modules/contacts/save.php
9c5d06f5
 <?php
 /*
 This file belongs to the Webinterface of schokokeks.org Hosting
 
 Written 2008-2018 by schokokeks.org Hosting, namely
   Bernd Wurst <bernd@schokokeks.org>
   Hanno Böck <hanno@schokokeks.org>
 
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
 
2626dd47
 You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
9c5d06f5
 http://creativecommons.org/publicdomain/zero/1.0/
 
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
 */
 
 require_once('contacts.php');
8b1fc399
 require_once('numbers.php');
9c5d06f5
 require_once('inc/debug.php');
 
 require_once('session/start.php');
 
 
 require_role(array(ROLE_CUSTOMER));
 $section = 'contacts_list';
 
47f93088
 $back = 'list';
 if (isset($_REQUEST['back'])) {
     $back = urldecode($_REQUEST['back']);
 }
 
9d94ce02
 if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
     $contact = get_contact($_REQUEST['id']);
9086c9ad
 
21b3811d
     $contact_string = display_contact($contact);
9d94ce02
 
     $sure = user_is_sure();
2626dd47
     if ($sure === null) {
         are_you_sure("action=delete&id={$contact['id']}&back=".urlencode($back), "Möchten Sie diese Adresse wirklich löschen? {$contact_string}");
     } elseif ($sure === true) {
         delete_contact($contact['id']);
         if (! $debugmode) {
47f93088
             header("Location: ".$back);
2626dd47
         }
     } elseif ($sure === false) {
         if (! $debugmode) {
             header("Location: ".$back);
         }
9d94ce02
     }
9c5d06f5
 } else {
9d94ce02
     check_form_token('contacts_edit');
9c5d06f5
 
2626dd47
     $new = false;
9d94ce02
     if ($_REQUEST['id'] == 'new') {
         title("Adresse anlegen");
2626dd47
         $new = true;
9d94ce02
     } else {
         title("Adresse bearbeiten");
     }
9c5d06f5
 
9d94ce02
     $c = new_contact();
     if (! $new) {
         $c = get_contact($_REQUEST['id']);
     }
9e1bd04a
 
9d94ce02
     if (!isset($_REQUEST['firma'])) {
         $_REQUEST['firma'] = $c['company'];
     }
     if (!isset($_REQUEST['name'])) {
         $_REQUEST['name'] = $c['name'];
     }
     if (!isset($_REQUEST['land'])) {
         $_REQUEST['land'] = $c['country'];
9c5d06f5
     }
 
2626dd47
     if ($c['nic_handle'] != null) {
9d94ce02
         if ($c['name'] != $_REQUEST['name'] || $c['company'] != $_REQUEST['firma'] || $c['country'] != $_REQUEST['land']) {
             system_failure('Name/Firma/Land kann bei diesem Kontakt nicht geändert werden.');
         }
     }
9c5d06f5
 
21b3811d
     $kundenkontakte = get_kundenkontakte();
     if ($c['id'] == $kundenkontakte['kunde']) {
         if (!$_REQUEST['name'] && !$_REQUEST['firma']) {
             system_failure('Beim Inhaber darf nicht Firmenname und Name leer sein.');
         }
     }
81b1fedd
 
b2ad7569
     $c['company'] = verify_input_general(maybe_null($_REQUEST['firma']));
     $c['name'] = verify_input_general(maybe_null($_REQUEST['name']));
     $c['address'] = verify_input_general(maybe_null($_REQUEST['adresse']));
     $c['country'] = verify_input_general(maybe_null(strtoupper($_REQUEST['land'])));
     $c['zip'] = verify_input_general(maybe_null($_REQUEST['plz']));
     $c['city'] = verify_input_general(maybe_null($_REQUEST['ort']));
96f5f24f
     if ($new && isset($_REQUEST['email'])) {
10168fdc
         $c['email'] = verify_input_general(maybe_null($_REQUEST['email']));
         if (!check_emailaddr($c['email'])) {
             system_failure("Ungültige E-Mail-Adresse!");
         }
     }
9086c9ad
 
9d94ce02
 
96f5f24f
     if (isset($_REQUEST['telefon']) && $_REQUEST['telefon'] != '') {
b2ad7569
         $num = format_number(verify_input_general($_REQUEST['telefon']), $_REQUEST['land']);
9d94ce02
         if ($num) {
             $c['phone'] = $num;
         } else {
             system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
         }
81b1fedd
     } else {
2626dd47
         $c['phone'] = null;
81b1fedd
     }
96f5f24f
     if (isset($_REQUEST['mobile']) && $_REQUEST['mobile'] != '') {
b2ad7569
         $num = format_number(verify_input_general($_REQUEST['mobile']), $_REQUEST['land']);
9d94ce02
         if ($num) {
             $c['mobile'] = $num;
         } else {
             system_failure('Die eingegebene Mobiltelefonnummer scheint nicht gültig zu sein!');
         }
8b1fc399
     } else {
2626dd47
         $c['mobile'] = null;
8b1fc399
     }
96f5f24f
     if (isset($_REQUEST['telefax']) && $_REQUEST['telefax'] != '') {
b2ad7569
         $num = format_number(verify_input_general($_REQUEST['telefax']), $_REQUEST['land']);
9d94ce02
         if ($num) {
             $c['fax'] = $num;
         } else {
             system_failure('Die eingegebene Faxnummer scheint nicht gültig zu sein!');
         }
8b1fc399
     } else {
2626dd47
         $c['fax'] = null;
8b1fc399
     }
9c5d06f5
 
9086c9ad
 
83bafd44
     if (isset($_REQUEST['usepgp']) && $_REQUEST['usepgp'] == 'yes' && isset($_REQUEST['pgpid'])) {
9b0b6f46
         $pgpid = preg_replace('/[^0-9a-fA-F]/', '', $_REQUEST['pgpid']);
         DEBUG('PGP-ID: '.$pgpid.' / Länge: '.strlen($pgpid));
         if (strlen($pgpid) == 8 || strlen($pgpid) == 16 || strlen($pgpid) == 40) {
             $c['pgp_id'] = $_REQUEST['pgpid'];
             if (isset($_REQUEST['pgpkey']) && $_REQUEST['pgpkey']) {
                 $c['pgp_key'] = $_REQUEST['pgpkey'];
             }
         } else {
             warning('Ihre PGP-ID wurde nicht übernommen, da sie syntaktisch falsch erscheint');
         }
83bafd44
     } else {
2626dd47
         $c['pgp_id'] = null;
         $c['pgp_key'] = null;
9b0b6f46
     }
9c5d06f5
 
10168fdc
 
     if (isset($_REQUEST['domainholder']) && $_REQUEST['domainholder'] == 1) {
         if (!possible_domainholder($c)) {
             DEBUG("Kein möglicher Domaininhaber:");
             DEBUG($c);
             warning('Zur Verwendung als Domaininhaber fehlen noch Angaben.');
             redirect('edit?id='.$_REQUEST['id'].'&back='.$_REQUEST['back'].'&domainholder=1');
         }
96f5f24f
         if (isset($_REQUEST['email']) && !have_mailaddress($_REQUEST['email'])) {
d61239d2
             warning("Die neu angelegte Adresse kann erst dann als Domaininhaber genutzt werden, wenn die E-Mail-Adresse bestätigt wurde.");
         }
10168fdc
     }
 
c3cd0ead
     $domains = domainlist_by_contact($c);
     if ($domains) {
96f5f24f
         if (isset($_REQUEST['email']) && $c['email'] != $_REQUEST['email'] && !(isset($_REQUEST['designated']) && $_REQUEST['designated'] == 'yes')) {
c3cd0ead
             system_failure("Sie müssen die explizite Zustimmung des Domaininhabers bestätigen um diese Änderungen zu speichern.");
         }
     }
 
9d94ce02
     // Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
2626dd47
     // dann hinterher das Token erzeugen und senden. Weil wir für das Token die
     // Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach
9d94ce02
     // dem Speichern.
e54a51c3
 
9d94ce02
     $id = save_contact($c);
     $c['id'] = $id;
9c5d06f5
 
96f5f24f
     if (isset($_REQUEST['email']) && ($new || $c['email'] != $_REQUEST['email'])) {
9d94ce02
         if (have_mailaddress($_REQUEST['email'])) {
b2ad7569
             save_emailaddress($c['id'], verify_input_general($_REQUEST['email']));
9d94ce02
         } else {
             send_emailchange_token($c['id'], $_REQUEST['email']);
         }
     }
     if ($c['nic_id']) {
         $c = get_contact($c['id']);
         upload_contact($c);
e54a51c3
     }
9c5d06f5
 
 
83bafd44
     redirect($back);
9d94ce02
 }