Fifth pass at adding key files

site/coaches/wiki_edit_X.php

@@ -0,0 +1,124 @@
+<?PHP
+
+if (!$_POST){ header('Location: '.$site_url.'/?error=no_post'); }
+
+/*
+
+FIELD NAMES: 
+coach_id
+coach_name
+coach_name_tag
+coach_address
+coach_address_two
+coach_city
+coach_state
+coach_state_tag
+coach_zip
+coach_phone
+coach_fax
+coach_email
+coach_website
+coach_certifications
+coach_services
+coach_degrees
+coach_cost
+coach_info
+coach_camps
+coach_submitted_by
+coach_valid
+coach_user_tags
+
+*/
+
+/* Need to ltrim and rtrim commas before insertion */
+
+//Insert into database
+$errmsg = NULL;
+//Check for blank fields
+if ((!$_POST[coach_name])) $errmsg = $errmsg."Shop name, ";  
+if (!$_POST[coach_city]) $errmsg = $errmsg."City, ";
+if (!$_POST[coach_state]) $errmsg = $errmsg."State, ";
+if (!$_POST[coach_address]) $errmsg = $errmsg."Address, ";
+if (!$_POST[coach_phone]) $errmsg = $errmsg."Phone, ";
+if (!$_POST[coach_email]) $errmsg = $errmsg."Email, ";
+if (!$_POST[coach_website]) $errmsg = $errmsg."Website, ";
+if (strlen($_POST[coach_cost]) < 4) $errmsg = $errmsg."Rates &amp; Fees, ";
+if (strlen($_POST[coach_info]) < 4) $errmsg = $errmsg."General Info, ";
+if (strlen($_POST[coach_camps]) < 4) $errmsg = $errmsg."Camps, ";
+if (isset($errmsg)) {
+   $errmsg = "The following fields cannot be left blank: ".$errmsg."<br />";
+   $errmsg = rtrim($errmsg, ", ");
+}
+
+$start_url = "(http(s)?\:\/\/)?"; // start url
+$dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end
+$last_part = "([\w_-]{2,})"; // last part doesn't contain a dot
+$user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~
+$end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension
+$qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b)
+$qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d)
+$bkmrk = "(#[\w_-]+)?"; // bookmark
+
+$exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i";
+if( !preg_match($exp, $_POST[coach_website]) ) {
+	// Contains invalid characters.
+  $errmsg = $errmsg."Invalid Web Address<br />";
+}
+if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[coach_name]) ) {
+  // Contains invalid characters.
+  $errmsg = $errmsg."Please use only letters and numbers in the name<br />";
+}
+
+if(!$errmsg){
+
+	$name = trim($_POST[coach_name]);
+	$name_tag = strtolower(str_replace(" ","", $name));
+	if(strlen($nametag) > 12){ //Shorten it
+		$name_tag = substr($nametag, 0, 12);
+	}
+	$address = mysql_escape_string(trim($_POST[coach_address]));
+	if (isset($_POST['coach_address_two'])) { $address_two = mysql_escape_string(trim($_POST[coach_address_two])); } else { $address_two = NULL; }
+	$city = mysql_escape_string(trim($_POST[coach_city]));
+	$state = $_POST[coach_state];
+	$state_tag = strtolower(str_replace(" ","", $state));
+	$zip = mysql_escape_string(trim($_POST[coach_zip]));
+	$phone = trim($_POST[coach_phone]);
+	$fax = trim($_POST[coach_fax]);
+	$email = mysql_escape_string(trim($_POST[coach_email]));
+	$website = mysql_escape_string(trim($_POST[coach_website]));
+	$certifications = $_POST[coach_certifications];
+	$services = $_POST[coach_services];
+	$degrees = $_POST[coach_degrees];
+	$cost = mysql_escape_string(nl2br(substr(trim($_POST[coach_cost]), 0, 4096)));
+	$info = mysql_escape_string(nl2br(substr(trim($_POST[coach_info]), 0, 4096)));
+	$camps = mysql_escape_string(nl2br(substr(trim($_POST[coach_camps]), 0, 4096)));
+	$submitted_by = $_POST[coach_submitted_by];
+	$id = $_POST[coach_id];
+	$edited_by = $_POST[edited_by];
+	$edit_timestamp = time();
+  
+	// BEGIN CONFIRM ENTRY CHECK
+	if($_POST[insert_coach] == true){
+	  if(isset($_POST[new_coach])){
+		$sql = "INSERT INTO ".$prefix."Coaches (coach_name, coach_name_tag, coach_address, coach_address_two, coach_city, coach_state, coach_state_tag, coach_zip, coach_phone, coach_fax, coach_email, coach_website, coach_certifications, coach_services, coach_degrees, coach_cost, coach_info, coach_camps, coach_submitted_by, coach_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', ',$certifications,', ',$services,', ',$degrees,', '$cost', '$info', '$camps', $submitted_by, 0)";
+		//echo("coach entered!");
+		//echo($sql);
+		mysql_query($sql) OR die(mysql_error()); 
+		header('Location: '.$site_url.'/add.php?confirmed=yes');
+	  } elseif(isset($_POST[save_changes])) {
+		$sql = "INSERT INTO ".$prefix."CoachesEdits (coach_id_fk, editor_user_id_fk, edit_timestamp, coach_name, coach_name_tag, coach_address, coach_address_two, coach_city, coach_state, coach_state_tag, coach_zip, coach_phone, coach_fax, coach_email, coach_website, coach_certifications, coach_services, coach_degrees, coach_cost, coach_info, coach_camps, coach_submitted_by, coach_valid) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', ',$certifications,', ',$services,', ',$degrees,', '$cost', '$info', '$camps', $submitted_by, 0)";
+		//echo $sql;
+		//exit;
+		mysql_query($sql) OR die(mysql_error());
+		header('Location: '.$site_url.'/individual.php?coach_id='.$id.'&wiki_change=success');
+	  } else {
+		header('Location: '.$site_url.'/individual.php?coach_id='.$id.'&changes=failure');
+	  }
+	} else {
+		//echo("coach NOT entered.");
+		$confirm_coach = true;
+	}
+	// END CONFIRM ENTRY CHECK	
+}
+// END ERROR MESSAGE CHECK
+?>