00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 function submitRegistrationForm($moduleCompId, $userId, $silent = false, $disableCaptcha = false) {
00028 if($userId==0) {
00029 $useridQuery = "SELECT MIN(`user_id`) - 1 AS MIN FROM `form_regdata` WHERE 1";
00030 $useridResult = mysql_query($useridQuery);
00031 if(mysql_num_rows($useridResult)>0) {
00032 $useridRow = mysql_fetch_assoc($useridResult);
00033 $userId = $useridRow['MIN'];
00034 }
00035 else
00036 $userId = -1;
00037 }
00040 if(!$disableCaptcha) {
00041 $captchaQuery = 'SELECT `form_usecaptcha` FROM `form_desc` WHERE `page_modulecomponentid` = ' . $moduleCompId;
00042 $captchaResult = mysql_query($captchaQuery);
00043 $captchaRow = mysql_fetch_row($captchaResult);
00044 if($captchaRow[0] == 1)
00045 if(!submitCaptcha())
00046 return false;
00047
00048 }
00050
00051 $query="SELECT `form_elementid`,`form_elementtype` FROM `form_elementdesc` WHERE `page_modulecomponentid`=$moduleCompId";
00052 $result=mysql_query($query);
00053 $allFieldsUpdated = true;
00054 while($elementRow=mysql_fetch_assoc($result)) {
00055 $type = $elementRow['form_elementtype'];
00056 $elementId = $elementRow['form_elementid'];
00057 $postVarName = "form_".$moduleCompId."_element_".$elementRow['form_elementid'];
00058 $functionName = "submitRegistrationForm".ucfirst(strtolower($type));
00059
00060 $elementDescQuery="SELECT `form_elementname`,`form_elementsize`,`form_elementtypeoptions`,`form_elementmorethan`," .
00061 "`form_elementlessthan`,`form_elementcheckint`,`form_elementisrequired` FROM `form_elementdesc` " .
00062 "WHERE `page_modulecomponentid`=$moduleCompId AND `form_elementid` =$elementId";
00063 $elementDescResult=mysql_query($elementDescQuery);
00064 if (!$elementDescResult) { displayerror('E69 : Invalid query: ' . mysql_error()); return false; }
00065
00066 $elementDescRow = mysql_fetch_assoc($elementDescResult);
00067
00068 $elementName = $elementDescRow['form_elementname'];
00069 $elementSize = $elementDescRow['form_elementsize'];
00070 $elementTypeOptions = $elementDescRow['form_elementtypeoptions'];
00071 $elementMoreThan = $elementDescRow['form_elementmorethan'];
00072 $elementLessThan = $elementDescRow['form_elementlessthan'];
00073 $elementCheckInt = ($elementDescRow['form_elementcheckint'])==1?true:false;
00074 $elementIsRequired = ($elementDescRow['form_elementisrequired'])==1?true:false;
00075
00076 if($functionName($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired)==false) {
00077
00078 $allFieldsUpdated = false;
00079 break;
00080 }
00081 }
00082 if(!$allFieldsUpdated) {
00083 if($userId < 0)
00084 unregisterUser($moduleCompId,$userId);
00085 else {
00086 if (!verifyUserRegistered($moduleCompId, $userId)) {
00087 $deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId ";
00088 $deleteelementdata_result = mysql_query($deleteelementdata_query);
00089 }
00090 return false;
00091 }
00092 }
00093 else {
00094 if(!verifyUserRegistered($moduleCompId,$userId)) {
00095 registerUser($moduleCompId,$userId);
00096 }
00097 else
00098 updateUser($moduleCompId,$userId);
00099 if(!$silent)
00100 {
00101 $footerQuery = "SELECT `form_footertext`, `form_sendconfirmation` FROM `form_desc` WHERE `page_modulecomponentid` = $moduleCompId";
00102 $footerResult = mysql_query($footerQuery);
00103 $footerRow = mysql_fetch_row($footerResult);
00104
00105 $footerText = $footerRow[0];
00106 $footerTextLength = strlen($footerText);
00107
00108 if ($footerTextLength > 7) {
00109 if (substr($footerText, 0, 4) == '<!--' && substr($footerText, $footerTextLength - 3) == '-->')
00110 $footerText = substr($footerText, 4, $footerTextLength - 7);
00111 else
00112 $footerText = '';
00113 }
00114 else
00115 $footerText = '';
00116
00117 displayinfo($footerText == '' ? "User successfully registered!" : $footerText);
00118
00119
00120 if ($footerRow[1]) {
00121 $from = CMS_EMAIL;
00122 $to = getUserEmail($userId);
00123
00124 $pageId = getPageIdFromModuleComponentId('form',$moduleCompId);
00125 $parentPage = getParentPage($pageId);
00126 $formname = getPageTitle($parentPage);
00127 $keyid = $finalName = str_pad($userId, 5,'0', STR_PAD_LEFT);
00128 $key = '';
00129 $mailtype = "form_registration_mail";
00130 $messenger = new messenger(false);
00131
00132 global $onlineSiteUrl;
00133 $messenger->assign_vars(array('FORMNAME'=>"$formname",'KEY'=>"$key",'WEBSITE'=>CMS_TITLE,'DOMAIN'=>$onlineSiteUrl, 'NAME'=>getUserFullName($userId)));
00134 if ($messenger->mailer($to,$mailtype,$key,$from))
00135 displayinfo("You have been succesfully registered to $formname and a registration confirmation mail has been sent. Kindly check your e-mail.");
00136 else
00137 displayerror("Registration confirmation mail sending failure. Kindly contact webadmin@pragyan.org");
00138
00139 }
00140
00141
00142 }
00143 }
00144 return true;
00145 }
00148 function submitCaptcha(){
00149 if($_POST['captcha'])
00150 {
00151 global $sourceFolder, $moduleFolder, $cmsFolder;
00152 require_once("$sourceFolder/$moduleFolder/form/captcha/recaptcha/recaptchalib.php");
00153 $query = "SELECT `value` FROM `". MYSQL_DATABASE_PREFIX ."global` WHERE `attribute`='recaptcha_private'";
00154 $res = mysql_fetch_assoc(mysql_query($query));
00155 $private_key = $res['value'];
00156 if ($_POST["recaptcha_response_field"]) {
00157 $resp = recaptcha_check_answer ($private_key,
00158 $_SERVER["REMOTE_ADDR"],
00159 $_POST["recaptcha_challenge_field"],
00160 $_POST["recaptcha_response_field"]);
00161
00162 if ($resp->is_valid)
00163 return true;
00164 }
00165 }
00166 else
00167 {
00168 if(isset($_SESSION['CAPTCHAString']) && isset($_POST['txtCaptcha']))
00169 if(strtolower($_SESSION['CAPTCHAString']) == strtolower($_POST['txtCaptcha']))
00170 return true;
00171 }
00172 displayerror('The text did not match the letters in the image. Please try again.');
00173 return false;
00174 }
00175
00176 function submitRegistrationFormText($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00177 if($elementIsRequired && ( !isset($_POST[$postVarName]) || $_POST[$postVarName] == NULL || trim($_POST[$postVarName]) == "")) {
00178 displayerror("Essential field $elementName is missing");
00179 return false;
00180 }
00181
00182 $submitData = escape(trim($_POST[$postVarName]));
00183 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00184 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00185 $textResult = mysql_query($textQuery);
00186 if (!$textResult) { displayerror('E46 : Invalid query: ' . mysql_error()); return false; }
00187
00188 $query="SELECT * FROM `form_elementdesc` WHERE `page_modulecomponentid`=$moduleCompId AND `form_elementid` =$elementId";
00189 $result=mysql_query($query);
00190 $fetch=mysql_fetch_assoc($result);
00191 if($elementSize>0)
00192 {
00193 if(strlen($submitData) > $elementSize) {
00194 displayerror("$elementName is more than element size");
00195 return false;
00196 }
00197 }
00198 if($elementMoreThan!=0)
00199 {
00200 if($elementMoreThan > $submitData) {
00201 displayerror("$elementName is less than element minimum value");
00202 return false;
00203 }
00204 }
00205 if($elementLessThan!=0)
00206 {
00207 if($elementLessThan < $submitData) {
00208 displayerror("$elementName is more than element maximum value");
00209 return false;
00210 }
00211 }
00212 if($elementCheckInt)
00213 {
00214 if(!is_numeric($submitData)) {
00215 if($submitData != '') {
00216 displayerror("$elementName is not of type int");
00217 return false;
00218 }
00219 }
00220 }
00221 if(mysql_num_rows($textResult)>0) {
00222 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '".$submitData."' ".
00223 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00224 $textUpdateResult = mysql_query($textUpdateQuery);
00225 if (!$textUpdateResult) { displayerror('E67 : Invalid query: ' . mysql_error()); return false; }
00226 } else {
00227 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00228 "VALUES ( '$userId', '$moduleCompId', '$elementId', '". $submitData ."')";
00229 $textInsertResult = mysql_query($textInsertQuery);
00230 if (!$textInsertResult) { displayerror('E13 : Invalid query: ' . mysql_error()); return false; }
00231 }
00232 return true;
00233 }
00234
00235 function submitRegistrationFormTextarea($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00236 if($elementIsRequired && ( !isset($_POST[$postVarName]) || $_POST[$postVarName] == NULL || trim($_POST[$postVarName] == "" ))) {
00237 displayerror("Essential field $elementName is missing");
00238 return false;
00239 }
00240 elseif(!isset($_POST[$postVarName]) && !$elementIsRequired) {
00241 return true;
00242 }
00243 $submitData = escape(trim($_POST[$postVarName]));
00244
00245 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00246 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00247 $textResult = mysql_query($textQuery);
00248 if (!$textResult) { displayerror('E34 : Invalid query: ' . mysql_error()); return false; }
00249
00250 if(mysql_num_rows($textResult)>0) {
00251 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '$submitData' ".
00252 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00253 $textUpdateResult = mysql_query($textUpdateQuery);
00254 if (!$textUpdateResult) { displayerror('E12 : Invalid query: ' . mysql_error()); return false; }
00255 } else {
00256 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00257 "VALUES ( '$userId', '$moduleCompId', '$elementId', '$submitData')";
00258 $textInsertResult = mysql_query($textInsertQuery);
00259 if (!$textInsertResult) { displayerror('E89 : Invalid query: ' . mysql_error()); return false; }
00260 }
00261 return true;
00262
00263 }
00264
00265 function submitRegistrationFormRadio($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00266 if($elementIsRequired && ( !isset($_POST[$postVarName]) || $_POST[$postVarName] == NULL || $_POST[$postVarName] == "")) {
00267 displayerror("Essential field ".$elementName." is missing");
00268 return false;
00269 }
00270
00271 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00272 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00273 $textResult = mysql_query($textQuery);
00274 if (!$textResult) { displayerror('E73 : Invalid query: ' . mysql_error()); return false; }
00275
00276 $optionNumber = escape($_POST[$postVarName]);
00277 $options = explode("|",$elementTypeOptions);
00278
00279 if(count($options)<($optionNumber+1)){
00280 displayerror("$elementName is out of bounds of the available number of options.");
00281 return false;
00282 }
00283
00284 if(mysql_num_rows($textResult)>0) {
00285 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '" . $options[$optionNumber] . "' ".
00286 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00287 $textUpdateResult = mysql_query($textUpdateQuery);
00288 if (!$textUpdateResult) { displayerror('E28 : Invalid query: ' . mysql_error()); return false; }
00289 } else {
00290 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00291 "VALUES ( '$userId', '$moduleCompId', '$elementId', '" . $options[$optionNumber] . "')";
00292 $textInsertResult = mysql_query($textInsertQuery);
00293 if (!$textInsertResult) { displayerror('E90 : Invalid query: ' . mysql_error()); return false; }
00294 }
00295 return true;
00296
00297
00298 }
00299
00300 function submitRegistrationFormCheckbox($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00301
00302 $options = explode("|",$elementTypeOptions);
00303 $i=-1;
00304 $values = array();
00305 foreach($options as $value) {
00306 $i++;
00307 if(!isset($_POST[$postVarName."_".$i]))
00308 continue;
00309
00310 $values[] = $value;
00311 }
00312
00313 $valuesString = join($values,"|");
00314
00315 if($elementIsRequired && $valuesString == "") {
00316 displayerror("Essential field ".$elementName." is missing");
00317 return false;
00318 }
00319
00320 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00321 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00322 $textResult = mysql_query($textQuery);
00323 if (!$textResult) { displayerror('E91 : Invalid query: '.$textQuery . mysql_error()); return false; }
00324
00325
00326 if(mysql_num_rows($textResult)>0) {
00327 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '$valuesString' ".
00328 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00329 $textUpdateResult = mysql_query($textUpdateQuery);
00330 if (!$textUpdateResult) { displayerror('E78 : Invalid query: ' . mysql_error()); return false; }
00331 } else {
00332 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00333 "VALUES ( '$userId', '$moduleCompId', '$elementId', '$valuesString')";
00334 $textInsertResult = mysql_query($textInsertQuery);
00335 if (!$textInsertResult) { displayerror('E55 : Invalid query: ' . mysql_error()); return false; }
00336 }
00337
00338 return true;
00339
00340 }
00341
00342 function submitRegistrationFormSelect($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00343 if($elementIsRequired && ( !is_numeric($_POST[$postVarName]) || !isset($_POST[$postVarName]) || $_POST[$postVarName] == "" || $_POST[$postVarName] == NULL )) {
00344 displayerror("Essential field ".$elementName." is missing");
00345 return false;
00346 }
00347 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00348 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00349 $textResult = mysql_query($textQuery);
00350 if (!$textResult) { displayerror('E64 : Invalid query: ' . mysql_error()); return false; }
00351 $optionNumber = escape($_POST[$postVarName]);
00352 $options = explode("|",$elementTypeOptions);
00353
00354 if(count($options)<($optionNumber+1)){
00355 displayerror("$elementName is out of bounds of the available number of options.");
00356 return false;
00357 }
00358
00359 if(mysql_num_rows($textResult)>0) {
00360 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '" . $options[$optionNumber] ."' ".
00361 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00362 $textUpdateResult = mysql_query($textUpdateQuery);
00363 if (!$textUpdateResult) { displayerror('E102 : Invalid query: ' . mysql_error()); return false; }
00364 } else {
00365 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00366 "VALUES ( '$userId', '$moduleCompId', '$elementId', '" . $options[$optionNumber] . "')";
00367 $textInsertResult = mysql_query($textInsertQuery);
00368 if (!$textInsertResult) { displayerror('E121 : Invalid query: ' . mysql_error()); return false; }
00369 }
00370 return true;
00371
00372 }
00373
00374 function submitRegistrationFormPassword($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00375 if($elementIsRequired && ( !isset($_POST[$postVarName]) || $_POST[$postVarName] == "" || $_POST[$postVarName] == NULL )) {
00376 displayerror("Essential field ".$elementName." is missing");
00377 return false;
00378 }
00379 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00380 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00381 $textResult = mysql_query($textQuery);
00382 if (!$textResult) { displayerror('E234 : Invalid query: ' . mysql_error()); return false; }
00383
00384 if(mysql_num_rows($textResult)>0) {
00385 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '".escape($_POST[$postVarName])."' ".
00386 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00387 $textUpdateResult = mysql_query($textUpdateQuery);
00388 if (!$textUpdateResult) { displayerror('E39 : Invalid query: ' . mysql_error()); return false; }
00389 } else {
00390 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00391 "VALUES ( '$userId', '$moduleCompId', '$elementId', '" . escape($_POST[$postVarName]) . "')";
00392 $textInsertResult = mysql_query($textInsertQuery);
00393 if (!$textInsertResult) { displayerror('E42 : Invalid query: ' . mysql_error()); return false; }
00394 }
00395 return true;
00396 }
00397
00398 function submitRegistrationFormFile($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00399 if($elementIsRequired && !isset($_FILES[$postVarName])) {
00400 displayerror('Required file ' . $elementName . ' not uploaded.');
00401 return false;
00402 }
00403
00404 $existsQuery = "SELECT `form_elementdata` from `form_elementdata` WHERE `user_id` = $userId AND " .
00405 "`page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00406 $existsResult = mysql_query($existsQuery);
00407
00408 global $sourceFolder;
00409 require_once("$sourceFolder/upload.lib.php");
00411 if($_FILES[$postVarName]['error'][0] != UPLOAD_ERR_NO_FILE) {
00412 if(mysql_num_rows($existsResult)>0) {
00413 $existsRow = mysql_fetch_array($existsResult);
00414 if(deleteFile( $moduleCompId,'form', $existsRow[0])) {
00415 $deleteQuery = "DELETE FROM `form_elementdata` WHERE `form_elementid` = $elementId AND `page_modulecomponentid` = $moduleCompId";
00416 mysql_query($deleteQuery);
00417 }
00418 }
00419 }
00420 $maxFileSizeInBytes = $elementLessThan;
00421 if($maxFileSizeInBytes == NULL || $maxFileSizeInBytes == "" || $maxFileSizeInBytes == 0) $maxFileSizeInBytes = 2*1024*1024;
00422 if(trim($elementTypeOptions)=="") $uploadableFileTypes = false;
00423 else {
00424 $uploadableFileTypes = explode( "|" , $elementTypeOptions );
00425 if(count($uploadableFileTypes)==0) $uploadableFileTypes = false;
00426 }
00427 $uploadFileName = submitFileUploadForm($moduleCompId, "form", $userId, $maxFileSizeInBytes , $uploadableFileTypes, $postVarName);
00428 if(!isset($uploadFileName[0])) {
00429 return !$elementIsRequired;
00430 }
00431 $uploadFileName = $uploadFileName[0];
00432
00433 $submitQuery = 'INSERT INTO `form_elementdata`(`user_id`, `page_modulecomponentid`, `form_elementid`, `form_elementdata`) ' .
00434 "VALUES($userId, $moduleCompId, $elementId, '$uploadFileName')";
00435 if(!mysql_query($submitQuery) || mysql_affected_rows() != 1) {
00436 displayerror('Error updating information in the database.');
00437 return false;
00438 }
00439 return true;
00440 }
00441
00442 function submitRegistrationFormDate($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00443 if($elementIsRequired && ( !isset($_POST[$postVarName]) || $_POST[$postVarName] == "" || $_POST[$postVarName] == NULL )) {
00444 displayerror("Essential field ".$elementName." is missing");
00445 return false;
00446 }
00447 if(!$elementIsRequired && $_POST[$postVarName]=="") return true;
00448 if(!verifyDate(escape($_POST[$postVarName]))) return false;
00449 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00450 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00451 $textResult = mysql_query($textQuery);
00452 if (!$textResult) { displayerror('E134 : Invalid query: ' . mysql_error()); return false; }
00453
00454 if(mysql_num_rows($textResult)>0) {
00455 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '".escape($_POST[$postVarName])."' ".
00456 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00457 $textUpdateResult = mysql_query($textUpdateQuery);
00458 if (!$textUpdateResult) { displayerror('E12 : Invalid query: ' . mysql_error()); return false; }
00459 } else {
00460 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00461 "VALUES ( '$userId', '$moduleCompId', '$elementId', '" . escape($_POST[$postVarName]) . "')";
00462 $textInsertResult = mysql_query($textInsertQuery);
00463 if (!$textInsertResult) { displayerror('E89 : Invalid query: ' . mysql_error()); return false; }
00464 }
00465 return true;
00466
00467 }
00468
00469 function submitRegistrationFormDatetime($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) {
00470 if($elementIsRequired && ( !isset($_POST[$postVarName]) || $_POST[$postVarName] == "" || $_POST[$postVarName] == NULL )) {
00471 displayerror("Essential field ".$elementName." is missing");
00472 return false;
00473 }
00474 if(!$elementIsRequired && $_POST[$postVarName]=="") return true;
00475 $strdatetime=escape($_POST[$postVarName]);
00476 $pos=strpos($strdatetime," ");
00477 $date=substr($strdatetime,0,($pos));
00478 $time=substr($strdatetime,$pos+1,strlen($strdatetime));
00479 if(!verifyDate($date))
00480 return false;
00481 if(!verifyTime($time))
00482 return false;
00483 $textQuery = "SELECT 1 FROM `form_elementdata` " .
00484 "WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId AND `form_elementid` =$elementId";
00485 $textResult = mysql_query($textQuery);
00486 if (!$textResult) { displayerror('E234 : Invalid query: ' . mysql_error()); return false; }
00487
00488 if(mysql_num_rows($textResult)>0) {
00489 $textUpdateQuery = "UPDATE `form_elementdata` SET `form_elementdata` = '".escape($_POST[$postVarName])."' ".
00490 "WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId AND `form_elementid` = $elementId";
00491 $textUpdateResult = mysql_query($textUpdateQuery);
00492 if (!$textUpdateResult) { displayerror('E12 : Invalid query: ' . mysql_error()); return false; }
00493 } else {
00494 $textInsertQuery = "INSERT INTO `form_elementdata` ( `user_id` , `page_modulecomponentid` , `form_elementid` , `form_elementdata` ) ".
00495 "VALUES ( '$userId', '$moduleCompId', '$elementId', '" . escape($_POST[$postVarName]) . "')";
00496 $textInsertResult = mysql_query($textInsertQuery);
00497 if (!$textInsertResult) { displayerror('E89 : Invalid query: ' . mysql_error()); return false; }
00498 }
00499 return true;
00500 }
00501
00502 function verifyDate($inputDate){
00503 $datePattern = '/^(?P<year>19[5-9][0-9]|20[0-4][0-9]|2050)-(?P<month>0[1-9]|1[0-2])-(?P<date>0[1-9]|[12][0-9]|3[01])$/';
00504 $matches = array();
00505 $isMatch = preg_match($datePattern, $inputDate, $matches);
00506 if(!$isMatch) {
00507 displayerror("Enter the date in 'YYYY-MM-DD' format");
00508 return false;
00509 }
00510
00511 $year = $matches['year'];
00512 $month = $matches['month'];
00513 $date = $matches['date'];
00514
00515 if($year < 1950 || $year > 2050) {
00516 displayerror($year . ' Enter a valid year.');
00517 return false;
00518 }
00519 if($month > 12) {
00520 displayerror('Enter a valid month.');
00521 return false;
00522 }
00523 if($date > 31) {
00524 displayerror('Enter a valid date.');
00525 return false;
00526 }
00527 switch($month) {
00528 case 2:
00529 if(($year % 4 && $date > 28) || (!($year % 4) && $date > 29)) {
00530 displayerror('Enter a valid date for February.');
00531 return false;
00532 }
00533 break;
00534
00535 case 4:
00536 case 6:
00537 case 9:
00538 case 11:
00539 if($date > 30) {
00540 displayerror('Enter a valid date for the specified month.');
00541 return false;
00542 }
00543 }
00544
00545 return true;
00546 }
00547
00548 function verifyTime($inputTime){
00549 $timePattern = '/^([01][0-9]|2[0-3]):[0-5][0-9]$/';
00550 if(!preg_match($timePattern, $inputTime)) {
00551 displayerror("Enter the time in 'HH:MM' format in 24 hours clock");
00552 return false;
00553 }
00554 return true;
00555 }
00556
00557 function insertFormView($moduleComponentId, $userId) {
00558 $existsQuery = "SELECT COUNT(*) FROM `form_visits` WHERE `page_modulecomponentid` = $moduleComponentId AND `user_id` = $userId";
00559 $existsResult = mysql_query($existsQuery);
00560 $existsRow = mysql_fetch_row($existsResult);
00561
00562 if ($existsRow[0] == 0) {
00563 $insertQuery = "INSERT INTO `form_visits`(`page_modulecomponentid`, `user_id`, `user_submitcount`, `user_firstvisit`) VALUES " .
00564 "($moduleComponentId, $userId, 0, NOW())";
00565 mysql_query($insertQuery);
00566 }
00567 }
00568
00569 function updateFormSubmitCount($moduleComponentId, $userId) {
00570 $existsQuery = "SELECT COUNT(*) FROM `form_visits` WHERE `page_modulecomponentid` = $moduleComponentId AND `user_id` = $userId";
00571 $existsResult = mysql_query($existsQuery);
00572 $existsRow = mysql_fetch_row($existsResult);
00573
00574 if ($existsRow[0] == 1)
00575 $updateQuery = "UPDATE `form_visits` SET `user_submitcount` = `user_submitcount` + 1 WHERE `page_modulecomponentid` = $moduleComponentId AND `user_id` = $userId";
00576 else
00577 $updateQuery = "INSERT INTO `form_visits`(`page_modulecomponentid`, `user_id`, `user_submitcount`, `user_firstvisit`) VALUES " .
00578 "($moduleComponentId, $userId, 1, NOW())";
00579 mysql_query($updateQuery);
00580 }
00581
00583 function registerUser($moduleCompId,$userId) {
00584 $registeruser_query = "INSERT INTO `form_regdata` (`user_id` ,`page_modulecomponentid` ,`form_firstupdated` ,`form_lastupdated`) " .
00585 "VALUES ('$userId', '$moduleCompId', CURRENT_TIMESTAMP , CURRENT_TIMESTAMP)";
00586 $registeruser_result = mysql_query($registeruser_query);
00587 if(mysql_affected_rows()>0){
00588
00589
00590 global $sourceFolder;
00591 require_once($sourceFolder."/group.lib.php");
00592 $groupId = getGroupIdFromFormId($moduleCompId);
00593 if($groupId!=false) {
00594 if(addUserToGroupId($groupId, $userId))
00595 return true;
00596 else {
00597 displayerror("Error in registering user to group.");
00598 return false;
00599 }
00600 }
00601 return true;
00602 }
00603 else {
00604 displayerror("Error in registering user to form.");
00605 return false;
00606 }
00607 }
00609 function updateUser($moduleCompId,$userId) {
00610
00611
00612 $updateuser_query = "UPDATE `form_regdata` SET `form_lastupdated` = CURRENT_TIMESTAMP WHERE `user_id` =$userId AND `page_modulecomponentid` =$moduleCompId";
00613 $updateuser_result = mysql_query($updateuser_query);
00614 if(mysql_affected_rows()>0)
00615 return true;
00616 else
00617 return false;
00618 }
00620 function verifyUserRegistered($moduleCompId,$userId) {
00621 if($userId == 0) return false;
00622 $verifyuser_query = " SELECT 1 FROM `form_regdata` WHERE `user_id` =$userId AND `page_modulecomponentid` = $moduleCompId";
00623 $verifyuser_result = mysql_query($verifyuser_query);
00624 if (!$verifyuser_result) {
00625 displayerror('E39 : Invalid query: '.$verifyuser_query . mysql_error());
00626 return false;
00627 }
00629 if(mysql_num_rows($verifyuser_result)>0)
00630 return true;
00631 else
00632 return false;
00633 }
00635 function verifyUserProfileFilled($userId) {
00636 $verifyprofile_query = 'SELECT s.form_elementname ' .
00637 'FROM `form_elementdesc` s LEFT JOIN `form_elementdata` d ' .
00638 ' ON s.form_elementid = d.form_elementid AND s.page_modulecomponentid = d.page_modulecomponentid AND d.user_id='.$userId.' ' .
00639 ' WHERE s.form_elementisrequired = 1 AND s.page_modulecomponentid = 0 ' .
00640 ' AND (d.form_elementdata IS NULL OR d.form_elementdata = "")';
00641 $verifyprofile_result = mysql_query($verifyprofile_query);
00642 if(!$verifyprofile_result)
00643 return false;
00644 if(mysql_num_rows($verifyprofile_result)>0)
00645 return false;
00646 else
00647 return true;
00648 }
00650 function unregisterUser($moduleCompId, $userId, $silentOnSuccess = false) {
00651 if(verifyUserRegistered($moduleCompId,$userId)){
00652 $unregisteruser_query = "DELETE FROM `form_regdata` WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId";
00653 $unregisteruser_result = mysql_query($unregisteruser_query);
00654
00656 $fileFieldQuery = 'SELECT `form_elementdata` FROM `form_elementdata`, `form_elementdesc` WHERE ' .
00657 "`form_elementdata`.`page_modulecomponentid` = $moduleCompId AND `form_elementtype` = 'file' AND " .
00658 "`form_elementdata`.`user_id` = $userId AND `form_elementdesc`.`page_modulecomponentid` = `form_elementdata`.`page_modulecomponentid` AND " .
00659 "`form_elementdata`.`form_elementid` = `form_elementdesc`.`form_elementid`";
00660 $fileFieldResult = mysql_query($fileFieldQuery);
00661
00662 global $sourceFolder;
00663 require_once("$sourceFolder/upload.lib.php");
00664 while($fileFieldRow = mysql_fetch_row($fileFieldResult)) {
00665 deleteFile($moduleCompId, 'form', $fileFieldRow[0]);
00666 }
00667
00668 $deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = $userId AND `page_modulecomponentid` = $moduleCompId ";
00669 $deleteelementdata_result = mysql_query($deleteelementdata_query);
00670
00671 if($deleteelementdata_result) {
00672 global $sourceFolder;
00673 require_once($sourceFolder."/group.lib.php");
00674 $groupId = getGroupIdFromFormId($moduleCompId);
00675 if($groupId!=false) {
00676 if(removeUserFromGroupId($groupId, $userId)) {
00677 if(!$silentOnSuccess)
00678 displayinfo("User successfully unregistered");
00679 return true;
00680 }
00681 else {
00682 displayerror("Unable to unregister user from group.");
00683 return false;
00684 }
00685 }
00686 else {
00687 if(!$silentOnSuccess)
00688 displayinfo("User successfully unregistered");
00689 return true;
00690 }
00691 }
00692 else {
00693 displayerror("Error in unregistering user.");
00694 return false;
00695 }
00696 }
00697 else {
00698 displaywarning("User not registered!");
00699 return false;
00700 }
00701 }
00702
00703 ?>