function wise_validate($itemName, $errorMessage) { global $errorArray; if (!empty($_POST[$itemName])) { $item = wise_clean_data($_POST[$itemName]); return $item; } else { $errorArray[$itemName] = "<span class=\"form-error\">{$errorMessage}</span>"; return ''; } }
$wiseIntakeDemoPreferredEmail = wise_validate('wiseIntakeDemoPreferredEmail', 'Preferred Email cannot be empty!'); $wiseIntakeDemoRace = wise_validate('wiseIntakeDemoRace', 'You must select a Race!'); $wiseIntakeDemoDisability = wise_validate('wiseIntakeDemoDisability', 'You must select Yes or No!'); $wiseIntakeDemoPellGrant = wise_validate('wiseIntakeDemoPellGrant', 'You must select Yes, No, or I do not know!'); $wiseIntakeDemoTAA = wise_validate('wiseIntakeDemoTAA', 'You must select Yes, No, or I do not know!'); $wiseIntakeDemoEligibleVeteran = wise_validate('wiseIntakeDemoEligibleVeteran', 'You must select Yes or No!'); $wiseIntakeDemoSpouseOfEligibleVeteran = wise_validate('wiseIntakeDemoSpouseOfEligibleVeteran', 'You must select Yes or No!'); $wiseIntakeEmploymentStatus = wise_validate('wiseIntakeEmploymentStatus', 'You must select your current Employment Status!'); //optional data is just cleaned rather than checked for emptiness. $wiseIntakeEmployerName = wise_clean_data($_POST['wiseIntakeEmployerName']); //optional string $wiseIntakeEmploymentStartDate = wise_clean_data($_POST['wiseIntakeEmploymentStartDate']); //optional string $wiseIntakeEmploymentHoursPerWeek = wise_clean_data($_POST['wiseIntakeEmploymentHoursPerWeek']); //optional string $wiseIntakeEmploymentCurrentSalary = wise_clean_data($_POST['wiseIntakeEmploymentCurrentSalary']); //optional string //verify information checkbox was checked during variable assignment. //validate the date of birth field to make sure it is in mm/dd/yyyy format. if (!validateDate($wiseIntakeDemoDateOfBirth, 'm/d/Y')) { $errorArray['wiseIntakeDemoDateOfBirth'] = '<span class="form-error">Invalid date! Use mm/dd/yyyy format!</span>'; } //validate the date of start date field to make sure it is in mm/yyyy format. //because its optional, it is only validated if the field is not empty. if (!empty($wiseIntakeEmploymentStartDate) && !validateDate($wiseIntakeEmploymentStartDate, 'm/Y')) { $errorArray['wiseIntakeEmploymentStartDate'] = '<span class="form-error">Invalid date! Use mm/yyyy format!</span>'; } //check radio/checkbox data to make sure it is in the allowed array of options. (helps prevent spoofing) //only add the error if we know there is no current error for this input. wise_validate_radio_checkbox_spoofing($wiseIntakeDemoGender, 'wiseIntakeDemoGender', $demoGenderRadio); wise_validate_radio_checkbox_spoofing($wiseIntakeDemoRace, 'wiseIntakeDemoRace', $demoRaceRadio);
} } //validate data: required fields cannot be empty. //data will be stripped of unsafe values such as html tags //(mysql injection checks are made upon submitting //the entire form rather than on each of the pages). radio and checkbox list //values must be on the allowed array of options (to help prevent spoofing). $wiseIntakeLName = wise_validate('wiseIntakeLName', 'Last Name cannot be empty!'); $wiseIntakeStudentID = wise_validate('wiseIntakeStudentID', 'Student ID Number cannot be empty!'); //student ID must also be a number, in addition to being not empty if (!empty($wiseIntakeStudentID) && !is_numeric($wiseIntakeStudentID)) { $errorArray['wiseIntakeStudentID'] = '<span class="form-error">Student ID may only contain numbers!</span>'; } $wiseIntakeFName = wise_validate('wiseIntakeFName', 'First Name cannot be empty!'); $wiseIntakeCourse = wise_validate('wiseIntakeCourse', 'Course cannot be empty!'); $wiseIntakeMInitial = wise_clean_data($wiseIntakeMInitial); //optional, so it is just cleaned instead of validated. $wiseIntakeEduBackground = wise_validate('wiseIntakeEduBackground', 'You must select an Educational Background!'); $wiseIntakeEduGoal = wise_validate('wiseIntakeEduGoal', 'You must select a Goal!'); $wiseIntakeEduCurrentStatus = wise_validate('wiseIntakeEduCurrentStatus', 'You must select your Current Status!'); //intended programs was checked during variable assignment //check radio/checkbox data to make sure it is in the allowed array of options. (helps prevent spoofing) //only add the error if we know there is no current error for this input. wise_validate_radio_checkbox_spoofing($wiseIntakeEduBackground, 'wiseIntakeEduBackground', $eduBackgroundRadio); wise_validate_radio_checkbox_spoofing($wiseIntakeEduGoal, 'wiseIntakeEduGoal', $eduGoalRadio); wise_validate_radio_checkbox_spoofing($wiseIntakeEduCurrentStatus, 'wiseIntakeEduCurrentStatus', $eduCurrentStatusRadio); //for the checkbox list, check each selected option to make sure it is on the list of actual options. //note that if the array is empty, no error will be added here. foreach ($wiseIntakeIntendedPrograms as $SelectedIntendedProgramOption) { wise_validate_radio_checkbox_spoofing($SelectedIntendedProgramOption, 'wiseIntakeIntendedPrograms', $intendedProgramsCheckboxes); }
//start session so that the admin variable can be set upon successful login session_start(); //require functions list require 'includes/functions.php'; //this variable tells the header to appear differently (rather than "form" it will say "table"). $isTablePage = true; //setting initial username and password to empty strings $wiseIntakeTableLoginUsername = ''; $wiseIntakeTableLoginPassword = ''; //error array starts empty $errorArray = array(); //validate the submitted username and password (if the form was submitted) if (isset($_POST['submit'])) { //get submitted username and password $wiseIntakeTableLoginUsername = wise_clean_data($_POST['wiseIntakeTableLoginUsername']); $wiseIntakeTableLoginPassword = wise_clean_data($_POST['wiseIntakeTableLoginPassword']); //if username and password are correct, set variable to mark successful login if ($wiseIntakeTableLoginUsername == 'wiseAdmin' && $wiseIntakeTableLoginPassword == 'adbEJL5Pmlfbu2k9') { $successfulLogin = true; } //if username/password combo is correct, redirect to table page with a session variable set //marking this session as an admin that can view the table. if (isset($successfulLogin)) { $_SESSION['admin'] = 'wise-admin'; header('location: wise-intake-table.php'); } else { $errorArray['wiseIntakeTableLoginError'] = '<strong><span class="form-error">Username or password incorrect.</span></strong><br />'; } } ?> <!DOCTYPE html>