/lists/admin/commonlib/lib/userlib.php
PHP | 814 lines | 672 code | 58 blank | 84 comment | 209 complexity | ebb52348b4ebfc82521551d8bf76c858 MD5 | raw file
Possible License(s): LGPL-2.1, GPL-2.0, BSD-3-Clause, LGPL-2.0, CC-BY-SA-3.0, AGPL-1.0
- <?
- # library with user functions
- # this file is shared between the webbler and PHPlist via commonlib
- function initialiseUserSession() {
- if (!is_array($_SESSION["userdata"])) {
- $_SESSION["userdata"] = array();
- }
- $_SESSION["session"] = $GLOBALS["PHPSESSID"];
- }
- function getEveryoneGroupID() {
- $ev_req = Sql_Fetch_Row_Query("select id from groups where name = \"Everyone\"");
- $everyone_groupid = $ev_req[0];
- if (!$everyone_groupid) {
- Sql_Query("insert into groups (name) values(\"Everyone\")");
- $everyone_groupid = Sql_Insert_Id();
- }
- return $everyone_groupid;
- }
- function getUniqid($table = "") {
- global $tables;
- if (!$table) {
- if ($tables["user"])
- $table = $tables["user"];
- else
- $table = "user";
- }
- # make sure it is really unique
- $id = md5(uniqid(mt_rand()));
- $req = Sql_Query("select id from $table where uniqid = \"$id\"");
- while (Sql_Affected_rows()) {
- $id = md5(uniqid(mt_rand()));
- $req = Sql_Query("select id from $table where uniqid = \"$id\"");
- }
- return $id;
- }
- function deleteUser($id) {
- global $tables;
- Sql_Query(sprintf('delete from %s where userid = %d',$tables["listuser"],$id));
- Sql_Query(sprintf('delete from %s where userid = %d',$tables["user_attribute"],$id));
- Sql_Query(sprintf('delete from %s where userid = %d',$tables["usermessage"],$id));
- Sql_Query(sprintf('delete from %s where user = %d',$tables["user_message_bounce"],$id));
- Sql_Query(sprintf('delete from %s where id = %d',$tables["user"],$id));
- }
- function addNewUser($email,$password = "") {
- /*
- "id" => array("integer not null primary key auto_increment","sys:ID"),
- "email" => array("varchar(255) not null","Email"),
- "confirmed" => array("tinyint default 0","sys:Is the email of this user confirmed"),
- "entered" => array("datetime","sys:Time Created"),
- "modified" => array("timestamp","sys:Time modified"),
- "uniqid" => array("varchar(255)","sys:Unique ID for User"),
- "unique" => array("(email)","sys:unique"),
- "htmlemail" => array("tinyint default 0","Send this user HTML emails"),
- "subscribepage" => array("integer","sys:Which page was used to subscribe"),
- "rssfrequency" => array("varchar(100)","RSS Frequency"),
- "password" => array("varchar(255)","Password"),
- "passwordchanged" => array("datetime","sys:Last time password was changed"),
- "disabled" => array("tinyint default 0","Is this account disabled?"),
- "extradata" => array("text","Additional data"),
- */
- // insert into user db
- Sql_Query(sprintf('insert into user set email = "%s",
- entered = now(),modified = now(),password = "%s",
- passwordchanged = now(),disabled = 0,
- uniqid = "%s",htmlemail = 1
- ', $email,$password,getUniqid()));
- $id = Sql_Insert_Id();
- return $id;
- }
- function AttributeValue($table,$value) {
- global $table_prefix;
- # workaround for integration webbler/phplist
- if (!isset($table_prefix))
- $table_prefix = "phplist_";
- if (ereg(",",$value)) {
- $result = "";
- $res = Sql_Query(sprintf('select name from %slistattr_%s where id in (%s)',
- $table_prefix,$table,$value));
- while ($row = Sql_Fetch_row($res)) {
- $result .= $row[0]."; ";
- }
- return substr($result,0,-2);
- } elseif ($value) {
- $res = Sql_Query(sprintf('select name from %slistattr_%s where id = %d',
- $table_prefix,$table,$value));
- $row = Sql_Fetch_row($res);
- } else {
- return "Invalid Attribute Index";
- }
- return $row[0];
- }
- function getUserAttributeValues($email) {
- global $table_prefix,$tables;
- # workaround for integration webbler/phplist
- if (!isset($table_prefix))
- $table_prefix = "phplist_";
- if (!$email) return;
- if (isset($tables["attribute"])) {
- $att_table = $tables["attribute"];
- $user_att_table = $tables["user_attribute"];
- $usertable = $tables["user"];
- } else {
- $att_table = "attribute";
- $user_att_table = "user_attribute";
- $usertable = "user";
- }
- $result = array();
- $userid = Sql_Fetch_Row_Query("select id from {$usertable} where email = \"$email\"");
- $att_req = Sql_Query(sprintf('select
- %s.name,%s.id from %s,%s
- where %s.userid = %s and %s.id = %s.attributeid',
- $att_table,
- $att_table,
- $user_att_table,
- $att_table,
- $user_att_table,
- $userid[0],
- $att_table,
- $user_att_table
- ));
- while ($att = Sql_fetch_array($att_req)) {
- $result[$att["name"]] = UserAttributeValue($userid[0],$att["id"]);
- }
- return $result;
- }
- function UserAttributeValue($user = 0,$attribute = 0) {
- # workaround for integration webbler/phplist
- global $table_prefix,$tables;
- if (!isset($table_prefix))
- $table_prefix = "phplist_";
- if (!$user || !$attribute) return;
- if (isset($tables["attribute"])) {
- $att_table = $tables["attribute"];
- $user_att_table = $tables["user_attribute"];
- } else {
- $att_table = "attribute";
- $user_att_table = "user_attribute";
- }
- $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute");
- switch ($att["type"]) {
- case "checkboxgroup":
- $val_ids = Sql_Fetch_Row_Query("select value from $user_att_table where userid = $user and attributeid = $attribute");
- if ($val_ids[0]) {
- $res = Sql_Query("select $table_prefix"."listattr_".$att["tablename"].".name
- from $user_att_table,$table_prefix"."listattr_".$att["tablename"]."
- where $user_att_table".".userid = ".$user." and
- $table_prefix"."listattr_".$att["tablename"].".id in ($val_ids[0]) and
- $user_att_table".".attributeid = ".$attribute);
- while ($row = Sql_Fetch_row($res))
- $value .= $row[0]."; ";
- $value = substr($value,0,-2);
- } else {
- $value = "";
- }
- break;
- case "select":
- case "radio":
- $res = Sql_Query("select $table_prefix"."listattr_".$att["tablename"].".name
- from $user_att_table,$table_prefix"."listattr_".$att["tablename"]."
- where $user_att_table".".userid = ".$user." and
- $table_prefix"."listattr_".$att["tablename"].".id = $user_att_table".".value and
- $user_att_table".".attributeid = ".$attribute);
- $row = Sql_Fetch_row($res);
- $value = $row[0];
- break;
- default:
- $res = Sql_Query("select value from $user_att_table where
- $user_att_table".".userid = ".$user." and attributeid =
- ".$attribute);
- $row = Sql_Fetch_row($res);
- $value = $row[0];
- }
- return $value;
- }
- function userName() {
- global $config;
- if (!is_array($config["nameattributes"])) return "";
- $res = "";
- foreach ($config["nameattributes"] as $att) {
- $res .= $_SESSION["userdata"][$att]["displayvalue"].' ';
- }
- return rtrim($res);
- }
- function UserAttributeValueSelect($user,$attribute) {
- if (!$user || !$attribute) return;
- global $table_prefix,$tables;
- # workaround for integration webbler/phplist
- if (!isset($table_prefix))
- $table_prefix = "phplist_";
- if ($tables["attribute"]) {
- $att_table = $tables["attribute"];
- $user_att_table = $tables["user_attribute"];
- } else {
- $att_table = "attribute";
- $user_att_table = "user_attribute";
- }
- if (!Sql_Table_exists($att_table)) {
- return "broken attribute $attribute";
- }
- $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute");
- # $value = UserAttributeValue($att["tablename"],$attribute);
- $value = UserAttributeValue($user,$attribute);
- $html .= 'Value: '.$value;
- $html = sprintf('<select name="attribute[%d]" style="attributeinput" >',$attribute);
- $res = Sql_Query("select id,name from $table_prefix"."listattr_".$att["tablename"]." order by name");
- if (!Sql_Affected_Rows())
- return "(No values available)";
- $html .= '<option value="0">-- no value</option>';
- while ($row = Sql_Fetch_Row($res))
- $html .= sprintf('<option value="%d" %s>%s',$row[0],$row[1] == $value?"selected":"",$row[1]);
- return $html . '</select>';
- }
- function UserAttributeValueCbGroup($user,$attribute) {
- if (!$user || !$attribute) return;
- global $table_prefix,$tables;
- if ($tables["attribute"]) {
- $att_table = $tables["attribute"];
- $user_att_table = $tables["user_attribute"];
- } else {
- $att_table = "attribute";
- $user_att_table = "user_attribute";
- }
- # workaround for integration webbler/phplist
- if (!isset($table_prefix))
- $table_prefix = "phplist_";
- $att = Sql_Fetch_array_Query("select * from $att_table where id = $attribute");
- $values_req = Sql_Fetch_Row_Query("select value from $user_att_table where userid = $user and attributeid = $attribute");
- $values = split(",",$values_req[0]);
- $html = sprintf('<input type="hidden" name="cbgroup[]" value="%d"><table>',$attribute);
- # $html = sprintf('<select name="attribute[%d]" style="attributeinput" >',$attribute);
- $res = Sql_Query("select id,name from $table_prefix"."listattr_".$att["tablename"]." order by listorder,name");
- if (!Sql_Affected_Rows())
- return "(No values available)";
- while ($row = Sql_Fetch_Row($res))
- $html .= sprintf('<tr><td><input type="checkbox" name="cbgroup%d[]" value="%d" %s></td><td>%s</td></tr>',
- $attribute,$row[0],in_array($row[0],$values)?"checked":"",$row[1]);
- return $html . '</table>';
- }
- function userGroups($loginname) {
- $result = array();
- if (Sql_Table_exists("user_group")) {
- $req = Sql_Query("select groupid from user_group,user where user_group.userid = user.id and user.email = \"$loginname\"");
- while ($row = Sql_Fetch_Row($req))
- array_push($result,$row[0]);
- }
- return $result;
- }
- function UserAttributeValue1($kwlib,$value) {
- if ($value) {
- $res = Sql_Query("select value from keywordlibvalue where id = $value");
- $row = Sql_Fetch_row($res);
- } else {
- return "Invalid Attribute Index";
- }
- return $row[0];
- }
- function is_email($email) {
- $email = trim($email);
- # hmm, it seems people are starting to have emails with & and ' or ` chars in the name
- #'
- $pattern =
- "^[\&\'-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ac|ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dev|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|home|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|loc|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|quipu|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$";
- if(eregi($pattern, $email))
- return(1);
- else
- return(0);
- }
- function validateEmail($email) {
- if ($GLOBALS["config"]["dont_require_validemail"])
- return 1;
- if (isset($email) && (!isset($GLOBALS["check_for_host"]) || $GLOBALS["check_for_host"])) {
- list($username,$domaincheck) = split('@',$email);
- $mxhosts = array();
- $validhost = getmxrr ($domaincheck,$mxhosts);
- } else {
- $validhost = 0;
- }
- return $validhost && is_email($email);
- }
- function validMod10($no) {
- $dups = array();
- $rev = strrev($no);
- for ($i=0;$i<strlen($rev);$i++) {
- if ($i % 2 == 1) {
- array_push($dups,substr($rev,$i,1) * 2);
- } else {
- array_push($dups,substr($rev,$i,1));
- }
- }
- $total = 0;
- foreach ($dups as $dig) {
- for ($i=0;$i<strlen($dig);$i++) {
- $total += substr($dig,$i,1);
- }
- # print "$dig - $total<br/>";
- }
- return ($total % 10 == 0);
- # print "$no";
- }
- function validateCC($ccno) {
- # credit card validation routines here
- # major credit cards that you might want to validate.
- #CARD TYPE Prefix Length Check digit algorithm
- #MASTERCARD 51-55 16 mod 10
- #VISA 4 13,16 mod 10
- #AMEX 34,37 15 mod 10
- #Diners Club/Carte Blanche 300-305,36,38 14 mod 10
- #Discover 6011 16 mod 10
- #enRoute 2014,2149 15 any
- #JCB 3 16 mod 10
- #JCB 2131,1800 15 mod 10
- $ccno = preg_replace("/\D/","",$ccno);
- $length = strlen($ccno);
- $firsttwo = substr($ccno,0,2);
- $firstthree = substr($ccno,0,3);
- $first = substr($ccno,0,1);
- $firstfour = substr($ccno,0,4);
- if ($firsttwo >= 51 && $firsttwo <= 55) # Mastercard
- return $length == 16 && validMod10($ccno);
- elseif ($first == 4) # visa
- return ($length == 13 || $length == 16) && validMod10($ccno);
- elseif ($firsttwo == 34 || $firsttwo == 37) # Amex
- return $length == 15 && validMod10($ccno);
- elseif (($firstthree >= 300 && $firstthree <= 305) # Diners1
- || ($firsttwo == 36 || $firsttwo == 38)) # Diners2
- return $length == 14 && validMod10($ccno);
- elseif ($firstfour == 6011) # discover
- return $length == 16 && validMod10($ccno);
- elseif ($firstfour == 2014 || $firstfour == 2149) # enRoute
- return $length == 15;
- else
- # if it is not any of the above, we do not know how to validate it
- # reject 4 and 15 1s anyway apart when request is from tincan offices
- if ($ccno == "4111111111111111" && getenv("REMOTE_ADDR") != '213.253.144.33') {
- return 0;
- }
- return 1;
- }
- function loadCCvalidationFile($ccrangefile) {
- if (!is_file($ccrangefile))
- return array();
- $range = array();
- $fp = fopen($ccrangefile,"rb");
- $contents = fread($fp,filesize($ccrangefile));
- fclose($fp);
- $lines = explode("\n",$contents);
- foreach ($lines as $line) {
- if (!preg_match("/^\s*#/",$line) && !preg_match("/^\s+$/",$line)) {
- if (preg_match("#(\d+),(\d+),(\d+)#",$line,$regs)) {
- array_push($range,array(
- "start" => $regs[1],
- "end" => $regs[2],
- "company" => sprintf('%02d',$regs[3])
- ));
- # dbg($regs[1]. " ". $regs[2]. " -> ".$regs[3]);
- } elseif (preg_match("#\((\d+)\)\s*=\s*'(.*)'#",$line,$regs)) {
- $company[sprintf('%02d',$regs[1])] = $regs[2];
- # dbg($regs[1]. " = " . $regs[2]);
- }
- }
- }
- return array($range,$company);
- }
- function ccCompany($ccno) {
- global $config;
- $ccrangefile = $config["code_root"]."/".$config["uploader_dir"]."/codelib/ccvalidation.txt";
- list($ranges,$companies) = loadCCvalidationFile($ccrangefile);
- $first6 = substr($ccno,0,6);
- if (is_array($ranges))
- foreach ($ranges as $range) {
- # dbg($range["start"]);
- if ($range["start"] <= $first6 && $range["end"] >= $first6) {
- return array($range["company"],$companies[$range["company"]]);
- }
- }
- return -1;
- }
- function checkCCrange($ccno) {
- global $config;
- $ccrangefile = $config["code_root"]."/".$config["uploader_dir"]."/codelib/ccvalidation.txt";
- if (!is_file($ccrangefile) || !is_array($config["cc_accept_company"]))
- return 1;
- list($companyid,$companyname) = ccCompany($ccno);
- if ($companyid > 0 && in_array($companyid,$config["cc_accept_company"])) {
- # dbg($ccno . " is valid for company $companyid $companyname");
- return 1;
- } elseif ($companyid < 0) {
- return -1;
- } else {
- return 0;
- }
- }
- function validateCCExpiry($ccexpiry) {
- # expiry date validation here
- $mon = substr($ccexpiry,0,2);
- if (strlen($ccexpiry) == 5) {
- # I presume it is with a separator
- $year = substr($ccexpiry,3,2);
- } elseif (strlen($ccexpiry) == 4) {
- $year = substr($ccexpiry,2,2);
- } else {
- return 0;
- }
- $yeardiff = $year - date("y");
- return ($mon < 13 && $yeardiff < 9 && (($year > date("y")) || ($year == date("y") && $mon >= date("m"))));
- }
- function obscureCreditCard($cardno) {
- if (strlen($cardno) < 5)
- return $cardno;
- $res = substr($cardno,strlen($cardno)-4,4);
- for ($i=0;$i<strlen($cardno)-4;$i++) {
- $prefix .= '*';
- }
- $res = $prefix . $res;
- return $res;
- }
- function loadUser($loginname = "") {
- dbg("Loading User");
- if (!Sql_Table_exists("user")) return;
- initialiseUserSession();
- if (!$loginname) {
- if ($_SESSION["userloggedin"] != "" && $_SESSION["username"] != "") {
- $loginname = $_SESSION["username"];
- } else {
- return "";
- }
- }
- $att_req = Sql_Query(sprintf('select attribute.id,
- %s.name,%s.type,
- %s.value,%s.tablename from %s,%s,%s
- where %s.userid = %s.id and %s.email = "%s" and %s.id = %s.attributeid',
- "attribute",
- "attribute",
- "user_attribute",
- "attribute",
- "user",
- "user_attribute",
- "attribute",
- "user_attribute",
- "user",
- "user",
- $loginname,
- "attribute",
- "user_attribute"
- ));
- while ($att = Sql_fetch_array($att_req)) {
- # if (!defined($_SESSION["userdata"]["attribute".$att["id"]])) {
- $_SESSION["userdata"]["attribute".$att["id"]] = array(
- "name" => $att["name"],
- "value" => $att["value"],
- "type" => $att["type"],
- "attid" => $att["id"]
- );
- switch ($att["type"]) {
- case "textline":
- case "hidden":
- $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] =
- $att["value"];
- break;
- case "creditcardno":
- $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] =
- obscureCreditCard($att["value"]);
- break;
- case "select":
- $_SESSION["userdata"]["attribute".$att["id"]]["displayvalue"] =
- AttributeValue($att["tablename"],$att["value"]);
- break;
- }
- # }
- }
- $d_req = Sql_Fetch_Array_Query("select * from user where email = \"$loginname\"");
- $_SESSION["userid"] = $d_req["id"];
- foreach (array("email","disabled","confirmed","htmlemail","uniqid") as $field) {
- # if (!defined($_SESSION["userdata"][$field])) {
- $_SESSION["userdata"][$field] = array(
- "name" => $field,
- "value" => $d_req[$field],
- "type" => "static",
- "displayvalue" => $d_req[$field]
- );
- # }
- }
- dbg("done loading user");
- $_SESSION["groups"] = userGroups($loginname);
- return 1;
- }
- function addKeywordLibrary($name) {
- $req = Sql_Query(sprintf('select id from keywordlib where name = "%s"',$name));
- if (Sql_affected_Rows()) {
- $row = Sql_Fetch_Row($req);
- return $row[0];
- }
- Sql_Query(sprintf('insert into keywordlib (name) values("%s")',$name));
- return Sql_Insert_id();
- }
- function getNewAttributeTablename($name) {
- $lc_name = substr(preg_replace("/\W/","", strtolower($name)),0,10);
- # if ($lc_name == "") Fatal_Error("Name cannot be empty: $lc_name");
- if (!$lc_name) $lc_name = "attribute";
- Sql_Query("select * from attribute where tablename = \"$lc_name\"");
- # if (Sql_Affected_Rows()) Fatal_Error("Name is not unique enough");
- $c = 1;
- $basename = $lc_name;
- while (Sql_Affected_Rows() && $c < 100) {
- $lc_name = $basename.$c;
- Sql_Query("select * from attribute where tablename = \"$lc_name\"");
- $c++;
- }
- return $lc_name;
- }
- function isGuestAccount() {
- if (!is_array($_SESSION["userdata"])) {
- return 1;
- }
- if ($GLOBALS["config"]["guestaccount_email_match"]) {
- return preg_match($GLOBALS["config"]["guestaccount_email_match"],$_SESSION["userdata"]["email"]["value"]);
- }
- }
- function saveUserAttribute($userid,$attid,$data) {
- if ($data["nodbsave"]) {
- dbg("Not saving $attid");
- return;
- }
- if ($attid == "emailcheck" || $attid == "passwordcheck") {
- dbg("Not saving $attid");
- return;
- }
- if (!$data["type"])
- $data["type"] = "textline";
- if ($data["type"] == "static" || $data["type"] == "password") {
- Sql_Query(sprintf('update user set %s = "%s" where id = %d',
- $attid,$data["value"],$userid));
- return 1;
- }
- $attid_req = Sql_Fetch_Row_Query(sprintf('
- select id,type,tablename from attribute where id = %d',$attid));
- if (!$attid_req[0]) {
- $attid_req = Sql_Fetch_Row_Query(sprintf('
- select id,type,tablename from attribute where name = "%s"',$data["name"]));
- if (!$attid_req[0]) {
- if ($GLOBALS["config"]["autocreate_attributes"]) {
- Dbg("Creating new Attribute: ".$data["name"]);
- sendError("creating new attribute ".$data["name"]);
- $atttable= getNewAttributeTablename($data["name"]);
- Sql_Query(sprintf('insert into attribute (name,type,tablename) values("%s","%s","%s")',$data["name"],$data["type"],$atttable));
- $attid = Sql_Insert_Id();
- } else {
- dbg("Not creating new Attribute: ".$data["name"]);
- # sendError("Not creating new attribute ".$data["name"]);
- }
- } else {
- $attid = $attid_req[0];
- $atttable = $attid_req[2];
- }
- } else {
- $attid = $attid_req[0];
- $atttable = $attid_req[2];
- }
- if (!$atttable) {
- $atttable = getNewAttributeTablename($data["name"]);
- # fix attribute without tablename
- Sql_Query(sprintf('update attribute set tablename ="%s" where id = %d',
- $atttable,$attid));
- # sendError("Attribute without Tablename $attid");
- }
- switch ($data["type"]) {
- case "static":
- case "password":
- Sql_Query(sprintf('update user set %s = "%s" where id = %d',
- $attid,$data["value"],$userid));
- break;
- case "select":
- $curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
- where name = "%s"',$atttable,$data["displayvalue"]),1);
- if (!$curval[0]) {
- Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")',$atttable,
- $data["displayvalue"]));
- sendError("Added ".$data["displayvalue"]." to $atttable");
- $valid = Sql_Insert_id();
- } else {
- $valid = $curval[0];
- }
- Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
- values(%d,%d,"%s")',$userid,$attid,$valid));
- break;
- default:
- Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
- values(%d,%d,"%s")',$userid,$attid,$data["value"]));
- break;
- }
- return 1;
- }
- function saveUserByID($userid,$data) {
- while (list($key,$val) = each($data)) {
- if (preg_match("/^attribute(\d+)/",$key,$regs)) {
- $attid = $regs[1];
- } else {
- $attid = $key;
- }
- dbg("Saving attribute $key, $attid, $val for $userid");
- if ($userid && $attid)
- saveUserAttribute($userid,$attid,$val);
- }
- }
- function saveUser($loginname,$data) {
- # saves user to database
- $id_req = Sql_Fetch_Row_Query("select id from user where email = \"$loginname\"");
- if ($id_req[0]) {
- $userid = $id_req[0];
- while (list($key,$val) = each($data)) {
- if (ereg("^attribute(\d+)",$key,$regs)) {
- $attid = $regs[1];
- }
- dbg("Saving attribute $key, $attid, $val for $loginname, $userid");
- if ($userid && $attid)
- saveUserAttribute($userid,$key,$val);
- }
- }
- return 1;
- }
- function saveUserData($username,$fields) {
- # saves data in session, not in database
- dbg("Saving user $username");
- if (!is_array($_SESSION["userdata"])) {
- dbg("Nothing to save");
- return;
- }
- if (!$username) {
- $username = 'Unknown User';
- }
- $res = "";
- $required_fields = explode(",",$_POST["required"]);
- $required_formats = explode(",",$_POST["required_formats"]);
- $description_fields = explode(",",$_POST["required_description"]);
- reset($fields);
- dbg("Checking fields");
- while (list($fname,$fval) = each ($fields)) {
- # dbg($fname);
- $key = $fname;
- $val = $_POST[$fname];
- if (!ereg("required",$key) &&
- $fields[$key]["type"] != "separator" &&
- $fields[$key]["type"] != "emailcheck" &&
- $fields[$key]["type"] != "passwordcheck"
- ) {
- # dbg($fname ." of type ".$fields[$key]["type"]);
- if (!is_array($_SESSION["userdata"][$key]))
- $_SESSION["userdata"][$key] = array();
- $_SESSION["userdata"][$key]["name"] = $fields[$key]["name"];
- $_SESSION["userdata"][$key]["type"] = $fields[$key]["type"];
- if ($fields[$key]["type"] == "creditcardno") {
- # dont overwrite known CC with ***
- if (!preg_match("#^\*+#",$val)) {
- $_SESSION["userdata"][$key]["value"] = ltrim($val);
- }
- } else {
- $_SESSION["userdata"][$key]["value"] = ltrim($val);
- }
- if ($fields[$key]["type"] == "select") {
- $_SESSION["userdata"][$key]["displayvalue"] = $fields[$key]["values"][$val];
- } elseif ($fields[$key]["type"] == "checkboxgroup") {
- $_SESSION["userdata"][$key]["value"] = join(",",$val);
- } elseif ($fields[$key]["type"] == "creditcardno") {
- # erase any non digits from the CC numbers
- $_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]);
- $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
- } elseif ($fields[$key]["name"] == "Card Number") {
- $_SESSION["userdata"][$key]["value"] = preg_replace("/\D/","",$_SESSION["userdata"][$key]["value"]);
- $_SESSION["userdata"][$key]["displayvalue"] = obscureCreditCard($_SESSION["userdata"][$key]["value"]);
- /* $_SESSION["userdata"][$key]["displayvalue"] = substr($_SESSION["userdata"][$key]["displayvalue"],0,4);
- for ($i=0;$i<strlen($_SESSION["userdata"][$key]["value"]-4);$i++) {
- $_SESSION["userdata"][$key]["displayvalue"] .= '*';
- }
- */
- } else {
- $_SESSION["userdata"][$key]["displayvalue"] = $val;
- }
-
- /* # remember other aspects of the fields
- foreach ($fields as $key => $val) {
- foreach ($val as $field_attr => $value) {
- if (!isset($_SESSION["userdata"][$key][$field_attr]) && !preg_match("/^\d+$/",$key)
- && !preg_match("/^\d+$/",$field_attr)
- ) {
- $_SESSION["userdata"][$key][$field_attr] = $value;
- }
- }
- }
- */
- # save it to the DB as well
- } else {
- # dbg("Not checking ".$fname ." of type ".$fields[$key]["type"]);
- }
- }
-
- # fix UK postcodes to correct format
- if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") {
- $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"];
- $postcode = strtoupper(str_replace(" ","",$postcode));
- if (preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) {
- $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["value"] = trim($regs[1])." ".$regs[2];
- $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"] = trim($regs[1])." ".$regs[2];
- }
- }
- while (list($index,$field) = each ($required_fields)) {
- $type = $fields[$field]["type"];
- if ($field && !$_SESSION["userdata"][$field]["value"]) {
- $res = "Information missing: ".$description_fields[$index];
- break;
- } else if ($required_formats[$index] && !preg_match(stripslashes($required_formats[$index]),$_SESSION["userdata"][$field]["value"])) {
- $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
- break;
- } else if ($field == "email" && !validateEmail($_SESSION["userdata"][$field]["value"])) {
- $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
- break;
- } else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] == "WSWITCH" && !preg_match("/\d/",$_SESSION["userdata"]["attribute82"]["value"])) {
- $res = "Sorry, a Switch Card requires a valid issue number. If you have a new Switch card without an issue number, please use 0 as the issue number.";
- break;
- } else if ($field == "cardtype" && $_SESSION["userdata"][$field]["value"] != "WSWITCH" && $_SESSION["userdata"]["attribute82"]["value"]) {
- $res = "Sorry, an issue number is not valid when not using a Switch Card";
- break;
- } else if (($type == "creditcardno" || $field == "cardnumber") && !checkCCrange($_SESSION["userdata"][$field]["value"])) {
- list($cid,$cname) = ccCompany($_SESSION["userdata"][$field]["value"]);
- if (!$cname)
- $cname = '(Unknown Credit card)';
- $res = "Sorry, we currently don't accept $cname cards";
- break;
- } else if (($type == "creditcardno" || $field == "cardnumber") && !validateCC($_SESSION["userdata"][$field]["value"])) {
- $res = "Sorry, you entered an invalid ".$description_fields[$index];#.": ".$_SESSION["userdata"][$field]["value"];
- break;
- } else if (($type == "creditcardexpiry" ||$field == "cardexpiry") && !validateCCExpiry($_SESSION["userdata"][$field]["value"])) {
- $res = "Sorry, you entered an invalid ".$description_fields[$index].": ".$_SESSION["userdata"][$field]["value"];
- break;
- }
- }
- if ($_SESSION["userdata"][$GLOBALS["config"]["country_attribute"]]["displayvalue"] == "United Kingdom") {
- $postcode = $_SESSION["userdata"][$GLOBALS["config"]["postcode_attribute"]]["displayvalue"];
- if (!preg_match("/(.*)(\d\w\w)$/",$postcode,$regs)) {
- $res = "That does not seem to be a valid UK postcode";
- } elseif (!preg_match("/^[\s\w\d]+$/",$postcode,$regs)) {
- $res = "That does not seem to be a valid UK postcode";
- }
- }
- if (is_array($GLOBALS["config"]["bocs_dpa"])) {
- if (!is_array($_SESSION["DPA"]))
- $_SESSION["DPA"] = array();
- foreach ($GLOBALS["config"]["bocs_dpa"] as $dpaatt => $val) {
- if ($_SESSION["userdata"][$dpaatt]["displayvalue"]) {
- $_SESSION["DPA"][$val] = "Y";
- } else {
- $_SESSION["DPA"][$val] = "N";
- }
- }
- }
- return $res;
- }
- ?>