125 lines
5.3 KiB
PHP
125 lines
5.3 KiB
PHP
<?PHP
|
|
|
|
if (!$_POST){ header('Location: '.$site_url); }
|
|
|
|
/*
|
|
|
|
FIELD NAMES:
|
|
runshop_id
|
|
runshop_name
|
|
runshop_name_tag
|
|
runshop_address
|
|
runshop_address_two
|
|
runshop_city
|
|
runshop_state
|
|
runshop_state_tag
|
|
runshop_zip
|
|
runshop_phone
|
|
runshop_fax
|
|
runshop_email
|
|
runshop_website
|
|
runshop_cart
|
|
runshop_contact
|
|
runshop_contact_names
|
|
runshop_diagnostics
|
|
runshop_shoes
|
|
runshop_socks
|
|
runshop_apparel_run
|
|
runshop_apparel_tri
|
|
runshop_swimgear
|
|
runshop_wetsuits
|
|
runshop_hours
|
|
runshop_classes
|
|
runshop_info
|
|
runshop_directions
|
|
runshop_submitted_by
|
|
runshop_valid
|
|
runshop_shopper_tags
|
|
|
|
*/
|
|
|
|
/* Need to ltrim and rtrim commas before insertion */
|
|
|
|
//Insert into database
|
|
$errmsg = NULL;
|
|
//Check for blank fields
|
|
if ((!$_POST[name])) $errmsg = $errmsg.'Shop name, ';
|
|
if (!$_POST[city]) $errmsg = $errmsg.'City, ';
|
|
if (!$_POST[state]) $errmsg = $errmsg.'State, ';
|
|
if (!$_POST[address]) $errmsg = $errmsg.'Address, ';
|
|
if (!$_POST[phone]) $errmsg = $errmsg.'Phone, ';
|
|
if (!$_POST[email]) $errmsg = $errmsg.'Email, ';
|
|
if (!$_POST[hours]) $errmsg = $errmsg.'Shop hours, ';
|
|
if ($_POST[contact] == 1 && !$_POST[contact_names]) $errmsg = $errmsg.'Contact names, ';
|
|
if (strlen($_POST[classes]) < 4) $errmsg = $errmsg.'Runs & classes, ';
|
|
if (strlen($_POST[info]) < 4) $errmsg = $errmsg.'Shop info, ';
|
|
if (strlen($_POST[directions]) < 4) $errmsg = $errmsg.'Directions, ';
|
|
if (isset($errmsg)) {
|
|
$errmsg = 'The following fields cannot be left blank: '.$errmsg;
|
|
$errmsg = rtrim($errmsg, ', ');
|
|
}
|
|
$start_url = "(http(s)?\:\/\/)?"; // start url
|
|
$dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end
|
|
$last_part = "([\w_-]{2,})"; // last part doesn't contain a dot
|
|
$user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~
|
|
$end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension
|
|
$qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b)
|
|
$qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d)
|
|
$bkmrk = "(#[\w_-]+)?"; // bookmark
|
|
|
|
$exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i";
|
|
if( !preg_match($exp, $_POST[website]) && $_POST[website] != "") {
|
|
// Contains invalid characters.
|
|
$errmsg = $errmsg."Invalid Web Address<br />";
|
|
}
|
|
if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[name]) ) {
|
|
// Contains invalid characters.
|
|
$errmsg = "Please use only letters and numbers in the name";
|
|
}
|
|
if(!$errmsg){
|
|
$name = mysql_real_escape_string(trim($_POST[name]));
|
|
$name_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $name)));
|
|
if(strlen($nametag) > 12){ //Shorten it
|
|
$name_tag = substr($nametag, 0, 12);
|
|
}
|
|
$address = mysql_real_escape_string(trim($_POST[address]));
|
|
$address_two = mysql_real_escape_string(trim($_POST[address_two]));
|
|
$city = mysql_real_escape_string(trim($_POST[city]));
|
|
$state = mysql_real_escape_string($_POST[state]);
|
|
$state_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $state)));
|
|
$zip = mysql_real_escape_string(trim($_POST[zip]));
|
|
$phone = mysql_real_escape_string(trim($_POST[phone]));
|
|
$fax = mysql_real_escape_string(trim($_POST[fax]));
|
|
$email = mysql_real_escape_string(trim($_POST[email]));
|
|
$website = mysql_real_escape_string(trim($_POST[website]));
|
|
$cart = mysql_real_escape_string(trim($_POST[cart]));
|
|
$contact = mysql_real_escape_string($_POST[contact]);
|
|
if ( $contact == 0 ){ $contact_names = NULL; }else{ $contact_names = mysql_real_escape_string(trim($_POST[contact_names])); }
|
|
/* Need to ltrim and rtrim commas before insertion --> or ltrim/rtrim before implosion*/
|
|
$diagnostics = mysql_real_escape_string($_POST[diagnostics]);
|
|
$shoes = mysql_real_escape_string($_POST[shoes]);
|
|
$socks = mysql_real_escape_string($_POST[socks]);
|
|
$apparelrun = mysql_real_escape_string($_POST[apparel_run]);
|
|
$appareltri = mysql_real_escape_string($_POST[apparel_tri]);
|
|
$swimgear = mysql_real_escape_string($_POST[swimgear]);
|
|
$wetsuits = mysql_real_escape_string($_POST[wetsuits]);
|
|
$hours = mysql_real_escape_string(trim($_POST[hours]));
|
|
$classes = mysql_real_escape_string(nl2br(substr(trim($_POST[classes]), 0, 4096)));
|
|
$info = mysql_real_escape_string(nl2br(substr(trim($_POST[info]), 0, 4096)));
|
|
$directions = mysql_real_escape_string(nl2br(substr(trim($_POST[directions]), 0, 4096)));
|
|
$submitted_by = mysql_real_escape_string($_POST[submitted_by]);
|
|
|
|
if($_POST[confirm1] == 1){
|
|
$sql = "INSERT INTO ".$prefix."Runshops (runshop_name, runshop_name_tag, runshop_address, runshop_address_two, runshop_city, runshop_state, runshop_state_tag, runshop_zip, runshop_phone, runshop_fax, runshop_email, runshop_website, runshop_cart, runshop_contact, runshop_contact_names, runshop_diagnostics, runshop_shoes, runshop_socks, runshop_apparel_run, runshop_apparel_tri, runshop_swimgear, runshop_wetsuits, runshop_hours, runshop_classes, runshop_info, runshop_directions, runshop_submitted_by, runshop_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', $contact, '$contact_names', ',$diagnostics,', ',$shoes,', ',$socks,', ',$apparelrun,', ',$appareltri,', ',$swimgear,', ',$wetsuits,', '$hours', '$classes', '$info', '$directions', $submitted_by, 0)";
|
|
//echo("shop entered!");
|
|
//echo($sql);
|
|
//exit();
|
|
mysql_query($sql) OR die(mysql_error());
|
|
//exit();
|
|
}else{
|
|
//echo("shop NOT entered.");
|
|
$confirm = 1;
|
|
}
|
|
}
|
|
?>
|