} } if ($_FILES['att2']['name'] != '') { $all1 = JB_is_filetype_allowed($_FILES['att2']['name']); $all2 = JB_is_imagetype_allowed($_FILES['att2']['name']); if ($all1 == false && $all2 == false) { $label['app_att_not_allowed'] = str_replace("%FILE_NAME%", $_FILES['att2']['name'], $label['app_att_not_allowed']); $error .= $APM->get_error_line($label["app_att_not_allowed"]); } if ($_FILES['att2']['error']) { $label['app_att_too_big'] = str_replace("%FILE_NAME%", $_FILES['att2']['name'], $label['app_att_too_big']); $error .= $APM->get_error_line($label["app_att_too_big"]); } } if ($_FILES['att3']['name'] != '') { $all1 = JB_is_filetype_allowed($_FILES['att3']['name']); $all2 = JB_is_imagetype_allowed($_FILES['att3']['name']); if ($all1 == false && $all2 == false) { $label['app_att_not_allowed'] = str_replace("%FILE_NAME%", $_FILES['att3']['name'], $label['app_att_not_allowed']); $error .= $APM->get_error_line($label["app_att_not_allowed"]); } if ($_FILES['att3']['error']) { $label['app_att_too_big'] = str_replace("%FILE_NAME%", $_FILES['att3']['name'], $label['app_att_too_big']); $error .= $label['app_att_too_big'] . $APM->get_line_break(); } } if (!JB_validate_mail($EMAIL)) { $error = $label['app_employer_email_invalid'] . $APM->get_line_break(); } $success = false; if ($error != '') {
function JB_validate_form_data() { global $label; $DFM = $this->get_DynamicFormMarkup(); $errors = array(); $sql = "SELECT *, t2.field_label AS LABEL, t2.error_message as error_message FROM form_fields as t1, form_field_translations as t2 WHERE t1.field_id=t2.field_id AND t2.lang='" . JB_escape_sql($_SESSION['LANG']) . "' AND form_id='" . JB_escape_sql($this->form_id) . "' AND field_type != 'SEPERATOR' AND field_type != 'BLANK' AND field_type != 'NOTE' order by field_sort"; $result = JB_mysql_query($sql) or die(mysql_error()); while ($field_row = mysql_fetch_array($result, MYSQL_ASSOC)) { JBPLUG_do_callback('validate_form_data_init_row', $field_row); // fit to database $_REQUEST[$field_row['field_id']] = jb_fit_to_db_size($field_row['field_type'], $_REQUEST[$field_row['field_id']]); $custom_error = null; // The following is a hook for plugins to set a custom error message // plugins should set the $custom_error to the error message or // false if no error message was set JBPLUG_do_callback('validate_form_data_custom_field', $custom_error, $field_row); if ($custom_error !== null) { if ($custom_error) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $custom_error); } continue; } if ($field_row['field_type'] == 'TEXT' || $field_row['field_type'] == 'TEXTAREA' || $field_row['field_type'] == 'EDITOR') { if (JB_check_for_bad_words($_REQUEST[$field_row['field_id']])) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['bad_words_not_accept']); } } if ($field_row['field_type'] == 'CATEGORY' && is_numeric($_REQUEST[$field_row['field_id']])) { $sql = "SELECT * FROM categories WHERE category_id='" . jb_escape_sql($_REQUEST[$field_row['field_id']]) . "' "; $cat_result = jb_mysql_query($sql); if ($cat_row = mysql_fetch_array($cat_result)) { if ($cat_row['allow_records'] == 'N') { $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['cat_records_not_allow']); } } } if (JB_BREAK_LONG_WORDS == 'YES') { if ($field_row['field_type'] == 'TEXT' || $field_row['field_type'] == 'TEXTAREA') { // HTML not allowed $_REQUEST[$field_row['field_id']] = trim(stripslashes(JB_break_long_words(addslashes($_REQUEST[$field_row['field_id']]), false))); } elseif ($field_row['field_type'] == 'EDITOR') { // HTML allowed, 2nd arg pass true $_REQUEST[$field_row['field_id']] = trim(addslashes(JB_break_long_words(stripslashes($_REQUEST[$field_row['field_id']]), true))); } } // clean the data.. if (JB_STRIP_LATIN1 == 'YES') { $_REQUEST[$field_row['field_id']] = JB_remove_non_latin1_chars($_REQUEST[$field_row['field_id']]); } if ($field_row['field_type'] == 'EDITOR' || $field_row['field_type'] == 'TEXTAREA') { if (JB_STRIP_HTML == 'YES') { // tags are allowed, remove them except on the white list. $_REQUEST[$field_row['field_id']] = stripslashes($_REQUEST[$field_row['field_id']]); $_REQUEST[$field_row['field_id']] = JB_clean_str($_REQUEST[$field_row['field_id']]); $_REQUEST[$field_row['field_id']] = addslashes($_REQUEST[$field_row['field_id']]); } } if (($field_row['field_type'] == 'FILE' || $field_row['field_type'] == 'IMAGE') && $_FILES[$field_row['field_id']]['name'] != '') { $a = explode(".", $_FILES[$field_row['field_id']]['name']); $ext = array_pop($a); if (!JB_is_filetype_allowed($_FILES[$field_row['field_id']]['name']) && $field_row['field_type'] == 'FILE') { $label['vaild_file_ext_error'] = str_replace("%EXT_LIST%", JB_ALLOWED_EXT, $label['vaild_file_ext_error']); $label['vaild_file_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_file_ext_error']); $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_file_ext_error']); } if (!JB_is_imagetype_allowed($_FILES[$field_row['field_id']]['name']) && $field_row['field_type'] == 'IMAGE') { $label['vaild_image_ext_error'] = str_replace("%EXT_LIST%", JB_ALLOWED_IMG, $label['vaild_image_ext_error']); $label['vaild_image_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_image_ext_error']); $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_image_ext_error']); } if (get_cfg_var('open_basedir') == NULL) { // open_basedir disabled // file size check when open_basedir is in effect if (@filesize($_FILES[$field_row['field_id']]['tmp_name']) > JB_MAX_UPLOAD_BYTES) { $label['valid_file_size_error'] = str_replace("%FILE_NAME%", $_FILES[$field_row['field_id']]['name'], $label['valid_file_size_error']); $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_image_ext_error']); } } } if ($field_row['is_required'] == 'Y') { if ($field_row['field_type'] == 'DATE' || $field_row['field_type'] == 'DATE_CAL') { $field_row['reg_expr'] = 'date'; // default to date check } if ($field_row['field_type'] == 'FILE' || $field_row['field_type'] == 'IMAGE') { if ($_REQUEST[$field_row['field_id']]) { // already uploaded a file, no error } continue; // go to the next item in the while() loop to process the next field. } if ($field_row['field_type'] == 'IMAGE') { continue; } switch ($field_row['reg_expr']) { case "not_empty": if ($field_row['field_type'] == 'GMAP') { if ($_REQUEST[$field_row['field_id'] . '_lat'] == 0 || $_REQUEST[$field_row['field_id'] . '_lng'] == 0) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } } elseif (trim($_REQUEST[$field_row['field_id']] == '')) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; case "email": if (!JB_validate_mail(trim($_REQUEST[$field_row['field_id']]))) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; case "date": if ($field_row['field_type'] == 'DATE') { $day = $_REQUEST[$field_row['field_id'] . "d"]; $month = $_REQUEST[$field_row['field_id'] . "m"]; $year = $_REQUEST[$field_row['field_id'] . "y"]; } if ($field_row['field_type'] == 'DATE_CAL') { $temp_date = JB_SCWDate_to_ISODate($_REQUEST[$field_row['field_id']]); preg_match('/(\\d+)-(\\d+)-(\\d+)/', JB_SCWDate_to_ISODate($_REQUEST[$field_row['field_id']]), $m); $year = $m[1]; $month = $m[2]; $day = $m[3]; } else { $ts = strtotime($field_row['field_id'] . " GMT"); if ($ts > 0) { $day = date('d', $ts); $month = date('m', $ts); $year = date('y', $ts); } } if ($month == '' || $day == '' || $year == '' || !@checkdate(intval($month), intval($day), intval($year))) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; case 'numeric': if (!is_numeric(trim($_REQUEST[$field_row['field_id']]))) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; default: break; } } } $error = ''; JBPLUG_do_callback('validate_form_data', $error, $this->form_id); if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } return $errors; }