require_once("../../includes/init.php"); $db = initdb(); session_start(); $errors = array(); if(isset($_POST['MAX_FILE_SIZE'])) unset($_POST['MAX_FILE_SIZE']); list($name, $institution, $email, $phone, $title, $hidden_sec_string, $sec_string) = array_values($_POST); $hidden_sec_string = strrev($hidden_sec_string); // for easy poor-man's security, the sec string was reversed $errors['name'] = strlen($title)<=0 ? "missing" : (len_escaped($title) > 255 ? "too_long" : false); $errors['institution'] = strlen($institution)<=0 ? "missing" : (len_escaped($institution) > 255 ? "too_long" : false); $errors['email'] = strlen($email)<=0 ? "missing" : (!ereg(EMAIL, $email) ? "bad_format" : false); $errors['phone'] = strlen($phone)<=0 ? "missing" : (!ereg(INT_PHONE, $phone) ? "bad_format" : false); $errors['title'] = strlen($title)<=0 ? "missing" : (len_escaped($title) > 255 ? "too_long" : false); $errors['sec_string'] = strlen($sec_string)<=0 ? "missing" : ($hidden_sec_string != $sec_string ? "no_match" : false); $errors['file'] = !is_array($_FILES['abstract']) ? "missing" : false; if(!$errors['file']) { list($error, $filename) = process_upload("abstract", "abstracts"); if($error === true) $errors['file'] = $filename; // the filename doubles as an error code in this case else { if(strpos(strtolower($_FILES['abstract']['type']), "pdf")===false) $errors['file']="bad_type"; else $errors['file'] = false; } } foreach($errors as $error) { if($error !== false) { // if we find an error, $_SESSION['form_data'] = $_POST; // save the user-entered data in the session $_SESSION['form_errors'] = $errors; // along with the errors within those data header("Location: abstract.php?code=error"); // redirect the user to the input form exit; // and halt the execution of this page. } } // if we're still executing this page, then we want to store the information entered by the user in the database. // first, however, we'll need to escape the textual information prior to saving it. $post = array($name, $institution, $email, $phone, $title, $filename); // create an array of the pertinent data for($i=0; $i < sizeof($post); $i++) $post[$i] = escape_str($post[$i]); // then escape it all, since they're all strings $db->runQuery("INSERT INTO abstracts (full_name, institution, email, phone, title, filename, timestamp) VALUES (" . join($post, ",") . ", NOW())"); require_once("$FILE_ROOT/includes/layout/header.php"); ?>
Your abstract has been uploaded and the information you entered on the previous screen has been saved in the databse. The organizing committee will contact you if further clarification is necessary in any way. Thank you for your interest in the First International Conference on Micromanufacturing.
require_once("$FILE_ROOT/includes/layout/footer.php"); ?>