function loadUser($loginname = "") {
dbg("Loading User");
if (!Sql_Table_exists("user")) return;
initialiseUserSession();
if (!$loginname) {
if ($_SESSION["userloggedin"] != "" && $_SESSION["username"] != "") {
$loginname = $_SESSION["username"];
} else {
return "";
}
}
$att_req = Sql_Query(sprintf('select attribute.id,
%s.name,%s.type,
%s.value,%s.tablename from %s,%s,%s
where %s.userid = %s.id and %s.email = "%s" and %s.id = %s.attributeid',
"attribute",
"attribute",
"user_attribute",
"attribute",
"user",
"user_attribute",
"attribute",
"user_attribute",
"user",
"user",
$loginname,
"attribute",
"user_attribute"
));
while ($att = Sql_fetch_array($att_req)) {
# if (!defined($_SESSION["userdata"]["attribute".$att["id"]])) {
$_SESSION["userdata"]["attribute".$att["id"]] = array(
"name" => $att["name"],
"value" => $att["value"],
"type" => $att["type"],
"attid" => $att["id"]
);
switch ($att["type"]) {
case "textline":
case "hidden":
$_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] =
$att["value"];
break;
case "creditcardno":
$_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] =
obscureCreditCard($att["value"]);
break;
case "select":
$_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] =
AttributeValue($att["tablename"],$att["value"]);
break;
}
# }
}
$d_req = Sql_Fetch_Array_Query("select * from user where email = \"$loginname\"");
$_SESSION["userid"] = $d_req["id"];
foreach (array("email","disabled","confirmed","htmlemail","uniqid") as $field) {
# if (!defined($_SESSION["userdata"][$field])) {
$_SESSION["userdata"][$field] = array(
"name" => $field,
"value" => $d_req[$field],
"type" => "static",
"displayvalue" => $d_req[$field]
);
# }
}
dbg("done loading user");
$_SESSION["groups"] = userGroups($loginname);
return 1;
}
function saveUserData($username, $fields)
{
# saves data in session, not in database
if (!is_array($_SESSION["userdata"])) {
initialiseUserSession();
}
if (!empty($GLOBALS['usersaved'])) {
return;
}
if (!$username) {
$username = '******';
}
dbg("Saving user in session {$username}", '', DBG_TRACE);
$res = "";
$required_fields = explode(",", $_POST["required"]);
if ($_POST["unrequire"]) {
$unrequired_fields = explode(",", $_POST["unrequire"]);
$required_fields = array_diff($required_fields, $unrequired_fields);
} else {
$unrequired_fields = array();
}
$required_formats = explode(",", $_POST["required_formats"]);
$description_fields = explode(",", $_POST["required_description"]);
reset($fields);
# dbg("Checking fields");
foreach ($fields as $fname => $fielddetails) {
dbg('Saving user Saving ' . $fname . ' to session ' . $_POST[$fname]);
# dbg($fielddetails);
$key = $fname;
$val = $_POST[$fname];
if (strpos($key, "required") === false && $key != "unrequire" && $fields[$key]["type"] != "separator" && $fields[$key]["type"] != "emailcheck" && $fields[$key]["type"] != "passwordcheck") {
# dbg($fname ." of type ".$fields[$key]["type"]);
if (!is_array($_SESSION["userdata"][$key])) {
$_SESSION["userdata"][$key] = array();
}
$_SESSION["userdata"][$key]["name"] = $fields[$key]["name"];
$_SESSION["userdata"][$key]["type"] = $fields[$key]["type"];
if ($fields[$key]["type"] == "date") {
$_SESSION["userdata"][$key]["value"] = sprintf('%04d-%02d-%02d', $_POST['year'][$key], $_POST['month'][$key], $_POST['day'][$key]);
$_SESSION["userdata"][$key]["displayvalue"] = $_SESSION["userdata"][$key]["value"];
} elseif ($fields[$key]["type"] == "creditcardno") {
# dont overwrite known CC with ***
if (!preg_match("#^\\*+#", $val)) {
$_SESSION["userdata"][$key]["value"] = ltrim($val);
}
} else {
$_SESSION["userdata"][$key]["value"] = ltrim($val);
}
if ($fields[$key]["type"] == "select") {
if (!empty($val) && is_array($fields[$key]["values"])) {
$_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val];
}
} elseif ($fields[$key]["type"] == "checkboxgroup") {
if (is_array($val)) {
// if val is empty join crashes
$_SESSION["userdata"][$key]["value"] = join(",", $val);
}
} elseif ($fields[$key]["type"] == "creditcardno") {
# erase any non digits from the CC numbers
$_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]);
$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
} elseif ($fields[$key]["name"] == "Card Number") {
$_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]);
$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
/* $_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4);
for ($i=0;$i<strlen($_SESSION["userdata"][$key]["value"]-4);$i++) {
$_SESSION["userdata"][$key]["displayvalue"] .= '*';
}
*/
} else {
$_SESSION["userdata"][$key]["displayvalue"] = $val;
}
foreach ($fielddetails as $field_attr => $field_attr_value) {
if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\\d+\$/", $key) && !preg_match("/^\\d+\$/", $field_attr)) {
$_SESSION["userdata"][$key][$field_attr] = $field_attr_value;
}
}
# save it to the DB as well
} else {
# dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]);
}
}
# fix UK postcodes to correct format
if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) {
$postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"];
$postcode = strtoupper(str_replace(" ", "", $postcode));
if (preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) {
$_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1]) . " " . $regs[2];
$_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1]) . " " . $regs[2];
}
}
dbg("Checking required fields");
reset($required_fields);
while (list($index, $field) = each($required_fields)) {
$type = $fields[$field]["type"];
# dbg("$field of type $type");
if ($type != 'userfield' && $type != '') {
### @@@ need to check why type is not set
if ($field && !$_SESSION["userdata"][$field]["value"]) {
$res = "Information missing: " . $description_fields[$index];
break;
} else {
if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]), $_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
break;
} else {
if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, the following field cannot be validated: " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
break;
} elseif ($field == "emailcheck" && $_SESSION["userdata"]["email"]["value"] != $_SESSION["userdata"]["emailcheck"]["value"]) {
$res = "Emails entered are not the same";
break;
} else {
if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\\d/", $_SESSION["userdata"]["attribute82"]["value"])) {
$res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number.";
break;
} else {
if ($field == "cardtype" && isset($_SESSION["userdata"][$field]["value"]) && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) {
$res = "Sorry, an issue number is not valid when not using a Switch Card";
break;
} else {
if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !checkCCrange($_SESSION["userdata"][$field]["value"])) {
list($cid, $cname) = ccCompany($_SESSION["userdata"][$field]["value"]);
if (!$cname) {
$cname = '(Unknown Credit card)';
}
$res = "Sorry, we currently don't accept {$cname} cards";
break;
} else {
if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !validateCC($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid " . $description_fields[$index];
#.": ".$_SESSION["userdata"][$field]["value"];
break;
} else {
if (($type == "creditcardexpiry" || $field == "cardexpiry") && isset($_SESSION["userdata"][$field]["value"]) && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
break;
}
}
}
}
}
}
}
}
}
}
if (0 && isset($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"]) && $_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) {
$postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"];
if (!preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) {
$res = "That does not seem to be a valid UK postcode";
} elseif (!preg_match("/^[\\s\\w\\d]+\$/", $postcode, $regs)) {
$res = "That does not seem to be a valid UK postcode";
}
}
/* if (is_array($GLOBALS["config"]["bocs_dpa"])) {
if (!is_array($_SESSION["DPA"]))
$_SESSION["DPA"] = array();
foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) {
if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) {
$_SESSION["DPA"][$val] = "Y";
} else {
$_SESSION["DPA"][$val] = "N";
}
}
}*/
# if no error in form check for subscriptions
if (!$res && is_object($GLOBALS["config"]["plugins"]["phplist"])) {
$phplist = $GLOBALS["config"]["plugins"]["phplist"];
foreach ($_SESSION["userdata"] as $key => $field) {
if (($field["formtype"] == "List Subscription" || $field["type"] == "List Subscription") && $field["listid"]) {
$listid = $field["listid"];
if ($field["value"] && isset($_SESSION["userdata"]["email"])) {
if ($phplist->addEmailToList($_SESSION["userdata"]["email"]["value"], $listid)) {
$phplist->confirmEmail($_SESSION["userdata"]["email"]["value"]);
# sendError("User added to list: $listid");
} else {
# sendError("Error adding user to list: $listid");
}
}
#else {
#$phplist->removeEmailFromList($_SESSION["userdata"]["email"]["value"],$listid);
#}
}
}
}
$GLOBALS['usersaved'] = time();
return $res;
}
