arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- Add regular expression checking for each field. And refuse to save user

Browse Source 
personal info unless the regexp matches.
- Also add error reporting so the user knows which field is in error, and what
  the proper format is.
This commit is contained in:
dave 2007-12-21 09:47:18 +00:00
parent 7f7c3c53e1
commit c6e90a0ffa
1 changed files with 80 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
user_personal.php
View File

@ -33,6 +33,37 @@
exit;
}
$user_personal_fields = array(
'firstname' => array('name' => 'First Name'),
'lastname' => array('name' => 'Last Name'),
'email' => array('name' => 'Email Address'),
'username' => array('name' => 'Username'),
'password' => array('name' => 'Password'),
'address' => array('name' => 'Address 1'),
'address2' => array('name' => 'Address 2'),
'city' => array('name' => 'City'),
'province' => array('name' => 'Province'),
'organization' => array('name' => 'Organization'),
'phonehome' => array('name' => 'Phone (Home)',
'regexp' => '^[1-9][0-9]{2}-[1-9][0-9]{2}-[0-9]{4}( x[0-9]{1,5})?$',
'format' => '\'NNN-NNN-NNNN\' or \'NNN-NNN-NNNN xEXT\'',),
'phonecell' => array('name' => 'Phone (Cell)',
'regexp' => '^[1-9][0-9]{2}-[1-9][0-9]{2}-[0-9]{4}$',
'format' => '\'NNN-NNN-NNNN\'',),
'phonework' => array('name' => 'Phone (Work)',
'regexp' => '^[1-9][0-9]{2}-[1-9][0-9]{2}-[0-9]{4}( x[0-9]{1,5})?$',
'format' => '\'NNN-NNN-NNNN\' or \'NNN-NNN-NNNN xEXT\'',),
'fax' => array('name' => 'Fax',
'regexp' => '^[1-9][0-9]{2}-[1-9][0-9]{2}-[0-9]{4}$',
'format' => '\'NNN-NNN-NNNN\'',),
'postalcode' => array('name' => 'Postal Code',
'regexp' => '^(([A-Z][0-9][A-Z] [0-9][A-Z][0-9])|([0-9]{5}))$',
'format' => '\'ANA NAN\' or \'NNNNN\'',),
);
/* See if there is an edit request */
$eid = intval($_GET['edit']);
@ -53,6 +84,7 @@
/* Load the fields the user can edit, and theones that are required */
$fields = array();
$required = array();
$errorfields = array();
foreach($u['types'] as $t) {
$fields = array_merge($fields,
user_personal_fields($t));
@ -68,9 +100,24 @@
if($_POST['action']=="save")
{
$save = true;
/* Set values */
foreach($fields as $f) {
$u[$f] = mysql_escape_string(stripslashes($_POST[$f]));
$u[$f] = stripslashes($_POST[$f]);
}
foreach($u as $f=>$v) {
if($v == '') continue;
/* See if this field has a validate */
if(isset($user_personal_fields[$f]['regexp'])) {
/* Match the regex */
if(!ereg($user_personal_fields[$f]['regexp'], $v)) {
/* Bad */
$save = false;
$errorfields[] = $f;
}
}
}
if(!array_key_exists('username', $u) || $u['username'] == '') {
@ -97,7 +144,10 @@
$q=mysql_query("SELECT id FROM users WHERE email='$em' AND id!='{$u['id']}'");
if(mysql_num_rows($q) > 0) {
$notice = 'email_exists';
} else {
$save = false;
}
if($save == true) {
user_save($u);
if($_SESSION['last_page'] == 'committee_management') {
header("location: {$config['SFIABDIRECTORY']}/admin/committees.php");
@ -138,7 +188,14 @@
break;
}
if($eid == false) {
foreach($errorfields as $f) {
echo error(i18n('\'%1\' must use the format: %2',
array(i18n($user_personal_fields[$f]['name']),
$user_personal_fields[$f]['format'])));
}
if(count($errorfields)) {
echo error(i18n('Information will not be saved until the above errors are corrected'));
} else if ($eid == false) {
//output the current status
$newstatus=user_personal_info_status($u);
if($newstatus!='complete')
@ -155,12 +212,16 @@ if(count($u['types']) > 1) {
echo notice(i18n('This user has multiple roles, the fields shown below are a combination of every role. Some may not apply to some roles. This user has the following roles:').' '.$roles);
}
function item($user, $text, $fname, $subtext='')
function item($user, $fname, $subtext='')
{
global $fields, $required;
global $errorfields;
global $user_personal_fields;
if(in_array($fname, $fields)) {
echo '<td>'.i18n($text).': ';
$text = i18n($user_personal_fields[$fname]['name']);
if(in_array($fname, $errorfields)) $style = 'style="color:red;"';
echo "<td><span $style>$text</span>: ";
if($subtext != '') echo '<br /><span style="font-size: 0.5em;">'.i18n($subtext).'</span>';
echo '</td>';
echo "<td><input onchange=\"fieldChanged()\" type=\"text\" name=\"$fname\" value=\"{$user[$fname]}\" />";
@ -181,23 +242,23 @@ function item($user, $text, $fname, $subtext='')
echo "<table>\n";
echo "<tr>\n";
item($u, "First Name", 'firstname');
item($u, "Last Name", 'lastname');
item($u, 'firstname');
item($u, 'lastname');
echo "</tr>\n";
echo "<tr>\n";
item($u, "Email Address", 'email');
item($u, 'email');
echo '<td></td><td></td>';
echo "</tr>\n";
echo "<tr>\n";
item($u, "Username", 'username', '(if different from Email)');
item($u, "Password", 'password');
item($u, 'username', '(if different from Email)');
item($u, 'password');
echo "</tr>\n";
echo "<tr>\n";
item($u, "Address 1", 'address');
item($u, "City", 'city');
item($u, 'address');
item($u, 'city');
echo "</tr>\n";
echo "<tr>\n";
item($u, "Address 2", 'address2');
item($u, 'address2');
if(in_array('province', $fields)) {
echo '<td>'.i18n('Province').': </td>';
echo '<td>';
@ -209,20 +270,20 @@ item($u, "Address 2", 'address2');
}
echo "</tr>\n";
echo "<tr>\n";
item($u, "Postal Code", 'postalcode');
item($u, 'postalcode');
echo "<td></td><td></td>";
echo "</tr>\n";
echo "<tr>";
item($u, "Phone (Home)", 'phonehome');
item($u, "Phone (Cell)", 'phonecell');
item($u, 'phonehome');
item($u, 'phonecell');
echo "</tr>\n";
echo "<tr>\n";
item($u, "Organization", 'organization');
item($u, "Phone (Work)", 'phonework');
item($u, 'organization');
item($u, 'phonework');
echo "</tr>";
echo "<tr>\n";
item($u, "Fax", 'fax');
item($u, 'fax');
echo '<td></td><td></td>';
echo "</tr>";