<?PHP

if (!$_POST){ header('Location: '.$site_url.'/?error=no_post'); }

/*

FIELD NAMES: 
retailer_id
retailer_name
retailer_name_tag
retailer_address
retailer_city
retailer_state
retailer_state_tag
retailer_zip
retailer_phone
retailer_fax
retailer_email
retailer_website
retailer_cart
retailer_mailorder_ecommerce
retailer_mailorder_phone
retailer_local_ecommerce
retailer_local_phone
retailer_pickup_ecommerce
retailer_pickup_phone
retailer_contact
retailer_contact_names
retailer_fist
retailer_fist_names
retailer_fist_road
retailer_fist_road_names
retailer_fist_advanced
retailer_fist_advanced_names
retailer_bfact
retailer_serotta
retailer_serotta_names
retailer_fitbikes
retailer_motioncapture
retailer_wetsuits
retailer_bikes
retailer_customs
retailer_hours
retailer_barnett
retailer_barnett_names
retailer_ubi
retailer_ubi_names
retailer_info
retailer_directions
submitted_by

*/

/* Need to ltrim and rtrim commas before insertion */

//Insert into database
$pass = 'abc123';
$errmsg = NULL;
   //Check for blank fields
   if ((!$_POST[retailer_name])) $errmsg = $errmsg.'Shop name, ';  
   if (!$_POST[retailer_city]) $errmsg = $errmsg.'City, ';
   if (!$_POST[retailer_state]) $errmsg = $errmsg.'State, ';
   if (!$_POST[retailer_address]) $errmsg = $errmsg.'Address, ';
   if (!$_POST[retailer_phone]) $errmsg = $errmsg.'Phone, ';
   if (!$_POST[retailer_email]) $errmsg = $errmsg.'Email, ';
   if (!$_POST[retailer_hours]) $errmsg = $errmsg.'Shop hours, ';
   if ($_POST[retailer_contact] == 1 && !$_POST[retailer_contact_names]) $errmsg = $errmsg.'Contact names, ';
   if ($_POST[retailer_fist] == 1 && !$_POST[retailer_fist_names]) $errmsg = $errmsg.'F.I.S.T. Tri fitters names, ';
	if ($_POST[retailer_fist_road] == 1 && !$_POST[retailer_fist_road_names]) $errmsg = $errmsg.'F.I.S.T. Road fitters names, ';
   if ($_POST[retailer_serotta] == 1 && !$_POST[retailer_serotta_names]) $errmsg = $errmsg.'Serotta fitters names, ';
   if ($_POST[retailer_barnett] == 1 && !$_POST[retailer_barnett_names]) $errmsg = $errmsg.'Barnett mechanics names, ';
   if ($_POST[retailer_ubi] == 1 && !$_POST[retailer_ubi_names]) $errmsg = $errmsg.'UBI mechanics names, ';
   if (strlen($_POST[retailer_info]) < 4) $errmsg = $errmsg.'Shop info, ';
   if (strlen($_POST[retailer_directions]) < 4) $errmsg = $errmsg.'Directions, ';
   if (isset($errmsg)) {
       $errmsg = 'The following fields cannot be left blank: '.$errmsg;
       $errmsg = rtrim($errmsg, ', ');
   }
   if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[retailer_name]) ) {
      // Contains invalid characters.
      $errmsg = "Please use only letters and numbers in the name";
   }
   // BEGIN ERROR MESSAGE CHECK
   if(!$errmsg){
	
		$name = mysql_real_escape_string(trim($_POST[retailer_name]));
		$name_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $name)));
		if(strlen($nametag) > 12){ //Shorten it
			$name_tag = substr($nametag, 0, 12);
		}
		$address = mysql_real_escape_string(trim($_POST[retailer_address]));
		$address_two = mysql_real_escape_string(trim($_POST[retailer_address_two]));
		$city = mysql_real_escape_string(trim($_POST[retailer_city]));
		$state = mysql_real_escape_string($_POST[retailer_state]);
		$state_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $state)));
		$zip = mysql_real_escape_string(trim($_POST[retailer_zip]));
		$phone = mysql_real_escape_string(trim($_POST[retailer_phone]));
		$fax = mysql_real_escape_string(trim($_POST[retailer_fax]));
		$email = mysql_real_escape_string(trim($_POST[retailer_email]));
		$website = mysql_real_escape_string(trim($_POST[retailer_website]));
		$substring = "http://";
		if (!is_int(strpos($website, $substring))) {
			$website = "http://".$website;
	  	}
		$cart = mysql_real_escape_string(trim($_POST[retailer_cart]));
		$mailorder_ecommerce = mysql_real_escape_string(trim($_POST[retailer_mailorder_ecommerce]));
		$mailorder_phone = mysql_real_escape_string(trim($_POST[retailer_mailorder_phone]));
		$local_ecommerce = mysql_real_escape_string(trim($_POST[retailer_local_ecommerce]));
		$local_phone = mysql_real_escape_string(trim($_POST[retailer_local_phone]));
		$pickup_ecommerce = mysql_real_escape_string(trim($_POST[retailer_pickup_ecommerce]));
		$pickup_phone = mysql_real_escape_string(trim($_POST[retailer_pickup_phone]));
		$contact = mysql_real_escape_string($_POST[retailer_contact]);
		if ( $contact == 0 ){ $contact_names = NULL; }else{ $contact_names = mysql_real_escape_string(trim($_POST[retailer_contact_names])); }
		$fist = mysql_real_escape_string($_POST[retailer_fist]);
		if ( $fist == 0 ){ $fist_names = NULL; }else{ $fist_names = mysql_real_escape_string(trim($_POST[retailer_fist_names])); }
		$fist_road = mysql_real_escape_string($_POST[retailer_fist_road]);
		if ( $fist_road == 0 ){ $fist_road_names = NULL; }else{ $fist_road_names = mysql_real_escape_string(trim($_POST[retailer_fist_road_names])); }
		$fist_advanced = mysql_real_escape_string($_POST[retailer_fist_advanced]);
		if ( $fist_advanced == 0 ){ $fist_advanced_names = NULL; }else{ $fist_advanced_names = mysql_real_escape_string(trim($_POST[retailer_fist_advanced_names])); }
		$bfact = mysql_real_escape_string(trim($_POST[retailer_bfact]));
		$serotta = mysql_real_escape_string($_POST[retailer_serotta]);
		if ( $serotta == 0 ){ $serotta_names = NULL; }else{ $serotta_names = mysql_real_escape_string(trim($_POST[retailer_serotta_names])); }
		/* Need to ltrim and rtrim commas before insertion --> or ltrim/rtrim before implosion*/
		$method = mysql_real_escape_string($_POST[retailer_method]);
		$fitbikes = mysql_real_escape_string($_POST[retailer_fitbikes]);
		$motioncapture = mysql_real_escape_string($_POST[retailer_motioncapture]);
		$wetsuits = mysql_real_escape_string($_POST[retailer_wetsuits]);
		$bikes = mysql_real_escape_string($_POST[retailer_bikes]);
		$customs = mysql_real_escape_string($_POST[retailer_customs]);
		$hours = mysql_real_escape_string(trim($_POST[retailer_hours]));
		$barnett = mysql_real_escape_string($_POST[retailer_barnett]);
		if ( $barnett == 0 ){ $barnett_names = NULL; }else{ $barnett_names = mysql_real_escape_string(trim($_POST[retailer_barnett_names])); }
		$ubi = mysql_real_escape_string($_POST[retailer_ubi]);
		if ( $ubi == 0 ){ $ubi_names = NULL; }else{ $ubi_names = mysql_real_escape_string(trim($_POST[retailer_ubi_names])); }
    	$info = mysql_real_escape_string(substr(trim($_POST[retailer_info]), 0, 4096));
    	$directions = mysql_real_escape_string(substr(trim($_POST[retailer_directions]), 0, 4096));
    	$submitted_by = mysql_real_escape_string($_POST[retailer_submitted_by]);
    	$id = mysql_real_escape_string($_POST[retailer_id]);
    	$edited_by = mysql_real_escape_string($_POST[edited_by]);
    	$edit_timestamp = time();
    	$spoke = mysql_real_escape_string(trim($_POST[retailer_spoke]));
      
      	// BEGIN CONFIRM ENTRY CHECK
     	if($_POST[confirm_entry] == 1){
     	  if(isset($_POST[new_shop])){
      		$sql = "INSERT INTO gforum_Retailers (retailer_name, retailer_name_tag, retailer_address, retailer_address_two, retailer_city, retailer_state, retailer_state_tag, retailer_zip, retailer_phone, retailer_fax, retailer_email, retailer_website, retailer_cart, retailer_mailorder_ecommerce, retailer_mailorder_phone, retailer_local_ecommerce, retailer_local_phone, retailer_pickup_ecommerce, retailer_pickup_phone, retailer_contact, retailer_contact_names, retailer_fist, retailer_fist_names, retailer_fist_road, retailer_fist_road_names, retailer_fist_advanced, retailer_fist_advanced_names, retailer_bfact, retailer_serotta, retailer_serotta_names, retailer_method, retailer_fitbikes, retailer_motioncapture, retailer_wetsuits, retailer_bikes, retailer_customs, retailer_hours, retailer_barnett, retailer_barnett_names, retailer_ubi, retailer_ubi_names, retailer_info, retailer_directions, retailer_submitted_by, retailer_valid, retailer_spoke) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', '$mailorder_ecommerce', '$mailorder_phone', '$local_ecommerce', '$local_phone', '$pickup_ecommerce', '$pickup_phone', $contact, '$contact_names', $fist, '$fist_names', $fist_road, '$fist_road_names', $fist_advanced, '$fist_advanced_names', '$bfact', $serotta, '$serotta_names', '$method', ',$fitbikes,', ',$motioncapture,', ',$wetsuits,', ',$bikes,', ',$customs,', '$hours', $barnett, '$barnett_names', $ubi, '$ubi_names', '$info', '$directions', $submitted_by, 0, '$spoke')";
	  		//echo("shop entered!");
	  		//echo($sql);
			mysql_query($sql) OR die(mysql_error()); 
			header('Location: '.$site_url.'/add.php?confirmed=yes');
		  } elseif(isset($_POST[save_changes])) {
      		$sql = "INSERT INTO gforum_RetailersEdits (retailer_id_fk, editor_user_id_fk, edit_timestamp, retailer_name, retailer_name_tag, retailer_address, retailer_address_two, retailer_city, retailer_state, retailer_state_tag, retailer_zip, retailer_phone, retailer_fax, retailer_email, retailer_website, retailer_cart, retailer_mailorder_ecommerce, retailer_mailorder_phone, retailer_local_ecommerce, retailer_local_phone, retailer_pickup_ecommerce, retailer_pickup_phone, retailer_contact, retailer_contact_names, retailer_fist, retailer_fist_names, retailer_fist_road, retailer_fist_road_names, retailer_fist_advanced, retailer_fist_advanced_names, retailer_bfact, retailer_serotta, retailer_serotta_names, retailer_method, retailer_fitbikes, retailer_motioncapture, retailer_wetsuits, retailer_bikes, retailer_customs, retailer_hours, retailer_barnett, retailer_barnett_names, retailer_ubi, retailer_ubi_names, retailer_info, retailer_directions, retailer_submitted_by, retailer_valid, retailer_spoke) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', '$mailorder_ecommerce', '$mailorder_phone', '$local_ecommerce', '$local_phone', '$pickup_ecommerce', '$pickup_phone', $contact, '$contact_names', $fist, '$fist_names', $fist_road, '$fist_road_names', $fist_advanced, '$fist_advanced_names', '$bfact', $serotta, '$serotta_names', '$method', ',$fitbikes,', ',$motioncapture,', ',$wetsuits,', ',$bikes,', ',$customs,', '$hours', $barnett, '$barnett_names', $ubi, '$ubi_names', '$info', '$directions', $submitted_by, 0, '$spoke')";
			mysql_query($sql) OR die(mysql_error());
			header('Location: '.$site_url.'/individual.php?retailer_id='.$id.'&wiki_change=success');
		  } else {
		  	header('Location: '.$site_url.'/individual.php?retailer_id='.$id.'&changes=failure');
		  }
		} else {
         	//echo("shop NOT entered.");
         	$confirm = 1;
		}
		// END CONFIRM ENTRY CHECK	
	}
	// END ERROR MESSAGE CHECK
?>