function process_form()
{
// INITIAL DATA FETCHING
global $name, $email, $cell, $yog, $mailings;
// so that the show_form function can use these values later
$name = htmlentities(ucwords(trim(strtolower($_POST['name']), ' \\-\'')));
foreach (array('-', '\'') as $delimiter) {
if (strpos($name, $delimiter) !== false) {
$name = implode($delimiter, array_map('ucfirst', explode($delimiter, $name)));
}
}
// forces characters after spaces, hyphens and apostrophes to be capitalized
$name = preg_replace('/[\\s\']*\\-+[\\s\']*/', '-', $name);
// removes hyphens not between two characters
$name = preg_replace('/[\\s\\-]*\'+[\\s\\-]*/', '\'', $name);
// removes apostrophes not between two characters
$name = preg_replace('/\\s+/', ' ', $name);
// removes multiple consecutive spaces
$name = preg_replace('/\\-+/', '-', $name);
// removes multiple consecutive hyphens
$name = preg_replace('/\'+/', '\'', $name);
// removes multiple consecutive apostrophes
$email = htmlentities(strtolower($_POST['email']));
$cell = htmlentities($_POST['cell']);
$yog = $_POST['yog'];
$pass = $_POST['pass1'];
$mailings = '0';
if ($_POST['mailings'] == 'Yes') {
$mailings = '1';
}
// CHECK THAT THE NAME IS VALID
if (($name = sanitize_username($name)) === false) {
alert('Your name must have only letters, hyphens, apostrophes, and spaces, and be between 3 and 30 characters long', -1);
show_form();
return;
}
if (strpos($name, ' ') == false) {
alert('Please enter both your first <span class="i">and</span> last name', -1);
show_form();
return;
}
// CHECK THAT THE EMAIL ADDRESS IS VALID
if (!val('e', $email)) {
alert('That\'s not a valid email address', -1);
show_form();
return;
}
// CHECK AND FORMAT CELL PHONE NUMBER
if ($cell != '' && ($cell = format_phone_number($cell)) === false) {
//Validate the format of the cell phone number (if it's not left blank)
alert('That\'s not a valid cell phone number', -1);
show_form();
return;
}
// CHECK THAT THE YOG IS VALID
$grade = intval(getGradeFromYOG($yog));
if ($grade < 9 || $grade > 12) {
alert('That is not a valid YOG (' . $grade . 'you have to be in high school)', -1);
show_form();
return;
}
// CHECK THAT THE PASSWORDS MATCH, MEET MINIMUM LENGTH
if ($pass != $_POST['pass2']) {
alert('The passwords that you entered do not match', -1);
show_form();
return;
}
if (strlen($pass) < 6) {
alert('Please choose a password that has at least 6 characters', -1);
show_form();
return;
}
// CHECK THAT THEY ENTERED THE RECAPTCHA CORRECTLY
// CURRENTLY BROKEN: NEED TO UPDATE RECAPTCHA
/*
$recaptcha_msg = validate_recaptcha();
if ($recaptcha_msg !== true) {
alert($recaptcha_msg, -1);
show_form();
return;
}
*/
// CHECK THAT AN ACCOUNT WITH THAT EMAIL DOES NOT ALREADY EXIST
// this is done *after* checking the reCaptcha to prevent bots from harvesting our email
// addresses via a brute-force attack.
if (DBExt::queryCount('users', 'LOWER(email)=LOWER(%s)', $email) != 0) {
alert('An account with that email address already exists', -1);
show_form();
return;
}
// CHECK THAT AN ACCOUNT WITH THE SAME NAME IN THE SAME GRADE DOES NOT EXIST
// - with the exception that if it's permissions = 'E', they probably mistyped their email and are redoing it.
if (DBExt::queryCount('users', 'LOWER(name)=%s AND yog=%i AND permissions!="E"', strtolower($name), $yog) != 0) {
alert('An account in your grade with that name already exists', -1);
show_form();
return;
}
// ** All information has been validated at this point **
$verification_code = generate_code(5);
// for verifying ownership of the email address
// Check if email address has been pre-approved
if (isset($_SESSION['PREAPPROVED']) && $email === $_SESSION['PREAPPROVED']) {
$approved = '1';
// skip Captain approval
$verification_code = '1';
// skip email verification (already done)
} else {
$approved = '0';
}
// Create database entry
$passhash = hash_pass($email, $pass);
if ($cell == '') {
$cell = 'None';
} else {
$cell = preg_replace('#[^\\d]#', '', $_POST['cell']);
}
// remove non-numbers from cell phone # again
DB::insert('users', array('name' => $name, 'email' => $email, 'passhash' => $passhash, 'cell' => $cell, 'yog' => $yog, 'mailings' => $mailings, 'approved' => $approved, 'email_verification' => $verification_code, 'registration_ip' => htmlentities(strtolower($_SERVER['REMOTE_ADDR']))));
set_login_data(DB::insertId());
// LOG THEM IN
// For pre-approved members:
if ($approved == '1') {
global $WEBMASTER_EMAIL;
$to = array($email => $name);
$subject = 'Account Created';
$body = <<<HEREDOC
Welcome to the LHS Math Club website, {$name}!
Your account has been created. If you have any questions about the site, please email
the webmaster at {$WEBMASTER_EMAIL}
HEREDOC;
send_email($to, $subject, $body, $WEBMASTER_EMAIL);
$_SESSION['HOME_welcome'] = 'Welcome to the LHS Math Club website, ' . $name . '!';
header('Location: Home');
}
$_SESSION['ACCOUNT_do_send_verification_email'] = true;
header('Location: Verify_Email');
}
function getTextGradeFromYOG($yog)
{
$grade = getGradeFromYOG($yog);
if ($grade <= 12 && $grade >= 9) {
return 'Grade ' . strval($grade);
} elseif ($grade > 12) {
return 'Alumni';
} else {
return 'Middle School';
}
}
