Viên ngọc phương Đông

ruạṛ

<?php
/**
 * Update user record and current login if necessary
 * @version 0.9
 * @author Robert Urquhart <programmer@activatedesign.co.nz>
 * @package dreamdiamondstore
*/

/*
 * load site data and definitions, check for admin user
 * @var string $include_path - for easy global search/replace if include location changes
 */
$include_path = $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/';
$template_dir = $_SERVER['DOCUMENT_ROOT'].'/resources/template/';
require_once $include_path.'universal.php';
require_once $template_dir.'functions.php';

/*
 * start the session (after includes so objects stored in $_SESSION are created properly)
 */
session_start();

$connID = connect_to_db();

/**
 * suhosin workaround - load session user data
 * @var object $customer
 * @var object $state pre-update copy to compare for change conditionals
 */
$customer = user_load(); 
$state = user_load();

/*
 * shouldn't be trying to access this script if not logged in
 */
if(!$customer->logged_in)
{
	getout('',select_one('page_data','path','page_type','customers'));
	exit;
}

/**
 * get and clean form data
 * @var string $email because we don't want to put this into $customer without validating it
 */
$customer->name = clean_plain_data($_POST['customer']);
$customer->phone = clean_plain_data($_POST['phone']);
$customer->address = clean_plain_data($_POST['delivery_address']);
$customer->shipping_location = is_numeric_id($_POST['ship_id'],0);
$customer->newsletter = (isset($_POST['newsletter'])) ? '1' : '0';
$customer->interests = array(); //reset
foreach($customer->interest_list as $name => $label)
{
	if(isset($_POST[$name]))
	{
		$customer->interests[] = $name;
	}
}
$email = clean_plain_data($_POST['email']);

/**
 * validate
 * @var bool $fail;
 */

$fail = false;
$message = '';

if($email != $customer->email) //only need to check if changed
{
	if(!is_email($email)) //|| ( && !is_valid_password($password))
	{
		$message = 'Please enter a valid email address. Email address has not been updated. <br />';
		$fail = true;
	}
	elseif($cid = select_one('users','user_id','email',$email))
	{
		$fail = true;
		$message = 'There is already an account using that email address. Email address has not been updated. <br />';
	}
}

if(!$fail)
{
	$customer->email = $email;
}

$password = clean_plain_data($_POST['userpass']);
/*
 * update record
 */
if(!$customer->update($password))
{
	$message .= mysql_error();
}
else
{
	$message .= 'Your details have been updated';
	
	//$message .= "$state->newsletter != $customer->newsletter || ".print_r($state->interests,true)." != ".print_r($customer->interests,true)."";
	$name = ($customer->name!='') ? html_entity_decode($customer->name,ENT_QUOTES) : $customer->email;
	$subject = 'Customer account for '.$name.' updated at '.SITE_FROM_NAME;
	if($state->newsletter != $customer->newsletter || $state->interests != $customer->interests)
	{
		if($customer->newsletter)
		{
			$subject .= ' (add to newsletter or update interests)';
			$body .= '
Email address: '.$email.'
Interests:
';
			foreach($customer->interests as $i)
			{
				$body .= $i.'
';
			}
		}
		else
		{
			$subject .= ' (remove from newsletter)';
			$body .= '
Email address: '.$email;
		}
	}
	$body .= '
You may view and manage this account at http://'.SITE_ROOT.'/admin/customer-manage.php?customer='.$customer->user_id;
	send_email($body,$subject);
}

setCookie('custMessage','<p class="message">'.$message.'</p>',time()+30,'/');

getout('');
exit;
?>