diff --git a/database.mwb b/database.mwb index 5cc3a11..7b28f0c 100644 Binary files a/database.mwb and b/database.mwb differ diff --git a/public/actions/submit.php b/public/actions/submit.php index bfebe35..7ca75b6 100644 --- a/public/actions/submit.php +++ b/public/actions/submit.php @@ -10,258 +10,215 @@ require_once __DIR__ . "/../../lib/requiredpublic.php"; require_once __DIR__ . "/../../lib/Email.lib.php"; -var_export($_POST); -die(); - function errorBack(string $errormsg) { + global $familyid; header("Location: ../?page=signup&error=" . htmlentities($errormsg)); + $database->delete("families", ["familyid" => $familyid]); die($errormsg); } -if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $_SESSION['familyid']])) { - $family = $_SESSION['familyid']; - $renewal = true; -} else if (!empty($_POST['renewing'])) { - // Session expired, but we're renewing, so kick them back to verification - header("Location: ../?page=renew&msg=sessionexpired"); - die("You took too long and were automatically logged out. Please try again."); -} - $database->action(function($database) { - global $family, $renewal, $SETTINGS; - - try { - $lastname = $_POST['familyname']; - $father = $_POST['fathername']; - $mother = $_POST['mothername']; + global $SETTINGS; - if (empty($lastname)) { - errorBack("Enter a last name."); - } - if (empty($father)) { - errorBack("Enter a father name."); - } - if (empty($mother)) { - errorBack("Enter a mother name."); - } + $database->insert("families", []); + $familyid = $database->id(); - $family->setName($lastname); - $family->setFather($father); - $family->setMother($mother); + $dueusd = 0.0; - $family->setPhone($_POST['phone']); - $family->setEmail($_POST['email']); + try { - if ($renewal) { - if ($database->has("families", ["AND" => ["email" => $family->getEmail(), "familyid[!]" => $family->getID()]])) { - errorBack("That email address is already in use with another family."); - } - } else { - if ($database->has("families", ["email" => $family->getEmail()])) { - errorBack("That email address is already in use with another family."); + $people = $_POST['people']; + + $requiredfields = [ + "firstname" => ".+", + "lastname" => ".+", + "address" => ".+", + "zip" => "[0-9]{5}(-?[0-9]{4})?", + "phone1" => "[0-9]{10}", + "email" => "_EMAIL_", + "shirt" => ["YS", "YM", "YL", "AS", "AM", "AL", "AX", "A2"], + "sex" => ["M", "F"] + ]; + + foreach ($people['ids'] as $pid) { + switch ($people["type"][$pid]) { + case "camper": + $checkfields = array_merge($requiredfields, [ + "parentname" => ".+", + "unit" => "[0-9]{3,4}", + "rank" => ["Tiger", "Wolf", "Bear", "Webelos", "Arrow of Light"] + ]); + break; + case "adult": + $checkfields = array_merge($requiredfields, [ + "position" => [ + "None", + "Den Walker", + "Station Leader", + "Tot Lot", + "First Aid", + "Floater" + ] + ]); + break; + case "youth": + $checkfields = array_merge($requiredfields, [ + "position" => [ + "None", + "Den Chief", + "Station", + "Tot Lot", + "Floater" + ] + ]); + break; + default: + errorBack("Invalid person type."); } - } - - $address = $_POST['streetaddress']; - $city = $_POST['city']; - $state = strtoupper($_POST['state']); - $zip = $_POST['zip']; - if (empty($address)) { - errorBack("Enter a street address."); - } - if (empty($city)) { - errorBack("Enter a city."); - } - $family->setAddress($address); - $family->setCity($city); - $family->setState($state); - $family->setZip($zip); - - - $newsletter = $_POST['newsletter_method']; - $membership_cost = 2500; - if (empty($newsletter)) { - errorBack("Select a newsletter preference."); - } - $family->setNewsletter($newsletter); - switch ($newsletter) { - case 1: // Email only - $membership_cost = 2500; - break; - case 2: // Print only - $membership_cost = 3500; - break; - case 3: // Email and print - $membership_cost = 3500; - break; - default: - errorBack("Select a valid newsletter preference."); - } - - $photopermission = $_POST['photo_permission']; - if (!empty($photopermission) && $photopermission == "1") { - $photopermission = true; - } else { - $photopermission = false; - } - $family->setPhotoPermission($photopermission); + foreach ($checkfields as $name => $regex) { + $validatefunction = function ($str) use ($regex) { + return preg_match("/$regex/", $str); + }; + + if (is_array($regex)) { + // Array of options + $validatefunction = function ($str) use ($regex) { + return in_array($str, $regex); + }; + } else if (strpos($regex, "_") === 0) { + // Special cases + switch ($regex) { + case "_EMAIL_": + $validatefunction = function ($str) { + return filter_var($str, FILTER_VALIDATE_EMAIL); + }; + break; + } + } - if ($renewal) { - // If membership lapsed, add a whole year, otherwise just extend it - if ($family->getExpires() < time()) { - $family->setExpires(strtotime("+1 year")); - } else { - $family->setExpires(strtotime("+1 year", $family->getExpires())); + // Validate + if (!$validatefunction($people[$name][$pid])) { + errorBack("Please check your input and try again ($name)."); + } } - } else { - $family->setExpires(strtotime("+1 year")); - } - - $family->save(); - - // - // Children - // - $children = $_POST['child']; - $childObjects = $family->getChildren(); - foreach ($children['ids'] as $cid) { - if (empty($children['name'][$cid])) { - continue; - } - - if (!preg_match("/^([1-9]|1[012])$/", $children['month'][$cid])) { - errorBack("Invalid birth month chosen for " . htmlentities($children['name'][$cid]) . "."); + $days = ""; + if (is_array($people["days"][$pid])) { + $validdays = ["Tu", "We", "Th", "Fr"]; + $days = ""; + foreach ($people["days"][$pid] as $day) { + if (in_array($day, $validdays)) { + $days .= $day; + } + } } - if (!is_numeric($children['year'][$cid])) { - errorBack("Invalid birth year chosen for " . htmlentities($children['name'][$cid]) . "."); - } - $children['year'][$cid] = $children['year'][$cid] * 1; - if ($children['year'][$cid] < 1980 || $children['year'][$cid] > date("Y")) { - errorBack("Invalid birth year chosen for " . htmlentities($children['name'][$cid]) . "."); + switch ($people["type"][$pid]) { + case "camper": + $dueusd += 50.0; + echo "\nAdding $50 to the total for a camper, dueusd is $dueusd\n"; + $database->insert("campers", [ + "parentname" => $people["parentname"][$pid], + "rank" => $people["rank"][$pid] + ]); + $camperid = $database->id(); + break; + case "adult": + $discount = 10.0 * (strlen($days) / 2); + $dueusd -= $discount; + echo "\Subtracting $$discount from the total for an adult volunteer, dueusd is $dueusd\n"; + $database->insert("adults", [ + "position" => $people["position"][$pid], + "days" => $days + ]); + $adultid = $database->id(); + break; + case "youth": + $database->insert("youth", [ + "position" => $people["position"][$pid], + "days" => $days + ]); + $youthid = $database->id(); + break; } - if (Child::exists($cid, $family->getID())) { - // iterate over existing children to find the correct one - for ($i = 0; $i < count($childObjects); $i++) { - if ($childObjects[$i]->getID() == $cid) { - $childObjects[$i]->setName($children['name'][$cid]); - $childObjects[$i]->setBirthday(null, $children['year'][$cid] . "-" . $children['month'][$cid] . "-00"); - $childObjects[$i]->setGraduated(empty($children['graduate'][$cid]) ? false : true); - } - } - } else { - $child = new Child(); - $child->setName($children['name'][$cid]); - $child->setBirthday(null, $children['year'][$cid] . "-" . $children['month'][$cid] . "-00"); - $child->setGraduated(empty($children['graduate'][$cid]) ? false : true); - $child->setFamilyID($family->getID()); - $childObjects[] = $child; - } - } - foreach ($childObjects as $child) { - $child->save(); + $database->insert("people", [ + "familyid" => $familyid, + "camperid" => $camperid, + "adultid" => $adultid, + "youthid" => $youthid, + "firstname" => $people["firstname"][$pid], + "lastname" => $people["lastname"][$pid], + "address" => $people["address"][$pid], + "zip" => $people["zip"][$pid], + "phone1" => empty($people["phone1"][$pid] ? "" : $people["phone1"][$pid]), + "phone2" => empty($people["phone2"][$pid] ? "" : $people["phone2"][$pid]), + "email" => empty($people["email"][$pid] ? "" : $people["email"][$pid]), + "unit" => $people["unit"][$pid], + "shirt" => $people["shirt"][$pid], + "sex" => $people["sex"][$pid] + ]); } } catch (Exception $ex) { errorBack($ex->getMessage()); } - // - // Interests - // - $database->delete('interests', ['familyid' => $family->getID()]); - if (!empty($_POST['events']) && is_array($_POST['events'])) { - $interests = []; - foreach ($_POST['events'] as $evt) { - if ($database->has("events", ['eventid' => $evt])) { - $interests[] = ["familyid" => $family->getID(), "eventid" => $evt]; - } - } - $database->insert("interests", $interests); - } - - // // Payment // - try { - \Stripe\Stripe::setApiKey($SETTINGS["stripe"]["seckey"]); - $charge = \Stripe\Charge::create([ - 'amount' => $membership_cost, - 'currency' => 'usd', - 'description' => 'HACHE Membership', - 'source' => $_POST['stripeToken'], - 'statement_descriptor' => 'HACHE Membership 1yr', - ]); - } catch (\Stripe\Error\Card $e) { - $body = $e->getJsonBody(); - $err = $body['error']; - errorBack("We couldn't process your card because it was declined. Your card issuer or bank sent us this message: " . $err["message"] . " That's all we know."); - } catch (\Stripe\Error\RateLimit $e) { - errorBack("We couldn't process your card because things are happening too fast. Please try again in a minute. (Error code: STRIPE_RATELIMIT)"); - } catch (\Stripe\Error\InvalidRequest $e) { - errorBack("We couldn't process your card because of a technical issue. Please try again later. (Error code: STRIPE_INVREQ)"); - } catch (\Stripe\Error\Authentication $e) { - errorBack("We can't connect to the card processor. Please try again later. (Error code: STRIPE_AUTH)"); - } catch (\Stripe\Error\ApiConnection $e) { - errorBack("We can't connect to the card processor. Please try again later. (Error code: STRIPE_NOAPI)"); - } catch (\Stripe\Error\Base $e) { - errorBack("An unknown payment error occurred. Please try again later."); - } catch (Exception $e) { - errorBack("An unknown error occurred. Please try again later."); - } + $campcoupons = (!empty($_POST['campcoupons']) && preg_match("/[0-9]+/", $_POST['campcoupons'])) ? $_POST['campcoupons'] * 1 : 0; - $database->insert("payments", [ - "familyid" => $family->getID(), - "amount" => ($membership_cost / 100.0), - "paid" => 1, - "date" => date("Y-m-d H:i:s"), - "type" => "Online" - ]); + $duecard = $dueusd - $campcoupons; - try { - $confirmation = new Email(); - $confirmation->addTo($family->getEmail()); - $confirmation->setFrom($SETTINGS["smtp"]["fromaddress"], $SETTINGS["smtp"]["fromname"]); - $confirmation->setSMTP($SETTINGS["smtp"]["host"], $SETTINGS["smtp"]["port"], $SETTINGS["smtp"]["auth"], $SETTINGS["smtp"]["user"], $SETTINGS["smtp"]["password"], $SETTINGS["smtp"]["secure"]); - if ($renewal) { - $confirmation->setSubject("HACHE renewal confirmation"); - $confirmation->setBody("Your membership renewal has been processed.\r\n" - . "Your membership will expire on" . date("F j Y", $family->getExpires()) . ".\r\n" - . "Thanks for being a HACHE member!"); - } else { - $confirmation->setSubject("HACHE membership confirmation"); - $confirmation->setBody("Your membership and payment have been recorded.\r\n" - . "A HACHE member will be in touch in the next few days.\r\n" - . "Thanks again and welcome to HACHE!"); - } - $confirmation->send(); - } catch (Exception $e) { + echo "\nCost $dueusd total: $duecard to Stripe, $campcoupons as coupons\n"; + if ($_POST['totalcharge'] != $dueusd) { + errorBack("There was a discrepency between the total you saw and the total the server calculated. The transaction has been cancelled and you were not charged."); } - try { - $notification = new Email(); - $notification->addTo($SETTINGS["smtp"]["notification_to"]); - $notification->setFrom($SETTINGS["smtp"]["fromaddress"], $SETTINGS["smtp"]["fromname"]); - $notification->setSMTP($SETTINGS["smtp"]["host"], $SETTINGS["smtp"]["port"], $SETTINGS["smtp"]["auth"], $SETTINGS["smtp"]["user"], $SETTINGS["smtp"]["password"], $SETTINGS["smtp"]["secure"]); - if ($renewal) { - $notification->setSubject("HACHE renewal notification"); - $notification->setBody("The " . $family->getName() . " family has renewed their HACHE membership."); - } else { - $notification->setSubject("HACHE membership notification"); - $notification->setBody("The " . $family->getName() . " family has registered for a HACHE membership."); + if ($duecard > 0) { + try { + \Stripe\Stripe::setApiKey($SETTINGS["stripe"]["seckey"]); + + $charge = \Stripe\Charge::create([ + 'amount' => $duecard * 100.0, + 'currency' => 'usd', + 'description' => 'Day Camp', + 'source' => $_POST['stripeToken'], + 'statement_descriptor' => 'PPD Day Camp', + ]); + } catch (\Stripe\Error\Card $e) { + $body = $e->getJsonBody(); + $err = $body['error']; + errorBack("We couldn't process your card because it was declined. Your card issuer or bank sent us this message: " . $err["message"] . " That's all we know."); + } catch (\Stripe\Error\RateLimit $e) { + errorBack("We couldn't process your card because things are happening too fast. Please try again in a minute. (Error code: STRIPE_RATELIMIT)"); + } catch (\Stripe\Error\InvalidRequest $e) { + errorBack("We couldn't process your card because of a technical issue. Please try again later. (Error code: STRIPE_INVREQ)"); + } catch (\Stripe\Error\Authentication $e) { + errorBack("We can't connect to the card processor. Please try again later. (Error code: STRIPE_AUTH)"); + } catch (\Stripe\Error\ApiConnection $e) { + errorBack("We can't connect to the card processor. Please try again later. (Error code: STRIPE_NOAPI)"); + } catch (\Stripe\Error\Base $e) { + errorBack("An unknown payment error occurred. Please try again later."); + } catch (Exception $e) { + errorBack("An unknown error occurred. Please try again later."); } - $notification->send(); - } catch (Exception $e) { - } + $database->insert("payments", [ + "familyid" => $familyid, + "amount" => ($dueusd), + "amountpaid" => ($duecard), + "date" => date("Y-m-d H:i:s"), + "type" => "Online" + ]); + header("Location: ../?page=thanks"); + var_dump($_POST); return true; }); diff --git a/public/parts/signup.php b/public/parts/signup.php index 477b2ba..98122d8 100644 --- a/public/parts/signup.php +++ b/public/parts/signup.php @@ -133,29 +133,48 @@ if (isset($_SESSION['familyid']) && $database->has('families', ['familyid' => $_

Total: $0

- - -