}
switch ($action) {
case 'reset':
// Reset values for variables
$first_name = '';
$last_name = '';
$password = '';
$email = '';
// Load view
include 'register.php';
break;
case 'register':
// Copy form values to local variables
$first_name = trim(filter_input(INPUT_POST, 'first_name'));
$last_name = trim(filter_input(INPUT_POST, 'last_name'));
$password = trim(filter_input(INPUT_POST, 'password'));
$email = trim(filter_input(INPUT_POST, 'email'));
// Validate form data
$validate->text('first_name', $first_name);
$validate->text('last_name', $last_name);
$validate->password('password', $password);
$validate->email('email', $email);
add_admin($first_name, $last_name, $email, $password);
// Load appropriate view based on hasErrors
if ($fields->hasErrors()) {
include 'register.php';
} else {
include 'success.php';
}
break;
}
$fields->addField('password');
switch ($action) {
case 'view_login':
// Clear login data
$email = '';
$password = '';
$password_message = '';
include 'account_login.php';
break;
case 'login':
// Get username/password
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
// Validate user data
$validate->email('email', $email);
$validate->text('password', $password, true, 6, 30);
// If validation errors, redisplay Login page and exit controller
if ($fields->hasErrors()) {
include 'admin/account/account_login.php';
break;
}
// Check database - if valid username/password, log in
if (is_valid_admin_login($email, $password)) {
$_SESSION['admin'] = get_admin_by_email($email);
} else {
$password_message = 'Login failed. Invalid email or password.';
include 'admin/account/account_login.php';
break;
}
// Display Admin Menu page
redirect('..');
$ship_line1 = filter_input(INPUT_POST, 'ship_line1');
$ship_line2 = filter_input(INPUT_POST, 'ship_line2');
$ship_city = filter_input(INPUT_POST, 'ship_city');
$ship_state = filter_input(INPUT_POST, 'ship_state');
$ship_zip = filter_input(INPUT_POST, 'ship_zip');
$ship_phone = filter_input(INPUT_POST, 'ship_phone');
$use_shipping = isset($_POST['use_shipping']);
$bill_line1 = filter_input(INPUT_POST, 'bill_line1');
$bill_line2 = filter_input(INPUT_POST, 'bill_line2');
$bill_city = filter_input(INPUT_POST, 'bill_city');
$bill_state = filter_input(INPUT_POST, 'bill_state');
$bill_zip = filter_input(INPUT_POST, 'bill_zip');
$bill_phone = filter_input(INPUT_POST, 'bill_phone');
// Validate user data
$validate->email('email', $email);
$validate->text('password_1', $password_1, true, 6, 30);
$validate->text('password_2', $password_2, true, 6, 30);
$validate->text('first_name', $first_name);
$validate->text('last_name', $last_name);
$validate->text('ship_line1', $ship_line1);
$validate->text('ship_line2', $ship_line2, false);
$validate->text('ship_city', $ship_city);
$validate->text('ship_state', $ship_state);
$validate->text('ship_zip', $ship_zip);
$validate->text('ship_phone', $ship_phone, false);
if (!$use_shipping) {
$validate->text('bill_line1', $bill_line1);
$validate->text('bill_line2', $bill_line2, false);
$validate->text('bill_city', $bill_city);
$validate->text('bill_state', $bill_state);
$validate->text('bill_zip', $bill_zip);
<?php
// Run Permissions
require SYS_PATH . "/controller/includes/admin_perm.php";
// Make sure that only management or higher is allowed
if (Me::$clearance < 7) {
header("Location: /admin");
exit;
}
if (Form::submitted("email-send-admin")) {
Validate::email($_POST['email']);
Validate::input("Subject", $_POST['title'], 1, 22);
Validate::text("Message", $_POST['message'], 1, 3500);
if (Validate::pass()) {
Email_Send::standard($_POST['email'], $_POST['title'], $_POST['message']);
Alert::saveSuccess("Email Sent", "You have successfully sent an email to " . $_POST['email']);
header("Location: /admin/Email/Email List");
exit;
}
}
// Run Header
require SYS_PATH . "/controller/includes/admin_header.php";
echo '
<form action="/admin/Email/Send Email" method="post">' . Form::prepare("email-send-admin") . '
<p>Email: <input type="text" name="email" value="" /></p>
<p>Subject: <input type="text" name="title" value="" maxlength="22" /></p>
<p>Message: <textarea name="message"></textarea></p>
<p><input type="submit" name="submit" value="Send Email" /></p>
</form>';
// Display the Footer
require SYS_PATH . "/controller/includes/admin_footer.php";
$firstName = trim(filter_input(INPUT_POST, 'first_name'));
$lastName = trim(filter_input(INPUT_POST, 'last_name'));
$address = trim(filter_input(INPUT_POST, 'address'));
$city = trim(filter_input(INPUT_POST, 'city'));
$state = filter_input(INPUT_POST, 'state');
$zip = filter_input(INPUT_POST, 'zip');
$phone = filter_input(INPUT_POST, 'phone');
$cardType = filter_input(INPUT_POST, 'card_type');
$cardNumber = filter_input(INPUT_POST, 'card_number');
$cardDigits = preg_replace('/[^[:digit:]]/', '', $cardNumber);
$expDate = filter_input(INPUT_POST, 'exp_date');
// Validate form data
$validate->email('email', $email);
$validate->password('password', $password);
$validate->verify('verify', $password, $verify);
$validate->text('first_name', $firstName);
$validate->text('last_name', $lastName);
$validate->text('address', $address);
$validate->text('city', $city);
$validate->state('state', $state);
$validate->zip('zip', $zip);
$validate->phone('phone', $phone);
$validate->cardType('card_type', $cardType);
$validate->cardNumber('card_number', $cardDigits, $cardType);
$validate->expDate('exp_date', $expDate);
// Load appropriate view based on hasErrors
if ($fields->hasErrors()) {
include 'view/register.php';
} else {
include 'view/success.php';
}
} else {
if ($action == 'show_add_form') {
$code = '';
$name = '';
$price = '';
$categories = CategoryDB::getCategories();
include 'product_add.php';
} else {
if ($action == 'add_product') {
// Get form data
$category_id = filter_input(INPUT_POST, 'category_id', FILTER_VALIDATE_INT);
$code = filter_input(INPUT_POST, 'code');
$name = filter_input(INPUT_POST, 'name');
$price = filter_input(INPUT_POST, 'price');
// Validate form data
$validate->text('code', $code, true, 1, 10);
$validate->text('name', $name);
$validate->number('price', $price);
// Load appropriate view based on hasErrors
if ($fields->hasErrors()) {
$categories = CategoryDB::getCategories();
include 'product_add.php';
} else {
$current_category = CategoryDB::getCategory($category_id);
$product = new Product($current_category, $code, $name, $price);
ProductDB::addProduct($product);
// Display the Product List page for the current category
header("Location: .?category_id={$category_id}");
}
}
}
<?php
// Form Submission
if (Form::submitted("add-user-uni6")) {
// Check if all of the input you sent is valid:
Validate::variable("Handle", $_POST['handle'], 1, 22);
Validate::text("Display Name", $_POST['display_name'], 3, 22);
Validate::password($_POST['password']);
Validate::email($_POST['email']);
// Check if the handle has already been taken
if (AppAccount::handleTaken($_POST['handle'])) {
Alert::error("Handle Taken", "That handle has already been taken", 1);
}
if (Database::selectOne("SELECT email FROM users WHERE email=? LIMIT 1", array($_POST['email']))) {
Alert::error("Email", "That email already exists.", 1);
}
// Final Validation Test
if (Validate::pass()) {
Database::startTransaction();
$uniID = 0;
// Check if the account already exists
if ($checkAuth = Database::selectValue("SELECT uni_id FROM users WHERE handle=? LIMIT 1", array($_POST['handle']))) {
$uniID = (int) $checkAuth;
} else {
if ($regSuccess = Database::query("INSERT INTO users (handle, display_name, email, password, date_joined, auth_token, verified) VALUES (?, ?, ?, ?, ?, ?, ?)", array($_POST['handle'], $_POST['display_name'], $_POST['email'], Security_HashPassword::set($_POST['password']), time(), Security_Hash::random(22, 72), 1))) {
$uniID = (int) Database::$lastID;
if (isset($_POST['send_email'])) {
// Email a verification letter
AppVerification::sendVerification($uniID);
Alert::success("Email Sent", "The account was created successfully! A verification email has been sent to " . $_POST['email'] . "!");
} else {
