// Copyright: Matthias Steffens and the file's // original author(s). // // This code is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY. Please see the GNU General Public // License for more details. // // File: ./user_receipt.php // Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/user_receipt.php $ // Author(s): Matthias Steffens // // Created: 16-Apr-02, 10:54 // Modified: $Date: 2017-04-13 02:00:18 +0000 (Thu, 13 Apr 2017) $ // $Author: karnesky $ // $Revision: 1416 $ // This script shows the user a receipt for their user UPDATE or INSERT. // It carries out no database actions and can be bookmarked. // The user must be logged in to view it. // TODO: I18n, better separate HTML code from PHP code // Incorporate some include files: include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password include 'includes/header.inc.php'; // include header include 'includes/footer.inc.php'; // include footer include 'includes/include.inc.php'; // include common functions include 'initialize/ini.inc.php'; // include common variables // -------------------------------------------------------------------- // START A SESSION: // call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables: start_session(true); // -------------------------------------------------------------------- // Initialize preferred display language: // (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function) include 'includes/locales.inc.php'; // include the locales // -------------------------------------------------------------------- // Extract the 'userID' parameter from the request: if (isset($_REQUEST['userID']) AND preg_match("/^-?[0-9]+$/", $_REQUEST['userID'])) $userID = $_REQUEST['userID']; else $userID = ""; // we do it for clarity reasons here (and in order to prevent any 'Undefined variable...' messages) // Check if the user is logged in if (!isset($_SESSION['loginEmail']) && ($userID != -1)) // Note: 'user_validation.php' uses the non-existing user ID '-1' as trigger to show the email notification receipt page (instead of the standard receipt page) { // save an error message: $HeaderString = "You must login to view your user account details and options!"; // save the URL of the currently displayed page: $referer = $_SERVER['HTTP_REFERER']; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("referer", $referer); header("Location: user_login.php"); exit; } // Check the correct parameters have been passed if ($userID == "") { // save an error message: $HeaderString = "Incorrect parameters to script 'user_receipt.php'!"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Redirect the browser back to the calling page header("Location: " . $referer); // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php' exit; } // Check if the logged-in user is allowed to modify his account details and options if (isset($_SESSION['loginEmail']) AND preg_match("/^\d+$/", $userID) AND isset($_SESSION['user_permissions']) AND !preg_match("/allow_modify_options/", $_SESSION['user_permissions'])) // if a user is logged in but the 'user_permissions' session variable does NOT contain 'allow_modify_options'... { // save an error message: $HeaderString = "You have no permission to modify your user account details and options!"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Redirect the browser back to the calling page header("Location: " . $referer); exit; } // -------------------------------------------------------------------- // (1) OPEN CONNECTION, (2) SELECT DATABASE connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php' // -------------------------------------------------------------------- // For regular users, validate that the correct userID has been passed to the script: if (isset($_SESSION['loginEmail']) && ($loginEmail != $adminLoginEmail)) // check this user matches the userID (viewing user account details is only allowed to the admin) if ($userID != getUserID($loginEmail)) { // otherwise save an error message: $HeaderString = "You can only view your own user receipt!"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' $userID = getUserID($loginEmail); // and re-establish the user's correct user_id } // Extract the type of action requested by the user, either 'delete' or ''. // ('' or anything else will be treated equal to 'edit'). // We actually extract the variable 'userAction' only if the admin is logged in // (since only the admin will be allowed to delete a user): if (isset($_SESSION['loginEmail']) && ($loginEmail == $adminLoginEmail)) // ('$adminLoginEmail' is specified in 'ini.inc.php') { if (isset($_REQUEST['userAction'])) $userAction = $_REQUEST['userAction']; else $userAction = ""; // we do it for clarity reasons here (and in order to prevent any 'Undefined variable...' messages) if ($userAction == "Delete") { if ($userID == getUserID($loginEmail)) // if the admin userID was passed to the script { // save an error message: $HeaderString = "You cannot delete your own user data!"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' $userAction = "Edit"; // and re-set the user action to 'edit' } } else $userAction = "Edit"; // everything that isn't a 'delete' action will be an 'edit' action } else // otherwise we simply assume an 'edit' action, no matter what was passed to the script (thus, no regular user will be able to delete a user) $userAction = "Edit"; // Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''): // ('' will produce the default 'Web' output style) if (isset($_REQUEST['viewType'])) $viewType = $_REQUEST['viewType']; else $viewType = ""; // -------------------------------------------------------------------- // Show the login status: showLogin(); // (function 'showLogin()' is defined in 'include.inc.php') // Show the user confirmation: if ($userID == -1) // 'userID=-1' is sent by 'user_validation.php' to indicate a NEW user who has successfully submitted 'user_details.php' showEmailConfirmation($userID); else showUserData($userID, $userAction, $connection); // ---------------------------------------------- // (5) CLOSE the database connection: disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php' // -------------------------------------------------------------------- // Show a new user a confirmation screen, confirming that the submitted user data have been correctly received: function showEmailConfirmation($userID) { global $HeaderString; global $viewType; global $loginWelcomeMsg; global $loginStatus; global $loginLinks; global $loginEmail; global $adminLoginEmail; global $officialDatabaseName; // Build the correct header message: if (!isset($_SESSION['HeaderString'])) $HeaderString = "Submission confirmation:"; // provide the default message else { $HeaderString = $_SESSION['HeaderString']; // extract 'HeaderString' session variable (only necessary if register globals is OFF!) // Note: though we clear the session variable, the current message is still available to this script via '$HeaderString': deleteSessionVariable("HeaderString"); // function 'deleteSessionVariable()' is defined in 'include.inc.php' } // Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'): displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Receipt", "noindex,nofollow", "Receipt page confirming correct submission of new user details to the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array()); showPageHeader($HeaderString); $confirmationText = "Thanks for your interest in the " . encodeHTML($officialDatabaseName) . "!" . "

The data you provided have been sent to our database admin." . "
We'll process your request and mail back to you as soon as we can!" . "

[Back to " . encodeHTML($officialDatabaseName) . " Home]"; // Start a table: echo "\n"; echo "\n\n\t\n"; echo "\n

" . $confirmationText . "

"; } // -------------------------------------------------------------------- // Show the user an UPDATE receipt: // (if the admin is logged in, this function will also provide a 'new user INSERT' receipt) function showUserData($userID, $userAction, $connection) { global $HeaderString; global $viewType; global $loginWelcomeMsg; global $loginStatus; global $loginLinks; global $loginEmail; global $adminLoginEmail; global $officialDatabaseName; global $defaultLanguage; global $tableUsers; // defined in 'db.inc.php' global $loc; // '$loc' is made globally available in 'core.php' // CONSTRUCT SQL QUERY: $query = "SELECT * FROM $tableUsers WHERE user_id = " . quote_smart($userID); // (3) RUN the query on the database through the connection: $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php' // (4) EXTRACT results (since 'user_id' is the unique primary key for the 'users' table, there will be only one matching row) $row = @ mysqli_fetch_array($result); // Build the correct header message: if (!isset($_SESSION['HeaderString'])) // if there's no saved message if ($userAction == "Delete") // provide an appropriate header message: $HeaderString = "Delete user " . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . "):"; elseif (empty($userID)) $HeaderString = "Account details and options for anyone who isn't logged in:"; else // provide the default message: $HeaderString = "Account details and options for " . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . "):"; else { $HeaderString = $_SESSION['HeaderString']; // extract 'HeaderString' session variable (only necessary if register globals is OFF!) // Note: though we clear the session variable, the current message is still available to this script via '$HeaderString': deleteSessionVariable("HeaderString"); // function 'deleteSessionVariable()' is defined in 'include.inc.php' } // Get the list of "main fields" preferred by the current user: // NOTE: We have to call function 'getMainFields()' up here since it updates // session variable 'userMainFields' which gets used in function // 'buildQuickSearchElements()' (which, in turn, is called from within // function 'showPageHeader()') $mainFieldsArray = getMainFields($userID); // function 'getMainFields()' is defined in 'include.inc.php' // Get the user's preference for displaying auto-completions: // (see note for '$mainFieldsArray' which also applies here) $showAutoCompletions = getPrefAutoCompletions($userID); // function 'getPrefAutoCompletions()' is defined in 'include.inc.php' // Map MySQL field names to localized column names: $fieldNamesArray = mapFieldNames(); // function 'mapFieldNames()' is defined in 'include.inc.php' $localizedMainFieldsArray = array(); foreach ($mainFieldsArray as $field) { if (isset($fieldNamesArray[$field])) $localizedMainFieldsArray[$field] = $fieldNamesArray[$field]; else // no localized field name exists, so we use the original field name $localizedMainFieldsArray[$field] = $field; } // Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'): displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Receipt", "noindex,nofollow", "Receipt page confirming correct entry of user details and options for the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array()); showPageHeader($HeaderString); // Start main table: echo "\n"; echo "\n" . "\n\t"; if ($userAction != "Delete") // we omit user options and permissions when displaying info for a user pending deletion { // ------------------------------------------------------------ // Start middle table cell of main table: echo "\n\t"; // ------------------------------------------------------------ // Start right table cell of main table: echo "\n\t"; } echo "\n"; // Close main table: echo "\n

"; // Start left sub-table: echo "\n\t\t"; echo "\n\t\t\n\t\t\t"; if (mysqli_num_rows($result) == 1) // If there's a user associated with this user ID { // Add edit/delete button: echo "\n\t\t\t\n\t\t"; // Display a password reminder: // (but only if a normal user is logged in -OR- the admin is logged in AND the updated user data are his own!) if (($loginEmail != $adminLoginEmail) | (($loginEmail == $adminLoginEmail) && ($userID == getUserID($loginEmail)))) echo "\n\t\t\n\t\t\t\n\t\t"; // Print title, first name, last name and institutional abbreviation: echo "\n\t\t\n\t\t\t\n\t\t"; } else // no user exists with this user ID { echo "\n\t\t\t\n\t\t"; echo "\n\t\t\n\t\t\t\n\t\t"; } // Close left sub-table: echo "\n\t\t Account Details: "; // If the admin is logged in, allow the display of a button that will delete the currently shown user: if (isset($_SESSION['loginEmail']) && ($loginEmail == $adminLoginEmail)) // ('$adminLoginEmail' is specified in 'ini.inc.php') { if ($userAction == "Delete") echo ""; } if ($userAction != "Delete") echo ""; echo " Please record your password somewhere safe for future use! \n\t\t\t\t"; if (!empty($row["title"])) echo $row["title"] . ". "; echo encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . encodeHTML($row["abbrev_institution"]) . ")"; // Since the first name, last name and abbrev. institution fields are mandatory, we don't need to check if they're empty // Print institution name: if (!empty($row["institution"])) echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["institution"]); // Print corporate institution name: if (!empty($row["corporate_institution"])) echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["corporate_institution"]); // If any of the address lines contain data, add a spacer row: if (!empty($row["address_line_1"]) || !empty($row["address_line_2"]) || !empty($row["address_line_3"]) || !empty($row["zip_code"]) || !empty($row["city"]) || !empty($row["state"]) || !empty($row["country"])) echo "\n\t\t\t\t "; // Print first address line: if (!empty($row["address_line_1"])) echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["address_line_1"]); // Print second address line: if (!empty($row["address_line_2"])) echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["address_line_2"]); // Print third address line: if (!empty($row["address_line_3"])) echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["address_line_3"]); // Print zip code and city: if (!empty($row["zip_code"]) && !empty($row["city"])) // both fields are available echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["zip_code"]) . " " . encodeHTML($row["city"]); elseif (!empty($row["zip_code"]) && empty($row["city"])) // only 'zip_code' available echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["zip_code"]); elseif (empty($row["zip_code"]) && !empty($row["city"])) // only 'city' field available echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["city"]); // Print state: if (!empty($row["state"])) echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["state"]); // Print country: if (!empty($row["country"])) echo "\n\t\t\t\t \n\t\t\t\t" . encodeHTML($row["country"]); // If any of the phone/url/email fields contain data, add a spacer row: if (!empty($row["phone"]) || !empty($row["url"]) || !empty($row["email"])) echo "\n\t\t\t\t "; // Print phone number: if (!empty($row["phone"])) echo "\n\t\t\t\t \n\t\t\t\t" . "Phone: " . encodeHTML($row["phone"]); // Print URL: if (!empty($row["url"])) echo "\n\t\t\t\t \n\t\t\t\t" . "URL: " . $row["url"] . ""; // Print email: echo "\n\t\t\t\t \n\t\t\t\t" . "Email: " . $row["email"] . ""; // Since the email field is mandatory, we don't need to check if it's empty echo "\n\t\t\t (none) "; // Close left table cell of main table: echo "\n\t

"; // Start middle sub-table: echo "\n\t\t"; echo "\n\t\t\n\t\t\t" . "\n\t\t\t\n\t\t"; // Show the user's selected interface language: echo "\n\t\t" . "\n\t\t\t"; if (mysqli_num_rows($result) == 1) // If there's a user associated with this user ID echo "\n\t\t\t"; else // no user exists with this user ID echo "\n\t\t\t"; echo "\n\t\t"; // get the default number of records per page preferred by the current user: $recordsPerPage = getDefaultNumberOfRecords($userID); // function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php' // show the user's default number of records per page: echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; // show the user's preference for displaying auto-completions: echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; if ($loginEmail == $adminLoginEmail) // if the admin is logged in { $ShowEnabledDescriptor = "Enabled"; // get all formats/styles/types that are available and were enabled by the admin for the current user: $userTypesArray = getEnabledUserFormatsStylesTypes($userID, "type", "", false); // function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php' $citationStylesArray = getEnabledUserFormatsStylesTypes($userID, "style", "", false); $citationFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "cite", false); $exportFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "export", false); } else // if a normal user is logged in { $ShowEnabledDescriptor = "Show"; // get all formats/styles/types that were selected by the current user // and (if some formats/styles/types were found) save them as semicolon-delimited string to an appropriate session variable: $userTypesArray = getVisibleUserFormatsStylesTypes($userID, "type", ""); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' $citationStylesArray = getVisibleUserFormatsStylesTypes($userID, "style", ""); $citationFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "cite"); $exportFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "export"); // Note: the function 'getVisibleUserFormatsStylesTypes()' will only update the appropriate session variables if // either a normal user is logged in -OR- the admin is logged in AND the updated user data are his own(*); // otherwise, the function will simply return an array containing all matching values // (*) the admin-condition won't apply here, though, since this function gets only called for normal users. This means, that // the admin is currently not able to hide any items from his popup lists via the admin interface (he'll need to hack the MySQL tables)! } // list types: echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; // list styles: echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; // list cite formats: echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; // list export formats: echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; // list all fields that were selected by the current user as "main fields": echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; // Close middle sub-table: echo "\n\t\t Display Options: "; if ((mysqli_num_rows($result) == 1) OR ($userID == 0)) // If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in) echo ""; echo " Use language: \n\t\t\t\t \n\t\t\t\t\t " . $row["language"] . " \n\t\t\t\t \n\t\t\t \n\t\t\t\t \n\t\t\t\t\t " . $defaultLanguage . " \n\t\t\t\t \n\t\t\t Show records per page: \n\t\t\t\t \n\t\t\t\t\t " . $recordsPerPage . " \n\t\t\t\t \n\t\t\t Show auto-completions: \n\t\t\t\t \n\t\t\t\t\t " . $loc[$showAutoCompletions] . " \n\t\t\t\t \n\t\t\t " . $ShowEnabledDescriptor . " reference types: \n\t\t\t\t \n\t\t\t\t\t "; if (empty($userTypesArray)) echo "(none)"; else echo implode(" \n\t\t\t\t\t ", $userTypesArray); echo " \n\t\t\t\t \n\t\t\t " . $ShowEnabledDescriptor . " citation styles: \n\t\t\t\t \n\t\t\t\t\t "; if (empty($citationStylesArray)) echo "(none)"; else echo implode(" \n\t\t\t\t\t ", $citationStylesArray); echo " \n\t\t\t\t \n\t\t\t " . $ShowEnabledDescriptor . " citation formats: \n\t\t\t\t \n\t\t\t\t\t "; if (empty($citationFormatsArray)) echo "(none)"; else echo implode(" \n\t\t\t\t\t ", $citationFormatsArray); echo " \n\t\t\t\t \n\t\t\t " . $ShowEnabledDescriptor . " export formats: \n\t\t\t\t \n\t\t\t\t\t "; if (empty($exportFormatsArray)) echo "(none)"; else echo implode(" \n\t\t\t\t\t ", $exportFormatsArray); echo " \n\t\t\t\t \n\t\t\t \"Main fields\" searches: \n\t\t\t\t \n\t\t\t\t\t "; if (empty($localizedMainFieldsArray)) echo "(none)"; else echo implode(" \n\t\t\t\t\t ", $localizedMainFieldsArray); echo " \n\t\t\t\t \n\t\t\t "; // Close middle table cell of main table: echo "\n\t

"; // Start right sub-table: echo "\n\t\t"; if ($loginEmail == $adminLoginEmail) // if the admin is logged in { // get all user permissions for the current user: $userPermissionsArray = getPermissions($userID, "user", false); // function 'getPermissions()' is defined in 'include.inc.php' // map raw field names from table 'user_permissions' with items of the global localization array ('$loc'): $localizedUserPermissionsArray = array('allow_add' => 'UserPermission_AllowAdd', 'allow_edit' => 'UserPermission_AllowEdit', 'allow_delete' => 'UserPermission_AllowDelete', 'allow_download' => 'UserPermission_AllowDownload', 'allow_upload' => 'UserPermission_AllowUpload', 'allow_list_view' => 'UserPermission_AllowListView', 'allow_details_view' => 'UserPermission_AllowDetailsView', 'allow_print_view' => 'UserPermission_AllowPrintView', 'allow_browse_view' => 'UserPermission_AllowBrowseView', 'allow_sql_search' => 'UserPermission_AllowSQLSearch', 'allow_user_groups' => 'UserPermission_AllowUserGroups', 'allow_user_queries' => 'UserPermission_AllowUserQueries', 'allow_rss_feeds' => 'UserPermission_AllowRSSFeeds', 'allow_import' => 'UserPermission_AllowImport', 'allow_export' => 'UserPermission_AllowExport', 'allow_cite' => 'UserPermission_AllowCite', 'allow_batch_import' => 'UserPermission_AllowBatchImport', 'allow_batch_export' => 'UserPermission_AllowBatchExport', 'allow_modify_options' => 'UserPermission_AllowModifyOptions', 'allow_edit_call_number' => 'UserPermission_AllowEditCallNumber'); $enabledUserActionsArray = array(); // initialize array variables $disabledUserActionsArray = array(); // separate enabled permission settings from disabled ones and assign localized permission names: foreach($userPermissionsArray as $permissionKey => $permissionValue) { if ($permissionValue == 'yes') $enabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]]; // append this field's localized permission name to the array of enabled user actions else $disabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]]; // append this field's localized permission name to the array of disabled user actions } if (empty($enabledUserActionsArray)) $enabledUserActionsArray[] = "(none)"; if (empty($disabledUserActionsArray)) $disabledUserActionsArray[] = "(none)"; echo "\n\t\t\n\t\t\t" . "\n\t\t\t\n\t\t"; echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; echo "\n\t\t" . "\n\t\t\t" . "\n\t\t\t" . "\n\t\t"; } // Close right sub-table: echo "\n\t\t User Permissions: "; if ((mysqli_num_rows($result) == 1) OR ($userID == 0)) // If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in) echo ""; echo " Enabled features: \n\t\t\t\t \n\t\t\t\t\t " . implode(" \n\t\t\t\t\t ", $enabledUserActionsArray) . " \n\t\t\t\t \n\t\t\t Disabled features: \n\t\t\t\t \n\t\t\t\t\t " . implode(" \n\t\t\t\t\t ", $disabledUserActionsArray) . " \n\t\t\t\t \n\t\t\t "; // Close right table cell of main table: echo "\n\t

"; } // -------------------------------------------------------------------- // DISPLAY THE HTML FOOTER: // call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php') showPageFooter($HeaderString); displayHTMLfoot(); // -------------------------------------------------------------------- ?>