discourse-legacysite-perl/site/retailers/add_X.php

<?PHP

if (!$_POST){ header('Location: '.$site_url); }

/*

FIELD NAMES: 
retailer_id
retailer_name
retailer_name_tag
retailer_address
retailer_city
retailer_state
retailer_state_tag
retailer_zip
retailer_phone
retailer_fax
retailer_email
retailer_website
retailer_cart
retailer_mailorder_ecommerce
retailer_mailorder_phone
retailer_local_ecommerce
retailer_local_phone
retailer_pickup_ecommerce
retailer_pickup_phone
retailer_contact
retailer_contact_names
retailer_fist
retailer_fist_names
retailer_fist_road
retailer_fist_road_names
retailer_fist_advanced
retailer_fist_advanced_names
retailer_bfact
retailer_serotta
retailer_serotta_names
retailer_fitbikes
retailer_motioncapture
retailer_wetsuits
retailer_bikes
retailer_customs
retailer_hours
retailer_barnett
retailer_barnett_names
retailer_ubi
retailer_ubi_names
retailer_info
retailer_directions
submitted_by

*/

/* Need to ltrim and rtrim commas before insertion */

//Insert into database
$pass = 'abc123';
$errmsg = NULL;
//if(strcmp($_POST[password], $pass) == 0){ //Password is good
   //Check for blank fields
   if ((!$_POST[name])) $errmsg = $errmsg.'Shop name, ';  
   if (!$_POST[city]) $errmsg = $errmsg.'City, ';
   if (!$_POST[state]) $errmsg = $errmsg.'State, ';
   if (!$_POST[address]) $errmsg = $errmsg.'Address, ';
   if (!$_POST[phone]) $errmsg = $errmsg.'Phone, ';
   if (!$_POST[email]) $errmsg = $errmsg.'Email, ';
   if (!$_POST[hours]) $errmsg = $errmsg.'Shop hours, ';
   if ($_POST[contact] == 1 && !$_POST[contact_names]) $errmsg = $errmsg.'Contact names, ';
   if ($_POST[fist] == 1 && !$_POST[fist_names]) $errmsg = $errmsg.'F.I.S.T. Tri fitters names, ';
   if ($_POST[fist_road] == 1 && !$_POST[fist_road_names]) $errmsg = $errmsg.'F.I.S.T. Road fitters names, ';
   if ($_POST[fist_advanced] == 1 && !$_POST[fist_advanced_names]) $errmsg = $errmsg.'F.I.S.T. Advanced fitters names, ';
   if ($_POST[serotta] == 1 && !$_POST[serotta_names]) $errmsg = $errmsg.'Serotta fitters names, ';
   if ($_POST[barnett] == 1 && !$_POST[barnett_names]) $errmsg = $errmsg.'Barnett mechanics names, ';
   if ($_POST[ubi] == 1 && !$_POST[ubi_names]) $errmsg = $errmsg.'UBI mechanics names, ';
   if (strlen($_POST[info]) < 4) $errmsg = $errmsg.'Shop info, ';
   if (strlen($_POST[directions]) < 4) $errmsg = $errmsg.'Directions, ';
   if (isset($errmsg)) {
       $errmsg = 'The following fields cannot be left blank: '.$errmsg;
       $errmsg = rtrim($errmsg, ', ');
   }
   if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[name]) ) {
      // Contains invalid characters.
      $errmsg = "Please use only letters and numbers in the name";
   }
   if(!$errmsg){
	
		$name = mysql_real_escape_string(trim($_POST[name]));
		$name_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $name)));
		if(strlen($nametag) > 12){ //Shorten it
			$name_tag = substr($nametag, 0, 12);
		}
		$address = mysql_real_escape_string(trim($_POST[address]));
		$address_two = mysql_real_escape_string(trim($_POST[address_two]));
		$city = mysql_real_escape_string(trim($_POST[city]));
		$state = mysql_real_escape_string($_POST[state]);
		$state_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $state)));
		$zip = mysql_real_escape_string(trim($_POST[zip]));
		$phone = mysql_real_escape_string(trim($_POST[phone]));
		$fax = mysql_real_escape_string(trim($_POST[fax]));
		$email = mysql_real_escape_string(trim($_POST[email]));
		$website = mysql_real_escape_string(trim($_POST[website]));
		$cart = mysql_real_escape_string(trim($_POST[cart]));
		$spoke = mysql_real_escape_string(trim($_POST[spoke]));
		$mailorder_ecommerce = mysql_real_escape_string(trim($_POST[mailorder_ecommerce]));
		$mailorder_phone = mysql_real_escape_string(trim($_POST[mailorder_phone]));
		$local_ecommerce = mysql_real_escape_string(trim($_POST[local_ecommerce]));
		$local_phone = mysql_real_escape_string(trim($_POST[local_phone]));
		$pickup_ecommerce = mysql_real_escape_string(trim($_POST[pickup_ecommerce]));
		$pickup_phone = mysql_real_escape_string(trim($_POST[pickup_phone]));
		$contact = mysql_real_escape_string($_POST[contact]);
		if ( $contact == 0 ){ $contact_names = NULL; }else{ $contact_names = mysql_real_escape_string(trim($_POST[contact_names])); }
		$fist = mysql_real_escape_string($_POST[fist]);
		if ( $fist == 0 ){ $fist_names = NULL; }else{ $fist_names = mysql_real_escape_string(trim($_POST[fist_names])); }
		$fist_road = mysql_real_escape_string($_POST[fist_road]);
		if ( $fist_road == 0 ){ $fist_road_names = NULL; }else{ $fist_road_names = mysql_real_escape_string(trim($_POST[fist_road_names])); }
		$fist_advanced = mysql_real_escape_string($_POST[fist_advanced]);
		if ( $fist_advanced == 0 ){ $fist_advanced_names = NULL; }else{ $fist_advanced_names = mysql_real_escape_string(trim($_POST[fist_advanced_names])); }
		$bfact = mysql_real_escape_string(trim($_POST[bfact]));
		$serotta = mysql_real_escape_string($_POST[serotta]);
		if ( $serotta == 0 ){ $serotta_names = NULL; }else{ $serotta_names = mysql_real_escape_string(trim($_POST[serotta_names])); }
		/* Need to ltrim and rtrim commas before insertion --> or ltrim/rtrim before implosion*/
		$methods = mysql_real_escape_string($_POST[methods]);		
		$fitbikes = mysql_real_escape_string($_POST[fitbikes]);
		$motioncapture = mysql_real_escape_string($_POST[motioncapture]);
		$wetsuits = mysql_real_escape_string($_POST[wetsuits]);
		$bikes = mysql_real_escape_string($_POST[bikes]);
		$customs = mysql_real_escape_string($_POST[customs]);
		$hours = mysql_real_escape_string(trim($_POST[hours]));
		$barnett = mysql_real_escape_string($_POST[barnett]);
		if ( $barnett == 0 ){ $barnett_names = NULL; }else{ $barnett_names = mysql_real_escape_string(trim($_POST[barnett_names])); }
		$ubi = mysql_real_escape_string($_POST[ubi]);
		if ( $ubi == 0 ){ $ubi_names = NULL; }else{ $ubi_names = mysql_real_escape_string(trim($_POST[ubi_names])); }
    	$info = mysql_real_escape_string(nl2br(substr(trim($_POST[info]), 0, 4096)));
    	$directions = mysql_real_escape_string(nl2br(substr(trim($_POST[directions]), 0, 4096)));
    	$submitted_by = mysql_real_escape_string($_POST[submitted_by]);
      
     	if($_POST[confirm1] == 1){
      		$sql = "INSERT INTO gforum_Retailers (retailer_name, retailer_name_tag, retailer_address, retailer_address_two, retailer_city, retailer_state, retailer_state_tag, retailer_zip, retailer_phone, retailer_fax, retailer_email, retailer_website, retailer_cart, retailer_mailorder_ecommerce, retailer_mailorder_phone, retailer_local_ecommerce, retailer_local_phone, retailer_pickup_ecommerce, retailer_pickup_phone, retailer_contact, retailer_contact_names, retailer_fist, retailer_fist_names, retailer_fist_road, retailer_fist_road_names, retailer_fist_advanced, retailer_fist_advanced_names, retailer_bfact, retailer_serotta, retailer_serotta_names, retailer_method, retailer_fitbikes, retailer_motioncapture, retailer_wetsuits, retailer_bikes, retailer_customs, retailer_hours, retailer_barnett, retailer_barnett_names, retailer_ubi, retailer_ubi_names, retailer_info, retailer_directions, retailer_submitted_by, retailer_valid, retailer_spoke) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', '$mailorder_ecommerce', '$mailorder_phone', '$local_ecommerce', '$local_phone', '$pickup_ecommerce', '$pickup_phone', $contact, '$contact_names', $fist, '$fist_names', $fist_road, '$fist_road_names', $fist_advanced, '$fist_advanced_names', '$bfact', $serotta, '$serotta_names', '$methods', ',$fitbikes,', ',$motioncapture,', ',$wetsuits,', ',$bikes,', ',$customs,', '$hours', $barnett, '$barnett_names', $ubi, '$ubi_names', '$info', '$directions', $submitted_by, 0, '$spoke')";
	    //echo("shop entered!");
	    //echo($sql);
	    //exit();
	    mysql_query($sql) OR die(mysql_error());
	    //exit();
	  }else{
         //echo("shop NOT entered.");
         $confirm = 1;
}
   }  
//}else{
  // $errmsg = 'Incorrect key.';
//}
?>