/*
Updates the name and notes field for a give object in a set.
Accepts POST data.
$_POST['obj_id'] -- The ID number of the object
$_POST['set_id'] -- The ID number of the set containing the object
$_POST['objectName'] -- The new object name
$_POST['objectDesc'] -- The new object notes (legacy name = description)
*/
require_once "../../libs/env.php";
require_once "../../libs/utils.php";
$response = array();
$response['error'] = False;
$response['msg'] = array();
// If the right POST params are not present, do nothing
if (isset($_POST['objectName']) && isset($_POST['objectDesc']) && isset($_POST['set_id']) && isset($_POST['obj_id'])) {
$_POST['objectNameobjectName'] = cleanFormData($_POST['objectName']);
$_POST['objectDesc'] = cleanFormDataAllowHTML($_POST['objectDesc']);
// Query DB
$sql = "UPDATE set_objs SET notes = " . $db->quote($_POST['objectDesc'], 'text') . ", name = " . $db->quote($_POST['objectName'], 'text') . " WHERE set_id = " . $db->quote($_POST['set_id'], 'integer') . " AND obj_id = " . $db->quote($_POST['obj_id'], 'integer') . " LIMIT 1";
$res =& $db->exec($sql);
if (PEAR::isError($res)) {
$response['error'] = True;
array_push($response['msg'], $res->getMessage());
} else {
$response['objectName'] = $_POST['objectName'];
$response['objectDesc'] = $_POST['objectDesc'];
}
} else {
$response['error'] = True;
array_push($response['msg'], "Invalid params in the post vars.");
}
$t->assign('email', cleanFormData($_POST['email']));
$t->assign('message', cleanFormData($_POST['message']));
$t->assign('subject', cleanFormData($_POST['subject']));
$t->assign('messages', $msg);
} else {
$nameTo = "Delphi Feedback";
$emailTo = $CFG->contactEmail;
$subj = cleanFormData($_POST['subject']);
$plaintextmsg = cleanFormData($_POST['message']);
$htmlmsg = cleanFormData($_POST['message']);
if (isset($_POST['objid']) and strlen($_POST['objid']) > 0) {
$objID = cleanFormData($_POST['objid']);
$htmlmsg .= '<br /><br /><hr>Feedback on server: <a href="' . $CFG->wwwroot . '">' . $_SERVER['SERVER_NAME'] . '</a> for <a href="' . $CFG->wwwroot . '/object/' . $objID . '">Object: ' . $objID . '</a>';
}
$emailFrom = $_POST['email'];
$nameFrom = cleanFormData($_POST['name']);
if (sendDelphiMail($nameTo, $emailTo, $subj, $plaintextmsg, $htmlmsg, $emailFrom, $nameFrom)) {
if (isset($_POST['objid']) and strlen($_POST['objid']) > 0) {
$t->assign('objid', $_POST['objid']);
} else {
$t->assign('objid', null);
}
$t->display('contactSent.tpl');
die;
} else {
$t->assign('heading', "Failed to send message");
$t->assign('message', "<p>We were unable to deliver your message.</p> <p>You can <a href='" . $CFG->wwwroot . "/modules/about/contact.php'>try again</a> or send us an email directly at <a href='mailto:{$emailTo}'>{$emailTo}</a>.</p>");
$t->display('error.tpl');
die;
}
}
array_push($msg, "Your password must be at least 6 characters.");
}
if ($_POST['pass'] != $_POST['pass2']) {
array_push($msg, "Password does not match confirmation.");
}
} else {
if (!updateField("passwdmd5", $md5pass)) {
array_push($msg, "Error trying to update password.");
}
}
}
}
if ($_POST['email'] != $userData['email']) {
if (!emailValid($_POST['email'])) {
array_push($msg, "Email address is not valid.");
$t->assign('email', cleanFormData($_POST['email']));
} else {
if (!updateField("email", $_POST['email'])) {
array_push($msg, "Error trying to update email.");
}
}
}
if ($_POST['real_name'] != $userData['real_name']) {
if (!real_nameValid($_POST['real_name'])) {
array_push($msg, "Your real name is not valid.");
} else {
if (!updateField("real_name", $_POST['real_name'])) {
array_push($msg, "Error trying to update your real name.");
}
}
}
function checkSubmitValues()
{
// Errors to show if we find any
$msg = array();
global $t;
// reassign vars to user input in case we need to send them back to fix something.
$t->assign('email', cleanFormData($_POST['email']));
$t->assign('user', cleanFormData($_POST['user']));
if (strlen($_POST['pass']) < 6) {
array_push($msg, "Your password must be at least 6 characters.");
}
if (strlen($_POST['pass']) > 25) {
array_push($msg, "Your password cannot be more than 25 characters.");
}
if ($_POST['pass'] != $_POST['pass2']) {
array_push($msg, "Your retyped password did not match the first typed password.");
}
/* Spruce up username, check length */
if (strlen(stripslashes($_POST['user'])) > 40 || strlen(stripslashes($_POST['user'])) < 3) {
array_push($msg, "Username must be between 3 and 40 characters.");
} elseif (!preg_match('|^[a-zA-Z0-9-_]+$|i', $_POST['user'])) {
array_push($msg, "Username can only contain letters, numbers, hyphens, and underscores");
} elseif (usernameTaken($_POST['user'])) {
array_push($msg, "The username \"" . cleanFormData($_POST['user']) . "\"is already taken. Please pick another one.");
}
/* Check if email is valid */
if (!emailValid($_POST['email'])) {
array_push($msg, "Email address is not valid.");
}
if (count($msg) <= 0) {
/* Verify the captcha, but only if everything else is good */
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
array_push($msg, "The \"captcha\" text entered was incorrect.<br />Please try again.");
}
}
if (count($msg) > 0) {
$t->assign('messages', $msg);
$t->assign('captchaHtml', Securimage::getCaptchaHtml());
$t->display('register.tpl');
die;
} else {
return true;
}
}
<?php
/*
Updates the title and description fields for a given set.
Accepts POST data.
$_POST['set_id'] -- The ID number of the set to be updated
$_POST['setTitle'] -- The new set name
$_POST['setDesc'] -- The new set description
$_POST['policy'] -- The new set policy
*/
require_once "../../libs/env.php";
require_once "../../libs/utils.php";
$response = array("success" => false, "msg" => "Did not receive the right vars", "setTitle" => "", "setDesc" => "", "policy" => "");
// If the right POST params are not present, do nothing
if (isset($_POST['setTitle']) && isset($_POST['setDesc']) && isset($_POST['set_id']) && isset($_POST['policy'])) {
$_POST['setTitle'] = cleanFormData($_POST['setTitle']);
$_POST['setDesc'] = cleanFormDataAllowHTML($_POST['setDesc']);
if (!($_POST['policy'] == "public" || $_POST['policy'] == "private")) {
$_POST['policy'] = "private";
}
// Query DB
$sql = "UPDATE sets SET description = " . $db->quote($_POST['setDesc'], 'text') . ", name = " . $db->quote($_POST['setTitle'], 'text') . ", policy = " . $db->quote($_POST['policy'], 'text') . " WHERE id = " . $db->quote($_POST['set_id'], 'integer') . " LIMIT 1";
$res =& $db->exec($sql);
if (PEAR::isError($res)) {
$response['success'] = false;
$response['msg'] = "Error updating database.";
} else {
$response['success'] = true;
$response['msg'] = "Set successfully updated.";
$response['setTitle'] = $_POST['setTitle'];
$response['setDesc'] = $_POST['setDesc'];
die;
}
$id = -1;
$msg = array();
if (isset($_POST['submit'])) {
/*
Skip this, allowing form user to clear the item, and stop the function.
if(empty($_POST['header']) || !strlen($_POST['header']) > 0){
array_push($msg, "You must enter a headline.");
}
if(empty($_POST['content']) || !strlen($_POST['content']) > 0){
array_push($msg, "You must enter a message.");
}
*/
$header = cleanFormData($_POST['header']);
$content = cleanFormData($_POST['content']);
$t->assign('header', $header);
$t->assign('content', $content);
if (empty($_POST['id']) || $_POST['id'] < 0) {
$q = "INSERT INTO newsContent(header, content) VALUES(\"{$header}\",\"{$content}\")";
} else {
$id = $_POST['id'];
$q = "UPDATE newsContent SET header=\"{$header}\", content=\"{$content}\" WHERE id={$id}";
}
$res =& $db->query($q);
if (PEAR::isError($res)) {
array_push($msg, "Error saving news Item to database.");
array_push($msg, "Query: " . $q);
array_push($msg, "Error: " . $res->getMessage());
} else {
array_push($msg, "News Item saved to database.");
