if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
$query_string = $_SERVER['QUERY_STRING'];
}
$query_string = preg_replace('/sec=\\d+/s', '', $query_string);
$query_string = preg_replace('/\\?$|\\&$/s', '', $query_string);
$query_string = preg_replace('/\\?\\&/s', '\\?', $query_string);
if (!empty($query_string)) {
$action .= "?" . htmlspecialchars($query_string);
}
$msg = '';
if (!empty($_REQUEST['submit'])) {
$msg .= response_check_answers($sid, $_SESSION['rid'], $_SESSION['sec']);
# we only check the captcha if no all required
if (empty($msg) && $ESPCONFIG['use_captcha']) {
require_once ESP_BASE . 'public/captcha_check.php';
$msg .= response_check_captcha("captcha_check", 1);
}
if (empty($msg)) {
if ($ESPCONFIG['auth_response'] && auth_get_option('resume')) {
// submitting a previously saved survey
esp_require_once('/lib/espsurveystat');
survey_stat_decrement(SURVEY_STAT_SUSPENDED, $sid);
// delete the previous responses
response_delete($sid, $_SESSION['rid'], $_SESSION['sec']);
}
$_SESSION['rid'] = response_insert($sid, $_SESSION['sec'], $_SESSION['rid']);
// paint the feedback
// NOTE: This function may exit
paint_feedback_end_of_survey($sid, $_SESSION['rid'], $_SESSION['sec']);
// no feedback, so jump to thank you
all_done();
function eme_book_seats($event, $send_mail)
{
global $current_user;
$booking_id = 0;
$total_price = 0;
$result = "";
// check for spammers as early as possible
if (isset($_POST['honeypot_check'])) {
$honeypot_check = stripslashes($_POST['honeypot_check']);
} elseif (!is_admin() && !isset($_POST['honeypot_check'])) {
// a bot fills this in, but a human never will, since it's
// a hidden field
$honeypot_check = "bad boy";
} else {
$honeypot_check = "";
}
if (!is_admin() && get_option('eme_captcha_for_booking')) {
$captcha_err = response_check_captcha("captcha_check", "eme_add_booking");
} else {
$captcha_err = "";
}
if (!is_admin() && (!isset($_POST['eme_rsvp_nonce']) || !wp_verify_nonce($_POST['eme_rsvp_nonce'], 'add_booking'))) {
$nonce_err = "bad boy";
} else {
$nonce_err = "";
}
if (!empty($captcha_err)) {
$result = __('You entered an incorrect code', 'eme');
return array(0 => $result, 1 => $booking_id);
} elseif (!empty($honeypot_check) || !empty($nonce_err)) {
$result = __("You're not allowed to do this. If you believe you've received this message in error please contact the site owner.", 'eme');
return array(0 => $result, 1 => $booking_id);
}
// now do regular checks
if (!empty($event['event_registration_form_format'])) {
$format = $event['event_registration_form_format'];
} elseif ($event['event_properties']['event_registration_form_format_tpl'] > 0) {
$format = eme_get_template_format($event['event_properties']['event_registration_form_format_tpl']);
} else {
$format = get_option('eme_registration_form_format');
}
$all_required_fields = eme_find_required_formfields($format);
$min_allowed = $event['event_properties']['min_allowed'];
$max_allowed = $event['event_properties']['max_allowed'];
if ($event['event_properties']['take_attendance']) {
$min_allowed = 0;
$max_allowed = 1;
}
if (isset($_POST['bookedSeats'])) {
$bookedSeats = intval($_POST['bookedSeats']);
} else {
$bookedSeats = 0;
}
// for multiple prices, we have multiple booked Seats as well
// the next foreach is only valid when called from the frontend
$bookedSeats_mp = array();
if (eme_is_multi($event['price'])) {
// make sure the array contains the correct keys already, since
// later on in the function eme_record_booking we do a join
$booking_prices_mp = eme_convert_multi2array($event['price']);
foreach ($booking_prices_mp as $key => $value) {
$bookedSeats_mp[$key] = 0;
}
foreach ($_POST as $key => $value) {
if (preg_match('/bookedSeats(\\d+)/', $key, $matches)) {
$field_id = intval($matches[1]) - 1;
$bookedSeats += $value;
$bookedSeats_mp[$field_id] = $value;
}
}
}
if (isset($_POST['comment'])) {
$bookerComment = eme_strip_tags($_POST['comment']);
} else {
$bookerComment = "";
}
$missing_required_fields = array();
// check all required fields
if (!is_admin() && get_option('eme_rsvp_check_required_fields')) {
foreach ($all_required_fields as $required_field) {
if (preg_match("/LASTNAME|EMAIL|SEATS/", $required_field)) {
// we already check these seperately, and EMAIL regex also catches _HTML5_EMAIL
continue;
} elseif (preg_match("/PHONE/", $required_field)) {
// PHONE regex also catches _HTML5_PHONE
if (!isset($_POST['phone']) || empty($_POST['phone'])) {
array_push($missing_required_fields, __('Phone number', 'eme'));
}
} elseif (preg_match("/(ADDRESS1|ADDRESS2|CITY|STATE|ZIP|COUNTRY)/", $required_field, $matches)) {
$fieldname = strtolower($matches[1]);
$fieldname_ucfirst = ucfirst($fieldname);
if (!isset($_POST[$fieldname])) {
array_push($missing_required_fields, __($fieldname_ucfirst, 'eme'));
}
} elseif (preg_match("/COMMENT/", $required_field)) {
if (empty($bookerComment)) {
array_push($missing_required_fields, __('Comment', 'eme'));
}
} elseif (!isset($_POST[$required_field]) || $_POST[$required_field] === '') {
if (preg_match('/FIELD(\\d+)/', $required_field, $matches)) {
$field_id = intval($matches[1]);
$formfield = eme_get_formfield_byid($field_id);
array_push($missing_required_fields, $formfield['field_name']);
} else {
array_push($missing_required_fields, $required_field);
}
}
}
}
$event_id = $event['event_id'];
$registration_wp_users_only = $event['registration_wp_users_only'];
$bookerLastName = "";
$bookerFirstName = "";
$bookerEmail = "";
$booker = array();
if (!is_admin() && $registration_wp_users_only && is_user_logged_in()) {
// we require a user to be WP registered to be able to book
get_currentuserinfo();
$booker_wp_id = $current_user->ID;
// we also need name and email for sending the mail
$bookerLastName = $current_user->user_lastname;
if (empty($bookerLastName)) {
$bookerLastName = $current_user->display_name;
}
$bookerFirstName = $current_user->user_firstname;
$bookerEmail = $current_user->user_email;
$booker = eme_get_person_by_wp_id($booker_wp_id);
} elseif (!is_admin() && is_user_logged_in() && isset($_POST['lastname']) && isset($_POST['email'])) {
$booker_wp_id = get_current_user_id();
$bookerLastName = eme_strip_tags($_POST['lastname']);
if (isset($_POST['firstname'])) {
$bookerFirstName = eme_strip_tags($_POST['firstname']);
}
$bookerEmail = eme_strip_tags($_POST['email']);
$booker = eme_get_person_by_name_and_email($bookerLastName, $bookerFirstName, $bookerEmail);
} elseif (isset($_POST['lastname']) && isset($_POST['email'])) {
// when called from the admin backend, we don't care about registration_wp_users_only
$booker_wp_id = 0;
$bookerLastName = eme_strip_tags($_POST['lastname']);
if (isset($_POST['firstname'])) {
$bookerFirstName = eme_strip_tags($_POST['firstname']);
}
$bookerEmail = eme_strip_tags($_POST['email']);
$booker = eme_get_person_by_name_and_email($bookerLastName, $bookerFirstName, $bookerEmail);
}
if (has_filter('eme_eval_booking_filter')) {
$eval_filter_return = apply_filters('eme_eval_booking_filter', $event);
} else {
$eval_filter_return = array(0 => 1, 1 => '');
}
if (empty($bookerLastName)) {
// if any required field is empty: return an error
$result = __('Please fill out your last name', 'eme');
// to be backwards compatible, don't require bookerFirstName here: it can be empty for forms that just use #_NAME
} elseif (empty($bookerEmail)) {
// if any required field is empty: return an error
$result = __('Please fill out your e-mail', 'eme');
} elseif (count($missing_required_fields) > 0) {
// if any required field is empty: return an error
$missing_required_fields_string = join(", ", $missing_required_fields);
$result = sprintf(__('Please make sure all of the following required fields are filled out correctly: %s', 'eme'), $missing_required_fields_string);
} elseif (!filter_var($bookerEmail, FILTER_VALIDATE_EMAIL)) {
$result = __('Please enter a valid mail address', 'eme');
} elseif (!eme_is_multi($min_allowed) && $bookedSeats < $min_allowed) {
$result = __('Please enter a correct number of spaces to reserve', 'eme');
} elseif (eme_is_multi($min_allowed) && eme_is_multi($event['event_seats']) && $bookedSeats_mp < eme_convert_multi2array($min_allowed)) {
$result = __('Please enter a correct number of spaces to reserve', 'eme');
} elseif (!eme_is_multi($max_allowed) && $max_allowed > 0 && $bookedSeats > $max_allowed) {
// we check the max, but only is max_allowed>0, max_allowed=0 means no limit
$result = __('Please enter a correct number of spaces to reserve', 'eme');
} elseif (eme_is_multi($max_allowed) && eme_is_multi($event['event_seats']) && eme_get_multitotal($max_allowed) > 0 && $bookedSeats_mp > eme_convert_multi2array($max_allowed)) {
// we check the max, but only is the total max_allowed>0, max_allowed=0 means no limit
// currently we don't support 0 as being no limit per array element
$result = __('Please enter a correct number of spaces to reserve', 'eme');
} elseif (!is_admin() && $registration_wp_users_only && !$booker_wp_id) {
// spammers might get here, but we catch them
$result = __('WP membership is required for registration', 'eme');
} elseif (is_array($eval_filter_return) && !$eval_filter_return[0]) {
// the result of own eval rules
$result = $eval_filter_return[1];
} else {
$language = eme_detect_lang();
if (eme_is_multi($event['event_seats'])) {
$seats_available = eme_are_multiseats_available_for($event_id, $bookedSeats_mp);
} else {
$seats_available = eme_are_seats_available_for($event_id, $bookedSeats);
}
if ($seats_available) {
if (empty($booker)) {
$booker = eme_add_person($bookerLastName, $bookerFirstName, $bookerEmail, $booker_wp_id, $language);
} else {
$booker = eme_update_person_with_postinfo($booker['person_id']);
}
// ok, just to be safe: check the person_id of the booker
if ($booker['person_id'] > 0) {
// we can only use the filter here, since the booker needs to be created first if needed
if (has_filter('eme_eval_booking_form_filter')) {
$eval_filter_return = apply_filters('eme_eval_booking_form_filter', $event, $booker);
} else {
$eval_filter_return = array(0 => 1, 1 => '');
}
if (is_array($eval_filter_return) && !$eval_filter_return[0]) {
// the result of own eval rules failed, so let's use that as a result
$result = $eval_filter_return[1];
} else {
$booking_id = eme_record_booking($event, $booker['person_id'], $bookedSeats, $bookedSeats_mp, $bookerComment, $language);
// everything ok, so we unset the variables entered, so when the form is shown again, all is defaulted again
foreach ($_POST as $key => $value) {
unset($_POST[$key]);
}
}
} else {
$result = __('No booker ID found, something is wrong here', 'eme');
unset($_POST['bookedSeats']);
}
} else {
$result = __('Booking cannot be made: not enough seats available!', 'eme');
// here we only unset the number of seats entered, so the user doesn't have to fill in the rest again
unset($_POST['bookedSeats']);
}
}
if ($booking_id) {
// the payment needs to be created before the mail is sent or placeholders replaced, otherwise you can't send a link to the payment ...
eme_create_payment($booking_id);
$booking = eme_get_booking($booking_id);
$total_price = eme_get_total_booking_price($event, $booking);
if (!empty($event['event_registration_recorded_ok_html'])) {
$ok_format = $event['event_registration_recorded_ok_html'];
} elseif ($event['event_properties']['event_registration_recorded_ok_html_tpl'] > 0) {
$ok_format = eme_get_template_format($event['event_properties']['event_registration_recorded_ok_html_tpl']);
} else {
$ok_format = get_option('eme_registration_recorded_ok_html');
}
// don't let eme_replace_placeholders replace other shortcodes yet, let eme_replace_booking_placeholders finish and that will do it
$result = eme_replace_placeholders($ok_format, $event, "html", 0);
$result = eme_replace_booking_placeholders($result, $event, $booking);
if (is_admin()) {
$action = "approveRegistration";
} else {
$action = "";
}
if ($send_mail) {
eme_email_rsvp_booking($booking, $action);
}
}
$res = array(0 => $result, 1 => $booking_id);
return $res;
}