function handle_user_insert(&$HTTP_VARS, &$errors) { if (!is_user_valid($HTTP_VARS['user_id'])) { $HTTP_VARS['user_id'] = strtolower(filter_input_field("filtered(20,20,a-zA-Z0-9_.)", $HTTP_VARS['user_id'])); if (!validate_input_field(get_opendb_lang_var('userid'), "filtered(20,20,a-zA-Z0-9_.)", "Y", $HTTP_VARS['user_id'], $errors)) { return FALSE; } if (validate_user_info(NULL, $HTTP_VARS, $address_provided_r, $errors)) { if ($HTTP_VARS['op'] == 'signup') { // no password saved when signing up, as user still must be activated $active_ind = 'X'; // Will be reset when user activated $HTTP_VARS['pwd'] = NULL; } else { $active_ind = 'Y'; if (strlen($HTTP_VARS['pwd']) == 0) { if (is_valid_opendb_mailer()) { $HTTP_VARS['pwd'] = generate_password(8); } else { $errors[] = array('error' => get_opendb_lang_var('passwd_not_specified')); return FALSE; } } else { if ($HTTP_VARS['pwd'] != $HTTP_VARS['confirmpwd']) { $errors[] = array('error' => get_opendb_lang_var('passwds_do_not_match')); return FALSE; } } } // We want to validate and perform inserts even in signup mode if (insert_user($HTTP_VARS['user_id'], $HTTP_VARS['fullname'], $HTTP_VARS['pwd'], $HTTP_VARS['user_role'], $HTTP_VARS['uid_language'], $HTTP_VARS['uid_theme'], $HTTP_VARS['email_addr'], $active_ind)) { $user_r = fetch_user_r($HTTP_VARS['user_id']); return update_user_addresses($user_r, $address_provided_r, $HTTP_VARS, $errors); } else { $db_error = db_error(); $errors[] = array('error' => get_opendb_lang_var('user_not_added', 'user_id', $HTTP_VARS['user_id']), 'detail' => $db_error); return FALSE; } } else { return FALSE; } } else { $errors[] = array('error' => get_opendb_lang_var('user_exists', 'user_id', $HTTP_VARS['user_id']), 'detail' => ''); return FALSE; } }
$HTTP_VARS['comment'] = filter_input_field('htmlarea(55,10)', $HTTP_VARS['comment']); if (validate_review_input($HTTP_VARS, $errors)) { if (insert_review($HTTP_VARS['item_id'], get_opendb_session_var('user_id'), $HTTP_VARS['comment'], $HTTP_VARS['rating'])) { echo "<p class=\"success\">" . get_opendb_lang_var('review_added') . "</p>"; } else { echo "<p class=\"error\">" . get_opendb_lang_var('review_not_added') . "</p>"; } } else { echo format_error_block($errors); echo get_edit_form('insert', array(), $HTTP_VARS); } } else { if ($HTTP_VARS['op'] == 'update') { if (get_opendb_config_var('item_review', 'update_support') !== FALSE) { if (is_review_author($review_r['sequence_number']) || is_user_granted_permission(PERM_ADMIN_REVIEWER)) { $HTTP_VARS['comment'] = filter_input_field('htmlarea(55,10)', $HTTP_VARS['comment']); if (validate_review_input($HTTP_VARS, $errors)) { if (update_review($HTTP_VARS['sequence_number'], $HTTP_VARS['comment'], $HTTP_VARS['rating'])) { echo "<p class=\"success\">" . get_opendb_lang_var('review_updated') . "</p>"; } else { echo "<p class=\"error\">" . get_opendb_lang_var('review_not_updated') . "</p>"; } } else { echo format_error_block($errors); echo get_edit_form('update', array(), $HTTP_VARS); } } else { echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>"; } } else { echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>";