private function validateDetails($email, $postcode) { $valid = true; if (!$email || !validate_email($email)) { $valid = false; } if (!$postcode || !validate_postcode($postcode)) { $valid = false; } return $valid; }
function canonicalise_partial_postcode($pc) { $pc = str_replace(' ', '', $pc); $pc = trim($pc); $pc = strtoupper($pc); if (validate_postcode($pc)) { $pc = preg_replace('#(\\d[A-Z]{2})#', '', $pc); } elseif (validate_partial_postcode($pc)) { # OK } else { err('Unexpected not full or partial postcode'); } return $pc; }
function api_getMSP_postcode($pc) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (validate_postcode($pc)) { $constituencies = postcode_to_constituencies($pc); if ($constituencies == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); } elseif (isset($constituencies['SPC'])) { _api_getMSP_constituency(array($constituencies['SPC'], $constituencies['SPE'])); } elseif (isset($constituencies['WMC'])) { api_error('Non-Scottish postcode'); } else { api_error('Unknown postcode'); } } else { api_error('Invalid postcode'); } }
function api_getconstituency_postcode($pc) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (validate_postcode($pc)) { $constituency = postcode_to_constituency($pc); if ($constituency == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); } elseif ($constituency) { $output['name'] = html_entity_decode($constituency); api_output($output); } else { api_error('Unknown postcode'); } } else { api_error('Invalid postcode'); } }
function api_getConstituency_postcode($pc) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (!validate_postcode($pc)) { api_error('Invalid postcode'); return; } $constituency = MySociety\TheyWorkForYou\Utility\Postcode::postcodeToConstituency($pc); if ($constituency == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); return; } if (!$constituency) { api_error('Unknown postcode'); return; } return _api_getConstituency_name($constituency); }
function api_getConstituency_postcode($pc) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (!validate_postcode($pc)) { api_error('Invalid postcode'); return; } $constituency = postcode_to_constituency($pc, true); if ($constituency == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); return; } if (!$constituency) { api_error('Unknown postcode'); return; } return _api_getConstituency_name($constituency); }
function api_getconstituency_postcode($pc) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (get_http_var('future')) { $new_areas = mapit_get_voting_areas($pc, 13); # Magic number 13 if (is_object($new_areas)) { # rabx_is_error throws Notice api_error('Unknown postcode, or problem with lookup'); } elseif (!isset($new_areas['WMC'])) { api_error('Unknown postcode, or problem with lookup'); } else { $new_info = mapit_get_voting_area_info($new_areas['WMC']); $output['name'] = $new_info['name']; api_output($output); } } else { if (validate_postcode($pc)) { $constituency = postcode_to_constituency($pc); if ($constituency == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); } elseif ($constituency) { $db = new ParlDB; $q = $db->query("select constituency, data_key, data_value from consinfo where constituency = '" . mysql_real_escape_string($constituency) . "'"); if ($q->rows()) { for ($i=0; $i<$q->rows(); $i++) { $data_key = $q->field($i, 'data_key'); $output[$data_key] = $q->field($i, 'data_value'); } ksort($output); } $output['name'] = $constituency; api_output($output); } else { api_error('Unknown postcode'); } } else { api_error('Invalid postcode'); } } }
function api_getconstituency_postcode($pc) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (!validate_postcode($pc)) { api_error('Invalid postcode'); return; } if (get_http_var('future')) { $xml = simplexml_load_string(file_get_contents(POSTCODE_API_URL . urlencode($pc))); if (!$xml || $xml->error) { api_error('Unknown postcode, or problem with lookup'); return; } $output['name'] = iconv('utf-8', 'iso-8859-1//TRANSLIT', (string) $xml->future_constituency); api_output($output); } else { $constituency = postcode_to_constituency($pc); if ($constituency == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); return; } if (!$constituency) { api_error('Unknown postcode'); return; } $db = new ParlDB(); $q = $db->query("select constituency, data_key, data_value from consinfo\n where constituency = '" . mysql_real_escape_string($constituency) . "'"); if ($q->rows()) { for ($i = 0; $i < $q->rows(); $i++) { $data_key = $q->field($i, 'data_key'); $output[$data_key] = $q->field($i, 'data_value'); } ksort($output); } $output['name'] = $constituency; api_output($output); } }
<?php $this_page = 'boundaries'; include_once '../../includes/easyparliament/init.php'; include_once INCLUDESPATH . '../../commonlib/phplib/mapit.php'; $PAGE->page_start(); ?> <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script> <h1>Scottish and Northern Irish election constituency boundaries</h1> <div id="boundaries"> <?php $pc = get_http_var('pc'); $pc = ''; # No form submissions, please if ($pc && !validate_postcode($pc)) { print '<p class="error">Sorry, that doesn’t appear to be a valid postcode.</p>'; $pc = ''; } if ($pc) { # current will have WMC key. If Scottish, has SPC and SPE too. If NI, has NIE. $mapit = mapit_call('postcode', $pc); if (is_object($mapit)) { # RABX error returns an object print '<p class="error">Afraid we couldn’t find that postcode.</p>'; $pc = ''; } } if ($pc) { $current = array(); $current_id = array();
function importparams_validate_postcode($pc) { $pc = canonicalise_postcode($pc); if (validate_postcode($pc)) { return null; } else { return "Please enter a valid postcode, such as OX1 3DR"; } }
<?php # Given a postcode, return a person ID include_once 'min-init.php'; include_once INCLUDESPATH . 'easyparliament/member.php'; $pc = $_GET['pc']; $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (validate_postcode($pc)) { $constituency = postcode_to_constituency($pc); if ($constituency == 'CONNECTION_TIMED_OUT') { error('Connection timed out'); } elseif ($constituency) { $pid = get_person_id($constituency); echo 'pid,', $pid; } else { error('Unknown postcode'); } } else { error('Invalid postcode'); } function error($s) { echo 'error,', $s; } function get_person_id($c) { $db = new ParlDB(); if ($c == '') { return false; } if ($c == 'Orkney ') {
$success = mail ($to, $subject, $message, $headers); return $success; } $errors = array(); $email = trim(get_http_var('email')); if (!$email) { $errors[] = 'Please enter your e-mail address'; } elseif (!validate_email($email)) { $errors[] = 'Please enter a valid e-mail address'; } $postcode = trim(get_http_var('postcode')); $postcode = preg_replace('#[^A-Z0-9]#i', '', $postcode); if (!$postcode) { $errors[] = 'Please enter your postcode'; } elseif (!validate_postcode($postcode)) { $errors[] = 'Please enter a valid postcode'; } if (!$errors) { $constituency = postcode_to_constituency($postcode); if ($constituency != "connection_timed_out" && $constituency != "") { $token = auth_random_token(); if (send_subscribe_email($email, $token)) { $q = $db->query("INSERT INTO campaigners (email, postcode, token, signup_date, constituency) VALUES ('" . mysql_real_escape_string($email) . "', '".mysql_real_escape_string($postcode)."', '".$token."', now(), '".mysql_real_escape_string($constituency)."')"); print "<html><head><title>Check your email! - Free Our Bills - TheyWorkForYou</title></head><body>"; freeourbills_styles(); ?> <h1 class="free_our_bills_confirm">Nearly Done! Now check your email...</h1> <h2 class="free_our_bills_confirm">The confirmation email <strong>may</strong> take a few minutes to arrive — <em>please</em> be patient.</h2>
private function checkForCommonMistakes() { $mistakes = array(); if (strstr($this->data['alertsearch'], ',') > -1) { $mistakes['multiple'] = 1; } if (preg_match('#([A-Z]{1,2}\\d+[A-Z]? ?\\d[A-Z]{2})#i', $this->data['alertsearch'], $m) && strlen($this->data['alertsearch']) > strlen($m[1]) && validate_postcode($m[1])) { $this->data['postcode'] = $m[1]; $this->data['scottish_text'] = ''; $this->data['mp_display_text'] = ''; if (\MySociety\TheyWorkForYou\Utility\Postcode::postcodeIsScottish($m[1])) { $this->data['mp_display_text'] = 'your MP, '; $this->data['scottish_text'] = ' or MSP'; } $mistakes['postcode_and'] = 1; } $this->data['mistakes'] = $mistakes; }
function api_getMP_postcode($pc) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); if (validate_postcode($pc)) { $constituency = postcode_to_constituency($pc); if ($constituency == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); } elseif ($constituency) { $person = _api_getMP_constituency($constituency); $output = $person; api_output($output, strtotime($output['lastupdate'])); } else { api_error('Unknown postcode'); } } else { api_error('Invalid postcode'); } }
function display_search_form($alert, $details = array(), $errors = array()) { global $this_page, $PAGE; $ACTIONURL = new URL($this_page); $ACTIONURL->reset(); $form_start = '<form action="' . $ACTIONURL->generate() . '" method="post"> <input type="hidden" name="t" value="' . _htmlspecialchars(get_http_var('t')) . '"> <input type="hidden" name="email" value="' . _htmlspecialchars(get_http_var('email')) . '">'; if (isset($details['members']) && $details['members']->rows() > 0) { echo '<ul class="hilites">'; $q = $details['members']; for ($n = 0; $n < $q->rows(); $n++) { echo '<li>'; echo $form_start . '<input type="hidden" name="pid" value="' . $q->field($n, 'person_id') . '">'; echo 'Things by '; $name = member_full_name($q->field($n, 'house'), $q->field($n, 'title'), $q->field($n, 'given_name'), $q->field($n, 'family_name'), $q->field($n, 'lordofname')); if ($q->field($n, 'constituency')) { echo $name . ' (' . $q->field($n, 'constituency') . ') '; } else { echo $name; } echo ' <input type="submit" value="Subscribe"></form>'; echo "</li>\n"; } echo '</ul>'; } if (isset($details['constituencies'])) { echo '<ul class="hilites">'; foreach ($details['constituencies'] as $constituency) { $MEMBER = new MEMBER(array('constituency' => $constituency, 'house' => 1)); echo "<li>"; echo $form_start . '<input type="hidden" name="pid" value="' . $MEMBER->person_id() . '">'; if ($details['valid_postcode']) { echo '<input type="hidden" name="pc" value="' . _htmlspecialchars($details['alertsearch']) . '">'; } echo $MEMBER->full_name(); echo ' (' . _htmlspecialchars($constituency) . ')'; echo ' <input type="submit" value="Subscribe"></form>'; echo "</li>"; } echo '</ul>'; } if ($details['alertsearch']) { echo '<ul class="hilites"><li>'; echo $form_start . '<input type="hidden" name="keyword" value="' . _htmlspecialchars($details['alertsearch']) . '">'; echo 'Mentions of ['; $alertsearch = $details['alertsearch']; if (preg_match('#speaker:(\\d+)#', $alertsearch, $m)) { $MEMBER = new MEMBER(array('person_id' => $m[1])); $alertsearch = str_replace("speaker:{$m['1']}", "speaker:" . $MEMBER->full_name(), $alertsearch); } echo _htmlspecialchars($alertsearch) . '] '; echo ' <input type="submit" value="Subscribe"></form>'; # Use original alertsearch variable here, because name replacement might introduce a comma if (strstr($details['alertsearch'], ',') > -1) { echo '<em class="error">You have used a comma in your search term – are you sure this is what you want? You cannot sign up to multiple search terms using a comma – either use OR, or fill in this form multiple times.</em>'; } if (preg_match('#([A-Z]{1,2}\\d+[A-Z]? ?\\d[A-Z]{2})#i', $alertsearch, $m) && strlen($alertsearch) > strlen($m[1]) && validate_postcode($m[1])) { $scottish_text = ''; $mp_display_text = ''; if (postcode_is_scottish($m[1])) { $mp_display_text = 'your MP, '; $scottish_text = ' or MSP'; } echo '<em class="error">You have used a postcode and something else in your search term – are you sure this is what you want? You will only get an alert if all of these are mentioned in the same debate. Did you mean to get alerts for when your MP' . $scottish_text . ' mentions something instead? If so click subscribe below.</em></li>'; try { $MEMBER = new MEMBER(array('postcode' => $m[1])); // move the postcode to the front just to be tidy $tidy_alertsearch = $m[1] . " " . trim(str_replace("{$m['1']}", "", $alertsearch)); $alertsearch_display = str_replace("{$m['1']} ", "", $tidy_alertsearch); $alertsearch = str_replace("{$m['1']}", "speaker:" . $MEMBER->person_id, $tidy_alertsearch); echo "<li>"; echo $form_start . '<input type="hidden" name="keyword" value="' . _htmlspecialchars($alertsearch) . '">'; echo 'Mentions of ['; echo _htmlspecialchars($alertsearch_display) . '] by ' . $mp_display_text . $MEMBER->full_name(); echo ' <input type="submit" value="Subscribe"></form>'; if ($scottish_text) { $constituencies = postcode_to_constituencies($m[1]); if (isset($constituencies['SPC'])) { $MEMBER = new MEMBER(array('constituency' => $constituencies['SPC'], 'house' => 4)); // move the postcode to the front just to be tidy $alertsearch = str_replace("{$m['1']}", "speaker:" . $MEMBER->person_id, $tidy_alertsearch); echo "</li><li>"; echo $form_start . '<input type="hidden" name="keyword" value="' . _htmlspecialchars($alertsearch) . '">'; echo 'Mentions of ['; echo _htmlspecialchars($alertsearch_display) . '] by your MSP, ' . $MEMBER->full_name(); echo ' <input type="submit" value="Subscribe"></form>'; } } } catch (MySociety\TheyWorkForYou\MemberException $e) { echo '<p>We had a problem looking up your representative.</p>'; } } echo "</li></ul>"; } if ($details['pid']) { $MEMBER = new MEMBER(array('person_id' => $details['pid'])); echo '<ul class="hilites"><li>'; echo "Signing up for things by " . $MEMBER->full_name(); echo ' (' . _htmlspecialchars($MEMBER->constituency()) . ')'; echo "</li></ul>"; } if ($details['keyword']) { echo '<ul class="hilites"><li>'; echo 'Signing up for results from a search for ['; $alertsearch = $details['keyword']; if (preg_match('#speaker:(\\d+)#', $alertsearch, $m)) { $MEMBER = new MEMBER(array('person_id' => $m[1])); $alertsearch = str_replace("speaker:{$m['1']}", "speaker:" . $MEMBER->full_name(), $alertsearch); } echo _htmlspecialchars($alertsearch) . ']'; echo "</li></ul>"; } if (!$details['pid'] && !$details['keyword']) { ?> <p><label for="alertsearch">To sign up to an email alert, enter either your <strong>postcode</strong>, the <strong>name</strong> of who you're interested in, or the <strong>search term</strong> you wish to receive alerts for.</label> To be alerted on an exact <strong>phrase</strong>, be sure to put it in quotes. Also use quotes around a word to avoid stemming (where ‘horse’ would also match ‘horses’). <?php } echo '<form action="' . $ACTIONURL->generate() . '" method="post"> <input type="hidden" name="t" value="' . _htmlspecialchars(get_http_var('t')) . '"> <input type="hidden" name="submitted" value="1">'; if (!$details['pid'] && !$details['keyword'] || isset($errors['alertsearch'])) { if (isset($errors["alertsearch"])) { $PAGE->error_message($errors["alertsearch"]); } $text = $details['alertsearch']; if (!$text) { $text = $details['keyword']; } ?> <div class="row"> <input type="text" name="alertsearch" id="alertsearch" value="<?php if ($text) { echo _htmlentities($text); } ?> " maxlength="255" size="30" style="font-size:150%"> </div> <?php } if ($details['pid']) { echo '<input type="hidden" name="pid" value="' . _htmlspecialchars($details['pid']) . '">'; } if ($details['keyword']) { echo '<input type="hidden" name="keyword" value="' . _htmlspecialchars($details['keyword']) . '">'; } if (!$details['email_verified']) { if (isset($errors["email"]) && $details['submitted']) { $PAGE->error_message($errors["email"]); } ?> <div class="row"> <label for="email">Your email address:</label> <input type="text" name="email" id="email" value="<?php if (isset($details["email"])) { echo _htmlentities($details["email"]); } ?> " maxlength="255" size="30" class="form"> </div> <?php } ?> <div class="row"> <input type="submit" class="submit" value="<?php echo $details['pid'] || $details['keyword'] ? 'Subscribe' : 'Search'; ?> "> </div> <div class="row"> <?php if (!$details['email_verified']) { ?> <p>If you <a href="/user/?pg=join">join</a> or <a href="/user/login/?ret=%2Falert%2F">sign in</a>, you won't need to confirm your email address for every alert you set.<br><br> <?php } if (!$details['pid'] && !$details['keyword']) { ?> <p>Please note that you should only enter <strong>one term per alert</strong> – if you wish to receive alerts on more than one thing, or for more than one person, simply fill in this form as many times as you need, or use boolean OR.<br><br></p> <p>For example, if you wish to receive alerts whenever the words <i>horse</i> or <i>pony</i> are mentioned in Parliament, please fill in this form once with the word <i>horse</i> and then again with the word <i>pony</i> (or you can put <i>horse OR pony</i> with the OR in capitals as explained on the right). Do not put <i>horse, pony</i> as that will only sign you up for alerts where <strong>both</strong> horse and pony are mentioned.</p> <?php } ?> </div> <?php if (get_http_var('sign')) { echo '<input type="hidden" name="sign" value="' . _htmlspecialchars(get_http_var('sign')) . '">'; } if (get_http_var('site')) { echo '<input type="hidden" name="site" value="' . _htmlspecialchars(get_http_var('site')) . '">'; } echo '</form>'; }
function search_constituencies_by_query($searchterm) { $constituencies = array(); $constituency = ''; $validpostcode = false; if (validate_postcode($searchterm)) { // Looks like a postcode - can we find the constituency? $constituency = postcode_to_constituency($searchterm); if ($constituency != '') { $validpostcode = true; } } if ($constituency == '' && $searchterm) { // No luck so far - let's see if they're searching for a constituency. $try = strtolower($searchterm); if (normalise_constituency_name($try)) { $constituency = normalise_constituency_name($try); } else { $query = "select distinct\n (select name from constituency where cons_id = o.cons_id and main_name) as name \n from constituency AS o where name like '%" . mysql_real_escape_string($try) . "%'\n and from_date <= date(now()) and date(now()) <= to_date"; $db = new ParlDB(); $q = $db->query($query); for ($n = 0; $n < $q->rows(); $n++) { $constituencies[] = $q->field($n, 'name'); } } } else { if ($constituency) { $constituencies[] = $constituency; } } return array($constituencies, $validpostcode); }
function find_constituency($args) { // We see if the user is searching for a postcode or constituency. global $PAGE, $db; if ($args['s'] != '') { $searchterm = $args['s']; } else { $PAGE->error_message('No search string'); return false; } $constituencies = array(); $constituency = ''; $validpostcode = false; if (validate_postcode($searchterm)) { // Looks like a postcode - can we find the constituency? $constituencies = postcode_to_constituency($searchterm); if ($constituencies == '') { $constituencies = array(); } else { $validpostcode = true; } if (!is_array($constituencies)) { $constituencies = array($constituencies); } } if ($constituencies == array() && $searchterm) { // No luck so far - let's see if they're searching for a constituency. $try = strtolower($searchterm); if (normalise_constituency_name($try)) { $constituency = normalise_constituency_name($try); } else { $query = "select distinct\n (select name from constituency where cons_id = o.cons_id and main_name) as name \n from constituency AS o where name like '%" . mysql_real_escape_string($try) . "%'\n and from_date <= date(now()) and date(now()) <= to_date"; $q = $db->query($query); for ($n = 0; $n < $q->rows(); $n++) { $constituencies[] = $q->field($n, 'name'); } } } if (count($constituencies) == 1) { $constituency = $constituencies[0]; } if ($constituency != '') { // Got a match, display.... $MEMBER = new MEMBER(array('constituency' => $constituency)); $URL = new URL('mp'); if ($MEMBER->valid) { $URL->insert(array('m' => $MEMBER->member_id())); print '<h3>MP for ' . preg_replace("#{$searchterm}#i", '<span class="hi">$0</span>', $constituency); if ($validpostcode) { // Display the postcode the user searched for. print ' (' . htmlentities(strtoupper($args['s'])) . ')'; } ?> </h3> <p><a href="<?php echo $URL->generate(); ?> "><strong><?php echo htmlentities($MEMBER->first_name()) . ' ' . htmlentities($MEMBER->last_name()); ?> </strong></a> (<?php echo $MEMBER->party(); ?> )</p> <?php } } elseif (count($constituencies)) { print "<h3>MPs in constituencies matching '" . htmlentities($searchterm) . "'</h3><ul>"; foreach ($constituencies as $constituency) { $MEMBER = new MEMBER(array('constituency' => $constituency)); $URL = new URL('mp'); if ($MEMBER->valid) { $URL->insert(array('m' => $MEMBER->member_id())); } print '<li><a href="' . $URL->generate() . '"><strong>' . htmlentities($MEMBER->first_name()) . ' ' . htmlentities($MEMBER->last_name()) . '</strong></a> (' . preg_replace("#{$searchterm}#i", '<span class="hi">$0</span>', $constituency) . ', ' . $MEMBER->party() . ')</li>'; } print '</ul>'; } }
function get_person_by_postcode($pc) { global $THEUSER; $pc = preg_replace('#[^a-z0-9]#i', '', $pc); if (!validate_postcode($pc)) { twfy_debug('MP', "Can't display an MP because the submitted postcode wasn't of a valid form."); throw new MySociety\TheyWorkForYou\MemberException('Sorry, ' . _htmlentities($pc) . ' isn’t a valid postcode'); } twfy_debug('MP', "MP lookup by postcode"); $constituency = strtolower(postcode_to_constituency($pc)); if ($constituency == "connection_timed_out") { throw new MySociety\TheyWorkForYou\MemberException('Sorry, we couldn’t check your postcode right now, as our postcode lookup server is under quite a lot of load.'); } elseif ($constituency == "") { twfy_debug('MP', "Can't display an MP, as submitted postcode didn't match a constituency"); throw new MySociety\TheyWorkForYou\MemberException('Sorry, ' . _htmlentities($pc) . ' isn’t a known postcode'); } else { // Redirect to the canonical MP page, with a person id. $MEMBER = new MySociety\TheyWorkForYou\Member(array('constituency' => $constituency, 'house' => HOUSE_TYPE_COMMONS)); if ($MEMBER->person_id()) { // This will cookie the postcode. $THEUSER->set_postcode_cookie($pc); } member_redirect($MEMBER, 302); } }
function api_getPerson_postcode($pc, $house) { $pc = preg_replace('#[^a-z0-9 ]#i', '', $pc); $types = array(); if ($house == HOUSE_TYPE_NI) { $types = array('NIE'); } elseif ($house == HOUSE_TYPE_SCOTLAND) { $types = array('SPC', 'SPE'); } if (validate_postcode($pc)) { $constituencies = postcode_to_constituencies($pc, true); if ($constituencies == 'CONNECTION_TIMED_OUT') { api_error('Connection timed out'); } elseif ($types && isset($constituencies[$types[0]])) { $constituencies = array_map(function ($c) use($constituencies) { return $constituencies[$c]; }, $types); _api_getPerson_constituency($constituencies, $house); } elseif ($types && isset($constituencies['WMC'])) { api_error('Postcode not in correct region'); } elseif (isset($constituencies['WMC'])) { _api_getMP_constituency($constituencies['WMC']); } else { api_error('Unknown postcode'); } } else { api_error('Invalid postcode'); } }
function display($self_link) { // Input data $rep_id = get_http_var('rep_id'); $va_id = get_http_var('va_id'); $ds_va_id = get_http_var('ds_va_id'); $bad_contacts = get_http_var('bad_contacts'); $user_corrections = get_http_var('user_corrections'); // Make new rep in this voting area $new_in_va_id = get_http_var('new_in_va_id'); if (!$rep_id && $ds_va_id) { // Democratic services $ds_vainfo = dadem_get_representatives($ds_va_id); dadem_check_error($ds_vainfo); if (isset($ds_vainfo[0])) { $rep_id = $ds_vainfo[0]; } else { $new_in_va_id = $ds_va_id; } } // Postcode $pc = get_http_var('pc'); // Search $search = null; if (get_http_var('gos')) { if (validate_postcode(get_http_var('search'))) { $pc = get_http_var('search'); $rep_id = null; } else { $search = get_http_var('search'); $rep_id = null; } } if (get_http_var('cancel') != "") { $rep_id = null; } if (get_http_var('done') != "") { if (get_http_var('token') != $this->get_token()) { print "<p><i>Token not found</i></p>"; } else { $newdata['name'] = get_http_var('name'); $newdata['party'] = get_http_var('party'); $newdata['method'] = get_http_var('method'); $newdata['email'] = get_http_var('email'); $newdata['fax'] = get_http_var('fax'); if (!$rep_id) { // Making a new representative, put in type and id $newdata['area_id'] = $new_in_va_id; $vainfo = mapit_call('area', $new_in_va_id); mapit_check_error($vainfo); $newdata['area_type'] = $vainfo['type']; } $result = dadem_admin_edit_representative($rep_id, $newdata, http_auth_user(), get_http_var('note')); dadem_check_error($result); $rep_id = $result; $new_in_va_id = null; print "<p><i>Successfully updated representative " . htmlspecialchars($rep_id) . "</i></p>"; if (get_http_var('nextbad')) { $rep_id = get_http_var('nextbad'); $url = $self_link . "&nextbad=" . urlencode($this->get_next_bad_contact($rep_id)) . "&just_done_bad=1&rep_id=" . urlencode($rep_id); header("Location: {$url}"); exit; } else { $rep_id = null; } } } if (get_http_var('just_done_bad')) { print "<p><i>Moved on to next bad contact</i></p>"; } if (get_http_var('delete') != "") { if (get_http_var('token') != $this->get_token()) { print "<p><i>Token not found</i></p>"; } else { $result = dadem_admin_edit_representative($rep_id, null, http_auth_user(), get_http_var('note')); dadem_check_error($result); print "<p><i>Successfully deleted representative " . htmlspecialchars($rep_id) . "</i></p>"; $rep_id = null; } } if (get_http_var('ucclose') != "") { $result = dadem_admin_done_user_correction(get_http_var('ucid')); dadem_check_error($result); print "<p><i>Successfully closed correction " . htmlspecialchars(get_http_var('ucid')) . "</i></p>"; } if (get_http_var('vaupdate') != "") { $result = dadem_admin_set_area_status(get_http_var('va_id'), get_http_var('new_status')); dadem_check_error($result); print "<p><i>Successfully updated voting area status " . htmlspecialchars(get_http_var('va_id')) . " to " . htmlspecialchars(get_http_var('new_status')) . "</i></p>"; } // Postcode and search box $form = new HTML_QuickForm('adminRepsSearchForm', 'get', $self_link); $form->addElement('header', '', 'Search'); $buttons[] =& HTML_QuickForm::createElement('text', 'search', null, array('size' => 20, 'maxlength' => 255)); $buttons[] =& HTML_QuickForm::createElement('submit', 'gos', 'postcode or query'); $form->addElement('hidden', 'page', $this->id); $form->addGroup($buttons, 'stuff', null, ' ', false); admin_render_form($form); // Conditional parts: if ($rep_id or $new_in_va_id) { $form = new HTML_QuickForm('adminRepsEditForm', 'post', $self_link); $form->addElement('hidden', 'page', $this->id); $form->addElement('hidden', 'token', $this->get_token()); // Edit representative $sameperson = null; if ($rep_id) { $repinfo = dadem_get_representative_info($rep_id); dadem_check_error($repinfo); if ($repinfo['parlparse_person_id']) { $sameperson = dadem_get_same_person($repinfo['parlparse_person_id']); dadem_check_error($sameperson); } } $va_id = $rep_id ? $repinfo['voting_area'] : $new_in_va_id; $vainfo = mapit_call('area', $va_id); mapit_check_error($vainfo); if ($vainfo['parent_area']) { $parentinfo = mapit_call('area', $vainfo['parent_area']); mapit_check_error($parentinfo); } else { $parentinfo = null; } $rephistory = $rep_id ? dadem_get_representative_history($rep_id) : array(); dadem_check_error($rephistory); // Reverse postcode lookup if (!$pc) { $pc = mapit_call('area/example_postcode', $va_id); if (!mapit_get_error($pc)) { $form->addElement('static', 'note1', null, "Example postcode for testing: " . "<a href='" . OPTION_BASE_URL . '/who?pc=' . urlencode($pc) . "'>" . htmlentities($pc) . "</a> (<a href='?search=" . urlencode($pc) . "&gos=postcode+or+query&page=reps'>all reps here</a>)"); } else { $pc = ''; } } if ($rep_id) { $form->setDefaults(array('name' => $repinfo['name'], 'party' => $repinfo['party'], 'method' => $repinfo['method'], 'email' => $repinfo['email'], 'fax' => $repinfo['fax'])); } // Councillor types are not edited here, but in match.cgi interface global $va_council_child_types, $va_type_name, $va_rep_name; $editable_here = true; if (OPTION_ADMIN_SERVICES_CGI && in_array($vainfo['type'], $va_council_child_types)) { $editable_here = false; } $readonly = $editable_here ? null : "readonly"; if ($rep_id) { $form->addElement('header', '', 'Edit Representative'); if ($repinfo['deleted']) { $form->addElement('static', 'notedeleted', null, "<strong style=\"color: red\">Deleted representative</strong>, click 'Done' to undelete"); } } else { $form->addElement('header', '', 'New Representative'); } if ($rep_id and $editable_here) { $form->addElement('static', 'note1', null, "\n Edit only the values which you need to. If a representative\n has changed delete them and make a new one. Do not just edit\n their values, as this would ruin our reponsiveness stats."); } if ($rep_id && $sameperson) { $html = ''; foreach ($sameperson as $samerep) { if ($samerep == $rep_id) { continue; } $html .= "<a href=\"{$self_link}&pc=" . urlencode(get_http_var('pc')) . "&rep_id=" . $samerep . "\">" . $samerep . "</a> \n"; } if ($html) { $html = '(Note that these other representatives are the same person: ' . trim($html) . ')'; $form->addElement('static', 'sameperson', null, $html); } } $rep_name = isset($va_rep_name[$vainfo['type']]) ? $va_rep_name[$vainfo['type']] : ''; $form->addElement('static', 'office', 'Office:', htmlspecialchars($rep_name) . " for " . htmlspecialchars($vainfo['name']) . " " . htmlspecialchars($va_type_name[$vainfo['type']]) . ($parentinfo ? " in " . htmlspecialchars($parentinfo['name']) . " " . htmlspecialchars($va_type_name[$parentinfo['type']]) : "")); $form->addElement('text', 'name', "Full name:", array('size' => 60, $readonly => 1)); $form->addElement('text', 'party', "Party:", array('size' => 60, $readonly => 1)); $form->addElement('static', 'note2', null, "Make sure you update contact method when you change email or fax numbers."); $form->addElement('select', 'method', "Contact method:", array('fax' => 'Fax only', 'email' => 'Email only', 'shame' => "Shame! Doesn't want contacting", 'via' => 'Contact via electoral body (e.g. Democratic Services)', 'unknown' => "We don't know contact details")); $form->addElement('text', 'email', "Email:", array('size' => 60, $readonly => 1)); $form->addElement('text', 'fax', "Fax:", array('size' => 60, $readonly => 1)); $form->addElement('textarea', 'note', "Notes for log:", array('rows' => 3, 'cols' => 60, $readonly => 1)); $form->addElement('hidden', 'pc', $pc); if (get_http_var('nextbad')) { $form->addElement('hidden', 'nextbad', get_http_var('nextbad')); } if ($rep_id) { $form->addElement('hidden', 'rep_id', $rep_id); } else { $form->addElement('hidden', 'new_in_va_id', $new_in_va_id); } if ($editable_here) { $finalgroup[] =& HTML_QuickForm::createElement('submit', 'done', 'Done'); $finalgroup[] =& HTML_QuickForm::createElement('submit', 'cancel', 'Cancel'); if ($rep_id) { $finalgroup[] =& HTML_QuickForm::createElement('static', 'newlink', null, "<a href=\"{$self_link}&pc=" . urlencode(get_http_var('pc')) . "&new_in_va_id=" . $va_id . "\">" . "Make new " . htmlspecialchars($vainfo['name']) . " rep" . "</a> \n"); if ($repinfo['deleted']) { $finalgroup[] =& HTML_QuickForm::createElement('static', 'staticspacer', null, ' Deleted rep, no longer in office, just click done to undelete'); } else { $finalgroup[] =& HTML_QuickForm::createElement('static', 'staticspacer', null, ' No longer in office? --->'); $finalgroup[] =& HTML_QuickForm::createElement('submit', 'delete', 'Delete'); } } $form->addGroup($finalgroup, "finalgroup", "", ' ', false); } else { $form->addElement('static', 'note3', null, '<a href="' . OPTION_ADMIN_SERVICES_CGI . 'match.cgi?page=councilinfo;area_id=' . $vainfo['parent_area'] . '">To edit Councillors please use the match.cgi interface</a>' . '<br><a href="' . $self_link . '&ds_va_id=' . $vainfo['parent_area'] . '">... or edit Democratic Services for this council</a>'); $finalgroup[] =& HTML_QuickForm::createElement('submit', 'done', 'Done'); $finalgroup[] =& HTML_QuickForm::createElement('submit', 'cancel', 'Cancel'); $form->addGroup($finalgroup, "finalgroup", "", ' ', false); } if ($rep_id) { $search_links = "Search for: "; $search_links .= "<a href=\"{$self_link}&page=fyrqueue&rep_id=" . $rep_id . "\">WriteToThem messages</a> | "; foreach (array("tel " . $repinfo['name'], "fax " . $repinfo['name'], "tel " . $repinfo['name'] . " " . $rep_name, "fax " . $repinfo['name'] . " " . $rep_name) as $searchq) { $search_links .= "<a href=\"http://search.yahoo.com/search?p=" . htmlspecialchars($searchq) . "\"> " . htmlspecialchars($searchq) . "</a> | "; } $form->addElement('static', 'newlink', null, $search_links); if ($repinfo['parlparse_person_id']) { $form->addElement('static', 'person', 'parlparse person_id:', $repinfo['parlparse_person_id']); } } $form->addElement('header', '', 'Historical Changes'); $html = "<table border=1>"; $html .= "<th>Order</th><th>Date</th><th>Editor</th><th>Note</th>\n <th>Name</th> <th>Party</th> <th>Method</th> <th>Email</th>\n <th>Fax</th><th>Active</th>"; $previous_row = null; foreach ($rephistory as $row) { $html .= "<tr>"; foreach (array('order_id', 'whenedited', 'editor', 'note', 'name', 'party', 'method', 'email', 'fax', 'deleted') as $field) { if ($row['deleted'] && ($field == 'email' || $field == 'fax' || $field == 'method')) { $display_value = 'deleted'; $html .= "<td>-</td>\n"; continue; } $value = $row[$field]; if ($field == 'note') { $display_value = make_ids_links($value); } elseif ($field == 'whenedited') { $display_value = strftime('%Y-%m-%d %H:%M:%S', $value); } elseif ($field == 'deleted') { $display_value = $value ? 'deleted' : 'yes'; } else { $display_value = $value; } if ($field != "order_id" && $field != "whenedited" && $field != "editor" && $field != "note" && $previous_row && $previous_row[$field] != $value) { $display_value = "<strong>{$display_value}</strong>"; } # Try and spot stupidity if (preg_match('#parl(i|a)ment#', $display_value)) { $display_value = "<span style='color:#00ff00'>{$display_value}</span>"; } $html .= "<td>" . $display_value . "</td>\n"; } $html .= "</tr>"; $previous_row = $row; } $html .= "</table>"; $form->addElement('static', 'bytype', null, $html); admin_render_form($form); } elseif ($va_id) { // One voting area $form = new HTML_QuickForm('adminVotingArea', 'get', $self_link); $area_info = mapit_call('area', $va_id); mapit_check_error($area_info); $reps = dadem_get_representatives($va_id); dadem_check_error($reps); $reps = array_values($reps); $html = $this->render_area($self_link, $va_id, $area_info, $pc); $html .= $this->render_reps($self_link, $reps); $form->addElement('static', 'bytype', null, $html); $form->addElement('hidden', 'page', $this->id); $form->addElement('hidden', 'token', $this->get_token()); $form->addElement('hidden', 'va_id', $va_id); $select = $form->addElement('select', 'new_status', null, array('none' => 'No special status', 'pending_election' => 'Pending election, rep data not valid', 'recent_election' => 'Recent election, our rep data not yet updated', 'boundary_changes' => 'Recent election, had boundary changes'), array()); $status = dadem_get_area_status($va_id); dadem_check_error($status); $select->setSelected($status); $form->addElement('submit', 'vaupdate', 'Update'); admin_render_form($form); } elseif ($search) { $form = new HTML_QuickForm('adminRepsSearchResults', 'get', $self_link); $html = ''; $areas = mapit_call('areas', $search); mapit_check_error($areas); global $va_inside; foreach (array_keys($areas) as $va_id) { $area_info = mapit_call('area', $va_id); mapit_check_error($area_info); $reps = dadem_get_representatives($va_id); dadem_check_error($reps); $reps = array_values($reps); $html .= $this->render_area($self_link, $va_id, $area_info, $pc, isset($va_inside[$area_info['type']])); $html .= $this->render_reps($self_link, $reps); } // Search reps $reps = dadem_search_representatives($search); dadem_check_error($reps); $html .= '<hr>' . $this->render_reps($self_link, $reps); $form->addElement('static', 'bytype', null, $html); admin_render_form($form); } elseif ($pc) { $form = new HTML_QuickForm('adminRepsSearchResults', 'get', $self_link); // Postcode search $voting_areas = mapit_call('postcode', $pc); mapit_check_error($voting_areas); $areas_info = $voting_areas['areas']; $html = ""; // Display in order council, ward, council, ward... global $va_display_order, $va_inside; $our_order = array(); foreach ($va_display_order as $row) { if (!is_array($row)) { $row = array($row); } if (!in_array($va_inside[$row[0]], $our_order)) { $our_order[] = $va_inside[$row[0]]; } foreach ($row as $va_type) { $our_order[] = $va_type; } } // Render everything in the order foreach ($our_order as $va_type) { foreach ($areas_info as $area => $area_info) { if ($va_type != $area_info['type']) { continue; } $va_id = $area; // One voting area $reps = dadem_get_representatives($va_id); dadem_check_error($reps); $reps = array_values($reps); $html .= $this->render_area($self_link, $va_id, $area_info, $pc, isset($va_inside[$va_type])); $html .= $this->render_reps($self_link, $reps); } } $form->addElement('static', 'bytype', null, $html); admin_render_form($form); } elseif ($bad_contacts) { // Bad contacts $form = new HTML_QuickForm('adminRepsBad', 'post', $self_link); $badcontacts = dadem_get_bad_contacts(); dadem_check_error($badcontacts); $form->addElement('header', '', 'Bad Contacts ' . count($badcontacts)); $html = $this->render_reps($self_link, $badcontacts, true); $form->addElement('static', 'badcontacts', null, $html); admin_render_form($form); } elseif ($user_corrections) { // User submitted corrections $form = new HTML_QuickForm('adminRepsCorrectionsHeader', 'post', $self_link); $corrections = dadem_get_user_corrections(); dadem_check_error($corrections); $form->addElement('header', '', 'User Submitted Corrections ' . count($corrections)); $form->addElement('hidden', 'token', $this->get_token()); admin_render_form($form); // Get all the data for areas and their parents in as few call as possible $vaids = array(); foreach ($corrections as $correction) { array_push($vaids, $correction['voting_area_id']); } $info1 = mapit_call('areas', $vaids); mapit_check_error($info1); $vaids = array(); foreach ($info1 as $key => $value) { array_push($vaids, $value['parent_area']); } $info2 = mapit_call('areas', $vaids); foreach ($corrections as $correction) { $form = new HTML_QuickForm('adminRepsCorrections', 'post', $self_link); $html = ""; $rep = $correction['representative_id']; $html .= "<p>"; $html .= strftime('%Y-%m-%d %H:%M:%S', $correction['whenentered']) . " "; if ($correction['user_email']) { $html .= " by " . htmlspecialchars($correction['user_email']); } $html .= "<br>"; if ($correction['voting_area_id']) { $wardinfo = $info1[$correction['voting_area_id']]; $vaid = $wardinfo['parent_area']; $vainfo = $info2[$vaid]; // TODO: Make this councilinfo, and give a valid r= return URL $html .= '<a href="' . OPTION_ADMIN_SERVICES_CGI . 'match.cgi?page=councilinfo;area_id=' . $vaid . '&r=' . '">' . htmlspecialchars($vainfo['name']) . "</a>, "; $html .= htmlspecialchars($wardinfo['name']); $html .= "<br>"; } $html .= $correction['alteration'] . " "; if ($rep) { $repinfo = dadem_get_representative_info($rep); dadem_check_error($repinfo); $html .= "<a href=\"{$self_link}&pc=" . urlencode(get_http_var('pc')) . "&rep_id=" . $rep . "\">" . htmlspecialchars($repinfo['name']) . " (" . htmlspecialchars($repinfo['party']) . ")</a> \n"; if ($correction['alteration'] != "delete") { $html .= " to "; } } if ($correction['alteration'] != "delete") { $html .= htmlspecialchars($correction['name']) . " (" . htmlspecialchars($correction['party']) . ")"; } if ($correction['user_notes']) { $html .= "<br>Notes: " . htmlspecialchars($correction['user_notes']); } $usercorr = array(); $usercorr[] =& HTML_QuickForm::createElement('static', 'usercorrections', null, $html); // You can't do this with element type "hidden" as it only allows one value in a // page for variable named ucid. So once again I go to raw HTML. Remind me not // to use HTML_QuickForm again... $usercorr[] =& HTML_QuickForm::createElement('html', '<input name="ucid" type="hidden" value="' . $correction['user_correction_id'] . '" />'); $usercorr[] =& HTML_QuickForm::createElement('submit', 'ucclose', 'hide (done)'); $form->addGroup($usercorr, 'stuff', null, ' ', false); admin_render_form($form); } } else { print '<p><a href="?page=reps&bad_contacts=1">Bad contacts</a> (please fix these!)'; // General info if (OPTION_ADMIN_SERVICES_CGI) { print '<br><a href="?page=reps&user_corrections=1">User corrections</a> (just for your interest, as sent automatically to GovEval)'; } } }
function validate($value, $options) { return validate_postcode(canonicalise_postcode($value)); }
// Check that user can add a property $errors = array(); // Check if post values are set. If false, user has opened page the first time if (isset($_POST['owner']) || isset($_POST['buildingNo']) || isset($_POST['street']) || isset($_POST['suburb']) || isset($_POST['city']) || isset($_POST['state']) || isset($_POST['postcode']) || isset($_POST['type']) || isset($_POST['rent']) || isset($_POST['bed']) || isset($_POST['furnished']) || isset($_POST['description'])) { require $relative . 'data/php/user/validate.inc'; if (!isset($_POST['owner']) || $_POST['owner'] == '') { $errors['owner'] = 'Please select an owner'; } // Validate property details validate_buildingNo($errors, $_POST['buildingNo']); validate_rent($errors, $_POST['rent']); validate_suburb($errors, $_POST['suburb']); validate_city($errors, $_POST['city']); validate_state($errors, $_POST['state']); validate_bed($errors, $_POST['bed']); validate_postcode($errors, $_POST['postcode']); validate_street($errors, $_POST['street']); validate_description($errors, $_POST['description']); validate_rules($errors, $_POST['rules']); if (!isset($errors['owner']) && !isset($errors['buildingNo']) && !isset($errors['street']) && !isset($errors['suburb']) && !isset($errors['city']) && !isset($errors['state']) && !isset($errors['postcode']) && !isset($errors['type']) && !isset($errors['rent']) && !isset($errors['bed']) && !isset($errors['furnished']) && !isset($errors['description']) && !isset($errors['apartmentNo']) && !isset($errors['bath']) && !isset($errors['rules'])) { // form is valid $owner = $_POST['owner']; // Set optional fields if required $rules = null; if (isset($_POST['rules'])) { $rules = $_POST['rules']; } if (isset($_POST['furnished']) && $_POST['furnished'] == 'on') { $_POST['furnished'] = 1; } else { $_POST['furnished'] = 0;
function search_constituencies_by_query($searchterm) { if (validate_postcode($searchterm)) { // Looks like a postcode - can we find the constituency? $constituency = postcode_to_constituency($searchterm); if ($constituency) { return array(array($constituency), true); } } // No luck so far - let's see if they're searching for a constituency. $try = strtolower($searchterm); $query = "select distinct\n (select name from constituency where cons_id = o.cons_id and main_name) as name\n from constituency AS o where name like :try\n and from_date <= date(now()) and date(now()) <= to_date"; $db = new ParlDB(); $q = $db->query($query, array(':try' => '%' . $try . '%')); $constituencies = array(); for ($n = 0; $n < $q->rows(); $n++) { $constituencies[] = $q->field($n, 'name'); } return array($constituencies, false); }
function check_input($details) { global $THEUSER, $this_page, $who; // This may be a URL that will send the user back to where they were before they // wanted to join. $ret = get_http_var("ret"); $errors = array(); // Check each of the things the user has input. // If there is a problem with any of them, set an entry in the $errors array. // This will then be used to (a) indicate there were errors and (b) display // error messages when we show the form again. // Check first name. if ($details["firstname"] == "") { $errors["firstname"] = "Please enter {$who} first name"; } // They don't need a last name. In case Madonna joins. // Check email address is valid and unique. if ($details["email"] == "") { $errors["email"] = "Please enter {$who} email address"; } elseif (!validate_email($details["email"])) { // validate_email() is in includes/utilities.php $errors["email"] = "Please enter a valid email address"; } else { $USER = new USER(); $id_of_user_with_this_addresss = $USER->email_exists($details["email"]); if ($this_page == "useredit" && get_http_var("u") == "" && $THEUSER->isloggedin()) { // User is updating their own info. // Check no one else has this email. if ($id_of_user_with_this_addresss && $id_of_user_with_this_addresss != $THEUSER->user_id()) { $errors["email"] = "Someone else has already joined with this email address"; } } else { // User is joining. Check no one is already here with this email. if ($this_page == "userjoin" && $id_of_user_with_this_addresss) { $errors["email"] = "There is already a user with this email address"; } } } // Check passwords. if ($this_page == "userjoin") { // Only *must* enter a password if they're joining. if ($details["password"] == "") { $errors["password"] = "******"; } elseif (strlen($details["password"]) < 6) { $errors["password"] = "******"; } if ($details["password2"] == "") { $errors["password2"] = "Please enter {$who} password again"; } if ($details["password"] != "" && $details["password2"] != "" && $details["password"] != $details["password2"]) { $errors["password"] = ucfirst($who) . " passwords did not match. Please try again."; } } else { // Update details pages. if ($details["password"] != "" && strlen($details["password"]) < 6) { $errors["password"] = "******"; } if ($details["password"] != $details["password2"]) { $errors["password"] = ucfirst($who) . " passwords did not match. Please try again."; } } // Check postcode (which is not a compulsory field). if ($details["postcode"] != "" && !validate_postcode($details["postcode"])) { $errors["postcode"] = "Sorry, this isn't a valid Australian postcode."; } // No checking of URL. if ($this_page == "otheruseredit") { // We're editing another user's info. // Could check status here...? } // Send the array of any errors back... return $errors; }