function custom_form_generate_validation($invoice_type_id)
{
global $wpdb;
// get form fields to validate
$results = $wpdb->get_results($wpdb->prepare("SELECT * FROM wp_invoice_info where invoice_type_id = %d ORDER BY field_order ASC", $invoice_type_id));
$error_msg .= validate_emails();
/* ********** BEGIN Validate form fields */
foreach ($results as $row2) {
$attributesArray = unserialize($row2->attributes);
// nametracking is different that means we have a new field...we only care about non duplicate entries
if ($nametracking != $row2->field_name) {
if ($_POST[$row2->field_name] != "") {
// use != "" instead of == 0 because sometimes 0 is a valid field value
switch ($row2->field_type) {
// check to see if the posted value passes validation
case "textbox":
$error_msg .= validateTextbox($row2);
break;
default:
// rest don't need validation
break;
}
// switch
} elseif (array_key_exists("required", $attributesArray)) {
$error_msg .= '<p class="cstem_im_form_error">Form field "' . $row2->field_description . '" must not be empty</p>';
}
}
// if: it is a new field so need to validate
$nametracking = $row2->field_name;
$prevtype = $row2->field_type;
}
// for: look through results
/* END Validate form fields ********** */
return $error_msg;
}
function validate_form_input()
{
//Grab the address of params in $GLOBALS. Is this necessary?
$params =& $GLOBALS["params"];
$params["to"] = isset($_REQUEST["to"]) ? $_REQUEST["to"] : "";
$params["from"] = isset($_REQUEST["from"]) ? $_REQUEST["from"] : "";
$params["subject"] = isset($_REQUEST["subject"]) ? $_REQUEST["subject"] : "";
$params["message"] = isset($_REQUEST["message"]) ? $_REQUEST["message"] : "";
$params["bcc_checkbox"] = isset($_REQUEST["bcc_checkbox"]) ? $_REQUEST["bcc_checkbox"] : "no";
$result = validate_input_presence($params);
if ($result !== TRUE) {
return $result;
}
$result = validate_emails($params["to"]);
if ($result !== TRUE) {
return $result;
}
$result = validate_emails($params["from"]);
if ($result !== TRUE) {
return $result;
}
$result = validate_text_input($params["subject"], "subject");
if ($result !== TRUE) {
return $result;
}
$result = validate_text_input($params["message"], "message");
if ($result !== TRUE) {
return $result;
}
$bcc_address = "";
//Only validate the BCC address(es) if the checkbox has been checked
if (strcmp($params["bcc_checkbox"], "yes") === 0) {
$bcc_address = isset($_REQUEST["bcc_input"]) ? $_REQUEST["bcc_input"] : "";
$result = validate_emails($bcc_address);
if ($result !== TRUE) {
return $result;
}
}
$GLOBALS["headers"] = 'From: ' . $params["from"] . "\r\n";
$GLOBALS["headers"] .= 'Bcc: spencerbartz@gmail.com,' . $bcc_address . "\r\n";
return TRUE;
}
<?php
require_once "./config.php";
$input = array();
$errors = array();
$success = array();
$input['number_ppl'] = $_POST['number_ppl'] ? $_POST['number_ppl'] : $_GET['number_ppl'];
$input['form_key'] = $_POST['form_key'] ? $_POST['form_key'] : $_GET['form_key'];
$input['rand_key'] = $_POST['rand_key'] ? $_POST['rand_key'] : $_GET['rand_key'];
$input['names'] = $_POST['names'] ? $_POST['names'] : $_GET['names'];
$input['emails'] = $_POST['emails'] ? $_POST['emails'] : $_GET['emails'];
$input['others'] = $_POST['others'] ? $_POST['others'] : $_GET['others'];
$input['gift_value'] = $_POST['gift_value'] ? $_POST['gift_value'] : $_GET['gift_value'];
try {
if (validate_input($input, $errors) && validate_form($input, $errors) && eliminate_blank_values($input) && validate_emails($input, $errors) && count($input['names']) >= 1) {
if (send_emails($input, $errors, $success)) {
return_success($success);
} else {
return_errors($errors);
}
} else {
return_errors($errors);
}
} catch (Exception $e) {
return_errors($errors, $input, $e);
}
function validate_input(&$input, &$errors)
{
$return_val = true;
//Testing Form Key
if (!isset($input['form_key']) || empty($input['form_key']) || !is_numeric($input['form_key'])) {
break;
case 'setAdmin':
$sql = "SELECT cvs_is_private FROM groups WHERE group_id=" . (int) $group_id;
$result = db_query($sql);
$initial_settings = db_fetch_array($result);
$feedback .= $Language->getText('cvs_index', 'config_updated');
$status = $Language->getText('cvs_index', 'full_success');
if (trim($custom_mailing_header) == '') {
$mailing_header = 'NULL';
} else {
$mailing_header = $custom_mailing_header;
}
if (trim($mailing_list) == '') {
$mailing_list = 'NULL';
} else {
if (!validate_emails($mailing_list)) {
$mailing_list = 'NULL';
$status = $Language->getText('cvs_index', 'partial_success');
}
}
$feedback = $feedback . ' ' . $status;
$is_private = '';
if ($request->exist('private')) {
//TODO check that the project is public (else the cvs is always private)
$private = $request->get('private') ? 1 : 0;
$is_private = ', cvs_is_private = ' . $private;
//Raise an event if needed
if ($initial_settings['cvs_is_private'] != $private) {
EventManager::instance()->processEvent('cvs_is_private', array('group_id' => $group_id, 'cvs_is_private' => $private));
}
}
/**
* update - Update number of common properties.
*
* Unlike updateAdmin(), this function accessible to project admin.
*
* @param object User requesting operation (for access control).
* @param bool Whether group is publicly accessible (0/1).
* @param string Project's license (string ident).
* @param int Group type (1-project, 2-foundry).
* @param string Machine on which group's home directory located.
* @param string Domain which serves group's WWW.
* @return int status.
* @access public.
*/
function update(&$user, $group_name, $homepage, $short_description, $use_mail, $use_survey, $use_forum, $use_pm, $use_pm_depend_box, $use_scm, $use_news, $use_docman, $new_doc_address, $send_all_docs, $logo_image_id, $enable_pserver, $enable_anonscm, $use_ftp, $use_tracker, $use_frs, $use_stats, $is_public)
{
$perm =& $this->getPermission($user);
if (!$perm || !is_object($perm)) {
$this->setError(_('Could not get permission.'));
return false;
}
if (!$perm->isAdmin()) {
$this->setError(_('Permission denied.'));
return false;
}
// Validate some values
if (!$group_name) {
$this->setError(_('Invalid Group Name'));
return false;
}
if ($new_doc_address) {
$invalid_mails = validate_emails($new_doc_address);
if (count($invalid_mails) > 0) {
$this->setError(sprintf(ngettext('New Doc Address Appeared Invalid: %s', 'New Doc Addresses Appeared Invalid: %s', count($invalid_mails)), implode(',', $invalid_mails)));
return false;
}
}
// in the database, these all default to '1',
// so we have to explicity set 0
if (!$use_mail) {
$use_mail = 0;
}
if (!$use_survey) {
$use_survey = 0;
}
if (!$use_forum) {
$use_forum = 0;
}
if (!$use_pm) {
$use_pm = 0;
}
if (!$use_pm_depend_box) {
$use_pm_depend_box = 0;
}
if (!$use_scm) {
$use_scm = 0;
}
if (!$use_news) {
$use_news = 0;
}
if (!$use_docman) {
$use_docman = 0;
}
if (!$use_ftp) {
$use_ftp = 0;
}
if (!$use_tracker) {
$use_tracker = 0;
}
if (!$use_frs) {
$use_frs = 0;
}
if (!$use_stats) {
$use_stats = 0;
}
if (!$send_all_docs) {
$send_all_docs = 0;
}
if (!$homepage) {
$homepage = $GLOBALS['sys_default_domain'] . '/projects/' . $this->getUnixName() . '/';
}
if (strlen($short_description) > 255) {
$this->setError(_('Error updating project information: Maximum length for Project Description is 255 chars.'));
return false;
}
db_begin();
//XXX not yet actived logo_image_id='$logo_image_id',
$sql = "\n\t\t\tUPDATE groups\n\t\t\tSET \n\t\t\t\tgroup_name='" . htmlspecialchars($group_name) . "',\n\t\t\t\thomepage='{$homepage}',\n\t\t\t\tshort_description='" . htmlspecialchars($short_description) . "',\n\t\t\t\tuse_mail='{$use_mail}',\n\t\t\t\tuse_survey='{$use_survey}',\n\t\t\t\tuse_forum='{$use_forum}',\n\t\t\t\tuse_pm='{$use_pm}',\n\t\t\t\tuse_pm_depend_box='{$use_pm_depend_box}',\n\t\t\t\tuse_scm='{$use_scm}',\n\t\t\t\tuse_news='{$use_news}',\n\t\t\t\tuse_docman='{$use_docman}',\n is_public='{$is_public}',\n\t\t\t\tnew_doc_address='{$new_doc_address}',\n\t\t\t\tsend_all_docs='{$send_all_docs}',\n\t\t";
if ($enable_pserver != '') {
$sql .= "\n\t\t\t\tenable_pserver='{$enable_pserver}',\n\t\t";
}
if ($enable_anonscm != '') {
$sql .= "\n\t\t\t\tenable_anonscm='{$enable_anonscm}',\n\t\t";
}
$sql .= "\n\t\t\t\tuse_ftp='{$use_ftp}',\n\t\t\t\tuse_tracker='{$use_tracker}',\n\t\t\t\tuse_frs='{$use_frs}',\n\t\t\t\tuse_stats='{$use_stats}'\n\t\t\tWHERE group_id='" . $this->getID() . "'\n\t\t";
$res = db_query($sql);
if (!$res) {
$this->setError(sprintf(_('Error updating project information: %s'), db_error()));
db_rollback();
return false;
}
$hook_params = array();
$hook_params['group'] = $this;
$hook_params['group_id'] = $this->getID();
$hook_params['group_homepage'] = $homepage;
$hook_params['group_name'] = htmlspecialchars($group_name);
$hook_params['group_description'] = htmlspecialchars($short_description);
plugin_hook("group_update", $hook_params);
// Log the audit trail
$this->addHistory('Changed Public Info', '');
if (!$this->fetchData($this->getID())) {
db_rollback();
return false;
}
db_commit();
return true;
}
/**
* update - use this function to update an entry in the database.
*
* @param string The name of the forum.
* @param string The description of the forum.
* @param int if it should be public (0) for private.
* @param int if we should allow non-logged-in users to post (0) for mandatory login.
* @param string The email address to send all new posts to.
* @param int if the messages that are posted in the forum should go to moderation before available. 0-> no moderation 1-> moderation for anonymous and non-project members 2-> moderation for everyone
* @return boolean success.
*/
function update($forum_name, $description, $allow_anonymous, $is_public, $send_all_posts_to = '', $moderation_level = 0)
{
if (strlen($forum_name) < 3) {
$this->setError(_('Forum Name Must Be At Least 3 Characters'));
return false;
}
if (strlen($description) < 10) {
$this->setError(_('Forum Description Must Be At Least 10 Characters'));
return false;
}
if (eregi('[^_\\.0-9a-z-]', $forum_name)) {
$this->setError(_('Illegal Characters in Forum Name'));
return false;
}
if ($send_all_posts_to) {
$invalid_mails = validate_emails($send_all_posts_to);
if (count($invalid_mails) > 0) {
$this->setInvalidEmailError();
return false;
}
}
if (!$this->userIsAdmin()) {
$this->setPermissionDeniedError();
return false;
}
$res = db_query("UPDATE forum_group_list SET\n\t\t\tforum_name='" . strtolower($forum_name) . "',\n\t\t\tdescription='" . htmlspecialchars($description) . "',\n\t\t\tsend_all_posts_to='" . $send_all_posts_to . "',\n\t\t\tallow_anonymous='" . $allow_anonymous . "',\n\t\t\tmoderation_level='" . $moderation_level . "',\n\t\t\tis_public='" . $is_public . "'\n\t\t\tWHERE group_id='" . $this->Group->getID() . "'\n\t\t\tAND group_forum_id='" . $this->getID() . "'");
if (!$res || db_affected_rows($res) < 1) {
$this->setError(_('Error On Update:') . ': ' . db_error());
return false;
}
return true;
}
/**
* update - update a ProjectGroup in the database.
*
* @param string The project name.
* @param string The project description.
* @param string The email address to send new notifications to.
* @return boolean success.
*/
function update($project_name, $description, $send_all_posts_to = '')
{
if (strlen($project_name) < 3) {
$this->setError(_('Title Must Be At Least 5 Characters'));
return false;
}
if (strlen($description) < 10) {
$this->setError(_('Document Description Must Be At Least 10 Characters'));
return false;
}
if ($send_all_posts_to) {
$invalid_mails = validate_emails($send_all_posts_to);
if (count($invalid_mails) > 0) {
$this->setInvalidEmailError();
return false;
}
}
if (!$this->userIsAdmin()) {
$this->setPermissionDeniedError();
return false;
}
$sql = "UPDATE project_group_list SET\n\t\t\tproject_name='" . htmlspecialchars($project_name) . "',\n\t\t\tdescription='" . htmlspecialchars($description) . "',\n\t\t\tsend_all_posts_to='{$send_all_posts_to}'\n\t\t\tWHERE group_id='" . $this->Group->getID() . "'\n\t\t\tAND group_project_id='" . $this->getID() . "'";
$res = db_query($sql);
if (!$res || db_affected_rows($res) < 1) {
$this->setError('Error On Update: ' . db_error() . $sql);
return false;
}
return true;
}
/**
* update - use this to update this ArtifactType in the database.
*
* @param string The item name.
* @param string The item description.
* @param bool (1) true (0) false - whether to email on all updates.
* @param string The address to send new entries and updates to.
* @param int Days before this item is considered overdue.
* @param int Days before stale items time out.
* @param bool (1) true (0) false - whether the resolution box should be shown.
* @param string Free-form string that project admins can place on the submit page.
* @param string Free-form string that project admins can place on the browse page.
* @return true on success, false on failure.
*/
function update($name, $description, $email_all, $email_address, $due_period, $status_timeout, $use_resolution, $submit_instructions, $browse_instructions)
{
if (!$this->userIsAdmin()) {
$this->setPermissionDeniedError();
return false;
}
if ($this->getDataType()) {
$name = $this->getName();
$description = $this->getDescription();
}
if (!$name || !$description || !$due_period || !$status_timeout) {
$this->setError(_('ArtifactType: Name, Description, Due Period, and Status Timeout are required'));
return false;
}
if ($email_address) {
$invalid_emails = validate_emails($email_address);
if (count($invalid_emails) > 0) {
$this->SetError(_('E-mail address(es) appeared invalid') . ': ' . implode(',', $invalid_emails));
return false;
}
}
$email_all = !$email_all ? 0 : $email_all;
$use_resolution = !$use_resolution ? 0 : $use_resolution;
$sql = "UPDATE artifact_group_list SET \n\t\t\tname='" . htmlspecialchars($name) . "',\n\t\t\tdescription='" . htmlspecialchars($description) . "',\n\t\t\temail_all_updates='{$email_all}',\n\t\t\temail_address='{$email_address}',\n\t\t\tdue_period='" . $due_period * (60 * 60 * 24) . "',\n\t\t\tstatus_timeout='" . $status_timeout * (60 * 60 * 24) . "',\n\t\t\tsubmit_instructions='" . htmlspecialchars($submit_instructions) . "',\n\t\t\tbrowse_instructions='" . htmlspecialchars($browse_instructions) . "'\n\t\t\tWHERE \n\t\t\tgroup_artifact_id='" . $this->getID() . "' \n\t\t\tAND group_id='" . $this->Group->getID() . "'";
$res = db_query($sql);
if (!$res || db_affected_rows($res) < 1) {
$this->setError('ArtifactType::Update(): ' . db_error());
return false;
} else {
$this->fetchData($this->getID());
return true;
}
}