start();*/ $waiver = WAIVER; $waiver_label = WAIVER_LABEL; $email_list = EMAIL_LIST; $volunteer_interest_form = VOLUNTEER_INTEREST_FORM; $volunteer_interest_form_name = VOLUNTEER_INTEREST_FORM_NAME; $volunteer_interest_comments = VOLUNTEER_INTEREST_COMMENTS; if($_GET['shop_id']>0){ $shop_id = $_GET['shop_id']; } else { $shop_id = current_shop_by_ip(); } switch ($_GET['error']) { case 'new_error_message': //this is a sample error message. insert error case here $error_message = ''; break; default: $error_message = 'Enter or Update Contact Information - Thank-you for supporting Positive Spin.
'; break; } $page_shop_log = PAGE_SHOP_LOG . "?shop_id=$shop_id"; // setup the proper form action and form values .. not that $_GET is such a brilliant approach :) if($_GET['contact_id'] == 'new_contact'){ mysql_select_db($database_YBDB, $YBDB); // Find previous contact_id $sql = "SELECT MAX(contact_id) as previous_contact_id FROM contacts;"; $query = mysql_query($sql, $YBDB) or die(mysql_error()); $result = mysql_fetch_assoc($query); $previous_contact_id = $result['previous_contact_id']; $new_contact_id = $previous_contact_id + 1; $contact_id = $new_contact_id; $contact_id_entry = 'new_contact'; } elseif(isset($_GET['contact_id'])) { //else contact_id is assigned from passed value $contact_id = $_GET['contact_id']; $contact_id_entry = $_GET['contact_id']; } else { $contact_id = -1; $contact_id_entry = -1; } $editFormAction = "?contact_id={$contact_id}&shop_id={$shop_id}"; if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { /* Discover if submitted contact creation attempt a new or existing contact. */ mysql_select_db($database_YBDB, $YBDB); $query = 'SELECT MAX(contact_id) as contact_id FROM contacts;'; $sql = mysql_query($query, $YBDB) or die(mysql_error()); $result = mysql_fetch_assoc($sql); $submitted_contact_id = $result['contact_id'] + 1; // contact already exists it is less than $submitted_contact_id (max contact_id + 1) if ($submitted_contact_id > $_POST['contact_id']) { $submitted_contact_id = $_POST['contact_id']; } // if contact already exists, $submitted_contact_id now equals $_POST['contact_id], and it isn't new_contact if ($submitted_contact_id != $_POST['contact_id'] || $_POST === 'new_contact') { $submitted_contact_id = $_POST['contact_id']; } /* $handler->debug("submitted_contact_id",$submitted_contact_id); $handler->debug("$_POST",$_POST['contact_id']); exit(); */ if ( $submitted_contact_id === 'new_contact' ) { // Get the actual contact_id because it may have changed on multiple terminals and is now new_contact $query = 'SELECT MAX(contact_id) as contact_id FROM contacts;'; $sql = mysql_query($query, $YBDB) or die(mysql_error()); $result = mysql_fetch_assoc($sql); $submitted_contact_id = $result['contact_id'] + 1; $current_date_time = GetSQLValueString('current_time', "date"); // Insert new contact information into a new record $updateSQL = 'INSERT INTO contacts (contact_id, first_name, middle_initial, last_name, email,' . ' phone, address1, address2, city, state, DOB, receive_newsletter, waiver, pass, zip, date_created)' . ' VALUES (' . $submitted_contact_id . ', ' . '"' . $_POST['first_name'] . '", ' . '"' . $_POST['middle_initial'] . '", ' . '"' . $_POST['last_name'] . '", ' . '"' . $_POST['email'] . '", ' . '"' . $_POST['phone'] . '", ' . '"' . $_POST['address1'] . '", ' . '"' . $_POST['address2'] . '", ' . '"' . $_POST['city'] . '", ' . '"' . $_POST['state'] . '", ' . '"' . $_POST['DOB'] . '", ' . '"' . $_POST['email_list'] . '", ' . 1 . ', ' . 'ENCODE("' . $_POST['password'] . '",' . '"yblcatx"), ' . '"' . $_POST['zip'] . '", ' . $current_date_time . ');'; } else { // Update existing contact record $updateSQL = sprintf("UPDATE contacts SET first_name=%s, middle_initial=%s, last_name=%s, email=%s, DOB=%s, phone=%s, address1=%s, address2=%s, city=%s, `state`=%s, zip=%s, pass=ENCODE(%s,'yblcatx') WHERE contact_id=%s", GetSQLValueString($_POST['first_name'], "text"), GetSQLValueString($_POST['middle_initial'], "text"), GetSQLValueString($_POST['last_name'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['DOB'], "date"), GetSQLValueString($_POST['phone'], "text"), GetSQLValueString($_POST['address1'], "text"), GetSQLValueString($_POST['address2'], "text"), GetSQLValueString($_POST['city'], "text"), GetSQLValueString($_POST['state'], "text"), GetSQLValueString($_POST['zip'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($submitted_contact_id, "int")); } mysql_select_db($database_YBDB, $YBDB); $Result1 = mysql_query($updateSQL, $YBDB) or die(mysql_error()); // Are there any interests in the datatbase? $interests = []; $sql = "SELECT option_name, option_name_id FROM options;"; $query = mysql_query($sql, $YBDB) or die(mysql_error()); while ($result = mysql_fetch_assoc($query)) { $interests[$result["option_name"]] = $result["option_name_id"]; } if ($volunteer_interest_form && !isset($volunteer_interests_changename)) { // populate database with user defined interests if they do not exist $volunteer_interest = array_combine($volunteer_interests,$volunteer_interests); $c = 0; foreach ($volunteer_interest as $interest) { // Insert new interest if ( is_null($interests[$interest]) ) { $query = "INSERT INTO options (option_name) VALUES('" . $interest . "');"; $result = mysql_query($query, $YBDB) or die(mysql_error()); } } } // end volunteer_interest_form populate and/or delete // Change or delete an interest(s) name if( isset($volunteer_interests_changename) ) { foreach ($volunteer_interests_changename as $key => $interest) { $sql = "UPDATE options SET option_name='" . $interest . "' WHERE option_name='" . $key . "';"; $query = mysql_query($sql, $YBDB) or die(mysql_error()); } } else if( isset($volunteer_interests_deletename) ) { foreach ($volunteer_interests_deletename as $interest) { $sql = "DELETE FROM options WHERE option_name='" . $interest . "';"; $query = mysql_query($sql, $YBDB) or die(mysql_error()); } } // If checked, save in database $interest_checked = []; if(!empty($_POST['interest_checkboxes'])) { foreach($_POST['interest_checkboxes'] as $check) { $interest_checked[$check] = $check; } } // Find out if any selections are in the database, // to decide whether an INSERT or DELETE needs to be done $sql = "SELECT selection FROM selections WHERE contact_id=" . $submitted_contact_id . ";"; $query = mysql_query($sql, $YBDB) or die(mysql_error()); $selections = []; while ($result = mysql_fetch_assoc($query)) { $selections[$result["selection"]] = $result["selection"]; } foreach ($interests as $selection => $interest_id) { if ( is_null($selections[$interest_id]) ) { //INSERT if( !is_null($interest_checked[$selection]) ) { $sql = "INSERT INTO selections (contact_id, selection, selection_value) VALUES (" . $submitted_contact_id . "," . $interest_id . ",1);"; $result = mysql_query($sql, $YBDB) or die(mysql_error()); } } else { //DELETE if( is_null($interest_checked[$selection]) ) { $sql = "DELETE FROM selections WHERE selection=" . $interest_id . " AND contact_id=" . $submitted_contact_id . ";"; $query = mysql_query($sql, $YBDB) or die(mysql_error()); } } } // insert as update? But it works. if ($_POST['comments']) { $comments = $_POST['comments']; $comments_escaped = GetSQLValueString($comments, "text"); $sql = "INSERT INTO selections (contact_id, selection, selection_value) VALUES (" . $submitted_contact_id . ", 1," . $comments_escaped . ");"; $result = mysql_query($sql, $YBDB) or die(mysql_error()); } if ($_POST['contact_id_entry'] == 'new_contact' || $_POST['contact_id_entry'] == $submitted_contact_id){ //navigate back to shop that it came from $pagegoto = PAGE_SHOP_LOG . "?shop_id={$shop_id}&new_user_id={$contact_id}"; header(sprintf("Location: %s", $pagegoto)); } } // Submitted mysql_select_db($database_YBDB, $YBDB); $query_Recordset1 = "SELECT *, DECODE(pass,'yblcatx') AS passdecode FROM contacts WHERE contact_id = $contact_id"; $Recordset1 = mysql_query($query_Recordset1, $YBDB) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); ?>