function handle_user_insert(&$HTTP_VARS, &$errors)
{
if (!is_user_valid($HTTP_VARS['user_id'])) {
$HTTP_VARS['user_id'] = strtolower(filter_input_field("filtered(20,20,a-zA-Z0-9_.)", $HTTP_VARS['user_id']));
if (!validate_input_field(get_opendb_lang_var('userid'), "filtered(20,20,a-zA-Z0-9_.)", "Y", $HTTP_VARS['user_id'], $errors)) {
return FALSE;
}
if (validate_user_info(NULL, $HTTP_VARS, $address_provided_r, $errors)) {
if ($HTTP_VARS['op'] == 'signup') {
// no password saved when signing up, as user still must be activated
$active_ind = 'X';
// Will be reset when user activated
$HTTP_VARS['pwd'] = NULL;
} else {
$active_ind = 'Y';
if (strlen($HTTP_VARS['pwd']) == 0) {
if (is_valid_opendb_mailer()) {
$HTTP_VARS['pwd'] = generate_password(8);
} else {
$errors[] = array('error' => get_opendb_lang_var('passwd_not_specified'));
return FALSE;
}
} else {
if ($HTTP_VARS['pwd'] != $HTTP_VARS['confirmpwd']) {
$errors[] = array('error' => get_opendb_lang_var('passwds_do_not_match'));
return FALSE;
}
}
}
// We want to validate and perform inserts even in signup mode
if (insert_user($HTTP_VARS['user_id'], $HTTP_VARS['fullname'], $HTTP_VARS['pwd'], $HTTP_VARS['user_role'], $HTTP_VARS['uid_language'], $HTTP_VARS['uid_theme'], $HTTP_VARS['email_addr'], $active_ind)) {
$user_r = fetch_user_r($HTTP_VARS['user_id']);
return update_user_addresses($user_r, $address_provided_r, $HTTP_VARS, $errors);
} else {
$db_error = db_error();
$errors[] = array('error' => get_opendb_lang_var('user_not_added', 'user_id', $HTTP_VARS['user_id']), 'detail' => $db_error);
return FALSE;
}
} else {
return FALSE;
}
} else {
$errors[] = array('error' => get_opendb_lang_var('user_exists', 'user_id', $HTTP_VARS['user_id']), 'detail' => '');
return FALSE;
}
}
$HTTP_VARS['comment'] = filter_input_field('htmlarea(55,10)', $HTTP_VARS['comment']);
if (validate_review_input($HTTP_VARS, $errors)) {
if (insert_review($HTTP_VARS['item_id'], get_opendb_session_var('user_id'), $HTTP_VARS['comment'], $HTTP_VARS['rating'])) {
echo "<p class=\"success\">" . get_opendb_lang_var('review_added') . "</p>";
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('review_not_added') . "</p>";
}
} else {
echo format_error_block($errors);
echo get_edit_form('insert', array(), $HTTP_VARS);
}
} else {
if ($HTTP_VARS['op'] == 'update') {
if (get_opendb_config_var('item_review', 'update_support') !== FALSE) {
if (is_review_author($review_r['sequence_number']) || is_user_granted_permission(PERM_ADMIN_REVIEWER)) {
$HTTP_VARS['comment'] = filter_input_field('htmlarea(55,10)', $HTTP_VARS['comment']);
if (validate_review_input($HTTP_VARS, $errors)) {
if (update_review($HTTP_VARS['sequence_number'], $HTTP_VARS['comment'], $HTTP_VARS['rating'])) {
echo "<p class=\"success\">" . get_opendb_lang_var('review_updated') . "</p>";
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('review_not_updated') . "</p>";
}
} else {
echo format_error_block($errors);
echo get_edit_form('update', array(), $HTTP_VARS);
}
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>";
}
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>";
