<?PHP

if (!$_POST){ header('Location: '.$site_url.'/?error=no_post'); }

/*

FIELD NAMES: 
triclub_id
triclub_name
triclub_name_tag
triclub_address
triclub_address_two
triclub_city
triclub_state
triclub_state_tag
triclub_zip
triclub_email
triclub_website
triclub_president
triclub_board
triclub_board_names
triclub_membership
triclub_dues
triclub_info
triclub_sponsors
triclub_discounts
triclub_directions
triclub_workouts
triclub_meetings
triclub_submitted_by
triclub_valid
triclub_member_tags

*/

/* Need to ltrim and rtrim commas before insertion */

//Insert into database
//$pass = 'abc123';
$errmsg = NULL;
//if(strcmp($_POST[password], $pass) == 0){ //Password is good
   //Check for blank fields
   if ((!$_POST[triclub_name])) $errmsg = $errmsg."Shop name, ";  
   if (!$_POST[triclub_city]) $errmsg = $errmsg."City, ";
   if (!$_POST[triclub_state]) $errmsg = $errmsg."State, ";
   if (!$_POST[triclub_address]) $errmsg = $errmsg."Address, ";
   if (!$_POST[triclub_email]) $errmsg = $errmsg."Email, ";
   if (!$_POST[triclub_website]) $errmsg = $errmsg."Website, ";
   if (!$_POST[triclub_president]) $errmsg = $errmsg."President, ";
   if (!$_POST[triclub_dues]) $errmsg = $errmsg."Dues, ";
   if (!$_POST[triclub_membership]) $errmsg = $errmsg."Membership, ";
   if ($_POST[triclub_contact] == 1 && !$_POST[triclub_contact_names]) $errmsg = $errmsg."Board names, ";
   if (strlen($_POST[triclub_info]) < 4) $errmsg = $errmsg."Club info, ";
   if (strlen($_POST[triclub_sponsors]) < 4) $errmsg = $errmsg."Club sponsors, ";
   if (strlen($_POST[triclub_discounts]) < 4) $errmsg = $errmsg."Club discounts, ";
   if (strlen($_POST[triclub_directions]) < 4) $errmsg = $errmsg."Directions, ";
   if (strlen($_POST[triclub_workouts]) < 4) $errmsg = $errmsg."Club workouts, ";
   if (strlen($_POST[triclub_meetings]) < 4) $errmsg = $errmsg."Club meetings, ";
   if (isset($errmsg)) {
       $errmsg = "The following fields cannot be left blank: ".$errmsg."<br />";
       $errmsg = rtrim($errmsg, ", ");
   }
   if (!is_numeric($_POST[triclub_membership])) $errmsg = $errmsg."Membership must be a number ONLY<br />";
   $start_url = "(http(s)?\:\/\/)?"; // start url
   $dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end
   $last_part = "([\w_-]{2,})"; // last part doesn't contain a dot
   $user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~
   $end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension
   $qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b)
   $qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d)
   $bkmrk = "(#[\w_-]+)?"; // bookmark

   $exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i";
   if( !preg_match($exp, $_POST[triclub_website]) ) {
   		// Contains invalid characters.
      $errmsg = $errmsg."Invalid Web Address<br />";
   }
   if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[triclub_name]) ) {
      // Contains invalid characters.
      $errmsg = $errmsg."Please use only letters and numbers in the name<br />";
   }
   if(!$errmsg){
	
		$name = trim($_POST[triclub_name]);
		$name_tag = strtolower(str_replace(" ","", $name));
		if(strlen($nametag) > 12){ //Shorten it
			$name_tag = substr($nametag, 0, 12);
		}
		$address = mysql_escape_string(trim($_POST[triclub_address]));
		if (isset($_POST['triclub_address_two'])) { $address_two = mysql_escape_string(trim($_POST[triclub_address_two])); } else { $triclub_address_two = NULL; }
		$city = mysql_escape_string(trim($_POST[triclub_city]));
		$state = $_POST[triclub_state];
		$state_tag = strtolower(str_replace(" ","", $state));
		$zip = mysql_escape_string(trim($_POST[triclub_zip]));
		$email = mysql_escape_string(trim($_POST[triclub_email]));
		$website = mysql_escape_string(trim($_POST[triclub_website]));
		$president = mysql_escape_string(trim($_POST[triclub_president]));
		$dues = mysql_escape_string(trim($_POST[triclub_dues]));
		$membership = mysql_escape_string(trim($_POST[triclub_membership]));
		$board = $_POST[triclub_board];
		if ( $board == 0 ){ $board_names = NULL; }else{ $board_names = mysql_escape_string(trim($_POST[triclub_board_names])); }
    	$info = mysql_escape_string(nl2br(substr(trim($_POST[triclub_info]), 0, 4096)));
    	$sponsors = mysql_escape_string(nl2br(substr(trim($_POST[triclub_sponsors]), 0, 4096)));
    	$discounts = mysql_escape_string(nl2br(substr(trim($_POST[triclub_discounts]), 0, 4096)));
    	$directions = mysql_escape_string(nl2br(substr(trim($_POST[triclub_directions]), 0, 4096)));
    	$workouts = mysql_escape_string(nl2br(substr(trim($_POST[triclub_workouts]), 0, 4096)));
    	$meetings = mysql_escape_string(nl2br(substr(trim($_POST[triclub_meetings]), 0, 4096)));
    	$submitted_by = $_POST[triclub_submitted_by];
    	$id = $_POST[triclub_id];
    	$edited_by = $_POST[edited_by];
    	$edit_timestamp = time();
      
      	// BEGIN CONFIRM ENTRY CHECK
     	if($_POST[confirm_entry] == 1){
     	  if(isset($_POST[new_club])){
      		$sql = "INSERT INTO ".$prefix."Triclubs (triclub_name, triclub_name_tag, triclub_address, triclub_address_two, triclub_city, triclub_state, triclub_state_tag, triclub_zip, triclub_email, triclub_website, triclub_president, triclub_board, triclub_board_names, triclub_membership, triclub_dues, triclub_info, triclub_sponsors, triclub_discounts, triclub_directions, triclub_workouts, triclub_meetings, triclub_submitted_by, triclub_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$email', '$website',  '$president', $board, '$board_names', '$membership', '$dues', '$info', '$sponsors', '$discounts', '$directions', '$workouts', '$meetings', '$submitted_by', 0)";
	  		//echo("club entered!");
	  		//echo($sql);
			mysql_query($sql) OR die(mysql_error()); 
			header('Location: '.$site_url.'/add.php?confirmed=yes');
		  } elseif(isset($_POST[save_changes])) {
      		$sql = "INSERT INTO ".$prefix."TriclubsEdits (triclub_id_fk, editor_user_id_fk, edit_timestamp, triclub_name, triclub_name_tag, triclub_address, triclub_address_two, triclub_city, triclub_state, triclub_state_tag, triclub_zip, triclub_email, triclub_website, triclub_president, triclub_board, triclub_board_names, triclub_membership, triclub_dues, triclub_info, triclub_sponsors, triclub_discounts, triclub_directions, triclub_workouts, triclub_meetings, triclub_submitted_by, triclub_valid) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$email', '$website',  '$president', $board, '$board_names', '$membership', '$dues', '$info', '$sponsors', '$discounts', '$directions', '$workouts', '$meetings', '$submitted_by', 0)";
			mysql_query($sql) OR die(mysql_error());
			header('Location: '.$site_url.'/individual.php?triclub_id='.$id.'&wiki_change=success');
		  } else {
		  	header('Location: '.$site_url.'/individual.php?triclub_id='.$id.'&changes=failure');
		  }
		} else {
         	//echo("club NOT entered.");
         	$confirm = 1;
		}
		// END CONFIRM ENTRY CHECK	
	}
	// END ERROR MESSAGE CHECK
?>