biketree/members/submit.php

<?php session_start();

include ("../settings.php");
include ("../language/$cfg_language");
include ("../classes/db_functions.php");
include ("../classes/security_functions.php");
include ("../classes/display.php");

$lang=new language();
$dbf=new db_functions($cfg_server,$cfg_username,$cfg_password,$cfg_database,$cfg_tableprefix,$cfg_theme,$lang);
$sec=new security_functions($dbf,'Sales Clerk',$lang);
$display=new display($dbf->conn,$cfg_theme,$cfg_currency_symbol,$lang);

global $cfg_membershipID;

if(!$sec->isLoggedIn())
{
        header ("location: ../login.php");
        exit();
}

?>

<html>
<head>
</head>
<body>

<h3> Progress </h3>
<b>...If membership needs to be sold, click <a href="../sales/sale_ui.php">HERE</a></b><br /><br />
<?php


/* 
if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");
 
if (!mysql_select_db($database))
    die("Can't select database");
*/

/**
Validate an email address.
Provide email address (raw input)
Returns true if the email address has the email 
address format and the domain exists.
*/
function validEmail($email)
{
   $isValid = true;
   $atIndex = strrpos($email, "@");
   if (is_bool($atIndex) && !$atIndex)
   {
      $isValid = false;
   }
   else
   {
      $domain = substr($email, $atIndex+1);
      $local = substr($email, 0, $atIndex);
      $localLen = strlen($local);
      $domainLen = strlen($domain);
      if ($localLen < 1 || $localLen > 64)
      {
         // local part length exceeded
         $isValid = false;
      }
      else if ($domainLen < 1 || $domainLen > 255)
      {
         // domain part length exceeded
         $isValid = false;
      }
      else if ($local[0] == '.' || $local[$localLen-1] == '.')
      {
         // local part starts or ends with '.'
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $local))
      {
         // local part has two consecutive dots
         $isValid = false;
      }
      else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
      {
         // character not valid in domain part
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $domain))
      {
         // domain part has two consecutive dots
         $isValid = false;
      }
      else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                 str_replace("\\\\","",$local)))
      {
         // character not valid in local part unless 
         // local part is quoted
         if (!preg_match('/^"(\\\\"|[^"])+"$/',
             str_replace("\\\\","",$local)))
         {
            $isValid = false;
         }
      }
      if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
      {
         // domain not found in DNS
         $isValid = false;
      }
   }
   return $isValid;
}


// sending query

//echo "userID is not set";


$fname = $_POST[fname];
$lname = $_POST[lname];

$maillist = $_POST[maillist];


//if (!preg_match('/^(\(?[2-9]{1}[0-9]{2}\)?|[0-9]{3,3}[-. ]?)[ ][0-9]{3,3}[-. ]?[0-9]{4,4}$/', $_POST[phone1])) {
//die('Phone number invalid. Click back and try again.');
//}

if ($_POST[waiver] == "on"){ $waiver = "1"; } else { $waiver = "0";}
if ($_POST[maillist1] == "on"){ $maillist1 = "1"; } else { $maillist1 = "0";}
if ($_POST[maillist2] == "on"){ $maillist2 = "1"; } else { $maillist2 = "0";}
if ($_POST[maillist3] == "on"){ $maillist3 = "1"; } else { $maillist3 = "0";}
if ($_POST[warnedonce] == "on"){ $warnedonce = "1"; } else { $warnedonce = "0";}
if ($_POST[warnedtwice] == "on"){ $warnedtwice = "1"; } else { $warnedtwice = "0";}
if ($_POST[banned] == "on"){ $banned = "1"; } else { $banned = "0";}

$phone1 = $_POST[phone1];

$email = $_POST[email];
//  $pass = validEmail($email);
//  if ($pass)  { $email = $email; } else { die('E-mail Address is not valid. Click back and try again.'); }
$email = $email;
$address = $_POST[address];
$membertype = $_POST[membertype];
$notes = $_POST[notes];


if (!isset($_GET[userID]) || $_GET[userID] == ""){
	$query = "INSERT INTO customers (first_name, last_name, phone_number, email, maillist1, maillist2, maillist3, street_address, membertype, studentID, drivers, cashdeposit, waiver, warnedonce, warnedtwice, banned, comments) VALUES ('$fname', '$lname', '$phone1', '$email', '$maillist1', '$maillist2', '$maillist3', '$address', '$membertype', '$_POST[studentID]', '$_POST[drivers]','$_POST[cashdeposit]', '$waiver', '$warnedonce', '$warnedtwice', '$banned', '$notes')";

// echo "QUEERY:$query";

	mysql_query($query) or die('Error, user not added. Consult Mark...');

	echo "<b>...User has been added</b><br /><br />";

	//$query = "FLUSH PRIVILEGES";
	//mysql_query($query) or die('Error, flush insert query failed');

//	echo "<b>Here is some technical jargon if you want to check what info was added</b>... <br />$query"; 
/*
	//EMAIL WELCOME TO MEMBER!

	$headers  = 'MIME-Version: 1.0' . "\r\n";
	$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
	$headers .= 'From: reciepts@goodlifebikes.ca' . "\r\n";
	$headers .= 'Reply-to: info@goodlifebikes.ca' . "\r\n";
	
	 $message = "<html><body><br /><br /><b>Please retain or print this receipt for your records</b><br /> $body </body></html>";
	
	// In case any of our lines are larger than 70 characters, we should use wordwrap()
	$message = wordwrap($message, 70);
	
	// Send
	mail($customer_email, "Your E-receipt from $cfg_company", $message, $headers);
	
	echo "<h3>E-Reciept has been sent to &lt;$customer_email&gt;</h3>";

*/


} else {
  $query="UPDATE customers SET first_name='$fname', last_name='$lname', phone_number='$phone1', email='$email', maillist1='$maillist1', maillist2='$maillist2', maillist3='$maillist3', street_address='$address', membertype='$membertype', studentID='$_POST[studentID]', drivers='$_POST[drivers]', cashdeposit='$_POST[cashdeposit]', waiver='$waiver', comments='$notes', warnedonce='$warnedonce', warnedtwice='$warnedtwice', banned='$banned' WHERE id=$_GET[userID] ";

// echo "QUERY : $query";

	mysql_query($query) or die('Error, user not added. Consult Mark...');

	echo "<b>...User $fname $lname has been updated</b>(if no errors appear above)<br /><br />";


	//$query = "FLUSH PRIVILEGES";
	//mysql_query($query) or die('Error, flush insert query failed');

//	echo "<b>Here is some technical jargon if you want to check what info was added</b>... <br />$query"; 


}

if (!isset($_GET[userID]) || $_GET[userID] == ""){

	echo "<b>...register mailing list subscriptions</b>";
	if($maillist1 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName1" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";
	echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";
	}
if($maillist2 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName2" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";
        echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";
        }
if($maillist3 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName3" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";
        echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";
        }

}
echo "<br />...NOTE: If you are not connected to the internet, the user has NOT been added to the mailing lists.";
echo "<br /><br />Finished<br /><br />"
?>
	<a href="../customers/manage_customers.php">Back to Member List...</a>
<body>
Figured out why security was commented out: In the absence of session_start() no session_user_id was defined which produced false for $sec->isLoggedIn(); 2017-09-06 06:51:42 +00:00			`<?php session_start();`
First commit of biketree to github! 2017-09-05 03:39:54 +00:00
			`include ("../settings.php");`
			`include ("../language/$cfg_language");`
			`include ("../classes/db_functions.php");`
			`include ("../classes/security_functions.php");`
			`include ("../classes/display.php");`

			`$lang=new language();`
			`$dbf=new db_functions($cfg_server,$cfg_username,$cfg_password,$cfg_database,$cfg_tableprefix,$cfg_theme,$lang);`
			`$sec=new security_functions($dbf,'Sales Clerk',$lang);`
			`$display=new display($dbf->conn,$cfg_theme,$cfg_currency_symbol,$lang);`

			`global $cfg_membershipID;`

			`if(!$sec->isLoggedIn())`
			`{`
Turns security back on in the members directory This is so non-logged in people can't alter the database. Mark Leigh pointed this out to me when sending me the code, and said "Can't remember why it ended up like this, the auth code is there but commented out." 2017-09-06 05:52:17 +00:00			`header ("location: ../login.php");`
			`exit();`
First commit of biketree to github! 2017-09-05 03:39:54 +00:00			`}`

			`?>`

			`<html>`
			`<head>`
			`</head>`
			`<body>`

			`<h3> Progress </h3>`
			`<b>...If membership needs to be sold, click <a href="../sales/sale_ui.php">HERE</a></b><br /><br />`
			`<?php`



			`/*`
			`if (!mysql_connect($db_host, $db_user, $db_pwd))`
			`die("Can't connect to database");`

			`if (!mysql_select_db($database))`
			`die("Can't select database");`
			`*/`

			`/**`
			`Validate an email address.`
			`Provide email address (raw input)`
			`Returns true if the email address has the email`
			`address format and the domain exists.`
			`*/`
			`function validEmail($email)`
			`{`
			`$isValid = true;`
			`$atIndex = strrpos($email, "@");`
			`if (is_bool($atIndex) && !$atIndex)`
			`{`
			`$isValid = false;`
			`}`
			`else`
			`{`
			`$domain = substr($email, $atIndex+1);`
			`$local = substr($email, 0, $atIndex);`
			`$localLen = strlen($local);`
			`$domainLen = strlen($domain);`
			`if ($localLen < 1 \|\| $localLen > 64)`
			`{`
			`// local part length exceeded`
			`$isValid = false;`
			`}`
			`else if ($domainLen < 1 \|\| $domainLen > 255)`
			`{`
			`// domain part length exceeded`
			`$isValid = false;`
			`}`
			`else if ($local[0] == '.' \|\| $local[$localLen-1] == '.')`
			`{`
			`// local part starts or ends with '.'`
			`$isValid = false;`
			`}`
			`else if (preg_match('/\\.\\./', $local))`
			`{`
			`// local part has two consecutive dots`
			`$isValid = false;`
			`}`
			`else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))`
			`{`
			`// character not valid in domain part`
			`$isValid = false;`
			`}`
			`else if (preg_match('/\\.\\./', $domain))`
			`{`
			`// domain part has two consecutive dots`
			`$isValid = false;`
			`}`
			`else if`
			(!preg_match('/^(\\\\.\|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}\|~.-])+$/',
			`str_replace("\\\\","",$local)))`
			`{`
			`// character not valid in local part unless`
			`// local part is quoted`
			`if (!preg_match('/^"(\\\\"\|[^"])+"$/',`
			`str_replace("\\\\","",$local)))`
			`{`
			`$isValid = false;`
			`}`
			`}`
			`if ($isValid && !(checkdnsrr($domain,"MX") \|\| checkdnsrr($domain,"A")))`
			`{`
			`// domain not found in DNS`
			`$isValid = false;`
			`}`
			`}`
			`return $isValid;`
			`}`


			`// sending query`

			`//echo "userID is not set";`


			`$fname = $_POST[fname];`
			`$lname = $_POST[lname];`

			`$maillist = $_POST[maillist];`


			`//if (!preg_match('/^(\(?[2-9]{1}[0-9]{2}\)?\|[0-9]{3,3}[-. ]?)[ ][0-9]{3,3}[-. ]?[0-9]{4,4}$/', $_POST[phone1])) {`
			`//die('Phone number invalid. Click back and try again.');`
			`//}`

			`if ($_POST[waiver] == "on"){ $waiver = "1"; } else { $waiver = "0";}`
			`if ($_POST[maillist1] == "on"){ $maillist1 = "1"; } else { $maillist1 = "0";}`
			`if ($_POST[maillist2] == "on"){ $maillist2 = "1"; } else { $maillist2 = "0";}`
			`if ($_POST[maillist3] == "on"){ $maillist3 = "1"; } else { $maillist3 = "0";}`
			`if ($_POST[warnedonce] == "on"){ $warnedonce = "1"; } else { $warnedonce = "0";}`
			`if ($_POST[warnedtwice] == "on"){ $warnedtwice = "1"; } else { $warnedtwice = "0";}`
			`if ($_POST[banned] == "on"){ $banned = "1"; } else { $banned = "0";}`

			`$phone1 = $_POST[phone1];`

			`$email = $_POST[email];`
			`// $pass = validEmail($email);`
			`// if ($pass) { $email = $email; } else { die('E-mail Address is not valid. Click back and try again.'); }`
			`$email = $email;`
			`$address = $_POST[address];`
			`$membertype = $_POST[membertype];`
			`$notes = $_POST[notes];`


			`if (!isset($_GET[userID]) \|\| $_GET[userID] == ""){`
			`$query = "INSERT INTO customers (first_name, last_name, phone_number, email, maillist1, maillist2, maillist3, street_address, membertype, studentID, drivers, cashdeposit, waiver, warnedonce, warnedtwice, banned, comments) VALUES ('$fname', '$lname', '$phone1', '$email', '$maillist1', '$maillist2', '$maillist3', '$address', '$membertype', '$_POST[studentID]', '$_POST[drivers]','$_POST[cashdeposit]', '$waiver', '$warnedonce', '$warnedtwice', '$banned', '$notes')";`

			`// echo "QUEERY:$query";`

			`mysql_query($query) or die('Error, user not added. Consult Mark...');`

			`echo "<b>...User has been added</b><br /><br />";`

			`//$query = "FLUSH PRIVILEGES";`
			`//mysql_query($query) or die('Error, flush insert query failed');`

			`// echo "<b>Here is some technical jargon if you want to check what info was added</b>... <br />$query";`
			`/*`
			`//EMAIL WELCOME TO MEMBER!`

			`$headers = 'MIME-Version: 1.0' . "\r\n";`
			`$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";`
			`$headers .= 'From: reciepts@goodlifebikes.ca' . "\r\n";`
			`$headers .= 'Reply-to: info@goodlifebikes.ca' . "\r\n";`

			`$message = "<html><body><br /><br /><b>Please retain or print this receipt for your records</b><br /> $body </body></html>";`

			`// In case any of our lines are larger than 70 characters, we should use wordwrap()`
			`$message = wordwrap($message, 70);`

			`// Send`
			`mail($customer_email, "Your E-receipt from $cfg_company", $message, $headers);`

			`echo "<h3>E-Reciept has been sent to <$customer_email></h3>";`

			`*/`


			`} else {`
			`$query="UPDATE customers SET first_name='$fname', last_name='$lname', phone_number='$phone1', email='$email', maillist1='$maillist1', maillist2='$maillist2', maillist3='$maillist3', street_address='$address', membertype='$membertype', studentID='$_POST[studentID]', drivers='$_POST[drivers]', cashdeposit='$_POST[cashdeposit]', waiver='$waiver', comments='$notes', warnedonce='$warnedonce', warnedtwice='$warnedtwice', banned='$banned' WHERE id=$_GET[userID] ";`

			`// echo "QUERY : $query";`

			`mysql_query($query) or die('Error, user not added. Consult Mark...');`

			`echo "<b>...User $fname $lname has been updated</b>(if no errors appear above)<br /><br />";`



			`//$query = "FLUSH PRIVILEGES";`
			`//mysql_query($query) or die('Error, flush insert query failed');`

			`// echo "<b>Here is some technical jargon if you want to check what info was added</b>... <br />$query";`


			`}`

			`if (!isset($_GET[userID]) \|\| $_GET[userID] == ""){`

			`echo "<b>...register mailing list subscriptions</b>";`
Changes url from mailman subscribe from http to https! 2017-09-06 04:00:00 +00:00			`if($maillist1 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName1" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";`
First commit of biketree to github! 2017-09-05 03:39:54 +00:00			`echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";`
			`}`
Changes url from mailman subscribe from http to https! 2017-09-06 04:00:00 +00:00			`if($maillist2 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName2" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";`
First commit of biketree to github! 2017-09-05 03:39:54 +00:00			`echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";`
			`}`
Changes url from mailman subscribe from http to https! 2017-09-06 04:00:00 +00:00			`if($maillist3 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName3" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";`
First commit of biketree to github! 2017-09-05 03:39:54 +00:00			`echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";`
			`}`

			`}`
			`echo "<br />...NOTE: If you are not connected to the internet, the user has NOT been added to the mailing lists.";`
			`echo "<br /><br />Finished<br /><br />"`
			`?>`
			`<a href="../customers/manage_customers.php">Back to Member List...</a>`
			`<body>`