示例#1
0
function saveUserData($username,$fields) {
	# saves data in session, not in database
  dbg("Saving user $username");
	if (!is_array($_SESSION["userdata"])) {
  	dbg("Nothing to save");
    return;
  }
  if (!$username) {
  	$username = '******';
  }
	$res = "";
  $required_fields = explode(",",$_POST["required"]);
  $required_formats = explode(",",$_POST["required_formats"]);
  $description_fields = explode(",",$_POST["required_description"]);

  reset($fields);
  dbg("Checking fields");
  while (list($fname,$fval) = each ($fields)) {
 # 	dbg($fname);
  	$key = $fname;
    $val = $_POST[$fname];
		if (!ereg("required",$key) &&
    	$fields[$key]["type"] != "separator" &&
    	$fields[$key]["type"] != "emailcheck" &&
    	$fields[$key]["type"] != "passwordcheck"
      ) {
	#  	dbg($fname ." of type ".$fields[$key]["type"]);
       if (!is_array($_SESSION["userdata"][$key]))
       	 $_SESSION["userdata"][$key] = array();
       $_SESSION["userdata"][$key]["name"] = $fields[$key]["name"];
       $_SESSION["userdata"][$key]["type"] = $fields[$key]["type"];
       if ($fields[$key]["type"] == "creditcardno") {
       	 # dont overwrite known CC with ***
         if (!preg_match("#^\*+#",$val)) {
		     	 $_SESSION["userdata"][$key]["value"] = ltrim($val);
         }
       } else {
	     	 $_SESSION["userdata"][$key]["value"] = ltrim($val);
       }
       if ($fields[$key]["type"] == "select") {
	     	 $_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val];
       } elseif ($fields[$key]["type"] == "checkboxgroup") {
	     	 $_SESSION["userdata"][$key]["value"] = join(",",$val);
       } elseif ($fields[$key]["type"] == "creditcardno") {
       		# erase any non digits from the CC numbers
					$_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]);
					$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
       } elseif ($fields[$key]["name"] == "Card Number") {
					$_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]);
					$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
/*					$_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4);
       		for ($i=0;$i<strlen($_SESSION["userdata"][$key]["value"]-4);$i++) {
		     	  $_SESSION["userdata"][$key]["displayvalue"] .= '*';
         	}
*/
		   } else {
	     	 $_SESSION["userdata"][$key]["displayvalue"] = $val;
		   }
       
/*       # remember other aspects of the fields
       foreach ($fields as $key => $val) {
         foreach ($val as $field_attr => $value) {
	       	 if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\d+$/",$key)
           	&& !preg_match("/^\d+$/",$field_attr)
           ) {
						 $_SESSION["userdata"][$key][$field_attr] = $value;
           }
          }
       }
*/
       # save it to the DB as well
    } else {
#  	  	dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]);
		}
  }
  
  # fix UK postcodes to correct format
  if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") {
    $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"];
    $postcode = strtoupper(str_replace(" ","",$postcode));
    if (preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) {
      $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1])." ".$regs[2];
      $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1])." ".$regs[2];
    }
  }

  while (list($index,$field) = each ($required_fields)) {
 		$type = $fields[$field]["type"];
    if ($field && !$_SESSION["userdata"][$field]["value"]) {
      $res = "Information missing: ".$description_fields[$index];
      break;
    } else if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]),$_SESSION["userdata"][$field]["value"])) {
      $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
      break;
    } else if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) {
      $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
      break;
    } else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\d/",$_SESSION["userdata"]["attribute82"]["value"])) {
      $res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number.";
      break;
    } else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) {
      $res = "Sorry, an issue number is not valid when not using a Switch Card";
      break;
    } else if (($type == "creditcardno" || $field == "cardnumber") && !checkCCrange($_SESSION["userdata"][$field]["value"])) {
    	list($cid,$cname) = ccCompany($_SESSION["userdata"][$field]["value"]);
      if (!$cname)
      	$cname = '(Unknown Credit card)';
      $res = "Sorry, we currently don't accept $cname cards";
      break;
    } else if (($type == "creditcardno" || $field == "cardnumber") && !validateCC($_SESSION["userdata"][$field]["value"])) {
      $res = "Sorry, you entered an invalid ".$description_fields[$index];#.": ".$_SESSION["userdata"][$field]["value"];
      break;
    } else if (($type == "creditcardexpiry" ||$field == "cardexpiry") && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) {
      $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
      break;
    }
  }
	if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") {
    $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"];
    if (!preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) {
      $res = "That does not seem to be a valid UK postcode";
    } elseif (!preg_match("/^[\s\w\d]+$/",$postcode,$regs)) {
      $res = "That does not seem to be a valid UK postcode";
    }
  }
  if (is_array($GLOBALS["config"]["bocs_dpa"])) {
    if (!is_array($_SESSION["DPA"]))
      $_SESSION["DPA"] = array();
  	foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) {
    	if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) {
      	$_SESSION["DPA"][$val] = "Y";
     	} else {
      	$_SESSION["DPA"][$val] = "N";
      }
   	}
  }
  return $res;
}
示例#2
0
function saveUserData($username, $fields)
{
    # saves data in session, not in database
    if (!is_array($_SESSION["userdata"])) {
        initialiseUserSession();
    }
    if (!empty($GLOBALS['usersaved'])) {
        return;
    }
    if (!$username) {
        $username = '******';
    }
    dbg("Saving user in session {$username}", '', DBG_TRACE);
    $res = "";
    $required_fields = explode(",", $_POST["required"]);
    if ($_POST["unrequire"]) {
        $unrequired_fields = explode(",", $_POST["unrequire"]);
        $required_fields = array_diff($required_fields, $unrequired_fields);
    } else {
        $unrequired_fields = array();
    }
    $required_formats = explode(",", $_POST["required_formats"]);
    $description_fields = explode(",", $_POST["required_description"]);
    reset($fields);
    #  dbg("Checking fields");
    foreach ($fields as $fname => $fielddetails) {
        dbg('Saving user Saving ' . $fname . ' to session ' . $_POST[$fname]);
        #   dbg($fielddetails);
        $key = $fname;
        $val = $_POST[$fname];
        if (strpos($key, "required") === false && $key != "unrequire" && $fields[$key]["type"] != "separator" && $fields[$key]["type"] != "emailcheck" && $fields[$key]["type"] != "passwordcheck") {
            #   dbg($fname ." of type ".$fields[$key]["type"]);
            if (!is_array($_SESSION["userdata"][$key])) {
                $_SESSION["userdata"][$key] = array();
            }
            $_SESSION["userdata"][$key]["name"] = $fields[$key]["name"];
            $_SESSION["userdata"][$key]["type"] = $fields[$key]["type"];
            if ($fields[$key]["type"] == "date") {
                $_SESSION["userdata"][$key]["value"] = sprintf('%04d-%02d-%02d', $_POST['year'][$key], $_POST['month'][$key], $_POST['day'][$key]);
                $_SESSION["userdata"][$key]["displayvalue"] = $_SESSION["userdata"][$key]["value"];
            } elseif ($fields[$key]["type"] == "creditcardno") {
                # dont overwrite known CC with ***
                if (!preg_match("#^\\*+#", $val)) {
                    $_SESSION["userdata"][$key]["value"] = ltrim($val);
                }
            } else {
                $_SESSION["userdata"][$key]["value"] = ltrim($val);
            }
            if ($fields[$key]["type"] == "select") {
                if (!empty($val) && is_array($fields[$key]["values"])) {
                    $_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val];
                }
            } elseif ($fields[$key]["type"] == "checkboxgroup") {
                if (is_array($val)) {
                    // if val is empty join crashes
                    $_SESSION["userdata"][$key]["value"] = join(",", $val);
                }
            } elseif ($fields[$key]["type"] == "creditcardno") {
                # erase any non digits from the CC numbers
                $_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]);
                $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
            } elseif ($fields[$key]["name"] == "Card Number") {
                $_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]);
                $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
                /*          $_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4);
                          for ($i=0;$i<strlen($_SESSION["userdata"][$key]["value"]-4);$i++) {
                            $_SESSION["userdata"][$key]["displayvalue"] .= '*';
                          }
                */
            } else {
                $_SESSION["userdata"][$key]["displayvalue"] = $val;
            }
            foreach ($fielddetails as $field_attr => $field_attr_value) {
                if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\\d+\$/", $key) && !preg_match("/^\\d+\$/", $field_attr)) {
                    $_SESSION["userdata"][$key][$field_attr] = $field_attr_value;
                }
            }
            # save it to the DB as well
        } else {
            #       dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]);
        }
    }
    # fix UK postcodes to correct format
    if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) {
        $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"];
        $postcode = strtoupper(str_replace(" ", "", $postcode));
        if (preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) {
            $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1]) . " " . $regs[2];
            $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1]) . " " . $regs[2];
        }
    }
    dbg("Checking required fields");
    reset($required_fields);
    while (list($index, $field) = each($required_fields)) {
        $type = $fields[$field]["type"];
        # dbg("$field of type $type");
        if ($type != 'userfield' && $type != '') {
            ### @@@ need to check why type is not set
            if ($field && !$_SESSION["userdata"][$field]["value"]) {
                $res = "Information missing: " . $description_fields[$index];
                break;
            } else {
                if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]), $_SESSION["userdata"][$field]["value"])) {
                    $res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
                    break;
                } else {
                    if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) {
                        $res = "Sorry, the following field cannot be validated: " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
                        break;
                    } elseif ($field == "emailcheck" && $_SESSION["userdata"]["email"]["value"] != $_SESSION["userdata"]["emailcheck"]["value"]) {
                        $res = "Emails entered are not the same";
                        break;
                    } else {
                        if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\\d/", $_SESSION["userdata"]["attribute82"]["value"])) {
                            $res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number.";
                            break;
                        } else {
                            if ($field == "cardtype" && isset($_SESSION["userdata"][$field]["value"]) && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) {
                                $res = "Sorry, an issue number is not valid when not using a Switch Card";
                                break;
                            } else {
                                if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !checkCCrange($_SESSION["userdata"][$field]["value"])) {
                                    list($cid, $cname) = ccCompany($_SESSION["userdata"][$field]["value"]);
                                    if (!$cname) {
                                        $cname = '(Unknown Credit card)';
                                    }
                                    $res = "Sorry, we currently don't accept {$cname} cards";
                                    break;
                                } else {
                                    if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !validateCC($_SESSION["userdata"][$field]["value"])) {
                                        $res = "Sorry, you entered an invalid " . $description_fields[$index];
                                        #.": ".$_SESSION["userdata"][$field]["value"];
                                        break;
                                    } else {
                                        if (($type == "creditcardexpiry" || $field == "cardexpiry") && isset($_SESSION["userdata"][$field]["value"]) && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) {
                                            $res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
                                            break;
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if (0 && isset($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"]) && $_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) {
        $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"];
        if (!preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) {
            $res = "That does not seem to be a valid UK postcode";
        } elseif (!preg_match("/^[\\s\\w\\d]+\$/", $postcode, $regs)) {
            $res = "That does not seem to be a valid UK postcode";
        }
    }
    /*  if (is_array($GLOBALS["config"]["bocs_dpa"])) {
        if (!is_array($_SESSION["DPA"]))
          $_SESSION["DPA"] = array();
        foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) {
          if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) {
            $_SESSION["DPA"][$val] = "Y";
          } else {
            $_SESSION["DPA"][$val] = "N";
          }
        }
      }*/
    # if no error in form check for subscriptions
    if (!$res && is_object($GLOBALS["config"]["plugins"]["phplist"])) {
        $phplist = $GLOBALS["config"]["plugins"]["phplist"];
        foreach ($_SESSION["userdata"] as $key => $field) {
            if (($field["formtype"] == "List Subscription" || $field["type"] == "List Subscription") && $field["listid"]) {
                $listid = $field["listid"];
                if ($field["value"] && isset($_SESSION["userdata"]["email"])) {
                    if ($phplist->addEmailToList($_SESSION["userdata"]["email"]["value"], $listid)) {
                        $phplist->confirmEmail($_SESSION["userdata"]["email"]["value"]);
                        #  sendError("User added to list: $listid");
                    } else {
                        # sendError("Error adding user to list: $listid");
                    }
                }
                #else {
                #$phplist->removeEmailFromList($_SESSION["userdata"]["email"]["value"],$listid);
                #}
            }
        }
    }
    $GLOBALS['usersaved'] = time();
    return $res;
}