190 lines
8.7 KiB
PHP
190 lines
8.7 KiB
PHP
<?PHP
|
|
|
|
if (!$_POST){ header('Location: '.$site_url.'/?error=no_post'); }
|
|
|
|
/*
|
|
|
|
FIELD NAMES:
|
|
fitter_id
|
|
fitter_name
|
|
fitter_name_tag
|
|
fitter_address
|
|
fitter_address_two
|
|
fitter_city
|
|
fitter_state
|
|
fitter_state_tag
|
|
fitter_zip
|
|
fitter_phone
|
|
fitter_fax
|
|
fitter_email
|
|
fitter_website
|
|
fitter_certifications
|
|
fitter_fitbikes
|
|
fitter_motioncapture
|
|
fitter_cost
|
|
fitter_info
|
|
fitter_directions
|
|
fitter_submitted_by
|
|
fitter_valid
|
|
fitter_user_tags
|
|
|
|
*/
|
|
|
|
/* Need to ltrim and rtrim commas before insertion */
|
|
|
|
//Insert into database
|
|
$errmsg = NULL;
|
|
//Check for blank fields
|
|
if ((!$_POST[fitter_name])) $errmsg = $errmsg."Shop name, ";
|
|
if (!$_POST[fitter_city]) $errmsg = $errmsg."City, ";
|
|
if (!$_POST[fitter_state]) $errmsg = $errmsg."State, ";
|
|
if (!$_POST[fitter_address]) $errmsg = $errmsg."Address, ";
|
|
if ((!$_POST[fitter_lat] || !$_POST[fitter_lng]) && $_POST[latlng_override] == true) $errmsg = $errmsg."Lat/Lng cannot be left blank if you wish to override address, ";
|
|
if (!$_POST[fitter_phone]) $errmsg = $errmsg."Phone, ";
|
|
if (!$_POST[fitter_email]) $errmsg = $errmsg."Email, ";
|
|
if (!$_POST[fitter_website]) $errmsg = $errmsg."Website, ";
|
|
if (!$_POST[fitter_cost]) $errmsg = $errmsg."Cost, ";
|
|
if (strlen($_POST[fitter_info]) < 4) $errmsg = $errmsg."General Info, ";
|
|
if (strlen($_POST[fitter_directions]) < 4) $errmsg = $errmsg."Directions, ";
|
|
if (isset($errmsg)) {
|
|
$errmsg = "The following fields cannot be left blank: ".$errmsg."<br />";
|
|
$errmsg = rtrim($errmsg, ", ");
|
|
}
|
|
|
|
$start_url = "(http(s)?\:\/\/)?"; // start url
|
|
$dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end
|
|
$last_part = "([\w_-]{2,})"; // last part doesn't contain a dot
|
|
$user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~
|
|
$end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension
|
|
$qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b)
|
|
$qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d)
|
|
$bkmrk = "(#[\w_-]+)?"; // bookmark
|
|
|
|
$exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i";
|
|
if( !preg_match($exp, $_POST[fitter_website]) ) {
|
|
// Contains invalid characters.
|
|
$errmsg = $errmsg."Invalid Web Address<br />";
|
|
}
|
|
if($_POST[fitter_portfolio] != "" && !preg_match($exp, $_POST[fitter_portfolio]) ) {
|
|
// Contains invalid characters.
|
|
$errmsg = $errmsg."Invalid Portfolio Address<br />";
|
|
}
|
|
if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[fitter_name]) ) {
|
|
// Contains invalid characters.
|
|
$errmsg = $errmsg."Please use only letters and numbers in the name<br />";
|
|
}
|
|
|
|
if(!$errmsg){
|
|
|
|
$name = trim($_POST[fitter_name]);
|
|
$name_tag = strtolower(str_replace(" ","", $name));
|
|
if(strlen($nametag) > 12){ //Shorten it
|
|
$name_tag = substr($nametag, 0, 12);
|
|
}
|
|
$address = mysql_escape_string(trim($_POST[fitter_address]));
|
|
$full_address = $address;
|
|
if (isset($_POST['fitter_address_two'])) { $address_two = mysql_escape_string(trim($_POST[fitter_address_two])); } else { $address_two = NULL; $full_address = $full_address.", ".$address_two; }
|
|
$city = mysql_escape_string(trim($_POST[fitter_city]));
|
|
$full_address = $full_address.", ".$city;
|
|
$state = $_POST[fitter_state];
|
|
$full_address = $full_address.", ".$state;
|
|
$state_tag = strtolower(str_replace(" ","", $state));
|
|
$zip = mysql_escape_string(trim($_POST[fitter_zip]));
|
|
$full_address = $full_address." ".$zip;
|
|
$latlng_override = $_POST[latlng_override];
|
|
if ($latlng_override == true) {
|
|
$lat = $_POST[fitter_lat];
|
|
$lng = $_POST[fitter_lng];
|
|
} else {
|
|
//geocode
|
|
//echo ($full_address);
|
|
$geocode_status = geocode($full_address);
|
|
//echo (is_array($geocode_status));
|
|
if (is_array($geocode_status)) {
|
|
$geocode_error = false;
|
|
$lat = $geocode_status[0];
|
|
$_POST[fitter_lat] = $lat;
|
|
$lng = $geocode_status[1];
|
|
$_POST[fitter_lng] = $lng;
|
|
//echo ($lat.", ".$lng);
|
|
} else {
|
|
$geocode_error = true;
|
|
$lat = 0;
|
|
$_POST[fitter_lat] = $lat;
|
|
$lng = 0;
|
|
$_POST[fitter_lng] = $lng;
|
|
$geocode_message = $geocode_status;
|
|
}
|
|
}
|
|
$phone = trim($_POST[fitter_phone]);
|
|
$fax = trim($_POST[fitter_fax]);
|
|
$email = mysql_escape_string(trim($_POST[fitter_email]));
|
|
$website = mysql_escape_string(trim($_POST[fitter_website]));
|
|
$portfolio = mysql_escape_string(trim($_POST[fitter_portfolio]));
|
|
$method = mysql_escape_string(trim($_POST[fitter_method]));
|
|
$certifications = mysql_escape_string(trim($_POST[fitter_certifications]));
|
|
$fitbikes = mysql_escape_string(trim($_POST[fitter_fitbikes]));
|
|
$motioncapture = mysql_escape_string(trim($_POST[fitter_motioncapture]));
|
|
$brandfriendly = mysql_escape_string(trim($_POST[fitter_brandfriendly]));
|
|
$cost = mysql_escape_string(trim($_POST[fitter_cost]));
|
|
$info = mysql_escape_string(nl2br(substr(trim($_POST[fitter_info]), 0, 4096)));
|
|
$directions = mysql_escape_string(nl2br(substr(trim($_POST[fitter_directions]), 0, 4096)));
|
|
$submitted_by = mysql_escape_string(trim($_POST[fitter_submitted_by]));
|
|
$id = mysql_escape_string(trim($_POST[fitter_id]));
|
|
$edited_by = mysql_escape_string(trim($_POST[edited_by]));
|
|
$edit_timestamp = time();
|
|
|
|
// BEGIN CONFIRM ENTRY CHECK
|
|
if($_POST[insert_fitter] == true){
|
|
if(isset($_POST[new_fitter])){
|
|
$sql = "INSERT INTO ".$prefix."Fitters (fitter_name, fitter_name_tag, fitter_address, fitter_address_two, fitter_city, fitter_state, fitter_state_tag, fitter_zip, fitter_lat, fitter_lng, fitter_phone, fitter_fax, fitter_email, fitter_website, fitter_method, fitter_certifications, fitter_fitbikes, fitter_motioncapture, fitter_brandfriendly, fitter_cost, fitter_info, fitter_directions, fitter_submitted_by, fitter_valid, fitter_portfolio) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$lat', '$lng', '$phone', '$fax', '$email', '$website', '$method', ',$certifications,', ',$fitbikes,', ',$motioncapture,', ',$brandfriendly,', '$cost', '$info', '$directions', $submitted_by, 0, '$portfolio')";
|
|
//echo("fitter entered!");
|
|
//echo($sql);
|
|
mysql_query($sql) OR die(mysql_error());
|
|
header('Location: '.$site_url.'/add.php?confirmed=yes');
|
|
} elseif(isset($_POST[save_changes]) && $submitted_by != $edited_by) {
|
|
$sql = "INSERT INTO ".$prefix."FittersEdits (fitter_id_fk, editor_user_id_fk, edit_timestamp, fitter_name, fitter_name_tag, fitter_address, fitter_address_two, fitter_city, fitter_state, fitter_state_tag, fitter_zip, fitter_lat, fitter_lng, fitter_phone, fitter_fax, fitter_email, fitter_website, fitter_method, fitter_certifications, fitter_fitbikes, fitter_motioncapture, fitter_brandfriendly, fitter_cost, fitter_info, fitter_directions, fitter_submitted_by, fitter_valid, fitter_portfolio) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$lat', '$lng', '$phone', '$fax', '$email', '$website', '$method', ',$certifications,', ',$fitbikes,', ',$motioncapture,', ',$brandfriendly,', '$cost', '$info', '$directions', $submitted_by, 0, '$portfolio')";
|
|
mysql_query($sql) OR die(mysql_error());
|
|
header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&wiki_change=edit_success');
|
|
} elseif(isset($_POST[save_changes]) && $submitted_by == $edited_by) {
|
|
$sql = "UPDATE ".$prefix."Fitters
|
|
SET fitter_name = '".$name."',
|
|
fitter_name_tag = '".$name_tag."',
|
|
fitter_address = '".$address."',
|
|
fitter_address_two = '".$address_two."',
|
|
fitter_city = '".$city."',
|
|
fitter_state = '".$state."',
|
|
fitter_state_tag = '".$state_tag."',
|
|
fitter_phone = '".$phone."',
|
|
fitter_fax = '".$fax."',
|
|
fitter_zip = '".$zip."',
|
|
fitter_lat = '".$lat."',
|
|
fitter_lng = '".$lng."',
|
|
fitter_email = '".$email."',
|
|
fitter_website = '".$website."',
|
|
fitter_method = '".$method."',
|
|
fitter_certifications = ',".$certifications.",',
|
|
fitter_fitbikes = ',".$fitbikes.",',
|
|
fitter_motioncapture = ',".$motioncapture.",',
|
|
fitter_brandfriendly = ',".$brandfriendly.",',
|
|
fitter_cost = '".$cost."',
|
|
fitter_info = '".$info."',
|
|
fitter_directions = '".$directions."',
|
|
fitter_portfolio = '".$portfolio."'
|
|
WHERE fitter_id = $id";
|
|
//echo $sql;
|
|
//exit();
|
|
mysql_query($sql) OR die(mysql_error());
|
|
header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&wiki_change=update_success');
|
|
} else {
|
|
header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&changes=failure');
|
|
}
|
|
} else {
|
|
//echo("fitter NOT entered.");
|
|
$confirm_fitter = true;
|
|
}
|
|
// END CONFIRM ENTRY CHECK
|
|
}
|
|
// END ERROR MESSAGE CHECK
|
|
?>
|