From 48a9a16eeeade25191ea421d688cc81a6f4bc14c Mon Sep 17 00:00:00 2001 From: Sam White Date: Fri, 10 Sep 2021 21:35:03 +0000 Subject: [PATCH] Allow purchasing of YCRA subscriptions. --- config.php.sample | 11 +- public_html/css/common.css | 4 + public_html/css/fields.css | 14 ++ public_html/includes/database.php | 58 ++++++++ public_html/includes/fields.php | 49 +++++++ public_html/includes/form-validation.php | 69 ++++++++++ public_html/includes/navbar.php | 6 +- public_html/includes/utils.php | 11 ++ public_html/join.php | 161 +++++++++++++++++++++++ 9 files changed, 379 insertions(+), 4 deletions(-) create mode 100644 public_html/css/fields.css create mode 100644 public_html/includes/database.php create mode 100644 public_html/includes/fields.php create mode 100644 public_html/includes/form-validation.php create mode 100644 public_html/join.php diff --git a/config.php.sample b/config.php.sample index 29381f2..e060c36 100644 --- a/config.php.sample +++ b/config.php.sample @@ -2,6 +2,15 @@ function get_config() { return [ 'site_root' => '/', - 'title_append' => 'DEV SITE', + 'title_append' => '', + ]; +} + +function get_db_details() { + return [ + 'host' => 'localhost', + 'database' => 'DB', + 'user' => 'USER', + 'password' => "PASSWORD", ]; } diff --git a/public_html/css/common.css b/public_html/css/common.css index 754bd9b..0aa5089 100644 --- a/public_html/css/common.css +++ b/public_html/css/common.css @@ -39,6 +39,10 @@ div.section { clear: both; } +.error { + color: red; +} + /* General styling for tables. */ table { /* Centre tables. */ diff --git a/public_html/css/fields.css b/public_html/css/fields.css new file mode 100644 index 0000000..66cb445 --- /dev/null +++ b/public_html/css/fields.css @@ -0,0 +1,14 @@ +div.field { + display: block; + margin: 1em 0; +} + +div.field label { + font-weight: bold; + display: block; +} + +div.field.required label::before { + content: '*'; + color: red; +} diff --git a/public_html/includes/database.php b/public_html/includes/database.php new file mode 100644 index 0000000..4aa870f --- /dev/null +++ b/public_html/includes/database.php @@ -0,0 +1,58 @@ +connect_error) + die('Database connection failed: ' . $db_conn->connect_error); + } +} + +function run_sql($sql) { + global $db_conn; + if (!$db_conn) db_connect(); + $result = $db_conn->query($sql); + if ($result === false) { + error_log('Error executing SQL query: ' . $db_conn->error + . ' while running the SQL: ' . $sql); + die('Database query failed! Error: ' . $db_conn->error); + } + return $result; +} + +function escape_mysql_string($string) { + global $db_conn; + if (!$db_conn) db_connect(); + return $db_conn->real_escape_string($string); +} + +function mysql_quote_value($value) { + if (is_null($value)) return 'NULL'; + return sprintf("'%s'", escape_mysql_string($value)); +} + +function simple_where($key, $value, $comp='=') { + return sprintf("%s $comp %s", $key, mysql_quote_value($value)); +} + +function record_exists($table, $where) { + $sql = "SELECT EXISTS(SELECT * FROM $table WHERE $where)"; + $result = run_sql($sql); + $val = mysqli_fetch_row($result)[0]; + if ($val) return true; + return false; +} + +function insert_array($table, $fields) { + $keys = $values = []; + foreach ($fields as $key=>$value) { + $keys[] = $key; + $values[] = mysql_quote_value($value); + } + $sql = "INSERT INTO $table (" . implode(',', $keys) . ') ' + . 'VALUES (' . implode(',', $values) . ')'; + return run_sql($sql); +} diff --git a/public_html/includes/fields.php b/public_html/includes/fields.php new file mode 100644 index 0000000..2419528 --- /dev/null +++ b/public_html/includes/fields.php @@ -0,0 +1,49 @@ + + + $value) esc("$name=\"$value\" ");?> + /> + +
+
$value], $name); +} +?> diff --git a/public_html/includes/form-validation.php b/public_html/includes/form-validation.php new file mode 100644 index 0000000..43ab85e --- /dev/null +++ b/public_html/includes/form-validation.php @@ -0,0 +1,69 @@ + 64) { + $errors[] = 'Invalid length for local part of email address.'; + return false; + } + $domainLen = strlen($domain); + if ($domainLen < 1 || $domainLen > 255) { + $errors[] = 'Invalid length for domain part of email address.'; + return false; + } + + if ($local[0] == '.' || $local[$localLen-1] == '.' + || preg_match('/\\.\\./', $local)) { + $errors[] = 'Invalid format for local part of email address.'; + return false; + } + + if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { + $errors[] = 'Invalid character in domain part of email address.'; + return false; + } + + if (preg_match('/\\.\\./', $domain)) { + $errors[] = 'Invalid format for domain part of email address.'; + return false; + } + + if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', + str_replace("\\\\","",$local)) + && !preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { + $errors[] = 'Invalid character(s) in local part of email address - please ' + . 'enclose in quotation marks.'; + return false; + } + + if (!(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) { + $errors[] = 'Email address domain has no relevant DNS records.'; + return false; + } + return true; +} diff --git a/public_html/includes/navbar.php b/public_html/includes/navbar.php index f40d7a8..26db2f0 100644 --- a/public_html/includes/navbar.php +++ b/public_html/includes/navbar.php @@ -11,10 +11,10 @@ function get_menu_pages() { /* 'about' => [ 'name' => 'About', 'path' => '#' - ], + ],*/ 'join' => [ 'name' => 'Join', - 'path' => '#' - ], + 'path' => 'join.php' + ],/* 'links' => [ 'name' => 'Useful Links', 'path' => '#' ], diff --git a/public_html/includes/utils.php b/public_html/includes/utils.php index ee5bb6c..a9f096f 100644 --- a/public_html/includes/utils.php +++ b/public_html/includes/utils.php @@ -44,3 +44,14 @@ function cache_control_suffix($path) { $modified = date('Ymd-His', filemtime($doc_root . $site_root . $path)); return "?v=$modified"; } + +function show_error_list($errors) { + if (empty($errors)) return;?> +

+
+
+ + + + + +
:
+ + + +
+

Join the YCRA

+ +

Your PayPal payment has been cancelled and you will not be charged..

+

Thank you for paying for your YCRA membership via PayPal. Congratulations + on becoming a YCRA member!

+

Please check that the information you entered (as shown below) is + correct.

+

We have received your data. You will become a member of the YCRA after + you have paid the membership fee.

+ +

Please use the form below to either join the YCRA, or express interest in + joining the YCRA.

+ +

You will become a member of the YCRA if you enter your details below and + then subsequently pay for membership.

+ +

Please view our >privacy policy + for information on how we will process your data.

+ + + +
'']); + text_field($params, 'surname', 'Surname', ['required'=>'']); + email_field($params, 'email_address', 'Email address', ['required'=>'']);?> + +

When you join the YCRA, we will send you a membership pack. If you do + not pay for your membership via PayPal, we will need your address. + Please either enter it here, or provide it when you pay for your + membership.

+ + +
+ + 1])); + $fields = [ 'cmd' => '_cart', + 'business' => 'treasurer@ycra.org.uk', + 'upload' => '1', + 'currency_code' => 'GBP', + 'item_name_1' => 'One year YCRA membership', + 'item_number_1' => 'YCRA-MEM-1', + 'quantity_1' => 1, + 'amount_1' => 15, + 'no_shipping' => 2, + 'no_note' => 1, + 'cancel_return' => 'https://ycra.org.uk/join.php?paypal-cancel=1', + 'return' => 'https://ycra.org.uk/join.php?paypal-paid=1', + ]; + $url_fields = []; + foreach ($fields as $field=>$value) + $url_fields[] = urlencode($field) . '=' . urlencode($value); + + $url = 'https://www.paypal.com/cgi-bin/webscr?' . implode('&', $url_fields); + header("Location: $url"); + return; + } +} + +require_once('includes/template.php'); +?> -- 2.25.1