. * @return void
  254. */
  255. function displayEditSubmit ()
  256. {
  257. global $book, $fcmsUser;
  258. displayHeader();
  259. $aid = (int)$_POST['aid'];
  260. $uid = (int)$_POST['uid'];
  261. $cat = $_POST['cat'];
  262. $address = strip_tags($_POST['address']);
  263. $city = strip_tags($_POST['city']);
  264. $state = strip_tags($_POST['state']);
  265. $zip = strip_tags($_POST['zip']);
  266. $home = strip_tags($_POST['home']);
  267. $work = strip_tags($_POST['work']);
  268. $cell = strip_tags($_POST['cell']);
  269. $email = strip_tags($_POST['email']);
  270. $country = escape_string($_POST['country']);
  271. $address = escape_string($address);
  272. $city = escape_string($city);
  273. $state = escape_string($state);
  274. $zip = escape_string($zip);
  275. $home = escape_string($home);
  276. $work = escape_string($work);
  277. $cell = escape_string($cell);
  278. $email = escape_string($email);
  279. // Get current address and email
  280. $sql = "SELECT a.`country`, a.`address`, a.`city`, a.`state`, a.`zip`, a.`home`, a.`work`, a.`cell`, u.`email`
  281. FROM `fcms_address` AS a
  282. LEFT JOIN `fcms_users` AS u ON a.`user` = u.`id`
  283. WHERE a.`id` = '$aid'
  284. AND a.`user` = '$uid'";
  285. $result = mysql_query($sql);
  286. if (!$result)
  287. {
  288. displaySqlError($sql, mysql_error());
  289. displayFooter();
  290. return;
  291. }
  292. $row = mysql_fetch_assoc($result);
  293. $changes = array();
  294. $columns = array(
  295. 'country' => 'address',
  296. 'address' => 'address',
  297. 'city' => 'address',
  298. 'state' => 'address',
  299. 'zip' => 'address',
  300. 'home' => 'home',
  301. 'work' => 'work',
  302. 'cell' => 'cell',
  303. 'email' => 'email'
  304. );
  305. // See what changed
  306. foreach ($columns as $column => $type)
  307. {
  308. // if db is null, then the column must be non empty to be considered changed
  309. if (is_null($row[$column]))
  310. {
  311. if (!empty($$column))
  312. {
  313. $changes[] = $type;
  314. }
  315. }
  316. // db doesn't match post data
  317. elseif ($row[$column] !== $$column)
  318. {
  319. $changes[] = $type;
  320. }
  321. }
  322. // We could have duplicate 'address' changes, lets only save once
  323. $changes = array_unique($changes);
  324. // Save Address
  325. $sql = "UPDATE `fcms_address`
  326. SET `updated` = NOW(),
  327. `updated_id` = '$fcmsUser->id',
  328. `country` = '$country',
  329. `address` = '$address',
  330. `city` = '$city',
  331. `state` = '$state',
  332. `zip` = '$zip',
  333. `home` = '$home',
  334. `work` = '$work',
  335. `cell` = '$cell'
  336. WHERE `id` = '$aid'";
  337. if (!mysql_query($sql))
  338. {
  339. displaySqlError($sql, mysql_error());
  340. displayFooter();
  341. return;
  342. }
  343. // Save Email
  344. $sql = "UPDATE `fcms_users`
  345. SET `email`='$email'
  346. WHERE `id` = '$uid'";
  347. if (!mysql_query($sql))
  348. {
  349. displaySqlError($sql, mysql_error());
  350. displayFooter();
  351. return;
  352. }
  353. // Update changelog
  354. $sql = "INSERT INTO `fcms_changelog` (`user`, `table`, `column`, `created`)
  355. VALUES ";
  356. foreach ($changes as $column)
  357. {
  358. $sql .= "('$uid', 'address', '$column', NOW()),";
  359. }
  360. $sql = substr($sql, 0, -1); // remove extra comma
  361. if (count($changes) > 0)
  362. {
  363. if (!mysql_query($sql))
  364. {
  365. displaySqlError($sql, mysql_error());
  366. displayFooter();
  367. return;
  368. }
  369. }
  370. displayOkMessage();
  371. $book->displayAddress($aid, $cat);
  372. displayFooter();
  373. }
  374. /**
  375. * displayAddSubmit
  376. *
  377. * @return void
  378. */
  379. function displayAddSubmit ()
  380. {
  381. global $fcmsUser, $book;
  382. displayHeader();
  383. $uniq = uniqid("");
  384. $fname = strip_tags($_POST['fname']);
  385. $lname = strip_tags($_POST['lname']);
  386. $email = strip_tags($_POST['email']);
  387. $country = strip_tags($_POST['country']);
  388. $address = strip_tags($_POST['address']);
  389. $city = strip_tags($_POST['city']);
  390. $state = strip_tags($_POST['state']);
  391. $zip = strip_tags($_POST['zip']);
  392. $home = strip_tags($_POST['home']);
  393. $work = strip_tags($_POST['work']);
  394. $cell = strip_tags($_POST['cell']);
  395. $fname = escape_string($fname);
  396. $lname = escape_string($lname);
  397. $email = escape_string($email);
  398. $country = escape_string($country);
  399. $address = escape_string($address);
  400. $city = escape_string($city);
  401. $state = escape_string($state);
  402. $zip = escape_string($zip);
  403. $home = escape_string($home);
  404. $work = escape_string($work);
  405. $cell = escape_string($cell);
  406. $pw = 'NONMEMBER';
  407. if (isset($_POST['private']))
  408. {
  409. $pw = 'PRIVATE';
  410. }
  411. $sql = "INSERT INTO `fcms_users` (
  412. `access`, `joindate`, `fname`, `lname`, `email`, `username`, `password`
  413. ) VALUES (
  414. 10,
  415. NOW(),
  416. '$fname',
  417. '$lname',
  418. '$email',
  419. 'NONMEMBER-$uniq',
  420. '$pw'
  421. )";
  422. if (!mysql_query($sql))
  423. {
  424. displaySqlError($sql, mysql_error());
  425. displayFooter();
  426. return;
  427. }
  428. $id = mysql_insert_id();
  429. $sql = "INSERT INTO `fcms_address`(
  430. `user`, `created_id`, `created`, `updated_id`, `updated`,
  431. `country`, `address`, `city`, `state`, `zip`, `home`, `work`, `cell`
  432. ) VALUES (
  433. '$id',
  434. '$fcmsUser->id',
  435. NOW(),
  436. '$fcmsUser->id',
  437. NOW(),
  438. '$country',
  439. '$address',
  440. '$city',
  441. '$state',
  442. '$zip',
  443. '$home',
  444. '$work',
  445. '$cell'
  446. )";
  447. if (!mysql_query($sql))
  448. {
  449. displaySqlError($sql, mysql_error());
  450. displayFooter();
  451. return;
  452. }
  453. displayOkMessage();
  454. $book->displayAddressList('non');
  455. displayFooter();
  456. }
  457. /**
  458. * displayConfirmDeleteForm
  459. *
  460. * @return void
  461. */
  462. function displayConfirmDeleteForm ()
  463. {
  464. global $fcmsUser, $book;
  465. displayHeader();
  466. $aid = (int)$_GET['delete'];
  467. $cat = cleanOutput($_GET['cat']);
  468. echo '
  469. <div class="info-alert">
  470. <form action="addressbook.php?cat='.$cat.'&amp;delete='.$aid.'&amp;confirmed=1" method="post">
  471. <h2>'.T_('Are you sure you want to DELETE this?').'</h2>
  472. <p><b><i>'.T_('This can NOT be undone.').'</i></b></p>
  473. <div>
  474. <input style="float:left;" type="submit" id="delconfirm" name="delconfirm" value="'.T_('Yes').'"/>
  475. <a style="float:right;" href="addressbook.php?cat='.$cat.'&amp;address='.$aid.'">
  476. '.T_('Cancel').'
  477. </a>
  478. </div>
  479. </form>
  480. </div>';
  481. displayFooter();
  482. }
  483. /**
  484. * displayDeleteSubmit
  485. *
  486. * @return void
  487. */
  488. function displayDeleteSubmit ()
  489. {
  490. global $fcmsUser, $book;
  491. $aid = (int)$_GET['delete'];
  492. $cat = $_GET['cat'];
  493. if (checkAccess($fcmsUser->id) >= 2)
  494. {
  495. displayHeader();
  496. echo '
  497. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  498. $book->displayAddressList($cat);
  499. displayFooter();
  500. return;
  501. }
  502. $sql = "SELECT a.`user`, u.`password`
  503. FROM `fcms_address` AS a, `fcms_users` AS u
  504. WHERE a.`id` = '$aid'
  505. AND a.`user` = u.`id`";
  506. $result = mysql_query($sql);
  507. if (!$result)
  508. {
  509. displayHeader();
  510. displaySqlError($sql, mysql_error());
  511. displayFooter();
  512. return;
  513. }
  514. $r = mysql_fetch_assoc($result);
  515. $user = $r['user'];
  516. $pass = $r['password'];
  517. if ($r['password'] !== 'NONMEMBER' && $r['password'] !== 'PRIVATE')
  518. {
  519. displayHeader();
  520. echo '
  521. <p class="error-alert">'.T_('You cannot delete the address of a member.').'</p>';
  522. $book->displayAddressList($cat);
  523. displayFooter();
  524. return;
  525. }
  526. $sql = "DELETE FROM `fcms_users` WHERE `id` = '$user'";
  527. if (!mysql_query($sql))
  528. {
  529. displayHeader();
  530. displaySqlError($sql, mysql_error());
  531. displayFooter();
  532. return;
  533. }
  534. $sql = "DELETE FROM fcms_address WHERE id = '$aid'";
  535. if (!mysql_query($sql))
  536. {
  537. displayHeader();
  538. displaySqlError($sql, mysql_error());
  539. displayFooter();
  540. return;
  541. }
  542. displayAddressList();
  543. displayOkMessage(T_('Address Deleted Successfully.'));
  544. displayFooter();
  545. }
  546. /**
  547. * displayEditForm
  548. *
  549. * @return void
  550. */
  551. function displayEditForm ()
  552. {
  553. global $book;
  554. displayHeader();
  555. $id = (int)$_GET['edit'];
  556. $cat = cleanOutput($_GET['cat']);
  557. $book->displayEditForm($id, 'addressbook.php?cat='.$cat.'&amp;address='.$id);
  558. displayFooter();
  559. }
  560. /**
  561. * displayAddForm
  562. *
  563. * @return void
  564. */
  565. function displayAddForm ()
  566. {
  567. global $fcmsUser, $book;
  568. displayHeader();
  569. if (checkAccess($fcmsUser->id) > 5)
  570. {
  571. echo '
  572. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  573. displayFooter();
  574. return;
  575. }
  576. $book->displayAddForm();
  577. displayFooter();
  578. }
  579. /**
  580. * displayAddress
  581. *
  582. * @return void
  583. */
  584. function displayAddress ()
  585. {
  586. global $book;
  587. displayHeader();
  588. $address = (int)$_GET['address'];
  589. $cat = 'all';
  590. if (isset($_GET['cat']))
  591. {
  592. $cat = $_GET['cat'];
  593. }
  594. $book->displayAddress($address, $cat);
  595. displayFooter();
  596. }
  597. /**
  598. * removeAlert
  599. *
  600. * @return void
  601. */
  602. function removeAlert ()
  603. {
  604. global $fcmsUser;
  605. $alert = $_GET['alert'];
  606. $sql = "INSERT INTO `fcms_alerts` (`alert`, `user`)
  607. VALUES (
  608. '$alert',
  609. '$fcmsUser->id'
  610. )";
  611. if (!mysql_query($sql))
  612. {
  613. displayHeader();
  614. displaySqlError($sql, mysql_error());
  615. displayFooter();
  616. exit();
  617. }
  618. }
  619. /**
  620. * displayAddressList
  621. *
  622. * @return void
  623. */
  624. function displayAddressList ()
  625. {
  626. global $alertObj, $book, $fcmsUser;
  627. displayHeader();
  628. $cat = 'members';
  629. if (isset($_GET['cat']))
  630. {
  631. $cat = $_GET['cat'];
  632. }
  633. if (!$book->userHasAddress($fcmsUser->id))
  634. {
  635. // Show Alerts
  636. $alertObj->displayAddress($fcmsUser->id);
  637. }
  638. $book->displayAddressList($cat);
  639. displayFooter();
  640. }