"; $errmsg = rtrim($errmsg, ", "); } $start_url = "(http(s)?\:\/\/)?"; // start url $dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end $last_part = "([\w_-]{2,})"; // last part doesn't contain a dot $user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~ $end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension $qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b) $qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d) $bkmrk = "(#[\w_-]+)?"; // bookmark $exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i"; if( !preg_match($exp, $_POST[fitter_website]) ) { // Contains invalid characters. $errmsg = $errmsg."Invalid Web Address
"; } if($_POST[fitter_portfolio] != "" && !preg_match($exp, $_POST[fitter_portfolio]) ) { // Contains invalid characters. $errmsg = $errmsg."Invalid Portfolio Address
"; } if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[fitter_name]) ) { // Contains invalid characters. $errmsg = $errmsg."Please use only letters and numbers in the name
"; } if(!$errmsg){ $name = trim($_POST[fitter_name]); $name_tag = strtolower(str_replace(" ","", $name)); if(strlen($nametag) > 12){ //Shorten it $name_tag = substr($nametag, 0, 12); } $address = mysql_escape_string(trim($_POST[fitter_address])); $full_address = $address; if (isset($_POST['fitter_address_two'])) { $address_two = mysql_escape_string(trim($_POST[fitter_address_two])); } else { $address_two = NULL; $full_address = $full_address.", ".$address_two; } $city = mysql_escape_string(trim($_POST[fitter_city])); $full_address = $full_address.", ".$city; $state = $_POST[fitter_state]; $full_address = $full_address.", ".$state; $state_tag = strtolower(str_replace(" ","", $state)); $zip = mysql_escape_string(trim($_POST[fitter_zip])); $full_address = $full_address." ".$zip; $latlng_override = $_POST[latlng_override]; if ($latlng_override == true) { $lat = $_POST[fitter_lat]; $lng = $_POST[fitter_lng]; } else { //geocode //echo ($full_address); $geocode_status = geocode($full_address); //echo (is_array($geocode_status)); if (is_array($geocode_status)) { $geocode_error = false; $lat = $geocode_status[0]; $_POST[fitter_lat] = $lat; $lng = $geocode_status[1]; $_POST[fitter_lng] = $lng; //echo ($lat.", ".$lng); } else { $geocode_error = true; $lat = 0; $_POST[fitter_lat] = $lat; $lng = 0; $_POST[fitter_lng] = $lng; $geocode_message = $geocode_status; } } $phone = trim($_POST[fitter_phone]); $fax = trim($_POST[fitter_fax]); $email = mysql_escape_string(trim($_POST[fitter_email])); $website = mysql_escape_string(trim($_POST[fitter_website])); $portfolio = mysql_escape_string(trim($_POST[fitter_portfolio])); $method = mysql_escape_string(trim($_POST[fitter_method])); $certifications = mysql_escape_string(trim($_POST[fitter_certifications])); $fitbikes = mysql_escape_string(trim($_POST[fitter_fitbikes])); $motioncapture = mysql_escape_string(trim($_POST[fitter_motioncapture])); $brandfriendly = mysql_escape_string(trim($_POST[fitter_brandfriendly])); $cost = mysql_escape_string(trim($_POST[fitter_cost])); $info = mysql_escape_string(nl2br(substr(trim($_POST[fitter_info]), 0, 4096))); $directions = mysql_escape_string(nl2br(substr(trim($_POST[fitter_directions]), 0, 4096))); $submitted_by = mysql_escape_string(trim($_POST[fitter_submitted_by])); $id = mysql_escape_string(trim($_POST[fitter_id])); $edited_by = mysql_escape_string(trim($_POST[edited_by])); $edit_timestamp = time(); // BEGIN CONFIRM ENTRY CHECK if($_POST[insert_fitter] == true){ if(isset($_POST[new_fitter])){ $sql = "INSERT INTO ".$prefix."Fitters (fitter_name, fitter_name_tag, fitter_address, fitter_address_two, fitter_city, fitter_state, fitter_state_tag, fitter_zip, fitter_lat, fitter_lng, fitter_phone, fitter_fax, fitter_email, fitter_website, fitter_method, fitter_certifications, fitter_fitbikes, fitter_motioncapture, fitter_brandfriendly, fitter_cost, fitter_info, fitter_directions, fitter_submitted_by, fitter_valid, fitter_portfolio) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$lat', '$lng', '$phone', '$fax', '$email', '$website', '$method', ',$certifications,', ',$fitbikes,', ',$motioncapture,', ',$brandfriendly,', '$cost', '$info', '$directions', $submitted_by, 0, '$portfolio')"; //echo("fitter entered!"); //echo($sql); mysql_query($sql) OR die(mysql_error()); header('Location: '.$site_url.'/add.php?confirmed=yes'); } elseif(isset($_POST[save_changes]) && $submitted_by != $edited_by) { $sql = "INSERT INTO ".$prefix."FittersEdits (fitter_id_fk, editor_user_id_fk, edit_timestamp, fitter_name, fitter_name_tag, fitter_address, fitter_address_two, fitter_city, fitter_state, fitter_state_tag, fitter_zip, fitter_lat, fitter_lng, fitter_phone, fitter_fax, fitter_email, fitter_website, fitter_method, fitter_certifications, fitter_fitbikes, fitter_motioncapture, fitter_brandfriendly, fitter_cost, fitter_info, fitter_directions, fitter_submitted_by, fitter_valid, fitter_portfolio) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$lat', '$lng', '$phone', '$fax', '$email', '$website', '$method', ',$certifications,', ',$fitbikes,', ',$motioncapture,', ',$brandfriendly,', '$cost', '$info', '$directions', $submitted_by, 0, '$portfolio')"; mysql_query($sql) OR die(mysql_error()); header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&wiki_change=edit_success'); } elseif(isset($_POST[save_changes]) && $submitted_by == $edited_by) { $sql = "UPDATE ".$prefix."Fitters SET fitter_name = '".$name."', fitter_name_tag = '".$name_tag."', fitter_address = '".$address."', fitter_address_two = '".$address_two."', fitter_city = '".$city."', fitter_state = '".$state."', fitter_state_tag = '".$state_tag."', fitter_phone = '".$phone."', fitter_fax = '".$fax."', fitter_zip = '".$zip."', fitter_lat = '".$lat."', fitter_lng = '".$lng."', fitter_email = '".$email."', fitter_website = '".$website."', fitter_method = '".$method."', fitter_certifications = ',".$certifications.",', fitter_fitbikes = ',".$fitbikes.",', fitter_motioncapture = ',".$motioncapture.",', fitter_brandfriendly = ',".$brandfriendly.",', fitter_cost = '".$cost."', fitter_info = '".$info."', fitter_directions = '".$directions."', fitter_portfolio = '".$portfolio."' WHERE fitter_id = $id"; //echo $sql; //exit(); mysql_query($sql) OR die(mysql_error()); header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&wiki_change=update_success'); } else { header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&changes=failure'); } } else { //echo("fitter NOT entered."); $confirm_fitter = true; } // END CONFIRM ENTRY CHECK } // END ERROR MESSAGE CHECK ?>