function loadUser($loginname = "") { dbg("Loading User"); if (!Sql_Table_exists("user")) return; initialiseUserSession(); if (!$loginname) { if ($_SESSION["userloggedin"] != "" && $_SESSION["username"] != "") { $loginname = $_SESSION["username"]; } else { return ""; } } $att_req = Sql_Query(sprintf('select attribute.id, %s.name,%s.type, %s.value,%s.tablename from %s,%s,%s where %s.userid = %s.id and %s.email = "%s" and %s.id = %s.attributeid', "attribute", "attribute", "user_attribute", "attribute", "user", "user_attribute", "attribute", "user_attribute", "user", "user", $loginname, "attribute", "user_attribute" )); while ($att = Sql_fetch_array($att_req)) { # if (!defined($_SESSION["userdata"]["attribute".$att["id"]])) { $_SESSION["userdata"]["attribute".$att["id"]] = array( "name" => $att["name"], "value" => $att["value"], "type" => $att["type"], "attid" => $att["id"] ); switch ($att["type"]) { case "textline": case "hidden": $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] = $att["value"]; break; case "creditcardno": $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] = obscureCreditCard($att["value"]); break; case "select": $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] = AttributeValue($att["tablename"],$att["value"]); break; } # } } $d_req = Sql_Fetch_Array_Query("select * from user where email = \"$loginname\""); $_SESSION["userid"] = $d_req["id"]; foreach (array("email","disabled","confirmed","htmlemail","uniqid") as $field) { # if (!defined($_SESSION["userdata"][$field])) { $_SESSION["userdata"][$field] = array( "name" => $field, "value" => $d_req[$field], "type" => "static", "displayvalue" => $d_req[$field] ); # } } dbg("done loading user"); $_SESSION["groups"] = userGroups($loginname); return 1; }
function saveUserData($username, $fields) { # saves data in session, not in database if (!is_array($_SESSION["userdata"])) { initialiseUserSession(); } if (!empty($GLOBALS['usersaved'])) { return; } if (!$username) { $username = '******'; } dbg("Saving user in session {$username}", '', DBG_TRACE); $res = ""; $required_fields = explode(",", $_POST["required"]); if ($_POST["unrequire"]) { $unrequired_fields = explode(",", $_POST["unrequire"]); $required_fields = array_diff($required_fields, $unrequired_fields); } else { $unrequired_fields = array(); } $required_formats = explode(",", $_POST["required_formats"]); $description_fields = explode(",", $_POST["required_description"]); reset($fields); # dbg("Checking fields"); foreach ($fields as $fname => $fielddetails) { dbg('Saving user Saving ' . $fname . ' to session ' . $_POST[$fname]); # dbg($fielddetails); $key = $fname; $val = $_POST[$fname]; if (strpos($key, "required") === false && $key != "unrequire" && $fields[$key]["type"] != "separator" && $fields[$key]["type"] != "emailcheck" && $fields[$key]["type"] != "passwordcheck") { # dbg($fname ." of type ".$fields[$key]["type"]); if (!is_array($_SESSION["userdata"][$key])) { $_SESSION["userdata"][$key] = array(); } $_SESSION["userdata"][$key]["name"] = $fields[$key]["name"]; $_SESSION["userdata"][$key]["type"] = $fields[$key]["type"]; if ($fields[$key]["type"] == "date") { $_SESSION["userdata"][$key]["value"] = sprintf('%04d-%02d-%02d', $_POST['year'][$key], $_POST['month'][$key], $_POST['day'][$key]); $_SESSION["userdata"][$key]["displayvalue"] = $_SESSION["userdata"][$key]["value"]; } elseif ($fields[$key]["type"] == "creditcardno") { # dont overwrite known CC with *** if (!preg_match("#^\\*+#", $val)) { $_SESSION["userdata"][$key]["value"] = ltrim($val); } } else { $_SESSION["userdata"][$key]["value"] = ltrim($val); } if ($fields[$key]["type"] == "select") { if (!empty($val) && is_array($fields[$key]["values"])) { $_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val]; } } elseif ($fields[$key]["type"] == "checkboxgroup") { if (is_array($val)) { // if val is empty join crashes $_SESSION["userdata"][$key]["value"] = join(",", $val); } } elseif ($fields[$key]["type"] == "creditcardno") { # erase any non digits from the CC numbers $_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]); $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]); } elseif ($fields[$key]["name"] == "Card Number") { $_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]); $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]); /* $_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4); for ($i=0;$i<strlen($_SESSION["userdata"][$key]["value"]-4);$i++) { $_SESSION["userdata"][$key]["displayvalue"] .= '*'; } */ } else { $_SESSION["userdata"][$key]["displayvalue"] = $val; } foreach ($fielddetails as $field_attr => $field_attr_value) { if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\\d+\$/", $key) && !preg_match("/^\\d+\$/", $field_attr)) { $_SESSION["userdata"][$key][$field_attr] = $field_attr_value; } } # save it to the DB as well } else { # dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]); } } # fix UK postcodes to correct format if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) { $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"]; $postcode = strtoupper(str_replace(" ", "", $postcode)); if (preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) { $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1]) . " " . $regs[2]; $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1]) . " " . $regs[2]; } } dbg("Checking required fields"); reset($required_fields); while (list($index, $field) = each($required_fields)) { $type = $fields[$field]["type"]; # dbg("$field of type $type"); if ($type != 'userfield' && $type != '') { ### @@@ need to check why type is not set if ($field && !$_SESSION["userdata"][$field]["value"]) { $res = "Information missing: " . $description_fields[$index]; break; } else { if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]), $_SESSION["userdata"][$field]["value"])) { $res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"]; break; } else { if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) { $res = "Sorry, the following field cannot be validated: " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"]; break; } elseif ($field == "emailcheck" && $_SESSION["userdata"]["email"]["value"] != $_SESSION["userdata"]["emailcheck"]["value"]) { $res = "Emails entered are not the same"; break; } else { if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\\d/", $_SESSION["userdata"]["attribute82"]["value"])) { $res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number."; break; } else { if ($field == "cardtype" && isset($_SESSION["userdata"][$field]["value"]) && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) { $res = "Sorry, an issue number is not valid when not using a Switch Card"; break; } else { if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !checkCCrange($_SESSION["userdata"][$field]["value"])) { list($cid, $cname) = ccCompany($_SESSION["userdata"][$field]["value"]); if (!$cname) { $cname = '(Unknown Credit card)'; } $res = "Sorry, we currently don't accept {$cname} cards"; break; } else { if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !validateCC($_SESSION["userdata"][$field]["value"])) { $res = "Sorry, you entered an invalid " . $description_fields[$index]; #.": ".$_SESSION["userdata"][$field]["value"]; break; } else { if (($type == "creditcardexpiry" || $field == "cardexpiry") && isset($_SESSION["userdata"][$field]["value"]) && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) { $res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"]; break; } } } } } } } } } } if (0 && isset($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"]) && $_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) { $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"]; if (!preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) { $res = "That does not seem to be a valid UK postcode"; } elseif (!preg_match("/^[\\s\\w\\d]+\$/", $postcode, $regs)) { $res = "That does not seem to be a valid UK postcode"; } } /* if (is_array($GLOBALS["config"]["bocs_dpa"])) { if (!is_array($_SESSION["DPA"])) $_SESSION["DPA"] = array(); foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) { if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) { $_SESSION["DPA"][$val] = "Y"; } else { $_SESSION["DPA"][$val] = "N"; } } }*/ # if no error in form check for subscriptions if (!$res && is_object($GLOBALS["config"]["plugins"]["phplist"])) { $phplist = $GLOBALS["config"]["plugins"]["phplist"]; foreach ($_SESSION["userdata"] as $key => $field) { if (($field["formtype"] == "List Subscription" || $field["type"] == "List Subscription") && $field["listid"]) { $listid = $field["listid"]; if ($field["value"] && isset($_SESSION["userdata"]["email"])) { if ($phplist->addEmailToList($_SESSION["userdata"]["email"]["value"], $listid)) { $phplist->confirmEmail($_SESSION["userdata"]["email"]["value"]); # sendError("User added to list: $listid"); } else { # sendError("Error adding user to list: $listid"); } } #else { #$phplist->removeEmailFromList($_SESSION["userdata"]["email"]["value"],$listid); #} } } } $GLOBALS['usersaved'] = time(); return $res; }