function update() { $timestamp = mktime(0, 0, 0, $this->params['month'], 1); $endday = expDateTime::endOfMonthDay($timestamp); if ($this->params['day'] > $endday) { expValidator::failAndReturnToForm(gt('There are only') . ' ' . $endday . ' ' . gt('days in') . ' ' . $this->motd->months[$this->params['month']], $this->params); } parent::update(); }
function userFormUpdate($params) { global $order; if ($order->grand_total > $params["cash_amount"]) { expValidator::failAndReturnToForm(gt("The total amount of your order is greater than what the amount you have input.") . "<br />" . gt("Please enter exact or greater amount of your total.")); } $this->opts = null; $this->opts->cash_amount = $params["cash_amount"]; return $this->opts; }
function afterValidationOnCreate() { global $user, $db; //check if user is logged in. If so, then we won't have the password and capture fields //eDebug($_POST,true); if (!$user->isLoggedIn()) { //user is not logged in, so we assume they are creating their first address //we'll check to see if they have elected to 'remember me' and if so, check the username and passwords. //if not, then we just check the captha and create an account manually $password = $_POST['password']; if (isset($_POST['remember_me']) && $_POST['remember_me'] == true) { $user->username = $_POST['email']; $validateUser = $user->setPassword($password, $_POST['password2']); if (!is_bool($validateUser)) { expValidator::failAndReturnToForm($validateUser, $_POST); } } else { $user->username = $_POST['email'] . time(); //make a unique username $password = md5(time() . rand(50, 00)); //generate random password $user->setPassword($password, $password); } //expValidator::check_antispam($_POST, "Your anti-spam verification failed. Please try again."); //if we've come this far, we're good to create the new user account $user->email = $_POST['email']; $user->firstname = $_POST['firstname']; $user->lastname = $_POST['lastname']; //eDebug($_POST); //eDebug($user); $checkUser = $db->selectObject('user', 'username="******"'); if (isset($checkUser->id)) { expValidator::failAndReturnToForm(gt("The email address you entered already exists as a user. If you have lost your password, you may reset it here:") . " <a href='/users/reset_password'>Reset Password</a>.", $_POST); } $user->is_system_user = false; $user->save(true); $user->login($user->username, $password); $this->user_id = $user->id; $this->is_default = true; //eDebug($user,true); //$user-> = $_POST['first_name']; //eDebug($this,true); //set this back since we now have a logged in user and we don't want things going goofy if they logout and log back in and such expSession::un_set("ALLOW_ANONYMOUS_CHECKOUT"); } }
public function saveShippingMethods() { global $order; $shipping = new shipping(); $order->shippingmethods = array(); // if they didn't fill out anything if (empty($this->params['methods'])) { expValidator::failAndReturnToForm(gt("You did not pick any shipping options"), $this->params); } // if they don't check all the radio buttons if (count($this->params['methods']) < count($this->params['calcs'])) { expValidator::failAndReturnToForm(gt("You must select a shipping options for all of your packages."), $this->params); } foreach ($this->params['methods'] as $id => $method) { $cost = $this->params['cost'][$method]; $title = $this->params['title'][$method]; $shippingmethod = new shippingmethod($id); $shippingmethod->update(array('option' => $method, 'option_title' => $title, 'shipping_cost' => $cost, 'shippingcalculator_id' => $this->params['calcs'][$id])); $order->shippingmethods[] = $shippingmethod->id; } redirect_to(array('controller' => 'cart', 'action' => 'checkout')); }
// Update the section from the _POST data. $section = section::update($_POST, $section); if ($check_id == -1) { $check_id = $section->parent; } if ($check_id != -1 && expPermissions::check('manage', expCore::makeLocation('navigationmodule', '', $check_id))) { // make sure the SEF name is valid global $router; if (empty($section->sef_name)) { $section->sef_name = $router->encode($section->name); } if (!section::isValidName($section->sef_name)) { expValidator::failAndReturnToForm('You have invalid characters in the SEF Name field.'); } if (section::isDuplicateName($section)) { expValidator::failAndReturnToForm(gt('The name specified in the SEF Name field is a duplicate of an existing page.')); } if (isset($section->id)) { if ($section->parent != $old_parent) { // Old_parent id was different than the new parent id. Need to decrement the ranks // of the old children (after ours), and then add $section = section::changeParent($section, $old_parent, $section->parent); } // Existing section. Update the database record. // The 'id=x' where clause is implicit with an updateObject $db->updateObject($section, 'section'); } else { // Since this is new, we need to increment ranks, in case the user // added it in the middle of the level. $db->increment('section', 'rank', 1, 'rank >= ' . $section->rank . ' AND parent=' . $section->parent); // New section. Insert a new database record.
function userFormUpdate($params) { //eDebug($params); if (!$this->validate_card_number($params['cc_number']) || !$this->validate_card_type($params['cc_number'], $params['cc_type'])) { expValidator::failAndReturnToForm(gt("Either the card number you entered is not a") . " " . $this->cards[$params['cc_type']] . ", " . gt("or the credit card you entered is not a valid credit card number. Please select the proper credit card type and verify the number entered and try again.") . "<br/>" . gt("For your security, your previously entered credit card information has been cleared.")); } if (!$this->validate_card_expire($params['expiration_month'] . substr($params['expiration_year'], 2, 2))) { expValidator::failAndReturnToForm(gt("Please enter a valid expiration data.") . "<br/>" . gt("For your security, your previously entered credit card information has been cleared.")); } if (!$this->validate_cvv($params['cvv'])) { expValidator::failAndReturnToForm(gt("Please enter a valid CVV number.") . "<br/>" . gt("For your security, your previously entered credit card information has been cleared.")); } //eDebug(debug_backtrace(), true); //eDebug($params); //this is broke to f**k, as you can't validate more than one type of anything without overwriting it. duh. //so calling twice instead....needs to be fixed though TODO: //expValidator::validate(array('presence_of'=>'cc_number'), $params); //expValidator::validate(array('presence_of'=>'cvv'), $params); $this->opts = null; //$this->opts->first_name = $params["first_name"]; //$this->opts->last_name = $params["last_name"]; $this->opts->cc_type = $params["cc_type"]; $this->opts->cc_number = $params["cc_number"]; $this->opts->exp_month = $params["expiration_month"]; $this->opts->exp_year = $params["expiration_year"]; $this->opts->cvv = $params["cvv"]; return $this->opts; }
# it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## /** @define "BASE" "../../../.." */ if (!defined('EXPONENT')) { exit(''); } // Check for form errors $post = $_POST; $post['manual_redirect'] = true; if (!expValidator::check_antispam($post)) { flash('error', gt('Security Validation Failed')); expHistory::back(); } global $db, $user; $f = $db->selectObject("formbuilder_form", "id=" . intval($_POST['id'])); $rpt = $db->selectObject("formbuilder_report", "form_id=" . intval($_POST['id'])); $controls = $db->selectObjects("formbuilder_control", "form_id=" . $f->id . " and is_readonly=0"); $controls = expSorter::sort(array('array' => $controls, 'sortby' => 'rank', 'order' => 'ASC')); $db_data = null; $emailFields = array(); $captions = array(); foreach ($controls as $c) { $ctl = unserialize($c->data); $control_type = get_class($ctl); $def = call_user_func(array($control_type, "getFieldDefinition"));
/** * validate help item sef_url within the help_version * @return bool */ public function validate() { global $db; // check for an sef url field. If it exists make sure it's valid and not a duplicate //this needs to check for SEF URLS being turned on also: TODO if (property_exists($this, 'sef_url') && !in_array('sef_url', $this->do_not_validate)) { if (empty($this->sef_url)) { $this->makeSefUrl(); } $this->validates['is_valid_sef_name']['sef_url'] = array(); $this->validates['uniqueness_of']['sef_url'] = array(); } // safeguard again loc data not being pass via forms...sometimes this happens when you're in a router // mapped view and src hasn't been passed in via link to the form if (isset($this->id) && empty($this->location_data)) { $loc = $db->selectValue($this->tablename, 'location_data', 'id=' . $this->id); if (!empty($loc)) { $this->location_data = $loc; } } // run the validation as defined in the datatypes if (!isset($this->validates)) { return true; } $messages = array(); $post = empty($_POST) ? array() : $_POST; foreach ($this->validates as $validation => $field) { foreach ($field as $key => $value) { $fieldname = is_numeric($key) ? $value : $key; $opts = is_numeric($key) ? array() : $value; $sql = "`" . $fieldname . "`='" . $this->{$fieldname} . " AND help_version_id='" . $this->help_version_id . "'"; if (!empty($this->id)) { $sql .= ' AND id != ' . $this->id; } $ret = $db->countObjects($this->tablename, $sql); if ($ret > 0) { $ret = array_key_exists('message', $opts) ? $opts['message'] : ucwords($fieldname) . ' "' . $this->{$fieldname} . '" is already in use.'; } else { $ret = true; } if (!is_bool($ret)) { $messages[] = $ret; expValidator::setErrorField($fieldname); unset($post[$fieldname]); } } } if (count($messages) >= 1) { expValidator::failAndReturnToForm($messages, $post); } }
public function update_userpassword() { if (empty($this->params['id'])) { expValidator::failAndReturnToForm(gt('You must specify the user whose password you want to change'), $this->params); } if (empty($this->params['new_password1'])) { expValidator::setErrorField('new_password1'); expValidator::failAndReturnToForm(gt('You must specify a new password for this user.'), $this->params); } if (empty($this->params['new_password2'])) { expValidator::setErrorField('new_password2'); expValidator::failAndReturnToForm(gt('You must confirm the password.'), $this->params); } $u = new user($this->params['id']); $ret = $u->setPassword($this->params['new_password1'], $this->params['new_password2']); if (is_string($ret)) { expValidator::setErrorField('new_password1'); $this->params['new_password1'] = ''; $this->params['new_password2'] = ''; expValidator::failAndReturnToForm($ret, $this->params); } else { $u->save(true); } flash('message', gt('Password reset for user') . ' ' . $u->username); expHistory::back(); }
function update() { global $db, $user; /* The global constants can be overridden by passing appropriate params */ //sure wish I could do this once in the constructor. sadly $this->params[] isn't set yet $require_login = empty($this->params['require_login']) ? COMMENTS_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? COMMENTS_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? COMMENTS_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? COMMENTS_NOTIFICATION_EMAIL : $this->params['notification_email']; // check the anti-spam control if (!$user->isLoggedIn()) { expValidator::check_antispam($this->params, gt("Your comment could not be posted because anti-spam verification failed. Please try again.")); } // figure out the name and email address if (!empty($user->id) && empty($this->params['id'])) { $this->params['name'] = $user->firstname . " " . $user->lastname; $this->params['email'] = $user->email; } // save the comment if (empty($require_approval)) { $this->expComment->approved = 1; } $this->expComment->update($this->params); // attach the comment to the datatype it belongs to (blog, news, etc..); $obj->content_type = $this->params['content_type']; $obj->content_id = $this->params['content_id']; $obj->expcomments_id = $this->expComment->id; if (isset($this->params['subtype'])) { $obj->subtype = $this->params['subtype']; } $db->insertObject($obj, $this->expComment->attachable_table); $msg = 'Thank you for posting a comment.'; if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' ' . gt('Your comment is now pending approval. You will receive an email to') . ' '; $msg .= $this->expComment->email . ' ' . gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment, $this->params); } if ($require_approval == 1 && $this->params['approved'] == 1) { $this->sendApprovalNotification($this->expComment, $this->params); } //if ($require_notification && !$user->isAdmin()) { //} flash('message', $msg); expHistory::back(); }
public function signup() { global $db; // check the anti-spam control expValidator::check_antispam($this->params, gt("Anti-spam verification failed. Please try again.")); // make sure we have what we need. if (empty($this->params['email'])) { expQueue::flashAndFlow('error', 'You must supply an email address to sign up for email alerts.'); } if (empty($this->params['ealerts'])) { expQueue::flashAndFlow('error', 'You did not select any E-Alert topics to subscribe to.'); } // find or create the subscriber $id = $db->selectValue('subscribers', 'id', 'email="' . $this->params['email'] . '"'); $subscriber = new subscribers($id); if (empty($subscriber->id)) { $subscriber->email = trim($this->params['email']); $subscriber->hash = md5($subscriber->email . time()); $subscriber->save(); } // delete any old subscriptions and add the user to new subscriptions $db->delete('expeAlerts_subscribers', 'subscribers_id=' . $subscriber->id); foreach ($this->params['ealerts'] as $ea_id) { $obj = null; $obj->subscribers_id = $subscriber->id; $obj->expeAlerts_id = $ea_id; $db->insertObject($obj, 'expeAlerts_subscribers'); } // send a confirmation email to the user. $ealerts = $db->selectObjects('expeAlerts', 'id IN (' . implode(',', $this->params['ealerts']) . ')'); $body = get_template_for_action($this, 'confirmation_email', $this->loc); $body->assign('ealerts', $ealerts); $body->assign('subscriber', $subscriber); $mail = new expMail(); $mail->quickSend(array('html_message' => $body->render(), 'to' => $subscriber->email, 'from' => SMTP_FROMADDRESS, 'subject' => 'Please confirm your E-Alert subscriptions')); redirect_to(array('controller' => 'ealert', 'action' => 'pending', 'id' => $subscriber->id)); }
$error = false; // We have to force the language name into the config.php file expSettings::change('LANGUAGE', LANGUAGE); $user = $db->selectObject('user', 'is_admin=1'); $user->username = $_POST['username']; if ($user->username == '') { $error = true; $errorstr = gt('You must specify a valid username.'); $errorflag = '&errusername=true'; echo $errorstr; } elseif ($_POST['password'] != $_POST['password2']) { $error = true; $errorstr = gt('Your passwords do not match. Please check your entries.'); $errorflag = '&errpassword=true'; echo $errorstr; } elseif (!expValidator::validate_email_address($_POST['email'])) { $error = true; $errorstr = gt('Your email address is invalid. Please check your entry.'); $errorflag = '&erremail=true'; echo $errorstr; } if ($error) { //FIXME Shouldn't get this because of check in install-6.php unless browser jscript disabled flash('error', $errorstr); header('Location: index.php?page=install-6' . $errorflag); exit; } else { $user->password = md5($_POST['password']); $user->firstname = $_POST['firstname']; $user->lastname = $_POST['lastname']; $user->is_admin = 1;
public function saveConfig() { if (!empty($this->params['aggregate']) || !empty($this->params['pull_rss'])) { if ($this->params['order'] == 'rank ASC') { expValidator::failAndReturnToForm(gt('User defined ranking is not allowed when aggregating or pull RSS data feeds.'), $this->params); } } parent::saveConfig(); }