function saveUserData($username,$fields) {
# saves data in session, not in database
dbg("Saving user $username");
if (!is_array($_SESSION["userdata"])) {
dbg("Nothing to save");
return;
}
if (!$username) {
$username = '******';
}
$res = "";
$required_fields = explode(",",$_POST["required"]);
$required_formats = explode(",",$_POST["required_formats"]);
$description_fields = explode(",",$_POST["required_description"]);
reset($fields);
dbg("Checking fields");
while (list($fname,$fval) = each ($fields)) {
# dbg($fname);
$key = $fname;
$val = $_POST[$fname];
if (!ereg("required",$key) &&
$fields[$key]["type"] != "separator" &&
$fields[$key]["type"] != "emailcheck" &&
$fields[$key]["type"] != "passwordcheck"
) {
# dbg($fname ." of type ".$fields[$key]["type"]);
if (!is_array($_SESSION["userdata"][$key]))
$_SESSION["userdata"][$key] = array();
$_SESSION["userdata"][$key]["name"] = $fields[$key]["name"];
$_SESSION["userdata"][$key]["type"] = $fields[$key]["type"];
if ($fields[$key]["type"] == "creditcardno") {
# dont overwrite known CC with ***
if (!preg_match("#^\*+#",$val)) {
$_SESSION["userdata"][$key]["value"] = ltrim($val);
}
} else {
$_SESSION["userdata"][$key]["value"] = ltrim($val);
}
if ($fields[$key]["type"] == "select") {
$_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val];
} elseif ($fields[$key]["type"] == "checkboxgroup") {
$_SESSION["userdata"][$key]["value"] = join(",",$val);
} elseif ($fields[$key]["type"] == "creditcardno") {
# erase any non digits from the CC numbers
$_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]);
$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
} elseif ($fields[$key]["name"] == "Card Number") {
$_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]);
$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
/* $_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4);
for ($i=0;$i<strlen($_SESSION["userdata"][$key]["value"]-4);$i++) {
$_SESSION["userdata"][$key]["displayvalue"] .= '*';
}
*/
} else {
$_SESSION["userdata"][$key]["displayvalue"] = $val;
}
/* # remember other aspects of the fields
foreach ($fields as $key => $val) {
foreach ($val as $field_attr => $value) {
if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\d+$/",$key)
&& !preg_match("/^\d+$/",$field_attr)
) {
$_SESSION["userdata"][$key][$field_attr] = $value;
}
}
}
*/
# save it to the DB as well
} else {
# dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]);
}
}
# fix UK postcodes to correct format
if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") {
$postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"];
$postcode = strtoupper(str_replace(" ","",$postcode));
if (preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) {
$_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1])." ".$regs[2];
$_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1])." ".$regs[2];
}
}
while (list($index,$field) = each ($required_fields)) {
$type = $fields[$field]["type"];
if ($field && !$_SESSION["userdata"][$field]["value"]) {
$res = "Information missing: ".$description_fields[$index];
break;
} else if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]),$_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
break;
} else if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
break;
} else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\d/",$_SESSION["userdata"]["attribute82"]["value"])) {
$res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number.";
break;
} else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) {
$res = "Sorry, an issue number is not valid when not using a Switch Card";
break;
} else if (($type == "creditcardno" || $field == "cardnumber") && !checkCCrange($_SESSION["userdata"][$field]["value"])) {
list($cid,$cname) = ccCompany($_SESSION["userdata"][$field]["value"]);
if (!$cname)
$cname = '(Unknown Credit card)';
$res = "Sorry, we currently don't accept $cname cards";
break;
} else if (($type == "creditcardno" || $field == "cardnumber") && !validateCC($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid ".$description_fields[$index];#.": ".$_SESSION["userdata"][$field]["value"];
break;
} else if (($type == "creditcardexpiry" ||$field == "cardexpiry") && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
break;
}
}
if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") {
$postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"];
if (!preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) {
$res = "That does not seem to be a valid UK postcode";
} elseif (!preg_match("/^[\s\w\d]+$/",$postcode,$regs)) {
$res = "That does not seem to be a valid UK postcode";
}
}
if (is_array($GLOBALS["config"]["bocs_dpa"])) {
if (!is_array($_SESSION["DPA"]))
$_SESSION["DPA"] = array();
foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) {
if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) {
$_SESSION["DPA"][$val] = "Y";
} else {
$_SESSION["DPA"][$val] = "N";
}
}
}
return $res;
}
function saveUserData($username, $fields)
{
# saves data in session, not in database
if (!is_array($_SESSION["userdata"])) {
initialiseUserSession();
}
if (!empty($GLOBALS['usersaved'])) {
return;
}
if (!$username) {
$username = '******';
}
dbg("Saving user in session {$username}", '', DBG_TRACE);
$res = "";
$required_fields = explode(",", $_POST["required"]);
if ($_POST["unrequire"]) {
$unrequired_fields = explode(",", $_POST["unrequire"]);
$required_fields = array_diff($required_fields, $unrequired_fields);
} else {
$unrequired_fields = array();
}
$required_formats = explode(",", $_POST["required_formats"]);
$description_fields = explode(",", $_POST["required_description"]);
reset($fields);
# dbg("Checking fields");
foreach ($fields as $fname => $fielddetails) {
dbg('Saving user Saving ' . $fname . ' to session ' . $_POST[$fname]);
# dbg($fielddetails);
$key = $fname;
$val = $_POST[$fname];
if (strpos($key, "required") === false && $key != "unrequire" && $fields[$key]["type"] != "separator" && $fields[$key]["type"] != "emailcheck" && $fields[$key]["type"] != "passwordcheck") {
# dbg($fname ." of type ".$fields[$key]["type"]);
if (!is_array($_SESSION["userdata"][$key])) {
$_SESSION["userdata"][$key] = array();
}
$_SESSION["userdata"][$key]["name"] = $fields[$key]["name"];
$_SESSION["userdata"][$key]["type"] = $fields[$key]["type"];
if ($fields[$key]["type"] == "date") {
$_SESSION["userdata"][$key]["value"] = sprintf('%04d-%02d-%02d', $_POST['year'][$key], $_POST['month'][$key], $_POST['day'][$key]);
$_SESSION["userdata"][$key]["displayvalue"] = $_SESSION["userdata"][$key]["value"];
} elseif ($fields[$key]["type"] == "creditcardno") {
# dont overwrite known CC with ***
if (!preg_match("#^\\*+#", $val)) {
$_SESSION["userdata"][$key]["value"] = ltrim($val);
}
} else {
$_SESSION["userdata"][$key]["value"] = ltrim($val);
}
if ($fields[$key]["type"] == "select") {
if (!empty($val) && is_array($fields[$key]["values"])) {
$_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val];
}
} elseif ($fields[$key]["type"] == "checkboxgroup") {
if (is_array($val)) {
// if val is empty join crashes
$_SESSION["userdata"][$key]["value"] = join(",", $val);
}
} elseif ($fields[$key]["type"] == "creditcardno") {
# erase any non digits from the CC numbers
$_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]);
$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
} elseif ($fields[$key]["name"] == "Card Number") {
$_SESSION["userdata"][$key]["value"] = preg_replace("/\\D/", "", $_SESSION["userdata"][$key]["value"]);
$_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
/* $_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4);
for ($i=0;$i<strlen($_SESSION["userdata"][$key]["value"]-4);$i++) {
$_SESSION["userdata"][$key]["displayvalue"] .= '*';
}
*/
} else {
$_SESSION["userdata"][$key]["displayvalue"] = $val;
}
foreach ($fielddetails as $field_attr => $field_attr_value) {
if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\\d+\$/", $key) && !preg_match("/^\\d+\$/", $field_attr)) {
$_SESSION["userdata"][$key][$field_attr] = $field_attr_value;
}
}
# save it to the DB as well
} else {
# dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]);
}
}
# fix UK postcodes to correct format
if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) {
$postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"];
$postcode = strtoupper(str_replace(" ", "", $postcode));
if (preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) {
$_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1]) . " " . $regs[2];
$_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1]) . " " . $regs[2];
}
}
dbg("Checking required fields");
reset($required_fields);
while (list($index, $field) = each($required_fields)) {
$type = $fields[$field]["type"];
# dbg("$field of type $type");
if ($type != 'userfield' && $type != '') {
### @@@ need to check why type is not set
if ($field && !$_SESSION["userdata"][$field]["value"]) {
$res = "Information missing: " . $description_fields[$index];
break;
} else {
if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]), $_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
break;
} else {
if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, the following field cannot be validated: " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
break;
} elseif ($field == "emailcheck" && $_SESSION["userdata"]["email"]["value"] != $_SESSION["userdata"]["emailcheck"]["value"]) {
$res = "Emails entered are not the same";
break;
} else {
if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\\d/", $_SESSION["userdata"]["attribute82"]["value"])) {
$res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number.";
break;
} else {
if ($field == "cardtype" && isset($_SESSION["userdata"][$field]["value"]) && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) {
$res = "Sorry, an issue number is not valid when not using a Switch Card";
break;
} else {
if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !checkCCrange($_SESSION["userdata"][$field]["value"])) {
list($cid, $cname) = ccCompany($_SESSION["userdata"][$field]["value"]);
if (!$cname) {
$cname = '(Unknown Credit card)';
}
$res = "Sorry, we currently don't accept {$cname} cards";
break;
} else {
if (($type == "creditcardno" || $field == "cardnumber") && isset($_SESSION["userdata"][$field]["value"]) && !validateCC($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid " . $description_fields[$index];
#.": ".$_SESSION["userdata"][$field]["value"];
break;
} else {
if (($type == "creditcardexpiry" || $field == "cardexpiry") && isset($_SESSION["userdata"][$field]["value"]) && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) {
$res = "Sorry, you entered an invalid " . $description_fields[$index] . ": " . $_SESSION["userdata"][$field]["value"];
break;
}
}
}
}
}
}
}
}
}
}
if (0 && isset($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"]) && $_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom" && isset($_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"])) {
$postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"];
if (!preg_match("/(.*)(\\d\\w\\w)\$/", $postcode, $regs)) {
$res = "That does not seem to be a valid UK postcode";
} elseif (!preg_match("/^[\\s\\w\\d]+\$/", $postcode, $regs)) {
$res = "That does not seem to be a valid UK postcode";
}
}
/* if (is_array($GLOBALS["config"]["bocs_dpa"])) {
if (!is_array($_SESSION["DPA"]))
$_SESSION["DPA"] = array();
foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) {
if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) {
$_SESSION["DPA"][$val] = "Y";
} else {
$_SESSION["DPA"][$val] = "N";
}
}
}*/
# if no error in form check for subscriptions
if (!$res && is_object($GLOBALS["config"]["plugins"]["phplist"])) {
$phplist = $GLOBALS["config"]["plugins"]["phplist"];
foreach ($_SESSION["userdata"] as $key => $field) {
if (($field["formtype"] == "List Subscription" || $field["type"] == "List Subscription") && $field["listid"]) {
$listid = $field["listid"];
if ($field["value"] && isset($_SESSION["userdata"]["email"])) {
if ($phplist->addEmailToList($_SESSION["userdata"]["email"]["value"], $listid)) {
$phplist->confirmEmail($_SESSION["userdata"]["email"]["value"]);
# sendError("User added to list: $listid");
} else {
# sendError("Error adding user to list: $listid");
}
}
#else {
#$phplist->removeEmailFromList($_SESSION["userdata"]["email"]["value"],$listid);
#}
}
}
}
$GLOBALS['usersaved'] = time();
return $res;
}