Esempio n. 1
0
if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
    $query_string = $_SERVER['QUERY_STRING'];
}
$query_string = preg_replace('/sec=\\d+/s', '', $query_string);
$query_string = preg_replace('/\\?$|\\&$/s', '', $query_string);
$query_string = preg_replace('/\\?\\&/s', '\\?', $query_string);
if (!empty($query_string)) {
    $action .= "?" . htmlspecialchars($query_string);
}
$msg = '';
if (!empty($_REQUEST['submit'])) {
    $msg .= response_check_answers($sid, $_SESSION['rid'], $_SESSION['sec']);
    # we only check the captcha if no all required
    if (empty($msg) && $ESPCONFIG['use_captcha']) {
        require_once ESP_BASE . 'public/captcha_check.php';
        $msg .= response_check_captcha("captcha_check", 1);
    }
    if (empty($msg)) {
        if ($ESPCONFIG['auth_response'] && auth_get_option('resume')) {
            // submitting a previously saved survey
            esp_require_once('/lib/espsurveystat');
            survey_stat_decrement(SURVEY_STAT_SUSPENDED, $sid);
            // delete the previous responses
            response_delete($sid, $_SESSION['rid'], $_SESSION['sec']);
        }
        $_SESSION['rid'] = response_insert($sid, $_SESSION['sec'], $_SESSION['rid']);
        // paint the feedback
        // NOTE: This function may exit
        paint_feedback_end_of_survey($sid, $_SESSION['rid'], $_SESSION['sec']);
        // no feedback, so jump to thank you
        all_done();
Esempio n. 2
0
function eme_book_seats($event, $send_mail)
{
    global $current_user;
    $booking_id = 0;
    $total_price = 0;
    $result = "";
    // check for spammers as early as possible
    if (isset($_POST['honeypot_check'])) {
        $honeypot_check = stripslashes($_POST['honeypot_check']);
    } elseif (!is_admin() && !isset($_POST['honeypot_check'])) {
        // a bot fills this in, but a human never will, since it's
        // a hidden field
        $honeypot_check = "bad boy";
    } else {
        $honeypot_check = "";
    }
    if (!is_admin() && get_option('eme_captcha_for_booking')) {
        $captcha_err = response_check_captcha("captcha_check", "eme_add_booking");
    } else {
        $captcha_err = "";
    }
    if (!is_admin() && (!isset($_POST['eme_rsvp_nonce']) || !wp_verify_nonce($_POST['eme_rsvp_nonce'], 'add_booking'))) {
        $nonce_err = "bad boy";
    } else {
        $nonce_err = "";
    }
    if (!empty($captcha_err)) {
        $result = __('You entered an incorrect code', 'eme');
        return array(0 => $result, 1 => $booking_id);
    } elseif (!empty($honeypot_check) || !empty($nonce_err)) {
        $result = __("You're not allowed to do this. If you believe you've received this message in error please contact the site owner.", 'eme');
        return array(0 => $result, 1 => $booking_id);
    }
    // now do regular checks
    if (!empty($event['event_registration_form_format'])) {
        $format = $event['event_registration_form_format'];
    } elseif ($event['event_properties']['event_registration_form_format_tpl'] > 0) {
        $format = eme_get_template_format($event['event_properties']['event_registration_form_format_tpl']);
    } else {
        $format = get_option('eme_registration_form_format');
    }
    $all_required_fields = eme_find_required_formfields($format);
    $min_allowed = $event['event_properties']['min_allowed'];
    $max_allowed = $event['event_properties']['max_allowed'];
    if ($event['event_properties']['take_attendance']) {
        $min_allowed = 0;
        $max_allowed = 1;
    }
    if (isset($_POST['bookedSeats'])) {
        $bookedSeats = intval($_POST['bookedSeats']);
    } else {
        $bookedSeats = 0;
    }
    // for multiple prices, we have multiple booked Seats as well
    // the next foreach is only valid when called from the frontend
    $bookedSeats_mp = array();
    if (eme_is_multi($event['price'])) {
        // make sure the array contains the correct keys already, since
        // later on in the function eme_record_booking we do a join
        $booking_prices_mp = eme_convert_multi2array($event['price']);
        foreach ($booking_prices_mp as $key => $value) {
            $bookedSeats_mp[$key] = 0;
        }
        foreach ($_POST as $key => $value) {
            if (preg_match('/bookedSeats(\\d+)/', $key, $matches)) {
                $field_id = intval($matches[1]) - 1;
                $bookedSeats += $value;
                $bookedSeats_mp[$field_id] = $value;
            }
        }
    }
    if (isset($_POST['comment'])) {
        $bookerComment = eme_strip_tags($_POST['comment']);
    } else {
        $bookerComment = "";
    }
    $missing_required_fields = array();
    // check all required fields
    if (!is_admin() && get_option('eme_rsvp_check_required_fields')) {
        foreach ($all_required_fields as $required_field) {
            if (preg_match("/LASTNAME|EMAIL|SEATS/", $required_field)) {
                // we already check these seperately, and EMAIL regex also catches _HTML5_EMAIL
                continue;
            } elseif (preg_match("/PHONE/", $required_field)) {
                // PHONE regex also catches _HTML5_PHONE
                if (!isset($_POST['phone']) || empty($_POST['phone'])) {
                    array_push($missing_required_fields, __('Phone number', 'eme'));
                }
            } elseif (preg_match("/(ADDRESS1|ADDRESS2|CITY|STATE|ZIP|COUNTRY)/", $required_field, $matches)) {
                $fieldname = strtolower($matches[1]);
                $fieldname_ucfirst = ucfirst($fieldname);
                if (!isset($_POST[$fieldname])) {
                    array_push($missing_required_fields, __($fieldname_ucfirst, 'eme'));
                }
            } elseif (preg_match("/COMMENT/", $required_field)) {
                if (empty($bookerComment)) {
                    array_push($missing_required_fields, __('Comment', 'eme'));
                }
            } elseif (!isset($_POST[$required_field]) || $_POST[$required_field] === '') {
                if (preg_match('/FIELD(\\d+)/', $required_field, $matches)) {
                    $field_id = intval($matches[1]);
                    $formfield = eme_get_formfield_byid($field_id);
                    array_push($missing_required_fields, $formfield['field_name']);
                } else {
                    array_push($missing_required_fields, $required_field);
                }
            }
        }
    }
    $event_id = $event['event_id'];
    $registration_wp_users_only = $event['registration_wp_users_only'];
    $bookerLastName = "";
    $bookerFirstName = "";
    $bookerEmail = "";
    $booker = array();
    if (!is_admin() && $registration_wp_users_only && is_user_logged_in()) {
        // we require a user to be WP registered to be able to book
        get_currentuserinfo();
        $booker_wp_id = $current_user->ID;
        // we also need name and email for sending the mail
        $bookerLastName = $current_user->user_lastname;
        if (empty($bookerLastName)) {
            $bookerLastName = $current_user->display_name;
        }
        $bookerFirstName = $current_user->user_firstname;
        $bookerEmail = $current_user->user_email;
        $booker = eme_get_person_by_wp_id($booker_wp_id);
    } elseif (!is_admin() && is_user_logged_in() && isset($_POST['lastname']) && isset($_POST['email'])) {
        $booker_wp_id = get_current_user_id();
        $bookerLastName = eme_strip_tags($_POST['lastname']);
        if (isset($_POST['firstname'])) {
            $bookerFirstName = eme_strip_tags($_POST['firstname']);
        }
        $bookerEmail = eme_strip_tags($_POST['email']);
        $booker = eme_get_person_by_name_and_email($bookerLastName, $bookerFirstName, $bookerEmail);
    } elseif (isset($_POST['lastname']) && isset($_POST['email'])) {
        // when called from the admin backend, we don't care about registration_wp_users_only
        $booker_wp_id = 0;
        $bookerLastName = eme_strip_tags($_POST['lastname']);
        if (isset($_POST['firstname'])) {
            $bookerFirstName = eme_strip_tags($_POST['firstname']);
        }
        $bookerEmail = eme_strip_tags($_POST['email']);
        $booker = eme_get_person_by_name_and_email($bookerLastName, $bookerFirstName, $bookerEmail);
    }
    if (has_filter('eme_eval_booking_filter')) {
        $eval_filter_return = apply_filters('eme_eval_booking_filter', $event);
    } else {
        $eval_filter_return = array(0 => 1, 1 => '');
    }
    if (empty($bookerLastName)) {
        // if any required field is empty: return an error
        $result = __('Please fill out your last name', 'eme');
        // to be backwards compatible, don't require bookerFirstName here: it can be empty for forms that just use #_NAME
    } elseif (empty($bookerEmail)) {
        // if any required field is empty: return an error
        $result = __('Please fill out your e-mail', 'eme');
    } elseif (count($missing_required_fields) > 0) {
        // if any required field is empty: return an error
        $missing_required_fields_string = join(", ", $missing_required_fields);
        $result = sprintf(__('Please make sure all of the following required fields are filled out correctly: %s', 'eme'), $missing_required_fields_string);
    } elseif (!filter_var($bookerEmail, FILTER_VALIDATE_EMAIL)) {
        $result = __('Please enter a valid mail address', 'eme');
    } elseif (!eme_is_multi($min_allowed) && $bookedSeats < $min_allowed) {
        $result = __('Please enter a correct number of spaces to reserve', 'eme');
    } elseif (eme_is_multi($min_allowed) && eme_is_multi($event['event_seats']) && $bookedSeats_mp < eme_convert_multi2array($min_allowed)) {
        $result = __('Please enter a correct number of spaces to reserve', 'eme');
    } elseif (!eme_is_multi($max_allowed) && $max_allowed > 0 && $bookedSeats > $max_allowed) {
        // we check the max, but only is max_allowed>0, max_allowed=0 means no limit
        $result = __('Please enter a correct number of spaces to reserve', 'eme');
    } elseif (eme_is_multi($max_allowed) && eme_is_multi($event['event_seats']) && eme_get_multitotal($max_allowed) > 0 && $bookedSeats_mp > eme_convert_multi2array($max_allowed)) {
        // we check the max, but only is the total max_allowed>0, max_allowed=0 means no limit
        // currently we don't support 0 as being no limit per array element
        $result = __('Please enter a correct number of spaces to reserve', 'eme');
    } elseif (!is_admin() && $registration_wp_users_only && !$booker_wp_id) {
        // spammers might get here, but we catch them
        $result = __('WP membership is required for registration', 'eme');
    } elseif (is_array($eval_filter_return) && !$eval_filter_return[0]) {
        // the result of own eval rules
        $result = $eval_filter_return[1];
    } else {
        $language = eme_detect_lang();
        if (eme_is_multi($event['event_seats'])) {
            $seats_available = eme_are_multiseats_available_for($event_id, $bookedSeats_mp);
        } else {
            $seats_available = eme_are_seats_available_for($event_id, $bookedSeats);
        }
        if ($seats_available) {
            if (empty($booker)) {
                $booker = eme_add_person($bookerLastName, $bookerFirstName, $bookerEmail, $booker_wp_id, $language);
            } else {
                $booker = eme_update_person_with_postinfo($booker['person_id']);
            }
            // ok, just to be safe: check the person_id of the booker
            if ($booker['person_id'] > 0) {
                // we can only use the filter here, since the booker needs to be created first if needed
                if (has_filter('eme_eval_booking_form_filter')) {
                    $eval_filter_return = apply_filters('eme_eval_booking_form_filter', $event, $booker);
                } else {
                    $eval_filter_return = array(0 => 1, 1 => '');
                }
                if (is_array($eval_filter_return) && !$eval_filter_return[0]) {
                    // the result of own eval rules failed, so let's use that as a result
                    $result = $eval_filter_return[1];
                } else {
                    $booking_id = eme_record_booking($event, $booker['person_id'], $bookedSeats, $bookedSeats_mp, $bookerComment, $language);
                    // everything ok, so we unset the variables entered, so when the form is shown again, all is defaulted again
                    foreach ($_POST as $key => $value) {
                        unset($_POST[$key]);
                    }
                }
            } else {
                $result = __('No booker ID found, something is wrong here', 'eme');
                unset($_POST['bookedSeats']);
            }
        } else {
            $result = __('Booking cannot be made: not enough seats available!', 'eme');
            // here we only unset the number of seats entered, so the user doesn't have to fill in the rest again
            unset($_POST['bookedSeats']);
        }
    }
    if ($booking_id) {
        // the payment needs to be created before the mail is sent or placeholders replaced, otherwise you can't send a link to the payment ...
        eme_create_payment($booking_id);
        $booking = eme_get_booking($booking_id);
        $total_price = eme_get_total_booking_price($event, $booking);
        if (!empty($event['event_registration_recorded_ok_html'])) {
            $ok_format = $event['event_registration_recorded_ok_html'];
        } elseif ($event['event_properties']['event_registration_recorded_ok_html_tpl'] > 0) {
            $ok_format = eme_get_template_format($event['event_properties']['event_registration_recorded_ok_html_tpl']);
        } else {
            $ok_format = get_option('eme_registration_recorded_ok_html');
        }
        // don't let eme_replace_placeholders replace other shortcodes yet, let eme_replace_booking_placeholders finish and that will do it
        $result = eme_replace_placeholders($ok_format, $event, "html", 0);
        $result = eme_replace_booking_placeholders($result, $event, $booking);
        if (is_admin()) {
            $action = "approveRegistration";
        } else {
            $action = "";
        }
        if ($send_mail) {
            eme_email_rsvp_booking($booking, $action);
        }
    }
    $res = array(0 => $result, 1 => $booking_id);
    return $res;
}