bike/biketree
1
0
Fork 0
mirror of https://github.com/fspc/biketree.git synced 2025-02-23 01:13:23 -05:00
Code Issues Projects Releases Wiki Activity
biketree/members/submit.php
Jonathan Rosenbaum 44c169073e Turns security back on in the members directory 
This is so non-logged in people can't alter the database.  Mark Leigh
pointed this out to me when sending me the code, and said "Can't remember
why it ended up like this, the auth code is there but commented out."
2017-09-06 05:52:17 +00:00

221 lines
7.8 KiB
PHP
Executable File
Raw Blame History

<?php
include ("../settings.php");
include ("../language/$cfg_language");
include ("../classes/db_functions.php");
include ("../classes/security_functions.php");
include ("../classes/display.php");
$lang=new language();
$dbf=new db_functions($cfg_server,$cfg_username,$cfg_password,$cfg_database,$cfg_tableprefix,$cfg_theme,$lang);
$sec=new security_functions($dbf,'Sales Clerk',$lang);
$display=new display($dbf->conn,$cfg_theme,$cfg_currency_symbol,$lang);
global $cfg_membershipID;
if(!$sec->isLoggedIn())
{
header ("location: ../login.php");
exit();
}
?>
<html>
<head>
</head>
<body>
<h3> Progress </h3>
<b>...If membership needs to be sold, click <a href="../sales/sale_ui.php">HERE</a></b><br /><br />
<?php
/*
if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Can't connect to database");
if (!mysql_select_db($database))
die("Can't select database");
*/
/**
Validate an email address.
Provide email address (raw input)
Returns true if the email address has the email
address format and the domain exists.
*/
function validEmail($email)
{
$isValid = true;
$atIndex = strrpos($email, "@");
if (is_bool($atIndex) && !$atIndex)
{
$isValid = false;
}
else
{
$domain = substr($email, $atIndex+1);
$local = substr($email, 0, $atIndex);
$localLen = strlen($local);
$domainLen = strlen($domain);
if ($localLen < 1 || $localLen > 64)
{
// local part length exceeded
$isValid = false;
}
else if ($domainLen < 1 || $domainLen > 255)
{
// domain part length exceeded
$isValid = false;
}
else if ($local[0] == '.' || $local[$localLen-1] == '.')
{
// local part starts or ends with '.'
$isValid = false;
}
else if (preg_match('/\\.\\./', $local))
{
// local part has two consecutive dots
$isValid = false;
}
else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
{
// character not valid in domain part
$isValid = false;
}
else if (preg_match('/\\.\\./', $domain))
{
// domain part has two consecutive dots
$isValid = false;
}
else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
str_replace("\\\\","",$local)))
{
// character not valid in local part unless
// local part is quoted
if (!preg_match('/^"(\\\\"|[^"])+"$/',
str_replace("\\\\","",$local)))
{
$isValid = false;
}
}
if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
{
// domain not found in DNS
$isValid = false;
}
}
return $isValid;
}
// sending query
//echo "userID is not set";
$fname = $_POST[fname];
$lname = $_POST[lname];
$maillist = $_POST[maillist];
//if (!preg_match('/^(\(?[2-9]{1}[0-9]{2}\)?|[0-9]{3,3}[-. ]?)[ ][0-9]{3,3}[-. ]?[0-9]{4,4}$/', $_POST[phone1])) {
//die('Phone number invalid. Click back and try again.');
//}
if ($_POST[waiver] == "on"){ $waiver = "1"; } else { $waiver = "0";}
if ($_POST[maillist1] == "on"){ $maillist1 = "1"; } else { $maillist1 = "0";}
if ($_POST[maillist2] == "on"){ $maillist2 = "1"; } else { $maillist2 = "0";}
if ($_POST[maillist3] == "on"){ $maillist3 = "1"; } else { $maillist3 = "0";}
if ($_POST[warnedonce] == "on"){ $warnedonce = "1"; } else { $warnedonce = "0";}
if ($_POST[warnedtwice] == "on"){ $warnedtwice = "1"; } else { $warnedtwice = "0";}
if ($_POST[banned] == "on"){ $banned = "1"; } else { $banned = "0";}
$phone1 = $_POST[phone1];
$email = $_POST[email];
// $pass = validEmail($email);
// if ($pass) { $email = $email; } else { die('E-mail Address is not valid. Click back and try again.'); }
$email = $email;
$address = $_POST[address];
$membertype = $_POST[membertype];
$notes = $_POST[notes];
if (!isset($_GET[userID]) || $_GET[userID] == ""){
$query = "INSERT INTO customers (first_name, last_name, phone_number, email, maillist1, maillist2, maillist3, street_address, membertype, studentID, drivers, cashdeposit, waiver, warnedonce, warnedtwice, banned, comments) VALUES ('$fname', '$lname', '$phone1', '$email', '$maillist1', '$maillist2', '$maillist3', '$address', '$membertype', '$_POST[studentID]', '$_POST[drivers]','$_POST[cashdeposit]', '$waiver', '$warnedonce', '$warnedtwice', '$banned', '$notes')";
// echo "QUEERY:$query";
mysql_query($query) or die('Error, user not added. Consult Mark...');
echo "<b>...User has been added</b><br /><br />";
//$query = "FLUSH PRIVILEGES";
//mysql_query($query) or die('Error, flush insert query failed');
// echo "<b>Here is some technical jargon if you want to check what info was added</b>... <br />$query";
/*
//EMAIL WELCOME TO MEMBER!
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: reciepts@goodlifebikes.ca' . "\r\n";
$headers .= 'Reply-to: info@goodlifebikes.ca' . "\r\n";
$message = "<html><body><br /><br /><b>Please retain or print this receipt for your records</b><br /> $body </body></html>";
// In case any of our lines are larger than 70 characters, we should use wordwrap()
$message = wordwrap($message, 70);
// Send
mail($customer_email, "Your E-receipt from $cfg_company", $message, $headers);
echo "<h3>E-Reciept has been sent to &lt;$customer_email&gt;</h3>";
*/
} else {
$query="UPDATE customers SET first_name='$fname', last_name='$lname', phone_number='$phone1', email='$email', maillist1='$maillist1', maillist2='$maillist2', maillist3='$maillist3', street_address='$address', membertype='$membertype', studentID='$_POST[studentID]', drivers='$_POST[drivers]', cashdeposit='$_POST[cashdeposit]', waiver='$waiver', comments='$notes', warnedonce='$warnedonce', warnedtwice='$warnedtwice', banned='$banned' WHERE id=$_GET[userID] ";
// echo "QUERY : $query";
mysql_query($query) or die('Error, user not added. Consult Mark...');
echo "<b>...User $fname $lname has been updated</b>(if no errors appear above)<br /><br />";
//$query = "FLUSH PRIVILEGES";
//mysql_query($query) or die('Error, flush insert query failed');
// echo "<b>Here is some technical jargon if you want to check what info was added</b>... <br />$query";
}
if (!isset($_GET[userID]) || $_GET[userID] == ""){
echo "<b>...register mailing list subscriptions</b>";
if($maillist1 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName1" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";
echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";
}
if($maillist2 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName2" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";
echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";
}
if($maillist3 == 1){$subscribeURL = "https://$cfg_mailmanLocation/mailman/admin/$cfg_mailmanListName3" . "_" . "$cfg_mailmanLocation/members/add?subscribees=$email&adminpw=$cfg_mailmanPass&send_welcome_msg_to_this_batch=0&send_notifications_to_list_owner=0";
echo "<iframe scrolling=no src=\"$subscribeURL\" style=\"display: block;\" width=\"500\" height=\"80\"><p>Your browser does not support iframes.</p></iframe>";
}
}
echo "<br />...NOTE: If you are not connected to the internet, the user has NOT been added to the mailing lists.";
echo "<br /><br />Finished<br /><br />"
?>
<a href="../customers/manage_customers.php">Back to Member List...</a>
<body>
Reference in New Issue View Git Blame Copy Permalink