$val) { if (is_array($val)) { $array[$key] = addSlashesArray($val); } else { $array[$key] = addslashes($val); } } return $array; } if (!ini_get("magic_quotes_gpc") || ini_get("magic_quotes_gpc") == "off") { $_POST = addSlashesArray($_POST); $_GET = addSlashesArray($_GET); $_REQUEST = addSlashesArray($_REQUEST); $_COOKIE = addSlashesArray($_COOKIE); } /* foreach ($_POST as $key => $val) { print "POST: $key = $val
"; } foreach ($_GET as $key => $val) { print "GET: $key = $val
"; } foreach ($_REQUEST as $key => $val) { print "REQ: $key = $val
"; } foreach ($_REQUEST as $key => $val) { print "COOKIE: $key = $val
"; } */ ?> array("integer not null primary key auto_increment","sys:ID"), "email" => array("varchar(255) not null","Email"), "confirmed" => array("tinyint default 0","sys:Is the email of this user confirmed"), "entered" => array("datetime","sys:Time Created"), "modified" => array("timestamp","sys:Time modified"), "uniqid" => array("varchar(255)","sys:Unique ID for User"), "unique" => array("(email)","sys:unique"), "htmlemail" => array("tinyint default 0","Send this user HTML emails"), "subscribepage" => array("integer","sys:Which page was used to subscribe"), "rssfrequency" => array("varchar(100)","RSS Frequency"), "password" => array("varchar(255)","Password"), "passwordchanged" => array("datetime","sys:Last time password was changed"), "disabled" => array("tinyint default 0","Is this account disabled?"), "extradata" => array("text","Additional data"), */ // insert into user db Sql_Query(sprintf('insert into %s set email = "%s", entered = now(),modified = now(),password = "%s", passwordchanged = now(),disabled = 0, uniqid = "%s",htmlemail = 1 ',$GLOBALS['tables']['user'],$email,$password,getUniqid())); $ar = Sql_Affected_Rows(); if ($ar > 0) { $id = Sql_Insert_Id(); } else { $id = 0; } return $id; } function AttributeValue($table,$value) { global $table_prefix; # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; if (ereg(",",$value)) { $result = ""; $res = Sql_Query(sprintf('select name from %slistattr_%s where id in (%s)', $table_prefix,$table,$value)); while ($row = Sql_Fetch_row($res)) { $result .= $row[0]."; "; } return substr($result,0,-2); } elseif ($value) { $res = Sql_Query(sprintf('select name from %slistattr_%s where id = %d', $table_prefix,$table,$value)); $row = Sql_Fetch_row($res); } else { # return "Invalid Attribute Index"; } return $row[0]; } function getUserAttributeValues($email = '', $id = 0) { global $table_prefix,$tables; if (!$email && !$id) return; # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; if (isset($tables["attribute"])) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; $usertable = $tables["user"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; $usertable = "user"; } $result = array(); if ($email && !$id) { $userid = Sql_Fetch_Row_Query("select id from {$usertable} where email = \"$email\""); $id = $userid[0]; } if (!$id) return; $att_req = Sql_Query(sprintf('select %s.name,%s.id from %s,%s where %s.userid = %s and %s.id = %s.attributeid', $att_table, $att_table, $user_att_table, $att_table, $user_att_table, $id, $att_table, $user_att_table )); while ($att = Sql_fetch_array($att_req)) { $result[$att["name"]] = UserAttributeValue($id,$att["id"]); } return $result; } function UserAttributeValue($user = 0,$attribute = 0) { # workaround for integration webbler/phplist global $table_prefix,$tables; if (!isset($table_prefix)) $table_prefix = "phplist_"; # if (!$user || !$attribute) return; if (isset($tables["attribute"])) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; } $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute"); switch ($att["type"]) { case "checkboxgroup": $val_ids = Sql_Fetch_Row_Query("select value from $user_att_table where userid = $user and attributeid = $attribute"); if ($val_ids[0]) { $res = Sql_Query("select $table_prefix"."listattr_".$att["tablename"].".name from $user_att_table,$table_prefix"."listattr_".$att["tablename"]." where $user_att_table".".userid = ".$user." and $table_prefix"."listattr_".$att["tablename"].".id in ($val_ids[0]) and $user_att_table".".attributeid = ".$attribute); while ($row = Sql_Fetch_row($res)) $value .= $row[0]."; "; $value = substr($value,0,-2); } else { $value = ""; } break; case "select": case "radio": $res = Sql_Query("select $table_prefix"."listattr_".$att["tablename"].".name from $user_att_table,$table_prefix"."listattr_".$att["tablename"]." where $user_att_table".".userid = ".$user." and $table_prefix"."listattr_".$att["tablename"].".id = $user_att_table".".value and $user_att_table".".attributeid = ".$attribute); $row = Sql_Fetch_row($res); $value = $row[0]; break; default: $res = Sql_Query("select value from $user_att_table where $user_att_table".".userid = ".$user." and attributeid = ".$attribute); $row = Sql_Fetch_row($res); $value = $row[0]; } return $value; } function userName() { global $config; if (!is_array($config["nameattributes"])) return ""; $res = ""; foreach ($config["nameattributes"] as $att) { $res .= $_SESSION["userdata"][$att]["displayvalue"].' '; } return rtrim($res); } function isBlackListed($email = "") { if (!$email) return 0; if (!Sql_Table_exists($GLOBALS["tables"]["user_blacklist"])) return 0; $gracetime = sprintf('%d',$GLOBALS["blacklist_gracetime"]); if (!$gracetime || $gracetime > 15 || $gracetime < 0) { $gracetime = 5; } # allow 5 minutes to send the last message acknowledging unsubscription $req = Sql_Query(sprintf('select * from %s where email = "%s" and date_add(added,interval %d minute) < now()', $GLOBALS["tables"]["user_blacklist"],$email,$gracetime)); return Sql_Affected_Rows(); } function isBlackListedID($userid = 0) { if (!$userid) return 0; $email = Sql_Fetch_Row_Query("select email from {$GLOBALS["tables"]["user"]} where id = $userid"); return isBlackListed($email[0]); } function unBlackList($userid = 0) { if (!$userid) return; $email = Sql_Fetch_Row_Query("select email from {$GLOBALS["tables"]["user"]} where id = $userid"); Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist"],$email[0])); Sql_Query(sprintf('delete from %s where email = "%s"', $GLOBALS["tables"]["user_blacklist_data"],$email[0])); Sql_Query(sprintf('update %s set blacklisted = 0 where id = %d',$GLOBALS["tables"]["user"],$userid)); if (isset($_SESSION["logindetails"]["adminname"])) { $msg = "Removed from blacklist by ".$_SESSION["logindetails"]["adminname"]; addUserHistory($email[0],$msg,""); } } function addUserToBlackList($email,$reason = '') { Sql_Query(sprintf('insert ignore into %s (email,added) values("%s",now())', $GLOBALS['tables']["user_blacklist"],addslashes($email))); Sql_Query(sprintf('update %s set blacklisted = 1 where email = "%s"', $GLOBALS['tables']["user"],addslashes($email))); # save the reason, and other data Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"],addslashes($email), "reason",addslashes($reason))); foreach (array("REMOTE_ADDR") as $item ) { # @@@do we want to know more? if (isset($_SERVER[$item])) { Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']["user_blacklist_data"],addslashes($email), $item,addslashes($_SERVER[$item]))); } } } function UserAttributeValueSelect($user = 0,$attribute = 0) { # if (!$user || !$attribute) return; global $table_prefix,$tables; # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; if ($tables["attribute"]) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; } if (!Sql_Table_exists($att_table)) { return "broken attribute $attribute"; } $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute"); # $value = UserAttributeValue($att["tablename"],$attribute); $value = UserAttributeValue($user,$attribute); $html .= 'Value: '.$value; $html = sprintf(''; } function UserAttributeValueCbGroup($user = 0,$attribute = 0) { # if (!$user || !$attribute) return; global $table_prefix,$tables; if ($tables["attribute"]) { $att_table = $tables["attribute"]; $user_att_table = $tables["user_attribute"]; } else { $att_table = "attribute"; $user_att_table = "user_attribute"; } # workaround for integration webbler/phplist if (!isset($table_prefix)) $table_prefix = "phplist_"; $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute"); $values_req = Sql_Fetch_Row_Query("select value from $user_att_table where userid = $user and attributeid = $attribute"); $values = split(",",$values_req[0]); $html = sprintf('',$attribute); # $html = sprintf('', $attribute,$row[0],in_array($row[0],$values)?"checked":"",$row[1]); return $html . '
%s
'; } function userGroups($loginname) { $result = array(); if (Sql_Table_exists("user_group")) { $req = Sql_Query("select groupid from user_group,user where user_group.userid = user.id and user.email = \"$loginname\""); while ($row = Sql_Fetch_Row($req)) array_push($result,$row[0]); } return $result; } function is_email($email) { if (isset($GLOBALS['config']) && $GLOBALS["config"]["dont_require_validemail"]) return 1; $email = trim($email); # hmm, it seems people are starting to have emails with & and ' or ` chars in the name #' $pattern = "^[\&\'-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ac|ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dev|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|home|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|loc|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|quipu|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$"; if(eregi($pattern, $email)) return(1); else return(0); } function addUserHistory($email,$msg,$detail) { global $table_prefix,$tables; if ($tables["user"]) { $user_table = $tables["user"]; $user_his_table = $tables["user_history"]; } else { $user_table = "user"; $user_his_table = "user_history"; } $sysinfo = ""; $sysarrays = array_merge($_ENV,$_SERVER); if (is_array($GLOBALS["userhistory_systeminfo"])) { foreach ($GLOBALS["userhistory_systeminfo"] as $key) { if (isset($sysarrays[$key])) { $sysinfo .= "\n$key = $sysarrays[$key]"; } } } elseif (is_array($GLOBALS["config"]["userhistory_systeminfo"])) { foreach ($GLOBALS["config"]["userhistory_systeminfo"] as $key) { if ($sysarrays[$key]) { $sysinfo .= "\n$key = $sysarrays[$key]"; } } } else { $default = array('HTTP_USER_AGENT','HTTP_REFERER','REMOTE_ADDR'); foreach ($sysarrays as $key => $val) { if (in_array($key,$default)) $sysinfo .= "\n$key = ".$val; } } $userid = Sql_Fetch_Row_Query("select id from $user_table where email = \"$email\""); if ($userid[0]) { if (isset($_SERVER["REMOTE_ADDR"])) { $ip = $_SERVER["REMOTE_ADDR"]; } else { $ip = ''; } Sql_Query(sprintf('insert into %s (ip,userid,date,summary,detail,systeminfo) values("%s",%d,now(),"%s","%s","%s")',$user_his_table,$ip,$userid[0],$msg,htmlspecialchars($detail),$sysinfo)); } } function validateEmail($email) { if ($GLOBALS["config"]["dont_require_validemail"]) return 1; if (isset($email) && (!isset($GLOBALS["check_for_host"]) || $GLOBALS["check_for_host"])) { list($username,$domaincheck) = split('@',$email); # checking for an MX is not sufficient # $mxhosts = array(); # $validhost = getmxrr ($domaincheck,$mxhosts); $validhost = checkdnsrr($domaincheck, "MX") || checkdnsrr($domaincheck, "A"); } else { $validhost = 0; } return $validhost && is_email($email); } function validMod10($no) { $dups = array(); $rev = strrev($no); for ($i=0;$i"; } return ($total % 10 == 0); # print "$no"; } function validateCC($ccno) { # credit card validation routines here # major credit cards that you might want to validate. #CARD TYPE Prefix Length Check digit algorithm #MASTERCARD 51-55 16 mod 10 #VISA 4 13,16 mod 10 #AMEX 34,37 15 mod 10 #Diners Club/Carte Blanche 300-305,36,38 14 mod 10 #Discover 6011 16 mod 10 #enRoute 2014,2149 15 any #JCB 3 16 mod 10 #JCB 2131,1800 15 mod 10 $ccno = preg_replace("/\D/","",$ccno); $length = strlen($ccno); $firsttwo = substr($ccno,0,2); $firstthree = substr($ccno,0,3); $first = substr($ccno,0,1); $firstfour = substr($ccno,0,4); if ($firsttwo >= 51 && $firsttwo <= 55) # Mastercard return $length == 16 && validMod10($ccno); elseif ($first == 4) # visa return ($length == 13 || $length == 16) && validMod10($ccno); elseif ($firsttwo == 34 || $firsttwo == 37) # Amex return $length == 15 && validMod10($ccno); elseif (($firstthree >= 300 && $firstthree <= 305) # Diners1 || ($firsttwo == 36 || $firsttwo == 38)) # Diners2 return $length == 14 && validMod10($ccno); elseif ($firstfour == 6011) # discover return $length == 16 && validMod10($ccno); elseif ($firstfour == 2014 || $firstfour == 2149) # enRoute return $length == 15; else # if it is not any of the above, we do not know how to validate it # reject 4 and 15 1s anyway apart when request is from tincan offices if ($ccno == "4111111111111111" && getenv("REMOTE_ADDR") != '213.253.144.33') { return 0; } return 1; } function loadCCvalidationFile($ccrangefile) { if (!is_file($ccrangefile)) return array(); $range = array(); $fp = fopen($ccrangefile,"rb"); $contents = fread($fp,filesize($ccrangefile)); fclose($fp); $lines = explode("\n",$contents); foreach ($lines as $line) { if (!preg_match("/^\s*#/",$line) && !preg_match("/^\s+$/",$line)) { if (preg_match("#(\d+),(\d+),(\d+)#",$line,$regs)) { array_push($range,array( "start" => $regs[1], "end" => $regs[2], "company" => sprintf('%02d',$regs[3]) )); # dbg($regs[1]. " ". $regs[2]. " -> ".$regs[3]); } elseif (preg_match("#\((\d+)\)\s*=\s*'(.*)'#",$line,$regs)) { $company[sprintf('%02d',$regs[1])] = $regs[2]; # dbg($regs[1]. " = " . $regs[2]); } } } return array($range,$company); } function ccCompany($ccno) { global $config; $ccrangefile = $config["code_root"]."/".$config["uploader_dir"]."/codelib/ccvalidation.txt"; list($ranges,$companies) = loadCCvalidationFile($ccrangefile); $first6 = substr($ccno,0,6); if (is_array($ranges)) foreach ($ranges as $range) { # dbg($range["start"]); if ($range["start"] <= $first6 && $range["end"] >= $first6) { return array($range["company"],$companies[$range["company"]]); } } return -1; } function checkCCrange($ccno) { global $config; $ccrangefile = $config["code_root"]."/".$config["uploader_dir"]."/codelib/ccvalidation.txt"; if (!is_file($ccrangefile) || !is_array($config["cc_accept_company"])) return 1; list($companyid,$companyname) = ccCompany($ccno); if ($companyid > 0 && in_array($companyid,$config["cc_accept_company"])) { # dbg($ccno . " is valid for company $companyid $companyname"); return 1; } elseif ($companyid < 0) { return -1; } else { return 0; } } function validateCCExpiry($ccexpiry) { # expiry date validation here $mon = substr($ccexpiry,0,2); if (strlen($ccexpiry) == 5) { # I presume it is with a separator $year = substr($ccexpiry,3,2); } elseif (strlen($ccexpiry) == 4) { $year = substr($ccexpiry,2,2); } else { return 0; } $yeardiff = $year - date("y"); return ($mon < 13 && $yeardiff < 9 && (($year > date("y")) || ($year == date("y") && $mon >= date("m")))); } function obscureCreditCard($cardno) { if (strlen($cardno) < 5) return $cardno; $res = substr($cardno,strlen($cardno)-4,4); for ($i=0;$i $att["name"], "value" => $att["value"], "type" => $att["type"], "attid" => $att["id"] ); switch ($att["type"]) { case "textline": case "hidden": $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] = $att["value"]; break; case "creditcardno": $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] = obscureCreditCard($att["value"]); break; case "select": $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] = AttributeValue($att["tablename"],$att["value"]); break; } # } } $d_req = Sql_Fetch_Array_Query("select * from user where email = \"$loginname\""); $_SESSION["userid"] = $d_req["id"]; foreach (array("email","disabled","confirmed","htmlemail","uniqid") as $field) { # if (!defined($_SESSION["userdata"][$field])) { $_SESSION["userdata"][$field] = array( "name" => $field, "value" => $d_req[$field], "type" => "static", "displayvalue" => $d_req[$field] ); # } } dbg("done loading user"); $_SESSION["usergroups"] = userGroups($loginname); return 1; } function addKeywordLibrary($name) { $req = Sql_Query(sprintf('select id from keywordlib where name = "%s"',$name)); if (Sql_affected_Rows()) { $row = Sql_Fetch_Row($req); return $row[0]; } Sql_Query(sprintf('insert into keywordlib (name) values("%s")',$name)); return Sql_Insert_id(); } function getNewAttributeTablename($name) { global $table_prefix,$tables; if ($tables["attribute"]) { $table = $tables["attribute"]; } else { $table = "attribute"; } $lc_name = substr(preg_replace("/\W/","", strtolower($name)),0,10); # if ($lc_name == "") Fatal_Error("Name cannot be empty: $lc_name"); if (!$lc_name) $lc_name = "attribute"; Sql_Query("select * from $table where tablename = \"$lc_name\""); # if (Sql_Affected_Rows()) Fatal_Error("Name is not unique enough"); $c = 1; $basename = $lc_name; while (Sql_Affected_Rows() && $c < 100) { $lc_name = $basename.$c; Sql_Query("select * from $table where tablename = \"$lc_name\""); $c++; } return $lc_name; } function isGuestAccount() { if (!is_array($_SESSION["userdata"])) { return 1; } if ($GLOBALS["config"]["guestaccount_attribute"]) { return $_SESSION['userdata'][$GLOBALS["config"]["guestaccount_attribute"]]['value']; } if ($GLOBALS["config"]["guestaccount_email_match"]) { return preg_match($GLOBALS["config"]["guestaccount_email_match"],$_SESSION["userdata"]["email"]["value"]); } } function saveUserAttribute($userid,$attid,$data) { if ($data["nodbsave"]) { dbg("Not saving $attid"); return; } if (strtolower($data) == 'invalid attribute index') { return; } if ($attid == "emailcheck" || $attid == "passwordcheck") { dbg("Not saving $attid"); return; } if (!$data["type"]) $data["type"] = "textline"; if ($data["type"] == "static" || $data["type"] == "password") { Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid,$data["value"],$userid)); if ($data["type"] == "password") { Sql_Query(sprintf('update user set passwordchanged = now() where id = %d', $userid)); } return 1; } $attid_req = Sql_Fetch_Row_Query(sprintf(' select id,type,tablename from attribute where id = %d',$attid)); if (!$attid_req[0]) { $attid_req = Sql_Fetch_Row_Query(sprintf(' select id,type,tablename from attribute where name = "%s"',$data["name"])); if (!$attid_req[0]) { if ($GLOBALS["config"]["autocreate_attributes"]) { Dbg("Creating new Attribute: ".$data["name"]); sendError("creating new attribute ".$data["name"]); $atttable= getNewAttributeTablename($data["name"]); Sql_Query(sprintf('insert into attribute (name,type,tablename) values("%s","%s","%s")',$data["name"],$data["type"],$atttable)); $attid = Sql_Insert_Id(); } else { dbg("Not creating new Attribute: ".$data["name"]); # sendError("Not creating new attribute ".$data["name"]); } } else { $attid = $attid_req[0]; $atttable = $attid_req[2]; } } else { $attid = $attid_req[0]; $atttable = $attid_req[2]; } if (!$atttable) { $atttable = getNewAttributeTablename($data["name"]); # fix attribute without tablename Sql_Query(sprintf('update attribute set tablename ="%s" where id = %d', $atttable,$attid)); # sendError("Attribute without Tablename $attid"); } switch ($data["type"]) { case "static": case "password": Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid,$data["value"],$userid)); break; case "select": $curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s where name = "%s"',$atttable,$data["displayvalue"]),1); if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') { Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")',$atttable, $data["displayvalue"])); sendError("Added ".$data["displayvalue"]." to $atttable"); $valid = Sql_Insert_id(); } else { $valid = $curval[0]; } Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value) values(%d,%d,"%s")',$userid,$attid,$valid)); break; default: Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value) values(%d,%d,"%s")',$userid,$attid,$data["value"])); break; } return 1; } function saveUserByID($userid,$data) { while (list($key,$val) = each($data)) { if (preg_match("/^attribute(\d+)/",$key,$regs)) { $attid = $regs[1]; } else { $attid = $key; } dbg("Saving attribute $key, $attid, $val for $userid"); if ($userid && $attid && $data[$key]["type"] != "userfield" && !$data[$key]["nodbsave"]) saveUserAttribute($userid,$attid,$val); } } function saveUser($loginname,$data) { # saves user to database $id_req = Sql_Fetch_Row_Query("select id from user where email = \"$loginname\""); if ($id_req[0]) { $userid = $id_req[0]; while (list($key,$val) = each($data)) { if (ereg("^attribute(\d+)",$key,$regs)) { $attid = $regs[1]; } dbg("Saving attribute $key, $attid, $val for $loginname, $userid"); if ($userid && $attid) saveUserAttribute($userid,$key,$val); } } return 1; } function saveUserData($username,$fields) { # saves data in session, not in database dbg("Saving user $username"); if (!is_array($_SESSION["userdata"])) { initialiseUserSession(); } if (!$username) { $username = 'Unknown User'; } $res = ""; $required_fields = explode(",",$_POST["required"]); if ($_POST["unrequire"]) { $unrequired_fields = explode(",",$_POST["unrequire"]); $required_fields = array_diff($required_fields,$unrequired_fields); } else { $unrequired_fields = array(); } $required_formats = explode(",",$_POST["required_formats"]); $description_fields = explode(",",$_POST["required_description"]); reset($fields); # dbg("Checking fields"); foreach ($fields as $fname => $fielddetails) { # dbg($fname); $key = $fname; $val = $_POST[$fname]; if (!ereg("required",$key) && $key != "unrequire" && $fields[$key]["type"] != "separator" && $fields[$key]["type"] != "emailcheck" && $fields[$key]["type"] != "passwordcheck" ) { # dbg($fname ." of type ".$fields[$key]["type"]); if (!is_array($_SESSION["userdata"][$key])) $_SESSION["userdata"][$key] = array(); $_SESSION["userdata"][$key]["name"] = $fields[$key]["name"]; $_SESSION["userdata"][$key]["type"] = $fields[$key]["type"]; if ($fields[$key]["type"] == "creditcardno") { # dont overwrite known CC with *** if (!preg_match("#^\*+#",$val)) { $_SESSION["userdata"][$key]["value"] = ltrim($val); } } else { $_SESSION["userdata"][$key]["value"] = ltrim($val); } if ($fields[$key]["type"] == "select") { if (!empty($val) && is_array($fields[$key]["values"])) { $_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val]; } } elseif ($fields[$key]["type"] == "checkboxgroup") { $_SESSION["userdata"][$key]["value"] = join(",",$val); } elseif ($fields[$key]["type"] == "creditcardno") { # erase any non digits from the CC numbers $_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]); $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]); } elseif ($fields[$key]["name"] == "Card Number") { $_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]); $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]); /* $_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4); for ($i=0;$i $field_attr_value) { if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\d+$/",$key) && !preg_match("/^\d+$/",$field_attr) ) { $_SESSION["userdata"][$key][$field_attr] = $field_attr_value; } } # save it to the DB as well } else { # dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]); } } # fix UK postcodes to correct format if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") { $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"]; $postcode = strtoupper(str_replace(" ","",$postcode)); if (preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) { $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1])." ".$regs[2]; $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1])." ".$regs[2]; } } # dbg("Checking required fields"); reset($required_fields); while (list($index,$field) = each ($required_fields)) { $type = $fields[$field]["type"]; # dbg("$field of type $type"); if ($field && !$_SESSION["userdata"][$field]["value"]) { $res = "Information missing: ".$description_fields[$index]; break; } else if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]),$_SESSION["userdata"][$field]["value"])) { $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"]; break; } else if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) { $res = "Sorry, the following field cannot be validated: ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"]; break; } else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\d/",$_SESSION["userdata"]["attribute82"]["value"])) { $res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number."; break; } else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) { $res = "Sorry, an issue number is not valid when not using a Switch Card"; break; } else if (($type == "creditcardno" || $field == "cardnumber") && !checkCCrange($_SESSION["userdata"][$field]["value"])) { list($cid,$cname) = ccCompany($_SESSION["userdata"][$field]["value"]); if (!$cname) $cname = '(Unknown Credit card)'; $res = "Sorry, we currently don't accept $cname cards"; break; } else if (($type == "creditcardno" || $field == "cardnumber") && !validateCC($_SESSION["userdata"][$field]["value"])) { $res = "Sorry, you entered an invalid ".$description_fields[$index];#.": ".$_SESSION["userdata"][$field]["value"]; break; } else if (($type == "creditcardexpiry" ||$field == "cardexpiry") && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) { $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"]; break; } } if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") { $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"]; if (!preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) { $res = "That does not seem to be a valid UK postcode"; } elseif (!preg_match("/^[\s\w\d]+$/",$postcode,$regs)) { $res = "That does not seem to be a valid UK postcode"; } } if (is_array($GLOBALS["config"]["bocs_dpa"])) { if (!is_array($_SESSION["DPA"])) $_SESSION["DPA"] = array(); foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) { if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) { $_SESSION["DPA"][$val] = "Y"; } else { $_SESSION["DPA"][$val] = "N"; } } } # if no error in form check for subscriptions if (!$res && is_object($GLOBALS["config"]["plugins"]["phplist"])) { $phplist = $GLOBALS["config"]["plugins"]["phplist"]; foreach ($_SESSION["userdata"] as $key => $field) { if (($field["formtype"] == "List Subscription" || $field["type"] == "List Subscription") && $field["listid"]) { $listid = $field["listid"]; if ($field["value"]) { if ($phplist->addEmailToList($_SESSION["userdata"]["email"]["value"],$listid)) { $phplist->confirmEmail($_SESSION["userdata"]["email"]["value"]); # sendError("User added to list: $listid"); } else { # sendError("Error adding user to list: $listid"); } } #else { #$phplist->removeEmailFromList($_SESSION["userdata"]["email"]["value"],$listid); #} } } } return $res; } ?> Subscribe to our NewslettersSubscribe
Home  
 
about  
trailers  
news  
press  
subscribe  
Purchase  
Contact  
   
  Please subscribe to our newsletter if you's like to receive updates on the Indies Under Fire documentary. Your email address will be kept confidential and will never be shared or sold.

Email
Preferred format for emails:
Text HTML



Unsubscribe