array('ent_name', 'company_name', true, 'any', 40, 'company name', ''), 'ent_fiscal_code' => array('ent_fiscal_code', 'fiscal_code', true, 'ascii-no-quotes', 40, 'fiscal code', ''), 'ent_address_billing' => array('ent_address_billing', 'address_billing', true, 'any', 40, 'address (billing)', ''), 'ent_zip_billing' => array('ent_zip_billing', 'zip_billing', true, 'ascii-no-quotes', 16, 'post code / ZIP (billing)', ''), 'ent_city_billing' => array('ent_city_billing', 'city_billing' , true, 'any', 40, 'city (billing)', ''), 'ent_state' => array('ent_state', 'state', false, 'alpha-and-space', 40, 'state', ''), 'ent_country' => array('ent_country', 'country', true, 'alpha-and-space', 2, 'country', ''), 'ent_referee_name' => array('ent_referee_name', 'referee_name', true, 'ascii', 40, 'referee name', ''), 'ent_referee_surname' => array('ent_referee_surname', 'referee_surname', true, 'ascii', 40, 'referee surname', ''), 'ent_email' => array('ent_email', 'email_main', true, 'email', 40, 'email', ''), // 'ent_email_check' => array('ent_email_check', false, true, 'email', 40, 'email (check)', ''), 'ent_phone_leased' => array('ent_phone_leased', 'phone_leased', false, 'digit-and-space', 20, 'phone (leased)', ''), 'ent_phone_mobile' => array('ent_phone_mobile', 'phone_mobile', false, 'digit-and-space', 20, 'phone (mobile)', '') ); /** check the new values for the enterprise table (before they go into the DB) If a [required] value is missing, it is not an error. If a required variable is blank, it is an error! vala keys are DB column names (for table "enterprise") and must be present in the glbshowa array, otherwise they are ignored */ function uc_qidportal_enterprise_checkdata($dolog, $doprint, $vala) { global $globshowa; $rva = array('err' => 0, 'errmsg' => '', 'displaymsg' => ''); foreach ($globshowa as $vvk => $vva) { $dbcol = $vva[1]; $isrequired = $vva[2]; $vdescr = $vva[5]; if (isset($vala[$dbcol])) { $vcontent = $vala[$dbcol]; // syslog(LOG_NOTICE, "DEBUG: _enterprise_checkdata vs $dbcol -> $vcontent"); if ($isrequired && (($vcontent === false) || ($vcontent == ''))) { $rva['err'] = 1; $rva['errmsg'] .= ('cannot be empty: ' . $dbcol); $rva['displaymsg'] .= ('cannot be empty: ' . $vdescr . '
'); if ($dolog) syslog(LOG_NOTICE, 'ERROR: form var for ' . $dbcol . ' cannot be empty'); if ($doprint) echo 'ERROR: ' . $vdescr . ' cannot be empty
'; continue; // I want to check the other ones, too } $maxlen = $vva[4]; $vformat = $vva[3]; // syslog(LOG_NOTICE, "DEBUG: _enterprise_checkdata, checking vs len $maxlen, format $vformat"); // now check that it is well-formed (the new way... the old way to do this is in code before 2015.01.20) $polisheda = uc_string_polish($vcontent, $vformat, array(), ''); if ($polisheda['err'] != 0) { if ($dolog) syslog(LOG_NOTICE, 'ERROR: form var for ' . $dbcol . ', error is: ' . $polisheda['errmsg']); if ($doprint) echo 'ERROR: for ' . $vdescr . ': ' . $polisheda['errmsg'] . '
'; $rva['errmsg'] .= ('bad characters in field "' . $vdescr); $rva['displaymsg'] .= ('bad characters in field "' . $vdescr . '", please edit it
'); $globshowa[$vvk][6] = $vcontent = $polisheda['newstr']; } else { if ($polisheda['changed']) { $rva['err'] = 2; $globshowa[$vvk][6] = $vcontent = $polisheda['newstr']; $rva['displaymsg'] .= ('field "' . $vdescr . '" modified to make it acceptable, please review the changes
'); if ($dolog) { syslog(LOG_NOTICE, 'ERROR: form var for ' . $dbcol . ', error is: ' . $polisheda['errmsg']); } if ($doprint) { echo '' . $vdescr . ' reviewed, please check the changes
'; } } } unset($polisheda); // now check the length if (strlen($vcontent) > $maxlen) { $globshowa[$vvk][6] = $vcontent = substr($vcontent, 0, $maxlen); $rva['errmsg'] .= ('content too long for field: "' . $dbcol . '"'); $rva['displaymsg'] .= ('value for "' . $vdescr. '" was too long, please review the shorter version
'); if ($dolog) { syslog(LOG_NOTICE, 'ERROR: content too long for field: ' . $dbcol); } if ($doprint) { echo '' . $vdescr. ' was too long, please review the shorter version
'; } } // indeed, this must be done... always??? **+** TODO TBD check $globshowa[$vvk][6] = $vcontent; // if ($dbglvl > 20) syslog(LOG_NOTICE, "DEBUG: checking form var '$vname' ($vdescr), maxlen $maxlen, format $vformat"); } /* NOT MY BUSINESS HERE: else { if ($isrequired) { // **+** append ERROR... $rva['errmsg'] .= ('value is empty for required field "' . $vdescr); $rva['displaymsg'] .= ('value cannot be empty for required field "' . $vdescr . '"
'); continue; // I want to check the other ones, too } } */ } return $rva; } function uc_qidportal_form_edit_ent_data ( $dbc, $eid, $use_showa, $targetpage, $divattrs, $tblattrs, $rowattrs, $namecellattrs, $cellattrs, $inputattrs ) { global $globshowa; global $uc_world_countries_a; // DEBUG: echo '
'; print_r($globshowa); echo '

'; $edata = uc_qidportal_enterprisedata_get($dbc, $eid); if (!is_array($edata)) return false; // ?! echo '
'; foreach($globshowa as $fkk => $theva) { $fname = $theva[0]; $dbname = $theva[1]; $emptyok = $theva[2]; $size = $theva[4]; $tagname = $theva[5]; // If we come from form input, the REQUEST is set for every variable, so if use_showa is set, // I do not have to fish from the DB at all (even if the var is empty). Period. if ($use_showa) { $showv = $theva[6]; } else { $showv = $edata[$dbname]; } // country is a special case, because it requires a select if ($fkk == 'ent_country') { // it would be much more efficient just to echo each one after having printed the select tag, instead // of creating a very big string, but I like it this way... for future extensions $countryopts = ''; foreach($uc_world_countries_a as $cid => $cname) { if ($cid == $showv) { $countryopts .= ('' . "\n"); } else { $countryopts .= ('' . "\n"); } } echo ' '; unset($countryopts); continue; } echo ' '; } echo '
' . $tagname . '
' . $tagname . '
'; unset($licaa); } // ------------------------------------------------------------------------------------------------------------- if (isset($_SESSION) && isset($_SESSION['username']) && ($_SESSION['username'] != '')) { $logged_in = true; } else { $logged_in = false; } if (!isset($_REQUEST['oper'])) $oper = 'noop'; else $oper = $_REQUEST['oper']; echo ' '; // produce standard HTML head tag and content uc_qidportal_corporate_htm_head('Q-ID : Corporate : Edit Company Data', ''); echo '
'; qidportal_show_main_menu(!$logged_in); // display the menu and the central box for the workarea uc_qidportal_corporate_central_box_open($logged_in, ($logged_in ? $_SESSION['username'] : false), 'corporate_edit_data.php', 'Edit company data'); if ($logged_in) { // echo '
USER: ' . $_SESSION['username'] . // ' :: LOGOUT   

'; $dbc = uc_qidportal_dbconn(); $trid = date('YmdHis') . '-' . mt_rand(1000, 9999); $enta = uc_qidportal_enterprisedata_getbyfield($dbc, 'login_name', $_SESSION['username']); $eid = $enta['eid']; switch($oper) { case 'change_enterprise_data': $errlev = 0; syslog(LOG_NOTICE, 'DEBUG: user ' . $_SESSION['username'] . ' requested update of company data'); $valua = array(); foreach($globshowa as $dbk => $fva) { // debug // echo '' . $dbk . ': ' . (isset($_REQUEST[$dbk]) ? $_REQUEST[$dbk] : '[ NOT SET ]') . "
\n"; $fname = $fva[0]; $dbname = $fva[1]; $valua[$dbname] = $_REQUEST[$fname]; } $checkrva = uc_qidportal_enterprise_checkdata(true, true, $valua); // check that the country is in my array -otherwise someone messed with the variables(?!) if (isset($_REQUEST['ent_country']) && ($_REQUEST['ent_country'] != '') && !in_array($_REQUEST['ent_country'], array_keys($uc_world_countries_a))) { $errlev++; // I just raise the error flag in the array that I already have $checkrva['err'] = 5; echo 'ERROR: value for "country" is unknown(?!)
' . "\n\n"; unset($_REQUEST['ent_country']); // I want to remove a potential attack mean... can I do this? } if ($checkrva['err'] != 0) { $errlev++; // echo 'Cannot accept input, there are errors (review values, re-enter data):
' . // $checkrva['displaymsg'] . "
\n"; // as I have parametrized uc_qidportal_enterprise_checkdata to display errors, I am not doing it twice: echo 'Cannot accept input, there are errors (review values, re-enter data)
' . "\n\n"; // debug // echo '
'; print_r($checkrva); echo '

'; } // actually update the data if ($errlev == 0) { syslog(LOG_NOTICE, 'INFO: user ' . $_SESSION['username'] . ' OK with oper ' . $oper . ', performing DB update'); // SQL-injection prevention is done inside uc_qidportal_enterprisedata_update $sqlrva = uc_qidportal_enterprisedata_update(11, $dbc, $eid, $valua); if ($sqlrva['err'] != 0) { $errlev++; echo '
ERROR: could not record your data(?!), try later, please!

'; uc_qidportal_log(true, $dbc, false, false, 'enterprise', $_SESSION['username'], 'error', 'user failed company data update: ' . $sqlrva['errmsg'], $_SERVER['PHP_SELF'], false, false); syslog(LOG_NOTICE, 'ERROR: could not update company data for EID ' . $eid . ' (user ' . $_SESSION['username'] . '), err: ' . $sqlrva['err'] . ' descr: ' . $sqlrva['errmsg']); } else { echo '
OK: your company data has been updated.

'; syslog(LOG_NOTICE, 'INFO: EID ' . $eid . ' (user ' . $_SESSION['username'] . ') changed company data'); uc_qidportal_log(true, $dbc, false, false, 'enterprise', $_SESSION['username'], 'info', 'user changed company data', $_SERVER['PHP_SELF'], false, false); // send e-mail to the user here (confirm that data has changed), // but do not check for the return. Give for granted that it is delivered $mailrv = uc_send_simple_mail_sk(QID_PORTAL_MXRELAY_HOST, QID_PORTAL_MX_FROM, $valua['email_main'], 'QID portal warning: company data changed', array('Information: company data was changed by user ' . $_SESSION['username'], 'The company data has been changed on www.q-id.org by user ' . $_SESSION['username'], 'Please, contact us if you think that this operation was not performed by your company personnel.', 'Thanks - the QID team') ); } } unset($valua); if ($errlev != 0) { // redisplay the form, but using the data in array showa /* uc_qidportal_form_edit_ent_data($dbc, $eid, true, 'corporate_edit_data.php', 'style="width:92%; font-size:14px"', 'class="tblbase tonered" style="width:100%"', '', 'style="border-bottom: 1px solid #ff5555;"', 'style="border-bottom: 1px solid #ff5555;"', ''); */ // last params: $divattrs, $tblattrs, $rowattrs, $namecellattrs, $cellattrs, $inputattrs uc_qidportal_form_edit_ent_data($dbc, $eid, true, 'corporate_edit_data.php', 'style="width:92%; font-size:14px"', 'class="tblbase" style="width:100%"', '', 'class="nxd_label"', 'style="width:200px;"', 'class="nxd_reg_input"'); } break; case 'change_pass': $errlev = 0; if ($errlev == 0) { if (!uc_request_isset('pwda|pwdb', true, true) || ($pwda != $pwdb)) { $errlev++; echo '
please, enter the same password in both fields

' . "\n\n"; } } // make sure password is acceptable if ($errlev == 0) { $pwisoka = uc_string_is_valid_password($pwda, 8, 32); if ($pwisoka['err'] != 0) { $errlev++; echo '
ERROR: the password cannot be accepted (' . $pwisoka['errmsg'] . ').
Must be 8-32 characters long; valid characters are:
' . htmlentities($pwisoka['valid_chars']) . '

'; } unset($pwisoka); } // tell about password quality if ($errlev == 0) { $pw_quality = uc_commons_password_strength($pwda); if ($pw_quality < 4) { echo ' WARNING: password quality is low. It is recommended to change it with a better one
' . "\n"; echo ' '; } } if ($errlev == 0) { $dbpwd = uc_qid_pass2dbv($pwda); unset($pwda); // flimsy security precaution unset($pwdb); // flimsy security precaution syslog(LOG_NOTICE, 'INFO: user ' . $_SESSION['username'] . ' OK with oper ' . $oper . ', performing DB update for password'); // SQL-injection prevention is done inside uc_qidportal_enterprisedata_update $sqlrva = uc_qidportal_enterprisedata_update(11, $dbc, $eid, array('login_pwd' => $dbpwd)); if ($sqlrva['err'] != 0) { $errlev++; echo '
ERROR: could not change your password(?!), try later, please!

'; uc_qidportal_log(true, $dbc, false, false, 'enterprise', $_SESSION['username'], 'error', 'user failed password change: ' . $sqlrva['errmsg'], $_SERVER['PHP_SELF'], false, false); syslog(LOG_NOTICE, 'ERROR: could not change password for EID ' . $eid . ' (user ' . $_SESSION['username'] . '), err: ' . $sqlrva['err'] . ' descr: ' . $sqlrva['errmsg']); } else { echo '
OK: password changed!

'; syslog(LOG_NOTICE, 'INFO: EID ' . $eid . ' (user ' . $_SESSION['username'] . ') changed password'); uc_qidportal_log(true, $dbc, false, false, 'enterprise', $_SESSION['username'], 'info', 'user changed password', $_SERVER['PHP_SELF'], false, false); // send e-mail to the user here (confirm that password has changed), // but do not check for the return. Give for granted that it is delivered $mailrv = uc_send_simple_mail_sk(QID_PORTAL_MXRELAY_HOST, QID_PORTAL_MX_FROM, $enta['email'], 'QID portal warning: password change', array('Information: password change for user ' . $_SESSION['username'], 'the password has been changed on www.q-id.org by user ' . $_SESSION['username'], 'Please, contact us if you think that this operation was not performed by your company personnel.', 'Thanks - the QID team') ); } } if ($errlev != 0) { uc_qidportal_form_setpwd($eid, $_SESSION['username'], '', 'change_pass', 'not_important', 'class="infoask"', 'class="ask"', 'width="100%" cellpadding="4" cellspacing="0" border="0"', 'SET PASSWORD'); } break; default: // no oper requested, just display the forms to edit the company data // syslog(LOG_NOTICE, 'DEBUG: eid is ' . $eid); /* uc_qidportal_form_edit_ent_data($dbc, $eid, false, 'corporate_edit_data.php', 'style="width:92%; font-size:14px"', 'class="tblbase tonered" style="width:100%"', '', 'style="border-bottom: 1px solid #ff5555;"', 'style="border-bottom: 1px solid #ff5555;"', ''); */ // last params: $divattrs, $tblattrs, $rowattrs, $namecellattrs, $cellattrs, $inputattrs echo '
'; uc_qidportal_form_edit_ent_data($dbc, $eid, false, 'corporate_edit_data.php', 'style="width:92%; font-size:14px"', 'class="tblbase" style="width:100%"', '', 'class="nxd_label"', 'style="width:200px;"', 'class="nxd_reg_input"'); // echo '

'; echo '		'; uc_qidportal_form_setpwd($eid, $_SESSION['username'], '', 'change_pass', 'not_important', 'class="infoask"', 'class="ask"', 'width="100%" cellpadding="4" cellspacing="0" border="0"', 'SET PASSWORD'); echo '
'; echo '

'; } uc_close_conn($dbc); // echo uc_qidportal_corporate_inops_menu() . "
\n"; } else { echo '


ERROR: you are not logged in. Please, authenticate or register.

'; } // close the workarea alog with my central enclosing table uc_qidportal_corporate_central_box_close($logged_in); echo '
'; closelog();