/[drupal]/contributions/modules/addressbook/addressbook.module
ViewVC logotype

Contents of /contributions/modules/addressbook/addressbook.module

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.34 - (show annotations) (download) (as text)
Tue Oct 27 19:01:51 2009 UTC (4 weeks, 2 days ago) by wplaat
Branch: MAIN
CVS Tags: DRUPAL-6--3-7, HEAD
Changes since 1.33: +180 -165 lines
File MIME type: text/x-php 
Today plaatsoft released a new version of Addressbook for Drupal 6

23-09-2009 Version 6.x-3.7
- Hot security fix to protect against XSS (Cross Site Scripting) hacking
1 <?php
2
3 /**
4 * Created by wplaat (Plaatsoft)
5 *
6 * This software is open source and may be copied, distributed or modified under the terms of the GNU General Public License (GPL) Version 2
7 *
8 * For more information visit the following website.
9 * Website : http://www.plaatsoft.nl
10 *
11 * Or send an email to the following address.
12 * Email : info@plaatsoft.nl
13 */
14
15 // Addressbook module URLs.
16 define('URL_FAMILY_LIST', 'addressbook/family/list');
17 define('URL_FAMILY_VIEW', 'addressbook/family/view');
18 define('URL_FAMILY_EDIT', 'addressbook/family/edit');
19 define('URL_MEMBER_LIST', 'addressbook/member/list');
20 define('URL_MEMBER_VIEW', 'addressbook/member/view');
21 define('URL_MEMBER_EDIT', 'addressbook/member/edit');
22 define('URL_PICTURE_VIEW', 'addressbook/picture/view');
23 define('URL_PICTURE_EDIT', 'addressbook/picture/edit');
24 define('URL_UPLOAD_CSV', 'addressbook/csv/upload');
25 define('URL_DOWNLOAD_CSV', 'addressbook/csv/download');
26 define('URL_SEARCH', 'addressbook/search');
27 define('URL_MAP_VIEW', 'addressbook/map/view');
28 define('URL_EMAIL', 'addressbook/email');
29
30 define('IMAGE_DIR', file_directory_path().'/addressbook');
31 define('THUMBNAILS_DIR', file_directory_path().'/addressbook/thumbnails');
32
33 /**
34 * help hook()
35 * @return help texts
36 */
37 function addressbook_help($path, $arg) {
38
39 $output = '';
40 switch ($path) {
41 case 'admin/modules#description':
42 $output .= t('Addressbook module');
43 break;
44 }
45 return $output;
46 }
47
48 function addressbook_mail($key, &$message, $params)
49 {
50 $message['subject'] = $params['subject'];
51 $message['body'] = $params['body'];
52 }
53
54 /**
55 * menu hook()
56 * @return array of menu items
57 */
58 function addressbook_menu()
59 {
60
61 $items[URL_FAMILY_LIST] = array(
62 'title' => 'Addressbook family list',
63 'page callback' => 'family_list',
64 'access arguments' => array('view addressbook'),
65 'type' => MENU_CALLBACK,
66 );
67
68 $items[URL_FAMILY_VIEW] = array(
69 'title' => 'Addressbook view family',
70 'page callback' => 'family_view2',
71 'access arguments' => array('view addressbook'),
72 'type' => MENU_CALLBACK,
73 );
74
75 $items[URL_FAMILY_EDIT] = array(
76 'title' => 'Addressbook edit family',
77 'page callback' => 'family_edit',
78 'access arguments' => array('add address'),
79 'type' => MENU_CALLBACK,
80 );
81
82 $items[URL_MEMBER_LIST] = array(
83 'title' => 'Addressbook family list',
84 'page callback' => 'member_list',
85 'access arguments' => array('view addressbook'),
86 'type' => MENU_CALLBACK,
87 );
88
89 $items[URL_MEMBER_VIEW] = array(
90 'title' => 'Addressbook view family member',
91 'page callback' => 'member_view',
92 'access arguments' => array('view addressbook'),
93 'type' => MENU_CALLBACK,
94 );
95
96 $items[URL_MEMBER_EDIT] = array(
97 'title' => 'Addressbook edit family member',
98 'page callback' => 'member_edit',
99 'access arguments' => array('add address'),
100 'type' => MENU_CALLBACK,
101 );
102
103 $items[URL_PICTURE_VIEW] = array(
104 'title' => 'Addressbook view picture',
105 'page callback' => 'picture_view',
106 'access arguments' => array('view addressbook'),
107 'type' => MENU_CALLBACK,
108 );
109
110 $items[URL_PICTURE_EDIT] = array(
111 'title' => 'Addressbook edit picture',
112 'page callback' => 'picture_edit',
113 'access arguments' => array('add address'),
114 'type' => MENU_CALLBACK,
115 );
116
117 $items[URL_UPLOAD_CSV] = array(
118 'title' => 'Addressbook CSV upload',
119 'page callback' => 'upload_csv',
120 'access arguments' => array('add address'),
121 'type' => MENU_CALLBACK,
122 );
123
124 $items[URL_DOWNLOAD_CSV] = array(
125 'title' => 'Addressbook CSV download',
126 'page callback' => 'download_csv',
127 'access arguments' => array('add address'),
128 'type' => MENU_CALLBACK,
129 );
130
131 $items[URL_SEARCH] = array(
132 'title' => 'Addressbook search',
133 'page callback' => 'general_search',
134 'access arguments' => array('view addressbook'),
135 'type' => MENU_CALLBACK,
136 );
137
138 $items[URL_MAP_VIEW] = array(
139 'title' => 'Addressbook map view',
140 'page callback' => 'map_view',
141 'access arguments' => array('view addressbook'),
142 'type' => MENU_CALLBACK,
143 );
144
145 $items[URL_EMAIL] = array(
146 'title' => 'Addressbook email view',
147 'page callback' => 'email_view',
148 'access arguments' => array('add address'),
149 'type' => MENU_CALLBACK,
150 );
151
152 $items['admin/settings/addressbook'] = array(
153 'title' => 'Addressbook',
154 'description' => 'Settings of addressbook.',
155 'page callback' => 'drupal_get_form',
156 'page arguments' => array('addressbook_settings'),
157 'access arguments' => array('administer site configuration'),
158 'type' => MENU_NORMAL_ITEM,
159 );
160
161 return $items;
162 }
163
164 /**
165 * Valid permissions for this module.
166 * @return array an array of valid permission for the module
167 */
168 function addressbook_perm() {
169
170 return array('view addressbook','add address');
171 }
172
173 /**
174 * Module configuration settings.
175 * @return settings HTML or deny access
176 */
177 function addressbook_settings() {
178
179 //only administrators can access this module
180 if (!user_access('access administration pages')) {
181 return drupal_access_denied();
182 }
183
184 $form['settings_general'] = array('#type' => 'fieldset', '#title' => t('General settings'));
185
186 $form['settings_general']['addressbook_name_format'] = array(
187 '#type' => 'select',
188 '#title' => t('Name format '),
189 '#default_value' => variable_get('addressbook_name_format',1),
190 '#options' => array( 0 => t('middle last, first'), 1 => t('first middle last') ),
191 '#description' => t('Set the name format which will be used in the general addressbook list page.'));
192
193 $form['settings_general']['addressbook_show_sort_bar'] = array(
194 '#type' => 'select',
195 '#title' => t('Enable sort bar'),
196 '#default_value' => variable_get('addressbook_show_sort_bar',1),
197 '#options' => array( 0 => t('No'), 1 => t('Yes') ),
198 '#description' => t('Enable / disable sort bar in general addressbook list page.'));
199
200 $form['settings_general']['addressbook_roles'] = array(
201 '#type' => 'textarea',
202 '#title' => t('Roles'),
203 '#default_value' => variable_get('addressbook_roles', ''),
204 '#rows' => 1,
205 '#description' => t("Enter the roles which a person can have (Seperate items with commas (,). No spaces allowed).") );
206
207 $form['settings_general']['addressbook_country'] = array(
208 '#type' => 'textfield',
209 '#title' => t('Country'),
210 '#default_value' => variable_get('addressbook_country', t('Nederland')),
211 '#description' => t("Specify default country for new address items."),
212 '#maxlength' => '50',
213 '#size' => '50');
214
215 $form['settings_general']['addressbook_show_thumbnails'] = array(
216 '#type' => 'select',
217 '#title' => t('Show thumbnails pictures in list views'),
218 '#default_value' => variable_get('addressbook_show_thumbnails',0),
219 '#options' => array( 0 => t('No'), 1 => t('Yes') ),
220 '#description' => t('Enable / disable thumbnail pictures in family list and family member list.'));
221
222 $form['settings_general']['addressbook_email_manitory'] = array(
223 '#type' => 'select',
224 '#title' => t('Email field manitory'),
225 '#default_value' => variable_get('addressbook_email_manitory',1),
226 '#options' => array( 0 => t('No'), 1 => t('Yes') ),
227 '#description' => t('Enable / disable email field as mandatory field.'));
228
229 $form['settings_general']['addressbook_wiki_edit_mode'] = array(
230 '#type' => 'select',
231 '#title' => t('Wiki edit mode'),
232 '#default_value' => variable_get('addressbook_wiki_edit_mode',0),
233 '#options' => array( 0 => t('Disable'), 1 => t('Enable') ),
234 '#description' => t('Enable (anyone can modify existing addresses), Disable (only owner can modify created addresses).'));
235
236
237
238 $form['map24'] = array('#type' => 'fieldset', '#title' => t('Map settings'));
239
240 $form['map24']['addressbook_map_link'] = array(
241 '#type' => 'select',
242 '#title' => t('Activate map link'),
243 '#default_value' => variable_get('addressbook_map_link',0),
244 '#options' => array( 0 => t('No'), 1 => t('Yes') ),
245 '#description' => t('Enable / Disable Activate www.map24.com fast link.'));
246
247 $form['map24']['addressbook_map_key'] = array(
248 '#type' => 'textfield',
249 '#title' => t('Free www.map24.com access key'),
250 '#default_value' => variable_get('addressbook_map_key', ''),
251 '#description' => t("Enter access key (Visit http://www.map24.com to obtain a free key)"),
252 '#maxlength' => '50',
253 '#size' => '50');
254
255
256
257 $form['birthday'] = array('#type' => 'fieldset', '#title' => t('Birthday notification settings'));
258
259 $form['birthday']['addressbook_birthday_notification'] = array(
260 '#type' => 'select',
261 '#title' => t('Birthday email notification'),
262 '#default_value' => variable_get('addressbook_birthday_notification',0),
263 '#options' => array( 0 => t('No'), 1 => t('Yes') ),
264 '#description' => t('Enable / disable email birthday notification.'));
265
266 $form['birthday']['addressbook_birthday_subject'] = array(
267 '#type' => 'textfield',
268 '#title' => t('Subject of birtday e-mail'),
269 '#default_value' => variable_get('addressbook_birthday_subject','Happy birthday %username from %site_name'),
270 '#maxlength' => 180,
271 '#description' => t('Customize the subject of your birthday e-mail, which is sent to members upon their birthday.') .' '. t('Available variables are:') .' %username, %site_name');
272
273 $form['birthday']['addressbook_birthday_body'] = array(
274 '#type' => 'textarea',
275 '#title' => t('Body of birthday e-mail'),
276 '#default_value' => variable_get('addressbook_birthday_body',"Dear %username,\r\n\r\nCongratulation with your %user_age ste birthday.\r\nHave a nice day!\r\n"),
277 '#rows' => 15,
278 '#description' => t('Customize the body of the birthday e-mail, which is sent to members upon their birthday.') .' '. t('Available variables are:') .' %username, %user_age, %site_name');
279
280 return system_settings_form($form);
281
282 }
283
284 /**
285 * Find all family members which are celebrating their birthday to day and send them an email.
286 * @return emails
287 */
288 function addressbook_cron() {
289
290 // If birthday notification is enabled check all family members.
291 if ( variable_get('addressbook_birthday_notification',0)==1 ) {
292
293 // Send the birthday notication only once in any given day (crontab may run more frequently)
294 $current_day=date('-m-d');
295 $current_time=date('H');
296
297 if ($current_time==0) {
298 watchdog('cron', t('Addressbook birthday cron'));
299
300 // Fetch all members with are celebrating there birtday
301 $query='SELECT first_name, middle_name, last_name, email, birth_day FROM {addressbook_member} WHERE birth_day LIKE "%'.$current_day.'"';
302 $queryResult = db_query($query);
303 while ($data = db_fetch_object($queryResult)) {
304 $username=view_name($data->first_name,$data->middle_name,$data->last_name,true);
305
306 $email = $data->email;
307 $site_name = variable_get('site_name', 'Drupal');
308
309 // Calculate member age
310 list($year, $month, $day) = split('[/.-]', $data->birth_day);
311 $user_age = date('Y')-$year;
312
313 // if family member have a email address send a email
314 if (($email!='') && ($user_age<100)) {
315 $from=$site_name.'<'.variable_get('site_mail', ini_get('sendmail_from')).'>';
316
317 $subject=variable_get('addressbook_birthday_subject','Happy birthday %username from %site_name');
318 $subject=str_replace("%username", $username, $subject);
319 $subject=str_replace("%site_name", $site_name, $subject);
320
321 $body=variable_get('addressbook_birthday_body',"Dear %username,\r\n\r\nCongratulation with your %user_age ste birthday.\r\nHave a nice day!\r\n");
322 $body=str_replace("%username", $username, $body);
323 $body=str_replace("%user_age", $user_age, $body);
324 $body=str_replace("%site_name", $site_name, $body);
325
326 if (drupal_mail('Addressbook', 'send', $email, user_preferred_language($user), array('subject'=>$subject,'body'=>$body)))
327 {
328 watchdog('cron', t('Sent birthday email to ').$email);
329 }
330 else
331 {
332 watchdog('cron', t('Unable to email to ').$email);
333 }
334 }
335 }
336 }
337 }
338 }
339
340 /**
341 * Find all family members which are celebrating their birthday today and make a block of it.
342 * @return emails
343 */
344 function addressbook_block($op='list', $delta=0) {
345
346 // listing of blocks, such as on the admin/block page
347 if ($op == "list") {
348
349 $block[0]["info"] = t('Birthday today');
350 return $block;
351
352 } else if ($op == 'view') {
353
354 // our block content
355 // content variable that will be returned for display
356 $block_content = '';
357
358 if (user_access('view addressbook')) {
359 $current_day=date('-m-d');
360 $current_time=date('H');
361
362 $query='SELECT mid, first_name, middle_name, last_name, email, birth_day FROM {addressbook_member} WHERE birth_day LIKE "%'.$current_day.'"';
363 $queryResult = db_query($query);
364 while ($data = db_fetch_object($queryResult)) {
365
366 // Calculate member age
367 list($year, $month, $day) = split('[/.-]', $data->birth_day);
368 $user_age = date('Y')-$year;
369
370 $name=view_name($data->first_name,$data->middle_name,$data->last_name,true,false,true);
371 $block_content .= l( $name.' ['.$user_age.'] ',URL_MEMBER_VIEW.'/'.$data->mid) . '<br />';
372 }
373 }
374
375 // check to see if there was any content before setting up the block
376 if ($block_content == '') {
377 // no content from a week ago, return nothing.
378 return;
379 }
380 // set up the block
381 $block['subject'] = 'Birthday today';
382 $block['content'] = $block_content;
383 return $block;
384 }
385 }
386
387 /*
388 * View name in formatted style
389 * @ first_name
390 * @ middle_name
391 * @ last_name
392 * @ short
393 * @ return name formatted in HTML
394 */
395 function view_name($first_name,$middle_name,$last_name,$short) {
396
397 if ($short) {
398 $tmp=split(" ", $first_name);
399 $i=0;
400 $first_name='';
401 while ($tmp[$i]!='')
402 {
403 $first_name.=ucfirst($tmp[$i++][0]).'.';
404 }
405 }
406
407 if ( variable_get('addressbook_name_format',1)=='1')
408 {
409 $name = $first_name . ' ' . $middle_name . ' ' . $last_name;
410 }
411 else
412 {
413 $name = $middle_name . ' ' . $last_name. ', ' . $first_name;
414 }
415 return $name;
416 }
417
418
419 /*
420 * View birthday field
421 * @ birthday_day
422 * @ birthday_month
423 * @ birthday_year
424 * @ return HTML
425 */
426 function view_birthday($birthday_day,$birthday_month,$birthday_year,$readonly) {
427
428 global $user;
429
430 $page.='<tr><td valign="top" width=15%>';
431 $page.=t('Birth Day');
432 $page.='</td><td>';
433
434 if ( $readonly == '0' ) {
435 $page.='<select name="birthday_day">';
436 for ($i=1; $i<32; $i++)
437 {
438 $page.='<option value="'.$i.'" ';
439 if ($birthday_day==$i) $page.='selected="selected" ';
440 $page.='>'.$i.'</option>';
441 }
442 $page.='</select> ';
443
444 $month=array("",t('January'),t('February'),t('March'),t('April'),t('May'),
445 t('June'),t('July'),t('August'),t('September'),t('October'),t('November'),t('December'));
446
447 $page.='<select name="birthday_month">';
448 for ($i=1; $i<13; $i++)
449 {
450 $page.='<option value="'.$i.'" ';
451 if ($birthday_month==$i) $page.='selected="selected" ';
452 $page.='>'.$month[$i].'</option>';
453 }
454 $page.='</select> ';
455
456 if ( $readonly == '0' )
457 {
458 $current_year=date('Y');
459 $page.='<select name="birthday_year">';
460 for ($i=1900; $i<=$current_year; $i++) {
461 $page.='<option value="'.$i.'" ';
462 if ($birthday_year==$i) $page.='selected="selected" ';
463 $page.='>'.$i.'</option>';
464 }
465 $page.='</select> ';
466 }
467 }
468 else {
469 $birtday .= $birthday_day.'-'.$birthday_month.'-'.$birthday_year;
470 $page .= '<input id="text" name="birthday" size="10" type="text" value="'.$birtday.'" READONLY />';
471 }
472
473 $page.='</td></tr>';
474 return $page;
475 }
476
477 /*
478 * View Owner field (Only administrator can change owner field)
479 * @ owner
480 * @ return HTML
481 */
482 function view_owner($uid, $readonly) {
483
484 global $user;
485
486 $page.='<tr><td valign="top" width=15%>';
487 $page.=t('Owner');
488 $page.='</td><td>';
489
490 if ( $readonly=='0' ) {
491 $query = 'SELECT uid, name FROM {users}';
492 $queryResult = db_query($query);
493
494 // Workaround Drupal first entry in users table is always empty. Skip this entry
495 $tmp = db_fetch_object($queryResult);
496
497 $page.='<select name="owner">';
498 while ($tmp = db_fetch_object($queryResult)) {
499 $page.='<option value="'.$tmp->uid.'" ';
500 if ($tmp->uid==$uid) $page.='selected="selected" ';
501 $page.='>'.$tmp->name.'</option>';
502 }
503 $page.='<option value="'.t('No owner').'" ';
504 if ($uid==0) $page.='selected="selected" ';
505 $page.='>'.t('No owner').'</option>';
506 $page.='</select>';
507 }
508 else {
509 if ($uid==0) {
510 $page .= '<input id="text" name="owner" size="20" maxlength="20" type="text" value="'.t('No owner').'" READONLY />';
511 } else
512 {
513 $query = 'SELECT uid, name FROM {users} WHERE uid='.$uid;
514 $queryResult = db_query($query);
515 $tmp = db_fetch_object($queryResult);
516
517 $page .= '<input id="text" name="owner" size="20" maxlength="20" type="text" value="'.$tmp->name.'" READONLY />';
518 }
519 }
520 $page.='</td></tr>';
521 return $page;
522 }
523
524 /**
525 * Roles
526 * This function will show all roles storing in the setting page.
527 * @return HTML
528 */
529 function view_roles($active_roles,$wanted_roles,$readonly) {
530
531 global $user;
532 $page='';
533
534 $roles=split( ",", variable_get('addressbook_roles',''));
535 if ($roles[0]=='')
536 {
537 // No roles defined in setting page. return directly!
538 return $page;
539 }
540
541 if (($readonly=='1') && ($active_roles=='') && ($wanted_roles=='')) {
542 // Nothing to show
543 return $page;
544 }
545
546 if ( $readonly=='0' ) {
547 $page .= '<br/>';
548 $page .= '<b>'.t('Please enter the roles you currently fulfilling and please enter the roles you are interesed in now or in the near future!').'</b><br/>';
549 $page .= '<br/>';
550 }
551
552 $page .= '<table border=0 width=100% cellpadding=1>';
553 $page .='<tr>';
554 $page .='<td valign="top" width=15%>';
555 $page .=t('Active Roles').'&nbsp;';
556 $page .='</td><td width=35%>';
557
558 $first=1;
559 $i=0;
560 if ( $readonly=='0' ) {
561 while ($roles[$i]!='') {
562
563 if ( !strstr( $active_roles, $roles[$i] ) ) {
564 $page.='<input type="checkbox" name="active_'.trim($roles[$i]).'">'.$roles[$i].'<br/>';
565 }
566 else {
567 $page.='<input type="checkbox" name="active_'.trim($roles[$i]).'" CHECKED>'.$roles[$i].'<br/>';
568 }
569 $i++;
570 }
571 }
572 else {
573 while ($roles[$i]!='') {
574 if ( strstr( $active_roles, $roles[$i] ) ) {
575 $page.='<input type="checkbox" name="active_'.trim($roles[$i]).'" CHECKED DISABLED>'.$roles[$i];
576 $page.='</input>';
577 $page.='<br/>';
578 }
579 $i++;
580 }
581 }
582
583 $page.='</td>';
584 $page.='<td valign="top" width=15%>';
585 $page.=t('Interesing Roles').'&nbsp;';
586 $page.='</td>';
587 $page.='<td width=35%>';
588
589 $first=1;
590 $i=0;
591 if ( $readonly=='0' ) {
592 while ($roles[$i]!='') {
593
594 if ( !strstr( $wanted_roles, $roles[$i] ) ) {
595 $page.='<input type="checkbox" name="wanted_'.trim($roles[$i]).'">'.$roles[$i].'<br/>';
596 }
597 else {
598 $page.='<input type="checkbox" name="wanted_'.trim($roles[$i]).'" CHECKED>'.$roles[$i].'<br/>';
599 }
600 $i++;
601 }
602 }
603 else {
604 while ($roles[$i]!='') {
605 if ( strstr( $wanted_roles, $roles[$i] ) ) {
606 $page.='<input type="checkbox" name="wanted_'.trim($roles[$i]).'" CHECKED DISABLED>'.$roles[$i];
607 $page.='</input>';
608 $page.='<br/>';
609 }
610 $i++;
611 }
612 }
613
614 $page.='</td>';
615 $page.='</tr>';
616 $page.='</table>';
617 return $page;
618 }
619
620
621 /**
622 * View Country
623 * This function will show all available countries.
624 * @return HTML
625 */
626 function view_country($country, $readonly) {
627
628 $page='';
629
630 $page.='<tr><td valign="top">';
631 $page.=t('Country');
632 $page.='</td><td>';
633
634 if ($readonly=='0') {
635 $countries=array( 'Afghanistan','Albania', 'Algeria', 'American Samoa', 'Andorra', 'Angola', 'Anguilla',
636 'Antigua and Barbuda', 'Argentina', 'Armenia', 'Ascension Island', 'Australia','Austria',
637 'Azerbaijan', 'Bahamas', 'Bahrain', 'Bangladesh', 'Barbados', 'Belarus', 'Belgium',
638 'Belize', 'Benin', 'Bermuda', 'Bhutan', 'Bolivia', 'Bosnia and Herzegovina',
639 'Botswana', 'Brazil', 'British Indian Ocean Territory', 'Brunei Darussalam',
640 'Bulgaria', 'Burkina Faso', 'Burundi', 'Camaroon', 'Cambodia', 'Cameroon',
641 'Canada', 'Cape Verde', 'Cayman Islands', 'Central African Republic', 'Chad',
642 'Chile', 'China', 'Colombia', 'Comoros', 'Congo', 'Cook Islands', 'Costa Rica',
643 'Cote D Ivoire', 'Croatia', 'Cuba', 'Cyprus', 'Czech Republic', 'Denmark', 'Djibouti',
644 'Dominica', 'Dominican Republic', 'Ecuador', 'Egypt', 'El Salvador', 'Equatorial Guinea',
645 'Eritrea', 'Estonia', 'Ethiopia', 'Falkland Islands', 'Faroe Islands', 'Federated States of Micronesia',
646 'Fiji', 'Finland', 'France', 'French Guiana', 'French Polynesia', 'Gabon', 'Georgia',
647 'Germany', 'Ghana', 'Greece', 'Greenland', 'Grenada', 'Guadeloupe', 'Guatemala',
648 'Guam', 'Guinea', 'Guinea Bissau', 'Guyana', 'Haiti', 'Honduras', 'Hungary',
649 'Iceland', 'India', 'Indonesia', 'Iran', 'Ireland', 'Isle of Man', 'Israel',
650 'Italy', 'Jamaica', 'Japan', 'Jordan', 'Kazakhstan', 'Kenya', 'Kiribati', 'Korea',
651 'Kuwait', 'Kyrgyzstan', 'Laos', 'Latvia', 'Lebanon', 'Lesotho', 'Liberia',
652 'Libya', 'Liechtenstein', 'Lithuania', 'Luxembourg', 'Macau', 'Macedonia',
653 'Madagascar', 'Malawi', 'Malaysia', 'Maldives', 'Mali', 'Malta', 'Marshall Islands',
654 'Martinique', 'Mauritius', 'Mayotte', 'Mexico', 'Moldova', 'Monaco', 'Mongolia',
655 'Montenegro', 'Montserrat', 'Morocco', 'Mozambique', 'Myanmar', 'Namibia',
656 'Nauru', 'Nepal', 'Nederland', 'Netherlands Antilles', 'New Caledonia', 'New Zealand',
657 'Nicaragua', 'Niger', 'Nigeria', 'Niue', 'Norfolk Island', 'Northern Mariana Islands',
658 'Norway', 'Oman', 'Pakistan', 'Palau', 'Panama', 'Papua New Guinea', 'Paraguay',
659 'Peru', 'Philippines', 'Pitcairn', 'Poland', 'Portugal', 'Puerto Rico', 'Qatar',
660 'Reunion', 'Romania', 'Russian Federation', 'Rwanda', 'Saint Vincent and the Grenadines',
661 'San Marino', 'Sao Tome and Principe', 'Saudi Arabia', 'Senegal', 'Serbia', 'Seychelles',
662 'Sierra Leone', 'Singapore', 'Slovakia', 'Slovenia', 'Solomon Islands', 'Somalia',
663 'South Africa', 'South Georgia', 'Spain', 'Sri Lanka', 'St. Kitts and Nevis', 'St. Lucia',
664 'St. Pierre and Miquelon', 'Sudan', 'Suriname', 'Swaziland', 'Sweden',
665 'Switzerland', 'Syrian Arab Republic', 'Taiwan', 'Tajikistan', 'Tanzania',
666 'Thailand', 'The Gambia', 'Togo', 'Tokelau', 'Tonga', 'Trinidad and Tobago',
667 'Tunisia', 'Turkey', 'Turkmenistan', 'Turks and Caicos Islands', 'Tuvalu',
668 'Uganda', 'Ukraine', 'United Arab Emirates', 'United Kingdom', 'United States',
669 'Uruguay', 'Uzbekistan', 'Vanuatu', 'Venezuela', 'Viet Nam', 'Virgin Islands',
670 'Western Samoa', 'Yemen', 'Yugoslavia', 'Zaire', 'Zambia', 'Zimbabwe');
671
672 $page .='<select name="country">';
673 for ($i=1; $i<213; $i++) {
674 $page.='<option value="'.$countries[$i].'" ';
675 if ($country==$countries[$i]) $page.='selected="selected" ';
676 $page.='>'.$countries[$i].'</option>';
677 }
678 $page.='</select> ';
679 }
680 else {
681 $page .= '<input id="text" name="contry" size="50" maxlength="50" type="text" value="'.$country.'" READONLY />';
682 }
683 $page.='</td>';
684 $page.='</tr>';
685 return $page;
686 }
687
688 /*
689 * Function fill table line
690 * @return HTML
691 */
692 function view_line($first,$second) {
693
694 $page .= "<tr><td valign='top' width=15%>".$first."</td><td>".$second."</td></tr>\r\n";
695 return $page;
696 }
697
698 /*
699 * Function valid email address
700 * @return true or false
701 */
702 function check_mail($adres) {
703
704 return ! ereg("[A-Za-z0-9_-]+([\.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([\.]{1}[A-Za-z0-9-]+)+",$adres);
705 }
706
707 /*
708 * Function valid number input
709 * @returns true if valid number (only numeric string), false if not
710 */
711 function check_number($str) {
712
713 if (ereg('^[[:digit:]]+$', $str))
714 return true;
715 else
716 return false;
717 }
718
719 /*
720 * Function check user access
721 * @returns true if access is allowed else false
722 */
723 function check_access($uid) {
724
725 global $user;
726 if ( ( ( ($user->uid==$uid) ||
727 ($uid==0) ||
728 (variable_get('addressbook_wiki_edit_mode',0)==1)
729 )
730 && user_access('add address')
731 )
732 || user_access('access administration pages')
733 )
734 {
735 return true;
736 }
737 else
738 {
739 return false;
740 }
741 }
742
743 /*
744 * Function valid alfanumeric imput
745 * @returns true if valid number (only alfanumeric string), false if not
746 */
747 function hacker_warning() {
748
749 //watchdog('user', 'Addressbook hacking attempt');
750 $page .= '<br/>';
751 $page .= '<h1>'.t('System Warning').'</h1>';
752 $page .= t('Input is not valid! Please do not modify the URL manually').'<br/>';
753 $page .= t('This hacking attemp is recorded!').'<br/>';
754 $page .= '<br/>';
755 $page .= '<form action="'.url(URL_FAMILY_LIST.'/'.$_SESSION["sort"]).'" method="POST">';
756 $page .= '<input type="submit" value="'.t('Return').'" />';
757 $page .= '</form>';
758 $page .= '</div>';
759 print theme("page", $page);
760 }
761
762 /*
763 * insert family SQL function
764 * @return true of false
765 */
766 function insert_family($middle_name, $last_name, $street, $zipcode, $city, $country, $telephone, $owner) {
767
768 $query = 'INSERT INTO addressbook_family (middle_name, last_name, street, zipcode, city, ';
769 $query .= 'country, telephone, uid, last_updated) VALUES (';
770 $query .= '"'.$middle_name.'",';
771 $query .= '"'.$last_name.'",';
772 $query .= '"'.$street.'",';
773 $query .= '"'.$zipcode.'",';
774 $query .= '"'.$city.'",';
775 $query .= '"'.$country.'",';
776 $query .= '"'.$telephone.'",';
777 $query .= '"'.$owner.'",';
778 $query .= 'SYSDATE() )';
779
780 $result = db_query($query);
781 if ($result==1) {
782 // Query succesfull
783 watchdog('user', 'A family is created in the addressbook');
784 return true;
785 }
786 else {
787 // Query failed
788 return false;
789 }
790 }
791
792 /*
793 * update family SQL function
794 * @return true of false
795 */
796 function update_family( $middle_name, $last_name, $street, $zipcode, $city, $country, $telephone, $owner, $fid) {
797
798 $query = 'UPDATE addressbook_family SET ';
799 $query .= 'middle_name = "'.$middle_name.'",';
800 $query .= 'last_name = "'.$last_name.'",';
801 $query .= 'street = "'.$street.'",';
802 $query .= 'zipcode = "'.$zipcode.'",';
803 $query .= 'city = "'.$city.'",';
804 $query .= 'country = "'.$country.'",';
805 $query .= 'telephone = "'.$telephone.'",';
806 $query .= 'uid = "'.$owner.'",';
807 $query .= 'last_updated = SYSDATE() ';
808 $query .= 'WHERE fid='.$fid;
809
810 $result = db_query($query);
811 if ($result==1) {
812 // Query succesfull
813 watchdog('user', 'Family '.$fid.' is updated in addressbook');
814 return true;
815 }
816 else {
817 // Query failed
818 return false;
819 }
820 }
821
822 /*
823 * insert member SQL function
824 * @return true of false
825 */
826 function insert_member( $first_name, $middle_name, $last_name, $birth_day, $mobile, $email, $notes, $work, $active_roles, $wanted_roles, $fid, $owner ) {
827
828 $query = 'INSERT INTO addressbook_member (first_name, middle_name, last_name, ';
829 $query .= 'birth_day, mobile, email, notes, work, active_roles, wanted_roles, uid, fid, last_updated) VALUES (';
830 $query .= '"'.$first_name.'",';
831 $query .= '"'.$middle_name.'",';
832 $query .= '"'.$last_name.'",';
833 $query .= '"'.$birth_day.'",';
834 $query .= '"'.$mobile.'",';
835 $query .= '"'.$email.'",';
836 $query .= '"'.$notes.'",';
837 $query .= '"'.$work.'",';
838 $query .= '"'.$active_roles.'",';
839 $query .= '"'.$wanted_roles.'",';
840 $query .= '"'.$owner.'",';
841 $query .= '"'.$fid.'",';
842 $query .= 'SYSDATE() )';
843
844 $result = db_query($query);
845 if ($result==1) {
846 // Query succesfull
847 watchdog('user', 'A member is created in the addressbook');
848 return true;
849 }
850 else {
851 // Query failed
852 return false;
853 }
854 }
855
856
857 /*
858 * update member SQl function
859 * @return true of false
860 */
861 function update_member($first_name, $middle_name, $last_name, $birth_day, $mobile, $email, $notes, $work, $active_roles, $wanted_roles, $owner, $fid, $mid) {
862
863 $query = 'UPDATE addressbook_member SET ';
864 $query .= 'first_name = "'.$first_name.'",';
865 $query .= 'middle_name = "'.$middle_name.'",';
866 $query .= 'last_name = "'.$last_name.'",';
867 $query .= 'birth_day = "'.$birth_day.'",';
868 $query .= 'mobile = "'.$mobile.'",';
869 $query .= 'email = "'.$email.'",';
870 $query .= 'notes = "'.$notes.'",';
871 $query .= 'work = "'.$work.'",';
872 $query .= 'uid = "'.$owner.'",';
873 $query .= 'fid = "'.$fid.'",';
874 $query .= 'active_roles = "'.$active_roles.'",';
875 $query .= 'wanted_roles = "'.$wanted_roles.'",';
876 $query .= 'uid = "'.$owner.'",';
877 $query .= 'last_updated = SYSDATE() WHERE mid='.$mid;
878
879 $result = db_query($query);
880 if ($result==1) {
881 // Query succesfull
882 watchdog('user', 'Member '.$mid.' is updated in addressbook');
883 return true;
884 }
885 else {
886 // Query failed
887 return false;
888 }
889 }
890
891 /*
892 * Function shows all family in a list form
893 * @return HTML
894 */
895 function family_list( $sort='', $search='') {
896
897 global $user;
898 $page = '<div class="addressbook">';
899
900 drupal_set_title(t('Addressbook family list'));
901
902 // Validate HTTP URL parameter
903 if ( strlen($sort)>1 )
904 {
905 return hacker_warning();
906 }
907
908 // Get search value out session scope
909 $search=$_SESSION["search"];
910
911 // Set sort value in session scope
912 $_SESSION["sort"]=$sort;
913
914 // Set list in session scope
915 $_SESSION["list"]='family';
916
917 $page .= '<br/>';
918 $page .= '<table border=0 >';
919 $page .= '<tr>';
920
921 $page .= '<td >';
922 $page .= '<form action="'.url(URL_SEARCH).'" method="POST">';
923 $page .= '<input id="text" name="search" size="65" maxlength="65" type="text" value="'.$search.'" ';
924 //$page .= '</td>';
925 //$page .= '<td ALIGN="left">';
926 $page .= '<input type="submit" value="'.t('Search').'" />';
927 $page .= '</form>';
928 $page .= '</td>';
929
930 $page .= '<td ALIGN="right">';
931 $page .= '<form action="'.url(URL_MEMBER_LIST.'/'.$_SESSION["sort"]).'" method="POST">';
932 $page .= '<input type="submit" value="'.t('Go to family member list').'" />';
933 $page .= '</form>';
934 $page .= '</td></tr>';
935 //$page .= '</table>';
936
937 // Show sort bar (if enable in settings)
938 //$page .= '<br/>';
939
940 //$page .= '<table border=0 >';
941 $page .= '<tr>';
942 if ( variable_get('addressbook_show_sort_bar',1)=='1') {
943 $page .= '<td ALIGN="left">';
944 $sort_bar=array("A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P",
945 "Q","R","S","T","U","V","W","X","Y","Z");
946 if ($sort=='') $page .= '<B>';
947 $page .= '<a href="'.url(URL_FAMILY_LIST).'">'.t('ALL').'</a>|';
948 if ($sort=='') $page .= '</B>';
949 for ($i=0; $i<26; $i++)
950 {
951 if ($sort==$sort_bar[$i]) $page .= '<B>';
952 $page .= '<a href="'.url(URL_FAMILY_LIST.'/'.$sort_bar[$i]).'">'.$sort_bar[$i].'</a>|';
953 if ($sort==$sort_bar[$i]) $page .= '</B>';
954 }
955 $page .= '</td>';
956 }
957
958
959 if ( user_access('add address'))
960 {
961 $page .= '<td ALIGN="right">';
962 $page .= '<form action="'.url(URL_FAMILY_EDIT.'/0').'" method="POST">';
963 $page .= '<input type="submit" value="'.t('New Family').'" />';
964 $page .= '</form>';
965 $page .= '</td>';
966 }
967 $page .= '</tr>';
968 $page .= '</table>';
969
970 // Query Database
971 $query = 'SELECT fid, middle_name, last_name, street, zipcode, city, uid ';
972 $query .= 'FROM {addressbook_family} WHERE LAST_NAME LIKE "'.$sort.'%" ';
973 $query .= 'ORDER BY LAST_NAME, MIDDLE_NAME';
974 $queryResult = db_query($query);
975
976 //$page .= '<br/>';
977 $page .= '<table width=100% border="1" cellpadding="3" cellspacing="3">';
978
979 // Show Banner
980 $page .= '<tr><td>';
981 if ( variable_get('addressbook_show_thumbnails',0)==1) {
982 $page .= '<b>'.t('Picture').'<b>';
983 $page .= '</td><td>';
984 }
985
986 $page .= '<b>'.t('Name').'</b>';
987 $page .= '</td><td>';
988 $page .= '<b>'.t('Street').'</b>';
989 $page .= '</td><td>';
990 $page .= '<b>'.t('Zipcode').'</b>';
991 $page .= '</td><td>';
992 $page .= '<b>'.t('City').'</b>';
993 $page .= '</td></tr>';
994
995 // Show all found address
996 $page_tmp='';
997 while ($data = db_fetch_object($queryResult))
998 {
999
1000 $page_tmp .= '<tr><td width=60>';
1001
1002 if ( variable_get('addressbook_show_thumbnails',0)==1) {
1003
1004 // Query sort found pictures on birtday
1005 $query2 = 'SELECT picture FROM {addressbook_picture} WHERE fid="'.$data->fid.'" AND mid="0"';
1006 $queryResult2 = db_query($query2);
1007 if ($tmp = db_fetch_object($queryResult2)) {
1008 // Show first picture with is found
1009 $page_tmp .= '<a href="'.url(URL_FAMILY_VIEW.'/'.$data->fid).'">';
1010 $filename=url(THUMBNAILS_DIR.'/'.$tmp->picture);
1011 $filename=str_replace(array("?q="), "", $filename);
1012 $page_tmp .='<img src="'.$filename.'" width=60 height=50/></a>';
1013 }
1014 $page_tmp .= '</td><td>';
1015 }
1016
1017
1018 // Format Name
1019 if ( variable_get('addressbook_name_format',1)=='1')
1020 {
1021 $name = $data->middle_name.' '.$data->last_name;
1022 }
1023 else
1024 {
1025 $name = $data->last_name.', '.$data->middle_name;
1026 }
1027 $page_tmp .= l($name, URL_FAMILY_VIEW.'/'.$data->fid);
1028
1029 $page_tmp .= '</td><td>';
1030 $page_tmp .= $data->street;
1031 $page_tmp .= '</td><td>';
1032 $page_tmp .= $data->zipcode;
1033 $page_tmp .= '</td><td>';
1034 $page_tmp .= $data->city;
1035 $page_tmp .= '</td></tr>';
1036 }
1037
1038 if ( $page_tmp!='') {
1039 // Show Content
1040 $page .= $page_tmp;
1041 }
1042 else {
1043 // No content found
1044 $page .= '<tr><td>';
1045 $page .= t('No records found');
1046 $page .= '</td><td>';
1047 $page .= '</td><td>';
1048 $page .= '</td><td>';
1049 $page .= '</td></tr>';
1050 }
1051 $page .= '</table>';
1052
1053 // Only administrators can access the csv upload functionality
1054 if (user_access('access administration pages')) {
1055 //$page .= '<br/>';
1056 $page .= '<table border="0" width="100%">';
1057 $page .= '<tr>';
1058 $page .= '<td ALIGN="left">';
1059 $page .= '<form action="'.url(URL_UPLOAD_CSV).'" method="POST">';
1060 $page .= '<input type="submit" value="'.t('Upload CSV file').'" />';
1061 $page .= '</form>';
1062 $page .= '</td>';
1063
1064 $page .= '<td ALIGN="right">';
1065 $page .= '<form action="'.url(URL_DOWNLOAD_CSV).'" method="POST">';
1066 $page .= '<input type="submit" value="'.t('Download CSV file').'" />';
1067 $page .= '</form>';
1068 $page .= '</td>';
1069 $page .= '</tr>';
1070 $page .= '</table>';
1071 }
1072 $page .= '</div>';
1073
1074 print theme("page", $page);
1075 }
1076
1077 /**
1078 * Render a page showing the selected family in detail
1079 * @return HTML
1080 */
1081 function family_view2( $fid=0 ) {
1082
1083 global $user;
1084 $page = '<div class="addressbook">';
1085
1086 drupal_set_title(t('Addressbook family view') );
1087
1088 // Validate HTTP URL parameter
1089 if ( !check_number($fid) )
1090 {
1091 return hacker_warning();
1092 }
1093
1094 // Save fid in session scope
1095 $_SESSION["fid"]=$fid;
1096
1097 // Clear mid in session scope
1098 $_SESSION["mid"]=0;
1099
1100 // Debugging value
1101 $border=0;
1102
1103 $query = 'SELECT fid, middle_name, last_name, street, zipcode, city, country, telephone, uid ';
1104 $query .= 'FROM {addressbook_family} WHERE FID='.$fid;
1105 $queryResult = db_query($query);
1106 $tmp = db_fetch_object($queryResult);
1107
1108 // If no data is found. Show anti hacking message
1109 if ($tmp==null) {
1110 return hacker_warning();
1111 }
1112