/**
* Validate if captcha code is correct.
*
* @param string $fieldName Name of the captcha field.
*
* @return bool
*/
public static function validateCaptcha($fieldName)
{
if (!validateNotEmpty($fieldName)) {
return false;
}
if (!validateNoSpaces($fieldName)) {
return false;
}
if (Request::getFieldValue($fieldName) != Session::get($fieldName)) {
Errors::saveErrorFor($fieldName, \__ERRORS::INVALID_CAPTCHA_CODE);
return false;
}
return true;
}
function validateUniqueSQL($columname, $tablename, $val, $id, $idval)
{
global $VALIDATE_TEXT;
$VALIDATE_TEXT = "";
// escape everything first
$columname = mysql_real_escape_string($columname);
$tablename = mysql_real_escape_string($tablename);
$val = mysql_real_escape_string($val);
$id = mysql_real_escape_string($id);
$idval = mysql_real_escape_string($idval);
// if there are any spaces in anything then something is wrong
if (!validateNoSpaces($columname) || !validateNoSpaces($tablename) || !validateNoSpaces($val) || !validateNoSpaces($id) || !validateNoSpaces($idval)) {
$VALIDATE_TEXT = "ERROR: Invalid sql";
return false;
// maybe return something else
}
// do the sql check
$sql = "select * from {$tablename} where {$columname} = '{$val}'";
if ($id != "" && $idval != "") {
$sql .= " and {$id} != '{$idval}'";
}
$result = mysql_query($sql) or die('Query failed: (' . $sql . '): ' . mysql_error());
$count = mysql_num_rows($result);
if ($count == 0) {
$VALIDATE_TEXT = "";
return true;
}
$VALIDATE_TEXT = "Item is not unique, enter another";
return false;
}
