diff($current_date); $birthday_content = $birthday->format("d.m.Y") . ", " . $years->y; } elseif ($contact['birthday_state'] == 1) { $birthday_content = $birthday->format("d.m"); } if (isset($_POST['input_submit'])) { $birthday = new DateTime($_POST['input_birthday']); if (!empty($_POST['input_password'])) { $password = password_hash($_POST['input_password'], PASSWORD_DEFAULT); $query = "UPDATE main_contact SET password = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $password) . "' WHERE id = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact['id']) . "' LIMIT 1"; mysqli_query($GLOBALS['mysql_con'], $query); } $query = "UPDATE main_contact SET birthday = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $birthday->format('Y-m-d')) . "', birthday_state = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST['input_birthday_state']) . "' WHERE id = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact_id) . "' LIMIT 1"; mysqli_query($GLOBALS['mysql_con'], $query); if (isset($_FILES['input_image']) && $_FILES['input_image']['size'] != 0) { // Save uploaded image $fileName = saveImage('input_image', $contact_id); // Escape values $fileEsc = mysqli_real_escape_string($GLOBALS['mysql_con'], $fileName); $contactIdEsc = mysqli_real_escape_string($GLOBALS['mysql_con'], $contact_id); // UPDATE: set image_new and image_state for moderation $query = " UPDATE main_contact SET image_new = '{$fileEsc}', image_state = 'approve_required' WHERE id = '{$contactIdEsc}' LIMIT 1 "; mysqli_query($GLOBALS['mysql_con'], $query); sendPhotoApproveMail((int)$contact_id); } if (isset($_FILES['input_header_image']) && $_FILES['input_header_image']['size'] != 0) { $fileName = saveImage('input_header_image', $contact_id); // Check if the record exists $check_query = "SELECT * FROM main_contact_profile_content WHERE main_contact_id = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact_id) . "'"; $check_result = mysqli_query($GLOBALS['mysql_con'], $check_query); if (mysqli_num_rows($check_result) > 0) { // Record exists, perform an update $query_image = "UPDATE main_contact_profile_content SET header_img = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $fileName) . "' WHERE main_contact_id = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact_id) . "'"; mysqli_query($GLOBALS['mysql_con'], $query_image); } else { // No record exists, perform an insert $query_image = "INSERT INTO main_contact_profile_content (main_contact_id, header_img) VALUES ( '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact_id) . "', '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $fileName) . "' )"; mysqli_query($GLOBALS['mysql_con'], $query_image); } // Optional: Check for errors if (mysqli_error($GLOBALS['mysql_con'])) { echo "Error: " . mysqli_error($GLOBALS['mysql_con']); } } $query_content = "UPDATE main_contact_profile_content SET contact_description = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_POST['input_contact_description']) . "' WHERE main_contact_id = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact_id) . "' LIMIT 1"; mysqli_query($GLOBALS['mysql_con'], $query_content); save_contact_department($contact['id']); $skills = rtrim($_POST['input_tags_hidden'], ','); $skillArray = explode(',', $skills); if (!empty($skillArray) && is_array($skillArray)) { mysqli_query($GLOBALS['mysql_con'], "DELETE FROM main_contact_skills WHERE main_contact_id='" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact['id']) . "'"); foreach ($skillArray as $skill_value) { $query = "INSERT INTO main_contact_skills (main_contact_id, description) VALUES ('" . mysqli_real_escape_string($GLOBALS['mysql_con'], $contact['id']) . "', '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $skill_value) . "')"; mysqli_query($GLOBALS['mysql_con'], $query); } } $host = $_SERVER['HTTP_HOST']; $uri = $_SERVER['REDIRECT_URL']; echo ""; } function sendPhotoApproveMail(int $contactId) { if (empty($GLOBALS['mysql_con'])) { return; } $sql = "SELECT name, email FROM main_contact WHERE id = {$contactId} LIMIT 1"; $res = mysqli_query($GLOBALS['mysql_con'], $sql); $u = mysqli_fetch_assoc($res); $username = $u['name'] ?? 'Unbekannt'; $userEmail = $u['email'] ?? ''; $to = "help-intranet@awo-hamburg.de"; $subject = "Neue Foto-Anfrage zur Freigabe von {$username}"; $message = "Hallo,\n\n" . "Der Benutzer '{$username}' hat ein neues Profilfoto hochgeladen.\n" . "Bitte prüfen und freigeben oder ablehnen:\n" . "Benutzer Email: {$userEmail}\n" . "Viele Grüße\n" . "Intranet System"; // Headers $headers = "From: intranet@awo-hamburg.de\r\n"; $headers .= "Content-Type: text/plain; charset=utf-8\r\n"; @mail($to, $subject, $message, $headers); } function saveImage($filekey, $input_id) { $translation = \DynCom\mysyde\common\classes\Registry::get("translation"); $allowed_extensions = ['jpg', 'jpeg', 'gif', 'png']; $filename = strtolower($_FILES[$filekey]['name']); $filename_expl = pathinfo($filename); if (!in_array($filename_expl['extension'], $allowed_extensions)) { echo "
= get_person_space($GLOBALS['main_contact']['current_mandant_id'], $contact['contact_id']) ?>
= get_person_einricht($GLOBALS['main_contact']['current_mandant_id'], $contact['contact_id']) ?> - = get_person_role($GLOBALS['main_contact']['current_mandant_id'], $contact['contact_id']) ?>
= $contact['email'] ?> = $contact['phone_no'] ?>Kostenstelle: = $contact['cost_center'] ?>
Geburtstag: = $birthday_content ?>
= $contact['address'] ?>, = $contact['post_code'] ?> = $contact['city'] ?>
= $contact['contact_description']?>