$profile = get_user_profile($uid);
$backurl = $_SERVER['PHP_SELF'];
break;
case "validate":
include "inc/email_validator.php";
// validate fields
$errorString = "";
if ($_POST['token'] != $_SESSION['token']) {
$errorString[] = "Invalid token! (what are you doing??)<br />";
}
$token_age = time() - $_SESSION['token_time'];
// force to resubmit after 5 minutes
if ($token_age > 300) {
$errorString[] = "Timout value exceeded, resubmit<br />";
}
if ($_POST['realname'] != $user->data['real_name'] && !is_valid_real_name($_POST['realname']) && $_POST['realname'] != "") {
$errorString[] = "Invalid name";
}
if (!is_curr_password($_POST['curpassword'], $user)) {
$errorString[] = "Current password not correct";
}
if (!is_valid_password($_POST['passwordx'], $_POST['password2']) && ($_POST['passwordx'] != "" || $_POST['password2'] != "")) {
$errorString[] = "Passwords do not match or are not of required length";
}
if ($_POST['email'] != $user->data['email'] && !is_rfc3696_valid_email_address($_POST['email']) && $_POST['email'] != "") {
$errorString[] = "Invalid email address";
}
if ($_POST['email'] != $user->data['email'] && email_exists($_POST['email'], true)) {
$errorString[] = "Email address already in use";
}
if ($_POST['name_format'] != $user->data['name_format']) {
$uid = false;
// first check email for existing user
if (!is_rfc3696_valid_email_address($_POST["invite-email-{$i}"]) && !empty($_POST["invite-email-{$i}"])) {
$errorString[] = "Not a valid email address for number {$i}<br />";
}
if (email_exists($_POST["invite-email-{$i}"]) && !empty($_POST["invite-email-{$i}"])) {
// $errorString .= "<b>Error:</b> Email address already in use for number $i<br />";
// user is already registered, take that user_id by storing it in temp array
$uid = get_userid_by_email($_POST["invite-email-{$i}"]);
$existing_users[$uid] = $_POST["invite-email-{$i}"];
}
// ignore empty field sets
if (empty($_POST["invite-name-{$i}"]) && !empty($_POST["invite-email-{$i}"]) && !$uid) {
$errorString[] = "Name is mandatory, but only email given for number {$i}<br />";
} elseif (!empty($_POST["invite-name-{$i}"])) {
if (!is_valid_real_name($_POST["invite-name-{$i}"])) {
$errorString[] = "Invalid name for number {$i}<br />";
} elseif (realname_exists($_POST["invite-name-{$i}"])) {
$errorString[] = "Name exists for number {$i} (try adding by email)<br />";
}
}
}
if (!empty($errorString)) {
$add_form = true;
} else {
// no errors add members
$resultString = "";
for ($i = 1; $i < $membersize + 1; $i++) {
if (!empty($_POST["invite-name-{$i}"]) && !in_array($_POST["invite-email-{$i}"], $existing_users)) {
$newuserid = add_member($_POST["invite-name-{$i}"], $_POST["invite-email-{$i}"], $groupdetails['group_id']);
if ($newuserid != false) {
$errorString = "";
if ($_POST['token'] != $_SESSION['token']) {
$errorString[] = "Invalid token! (what are you doing??)<br />";
}
$token_age = time() - $_SESSION['token_time'];
// force to resubmit after 5 minutes
if ($token_age > 300) {
$errorString[] = "Timout value exceeded, resubmit<br />";
}
if (!is_valid_real_name($_POST['name'])) {
$errorString[] = "Invalid groupname";
} elseif (group_exists($_POST['name'])) {
$errorString[] = "Groupname already in use <br />";
//$showgrouplist = false; // do not show group list when dealing with add errors
}
if (!is_valid_real_name($_POST['description'])) {
$errorString[] = "Invalid description";
}
if (!empty($errorString)) {
$showgroupaddform = true;
} else {
// group does not exist, create group
$addgroupresult = "";
if (!add_group($_POST['name'], $_POST['description'], $user->data['user_id'])) {
$errorString[] = "Could not add group to database";
$showgroupaddform = true;
} else {
$addgroupresult[] = "Group " . $_POST['name'] . " has been created";
}
}
}
case "add":
//$user = new uFlex();
$showaddform = true;
break;
case "validate":
$timestamp = mktime($_POST['start_hour'], $_POST['start_minute'], 0, $_POST['start_month'], $_POST['start_day'], $_POST['start_year']);
$errorString = "";
if ($_POST['token'] != $_SESSION['token']) {
$errorString[] = "Invalid token! (what are you doing??)<br />";
}
$token_age = time() - $_SESSION['token_time'];
// force to resubmit after 5 minutes
if ($token_age > 300) {
$errorString[] = "Timout value exceeded, resubmit<br />";
}
if (!is_valid_real_name($_POST['description']) && $_POST['event_id'] == 0) {
$errorString[] = "Invalid description <br />";
}
if (!is_valid_amount($_POST['amount'])) {
$errorString[] = "Invalid amount <br />";
}
if (!is_valid_bookdate($timestamp)) {
$errorString[] = "Invalid bookdate (more than 3 months ago)<br />";
// month limit is set in function is_valid_bookdate
}
if (!array_key_exists($_POST['type_id'], $expense_types)) {
$errorString[] = "Invalid expense type! (what are you doing??) <br />";
}
for ($i = 0; $i < $members_size; $i++) {
$member_ids[] = $members[$i]['user_id'];
}
$errorString[] = "Password could not be reset :-(";
$sendpasserror = true;
}
} else {
$errorString[] = "Email address not found";
$showlostpassform = true;
}
break;
case "processregister":
include "inc/email_validator.php";
// validate fields
$errorString = "";
if (!is_valid_name($_POST['username'])) {
$errorString[] = "Invalid username";
}
if (!is_valid_real_name($_POST['realname'])) {
$errorString[] = "Invalid name";
} elseif (username_exists($_POST['username'])) {
$errorString[] = "Username already in use";
}
/* elseif (realname_exists($_POST['realname'])) {
$errorString[] = "Name already in use";
} */
if (!is_valid_password($_POST['password'], $_POST['password2'])) {
$errorString[] = "Passwords do not match or are not of required length";
}
if (!is_rfc3696_valid_email_address($_POST['email'])) {
$errorString[] = "Invalid email address";
}
if (email_exists($_POST['email'], true)) {
$errorString[] = "Email address already in use";
