function update()
{
$timestamp = mktime(0, 0, 0, $this->params['month'], 1);
$endday = expDateTime::endOfMonthDay($timestamp);
if ($this->params['day'] > $endday) {
expValidator::failAndReturnToForm(gt('There are only') . ' ' . $endday . ' ' . gt('days in') . ' ' . $this->motd->months[$this->params['month']], $this->params);
}
parent::update();
}
function userFormUpdate($params)
{
global $order;
if ($order->grand_total > $params["cash_amount"]) {
expValidator::failAndReturnToForm(gt("The total amount of your order is greater than what the amount you have input.") . "<br />" . gt("Please enter exact or greater amount of your total."));
}
$this->opts = null;
$this->opts->cash_amount = $params["cash_amount"];
return $this->opts;
}
function afterValidationOnCreate()
{
global $user, $db;
//check if user is logged in. If so, then we won't have the password and capture fields
//eDebug($_POST,true);
if (!$user->isLoggedIn()) {
//user is not logged in, so we assume they are creating their first address
//we'll check to see if they have elected to 'remember me' and if so, check the username and passwords.
//if not, then we just check the captha and create an account manually
$password = $_POST['password'];
if (isset($_POST['remember_me']) && $_POST['remember_me'] == true) {
$user->username = $_POST['email'];
$validateUser = $user->setPassword($password, $_POST['password2']);
if (!is_bool($validateUser)) {
expValidator::failAndReturnToForm($validateUser, $_POST);
}
} else {
$user->username = $_POST['email'] . time();
//make a unique username
$password = md5(time() . rand(50, 00));
//generate random password
$user->setPassword($password, $password);
}
//expValidator::check_antispam($_POST, "Your anti-spam verification failed. Please try again.");
//if we've come this far, we're good to create the new user account
$user->email = $_POST['email'];
$user->firstname = $_POST['firstname'];
$user->lastname = $_POST['lastname'];
//eDebug($_POST);
//eDebug($user);
$checkUser = $db->selectObject('user', 'username="******"');
if (isset($checkUser->id)) {
expValidator::failAndReturnToForm(gt("The email address you entered already exists as a user. If you have lost your password, you may reset it here:") . " <a href='/users/reset_password'>Reset Password</a>.", $_POST);
}
$user->is_system_user = false;
$user->save(true);
$user->login($user->username, $password);
$this->user_id = $user->id;
$this->is_default = true;
//eDebug($user,true);
//$user-> = $_POST['first_name'];
//eDebug($this,true);
//set this back since we now have a logged in user and we don't want things going goofy if they logout and log back in and such
expSession::un_set("ALLOW_ANONYMOUS_CHECKOUT");
}
}
public function saveShippingMethods()
{
global $order;
$shipping = new shipping();
$order->shippingmethods = array();
// if they didn't fill out anything
if (empty($this->params['methods'])) {
expValidator::failAndReturnToForm(gt("You did not pick any shipping options"), $this->params);
}
// if they don't check all the radio buttons
if (count($this->params['methods']) < count($this->params['calcs'])) {
expValidator::failAndReturnToForm(gt("You must select a shipping options for all of your packages."), $this->params);
}
foreach ($this->params['methods'] as $id => $method) {
$cost = $this->params['cost'][$method];
$title = $this->params['title'][$method];
$shippingmethod = new shippingmethod($id);
$shippingmethod->update(array('option' => $method, 'option_title' => $title, 'shipping_cost' => $cost, 'shippingcalculator_id' => $this->params['calcs'][$id]));
$order->shippingmethods[] = $shippingmethod->id;
}
redirect_to(array('controller' => 'cart', 'action' => 'checkout'));
}
// Update the section from the _POST data.
$section = section::update($_POST, $section);
if ($check_id == -1) {
$check_id = $section->parent;
}
if ($check_id != -1 && expPermissions::check('manage', expCore::makeLocation('navigationmodule', '', $check_id))) {
// make sure the SEF name is valid
global $router;
if (empty($section->sef_name)) {
$section->sef_name = $router->encode($section->name);
}
if (!section::isValidName($section->sef_name)) {
expValidator::failAndReturnToForm('You have invalid characters in the SEF Name field.');
}
if (section::isDuplicateName($section)) {
expValidator::failAndReturnToForm(gt('The name specified in the SEF Name field is a duplicate of an existing page.'));
}
if (isset($section->id)) {
if ($section->parent != $old_parent) {
// Old_parent id was different than the new parent id. Need to decrement the ranks
// of the old children (after ours), and then add
$section = section::changeParent($section, $old_parent, $section->parent);
}
// Existing section. Update the database record.
// The 'id=x' where clause is implicit with an updateObject
$db->updateObject($section, 'section');
} else {
// Since this is new, we need to increment ranks, in case the user
// added it in the middle of the level.
$db->increment('section', 'rank', 1, 'rank >= ' . $section->rank . ' AND parent=' . $section->parent);
// New section. Insert a new database record.
function userFormUpdate($params)
{
//eDebug($params);
if (!$this->validate_card_number($params['cc_number']) || !$this->validate_card_type($params['cc_number'], $params['cc_type'])) {
expValidator::failAndReturnToForm(gt("Either the card number you entered is not a") . " " . $this->cards[$params['cc_type']] . ", " . gt("or the credit card you entered is not a valid credit card number. Please select the proper credit card type and verify the number entered and try again.") . "<br/>" . gt("For your security, your previously entered credit card information has been cleared."));
}
if (!$this->validate_card_expire($params['expiration_month'] . substr($params['expiration_year'], 2, 2))) {
expValidator::failAndReturnToForm(gt("Please enter a valid expiration data.") . "<br/>" . gt("For your security, your previously entered credit card information has been cleared."));
}
if (!$this->validate_cvv($params['cvv'])) {
expValidator::failAndReturnToForm(gt("Please enter a valid CVV number.") . "<br/>" . gt("For your security, your previously entered credit card information has been cleared."));
}
//eDebug(debug_backtrace(), true);
//eDebug($params);
//this is broke to f**k, as you can't validate more than one type of anything without overwriting it. duh.
//so calling twice instead....needs to be fixed though TODO:
//expValidator::validate(array('presence_of'=>'cc_number'), $params);
//expValidator::validate(array('presence_of'=>'cvv'), $params);
$this->opts = null;
//$this->opts->first_name = $params["first_name"];
//$this->opts->last_name = $params["last_name"];
$this->opts->cc_type = $params["cc_type"];
$this->opts->cc_number = $params["cc_number"];
$this->opts->exp_month = $params["expiration_month"];
$this->opts->exp_year = $params["expiration_year"];
$this->opts->cvv = $params["cvv"];
return $this->opts;
}
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
/** @define "BASE" "../../../.." */
if (!defined('EXPONENT')) {
exit('');
}
// Check for form errors
$post = $_POST;
$post['manual_redirect'] = true;
if (!expValidator::check_antispam($post)) {
flash('error', gt('Security Validation Failed'));
expHistory::back();
}
global $db, $user;
$f = $db->selectObject("formbuilder_form", "id=" . intval($_POST['id']));
$rpt = $db->selectObject("formbuilder_report", "form_id=" . intval($_POST['id']));
$controls = $db->selectObjects("formbuilder_control", "form_id=" . $f->id . " and is_readonly=0");
$controls = expSorter::sort(array('array' => $controls, 'sortby' => 'rank', 'order' => 'ASC'));
$db_data = null;
$emailFields = array();
$captions = array();
foreach ($controls as $c) {
$ctl = unserialize($c->data);
$control_type = get_class($ctl);
$def = call_user_func(array($control_type, "getFieldDefinition"));
/**
* validate help item sef_url within the help_version
* @return bool
*/
public function validate()
{
global $db;
// check for an sef url field. If it exists make sure it's valid and not a duplicate
//this needs to check for SEF URLS being turned on also: TODO
if (property_exists($this, 'sef_url') && !in_array('sef_url', $this->do_not_validate)) {
if (empty($this->sef_url)) {
$this->makeSefUrl();
}
$this->validates['is_valid_sef_name']['sef_url'] = array();
$this->validates['uniqueness_of']['sef_url'] = array();
}
// safeguard again loc data not being pass via forms...sometimes this happens when you're in a router
// mapped view and src hasn't been passed in via link to the form
if (isset($this->id) && empty($this->location_data)) {
$loc = $db->selectValue($this->tablename, 'location_data', 'id=' . $this->id);
if (!empty($loc)) {
$this->location_data = $loc;
}
}
// run the validation as defined in the datatypes
if (!isset($this->validates)) {
return true;
}
$messages = array();
$post = empty($_POST) ? array() : $_POST;
foreach ($this->validates as $validation => $field) {
foreach ($field as $key => $value) {
$fieldname = is_numeric($key) ? $value : $key;
$opts = is_numeric($key) ? array() : $value;
$sql = "`" . $fieldname . "`='" . $this->{$fieldname} . " AND help_version_id='" . $this->help_version_id . "'";
if (!empty($this->id)) {
$sql .= ' AND id != ' . $this->id;
}
$ret = $db->countObjects($this->tablename, $sql);
if ($ret > 0) {
$ret = array_key_exists('message', $opts) ? $opts['message'] : ucwords($fieldname) . ' "' . $this->{$fieldname} . '" is already in use.';
} else {
$ret = true;
}
if (!is_bool($ret)) {
$messages[] = $ret;
expValidator::setErrorField($fieldname);
unset($post[$fieldname]);
}
}
}
if (count($messages) >= 1) {
expValidator::failAndReturnToForm($messages, $post);
}
}
public function update_userpassword()
{
if (empty($this->params['id'])) {
expValidator::failAndReturnToForm(gt('You must specify the user whose password you want to change'), $this->params);
}
if (empty($this->params['new_password1'])) {
expValidator::setErrorField('new_password1');
expValidator::failAndReturnToForm(gt('You must specify a new password for this user.'), $this->params);
}
if (empty($this->params['new_password2'])) {
expValidator::setErrorField('new_password2');
expValidator::failAndReturnToForm(gt('You must confirm the password.'), $this->params);
}
$u = new user($this->params['id']);
$ret = $u->setPassword($this->params['new_password1'], $this->params['new_password2']);
if (is_string($ret)) {
expValidator::setErrorField('new_password1');
$this->params['new_password1'] = '';
$this->params['new_password2'] = '';
expValidator::failAndReturnToForm($ret, $this->params);
} else {
$u->save(true);
}
flash('message', gt('Password reset for user') . ' ' . $u->username);
expHistory::back();
}
function update()
{
global $db, $user;
/* The global constants can be overridden by passing appropriate params */
//sure wish I could do this once in the constructor. sadly $this->params[] isn't set yet
$require_login = empty($this->params['require_login']) ? COMMENTS_REQUIRE_LOGIN : $this->params['require_login'];
$require_approval = empty($this->params['require_approval']) ? COMMENTS_REQUIRE_APPROVAL : $this->params['require_approval'];
$require_notification = empty($this->params['require_notification']) ? COMMENTS_REQUIRE_NOTIFICATION : $this->params['require_notification'];
$notification_email = empty($this->params['notification_email']) ? COMMENTS_NOTIFICATION_EMAIL : $this->params['notification_email'];
// check the anti-spam control
if (!$user->isLoggedIn()) {
expValidator::check_antispam($this->params, gt("Your comment could not be posted because anti-spam verification failed. Please try again."));
}
// figure out the name and email address
if (!empty($user->id) && empty($this->params['id'])) {
$this->params['name'] = $user->firstname . " " . $user->lastname;
$this->params['email'] = $user->email;
}
// save the comment
if (empty($require_approval)) {
$this->expComment->approved = 1;
}
$this->expComment->update($this->params);
// attach the comment to the datatype it belongs to (blog, news, etc..);
$obj->content_type = $this->params['content_type'];
$obj->content_id = $this->params['content_id'];
$obj->expcomments_id = $this->expComment->id;
if (isset($this->params['subtype'])) {
$obj->subtype = $this->params['subtype'];
}
$db->insertObject($obj, $this->expComment->attachable_table);
$msg = 'Thank you for posting a comment.';
if ($require_approval == 1 && !$user->isAdmin()) {
$msg .= ' ' . gt('Your comment is now pending approval. You will receive an email to') . ' ';
$msg .= $this->expComment->email . ' ' . gt('letting you know when it has been approved.');
}
if ($require_notification && !$user->isAdmin()) {
$this->sendNotification($this->expComment, $this->params);
}
if ($require_approval == 1 && $this->params['approved'] == 1) {
$this->sendApprovalNotification($this->expComment, $this->params);
}
//if ($require_notification && !$user->isAdmin()) {
//}
flash('message', $msg);
expHistory::back();
}
public function signup()
{
global $db;
// check the anti-spam control
expValidator::check_antispam($this->params, gt("Anti-spam verification failed. Please try again."));
// make sure we have what we need.
if (empty($this->params['email'])) {
expQueue::flashAndFlow('error', 'You must supply an email address to sign up for email alerts.');
}
if (empty($this->params['ealerts'])) {
expQueue::flashAndFlow('error', 'You did not select any E-Alert topics to subscribe to.');
}
// find or create the subscriber
$id = $db->selectValue('subscribers', 'id', 'email="' . $this->params['email'] . '"');
$subscriber = new subscribers($id);
if (empty($subscriber->id)) {
$subscriber->email = trim($this->params['email']);
$subscriber->hash = md5($subscriber->email . time());
$subscriber->save();
}
// delete any old subscriptions and add the user to new subscriptions
$db->delete('expeAlerts_subscribers', 'subscribers_id=' . $subscriber->id);
foreach ($this->params['ealerts'] as $ea_id) {
$obj = null;
$obj->subscribers_id = $subscriber->id;
$obj->expeAlerts_id = $ea_id;
$db->insertObject($obj, 'expeAlerts_subscribers');
}
// send a confirmation email to the user.
$ealerts = $db->selectObjects('expeAlerts', 'id IN (' . implode(',', $this->params['ealerts']) . ')');
$body = get_template_for_action($this, 'confirmation_email', $this->loc);
$body->assign('ealerts', $ealerts);
$body->assign('subscriber', $subscriber);
$mail = new expMail();
$mail->quickSend(array('html_message' => $body->render(), 'to' => $subscriber->email, 'from' => SMTP_FROMADDRESS, 'subject' => 'Please confirm your E-Alert subscriptions'));
redirect_to(array('controller' => 'ealert', 'action' => 'pending', 'id' => $subscriber->id));
}
$error = false;
// We have to force the language name into the config.php file
expSettings::change('LANGUAGE', LANGUAGE);
$user = $db->selectObject('user', 'is_admin=1');
$user->username = $_POST['username'];
if ($user->username == '') {
$error = true;
$errorstr = gt('You must specify a valid username.');
$errorflag = '&errusername=true';
echo $errorstr;
} elseif ($_POST['password'] != $_POST['password2']) {
$error = true;
$errorstr = gt('Your passwords do not match. Please check your entries.');
$errorflag = '&errpassword=true';
echo $errorstr;
} elseif (!expValidator::validate_email_address($_POST['email'])) {
$error = true;
$errorstr = gt('Your email address is invalid. Please check your entry.');
$errorflag = '&erremail=true';
echo $errorstr;
}
if ($error) {
//FIXME Shouldn't get this because of check in install-6.php unless browser jscript disabled
flash('error', $errorstr);
header('Location: index.php?page=install-6' . $errorflag);
exit;
} else {
$user->password = md5($_POST['password']);
$user->firstname = $_POST['firstname'];
$user->lastname = $_POST['lastname'];
$user->is_admin = 1;
public function saveConfig()
{
if (!empty($this->params['aggregate']) || !empty($this->params['pull_rss'])) {
if ($this->params['order'] == 'rank ASC') {
expValidator::failAndReturnToForm(gt('User defined ranking is not allowed when aggregating or pull RSS data feeds.'), $this->params);
}
}
parent::saveConfig();
}
