$insert_values = array(); // obtain fields foreach ($prefs_fields as $fieldname) { if (isset($_POST[$fieldname])) { $value = trim($_POST[$fieldname]); } else { $value = ""; } // now, check validity if ($value != '') { switch ($fieldname) { case 'pref_email': if (GALETTE_MODE === 'DEMO') { Analog::log('Trying to set pref_email while in DEMO.', Analog::WARNING); } else { if (!Core\GaletteMail::isValidEmail($value)) { $error_detected[] = _T("- Non-valid E-Mail address!"); } } break; case 'pref_admin_login': if (GALETTE_MODE === 'DEMO') { Analog::log('Trying to set superadmin login while in DEMO.', Analog::WARNING); } else { if (strlen($value) < 4) { $error_detected[] = _T("- The username must be composed of at least 4 characters!"); } else { //check if login is already taken if ($login->loginExists($value)) { $error_detected[] = _T("- This username is already in use, please choose another one!"); }
} } else { //something went wrong :'( $error_detected[] = _T("An error occured while storing the contribution."); } } } if (count($error_detected) == 0) { $dyn_fields->setAllFields('contrib', $contrib->id, $contribution['dyn']); // Get member informations $adh = new Adherent(); $adh->load($contrib->member); if ($preferences->pref_mail_method > GaletteMail::METHOD_DISABLED) { $texts = new Texts($texts_fields, $preferences, array('name_adh' => custom_html_entity_decode($adh->sname), 'firstname_adh' => custom_html_entity_decode($adh->surname), 'lastname_adh' => custom_html_entity_decode($adh->name), 'mail_adh' => custom_html_entity_decode($adh->email), 'login_adh' => custom_html_entity_decode($adh->login), 'deadline' => custom_html_entity_decode($contrib->end_date), 'contrib_info' => custom_html_entity_decode($contrib->info), 'contrib_amount' => custom_html_entity_decode($contrib->amount), 'contrib_type' => custom_html_entity_decode($contrib->type->libelle))); if ($new && isset($_POST['mail_confirm']) && $_POST['mail_confirm'] == '1') { if (GaletteMail::isValidEmail($adh->email)) { $text = 'contrib'; if (!$contrib->isCotis()) { $text = 'donation'; } $mtxt = $texts->getTexts($text, $adh->language); $mail = new GaletteMail(); $mail->setSubject($texts->getSubject()); $mail->setRecipients(array($adh->email => $adh->sname)); $mail->setMessage($texts->getBody()); $sent = $mail->send(); if ($sent) { $hist->add(preg_replace(array('/%name/', '/%email/'), array($adh->sname, $adh->email), _T("Mail sent to user %name (%email)"))); } else { $txt = preg_replace(array('/%name/', '/%email/'), array($adh->sname, $adh->email), _T("A problem happened while sending contribution receipt to user %name (%email)")); $hist->add($txt);
/** * Check posted values validity * * @param array $values All values to check, basically the $_POST array * after sending the form * @param array $required Array of required fields * @param array $disabled Array of disabled fields * * @return true|array */ public function check($values, $required, $disabled) { global $zdb, $preferences; $errors = array(); $fields = self::getDbFields(); //reset company name if needeed if (!isset($values['is_company']) || $values['is_company'] != 1) { unset($values['is_company']); unset($values['societe_adh']); } foreach ($fields as $key) { //first of all, let's sanitize values $key = strtolower($key); $prop = '_' . $this->_fields[$key]['propname']; if (isset($values[$key])) { $value = trim($values[$key]); } else { switch ($key) { case 'bool_admin_adh': case 'bool_exempt_adh': case 'bool_display_info': $value = 0; break; case 'activite_adh': //values that are setted at object instanciation $value = true; break; case 'date_crea_adh': case 'sexe_adh': case 'titre_adh': case 'id_statut': case 'pref_lang': case 'parent_id': //values that are setted at object instanciation $value = $this->{$prop}; break; default: $value = ''; } } // if the field is enabled, check it if (!isset($disabled[$key])) { // fill up the adherent structure if ($value !== null) { $this->{$prop} = stripslashes($value); } // now, check validity if ($value !== null && $value != '') { switch ($key) { // dates case 'date_crea_adh': case 'ddn_adh': try { $d = \DateTime::createFromFormat(_T("Y-m-d"), $value); if ($d === false) { //try with non localized date $d = \DateTime::createFromFormat("Y-m-d", $value); if ($d === false) { throw new \Exception('Incorrect format'); } } $this->{$prop} = $d->format('Y-m-d'); } catch (\Exception $e) { Analog::log('Wrong date format. field: ' . $key . ', value: ' . $value . ', expected fmt: ' . _T("Y-m-d") . ' | ' . $e->getMessage(), Analog::INFO); $errors[] = str_replace(array('%date_format', '%field'), array(_T("Y-m-d"), $this->_fields[$key]['label']), _T("- Wrong date format (%date_format) for %field!")); } break; case 'titre_adh': if ($value !== null && $value !== '') { if ($value == '-1') { $this->{$prop} = null; } else { $this->{$prop} = new Title((int) $value); } } else { $this->{$prop} = null; } break; case 'email_adh': case 'msn_adh': if (!GaletteMail::isValidEmail($value)) { $errors[] = _T("- Non-valid E-Mail address!") . ' (' . $this->getFieldName($key) . ')'; } if ($key == 'email_adh') { try { $select = $zdb->select(self::TABLE); $select->columns(array(self::PK))->where(array('email_adh' => $value)); if ($this->_id != '' && $this->_id != null) { $select->where(self::PK . ' != ' . $this->_id); } $results = $zdb->execute($select); if ($results->count() !== 0) { $errors[] = _T("- This E-Mail address is already used by another member!"); } } catch (\Exception $e) { Analog::log('An error occured checking member email unicity.', Analog::ERROR); $errors[] = _T("An error has occured while looking if login already exists."); } } break; case 'url_adh': if ($value == 'http://') { $this->{$prop} = ''; } elseif (!isValidWebUrl($value)) { $errors[] = _T("- Non-valid Website address! Maybe you've skipped the http:// ?"); } break; case 'login_adh': /** FIXME: add a preference for login lenght */ if (strlen($value) < 2) { $errors[] = str_replace('%i', 2, _T("- The username must be composed of at least %i characters!")); } else { //check if login does not contain the @ character if (strpos($value, '@') != false) { $errors[] = _T("- The username cannot contain the @ character"); } else { //check if login is already taken try { $select = $zdb->select(self::TABLE); $select->columns(array(self::PK))->where(array('login_adh' => $value)); if ($this->_id != '' && $this->_id != null) { $select->where(self::PK . ' != ' . $this->_id); } $results = $zdb->execute($select); if ($results->count() !== 0 || $value == $preferences->pref_admin_login) { $errors[] = _T("- This username is already in use, please choose another one!"); } } catch (\Exception $e) { Analog::log('An error occured checking member login unicity.', Analog::ERROR); $errors[] = _T("An error has occured while looking if login already exists."); } } } break; case 'mdp_adh': /** TODO: check password complexity, set by a preference */ /** FIXME: add a preference for password lenght */ if (strlen($value) < 6) { $errors[] = str_replace('%i', 6, _T("- The password must be of at least %i characters!")); } else { if ($this->_self_adh !== true && (!isset($values['mdp_adh2']) || $values['mdp_adh2'] != $value)) { $errors[] = _T("- The passwords don't match!"); } else { if ($this->_self_adh === true && !crypt($value, $values['mdp_crypt']) == $values['mdp_crypt']) { $errors[] = _T("Password misrepeated: "); } else { $this->{$prop} = password_hash($value, PASSWORD_BCRYPT); } } } break; case 'id_statut': try { //check if status exists $select = $zdb->select(Status::TABLE); $select->where(Status::PK . '= ' . $value); $results = $zdb->execute($select); $result = $results->current(); if ($result === false) { $errors[] = str_replace('%id', $value, _T("Status #%id does not exists in database.")); break; } //check for status unicity $select = $zdb->select(self::TABLE, 'a'); $select->limit(1)->join(array('b' => PREFIX_DB . Status::TABLE), 'a.' . Status::PK . '=b.' . Status::PK, array('libelle_statut'))->where('b.' . Status::PK . '=' . $value); $select->where->lessThan('b.priorite_statut', Members::NON_STAFF_MEMBERS); if ($this->_id != '' && $this->_id != null) { $select->where('a.' . self::PK . ' != ' . $this->_id); } $results = $zdb->execute($select); $result = $results->current(); if ($result !== false) { $errors[] = str_replace(array('%s', '%i', '%n', '%m'), array($result->libelle_statut, $result->id_adh, $result->nom_adh, $result->prenom_adh), _T("Selected status (%s) is already in use in <a href='voir_adherent.php?id_adh=%i'>%n %m's profile</a>.")); } } catch (\Exception $e) { Analog::log('An error occured checking status unicity: ' . $e->getMessage(), Analog::ERROR); $errors[] = _T("An error has occured while looking if status is already in use."); } break; } } else { if ($key == 'login_adh' && !isset($required['login_adh']) || $key == 'mdp_adh' && !isset($required['mdp_adh']) && !isset($this->_id)) { $p = new Password(); $this->{$prop} = $p->makeRandomPassword(15); } } } } // missing required fields? while (list($key, $val) = each($required)) { $prop = '_' . $this->_fields[$key]['propname']; if (isset($disabled[$key])) { $mandatory_missing = false; if (!isset($this->{$prop})) { $mandatory_missing = true; } else { if ($key === 'titre_adh' && $this->{$prop} == '-1') { $mandatory_missing = true; } } if ($mandatory_missing === true) { $errors[] = _T("- Mandatory field empty: ") . ' <a href="#' . $key . '">' . $this->getFieldName($key) . '</a>'; } } } //attach to/detach from parent if (isset($values['detach_parent'])) { $this->_parent = null; } if (count($errors) > 0) { Analog::log('Some errors has been throwed attempting to edit/store a member' . print_r($errors, true), Analog::DEBUG); return $errors; } else { Analog::log('Member checked successfully.', Analog::DEBUG); return true; } }
$hist->add($str); $error_detected[] = $str; } } else { $str = str_replace('%s', $login_adh, _T("An error occured storing temporary password for %s. Please inform an admin.")); $hist->add($str); $error_detected[] = $str; } } else { $str = str_replace('%s', $login_adh, _T("Your account (%s) do not contain any valid mail address")); $hist->add($str); $error_detected[] = $str; } } else { //account has not been found if (Core\GaletteMail::isValidEmail($login_adh)) { $str = str_replace('%s', $login_adh, _T("Mails address %s does not exist")); $hist->add($str); $error_detected[] = $str; } else { $str = str_replace('%s', $login_adh, _T("Login %s does not exist")); $hist->add($str); $error_detected[] = $str; } } } $tpl->assign('done', $done); if ($from_admin) { if (count($error_detected) > 0) { $session['lostpasswd_errors'] = serialize($error_detected); }