<?PHP

if (!$_POST){ header('Location: '.$site_url.'/?error=no_post'); }

/*

FIELD NAMES: 
runshop_id
runshop_name
runshop_name_tag
runshop_address
runshop_address_two
runshop_city
runshop_state
runshop_state_tag
runshop_zip
runshop_phone
runshop_fax
runshop_email
runshop_website
runshop_cart
runshop_contact
runshop_contact_names
runshop_diagnostics
runshop_shoes
runshop_socks
runshop_apparel_run
runshop_apparel_tri
runshop_swimgear
runshop_wetsuits
runshop_hours
runshop_classes
runshop_info
runshop_directions
runshop_submitted_by
runshop_valid
runshop_shopper_tags

*/

/* Need to ltrim and rtrim commas before insertion */

//Insert into database
$pass = 'abc123';
$errmsg = NULL;
//Check for blank fields
if ((!$_POST[runshop_name])) $errmsg = $errmsg.'Shop name, ';  
if (!$_POST[runshop_city]) $errmsg = $errmsg.'City, ';
if (!$_POST[runshop_state]) $errmsg = $errmsg.'State, ';
if (!$_POST[runshop_address]) $errmsg = $errmsg.'Address, ';
if (!$_POST[runshop_phone]) $errmsg = $errmsg.'Phone, ';
if (!$_POST[runshop_email]) $errmsg = $errmsg.'Email, ';
if (!$_POST[runshop_hours]) $errmsg = $errmsg.'Shop hours, ';
if ($_POST[runshop_contact] == 1 && !$_POST[runshop_contact_names]) $errmsg = $errmsg.'Contact names, ';
if (strlen($_POST[runshop_classes]) < 4) $errmsg = $errmsg.'Runs &amp; classes, ';
if (strlen($_POST[runshop_info]) < 4) $errmsg = $errmsg.'Shop info, ';
if (strlen($_POST[runshop_directions]) < 4) $errmsg = $errmsg.'Directions, ';
if (isset($errmsg)) {
   $errmsg = 'The following fields cannot be left blank: '.$errmsg;
   $errmsg = rtrim($errmsg, ', ');
}
/*$start_url = "(http(s)?\:\/\/)?"; // start url
$dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end
$last_part = "([\w_-]{2,})"; // last part doesn't contain a dot
$user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~
$end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension
$qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b)
$qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d)
$bkmrk = "(#[\w_-]+)?"; // bookmark

$exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i";
if( !preg_match($exp, $_POST[runshop_website]) && $_POST[runshop_website] != "") {
	// Contains invalid characters.
	$errmsg = $errmsg."Invalid Web Address<br />";
}*/

if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[runshop_name]) ) {
  // Contains invalid characters.
  $errmsg = "Please use only letters and numbers in the name";
}

// BEGIN ERROR MESSAGE CHECK
if(!$errmsg){

	$name = mysql_real_escape_string(trim($_POST[runshop_name]));
	$name_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $name)));
	if(strlen($nametag) > 12){ //Shorten it
		$name_tag = substr($nametag, 0, 12);
	}
	$address = mysql_real_escape_string(trim($_POST[runshop_address]));
	$address_two = mysql_real_escape_string(trim($_POST[runshop_address_two]));
	$city = mysql_real_escape_string(trim($_POST[runshop_city]));
	$state = mysql_real_escape_string($_POST[runshop_state]);
	$state_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $state)));
	$zip = mysql_real_escape_string(trim($_POST[runshop_zip]));
	$phone = mysql_real_escape_string(trim($_POST[runshop_phone]));
	$fax = mysql_real_escape_string(trim($_POST[runshop_fax]));
	$email = mysql_real_escape_string(trim($_POST[runshop_email]));
	$website = mysql_real_escape_string(trim($_POST[runshop_website]));
	$cart = mysql_real_escape_string(trim($_POST[runshop_cart]));
	$contact = mysql_real_escape_string($_POST[runshop_contact]);
	if ( $contact == 0 ){ $contact_names = NULL; }else{ $contact_names = mysql_real_escape_string(trim($_POST[runshop_contact_names])); }
	/* Need to ltrim and rtrim commas before insertion --> or ltrim/rtrim before implosion*/
	$diagnostics = mysql_real_escape_string($_POST[runshop_diagnostics]);
	$shoes = mysql_real_escape_string($_POST[runshop_shoes]);
	$swimgear = mysql_real_escape_string($_POST[runshop_swimgear]);
	$wetsuits = mysql_real_escape_string($_POST[runshop_wetsuits]);
	$socks = mysql_real_escape_string($_POST[runshop_socks]);
	$apparel_run = mysql_real_escape_string($_POST[runshop_apparel_run]);
	$apparel_tri = mysql_real_escape_string($_POST[runshop_apparel_tri]);
	$hours = mysql_real_escape_string(trim($_POST[runshop_hours]));
	$classes = mysql_real_escape_string(substr(trim($_POST[runshop_classes]), 0, 4096));
	$info = mysql_real_escape_string(substr(trim($_POST[runshop_info]), 0, 4096));
	$directions = mysql_real_escape_string(substr(trim($_POST[runshop_directions]), 0, 4096));
	$submitted_by = mysql_real_escape_string($_POST[runshop_submitted_by]);
	$id = mysql_real_escape_string($_POST[runshop_id]);
	$edited_by = mysql_real_escape_string($_POST[edited_by]);
	$edit_timestamp = mysql_real_escape_string(time());
  
	// BEGIN CONFIRM ENTRY CHECK
	if($_POST[confirm_entry] == 1){
	  if(isset($_POST[new_shop])){
		$sql = "INSERT INTO ".$prefix."Runshops (runshop_name, runshop_name_tag, runshop_address, runshop_address_two, runshop_city, runshop_state, runshop_state_tag, runshop_zip, runshop_phone, runshop_fax, runshop_email, runshop_website, runshop_cart, runshop_contact, runshop_contact_names, runshop_diagnostics, runshop_shoes, runshop_socks, runshop_apparel_run, runshop_apparel_tri, runshop_swimgear, runshop_wetsuits, runshop_hours, runshop_classes, runshop_info, runshop_directions, runshop_submitted_by, runshop_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', $contact, '$contact_names', ',$diagnostics,', ',$shoes,', ',$socks,', ',$apparel_run,', ',$apparel_tri,', ',$swimgear,', ',$wetsuits,', '$hours', '$classes', '$info', '$directions', $submitted_by, 0)";
		//echo("shop entered!");
		//echo($sql);
		mysql_query($sql) OR die(mysql_error()); 
		header('Location: '.$site_url.'/add.php?confirmed=yes');
	  } elseif(isset($_POST[save_changes])) {
		$sql = "INSERT INTO ".$prefix."RunshopsEdits (runshop_id_fk, editor_user_id_fk, edit_timestamp, runshop_name, runshop_name_tag, runshop_address, runshop_address_two, runshop_city, runshop_state, runshop_state_tag, runshop_zip, runshop_phone, runshop_fax, runshop_email, runshop_website, runshop_cart, runshop_contact, runshop_contact_names, runshop_diagnostics, runshop_shoes, runshop_socks, runshop_apparel_run, runshop_apparel_tri, runshop_swimgear, runshop_wetsuits, runshop_hours, runshop_classes, runshop_info, runshop_directions, runshop_submitted_by, runshop_valid) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', $contact, '$contact_names', ',$diagnostics,', ',$shoes,', ',$socks,', ',$apparel_run,', ',$apparel_tri,', ',$swimgear,', ',$wetsuits,', '$hours', '$classes', '$info', '$directions', $submitted_by, 0)";
		mysql_query($sql) OR die(mysql_error());
		header('Location: '.$site_url.'/individual.php?runshop_id='.$id.'&wiki_change=success');
	  } else {
		header('Location: '.$site_url.'/individual.php?runshop_id='.$id.'&changes=failure');
	  }
	} else {
		//echo("shop NOT entered.");
		$confirm = 1;
	}
	// END CONFIRM ENTRY CHECK	
}
// END ERROR MESSAGE CHECK
?>